Updates from: 03/19/2021 04:08:23
Service Microsoft Docs article Related commit history on GitHub Change details
active-directory-b2c Add Password Reset Policy https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory-b2c/add-password-reset-policy.md
Last updated 03/08/2021+ zone_pivot_groups: b2c-policy-type
active-directory-b2c Add Profile Editing Policy https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory-b2c/add-profile-editing-policy.md
Last updated 12/16/2020+ zone_pivot_groups: b2c-policy-type
active-directory-b2c Add Ropc Policy https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory-b2c/add-ropc-policy.md
Last updated 01/11/2021+ zone_pivot_groups: b2c-policy-type
active-directory-b2c Add Sign In Policy https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory-b2c/add-sign-in-policy.md
Last updated 03/04/2021+ zone_pivot_groups: b2c-policy-type
active-directory-b2c Custom Domain https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory-b2c/custom-domain.md
Replace:
- **policy-name** with your policy name. [Learn more about Azure AD B2C policies](technical-overview.md#identity-experiences-user-flows-or-custom-policies).
-The [SAML service provider](connect-with-saml-service-providers.md) metadata may look like the following:
+The [SAML service provider](./saml-service-provider.md) metadata may look like the following:
```html https://custom-domain-name/tenant-name/policy-name/Samlp/metadata
To use your own web application firewall in front of Azure Front Door, you need
## Next steps
-Learn about [OAuth authorization requests](protocols-overview.md).
-
+Learn about [OAuth authorization requests](protocols-overview.md).
active-directory-b2c Embedded Login https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory-b2c/embedded-login.md
Last updated 03/16/2021+
When using iframe, consider the following:
- Embedded sign-in supports local accounts only. Most social identity providers (for example, Google and Facebook) block their sign-in pages from being rendered in inline frames. - Because Azure AD B2C session cookies within an iframe are considered third-party cookies, certain browsers (for example Safari or Chrome in incognito mode) either block or clear these cookies, resulting in an undesirable user experience. To prevent this issue, make sure your application domain name and your Azure AD B2C domain have the *same origin*. To use the same origin, [enable custom domains](custom-domain.md) for Azure AD B2C tenant, then configure your web app with the same origin. For example, an application hosted on https://app.contoso.com has the same origin as Azure AD B2C running on https://login.contoso.com.
-## Perquisites
+## Prerequisites
* Complete the steps in the [Get started with custom policies in Active Directory B2C](custom-policy-get-started.md). * [Enable custom domains](custom-domain.md) for your policies.
div.api_container{
In some cases, you might want to notify to your application of which Azure AD B2C page is currently being presented. For example, when a user selects the sign-up option, you might want the application to respond by hiding the links for signing in with a social account or adjusting the iframe size.
-To notify your application of the current Azure AD B2C page, [enable your policy for JavaScript](javascript-samples.md), and then use HTML5 post messages. The following JavaScript code sends a post message to the app with `signUp`:
+To notify your application of the current Azure AD B2C page, [enable your policy for JavaScript](./javascript-and-page-layout.md), and then use HTML5 post messages. The following JavaScript code sends a post message to the app with `signUp`:
```javascript window.parent.postMessage("signUp", '*');
See the following related articles:
- [User interface customization](customize-ui.md) - [RelyingParty](relyingparty.md) element reference-- [Enable your policy for JavaScript](javascript-samples.md)-- [Code samples](code-samples.md)
+- [Enable your policy for JavaScript](./javascript-and-page-layout.md)
+- [Code samples](code-samples.md)
active-directory-b2c Identity Provider Generic Saml https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory-b2c/identity-provider-generic-saml.md
zone_pivot_groups: b2c-policy-type
# Set up sign-up and sign-in with SAML identity provider using Azure Active Directory B2C
-Azure Active Directory B2C (Azure AD B2C) supports federation with SAML 2.0 identity providers. This article shows you how to enable sign-in with a SAML identity provider user account, allowing users to sign in with their existing social or enterprise identities, such as [ADFS](identity-provider-adfs2016-custom.md) and [Salesforce](identity-provider-salesforce-saml.md).
+Azure Active Directory B2C (Azure AD B2C) supports federation with SAML 2.0 identity providers. This article shows you how to enable sign-in with a SAML identity provider user account, allowing users to sign in with their existing social or enterprise identities, such as [ADFS](./identity-provider-adfs.md) and [Salesforce](identity-provider-salesforce-saml.md).
[!INCLUDE [active-directory-b2c-choose-user-flow-or-custom-policy](../../includes/active-directory-b2c-choose-user-flow-or-custom-policy.md)]
If the sign-in process is successful, your browser is redirected to `https://jwt
- [Configure SAML identity provider options with Azure Active Directory B2C](identity-provider-generic-saml-options.md)
active-directory-b2c Openid Connect https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory-b2c/openid-connect.md
OpenID Connect is an authentication protocol, built on top of OAuth 2.0, that can be used to securely sign users in to web applications. By using the Azure Active Directory B2C (Azure AD B2C) implementation of OpenID Connect, you can outsource sign-up, sign-in, and other identity management experiences in your web applications to Azure Active Directory (Azure AD). This guide shows you how to do so in a language-independent manner. It describes how to send and receive HTTP messages without using any of our open-source libraries. > [!NOTE]
-> Most of the open-source authentication libraries acquire and validate the JWT tokens for your application. We recommend exploring those options, rather than implementing your own code. For more information, see [Overview of the Microsoft Authentication Library (MSAL)](https://docs.microsoft.com/azure/active-directory/develop/msal-overview), and [Microsoft Identity Web authentication library](https://docs.microsoft.com/azure/active-directory/develop/microsoft-identity-web).
+> Most of the open-source authentication libraries acquire and validate the JWT tokens for your application. We recommend exploring those options, rather than implementing your own code. For more information, see [Overview of the Microsoft Authentication Library (MSAL)](../active-directory/develop/msal-overview.md), and [Microsoft Identity Web authentication library](../active-directory/develop/microsoft-identity-web.md).
[OpenID Connect](https://openid.net/specs/openid-connect-core-1_0.html) extends the OAuth 2.0 *authorization* protocol for use as an *authentication* protocol. This authentication protocol allows you to perform single sign-on. It introduces the concept of an *ID token*, which allows the client to verify the identity of the user and obtain basic profile information about the user.
error=access_denied
Just receiving an ID token is not enough to authenticate the user. Validate the ID token's signature and verify the claims in the token per your application's requirements. Azure AD B2C uses [JSON Web Tokens (JWTs)](https://self-issued.info/docs/draft-ietf-oauth-json-web-token.html) and public key cryptography to sign tokens and verify that they are valid. > [!NOTE]
-> Most of the open-source authentication libraries validate the JWT tokens for your application. We recommend exploring those options, rather than implementing your own validation logic. For more information, see [Overview of the Microsoft Authentication Library (MSAL)](https://docs.microsoft.com/azure/active-directory/develop/msal-overview), and [Microsoft Identity Web authentication library](https://docs.microsoft.com/azure/active-directory/develop/microsoft-identity-web).
+> Most of the open-source authentication libraries validate the JWT tokens for your application. We recommend exploring those options, rather than implementing your own validation logic. For more information, see [Overview of the Microsoft Authentication Library (MSAL)](../active-directory/develop/msal-overview.md), and [Microsoft Identity Web authentication library](../active-directory/develop/microsoft-identity-web.md).
Azure AD B2C has an OpenID Connect metadata endpoint, which allows an application to get information about Azure AD B2C at runtime. This information includes endpoints, token contents, and token signing keys. There is a JSON metadata document for each user flow in your B2C tenant. For example, the metadata document for the `b2c_1_sign_in` user flow in `fabrikamb2c.onmicrosoft.com` is located at:
To set the required ID Token in logout requests, see [Configure session behavior
## Next steps -- Learn more about [Azure AD B2C session](session-behavior.md).
+- Learn more about [Azure AD B2C session](session-behavior.md).
active-directory-b2c Partner Arkose Labs https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory-b2c/partner-arkose-labs.md
To create a custom attribute, follow these steps:
5. Select **Create**
-Learn more about [custom attributes](https://docs.microsoft.com/azure/active-directory-b2c/user-flow-custom-attributes?pivots=b2c-user-flow).
+Learn more about [custom attributes](./user-flow-custom-attributes.md?pivots=b2c-user-flow).
### Part 2 - Create a user flow The user flow can be either for **sign-up** and **sign in** or just **sign-up**. The Arkose Labs user flow will only be shown during sign-up.
-1. See the [instructions](https://docs.microsoft.com/azure/active-directory-b2c/tutorial-create-user-flows) to create a user flow. If using an existing user flow, it must be of the **Recommended (next-generation preview)** version type.
+1. See the [instructions](./tutorial-create-user-flows.md) to create a user flow. If using an existing user flow, it must be of the **Recommended (next-generation preview)** version type.
2. In the user flow settings, go to **User attributes** and select the **ArkoseSessionToken** claim.
Follow the steps mentioned to use the custom HTML and JavaScript for your user f
1. Modify [selfAsserted.html](https://github.com/Azure-Samples/active-directory-b2c-node-sign-up-user-flow-arkose/blob/main/Assets/selfAsserted.html) file so that `<ARKOSE_PUBLIC_KEY>` matches the value you generated for the client-side validation, and used to load the Arkose Labs script for your account.
-2. Host the HTML page on a Cross-origin Resource Sharing (CORS) enabled web endpoint. [Create an Azure blob storage account](https://docs.microsoft.com/azure/storage/common/storage-account-create?toc=%2Fazure%2Fstorage%2Fblobs%2Ftoc.json&tabs=azure-portal) and [configure CORS](https://docs.microsoft.com/rest/api/storageservices/cross-origin-resource-sharing--cors--support-for-the-azure-storage-services).
+2. Host the HTML page on a Cross-origin Resource Sharing (CORS) enabled web endpoint. [Create an Azure blob storage account](../storage/common/storage-account-create.md?tabs=azure-portal&toc=%2fazure%2fstorage%2fblobs%2ftoc.json) and [configure CORS](/rest/api/storageservices/cross-origin-resource-sharing--cors--support-for-the-azure-storage-services).
>[!NOTE] >If you have your own custom HTML, copy and paste the `<script>` elements onto your HTML page.
Follow the steps mentioned to use the custom HTML and JavaScript for your user f
![image showing page layouts](media/partner-arkose-labs/page-layouts.png)
-4. From your user flow, go to **Properties** and select **Enable JavaScript** enforcing page layout (preview). See this [article](https://docs.microsoft.com/azure/active-directory-b2c/javascript-and-page-layout?pivots=b2c-user-flow) to learn more.
+4. From your user flow, go to **Properties** and select **Enable JavaScript** enforcing page layout (preview). See this [article](./javascript-and-page-layout.md?pivots=b2c-user-flow) to learn more.
### Part 4 - Create and deploy your API
To redeploy the local instance during testing, repeat steps 1 to 4.
This sample protects the web API endpoint using [HTTP Basic authentication](https://tools.ietf.org/html/rfc7617).
-Username and password are stored as environment variables and not as part of the repository. See [local.settings.json](https://docs.microsoft.com/azure/azure-functions/functions-run-local?tabs=macos%2Ccsharp%2Cbash#local-settings-file) file for more information.
+Username and password are stored as environment variables and not as part of the repository. See [local.settings.json](../azure-functions/functions-run-local.md?tabs=macos%2ccsharp%2cbash#local-settings-file) file for more information.
1. Create a local.settings.json file in your root folder
The `<B2C_EXTENSIONS_APP_ID>` is the application ID of the app used by Azure AD
#### Deploy the application to the web
-1. Follow the steps mentioned in [this](https://docs.microsoft.com/azure/javascript/tutorial-vscode-serverless-node-04) guide to deploy your Azure Function to the cloud. Copy the endpoint web URL of your Azure Function.
+1. Follow the steps mentioned in [this](/azure/javascript/tutorial-vscode-serverless-node-04) guide to deploy your Azure Function to the cloud. Copy the endpoint web URL of your Azure Function.
-2. Once deployed, select the **Upload settings** option. It will upload your environment variables onto the [Application settings](https://docs.microsoft.com/azure/azure-functions/functions-develop-vs-code?tabs=csharp#application-settings-in-azure) of the App service. These application settings can also be configured or [managed via the Azure portal.](https://docs.microsoft.com/azure/azure-functions/functions-how-to-use-azure-function-app-settings)
+2. Once deployed, select the **Upload settings** option. It will upload your environment variables onto the [Application settings](../azure-functions/functions-develop-vs-code.md?tabs=csharp#application-settings-in-azure) of the App service. These application settings can also be configured or [managed via the Azure portal.](../azure-functions/functions-how-to-use-azure-function-app-settings.md)
-See [this article](https://docs.microsoft.com/azure/azure-functions/functions-develop-vs-code?tabs=csharp#republish-project-files) to learn more about Visual Studio Code development for Azure Functions.
+See [this article](../azure-functions/functions-develop-vs-code.md?tabs=csharp#republish-project-files) to learn more about Visual Studio Code development for Azure Functions.
#### Configure and enable the API connector
-[Create an API connector](https://docs.microsoft.com/azure/active-directory-b2c/add-api-connector) and enable it for your user flow.
+[Create an API connector](./add-api-connector.md) and enable it for your user flow.
Your API connector configuration should look like: ![Image shows how to configure api connector](media/partner-arkose-labs/configure-api-connector.png)
To enable the API connector, in the **API connector** settings for your user flo
- [Sample codes](https://github.com/Azure-Samples/active-directory-b2c-node-sign-up-user-flow-arkose) for Azure AD B2C sign-up user flow -- [Custom policies in Azure AD B2C](https://docs.microsoft.com/azure/active-directory-b2c/custom-policy-overview)
+- [Custom policies in Azure AD B2C](./custom-policy-overview.md)
-- [Get started with custom policies in Azure AD B2C](https://docs.microsoft.com/azure/active-directory-b2c/custom-policy-get-started?tabs=applications)
+- [Get started with custom policies in Azure AD B2C](./custom-policy-get-started.md?tabs=applications)
active-directory-b2c Relyingparty https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory-b2c/relyingparty.md
Last updated 03/15/2021+
active-directory-b2c Tutorial Create Tenant https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory-b2c/tutorial-create-tenant.md
Before your applications can interact with Azure Active Directory B2C (Azure AD
> [!NOTE] > You can create up to 20 tenants per subscription. This limit helps protect against threats to your resources, such as denial-of-service attacks, and is enforced in both the Azure portal and the underlying tenant creation API. If you need to create more than 20 tenants, please contact [Microsoft Support](support-options.md). >
-> If you want to reuse a tenant name that you previously tried to delete, but you see the error "Already in use by another directory" when you enter the domain name, you'll need to [follow these steps to fully delete the tenant first](https://docs.microsoft.com/azure/active-directory-b2c/faq?tabs=app-reg-ga#how-do-i-delete-my-azure-ad-b2c-tenant). A role of at least Subscription Administrator is required. After deleting the tenant, you might also need to sign out and sign back in before you can reuse the domain name.
+> If you want to reuse a tenant name that you previously tried to delete, but you see the error "Already in use by another directory" when you enter the domain name, you'll need to [follow these steps to fully delete the tenant first](./faq.md?tabs=app-reg-ga#how-do-i-delete-my-azure-ad-b2c-tenant). A role of at least Subscription Administrator is required. After deleting the tenant, you might also need to sign out and sign back in before you can reuse the domain name.
In this article, you learn how to:
In this article, you learned how to:
Next, learn how to register a web application in your new tenant. > [!div class="nextstepaction"]
-> [Register your applications >](tutorial-register-applications.md)
+> [Register your applications >](tutorial-register-applications.md)
active-directory-b2c Tutorial Register Applications https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory-b2c/tutorial-register-applications.md
Previously updated : 01/27/2021 Last updated : 03/18/2021
To register a web application in your Azure AD B2C tenant, you can use our new u
## Create a client secret
-For a web application, you need to create an application secret. This secret will be used by your application to exchange an authorization code for an access token.
+For a web application, you need to create an application secret. The client secret is also known as an *application password*. The secret will be used by your application to exchange an authorization code for an access token.
#### [App registrations](#tab/app-reg-ga/)
For a web application, you need to create an application secret. This secret wil
1. Select **New client secret**. 1. Enter a description for the client secret in the **Description** box. For example, *clientsecret1*. 1. Under **Expires**, select a duration for which the secret is valid, and then select **Add**.
-1. Record the secret's **Value**. You use this value as the application secret in your application's code.
+1. Record the secret's **Value** for use in your client application code. This secret value is never displayed again after you leave this page. You use this value as the application secret in your application's code.
#### [Applications (Legacy)](#tab/applications-legacy/)
For a web application, you need to create an application secret. This secret wil
* * *
+> [!NOTE]
+> For security purposes, you can roll over the application secret periodically, or immediately in case of emergency. Any application that integrates with Azure AD B2C should be prepared to handle a secret rollover event, no matter how frequently it may occur. You can set two application secrets, allowing your application to keep using the old secret during an application secret rotation event. To add another client secret, repeat steps in this section.
+ ## Enable ID token implicit grant The defining characteristic of the implicit grant is that tokens, such as ID and access tokens, are returned directly from Azure AD B2C to the application. For web apps, such as ASP.NET Core web apps and [https://jwt.ms](https://jwt.ms), that request an ID token directly from the authorization endpoint, enable the implicit grant flow in the app registration.
active-directory-domain-services Tutorial Configure Ldaps https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory-domain-services/tutorial-configure-ldaps.md
Before you can use the digital certificate created in the previous step with you
On the **Security** page, choose the option for **Password** to protect the *.PFX* certificate file. The encryption algorithm must be *TripleDES-SHA1*. Enter and confirm a password, then select **Next**. This password is used in the next section to enable secure LDAP for your managed domain.
- If you export using the [PowerShell export-pfxcertificate cmdlet](https://docs.microsoft.com/powershell/module/pkiclient/export-pfxcertificate), you need to pass the *-CryptoAlgorithmOption* flag using TripleDES_SHA1.
+ If you export using the [PowerShell export-pfxcertificate cmdlet](/powershell/module/pkiclient/export-pfxcertificate), you need to pass the *-CryptoAlgorithmOption* flag using TripleDES_SHA1.
![Screenshot of how to encrypt the password](./media/tutorial-configure-ldaps/encrypt.png)
In this tutorial, you learned how to:
<!-- EXTERNAL LINKS --> [rsat]: /windows-server/remote/remote-server-administration-tools [ldap-query-basics]: /windows/desktop/ad/creating-a-query-filter
-[New-SelfSignedCertificate]: /powershell/module/pkiclient/new-selfsignedcertificate
+[New-SelfSignedCertificate]: /powershell/module/pkiclient/new-selfsignedcertificate
active-directory Application Provisioning Quarantine Status https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/app-provisioning/application-provisioning-quarantine-status.md
Previously updated : 09/24/2020 Last updated : 03/18/2021
First, resolve the issue that caused the application to be placed in quarantine.
After you've resolved the issue, restart the provisioning job. Certain changes to the application's provisioning settings, such as attribute mappings or scoping filters, will automatically restart provisioning for you. The progress bar on the application's **Provisioning** page indicates when provisioning last started. If you need to restart the provisioning job manually, use one of the following methods: -- Use the Azure portal to restart the provisioning job. On the application's **Provisioning** page under **Settings**, select **Clear state and restart synchronization** and set **Provisioning Status** to **On**. This action fully restarts the provisioning service, which can take some time. A full initial cycle will run again, which clears escrows, removes the app from quarantine, and clears any watermarks.
+- Use the Azure portal to restart the provisioning job. On the application's **Provisioning** page, select **Restart provisioning**. This action fully restarts the provisioning service, which can take some time. A full initial cycle will run again, which clears escrows, removes the app from quarantine, and clears any watermarks. The service will then evaluate all the users in the source system again and determine if they are in scope for provisioning. This can be useful when your application is currently in quarantine, as this article discusses, or you need to make a change to your attribute mappings. Note that the initial cycle takes longer to complete than the typical incremental cycle due to the number of objects that need to be evaluated. You can learn more about the performance of initial and incremental cycles [here](application-provisioning-when-will-provisioning-finish-specific-user.md).
- Use Microsoft Graph to [restart the provisioning job](/graph/api/synchronization-synchronizationjob-restart?tabs=http&view=graph-rest-beta&preserve-view=true). You'll have full control over what you restart. You can choose to clear escrows (to restart the escrow counter that accrues toward quarantine status), clear quarantine (to remove the application from quarantine), or clear watermarks. Use the following request:
active-directory Check Status User Account Provisioning https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/app-provisioning/check-status-user-account-provisioning.md
From here, you can access both the provisioning progress bar and the provisionin
## Provisioning progress bar
-The [provisioning progress bar](application-provisioning-when-will-provisioning-finish-specific-user.md#view-the-provisioning-progress-bar) is visible in the **Provisioning** tab for given application. It is located in the **Current Status** section underneath **Settings**, and shows the status of the current initial or incremental cycle. This section also shows:
+The [provisioning progress bar](application-provisioning-when-will-provisioning-finish-specific-user.md#view-the-provisioning-progress-bar) is visible in the **Provisioning** tab for a given application. It is located in the **Current Status** section and shows the status of the current initial or incremental cycle. This section also shows:
* The total number of users and/groups that have been synchronized and are currently in scope for provisioning between the source system and the target system. * The last time the synchronization was run. Synchronizations typically occur every 20-40 minutes, after an [initial cycle](../app-provisioning/how-provisioning-works.md#provisioning-cycles-initial-and-incremental) has completed.
active-directory Configure Automatic User Provisioning Portal https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/app-provisioning/configure-automatic-user-provisioning-portal.md
Title: User provisioning management for enterprise apps in Azure AD
-description: Learn how to manage user account provisioning for enterprise apps using the Azure Active Directory
+ Title: User provisioning management for enterprise apps in Azure Active Directory
+description: Learn how to manage user account provisioning for enterprise apps using the Azure Active Directory.
Previously updated : 02/04/2020 Last updated : 03/18/2021
Select **Test Connection** to test the credentials by having Azure AD attempt to
Expand **Mappings** to view and edit the user attributes that flow between Azure AD and the target application when user accounts are provisioned or updated.
-There's a preconfigured set of mappings between Azure AD user objects and each SaaS appΓÇÖs user objects. Some apps also manage group objects. Select a mapping in the table to open the mapping editor to the right, where you can view and customize them.
-
-![Shows the Attribute Mapping screen](./media/configure-automatic-user-provisioning-portal/enterprise-apps-provisioning-mapping.png)
+There's a preconfigured set of mappings between Azure AD user objects and each SaaS appΓÇÖs user objects. Some apps also manage group objects. Select a mapping in the table to open the mapping editor, where you can view and customize them.
Supported customizations include:
Supported customizations include:
### Settings
-You can start and stop the Azure AD provisioning service for the selected application in the **Settings** area of the **Provisioning** screen. You can also choose to clear the provisioning cache and restart the service.
+Expand **Settings** to set an email address to receive notifications and whether to receive alerts on errors. You can also select the scope of users to sync. You can choose to sync all users and groups or only those that are assigned.
+
+### Provisioning Status
If provisioning is being enabled for the first time for an application, turn on the service by changing the **Provisioning Status** to **On**. This change causes the Azure AD provisioning service to run an initial cycle. It reads the users assigned in the **Users and groups** section, queries the target application for them, and then runs the provisioning actions defined in the Azure AD **Mappings** section. During this process, the provisioning service stores cached data about what user accounts it's managing, so non-managed accounts inside the target applications that were never in scope for assignment aren't affected by de-provisioning operations. After the initial cycle, the provisioning service automatically synchronizes user and group objects on a forty-minute interval. Change the **Provisioning Status** to **Off** to pause the provisioning service. In this state, Azure doesn't create, update, or remove any user or group objects in the app. Change the state back to **On** and the service picks up where it left off.-
-**Clear current state and restart synchronization** triggers an initial cycle. The service will then evaluate all the users in the source system again and determine if they are in scope for provisioning. This can be useful when your application is currently in quarantine or you need to make a change to your attribute mappings. Note that the initial cycle takes longer to complete than the typical incremental cycle due to the number of objects that need to be evaluated. You can learn more about the performance of initial and incremental cycles [here](application-provisioning-when-will-provisioning-finish-specific-user.md).
active-directory How Provisioning Works https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/app-provisioning/how-provisioning-works.md
After the initial cycle, all other cycles will:
The provisioning service continues running back-to-back incremental cycles indefinitely, at intervals defined in the [tutorial specific to each application](../saas-apps/tutorial-list.md). Incremental cycles continue until one of the following events occurs: - The service is manually stopped using the Azure portal, or using the appropriate Microsoft Graph API command.-- A new initial cycle is triggered using the **Clear state and restart** option in the Azure portal, or using the appropriate Microsoft Graph API command. This action clears any stored watermark and causes all source objects to be evaluated again.
+- A new initial cycle is triggered using the **Restart provisioning** option in the Azure portal, or using the appropriate Microsoft Graph API command. This action clears any stored watermark and causes all source objects to be evaluated again.
- A new initial cycle is triggered because of a change in attribute mappings or scoping filters. This action also clears any stored watermark and causes all source objects to be evaluated again. - The provisioning process goes into quarantine (see below) because of a high error rate, and stays in quarantine for more than four weeks. In this event, the service will be automatically disabled.
active-directory Howto Authentication Passwordless Deployment https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/authentication/howto-authentication-passwordless-deployment.md
Follow the steps in the article, [Enable passwordless security key sign in for A
- [Enable passwordless security keys for sign in for Azure AD](howto-authentication-passwordless-security-key.md) - [Enable passwordless sign-in with the Microsoft Authenticator app](howto-authentication-passwordless-phone.md)-- [Learn more about Authentication methods usage & insights](howto-authentication-methods-usage-insights.md)
+- [Learn more about Authentication methods usage & insights](./howto-authentication-methods-activity.md)
active-directory Howto Authentication Temporary Access Pass https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/authentication/howto-authentication-temporary-access-pass.md
Previously updated : 03/03/2021 Last updated : 03/18/2021
Keep these limitations in mind:
- A Temporary Access Pass cannot be used with the Network Policy Server (NPS) extension and Active Directory Federation Services (AD FS) adapter. - When Seamless SSO is enabled on the tenant, the users are prompted to enter a password. The **Use your Temporary Access Pass instead** link will be available for the user to sign-in with a Temporary Access Pass.
-![Screenshot of Use a Temporary Access Pass instead](./media/how-to-authentication-temporary-access-pass/alternative.png)
+ ![Screenshot of Use a Temporary Access Pass instead](./media/how-to-authentication-temporary-access-pass/alternative.png)
## Troubleshooting
active-directory Howto Sspr Deployment https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/authentication/howto-sspr-deployment.md
Audit logs for registration and password reset are available for 30 days. If sec
### Authentication methods- Usage and Insights
-[Usage and insights](./howto-authentication-methods-usage-insights.md) enable you to understand how authentication methods for features like Azure AD MFA and SSPR are working in your organization. This reporting capability provides your organization with the means to understand what methods register and how to use them.
+[Usage and insights](./howto-authentication-methods-activity.md) enable you to understand how authentication methods for features like Azure AD MFA and SSPR are working in your organization. This reporting capability provides your organization with the means to understand what methods register and how to use them.
### Troubleshoot
Audit logs for registration and password reset are available for 30 days. If sec
* [Consider implementing Azure AD password protection](./concept-password-ban-bad.md)
-* [Consider implementing Azure AD Smart Lockout](./howto-password-smart-lockout.md)
+* [Consider implementing Azure AD Smart Lockout](./howto-password-smart-lockout.md)
active-directory Howto Sspr Reporting https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/authentication/howto-sspr-reporting.md
The following list explains this activity in detail:
## Next steps
-* [SSPR and MFA usage and insights reporting](howto-authentication-methods-usage-insights.md)
+* [SSPR and MFA usage and insights reporting](./howto-authentication-methods-activity.md)
* [How do I complete a successful rollout of SSPR?](howto-sspr-deployment.md) * [Reset or change your password](../user-help/active-directory-passwords-update-your-own-password.md). * [Register for self-service password reset](../user-help/active-directory-passwords-reset-register.md).
active-directory Concept Conditional Access Cloud Apps https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/conditional-access/concept-conditional-access-cloud-apps.md
User actions are tasks that can be performed by a user. Currently, Conditional A
- **Register or join devices (preview)**: This user action enables administrators to enforce Conditional Access policy when users [register](../devices/concept-azure-ad-register.md) or [join](../devices/concept-azure-ad-join.md) devices to Azure AD. There are two key considerations with this user action: - `Require multi-factor authentication` is the only access control available with this user action and all others are disabled. This restriction prevents conflicts with access controls that are either dependent on Azure AD device registration or not applicable to Azure AD device registration.
- - When a Conditional Access policy is enabled with this user action, you must set **Azure Active Directory** > **Devices** > **Device Settings** - `Devices to be Azure AD joined or Azure AD registered require Multi-Factor Authentication` to **No**. Otherwise, Conditional Access policy with this user action is not properly enforced. More information regarding this device setting can found in [Configure device settings](../device-management-azure-portal.md##configure-device-settings). This user action provides flexibility to require multi-factor authentication for registering or joining devices for specific users and groups or conditions instead of having a tenant-wide policy in Device settings.
+ - When a Conditional Access policy is enabled with this user action, you must set **Azure Active Directory** > **Devices** > **Device Settings** - `Devices to be Azure AD joined or Azure AD registered require Multi-Factor Authentication` to **No**. Otherwise, Conditional Access policy with this user action is not properly enforced. More information regarding this device setting can found in [Configure device settings](../devices/device-management-azure-portal.md#configure-device-settings). This user action provides flexibility to require multi-factor authentication for registering or joining devices for specific users and groups or conditions instead of having a tenant-wide policy in Device settings.
## Next steps
active-directory Concept Conditional Access Conditions https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/conditional-access/concept-conditional-access-conditions.md
This setting has an impact on access attempts made from the following mobile app
### Exchange ActiveSync clients -- Organizations can only select Exchange ActiveSync clients when assigning policy to users or groups. Selecting **All users**, **All guest and external users**, or **Directory roles** will cause all users to become blocked.
+- Organizations can only select Exchange ActiveSync clients when assigning policy to users or groups. Selecting **All users**, **All guest and external users**, or **Directory roles** will cause all users to be subject of the policy.
- When creating a policy assigned to Exchange ActiveSync clients, **Exchange Online** should be the only cloud application assigned to the policy. - Organizations can narrow the scope of this policy to specific platforms using the **Device platforms** condition.
active-directory Concept Conditional Access Report Only https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/conditional-access/concept-conditional-access-report-only.md
Report-only mode is a new Conditional Access policy state that allows administra
- Results are logged in the **Conditional Access** and **Report-only** tabs of the Sign-in log details. - Customers with an Azure Monitor subscription can monitor the impact of their Conditional Access policies using the Conditional Access insights workbook.
+> [!VIDEO https://www.youtube.com/embed/NZbPYfhb5Kc]
+ > [!WARNING] > Policies in report-only mode that require compliant devices may prompt users on Mac, iOS, and Android to select a device certificate during policy evaluation, even though device compliance is not enforced. These prompts may repeat until the device is made compliant. To prevent end users from receiving prompts during sign-in, exclude device platforms Mac, iOS and Android from report-only policies that perform device compliance checks. Note that report-only mode is not applicable for Conditional Access policies with "User Actions" scope.
active-directory Developer Support Help Options https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/developer-support-help-options.md
Get answers to your identity app development questions directly from Microsoft e
[Microsoft Q&A](/answers/products/) is Azure's recommended source of community support.
-If you can't find an answer to your problem by searching Microsoft Q&A, submit a new question. Use one of following tags when you ask your [high-quality question](https://docs.microsoft.com/answers/articles/24951/how-to-write-a-quality-question.html):
+If you can't find an answer to your problem by searching Microsoft Q&A, submit a new question. Use one of following tags when you ask your [high-quality question](/answers/articles/24951/how-to-write-a-quality-question.html):
| Component/area| Tags | |||
-| Active Directory Authentication Library (ADAL) | [[adal]](https://docs.microsoft.com/answers/topics/azure-ad-adal-deprecation.html) |
-| Microsoft Authentication Library (MSAL) | [[msal]](https://docs.microsoft.com/answers/topics/azure-ad-msal.html) |
-| Open Web Interface for .NET (OWIN) middleware | [[azure-active-directory]](https://docs.microsoft.com/answers/topics/azure-active-directory.html) |
-| [Azure AD B2B / External Identities](../external-identities/what-is-b2b.md) | [[azure-ad-b2b]](https://docs.microsoft.com/answers/topics/azure-ad-b2b.html) |
-| [Azure AD B2C](https://azure.microsoft.com/services/active-directory-b2c/) | [[azure-ad-b2c]](https://docs.microsoft.com/answers/topics/azure-ad-b2c.html) |
-| [Microsoft Graph API](https://developer.microsoft.com/graph/) | [[azure-ad-graph]](https://docs.microsoft.com/answers/topics/azure-ad-graph.html) |
-| All other authentication and authorization areas | [[azure-active-directory]](https://docs.microsoft.com/answers/topics/azure-active-directory.html) |
+| Active Directory Authentication Library (ADAL) | [[adal]](/answers/topics/azure-ad-adal-deprecation.html) |
+| Microsoft Authentication Library (MSAL) | [[msal]](/answers/topics/azure-ad-msal.html) |
+| Open Web Interface for .NET (OWIN) middleware | [[azure-active-directory]](/answers/topics/azure-active-directory.html) |
+| [Azure AD B2B / External Identities](../external-identities/what-is-b2b.md) | [[azure-ad-b2b]](/answers/topics/azure-ad-b2b.html) |
+| [Azure AD B2C](https://azure.microsoft.com/services/active-directory-b2c/) | [[azure-ad-b2c]](/answers/topics/azure-ad-b2c.html) |
+| [Microsoft Graph API](https://developer.microsoft.com/graph/) | [[azure-ad-graph]](/answers/topics/azure-ad-graph.html) |
+| All other authentication and authorization areas | [[azure-active-directory]](/answers/topics/azure-active-directory.html) |
## Create a GitHub issue
To request new features, post them on Azure Feedback. Share your ideas for makin
- [Azure Updates](https://azure.microsoft.com/updates/?category=identity): Learn about important product updates, roadmap, and announcements. -- [What's new in docs](https://docs.microsoft.com/azure/active-directory/develop/whats-new-docs): Get to know what's new in the Microsoft identity platform documentation.
+- [What's new in docs](./whats-new-docs.md): Get to know what's new in the Microsoft identity platform documentation.
- [Azure Active Directory Identity Blog](https://techcommunity.microsoft.com/t5/azure-active-directory-identity/bg-p/Identity): Get news and information about Azure AD. -- [Tech Community](https://techcommunity.microsoft.com/t5/azure-active-directory-identity/bg-p/Identity/): Share your experiences, engage and learn from experts.--
+- [Tech Community](https://techcommunity.microsoft.com/t5/azure-active-directory-identity/bg-p/Identity/): Share your experiences, engage and learn from experts.
active-directory Migrate Python Adal Msal https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/migrate-python-adal-msal.md
app = msal.PublicClientApplication(
"client_id", authority="...", # token_cache=... # Default cache is in memory only. # You can learn how to use SerializableTokenCache from
- # https://msal-python.rtfd.io/en/latest/#msal.SerializableTokenCache
+ # https://msal-python.readthedocs.io/en/latest/#msal.SerializableTokenCache
) # We choose a migration strategy of migrating all RTs in one loop
active-directory Msal Logging Python https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/msal-logging-python.md
## MSAL for Python logging
-Logging in MSAL Python uses the standard Python logging mechanism, for example `logging.info("msg")` You can configure MSAL logging as follows (and see it in action in the [username_password_sample](https://github.com/AzureAD/microsoft-authentication-library-for-python/blob/1.0.0/sample/username_password_sample.py#L31L32)):
+Logging in MSAL for Python leverages the [logging module in the Python standard library](https://docs.python.org/3/library/logging.html). You can configure MSAL logging as follows (and see it in action in the [username_password_sample](https://github.com/AzureAD/microsoft-authentication-library-for-python/blob/1.0.0/sample/username_password_sample.py#L31L32)):
### Enable debug logging for all modules
-By default, the logging in any Python script is turned off. If you want to enable debug logging for all of the modules in your entire Python script, use:
+By default, the logging in any Python script is turned off. If you want to enable verbose logging for **all** Python modules in your script, use `logging.basicConfig` with a level of `logging.DEBUG`:
```python
+import logging
+ logging.basicConfig(level=logging.DEBUG) ```
-### Silence only MSAL logging
+This will print all log messages given to the logging module to the standard output.
+
+### Configure MSAL logging level
-To silence only MSAL library logging, while enabling debug logging in all of the other modules in your Python script, turn off the logger used by MSAL Python:
+You can configure the logging level of the MSAL for Python log provider by using the `logging.getLogger()` method with the logger name `"msal"`:
+
+```python
+import logging
-```Python
logging.getLogger("msal").setLevel(logging.WARN) ```
+### Configure MSAL logging with Azure App Insights
+
+Python logs are given to a log handler, which by default is the `StreamHandler`. To send MSAL logs to an Application Insights with an Instrumentation Key, use the `AzureLogHandler` provided by the `opencensus-ext-azure` library.
+
+To install, `opencensus-ext-azure` add the `opencensus-ext-azure` package from PyPI to your dependencies or pip install:
+
+```console
+pip install opencensus-ext-azure
+```
+
+Then change the default handler of the `"msal"` log provider to an instance of `AzureLogHandler` with an instrumentation key set in the `APP_INSIGHTS_KEY` environment variable:
+
+```python
+import logging
+import os
+
+from opencensus.ext.azure.log_exporter import AzureLogHandler
+
+APP_INSIGHTS_KEY = os.getenv('APP_INSIGHTS_KEY')
+
+logging.getLogger("msal").addHandler(AzureLogHandler(connection_string='InstrumentationKey={0}'.format(APP_INSIGHTS_KEY))
+```
+ ### Personal and organizational data in Python MSAL for Python does not log personal data or organizational data. There is no property to turn personal or organization data logging on or off.
active-directory Msal Net Client Assertions https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/msal-net-client-assertions.md
Previously updated : 9/30/2020 Last updated : 03/18/2021
app = ConfidentialClientApplicationBuilder.Create(config.ClientId)
.Build(); ```
-The [claims expected by Azure AD](active-directory-certificate-credentials.md) are:
+You can also use the delegate form, which enables you to compute the assertion just in time:
+
+```csharp
+string signedClientAssertion = ComputeAssertion();
+app = ConfidentialClientApplicationBuilder.Create(config.ClientId)
+ .WithClientAssertion(() => { return GetSignedClientAssertion(); } )
+ .Build();
+```
+
+The [claims expected by Azure AD](active-directory-certificate-credentials.md) in the signed assertion are:
Claim type | Value | Description - | - | -
active-directory Msal Shared Devices https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/msal-shared-devices.md
Shared device mode is a feature of Azure Active Directory that allows you to build applications that support Frontline Workers and enable shared device mode on the devices deployed to them. >[!IMPORTANT]
-> This feature [!INCLUDE [PREVIEW BOILERPLATE](../../../includes/active-directory-develop-preview.md)]
+> Shared device mode for iOS [!INCLUDE [PREVIEW BOILERPLATE](../../../includes/active-directory-develop-preview.md)]
## What are Frontline Workers?
active-directory Reference Aadsts Error Codes https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/reference-aadsts-error-codes.md
Previously updated : 02/01/2021 Last updated : 03/17/2021
For example, if you received the error code "AADSTS50058" then do a search in [h
| AADSTS90094 | AdminConsentRequired - Administrator consent is required. | | AADSTS900382 | Confidential Client is not supported in Cross Cloud request. | | AADSTS90099 | The application '{appId}' ({appName}) has not been authorized in the tenant '{tenant}'. Applications must be authorized to access the customer tenant before partner delegated administrators can use them. Provide pre-consent or execute the appropriate Partner Center API to authorize the application. |
+| AADSTS900971| No reply address provided.|
| AADSTS90100 | InvalidRequestParameter - The parameter is empty or not valid. | | AADSTS901002 | AADSTS901002: The 'resource' request parameter is not supported. | | AADSTS90101 | InvalidEmailAddress - The supplied data isn't a valid email address. The email address must be in the format `someone@example.com`. |
active-directory Reference App Manifest https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/reference-app-manifest.md
Use the following comments section to provide feedback that helps refine and sha
[ADD-UPD-RMV-APP]:quickstart-v1-integrate-apps-with-azure-ad.md [AZURE-PORTAL]: https://portal.azure.com [DEV-GUIDE-TO-AUTH-WITH-ARM]: http://www.dushyantgill.com/blog/2015/05/23/developers-guide-to-auth-with-azure-resource-manager-api/
-[GRAPH-API]: active-directory-graph-api.md
+[GRAPH-API]: /graph/migrate-azure-ad-graph-planning-checklist
[IMPLICIT-GRANT]:v1-oauth2-implicit-grant-flow.md [INTEGRATING-APPLICATIONS-AAD]: ./quickstart-register-app.md [O365-PERM-DETAILS]: /graph/permissions-reference
-[RBAC-CLOUD-APPS-AZUREAD]: http://www.dushyantgill.com/blog/2014/12/10/roles-based-access-control-in-cloud-applications-using-azure-ad/
+[RBAC-CLOUD-APPS-AZUREAD]: http://www.dushyantgill.com/blog/2014/12/10/roles-based-access-control-in-cloud-applications-using-azure-ad/
active-directory Scenario Daemon Acquire Token https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/scenario-daemon-acquire-token.md
ResourceId = "someAppIDURI";
var scopes = new [] { ResourceId+"/.default"}; ```
+# [Java](#tab/java)
+
+```Java
+final static String GRAPH_DEFAULT_SCOPE = "https://graph.microsoft.com/.default";
+```
+
+# [Node.js](#tab/nodejs)
+
+```JavaScript
+const tokenRequest = {
+ scopes: [process.env.GRAPH_ENDPOINT + '.default'], // e.g. 'https://graph.microsoft.com/.default'
+};
+```
+ # [Python](#tab/python) In MSAL Python, the configuration file looks like this code snippet:
In MSAL Python, the configuration file looks like this code snippet:
} ```
-# [Java](#tab/java)
-
-```Java
-final static String GRAPH_DEFAULT_SCOPE = "https://graph.microsoft.com/.default";
-```
- ### Azure AD (v1.0) resources
catch (MsalServiceException ex) when (ex.Message.Contains("AADSTS70011"))
In MSAL.NET, `AcquireTokenForClient` uses the application token cache. (All the other AcquireToken*XX* methods use the user token cache.) Don't call `AcquireTokenSilent` before you call `AcquireTokenForClient`, because `AcquireTokenSilent` uses the *user* token cache. `AcquireTokenForClient` checks the *application* token cache itself and updates it.
-# [Python](#tab/python)
-
-```Python
-# The pattern to acquire a token looks like this.
-result = None
-
-# First, the code looks up a token from the cache.
-# Because we're looking for a token for the current app, not for a user,
-# use None for the account parameter.
-result = app.acquire_token_silent(config["scope"], account=None)
-
-if not result:
- logging.info("No suitable token exists in cache. Let's get a new one from AAD.")
- result = app.acquire_token_for_client(scopes=config["scope"])
-
-if "access_token" in result:
- # Call a protected API with the access token.
- print(result["token_type"])
-else:
- print(result.get("error"))
- print(result.get("error_description"))
- print(result.get("correlation_id")) # You might need this when reporting a bug.
-```
- # [Java](#tab/java) This code is extracted from the [MSAL Java dev samples](https://github.com/AzureAD/microsoft-authentication-library-for-java/blob/dev/src/samples/confidential-client/).
private static IAuthenticationResult acquireToken() throws Exception {
} ```
+# [Node.js](#tab/nodejs)
+
+The code snippet below illustrates token acquisition in an MSAL Node confidential client application:
+
+```JavaScript
+try {
+ const authResponse = await cca.acquireTokenByClientCredential(tokenRequest);
+ console.log(authResponse.accessToken) // display access token
+} catch (error) {
+ console.log(error);
+}
+```
+
+# [Python](#tab/python)
+
+```Python
+# The pattern to acquire a token looks like this.
+result = None
+
+# First, the code looks up a token from the cache.
+# Because we're looking for a token for the current app, not for a user,
+# use None for the account parameter.
+result = app.acquire_token_silent(config["scope"], account=None)
+
+if not result:
+ logging.info("No suitable token exists in cache. Let's get a new one from AAD.")
+ result = app.acquire_token_for_client(scopes=config["scope"])
+
+if "access_token" in result:
+ # Call a protected API with the access token.
+ print(result["token_type"])
+else:
+ print(result.get("error"))
+ print(result.get("error_description"))
+ print(result.get("correlation_id")) # You might need this when reporting a bug.
+```
+ ### Protocol
For details, see [Exposing application permissions (app roles)](scenario-protect
Move on to the next article in this scenario, [Calling a web API](./scenario-daemon-call-api.md?tabs=dotnet).
-# [Python](#tab/python)
+# [Java](#tab/java)
Move on to the next article in this scenario,
-[Calling a web API](./scenario-daemon-call-api.md?tabs=python).
+[Calling a web API](./scenario-daemon-call-api.md?tabs=java).
-# [Java](#tab/java)
+# [Node.js](#tab/nodejs)
Move on to the next article in this scenario,
-[Calling a web API](./scenario-daemon-call-api.md?tabs=java).
+[Calling a web API](./scenario-daemon-call-api.md?tabs=nodejs).
+
+# [Python](#tab/python)
+
+Move on to the next article in this scenario,
+[Calling a web API](./scenario-daemon-call-api.md?tabs=python).
active-directory Scenario Daemon App Configuration https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/scenario-daemon-app-configuration.md
Here's an example of defining the configuration in an [*appsettings.json*](https
You provide either a `ClientSecret` or a `CertificateName`. These settings are exclusive.
+# [Java](#tab/java)
+
+```Java
+ private final static String CLIENT_ID = "";
+ private final static String AUTHORITY = "https://login.microsoftonline.com/<tenant>/";
+ private final static String CLIENT_SECRET = "";
+ private final static Set<String> SCOPE = Collections.singleton("https://graph.microsoft.com/.default");
+```
+
+# [Node.js](#tab/nodejs)
+
+Configuration parameters for the [Node.js daemon sample](https://github.com/Azure-Samples/ms-identity-javascript-nodejs-console/) are located in an *.env* file:
+
+```Text
+# Credentials
+TENANT_ID=Enter_the_Tenant_Info_Here
+CLIENT_ID=Enter_the_Application_Id_Here
+CLIENT_SECRET=Enter_the_Client_Secret_Here
+
+# Endpoints
+AAD_ENDPOINT=Enter_the_Cloud_Instance_Id_Here
+GRAPH_ENDPOINT=Enter_the_Graph_Endpoint_Here
+```
+ # [Python](#tab/python) When you build a confidential client with client secrets, the [parameters.json](https://github.com/Azure-Samples/ms-identity-python-daemon/blob/master/1-Call-MsGraph-WithSecret/parameters.json) config file in the [Python daemon](https://github.com/Azure-Samples/ms-identity-python-daemon) sample is as follows:
When you build a confidential client with certificates, the [parameters.json](ht
} ```
-# [Java](#tab/java)
-
-```Java
- private final static String CLIENT_ID = "";
- private final static String AUTHORITY = "https://login.microsoftonline.com/<tenant>/";
- private final static String CLIENT_SECRET = "";
- private final static Set<String> SCOPE = Collections.singleton("https://graph.microsoft.com/.default");
-```
- ### Instantiate the MSAL application
using Microsoft.Identity.Client;
IConfidentialClientApplication app; ```
-# [Python](#tab/python)
-
-```python
-import msal
-import json
-import sys
-import logging
-```
- # [Java](#tab/java) ```java
import com.microsoft.aad.msal4j.MsalException;
import com.microsoft.aad.msal4j.SilentParameters; ```
+# [Node.js](#tab/nodejs)
+
+Simply install the packages by running `npm install` in the folder where *package.json* file resides. Then, import **msal-node** package:
+
+```JavaScript
+const msal = require('@azure/msal-node');
+```
+
+# [Python](#tab/python)
+
+```python
+import msal
+import json
+import sys
+import logging
+```
+ #### Instantiate the confidential client application with a client secret
public string Authority
} ```
-# [Python](#tab/python)
-
-```Python
-# Pass the parameters.json file as an argument to this Python script. E.g.: python your_py_file.py parameters.json
-config = json.load(open(sys.argv[1]))
-
-# Create a preferably long-lived app instance that maintains a token cache.
-app = msal.ConfidentialClientApplication(
- config["client_id"], authority=config["authority"],
- client_credential=config["secret"],
- # token_cache=... # Default cache is in memory only.
- # You can learn how to use SerializableTokenCache from
- # https://msal-python.rtfd.io/en/latest/#msal.SerializableTokenCache
- )
-```
- # [Java](#tab/java) ```Java
ConfidentialClientApplication cca =
.build(); ``` -
+# [Node.js](#tab/nodejs)
-#### Instantiate the confidential client application with a client certificate
+```JavaScript
-Here's the code to build an application with a certificate:
+const msalConfig = {
+ auth: {
+ clientId: process.env.CLIENT_ID,
+ authority: process.env.AAD_ENDPOINT + process.env.TENANT_ID,
+ clientSecret: process.env.CLIENT_SECRET,
+ }
+};
-# [.NET](#tab/dotnet)
+const apiConfig = {
+ uri: process.env.GRAPH_ENDPOINT + 'v1.0/users',
+};
-```csharp
-X509Certificate2 certificate = ReadCertificate(config.CertificateName);
-app = ConfidentialClientApplicationBuilder.Create(config.ClientId)
- .WithCertificate(certificate)
- .WithAuthority(new Uri(config.Authority))
- .Build();
+const tokenRequest = {
+ scopes: [process.env.GRAPH_ENDPOINT + '.default'],
+};
+
+const cca = new msal.ConfidentialClientApplication(msalConfig);
``` # [Python](#tab/python)
config = json.load(open(sys.argv[1]))
# Create a preferably long-lived app instance that maintains a token cache. app = msal.ConfidentialClientApplication( config["client_id"], authority=config["authority"],
- client_credential={"thumbprint": config["thumbprint"], "private_key": open(config['private_key_file']).read()},
+ client_credential=config["secret"],
# token_cache=... # Default cache is in memory only. # You can learn how to use SerializableTokenCache from # https://msal-python.rtfd.io/en/latest/#msal.SerializableTokenCache ) ``` ++
+#### Instantiate the confidential client application with a client certificate
+
+Here's the code to build an application with a certificate:
+
+# [.NET](#tab/dotnet)
+
+```csharp
+X509Certificate2 certificate = ReadCertificate(config.CertificateName);
+app = ConfidentialClientApplicationBuilder.Create(config.ClientId)
+ .WithCertificate(certificate)
+ .WithAuthority(new Uri(config.Authority))
+ .Build();
+```
# [Java](#tab/java) In MSAL Java, there are two builders to instantiate the confidential client application with certificates:
ConfidentialClientApplication cca =
.build(); ```
+# [Node.js](#tab/nodejs)
+
+The sample application does not implement initialization with certificates at the moment.
+
+# [Python](#tab/python)
+
+```Python
+# Pass the parameters.json file as an argument to this Python script. E.g.: python your_py_file.py parameters.json
+config = json.load(open(sys.argv[1]))
+
+# Create a preferably long-lived app instance that maintains a token cache.
+app = msal.ConfidentialClientApplication(
+ config["client_id"], authority=config["authority"],
+ client_credential={"thumbprint": config["thumbprint"], "private_key": open(config['private_key_file']).read()},
+ # token_cache=... # Default cache is in memory only.
+ # You can learn how to use SerializableTokenCache from
+ # https://msal-python.rtfd.io/en/latest/#msal.SerializableTokenCache
+ )
+```
+ #### Advanced scenario: Instantiate the confidential client application with client assertions
app = ConfidentialClientApplicationBuilder.Create(config.ClientId)
Again, for details, see [Client assertions](msal-net-client-assertions.md).
+# [Java](#tab/java)
+
+```Java
+IClientCredential credential = ClientCredentialFactory.createFromClientAssertion(assertion);
+
+ConfidentialClientApplication cca =
+ ConfidentialClientApplication
+ .builder(CLIENT_ID, credential)
+ .authority(AUTHORITY)
+ .build();
+```
+
+# [Node.js](#tab/nodejs)
+
+The sample application does not implement initialization with assertions at the moment.
+ # [Python](#tab/python) In MSAL Python, you can provide client claims by using the claims that will be signed by this `ConfidentialClientApplication`'s private key.
app = msal.ConfidentialClientApplication(
For details, see the MSAL Python reference documentation for [ConfidentialClientApplication](https://msal-python.readthedocs.io/en/latest/#msal.ClientApplication.__init__).
-# [Java](#tab/java)
-
-```Java
-IClientCredential credential = ClientCredentialFactory.createFromClientAssertion(assertion);
-
-ConfidentialClientApplication cca =
- ConfidentialClientApplication
- .builder(CLIENT_ID, credential)
- .authority(AUTHORITY)
- .build();
-```
- ## Next steps
ConfidentialClientApplication cca =
Move on to the next article in this scenario, [Acquire a token for the app](./scenario-daemon-acquire-token.md?tabs=dotnet).
-# [Python](#tab/python)
+# [Java](#tab/java)
Move on to the next article in this scenario,
-[Acquire a token for the app](./scenario-daemon-acquire-token.md?tabs=python).
+[Acquire a token for the app](./scenario-daemon-acquire-token.md?tabs=java).
-# [Java](#tab/java)
+# [Node.js](#tab/nodejs)
Move on to the next article in this scenario,
-[Acquire a token for the app](./scenario-daemon-acquire-token.md?tabs=java).
+[Acquire a token for the app](./scenario-daemon-acquire-token.md?tabs=nodejs).
+
+# [Python](#tab/python)
+
+Move on to the next article in this scenario,
+[Acquire a token for the app](./scenario-daemon-acquire-token.md?tabs=python).
active-directory Scenario Daemon Call Api https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/scenario-daemon-call-api.md
Here's how to use the token to call an API:
[!INCLUDE [Call web API in .NET](../../../includes/active-directory-develop-scenarios-call-apis-dotnet.md)]
-# [Python](#tab/python)
-
-```Python
-endpoint = "url to the API"
-http_headers = {'Authorization': 'Bearer ' + result['access_token'],
- 'Accept': 'application/json',
- 'Content-Type': 'application/json'}
-data = requests.get(endpoint, headers=http_headers, stream=False).json()
-```
- # [Java](#tab/java) ```Java
if(responseCode != HttpURLConnection.HTTP_OK) {
JSONObject responseObject = HttpClientHelper.processResponse(responseCode, response); ```
+# [Node.js](#tab/nodejs)
+
+Using an HTTP client like [Axios](https://www.npmjs.com/package/axios), call the API endpoint URI with an access token as the *authorization bearer*.
+
+```JavaScript
+const axios = require('axios');
+
+async function callApi(endpoint, accessToken) {
+
+ const options = {
+ headers: {
+ Authorization: `Bearer ${accessToken}`
+ }
+ };
+
+ console.log('request made to web API at: ' + new Date().toString());
+
+ try {
+ const response = await axios.default.get(endpoint, options);
+ return response.data;
+ } catch (error) {
+ console.log(error)
+ return error;
+ }
+};
+```
+
+# [Python](#tab/python)
+
+```Python
+endpoint = "url to the API"
+http_headers = {'Authorization': 'Bearer ' + result['access_token'],
+ 'Accept': 'application/json',
+ 'Content-Type': 'application/json'}
+data = requests.get(endpoint, headers=http_headers, stream=False).json()
+```
+ ## Calling several APIs
For daemon apps, the web APIs that you call need to be pre-approved. There's no
Move on to the next article in this scenario, [Move to production](./scenario-daemon-production.md?tabs=dotnet).
-# [Python](#tab/python)
+# [Java](#tab/java)
Move on to the next article in this scenario,
-[Move to production](./scenario-daemon-production.md?tabs=python).
+[Move to production](./scenario-daemon-production.md?tabs=java).
-# [Java](#tab/java)
+# [Node.js](#tab/nodejs)
Move on to the next article in this scenario,
-[Move to production](./scenario-daemon-production.md?tabs=java).
+[Move to production](./scenario-daemon-production.md?tabs=nodejs).
+
+# [Python](#tab/python)
+
+Move on to the next article in this scenario,
+[Move to production](./scenario-daemon-production.md?tabs=python).
active-directory Scenario Daemon Production https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/scenario-daemon-production.md
You'll need to explain to your customers how to perform these operations. For mo
![topology](media/scenario-daemon-app/damon-app-sample-web.svg)
+# [Java](#tab/java)
+
+Try the quickstart [Acquire a token and call Microsoft Graph API from a Java console app using app's identity](quickstart-v2-java-daemon.md).
+
+# [Node.js](#tab/nodejs)
+
+- For more information, see:
+ - Understanding [Configuration](https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-node/docs/configuration.md)
+ - Instantiating [ConfidentialClientApplication](https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-node/docs/initialize-confidential-client-application.md)
+ - [FAQ](https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-node/docs/faq.md)
+- Other samples/tutorials:
+ - [MSAL Node console daemon sample](https://github.com/Azure-Samples/ms-identity-javascript-nodejs-console)
+
+# [Python](#tab/python)
+
+Try the quickstart [Acquire a token and call Microsoft Graph API from a Python console app using app's identity](quickstart-v2-python-daemon.md).
+ ## Next steps Here are a few links to help you learn more:
-# [Python](#tab/python)
+# [.NET](#tab/dotnet)
-Try the quickstart [Acquire a token and call Microsoft Graph API from a Python console app using app's identity](./quickstart-v2-python-daemon.md).
+Try the quickstart [Acquire a token and call Microsoft Graph API from a .NET Core console app using app's identity](quickstart-v2-netcore-daemon.md).
# [Java](#tab/java)
-Try the quickstart [Acquire a token and call Microsoft Graph API from a Java console app using app's identity](./quickstart-v2-java-daemon.md).
+Try the quickstart [Acquire a token and call Microsoft Graph API from a Java console app using app's identity](quickstart-v2-java-daemon.md).
+
+# [Node.js](#tab/nodejs)
+
+Try the quickstart [Acquire a token and call Microsoft Graph API from a Node.js console app using app's identity](quickstart-v2-nodejs-console.md).
+
+# [Python](#tab/python)
+
+Try the quickstart [Acquire a token and call Microsoft Graph API from a Python console app using app's identity](quickstart-v2-python-daemon.md).
active-directory Scenario Web App Sign User App Configuration https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/scenario-web-app-sign-user-app-configuration.md
Code snippets in this article and the following are extracted from the [Java web
You might want to refer to this sample for full implementation details.
+# [Node.js](#tab/nodejs)
+
+Code snippets in this article and the following are extracted from the [Node.js web application signing users in](https://github.com/Azure-Samples/ms-identity-node) sample in MSAL Node.
+
+You might want to refer to this sample for full implementation details.
+ # [Python](#tab/python) Code snippets in this article and the following are extracted from the [Python web application calling Microsoft graph](https://github.com/Azure-Samples/ms-identity-python-webapp) sample in MSAL Python.
aad.redirectUriGraph=http://localhost:8080/msal4jsample/graph/me
In the Azure portal, the reply URIs that you register on the **Authentication** page for your application need to match the `redirectUri` instances that the application defines. That is, they should be `http://localhost:8080/msal4jsample/secure/aad` and `http://localhost:8080/msal4jsample/graph/me`.
+# [Node.js](#tab/nodejs)
+
+Here, the configuration parameters reside in `index.js`
+
+```javascript
+
+const REDIRECT_URI = "http://localhost:3000/redirect";
+
+const config = {
+ auth: {
+ clientId: "Enter_the_Application_Id_Here",
+ authority: "https://login.microsoftonline.com/Enter_the_Tenant_Info_Here/",
+ clientSecret: "Enter_the_Client_Secret_Here"
+ },
+ system: {
+ loggerOptions: {
+ loggerCallback(loglevel, message, containsPii) {
+ console.log(message);
+ },
+ piiLoggingEnabled: false,
+ logLevel: msal.LogLevel.Verbose,
+ }
+ }
+};
+```
+
+In the Azure portal, the reply URIs that you register on the Authentication page for your application need to match the redirectUri instances that the application defines (`http://localhost:3000/redirect`).
+
+> [!NOTE]
+> This quickstart proposes to store the client secret in the configuration file for simplicity. In your production app, you'd want to use other ways to store your secret, such as a key vault or an environment variable.
+ # [Python](#tab/python) Here's the Python configuration file in [app_config.py](https://github.com/Azure-Samples/ms-identity-python-webapp/blob/0.1.0/app_config.py):
For details, see the `doFilter()` method in [AuthFilter.java](https://github.com
For details about the authorization code flow that this method triggers, see the [Microsoft identity platform and OAuth 2.0 authorization code flow](v2-oauth2-auth-code-flow.md).
+# [Node.js](#tab/nodejs)
+
+```javascript
+const msal = require('@azure/msal-node');
+
+// Create msal application object
+const cca = new msal.ConfidentialClientApplication(config);
+```
+ # [Python](#tab/python) The Python sample uses Flask. The initialization of Flask and MSAL Python is done in [app.py#L1-L28](https://github.com/Azure-Samples/ms-identity-python-webapp/blob/e03be352914bfbd58be0d4170eba1fb7a4951d84/app.py#L1-L28).
Move on to the next article in this scenario,
Move on to the next article in this scenario, [Sign in and sign out](./scenario-web-app-sign-user-sign-in.md?tabs=java).
+# [Node.js](#tab/nodejs)
+
+Move on to the next article in this scenario,
+[Sign in](./scenario-web-app-sign-user-sign-in.md?tabs=nodejs).
+ # [Python](#tab/python) Move on to the next article in this scenario,
active-directory Scenario Web App Sign User App Registration https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/scenario-web-app-sign-user-app-registration.md
By default, the sample uses:
1. Select **Add**. 1. When the key value appears, copy it for later. This value will not be displayed again or be retrievable by any other means.
+# [Node.js](#tab/nodejs)
+
+1. When the **Register an application page** appears, enter your application's registration information:
+ 1. Enter a **Name** for your application, for example `node-webapp`. Users of your app might see this name, and you can change it later.
+ 1. Change **Supported account types** to **Accounts in any organizational directory and personal Microsoft accounts (e.g. Skype, Xbox, Outlook.com)**.
+ 1. In the **Redirect URI (optional)** section, select **Web** in the combo box and enter the following redirect URI: `http://localhost:3000/redirect`.
+ 1. Select **Register** to create the application.
+1. On the app's **Overview** page, find the **Application (client) ID** value and record it for later. You'll need it to configure the configuration file for this project.
+1. Under **Manage**, select **Certificates & secrets**.
+1. In the **Client Secrets** section, select **New client secret**, and then:
+ 1. Enter a key description.
+ 1. Select a key duration of **In 1 year**.
+ 1. Select **Add**.
+ 1. When the key value appears, copy it. You'll need it later.
+ # [Python](#tab/python) 1. When the **Register an application page** appears, enter your application's registration information:
active-directory Scenario Web App Sign User Overview https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/scenario-web-app-sign-user-overview.md
If you're a Java developer, try the following quickstart:
[Quickstart: Add sign-in with Microsoft to a Java web app](quickstart-v2-java-webapp.md)
+# [Node.js](#tab/nodejs)
+
+If you're a Node.js developer, try the following quickstart:
+
+[Quickstart: Add sign-in with Microsoft to a Node.js web app](quickstart-v2-nodejs-webapp-msal.md)
+ # [Python](#tab/python) If you develop with Python, try the following quickstart:
Web apps authenticate a user in a web browser. In this scenario, the web app dir
As a second phase, you can enable your application to call web APIs on behalf of the signed-in user. This next phase is a different scenario, which you'll find in [Web app that calls web APIs](scenario-web-app-call-api-overview.md). > [!NOTE]
-> Adding sign-in to a web app is about protecting the web app and validating a user token, which is what **middleware** libraries do. In the case of .NET, this scenario does not yet require the Microsoft Authentication Library (MSAL), which is about acquiring a token to call protected APIs. Authentication libraries will be introduced in the follow-up scenario, when the web app needs to call web APIs.
+> Adding sign-in to a web app is about protecting the web app and validating a user token, which is what **middleware** libraries do. In the case of .NET, this scenario does not yet require the Microsoft Authentication Library (MSAL), which is about acquiring a token to call protected APIs. Authentication libraries for .NET will be introduced in the follow-up scenario, when the web app needs to call web APIs.
## Specifics
Move on to the next article in this scenario,
Move on to the next article in this scenario, [App registration](./scenario-web-app-sign-user-app-registration.md?tabs=java).
+# [Node.js](#tab/nodejs)
+
+Move on to the next article in this scenario,
+[App registration](./scenario-web-app-sign-user-app-registration.md?tabs=nodejs).
+ # [Python](#tab/python) Move on to the next article in this scenario,
active-directory Scenario Web App Sign User Production https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/scenario-web-app-sign-user-production.md
This progressive tutorial has production-ready code for a web app, including how
- [Azure AD B2C](../../active-directory-b2c/overview.md) - National clouds
+## Tutorial: Node.js web app
+
+Learn more about the Node.js web in this tutorial:
+
+[Tutorial: Sign-in users in a Node.js & Express web app](https://docs.microsoft.com/azure/active-directory/develop/tutorial-v2-nodejs-webapp-msal)
+ ## Sample code: Java web app Learn more about the Java web app from this sample on GitHub:
active-directory Scenario Web App Sign User Sign In https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/scenario-web-app-sign-user-sign-in.md
In our Java quickstart, the sign-in button is located in the [main/resources/tem
</html> ```
+# [Node.js](#tab/nodejs)
+
+In the Node.js quickstart, there's no sign-in button. The code-behind automatically prompts the user for sign-in when it's reaching the root of the web app.
+
+```javascript
+app.get('/', (req, res) => {
+ // authentication logic
+});
+```
+ # [Python](#tab/python) In the Python quickstart, there's no sign-in button. The code-behind automatically prompts the user for sign-in when it's reaching the root of the web app. See [app.py#L14-L18](https://github.com/Azure-Samples/ms-identity-python-webapp/blob/0.1.0/app.py#L14-L18).
public class AuthPageController {
// More code omitted for simplicity ```
+# [Node.js](#tab/nodejs)
+
+Unlike other platforms, here the MSAL Node takes care of letting the user sign in from the login page.
+
+```javascript
+
+// 1st leg of auth code flow: acquire a code
+app.get('/', (req, res) => {
+ const authCodeUrlParameters = {
+ scopes: ["user.read"],
+ redirectUri: REDIRECT_URI,
+ };
+
+ // get url to sign user in and consent to scopes needed for application
+ pca.getAuthCodeUrl(authCodeUrlParameters).then((response) => {
+ res.redirect(response);
+ }).catch((error) => console.log(JSON.stringify(error)));
+});
+
+// 2nd leg of auth code flow: exchange code for token
+app.get('/redirect', (req, res) => {
+ const tokenRequest = {
+ code: req.query.code,
+ scopes: ["user.read"],
+ redirectUri: REDIRECT_URI,
+ };
+
+ pca.acquireTokenByCode(tokenRequest).then((response) => {
+ console.log("\nResponse: \n:", response);
+ res.sendStatus(200);
+ }).catch((error) => {
+ console.log(error);
+ res.status(500).send(error);
+ });
+});
+```
+ # [Python](#tab/python) Unlike other platforms, MSAL Python takes care of letting the user sign in from the login page. See [app.py#L20-L28](https://github.com/Azure-Samples/ms-identity-python-webapp/blob/e03be352914bfbd58be0d4170eba1fb7a4951d84/app.py#L20-L28).
During the application registration, you don't need to register an extra front-c
No front-channel logout URL is required in the application registration.
+# [Node.js](#tab/nodejs)
+
+No front-channel logout URL is required in the application registration.
+ # [Python](#tab/python) During the application registration, you don't need to register an extra front-channel logout URL. The app will be called back on its main URL.
In our Java quickstart, the sign-out button is located in the main/resources/tem
... ```
+# [Node.js](#tab/nodejs)
+
+This sample application does not implement sign-out.
+ # [Python](#tab/python) In the Python quickstart, the sign-out button is located in the [templates/https://docsupdatetracker.net/index.html#L10](https://github.com/Azure-Samples/ms-identity-python-webapp/blob/e03be352914bfbd58be0d4170eba1fb7a4951d84/templates/https://docsupdatetracker.net/index.html#L10) file.
In Java, sign-out is handled by calling the Microsoft identity platform `logout`
} ```
+# [Node.js](#tab/nodejs)
+
+This sample application does not implement sign-out.
+ # [Python](#tab/python) The code that signs out the user is in [app.py#L46-L52](https://github.com/Azure-Samples/ms-identity-python-webapp/blob/48637475ed7d7733795ebeac55c5d58663714c60/app.py#L47-L48).
public class AccountController : Controller
In the Java quickstart, the post-logout redirect URI just displays the https://docsupdatetracker.net/index.html page.
+# [Node.js](#tab/nodejs)
+
+This sample application does not implement sign-out.
+ # [Python](#tab/python) In the Python quickstart, the post-logout redirect URI just displays the https://docsupdatetracker.net/index.html page.
active-directory Licensing Service Plan Reference https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/enterprise-users/licensing-service-plan-reference.md
When managing licenses in [the Azure portal](https://portal.azure.com/#blade/Mic
- **Service plans included (friendly names)**: A list of service plans (friendly names) in the product that correspond to the string ID and GUID >[!NOTE]
->This information is accurate as of February 2021.
+>This information is accurate as of March 2021.
| Product name | String ID | GUID | Service plans included | Service plans included (friendly names) | | | | | | |
When managing licenses in [the Azure portal](https://portal.azure.com/#blade/Mic
| EXCHANGE ONLINE ARCHIVING FOR EXCHANGE ONLINE | EXCHANGEARCHIVE_ADDON | ee02fd1b-340e-4a4b-b355-4a514e4c8943 | EXCHANGE_S_ARCHIVE_ADDON (176a09a6-7ec5-4039-ac02-b2791c6ba793) | EXCHANGE ONLINE ARCHIVING FOR EXCHANGE ONLINE (176a09a6-7ec5-4039-ac02-b2791c6ba793) | | EXCHANGE ONLINE ARCHIVING FOR EXCHANGE SERVER | EXCHANGEARCHIVE | 90b5e015-709a-4b8b-b08e-3200f994494c | EXCHANGE_S_ARCHIVE (da040e0a-b393-4bea-bb76-928b3fa1cf5a) | EXCHANGE ONLINE ARCHIVING FOR EXCHANGE SERVER (da040e0a-b393-4bea-bb76-928b3fa1cf5a) | | EXCHANGE ONLINE ESSENTIALS | EXCHANGEESSENTIALS | 7fc0182e-d107-4556-8329-7caaa511197b | EXCHANGE_S_STANDARD (9aaf7827-d63c-4b61-89c3-182f06f82e5c) | EXCHANGE ONLINE (PLAN 1) (9aaf7827-d63c-4b61-89c3-182f06f82e5c)|
-| EXCHANGE ONLINE ESSENTIALS | EXCHANGE_S_ESSENTIALS | e8f81a67-bd96-4074-b108-cf193eb9433b | EXCHANGE_S_ESSENTIALS (1126bef5-da20-4f07-b45e-ad25d2581aa8) | EXCHANGE_S_ESSENTIALS (1126bef5-da20-4f07-b45e-ad25d2581aa8) |
+| EXCHANGE ONLINE ESSENTIALS | EXCHANGE_S_ESSENTIALS | e8f81a67-bd96-4074-b108-cf193eb9433b | EXCHANGE_S_ESSENTIALS (1126bef5-da20-4f07-b45e-ad25d2581aa8)<br/>BPOS_S_TODO_1 (5e62787c-c316-451f-b873-1d05acd4d12c) | EXCHANGE ESSENTIALS (1126bef5-da20-4f07-b45e-ad25d2581aa8)<br/>TO-DO (PLAN 1) (5e62787c-c316-451f-b873-1d05acd4d12c) |
| EXCHANGE ONLINE KIOSK | EXCHANGEDESKLESS | 80b2d799-d2ba-4d2a-8842-fb0d0f3a4b82 | EXCHANGE_S_DESKLESS (4a82b400-a79f-41a4-b4e2-e94f5787b113) | EXCHANGE ONLINE KIOSK (4a82b400-a79f-41a4-b4e2-e94f5787b113) | | EXCHANGE ONLINE POP | EXCHANGETELCO | cb0a98a8-11bc-494c-83d9-c1b1ac65327e | EXCHANGE_B_STANDARD (90927877-dcff-4af6-b346-2332c0b15bb7) | EXCHANGE ONLINE POP (90927877-dcff-4af6-b346-2332c0b15bb7) | | INTUNE | INTUNE_A | 061f9ace-7d42-4136-88ac-31dc755f143f | INTUNE_A (c1ec4a95-1f05-45b3-a911-aa3fa01094f5) | MICROSOFT INTUNE (c1ec4a95-1f05-45b3-a911-aa3fa01094f5) | | Microsoft 365 A1 | M365EDU_A1 | b17653a4-2443-4e8c-a550-18249dda78bb | AAD_EDU (3a3976ce-de18-4a87-a78e-5e9245e252df)<br/>INTUNE_EDU (da24caf9-af8e-485c-b7c8-e73336da2693)<br/>INTUNE_A (c1ec4a95-1f05-45b3-a911-aa3fa01094f5)<br/>WINDOWS_STORE (a420f25f-a7b3-4ff5-a9d0-5d58f73b537d) | Azure Active Directory for Education (3a3976ce-de18-4a87-a78e-5e9245e252df)<br/>Intune for Education (da24caf9-af8e-485c-b7c8-e73336da2693)<br/>Microsoft Intune (c1ec4a95-1f05-45b3-a911-aa3fa01094f5)<br/>Windows Store Service (a420f25f-a7b3-4ff5-a9d0-5d58f73b537d) |
-| Microsoft 365 A3 for faculty | M365EDU_A3_FACULTY | 4b590615-0888-425a-a965-b3bf7789848d | AAD_BASIC_EDU (1d0f309f-fdf9-4b2a-9ae7-9c48b91f1426)<br/>AAD_PREMIUM (41781fb2-bc02-4b7c-bd55-b576c07bb09d)<br/>RMS_S_PREMIUM (6c57d4b6-3b23-47a5-9bc9-69f17b4947b3)<br/>RMS_S_ENTERPRISE (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>ADALLOM_S_DISCOVERY (932ad362-64a8-4783-9106-97849a1a30b9)<br/>EducationAnalyticsP1 (a9b86446-fa4e-498f-a92a-41b447e03337)<br/>EXCHANGE_S_ENTERPRISE (efb87545-963c-4e0d-99df-69c6916d9eb0)<br/>FLOW_O365_P2 (76846ad7-7776-4c40-a281-a386362dd1b9)<br/>MIP_S_CLP1 (5136a095-5cf0-4aff-bec3-e84448b38ea5)<br/>MYANALYTICS_P2 (33c4f319-9bdd-48d6-9c4d-410b750a4a5a)<br/>INTUNE_EDU (da24caf9-af8e-485c-b7c8-e73336da2693)<br/>MFA_PREMIUM (8a256a2b-b617-496d-b51b-e76466e88db0)<br/>MICROSOFTBOOKINGS (199a5c09-e0ca-4e37-8f7c-b05d533e1ea2)<br/>OFFICE_FORMS_PLAN_2 (9b5de886-f035-4ff2-b3d8-c9127bea3620)<br/>INTUNE_A (c1ec4a95-1f05-45b3-a911-aa3fa01094f5)<br/>KAIZALA_O365_P3 (aebd3021-9f8f-4bf8-bbe3-0ed2f4f047a1)<br/>PROJECTWORKMANAGEMENT (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>MICROSOFT_SEARCH (94065c59-bc8e-4e8b-89e5-5138d471eaff)<br/>Deskless (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>STREAM_O365_E3 (9e700747-8b1d-45e5-ab8d-ef187ceec156)<br/>TEAMS1 (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>MINECRAFT_EDUCATION_EDITION (4c246bbc-f513-4311-beff-eba54c353256)<br/>INTUNE_O365 (882e1d05-acd1-4ccb-8708-6ee03664b117)<br/>ADALLOM_S_O365 (8c098270-9dd4-4350-9b30-ba4703f3b36b)<br/>OFFICESUBSCRIPTION (43de0ff5-c92c-492b-9116-175376d08c38)<br/>SHAREPOINTWAC_EDU (e03c7e47-402c-463c-ab25-949079bedb21)<br/>POWERAPPS_O365_P2 (c68f8d98-5534-41c8-bf36-22fa496fa792)<br/>SCHOOL_DATA_SYNC_P2 (500b6a2a-7a50-4f40-b5f9-160e5b8c2f48)<br/>SHAREPOINTENTERPRISE_EDU (63038b2c-28d0-45f6-bc36-33062963b498)<br/>MCOSTANDARD (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>BPOS_S_TODO_2 (c87f142c-d1e9-4363-8630-aaea9c4d9ae5)<br/>WHITEBOARD_PLAN2 (94a54592-cd8b-425e-87c6-97868b000b91)<br/>Virtualization Rights for Windows 10 (E3/E5+VDA) (e7c91390-7625-45be-94e0-e16907e03118)<br/>YAMMER_EDU (2078e8df-cff6-4290-98cb-5408261a760a) | Azure Active Directory Basic for EDU (1d0f309f-fdf9-4b2a-9ae7-9c48b91f1426)<br/>Azure Active Directory Premium P1 (41781fb2-bc02-4b7c-bd55-b576c07bb09d)<br/>Azure Information Protection Premium P1 (6c57d4b6-3b23-47a5-9bc9-69f17b4947b3)<br/>Azure Rights Management (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>Cloud App Security Discovery (932ad362-64a8-4783-9106-97849a1a30b9)<br/>Education Analytics (a9b86446-fa4e-498f-a92a-41b447e03337)<br/>Exchange Online (Plan 2) (efb87545-963c-4e0d-99df-69c6916d9eb0)<br/>Flow for Office 365 (76846ad7-7776-4c40-a281-a386362dd1b9)<br/>Information Protection for Office 365 - Standard (5136a095-5cf0-4aff-bec3-e84448b38ea5)<br/>Insights by MyAnalytics (33c4f319-9bdd-48d6-9c4d-410b750a4a5a)<br/>Intune for Education (da24caf9-af8e-485c-b7c8-e73336da2693)<br/>Microsoft Azure Multi-Factor Authentication (8a256a2b-b617-496d-b51b-e76466e88db0)<br/>Microsoft Bookings (199a5c09-e0ca-4e37-8f7c-b05d533e1ea2)<br/>Microsoft Forms (Plan 2) (9b5de886-f035-4ff2-b3d8-c9127bea3620)<br/>Microsoft Intune (c1ec4a95-1f05-45b3-a911-aa3fa01094f5)<br/>Microsoft Kaizala Pro Plan 3 (aebd3021-9f8f-4bf8-bbe3-0ed2f4f047a1)<br/>Microsoft Planner (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>Microsoft Search (94065c59-bc8e-4e8b-89e5-5138d471eaff)<br/>Microsoft StaffHub (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>Microsoft Stream for O365 E3 SKU (9e700747-8b1d-45e5-ab8d-ef187ceec156)<br/>Microsoft Teams (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>Minecraft Education Edition (4c246bbc-f513-4311-beff-eba54c353256)<br/>Mobile Device Management for Office 365 (882e1d05-acd1-4ccb-8708-6ee03664b117)<br/>Office 365 Advanced Security Management (8c098270-9dd4-4350-9b30-ba4703f3b36b)<br/>Office 365 ProPlus (43de0ff5-c92c-492b-9116-175376d08c38)<br/>Office for the web (Education) (e03c7e47-402c-463c-ab25-949079bedb21)<br/>PowerApps for Office 365 (c68f8d98-5534-41c8-bf36-22fa496fa792)<br/>School Data Sync (Plan 2) (500b6a2a-7a50-4f40-b5f9-160e5b8c2f48)<br/>SharePoint Plan 2 for EDU (63038b2c-28d0-45f6-bc36-33062963b498)<br/>Skype for Business Online (Plan 2) (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>Sway (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>To-Do (Plan 2) (c87f142c-d1e9-4363-8630-aaea9c4d9ae5)<br/>Whiteboard (Plan 2) (94a54592-cd8b-425e-87c6-97868b000b91)<br/>Windows 10 Enterprise (New) (e7c91390-7625-45be-94e0-e16907e03118)<br/>Yammer for Academic (2078e8df-cff6-4290-98cb-5408261a760a) |
-| Microsoft 365 A3 for students | M365EDU_A3_STUDENT | 7cfd9a2b-e110-4c39-bf20-c6a3f36a3121 | AAD_BASIC_EDU (1d0f309f-fdf9-4b2a-9ae7-9c48b91f1426)<br/>AAD_PREMIUM (41781fb2-bc02-4b7c-bd55-b576c07bb09d)<br/>RMS_S_PREMIUM (6c57d4b6-3b23-47a5-9bc9-69f17b4947b3)<br/>RMS_S_ENTERPRISE (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>ADALLOM_S_DISCOVERY (932ad362-64a8-4783-9106-97849a1a30b9)<br/>EducationAnalyticsP1 (a9b86446-fa4e-498f-a92a-41b447e03337)<br/>EXCHANGE_S_ENTERPRISE (efb87545-963c-4e0d-99df-69c6916d9eb0)<br/>FLOW_O365_P2 (76846ad7-7776-4c40-a281-a386362dd1b9)<br/>MIP_S_CLP1 (5136a095-5cf0-4aff-bec3-e84448b38ea5)<br/>MYANALYTICS_P2 (33c4f319-9bdd-48d6-9c4d-410b750a4a5a)<br/>INTUNE_EDU (da24caf9-af8e-485c-b7c8-e73336da2693)<br/>MFA_PREMIUM (8a256a2b-b617-496d-b51b-e76466e88db0)<br/>MICROSOFTBOOKINGS (199a5c09-e0ca-4e37-8f7c-b05d533e1ea2)<br/>OFFICE_FORMS_PLAN_2 (9b5de886-f035-4ff2-b3d8-c9127bea3620)<br/>INTUNE_A (c1ec4a95-1f05-45b3-a911-aa3fa01094f5)<br/>KAIZALA_O365_P3 (aebd3021-9f8f-4bf8-bbe3-0ed2f4f047a1)<br/>PROJECTWORKMANAGEMENT (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>MICROSOFT_SEARCH (94065c59-bc8e-4e8b-89e5-5138d471eaff)<br/>Deskless (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>STREAM_O365_E3 (9e700747-8b1d-45e5-ab8d-ef187ceec156)<br/>TEAMS1 (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>MINECRAFT_EDUCATION_EDITION (4c246bbc-f513-4311-beff-eba54c353256)<br/>INTUNE_O365 (882e1d05-acd1-4ccb-8708-6ee03664b117)<br/>ADALLOM_S_O365 (8c098270-9dd4-4350-9b30-ba4703f3b36b)<br/>OFFICESUBSCRIPTION (43de0ff5-c92c-492b-9116-175376d08c38)<br/>SHAREPOINTWAC_EDU (e03c7e47-402c-463c-ab25-949079bedb21)<br/>POWERAPPS_O365_P2 (c68f8d98-5534-41c8-bf36-22fa496fa792)<br/>SCHOOL_DATA_SYNC_P2 (500b6a2a-7a50-4f40-b5f9-160e5b8c2f48)<br/>SHAREPOINTENTERPRISE_EDU (63038b2c-28d0-45f6-bc36-33062963b498)<br/>MCOSTANDARD (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>BPOS_S_TODO_2 (c87f142c-d1e9-4363-8630-aaea9c4d9ae5)<br/>WHITEBOARD_PLAN2 (94a54592-cd8b-425e-87c6-97868b000b91)<br/>Virtualization Rights for Windows 10 (E3/E5+VDA) (e7c91390-7625-45be-94e0-e16907e03118)<br/>YAMMER_EDU (2078e8df-cff6-4290-98cb-5408261a760a) | Azure Active Directory Basic for EDU (1d0f309f-fdf9-4b2a-9ae7-9c48b91f1426)<br/>Azure Active Directory Premium P1 (41781fb2-bc02-4b7c-bd55-b576c07bb09d)<br/>Azure Information Protection Premium P1 (6c57d4b6-3b23-47a5-9bc9-69f17b4947b3)<br/>Azure Rights Management (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>Cloud App Security Discovery (932ad362-64a8-4783-9106-97849a1a30b9)<br/>Education Analytics (a9b86446-fa4e-498f-a92a-41b447e03337)<br/>Exchange Online (Plan 2) (efb87545-963c-4e0d-99df-69c6916d9eb0)<br/>Flow for Office 365 (76846ad7-7776-4c40-a281-a386362dd1b9)<br/>Information Protection for Office 365 - Standard (5136a095-5cf0-4aff-bec3-e84448b38ea5)<br/>Insights by MyAnalytics (33c4f319-9bdd-48d6-9c4d-410b750a4a5a)<br/>Intune for Education (da24caf9-af8e-485c-b7c8-e73336da2693)<br/>Microsoft Azure Multi-Factor Authentication (8a256a2b-b617-496d-b51b-e76466e88db0)<br/>Microsoft Bookings (199a5c09-e0ca-4e37-8f7c-b05d533e1ea2)<br/>Microsoft Forms (Plan 2) (9b5de886-f035-4ff2-b3d8-c9127bea3620)<br/>Microsoft Intune (c1ec4a95-1f05-45b3-a911-aa3fa01094f5)<br/>Microsoft Kaizala Pro Plan 3 (aebd3021-9f8f-4bf8-bbe3-0ed2f4f047a1)<br/>Microsoft Planner (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>Microsoft Search (94065c59-bc8e-4e8b-89e5-5138d471eaff)<br/>Microsoft StaffHub (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>Microsoft Stream for O365 E3 SKU (9e700747-8b1d-45e5-ab8d-ef187ceec156)<br/>Microsoft Teams (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>Minecraft Education Edition (4c246bbc-f513-4311-beff-eba54c353256)<br/>Mobile Device Management for Office 365 (882e1d05-acd1-4ccb-8708-6ee03664b117)<br/>Office 365 Advanced Security Management (8c098270-9dd4-4350-9b30-ba4703f3b36b)<br/>Office 365 ProPlus (43de0ff5-c92c-492b-9116-175376d08c38)<br/>Office for the web (Education) (e03c7e47-402c-463c-ab25-949079bedb21)<br/>PowerApps for Office 365 (c68f8d98-5534-41c8-bf36-22fa496fa792)<br/>School Data Sync (Plan 2) (500b6a2a-7a50-4f40-b5f9-160e5b8c2f48)<br/>SharePoint Plan 2 for EDU (63038b2c-28d0-45f6-bc36-33062963b498)<br/>Skype for Business Online (Plan 2) (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>Sway (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>To-Do (Plan 2) (c87f142c-d1e9-4363-8630-aaea9c4d9ae5)<br/>Whiteboard (Plan 2) (94a54592-cd8b-425e-87c6-97868b000b91)<br/>Windows 10 Enterprise (New) (e7c91390-7625-45be-94e0-e16907e03118)<br/>Yammer for Academic (2078e8df-cff6-4290-98cb-5408261a760a) |
-| Microsoft 365 A5 for faculty | M365EDU_A5_FACULTY | e97c048c-37a4-45fb-ab50-922fbf07a370 | AAD_BASIC_EDU (1d0f309f-fdf9-4b2a-9ae7-9c48b91f1426)<br/>AAD_PREMIUM (41781fb2-bc02-4b7c-bd55-b576c07bb09d)<br/>AAD_PREMIUM_P2 (eec0eb4f-6444-4f95-aba0-50c24d67f998)<br/>ATA (14ab5db5-e6c4-4b20-b4bc-13e36fd2227f)<br/>RMS_S_PREMIUM (6c57d4b6-3b23-47a5-9bc9-69f17b4947b3)<br/>RMS_S_PREMIUM2 (5689bec4-755d-4753-8b61-40975025187c)<br/>RMS_S_ENTERPRISE (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>LOCKBOX_ENTERPRISE (9f431833-0334-42de-a7dc-70aa40db46db)<br/>EducationAnalyticsP1 (a9b86446-fa4e-498f-a92a-41b447e03337)<br/>EXCHANGE_S_ENTERPRISE (efb87545-963c-4e0d-99df-69c6916d9eb0)<br/>FLOW_O365_P3 (07699545-9485-468e-95b6-2fca3738be01)<br/>INFORMATION_BARRIERS (c4801e8a-cb58-4c35-aca6-f2dcc106f287)<br/>MIP_S_CLP2 (efb0351d-3b08-4503-993d-383af8de41e3)<br/>MIP_S_CLP1 (5136a095-5cf0-4aff-bec3-e84448b38ea5)<br/>INTUNE_EDU (da24caf9-af8e-485c-b7c8-e73336da2693)<br/>M365_ADVANCED_AUDITING (2f442157-a11c-46b9-ae5b-6e39ff4e5849)<br/>MCOMEETADV (3e26ee1f-8a5f-4d52-aee2-b81ce45c8f40)<br/>MCOEV (4828c8ec-dc2e-4779-b502-87ac9ce28ab7)<br/>MFA_PREMIUM (8a256a2b-b617-496d-b51b-e76466e88db0)<br/>MICROSOFTBOOKINGS (199a5c09-e0ca-4e37-8f7c-b05d533e1ea2)<br/>ADALLOM_S_STANDALONE (2e2ddb96-6af9-4b1d-a3f0-d6ecfd22edb2)<br/>WINDEFATP (871d91ec-ec1a-452b-a83f-bd76c7d770ef)<br/>OFFICE_FORMS_PLAN_3 (96c1e14a-ef43-418d-b115-9636cdaa8eed)<br/>INTUNE_A (c1ec4a95-1f05-45b3-a911-aa3fa01094f5)<br/>KAIZALA_STANDALONE (0898bdbb-73b0-471a-81e5-20f1fe4dd66e)<br/>EXCHANGE_ANALYTICS (34c0d7a0-a70f-4668-9238-47f9fc208882)<br/>PROJECTWORKMANAGEMENT (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>MICROSOFT_SEARCH (94065c59-bc8e-4e8b-89e5-5138d471eaff)<br/>Deskless (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>STREAM_O365_E5 (6c6042f5-6f01-4d67-b8c1-eb99d36eed3e)<br/>TEAMS1 (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>MINECRAFT_EDUCATION_EDITION (4c246bbc-f513-4311-beff-eba54c353256)<br/>INTUNE_O365 (882e1d05-acd1-4ccb-8708-6ee03664b117)<br/>EQUIVIO_ANALYTICS (4de31727-a228-4ec3-a5bf-8e45b5ca48cc)<br/>ADALLOM_S_O365 (8c098270-9dd4-4350-9b30-ba4703f3b36b)<br/>ATP_ENTERPRISE (f20fedf3-f3c3-43c3-8267-2bfdd51c0939)<br/>THREAT_INTELLIGENCE (8e0c0a52-6a6c-4d40-8370-dd62790dcd70)<br/>PAM_ENTERPRISE (b1188c4c-1b36-4018-b48b-ee07604f6feb)<br/>OFFICESUBSCRIPTION (43de0ff5-c92c-492b-9116-175376d08c38)<br/>SAFEDOCS (bf6f5520-59e3-4f82-974b-7dbbc4fd27c7)<br/>SHAREPOINTWAC_EDU (e03c7e47-402c-463c-ab25-949079bedb21)<br/>BI_AZURE_P2 (70d33638-9c74-4d01-bfd3-562de28bd4ba)<br/>POWERAPPS_O365_P3 (9c0dab89-a30c-4117-86e7-97bda240acd2)<br/>PREMIUM_ENCRYPTION (617b097b-4b93-4ede-83de-5f075bb5fb2f)<br/>SCHOOL_DATA_SYNC_P2 (500b6a2a-7a50-4f40-b5f9-160e5b8c2f48)<br/>SHAREPOINTENTERPRISE_EDU (63038b2c-28d0-45f6-bc36-33062963b498)<br/>MCOSTANDARD (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>BPOS_S_TODO_3 (3fb82609-8c27-4f7b-bd51-30634711ee67)<br/>WHITEBOARD_PLAN3 (4a51bca5-1eff-43f5-878c-177680f191af)<br/>Virtualization Rights for Windows 10 (E3/E5+VDA) (e7c91390-7625-45be-94e0-e16907e03118)<br/>YAMMER_EDU (2078e8df-cff6-4290-98cb-5408261a760a) | Azure Active Directory Basic for EDU (1d0f309f-fdf9-4b2a-9ae7-9c48b91f1426)<br/>Azure Active Directory Premium P1 (41781fb2-bc02-4b7c-bd55-b576c07bb09d)<br/>Azure Active Directory Premium P2 (eec0eb4f-6444-4f95-aba0-50c24d67f998)<br/>Azure Advanced Threat Protection (14ab5db5-e6c4-4b20-b4bc-13e36fd2227f)<br/>Azure Information Protection Premium P1 (6c57d4b6-3b23-47a5-9bc9-69f17b4947b3)<br/>Azure Information Protection Premium P2 (5689bec4-755d-4753-8b61-40975025187c)<br/>Azure Rights Management (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>Customer Lockbox (9f431833-0334-42de-a7dc-70aa40db46db)<br/>Education Analytics (a9b86446-fa4e-498f-a92a-41b447e03337)<br/>Exchange Online (Plan 2) (efb87545-963c-4e0d-99df-69c6916d9eb0)<br/>Flow for Office 365 (07699545-9485-468e-95b6-2fca3738be01)<br/>Information Barriers (c4801e8a-cb58-4c35-aca6-f2dcc106f287)<br/>Information Protection for Office 365 - Premium (efb0351d-3b08-4503-993d-383af8de41e3)<br/>Information Protection for Office 365 - Standard (5136a095-5cf0-4aff-bec3-e84448b38ea5)<br/>Intune for Education (da24caf9-af8e-485c-b7c8-e73336da2693)<br/>Microsoft 365 Advanced Auditing (2f442157-a11c-46b9-ae5b-6e39ff4e5849)<br/>Microsoft 365 Audio Conferencing (3e26ee1f-8a5f-4d52-aee2-b81ce45c8f40)<br/>Microsoft 365 Phone System (4828c8ec-dc2e-4779-b502-87ac9ce28ab7)<br/>Microsoft Azure Multi-Factor Authentication (8a256a2b-b617-496d-b51b-e76466e88db0)<br/>Microsoft Bookings (199a5c09-e0ca-4e37-8f7c-b05d533e1ea2)<br/>Microsoft Cloud App Security (2e2ddb96-6af9-4b1d-a3f0-d6ecfd22edb2)<br/>Microsoft Defender Advanced Threat Protection (871d91ec-ec1a-452b-a83f-bd76c7d770ef)<br/>Microsoft Forms (Plan 3) (96c1e14a-ef43-418d-b115-9636cdaa8eed)<br/>Microsoft Intune (c1ec4a95-1f05-45b3-a911-aa3fa01094f5)<br/>Microsoft Kaizala (0898bdbb-73b0-471a-81e5-20f1fe4dd66e)<br/>Microsoft MyAnalytics (Full) (34c0d7a0-a70f-4668-9238-47f9fc208882)<br/>Microsoft Planner (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>Microsoft Search (94065c59-bc8e-4e8b-89e5-5138d471eaff)<br/>Microsoft StaffHub (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>Microsoft Stream for O365 E5 SKU (6c6042f5-6f01-4d67-b8c1-eb99d36eed3e)<br/>Microsoft Teams (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>Minecraft Education Edition (4c246bbc-f513-4311-beff-eba54c353256)<br/>Mobile Device Management for Office 365 (882e1d05-acd1-4ccb-8708-6ee03664b117)<br/>Office 365 Advanced eDiscovery (4de31727-a228-4ec3-a5bf-8e45b5ca48cc)<br/>Office 365 Advanced Security Management (8c098270-9dd4-4350-9b30-ba4703f3b36b)<br/>Office 365 Advanced Threat Protection (Plan 1) (f20fedf3-f3c3-43c3-8267-2bfdd51c0939)<br/>Office 365 Advanced Threat Protection (Plan 2) (8e0c0a52-6a6c-4d40-8370-dd62790dcd70)<br/>Office 365 Privileged Access Management (b1188c4c-1b36-4018-b48b-ee07604f6feb)<br/>Office 365 ProPlus (43de0ff5-c92c-492b-9116-175376d08c38)<br/>Office 365 SafeDocs (bf6f5520-59e3-4f82-974b-7dbbc4fd27c7)<br/>Office for the web (Education) (e03c7e47-402c-463c-ab25-949079bedb21)<br/>Power BI Pro (70d33638-9c74-4d01-bfd3-562de28bd4ba)<br/>PowerApps for Office 365 Plan 3 (9c0dab89-a30c-4117-86e7-97bda240acd2)<br/>Premium Encryption in Office 365 (617b097b-4b93-4ede-83de-5f075bb5fb2f)<br/>School Data Sync (Plan 2) (500b6a2a-7a50-4f40-b5f9-160e5b8c2f48)<br/>SharePoint Plan 2 for EDU (63038b2c-28d0-45f6-bc36-33062963b498)<br/>Skype for Business Online (Plan 2) (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>Sway (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>To-Do (Plan 3) (3fb82609-8c27-4f7b-bd51-30634711ee67)<br/>Whiteboard (Plan 3) (4a51bca5-1eff-43f5-878c-177680f191af)<br/>Windows 10 Enterprise (New) (e7c91390-7625-45be-94e0-e16907e03118)<br/>Yammer for Academic (2078e8df-cff6-4290-98cb-5408261a760a) |
-| Microsoft 365 A5 for students | M365EDU_A5_STUDENT | 46c119d4-0379-4a9d-85e4-97c66d3f909e | AAD_BASIC_EDU (1d0f309f-fdf9-4b2a-9ae7-9c48b91f1426)<br/>AAD_PREMIUM (41781fb2-bc02-4b7c-bd55-b576c07bb09d)<br/>AAD_PREMIUM_P2 (eec0eb4f-6444-4f95-aba0-50c24d67f998)<br/>ATA (14ab5db5-e6c4-4b20-b4bc-13e36fd2227f)<br/>RMS_S_PREMIUM (6c57d4b6-3b23-47a5-9bc9-69f17b4947b3)<br/>RMS_S_PREMIUM2 (5689bec4-755d-4753-8b61-40975025187c)<br/>RMS_S_ENTERPRISE (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>LOCKBOX_ENTERPRISE (9f431833-0334-42de-a7dc-70aa40db46db)<br/>EducationAnalyticsP1 (a9b86446-fa4e-498f-a92a-41b447e03337)<br/>EXCHANGE_S_ENTERPRISE (efb87545-963c-4e0d-99df-69c6916d9eb0)<br/>FLOW_O365_P3 (07699545-9485-468e-95b6-2fca3738be01)<br/>INFORMATION_BARRIERS (c4801e8a-cb58-4c35-aca6-f2dcc106f287)<br/>MIP_S_CLP2 (efb0351d-3b08-4503-993d-383af8de41e3)<br/>MIP_S_CLP1 (5136a095-5cf0-4aff-bec3-e84448b38ea5)<br/>INTUNE_EDU (da24caf9-af8e-485c-b7c8-e73336da2693)<br/>M365_ADVANCED_AUDITING (2f442157-a11c-46b9-ae5b-6e39ff4e5849)<br/>MCOMEETADV (3e26ee1f-8a5f-4d52-aee2-b81ce45c8f40)<br/>MCOEV (4828c8ec-dc2e-4779-b502-87ac9ce28ab7)<br/>MFA_PREMIUM (8a256a2b-b617-496d-b51b-e76466e88db0)<br/>MICROSOFTBOOKINGS (199a5c09-e0ca-4e37-8f7c-b05d533e1ea2)<br/>ADALLOM_S_STANDALONE (2e2ddb96-6af9-4b1d-a3f0-d6ecfd22edb2)<br/>WINDEFATP (871d91ec-ec1a-452b-a83f-bd76c7d770ef)<br/>OFFICE_FORMS_PLAN_3 (96c1e14a-ef43-418d-b115-9636cdaa8eed)<br/>INTUNE_A (c1ec4a95-1f05-45b3-a911-aa3fa01094f5)<br/>KAIZALA_STANDALONE (0898bdbb-73b0-471a-81e5-20f1fe4dd66e)<br/>EXCHANGE_ANALYTICS (34c0d7a0-a70f-4668-9238-47f9fc208882)<br/>PROJECTWORKMANAGEMENT (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>MICROSOFT_SEARCH (94065c59-bc8e-4e8b-89e5-5138d471eaff)<br/>Deskless (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>STREAM_O365_E5 (6c6042f5-6f01-4d67-b8c1-eb99d36eed3e)<br/>TEAMS1 (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>MINECRAFT_EDUCATION_EDITION (4c246bbc-f513-4311-beff-eba54c353256)<br/>INTUNE_O365 (882e1d05-acd1-4ccb-8708-6ee03664b117)<br/>EQUIVIO_ANALYTICS (4de31727-a228-4ec3-a5bf-8e45b5ca48cc)<br/>ADALLOM_S_O365 (8c098270-9dd4-4350-9b30-ba4703f3b36b)<br/>ATP_ENTERPRISE (f20fedf3-f3c3-43c3-8267-2bfdd51c0939)<br/>THREAT_INTELLIGENCE (8e0c0a52-6a6c-4d40-8370-dd62790dcd70)<br/>PAM_ENTERPRISE (b1188c4c-1b36-4018-b48b-ee07604f6feb)<br/>OFFICESUBSCRIPTION (43de0ff5-c92c-492b-9116-175376d08c38)<br/>SAFEDOCS (bf6f5520-59e3-4f82-974b-7dbbc4fd27c7)<br/>SHAREPOINTWAC_EDU (e03c7e47-402c-463c-ab25-949079bedb21)<br/>BI_AZURE_P2 (70d33638-9c74-4d01-bfd3-562de28bd4ba)<br/>POWERAPPS_O365_P3 (9c0dab89-a30c-4117-86e7-97bda240acd2)<br/>PREMIUM_ENCRYPTION (617b097b-4b93-4ede-83de-5f075bb5fb2f)<br/>SCHOOL_DATA_SYNC_P2 (500b6a2a-7a50-4f40-b5f9-160e5b8c2f48)<br/>SHAREPOINTENTERPRISE_EDU (63038b2c-28d0-45f6-bc36-33062963b498)<br/>MCOSTANDARD (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>BPOS_S_TODO_3 (3fb82609-8c27-4f7b-bd51-30634711ee67)<br/>WHITEBOARD_PLAN3 (4a51bca5-1eff-43f5-878c-177680f191af)<br/>Virtualization Rights for Windows 10 (E3/E5+VDA) (e7c91390-7625-45be-94e0-e16907e03118)<br/>YAMMER_EDU (2078e8df-cff6-4290-98cb-5408261a760a) | Azure Active Directory Basic for EDU (1d0f309f-fdf9-4b2a-9ae7-9c48b91f1426)<br/>Azure Active Directory Premium P1 (41781fb2-bc02-4b7c-bd55-b576c07bb09d)<br/>Azure Active Directory Premium P2 (eec0eb4f-6444-4f95-aba0-50c24d67f998)<br/>Azure Advanced Threat Protection (14ab5db5-e6c4-4b20-b4bc-13e36fd2227f)<br/>Azure Information Protection Premium P1 (6c57d4b6-3b23-47a5-9bc9-69f17b4947b3)<br/>Azure Information Protection Premium P2 (5689bec4-755d-4753-8b61-40975025187c)<br/>Azure Rights Management (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>Customer Lockbox (9f431833-0334-42de-a7dc-70aa40db46db)<br/>Education Analytics (a9b86446-fa4e-498f-a92a-41b447e03337)<br/>Exchange Online (Plan 2) (efb87545-963c-4e0d-99df-69c6916d9eb0)<br/>Flow for Office 365 (07699545-9485-468e-95b6-2fca3738be01)<br/>Information Barriers (c4801e8a-cb58-4c35-aca6-f2dcc106f287)<br/>Information Protection for Office 365 - Premium (efb0351d-3b08-4503-993d-383af8de41e3)<br/>Information Protection for Office 365 - Standard (5136a095-5cf0-4aff-bec3-e84448b38ea5)<br/>Intune for Education (da24caf9-af8e-485c-b7c8-e73336da2693)<br/>Microsoft 365 Advanced Auditing (2f442157-a11c-46b9-ae5b-6e39ff4e5849)<br/>Microsoft 365 Audio Conferencing (3e26ee1f-8a5f-4d52-aee2-b81ce45c8f40)<br/>Microsoft 365 Phone System (4828c8ec-dc2e-4779-b502-87ac9ce28ab7)<br/>Microsoft Azure Multi-Factor Authentication (8a256a2b-b617-496d-b51b-e76466e88db0)<br/>Microsoft Bookings (199a5c09-e0ca-4e37-8f7c-b05d533e1ea2)<br/>Microsoft Cloud App Security (2e2ddb96-6af9-4b1d-a3f0-d6ecfd22edb2)<br/>Microsoft Defender Advanced Threat Protection (871d91ec-ec1a-452b-a83f-bd76c7d770ef)<br/>Microsoft Forms (Plan 3) (96c1e14a-ef43-418d-b115-9636cdaa8eed)<br/>Microsoft Intune (c1ec4a95-1f05-45b3-a911-aa3fa01094f5)<br/>Microsoft Kaizala (0898bdbb-73b0-471a-81e5-20f1fe4dd66e)<br/>Microsoft MyAnalytics (Full) (34c0d7a0-a70f-4668-9238-47f9fc208882)<br/>Microsoft Planner (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>Microsoft Search (94065c59-bc8e-4e8b-89e5-5138d471eaff)<br/>Microsoft StaffHub (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>Microsoft Stream for O365 E5 SKU (6c6042f5-6f01-4d67-b8c1-eb99d36eed3e)<br/>Microsoft Teams (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>Minecraft Education Edition (4c246bbc-f513-4311-beff-eba54c353256)<br/>Mobile Device Management for Office 365 (882e1d05-acd1-4ccb-8708-6ee03664b117)<br/>Office 365 Advanced eDiscovery (4de31727-a228-4ec3-a5bf-8e45b5ca48cc)<br/>Office 365 Advanced Security Management (8c098270-9dd4-4350-9b30-ba4703f3b36b)<br/>Office 365 Advanced Threat Protection (Plan 1)(f20fedf3-f3c3-43c3-8267-2bfdd51c0939)<br/>Office 365 Advanced Threat Protection (Plan 2) (8e0c0a52-6a6c-4d40-8370-dd62790dcd70)<br/>Office 365 Privileged Access Management (b1188c4c-1b36-4018-b48b-ee07604f6feb)<br/>Office 365 ProPlus (43de0ff5-c92c-492b-9116-175376d08c38)<br/>Office 365 SafeDocs (bf6f5520-59e3-4f82-974b-7dbbc4fd27c7)<br/>Office for the web (Education) (e03c7e47-402c-463c-ab25-949079bedb21)<br/>Power BI Pro (70d33638-9c74-4d01-bfd3-562de28bd4ba)<br/>PowerApps for Office 365 Plan 3 (9c0dab89-a30c-4117-86e7-97bda240acd2)<br/>Premium Encryption in Office 365 (617b097b-4b93-4ede-83de-5f075bb5fb2f)<br/>School Data Sync (Plan 2) (500b6a2a-7a50-4f40-b5f9-160e5b8c2f48)<br/>SharePoint Plan 2 for EDU (63038b2c-28d0-45f6-bc36-33062963b498)<br/>Skype for Business Online (Plan 2) (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>Sway (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>To-Do (Plan 3) (3fb82609-8c27-4f7b-bd51-30634711ee67)<br/>Whiteboard (Plan 3) (4a51bca5-1eff-43f5-878c-177680f191af)<br/>Windows 10 Enterprise (New) (e7c91390-7625-45be-94e0-e16907e03118)<br/>Yammer for Academic (2078e8df-cff6-4290-98cb-5408261a760a) |
+| MICROSOFT 365 A3 FOR FACULTY | M365EDU_A3_FACULTY | 4b590615-0888-425a-a965-b3bf7789848d | AAD_BASIC_EDU (1d0f309f-fdf9-4b2a-9ae7-9c48b91f1426)<br/>AAD_PREMIUM (41781fb2-bc02-4b7c-bd55-b576c07bb09d)<br/>RMS_S_PREMIUM (6c57d4b6-3b23-47a5-9bc9-69f17b4947b3)<br/>RMS_S_ENTERPRISE (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>ADALLOM_S_DISCOVERY (932ad362-64a8-4783-9106-97849a1a30b9)<br/>EducationAnalyticsP1 (a9b86446-fa4e-498f-a92a-41b447e03337)<br/>EXCHANGE_S_ENTERPRISE (efb87545-963c-4e0d-99df-69c6916d9eb0)<br/>FLOW_O365_P2 (76846ad7-7776-4c40-a281-a386362dd1b9)<br/>MIP_S_CLP1 (5136a095-5cf0-4aff-bec3-e84448b38ea5)<br/>MYANALYTICS_P2 (33c4f319-9bdd-48d6-9c4d-410b750a4a5a)<br/>INTUNE_EDU (da24caf9-af8e-485c-b7c8-e73336da2693)<br/>MFA_PREMIUM (8a256a2b-b617-496d-b51b-e76466e88db0)<br/>MICROSOFTBOOKINGS (199a5c09-e0ca-4e37-8f7c-b05d533e1ea2)<br/>OFFICE_FORMS_PLAN_2 (9b5de886-f035-4ff2-b3d8-c9127bea3620)<br/>INTUNE_A (c1ec4a95-1f05-45b3-a911-aa3fa01094f5)<br/>KAIZALA_O365_P3 (aebd3021-9f8f-4bf8-bbe3-0ed2f4f047a1)<br/>PROJECTWORKMANAGEMENT (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>MICROSOFT_SEARCH (94065c59-bc8e-4e8b-89e5-5138d471eaff)<br/>Deskless (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>STREAM_O365_E3 (9e700747-8b1d-45e5-ab8d-ef187ceec156)<br/>TEAMS1 (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>MINECRAFT_EDUCATION_EDITION (4c246bbc-f513-4311-beff-eba54c353256)<br/>INTUNE_O365 (882e1d05-acd1-4ccb-8708-6ee03664b117)<br/>ADALLOM_S_O365 (8c098270-9dd4-4350-9b30-ba4703f3b36b)<br/>OFFICESUBSCRIPTION (43de0ff5-c92c-492b-9116-175376d08c38)<br/>SHAREPOINTWAC_EDU (e03c7e47-402c-463c-ab25-949079bedb21)<br/>POWERAPPS_O365_P2 (c68f8d98-5534-41c8-bf36-22fa496fa792)<br/>SCHOOL_DATA_SYNC_P2 (500b6a2a-7a50-4f40-b5f9-160e5b8c2f48)<br/>SHAREPOINTENTERPRISE_EDU (63038b2c-28d0-45f6-bc36-33062963b498)<br/>MCOSTANDARD (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>BPOS_S_TODO_2 (c87f142c-d1e9-4363-8630-aaea9c4d9ae5)<br/>WHITEBOARD_PLAN2 (94a54592-cd8b-425e-87c6-97868b000b91)<br/>Virtualization Rights for Windows 10 (E3/E5+VDA) (e7c91390-7625-45be-94e0-e16907e03118)<br/>YAMMER_EDU (2078e8df-cff6-4290-98cb-5408261a760a) | Azure Active Directory Basic for EDU (1d0f309f-fdf9-4b2a-9ae7-9c48b91f1426)<br/>Azure Active Directory Premium P1 (41781fb2-bc02-4b7c-bd55-b576c07bb09d)<br/>Azure Information Protection Premium P1 (6c57d4b6-3b23-47a5-9bc9-69f17b4947b3)<br/>Azure Rights Management (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>Cloud App Security Discovery (932ad362-64a8-4783-9106-97849a1a30b9)<br/>Education Analytics (a9b86446-fa4e-498f-a92a-41b447e03337)<br/>Exchange Online (Plan 2) (efb87545-963c-4e0d-99df-69c6916d9eb0)<br/>Flow for Office 365 (76846ad7-7776-4c40-a281-a386362dd1b9)<br/>Information Protection for Office 365 - Standard (5136a095-5cf0-4aff-bec3-e84448b38ea5)<br/>Insights by MyAnalytics (33c4f319-9bdd-48d6-9c4d-410b750a4a5a)<br/>Intune for Education (da24caf9-af8e-485c-b7c8-e73336da2693)<br/>Microsoft Azure Multi-Factor Authentication (8a256a2b-b617-496d-b51b-e76466e88db0)<br/>Microsoft Bookings (199a5c09-e0ca-4e37-8f7c-b05d533e1ea2)<br/>Microsoft Forms (Plan 2) (9b5de886-f035-4ff2-b3d8-c9127bea3620)<br/>Microsoft Intune (c1ec4a95-1f05-45b3-a911-aa3fa01094f5)<br/>Microsoft Kaizala Pro Plan 3 (aebd3021-9f8f-4bf8-bbe3-0ed2f4f047a1)<br/>Microsoft Planner (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>Microsoft Search (94065c59-bc8e-4e8b-89e5-5138d471eaff)<br/>Microsoft StaffHub (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>Microsoft Stream for O365 E3 SKU (9e700747-8b1d-45e5-ab8d-ef187ceec156)<br/>Microsoft Teams (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>Minecraft Education Edition (4c246bbc-f513-4311-beff-eba54c353256)<br/>Mobile Device Management for Office 365 (882e1d05-acd1-4ccb-8708-6ee03664b117)<br/>Office 365 Advanced Security Management (8c098270-9dd4-4350-9b30-ba4703f3b36b)<br/>Office 365 ProPlus (43de0ff5-c92c-492b-9116-175376d08c38)<br/>Office for the web (Education) (e03c7e47-402c-463c-ab25-949079bedb21)<br/>PowerApps for Office 365 (c68f8d98-5534-41c8-bf36-22fa496fa792)<br/>School Data Sync (Plan 2) (500b6a2a-7a50-4f40-b5f9-160e5b8c2f48)<br/>SharePoint Plan 2 for EDU (63038b2c-28d0-45f6-bc36-33062963b498)<br/>Skype for Business Online (Plan 2) (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>Sway (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>To-Do (Plan 2) (c87f142c-d1e9-4363-8630-aaea9c4d9ae5)<br/>Whiteboard (Plan 2) (94a54592-cd8b-425e-87c6-97868b000b91)<br/>Windows 10 Enterprise (New) (e7c91390-7625-45be-94e0-e16907e03118)<br/>Yammer for Academic (2078e8df-cff6-4290-98cb-5408261a760a) |
+| MICROSOFT 365 A3 FOR STUDENTS | M365EDU_A3_STUDENT | 7cfd9a2b-e110-4c39-bf20-c6a3f36a3121 | AAD_BASIC_EDU (1d0f309f-fdf9-4b2a-9ae7-9c48b91f1426)<br/>AAD_PREMIUM (41781fb2-bc02-4b7c-bd55-b576c07bb09d)<br/>RMS_S_PREMIUM (6c57d4b6-3b23-47a5-9bc9-69f17b4947b3)<br/>RMS_S_ENTERPRISE (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>ADALLOM_S_DISCOVERY (932ad362-64a8-4783-9106-97849a1a30b9)<br/>EducationAnalyticsP1 (a9b86446-fa4e-498f-a92a-41b447e03337)<br/>EXCHANGE_S_ENTERPRISE (efb87545-963c-4e0d-99df-69c6916d9eb0)<br/>FLOW_O365_P2 (76846ad7-7776-4c40-a281-a386362dd1b9)<br/>MIP_S_CLP1 (5136a095-5cf0-4aff-bec3-e84448b38ea5)<br/>MYANALYTICS_P2 (33c4f319-9bdd-48d6-9c4d-410b750a4a5a)<br/>INTUNE_EDU (da24caf9-af8e-485c-b7c8-e73336da2693)<br/>MFA_PREMIUM (8a256a2b-b617-496d-b51b-e76466e88db0)<br/>MICROSOFTBOOKINGS (199a5c09-e0ca-4e37-8f7c-b05d533e1ea2)<br/>OFFICE_FORMS_PLAN_2 (9b5de886-f035-4ff2-b3d8-c9127bea3620)<br/>INTUNE_A (c1ec4a95-1f05-45b3-a911-aa3fa01094f5)<br/>KAIZALA_O365_P3 (aebd3021-9f8f-4bf8-bbe3-0ed2f4f047a1)<br/>PROJECTWORKMANAGEMENT (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>MICROSOFT_SEARCH (94065c59-bc8e-4e8b-89e5-5138d471eaff)<br/>Deskless (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>STREAM_O365_E3 (9e700747-8b1d-45e5-ab8d-ef187ceec156)<br/>TEAMS1 (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>MINECRAFT_EDUCATION_EDITION (4c246bbc-f513-4311-beff-eba54c353256)<br/>INTUNE_O365 (882e1d05-acd1-4ccb-8708-6ee03664b117)<br/>ADALLOM_S_O365 (8c098270-9dd4-4350-9b30-ba4703f3b36b)<br/>OFFICESUBSCRIPTION (43de0ff5-c92c-492b-9116-175376d08c38)<br/>SHAREPOINTWAC_EDU (e03c7e47-402c-463c-ab25-949079bedb21)<br/>POWERAPPS_O365_P2 (c68f8d98-5534-41c8-bf36-22fa496fa792)<br/>SCHOOL_DATA_SYNC_P2 (500b6a2a-7a50-4f40-b5f9-160e5b8c2f48)<br/>SHAREPOINTENTERPRISE_EDU (63038b2c-28d0-45f6-bc36-33062963b498)<br/>MCOSTANDARD (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>BPOS_S_TODO_2 (c87f142c-d1e9-4363-8630-aaea9c4d9ae5)<br/>WHITEBOARD_PLAN2 (94a54592-cd8b-425e-87c6-97868b000b91)<br/>Virtualization Rights for Windows 10 (E3/E5+VDA) (e7c91390-7625-45be-94e0-e16907e03118)<br/>YAMMER_EDU (2078e8df-cff6-4290-98cb-5408261a760a) | Azure Active Directory Basic for EDU (1d0f309f-fdf9-4b2a-9ae7-9c48b91f1426)<br/>Azure Active Directory Premium P1 (41781fb2-bc02-4b7c-bd55-b576c07bb09d)<br/>Azure Information Protection Premium P1 (6c57d4b6-3b23-47a5-9bc9-69f17b4947b3)<br/>Azure Rights Management (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>Cloud App Security Discovery (932ad362-64a8-4783-9106-97849a1a30b9)<br/>Education Analytics (a9b86446-fa4e-498f-a92a-41b447e03337)<br/>Exchange Online (Plan 2) (efb87545-963c-4e0d-99df-69c6916d9eb0)<br/>Flow for Office 365 (76846ad7-7776-4c40-a281-a386362dd1b9)<br/>Information Protection for Office 365 - Standard (5136a095-5cf0-4aff-bec3-e84448b38ea5)<br/>Insights by MyAnalytics (33c4f319-9bdd-48d6-9c4d-410b750a4a5a)<br/>Intune for Education (da24caf9-af8e-485c-b7c8-e73336da2693)<br/>Microsoft Azure Multi-Factor Authentication (8a256a2b-b617-496d-b51b-e76466e88db0)<br/>Microsoft Bookings (199a5c09-e0ca-4e37-8f7c-b05d533e1ea2)<br/>Microsoft Forms (Plan 2) (9b5de886-f035-4ff2-b3d8-c9127bea3620)<br/>Microsoft Intune (c1ec4a95-1f05-45b3-a911-aa3fa01094f5)<br/>Microsoft Kaizala Pro Plan 3 (aebd3021-9f8f-4bf8-bbe3-0ed2f4f047a1)<br/>Microsoft Planner (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>Microsoft Search (94065c59-bc8e-4e8b-89e5-5138d471eaff)<br/>Microsoft StaffHub (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>Microsoft Stream for O365 E3 SKU (9e700747-8b1d-45e5-ab8d-ef187ceec156)<br/>Microsoft Teams (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>Minecraft Education Edition (4c246bbc-f513-4311-beff-eba54c353256)<br/>Mobile Device Management for Office 365 (882e1d05-acd1-4ccb-8708-6ee03664b117)<br/>Office 365 Advanced Security Management (8c098270-9dd4-4350-9b30-ba4703f3b36b)<br/>Office 365 ProPlus (43de0ff5-c92c-492b-9116-175376d08c38)<br/>Office for the web (Education) (e03c7e47-402c-463c-ab25-949079bedb21)<br/>PowerApps for Office 365 (c68f8d98-5534-41c8-bf36-22fa496fa792)<br/>School Data Sync (Plan 2) (500b6a2a-7a50-4f40-b5f9-160e5b8c2f48)<br/>SharePoint Plan 2 for EDU (63038b2c-28d0-45f6-bc36-33062963b498)<br/>Skype for Business Online (Plan 2) (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>Sway (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>To-Do (Plan 2) (c87f142c-d1e9-4363-8630-aaea9c4d9ae5)<br/>Whiteboard (Plan 2) (94a54592-cd8b-425e-87c6-97868b000b91)<br/>Windows 10 Enterprise (New) (e7c91390-7625-45be-94e0-e16907e03118)<br/>Yammer for Academic (2078e8df-cff6-4290-98cb-5408261a760a) |
+| MICROSOFT 365 A5 FOR FACULTY | M365EDU_A5_FACULTY | e97c048c-37a4-45fb-ab50-922fbf07a370 | AAD_BASIC_EDU (1d0f309f-fdf9-4b2a-9ae7-9c48b91f1426)<br/>AAD_PREMIUM (41781fb2-bc02-4b7c-bd55-b576c07bb09d)<br/>AAD_PREMIUM_P2 (eec0eb4f-6444-4f95-aba0-50c24d67f998)<br/>ATA (14ab5db5-e6c4-4b20-b4bc-13e36fd2227f)<br/>RMS_S_PREMIUM (6c57d4b6-3b23-47a5-9bc9-69f17b4947b3)<br/>RMS_S_PREMIUM2 (5689bec4-755d-4753-8b61-40975025187c)<br/>RMS_S_ENTERPRISE (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>LOCKBOX_ENTERPRISE (9f431833-0334-42de-a7dc-70aa40db46db)<br/>EducationAnalyticsP1 (a9b86446-fa4e-498f-a92a-41b447e03337)<br/>EXCHANGE_S_ENTERPRISE (efb87545-963c-4e0d-99df-69c6916d9eb0)<br/>FLOW_O365_P3 (07699545-9485-468e-95b6-2fca3738be01)<br/>INFORMATION_BARRIERS (c4801e8a-cb58-4c35-aca6-f2dcc106f287)<br/>MIP_S_CLP2 (efb0351d-3b08-4503-993d-383af8de41e3)<br/>MIP_S_CLP1 (5136a095-5cf0-4aff-bec3-e84448b38ea5)<br/>INTUNE_EDU (da24caf9-af8e-485c-b7c8-e73336da2693)<br/>M365_ADVANCED_AUDITING (2f442157-a11c-46b9-ae5b-6e39ff4e5849)<br/>MCOMEETADV (3e26ee1f-8a5f-4d52-aee2-b81ce45c8f40)<br/>MCOEV (4828c8ec-dc2e-4779-b502-87ac9ce28ab7)<br/>MFA_PREMIUM (8a256a2b-b617-496d-b51b-e76466e88db0)<br/>MICROSOFTBOOKINGS (199a5c09-e0ca-4e37-8f7c-b05d533e1ea2)<br/>ADALLOM_S_STANDALONE (2e2ddb96-6af9-4b1d-a3f0-d6ecfd22edb2)<br/>WINDEFATP (871d91ec-ec1a-452b-a83f-bd76c7d770ef)<br/>OFFICE_FORMS_PLAN_3 (96c1e14a-ef43-418d-b115-9636cdaa8eed)<br/>INTUNE_A (c1ec4a95-1f05-45b3-a911-aa3fa01094f5)<br/>KAIZALA_STANDALONE (0898bdbb-73b0-471a-81e5-20f1fe4dd66e)<br/>EXCHANGE_ANALYTICS (34c0d7a0-a70f-4668-9238-47f9fc208882)<br/>PROJECTWORKMANAGEMENT (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>MICROSOFT_SEARCH (94065c59-bc8e-4e8b-89e5-5138d471eaff)<br/>Deskless (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>STREAM_O365_E5 (6c6042f5-6f01-4d67-b8c1-eb99d36eed3e)<br/>TEAMS1 (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>MINECRAFT_EDUCATION_EDITION (4c246bbc-f513-4311-beff-eba54c353256)<br/>INTUNE_O365 (882e1d05-acd1-4ccb-8708-6ee03664b117)<br/>EQUIVIO_ANALYTICS (4de31727-a228-4ec3-a5bf-8e45b5ca48cc)<br/>ADALLOM_S_O365 (8c098270-9dd4-4350-9b30-ba4703f3b36b)<br/>ATP_ENTERPRISE (f20fedf3-f3c3-43c3-8267-2bfdd51c0939)<br/>THREAT_INTELLIGENCE (8e0c0a52-6a6c-4d40-8370-dd62790dcd70)<br/>PAM_ENTERPRISE (b1188c4c-1b36-4018-b48b-ee07604f6feb)<br/>OFFICESUBSCRIPTION (43de0ff5-c92c-492b-9116-175376d08c38)<br/>SAFEDOCS (bf6f5520-59e3-4f82-974b-7dbbc4fd27c7)<br/>SHAREPOINTWAC_EDU (e03c7e47-402c-463c-ab25-949079bedb21)<br/>BI_AZURE_P2 (70d33638-9c74-4d01-bfd3-562de28bd4ba)<br/>POWERAPPS_O365_P3 (9c0dab89-a30c-4117-86e7-97bda240acd2)<br/>PREMIUM_ENCRYPTION (617b097b-4b93-4ede-83de-5f075bb5fb2f)<br/>SCHOOL_DATA_SYNC_P2 (500b6a2a-7a50-4f40-b5f9-160e5b8c2f48)<br/>SHAREPOINTENTERPRISE_EDU (63038b2c-28d0-45f6-bc36-33062963b498)<br/>MCOSTANDARD (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>BPOS_S_TODO_3 (3fb82609-8c27-4f7b-bd51-30634711ee67)<br/>WHITEBOARD_PLAN3 (4a51bca5-1eff-43f5-878c-177680f191af)<br/>Virtualization Rights for Windows 10 (E3/E5+VDA) (e7c91390-7625-45be-94e0-e16907e03118)<br/>YAMMER_EDU (2078e8df-cff6-4290-98cb-5408261a760a) | Azure Active Directory Basic for EDU (1d0f309f-fdf9-4b2a-9ae7-9c48b91f1426)<br/>Azure Active Directory Premium P1 (41781fb2-bc02-4b7c-bd55-b576c07bb09d)<br/>Azure Active Directory Premium P2 (eec0eb4f-6444-4f95-aba0-50c24d67f998)<br/>Azure Advanced Threat Protection (14ab5db5-e6c4-4b20-b4bc-13e36fd2227f)<br/>Azure Information Protection Premium P1 (6c57d4b6-3b23-47a5-9bc9-69f17b4947b3)<br/>Azure Information Protection Premium P2 (5689bec4-755d-4753-8b61-40975025187c)<br/>Azure Rights Management (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>Customer Lockbox (9f431833-0334-42de-a7dc-70aa40db46db)<br/>Education Analytics (a9b86446-fa4e-498f-a92a-41b447e03337)<br/>Exchange Online (Plan 2) (efb87545-963c-4e0d-99df-69c6916d9eb0)<br/>Flow for Office 365 (07699545-9485-468e-95b6-2fca3738be01)<br/>Information Barriers (c4801e8a-cb58-4c35-aca6-f2dcc106f287)<br/>Information Protection for Office 365 - Premium (efb0351d-3b08-4503-993d-383af8de41e3)<br/>Information Protection for Office 365 - Standard (5136a095-5cf0-4aff-bec3-e84448b38ea5)<br/>Intune for Education (da24caf9-af8e-485c-b7c8-e73336da2693)<br/>Microsoft 365 Advanced Auditing (2f442157-a11c-46b9-ae5b-6e39ff4e5849)<br/>Microsoft 365 Audio Conferencing (3e26ee1f-8a5f-4d52-aee2-b81ce45c8f40)<br/>Microsoft 365 Phone System (4828c8ec-dc2e-4779-b502-87ac9ce28ab7)<br/>Microsoft Azure Multi-Factor Authentication (8a256a2b-b617-496d-b51b-e76466e88db0)<br/>Microsoft Bookings (199a5c09-e0ca-4e37-8f7c-b05d533e1ea2)<br/>Microsoft Cloud App Security (2e2ddb96-6af9-4b1d-a3f0-d6ecfd22edb2)<br/>Microsoft Defender Advanced Threat Protection (871d91ec-ec1a-452b-a83f-bd76c7d770ef)<br/>Microsoft Forms (Plan 3) (96c1e14a-ef43-418d-b115-9636cdaa8eed)<br/>Microsoft Intune (c1ec4a95-1f05-45b3-a911-aa3fa01094f5)<br/>Microsoft Kaizala (0898bdbb-73b0-471a-81e5-20f1fe4dd66e)<br/>Microsoft MyAnalytics (Full) (34c0d7a0-a70f-4668-9238-47f9fc208882)<br/>Microsoft Planner (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>Microsoft Search (94065c59-bc8e-4e8b-89e5-5138d471eaff)<br/>Microsoft StaffHub (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>Microsoft Stream for O365 E5 SKU (6c6042f5-6f01-4d67-b8c1-eb99d36eed3e)<br/>Microsoft Teams (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>Minecraft Education Edition (4c246bbc-f513-4311-beff-eba54c353256)<br/>Mobile Device Management for Office 365 (882e1d05-acd1-4ccb-8708-6ee03664b117)<br/>Office 365 Advanced eDiscovery (4de31727-a228-4ec3-a5bf-8e45b5ca48cc)<br/>Office 365 Advanced Security Management (8c098270-9dd4-4350-9b30-ba4703f3b36b)<br/>Office 365 Advanced Threat Protection (Plan 1) (f20fedf3-f3c3-43c3-8267-2bfdd51c0939)<br/>Office 365 Advanced Threat Protection (Plan 2) (8e0c0a52-6a6c-4d40-8370-dd62790dcd70)<br/>Office 365 Privileged Access Management (b1188c4c-1b36-4018-b48b-ee07604f6feb)<br/>Office 365 ProPlus (43de0ff5-c92c-492b-9116-175376d08c38)<br/>Office 365 SafeDocs (bf6f5520-59e3-4f82-974b-7dbbc4fd27c7)<br/>Office for the web (Education) (e03c7e47-402c-463c-ab25-949079bedb21)<br/>Power BI Pro (70d33638-9c74-4d01-bfd3-562de28bd4ba)<br/>PowerApps for Office 365 Plan 3 (9c0dab89-a30c-4117-86e7-97bda240acd2)<br/>Premium Encryption in Office 365 (617b097b-4b93-4ede-83de-5f075bb5fb2f)<br/>School Data Sync (Plan 2) (500b6a2a-7a50-4f40-b5f9-160e5b8c2f48)<br/>SharePoint Plan 2 for EDU (63038b2c-28d0-45f6-bc36-33062963b498)<br/>Skype for Business Online (Plan 2) (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>Sway (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>To-Do (Plan 3) (3fb82609-8c27-4f7b-bd51-30634711ee67)<br/>Whiteboard (Plan 3) (4a51bca5-1eff-43f5-878c-177680f191af)<br/>Windows 10 Enterprise (New) (e7c91390-7625-45be-94e0-e16907e03118)<br/>Yammer for Academic (2078e8df-cff6-4290-98cb-5408261a760a) |
+| MICROSOFT 365 A5 FOR STUDENTS | M365EDU_A5_STUDENT | 46c119d4-0379-4a9d-85e4-97c66d3f909e | AAD_BASIC_EDU (1d0f309f-fdf9-4b2a-9ae7-9c48b91f1426)<br/>AAD_PREMIUM (41781fb2-bc02-4b7c-bd55-b576c07bb09d)<br/>AAD_PREMIUM_P2 (eec0eb4f-6444-4f95-aba0-50c24d67f998)<br/>ATA (14ab5db5-e6c4-4b20-b4bc-13e36fd2227f)<br/>RMS_S_PREMIUM (6c57d4b6-3b23-47a5-9bc9-69f17b4947b3)<br/>RMS_S_PREMIUM2 (5689bec4-755d-4753-8b61-40975025187c)<br/>RMS_S_ENTERPRISE (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>LOCKBOX_ENTERPRISE (9f431833-0334-42de-a7dc-70aa40db46db)<br/>EducationAnalyticsP1 (a9b86446-fa4e-498f-a92a-41b447e03337)<br/>EXCHANGE_S_ENTERPRISE (efb87545-963c-4e0d-99df-69c6916d9eb0)<br/>FLOW_O365_P3 (07699545-9485-468e-95b6-2fca3738be01)<br/>INFORMATION_BARRIERS (c4801e8a-cb58-4c35-aca6-f2dcc106f287)<br/>MIP_S_CLP2 (efb0351d-3b08-4503-993d-383af8de41e3)<br/>MIP_S_CLP1 (5136a095-5cf0-4aff-bec3-e84448b38ea5)<br/>INTUNE_EDU (da24caf9-af8e-485c-b7c8-e73336da2693)<br/>M365_ADVANCED_AUDITING (2f442157-a11c-46b9-ae5b-6e39ff4e5849)<br/>MCOMEETADV (3e26ee1f-8a5f-4d52-aee2-b81ce45c8f40)<br/>MCOEV (4828c8ec-dc2e-4779-b502-87ac9ce28ab7)<br/>MFA_PREMIUM (8a256a2b-b617-496d-b51b-e76466e88db0)<br/>MICROSOFTBOOKINGS (199a5c09-e0ca-4e37-8f7c-b05d533e1ea2)<br/>ADALLOM_S_STANDALONE (2e2ddb96-6af9-4b1d-a3f0-d6ecfd22edb2)<br/>WINDEFATP (871d91ec-ec1a-452b-a83f-bd76c7d770ef)<br/>OFFICE_FORMS_PLAN_3 (96c1e14a-ef43-418d-b115-9636cdaa8eed)<br/>INTUNE_A (c1ec4a95-1f05-45b3-a911-aa3fa01094f5)<br/>KAIZALA_STANDALONE (0898bdbb-73b0-471a-81e5-20f1fe4dd66e)<br/>EXCHANGE_ANALYTICS (34c0d7a0-a70f-4668-9238-47f9fc208882)<br/>PROJECTWORKMANAGEMENT (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>MICROSOFT_SEARCH (94065c59-bc8e-4e8b-89e5-5138d471eaff)<br/>Deskless (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>STREAM_O365_E5 (6c6042f5-6f01-4d67-b8c1-eb99d36eed3e)<br/>TEAMS1 (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>MINECRAFT_EDUCATION_EDITION (4c246bbc-f513-4311-beff-eba54c353256)<br/>INTUNE_O365 (882e1d05-acd1-4ccb-8708-6ee03664b117)<br/>EQUIVIO_ANALYTICS (4de31727-a228-4ec3-a5bf-8e45b5ca48cc)<br/>ADALLOM_S_O365 (8c098270-9dd4-4350-9b30-ba4703f3b36b)<br/>ATP_ENTERPRISE (f20fedf3-f3c3-43c3-8267-2bfdd51c0939)<br/>THREAT_INTELLIGENCE (8e0c0a52-6a6c-4d40-8370-dd62790dcd70)<br/>PAM_ENTERPRISE (b1188c4c-1b36-4018-b48b-ee07604f6feb)<br/>OFFICESUBSCRIPTION (43de0ff5-c92c-492b-9116-175376d08c38)<br/>SAFEDOCS (bf6f5520-59e3-4f82-974b-7dbbc4fd27c7)<br/>SHAREPOINTWAC_EDU (e03c7e47-402c-463c-ab25-949079bedb21)<br/>BI_AZURE_P2 (70d33638-9c74-4d01-bfd3-562de28bd4ba)<br/>POWERAPPS_O365_P3 (9c0dab89-a30c-4117-86e7-97bda240acd2)<br/>PREMIUM_ENCRYPTION (617b097b-4b93-4ede-83de-5f075bb5fb2f)<br/>SCHOOL_DATA_SYNC_P2 (500b6a2a-7a50-4f40-b5f9-160e5b8c2f48)<br/>SHAREPOINTENTERPRISE_EDU (63038b2c-28d0-45f6-bc36-33062963b498)<br/>MCOSTANDARD (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>BPOS_S_TODO_3 (3fb82609-8c27-4f7b-bd51-30634711ee67)<br/>WHITEBOARD_PLAN3 (4a51bca5-1eff-43f5-878c-177680f191af)<br/>Virtualization Rights for Windows 10 (E3/E5+VDA) (e7c91390-7625-45be-94e0-e16907e03118)<br/>YAMMER_EDU (2078e8df-cff6-4290-98cb-5408261a760a) | Azure Active Directory Basic for EDU (1d0f309f-fdf9-4b2a-9ae7-9c48b91f1426)<br/>Azure Active Directory Premium P1 (41781fb2-bc02-4b7c-bd55-b576c07bb09d)<br/>Azure Active Directory Premium P2 (eec0eb4f-6444-4f95-aba0-50c24d67f998)<br/>Azure Advanced Threat Protection (14ab5db5-e6c4-4b20-b4bc-13e36fd2227f)<br/>Azure Information Protection Premium P1 (6c57d4b6-3b23-47a5-9bc9-69f17b4947b3)<br/>Azure Information Protection Premium P2 (5689bec4-755d-4753-8b61-40975025187c)<br/>Azure Rights Management (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>Customer Lockbox (9f431833-0334-42de-a7dc-70aa40db46db)<br/>Education Analytics (a9b86446-fa4e-498f-a92a-41b447e03337)<br/>Exchange Online (Plan 2) (efb87545-963c-4e0d-99df-69c6916d9eb0)<br/>Flow for Office 365 (07699545-9485-468e-95b6-2fca3738be01)<br/>Information Barriers (c4801e8a-cb58-4c35-aca6-f2dcc106f287)<br/>Information Protection for Office 365 - Premium (efb0351d-3b08-4503-993d-383af8de41e3)<br/>Information Protection for Office 365 - Standard (5136a095-5cf0-4aff-bec3-e84448b38ea5)<br/>Intune for Education (da24caf9-af8e-485c-b7c8-e73336da2693)<br/>Microsoft 365 Advanced Auditing (2f442157-a11c-46b9-ae5b-6e39ff4e5849)<br/>Microsoft 365 Audio Conferencing (3e26ee1f-8a5f-4d52-aee2-b81ce45c8f40)<br/>Microsoft 365 Phone System (4828c8ec-dc2e-4779-b502-87ac9ce28ab7)<br/>Microsoft Azure Multi-Factor Authentication (8a256a2b-b617-496d-b51b-e76466e88db0)<br/>Microsoft Bookings (199a5c09-e0ca-4e37-8f7c-b05d533e1ea2)<br/>Microsoft Cloud App Security (2e2ddb96-6af9-4b1d-a3f0-d6ecfd22edb2)<br/>Microsoft Defender Advanced Threat Protection (871d91ec-ec1a-452b-a83f-bd76c7d770ef)<br/>Microsoft Forms (Plan 3) (96c1e14a-ef43-418d-b115-9636cdaa8eed)<br/>Microsoft Intune (c1ec4a95-1f05-45b3-a911-aa3fa01094f5)<br/>Microsoft Kaizala (0898bdbb-73b0-471a-81e5-20f1fe4dd66e)<br/>Microsoft MyAnalytics (Full) (34c0d7a0-a70f-4668-9238-47f9fc208882)<br/>Microsoft Planner (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>Microsoft Search (94065c59-bc8e-4e8b-89e5-5138d471eaff)<br/>Microsoft StaffHub (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>Microsoft Stream for O365 E5 SKU (6c6042f5-6f01-4d67-b8c1-eb99d36eed3e)<br/>Microsoft Teams (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>Minecraft Education Edition (4c246bbc-f513-4311-beff-eba54c353256)<br/>Mobile Device Management for Office 365 (882e1d05-acd1-4ccb-8708-6ee03664b117)<br/>Office 365 Advanced eDiscovery (4de31727-a228-4ec3-a5bf-8e45b5ca48cc)<br/>Office 365 Advanced Security Management (8c098270-9dd4-4350-9b30-ba4703f3b36b)<br/>Office 365 Advanced Threat Protection (Plan 1)(f20fedf3-f3c3-43c3-8267-2bfdd51c0939)<br/>Office 365 Advanced Threat Protection (Plan 2) (8e0c0a52-6a6c-4d40-8370-dd62790dcd70)<br/>Office 365 Privileged Access Management (b1188c4c-1b36-4018-b48b-ee07604f6feb)<br/>Office 365 ProPlus (43de0ff5-c92c-492b-9116-175376d08c38)<br/>Office 365 SafeDocs (bf6f5520-59e3-4f82-974b-7dbbc4fd27c7)<br/>Office for the web (Education) (e03c7e47-402c-463c-ab25-949079bedb21)<br/>Power BI Pro (70d33638-9c74-4d01-bfd3-562de28bd4ba)<br/>PowerApps for Office 365 Plan 3 (9c0dab89-a30c-4117-86e7-97bda240acd2)<br/>Premium Encryption in Office 365 (617b097b-4b93-4ede-83de-5f075bb5fb2f)<br/>School Data Sync (Plan 2) (500b6a2a-7a50-4f40-b5f9-160e5b8c2f48)<br/>SharePoint Plan 2 for EDU (63038b2c-28d0-45f6-bc36-33062963b498)<br/>Skype for Business Online (Plan 2) (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>Sway (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>To-Do (Plan 3) (3fb82609-8c27-4f7b-bd51-30634711ee67)<br/>Whiteboard (Plan 3) (4a51bca5-1eff-43f5-878c-177680f191af)<br/>Windows 10 Enterprise (New) (e7c91390-7625-45be-94e0-e16907e03118)<br/>Yammer for Academic (2078e8df-cff6-4290-98cb-5408261a760a) |
| MICROSOFT 365 APPS FOR BUSINESS | O365_BUSINESS | cdd28e44-67e3-425e-be4c-737fab2899d3 | FORMS_PLAN_E1 (159f4cd6-e380-449f-a816-af1a9ef76344)<br/>OFFICE_BUSINESS (094e7854-93fc-4d55-b2c0-3ab5369ebdc1)<br/>ONEDRIVESTANDARD (13696edf-5a08-49f6-8134-03083ed8ba30)<br/>SHAREPOINTWAC (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97) | MICROSOFT FORMS (PLAN E1) (159f4cd6-e380-449f-a816-af1a9ef76344)<br/>OFFICE 365 BUSINESS (094e7854-93fc-4d55-b2c0-3ab5369ebdc1)<br/>ONEDRIVESTANDARD (13696edf-5a08-49f6-8134-03083ed8ba30)<br/>OFFICE ONLINE (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97) | | MICROSOFT 365 APPS FOR BUSINESS | SMB_BUSINESS | b214fe43-f5a3-4703-beeb-fa97188220fc | FORMS_PLAN_E1 (159f4cd6-e380-449f-a816-af1a9ef76344)<br/>OFFICE_BUSINESS (094e7854-93fc-4d55-b2c0-3ab5369ebdc1)<br/>ONEDRIVESTANDARD (13696edf-5a08-49f6-8134-03083ed8ba30)<br/>SHAREPOINTWAC (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97) | MICROSOFT FORMS (PLAN E1) (159f4cd6-e380-449f-a816-af1a9ef76344)<br/>OFFICE 365 BUSINESS (094e7854-93fc-4d55-b2c0-3ab5369ebdc1)<br/>ONEDRIVESTANDARD (13696edf-5a08-49f6-8134-03083ed8ba30)<br/>OFFICE ONLINE (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97) | | MICROSOFT 365 APPS FOR ENTERPRISE | OFFICESUBSCRIPTION | c2273bd0-dff7-4215-9ef5-2c7bcfb06425 | FORMS_PLAN_E1 (159f4cd6-e380-449f-a816-af1a9ef76344)<br/>OFFICESUBSCRIPTION (43de0ff5-c92c-492b-9116-175376d08c38)<br/>ONEDRIVESTANDARD (13696edf-5a08-49f6-8134-03083ed8ba30)<br/>SHAREPOINTWAC (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97) | MICROSOFT FORMS (PLAN E1) (159f4cd6-e380-449f-a816-af1a9ef76344)<br/>OFFICESUBSCRIPTION (43de0ff5-c92c-492b-9116-175376d08c38)<br/>ONEDRIVESTANDARD (13696edf-5a08-49f6-8134-03083ed8ba30)<br/>OFFICE ONLINE (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97) | | MICROSOFT 365 AUDIO CONFERENCING FOR GCC | MCOMEETADV_GOC | 2d3091c7-0712-488b-b3d8-6b97bde6a1f5 | ECHANGE_FOUNDATION_GOV (922ba911-5694-4e99-a794-73aed9bfeec8<br/>MCOMEETADV_GOV (f544b08d-1645-4287-82de-8d91f37c02a1) | EXCHANGE FOUNDATION FOR GOVERNMENT (922ba911-5694-4e99-a794-73aed9bfeec8)<br/>MICROSOFT 365 AUDIO CONFERENCING FOR GOVERNMENT (f544b08d-1645-4287-82de-8d91f37c02a1) |
-| MICROSOFT 365 BUSINESS BASIC | O365_BUSINESS_ESSENTIALS | 3b555118-da6a-4418-894f-7df1e2096870 | BPOS_S_TODO_1 (5e62787c-c316-451f-b873-1d05acd4d12c)<br/>EXCHANGE_S_STANDARD (9aaf7827-d63c-4b61-89c3-182f06f82e5c)<br/>FLOW_O365_P1 (0f9b09cb-62d1-4ff4-9129-43f4996f83f4)<br/>FORMS_PLAN_E1 (159f4cd6-e380-449f-a816-af1a9ef76344)<br/>MCOSTANDARD (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>OFFICEMOBILE_SUBSCRIPTION (c63d4d19-e8cb-460e-b37c-4d6c34603745)<br/>POWERAPPS_O365_P1 (92f7a6f3-b89b-4bbd-8c30-809e6da5ad1c)<br/>PROJECTWORKMANAGEMENT (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>SHAREPOINTSTANDARD (c7699d2e-19aa-44de-8edf-1736da088ca1)<br/>SHAREPOINTWAC (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>TEAMS1 (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>YAMMER_ENTERPRISE (7547a3fe-08ee-4ccb-b430-5077c5041653) | BPOS_S_TODO_1 (5e62787c-c316-451f-b873-1d05acd4d12c)<br/>EXCHANGE ONLINE (PLAN 1) (9aaf7827-d63c-4b61-89c3-182f06f82e5c)<br/>FLOW FOR OFFICE 365 (0f9b09cb-62d1-4ff4-9129-43f4996f83f4)<br/>MICROSOFT FORMS (PLAN E1) (159f4cd6-e380-449f-a816-af1a9ef76344)<br/>SKYPE FOR BUSINESS ONLINE (PLAN 2) (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>OFFICEMOBILE_SUBSCRIPTION (c63d4d19-e8cb-460e-b37c-4d6c34603745)<br/>POWERAPPS FOR OFFICE 365 (92f7a6f3-b89b-4bbd-8c30-809e6da5ad1c)<br/>MICROSOFT PLANNER(b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>SHAREPOINTSTANDARD (c7699d2e-19aa-44de-8edf-1736da088ca1)<br/>OFFICE ONLINE (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>TEAMS1 (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>YAMMER_ENTERPRISE (7547a3fe-08ee-4ccb-b430-5077c5041653) |
-| MICROSOFT 365 BUSINESS BASIC | SMB_BUSINESS_ESSENTIALS | dab7782a-93b1-4074-8bb1-0e61318bea0b | BPOS_S_TODO_1 (5e62787c-c316-451f-b873-1d05acd4d12c)<br/>EXCHANGE_S_STANDARD (9aaf7827-d63c-4b61-89c3-182f06f82e5c)<br/>FLOW_O365_P1 (0f9b09cb-62d1-4ff4-9129-43f4996f83f4)<br/>FORMS_PLAN_E1 (159f4cd6-e380-449f-a816-af1a9ef76344)<br/>MCOSTANDARD (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>OFFICEMOBILE_SUBSCRIPTION (c63d4d19-e8cb-460e-b37c-4d6c34603745)<br/>POWERAPPS_O365_P1 (92f7a6f3-b89b-4bbd-8c30-809e6da5ad1c)<br/>PROJECTWORKMANAGEMENT (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>SHAREPOINTSTANDARD (c7699d2e-19aa-44de-8edf-1736da088ca1)<br/>SHAREPOINTWAC (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>TEAMS1 (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>YAMMER_MIDSIZE (41bf139a-4e60-409f-9346-a1361efc6dfb) | BPOS_S_TODO_1 (5e62787c-c316-451f-b873-1d05acd4d12c)<br/>EXCHANGE ONLINE (PLAN 1) (9aaf7827-d63c-4b61-89c3-182f06f82e5c)<br/>FLOW FOR OFFICE 365 (0f9b09cb-62d1-4ff4-9129-43f4996f83f4)<br/>MICROSOFT FORMS (PLAN E1) (159f4cd6-e380-449f-a816-af1a9ef76344)<br/>SKYPE FOR BUSINESS ONLINE (PLAN 2) (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>OFFICEMOBILE_SUBSCRIPTION (c63d4d19-e8cb-460e-b37c-4d6c34603745)<br/>POWERAPPS FOR OFFICE 365 (92f7a6f3-b89b-4bbd-8c30-809e6da5ad1c)<br/>MICROSOFT PLANNER(b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>SHAREPOINTSTANDARD (c7699d2e-19aa-44de-8edf-1736da088ca1)<br/>OFFICE ONLINE (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>TEAMS1 (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>YAMMER_MIDSIZE (41bf139a-4e60-409f-9346-a1361efc6dfb) |
-| MICROSOFT 365 BUSINESS STANDARD | O365_BUSINESS_PREMIUM | f245ecc8-75af-4f8e-b61f-27d8114de5f3 | BPOS_S_TODO_1 (5e62787c-c316-451f-b873-1d05acd4d12c)<br/>Deskless (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>EXCHANGE_S_STANDARD (9aaf7827-d63c-4b61-89c3-182f06f82e5c)<br/>FLOW_O365_P1 (0f9b09cb-62d1-4ff4-9129-43f4996f83f4)<br/>FORMS_PLAN_E1 (159f4cd6-e380-449f-a816-af1a9ef76344)<br/>MCOSTANDARD (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>MICROSOFTBOOKINGS (199a5c09-e0ca-4e37-8f7c-b05d533e1ea2)<br/>O365_SB_Relationship_Management (5bfe124c-bbdc-4494-8835-f1297d457d79)<br/>OFFICE_BUSINESS (094e7854-93fc-4d55-b2c0-3ab5369ebdc1)<br/>POWERAPPS_O365_P1 (92f7a6f3-b89b-4bbd-8c30-809e6da5ad1c)<br/>PROJECTWORKMANAGEMENT (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>SHAREPOINTSTANDARD (c7699d2e-19aa-44de-8edf-1736da088ca1)<br/>SHAREPOINTWAC (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>TEAMS1 (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>YAMMER_ENTERPRISE (7547a3fe-08ee-4ccb-b430-5077c5041653)| BPOS_S_TODO_1 (5e62787c-c316-451f-b873-1d05acd4d12c)<br/>MICROSOFT STAFFHUB (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>EXCHANGE ONLINE (PLAN 1) (9aaf7827-d63c-4b61-89c3-182f06f82e5c)<br/>FLOW FOR OFFICE 365 (0f9b09cb-62d1-4ff4-9129-43f4996f83f4)<br/>MICROSOFT FORMS (PLAN E1) (159f4cd6-e380-449f-a816-af1a9ef76344)<br/>SKYPE FOR BUSINESS ONLINE (PLAN 2) (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>MICROSOFTBOOKINGS (199a5c09-e0ca-4e37-8f7c-b05d533e1ea2)<br/>OUTLOOK CUSTOMER MANAGER (5bfe124c-bbdc-4494-8835-f1297d457d79)<br/>OFFICE 365 BUSINESS (094e7854-93fc-4d55-b2c0-3ab5369ebdc1)<br/>POWERAPPS FOR OFFICE 365 (92f7a6f3-b89b-4bbd-8c30-809e6da5ad1c)<br/>MICROSOFT PLANNER(b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>SHAREPOINTSTANDARD (c7699d2e-19aa-44de-8edf-1736da088ca1)<br/>OFFICE ONLINE (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>TEAMS1 (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>YAMMER_ENTERPRISE (7547a3fe-08ee-4ccb-b430-5077c5041653) |
-| MICROSOFT 365 BUSINESS STANDARD | SMB_BUSINESS_PREMIUM | ac5cef5d-921b-4f97-9ef3-c99076e5470f | BPOS_S_TODO_1 (5e62787c-c316-451f-b873-1d05acd4d12c)<br/>Deskless (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>EXCHANGE_S_STANDARD (9aaf7827-d63c-4b61-89c3-182f06f82e5c)<br/>FLOW_O365_P1 (0f9b09cb-62d1-4ff4-9129-43f4996f83f4)<br/>FORMS_PLAN_E1 (159f4cd6-e380-449f-a816-af1a9ef76344)<br/>MCOSTANDARD (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>MICROSOFTBOOKINGS (199a5c09-e0ca-4e37-8f7c-b05d533e1ea2)<br/>O365_SB_Relationship_Management (5bfe124c-bbdc-4494-8835-f1297d457d79)<br/>OFFICE_BUSINESS (094e7854-93fc-4d55-b2c0-3ab5369ebdc1)<br/>POWERAPPS_O365_P1 (92f7a6f3-b89b-4bbd-8c30-809e6da5ad1c)<br/>PROJECTWORKMANAGEMENT (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>SHAREPOINTSTANDARD (c7699d2e-19aa-44de-8edf-1736da088ca1)<br/>SHAREPOINTWAC (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>TEAMS1 (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>YAMMER_MIDSIZE (41bf139a-4e60-409f-9346-a1361efc6dfb) | BPOS_S_TODO_1 (5e62787c-c316-451f-b873-1d05acd4d12c)<br/>MICROSOFT STAFFHUB (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>EXCHANGE ONLINE (PLAN 1) (9aaf7827-d63c-4b61-89c3-182f06f82e5c)<br/>FLOW FOR OFFICE 365 (0f9b09cb-62d1-4ff4-9129-43f4996f83f4)<br/>MICROSOFT FORMS (PLAN E1) (159f4cd6-e380-449f-a816-af1a9ef76344)<br/>SKYPE FOR BUSINESS ONLINE (PLAN 2) (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>MICROSOFTBOOKINGS (199a5c09-e0ca-4e37-8f7c-b05d533e1ea2)<br/>OUTLOOK CUSTOMER MANAGER (5bfe124c-bbdc-4494-8835-f1297d457d79)<br/>OFFICE 365 BUSINESS (094e7854-93fc-4d55-b2c0-3ab5369ebdc1)<br/>POWERAPPS FOR OFFICE 365 (92f7a6f3-b89b-4bbd-8c30-809e6da5ad1c)<br/>MICROSOFT PLANNER(b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>SHAREPOINTSTANDARD (c7699d2e-19aa-44de-8edf-1736da088ca1)<br/>OFFICE ONLINE (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>TEAMS1 (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>YAMMER_MIDSIZE (41bf139a-4e60-409f-9346-a1361efc6dfb) |
-| MICROSOFT 365 BUSINESS PREMIUM | SPB | cbdc14ab-d96c-4c30-b9f4-6ada7cdc1d46 | AAD_SMB (de377cbc-0019-4ec2-b77c-3f223947e102)<br/>BPOS_S_TODO_1 (5e62787c-c316-451f-b873-1d05acd4d12c)<br/>Deskless (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>EXCHANGE_S_ARCHIVE_ADDON (176a09a6-7ec5-4039-ac02-b2791c6ba793)<br/>EXCHANGE_S_STANDARD (9aaf7827-d63c-4b61-89c3-182f06f82e5c)<br/>FLOW_O365_P1 (0f9b09cb-62d1-4ff4-9129-43f4996f83f4)<br/>FORMS_PLAN_E1 (159f4cd6-e380-449f-a816-af1a9ef76344)<br/>INTUNE_A (c1ec4a95-1f05-45b3-a911-aa3fa01094f5)<br/>INTUNE_SMBIZ (8e9ff0ff-aa7a-4b20-83c1-2f636b600ac2)<br/>MCOSTANDARD (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>MICROSOFTBOOKINGS (199a5c09-e0ca-4e37-8f7c-b05d533e1ea2)<br/>O365_SB_Relationship_Management (5bfe124c-bbdc-4494-8835-f1297d457d79)<br/>OFFICE_BUSINESS (094e7854-93fc-4d55-b2c0-3ab5369ebdc1)<br/>POWERAPPS_O365_P1 (92f7a6f3-b89b-4bbd-8c30-809e6da5ad1c)<br/>PROJECTWORKMANAGEMENT (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>RMS_S_ENTERPRISE (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>RMS_S_PREMIUM (6c57d4b6-3b23-47a5-9bc9-69f17b4947b3)<br/>SHAREPOINTSTANDARD (c7699d2e-19aa-44de-8edf-1736da088ca1)<br/>SHAREPOINTWAC (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>STREAM_O365_E1 (743dd19e-1ce3-4c62-a3ad-49ba8f63a2f6)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>TEAMS1 (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>WINBIZ (8e229017-d77b-43d5-9305-903395523b99)<br/>YAMMER_ENTERPRISE (7547a3fe-08ee-4ccb-b430-5077c5041653) | AZURE ACTIVE DIRECTORY (de377cbc-0019-4ec2-b77c-3f223947e102)<br/>BPOS_S_TODO_1 (5e62787c-c316-451f-b873-1d05acd4d12c)<br/>MICROSOFT STAFFHUB (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>EXCHANGE ONLINE ARCHIVING FOR EXCHANGE ONLINE (176a09a6-7ec5-4039-ac02-b2791c6ba793)<br/>EXCHANGE ONLINE (PLAN 1) (9aaf7827-d63c-4b61-89c3-182f06f82e5c)<br/>FLOW FOR OFFICE 365 (0f9b09cb-62d1-4ff4-9129-43f4996f83f4)<br/>MICROSOFT FORMS (PLAN E1) (159f4cd6-e380-449f-a816-af1a9ef76344)<br/>MICROSOFT INTUNE (c1ec4a95-1f05-45b3-a911-aa3fa01094f5)<br/>INTUNE_SMBIZ (8e9ff0ff-aa7a-4b20-83c1-2f636b600ac2)<br/>SKYPE FOR BUSINESS ONLINE (PLAN 2) (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>MICROSOFTBOOKINGS (199a5c09-e0ca-4e37-8f7c-b05d533e1ea2)<br/>OUTLOOK CUSTOMER MANAGER (5bfe124c-bbdc-4494-8835-f1297d457d79)<br/>OFFICE 365 BUSINESS (094e7854-93fc-4d55-b2c0-3ab5369ebdc1)<br/>POWERAPPS FOR OFFICE 365 (92f7a6f3-b89b-4bbd-8c30-809e6da5ad1c)<br/>MICROSOFT PLANNER(b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>MICROSOFT AZURE ACTIVE DIRECTORY RIGHTS (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>AZURE INFORMATION PROTECTION PREMIUM P1 (6c57d4b6-3b23-47a5-9bc9-69f17b4947b3)<br/>SHAREPOINTSTANDARD (c7699d2e-19aa-44de-8edf-1736da088ca1)<br/>OFFICE ONLINE (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>MICROSOFT STREAM FOR O365 E1 SKU (743dd19e-1ce3-4c62-a3ad-49ba8f63a2f6)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>TEAMS1 (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>WINDOWS 10 BUSINESS (8e229017-d77b-43d5-9305-903395523b99)<br/>YAMMER_ENTERPRISE (7547a3fe-08ee-4ccb-b430-5077c5041653) |
+| MICROSOFT 365 BUSINESS BASIC | O365_BUSINESS_ESSENTIALS | 3b555118-da6a-4418-894f-7df1e2096870 | BPOS_S_TODO_1 (5e62787c-c316-451f-b873-1d05acd4d12c)<br/>EXCHANGE_S_STANDARD (9aaf7827-d63c-4b61-89c3-182f06f82e5c)<br/>FLOW_O365_P1 (0f9b09cb-62d1-4ff4-9129-43f4996f83f4)<br/>FORMS_PLAN_E1 (159f4cd6-e380-449f-a816-af1a9ef76344)<br/>MCOSTANDARD (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>OFFICEMOBILE_SUBSCRIPTION (c63d4d19-e8cb-460e-b37c-4d6c34603745)<br/>POWERAPPS_O365_P1 (92f7a6f3-b89b-4bbd-8c30-809e6da5ad1c)<br/>PROJECTWORKMANAGEMENT (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>SHAREPOINTSTANDARD (c7699d2e-19aa-44de-8edf-1736da088ca1)<br/>SHAREPOINTWAC (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>TEAMS1 (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>YAMMER_ENTERPRISE (7547a3fe-08ee-4ccb-b430-5077c5041653) | To-Do (Plan 1) (5e62787c-c316-451f-b873-1d05acd4d12c)<br/>EXCHANGE ONLINE (PLAN 1) (9aaf7827-d63c-4b61-89c3-182f06f82e5c)<br/>FLOW FOR OFFICE 365 (0f9b09cb-62d1-4ff4-9129-43f4996f83f4)<br/>MICROSOFT FORMS (PLAN E1) (159f4cd6-e380-449f-a816-af1a9ef76344)<br/>SKYPE FOR BUSINESS ONLINE (PLAN 2) (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>OFFICEMOBILE_SUBSCRIPTION (c63d4d19-e8cb-460e-b37c-4d6c34603745)<br/>POWERAPPS FOR OFFICE 365 (92f7a6f3-b89b-4bbd-8c30-809e6da5ad1c)<br/>MICROSOFT PLANNER(b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>SHAREPOINTSTANDARD (c7699d2e-19aa-44de-8edf-1736da088ca1)<br/>OFFICE ONLINE (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>TEAMS1 (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>YAMMER_ENTERPRISE (7547a3fe-08ee-4ccb-b430-5077c5041653) |
+| MICROSOFT 365 BUSINESS BASIC | SMB_BUSINESS_ESSENTIALS | dab7782a-93b1-4074-8bb1-0e61318bea0b | BPOS_S_TODO_1 (5e62787c-c316-451f-b873-1d05acd4d12c)<br/>EXCHANGE_S_STANDARD (9aaf7827-d63c-4b61-89c3-182f06f82e5c)<br/>FLOW_O365_P1 (0f9b09cb-62d1-4ff4-9129-43f4996f83f4)<br/>FORMS_PLAN_E1 (159f4cd6-e380-449f-a816-af1a9ef76344)<br/>MCOSTANDARD (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>OFFICEMOBILE_SUBSCRIPTION (c63d4d19-e8cb-460e-b37c-4d6c34603745)<br/>POWERAPPS_O365_P1 (92f7a6f3-b89b-4bbd-8c30-809e6da5ad1c)<br/>PROJECTWORKMANAGEMENT (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>SHAREPOINTSTANDARD (c7699d2e-19aa-44de-8edf-1736da088ca1)<br/>SHAREPOINTWAC (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>TEAMS1 (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>YAMMER_MIDSIZE (41bf139a-4e60-409f-9346-a1361efc6dfb) | To-Do (Plan 1) (5e62787c-c316-451f-b873-1d05acd4d12c)<br/>EXCHANGE ONLINE (PLAN 1) (9aaf7827-d63c-4b61-89c3-182f06f82e5c)<br/>FLOW FOR OFFICE 365 (0f9b09cb-62d1-4ff4-9129-43f4996f83f4)<br/>MICROSOFT FORMS (PLAN E1) (159f4cd6-e380-449f-a816-af1a9ef76344)<br/>SKYPE FOR BUSINESS ONLINE (PLAN 2) (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>OFFICEMOBILE_SUBSCRIPTION (c63d4d19-e8cb-460e-b37c-4d6c34603745)<br/>POWERAPPS FOR OFFICE 365 (92f7a6f3-b89b-4bbd-8c30-809e6da5ad1c)<br/>MICROSOFT PLANNER(b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>SHAREPOINTSTANDARD (c7699d2e-19aa-44de-8edf-1736da088ca1)<br/>OFFICE ONLINE (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>TEAMS1 (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>YAMMER_MIDSIZE (41bf139a-4e60-409f-9346-a1361efc6dfb) |
+| MICROSOFT 365 BUSINESS STANDARD | O365_BUSINESS_PREMIUM | f245ecc8-75af-4f8e-b61f-27d8114de5f3 | BPOS_S_TODO_1 (5e62787c-c316-451f-b873-1d05acd4d12c)<br/>Deskless (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>EXCHANGE_S_STANDARD (9aaf7827-d63c-4b61-89c3-182f06f82e5c)<br/>FLOW_O365_P1 (0f9b09cb-62d1-4ff4-9129-43f4996f83f4)<br/>FORMS_PLAN_E1 (159f4cd6-e380-449f-a816-af1a9ef76344)<br/>MCOSTANDARD (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>MICROSOFTBOOKINGS (199a5c09-e0ca-4e37-8f7c-b05d533e1ea2)<br/>O365_SB_Relationship_Management (5bfe124c-bbdc-4494-8835-f1297d457d79)<br/>OFFICE_BUSINESS (094e7854-93fc-4d55-b2c0-3ab5369ebdc1)<br/>POWERAPPS_O365_P1 (92f7a6f3-b89b-4bbd-8c30-809e6da5ad1c)<br/>PROJECTWORKMANAGEMENT (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>SHAREPOINTSTANDARD (c7699d2e-19aa-44de-8edf-1736da088ca1)<br/>SHAREPOINTWAC (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>TEAMS1 (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>YAMMER_ENTERPRISE (7547a3fe-08ee-4ccb-b430-5077c5041653)| To-Do (Plan 1) (5e62787c-c316-451f-b873-1d05acd4d12c)<br/>MICROSOFT STAFFHUB (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>EXCHANGE ONLINE (PLAN 1) (9aaf7827-d63c-4b61-89c3-182f06f82e5c)<br/>FLOW FOR OFFICE 365 (0f9b09cb-62d1-4ff4-9129-43f4996f83f4)<br/>MICROSOFT FORMS (PLAN E1) (159f4cd6-e380-449f-a816-af1a9ef76344)<br/>SKYPE FOR BUSINESS ONLINE (PLAN 2) (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>MICROSOFTBOOKINGS (199a5c09-e0ca-4e37-8f7c-b05d533e1ea2)<br/>OUTLOOK CUSTOMER MANAGER (5bfe124c-bbdc-4494-8835-f1297d457d79)<br/>OFFICE 365 BUSINESS (094e7854-93fc-4d55-b2c0-3ab5369ebdc1)<br/>POWERAPPS FOR OFFICE 365 (92f7a6f3-b89b-4bbd-8c30-809e6da5ad1c)<br/>MICROSOFT PLANNER(b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>SHAREPOINTSTANDARD (c7699d2e-19aa-44de-8edf-1736da088ca1)<br/>OFFICE ONLINE (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>TEAMS1 (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>YAMMER_ENTERPRISE (7547a3fe-08ee-4ccb-b430-5077c5041653) |
+| MICROSOFT 365 BUSINESS STANDARD | SMB_BUSINESS_PREMIUM | ac5cef5d-921b-4f97-9ef3-c99076e5470f | BPOS_S_TODO_1 (5e62787c-c316-451f-b873-1d05acd4d12c)<br/>Deskless (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>EXCHANGE_S_STANDARD (9aaf7827-d63c-4b61-89c3-182f06f82e5c)<br/>FLOW_O365_P1 (0f9b09cb-62d1-4ff4-9129-43f4996f83f4)<br/>FORMS_PLAN_E1 (159f4cd6-e380-449f-a816-af1a9ef76344)<br/>MCOSTANDARD (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>MICROSOFTBOOKINGS (199a5c09-e0ca-4e37-8f7c-b05d533e1ea2)<br/>O365_SB_Relationship_Management (5bfe124c-bbdc-4494-8835-f1297d457d79)<br/>OFFICE_BUSINESS (094e7854-93fc-4d55-b2c0-3ab5369ebdc1)<br/>POWERAPPS_O365_P1 (92f7a6f3-b89b-4bbd-8c30-809e6da5ad1c)<br/>PROJECTWORKMANAGEMENT (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>SHAREPOINTSTANDARD (c7699d2e-19aa-44de-8edf-1736da088ca1)<br/>SHAREPOINTWAC (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>TEAMS1 (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>YAMMER_MIDSIZE (41bf139a-4e60-409f-9346-a1361efc6dfb) | To-Do (Plan 1) (5e62787c-c316-451f-b873-1d05acd4d12c)<br/>MICROSOFT STAFFHUB (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>EXCHANGE ONLINE (PLAN 1) (9aaf7827-d63c-4b61-89c3-182f06f82e5c)<br/>FLOW FOR OFFICE 365 (0f9b09cb-62d1-4ff4-9129-43f4996f83f4)<br/>MICROSOFT FORMS (PLAN E1) (159f4cd6-e380-449f-a816-af1a9ef76344)<br/>SKYPE FOR BUSINESS ONLINE (PLAN 2) (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>MICROSOFTBOOKINGS (199a5c09-e0ca-4e37-8f7c-b05d533e1ea2)<br/>OUTLOOK CUSTOMER MANAGER (5bfe124c-bbdc-4494-8835-f1297d457d79)<br/>OFFICE 365 BUSINESS (094e7854-93fc-4d55-b2c0-3ab5369ebdc1)<br/>POWERAPPS FOR OFFICE 365 (92f7a6f3-b89b-4bbd-8c30-809e6da5ad1c)<br/>MICROSOFT PLANNER(b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>SHAREPOINTSTANDARD (c7699d2e-19aa-44de-8edf-1736da088ca1)<br/>OFFICE ONLINE (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>TEAMS1 (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>YAMMER_MIDSIZE (41bf139a-4e60-409f-9346-a1361efc6dfb) |
+| MICROSOFT 365 BUSINESS PREMIUM | SPB | cbdc14ab-d96c-4c30-b9f4-6ada7cdc1d46 | AAD_SMB (de377cbc-0019-4ec2-b77c-3f223947e102)<br/>BPOS_S_TODO_1 (5e62787c-c316-451f-b873-1d05acd4d12c)<br/>Deskless (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>EXCHANGE_S_ARCHIVE_ADDON (176a09a6-7ec5-4039-ac02-b2791c6ba793)<br/>EXCHANGE_S_STANDARD (9aaf7827-d63c-4b61-89c3-182f06f82e5c)<br/>FLOW_O365_P1 (0f9b09cb-62d1-4ff4-9129-43f4996f83f4)<br/>FORMS_PLAN_E1 (159f4cd6-e380-449f-a816-af1a9ef76344)<br/>INTUNE_A (c1ec4a95-1f05-45b3-a911-aa3fa01094f5)<br/>INTUNE_SMBIZ (8e9ff0ff-aa7a-4b20-83c1-2f636b600ac2)<br/>MCOSTANDARD (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>MICROSOFTBOOKINGS (199a5c09-e0ca-4e37-8f7c-b05d533e1ea2)<br/>O365_SB_Relationship_Management (5bfe124c-bbdc-4494-8835-f1297d457d79)<br/>OFFICE_BUSINESS (094e7854-93fc-4d55-b2c0-3ab5369ebdc1)<br/>POWERAPPS_O365_P1 (92f7a6f3-b89b-4bbd-8c30-809e6da5ad1c)<br/>PROJECTWORKMANAGEMENT (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>RMS_S_ENTERPRISE (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>RMS_S_PREMIUM (6c57d4b6-3b23-47a5-9bc9-69f17b4947b3)<br/>SHAREPOINTSTANDARD (c7699d2e-19aa-44de-8edf-1736da088ca1)<br/>SHAREPOINTWAC (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>STREAM_O365_E1 (743dd19e-1ce3-4c62-a3ad-49ba8f63a2f6)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>TEAMS1 (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>WINBIZ (8e229017-d77b-43d5-9305-903395523b99)<br/>YAMMER_ENTERPRISE (7547a3fe-08ee-4ccb-b430-5077c5041653) | AZURE ACTIVE DIRECTORY (de377cbc-0019-4ec2-b77c-3f223947e102)<br/>TO-DO (PLAN 1)(5e62787c-c316-451f-b873-1d05acd4d12c)<br/>MICROSOFT STAFFHUB (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>EXCHANGE ONLINE ARCHIVING FOR EXCHANGE ONLINE (176a09a6-7ec5-4039-ac02-b2791c6ba793)<br/>EXCHANGE ONLINE (PLAN 1) (9aaf7827-d63c-4b61-89c3-182f06f82e5c)<br/>FLOW FOR OFFICE 365 (0f9b09cb-62d1-4ff4-9129-43f4996f83f4)<br/>MICROSOFT FORMS (PLAN E1) (159f4cd6-e380-449f-a816-af1a9ef76344)<br/>MICROSOFT INTUNE (c1ec4a95-1f05-45b3-a911-aa3fa01094f5)<br/>MICROSOFT INTUNE (8e9ff0ff-aa7a-4b20-83c1-2f636b600ac2)<br/>SKYPE FOR BUSINESS ONLINE (PLAN 2) (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>MICROSOFT BOOKINGS (199a5c09-e0ca-4e37-8f7c-b05d533e1ea2)<br/>OUTLOOK CUSTOMER MANAGER (5bfe124c-bbdc-4494-8835-f1297d457d79)<br/>OFFICE 365 BUSINESS (094e7854-93fc-4d55-b2c0-3ab5369ebdc1)<br/>POWERAPPS FOR OFFICE 365 (92f7a6f3-b89b-4bbd-8c30-809e6da5ad1c)<br/>MICROSOFT PLANNER(b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>MICROSOFT AZURE ACTIVE DIRECTORY RIGHTS (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>AZURE INFORMATION PROTECTION PREMIUM P1 (6c57d4b6-3b23-47a5-9bc9-69f17b4947b3)<br/>SHAREPOINTSTANDARD (c7699d2e-19aa-44de-8edf-1736da088ca1)<br/>OFFICE ONLINE (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>MICROSOFT STREAM FOR O365 E1 SKU (743dd19e-1ce3-4c62-a3ad-49ba8f63a2f6)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>TEAMS1 (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>WINDOWS 10 BUSINESS (8e229017-d77b-43d5-9305-903395523b99)<br/>YAMMER_ENTERPRISE (7547a3fe-08ee-4ccb-b430-5077c5041653) |
| MICROSOFT 365 DOMESTIC CALLING PLAN (120 Minutes) | MCOPSTN_5 | 11dee6af-eca8-419f-8061-6864517c1875 | MCOPSTN5 (54a152dc-90de-4996-93d2-bc47e670fc06) | MICROSOFT 365 DOMESTIC CALLING PLAN (120 min) (54a152dc-90de-4996-93d2-bc47e670fc06) |
-| MICROSOFT 365 E3 | SPE_E3 | 05e9a617-0261-4cee-bb44-138d3ef5d965 | AAD_PREMIUM (41781fb2-bc02-4b7c-bd55-b576c07bb09d)<br/>ADALLOM_S_DISCOVERY (932ad362-64a8-4783-9106-97849a1a30b9)<br/>BPOS_S_TODO_2 (c87f142c-d1e9-4363-8630-aaea9c4d9ae5)<br/>Deskless (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>EXCHANGE_S_ENTERPRISE (efb87545-963c-4e0d-99df-69c6916d9eb0)<br/>FLOW_O365_P2 (76846ad7-7776-4c40-a281-a386362dd1b9)<br/>FORMS_PLAN_E3 (2789c901-c14e-48ab-a76a-be334d9d793a)<br/>INTUNE_A (c1ec4a95-1f05-45b3-a911-aa3fa01094f5)<br/>MCOSTANDARD (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>MFA_PREMIUM (8a256a2b-b617-496d-b51b-e76466e88db0)<br/>OFFICESUBSCRIPTION (43de0ff5-c92c-492b-9116-175376d08c38)<br/>POWERAPPS_O365_P2 (c68f8d98-5534-41c8-bf36-22fa496fa792)<br/>PROJECTWORKMANAGEMENT (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>RMS_S_ENTERPRISE (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>RMS_S_PREMIUM (6c57d4b6-3b23-47a5-9bc9-69f17b4947b3)<br/>SHAREPOINTENTERPRISE (5dbe027f-2339-4123-9542-606e4d348a72)<br/>SHAREPOINTWAC (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>STREAM_O365_E3 (9e700747-8b1d-45e5-ab8d-ef187ceec156)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>TEAMS1 (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>WIN10_PRO_ENT_SUB (21b439ba-a0ca-424f-a6cc-52f954a5b111)<br/>YAMMER_ENTERPRISE (7547a3fe-08ee-4ccb-b430-5077c5041653) | AZURE ACTIVE DIRECTORY PREMIUM P1 (41781fb2-bc02-4b7c-bd55-b576c07bb09d)<br/>CLOUD APP SECURITY DISCOVERY (932ad362-64a8-4783-9106-97849a1a30b9)<br/>BPOS_S_TODO_2 (c87f142c-d1e9-4363-8630-aaea9c4d9ae5)<br/>MICROSOFT STAFFHUB (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>EXCHANGE ONLINE (PLAN 2)(efb87545-963c-4e0d-99df-69c6916d9eb0)<br/>FLOW FOR OFFICE 365 (76846ad7-7776-4c40-a281-a386362dd1b9)<br/>MICROSOFT FORMS (PLAN E3) (2789c901-c14e-48ab-a76a-be334d9d793a)<br/>MICROSOFT INTUNE (c1ec4a95-1f05-45b3-a911-aa3fa01094f5)<br/>SKYPE FOR BUSINESS ONLINE (PLAN 2) (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>MICROSOFT AZURE MULTI-FACTOR AUTHENTICATION (8a256a2b-b617-496d-b51b-e76466e88db0)<br/>OFFICESUBSCRIPTION (43de0ff5-c92c-492b-9116-175376d08c38)<br/>POWERAPPS FOR OFFICE 365(c68f8d98-5534-41c8-bf36-22fa496fa792)<br/>MICROSOFT PLANNER(b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>MICROSOFT AZURE ACTIVE DIRECTORY RIGHTS (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>AZURE INFORMATION PROTECTION PREMIUM P1 (6c57d4b6-3b23-47a5-9bc9-69f17b4947b3)<br/>SHAREPOINT ONLINE (PLAN 2) (5dbe027f-2339-4123-9542-606e4d348a72)<br/>OFFICE ONLINE (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>MICROSOFT STREAM FOR O365 E3 SKU (9e700747-8b1d-45e5-ab8d-ef187ceec156)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>TEAMS1 (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>WINDOWS 10 ENTERPRISE (21b439ba-a0ca-424f-a6cc-52f954a5b111)<br/>YAMMER_ENTERPRISE (7547a3fe-08ee-4ccb-b430-5077c5041653) |
+| MICROSOFT 365 E3 | SPE_E3 | 05e9a617-0261-4cee-bb44-138d3ef5d965 | AAD_PREMIUM (41781fb2-bc02-4b7c-bd55-b576c07bb09d)<br/>ADALLOM_S_DISCOVERY (932ad362-64a8-4783-9106-97849a1a30b9)<br/>BPOS_S_TODO_2 (c87f142c-d1e9-4363-8630-aaea9c4d9ae5)<br/>Deskless (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>EXCHANGE_S_ENTERPRISE (efb87545-963c-4e0d-99df-69c6916d9eb0)<br/>FLOW_O365_P2 (76846ad7-7776-4c40-a281-a386362dd1b9)<br/>FORMS_PLAN_E3 (2789c901-c14e-48ab-a76a-be334d9d793a)<br/>INTUNE_A (c1ec4a95-1f05-45b3-a911-aa3fa01094f5)<br/>MCOSTANDARD (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>MFA_PREMIUM (8a256a2b-b617-496d-b51b-e76466e88db0)<br/>OFFICESUBSCRIPTION (43de0ff5-c92c-492b-9116-175376d08c38)<br/>POWERAPPS_O365_P2 (c68f8d98-5534-41c8-bf36-22fa496fa792)<br/>PROJECTWORKMANAGEMENT (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>RMS_S_ENTERPRISE (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>RMS_S_PREMIUM (6c57d4b6-3b23-47a5-9bc9-69f17b4947b3)<br/>SHAREPOINTENTERPRISE (5dbe027f-2339-4123-9542-606e4d348a72)<br/>SHAREPOINTWAC (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>STREAM_O365_E3 (9e700747-8b1d-45e5-ab8d-ef187ceec156)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>TEAMS1 (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>WIN10_PRO_ENT_SUB (21b439ba-a0ca-424f-a6cc-52f954a5b111)<br/>YAMMER_ENTERPRISE (7547a3fe-08ee-4ccb-b430-5077c5041653) | AZURE ACTIVE DIRECTORY PREMIUM P1 (41781fb2-bc02-4b7c-bd55-b576c07bb09d)<br/>CLOUD APP SECURITY DISCOVERY (932ad362-64a8-4783-9106-97849a1a30b9)<br/>TO-DO (PLAN 2) (c87f142c-d1e9-4363-8630-aaea9c4d9ae5)<br/>MICROSOFT STAFFHUB (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>EXCHANGE ONLINE (PLAN 2)(efb87545-963c-4e0d-99df-69c6916d9eb0)<br/>FLOW FOR OFFICE 365 (76846ad7-7776-4c40-a281-a386362dd1b9)<br/>MICROSOFT FORMS (PLAN E3) (2789c901-c14e-48ab-a76a-be334d9d793a)<br/>MICROSOFT INTUNE (c1ec4a95-1f05-45b3-a911-aa3fa01094f5)<br/>SKYPE FOR BUSINESS ONLINE (PLAN 2) (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>MICROSOFT AZURE MULTI-FACTOR AUTHENTICATION (8a256a2b-b617-496d-b51b-e76466e88db0)<br/>OFFICESUBSCRIPTION (43de0ff5-c92c-492b-9116-175376d08c38)<br/>POWERAPPS FOR OFFICE 365(c68f8d98-5534-41c8-bf36-22fa496fa792)<br/>MICROSOFT PLANNER(b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>MICROSOFT AZURE ACTIVE DIRECTORY RIGHTS (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>AZURE INFORMATION PROTECTION PREMIUM P1 (6c57d4b6-3b23-47a5-9bc9-69f17b4947b3)<br/>SHAREPOINT ONLINE (PLAN 2) (5dbe027f-2339-4123-9542-606e4d348a72)<br/>OFFICE ONLINE (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>MICROSOFT STREAM FOR O365 E3 SKU (9e700747-8b1d-45e5-ab8d-ef187ceec156)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>TEAMS1 (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>WINDOWS 10 ENTERPRISE (21b439ba-a0ca-424f-a6cc-52f954a5b111)<br/>YAMMER ENTERPRISE (7547a3fe-08ee-4ccb-b430-5077c5041653) |
| Microsoft 365 E5 | SPE_E5 | 06ebc4ee-1bb5-47dd-8120-11324bc54e06 | MCOMEETADV (3e26ee1f-8a5f-4d52-aee2-b81ce45c8f40)<br/>AAD_PREMIUM (41781fb2-bc02-4b7c-bd55-b576c07bb09d)<br/>AAD_PREMIUM_P2 (eec0eb4f-6444-4f95-aba0-50c24d67f998)<br/>ATA (14ab5db5-e6c4-4b20-b4bc-13e36fd2227f)<br/>RMS_S_PREMIUM (6c57d4b6-3b23-47a5-9bc9-69f17b4947b3)<br/>RMS_S_PREMIUM2 (5689bec4-755d-4753-8b61-40975025187c)<br/>LOCKBOX_ENTERPRISE (9f431833-0334-42de-a7dc-70aa40db46db)<br/>EXCHANGE_S_ENTERPRISE (efb87545-963c-4e0d-99df-69c6916d9eb0)<br/>FLOW_O365_P3 (07699545-9485-468e-95b6-2fca3738be01)<br/>INFORMATION_BARRIERS (c4801e8a-cb58-4c35-aca6-f2dcc106f287)<br/>MIP_S_CLP2 (efb0351d-3b08-4503-993d-383af8de41e3)<br/>MIP_S_CLP1 (5136a095-5cf0-4aff-bec3-e84448b38ea5)<br/>MYANALYTICS_P2 (33c4f319-9bdd-48d6-9c4d-410b750a4a5a)<br/>RMS_S_ENTERPRISE (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>MFA_PREMIUM (8a256a2b-b617-496d-b51b-e76466e88db0)<br/>ADALLOM_S_STANDALONE (2e2ddb96-6af9-4b1d-a3f0-d6ecfd22edb2)<br/>WINDEFATP (871d91ec-ec1a-452b-a83f-bd76c7d770ef)<br/>FORMS_PLAN_E5 (e212cbc7-0961-4c40-9825-01117710dcb1)<br/>INTUNE_A (c1ec4a95-1f05-45b3-a911-aa3fa01094f5)<br/>KAIZALA_STANDALONE (0898bdbb-73b0-471a-81e5-20f1fe4dd66e)<br/>EXCHANGE_ANALYTICS (34c0d7a0-a70f-4668-9238-47f9fc208882)<br/>PROJECTWORKMANAGEMENT (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>MICROSOFT_SEARCH (94065c59-bc8e-4e8b-89e5-5138d471eaff)<br/>Deskless (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>STREAM_O365_E5 (6c6042f5-6f01-4d67-b8c1-eb99d36eed3e)<br/>TEAMS1 (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>INTUNE_O365 (882e1d05-acd1-4ccb-8708-6ee03664b117)<br/>EQUIVIO_ANALYTICS (4de31727-a228-4ec3-a5bf-8e45b5ca48cc)<br/>ADALLOM_S_O365 (8c098270-9dd4-4350-9b30-ba4703f3b36b)<br/>ATP_ENTERPRISE (f20fedf3-f3c3-43c3-8267-2bfdd51c0939)<br/>THREAT_INTELLIGENCE (8e0c0a52-6a6c-4d40-8370-dd62790dcd70)<br/>PAM_ENTERPRISE (b1188c4c-1b36-4018-b48b-ee07604f6feb)<br/>OFFICESUBSCRIPTION (43de0ff5-c92c-492b-9116-175376d08c38)<br/>SHAREPOINTWAC (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>MCOEV (4828c8ec-dc2e-4779-b502-87ac9ce28ab7)<br/>BI_AZURE_P2 (70d33638-9c74-4d01-bfd3-562de28bd4ba)<br/>POWERAPPS_O365_P3 (9c0dab89-a30c-4117-86e7-97bda240acd2)<br/>PREMIUM_ENCRYPTION (617b097b-4b93-4ede-83de-5f075bb5fb2f)<br/>SHAREPOINTENTERPRISE (5dbe027f-2339-4123-9542-606e4d348a72)<br/>MCOSTANDARD (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>BPOS_S_TODO_3 (3fb82609-8c27-4f7b-bd51-30634711ee67)<br/>WHITEBOARD_PLAN3 (4a51bca5-1eff-43f5-878c-177680f191af)<br/>WIN10_PRO_ENT_SUB (21b439ba-a0ca-424f-a6cc-52f954a5b111)<br/>YAMMER_ENTERPRISE (7547a3fe-08ee-4ccb-b430-5077c5041653) | Audio Conferencing (3e26ee1f-8a5f-4d52-aee2-b81ce45c8f40)<br/>Azure Active Directory Premium P1 (41781fb2-bc02-4b7c-bd55-b576c07bb09d)<br/>Azure Active Directory Premium P2 (eec0eb4f-6444-4f95-aba0-50c24d67f998)<br/>Azure Advanced Threat Protection (14ab5db5-e6c4-4b20-b4bc-13e36fd2227f)<br/>Azure Information Protection Premium P1 (6c57d4b6-3b23-47a5-9bc9-69f17b4947b3)<br/>Azure Information Protection Premium P2 (5689bec4-755d-4753-8b61-40975025187c)<br/>Customer Lockbox (9f431833-0334-42de-a7dc-70aa40db46db)<br/>Exchange Online (Plan 2) (efb87545-963c-4e0d-99df-69c6916d9eb0)<br/>Flow for Office 365 (07699545-9485-468e-95b6-2fca3738be01)<br/>Information Barriers (c4801e8a-cb58-4c35-aca6-f2dcc106f287)<br/>Information Protection for Office 365 - Premium (efb0351d-3b08-4503-993d-383af8de41e3)<br/>Information Protection for Office 365 - Standard (5136a095-5cf0-4aff-bec3-e84448b38ea5)<br/>Insights by MyAnalytics (33c4f319-9bdd-48d6-9c4d-410b750a4a5a)<br/>Microsoft Azure Active Directory Rights (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>Microsoft Azure Multi-Factor Authentication (8a256a2b-b617-496d-b51b-e76466e88db0)<br/>Microsoft Cloud App Security (2e2ddb96-6af9-4b1d-a3f0-d6ecfd22edb2)<br/>Microsoft Defender Advanced Threat Protection (871d91ec-ec1a-452b-a83f-bd76c7d770ef)<br/>Microsoft Forms (Plan E5) (e212cbc7-0961-4c40-9825-01117710dcb1)<br/>Microsoft Intune (c1ec4a95-1f05-45b3-a911-aa3fa01094f5)<br/>Microsoft Kaizala (0898bdbb-73b0-471a-81e5-20f1fe4dd66e)<br/>Microsoft MyAnalytics (Full) (34c0d7a0-a70f-4668-9238-47f9fc208882)<br/>Microsoft Planner (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>Microsoft Search (94065c59-bc8e-4e8b-89e5-5138d471eaff)<br/>Microsoft StaffHub (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>Microsoft Stream for O365 E5 SKU (6c6042f5-6f01-4d67-b8c1-eb99d36eed3e)<br/>Microsoft Teams (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>Mobile Device Management for Office 365 (882e1d05-acd1-4ccb-8708-6ee03664b117)<br/>Office 365 Advanced eDiscovery (4de31727-a228-4ec3-a5bf-8e45b5ca48cc)<br/>Office 365 Advanced Security Management (8c098270-9dd4-4350-9b30-ba4703f3b36b)<br/>Office 365 Advanced Threat Protection (Plan 1) (f20fedf3-f3c3-43c3-8267-2bfdd51c0939)<br/>Office 365 Advanced Threat Protection (Plan 2) (8e0c0a52-6a6c-4d40-8370-dd62790dcd70)<br/>Office 365 Privileged Access Management (b1188c4c-1b36-4018-b48b-ee07604f6feb)<br/>Office 365 ProPlus (43de0ff5-c92c-492b-9116-175376d08c38)<br/>Office Online (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>Phone System (4828c8ec-dc2e-4779-b502-87ac9ce28ab7)<br/>Power BI Pro (70d33638-9c74-4d01-bfd3-562de28bd4ba)<br/>PowerApps for Office 365 Plan 3 (9c0dab89-a30c-4117-86e7-97bda240acd2)<br/>Premium Encryption in Office 365 (617b097b-4b93-4ede-83de-5f075bb5fb2f)<br/>SharePoint Online (Plan 2) (5dbe027f-2339-4123-9542-606e4d348a72)<br/>Skype for Business Online (Plan 2) (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>Sway (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>To-Do (Plan 3) (3fb82609-8c27-4f7b-bd51-30634711ee67)<br/>Whiteboard (Plan 3) (4a51bca5-1eff-43f5-878c-177680f191af)<br/>Windows 10 Enterprise (Original) (21b439ba-a0ca-424f-a6cc-52f954a5b111)<br/>Yammer Enterprise (7547a3fe-08ee-4ccb-b430-5077c5041653) | | Microsoft 365 E3_USGOV_DOD | SPE_E3_USGOV_DOD | d61d61cc-f992-433f-a577-5bd016037eeb | AAD_PREMIUM (41781fb2-bc02-4b7c-bd55-b576c07bb09d)<br/>RMS_S_PREMIUM (6c57d4b6-3b23-47a5-9bc9-69f17b4947b3)<br/>EXCHANGE_S_ENTERPRISE (efb87545-963c-4e0d-99df-69c6916d9eb0)<br/>RMS_S_ENTERPRISE (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>MFA_PREMIUM (8a256a2b-b617-496d-b51b-e76466e88db0)<br/>INTUNE_A (c1ec4a95-1f05-45b3-a911-aa3fa01094f5)<br/>STREAM_O365_E3 (9e700747-8b1d-45e5-ab8d-ef187ceec156)<br/>TEAMS_AR_DOD (fd500458-c24c-478e-856c-a6067a8376cd)<br/>OFFICESUBSCRIPTION (43de0ff5-c92c-492b-9116-175376d08c38)<br/>SHAREPOINTWAC (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>SHAREPOINTENTERPRISE (5dbe027f-2339-4123-9542-606e4d348a72)<br/>MCOSTANDARD (0feaeb32-d00e-4d66-bd5a-43b5b83db82c) | Azure Active Directory Premium P1 (41781fb2-bc02-4b7c-bd55-b576c07bb09d)<br/>Azure Information Protection Premium P1 (6c57d4b6-3b23-47a5-9bc9-69f17b4947b3)<br/>Exchange Online (Plan 2) (efb87545-963c-4e0d-99df-69c6916d9eb0)<br/>Microsoft Azure Active Directory Rights (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>Microsoft Azure Multi-Factor Authentication (8a256a2b-b617-496d-b51b-e76466e88db0)<br/>Microsoft Intune (c1ec4a95-1f05-45b3-a911-aa3fa01094f5)<br/>Microsoft Stream for O365 E3 SKU (9e700747-8b1d-45e5-ab8d-ef187ceec156)<br/>Microsoft Teams for DOD (AR) (fd500458-c24c-478e-856c-a6067a8376cd)<br/>Office 365 ProPlus (43de0ff5-c92c-492b-9116-175376d08c38)<br/>Office Online (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>SharePoint Online (Plan 2) (5dbe027f-2339-4123-9542-606e4d348a72)<br/>Skype for Business Online (Plan 2) (0feaeb32-d00e-4d66-bd5a-43b5b83db82c) | | Microsoft 365 E3_USGOV_GCCHIGH | SPE_E3_USGOV_GCCHIGH | ca9d1dd9-dfe9-4fef-b97c-9bc1ea3c3658 | AAD_PREMIUM (41781fb2-bc02-4b7c-bd55-b576c07bb09d)<br/>RMS_S_PREMIUM (6c57d4b6-3b23-47a5-9bc9-69f17b4947b3)<br/>ADALLOM_S_DISCOVERY (932ad362-64a8-4783-9106-97849a1a30b9)<br/>EXCHANGE_S_ENTERPRISE (efb87545-963c-4e0d-99df-69c6916d9eb0)<br/>RMS_S_ENTERPRISE (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>MFA_PREMIUM (8a256a2b-b617-496d-b51b-e76466e88db0)<br/>INTUNE_A (c1ec4a95-1f05-45b3-a911-aa3fa01094f5)<br/>PROJECTWORKMANAGEMENT (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>STREAM_O365_E3 (9e700747-8b1d-45e5-ab8d-ef187ceec156)<br/>TEAMS_AR_GCCHIGH (9953b155-8aef-4c56-92f3-72b0487fce41)<br/>OFFICESUBSCRIPTION (43de0ff5-c92c-492b-9116-175376d08c38)<br/>SHAREPOINTWAC (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>SHAREPOINTENTERPRISE (5dbe027f-2339-4123-9542-606e4d348a72)<br/>MCOSTANDARD (0feaeb32-d00e-4d66-bd5a-43b5b83db82c) | Azure Active Directory Premium P1 (41781fb2-bc02-4b7c-bd55-b576c07bb09d)<br/>Azure Information Protection Premium P1(6c57d4b6-3b23-47a5-9bc9-69f17b4947b3)<br/>Cloud App Security Discovery (932ad362-64a8-4783-9106-97849a1a30b9)<br/>Exchange Online (Plan 2) (efb87545-963c-4e0d-99df-69c6916d9eb0)<br/>Microsoft Azure Active Directory Rights (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>Microsoft Azure Multi-Factor Authentication (8a256a2b-b617-496d-b51b-e76466e88db0)<br/> Microsoft Intune (c1ec4a95-1f05-45b3-a911-aa3fa01094f5)<br/> Microsoft Planner (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/> Microsoft Stream for O365 E3 SKU (9e700747-8b1d-45e5-ab8d-ef187ceec156)<br/> Microsoft Teams for GCCHigh (AR) (9953b155-8aef-4c56-92f3-72b0487fce41)<br/> Office 365 ProPlus (43de0ff5-c92c-492b-9116-175376d08c38)<br/> Office Online (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/> SharePoint Online (Plan 2) (5dbe027f-2339-4123-9542-606e4d348a72)<br/>Skype for Business Online (Plan 2) (0feaeb32-d00e-4d66-bd5a-43b5b83db82c) |
When managing licenses in [the Azure portal](https://portal.azure.com/#blade/Mic
| Microsoft 365 E5 Security for EMS E5 | IDENTITY_THREAT_PROTECTION_FOR_EMS_E5 | 44ac31e7-2999-4304-ad94-c948886741d4 | WINDEFATP (871d91ec-ec1a-452b-a83f-bd76c7d770ef)<br/>ATP_ENTERPRISE (f20fedf3-f3c3-43c3-8267-2bfdd51c0939)<br/>THREAT_INTELLIGENCE (8e0c0a52-6a6c-4d40-8370-dd62790dcd70)<br/>SAFEDOCS (bf6f5520-59e3-4f82-974b-7dbbc4fd27c7) | Microsoft Defender Advanced Threat Protection (871d91ec-ec1a-452b-a83f-bd76c7d770ef)<br/>Office 365 Advanced Threat Protection (Plan 1) (f20fedf3-f3c3-43c3-8267-2bfdd51c0939)<br/>Office 365 Advanced Threat Protection (Plan 2) (8e0c0a52-6a6c-4d40-8370-dd62790dcd70)<br/>Office 365 SafeDocs (bf6f5520-59e3-4f82-974b-7dbbc4fd27c7) | | Microsoft 365 F1 | M365_F1 | 44575883-256e-4a79-9da4-ebe9acabe2b2 | AAD_PREMIUM (41781fb2-bc02-4b7c-bd55-b576c07bb09d)<br/>RMS_S_PREMIUM (6c57d4b6-3b23-47a5-9bc9-69f17b4947b3)<br/>RMS_S_ENTERPRISE_GOV (6a76346d-5d6e-4051-9fe3-ed3f312b5597)<br/>ADALLOM_S_DISCOVERY (932ad362-64a8-4783-9106-97849a1a30b9)<br/>EXCHANGE_S_FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>MFA_PREMIUM (8a256a2b-b617-496d-b51b-e76466e88db0)<br/>INTUNE_A (c1ec4a95-1f05-45b3-a911-aa3fa01094f5)<br/>PROJECTWORKMANAGEMENT (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>STREAM_O365_K (3ffba0d2-38e5-4d5e-8ec0-98f2b05c09d9)<br/>TEAMS1 (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>INTUNE_O365 (882e1d05-acd1-4ccb-8708-6ee03664b117)<br/>SHAREPOINTDESKLESS (902b47e5-dcb2-4fdc-858b-c63a90a2bdb9)<br/>MCOIMP (afc06cb0-b4f4-4473-8286-d644f70d8faf)<br/>YAMMER_ENTERPRISE (7547a3fe-08ee-4ccb-b430-5077c5041653) | Azure Active Directory Premium P1 (41781fb2-bc02-4b7c-bd55-b576c07bb09d)<br/>Azure Information Protection Premium P1 (6c57d4b6-3b23-47a5-9bc9-69f17b4947b3)<br/>Azure Rights Management (6a76346d-5d6e-4051-9fe3-ed3f312b5597)<br/>Cloud App Security Discovery (932ad362-64a8-4783-9106-97849a1a30b9)<br/>Exchange Foundation (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>Microsoft Azure Multi-Factor Authentication (8a256a2b-b617-496d-b51b-e76466e88db0)<br/>Microsoft Intune (c1ec4a95-1f05-45b3-a911-aa3fa01094f5)<br/>Microsoft Planner (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>Microsoft Stream for O365 K SKU (3ffba0d2-38e5-4d5e-8ec0-98f2b05c09d9)<br/>Microsoft Teams (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>Mobile Device Management for Office 365 (882e1d05-acd1-4ccb-8708-6ee03664b117)<br/>SharePoint Online Kiosk (902b47e5-dcb2-4fdc-858b-c63a90a2bdb9)<br/>Skype for Business Online (Plan 1) (afc06cb0-b4f4-4473-8286-d644f70d8faf)<br/>Yammer Enterprise (7547a3fe-08ee-4ccb-b430-5077c5041653) | | Microsoft 365 F3 | SPE_F1 | 66b55226-6b4f-492c-910c-a3b7a3c9d993 | AAD_PREMIUM (41781fb2-bc02-4b7c-bd55-b576c07bb09d)<br/>RMS_S_PREMIUM (6c57d4b6-3b23-47a5-9bc9-69f17b4947b3)<br/>RMS_S_ENTERPRISE (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>ADALLOM_S_DISCOVERY (932ad362-64a8-4783-9106-97849a1a30b9)<br/>EXCHANGE_S_DESKLESS (4a82b400-a79f-41a4-b4e2-e94f5787b113)<br/>FLOW_O365_S1 (bd91b1a4-9f94-4ecf-b45b-3a65e5c8128a)<br/>MFA_PREMIUM (8a256a2b-b617-496d-b51b-e76466e88db0)<br/>FORMS_PLAN_K (f07046bd-2a3c-4b96-b0be-dea79d7cbfb8)<br/>INTUNE_A (c1ec4a95-1f05-45b3-a911-aa3fa01094f5)<br/>KAIZALA_O365_P1 (73b2a583-6a59-42e3-8e83-54db46bc3278)<br/>PROJECTWORKMANAGEMENT (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>MICROSOFT_SEARCH (94065c59-bc8e-4e8b-89e5-5138d471eaff)<br/>Deskless (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>STREAM_O365_K (3ffba0d2-38e5-4d5e-8ec0-98f2b05c09d9)<br/>TEAMS1 (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>INTUNE_O365 (882e1d05-acd1-4ccb-8708-6ee03664b117)<br/>SHAREPOINTWAC (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>OFFICEMOBILE_SUBSCRIPTION (c63d4d19-e8cb-460e-b37c-4d6c34603745)<br/>POWERAPPS_O365_S1 (e0287f9f-e222-4f98-9a83-f379e249159a)<br/>SHAREPOINTDESKLESS (902b47e5-dcb2-4fdc-858b-c63a90a2bdb9)<br/>MCOIMP (afc06cb0-b4f4-4473-8286-d644f70d8faf)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>BPOS_S_TODO_FIRSTLINE (80873e7a-cd2a-4e67-b061-1b5381a676a5)<br/>WHITEBOARD_FIRSTLINE1 (36b29273-c6d0-477a-aca6-6fbe24f538e3)<br/>WIN10_ENT_LOC_F1 (e041597c-9c7f-4ed9-99b0-2663301576f7)<br/>YAMMER_ENTERPRISE (7547a3fe-08ee-4ccb-b430-5077c5041653) | Azure Active Directory Premium P1 (41781fb2-bc02-4b7c-bd55-b576c07bb09d)<br/>Azure Information Protection Premium P1 (6c57d4b6-3b23-47a5-9bc9-69f17b4947b3)<br/>Azure Rights Management (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>Cloud App Security Discovery (932ad362-64a8-4783-9106-97849a1a30b9)<br/>Exchange Online Kiosk (4a82b400-a79f-41a4-b4e2-e94f5787b113)<br/>Flow for Office 365 K1 (bd91b1a4-9f94-4ecf-b45b-3a65e5c8128a)<br/>Microsoft Azure Multi-Factor Authentication (8a256a2b-b617-496d-b51b-e76466e88db0)<br/>Microsoft Forms (Plan F1) (f07046bd-2a3c-4b96-b0be-dea79d7cbfb8)<br/>Microsoft Intune (c1ec4a95-1f05-45b3-a911-aa3fa01094f5)<br/>Microsoft Kaizala Pro Plan 1 (73b2a583-6a59-42e3-8e83-54db46bc3278)<br/>Microsoft Planner (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>Microsoft Search (94065c59-bc8e-4e8b-89e5-5138d471eaff)<br/>Microsoft StaffHub (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>Microsoft Stream for O365 K SKU (3ffba0d2-38e5-4d5e-8ec0-98f2b05c09d9)<br/>Microsoft Teams (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>Mobile Device Management for Office 365 (882e1d05-acd1-4ccb-8708-6ee03664b117)<br/>Office for the web (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>Office Mobile Apps for Office 365 (c63d4d19-e8cb-460e-b37c-4d6c34603745)<br/>PowerApps for Office 365 K1 (e0287f9f-e222-4f98-9a83-f379e249159a)<br/>SharePoint Online Kiosk (902b47e5-dcb2-4fdc-858b-c63a90a2bdb9)<br/>Skype for Business Online (Plan 1) (afc06cb0-b4f4-4473-8286-d644f70d8faf)<br/>Sway (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>To-Do (Firstline) (80873e7a-cd2a-4e67-b061-1b5381a676a5)<br/>Whiteboard (Firstline) (36b29273-c6d0-477a-aca6-6fbe24f538e3)<br/>Windows 10 Enterprise E3 (local only) (e041597c-9c7f-4ed9-99b0-2663301576f7)<br/>Yammer Enterprise (7547a3fe-08ee-4ccb-b430-5077c5041653) |
-| MICROSOFT FLOW FREE | FLOW_FREE | f30db892-07e9-47e9-837c-80727f46fd3d | DYN365_CDS_VIRAL (17ab22cd-a0b3-4536-910a-cb6eb12696c0) | EXCHANGE_S_FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318) | FLOW_P2_VIRAL (50e68c76-46c6-4674-81f9-75456511b170) | COMMON DATA SERVICE - VIRAL (17ab22cd-a0b3-4536-910a-cb6eb12696c0) | EXCHANGE FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318) | FLOW FREE (50e68c76-46c6-4674-81f9-75456511b170) |
+| MICROSOFT FLOW FREE | FLOW_FREE | f30db892-07e9-47e9-837c-80727f46fd3d | DYN365_CDS_VIRAL (17ab22cd-a0b3-4536-910a-cb6eb12696c0)<br/>EXCHANGE_S_FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>FLOW_P2_VIRAL (50e68c76-46c6-4674-81f9-75456511b170) | COMMON DATA SERVICE - VIRAL (17ab22cd-a0b3-4536-910a-cb6eb12696c0)<br/>EXCHANGE FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>FLOW FREE (50e68c76-46c6-4674-81f9-75456511b170) |
| MICROSOFT 365 GCC G3 | M365_G3_GOV | e823ca47-49c4-46b3-b38d-ca11d5abe3d2 | AAD_PREMIUM (41781fb2-bc02-4b7c-bd55-b576c07bb09d)<br/>RMS_S_ENTERPRISE_GOV (6a76346d-5d6e-4051-9fe3-ed3f312b5597)<br/>RMS_S_PREMIUM_GOV (1b66aedf-8ca1-4f73-af76-ec76c6180f98)<br/>CONTENT_EXPLORER (d9fa6af4-e046-4c89-9226-729a0786685d)<br/>EXCHANGE_S_ENTERPRISE_GOV (8c3069c0-ccdb-44be-ab77-986203a67df2)<br/>FORMS_GOV_E3 (24af5f65-d0f3-467b-9f78-ea798c4aeffc)<br/>MIP_S_CLP1 (5136a095-5cf0-4aff-bec3-e84448b38ea5)<br/>MYANALYTICS_P2_GOV (6e5b7995-bd4f-4cbd-9d19-0e32010c72f0)<br/>OFFICESUBSCRIPTION_GOV (de9234ff-6483-44d9-b15e-dca72fdd27af)<br/>MFA_PREMIUM (8a256a2b-b617-496d-b51b-e76466e88db0)<br/>MICROSOFTBOOKINGS (199a5c09-e0ca-4e37-8f7c-b05d533e1ea2)<br/>INTUNE_A (c1ec4a95-1f05-45b3-a911-aa3fa01094f5)<br/>STREAM_O365_E3_GOV (2c1ada27-dbaa-46f9-bda6-ecb94445f758)<br/>TEAMS_GOV (304767db-7d23-49e8-a945-4a7eb65f9f28)<br/>PROJECTWORKMANAGEMENT_GOV (5b4ef465-7ea1-459a-9f91-033317755a51)<br/>SHAREPOINTWAC_GOV (8f9f0f3b-ca90-406c-a842-95579171f8ec)<br/>POWERAPPS_O365_P2_GOV (0a20c815-5e81-4727-9bdc-2b5a117850c3)<br/>FLOW_O365_P2_GOV (c537f360-6a00-4ace-a7f5-9128d0ac1e4b)<br/>SHAREPOINTENTERPRISE_GOV (153f85dd-d912-4762-af6c-d6e0fb4f6692)<br/>MCOSTANDARD_GOV (a31ef4a2-f787-435e-8335-e47eb0cafc94) | AZURE ACTIVE DIRECTORY PREMIUM P1 (41781fb2-bc02-4b7c-bd55-b576c07bb09d)<br/>AZURE RIGHTS MANAGEMENT (6a76346d-5d6e-4051-9fe3-ed3f312b5597)<br/>AZURE RIGHTS MANAGEMENT PREMIUM FOR GOVERNMENT (1b66aedf-8ca1-4f73-af76-ec76c6180f98)<br/>CONTENT EXPLORER (d9fa6af4-e046-4c89-9226-729a0786685d)<br/>EXCHANGE PLAN 2G (8c3069c0-ccdb-44be-ab77-986203a67df2)<br/>FORMS FOR GOVERNMENT (PLAN E3) (24af5f65-d0f3-467b-9f78-ea798c4aeffc)<br/>INFORMATION PROTECTION FOR OFFICE 365 ΓÇô STANDARD (5136a095-5cf0-4aff-bec3-e84448b38ea5)<br/>INSIGHTS BY MYANALYTICS FOR GOVERNMENT (6e5b7995-bd4f-4cbd-9d19-0e32010c72f0)<br/>MICROSOFT 365 APPS FOR ENTERPRISE G (de9234ff-6483-44d9-b15e-dca72fdd27af)<br/>MICROSOFT AZURE MULTI-FACTOR AUTHENTICATION (8a256a2b-b617-496d-b51b-e76466e88db0)<br/>MICROSOFT BOOKINGS (199a5c09-e0ca-4e37-8f7c-b05d533e1ea2)<br/>MICROSOFT INTUNE (c1ec4a95-1f05-45b3-a911-aa3fa01094f5)<br/>MICROSOFT STREAM FOR O365 FOR GOVERNMENT (E3) (2c1ada27-dbaa-46f9-bda6-ecb94445f758)<br/>MICROSOFT TEAMS FOR GOVERNMENT (304767db-7d23-49e8-a945-4a7eb65f9f28)<br/>OFFICE 365 PLANNER FOR GOVERNMENT (5b4ef465-7ea1-459a-9f91-033317755a51)<br/>OFFICE FOR THE WEB (GOVERNMENT) (8f9f0f3b-ca90-406c-a842-95579171f8ec)<br/>POWER APPS FOR OFFICE 365 FOR GOVERNMENT (0a20c815-5e81-4727-9bdc-2b5a117850c3)<br/>POWER AUTOMATE FOR OFFICE 365 FOR GOVERNMENT (c537f360-6a00-4ace-a7f5-9128d0ac1e4b)<br/>SHAREPOINT PLAN 2G (153f85dd-d912-4762-af6c-d6e0fb4f6692)<br/>SKYPE FOR BUSINESS ONLINE (PLAN 2) FOR GOVERNMENT (a31ef4a2-f787-435e-8335-e47eb0cafc94) | | MICROSOFT 365 PHONE SYSTEM | MCOEV | e43b5b99-8dfb-405f-9987-dc307f34bcbd | MCOEV (4828c8ec-dc2e-4779-b502-87ac9ce28ab7) | MICROSOFT 365 PHONE SYSTEM (4828c8ec-dc2e-4779-b502-87ac9ce28ab7) | | MICROSOFT 365 PHONE SYSTEM FOR DOD | MCOEV_DOD | d01d9287-694b-44f3-bcc5-ada78c8d953e | MCOEV (4828c8ec-dc2e-4779-b502-87ac9ce28ab7) | MICROSOFT 365 PHONE SYSTEM (4828c8ec-dc2e-4779-b502-87ac9ce28ab7) | | MICROSOFT 365 PHONE SYSTEM FOR FACULTY | MCOEV_FACULTY | d979703c-028d-4de5-acbf-7955566b69b9 | MCOEV (4828c8ec-dc2e-4779-b502-87ac9ce28ab7) | MICROSOFT 365 PHONE SYSTEM(4828c8ec-dc2e-4779-b502-87ac9ce28ab7) |
-| MICROSOFT 365 PHONE SYSTEM FOR GCC | MCOEV_GOV | a460366a-ade7-4791-b581-9fbff1bdaa85 | EXCHANGE_S_FOUNDATION_GOV (922ba911-5694-4e99-a794-73aed9bfeec8) | MCOEV_GOV (db23fce2-a974-42ef-9002-d78dd42a0f22) | EXCHANGE FOUNDATION FOR GOVERNMENT (922ba911-5694-4e99-a794-73aed9bfeec8) | MICROSOFT 365 PHONE SYSTEM (4828c8ec-dc2e-4779-b502-87ac9ce28ab7) |
+| MICROSOFT 365 PHONE SYSTEM FOR GCC | MCOEV_GOV | a460366a-ade7-4791-b581-9fbff1bdaa85 | EXCHANGE_S_FOUNDATION_GOV (922ba911-5694-4e99-a794-73aed9bfeec8)<br/>MCOEV_GOV (db23fce2-a974-42ef-9002-d78dd42a0f22) | EXCHANGE FOUNDATION FOR GOVERNMENT (922ba911-5694-4e99-a794-73aed9bfeec8)<br/>MICROSOFT 365 PHONE SYSTEM (4828c8ec-dc2e-4779-b502-87ac9ce28ab7) |
| MICROSOFT 365 PHONE SYSTEM FOR GCCHIGH | MCOEV_GCCHIGH | 7035277a-5e49-4abc-a24f-0ec49c501bb5 | MCOEV (4828c8ec-dc2e-4779-b502-87ac9ce28ab7) | MICROSOFT 365 PHONE SYSTEM (4828c8ec-dc2e-4779-b502-87ac9ce28ab7) | | MICROSOFT 365 PHONE SYSTEM FOR SMALL AND MEDIUM BUSINESS | MCOEVSMB_1 | aa6791d3-bb09-4bc2-afed-c30c3fe26032 | MCOEVSMB (ed777b71-af04-42ca-9798-84344c66f7c6) | SKYPE FOR BUSINESS CLOUD PBX FOR SMALL AND MEDIUM BUSINESS (ed777b71-af04-42ca-9798-84344c66f7c6) | | MICROSOFT 365 PHONE SYSTEM FOR STUDENTS | MCOEV_STUDENT | 1f338bbc-767e-4a1e-a2d4-b73207cc5b93 | MCOEV (4828c8ec-dc2e-4779-b502-87ac9ce28ab7) | MICROSOFT 365 PHONE SYSTEM (4828c8ec-dc2e-4779-b502-87ac9ce28ab7) |
When managing licenses in [the Azure portal](https://portal.azure.com/#blade/Mic
| MS IMAGINE ACADEMY | IT_ACADEMY_AD | ba9a34de-4489-469d-879c-0f0f145321cd | IT_ACADEMY_AD (d736def0-1fde-43f0-a5be-e3f8b2de6e41) | MS IMAGINE ACADEMY (d736def0-1fde-43f0-a5be-e3f8b2de6e41) | | MICROSOFT INTUNE DEVICE for GOVERNMENT | INTUNE_A_D_GOV | 2c21e77a-e0d6-4570-b38a-7ff2dc17d2ca | EXCHANGE_S_FOUNDATION_GOV (922ba911-5694-4e99-a794-73aed9bfeec8)<br/>INTUNE_A (c1ec4a95-1f05-45b3-a911-aa3fa01094f5) | EXCHANGE FOUNDATION FOR GOVERNMENT (922ba911-5694-4e99-a794-73aed9bfeec8)<br/>MICROSOFT INTUNE (c1ec4a95-1f05-45b3-a911-aa3fa01094f5) | | MICROSOFT POWER APPS PLAN 2 TRIAL | POWERAPPS_VIRAL | dcb1a3ae-b33f-4487-846a-a640262fadf4 | DYN365_CDS_VIRAL (17ab22cd-a0b3-4536-910a-cb6eb12696c0)<br/>EXCHANGE_S_FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>FLOW_P2_VIRAL (50e68c76-46c6-4674-81f9-75456511b170)<br/>FLOW_P2_VIRAL_REAL (d20bfa21-e9ae-43fc-93c2-20783f0840c3)<br/>POWERAPPS_P2_VIRAL (d5368ca3-357e-4acb-9c21-8495fb025d1f) | COMMON DATA SERVICE ΓÇô VIRAL (17ab22cd-a0b3-4536-910a-cb6eb12696c0)<br/>EXCHANGE FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>FLOW FREE (50e68c76-46c6-4674-81f9-75456511b170)<br/>FLOW P2 VIRAL (d20bfa21-e9ae-43fc-93c2-20783f0840c3)<br/>POWERAPPS TRIAL (d5368ca3-357e-4acb-9c21-8495fb025d1f) |
-| MICROSOFT TEAM (FREE) | TEAMS_FREE | 16ddbbfc-09ea-4de2-b1d7-312db6112d70 | EXCHANGE_S_FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318) | MCOFREE (617d9209-3b90-4879-96e6-838c42b2701d) | TEAMS_FREE (4fa4026d-ce74-4962-a151-8e96d57ea8e4) | SHAREPOINTDESKLESS (902b47e5-dcb2-4fdc-858b-c63a90a2bdb9) | TEAMS_FREE_SERVICE (bd6f2ac2-991a-49f9-b23c-18c96a02c228) | WHITEBOARD_FIRSTLINE1 (36b29273-c6d0-477a-aca6-6fbe24f538e3) | EXCHANGE FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318) | MCO FREE FOR MICROSOFT TEAMS (FREE) (617d9209-3b90-4879-96e6-838c42b2701d) | MICROSOFT TEAMS (FREE) (4fa4026d-ce74-4962-a151-8e96d57ea8e4) | SHAREPOINT KIOSK (902b47e5-dcb2-4fdc-858b-c63a90a2bdb9) | TEAMS FREE SERVICE (bd6f2ac2-991a-49f9-b23c-18c96a02c228) | WHITEBOARD (FIRSTLINE) (36b29273-c6d0-477a-aca6-6fbe24f538e3) |
+| MICROSOFT TEAM (FREE) | TEAMS_FREE | 16ddbbfc-09ea-4de2-b1d7-312db6112d70 | EXCHANGE_S_FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>MCOFREE (617d9209-3b90-4879-96e6-838c42b2701d)<br/>TEAMS_FREE (4fa4026d-ce74-4962-a151-8e96d57ea8e4)<br/>SHAREPOINTDESKLESS (902b47e5-dcb2-4fdc-858b-c63a90a2bdb9)<br/>TEAMS_FREE_SERVICE (bd6f2ac2-991a-49f9-b23c-18c96a02c228)<br/>WHITEBOARD_FIRSTLINE1 (36b29273-c6d0-477a-aca6-6fbe24f538e3) | EXCHANGE FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>MCO FREE FOR MICROSOFT TEAMS (FREE) (617d9209-3b90-4879-96e6-838c42b2701d)<br/>MICROSOFT TEAMS (FREE) (4fa4026d-ce74-4962-a151-8e96d57ea8e4)<br/>SHAREPOINT KIOSK (902b47e5-dcb2-4fdc-858b-c63a90a2bdb9)<br/>TEAMS FREE SERVICE (bd6f2ac2-991a-49f9-b23c-18c96a02c228)<br/>WHITEBOARD (FIRSTLINE) (36b29273-c6d0-477a-aca6-6fbe24f538e3) |
| MICROSOFT TEAMS EXPLORATORY | TEAMS_EXPLORATORY | 710779e8-3d4a-4c88-adb9-386c958d1fdf | CDS_O365_P1 (bed136c6-b799-4462-824d-fc045d3a9d25)<br/>EXCHANGE_S_STANDARD (9aaf7827-d63c-4b61-89c3-182f06f82e5c)<br/>MYANALYTICS_P2 (33c4f319-9bdd-48d6-9c4d-410b750a4a5a)<br/>FORMS_PLAN_E1 (159f4cd6-e380-449f-a816-af1a9ef76344)<br/>PROJECTWORKMANAGEMENT (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>MICROSOFT_SEARCH (94065c59-bc8e-4e8b-89e5-5138d471eaff)<br/>DESKLESS (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>STREAM_O365_E1 (743dd19e-1ce3-4c62-a3ad-49ba8f63a2f6)<br/>TEAMS1 (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>MCO_TEAMS_IW (42a3ec34-28ba-46b6-992f-db53a675ac5b)<br/>INTUNE_O365 (882e1d05-acd1-4ccb-8708-6ee03664b117)<br/>SHAREPOINTWAC (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>OFFICEMOBILE_SUBSCRIPTION (c63d4d19-e8cb-460e-b37c-4d6c34603745)<br/>POWERAPPS_O365_P1 (92f7a6f3-b89b-4bbd-8c30-809e6da5ad1c)<br/>FLOW_O365_P1 (0f9b09cb-62d1-4ff4-9129-43f4996f83f4)<br/>POWER_VIRTUAL_AGENTS_O365_P1 (0683001c-0492-4d59-9515-d9a6426b5813)<br/>SHAREPOINTSTANDARD (c7699d2e-19aa-44de-8edf-1736da088ca1)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>BPOS_S_TODO_1 (5e62787c-c316-451f-b873-1d05acd4d12c)<br/>WHITEBOARD_PLAN1 (b8afc642-032e-4de5-8c0a-507a7bba7e5d)<br/>YAMMER_ENTERPRISE (7547a3fe-08ee-4ccb-b430-5077c5041653) | COMMON DATA SERVICE FOR TEAMS_P1 (bed136c6-b799-4462-824d-fc045d3a9d25)<br/>EXCHANGE ONLINE (PLAN 1) (9aaf7827-d63c-4b61-89c3-182f06f82e5c)<br/>INSIGHTS BY MYANALYTICS (33c4f319-9bdd-48d6-9c4d-410b750a4a5a)<br/>MICROSOFT FORMS (PLAN E1) (159f4cd6-e380-449f-a816-af1a9ef76344)<br/>MICROSOFT PLANNER (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>MICROSOFT SEARCH (94065c59-bc8e-4e8b-89e5-5138d471eaff)<br/>MICROSOFT STAFFHUB (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>MICROSOFT STREAM FOR O365 E1 SKU (743dd19e-1ce3-4c62-a3ad-49ba8f63a2f6)<br/>MICROSOFT TEAMS (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>MICROSOFT TEAMS (42a3ec34-28ba-46b6-992f-db53a675ac5b)<br/>MOBILE DEVICE MANAGEMENT FOR OFFICE 365 (882e1d05-acd1-4ccb-8708-6ee03664b117)<br/>OFFICE FOR THE WEB (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>OFFICE MOBILE APPS FOR OFFICE 365 (c63d4d19-e8cb-460e-b37c-4d6c34603745)<br/>POWER APPS FOR OFFICE 365 (92f7a6f3-b89b-4bbd-8c30-809e6da5ad1c)<br/>POWER AUTOMATE FOR OFFICE 365 (0f9b09cb-62d1-4ff4-9129-43f4996f83f4)<br/>POWER VIRTUAL AGENTS FOR OFFICE 365 P1(0683001c-0492-4d59-9515-d9a6426b5813)<br/>SHAREPOINT ONLINE (PLAN 1) (c7699d2e-19aa-44de-8edf-1736da088ca1)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>TO-DO (PLAN 1) (5e62787c-c316-451f-b873-1d05acd4d12c)<br/>WHITEBOARD (PLAN 1) (b8afc642-032e-4de5-8c0a-507a7bba7e5d)<br/>YAMMER ENTERPRISE (7547a3fe-08ee-4ccb-b430-5077c5041653) | | Office 365 A5 for faculty| ENTERPRISEPREMIUM_FACULTY | a4585165-0533-458a-97e3-c400570268c4 | AAD_BASIC_EDU (1d0f309f-fdf9-4b2a-9ae7-9c48b91f1426)<br/>RMS_S_ENTERPRISE (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>LOCKBOX_ENTERPRISE (9f431833-0334-42de-a7dc-70aa40db46db)<br/>EducationAnalyticsP1 (a9b86446-fa4e-498f-a92a-41b447e03337)<br/>EXCHANGE_S_ENTERPRISE (efb87545-963c-4e0d-99df-69c6916d9eb0)<br/>FLOW_O365_P3 (07699545-9485-468e-95b6-2fca3738be01)<br/>INFORMATION_BARRIERS (c4801e8a-cb58-4c35-aca6-f2dcc106f287)<br/>MIP_S_CLP2 (efb0351d-3b08-4503-993d-383af8de41e3)<br/>MIP_S_CLP1 (5136a095-5cf0-4aff-bec3-e84448b38ea5)<br/>M365_ADVANCED_AUDITING (2f442157-a11c-46b9-ae5b-6e39ff4e5849)<br/>MCOMEETADV (3e26ee1f-8a5f-4d52-aee2-b81ce45c8f40)<br/>MCOEV (4828c8ec-dc2e-4779-b502-87ac9ce28ab7)<br/>MICROSOFTBOOKINGS (199a5c09-e0ca-4e37-8f7c-b05d533e1ea2)<br/>COMMUNICATIONS_COMPLIANCE (41fcdd7d-4733-4863-9cf4-c65b83ce2df4)<br/>COMMUNICATIONS_DLP (6dc145d6-95dd-4191-b9c3-185575ee6f6b)<br/>CUSTOMER_KEY (6db1f1db-2b46-403f-be40-e39395f08dbb)<br/>DATA_INVESTIGATIONS (46129a58-a698-46f0-aa5b-17f6586297d9)<br/>OFFICE_FORMS_PLAN_3 (96c1e14a-ef43-418d-b115-9636cdaa8eed)<br/>INFO_GOVERNANCE (e26c2fcc-ab91-4a61-b35c-03cdc8dddf66)<br/>KAIZALA_STANDALONE (0898bdbb-73b0-471a-81e5-20f1fe4dd66e)<br/>EXCHANGE_ANALYTICS (34c0d7a0-a70f-4668-9238-47f9fc208882)<br/>PROJECTWORKMANAGEMENT (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>RECORDS_MANAGEMENT (65cc641f-cccd-4643-97e0-a17e3045e541)<br/>MICROSOFT_SEARCH (94065c59-bc8e-4e8b-89e5-5138d471eaff)<br/>Deskless (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>STREAM_O365_E5 (6c6042f5-6f01-4d67-b8c1-eb99d36eed3e)<br/>TEAMS1 (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>INTUNE_O365 (882e1d05-acd1-4ccb-8708-6ee03664b117)<br/>EQUIVIO_ANALYTICS (4de31727-a228-4ec3-a5bf-8e45b5ca48cc)<br/>ADALLOM_S_O365 (8c098270-9dd4-4350-9b30-ba4703f3b36b)<br/>ATP_ENTERPRISE (f20fedf3-f3c3-43c3-8267-2bfdd51c0939)<br/>THREAT_INTELLIGENCE (8e0c0a52-6a6c-4d40-8370-dd62790dcd70)<br/>PAM_ENTERPRISE (b1188c4c-1b36-4018-b48b-ee07604f6feb)<br/>OFFICESUBSCRIPTION (43de0ff5-c92c-492b-9116-175376d08c38)<br/>SHAREPOINTWAC_EDU (e03c7e47-402c-463c-ab25-949079bedb21)<br/>BI_AZURE_P2 (70d33638-9c74-4d01-bfd3-562de28bd4ba)<br/>POWERAPPS_O365_P3 (9c0dab89-a30c-4117-86e7-97bda240acd2)<br/>PREMIUM_ENCRYPTION (617b097b-4b93-4ede-83de-5f075bb5fb2f)<br/>SCHOOL_DATA_SYNC_P2 (500b6a2a-7a50-4f40-b5f9-160e5b8c2f48)<br/>SHAREPOINTENTERPRISE_EDU (63038b2c-28d0-45f6-bc36-33062963b498)<br/>MCOSTANDARD (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>BPOS_S_TODO_3 (3fb82609-8c27-4f7b-bd51-30634711ee67)<br/>WHITEBOARD_PLAN3 (4a51bca5-1eff-43f5-878c-177680f191af)<br/>YAMMER_EDU (2078e8df-cff6-4290-98cb-5408261a760a) | Azure Active Directory Basic for EDU (1d0f309f-fdf9-4b2a-9ae7-9c48b91f1426)<br/>Azure Rights Management (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>Customer Lockbox (9f431833-0334-42de-a7dc-70aa40db46db)<br/>Education Analytics (a9b86446-fa4e-498f-a92a-41b447e03337)<br/>Exchange Online (Plan 2) (efb87545-963c-4e0d-99df-69c6916d9eb0)<br/>Flow for Office 365 (07699545-9485-468e-95b6-2fca3738be01)<br/>Information Barriers (c4801e8a-cb58-4c35-aca6-f2dcc106f287)<br/>Information Protection for Office 365 - Premium (efb0351d-3b08-4503-993d-383af8de41e3)<br/>Information Protection for Office 365 - Standard (5136a095-5cf0-4aff-bec3-e84448b38ea5)<br/>Microsoft 365 Advanced Auditing (2f442157-a11c-46b9-ae5b-6e39ff4e5849)<br/>Microsoft 365 Audio Conferencing (3e26ee1f-8a5f-4d52-aee2-b81ce45c8f40)<br/>Microsoft 365 Phone System (4828c8ec-dc2e-4779-b502-87ac9ce28ab7)<br/>Microsoft Bookings (199a5c09-e0ca-4e37-8f7c-b05d533e1ea2)<br/>Microsoft Communications Compliance (41fcdd7d-4733-4863-9cf4-c65b83ce2df4)<br/>Microsoft Communications DLP (6dc145d6-95dd-4191-b9c3-185575ee6f6b)<br/>Microsoft Customer Key (6db1f1db-2b46-403f-be40-e39395f08dbb)<br/>Microsoft Data Investigations (46129a58-a698-46f0-aa5b-17f6586297d9)<br/>Microsoft Forms (Plan 3) (96c1e14a-ef43-418d-b115-9636cdaa8eed)<br/>Microsoft Information Governance (e26c2fcc-ab91-4a61-b35c-03cdc8dddf66)<br/>Microsoft Kaizala (0898bdbb-73b0-471a-81e5-20f1fe4dd66e)<br/>Microsoft MyAnalytics (Full) (34c0d7a0-a70f-4668-9238-47f9fc208882)<br/>Microsoft Planner (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>Microsoft Records Management (65cc641f-cccd-4643-97e0-a17e3045e541)<br/>Microsoft Search (94065c59-bc8e-4e8b-89e5-5138d471eaff)<br/>Microsoft StaffHub (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>Microsoft Stream for O365 E5 SKU (6c6042f5-6f01-4d67-b8c1-eb99d36eed3e)<br/>Microsoft Teams (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>Mobile Device Management for Office 365 (882e1d05-acd1-4ccb-8708-6ee03664b117)<br/>Office 365 Advanced eDiscovery (4de31727-a228-4ec3-a5bf-8e45b5ca48cc)<br/>Office 365 Advanced Security Management (8c098270-9dd4-4350-9b30-ba4703f3b36b)<br/>Office 365 Advanced Threat Protection (Plan 1) (f20fedf3-f3c3-43c3-8267-2bfdd51c0939)<br/>Office 365 Advanced Threat Protection (Plan 2) (8e0c0a52-6a6c-4d40-8370-dd62790dcd70)<br/>Office 365 Privileged Access Management (b1188c4c-1b36-4018-b48b-ee07604f6feb)<br/>Office 365 ProPlus (43de0ff5-c92c-492b-9116-175376d08c38)<br/>Office for the web (Education) (e03c7e47-402c-463c-ab25-949079bedb21)<br/>Power BI Pro (70d33638-9c74-4d01-bfd3-562de28bd4ba)<br/>PowerApps for Office 365 Plan 3 (9c0dab89-a30c-4117-86e7-97bda240acd2)<br/>Premium Encryption in Office 365 (617b097b-4b93-4ede-83de-5f075bb5fb2f)<br/>School Data Sync (Plan 2) (500b6a2a-7a50-4f40-b5f9-160e5b8c2f48)<br/>SharePoint Plan 2 for EDU (63038b2c-28d0-45f6-bc36-33062963b498)<br/>Skype for Business Online (Plan 2) (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>Sway (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>To-Do (Plan 3) (3fb82609-8c27-4f7b-bd51-30634711ee67)<br/>Whiteboard (Plan 3)(4a51bca5-1eff-43f5-878c-177680f191af)<br/>Yammer for Academic (2078e8df-cff6-4290-98cb-5408261a760a) | | Office 365 A5 for students | ENTERPRISEPREMIUM_STUDENT | ee656612-49fa-43e5-b67e-cb1fdf7699df | AAD_BASIC_EDU (1d0f309f-fdf9-4b2a-9ae7-9c48b91f1426)<br/>RMS_S_ENTERPRISE (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>LOCKBOX_ENTERPRISE (9f431833-0334-42de-a7dc-70aa40db46db)<br/>EducationAnalyticsP1 (a9b86446-fa4e-498f-a92a-41b447e03337)<br/>EXCHANGE_S_ENTERPRISE (efb87545-963c-4e0d-99df-69c6916d9eb0)<br/>FLOW_O365_P3 (07699545-9485-468e-95b6-2fca3738be01)<br/>INFORMATION_BARRIERS (c4801e8a-cb58-4c35-aca6-f2dcc106f287)<br/>MIP_S_CLP2 (efb0351d-3b08-4503-993d-383af8de41e3)<br/>MIP_S_CLP1 (5136a095-5cf0-4aff-bec3-e84448b38ea5)<br/>M365_ADVANCED_AUDITING (2f442157-a11c-46b9-ae5b-6e39ff4e5849)<br/>MCOMEETADV (3e26ee1f-8a5f-4d52-aee2-b81ce45c8f40)<br/>MCOEV (4828c8ec-dc2e-4779-b502-87ac9ce28ab7)<br/>MICROSOFTBOOKINGS (199a5c09-e0ca-4e37-8f7c-b05d533e1ea2)<br/>COMMUNICATIONS_COMPLIANCE (41fcdd7d-4733-4863-9cf4-c65b83ce2df4)<br/>COMMUNICATIONS_DLP (6dc145d6-95dd-4191-b9c3-185575ee6f6b)<br/>CUSTOMER_KEY (6db1f1db-2b46-403f-be40-e39395f08dbb)<br/>DATA_INVESTIGATIONS (46129a58-a698-46f0-aa5b-17f6586297d9)<br/>OFFICE_FORMS_PLAN_3 (96c1e14a-ef43-418d-b115-9636cdaa8eed)<br/>INFO_GOVERNANCE (e26c2fcc-ab91-4a61-b35c-03cdc8dddf66)<br/>KAIZALA_STANDALONE (0898bdbb-73b0-471a-81e5-20f1fe4dd66e)<br/>EXCHANGE_ANALYTICS (34c0d7a0-a70f-4668-9238-47f9fc208882)<br/>PROJECTWORKMANAGEMENT (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>RECORDS_MANAGEMENT (65cc641f-cccd-4643-97e0-a17e3045e541)<br/>MICROSOFT_SEARCH (94065c59-bc8e-4e8b-89e5-5138d471eaff)<br/>Deskless (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>STREAM_O365_E5 (6c6042f5-6f01-4d67-b8c1-eb99d36eed3e)<br/>TEAMS1 (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>INTUNE_O365 (882e1d05-acd1-4ccb-8708-6ee03664b117)<br/>EQUIVIO_ANALYTICS (4de31727-a228-4ec3-a5bf-8e45b5ca48cc)<br/>ADALLOM_S_O365 (8c098270-9dd4-4350-9b30-ba4703f3b36b)<br/>ATP_ENTERPRISE (f20fedf3-f3c3-43c3-8267-2bfdd51c0939)<br/>THREAT_INTELLIGENCE (8e0c0a52-6a6c-4d40-8370-dd62790dcd70)<br/>PAM_ENTERPRISE (b1188c4c-1b36-4018-b48b-ee07604f6feb)<br/>OFFICESUBSCRIPTION (43de0ff5-c92c-492b-9116-175376d08c38)<br/>SHAREPOINTWAC_EDU (e03c7e47-402c-463c-ab25-949079bedb21)<br/>BI_AZURE_P2 (70d33638-9c74-4d01-bfd3-562de28bd4ba)<br/>POWERAPPS_O365_P3 (9c0dab89-a30c-4117-86e7-97bda240acd2)<br/>PREMIUM_ENCRYPTION (617b097b-4b93-4ede-83de-5f075bb5fb2f)<br/>SCHOOL_DATA_SYNC_P2 (500b6a2a-7a50-4f40-b5f9-160e5b8c2f48)<br/>SHAREPOINTENTERPRISE_EDU (63038b2c-28d0-45f6-bc36-33062963b498)<br/>MCOSTANDARD (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>BPOS_S_TODO_3 (3fb82609-8c27-4f7b-bd51-30634711ee67)<br/>WHITEBOARD_PLAN3 (4a51bca5-1eff-43f5-878c-177680f191af)<br/>YAMMER_EDU (2078e8df-cff6-4290-98cb-5408261a760a) | Azure Active Directory Basic for EDU (1d0f309f-fdf9-4b2a-9ae7-9c48b91f1426)<br/>Azure Rights Management (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>Customer Lockbox (9f431833-0334-42de-a7dc-70aa40db46db)<br/>Education Analytics (a9b86446-fa4e-498f-a92a-41b447e03337)<br/>Exchange Online (Plan 2) (efb87545-963c-4e0d-99df-69c6916d9eb0)<br/>Flow for Office 365 (07699545-9485-468e-95b6-2fca3738be01)<br/>Information Barriers (c4801e8a-cb58-4c35-aca6-f2dcc106f287)<br/>Information Protection for Office 365 - Premium (efb0351d-3b08-4503-993d-383af8de41e3)<br/>Information Protection for Office 365 - Standard (5136a095-5cf0-4aff-bec3-e84448b38ea5)<br/>Microsoft 365 Advanced Auditing (2f442157-a11c-46b9-ae5b-6e39ff4e5849)<br/>Microsoft 365 Audio Conferencing (3e26ee1f-8a5f-4d52-aee2-b81ce45c8f40)<br/>Microsoft 365 Phone System (4828c8ec-dc2e-4779-b502-87ac9ce28ab7)<br/>Microsoft Bookings (199a5c09-e0ca-4e37-8f7c-b05d533e1ea2)<br/>Microsoft Communications Compliance (41fcdd7d-4733-4863-9cf4-c65b83ce2df4)<br/>Microsoft Communications DLP (6dc145d6-95dd-4191-b9c3-185575ee6f6b)<br/>Microsoft Customer Key (6db1f1db-2b46-403f-be40-e39395f08dbb)<br/>Microsoft Data Investigations (46129a58-a698-46f0-aa5b-17f6586297d9)<br/>Microsoft Forms (Plan 3) (96c1e14a-ef43-418d-b115-9636cdaa8eed)<br/>Microsoft Information Governance (e26c2fcc-ab91-4a61-b35c-03cdc8dddf66)<br/>Microsoft Kaizala (0898bdbb-73b0-471a-81e5-20f1fe4dd66e)<br/>Microsoft MyAnalytics (Full) (34c0d7a0-a70f-4668-9238-47f9fc208882)<br/>Microsoft Planner (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>Microsoft Records Management (65cc641f-cccd-4643-97e0-a17e3045e541)<br/>Microsoft Search (94065c59-bc8e-4e8b-89e5-5138d471eaff)<br/>Microsoft StaffHub (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>Microsoft Stream for O365 E5 SKU (6c6042f5-6f01-4d67-b8c1-eb99d36eed3e)<br/>Microsoft Teams (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>Mobile Device Management for Office 365 (882e1d05-acd1-4ccb-8708-6ee03664b117)<br/>Office 365 Advanced eDiscovery (4de31727-a228-4ec3-a5bf-8e45b5ca48cc)<br/>Office 365 Advanced Security Management (8c098270-9dd4-4350-9b30-ba4703f3b36b)<br/>Office 365 Advanced Threat Protection (Plan 1) (f20fedf3-f3c3-43c3-8267-2bfdd51c0939)<br/>Office 365 Advanced Threat Protection (Plan 2) (8e0c0a52-6a6c-4d40-8370-dd62790dcd70)<br/>Office 365 Privileged Access Management (b1188c4c-1b36-4018-b48b-ee07604f6feb)<br/>Office 365 ProPlus (43de0ff5-c92c-492b-9116-175376d08c38)<br/>Office for the web (Education) (e03c7e47-402c-463c-ab25-949079bedb21)<br/>Power BI Pro (70d33638-9c74-4d01-bfd3-562de28bd4ba)<br/>PowerApps for Office 365 Plan 3 (9c0dab89-a30c-4117-86e7-97bda240acd2)<br/>Premium Encryption in Office 365 (617b097b-4b93-4ede-83de-5f075bb5fb2f)<br/>School Data Sync (Plan 2) (500b6a2a-7a50-4f40-b5f9-160e5b8c2f48)<br/>SharePoint Plan 2 for EDU (63038b2c-28d0-45f6-bc36-33062963b498)<br/>Skype for Business Online (Plan 2) (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>Sway (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>To-Do (Plan 3) (3fb82609-8c27-4f7b-bd51-30634711ee67)<br/>Whiteboard (Plan 3)(4a51bca5-1eff-43f5-878c-177680f191af)<br/>Yammer for Academic (2078e8df-cff6-4290-98cb-5408261a760a) |
When managing licenses in [the Azure portal](https://portal.azure.com/#blade/Mic
| OFFICE 365 SMALL BUSINESS PREMIUM | LITEPACK_P2 | fc14ec4a-4169-49a4-a51e-2c852931814b | EXCHANGE_L_STANDARD (d42bdbd6-c335-4231-ab3d-c8f348d5aff5)<br/>MCOLITE (70710b6b-3ab4-4a38-9f6d-9f169461650a)<br/>OFFICE_PRO_PLUS_SUBSCRIPTION_SMBIZ (8ca59559-e2ca-470b-b7dd-afd8c0dee963)<br/>SHAREPOINTLITE (a1f3d0a8-84c0-4ae0-bae4-685917b8ab48)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97) | EXCHANGE ONLINE (P1)(d42bdbd6-c335-4231-ab3d-c8f348d5aff5)<br/>SKYPE FOR BUSINESS ONLINE (PLAN P1) (70710b6b-3ab4-4a38-9f6d-9f169461650a)<br/>OFFICE_PRO_PLUS_SUBSCRIPTION_SMBIZ (8ca59559-e2ca-470b-b7dd-afd8c0dee963)<br/>SHAREPOINTLITE (a1f3d0a8-84c0-4ae0-bae4-685917b8ab48)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97) | | ONEDRIVE FOR BUSINESS (PLAN 1) | WACONEDRIVESTANDARD | e6778190-713e-4e4f-9119-8b8238de25df | FORMS_PLAN_E1 (159f4cd6-e380-449f-a816-af1a9ef76344)<br/>ONEDRIVESTANDARD (13696edf-5a08-49f6-8134-03083ed8ba30)<br/>SHAREPOINTWAC (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97) | MICROSOFT FORMS (PLAN E1) (159f4cd6-e380-449f-a816-af1a9ef76344)<br/>ONEDRIVESTANDARD (13696edf-5a08-49f6-8134-03083ed8ba30)<br/>OFFICE ONLINE (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97) | | ONEDRIVE FOR BUSINESS (PLAN 2) | WACONEDRIVEENTERPRISE | ed01faf2-1d88-4947-ae91-45ca18703a96 | ONEDRIVEENTERPRISE (afcafa6a-d966-4462-918c-ec0b4e0fe642)<br/>SHAREPOINTWAC (e95bec33-7c88-4a70-8e19-b10bd9d0c014) | ONEDRIVEENTERPRISE (afcafa6a-d966-4462-918c-ec0b4e0fe642)<br/>OFFICE ONLINE (e95bec33-7c88-4a70-8e19-b10bd9d0c014) |
-| POWER BI (FREE) | POWER_BI_STANDARD | a403ebcc-fae0-4ca2-8c8c-7a907fd6c235 | BI_AZURE_P0 (2049e525-b859-401b-b2a0-e0a31c4b1fe4) | EXCHANGE_S_FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318) | EXCHANGE FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318) | POWER BI (FREE) (2049e525-b859-401b-b2a0-e0a31c4b1fe4) |
+| POWER BI (FREE) | POWER_BI_STANDARD | a403ebcc-fae0-4ca2-8c8c-7a907fd6c235 | BI_AZURE_P0 (2049e525-b859-401b-b2a0-e0a31c4b1fe4)<br/>EXCHANGE_S_FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318) | POWER BI (FREE) (2049e525-b859-401b-b2a0-e0a31c4b1fe4)<br/>EXCHANGE FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318) |
| POWER BI FOR OFFICE 365 ADD-ON | POWER_BI_ADDON | 45bc2c81-6072-436a-9b0b-3b12eefbc402 | BI_AZURE_P1 (2125cfd7-2110-4567-83c4-c1cd5275163d)<br/>SQL_IS_SSIM (fc0a60aa-feee-4746-a0e3-aecfe81a38dd) |MICROSOFT POWER BI REPORTING AND ANALYTICS PLAN 1 (2125cfd7-2110-4567-83c4-c1cd5275163d)<br/>MICROSOFT POWER BI INFORMATION SERVICES PLAN 1(fc0a60aa-feee-4746-a0e3-aecfe81a38dd) | | POWER BI PRO | POWER_BI_PRO | f8a1db68-be16-40ed-86d5-cb42ce701560 | BI_AZURE_P2 (70d33638-9c74-4d01-bfd3-562de28bd4ba) | POWER BI PRO (70d33638-9c74-4d01-bfd3-562de28bd4ba) | | PROJECT FOR OFFICE 365 | PROJECTCLIENT | a10d5e58-74da-4312-95c8-76be4e5b75a0 | PROJECT_CLIENT_SUBSCRIPTION (fafd7243-e5c1-4a3a-9e40-495efcb1d3c3) | PROJECT_CLIENT_SUBSCRIPTION (fafd7243-e5c1-4a3a-9e40-495efcb1d3c3) |
When managing licenses in [the Azure portal](https://portal.azure.com/#blade/Mic
| WINDOWS 10 ENTERPRISE E3 | WIN10_PRO_ENT_SUB | cb10e6cd-9da4-4992-867b-67546b1db821 | WIN10_PRO_ENT_SUB (21b439ba-a0ca-424f-a6cc-52f954a5b111) | WINDOWS 10 ENTERPRISE (21b439ba-a0ca-424f-a6cc-52f954a5b111) | | WINDOWS 10 ENTERPRISE E3 | WIN10_VDA_E3 | 6a0f6da5-0b87-4190-a6ae-9bb5a2b9546a | EXCHANGE_S_FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>VIRTUALIZATION RIGHTS FOR WINDOWS 10 (E3/E5+VDA) (e7c91390-7625-45be-94e0-e16907e03118) | EXCHANGE FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>WINDOWS 10 ENTERPRISE (NEW) (e7c91390-7625-45be-94e0-e16907e03118) | | Windows 10 Enterprise E5 | WIN10_VDA_E5 | 488ba24a-39a9-4473-8ee5-19291e71b002 | EXCHANGE_S_FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>WINDEFATP (871d91ec-ec1a-452b-a83f-bd76c7d770ef)<br/>Virtualization Rights for Windows 10 (E3/E5+VDA) (e7c91390-7625-45be-94e0-e16907e03118) | Exchange Foundation (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>Microsoft Defender Advanced Threat Protection (871d91ec-ec1a-452b-a83f-bd76c7d770ef)<br/>Windows 10 Enterprise (New) (e7c91390-7625-45be-94e0-e16907e03118)
-| WINDOWS STORE FOR BUSINESS | WINDOWS_STORE | 6470687e-a428-4b7a-bef2-8a291ad947c9 | EXCHANGE_S_FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318) | WINDOWS_STORE (a420f25f-a7b3-4ff5-a9d0-5d58f73b537d) | EXCHANGE FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318) | WINDOWS STORE SERVICE (a420f25f-a7b3-4ff5-a9d0-5d58f73b537d) |
+| WINDOWS STORE FOR BUSINESS | WINDOWS_STORE | 6470687e-a428-4b7a-bef2-8a291ad947c9 | EXCHANGE_S_FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>WINDOWS_STORE (a420f25f-a7b3-4ff5-a9d0-5d58f73b537d) | EXCHANGE FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>WINDOWS STORE SERVICE (a420f25f-a7b3-4ff5-a9d0-5d58f73b537d) |
## Service plans that cannot be assigned at the same time
active-directory Tutorial Bulk Invite https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/external-identities/tutorial-bulk-invite.md
Previously updated : 05/07/2020 Last updated : 03/17/2021
The rows in a downloaded CSV template are as follows:
- **Version number**: The first row containing the version number must be included in the upload CSV. - **Column headings**: The format of the column headings is &lt;*Item name*&gt; [PropertyName] &lt;*Required or blank*&gt;. For example, `Email address to invite [inviteeEmail] Required`. Some older versions of the template might have slight variations.-- **Examples row**: We have included in the template a row of examples of acceptable values for each column. You must remove the examples row and replace it with your own entries.
+- **Examples row**: We have included in the template a row of examples of values for each column. You must remove the examples row and replace it with your own entries.
### Additional guidance
You need two or more test email accounts that you can send the invitations to. T
## Invite guest users in bulk
-1. Sign in to the Azure portal with an account that is a User administrator in the organization.
+1. Sign in to the Azure portal with an account that is a global administrator in the organization.
2. In the navigation pane, select **Azure Active Directory**.
-3. Under **Manage**, select **Users** > **Bulk invite**.
+3. Under **Manage**, select **All Users**.
+4. Select **Bulk operations** > **Bulk invite**.
+
+ ![Bulk invite button](media/tutorial-bulk-invite/bulk-invite-button.png)
+ 4. On the **Bulk invite users** page, select **Download** to get a valid .csv template with invitation properties.
- ![Bulk invite download button](media/tutorial-bulk-invite/bulk-invite-button.png)
+ ![Download the CSV file](media/tutorial-bulk-invite/download-button.png)
-5. Open the .csv template and add a line for each guest user. Required values are:
+1. Open the .csv template and add a line for each guest user. Required values are:
* **Email address to invite** - the user who will receive an invitation
- * **Redirection url** - the URL to which the invited user is forwarded after accepting the invitation
+ * **Redirection url** - the URL to which the invited user is forwarded after accepting the invitation. If you want to forward the user to the My Apps page, you must change this value to https://myapps.microsoft.com or https://myapplications.microsoft.com.
![Example of a CSV file with guest users entered](media/tutorial-bulk-invite/bulk-invite-csv.png)
active-directory Add Users Azure Active Directory https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/fundamentals/add-users-azure-active-directory.md
If you have an environment with both Azure Active Directory (cloud) and Windows
You can delete an existing user using Azure Active Directory portal. >[!Note]
->You must have a Global administrator or User administrator role assignment to delete users in your organization. Global admins can delete any users including other admins. User administrators can delete any non-admin users, Helpdesk administrators and other User administrators. For more information, see [Administrator role permissions in Azure AD](https://docs.microsoft.com/azure/active-directory/roles/permissions-reference).
+>You must have a Global administrator or User administrator role assignment to delete users in your organization. Global admins can delete any users including other admins. User administrators can delete any non-admin users, Helpdesk administrators and other User administrators. For more information, see [Administrator role permissions in Azure AD](../roles/permissions-reference.md).
To delete a user, follow these steps:
active-directory Monitor Sign In Health For Resilience https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/fundamentals/monitor-sign-in-health-for-resilience.md
Previously updated : 01/10/2021 Last updated : 03/17/2021 -- # Monitoring application sign-in health for resilience To increase infrastructure resilience, set up monitoring of application sign-in health for your critical applications so that you receive an alert if an impacting incident occurs. To assist you in this effort, you can configure alerts based on the sign-in health workbook.
During an impacting event, two things may happen:
This article walks through setting up the sign-in health workbook to monitor for disruptions to your usersΓÇÖ sign-ins.
-## Prerequisites
+## Prerequisites
* An Azure AD tenant.
This article walks through setting up the sign-in health workbook to monitor for
* Learn how to [Integrate Azure AD Sign- in Logs with Azure Monitor Stream.](../reports-monitoring/howto-integrate-activity-logs-with-log-analytics.md)
-
- ## Configure the App sign in health workbook To access workbooks, open the **Azure portal**, select **Azure Active Directory**, and then select **Workbooks**.
By default the workbook presents two graphs. These graphs compare what is happen
**The first graph is Hourly usage (number of successful users)**. Comparing your current number of successful users to a typical usage period helps you to spot a drop in usage that may require investigation. A drop in successful usage rate can help detect performance and utilization issues that the failure rate can't. For example if users can't reach your application to attempt to sign in, there would be no failures, only a drop in usage. A sample query for this data can be found in the following section.
-The second graph is Hourly failure rate. A spike in failure rate may indicate an issue with your authentication mechanisms. Failure rate can only be measured if users can attempt to authenticate. If users Can't gain access to make the attempt, failures Won't show.
+**The second graph is hourly failure rate**. A spike in failure rate may indicate an issue with your authentication mechanisms. Failure rate can only be measured if users can attempt to authenticate. If users Can't gain access to make the attempt, failures Won't show.
You can configure an alert that notifies a specific group when the usage or failure rate exceeds a specified threshold. A sample query for this data can be found in the following section.
- ## Configure the query and alerts
+## Configure the query and alerts
You create alert rules in Azure Monitor and can automatically run saved queries or custom log searches at regular intervals.
Use the following instructions to create email alerts based on the queries refle
For more information on how to create, view, and manage log alerts using Azure Monitor see [Manage log alerts](../../azure-monitor/alerts/alerts-log.md).
-
1. In the workbook, select **Edit**, then select the **query icon** just above the right-hand side of the graph. [![Screenshot showing edit workbook.](./media/monitor-sign-in-health-for-resilience/edit-workbook.png)](./media/monitor-sign-in-health-for-resilience/edit-workbook.png) The query log opens.
- [![Screenshot showing the query log.](./media/monitor-sign-in-health-for-resilience/query-log.png)](/media/monitor-sign-in-health-for-resilience/query-log.png)
+ [![Screenshot showing the query log.](./media/monitor-sign-in-health-for-resilience/query-log.png)](/media/monitor-sign-in-health-for-resilience/query-log.png)
ΓÇÄ
-2. Copy one of the following sample scripts for a new Kusto query.
+2. Copy one of the sample scripts for a new Kusto query.
+ * [Kusto query for increase in failure rate](#kusto-query-for-increase-in-failure-rate)
+ * [Kusto query for drop in usage](#kusto-query-for-drop-in-usage)
-**Kusto query for drop in usage**
+3. Paste the query in the window and select **Run**. Ensure you see the Completed message shown in the image below, and results below that message.
-```Kusto
+ [![Screenshot showing the run query results.](./media/monitor-sign-in-health-for-resilience/run-query.png)](./media/monitor-sign-in-health-for-resilience/run-query.png)
-let thisWeek = SigninLogs
+4. Highlight the query, and select + **New alert rule**.
+
+ [![Screenshot showing the new alert rule screen.](./media/monitor-sign-in-health-for-resilience/new-alert-rule.png)](./media/monitor-sign-in-health-for-resilience/new-alert-rule.png)
-| where TimeGenerated > ago(1h)
-| project TimeGenerated, AppDisplayName, UserPrincipalName
+5. Configure alert conditions.
+ΓÇÄIn the Condition section, select the link **Whenever the average custom log search is greater than logic defined count**. In the configure signal logic pane, scroll to Alert logic
-//| where AppDisplayName contains "Office 365 Exchange Online"
+ [![Screenshot showing configure alerts screen.](./media/monitor-sign-in-health-for-resilience/configure-alerts.png)](./media/monitor-sign-in-health-for-resilience/configure-alerts.png)
+
+ * **Threshold value**: 0. This value will alert on any results.
-| summarize users = dcount(UserPrincipalName) by bin(TimeGenerated, 1hr)
+ * **Evaluation period (in minutes)**: 2880. This value looks at an hour of time
-| sort by TimeGenerated desc
+ * **Frequency (in minutes)**: 60. This value sets the evaluation period to once per hour for the previous hour.
-| serialize rn = row_number();
+ * Select **Done**.
-let lastWeek = SigninLogs
+6. In the **Actions** section, configure these settings:
-| where TimeGenerated between((ago(1h) - totimespan(2d))..(now() - totimespan(2d)))
+ [![Screenshot showing the Create alert rule page.](./media/monitor-sign-in-health-for-resilience/create-alert-rule.png)](./media/monitor-sign-in-health-for-resilience/create-alert-rule.png)
-| project TimeGenerated, AppDisplayName, UserPrincipalName
+ * Under **Actions**, choose **Select action group**, and add the group you want to be notified of alerts.
-//| where AppDisplayName contains "Office 365 Exchange Online"
+ * Under **Customize actions** select **Email alerts**.
-| summarize usersPriorWeek = dcount(UserPrincipalName) by bin(TimeGenerated, 1hr)
+ * Add a **subject line**.
-| sort by TimeGenerated desc
+7. Under **Alert rule details**, configure these settings:
-| serialize rn = row_number();
+ * Add a descriptive name and a description.
-thisWeek
+ * Select the **resource group** to which to add the alert.
-| join
+ * Select the default **severity** of the alert.
-(
+ * Select **Enable alert rule upon creation** if you want it live immediately, else select **Suppress alerts**.
- lastWeek
+8. Select **Create alert rule**.
-)
+9. Select **Save**, enter a name for the query, **Save as a Query with a category of Alert**. Then select **Save** again.
-on rn
+ [![Screenshot showing the save query button.](./media/monitor-sign-in-health-for-resilience/save-query.png)](./media/monitor-sign-in-health-for-resilience/save-query.png)
-| project TimeGenerated, users, usersPriorWeek, difference = abs(users - usersPriorWeek), max = max_of(users, usersPriorWeek)
+### Refine your queries and alerts
-| where (difference * 2.0) / max > 0.9
+Modify your queries and alerts for maximum effectiveness.
-```
+* Be sure to test your alerts.
-
+* Modify alert sensitivity and frequency so that you get important notifications. Admins can become desensitized to alerts if they get too many and miss something important.
+
+* Ensure the email from which alerts come in your administratorΓÇÖs email clients is added to allowed senders list. Otherwise you may miss notifications due to a spam filter on your email client.
-**Kusto query for increase in failure rate**
+* Alerts query in Azure Monitor can only include results from past 48 hours. [This is a current limitation by design](https://github.com/MicrosoftDocs/azure-docs/issues/22637).
+## Sample scripts
-```kusto
+### Kusto query for increase in failure rate
-let thisWeek = SigninLogs
+ The ratio at the bottom can be adjusted as necessary and represents the percent change in traffic in the last hour as compared to the same time yesterday. 0.5 means that there is a 50% difference in the traffic.
-| where TimeGenerated > ago(1 h)
+```kusto
+let today = SigninLogs
+
+| where TimeGenerated > ago(1h) // Query failure rate in the last hour
+
| project TimeGenerated, UserPrincipalName, AppDisplayName, status = case(Status.errorCode == "0", "success", "failure")
-| where AppDisplayName == **APP NAME**
+// Optionally filter by a specific application
+
+//| where AppDisplayName == **APP NAME**
-| summarize success = countif(status == "success"), failure = countif(status == "failure") by bin(TimeGenerated, 1h)
+| summarize success = countif(status == "success"), failure = countif(status == "failure") by bin(TimeGenerated, 1h) // hourly failure rate
| project TimeGenerated, failureRate = (failure * 1.0) / ((failure + success) * 1.0) | sort by TimeGenerated desc
-| serialize rn = row_number();
+| serialize rowNumber = row_number();
-let lastWeek = SigninLogs
+let yesterday = SigninLogs
-| where TimeGenerated between((ago(1 h) - totimespan(2d))..(ago(1h) - totimespan(2d)))
+| where TimeGenerated between((ago(1h) - totimespan(1d))..(now() - totimespan(1d))) // Query failure rate at the same time yesterday
| project TimeGenerated, UserPrincipalName, AppDisplayName, status = case(Status.errorCode == "0", "success", "failure")
-| where AppDisplayName == **APP NAME**
+// Optionally filter by a specific application
-| summarize success = countif(status == "success"), failure = countif(status == "failure") by bin(TimeGenerated, 1h)
+//| where AppDisplayName == **APP NAME**
-| project TimeGenerated, failureRatePriorWeek = (failure * 1.0) / ((failure + success) * 1.0)
+| summarize success = countif(status == "success"), failure = countif(status == "failure") by bin(TimeGenerated, 1h) // hourly failure rate at same time yesterday
-| sort by TimeGenerated desc
+| project TimeGenerated, failureRateYesterday = (failure * 1.0) / ((failure + success) * 1.0)
-| serialize rn = row_number();
+| sort by TimeGenerated desc
-thisWeek
+| serialize rowNumber = row_number();
+today
+| join (yesterday) on rowNumber // join data from same time today and yesterday
-| join (lastWeek) on rn
+| project TimeGenerated, failureRate, failureRateYesterday
-| project TimeGenerated, failureRate, failureRatePriorWeek
+// Set threshold to be the percent difference in failure rate in the last hour as compared to the same time yesterday
-| where abs(failureRate ΓÇô failureRatePriorWeek) > **THRESHOLD VALUE**
+| where abs(failureRate - failureRateYesterday) > 0.5
```
-3. Paste the query in the window and select **Run**. Ensure you see the Completed message shown in the image below, and results below that message.
+### Kusto query for drop in usage
- [![Screenshot showing the run query results.](./media/monitor-sign-in-health-for-resilience/run-query.png)](./media/monitor-sign-in-health-for-resilience/run-query.png)
+In the following query, we are comparing traffic in the last hour to the same time yesterday.
+We are excluding Saturday, Sunday, and Monday because itΓÇÖs expected on those days that there would be large variability in the traffic at the same time the previous day.
-4. Highlight the query, and select + **New alert rule**.
-
- [![Screenshot showing the new alert rule screen.](./media/monitor-sign-in-health-for-resilience/new-alert-rule.png)](./media/monitor-sign-in-health-for-resilience/new-alert-rule.png)
+The ratio at the bottom can be adjusted as necessary and represents the percent change in traffic in the last hour as compared to the same time yesterday. 0.5 means that there is a 50% difference in the traffic.
+*You should adjust these values to fit your business operation model*.
-5. Configure alert conditions.
-ΓÇÄIn the Condition section, select the link **Whenever the average custom log search is greater than logic defined count**. In the configure signal logic pane, scroll to Alert logic
+```Kusto
+ let today = SigninLogs // Query traffic in the last hour
- [![Screenshot showing configure alerts screen.](./media/monitor-sign-in-health-for-resilience/configure-alerts.png)](./media/monitor-sign-in-health-for-resilience/configure-alerts.png)
-
- * **Threshold value**: 0. This value will alert on any results.
+| where TimeGenerated > ago(1h)
- * **Evaluation period (in minutes)**: 60. This value looks at an hour of time
+| project TimeGenerated, AppDisplayName, UserPrincipalName
- * **Frequency (in minutes)**: 60. This value sets the evaluation period to once per hour for the previous hour.
+// Optionally filter by AppDisplayName to scope query to a single application
- * Select **Done**.
+//| where AppDisplayName contains "Office 365 Exchange Online"
-6. In the **Actions** section, configure these settings:
+| summarize users = dcount(UserPrincipalName) by bin(TimeGenerated, 1hr) // Count distinct users in the last hour
- [![Screenshot showing the Create alert rule page.](./media/monitor-sign-in-health-for-resilience/create-alert-rule.png)](./media/monitor-sign-in-health-for-resilience/create-alert-rule.png)
+| sort by TimeGenerated desc
- * Under **Actions**, choose **Select action group**, and add the group you want to be notified of alerts.
+| serialize rn = row_number();
- * Under **Customize actions** select **Email alerts**.
+let yesterday = SigninLogs // Query traffic at the same hour yesterday
- * Add a **subject line**.
+| where TimeGenerated between((ago(1h) - totimespan(1d))..(now() - totimespan(1d))) // Count distinct users in the same hour yesterday
-7. Under **Alert rule details**, configure these settings:
+| project TimeGenerated, AppDisplayName, UserPrincipalName
- * Add a descriptive name and a description.
+// Optionally filter by AppDisplayName to scope query to a single application
- * Select the **resource group** to which to add the alert.
+//| where AppDisplayName contains "Office 365 Exchange Online"
- * Select the default **severity** of the alert.
+| summarize usersYesterday = dcount(UserPrincipalName) by bin(TimeGenerated, 1hr)
- * Select **Enable alert rule upon creation** if you want it live immediately, else select **Suppress alerts**.
+| sort by TimeGenerated desc
-8. Select **Create alert rule**.
+| serialize rn = row_number();
-9. Select **Save**, enter a name for the query, **Save as a Query with a category of Alert**. Then select **Save** again.
+today
+| join // Join data from today and yesterday together
+(
+yesterday
+)
+on rn
- [![Screenshot showing the save query button.](./media/monitor-sign-in-health-for-resilience/save-query.png)](./media/monitor-sign-in-health-for-resilience/save-query.png)
+// Calculate the difference in number of users in the last hour compared to the same time yesterday
+| project TimeGenerated, users, usersYesterday, difference = abs(users - usersYesterday), max = max_of(users, usersYesterday)
+ extend ratio = (difference * 1.0) / max // Ratio is the percent difference in traffic in the last hour as compared to the same time yesterday
-### Refine your queries and alerts
-Modify your queries and alerts for maximum effectiveness.
+// Day variable is the number of days since the previous Sunday. Optionally ignore results on Sat, Sun, and Mon because large variability in traffic is expected.
-* Be sure to test your alerts.
+| extend day = dayofweek(now())
-* Modify alert sensitivity and frequency so that you get important notifications. Admins can become desensitized to alerts if they get too many and miss something important.
+| where day != time(6.00:00:00) // exclude Sat
-* Ensure the email from which alerts come in your administratorΓÇÖs email clients is added to allowed senders list. Otherwise you may miss notifications due to a spam filter on your email client.
+| where day != time(0.00:00:00) // exclude Sun
-* Alerts query in Azure Monitor can only include results from past 48 hours. [This is a current limitation by design](https://github.com/MicrosoftDocs/azure-docs/issues/22637).
+| where day != time(1.00:00:00) // exclude Mon
+
+| where ratio > 0.7 // Threshold percent difference in sign-in traffic as compared to same hour yesterday
+
+```
## Create processes to manage alerts Once you have set up the query and alerts, create business processes to manage the alerts. * Who will monitor the workbook and when?+ * When an alert is generated, who will investigate? * What are the communication needs? Who will create the communications and who will receive them?
Once you have set up the query and alerts, create business processes to manage t
## Next steps [Learn more about workbooks](../reports-monitoring/howto-use-azure-monitor-workbooks.md)-
-
-
-
-
active-directory Service Accounts Governing Azure https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/fundamentals/service-accounts-governing-azure.md
We recommend the following practices for service account privileges.
* Do not assign built-in roles to service accounts. Instead, use the [OAuth2 permission grant model for Microsoft Graph](/graph/api/resources/oauth2permissiongrant),
-* If the service principal must be assigned a privileged role, consider assigning a [custom role](https://docs.microsoft.com/azure/active-directory/roles/custom-create) with specific, required privileged, in a time-bound fashion.
+* If the service principal must be assigned a privileged role, consider assigning a [custom role](../roles/custom-create.md) with specific, required privileged, in a time-bound fashion.
* Do not include service accounts as members of any groups with elevated permissions.
We recommend the following practices for service account privileges.
or use ΓÇÄ `Get-AzureADServicePrincipal | % { Get-AzureADServiceAppRoleAssignment -ObjectId $_ }`
-* [Use OAuth 2.0 scopes](https://docs.microsoft.com/azure/active-directory/develop/v2-permissions-and-consent) to limit the functionality a service account can access on a resource.
+* [Use OAuth 2.0 scopes](../develop/v2-permissions-and-consent.md) to limit the functionality a service account can access on a resource.
* Service principals and managed identities can use OAuth 2.0 scopes in either a delegated context that is impersonating a signed-on user, or as service account in the application context. In the application context no is signed-on.
-* Check the scopes service accounts request for resources to ensure they're appropriate. For example, if an account is requesting Files.ReadWrite.All, evaluate if it actually needs only File.Read.All. For more information on permissions, see to [Microsoft Graph permission reference](https://docs.microsoft.com/graph/permissions-reference).
+* Check the scopes service accounts request for resources to ensure they're appropriate. For example, if an account is requesting Files.ReadWrite.All, evaluate if it actually needs only File.Read.All. For more information on permissions, see to [Microsoft Graph permission reference](/graph/permissions-reference).
* Ensure you trust the developer of the application or API with the access requested to your resources.
We recommend the following practices for service account privileges.
Once you have a clear understanding of the purpose, scope, and necessary permissions, create your service account.
-[Create and use managed identities](https://docs.microsoft.com/azure/app-service/overview-managed-identity?tabs=dotnet)
+[Create and use managed identities](../../app-service/overview-managed-identity.md?tabs=dotnet)
-[Create and use service principals](https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal)
+[Create and use service principals](../develop/howto-create-service-principal-portal.md)
Use a managed identity when possible. If you cannot use a managed identity, use a service principal. If you cannot use a service principal, then and only then use an Azure AD user account.
Proactively monitor your service accounts to ensure the service accountΓÇÖs usag
* Using the Azure AD Sign-In Logs in the Azure AD Portal.
-* Exporting the Azure AD Sign-In Logs to [Azure Storage](https://docs.microsoft.com/azure/storage/), [Azure Event Hubs](https://docs.microsoft.com/azure/event-hubs/), or [Azure Monitor](https://docs.microsoft.com/azure/azure-monitor/logs/data-platform-logs).
+* Exporting the Azure AD Sign-In Logs to [Azure Storage](../../storage/index.yml), [Azure Event Hubs](../../event-hubs/index.yml), or [Azure Monitor](../../azure-monitor/logs/data-platform-logs.md).
![Screen shot showing service principal sign-in screen.](./media/securing-service-accounts/service-accounts-govern-azure-1.png)
Establish a review process to ensure that service accounts are regularly reviewe
**The processes for deprovisioning should include the following tasks.**
-1. Once the associated application or script is deprovisioned, [monitor sign-ins](https://docs.microsoft.com/azure/active-directory/reports-monitoring/concept-sign-ins#sign-ins-report) and resource access by the service account.
+1. Once the associated application or script is deprovisioned, [monitor sign-ins](../reports-monitoring/concept-sign-ins.md#sign-ins-report) and resource access by the service account.
* If the account still is active, determine how it's being used before taking subsequent steps.
For more information on securing Azure service accounts, see:
-
active-directory Service Accounts Introduction Azure https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/fundamentals/service-accounts-introduction-azure.md
For services hosted in Azure, we recommend using a managed identity if possible,
## Managed identities
-Managed identities are secure Azure Active Directory (Azure AD) identities created to provide identities for Azure resources. There are [two types of managed identities](https://docs.microsoft.com/azure/active-directory/managed-identities-azure-resources/overview#managed-identity-types):
+Managed identities are secure Azure Active Directory (Azure AD) identities created to provide identities for Azure resources. There are [two types of managed identities](../managed-identities-azure-resources/overview.md#managed-identity-types):
* System-assigned managed identities can be assigned directly to an instance of a service. * User-assigned managed identities can be created as a standalone resource.
-For more information, see [Securing managed identities](service-accounts-managed-identities.md). For general information about managed identities, see [What are managed identities for Azure resources?](https://docs.microsoft.com/azure/active-directory/managed-identities-azure-resources/overview)
+For more information, see [Securing managed identities](service-accounts-managed-identities.md). For general information about managed identities, see [What are managed identities for Azure resources?](../managed-identities-azure-resources/overview.md)
## Service principals
For more information on securing Azure service accounts, see:
[Securing service principals](service-accounts-principal.md)
-[Governing Azure service accounts](service-accounts-governing-azure.md)
---
+[Governing Azure service accounts](service-accounts-governing-azure.md)
active-directory Service Accounts Managed Identities https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/fundamentals/service-accounts-managed-identities.md
Azure has a control plane and a data plane. In the control plane, you create res
Once the target system accepts the token for authentication, it can support different mechanisms for authorization for its control plane and data plane.
-All of AzureΓÇÖs control plane operations are managed by [Azure Resource Manager](https://docs.microsoft.com/azure/azure-resource-manager/management/overview) and use [Azure Role Based Access Control](https://docs.microsoft.com/azure/role-based-access-control/overview). In the data plane,, each target system has its own authorization mechanism. Azure Storage supports Azure RBAC on the data plane. For example, applications using Azure App Services can read data from Azure Storage, and applications using Azure Kubernetes Service can read secrets stored in Azure Key Vault.
+All of AzureΓÇÖs control plane operations are managed by [Azure Resource Manager](../../azure-resource-manager/management/overview.md) and use [Azure Role Based Access Control](../../role-based-access-control/overview.md). In the data plane,, each target system has its own authorization mechanism. Azure Storage supports Azure RBAC on the data plane. For example, applications using Azure App Services can read data from Azure Storage, and applications using Azure Kubernetes Service can read secrets stored in Azure Key Vault.
-For more information about control and data planes, see [Control plane and data plane operations - Azure Resource Manager](https://docs.microsoft.com/azure/azure-resource-manager/management/control-plane-and-data-plane).
+For more information about control and data planes, see [Control plane and data plane operations - Azure Resource Manager](../../azure-resource-manager/management/control-plane-and-data-plane.md).
-All Azure services will eventually support managed identities. For more information, see [Services that support managed identities for Azure resources](https://docs.microsoft.com/azure/active-directory/managed-identities-azure-resources/services-support-managed-identities).
+All Azure services will eventually support managed identities. For more information, see [Services that support managed identities for Azure resources](../managed-identities-azure-resources/services-support-managed-identities.md).
##
You can assess the security of managed identities in the following ways:
`Get-AzureADGroupMember -ObjectId <String> [-All <Boolean>] [-Top <Int32>] [<CommonParameters>]`
-* [Ensure you know what resources the managed identity is accessing](https://docs.microsoft.com/azure/role-based-access-control/role-assignments-list-powershell).
+* [Ensure you know what resources the managed identity is accessing](../../role-based-access-control/role-assignments-list-powershell.md).
## Move to managed identities
If you are using a service principal or an Azure AD user account, evaluate if y
**For information on creating managed identities, see:**
-[Create a user assigned managed identity](https://docs.microsoft.com/azure/active-directory/managed-identities-azure-resources/how-to-manage-ua-identity-portal).
+[Create a user assigned managed identity](../managed-identities-azure-resources/how-to-manage-ua-identity-portal.md).
-[Enable a system assigned managed identity during resource creation](https://docs.microsoft.com/azure/active-directory/managed-identities-azure-resources/qs-configure-portal-windows-vm)
+[Enable a system assigned managed identity during resource creation](../managed-identities-azure-resources/qs-configure-portal-windows-vm.md)
-[Enable system assigned managed identity on an existing resource](https://docs.microsoft.com/azure/active-directory/managed-identities-azure-resources/qs-configure-portal-windows-vm)
+[Enable system assigned managed identity on an existing resource](../managed-identities-azure-resources/qs-configure-portal-windows-vm.md)
**For more information on service accounts see:**
If you are using a service principal or an Azure AD user account, evaluate if y
-
active-directory Service Accounts Principal https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/fundamentals/service-accounts-principal.md
# Securing service principals
-An Azure Active Directory (Azure AD) [service principal](https://docs.microsoft.com/azure/active-directory/develop/app-objects-and-service-principals) is the local representation of an application object in a single tenant or directory. ΓÇÄIt functions as the identity of the application instance. Service principals define who can access the application, and what resources the application can access. A service principal is created in each tenant where the application is used and references the globally unique application object. The tenant secures the service principalΓÇÖs sign in and access to resources.
+An Azure Active Directory (Azure AD) [service principal](../develop/app-objects-and-service-principals.md) is the local representation of an application object in a single tenant or directory. ΓÇÄIt functions as the identity of the application instance. Service principals define who can access the application, and what resources the application can access. A service principal is created in each tenant where the application is used and references the globally unique application object. The tenant secures the service principalΓÇÖs sign in and access to resources.
### Tenant-service principal relationships A single-tenant application has only one service principal in its home tenant. A multi-tenant web application or API requires a service principal in each tenant. A service principal is created when a user from that tenant has consented to the application's or API's use. ΓÇïThis consent creates a one-to-many relationship between the multi-tenant application and its associated service principals.
A given application instance has two distinct properties: the ApplicationID (als
The ApplicationID represents the global application and is the same for all the application instances across tenants. The ObjectID is a unique value for an application object and represents the service principal. As with users, groups, and other resources, the ObjectID helps uniquely identify an application instance in Azure AD.
-ΓÇïΓÇïFor more detailed information on this topic, see [Application and service principal relationship](https://docs.microsoft.com/azure/active-directory/develop/app-objects-and-service-principals).
+ΓÇïΓÇïFor more detailed information on this topic, see [Application and service principal relationship](../develop/app-objects-and-service-principals.md).
You can also create an application and its service principal object (ObjectID) in a tenant using Azure PowerShell, Azure CLI, Microsoft Graph, the Azure portal, and other tools.
There are two mechanisms for authentication using service principalsΓÇöclient ce
* passwords For more information on Azure Key Vault and how to use it for certificate and secret management, see
-[About Azure Key Vault](https://docs.microsoft.com/azure/key-vault/general/overview) and [Assign a Key Vault access policy using the Azure portal](https://docs.microsoft.com/azure/key-vault/general/assign-access-policy-portal).
+[About Azure Key Vault](../../key-vault/general/overview.md) and [Assign a Key Vault access policy using the Azure portal](../../key-vault/general/assign-access-policy-portal.md).
### Challenges and mitigations The following table presents mitigations to challenges you may encounter when using service principals.
Using PowerShell
`Get-AzureADServicePrincipal -All:$true`
-For more information see [Get-AzureADServicePrincipal](https://docs.microsoft.com/powershell/module/azuread/get-azureadserviceprincipal)
+For more information see [Get-AzureADServicePrincipal](/powershell/module/azuread/get-azureadserviceprincipal)
## Assess service principal security
Can't manage service principals' sign-in with Conditional Access.| Monitor the s
| The default Azure RBAC role is ContributorΓÇï. |Evaluate the needs and apply the role with the least possible permissions to meet that need.| ## Move from a user account to a service principalΓÇï
-ΓÇÄIf you are using an Azure user account as a service principal, evaluate if you can move to a [Managed Identity](https://docs.microsoft.com/azure/app-service/overview-managed-identity?tabs=dotnet) or a service principal. If you cannot use a managed identity, provision a service principal that has just enough permissions and scope to run the required tasks. You can create a service principal by [registering an application](https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal), or with [PowerShell](https://docs.microsoft.com/azure/active-directory/develop/howto-authenticate-service-principal-powershell).
+ΓÇÄIf you are using an Azure user account as a service principal, evaluate if you can move to a [Managed Identity](../../app-service/overview-managed-identity.md?tabs=dotnet) or a service principal. If you cannot use a managed identity, provision a service principal that has just enough permissions and scope to run the required tasks. You can create a service principal by [registering an application](../develop/howto-create-service-principal-portal.md), or with [PowerShell](../develop/howto-authenticate-service-principal-powershell.md).
When using Microsoft Graph, check the documentation of the specific API, [like in this example](/powershell/azure/create-azure-service-principal-azureps), ΓÇÄand make sure the permission type for application is showing as supported.
When using Microsoft Graph, check the documentation of the specific API, [like i
[Create a service principal](../develop/howto-create-service-principal-portal.md)
- [Monitor service principal sign-ins](https://docs.microsoft.com/azure/active-directory/reports-monitoring/concept-sign-ins#sign-ins-report)
+ [Monitor service principal sign-ins](../reports-monitoring/concept-sign-ins.md#sign-ins-report)
**To learn more about securing service accounts:**
When using Microsoft Graph, check the documentation of the specific API, [like i
[Governing Azure service accounts](service-accounts-governing-azure.md)
-[Introduction to on-premises service accounts](service-accounts-on-premises.md)
+[Introduction to on-premises service accounts](service-accounts-on-premises.md)
active-directory Whats New Archive https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/fundamentals/whats-new-archive.md
The new [policy details blade](../conditional-access/troubleshoot-conditional-ac
In April 2020, we've added these 31 new apps with Federation support to the app gallery:
-[SincroPool Apps](https://www.sincropool.com/), [SmartDB](https://hibiki.dreamarts.co.jp/smartdb/trial/), [Float](../saas-apps/float-tutorial.md), [LMS365](https://lms.365.systems/), [IWT Procurement Suite](../saas-apps/iwt-procurement-suite-tutorial.md), [Lunni](https://lunni.fi/), [EasySSO for Jira](../saas-apps/easysso-for-jira-tutorial.md), [Virtual Training Academy](https://vta.c3p.c), [Trend Micro Web Security(TMWS)](/azure/active-directory/saas-apps/trend-micro-tutorial)
+[SincroPool Apps](https://www.sincropool.com/), [SmartDB](https://hibiki.dreamarts.co.jp/smartdb/trial/), [Float](../saas-apps/float-tutorial.md), [LMS365](https://lms.365.systems/), [IWT Procurement Suite](../saas-apps/iwt-procurement-suite-tutorial.md), [Lunni](https://lunni.fi/), [EasySSO for Jira](../saas-apps/easysso-for-jira-tutorial.md), [Virtual Training Academy](https://vta.c3p.c)
For more information about the apps, see [SaaS application integration with Azure Active Directory](../saas-apps/tutorial-list.md). For more information about listing your application in the Azure AD app gallery, see [List your application in the Azure Active Directory application gallery](../develop/v2-howto-app-gallery-listing.md).
For more information, see [Enable Security Audits for Azure AD Domain Services (
The new Authentication methods usage & insights reports can help you to understand how features like Azure AD Multi-Factor Authentication and self-service password reset are being registered and used in your organization, including the number of registered users for each feature, how often self-service password reset is used to reset passwords, and by which method the reset happens.
-For more information, see [Authentication methods usage & insights (preview)](../authentication/howto-authentication-methods-usage-insights.md).
+For more information, see [Authentication methods usage & insights (preview)](../authentication/howto-authentication-methods-activity.md).
A hotfix roll-up package (build 4.4.1642.0) is available as of September 25, 201
For more information, see [Hotfix rollup package (build 4.4.1642.0) is available for Identity Manager 2016 Service Pack 1](https://support.microsoft.com/help/4021562). -+
active-directory Whats New https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/fundamentals/whats-new.md
Temporary Access Pass is a time-limited passcode that serves as strong credentia
**Service category:** B2C - Consumer Identity Management **Product capability:** B2B/B2C
-The next generation of B2C user flows now supports the [keep me signed in (KMSI)](https://docs.microsoft.com/azure/active-directory-b2c/session-behavior?pivots=b2c-custom-policy#enable-keep-me-signed-in-kmsi) functionality that allows customers to extend the session lifetime for the users of their web and native applications by using a persistent cookie. feature keeps the session active even when the user closes and reopens the browser, and is revoked when the user signs out.
+The next generation of B2C user flows now supports the [keep me signed in (KMSI)](../../active-directory-b2c/session-behavior.md?pivots=b2c-custom-policy#enable-keep-me-signed-in-kmsi) functionality that allows customers to extend the session lifetime for the users of their web and native applications by using a persistent cookie. feature keeps the session active even when the user closes and reopens the browser, and is revoked when the user signs out.
Customers can now reinvite existing external guest users to reset their redempti
**Service category:** App Provisioning **Product capability:** Identity Lifecycle Management
-Customers can now use application.readwrite.ownedby as an application permission to call the synchronization APIs. Note this is only supported for provisioning from Azure AD out into third-party applications (for example, AWS, Data Bricks, etc.). It is currently not supported for HR-provisioning (Workday / Successfactors) or Cloud Sync (AD to Azure AD). [Learn more](https://docs.microsoft.com/graph/api/resources/provisioningobjectsummary?view=graph-rest-beta).
+Customers can now use application.readwrite.ownedby as an application permission to call the synchronization APIs. Note this is only supported for provisioning from Azure AD out into third-party applications (for example, AWS, Data Bricks, etc.). It is currently not supported for HR-provisioning (Workday / Successfactors) or Cloud Sync (AD to Azure AD). [Learn more](/graph/api/resources/provisioningobjectsummary?view=graph-rest-beta).
You can now automate creating, updating, and deleting user accounts for these ne
- [Iris Intranet](../saas-apps/iris-intranet-provisioning-tutorial.md) - [Preciate](../saas-apps/preciate-provisioning-tutorial.md)
-For more information, read [Automate user provisioning to SaaS applications with Azure AD](https://docs.microsoft.com/azure/active-directory/manage-apps/user-provisioning).
+For more information, read [Automate user provisioning to SaaS applications with Azure AD](../app-provisioning/user-provisioning.md).
For more information, read [Automate user provisioning to SaaS applications with
**Service category:** RBAC **Product capability:** Access Control
-10 Azure AD built-in roles have been renamed so that they're aligned across the [Microsoft 365 admin center](https://docs.microsoft.com/microsoft-365/admin/microsoft-365-admin-center-preview), [Azure AD portal](https://portal.azure.com/), and [Microsoft Graph](https://developer.microsoft.com/graph/). To learn more about the new roles, refer to [Administrator role permissions in Azure Active Directory](../roles/permissions-reference.md#all-roles).
+10 Azure AD built-in roles have been renamed so that they're aligned across the [Microsoft 365 admin center](/microsoft-365/admin/microsoft-365-admin-center-preview), [Azure AD portal](https://portal.azure.com/), and [Microsoft Graph](https://developer.microsoft.com/graph/). To learn more about the new roles, refer to [Administrator role permissions in Azure Active Directory](../roles/permissions-reference.md#all-roles).
![Table showing role names in MS Graph API and the Azure portal, and the proposed final name across API, Azure portal, and Mac.](media/whats-new/roles-table-rbac.png)
In the access package creation flow, under the Resource roles tab, the Select pa
This experience will be changed to display only the resources currently added in the catalog by default, so that users can easily pick resources from the catalog. The update will help with discoverability of the resources to add to access packages, and reduce risk of inadvertently adding resources owned by the user that aren't part of the catalog. To learn more, see [Create a new access package in Azure AD entitlement management](../governance/entitlement-management-access-package-create.md#resource-roles). -+
active-directory Entitlement Management Catalog Create https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/governance/entitlement-management-catalog-create.md
To include resources in an access package, the resources must exist in a catalog
### Add a Multi-geo SharePoint Site
-1. If you have [Multi-Geo](https://docs.microsoft.com/microsoft-365/enterprise/multi-geo-capabilities-in-onedrive-and-sharepoint-online-in-microsoft-365) enabled for SharePoint, select the environment you would like to select sites from.
+1. If you have [Multi-Geo](/microsoft-365/enterprise/multi-geo-capabilities-in-onedrive-and-sharepoint-online-in-microsoft-365) enabled for SharePoint, select the environment you would like to select sites from.
:::image type="content" source="media/entitlement-management-catalog-create/sharepoint-multigeo-select.png" alt-text="Access package - Add resource roles - Select SharePoint Multi-geo sites":::
active-directory Configure Authentication For Federated Users Portal https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/manage-apps/configure-authentication-for-federated-users-portal.md
Some applications do not provide a way to configure the authentication request t
### Home Realm Discovery policy to prevent auto-acceleration
-Some Microsoft and SaaS applications automatically include domain_hints (for example, `https://outlook.com/contoso.com` results in a login request with `&domain_hint=contoso.com` appended), which can disrupt rollout of managed credentials like FIDO. You can use [Home Realm Discovery Policy](https://docs.microsoft.com/graph/api/resources/homeRealmDiscoveryPolicy) to ignore domain hints from certain apps or for certain domains, during rollout of managed credentials.
+Some Microsoft and SaaS applications automatically include domain_hints (for example, `https://outlook.com/contoso.com` results in a login request with `&domain_hint=contoso.com` appended), which can disrupt rollout of managed credentials like FIDO. You can use [Home Realm Discovery Policy](/graph/api/resources/homeRealmDiscoveryPolicy) to ignore domain hints from certain apps or for certain domains, during rollout of managed credentials.
## Enable direct ROPC authentication of federated users for legacy applications
Following is an example HRD policy definition:
} ```
-The policy type is "[HomeRealmDiscoveryPolicy](https://docs.microsoft.com/graph/api/resources/homeRealmDiscoveryPolicy)".
+The policy type is "[HomeRealmDiscoveryPolicy](/graph/api/resources/homeRealmDiscoveryPolicy)".
**AccelerateToFederatedDomain** is optional. If **AccelerateToFederatedDomain** is false, the policy has no effect on auto-acceleration. If **AccelerateToFederatedDomain** is true and there is only one verified and federated domain in the tenant, then users will be taken straight to the federated IdP for sign in. If it is true and there is more than one verified domain in the tenant, **PreferredDomain** must be specified.
Get-AzureADPolicyAppliedObject -id <ObjectId of the Policy>
- For more information about how authentication works in Azure AD, see [Authentication scenarios for Azure AD](../develop/authentication-vs-authorization.md). - For more information about user single sign-on, see [Single sign-on to applications in Azure Active Directory](what-is-single-sign-on.md).-- Visit the [Microsoft identity platform](../develop/v2-overview.md) for an overview of all developer-related content.
+- Visit the [Microsoft identity platform](../develop/v2-overview.md) for an overview of all developer-related content.
active-directory Manage Certificates For Federated Single Sign On https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/manage-apps/manage-certificates-for-federated-single-sign-on.md
Azure AD will send an email notification 60, 30, and 7 days before the SAML cert
1. For each email address you want to delete, select the **Delete** icon (a garbage can) next to the email address. 1. Select **Save**.
+You can add up to 5 email addresses to the Notification list (including the email address of the admin who added the application). If you need more people to be notified, use the distribution list emails.
+ You will receive the notification email from aadnotification@microsoft.com. To avoid the email going to your spam location, add this email to your contacts. ## Renew a certificate that will soon expire
If a certificate is about to expire, you can renew it using a procedure that res
- [Tutorials for integrating SaaS applications with Azure Active Directory](../saas-apps/tutorial-list.md) - [Application management with Azure Active Directory](what-is-application-management.md) - [Single sign-on to applications in Azure Active Directory](what-is-single-sign-on.md)-- [Debug SAML-based single sign-on to applications in Azure Active Directory](./debug-saml-sso-issues.md)
+- [Debug SAML-based single sign-on to applications in Azure Active Directory](./debug-saml-sso-issues.md)
active-directory Migrate Adfs Application Activity https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/manage-apps/migrate-adfs-application-activity.md
-# Use the AD FS application activity report (preview) to migrate applications to Azure AD
+# Use the AD FS application activity report to migrate applications to Azure AD
Many organizations use Active Directory Federation Services (AD FS) to provide single sign-on to cloud applications. There are significant benefits to moving your AD FS applications to Azure AD for authentication, especially in terms of cost management, risk management, productivity, compliance, and governance. But understanding which applications are compatible with Azure AD and identifying specific migration steps can be time consuming.
-The AD FS application activity report (preview) in the Azure portal lets you quickly identify which of your applications are capable of being migrated to Azure AD. It assesses all AD FS applications for compatibility with Azure AD, checks for any issues, and gives guidance on preparing individual applications for migration. With the AD FS application activity report, you can:
+The AD FS application activity report in the Azure portal lets you quickly identify which of your applications are capable of being migrated to Azure AD. It assesses all AD FS applications for compatibility with Azure AD, checks for any issues, and gives guidance on preparing individual applications for migration. With the AD FS application activity report, you can:
* **Discover AD FS applications and scope your migration.** The AD FS application activity report lists all AD FS applications in your organization that have had an active user login in the last 30 days. The report indicates an apps readiness for migration to Azure AD. The report doesn't display Microsoft related relying parties in AD FS such as Office 365. For example, relying parties with name 'urn:federation:MicrosoftOnline'.
The AD FS application activity report is available in the Azure portal under Azu
2. Select **Azure Active Directory**, and then select **Enterprise applications**.
-3. Under **Activity**, select **Usage & Insights (Preview)**, and then select **AD FS application activity** to open a list of all AD FS applications in your organization.
+3. Under **Activity**, select **Usage & Insights**, and then select **AD FS application activity** to open a list of all AD FS applications in your organization.
![AD FS application activity](media/migrate-adfs-application-activity/adfs-application-activity.png)
active-directory Prevent Domain Hints With Home Realm Discovery https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/manage-apps/prevent-domain-hints-with-home-realm-discovery.md
# Disable auto-acceleration to a federated IDP during user sign-in with Home Realm Discovery policy
-[Home Realm Discovery Policy](https://docs.microsoft.com/graph/api/resources/homeRealmDiscoveryPolicy) (HRD) offers administrators multiple ways to control how and where their users authenticate. The `domainHintPolicy` section of the HRD policy is used to help migrate federated users to cloud managed credentials like [FIDO](../authentication/howto-authentication-passwordless-security-key.md), by ensuring that they always visit the Azure AD sign-in page and aren't auto-accelerated to a federated IDP because of domain hints.
+[Home Realm Discovery Policy](/graph/api/resources/homeRealmDiscoveryPolicy) (HRD) offers administrators multiple ways to control how and where their users authenticate. The `domainHintPolicy` section of the HRD policy is used to help migrate federated users to cloud managed credentials like [FIDO](../authentication/howto-authentication-passwordless-security-key.md), by ensuring that they always visit the Azure AD sign-in page and aren't auto-accelerated to a federated IDP because of domain hints.
This policy is needed in situations where applications an admin cannot control or update add domain hints during sign-in. For example, `outlook.com/contoso.com` sends the user to a login page with the `&domain_hint=contoso.com` parameter appended, in order to auto-accelerate the user directly to the federated IDP for the `contoso.com` domain. Users with managed credentials sent to a federated IDP cannot sign-in using their managed credentials, reducing security and frustrating users with randomized sign-in experiences. Admins rolling out managed credentials [should also set up this policy](#suggested-use-within-a-tenant) to ensure that users can always use their managed credentials.
After step 4 is complete all users, except those in `guestHandlingDomain.com`, c
## Configuring policy through Graph Explorer
-Set the [HRD policy](https://docs.microsoft.com/graph/api/resources/homeRealmDiscoveryPolicy) as usual, using Microsoft Graph.
+Set the [HRD policy](/graph/api/resources/homeRealmDiscoveryPolicy) as usual, using Microsoft Graph.
1. Grant the Policy.ReadWrite.ApplicationConfiguration permission in [Graph Explorer](https://developer.microsoft.com/graph/graph-explorer). 1. Use the URL `https://graph.microsoft.com/v1.0/policies/homeRealmDiscoveryPolicies`
Be sure to use slashes to escape the `Definition` JSON section when using Graph.
## Next steps * [Enable passwordless security key sign-in](../authentication/howto-authentication-passwordless-security-key.md)
-* [Enable passwordless sign-in with the Microsoft Authenticator app](../authentication/howto-authentication-passwordless-phone.md)
+* [Enable passwordless sign-in with the Microsoft Authenticator app](../authentication/howto-authentication-passwordless-phone.md)
active-directory Secure Hybrid Access https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/manage-apps/secure-hybrid-access.md
In addition to [Azure AD Application Proxy](./what-is-application-proxy.md), to
The following networking vendors offer pre-built solutions and detailed guidance for integrating with Azure AD. -- [Akamai Enterprise Application Access (EAA)](https://docs.microsoft.com/azure/active-directory/saas-apps/akamai-tutorial)
+- [Akamai Enterprise Application Access (EAA)](../saas-apps/akamai-tutorial.md)
-- [Citrix Application Delivery Controller (ADC)](https://docs.microsoft.com/azure/active-directory/saas-apps/citrix-netscaler-tutorial)
+- [Citrix Application Delivery Controller (ADC)](../saas-apps/citrix-netscaler-tutorial.md)
-- [F5 Big-IP APM](https://docs.microsoft.com/azure/active-directory/manage-apps/f5-aad-integration)
+- [F5 Big-IP APM](./f5-aad-integration.md)
-- [Kemp](https://docs.microsoft.com/azure/active-directory/saas-apps/kemp-tutorial)
+- [Kemp](../saas-apps/kemp-tutorial.md)
-- [Pulse Secure Virtual Traffic Manager (VTM)](https://docs.microsoft.com/azure/active-directory/saas-apps/pulse-secure-virtual-traffic-manager-tutorial)
+- [Pulse Secure Virtual Traffic Manager (VTM)](../saas-apps/pulse-secure-virtual-traffic-manager-tutorial.md)
### SHA through VPN and SDP applications
Using VPN and SDP solutions you can provide secure access to your enterprise ne
The following VPN vendors offer pre-built solutions and detailed guidance for integrating with Azure AD. -- [Cisco AnyConnect](https://docs.microsoft.com/azure/active-directory/saas-apps/cisco-anyconnect)
+- [Cisco AnyConnect](../saas-apps/cisco-anyconnect.md)
-- [Fortinet](https://docs.microsoft.com/azure/active-directory/saas-apps/fortigate-ssl-vpn-tutorial)
+- [Fortinet](../saas-apps/fortigate-ssl-vpn-tutorial.md)
-- [F5 Big-IP APM](https://docs.microsoft.com/azure/active-directory/manage-apps/f5-aad-password-less-vpn)
+- [F5 Big-IP APM](./f5-aad-password-less-vpn.md)
-- [Palo Alto Networks Global Protect](https://docs.microsoft.com/azure/active-directory/saas-apps/paloaltoadmin-tutorial)
+- [Palo Alto Networks Global Protect](../saas-apps/paloaltoadmin-tutorial.md)
-- [Pulse Secure Pulse Connect Secure (PCS)](https://docs.microsoft.com/azure/active-directory/saas-apps/pulse-secure-pcs-tutorial)
+- [Pulse Secure Pulse Connect Secure (PCS)](../saas-apps/pulse-secure-pcs-tutorial.md)
The following SDP vendors offer pre-built solutions and detailed guidance for integrating with Azure AD. -- [Datawiza Access Broker](https://docs.microsoft.com/azure/active-directory/manage-apps/add-application-portal-setup-oidc-sso)
+- [Datawiza Access Broker](./add-application-portal-setup-oidc-sso.md)
-- [Perimeter 81](https://docs.microsoft.com/azure/active-directory/saas-apps/perimeter-81-tutorial#:~:text=For%20SSO%20to%20work,%20you%20need%20to%20establish,to%20test%20Azure%20AD%20single%20sign-on%20with%20B.Simon.)
+- [Perimeter 81](../saas-apps/perimeter-81-tutorial.md)
-- [Silverfort Authentication Platform](https://docs.microsoft.com/azure/active-directory/manage-apps/add-application-portal-setup-oidc-sso) -- [Strata](https://docs.microsoft.com/azure/active-directory/saas-apps/maverics-identity-orchestrator-saml-connector-tutorial)
+- [Silverfort Authentication Platform](./add-application-portal-setup-oidc-sso.md)
-- [Zscaler Private Access (ZPA)](https://docs.microsoft.com/azure/active-directory/saas-apps/zscalerprivateaccess-tutorial)
+- [Strata](../saas-apps/maverics-identity-orchestrator-saml-connector-tutorial.md)
+
+- [Zscaler Private Access (ZPA)](../saas-apps/zscalerprivateaccess-tutorial.md)
active-directory Tenant Restrictions https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/manage-apps/tenant-restrictions.md
For specific details, refer to your proxy server documentation.
## Blocking consumer applications (public preview)
-Applications from Microsoft that support both consumer accounts and organizational accounts, like [OneDrive](https://onedrive.live.com/) or [Microsoft Learn](https://docs.microsoft.com/learn/), can sometimes be hosted on the same URL. This means that users that must access that URL for work purposes also have access to it for personal use, which may not be permitted under your operating guidelines.
+Applications from Microsoft that support both consumer accounts and organizational accounts, like [OneDrive](https://onedrive.live.com/) or [Microsoft Learn](/learn/), can sometimes be hosted on the same URL. This means that users that must access that URL for work purposes also have access to it for personal use, which may not be permitted under your operating guidelines.
Some organizations attempt to fix this by blocking `login.live.com` in order to block personal accounts from authenticating. This has several downsides: 1. Blocking `login.live.com` blocks the use of personal accounts in B2B guest scenarios, which can intrude on visitors and collaboration.
-1. [Autopilot requires the use of `login.live.com`](https://docs.microsoft.com/mem/autopilot/networking-requirements) in order to deploy. Intune and Autopilot scenarios can fail when `login.live.com` is blocked.
-1. Organizational telemetry and Windows updates that rely on the login.live.com service for device IDs [will cease to work](https://docs.microsoft.com/windows/deployment/update/windows-update-troubleshooting#feature-updates-are-not-being-offered-while-other-updates-are).
+1. [Autopilot requires the use of `login.live.com`](/mem/autopilot/networking-requirements) in order to deploy. Intune and Autopilot scenarios can fail when `login.live.com` is blocked.
+1. Organizational telemetry and Windows updates that rely on the login.live.com service for device IDs [will cease to work](/windows/deployment/update/windows-update-troubleshooting#feature-updates-are-not-being-offered-while-other-updates-are).
### Configuration for consumer apps
At this time, authentication to consumer applications does not appear in the [ad
The `restrict-msa` policy blocks the use of consumer applications, but allows through several other types of traffic and authentication: 1. User-less traffic for devices. This includes traffic for Autopilot, Windows Update, and organizational telemetry.
-1. B2B authentication of consumer accounts. Users with Microsoft accounts that are [invited to collaborate with a tenant](https://docs.microsoft.com/azure/active-directory/external-identities/redemption-experience#invitation-redemption-flow) authenticate to login.live.com in order to access a resource tenant.
+1. B2B authentication of consumer accounts. Users with Microsoft accounts that are [invited to collaborate with a tenant](../external-identities/redemption-experience.md#invitation-redemption-flow) authenticate to login.live.com in order to access a resource tenant.
1. This access is controlled using the `Restrict-Access-To-Tenants` header to allow or deny access to that resource tenant. 1. "Passthrough" authentication, used by many Azure apps as well as Office.com, where apps use Azure AD to sign in consumer users in a consumer context. 1. This access is also controlled using the `Restrict-Access-To-Tenants` header to allow or deny access to the special "passthrough" tenant (`f8cdef31-a31e-4b4a-93e4-5f571e91255a`). If this tenant does not appear in your `Restrict-Access-To-Tenants` list of allowed domains, consumer accounts will be blocked by Azure AD from signing into these apps.
The `restrict-msa` policy blocks the use of consumer applications, but allows th
## Next steps - Read about [Updated Office 365 modern authentication](https://www.microsoft.com/microsoft-365/blog/2015/03/23/office-2013-modern-authentication-public-preview-announced/)-- Review the [Office 365 URLs and IP address ranges](https://support.office.com/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2)
+- Review the [Office 365 URLs and IP address ranges](https://support.office.com/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2)
active-directory Services Support Managed Identities https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/managed-identities-azure-resources/services-support-managed-identities.md
Refer to the following list to configure managed identity for Azure App Service
| System assigned | Preview | Not available | Not available | Not available | | User assigned | Not available | Not available | Not available | Not available |
-Azure Arc enabled Kubernetes currently [supports system assigned identity](../../azure-arc/kubernetes/connect-cluster.md#azure-arc-agents-for-kubernetes). The managed service identity certificate is used by all Azure Arc enabled Kubernetes agents for communication with Azure.
+Azure Arc enabled Kubernetes currently [supports system assigned identity](../../azure-arc/kubernetes/quickstart-connect-cluster.md). The managed service identity certificate is used by all Azure Arc enabled Kubernetes agents for communication with Azure.
### Azure Arc enabled servers
Refer to the following list to configure access to Azure Resource
> Microsoft Power BI also [supports managed identities](../../stream-analytics/powerbi-output-managed-identity.md).
-[check]: media/services-support-managed-identities/check.png "Available"
+[check]: media/services-support-managed-identities/check.png "Available"
active-directory Permissions Reference https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/roles/permissions-reference.md
The [Authentication policy administrator](#authentication-policy-administrator)
> [!IMPORTANT]
-> This role is not currently capable of managing per-user MFA in the legacy MFA management portal. The same functions can be accomplished using the [Set-MsolUser](https://docs.microsoft.com/powershell/module/msonline/set-msoluser) commandlet Azure AD Powershell module.
+> This role is not currently capable of managing per-user MFA in the legacy MFA management portal. The same functions can be accomplished using the [Set-MsolUser](/powershell/module/msonline/set-msoluser) commandlet Azure AD Powershell module.
> [!div class="mx-tableFixed"] > | Actions | Description |
Usage Summary Reports Reader | &nbsp; | :heavy_check_mark: | :heavy_check_mark:
- [Assign Azure AD roles to groups](groups-assign-role.md) - [Understand the different roles](../../role-based-access-control/rbac-and-directory-admin-roles.md)-- [Assign a user as an administrator of an Azure subscription](../../role-based-access-control/role-assignments-portal-subscription-admin.md)
+- [Assign a user as an administrator of an Azure subscription](../../role-based-access-control/role-assignments-portal-subscription-admin.md)
active-directory Accenture Academy Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/accenture-academy-tutorial.md
In this section, you test your Azure AD single sign-on configuration with follow
* Click on **Test this application** in Azure portal and you should be automatically signed in to the Accenture Academy for which you set up the SSO
-You can also use Microsoft My Apps to test the application in any mode. When you click the Accenture Academy tile in the My Apps, if configured in SP mode you would be redirected to the application sign on page for initiating the login flow and if configured in IDP mode, you should be automatically signed in to the Accenture Academy for which you set up the SSO. For more information about the My Apps, see [Introduction to the My Apps](https://docs.microsoft.com/azure/active-directory/active-directory-saas-access-panel-introduction).
+You can also use Microsoft My Apps to test the application in any mode. When you click the Accenture Academy tile in the My Apps, if configured in SP mode you would be redirected to the application sign on page for initiating the login flow and if configured in IDP mode, you should be automatically signed in to the Accenture Academy for which you set up the SSO. For more information about the My Apps, see [Introduction to the My Apps](../user-help/my-apps-portal-end-user-access.md).
## Next steps
-Once you configure Accenture Academy you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](https://docs.microsoft.com/cloud-app-security/proxy-deployment-any-app).
--
+Once you configure Accenture Academy you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-any-app).
active-directory Acunetix 360 Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/acunetix-360-tutorial.md
In this section, you test your Azure AD single sign-on configuration with follow
* Click on **Test this application** in Azure portal and you should be automatically signed in to the Acunetix 360 for which you set up the SSO
-You can also use Microsoft My Apps to test the application in any mode. When you click the Acunetix 360 tile in the My Apps, if configured in SP mode you would be redirected to the application sign on page for initiating the login flow and if configured in IDP mode, you should be automatically signed in to the Acunetix 360 for which you set up the SSO. For more information about the My Apps, see [Introduction to the My Apps](https://docs.microsoft.com/azure/active-directory/active-directory-saas-access-panel-introduction).
+You can also use Microsoft My Apps to test the application in any mode. When you click the Acunetix 360 tile in the My Apps, if configured in SP mode you would be redirected to the application sign on page for initiating the login flow and if configured in IDP mode, you should be automatically signed in to the Acunetix 360 for which you set up the SSO. For more information about the My Apps, see [Introduction to the My Apps](../user-help/my-apps-portal-end-user-access.md).
## Next steps
-Once you configure Acunetix 360 you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](https://docs.microsoft.com/cloud-app-security/proxy-deployment-any-app).
--
+Once you configure Acunetix 360 you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-any-app).
active-directory Adglobalview Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/adglobalview-tutorial.md
Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with ADP Globalview | Microsoft Docs'
-description: Learn how to configure single sign-on between Azure Active Directory and ADP Globalview.
+ Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with ADP Globalview (Deprecated) | Microsoft Docs'
+description: Learn how to configure single sign-on between Azure Active Directory and ADP Globalview (Deprecated).
Previously updated : 09/10/2019 Last updated : 03/17/2021
-# Tutorial: Azure Active Directory single sign-on (SSO) integration with ADP Globalview
+# Tutorial: Azure Active Directory single sign-on (SSO) integration with ADP Globalview (Deprecated)
-In this tutorial, you'll learn how to integrate ADP Globalview with Azure Active Directory (Azure AD). When you integrate ADP Globalview with Azure AD, you can:
+In this tutorial, you'll learn how to integrate ADP Globalview (Deprecated) with Azure Active Directory (Azure AD). When you integrate ADP Globalview (Deprecated) with Azure AD, you can:
-* Control in Azure AD who has access to ADP Globalview.
-* Enable your users to be automatically signed-in to ADP Globalview with their Azure AD accounts.
+* Control in Azure AD who has access to ADP Globalview (Deprecated).
+* Enable your users to be automatically signed-in to ADP Globalview (Deprecated) with their Azure AD accounts.
* Manage your accounts in one central location - the Azure portal.
-To learn more about SaaS app integration with Azure AD, see [What is application access and single sign-on with Azure Active Directory](../manage-apps/what-is-single-sign-on.md).
- ## Prerequisites To get started, you need the following items: * An Azure AD subscription. If you don't have a subscription, you can get a [free account](https://azure.microsoft.com/free/).
-* ADP Globalview single sign-on (SSO) enabled subscription.
+* ADP Globalview (Deprecated) single sign-on (SSO) enabled subscription.
## Scenario description In this tutorial, you configure and test Azure AD SSO in a test environment.
-* ADP Globalview supports **IDP** initiated SSO
+* ADP Globalview (Deprecated) supports **IDP** initiated SSO.
-## Adding ADP Globalview from the gallery
+## Adding ADP Globalview (Deprecated) from the gallery
-To configure the integration of ADP Globalview into Azure AD, you need to add ADP Globalview from the gallery to your list of managed SaaS apps.
+To configure the integration of ADP Globalview (Deprecated) into Azure AD, you need to add ADP Globalview (Deprecated) from the gallery to your list of managed SaaS apps.
-1. Sign in to the [Azure portal](https://portal.azure.com) using either a work or school account, or a personal Microsoft account.
+1. Sign in to the Azure portal using either a work or school account, or a personal Microsoft account.
1. On the left navigation pane, select the **Azure Active Directory** service. 1. Navigate to **Enterprise Applications** and then select **All Applications**. 1. To add new application, select **New application**.
-1. In the **Add from the gallery** section, type **ADP Globalview** in the search box.
-1. Select **ADP Globalview** from results panel and then add the app. Wait a few seconds while the app is added to your tenant.
+1. In the **Add from the gallery** section, type **ADP Globalview (Deprecated)** in the search box.
+1. Select **ADP Globalview (Deprecated)** from results panel and then add the app. Wait a few seconds while the app is added to your tenant.
-## Configure and test Azure AD single sign-on for ADP Globalview
+## Configure and test Azure AD SSO for ADP Globalview (Deprecated)
-Configure and test Azure AD SSO with ADP Globalview using a test user called **B.Simon**. For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in ADP Globalview.
+Configure and test Azure AD SSO with ADP Globalview (Deprecated) using a test user called **B.Simon**. For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in ADP Globalview (Deprecated).
-To configure and test Azure AD SSO with ADP Globalview, complete the following building blocks:
+To configure and test Azure AD SSO with ADP Globalview (Deprecated), perform the following steps:
1. **[Configure Azure AD SSO](#configure-azure-ad-sso)** - to enable your users to use this feature. 1. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon. 1. **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable B.Simon to use Azure AD single sign-on.
-1. **[Configure ADP Globalview SSO](#configure-adp-globalview-sso)** - to configure the single sign-on settings on application side.
- 1. **[Create ADP Globalview test user](#create-adp-globalview-test-user)** - to have a counterpart of B.Simon in ADP Globalview that is linked to the Azure AD representation of user.
+1. **[Configure ADP Globalview (Deprecated) SSO](#configure-adp-globalview-deprecated-sso)** - to configure the single sign-on settings on application side.
+ 1. **[Create ADP Globalview (Deprecated) test user](#create-adp-globalview-deprecated-test-user)** - to have a counterpart of B.Simon in ADP Globalview (Deprecated) that is linked to the Azure AD representation of user.
1. **[Test SSO](#test-sso)** - to verify whether the configuration works. ## Configure Azure AD SSO Follow these steps to enable Azure AD SSO in the Azure portal.
-1. In the [Azure portal](https://portal.azure.com/), on the **ADP Globalview** application integration page, find the **Manage** section and select **single sign-on**.
+1. In the Azure portal, on the **ADP Globalview (Deprecated)** application integration page, find the **Manage** section and select **single sign-on**.
1. On the **Select a single sign-on method** page, select **SAML**.
-1. On the **Set up single sign-on with SAML** page, click the edit/pen icon for **Basic SAML Configuration** to edit the settings.
+1. On the **Set up single sign-on with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.
![Edit Basic SAML Configuration](common/edit-urls.png) 1. On the **Basic SAML Configuration** section, enter the values for the following fields:
- In the **Identifier** text box, type a URL using the following pattern:
-
- ```https
- https://<subdomain>.globalview.adp.com/federate
- https://<subdomain>.globalview.adp.com/federate2
- ```
+ In the **Identifier** text box, type a URL using one of the following patterns:
+ | Identifier |
+ | -- |
+ | `https://<subdomain>.globalview.adp.com/federate` |
+ | `https://<subdomain>.globalview.adp.com/federate2` |
+ |
> [!NOTE]
- > This value is not real. Update the value with the actual Identifier. Contact [ADP Globalview Client support team](https://www.adp.com/contact-us/overview.aspx) to get the value. You can also refer to the patterns shown in the **Basic SAML Configuration** section in the Azure portal.
+ > This value is not real. Update the value with the actual Identifier. Contact [ADP Globalview (Deprecated) Client support team](https://www.adp.com/contact-us/overview.aspx) to get the value. You can also refer to the patterns shown in the **Basic SAML Configuration** section in the Azure portal.
1. On the **Set up single sign-on with SAML** page, in the **SAML Signing Certificate** section, find **Certificate (Base64)** and select **Download** to download the certificate and save it on your computer. ![The Certificate download link](common/certificatebase64.png)
-1. On the **Set up ADP Globalview** section, copy the appropriate URL(s) based on your requirement.
+1. On the **Set up ADP Globalview (Deprecated)** section, copy the appropriate URL(s) based on your requirement.
![Copy configuration URLs](common/copy-configuration-urls.png)
In this section, you'll create a test user in the Azure portal called B.Simon.
### Assign the Azure AD test user
-In this section, you'll enable B.Simon to use Azure single sign-on by granting access to ADP Globalview.
+In this section, you'll enable B.Simon to use Azure single sign-on by granting access to ADP Globalview (Deprecated).
1. In the Azure portal, select **Enterprise Applications**, and then select **All applications**.
-1. In the applications list, select **ADP Globalview**.
+1. In the applications list, select **ADP Globalview (Deprecated)**.
1. In the app's overview page, find the **Manage** section and select **Users and groups**.-
- ![The "Users and groups" link](common/users-groups-blade.png)
- 1. Select **Add user**, then select **Users and groups** in the **Add Assignment** dialog.-
- ![The Add User link](common/add-assign-user.png)
- 1. In the **Users and groups** dialog, select **B.Simon** from the Users list, then click the **Select** button at the bottom of the screen.
-1. If you're expecting any role value in the SAML assertion, in the **Select Role** dialog, select the appropriate role for the user from the list and then click the **Select** button at the bottom of the screen.
+1. If you are expecting a role to be assigned to the users, you can select it from the **Select a role** dropdown. If no role has been set up for this app, you see "Default Access" role selected.
1. In the **Add Assignment** dialog, click the **Assign** button.
-## Configure ADP Globalview SSO
-
-To configure single sign-on on **ADP Globalview** side, you need to send the downloaded **Certificate (Base64)** and appropriate copied URLs from Azure portal to [ADP Globalview support team](https://www.adp.com/contact-us/overview.aspx). They set this setting to have the SAML SSO connection set properly on both sides.
+## Configure ADP Globalview (Deprecated) SSO
-### Create ADP Globalview test user
+To configure single sign-on on **ADP Globalview (Deprecated)** side, you need to send the downloaded **Certificate (Base64)** and appropriate copied URLs from Azure portal to [ADP Globalview (Deprecated) support team](https://www.adp.com/contact-us/overview.aspx). They set this setting to have the SAML SSO connection set properly on both sides.
-In this section, you create a user called B.Simon in ADP Globalview. Work with [ADP Globalview support team](https://www.adp.com/contact-us/overview.aspx) to add the users in the ADP Globalview platform. Users must be created and activated before you use single sign-on.
+### Create ADP Globalview (Deprecated) test user
-## Test SSO
+In this section, you create a user called B.Simon in ADP Globalview (Deprecated). Work with [ADP Globalview (Deprecated) support team](https://www.adp.com/contact-us/overview.aspx) to add the users in the ADP Globalview (Deprecated) platform. Users must be created and activated before you use single sign-on.
-In this section, you test your Azure AD single sign-on configuration using the Access Panel.
+## Test SSO
-When you click the ADP Globalview tile in the Access Panel, you should be automatically signed in to the ADP Globalview for which you set up SSO. For more information about the Access Panel, see [Introduction to the Access Panel](../user-help/my-apps-portal-end-user-access.md).
+In this section, you test your Azure AD single sign-on configuration with following options.
-## Additional resources
+* Click on Test this application in Azure portal and you should be automatically signed in to the ADP Globalview (Deprecated) for which you set up the SSO
-- [ List of Tutorials on How to Integrate SaaS Apps with Azure Active Directory ](./tutorial-list.md)
+* You can use Microsoft My Apps. When you click the ADP Globalview (Deprecated) tile in the My Apps, you should be automatically signed in to the ADP Globalview (Deprecated) for which you set up the SSO. For more information about the My Apps, see [Introduction to the My Apps](https://docs.microsoft.com/azure/active-directory/active-directory-saas-access-panel-introduction).
-- [What is application access and single sign-on with Azure Active Directory? ](../manage-apps/what-is-single-sign-on.md) -- [What is conditional access in Azure Active Directory?](../conditional-access/overview.md)
+## Next steps
-- [Try ADP Globalview with Azure AD](https://aad.portal.azure.com/)
+Once you configure ADP Globalview (Deprecated) you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](https://docs.microsoft.com/cloud-app-security/proxy-deployment-any-app).
active-directory Akamai Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/akamai-tutorial.md
In this section, you test your Azure AD single sign-on configuration with follow
* Click on Test this application in Azure portal and you should be automatically signed in to the Akamai for which you set up the SSO.
-* You can use Microsoft My Apps. When you click the Akamai tile in the My Apps, you should be automatically signed in to the Akamai for which you set up the SSO. For more information about the My Apps, see [Introduction to the My Apps](https://docs.microsoft.com/azure/active-directory/active-directory-saas-access-panel-introduction).
+* You can use Microsoft My Apps. When you click the Akamai tile in the My Apps, you should be automatically signed in to the Akamai for which you set up the SSO. For more information about the My Apps, see [Introduction to the My Apps](../user-help/my-apps-portal-end-user-access.md).
## Next steps
-Once you configure Akamai you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](https://docs.microsoft.com/cloud-app-security/proxy-deployment-any-app).
+Once you configure Akamai you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-any-app).
active-directory Amazon Web Service Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/amazon-web-service-tutorial.md
Use the information below to make a decision between using the AWS Single Sign-O
**AWS Single Sign-On**
-[AWS Single Sign-On](https://docs.microsoft.com/azure/active-directory/saas-apps/aws-single-sign-on-tutorial) was added to the Azure AD application gallery in February 2021. It makes it easy to manage access centrally to multiple AWS accounts and AWS applications, with sign-in through Microsoft Azure AD. Federate Microsoft Azure AD with AWS SSO once, and use AWS SSO to manage permissions across all of your AWS accounts from one place. AWS SSO provisions permissions automatically and keeps them current as you update policies and access assignments. End users can authenticate with their Azure AD credentials to access the AWS Console, Command Line Interface, and AWS SSO integrated applications.
+[AWS Single Sign-On](./aws-single-sign-on-tutorial.md) was added to the Azure AD application gallery in February 2021. It makes it easy to manage access centrally to multiple AWS accounts and AWS applications, with sign-in through Microsoft Azure AD. Federate Microsoft Azure AD with AWS SSO once, and use AWS SSO to manage permissions across all of your AWS accounts from one place. AWS SSO provisions permissions automatically and keeps them current as you update policies and access assignments. End users can authenticate with their Azure AD credentials to access the AWS Console, Command Line Interface, and AWS SSO integrated applications.
**AWS Single-Account Access**
-[AWS Single-Account Access](https://docs.microsoft.com/azure/active-directory/saas-apps/amazon-web-service-tutorial) has been used by customers over the past several years and enables you to federate Azure AD to a single AWS account and use Azure AD to manage access to AWS IAM roles. AWS IAM administrators define roles and policies in each AWS account. For each AWS account, Azure AD administrators federate to AWS IAM, assign users or groups to the account, and configure Azure AD to send assertions that authorize role access.
+[AWS Single-Account Access]() has been used by customers over the past several years and enables you to federate Azure AD to a single AWS account and use Azure AD to manage access to AWS IAM roles. AWS IAM administrators define roles and policies in each AWS account. For each AWS account, Azure AD administrators federate to AWS IAM, assign users or groups to the account, and configure Azure AD to send assertions that authorize role access.
| Feature | AWS Single Sign-On | AWS Single-Account Access | |: |::|::|
Once you configure AWS Single-Account Access you can enforce Session Control, wh
[38]: ./media/amazon-web-service-tutorial/tutorial_amazonwebservices_createnewaccesskey.png [39]: ./media/amazon-web-service-tutorial/tutorial_amazonwebservices_provisioning_automatic.png [40]: ./media/amazon-web-service-tutorial/tutorial_amazonwebservices_provisioning_testconnection.png
-[41]: ./media/amazon-web-service-tutorial/tutorial_amazonwebservices_provisioning_on.png
+[41]: ./media/amazon-web-service-tutorial/tutorial_amazonwebservices_provisioning_on.png
active-directory Appdynamics Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/appdynamics-tutorial.md
In this section, you test your Azure AD single sign-on configuration with follow
* Go to AppDynamics Sign-on URL directly and initiate the login flow from there.
-* You can use Microsoft My Apps. When you click the AppDynamics tile in the My Apps, this will redirect to AppDynamics Sign-on URL. For more information about the My Apps, see [Introduction to the My Apps](https://docs.microsoft.com/azure/active-directory/active-directory-saas-access-panel-introduction).
+* You can use Microsoft My Apps. When you click the AppDynamics tile in the My Apps, this will redirect to AppDynamics Sign-on URL. For more information about the My Apps, see [Introduction to the My Apps](../user-help/my-apps-portal-end-user-access.md).
## Next steps
-Once you configure AppDynamics you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](https://docs.microsoft.com/cloud-app-security/proxy-deployment-any-app).
+Once you configure AppDynamics you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-any-app).
active-directory Aws Single Sign On Provisioning Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/aws-single-sign-on-provisioning-tutorial.md
# Tutorial: Configure AWS Single Sign-On for automatic user provisioning
-This tutorial describes the steps you need to perform in both AWS Single Sign-On and Azure Active Directory (Azure AD) to configure automatic user provisioning. When configured, Azure AD automatically provisions and de-provisions users and groups to [AWS Single Sign-On](https://console.aws.amazon.com/singlesignon) using the Azure AD Provisioning service. For important details on what this service does, how it works, and frequently asked questions, see [Automate user provisioning and deprovisioning to SaaS applications with Azure Active Directory](../manage-apps/user-provisioning.md).
+This tutorial describes the steps you need to perform in both AWS Single Sign-On and Azure Active Directory (Azure AD) to configure automatic user provisioning. When configured, Azure AD automatically provisions and de-provisions users and groups to [AWS Single Sign-On](https://console.aws.amazon.com/singlesignon) using the Azure AD Provisioning service. For important details on what this service does, how it works, and frequently asked questions, see [Automate user provisioning and deprovisioning to SaaS applications with Azure Active Directory](../app-provisioning/user-provisioning.md).
## Capabilities Supported
This tutorial describes the steps you need to perform in both AWS Single Sign-On
> * Remove users in AWS Single Sign-On when they no longer require access > * Keep user attributes synchronized between Azure AD and AWS Single Sign-On > * Provision groups and group memberships in AWS Single Sign-On
-> * [Single Sign-On](https://docs.microsoft.com/azure/active-directory/saas-apps/aws-single-sign-on-provisioning-tutorial) to AWS Single Sign-On
+> * [Single Sign-On]() to AWS Single Sign-On
## Prerequisites The scenario outlined in this tutorial assumes that you already have the following prerequisites:
-* [An Azure AD tenant](https://docs.microsoft.com/azure/active-directory/develop/quickstart-create-new-tenant)
-* A user account in Azure AD with [permission](https://docs.microsoft.com/azure/active-directory/users-groups-roles/directory-assign-admin-roles) to configure provisioning (for example, Application Administrator, Cloud Application administrator, Application Owner, or Global Administrator).
+* [An Azure AD tenant](../develop/quickstart-create-new-tenant.md)
+* A user account in Azure AD with [permission](../roles/permissions-reference.md) to configure provisioning (for example, Application Administrator, Cloud Application administrator, Application Owner, or Global Administrator).
* A SAML connection from your Azure AD account to AWS SSO, as described in Tutorial ## Step 1. Plan your provisioning deployment
-1. Learn about [how the provisioning service works](https://docs.microsoft.com/azure/active-directory/manage-apps/user-provisioning).
-2. Determine who will be in [scope for provisioning](https://docs.microsoft.com/azure/active-directory/manage-apps/define-conditional-rules-for-provisioning-user-accounts).
-3. Determine what data to [map between Azure AD and AWS Single Sign-On](https://docs.microsoft.com/azure/active-directory/manage-apps/customize-application-attributes).
+1. Learn about [how the provisioning service works](../app-provisioning/user-provisioning.md).
+2. Determine who will be in [scope for provisioning](../app-provisioning/define-conditional-rules-for-provisioning-user-accounts.md).
+3. Determine what data to [map between Azure AD and AWS Single Sign-On](../app-provisioning/customize-application-attributes.md).
## Step 2. Configure AWS Single Sign-On to support provisioning with Azure AD
The scenario outlined in this tutorial assumes that you already have the followi
## Step 3. Add AWS Single Sign-On from the Azure AD application gallery
-Add AWS Single Sign-On from the Azure AD application gallery to start managing provisioning to AWS Single Sign-On. If you have previously setup AWS Single Sign-On for SSO, you can use the same application. Learn more about adding an application from the gallery [here](https://docs.microsoft.com/azure/active-directory/manage-apps/add-gallery-app).
+Add AWS Single Sign-On from the Azure AD application gallery to start managing provisioning to AWS Single Sign-On. If you have previously setup AWS Single Sign-On for SSO, you can use the same application. Learn more about adding an application from the gallery [here](../manage-apps/add-application-portal.md).
## Step 4. Define who will be in scope for provisioning
-The Azure AD provisioning service allows you to scope who will be provisioned based on assignment to the application and or based on attributes of the user / group. If you choose to scope who will be provisioned to your app based on assignment, you can use the following [steps](../manage-apps/assign-user-or-group-access-portal.md) to assign users and groups to the application. If you choose to scope who will be provisioned based solely on attributes of the user or group, you can use a scoping filter as described [here](https://docs.microsoft.com/azure/active-directory/manage-apps/define-conditional-rules-for-provisioning-user-accounts).
+The Azure AD provisioning service allows you to scope who will be provisioned based on assignment to the application and or based on attributes of the user / group. If you choose to scope who will be provisioned to your app based on assignment, you can use the following [steps](../manage-apps/assign-user-or-group-access-portal.md) to assign users and groups to the application. If you choose to scope who will be provisioned based solely on attributes of the user or group, you can use a scoping filter as described [here](../app-provisioning/define-conditional-rules-for-provisioning-user-accounts.md).
-* When assigning users and groups to AWS Single Sign-On, you must select a role other than **Default Access**. Users with the Default Access role are excluded from provisioning and will be marked as not effectively entitled in the provisioning logs. If the only role available on the application is the default access role, you can [update the application manifest](https://docs.microsoft.com/azure/active-directory/develop/howto-add-app-roles-in-azure-ad-apps) to add additional roles.
+* When assigning users and groups to AWS Single Sign-On, you must select a role other than **Default Access**. Users with the Default Access role are excluded from provisioning and will be marked as not effectively entitled in the provisioning logs. If the only role available on the application is the default access role, you can [update the application manifest](../develop/howto-add-app-roles-in-azure-ad-apps.md) to add additional roles.
-* Start small. Test with a small set of users and groups before rolling out to everyone. When scope for provisioning is set to assigned users and groups, you can control this by assigning one or two users or groups to the app. When scope is set to all users and groups, you can specify an [attribute based scoping filter](https://docs.microsoft.com/azure/active-directory/manage-apps/define-conditional-rules-for-provisioning-user-accounts).
+* Start small. Test with a small set of users and groups before rolling out to everyone. When scope for provisioning is set to assigned users and groups, you can control this by assigning one or two users or groups to the app. When scope is set to all users and groups, you can specify an [attribute based scoping filter](../app-provisioning/define-conditional-rules-for-provisioning-user-accounts.md).
## Step 5. Configure automatic user provisioning to AWS Single Sign-On
This section guides you through the steps to configure the Azure AD provisioning
8. Under the **Mappings** section, select **Synchronize Azure Active Directory Users to AWS Single Sign-On**.
-9. Review the user attributes that are synchronized from Azure AD to AWS Single Sign-On in the **Attribute-Mapping** section. The attributes selected as **Matching** properties are used to match the user accounts in AWS Single Sign-On for update operations. If you choose to change the [matching target attribute](https://docs.microsoft.com/azure/active-directory/manage-apps/customize-application-attributes), you will need to ensure that the AWS Single Sign-On API supports filtering users based on that attribute. Select the **Save** button to commit any changes.
+9. Review the user attributes that are synchronized from Azure AD to AWS Single Sign-On in the **Attribute-Mapping** section. The attributes selected as **Matching** properties are used to match the user accounts in AWS Single Sign-On for update operations. If you choose to change the [matching target attribute](../app-provisioning/customize-application-attributes.md), you will need to ensure that the AWS Single Sign-On API supports filtering users based on that attribute. Select the **Save** button to commit any changes.
|Attribute|Type|Supported for Filtering| ||||
This section guides you through the steps to configure the Azure AD provisioning
|externalId|String| |members|Reference|
-12. To configure scoping filters, refer to the following instructions provided in the [Scoping filter tutorial](../manage-apps/define-conditional-rules-for-provisioning-user-accounts.md).
+12. To configure scoping filters, refer to the following instructions provided in the [Scoping filter tutorial](../app-provisioning/define-conditional-rules-for-provisioning-user-accounts.md).
13. To enable the Azure AD provisioning service for AWS Single Sign-On, change the **Provisioning Status** to **On** in the **Settings** section.
This operation starts the initial synchronization cycle of all users and groups
## Step 6. Monitor your deployment Once you've configured provisioning, use the following resources to monitor your deployment:
-1. Use the [provisioning logs](https://docs.microsoft.com/azure/active-directory/reports-monitoring/concept-provisioning-logs) to determine which users have been provisioned successfully or unsuccessfully
-2. Check the [progress bar](https://docs.microsoft.com/azure/active-directory/app-provisioning/application-provisioning-when-will-provisioning-finish-specific-user) to see the status of the provisioning cycle and how close it is to completion
-3. If the provisioning configuration seems to be in an unhealthy state, the application will go into quarantine. Learn more about quarantine states [here](https://docs.microsoft.com/azure/active-directory/manage-apps/application-provisioning-quarantine-status).
+1. Use the [provisioning logs](../reports-monitoring/concept-provisioning-logs.md) to determine which users have been provisioned successfully or unsuccessfully
+2. Check the [progress bar](../app-provisioning/application-provisioning-when-will-provisioning-finish-specific-user.md) to see the status of the provisioning cycle and how close it is to completion
+3. If the provisioning configuration seems to be in an unhealthy state, the application will go into quarantine. Learn more about quarantine states [here](../app-provisioning/application-provisioning-quarantine-status.md).
## Troubleshooting Tips Check the AWS SSO troubleshooting tips [here](https://docs.aws.amazon.com/singlesignon/latest/userguide/azure-ad-idp.html#azure-ad-troubleshooting). ## Additional resources
-* [Managing user account provisioning for Enterprise Apps](../manage-apps/configure-automatic-user-provisioning-portal.md)
+* [Managing user account provisioning for Enterprise Apps](../app-provisioning/configure-automatic-user-provisioning-portal.md)
* [What is application access and Single Sign-On with Azure Active Directory?](../manage-apps/what-is-single-sign-on.md) ## Next steps
-* [Learn how to review logs and get reports on provisioning activity](../manage-apps/check-status-user-account-provisioning.md)
+* [Learn how to review logs and get reports on provisioning activity](../app-provisioning/check-status-user-account-provisioning.md)
active-directory Aws Single Sign On Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/aws-single-sign-on-tutorial.md
In this tutorial, you configure and test Azure AD SSO in a test environment.
* AWS Single Sign-on supports **SP and IDP** initiated SSO
-* AWS Single Sign-on supports [**Automated user provisioning**](https://docs.microsoft.com/azure/active-directory/saas-apps/aws-single-sign-on-provisioning-tutorial).
+* AWS Single Sign-on supports [**Automated user provisioning**](./aws-single-sign-on-provisioning-tutorial.md).
## Adding AWS Single Sign-on from the gallery
about permission sets, see the AWS SSO **Permission Sets** page.
10. Choose **Finish**. > [!NOTE]
-> AWS Single Sign-on also supports automatic user provisioning, you can find more details [here](https://docs.microsoft.com/azure/active-directory/saas-apps/aws-single-sign-on-provisioning-tutorial) on how to configure automatic user provisioning.
+> AWS Single Sign-on also supports automatic user provisioning, you can find more details [here](./aws-single-sign-on-provisioning-tutorial.md) on how to configure automatic user provisioning.
## Test SSO
In this section, you test your Azure AD single sign-on configuration with follow
* Click on **Test this application** in Azure portal and you should be automatically signed in to the AWS Single Sign-on for which you set up the SSO
-You can also use Microsoft My Apps to test the application in any mode. When you click the AWS Single Sign-on tile in the My Apps, if configured in SP mode you would be redirected to the application sign on page for initiating the login flow and if configured in IDP mode, you should be automatically signed in to the AWS Single Sign-on for which you set up the SSO. For more information about the My Apps, see [Introduction to the My Apps](https://docs.microsoft.com/azure/active-directory/active-directory-saas-access-panel-introduction).
+You can also use Microsoft My Apps to test the application in any mode. When you click the AWS Single Sign-on tile in the My Apps, if configured in SP mode you would be redirected to the application sign on page for initiating the login flow and if configured in IDP mode, you should be automatically signed in to the AWS Single Sign-on for which you set up the SSO. For more information about the My Apps, see [Introduction to the My Apps](../user-help/my-apps-portal-end-user-access.md).
## Next steps
-Once you configure AWS Single Sign-on you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](https://docs.microsoft.com/cloud-app-security/proxy-deployment-any-app).
--
+Once you configure AWS Single Sign-on you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-any-app).
active-directory Boomi Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/boomi-tutorial.md
In this section, you test your Azure AD single sign-on configuration with follow
* Click on Test this application in Azure portal and you should be automatically signed in to the Boomi for which you set up the SSO.
-* You can use Microsoft My Apps. When you click the Boomi tile in the My Apps, you should be automatically signed in to the Boomi for which you set up the SSO. For more information about the My Apps, see [Introduction to the My Apps](https://docs.microsoft.com/azure/active-directory/active-directory-saas-access-panel-introduction).
+* You can use Microsoft My Apps. When you click the Boomi tile in the My Apps, you should be automatically signed in to the Boomi for which you set up the SSO. For more information about the My Apps, see [Introduction to the My Apps](../user-help/my-apps-portal-end-user-access.md).
## Next steps
-Once you configure Boomi you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](https://docs.microsoft.com/cloud-app-security/proxy-deployment-any-app).
+Once you configure Boomi you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-any-app).
active-directory Bpanda Provisioning Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/bpanda-provisioning-tutorial.md
# Tutorial: Configure Bpanda for automatic user provisioning
-This tutorial describes the steps you need to perform in both Bpanda and Azure Active Directory (Azure AD) to configure automatic user provisioning. When configured, Azure AD automatically provisions and de-provisions users and groups to [Bpanda](http://www.mid.de) using the Azure AD Provisioning service. For important details on what this service does, how it works, and frequently asked questions, see [Automate user provisioning and deprovisioning to SaaS applications with Azure Active Directory](../manage-apps/user-provisioning.md).
+This tutorial describes the steps you need to perform in both Bpanda and Azure Active Directory (Azure AD) to configure automatic user provisioning. When configured, Azure AD automatically provisions and de-provisions users and groups to [Bpanda](http://www.mid.de) using the Azure AD Provisioning service. For important details on what this service does, how it works, and frequently asked questions, see [Automate user provisioning and deprovisioning to SaaS applications with Azure Active Directory](../app-provisioning/user-provisioning.md).
## Capabilities Supported
This tutorial describes the steps you need to perform in both Bpanda and Azure A
The scenario outlined in this tutorial assumes that you already have the following prerequisites:
-* [An Azure AD tenant](https://docs.microsoft.com/azure/active-directory/develop/quickstart-create-new-tenant)
-* A user account in Azure AD with [permission](https://docs.microsoft.com/azure/active-directory/users-groups-roles/directory-assign-admin-roles) to configure provisioning (for example, Application Administrator, Cloud Application administrator, Application Owner, or Global Administrator).
+* [An Azure AD tenant](../develop/quickstart-create-new-tenant.md)
+* A user account in Azure AD with [permission](../roles/permissions-reference.md) to configure provisioning (for example, Application Administrator, Cloud Application administrator, Application Owner, or Global Administrator).
* A cloud subscription process space in Bpanda. For on-premises, see our installation documentation. ## Step 1. Plan your provisioning deployment
-1. Learn about [how the provisioning service works](https://docs.microsoft.com/azure/active-directory/manage-apps/user-provisioning).
-2. Determine who will be in [scope for provisioning](https://docs.microsoft.com/azure/active-directory/manage-apps/define-conditional-rules-for-provisioning-user-accounts).
-3. Determine what data to [map between Azure AD and Bpanda](https://docs.microsoft.com/azure/active-directory/manage-apps/customize-application-attributes).
+1. Learn about [how the provisioning service works](../app-provisioning/user-provisioning.md).
+2. Determine who will be in [scope for provisioning](../app-provisioning/define-conditional-rules-for-provisioning-user-accounts.md).
+3. Determine what data to [map between Azure AD and Bpanda](../app-provisioning/customize-application-attributes.md).
## Step 2. Configure Bpanda to support provisioning with Azure AD 1. Reach out to support@mid.de for more information on your authentication Tenant URL.
This value will be entered in the **Secret Token** field in the Provisioning tab
## Step 3. Add Bpanda from the Azure AD application gallery
-Add Bpanda from the Azure AD application gallery to start managing provisioning to Bpanda. If you have previously setup Bpanda for SSO, you can use the same application. However it is recommended that you create a separate app when testing out the integration initially. Learn more about adding an application from the gallery [here](https://docs.microsoft.com/azure/active-directory/manage-apps/add-gallery-app).
+Add Bpanda from the Azure AD application gallery to start managing provisioning to Bpanda. If you have previously setup Bpanda for SSO, you can use the same application. However it is recommended that you create a separate app when testing out the integration initially. Learn more about adding an application from the gallery [here](../manage-apps/add-application-portal.md).
## Step 4. Define who will be in scope for provisioning
-The Azure AD provisioning service allows you to scope who will be provisioned based on assignment to the application and or based on attributes of the user / group. If you choose to scope who will be provisioned to your app based on assignment, you can use the following [steps](../manage-apps/assign-user-or-group-access-portal.md) to assign users and groups to the application. If you choose to scope who will be provisioned based solely on attributes of the user or group, you can use a scoping filter as described [here](https://docs.microsoft.com/azure/active-directory/manage-apps/define-conditional-rules-for-provisioning-user-accounts).
+The Azure AD provisioning service allows you to scope who will be provisioned based on assignment to the application and or based on attributes of the user / group. If you choose to scope who will be provisioned to your app based on assignment, you can use the following [steps](../manage-apps/assign-user-or-group-access-portal.md) to assign users and groups to the application. If you choose to scope who will be provisioned based solely on attributes of the user or group, you can use a scoping filter as described [here](../app-provisioning/define-conditional-rules-for-provisioning-user-accounts.md).
-* When assigning users and groups to Bpanda, you must select a role other than **Default Access**. Users with the Default Access role are excluded from provisioning and will be marked as not effectively entitled in the provisioning logs. If the only role available on the application is the default access role, you can [update the application manifest](https://docs.microsoft.com/azure/active-directory/develop/howto-add-app-roles-in-azure-ad-apps) to add additional roles.
+* When assigning users and groups to Bpanda, you must select a role other than **Default Access**. Users with the Default Access role are excluded from provisioning and will be marked as not effectively entitled in the provisioning logs. If the only role available on the application is the default access role, you can [update the application manifest](../develop/howto-add-app-roles-in-azure-ad-apps.md) to add additional roles.
-* Start small. Test with a small set of users and groups before rolling out to everyone. When scope for provisioning is set to assigned users and groups, you can control this by assigning one or two users or groups to the app. When scope is set to all users and groups, you can specify an [attribute based scoping filter](https://docs.microsoft.com/azure/active-directory/manage-apps/define-conditional-rules-for-provisioning-user-accounts).
+* Start small. Test with a small set of users and groups before rolling out to everyone. When scope for provisioning is set to assigned users and groups, you can control this by assigning one or two users or groups to the app. When scope is set to all users and groups, you can specify an [attribute based scoping filter](../app-provisioning/define-conditional-rules-for-provisioning-user-accounts.md).
## Step 5. Configure automatic user provisioning to Bpanda
This section guides you through the steps to configure the Azure AD provisioning
8. Under the **Mappings** section, select **Synchronize Azure Active Directory Users to Bpanda**.
-9. Review the user attributes that are synchronized from Azure AD to Bpanda in the **Attribute-Mapping** section. The attributes selected as **Matching** properties are used to match the user accounts in Bpanda for update operations. If you choose to change the [matching target attribute](https://docs.microsoft.com/azure/active-directory/manage-apps/customize-application-attributes), you will need to ensure that the Bpanda API supports filtering users based on that attribute. Select the **Save** button to commit any changes.
+9. Review the user attributes that are synchronized from Azure AD to Bpanda in the **Attribute-Mapping** section. The attributes selected as **Matching** properties are used to match the user accounts in Bpanda for update operations. If you choose to change the [matching target attribute](../app-provisioning/customize-application-attributes.md), you will need to ensure that the Bpanda API supports filtering users based on that attribute. Select the **Save** button to commit any changes.
|Attribute|Type|Supported for Filtering| ||||
This section guides you through the steps to configure the Azure AD provisioning
|externalId|String| |members|Reference|
-12. To configure scoping filters, refer to the following instructions provided in the [Scoping filter tutorial](../manage-apps/define-conditional-rules-for-provisioning-user-accounts.md).
+12. To configure scoping filters, refer to the following instructions provided in the [Scoping filter tutorial](../app-provisioning/define-conditional-rules-for-provisioning-user-accounts.md).
13. To enable the Azure AD provisioning service for Bpanda, change the **Provisioning Status** to **On** in the **Settings** section.
This operation starts the initial synchronization cycle of all users and groups
## Step 6. Monitor your deployment Once you've configured provisioning, use the following resources to monitor your deployment:
-1. Use the [provisioning logs](https://docs.microsoft.com/azure/active-directory/reports-monitoring/concept-provisioning-logs) to determine which users have been provisioned successfully or unsuccessfully
-2. Check the [progress bar](https://docs.microsoft.com/azure/active-directory/app-provisioning/application-provisioning-when-will-provisioning-finish-specific-user) to see the status of the provisioning cycle and how close it is to completion
-3. If the provisioning configuration seems to be in an unhealthy state, the application will go into quarantine. Learn more about quarantine states [here](https://docs.microsoft.com/azure/active-directory/manage-apps/application-provisioning-quarantine-status).
+1. Use the [provisioning logs](../reports-monitoring/concept-provisioning-logs.md) to determine which users have been provisioned successfully or unsuccessfully
+2. Check the [progress bar](../app-provisioning/application-provisioning-when-will-provisioning-finish-specific-user.md) to see the status of the provisioning cycle and how close it is to completion
+3. If the provisioning configuration seems to be in an unhealthy state, the application will go into quarantine. Learn more about quarantine states [here](../app-provisioning/application-provisioning-quarantine-status.md).
## Additional resources
-* [Managing user account provisioning for Enterprise Apps](../manage-apps/configure-automatic-user-provisioning-portal.md)
+* [Managing user account provisioning for Enterprise Apps](../app-provisioning/configure-automatic-user-provisioning-portal.md)
* [What is application access and single sign-on with Azure Active Directory?](../manage-apps/what-is-single-sign-on.md) ## Next steps
-* [Learn how to review logs and get reports on provisioning activity](../manage-apps/check-status-user-account-provisioning.md)
+* [Learn how to review logs and get reports on provisioning activity](../app-provisioning/check-status-user-account-provisioning.md)
active-directory Broadcom Dx Saas Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/broadcom-dx-saas-tutorial.md
In this section, you test your Azure AD single sign-on configuration with follow
* Click on Test this application in Azure portal and you should be automatically signed in to the Broadcom DX SaaS for which you set up the SSO.
-* You can use Microsoft My Apps. When you click the Broadcom DX SaaS tile in the My Apps, you should be automatically signed in to the Broadcom DX SaaS for which you set up the SSO. For more information about the My Apps, see [Introduction to the My Apps](https://docs.microsoft.com/azure/active-directory/active-directory-saas-access-panel-introduction).
+* You can use Microsoft My Apps. When you click the Broadcom DX SaaS tile in the My Apps, you should be automatically signed in to the Broadcom DX SaaS for which you set up the SSO. For more information about the My Apps, see [Introduction to the My Apps](../user-help/my-apps-portal-end-user-access.md).
## Next Steps
-Once you configure Broadcom DX SaaS you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](https://docs.microsoft.com/cloud-app-security/proxy-deployment-any-app).
+Once you configure Broadcom DX SaaS you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-any-app).
active-directory Cisco Spark Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/cisco-spark-tutorial.md
To get started, you need the following items:
In this tutorial, you configure and test Azure AD SSO in a test environment. * Cisco Webex supports **SP** initiated SSO.
-* Cisco Webex supports [**Automated user provisioning**](https://docs.microsoft.com/azure/active-directory/saas-apps/cisco-webex-provisioning-tutorial).
+* Cisco Webex supports [**Automated user provisioning**](./cisco-webex-provisioning-tutorial.md).
## Adding Cisco Webex from the gallery
In this section, you'll enable B.Simon to use Azure single sign-on by granting a
### Create Cisco Webex test user
-In this section, a user called B.Simon is created in Cisco Webex.This application supports automatic user provisioning, which enables automatic provisioning and deprovisioning based on your business rules. Microsoft recommends using automatic provisioning whenever possible. See how to enable auto provisioning for [Cisco Webex](https://docs.microsoft.com/azure/active-directory/saas-apps/cisco-webex-provisioning-tutorial).
+In this section, a user called B.Simon is created in Cisco Webex.This application supports automatic user provisioning, which enables automatic provisioning and deprovisioning based on your business rules. Microsoft recommends using automatic provisioning whenever possible. See how to enable auto provisioning for [Cisco Webex](./cisco-webex-provisioning-tutorial.md).
If you need to create a user manually, perform the following steps:
In this section, you test your Azure AD single sign-on configuration with follow
* Go to Cisco Webex Sign-on URL directly and initiate the login flow from there.
-* You can use Microsoft My Apps. When you click the Cisco Webex tile in the My Apps, this will redirect to Cisco Webex Sign-on URL. For more information about the My Apps, see [Introduction to the My Apps](https://docs.microsoft.com/azure/active-directory/active-directory-saas-access-panel-introduction).
+* You can use Microsoft My Apps. When you click the Cisco Webex tile in the My Apps, this will redirect to Cisco Webex Sign-on URL. For more information about the My Apps, see [Introduction to the My Apps](../user-help/my-apps-portal-end-user-access.md).
## Next steps
active-directory Cisco Webex Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/cisco-webex-tutorial.md
In this section, you test your Azure AD single sign-on configuration with follow
* Click on **Test this application** in Azure portal and you should be automatically signed in to the Cisco Webex Meetings for which you set up the SSO.
-You can also use Microsoft My Apps to test the application in any mode. When you click the Cisco Webex Meetings tile in the My Apps, if configured in SP mode you would be redirected to the application sign on page for initiating the login flow and if configured in IDP mode, you should be automatically signed in to the Cisco Webex Meetings for which you set up the SSO. For more information about the My Apps, see [Introduction to the My Apps](https://docs.microsoft.com/azure/active-directory/active-directory-saas-access-panel-introduction).
+You can also use Microsoft My Apps to test the application in any mode. When you click the Cisco Webex Meetings tile in the My Apps, if configured in SP mode you would be redirected to the application sign on page for initiating the login flow and if configured in IDP mode, you should be automatically signed in to the Cisco Webex Meetings for which you set up the SSO. For more information about the My Apps, see [Introduction to the My Apps](../user-help/my-apps-portal-end-user-access.md).
## Next steps
-Once you configure Cisco Webex Meetings you can enforce Session Control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session Control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-aad)
+Once you configure Cisco Webex Meetings you can enforce Session Control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session Control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-aad)
active-directory Dropboxforbusiness Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/dropboxforbusiness-tutorial.md
In this section, you test your Azure AD single sign-on configuration with follow
## Next steps
-Once you configure Dropbox Business you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](https://docs.microsoft.com/cloud-app-security/proxy-deployment-any-app).
+Once you configure Dropbox Business you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-any-app).
active-directory Evergreen Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/evergreen-tutorial.md
In this section, you test your Azure AD single sign-on configuration with follow
* Click on **Test this application** in Azure portal and you should be automatically signed in to the Evergreen for which you set up the SSO.
-You can also use Microsoft My Apps to test the application in any mode. When you click the Evergreen tile in the My Apps, if configured in SP mode you would be redirected to the application sign on page for initiating the login flow and if configured in IDP mode, you should be automatically signed in to the Evergreen for which you set up the SSO. For more information about the My Apps, see [Introduction to the My Apps](https://docs.microsoft.com/azure/active-directory/active-directory-saas-access-panel-introduction).
+You can also use Microsoft My Apps to test the application in any mode. When you click the Evergreen tile in the My Apps, if configured in SP mode you would be redirected to the application sign on page for initiating the login flow and if configured in IDP mode, you should be automatically signed in to the Evergreen for which you set up the SSO. For more information about the My Apps, see [Introduction to the My Apps](../user-help/my-apps-portal-end-user-access.md).
## Next steps
-Once you configure Evergreen you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](https://docs.microsoft.com/cloud-app-security/proxy-deployment-any-app).
+Once you configure Evergreen you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-any-app).
active-directory Exceed Ai Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/exceed-ai-tutorial.md
In this section, you test your Azure AD single sign-on configuration with follow
* Go to Exceed.ai Sign-on URL directly and initiate the login flow from there.
-* You can use Microsoft My Apps. When you click the Exceed.ai tile in the My Apps, this will redirect to Exceed.ai Sign-on URL. For more information about the My Apps, see [Introduction to the My Apps](https://docs.microsoft.com/azure/active-directory/active-directory-saas-access-panel-introduction).
+* You can use Microsoft My Apps. When you click the Exceed.ai tile in the My Apps, this will redirect to Exceed.ai Sign-on URL. For more information about the My Apps, see [Introduction to the My Apps](../user-help/my-apps-portal-end-user-access.md).
## Next steps
-Once you configure Exceed.ai you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](https://docs.microsoft.com/cloud-app-security/proxy-deployment-any-app).
--
+Once you configure Exceed.ai you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-any-app).
active-directory Expensify Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/expensify-tutorial.md
In this section, you test your Azure AD single sign-on configuration with follow
* Go to Expensify Sign-on URL directly and initiate the login flow from there.
-* You can use Microsoft My Apps. When you click the Expensify tile in the My Apps, this will redirect to Expensify Sign-on URL. For more information about the My Apps, see [Introduction to the My Apps](https://docs.microsoft.com/azure/active-directory/active-directory-saas-access-panel-introduction).
+* You can use Microsoft My Apps. When you click the Expensify tile in the My Apps, this will redirect to Expensify Sign-on URL. For more information about the My Apps, see [Introduction to the My Apps](../user-help/my-apps-portal-end-user-access.md).
## Next steps
-Once you configure Expensify you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](https://docs.microsoft.com/cloud-app-security/proxy-deployment-any-app).
+Once you configure Expensify you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-any-app).
active-directory Fax.Plus Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/fax.plus-tutorial.md
In this section, you test your Azure AD single sign-on configuration with follow
* Click on **Test this application** in Azure portal and you should be automatically signed in to the FAX.PLUS for which you set up the SSO.
-You can also use Microsoft My Apps to test the application in any mode. When you click the FAX.PLUS tile in the My Apps, if configured in SP mode you would be redirected to the application sign on page for initiating the login flow and if configured in IDP mode, you should be automatically signed in to the FAX.PLUS for which you set up the SSO. For more information about the My Apps, see [Introduction to the My Apps](https://docs.microsoft.com/azure/active-directory/active-directory-saas-access-panel-introduction).
+You can also use Microsoft My Apps to test the application in any mode. When you click the FAX.PLUS tile in the My Apps, if configured in SP mode you would be redirected to the application sign on page for initiating the login flow and if configured in IDP mode, you should be automatically signed in to the FAX.PLUS for which you set up the SSO. For more information about the My Apps, see [Introduction to the My Apps](../user-help/my-apps-portal-end-user-access.md).
## Next steps
-Once you configure FAX.PLUS you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](https://docs.microsoft.com/cloud-app-security/proxy-deployment-any-app).
+Once you configure FAX.PLUS you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-any-app).
active-directory Fortes Change Cloud Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/fortes-change-cloud-tutorial.md
Previously updated : 04/06/2020 Last updated : 03/18/2021
In this tutorial, you'll learn how to integrate Fortes Change Cloud with Azure A
* Enable your users to be automatically signed-in to Fortes Change Cloud with their Azure AD accounts. * Manage your accounts in one central location - the Azure portal.
-To learn more about SaaS app integration with Azure AD, see [What is application access and single sign-on with Azure Active Directory](../manage-apps/what-is-single-sign-on.md).
- ## Prerequisites To get started, you need the following items:
To get started, you need the following items:
In this tutorial, you configure and test Azure AD SSO in a test environment.
-* Fortes Change Cloud supports **SP and IDP** initiated SSO
-* Once you configure Fortes Change Cloud you can enforce session control, which protect exfiltration and infiltration of your organizationΓÇÖs sensitive data in real-time. Session control extend from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-any-app).
+* Fortes Change Cloud supports **SP and IDP** initiated SSO.
## Adding Fortes Change Cloud from the gallery To configure the integration of Fortes Change Cloud into Azure AD, you need to add Fortes Change Cloud from the gallery to your list of managed SaaS apps.
-1. Sign in to the [Azure portal](https://portal.azure.com) using either a work or school account, or a personal Microsoft account.
+1. Sign in to the Azure portal using either a work or school account, or a personal Microsoft account.
1. On the left navigation pane, select the **Azure Active Directory** service. 1. Navigate to **Enterprise Applications** and then select **All Applications**. 1. To add new application, select **New application**. 1. In the **Add from the gallery** section, type **Fortes Change Cloud** in the search box. 1. Select **Fortes Change Cloud** from results panel and then add the app. Wait a few seconds while the app is added to your tenant. -
-## Configure and test Azure AD single sign-on for Fortes Change Cloud
+## Configure and test Azure AD SSO for Fortes Change Cloud
Configure and test Azure AD SSO with Fortes Change Cloud using a test user called **B.Simon**. For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in Fortes Change Cloud.
-To configure and test Azure AD SSO with Fortes Change Cloud, complete the following building blocks:
+To configure and test Azure AD SSO with Fortes Change Cloud, perform the following steps:
1. **[Configure Azure AD SSO](#configure-azure-ad-sso)** - to enable your users to use this feature. 1. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon.
To configure and test Azure AD SSO with Fortes Change Cloud, complete the follow
Follow these steps to enable Azure AD SSO in the Azure portal.
-1. In the [Azure portal](https://portal.azure.com/), on the **Fortes Change Cloud** application integration page, find the **Manage** section and select **single sign-on**.
+1. In the Azure portal, on the **Fortes Change Cloud** application integration page, find the **Manage** section and select **single sign-on**.
1. On the **Select a single sign-on method** page, select **SAML**.
-1. On the **Set up single sign-on with SAML** page, click the edit/pen icon for **Basic SAML Configuration** to edit the settings.
+1. On the **Set up single sign-on with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.
![Edit Basic SAML Configuration](common/edit-urls.png) 1. On the **Basic SAML Configuration** section, if you wish to configure the application in **IDP** initiated mode, enter the values for the following fields: a. In the **Identifier** text box, type a URL using the following pattern:
- `https://<identifier>.fortes-online.com/saml/metadata`
+ `https://<UNIQUE_IDENTIFIER>.fortes-online.com/saml/metadata`
b. In the **Reply URL** text box, type a URL using the following pattern:
- `https://<identifier>.fortes-online.com/saml/SSO`
+ `https://<UNIQUE_IDENTIFIER>.fortes-online.com/`
1. Click **Set additional URLs** and perform the following step if you wish to configure the application in **SP** initiated mode: In the **Sign-on URL** text box, type a URL using the following pattern:
- `https://<identifier>.fortes-online.com/saml/SSO`
+ `https://<UNIQUE_IDENTIFIER>.fortes-online.com/saml/SSO`
> [!NOTE] > These values are not real. Update these values with the actual Identifier, Reply URL and Sign-on URL. Contact [Fortes Change Cloud Client support team](mailto:support@fortes.nl) to get these values. You can also refer to the patterns shown in the **Basic SAML Configuration** section in the Azure portal.
In this section, you'll enable B.Simon to use Azure single sign-on by granting a
1. In the Azure portal, select **Enterprise Applications**, and then select **All applications**. 1. In the applications list, select **Fortes Change Cloud**. 1. In the app's overview page, find the **Manage** section and select **Users and groups**.-
- ![The "Users and groups" link](common/users-groups-blade.png)
- 1. Select **Add user**, then select **Users and groups** in the **Add Assignment** dialog.-
- ![The Add User link](common/add-assign-user.png)
- 1. In the **Users and groups** dialog, select **B.Simon** from the Users list, then click the **Select** button at the bottom of the screen.
-1. If you're expecting any role value in the SAML assertion, in the **Select Role** dialog, select the appropriate role for the user from the list and then click the **Select** button at the bottom of the screen.
+1. If you are expecting a role to be assigned to the users, you can select it from the **Select a role** dropdown. If no role has been set up for this app, you see "Default Access" role selected.
1. In the **Add Assignment** dialog, click the **Assign** button. ## Configure Fortes Change Cloud SSO
In this section, you create a user called Britta Simon in Fortes Change Cloud. W
## Test SSO
-In this section, you test your Azure AD single sign-on configuration using the Access Panel.
+In this section, you test your Azure AD single sign-on configuration with following options.
-When you click the Fortes Change Cloud tile in the Access Panel, you should be automatically signed in to the Fortes Change Cloud for which you set up SSO. For more information about the Access Panel, see [Introduction to the Access Panel](../user-help/my-apps-portal-end-user-access.md).
+#### SP initiated:
-## Additional resources
+* Click on **Test this application** in Azure portal. This will redirect to Fortes Change Cloud Sign on URL where you can initiate the login flow.
-- [ List of Tutorials on How to Integrate SaaS Apps with Azure Active Directory ](./tutorial-list.md)
+* Go to Fortes Change Cloud Sign-on URL directly and initiate the login flow from there.
-- [What is application access and single sign-on with Azure Active Directory? ](../manage-apps/what-is-single-sign-on.md)
+#### IDP initiated:
-- [What is conditional access in Azure Active Directory?](../conditional-access/overview.md)
+* Click on **Test this application** in Azure portal and you should be automatically signed in to the Fortes Change Cloud for which you set up the SSO
-- [Try Fortes Change Cloud with Azure AD](https://aad.portal.azure.com/)
+You can also use Microsoft My Apps to test the application in any mode. When you click the Fortes Change Cloud tile in the My Apps, if configured in SP mode you would be redirected to the application sign on page for initiating the login flow and if configured in IDP mode, you should be automatically signed in to the Fortes Change Cloud for which you set up the SSO. For more information about the My Apps, see [Introduction to the My Apps](https://docs.microsoft.com/azure/active-directory/active-directory-saas-access-panel-introduction).
-- [What is session control in Microsoft Cloud App Security?](/cloud-app-security/proxy-intro-aad)
+## Next steps
-- [How to protect Fortes Change Cloud with advanced visibility and controls](/cloud-app-security/proxy-intro-aad)
+Once you configure Fortes Change Cloud you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-any-app).
active-directory Fortisase Sia Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/fortisase-sia-tutorial.md
In this section, you test your Azure AD single sign-on configuration with follow
* Go to FortiSASE SIA Sign-on URL directly and initiate the login flow from there.
-* You can use Microsoft My Apps. When you click the FortiSASE SIA tile in the My Apps, this will redirect to FortiSASE SIA Sign-on URL. For more information about the My Apps, see [Introduction to the My Apps](https://docs.microsoft.com/azure/active-directory/active-directory-saas-access-panel-introduction).
+* You can use Microsoft My Apps. When you click the FortiSASE SIA tile in the My Apps, this will redirect to FortiSASE SIA Sign-on URL. For more information about the My Apps, see [Introduction to the My Apps](../user-help/my-apps-portal-end-user-access.md).
## Next steps
-Once you configure FortiSASE SIA you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](https://docs.microsoft.com/cloud-app-security/proxy-deployment-any-app).
--
+Once you configure FortiSASE SIA you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-any-app).
active-directory G Suite Provisioning Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/g-suite-provisioning-tutorial.md
Previously updated : 01/06/2020 Last updated : 03/18/2021
Once you've configured provisioning, use the following resources to monitor your
* 10/17/2020 - Added support for additional G Suite user and group attributes. * 10/17/2020 - Updated G Suite target attribute names to match what is defined [here](https://developers.google.com/admin-sdk/directory). * 10/17/2020 - Updated default attribute mappings.
+* 03/18/2021 - Manager email is now synchronized instead of ID for all new users. For any existing users that were provisioned with a manager as an ID, you can do a restart through [Microsoft Graph](https://docs.microsoft.com/graph/api/synchronization-synchronizationjob-restart?view=graph-rest-beta&tabs=http) with scope "full" to ensure that the email is provisioned. This change only impacts the GSuite provisioning job and not the older probisioning job begining with Goov2OutDelta. Note, the manager email is provisioned when the user is first created or when the manager changes. The manager email is not provisioned if the manager changes their email address.
## Additional resources
Once you've configured provisioning, use the following resources to monitor your
## Next steps
-* [Learn how to review logs and get reports on provisioning activity](../app-provisioning/check-status-user-account-provisioning.md)
+* [Learn how to review logs and get reports on provisioning activity](../app-provisioning/check-status-user-account-provisioning.md)
active-directory Github Enterprise Managed User Provisioning Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/github-enterprise-managed-user-provisioning-tutorial.md
# Tutorial: Configure GitHub Enterprise Managed User for automatic user provisioning
-This tutorial describes the steps you need to perform in both GitHub Enterprise Managed User and Azure Active Directory (Azure AD) to configure automatic user provisioning. When configured, Azure AD automatically provisions and de-provisions users and groups to GitHub Enterprise Managed User using the Azure AD Provisioning service. For important details on what this service does, how it works, and frequently asked questions, see [Automate user provisioning and deprovisioning to SaaS applications with Azure Active Directory](../manage-apps/user-provisioning.md).
+This tutorial describes the steps you need to perform in both GitHub Enterprise Managed User and Azure Active Directory (Azure AD) to configure automatic user provisioning. When configured, Azure AD automatically provisions and de-provisions users and groups to GitHub Enterprise Managed User using the Azure AD Provisioning service. For important details on what this service does, how it works, and frequently asked questions, see [Automate user provisioning and deprovisioning to SaaS applications with Azure Active Directory](../app-provisioning/user-provisioning.md).
## Capabilities Supported
This tutorial describes the steps you need to perform in both GitHub Enterprise
The scenario outlined in this tutorial assumes that you already have the following prerequisites:
-* [An Azure AD tenant](https://docs.microsoft.com/azure/active-directory/develop/quickstart-create-new-tenant)
-* A user account in Azure AD with [permission](https://docs.microsoft.com/azure/active-directory/users-groups-roles/directory-assign-admin-roles) to configure provisioning (for example, Application Administrator, Cloud Application administrator, Application Owner, or Global Administrator).
+* [An Azure AD tenant](../develop/quickstart-create-new-tenant.md)
+* A user account in Azure AD with [permission](../roles/permissions-reference.md) to configure provisioning (for example, Application Administrator, Cloud Application administrator, Application Owner, or Global Administrator).
* Enterprise Managed Users enabled GitHub Enterprise and configured to login with SAML SSO through your Azure AD tenant. ## Step 1. Plan your provisioning deployment
-1. Learn about [how the provisioning service works](https://docs.microsoft.com/azure/active-directory/manage-apps/user-provisioning).
-2. Determine who will be in [scope for provisioning](https://docs.microsoft.com/azure/active-directory/manage-apps/define-conditional-rules-for-provisioning-user-accounts).
-3. Determine what data to [map between Azure AD and GitHub Enterprise Managed User](https://docs.microsoft.com/azure/active-directory/manage-apps/customize-application-attributes).
+1. Learn about [how the provisioning service works](../app-provisioning/user-provisioning.md).
+2. Determine who will be in [scope for provisioning](../app-provisioning/define-conditional-rules-for-provisioning-user-accounts.md).
+3. Determine what data to [map between Azure AD and GitHub Enterprise Managed User](../app-provisioning/customize-application-attributes.md).
## Step 2. Configure GitHub Enterprise Managed User to support provisioning with Azure AD
The scenario outlined in this tutorial assumes that you already have the followi
## Step 3. Add GitHub Enterprise Managed User from the Azure AD application gallery
-Add GitHub Enterprise Managed User from the Azure AD application gallery to start managing provisioning to GitHub Enterprise Managed User. If you have previously setup GitHub Enterprise Managed User for SSO, you can use the same application. However it is recommended that you create a separate app when testing out the integration initially. Learn more about adding an application from the gallery [here](https://docs.microsoft.com/azure/active-directory/manage-apps/add-gallery-app).
+Add GitHub Enterprise Managed User from the Azure AD application gallery to start managing provisioning to GitHub Enterprise Managed User. If you have previously setup GitHub Enterprise Managed User for SSO, you can use the same application. However it is recommended that you create a separate app when testing out the integration initially. Learn more about adding an application from the gallery [here](../manage-apps/add-application-portal.md).
## Step 4. Define who will be in scope for provisioning
-The Azure AD provisioning service allows you to scope who will be provisioned based on assignment to the application and or based on attributes of the user / group. If you choose to scope who will be provisioned to your app based on assignment, you can use the following [steps](../manage-apps/assign-user-or-group-access-portal.md) to assign users and groups to the application. If you choose to scope who will be provisioned based solely on attributes of the user or group, you can use a scoping filter as described [here](https://docs.microsoft.com/azure/active-directory/manage-apps/define-conditional-rules-for-provisioning-user-accounts).
+The Azure AD provisioning service allows you to scope who will be provisioned based on assignment to the application and or based on attributes of the user / group. If you choose to scope who will be provisioned to your app based on assignment, you can use the following [steps](../manage-apps/assign-user-or-group-access-portal.md) to assign users and groups to the application. If you choose to scope who will be provisioned based solely on attributes of the user or group, you can use a scoping filter as described [here](../app-provisioning/define-conditional-rules-for-provisioning-user-accounts.md).
* When assigning users and groups to GitHub Enterprise Managed User, you must select a role other than **Default Access**. Users with the Default Access role are excluded from provisioning and will be marked as not effectively entitled in the provisioning logs.
-* Start small. Test with a small set of users and groups before rolling out to everyone. When scope for provisioning is set to assigned users and groups, you can control this by assigning one or two users or groups to the app. When scope is set to all users and groups, you can specify an [attribute based scoping filter](https://docs.microsoft.com/azure/active-directory/manage-apps/define-conditional-rules-for-provisioning-user-accounts).
+* Start small. Test with a small set of users and groups before rolling out to everyone. When scope for provisioning is set to assigned users and groups, you can control this by assigning one or two users or groups to the app. When scope is set to all users and groups, you can specify an [attribute based scoping filter](../app-provisioning/define-conditional-rules-for-provisioning-user-accounts.md).
## Step 5. Configure automatic user provisioning to GitHub Enterprise Managed User
This section guides you through the steps to configure the Azure AD provisioning
8. Under the **Mappings** section, select **Synchronize Azure Active Directory Users to GitHub Enterprise Managed User**.
-9. Review the user attributes that are synchronized from Azure AD to GitHub Enterprise Managed User in the **Attribute-Mapping** section. The attributes selected as **Matching** properties are used to match the user accounts in GitHub Enterprise Managed User for update operations. If you choose to change the [matching target attribute](https://docs.microsoft.com/azure/active-directory/manage-apps/customize-application-attributes), you will need to ensure that the GitHub Enterprise Managed User API supports filtering users based on that attribute. Select the **Save** button to commit any changes.
+9. Review the user attributes that are synchronized from Azure AD to GitHub Enterprise Managed User in the **Attribute-Mapping** section. The attributes selected as **Matching** properties are used to match the user accounts in GitHub Enterprise Managed User for update operations. If you choose to change the [matching target attribute](../app-provisioning/customize-application-attributes.md), you will need to ensure that the GitHub Enterprise Managed User API supports filtering users based on that attribute. Select the **Save** button to commit any changes.
|Attribute|Type|Supported For Filtering| ||||
This section guides you through the steps to configure the Azure AD provisioning
|displayName|String| |members|Reference|
-12. To configure scoping filters, refer to the following instructions provided in the [Scoping filter tutorial](../manage-apps/define-conditional-rules-for-provisioning-user-accounts.md).
+12. To configure scoping filters, refer to the following instructions provided in the [Scoping filter tutorial](../app-provisioning/define-conditional-rules-for-provisioning-user-accounts.md).
13. To enable the Azure AD provisioning service for GitHub Enterprise Managed User, change the **Provisioning Status** to **On** in the **Settings** section.
This operation starts the initial synchronization cycle of all users and groups
## Step 6. Monitor your deployment Once you've configured provisioning, use the following resources to monitor your deployment:
-1. Use the [provisioning logs](https://docs.microsoft.com/azure/active-directory/reports-monitoring/concept-provisioning-logs) to determine which users have been provisioned successfully or unsuccessfully
-2. Check the [progress bar](https://docs.microsoft.com/azure/active-directory/app-provisioning/application-provisioning-when-will-provisioning-finish-specific-user) to see the status of the provisioning cycle and how close it is to completion
-3. If the provisioning configuration seems to be in an unhealthy state, the application will go into quarantine. Learn more about quarantine states [here](https://docs.microsoft.com/azure/active-directory/manage-apps/application-provisioning-quarantine-status).
+1. Use the [provisioning logs](../reports-monitoring/concept-provisioning-logs.md) to determine which users have been provisioned successfully or unsuccessfully
+2. Check the [progress bar](../app-provisioning/application-provisioning-when-will-provisioning-finish-specific-user.md) to see the status of the provisioning cycle and how close it is to completion
+3. If the provisioning configuration seems to be in an unhealthy state, the application will go into quarantine. Learn more about quarantine states [here](../app-provisioning/application-provisioning-quarantine-status.md).
## Additional resources
-* [Managing user account provisioning for Enterprise Apps](../manage-apps/configure-automatic-user-provisioning-portal.md)
+* [Managing user account provisioning for Enterprise Apps](../app-provisioning/configure-automatic-user-provisioning-portal.md)
* [What is application access and single sign-on with Azure Active Directory?](../manage-apps/what-is-single-sign-on.md) ## Next steps
-* [Learn how to review logs and get reports on provisioning activity](../manage-apps/check-status-user-account-provisioning.md)
+* [Learn how to review logs and get reports on provisioning activity](../app-provisioning/check-status-user-account-provisioning.md)
active-directory Grammarly Provisioning Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/grammarly-provisioning-tutorial.md
+
+ Title: 'Tutorial: Configure Grammarly for automatic user provisioning with Azure Active Directory | Microsoft Docs'
+description: Learn how to automatically provision and de-provision user accounts from Azure AD to Grammarly.
+
+documentationcenter: ''
+
+writer: Zhchia
++
+ms.assetid: cd2dd9d7-4901-40c8-8888-98850557b072
+++
+ na
+ms.devlang: na
+ Last updated : 03/16/2021+++
+# Tutorial: Configure Grammarly for automatic user provisioning
+
+This tutorial describes the steps you need to perform in both Grammarly and Azure Active Directory (Azure AD) to configure automatic user provisioning. When configured, Azure AD automatically provisions and de-provisions users and groups to [Grammarly](https://www.grammarly.com/) using the Azure AD Provisioning service. For important details on what this service does, how it works, and frequently asked questions, see [Automate user provisioning and deprovisioning to SaaS applications with Azure Active Directory](../manage-apps/user-provisioning.md).
++
+## Capabilities Supported
+> [!div class="checklist"]
+> * Create users in Grammarly
+> * Remove users in Grammarly when they do not require access anymore
+> * Keep user attributes synchronized between Azure AD and Grammarly
+
+## Prerequisites
+
+The scenario outlined in this tutorial assumes that you already have the following prerequisites:
+
+* [An Azure AD tenant](https://docs.microsoft.com/azure/active-directory/develop/quickstart-create-new-tenant)
+* A user account in Azure AD with [permission](https://docs.microsoft.com/azure/active-directory/users-groups-roles/directory-assign-admin-roles) to configure provisioning (e.g. Application Administrator, Cloud Application administrator, Application Owner, or Global Administrator).
+* A Grammarly Business account with admin access.
+
+## Step 1. Plan your provisioning deployment
+1. Learn about [how the provisioning service works](https://docs.microsoft.com/azure/active-directory/manage-apps/user-provisioning).
+1. Determine who will be in [scope for provisioning](https://docs.microsoft.com/azure/active-directory/manage-apps/define-conditional-rules-for-provisioning-user-accounts).
+1. Determine what data to [map between Azure AD and Grammarly](https://docs.microsoft.com/azure/active-directory/manage-apps/customize-application-attributes).
+
+## Step 2. Configure Grammarly to support provisioning with Azure AD
+
+Reach out to your Grammarly representative, or write to <support@grammarly.com> to request for your provisioning token.
+
+## Step 3. Add Grammarly from the Azure AD application gallery
+
+Add Grammarly from the Azure AD application gallery to start managing provisioning to Grammarly. If you've previously set up Grammarly for SSO, you can use the same application. We recommend that you create a separate app when you test out the integration initially. To learn more about how to add an application from the gallery, see [this quickstart](../manage-apps/add-application-portal.md).
+
+## Step 4. Define who will be in scope for provisioning
+
+You can use the Azure AD provisioning service to scope who will be provisioned based on assignment to the application or based on attributes of the user or group. If you choose to scope who will be provisioned to your app based on assignment, you can use the following [steps](../manage-apps/assign-user-or-group-access-portal.md) to assign users and groups to the application. If you choose to scope who will be provisioned based solely on attributes of the user or group, you can use a scoping filter as described in [Provision apps with scoping filters](../app-provisioning/define-conditional-rules-for-provisioning-user-accounts.md).
+
+* When you assign users and groups to Grammarly, you must select a role other than **Default Access**. Users with the default access role are excluded from provisioning and will be marked as not effectively entitled in the provisioning logs. If the only role available on the application is the default access role, you can [update the application manifest](../develop/howto-add-app-roles-in-azure-ad-apps.md) to add more roles.
+
+* Start small. Test with a small set of users and groups before you roll out to everyone. When scope for provisioning is set to assigned users and groups, you can control this option by assigning one or two users or groups to the app. When scope is set to all users and groups, you can specify an [attribute-based scoping filter](../app-provisioning/define-conditional-rules-for-provisioning-user-accounts.md).
++
+## Step 5. Configure automatic user provisioning to Grammarly
+
+This section guides you through the steps to configure the Azure AD provisioning service to create, update, and disable users or groups in TestApp based on user or group assignments in Azure AD.
+
+### Configure automatic user provisioning for Grammarly in Azure AD
+
+1. Sign in to the [Azure portal](https://portal.azure.com). Select **Enterprise applications** > **All applications**.
+
+ ![Screenshot that shows the Enterprise applications pane.](common/enterprise-applications.png)
+
+1. In the list of applications, select **Grammarly**.
+
+ ![Screenshot that shows the Grammarly link in the list of applications.](common/all-applications.png)
+
+1. Select the **Provisioning** tab.
+
+ ![Screenshot that shows the Provisioning tab.](common/provisioning.png)
+
+1. Set **Provisioning Mode** to **Automatic**.
+
+ ![Screenshot that shows Provisioning Mode set to Automatic.](common/provisioning-automatic.png)
+
+1. In the **Admin Credentials** section, enter your Grammarly **Tenant URL** and **Secret token** information. Select **Test Connection** to ensure that Azure AD can connect to Grammarly. If the connection fails, ensure that your Grammarly account has admin permissions and try again.
+
+ ![Screenshot that shows the Tenant URL and Secret Token boxes.](common/provisioning-testconnection-tenanturltoken.png)
+
+1. In the **Notification Email** box, enter the email address of a person or group who should receive the provisioning error notifications. Select the **Send an email notification when a failure occurs** check box.
+
+ ![Screenshot that shows the Notification Email box.](common/provisioning-notification-email.png)
+
+1. Select **Save**.
+
+1. In the **Mappings** section, select **Synchronize Azure Active Directory Users to Grammarly**.
+
+1. Review the user attributes that are synchronized from Azure AD to Grammarly in the **Attribute-Mapping** section. The attributes selected as **Matching** properties are used to match the user accounts in Grammarly for update operations. If you change the [matching target attribute](../app-provisioning/customize-application-attributes.md), you'll need to ensure that the Grammarly API supports filtering users based on that attribute. Select **Save** to commit any changes.
+
+ |Attribute|Type|Supported for filtering|
+ ||||
+ |userName|String|&check;|
+ |externalId|String|
+ |active|Boolean|
+ |displayName|String|
+ |emails[type eq "work"].value|String|
++
+1. To configure scoping filters, see the instructions provided in the [Scoping filter tutorial](../app-provisioning/define-conditional-rules-for-provisioning-user-accounts.md).
+
+1. To enable the Azure AD provisioning service for Grammarly, change **Provisioning Status** to **On** in the **Settings** section.
+
+ ![Screenshot that shows the Provisioning Status toggled On.](common/provisioning-toggle-on.png)
+
+1. Define the users or groups that you want to provision to Grammarly by selecting the desired values in **Scope** in the **Settings** section.
+
+ ![Screenshot that shows the Provisioning Scope.](common/provisioning-scope.png)
+
+1. When you're ready to provision, select **Save**.
+
+ ![Screenshot that shows the Save button.](common/provisioning-configuration-save.png)
+
+This operation starts the initial synchronization cycle of all users and groups defined in **Scope** in the **Settings** section. The initial cycle takes longer to perform than subsequent cycles, which occur about every 40 minutes as long as the Azure AD provisioning service is running.
+
+## Step 6. Monitor your deployment
+
+After you've configured provisioning, use the following resources to monitor your deployment:
+
+* Use the [provisioning logs](../reports-monitoring/concept-provisioning-logs.md) to determine which users were provisioned successfully or unsuccessfully.
+* Check the [progress bar](../app-provisioning/application-provisioning-when-will-provisioning-finish-specific-user.md) to see the status of the provisioning cycle and how close it is to completion.
+* If the provisioning configuration seems to be in an unhealthy state, the application will go into quarantine. To learn more about quarantine states, see [Application provisioning status of quarantine](../app-provisioning/application-provisioning-quarantine-status.md).
+
+## Additional resources
+
+* [Managing user account provisioning for enterprise apps](../app-provisioning/configure-automatic-user-provisioning-portal.md)
+* [What is application access and single sign-on with Azure Active Directory?](../manage-apps/what-is-single-sign-on.md)
+
+## Next steps
+
+* [Learn how to review logs and get reports on provisioning activity](../app-provisioning/check-status-user-account-provisioning.md)
active-directory Hcaptcha Enterprise Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/hcaptcha-enterprise-tutorial.md
In this section, you test your Azure AD single sign-on configuration with follow
* Click on **Test this application** in Azure portal and you should be automatically signed in to the hCaptcha Enterprise for which you set up the SSO
-You can also use Microsoft My Apps to test the application in any mode. When you click the hCaptcha Enterprise tile in the My Apps, if configured in SP mode you would be redirected to the application sign on page for initiating the login flow and if configured in IDP mode, you should be automatically signed in to the hCaptcha Enterprise for which you set up the SSO. For more information about the My Apps, see [Introduction to the My Apps](https://docs.microsoft.com/azure/active-directory/active-directory-saas-access-panel-introduction).
+You can also use Microsoft My Apps to test the application in any mode. When you click the hCaptcha Enterprise tile in the My Apps, if configured in SP mode you would be redirected to the application sign on page for initiating the login flow and if configured in IDP mode, you should be automatically signed in to the hCaptcha Enterprise for which you set up the SSO. For more information about the My Apps, see [Introduction to the My Apps](../user-help/my-apps-portal-end-user-access.md).
## Next steps
-Once you configure hCaptcha Enterprise you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](https://docs.microsoft.com/cloud-app-security/proxy-deployment-any-app).
--
+Once you configure hCaptcha Enterprise you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-any-app).
active-directory Jitbit Helpdesk Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/jitbit-helpdesk-tutorial.md
In this section, you test your Azure AD single sign-on configuration with follow
* Go to Jitbit Helpdesk Sign-on URL directly and initiate the login flow from there.
-* You can use Microsoft My Apps. When you click the Jitbit Helpdesk tile in the My Apps, this will redirect to Jitbit Helpdesk Sign-on URL. For more information about the My Apps, see [Introduction to the My Apps](https://docs.microsoft.com/azure/active-directory/active-directory-saas-access-panel-introduction).
+* You can use Microsoft My Apps. When you click the Jitbit Helpdesk tile in the My Apps, this will redirect to Jitbit Helpdesk Sign-on URL. For more information about the My Apps, see [Introduction to the My Apps](../user-help/my-apps-portal-end-user-access.md).
## Next steps
-Once you configure Jitbit Helpdesk you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](https://docs.microsoft.com/cloud-app-security/proxy-deployment-any-app).
+Once you configure Jitbit Helpdesk you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-any-app).
active-directory Jive Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/jive-tutorial.md
In this section, you test your Azure AD single sign-on configuration with follow
* Go to Jive Sign-on URL directly and initiate the login flow from there.
-* You can use Microsoft My Apps. When you click the Jive tile in the My Apps, this will redirect to Jive Sign-on URL. For more information about the My Apps, see [Introduction to the My Apps](https://docs.microsoft.com/azure/active-directory/active-directory-saas-access-panel-introduction).
+* You can use Microsoft My Apps. When you click the Jive tile in the My Apps, this will redirect to Jive Sign-on URL. For more information about the My Apps, see [Introduction to the My Apps](../user-help/my-apps-portal-end-user-access.md).
## Next steps
-Once you configure Jive you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](https://docs.microsoft.com/cloud-app-security/proxy-deployment-any-app).
+Once you configure Jive you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-any-app).
active-directory Juriblox Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/juriblox-tutorial.md
In this section, you test your Azure AD single sign-on configuration with follow
* Go to JuriBlox Sign-on URL directly and initiate the login flow from there.
-* You can use Microsoft My Apps. When you click the JuriBlox tile in the My Apps, this will redirect to JuriBlox Sign-on URL. For more information about the My Apps, see [Introduction to the My Apps](https://docs.microsoft.com/azure/active-directory/active-directory-saas-access-panel-introduction).
+* You can use Microsoft My Apps. When you click the JuriBlox tile in the My Apps, this will redirect to JuriBlox Sign-on URL. For more information about the My Apps, see [Introduction to the My Apps](../user-help/my-apps-portal-end-user-access.md).
## Next Steps
-Once you configure JuriBlox you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](https://docs.microsoft.com/cloud-app-security/proxy-deployment-any-app).
+Once you configure JuriBlox you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-any-app).
active-directory Printerlogic Saas Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/printerlogic-saas-tutorial.md
Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with PrinterLogic SaaS | Microsoft Docs'
-description: Learn how to configure single sign-on between Azure Active Directory and PrinterLogic SaaS.
+ Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with PrinterLogic | Microsoft Docs'
+description: Learn how to configure single sign-on between Azure Active Directory and PrinterLogic.
Previously updated : 02/25/2021 Last updated : 03/18/2021
-# Tutorial: Azure Active Directory single sign-on (SSO) integration with PrinterLogic SaaS
+# Tutorial: Azure Active Directory single sign-on (SSO) integration with PrinterLogic
-In this tutorial, you'll learn how to integrate PrinterLogic SaaS with Azure Active Directory (Azure AD). When you integrate PrinterLogic SaaS with Azure AD, you can:
+In this tutorial, you'll learn how to integrate PrinterLogic with Azure Active Directory (Azure AD). When you integrate PrinterLogic with Azure AD, you can:
-* Control in Azure AD who has access to PrinterLogic SaaS.
-* Enable your users to be automatically signed-in to PrinterLogic SaaS with their Azure AD accounts.
+* Control in Azure AD who has access to PrinterLogic.
+* Enable your users to be automatically signed-in to PrinterLogic with their Azure AD accounts.
* Manage your accounts in one central location - the Azure portal. ## Prerequisites
In this tutorial, you'll learn how to integrate PrinterLogic SaaS with Azure Act
To get started, you need the following items: * An Azure AD subscription. If you don't have a subscription, you can get a [free account](https://azure.microsoft.com/free/).
-* PrinterLogic SaaS single sign-on (SSO) enabled subscription.
+* PrinterLogic single sign-on (SSO) enabled subscription.
## Scenario description In this tutorial, you configure and test Azure AD SSO in a test environment.
-* PrinterLogic SaaS supports **SP and IDP** initiated SSO.
-* PrinterLogic SaaS supports **Just In Time** user provisioning.
+* PrinterLogic supports **SP and IDP** initiated SSO.
+* PrinterLogic supports **Just In Time** user provisioning.
-## Add PrinterLogic SaaS from the gallery
+## Add PrinterLogic from the gallery
-To configure the integration of PrinterLogic SaaS into Azure AD, you need to add PrinterLogic SaaS from the gallery to your list of managed SaaS apps.
+To configure the integration of PrinterLogic into Azure AD, you need to add PrinterLogic from the gallery to your list of managed SaaS apps.
1. Sign in to the Azure portal using either a work or school account, or a personal Microsoft account. 1. On the left navigation pane, select the **Azure Active Directory** service. 1. Navigate to **Enterprise Applications** and then select **All Applications**. 1. To add new application, select **New application**.
-1. In the **Add from the gallery** section, type **PrinterLogic SaaS** in the search box.
-1. Select **PrinterLogic SaaS** from results panel and then add the app. Wait a few seconds while the app is added to your tenant.
+1. In the **Add from the gallery** section, type **PrinterLogic** in the search box.
+1. Select **PrinterLogic** from results panel and then add the app. Wait a few seconds while the app is added to your tenant.
-## Configure and test Azure AD SSO for PrinterLogic SaaS
+## Configure and test Azure AD SSO for PrinterLogic
-Configure and test Azure AD SSO with PrinterLogic SaaS using a test user called **B.Simon**. For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in PrinterLogic SaaS.
+Configure and test Azure AD SSO with PrinterLogic using a test user called **B.Simon**. For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in PrinterLogic.
-To configure and test Azure AD SSO with PrinterLogic SaaS, perform the following steps:
+To configure and test Azure AD SSO with PrinterLogic, perform the following steps:
1. **[Configure Azure AD SSO](#configure-azure-ad-sso)** - to enable your users to use this feature. 1. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon. 1. **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable B.Simon to use Azure AD single sign-on.
-1. **[Configure PrinterLogic SaaS SSO](#configure-printerlogic-saas-sso)** - to configure the single sign-on settings on application side.
- 1. **[Create PrinterLogic SaaS test user](#create-printerlogic-saas-test-user)** - to have a counterpart of B.Simon in PrinterLogic SaaS that is linked to the Azure AD representation of user.
+1. **[Configure PrinterLogic SSO](#configure-printerlogic-sso)** - to configure the single sign-on settings on application side.
+ 1. **[Create PrinterLogic test user](#create-printerlogic-test-user)** - to have a counterpart of B.Simon in PrinterLogic that is linked to the Azure AD representation of user.
1. **[Test SSO](#test-sso)** - to verify whether the configuration works. ## Configure Azure AD SSO Follow these steps to enable Azure AD SSO in the Azure portal.
-1. In the Azure portal, on the **PrinterLogic SaaS** application integration page, find the **Manage** section and select **single sign-on**.
+1. In the Azure portal, on the **PrinterLogic** application integration page, find the **Manage** section and select **single sign-on**.
1. On the **Select a single sign-on method** page, select **SAML**. 1. On the **Set up single sign-on with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.
Follow these steps to enable Azure AD SSO in the Azure portal.
`https://www.<my_instance>printercloud.com` > [!NOTE]
- > These values are not real. Update these values with the actual Identifier, Reply URL and Sign-on URL. Contact [PrinterLogic SaaS Client support team](mailto:support@printerlogic.com) to get these values. You can also refer to the patterns shown in the **Basic SAML Configuration** section in the Azure portal.
+ > These values are not real. Update these values with the actual Identifier, Reply URL and Sign-on URL. Contact [PrinterLogic Client support team](mailto:support@printerlogic.com) to get these values. You can also refer to the patterns shown in the **Basic SAML Configuration** section in the Azure portal.
-1. PrinterLogic SaaS application expects the SAML assertions in a specific format, which requires you to add custom attribute mappings to your SAML token attributes configuration. The following screenshot shows the list of default attributes.
+1. PrinterLogic application expects the SAML assertions in a specific format, which requires you to add custom attribute mappings to your SAML token attributes configuration. The following screenshot shows the list of default attributes.
![image](common/edit-attribute.png)
-1. In addition to above, PrinterLogic SaaS application expects few more attributes to be passed back in SAML response which are shown below. These attributes are also pre populated but you can review them as per your requirement.
+1. In addition to above, PrinterLogic application expects few more attributes to be passed back in SAML response which are shown below. These attributes are also pre populated but you can review them as per your requirement.
| Name | Source Attribute | | | |
Follow these steps to enable Azure AD SSO in the Azure portal.
![The Certificate download link](common/certificatebase64.png)
-1. On the **Set up PrinterLogic SaaS** section, copy the appropriate URL(s) based on your requirement.
+1. On the **Set up PrinterLogic** section, copy the appropriate URL(s) based on your requirement.
![Copy configuration URLs](common/copy-configuration-urls.png)
In this section, you'll create a test user in the Azure portal called B.Simon.
### Assign the Azure AD test user
-In this section, you'll enable B.Simon to use Azure single sign-on by granting access to PrinterLogic SaaS.
+In this section, you'll enable B.Simon to use Azure single sign-on by granting access to PrinterLogic.
1. In the Azure portal, select **Enterprise Applications**, and then select **All applications**.
-1. In the applications list, select **PrinterLogic SaaS**.
+1. In the applications list, select **PrinterLogic**.
1. In the app's overview page, find the **Manage** section and select **Users and groups**. 1. Select **Add user**, then select **Users and groups** in the **Add Assignment** dialog. 1. In the **Users and groups** dialog, select **B.Simon** from the Users list, then click the **Select** button at the bottom of the screen. 1. If you have setup the roles as explained in the above, you can select it from the **Select a role** dropdown. 1. In the **Add Assignment** dialog, click the **Assign** button.
-## Configure PrinterLogic SaaS SSO
+## Configure PrinterLogic SSO
-To configure single sign-on on **PrinterLogic SaaS** side, you need to send the downloaded **Certificate (Base64)** and appropriate copied URLs from Azure portal to [PrinterLogic SaaS support team](mailto:support@printerlogic.com). They set this setting to have the SAML SSO connection set properly on both sides.
+To configure single sign-on on **PrinterLogic** side, you need to send the downloaded **Certificate (Base64)** and appropriate copied URLs from Azure portal to [PrinterLogic support team](mailto:support@printerlogic.com). They set this setting to have the SAML SSO connection set properly on both sides.
-### Create PrinterLogic SaaS test user
+### Create PrinterLogic test user
-In this section, a user called Britta Simon is created in PrinterLogic SaaS. PrinterLogic SaaS supports just-in-time user provisioning, which is enabled by default. There is no action item for you in this section. If a user doesn't already exist in PrinterLogic SaaS, a new one is created after authentication.
+In this section, a user called Britta Simon is created in PrinterLogic. PrinterLogic supports just-in-time user provisioning, which is enabled by default. There is no action item for you in this section. If a user doesn't already exist in PrinterLogic, a new one is created after authentication.
## Test SSO
In this section, you test your Azure AD single sign-on configuration with follow
#### SP initiated:
-* Click on **Test this application** in Azure portal. This will redirect to PrinterLogic SaaS Sign on URL where you can initiate the login flow.
+* Click on **Test this application** in Azure portal. This will redirect to PrinterLogic Sign on URL where you can initiate the login flow.
-* Go to PrinterLogic SaaS Sign-on URL directly and initiate the login flow from there.
+* Go to PrinterLogic Sign-on URL directly and initiate the login flow from there.
#### IDP initiated:
-* Click on **Test this application** in Azure portal and you should be automatically signed in to the PrinterLogic SaaS for which you set up the SSO.
+* Click on **Test this application** in Azure portal and you should be automatically signed in to the PrinterLogic for which you set up the SSO.
-You can also use Microsoft My Apps to test the application in any mode. When you click the PrinterLogic SaaS tile in the My Apps, if configured in SP mode you would be redirected to the application sign on page for initiating the login flow and if configured in IDP mode, you should be automatically signed in to the PrinterLogic SaaS for which you set up the SSO. For more information about the My Apps, see [Introduction to the My Apps](https://docs.microsoft.com/azure/active-directory/active-directory-saas-access-panel-introduction).
+You can also use Microsoft My Apps to test the application in any mode. When you click the PrinterLogic tile in the My Apps, if configured in SP mode you would be redirected to the application sign on page for initiating the login flow and if configured in IDP mode, you should be automatically signed in to the PrinterLogic for which you set up the SSO. For more information about the My Apps, see [Introduction to the My Apps](https://docs.microsoft.com/azure/active-directory/active-directory-saas-access-panel-introduction).
## Next steps
-Once you configure PrinterLogic SaaS you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](https://docs.microsoft.com/cloud-app-security/proxy-deployment-any-app).
+Once you configure PrinterLogic you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](https://docs.microsoft.com/cloud-app-security/proxy-deployment-any-app).
aks Security Controls Policy https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/aks/security-controls-policy.md
Title: Azure Policy Regulatory Compliance controls for Azure Kubernetes Service (AKS) description: Lists Azure Policy Regulatory Compliance controls available for Azure Kubernetes Service (AKS). These built-in policy definitions provide common approaches to managing the compliance of your Azure resources. Previously updated : 03/10/2021 Last updated : 03/17/2021
api-management Security Controls Policy https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/api-management/security-controls-policy.md
Title: Azure Policy Regulatory Compliance controls for Azure API Management description: Lists Azure Policy Regulatory Compliance controls available for Azure API Management. These built-in policy definitions provide common approaches to managing the compliance of your Azure resources. Previously updated : 03/10/2021 Last updated : 03/17/2021
app-service App Service Web Tutorial Dotnet Sqldatabase https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/app-service/app-service-web-tutorial-dotnet-sqldatabase.md
description: Learn how to deploy a C# ASP.NET app to Azure and to Azure SQL Data
ms.assetid: 03c584f1-a93c-4e3d-ac1b-c82b50c75d3e ms.devlang: csharp Previously updated : 06/25/2018 Last updated : 03/18/2021
If you've installed Visual Studio already, add the workloads in Visual Studio by
## Download the sample
-* [Download the sample project](https://github.com/Azure-Samples/dotnet-sqldb-tutorial/archive/master.zip).
-* Extract (unzip) the *dotnet-sqldb-tutorial-master.zip* file.
+1. [Download the sample project](https://github.com/Azure-Samples/dotnet-sqldb-tutorial/archive/master.zip).
+
+1. Extract (unzip) the *dotnet-sqldb-tutorial-master.zip* file.
The sample project contains a basic [ASP.NET MVC](https://www.asp.net/mvc) create-read-update-delete (CRUD) app using [Entity Framework Code First](/aspnet/mvc/overview/getting-started/getting-started-with-ef-using-mvc/creating-an-entity-framework-data-model-for-an-asp-net-mvc-application). ### Run the app
-Open the *dotnet-sqldb-tutorial-master/DotNetAppSqlDb.sln* file in Visual Studio.
+1. Open the *dotnet-sqldb-tutorial-master/DotNetAppSqlDb.sln* file in Visual Studio.
+
+1. Type `Ctrl+F5` to run the app without debugging. The app is displayed in your default browser.
-Type `Ctrl+F5` to run the app without debugging. The app is displayed in your default browser. Select the **Create New** link and create a couple *to-do* items.
+1. Select the **Create New** link and create a couple *to-do* items.
-![New ASP.NET Project dialog box](media/app-service-web-tutorial-dotnet-sqldatabase/local-app-in-browser.png)
+ ![New ASP.NET Project dialog box](media/app-service-web-tutorial-dotnet-sqldatabase/local-app-in-browser.png)
-Test the **Edit**, **Details**, and **Delete** links.
+1. Test the **Edit**, **Details**, and **Delete** links.
The app uses a database context to connect with the database. In this sample, the database context uses a connection string named `MyDbConnection`. The connection string is set in the *Web.config* file and referenced in the *Models/MyDatabaseContext.cs* file. The connection string name is used later in the tutorial to connect the Azure app to an Azure SQL Database. ## Publish ASP.NET application to Azure
-In the **Solution Explorer**, right-click your **DotNetAppSqlDb** project and select **Publish**.
+1. In the **Solution Explorer**, right-click your **DotNetAppSqlDb** project and select **Publish**.
-![Publish from Solution Explorer](./media/app-service-web-tutorial-dotnet-sqldatabase/solution-explorer-publish.png)
+ ![Publish from Solution Explorer](./media/app-service-web-tutorial-dotnet-sqldatabase/solution-explorer-publish.png)
-Select **Azure** as your target, click next, and make sure that **Azure App Service (Windows)** is selected and click next again.
+1. Select **Azure** as your target and click **Next**.
-![Publish from project overview page](./media/app-service-web-tutorial-dotnet-sqldatabase/publish-to-app-service.png)
+1. Make sure that **Azure App Service (Windows)** is selected and click **Next**.
-### Sign in to Azure
+#### Sign in and add an app
-In the **Publish** dialog, click **Add an account** from the account manager drop down, and then sign in to your Azure subscription. If you're already signed into a Microsoft account, make sure that account holds your Azure subscription. If the signed-in Microsoft account doesn't have your Azure subscription, click it to add the correct account.
+1. In the **Publish** dialog, click **Add an account** from the account manager drop down.
-![Sign in to Azure](./media/app-service-web-tutorial-dotnet-sqldatabase/sign-in-azure.png)
+1. Sign in to your Azure subscription. If you're already signed into a Microsoft account, make sure that account holds your Azure subscription. If the signed-in Microsoft account doesn't have your Azure subscription, click it to add the correct account.
-> [!NOTE]
-> If you're already signed in, don't select **Create** yet.
+1. In the **App Service instances** pane, click **+**.
-### Configure the web app name
+ ![Sign in to Azure](./media/app-service-web-tutorial-dotnet-sqldatabase/sign-in-azure.png)
+
+#### Configure the web app name
You can keep the generated web app name, or change it to another unique name (valid characters are `a-z`, `0-9`, and `-`). The web app name is used as part of the default URL for your app (`<app_name>.azurewebsites.net`, where `<app_name>` is your web app name). The web app name needs to be unique across all apps in Azure.
+> [!NOTE]
+> Don't select **Create** yet.
+ ![Create app service dialog](media/app-service-web-tutorial-dotnet-sqldatabase/wan.png)
-### Create a resource group
+#### Create a resource group
[!INCLUDE [resource-group](../../includes/resource-group.md)]
You can keep the generated web app name, or change it to another unique name (va
![Next to Resource Group, click New.](media/app-service-web-tutorial-dotnet-sqldatabase/new_rg2.png)
-2. Name the resource group **myResourceGroup**.
+1. Name the resource group **myResourceGroup**.
-### Create an App Service plan
+#### Create an App Service plan
[!INCLUDE [app-service-plan](../../includes/app-service-plan.md)]
-1. Next to **App Service Plan**, click **New**.
+1. Next to **Hosting Plan**, click **New**.
-2. In the **Configure App Service Plan** dialog, configure the new App Service plan with the following settings:
-
- ![Create App Service plan](./media/app-service-web-tutorial-dotnet-sqldatabase/configure-app-service-plan.png)
+1. In the **Configure App Service Plan** dialog, configure the new App Service plan with the following settings and click **OK**:
| Setting | Suggested value | For more information | | -- | | -|
You can keep the generated web app name, or change it to another unique name (va
|**Location**| West Europe | [Azure regions](https://azure.microsoft.com/regions/?ref=microsoft.com&utm_source=microsoft.com&utm_medium=docs&utm_campaign=visualstudio) | |**Size**| Free | [Pricing tiers](https://azure.microsoft.com/pricing/details/app-service/?ref=microsoft.com&utm_source=microsoft.com&utm_medium=docs&utm_campaign=visualstudio)|
-3. The **Publish** dialog shows the resources you've configured. Click **Finish**.
+ ![Create App Service plan](./media/app-service-web-tutorial-dotnet-sqldatabase/configure-app-service-plan.png)
+
+1. Click **Create** and wait for the Azure resources to be created.
+
+1. The **Publish** dialog shows the resources you've configured. Click **Finish**.
![the resources you've created](media/app-service-web-tutorial-dotnet-sqldatabase/app_svc_plan_done.png)
-### Create a server
+#### Create a server and database
Before creating a database, you need a [logical SQL server](../azure-sql/database/logical-servers.md). A logical SQL server is a logical construct that contains a group of databases managed as a group.
-1. Click **Configure** next to SQL Server Database under **Connected Services**.
+1. In the **Publish** dialog, scroll down to the **Service Dependencies** section. Next to **SQL Server Database**, click **Configure**.
+
+ ![Configure SQL Database dependency](media/app-service-web-tutorial-dotnet-sqldatabase/configure-sqldb-dependency.png)
- ![Create a SQL Database](media/app-service-web-tutorial-dotnet-sqldatabase/web-app-name.png)
+1. Select **Azure SQL Database** and click **Next**.
-2. In the **Azure SQL Database** dialog, click **New** next to **Database Server**.
+1. In the **Configure Azure SQL Database** dialog, click **+**.
- A unique server name is generated. This name is used as part of the default URL for your server, `<server_name>.database.windows.net`. It must be unique across all servers in Azure SQL. You can change the server name, but for this tutorial, keep the generated value.
+1. Next to **Database server**, click **New**.
-3. Add an administrator username and password. For password complexity requirements, see [Password Policy](/sql/relational-databases/security/password-policy).
+ A server name is generated. This name is used as part of the default URL for your server, `<server_name>.database.windows.net`. It must be unique across all servers in Azure SQL. You can change the server name, but for this tutorial, keep the generated value.
+
+1. Add an administrator username and password. For password complexity requirements, see [Password Policy](/sql/relational-databases/security/password-policy).
Remember this username and password. You need them to manage the server later.
Before creating a database, you need a [logical SQL server](../azure-sql/databas
> [!IMPORTANT] > Even though your password in the connection strings is masked (in Visual Studio and also in App Service), the fact that it's maintained somewhere adds to the attack surface of your app. App Service can use [managed service identities](overview-managed-identity.md) to eliminate this risk by removing the need to maintain secrets in your code or app configuration at all. For more information, see [Next steps](#next-steps).
-4. Click **OK**. Don't close the **Configure SQL Database** dialog yet.
+1. Click **OK**.
-### Create a database in Azure SQL Database
+1. In the **Azure SQL Database** dialog, keep the default generated **Database Name**. Select **Create** and wait for the database resources to be created.
-1. In the **Azure SQL Database** dialog:
+ ![Configure database](media/app-service-web-tutorial-dotnet-sqldatabase/configure-sql-database.png)
- * Keep the default generated **Database Name**.
- * Select **Create**.
+#### Configure database connection
- ![Configure database](media/app-service-web-tutorial-dotnet-sqldatabase/configure-sql-database.png)
+1. When the wizard finishes creating the database resources, click **Next**.
-2. In the **Database connection String Name**, type _MyDbConnection_. This name must match the connection string that is referenced in _Models/MyDatabaseContext.cs_.
+1. In the **Database connection string Name**, type _MyDbConnection_. This name must match the connection string that is referenced in _Models/MyDatabaseContext.cs_.
-3. Enter the Admin username and password you used in [Create a server](#create-a-server) step 3 into the Database username and password respectively.
+1. In **Database connection user name** and **Database connection password**, type the administrator username and password you used in [Create a server](#create-a-server-and-database).
+
+1. Make sure **Azure App Settings** is selected and click **Finish**.
![Configure database connection string](media/app-service-web-tutorial-dotnet-sqldatabase/configure-sql-database-connection.png)
-4. Select **Finish**.
+1. Wait for configuration wizard to finish and click **Close**.
+
+#### Deploy your ASP.NET app
-Once the wizard finishes creating the Azure resources, click **Publish** to deploy your ASP.NET app to Azure. Your default browser is launched with the URL to the deployed app.
+1. In the **Publish** tab scroll back up to the top and click **Publish**. Once your ASP.NET app is deployed to Azure. Your default browser is launched with the URL to the deployed app.
-Add a few to-do items.
+1. Add a few to-do items.
-![Published ASP.NET application in Azure app](./media/app-service-web-tutorial-dotnet-sqldatabase/azure-app-in-browser.png)
+ ![Published ASP.NET application in Azure app](./media/app-service-web-tutorial-dotnet-sqldatabase/azure-app-in-browser.png)
-Congratulations! Your data-driven ASP.NET application is running live in Azure App Service.
+ Congratulations! Your data-driven ASP.NET application is running live in Azure App Service.
## Access the database locally
-Visual Studio lets you explore and manage your new database easily in the **SQL Server Object Explorer**.
+Visual Studio lets you explore and manage your new database in Azure easily in the **SQL Server Object Explorer**. The new database already opened its firewall to the App Service app that you created, but to access it from your local computer (such as from Visual Studio), you must open a firewall for your local machine's public IP address. If your internet service provider changes your public IP address, you need to reconfigure the firewall to access the Azure database again.
-### Create a database connection
+#### Create a database connection
-From the **View** menu, select **SQL Server Object Explorer**.
+1. From the **View** menu, select **SQL Server Object Explorer**.
-At the top of **SQL Server Object Explorer**, click the **Add SQL Server** button.
+1. At the top of **SQL Server Object Explorer**, click the **Add SQL Server** button.
-### Configure the database connection
+#### Configure the database connection
-In the **Connect** dialog, expand the **Azure** node. All your SQL Database instances in Azure are listed here.
+1. In the **Connect** dialog, expand the **Azure** node. All your SQL Database instances in Azure are listed here.
-Select the database that you created earlier. The connection you created earlier is automatically filled at the bottom.
+1. Select the database that you created earlier. The connection you created earlier is automatically filled at the bottom.
-Type the database administrator password you created earlier and click **Connect**.
+1. Type the database administrator password you created earlier and click **Connect**.
-![Configure database connection from Visual Studio](./media/app-service-web-tutorial-dotnet-sqldatabase/connect-to-sql-database.png)
+ ![Configure database connection from Visual Studio](./media/app-service-web-tutorial-dotnet-sqldatabase/connect-to-sql-database.png)
-### Allow client connection from your computer
+#### Allow client connection from your computer
The **Create a new firewall rule** dialog is opened. By default, a server only allows connections to its databases from Azure services, such as your Azure app. To connect to your database from outside of Azure, create a firewall rule at the server level. The firewall rule allows the public IP address of your local computer. The dialog is already filled with your computer's public IP address.
-Make sure that **Add my client IP** is selected and click **OK**.
+1. Make sure that **Add my client IP** is selected and click **OK**.
-![Create firewall rule](./media/app-service-web-tutorial-dotnet-sqldatabase/sql-set-firewall.png)
+ ![Create firewall rule](./media/app-service-web-tutorial-dotnet-sqldatabase/sql-set-firewall.png)
-Once Visual Studio finishes creating the firewall setting for your SQL Database instance, your connection shows up in **SQL Server Object Explorer**.
+ Once Visual Studio finishes creating the firewall setting for your SQL Database instance, your connection shows up in **SQL Server Object Explorer**.
-Here, you can perform the most common database operations, such as run queries, create views and stored procedures, and more.
+ Here, you can perform the most common database operations, such as run queries, create views and stored procedures, and more.
-Expand your connection > **Databases** > **&lt;your database>** > **Tables**. Right-click on the `Todoes` table and select **View Data**.
+1. Expand your connection > **Databases** > **&lt;your database>** > **Tables**. Right-click on the `Todoes` table and select **View Data**.
-![Explore SQL Database objects](./media/app-service-web-tutorial-dotnet-sqldatabase/explore-sql-database.png)
+ ![Explore SQL Database objects](./media/app-service-web-tutorial-dotnet-sqldatabase/explore-sql-database.png)
## Update app with Code First Migrations
You can use the familiar tools in Visual Studio to update your database and app
For more information about using Entity Framework Code First Migrations, see [Getting Started with Entity Framework 6 Code First using MVC 5](/aspnet/mvc/overview/getting-started/getting-started-with-ef-using-mvc/creating-an-entity-framework-data-model-for-an-asp-net-mvc-application).
-### Update your data model
+#### Update your data model
Open _Models\Todo.cs_ in the code editor. Add the following property to the `ToDo` class: ```csharp public bool Done { get; set; } ```-
-### Run Code First Migrations locally
+
+#### Run Code First Migrations locally
Run a few commands to make updates to your local database.
-From the **Tools** menu, click **NuGet Package Manager** > **Package Manager Console**.
+1. From the **Tools** menu, click **NuGet Package Manager** > **Package Manager Console**.
-In the Package Manager Console window, enable Code First Migrations:
+1. In the Package Manager Console window, enable Code First Migrations:
-```powershell
-Enable-Migrations
-```
-
-Add a migration:
+ ```powershell
+ Enable-Migrations
+ ```
+
+1. Add a migration:
-```powershell
-Add-Migration AddProperty
-```
+ ```powershell
+ Add-Migration AddProperty
+ ```
+
+1. Update the local database:
-Update the local database:
-
-```powershell
-Update-Database
-```
-
-Type `Ctrl+F5` to run the app. Test the edit, details, and create links.
+ ```powershell
+ Update-Database
+ ```
+
+1. Type `Ctrl+F5` to run the app. Test the edit, details, and create links.
If the application loads without errors, then Code First Migrations has succeeded. However, your page still looks the same because your application logic is not using this new property yet.
-### Use the new property
+#### Use the new property
Make some changes in your code to use the `Done` property. For simplicity in this tutorial, you're only going to change the `Index` and `Create` views to see the property in action.
-Open _Controllers\TodosController.cs_.
-
-Find the `Create()` method on line 52 and add `Done` to the list of properties in the `Bind` attribute. When you're done, your `Create()` method signature looks like the following code:
+1. Open _Controllers\TodosController.cs_.
-```csharp
-public ActionResult Create([Bind(Include = "Description,CreatedDate,Done")] Todo todo)
-```
+1. Find the `Create()` method on line 52 and add `Done` to the list of properties in the `Bind` attribute. When you're done, your `Create()` method signature looks like the following code:
-Open _Views\Todos\Create.cshtml_.
+ ```csharp
+ public ActionResult Create([Bind(Include = "Description,CreatedDate,Done")] Todo todo)
+ ```
+
+1. Open _Views\Todos\Create.cshtml_.
-In the Razor code, you should see a `<div class="form-group">` element that uses `model.Description`, and then another `<div class="form-group">` element that uses `model.CreatedDate`. Immediately following these two elements, add another `<div class="form-group">` element that uses `model.Done`:
+1. In the Razor code, you should see a `<div class="form-group">` element that uses `model.Description`, and then another `<div class="form-group">` element that uses `model.CreatedDate`. Immediately following these two elements, add another `<div class="form-group">` element that uses `model.Done`:
-```csharp
-<div class="form-group">
- @Html.LabelFor(model => model.Done, htmlAttributes: new { @class = "control-label col-md-2" })
- <div class="col-md-10">
- <div class="checkbox">
- @Html.EditorFor(model => model.Done)
- @Html.ValidationMessageFor(model => model.Done, "", new { @class = "text-danger" })
+ ```csharp
+ <div class="form-group">
+ @Html.LabelFor(model => model.Done, htmlAttributes: new { @class = "control-label col-md-2" })
+ <div class="col-md-10">
+ <div class="checkbox">
+ @Html.EditorFor(model => model.Done)
+ @Html.ValidationMessageFor(model => model.Done, "", new { @class = "text-danger" })
+ </div>
</div> </div>
-</div>
-```
-
-Open _Views\Todos\Index.cshtml_.
-
-Search for the empty `<th></th>` element. Just above this element, add the following Razor code:
-
-```csharp
-<th>
- @Html.DisplayNameFor(model => model.Done)
-</th>
-```
-
-Find the `<td>` element that contains the `Html.ActionLink()` helper methods. _Above_ this `<td>`, add another `<td>` element with the following Razor code:
-
-```csharp
-<td>
- @Html.DisplayFor(modelItem => item.Done)
-</td>
-```
-
-That's all you need to see the changes in the `Index` and `Create` views.
-
-Type `Ctrl+F5` to run the app.
+ ```
+
+1. Open _Views\Todos\Index.cshtml_.
+
+1. Search for the empty `<th></th>` element. Just above this element, add the following Razor code:
+
+ ```csharp
+ <th>
+ @Html.DisplayNameFor(model => model.Done)
+ </th>
+ ```
+
+1. Find the `<td>` element that contains the `Html.ActionLink()` helper methods. _Above_ this `<td>`, add another `<td>` element with the following Razor code:
+
+ ```csharp
+ <td>
+ @Html.DisplayFor(modelItem => item.Done)
+ </td>
+ ```
+
+ That's all you need to see the changes in the `Index` and `Create` views.
+
+1. Type `Ctrl+F5` to run the app.
You can now add a to-do item and check **Done**. Then it should show up in your homepage as a completed item. Remember that the `Edit` view doesn't show the `Done` field, because you didn't change the `Edit` view.
-### Enable Code First Migrations in Azure
+#### Enable Code First Migrations in Azure
Now that your code change works, including database migration, you publish it to your Azure app and update your SQL Database with Code First Migrations too.
-Just like before, right-click your project and select **Publish**.
-
-Click **Configure** to open the publish settings.
+1. Just like before, right-click your project and select **Publish**.
-![Open publish settings](./media/app-service-web-tutorial-dotnet-sqldatabase/publish-settings.png)
+1. Click **More actions** > **Edit** to open the publish settings.
-In the wizard, click **Next**.
+ ![Open publish settings](./media/app-service-web-tutorial-dotnet-sqldatabase/publish-settings.png)
-Make sure that the connection string for your SQL Database is populated in **MyDatabaseContext (MyDbConnection)**. You may need to select the **myToDoAppDb** database from the dropdown.
+1. In the **MyDatabaseContext** dropdown, select the database connection for your Azure SQL Database.
-Select **Execute Code First Migrations (runs on application start)**, then click **Save**.
+1. Select **Execute Code First Migrations (runs on application start)**, then click **Save**.
-![Enable Code First Migrations in Azure app](./media/app-service-web-tutorial-dotnet-sqldatabase/enable-migrations.png)
+ ![Enable Code First Migrations in Azure app](./media/app-service-web-tutorial-dotnet-sqldatabase/enable-migrations.png)
-### Publish your changes
+#### Publish your changes
Now that you enabled Code First Migrations in your Azure app, publish your code changes.
-In the publish page, click **Publish**.
+1. In the publish page, click **Publish**.
-Try adding to-do items again and select **Done**, and they should show up in your homepage as a completed item.
+1. Try adding to-do items again and select **Done**, and they should show up in your homepage as a completed item.
-![Azure app after Code First Migration](./media/app-service-web-tutorial-dotnet-sqldatabase/this-one-is-done.png)
+ ![Azure app after Code First Migration](./media/app-service-web-tutorial-dotnet-sqldatabase/this-one-is-done.png)
All your existing to-do items are still displayed. When you republish your ASP.NET application, existing data in your SQL Database is not lost. Also, Code First Migrations only changes the data schema and leaves your existing data intact.
Open _Controllers\TodosController.cs_.
Each action starts with a `Trace.WriteLine()` method. This code is added to show you how to add trace messages to your Azure app.
-### Open Server Explorer
-
-From the **View** menu, select **Server Explorer**. You can configure logging for your Azure app in **Server Explorer**.
+#### Enable log streaming
-### Enable log streaming
+1. From the **View** menu, select **Cloud Explorer**.
-In **Server Explorer**, expand **Azure** > **App Service**.
+1. In **Cloud Explorer**, expand the Azure subscription that has your app and expand **App Service**.
-Expand the **myResourceGroup** resource group, you created when you first created the Azure app.
+1. Right-click your Azure app and select **View Streaming Logs**.
-Right-click your Azure app and select **View Streaming Logs**.
+ ![Enable log streaming](./media/app-service-web-tutorial-dotnet-sqldatabase/stream-logs.png)
-![Enable log streaming](./media/app-service-web-tutorial-dotnet-sqldatabase/stream-logs.png)
+ The logs are now streamed into the **Output** window.
-The logs are now streamed into the **Output** window.
+ ![Log streaming in Output window](./media/app-service-web-tutorial-dotnet-sqldatabase/log-streaming-pane.png)
-![Log streaming in Output window](./media/app-service-web-tutorial-dotnet-sqldatabase/log-streaming-pane.png)
+ However, you don't see any of the trace messages yet. That's because when you first select **View Streaming Logs**, your Azure app sets the trace level to `Error`, which only logs error events (with the `Trace.TraceError()` method).
-However, you don't see any of the trace messages yet. That's because when you first select **View Streaming Logs**, your Azure app sets the trace level to `Error`, which only logs error events (with the `Trace.TraceError()` method).
+#### Change trace levels
-### Change trace levels
+1. To change the trace levels to output other trace messages, go back to **Cloud Explorer**.
-To change the trace levels to output other trace messages, go back to **Server Explorer**.
+1. Right-click your app again and select **Open in Portal**.
-Right-click your Azure app again and select **View Settings**.
+1. In the portal management page for your app, from the left menu, select **App Service logs**.
-In the **Application Logging (File System)** dropdown, select **Verbose**. Click **Save**.
+1. Under **Application Logging (File System)**, select **Verbose** in **Level**. Click **Save**.
-![Change trace level to Verbose](./media/app-service-web-tutorial-dotnet-sqldatabase/trace-level-verbose.png)
+ ![Change trace level to Verbose](./media/app-service-web-tutorial-dotnet-sqldatabase/trace-level-verbose.png)
-> [!TIP]
-> You can experiment with different trace levels to see what types of messages are displayed for each level. For example, the **Information** level includes all logs created by `Trace.TraceInformation()`, `Trace.TraceWarning()`, and `Trace.TraceError()`, but not logs created by `Trace.WriteLine()`.
+ > [!TIP]
+ > You can experiment with different trace levels to see what types of messages are displayed for each level. For example, the **Information** level includes all logs created by `Trace.TraceInformation()`, `Trace.TraceWarning()`, and `Trace.TraceError()`, but not logs created by `Trace.WriteLine()`.
-In your browser navigate to your app again at *http://&lt;your app name>.azurewebsites.net*, then try clicking around the to-do list application in Azure. The trace messages are now streamed to the **Output** window in Visual Studio.
-
-```console
-Application: 2017-04-06T23:30:41 PID[8132] Verbose GET /Todos/Index
-Application: 2017-04-06T23:30:43 PID[8132] Verbose GET /Todos/Create
-Application: 2017-04-06T23:30:53 PID[8132] Verbose POST /Todos/Create
-Application: 2017-04-06T23:30:54 PID[8132] Verbose GET /Todos/Index
-```
+1. In your browser navigate to your app again at *http://&lt;your app name>.azurewebsites.net*, then try clicking around the to-do list application in Azure. The trace messages are now streamed to the **Output** window in Visual Studio.
-### Stop log streaming
+ ```console
+ Application: 2017-04-06T23:30:41 PID[8132] Verbose GET /Todos/Index
+ Application: 2017-04-06T23:30:43 PID[8132] Verbose GET /Todos/Create
+ Application: 2017-04-06T23:30:53 PID[8132] Verbose POST /Todos/Create
+ Application: 2017-04-06T23:30:54 PID[8132] Verbose GET /Todos/Index
+ ```
+
+#### Stop log streaming
To stop the log-streaming service, click the **Stop monitoring** button in the **Output** window.
app-service Configure Ssl Certificate https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/app-service/configure-ssl-certificate.md
Once the rekey operation is complete, click **Sync**. The sync operation automat
To turn on automatic renewal of your certificate at any time, select the certificate in the [App Service Certificates](https://portal.azure.com/#blade/HubsExtension/Resources/resourceType/Microsoft.CertificateRegistration%2FcertificateOrders) page, then click **Auto Renew Settings** in the left navigation. By default, App Service Certificates have a one-year validity period.
-Select **On** and click **Save**. Certificates can start automatically renewing 60 days before expiration if you have automatic renewal turned on.
+Select **On** and click **Save**. Certificates can start automatically renewing 30 days before expiration if you have automatic renewal turned on.
![Renew App Service certificate automatically](./media/configure-ssl-certificate/auto-renew-app-service-cert.png)
app-service Deploy Run Package https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/app-service/deploy-run-package.md
If you publish an updated package with the same name to Blob storage, you need t
- Running directly from a package makes `wwwroot` read-only. Your app will receive an error if it tries to write files to this directory. - TAR and GZIP formats are not supported.
+- The ZIP file can be at most 1GB
- This feature is not compatible with [local cache](overview-local-cache.md). - For improved cold-start performance, use the local Zip option (`WEBSITE_RUN_FROM_PACKAGE`=1).
app-service Security Controls Policy https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/app-service/security-controls-policy.md
Title: Azure Policy Regulatory Compliance controls for Azure App Service description: Lists Azure Policy Regulatory Compliance controls available for Azure App Service. These built-in policy definitions provide common approaches to managing the compliance of your Azure resources. Previously updated : 03/10/2021 Last updated : 03/17/2021
application-gateway How Application Gateway Works https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/application-gateway/how-application-gateway-works.md
This article explains how an application gateway accepts incoming requests and r
4. If a web application firewall (WAF) is in use, the application gateway checks the request headers and the body, if present, against WAF rules. This action determines if the request is valid request or a security threat. If the request is valid, it's routed to the backend. If the request isn't valid and WAF is in Prevention mode, it's blocked as a security threat. If it's in Detection mode, the request is evaluated and logged, but still forwarded to the backend server.
-Azure Application Gateway can be used as an internal application load balancer or as an internet-facing application load balancer. An internet-facing application gateway uses public IP addresses. The DNS name of an internet-facing application gateway is publicly resolvable to its public IP address. As a result, internet-facing application gateways can route client requests to the internet.
+Azure Application Gateway can be used as an internal application load balancer or as an internet-facing application load balancer. An internet-facing application gateway uses public IP addresses. The DNS name of an internet-facing application gateway is publicly resolvable to its public IP address. As a result, internet-facing application gateways can route client requests from the internet.
Internal application gateways use only private IP addresses. If you are using a Custom or [Private DNS zone](../dns/private-dns-overview.md), the domain name should be internally resolvable to the private IP address of the Application Gateway. Therefore, internal load-balancers can only route requests from clients with access to a virtual network for the application gateway.
You can configure application gateway to modify request and response headers and
## Next steps
-[Learn about application gateway components](application-gateway-components.md)
+[Learn about application gateway components](application-gateway-components.md)
automation Automation Solution Vm Management Config https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/automation/automation-solution-vm-management-config.md
Title: Configure Azure Automation Start/Stop VMs during off-hours
description: This article tells how to configure the Start/Stop VMs during off-hours feature to support different use cases or scenarios. Previously updated : 06/01/2020 Last updated : 03/12/2021
You can enable either targeting the action against a subscription and resource g
1. Configure the `External_Stop_ResourceGroupNames` and `External_ExcludeVMNames` variables to specify the target VMs.
-2. Enable and update the **Scheduled-StartVM** and **Scheduled-StopVM** schedules.
+1. Enable and update the **Scheduled-StartVM** and **Scheduled-StopVM** schedules.
-3. Run the **ScheduledStartStop_Parent** runbook with the **ACTION** parameter field set to **start** and the **WHATIF** parameter field set to True to preview your changes.
+1. Run the **ScheduledStartStop_Parent** runbook with the **ACTION** parameter field set to **start** and the **WHATIF** parameter field set to True to preview your changes.
### Target the start and stop action by VM list 1. Run the **ScheduledStartStop_Parent** runbook with **ACTION** set to **start**.
-2. Add a comma-separated list of VMs (without spaces) in the **VMList** parameter field. An example list is `vm1,vm2,vm3`.
+1. Add a comma-separated list of VMs (without spaces) in the **VMList** parameter field. An example list is `vm1,vm2,vm3`.
-3. Set the **WHATIF** parameter field to True to preview your changes.
+1. Set the **WHATIF** parameter field to True to preview your changes.
-4. Configure the `External_ExcludeVMNames` variable with a comma-separated list of VMs (VM1,VM2,VM3), without spaces between comma-separated values.
+1. Configure the `External_ExcludeVMNames` variable with a comma-separated list of VMs (VM1,VM2,VM3), without spaces between comma-separated values.
-5. This scenario does not honor the `External_Start_ResourceGroupNames` and `External_Stop_ResourceGroupnames` variables. For this scenario, you need to create your own Automation schedule. For details, see [Schedule a runbook in Azure Automation](shared-resources/schedules.md).
+1. This scenario does not honor the `External_Start_ResourceGroupNames` and `External_Stop_ResourceGroupnames` variables. For this scenario, you need to create your own Automation schedule. For details, see [Schedule a runbook in Azure Automation](shared-resources/schedules.md).
> [!NOTE] > The value for **Target ResourceGroup Names** is stored as the values for both `External_Start_ResourceGroupNames` and `External_Stop_ResourceGroupNames`. For further granularity, you can modify each of these variables to target different resource groups. For start action, use `External_Start_ResourceGroupNames`, and use `External_Stop_ResourceGroupNames` for stop action. VMs are automatically added to the start and stop schedules.
In an environment that includes two or more components on multiple VMs supportin
1. Add a `sequencestart` and a `sequencestop` tag with positive integer values to VMs that are targeted in `External_Start_ResourceGroupNames` and `External_Stop_ResourceGroupNames` variables. The start and stop actions are performed in ascending order. To learn how to tag a VM, see [Tag a Windows virtual machine in Azure](../virtual-machines/tag-portal.md) and [Tag a Linux virtual machine in Azure](../virtual-machines/tag-cli.md).
-2. Modify the schedules **Sequenced-StartVM** and **Sequenced-StopVM** to the date and time that meet your requirements and enable the schedule.
+1. Modify the schedules **Sequenced-StartVM** and **Sequenced-StopVM** to the date and time that meet your requirements and enable the schedule.
-3. Run the **SequencedStartStop_Parent** runbook with **ACTION** set to **start** and **WHATIF** set to True to preview your changes.
+1. Run the **SequencedStartStop_Parent** runbook with **ACTION** set to **start** and **WHATIF** set to True to preview your changes.
-4. Preview the action and make any necessary changes before implementing against production VMs. When ready, manually execute the runbook with the parameter set to **False**, or let the Automation schedules **Sequenced-StartVM** and **Sequenced-StopVM** run automatically following your prescribed schedule.
+1. Preview the action and make any necessary changes before implementing against production VMs. When ready, manually execute the runbook with the parameter set to **False**, or let the Automation schedules **Sequenced-StartVM** and **Sequenced-StopVM** run automatically following your prescribed schedule.
### Target the start and stop actions by VM list 1. Add a `sequencestart` and a `sequencestop` tag with positive integer values to VMs that you plan to add to the `VMList` parameter.
-2. Run the **SequencedStartStop_Parent** runbook with **ACTION** set to **start**.
+1. Run the **SequencedStartStop_Parent** runbook with **ACTION** set to **start**.
-3. Add a comma-separated list of VMs (without spaces) in the **VMList** parameter field. An example list is `vm1,vm2,vm3`.
+1. Add a comma-separated list of VMs (without spaces) in the **VMList** parameter field. An example list is `vm1,vm2,vm3`.
-4. Set **WHATIF** to True to preview your changes.
+1. Set **WHATIF** to True to preview your changes.
-5. Configure the `External_ExcludeVMNames` variable with a comma-separated list of VMs, without spaces between comma-separated values.
+1. Configure the `External_ExcludeVMNames` variable with a comma-separated list of VMs, without spaces between comma-separated values.
-6. This scenario does not honor the `External_Start_ResourceGroupNames` and `External_Stop_ResourceGroupnames` variables. For this scenario, you need to create your own Automation schedule. For details, see [Schedule a runbook in Azure Automation](shared-resources/schedules.md).
+1. This scenario does not honor the `External_Start_ResourceGroupNames` and `External_Stop_ResourceGroupnames` variables. For this scenario, you need to create your own Automation schedule. For details, see [Schedule a runbook in Azure Automation](shared-resources/schedules.md).
-7. Preview the action and make any necessary changes before implementing against production VMs. When ready, manually execute the **monitoring-and-diagnostics/monitoring-action-groupsrunbook** with the parameter set to **False**. Alternatively, let the Automation schedules **Sequenced-StartVM** and **Sequenced-StopVM** run automatically following your prescribed schedule.
+1. Preview the action and make any necessary changes before implementing against production VMs. When ready, manually execute the **monitoring-and-diagnostics/monitoring-action-groupsrunbook** with the parameter set to **False**. Alternatively, let the Automation schedules **Sequenced-StartVM** and **Sequenced-StopVM** run automatically following your prescribed schedule.
## <a name="cpuutil"></a>Scenario 3: Start or stop automatically based on CPU utilization
When you run the **AutoStop_CreateAlert_Parent** runbook, it verifies that the t
1. Ensure that the `External_Stop_ResourceGroupNames` variable is empty or set to * (wildcard).
-2. [Optional] If you want to exclude some VMs from the autostop action, you can add a comma-separated list of VM names to the `External_ExcludeVMNames` variable.
+1. [Optional] If you want to exclude some VMs from the autostop action, you can add a comma-separated list of VM names to the `External_ExcludeVMNames` variable.
-3. Enable the **Schedule_AutoStop_CreateAlert_Parent** schedule to run to create the required Stop VM metric alert rules for all of the VMs in your subscription. Running this type of schedule lets you create new metric alert rules as new VMs are added to the subscription.
+1. Enable the **Schedule_AutoStop_CreateAlert_Parent** schedule to run to create the required Stop VM metric alert rules for all of the VMs in your subscription. Running this type of schedule lets you create new metric alert rules as new VMs are added to the subscription.
### Target the autostop action against all VMs in a resource group or multiple resource groups 1. Add a comma-separated list of resource group names to the `External_Stop_ResourceGroupNames` variable.
-2. If you want to exclude some of the VMs from the autostop, you can add a comma-separated list of VM names to the `External_ExcludeVMNames` variable.
+1. If you want to exclude some of the VMs from the autostop, you can add a comma-separated list of VM names to the `External_ExcludeVMNames` variable.
-3. Enable the **Schedule_AutoStop_CreateAlert_Parent** schedule to run to create the required Stop VM metric alert rules for all of the VMs in your resource groups. Running this operation on a schedule allows you to create new metric alert rules as new VMs are added to the resource group(s).
+1. Enable the **Schedule_AutoStop_CreateAlert_Parent** schedule to run to create the required Stop VM metric alert rules for all of the VMs in your resource groups. Running this operation on a schedule allows you to create new metric alert rules as new VMs are added to the resource group(s).
### Target the autostop action to a list of VMs 1. Create a new [schedule](shared-resources/schedules.md#create-a-schedule) and link it to the **AutoStop_CreateAlert_Parent** runbook, adding a comma-separated list of VM names to the `VMList` parameter.
-2. Optionally, if you want to exclude some VMs from the autostop action, you can add a comma-separated list of VM names (without spaces) to the `External_ExcludeVMNames` variable.
+1. Optionally, if you want to exclude some VMs from the autostop action, you can add a comma-separated list of VM names (without spaces) to the `External_ExcludeVMNames` variable.
## Configure email notifications
To change email notifications after Start/Stop VMs during off-hours is deployed,
> [!NOTE] > Subscriptions in the Azure Government cloud don't support the email functionality of this feature.
-1. In the Azure portal, navigate to **Monitor**, then **Action groups**. Select the action group called **StartStop_VM_Notication**.
+1. In the Azure portal, click on **Alerts** under **Monitoring**, then **Manage actions**. On the **Manage actions** page, make sure you're on the **Action groups** tab. Select the action group called **StartStop_VM_Notification**.
- :::image type="content" source="media/automation-solution-vm-management/azure-monitor.png" alt-text="Screenshot of the Monitor - Action groups page.":::
+ :::image type="content" source="media/automation-solution-vm-management/azure-monitor-sm.png" alt-text="Screenshot of the Monitor - Action groups page." lightbox="media/automation-solution-vm-management/azure-monitor-lg.png":::
-2. On the StartStop_VM_Notification page, click **Edit details** under **Details**. This opens the Email/SMS/Push/Voice page. Update the email address and click **OK** to save your changes.
+1. On the **StartStop_VM_Notification** page, the **Basics** section will be filled in for you and can't be edited, except for the **Display name** field. Edit the name, or accept the suggested name. In the **Notifications** section, click the pencil icon to edit the action details. This opens the **Email/SMS message/Push/Voice** pane. Update the email address and click **OK** to save your changes.
- :::image type="content" source="media/automation-solution-vm-management/change-email.png" alt-text="Screenshot of the Email/SMS/Push/Voice page showing an example email address updated.":::
+ :::image type="content" source="media/automation-solution-vm-management/change-email.png" alt-text="Screenshot of the Email/SMS message/Push/Voice page showing an example email address updated.":::
- Alternatively you can add additional actions to the action group, to learn more about action groups, see [action groups](../azure-monitor/alerts/action-groups.md)
+ You can add additional actions to the action group. To learn more about action groups, see [action groups](../azure-monitor/platform/action-groups.md)
The following is an example email that is sent when the feature shuts down virtual machines. ## <a name="add-exclude-vms"></a>Add or exclude VMs
Configuring the feature to just stop VMs at a certain time is supported. In this
1. Ensure that you've added the resource groups for the VMs to shut down in the `External_Stop_ResourceGroupNames` variable.
-2. Create your own schedule for the time when you want to shut down the VMs.
+1. Create your own schedule for the time when you want to shut down the VMs.
-3. Navigate to the **ScheduledStartStop_Parent** runbook and click **Schedule**. This allows you to select the schedule you created in the preceding step.
+1. Navigate to the **ScheduledStartStop_Parent** runbook and click **Schedule**. This allows you to select the schedule you created in the preceding step.
-4. Select **Parameters and run settings** and set the **ACTION** field to **Stop**.
+1. Select **Parameters and run settings** and set the **ACTION** field to **Stop**.
-5. Select **OK** to save your changes.
+1. Select **OK** to save your changes.
## Next steps
automation Automation Solution Vm Management https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/automation/automation-solution-vm-management.md
You can enable VMs for the Start/Stop VMs during off-hours feature using a new A
| Microsoft.Authorization/permissions/read |Subscription| | Microsoft.Authorization/roleAssignments/read | Subscription | | Microsoft.Authorization/roleAssignments/write | Subscription |
-| Microsoft.Authorization/roleAssignments/delete | Subscription || Microsoft.Automation/automationAccounts/connections/read | Resource Group |
+| Microsoft.Authorization/roleAssignments/delete | Subscription |
+| Microsoft.Automation/automationAccounts/connections/read | Resource Group |
| Microsoft.Automation/automationAccounts/certificates/read | Resource Group | | Microsoft.Automation/automationAccounts/write | Resource Group | | Microsoft.OperationalInsights/workspaces/write | Resource Group |
Don't enable all schedules, because doing so might create overlapping schedule a
|Scheduled_StopVM | User-defined, daily | Runs the **ScheduledStopStart_Parent** runbook with a parameter of `Stop` every day at the specified time. Automatically stops all VMs that meet the rules defined by variable assets. Enable the related schedule **Scheduled-StartVM**.| |Scheduled_StartVM | User-defined, daily | Runs the **ScheduledStopStart_Parent** runbook with a parameter value of `Start` every day at the specified time. Automatically starts all VMs that meet the rules defined by variable assets. Enable the related schedule **Scheduled-StopVM**.| |Sequenced-StopVM | 1:00 AM (UTC), every Friday | Runs the **Sequenced_StopStop_Parent** runbook with a parameter value of `Stop` every Friday at the specified time. Sequentially (ascending) stops all VMs with a tag of **SequenceStop** defined by the appropriate variables. For more information on tag values and asset variables, see [Runbooks](#runbooks). Enable the related schedule, **Sequenced-StartVM**.|
-|Sequenced-StartVM | 1:00 PM (UTC), every Monday | Runs the **SequencedStopStart_Parent** runbook with a parameter value of `Start` every Monday at the specified time. Sequentially (descending) starts all VMs with a tag of **SequenceStart** defined by the appropriate variables. For more information on tag values and variable assets, see [Runbooks](#runbooks). Enable the related schedule, **Sequenced-StopVM**.
+|Sequenced-StartVM | 1:00 PM (UTC), every Monday | Runs the **SequencedStopStart_Parent** runbook with a parameter value of `Start` every Monday at the specified time. Sequentially (descending) starts all VMs with a tag of **SequenceStart** defined by the appropriate variables. For more information on tag values and variable assets, see [Runbooks](#runbooks). Enable the related schedule, **Sequenced-StopVM**.|
## Use the feature with classic VMs
automation Configure Alerts https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/automation/change-tracking/configure-alerts.md
Once you have your alerts configured, you can set up an action group, which is a
3. Under **Actions**, enter a name that specifies the action, for example, **Email Notification**.
-4. For **Action Type**, select the appropriate type, for example, **Email/SMS/Push/Voice**.
+4. For **Action Type**, select the appropriate type, for example, **Email/SMS message/Push/Voice**.
-5. Select **Edit details**.
+5. Select the pencil icon to edit the action details.
-6. Fill in the pane for your action type. For example, if using **Email/SMS/Push/Voice**, enter an action name, select the **Email** checkbox, enter a valid email address, and then select **OK**.
+6. Fill in the pane for your action type. For example, if using **Email/SMS message/Push/Voice** to send an email, enter an action name, select the **Email** checkbox, enter a valid email address, and then select **OK**.
![Configure an email action group](./media/configure-alerts/configure-email-action-group.png)
automation Security Controls Policy https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/automation/security-controls-policy.md
Title: Azure Policy Regulatory Compliance controls for Azure Automation description: Lists Azure Policy Regulatory Compliance controls available for Azure Automation. These built-in policy definitions provide common approaches to managing the compliance of your Azure resources. Previously updated : 03/10/2021 Last updated : 03/17/2021
automation Configure Alerts https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/automation/update-management/configure-alerts.md
Title: How to create alerts for Azure Automation Update Management
description: This article tells how to configure Azure alerts to notify about the status of update assessments or deployments. Previously updated : 10/19/2020 Last updated : 03/15/2021
Follow the steps below to set up alerts to let you know the status of an update
1. In your Automation account, select **Alerts** under **Monitoring**, and then select **New alert rule**.
-2. On the **Create alert rule** page, your Automation account is already selected as the resource. If you want to change it, select **Edit resource**.
+1. On the **Create alert rule** page, your Automation account is already selected as the resource. If you want to change it, select **Edit resource**.
-3. On the Select a resource page, choose **Automation Accounts** from the **Filter by resource type** dropdown list.
+1. On the Select a resource page, choose **Automation Accounts** from the **Filter by resource type** dropdown list.
-4. Select the Automation account that you want to use, and then select **Done**.
+1. Select the Automation account that you want to use, and then select **Done**.
-5. Select **Add condition** to chose the signal that's appropriate for your requirement.
+1. Select **Add condition** to chose the signal that's appropriate for your requirement.
-6. For a dimension, select a valid value from the list. If the value you want isn't in the list, select **\+** next to the dimension and type in the custom name. Then select the value to look for. If you want to select all values for a dimension, select the **Select \*** button. If you don't choose a value for a dimension, Update Management ignores that dimension.
+1. For a dimension, select a valid value from the list. If the value you want isn't in the list, select **\+** next to the dimension and type in the custom name. Then select the value to look for. If you want to select all values for a dimension, select the **Select \*** button. If you don't choose a value for a dimension, Update Management ignores that dimension.
![Configure signal logic](./media/manage-updates-for-vm/signal-logic.png)
-7. Under **Alert logic**, enter values in the **Time aggregation** and **Threshold** fields, and then select **Done**.
+1. Under **Alert logic**, enter values in the **Time aggregation** and **Threshold** fields, and then select **Done**.
-8. On the next page, enter a name and a description for the alert.
+1. On the next page, enter a name and a description for the alert.
-9. Set the **Severity** field to **Informational(Sev 2)** for a successful run or **Informational(Sev 1)** for a failed run.
+1. Set the **Severity** field to **Informational(Sev 2)** for a successful run or **Informational(Sev 1)** for a failed run.
![Screenshot shows the Define alert details section with Alert rule name, Description, and Severity fields highlighted.](./media/manage-updates-for-vm/define-alert-details.png)
-10. Select **Yes** to enable the alert rule.
+1. Select **Yes** to enable the alert rule.
## Configure action groups for your alerts Once you have your alerts configured, you can set up an action group, which is a group of actions to use across multiple alerts. The actions can include email notifications, runbooks, webhooks, and much more. To learn more about action groups, see [Create and manage action groups](../../azure-monitor/alerts/action-groups.md).
-1. Select an alert and then select **Create New** under **Action Groups**.
+1. Select an alert and then select **Add action groups** under **Actions**. This will display the **Select an action group to attach to this alert rule** pane.
-2. Enter a full name and a short name for the action group. Update Management uses the short name when sending notifications using the specified group.
+ :::image type="content" source="./media/manage-updates-for-vm/select-an-action-group.png" alt-text="Usage and estimated costs.":::
-3. Under **Actions**, enter a name that specifies the action, for example, **Email Notification**.
-
-4. For **Action Type**, select the appropriate type, for example, **Email/SMS/Push/Voice**.
-
-5. Select **Edit details**.
-
-6. Fill in the pane for your action type. For example, if using **Email/SMS/Push/Voice**, enter an action name, select the **Email** checkbox, enter a valid email address, and then select **OK**.
-
- ![Configure an email action group](./media/manage-updates-for-vm/configure-email-action-group.png)
-
-7. In the Add action group pane, select **OK**.
-
-8. For an alert email, you can customize the email subject. Select **Customize actions** under **Create rule**, then select **Email subject**.
-
-9. When you're finished, select **Create alert rule**.
+1. Select the checkbox for the Action group to attach and press Select.
## Next steps
availability-zones Az Overview https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/availability-zones/az-overview.md
If a service offering is not available in a specific region, you can share your
| Recommended | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | Demand-driven | :heavy_check_mark: | :heavy_check_mark: | | Alternate | :heavy_check_mark: | :heavy_check_mark: | Demand-driven | Demand-driven | N/A | :heavy_check_mark: |
-### Services by category with Availability Zones
+### Services by category
As mentioned previously, Azure classifies services into three categories: foundational, mainstream, and specialized. Service categories are assigned at general availability. Often, services start their lifecycle as a specialized service and as demand and utilization increases may be promoted to mainstream or foundational. The following table lists the category for services as foundational, mainstream. You should note the following about the table:
As mentioned previously, Azure classifies services into three categories: founda
> | Azure Data Lake Storage Gen2 | Azure Active Directory Domain Services | > | Azure ExpressRoute | Azure Bastion | > | Azure Public IP | Azure Cache for Redis |
-> | Azure SQL Database: Business Critical & Premium Tiers | Azure Cognitive Search |
-> | Disk Storage | Azure Cognitive Services |
-> | Event Hubs | Azure Cognitive
-> | Key Vault | Azure Cognitive
-> | Load balancer | Azure Cognitive
-> | Service Bus | Azure Cognitive
-> | Service Fabric | Azure Cognitive
-> | Storage: Hot/Cool Blob Storage Tiers | Azure Cognitive
-> | Storage: Managed Disks | Azure Cognitive
-> | Virtual Machine Scale Sets | Azure Cognitive
-> | Virtual Machines | Azure Data Explorer |
-> | Virtual Machines: Azure Dedicated Host | Azure Data Share |
-> | Virtual Machines: Av2-Series | Azure Database for MySQL |
-> | Virtual Machines: Bs-Series | Azure Database for PostgreSQL |
-> | Virtual Machines: DSv2-Series | Azure DDoS Protection |
-> | Virtual Machines: DSv3-Series | Azure Firewall |
-> | Virtual Machines: Dv2-Series | Azure Firewall Manager |
-> | Virtual Machines: Dv3-Series | Azure Functions |
-> | Virtual Machines: ESv3-Series | Azure IoT Hub |
-> | Virtual Machines: Ev3-Series | Azure Kubernetes Service (AKS) |
-> | Virtual Network | Azure Machine Learning |
-> | VPN Gateway | Azure Monitor: Application Insights |
-> | | Azure Monitor: Log Analytics |
+> | Azure SQL Database | Azure Cognitive Search |
+> | Azure SQL Managed Instance | Azure Cognitive Services |
+> | Disk Storage | Azure Cognitive
+> | Event Hubs | Azure Cognitive
+> | Key Vault | Azure Cognitive
+> | Load balancer | Azure Cognitive
+> | Service Bus | Azure Cognitive
+> | Service Fabric | Azure Cognitive
+> | Storage: Hot/Cool Blob Storage Tiers | Azure Cognitive
+> | Storage: Managed Disks | Azure Cognitive
+> | Virtual Machine Scale Sets | Azure Data Explorer |
+> | Virtual Machines | Azure Data Share |
+> | Virtual Machines: Azure Dedicated Host | Azure Database for MySQL |
+> | Virtual Machines: Av2-Series | Azure Database for PostgreSQL |
+> | Virtual Machines: Bs-Series | Azure DDoS Protection |
+> | Virtual Machines: DSv2-Series | Azure Firewall |
+> | Virtual Machines: DSv3-Series | Azure Firewall Manager |
+> | Virtual Machines: Dv2-Series | Azure Functions |
+> | Virtual Machines: Dv3-Series | Azure IoT Hub |
+> | Virtual Machines: ESv3-Series | Azure Kubernetes Service (AKS) |
+> | Virtual Machines: Ev3-Series | Azure Machine Learning |
+> | Virtual Network | Azure Monitor: Application Insights |
+> | VPN Gateway | Azure Monitor: Log Analytics |
> | | Azure Private Link | > | | Azure Red Hat OpenShift | > | | Azure Site Recovery |
azure-app-configuration Security Controls Policy https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-app-configuration/security-controls-policy.md
Title: Azure Policy Regulatory Compliance controls for Azure App Configuration description: Lists Azure Policy Regulatory Compliance controls available for Azure App Configuration. These built-in policy definitions provide common approaches to managing the compliance of your Azure resources. Previously updated : 03/10/2021 Last updated : 03/17/2021
azure-arc Plan At Scale Deployment https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-arc/servers/plan-at-scale-deployment.md
Title: How to plan for an at-scale deployment of Azure Arc enabled servers
+ Title: How to plan and deploy Azure Arc enabled servers
description: Learn how to enable a large number of machines to Azure Arc enabled servers to simplify configuration of essential security, management, and monitoring capabilities in Azure. Previously updated : 03/12/2021 Last updated : 03/18/2021
-# Plan and deploy Arc enabled servers at-scale
+# Plan and deploy Arc enabled servers
-Deployment of an IT infrastructure service or business application is a challenge for any company. In order to execute it well and avoid any unwelcome surprises and unplanned costs, you need to thoroughly plan for it to ensure that you're as ready as possible. To plan for deploying Azure Arc enabled servers at-scale, it should cover the design and deployment criteria that needs to be met in order to successfully complete the tasks to support an at-scale deployment.
+Deployment of an IT infrastructure service or business application is a challenge for any company. In order to execute it well and avoid any unwelcome surprises and unplanned costs, you need to thoroughly plan for it to ensure that you're as ready as possible. To plan for deploying Azure Arc enabled servers at any scale, it should cover the design and deployment criteria that needs to be met in order to successfully complete the tasks.
For the deployment to proceed smoothly, your plan should establish a clear understanding of:
Next, we add to the foundation laid in phase 1 by preparing for and deploying th
|Task |Detail |Duration | |--|-||
-| Download the pre-defined installation script | Review and customize the pre-defined installation script for at-scale deployment of the Connected Machine agent to support your automated deployment requirements.<br><br> Sample at-scale onboarding resources:<br><br> <ul><li> [At-scale basic deployment script](onboard-service-principal.md)</ul></li> <ul><li>[At-scale onboarding VMware vSphere Windows Server VMs](https://github.com/microsoft/azure_arc/blob/master/azure_arc_servers_jumpstart/docs/vmware_scaled_powercli_win.md)</ul></li> <ul><li>[At-scale onboarding VMware vSphere Linux VMs](https://github.com/microsoft/azure_arc/blob/master/azure_arc_servers_jumpstart/docs/vmware_scaled_powercli_linux.md)</ul></li> <ul><li>[At-scale onboarding AWS EC2 instances using Ansible](https://github.com/microsoft/azure_arc/blob/master/azure_arc_servers_jumpstart/docs/aws_scale_ansible.md)</ul></li> <ul><li>[At-scale deployment using PowerShell remoting](https://docs.microsoft.com/azure/azure-arc/servers/onboard-powershell) (Windows only)</ul></li>| One or more days depending on requirements, organizational processes (for example, Change and Release Management), and automation method used. |
+| Download the pre-defined installation script | Review and customize the pre-defined installation script for at-scale deployment of the Connected Machine agent to support your automated deployment requirements.<br><br> Sample at scale onboarding resources:<br><br> <ul><li> [At scale basic deployment script](onboard-service-principal.md)</ul></li> <ul><li>[At scale onboarding VMware vSphere Windows Server VMs](https://github.com/microsoft/azure_arc/blob/master/azure_arc_servers_jumpstart/docs/vmware_scaled_powercli_win.md)</ul></li> <ul><li>[At scale onboarding VMware vSphere Linux VMs](https://github.com/microsoft/azure_arc/blob/master/azure_arc_servers_jumpstart/docs/vmware_scaled_powercli_linux.md)</ul></li> <ul><li>[At scale onboarding AWS EC2 instances using Ansible](https://github.com/microsoft/azure_arc/blob/master/azure_arc_servers_jumpstart/docs/aws_scale_ansible.md)</ul></li> <ul><li>[At scale deployment using PowerShell remoting](https://docs.microsoft.com/azure/azure-arc/servers/onboard-powershell) (Windows only)</ul></li>| One or more days depending on requirements, organizational processes (for example, Change and Release Management), and automation method used. |
| [Create service principal](onboard-service-principal.md#create-a-service-principal-for-onboarding-at-scale) |Create a service principal to connect machines non-interactively using Azure PowerShell or from the portal.| One hour | | Deploy the Connected Machine agent to your target servers and machines |Use your automation tool to deploy the scripts to your servers and connect them to Azure.| One or more days depending on your release plan and if following a phased rollout. |
azure-arc Security Controls Policy https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-arc/servers/security-controls-policy.md
Title: Azure Policy Regulatory Compliance controls for Azure Arc enabled servers (preview) description: Lists Azure Policy Regulatory Compliance controls available for Azure Arc enabled servers (preview). These built-in policy definitions provide common approaches to managing the compliance of your Azure resources. Previously updated : 03/10/2021 Last updated : 03/17/2021
azure-cache-for-redis Quickstart Create Redis Enterprise https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-cache-for-redis/quickstart-create-redis-enterprise.md
Last updated 02/08/2021
# Quickstart: Create a Redis Enterprise cache
-Azure Cache for Redis' Enterprise tiers provide fully integrated and managed [Redis Enterprise](https://redislabs.com/redis-enterprise/) on Azure. They're currently available as a preview. There are two new tiers in this preview:
+Azure Cache for Redis' Enterprise tiers provide fully integrated and managed [Redis Enterprise](https://redislabs.com/redis-enterprise/) on Azure. These new tiers are:
* Enterprise, which uses volatile memory (DRAM) on a virtual machine to store data * Enterprise Flash, which uses both volatile and non-volatile memory (NVMe or SSD) to store data.
Azure Cache for Redis' Enterprise tiers provide fully integrated and managed [Re
You'll need an Azure subscription before you begin. If you don't have one, create an [account](https://azure.microsoft.com/). For more information, see [special considerations for Enterprise tiers](cache-overview.md#special-considerations-for-enterprise-tiers). ## Create a cache
-1. To create a cache, sign in to the Azure portal using the link in your preview invitation and select **Create a resource**.
+1. To create a cache, sign in to the Azure portal and select **Create a resource**.
1. On the **New** page, select **Databases** and then select **Azure Cache for Redis**.
You'll need an Azure subscription before you begin. If you don't have one, creat
| **Subscription** | Drop down and select your subscription. | The subscription under which to create this new Azure Cache for Redis instance. | | **Resource group** | Drop down and select a resource group, or select **Create new** and enter a new resource group name. | Name for the resource group in which to create your cache and other resources. By putting all your app resources in one resource group, you can easily manage or delete them together. | | **DNS name** | Enter a globally unique name. | The cache name must be a string between 1 and 63 characters that contains only numbers, letters, or hyphens. The name must start and end with a number or letter, and can't contain consecutive hyphens. Your cache instance's *host name* will be *\<DNS name>.<Azure region>.redisenterprise.cache.azure.net*. |
- | **Location** | Drop down and select a location. | Enterprise tiers are available in limited Azure regions during the preview. |
+ | **Location** | Drop down and select a location. | Enterprise tiers are available in selected Azure regions. |
| **Cache type** | Drop down and select an *Enterprise* or *Enterprise Flash* tier and a size. | The tier determines the size, performance, and features that are available for the cache. | :::image type="content" source="media/cache-create/enterprise-tier-basics.png" alt-text="Enterprise tier Basics tab":::
azure-cache-for-redis Security Controls Policy https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-cache-for-redis/security-controls-policy.md
Title: Azure Policy Regulatory Compliance controls for Azure Cache for Redis description: Lists Azure Policy Regulatory Compliance controls available for Azure Cache for Redis. These built-in policy definitions provide common approaches to managing the compliance of your Azure resources. Previously updated : 03/10/2021 Last updated : 03/17/2021
azure-functions Configure Networking How To https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-functions/configure-networking-how-to.md
+
+ Title: How to configure Azure Functions with a virtual network
+description: Article that shows you how to perform certain virtual networking tasks for Azure Functions.
+ Last updated : 3/13/2021+++
+# How to configure Azure Functions with a virtual network
+
+This article shows you how to perform tasks related to configuring your function app to connect to and run on a virtual network. To learn more about Azure Functions and networking, see [Azure Functions networking options](functions-networking-options.md).
+
+## Restrict your storage account to a virtual network
+
+When you create a function app, you must create or link to a general-purpose Azure Storage account that supports Blob, Queue, and Table storage. You can replace this storage account with one that is secured with service endpoints or private endpoint.
+
+> [!NOTE]
+> This feature currently works for all Windows virtual network-supported SKUs in the Dedicated (App Service) plan and for Premium plans. Consumption plan isn't supported.
+
+To set up a function with a storage account restricted to a private network:
+
+1. Create a function with a storage account that does not have service endpoints enabled.
+
+1. Configure the function to connect to your virtual network.
+
+1. Create or configure a different storage account. This will be the storage account we secure with service endpoints and connect our function.
+
+1. [Create a file share](../storage/files/storage-how-to-create-file-share.md#create-file-share) in the secured storage account.
+
+1. Enable service endpoints or private endpoint for the storage account.
+ * If using private endpoint connections, the storage account will need a private endpoint for the `file` and `blob` sub-resources. If using certain capabilities like Durable Functions, you will also need `queue` and `table` accessible through a private endpoint connection.
+ * If using service endpoints, enable the subnet dedicated to your function apps for storage accounts.
+
+1. Copy the file and blob content from the function app storage account to the secured storage account and file share.
+
+1. Copy the connection string for this storage account.
+
+1. Update the **Application Settings** under **Configuration** for the function app to the following:
+
+ | Setting name | Value | Comment |
+ |-|-|-|
+ | `AzureWebJobsStorage`| Storage connection string | This is the connection string for a secured storage account. |
+ | `WEBSITE_CONTENTAZUREFILECONNECTIONSTRING` | Storage connection string | This is the connection string for a secured storage account. |
+ | `WEBSITE_CONTENTSHARE` | File share | The name of the file share created in the secured storage account where the project deployment files reside. |
+ | `WEBSITE_CONTENTOVERVNET` | 1 | New setting |
+ | `WEBSITE_VNET_ROUTE_ALL` | 1 | Forces all outbound traffic through the virtual network. Required when the storage account is using private endpoint connections. |
+ | `WEBSITE_DNS_SERVER` | `168.63.129.16` | The DNS server used by the app. Required when the storage account is using private endpoint connections. |
+
+1. Select **Save** to save the application settings. Changing app settings causes the app to restart.
+
+After the function app restarts, it's now connected to a secured storage account.
+
+## Next steps
+
+> [!div class="nextstepaction"]
+> [Azure Functions networking options](functions-networking-options.md)
+
azure-functions Disable Function https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-functions/disable-function.md
Title: How to disable functions in Azure Functions description: Learn how to disable and enable functions in Azure Functions. Previously updated : 02/03/2021 Last updated : 03/15/2021
The recommended way to disable a function is with an app setting in the format `
> [!NOTE] > When you disable an HTTP triggered function by using the methods described in this article, the endpoint may still by accessible when running on your local computer.
-## Use the Azure CLI
+## Disable a function
-In the Azure CLI, you use the [`az functionapp config appsettings set`](/cli/azure/functionapp/config/appsettings#az-functionapp-config-appsettings-set) command to create and modify the app setting. The following command disables a function named `QueueTrigger` by creating an app setting named `AzureWebJobs.QueueTrigger.Disabled` set it to `true`.
+# [Portal](#tab/portal)
+
+Use the **Enable** and **Disable** buttons on the function's **Overview** page. These buttons work by changing the value of the `AzureWebJobs.<FUNCTION_NAME>.Disabled` app setting. This function-specific setting is created the first time it's disabled.
+
+![Function state switch](media/disable-function/function-state-switch.png)
+
+Even when you publish to your function app from a local project, you can still use the portal to disable functions in the function app.
+
+> [!NOTE]
+> The portal-integrated testing functionality ignores the `Disabled` setting. This means that a disabled function still runs when started from the **Test** window in the portal.
+
+# [Azure CLI](#tab/azurecli)
+
+In the Azure CLI, you use the [`az functionapp config appsettings set`](/cli/azure/functionapp/config/appsettings#az-functionapp-config-appsettings-set) command to create and modify the app setting. The following command disables a function named `QueueTrigger` by creating an app setting named `AzureWebJobs.QueueTrigger.Disabled` and setting it to `true`.
```azurecli-interactive
-az functionapp config appsettings set --name <myFunctionApp> \
resource-group <myResourceGroup> \
+az functionapp config appsettings set --name <FUNCTION_APP_NAME> \
+--resource-group <RESOURCE_GROUP_NAME> \
--settings AzureWebJobs.QueueTrigger.Disabled=true ```
az functionapp config appsettings set --name <myFunctionApp> \
--settings AzureWebJobs.QueueTrigger.Disabled=false ```
-## Use the Portal
+# [Azure PowerShell](#tab/powershell)
-You can also use the **Enable** and **Disable** buttons on the function's **Overview** page. These buttons work by changing the value of the `AzureWebJobs.<FUNCTION_NAME>.Disabled` app setting. This function-specific setting is created the first time it's disabled.
+The [`Update-AzFunctionAppSetting`](/powershell/module/az.functions/update-azfunctionappsetting) command adds or updates an application setting. The following command disables a function named `QueueTrigger` by creating an app setting named `AzureWebJobs.QueueTrigger.Disabled` and setting it to `true`.
-![Function state switch](media/disable-function/function-state-switch.png)
+```azurepowershell-interactive
+Update-AzFunctionAppSetting -Name <FUNCTION_APP_NAME> -ResourceGroupName <RESOURCE_GROUP_NAME> -AppSetting @{"AzureWebJobs.QueueTrigger.Disabled" = "true"}
+```
-Even when you publish to your function app from a local project, you can still use the portal to disable functions in the function app.
+To re-enable the function, rerun the same command with a value of `false`.
-> [!NOTE]
-> The portal-integrated testing functionality ignores the `Disabled` setting. This means that a disabled function still runs when started from the **Test** window in the portal.
+```azurepowershell-interactive
+Update-AzFunctionAppSetting -Name <FUNCTION_APP_NAME> -ResourceGroupName <RESOURCE_GROUP_NAME> -AppSetting @{"AzureWebJobs.QueueTrigger.Disabled" = "false"}
+```
++
+## Functions in a slot
+
+By default, app settings also apply to apps running in deployment slots. You can, however, override the app setting used by the slot by setting a slot-specific app setting. For example, you might want a function to be active in production but not during deployment testing, such as a timer triggered function.
+
+To disable a function only in the staging slot:
+
+# [Portal](#tab/portal)
+
+Navigate to the slot instance of your function app by selecting **Deployment slots** under **Deployment**, choosing your slot, and selecting **Functions** in the slot instance. Choose your function, then use the **Enable** and **Disable** buttons on the function's **Overview** page. These buttons work by changing the value of the `AzureWebJobs.<FUNCTION_NAME>.Disabled` app setting. This function-specific setting is created the first time it's disabled.
+
+You can also directly add the app setting named `AzureWebJobs.<FUNCTION_NAME>.Disabled` with value of `true` in the **Configuration** for the slot instance. When you add a slot-specific app setting, make sure to check the **Deployment slot setting** box. This maintains the setting value with the slot during swaps.
+
+# [Azure CLI](#tab/azurecli)
+
+```azurecli-interactive
+az functionapp config appsettings set --name <FUNCTION_APP_NAME> \
+--resource-group <RESOURCE_GROUP_NAME> --slot <SLOT_NAME> \
+--slot-settings AzureWebJobs.QueueTrigger.Disabled=true
+```
+To re-enable the function, rerun the same command with a value of `false`.
+
+```azurecli-interactive
+az functionapp config appsettings set --name <myFunctionApp> \
+--resource-group <myResourceGroup> --slot <SLOT_NAME> \
+--slot-settings AzureWebJobs.QueueTrigger.Disabled=false
+```
+
+# [Azure PowerShell](#tab/powershell)
+
+Azure PowerShell currently doesn't support this functionality.
+++
+To learn more, see [Azure Functions Deployment slots](functions-deployment-slots.md).
## local.settings.json
azure-functions Functions App Settings https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-functions/functions-app-settings.md
Only used when deploying to a Premium plan or to a Consumption plan running on W
When using a Azure Resource Manager to create a function app during deployment, don't include WEBSITE_CONTENTSHARE in the template. This application setting is generated during deployment. To learn more, see [Automate resource deployment for your function app](functions-infrastructure-as-code.md#windows).
+## WEBSITE\_DNS\_SERVER
+
+Sets the DNS server used by an app when resolving IP addresses. This setting is often required when using certain networking functionality, such as [Azure DNS private zones](functions-networking-options.md#azure-dns-private-zones) and [private endpoints](functions-networking-options.md#restrict-your-storage-account-to-a-virtual-network).
+
+|Key|Sample value|
+|||
+|WEBSITE\_DNS\_SERVER|168.63.129.16|
+ ## WEBSITE\_MAX\_DYNAMIC\_APPLICATION\_SCALE\_OUT
-The maximum number of instances that the function app can scale out to. Default is no limit.
+The maximum number of instances that the app can scale out to. Default is no limit.
> [!IMPORTANT] > This setting is in preview. An [app property for function max scale out](./event-driven-scaling.md#limit-scale-out) has been added and is the recommended way to limit scale out.
Allows you to set the timezone for your function app.
[!INCLUDE [functions-timezone](../../includes/functions-timezone.md)]
+## WEBSITE\_VNET\_ROUTE\_ALL
+
+Indicates whether all outbound traffic from the app is routed through the virtual network. A setting value of `1` indicates that all traffic is routed through the virtual network. You need to use this setting when using using features of [Regional virtual network integration](functions-networking-options.md#regional-virtual-network-integration). It's also used when a [virtual network NAT gateway is used to define a static outbound IP address](functions-how-to-use-nat-gateway.md).
+
+|Key|Sample value|
+|||
+|WEBSITE\_VNET\_ROUTE\_ALL|1|
+ ## Next steps [Learn how to update app settings](functions-how-to-use-azure-function-app-settings.md#settings)
azure-functions Functions How To Use Nat Gateway https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-functions/functions-how-to-use-nat-gateway.md
+
+ Title: Control Azure Functions outbound IP with an Azure virtual network NAT gateway
+description: A step-by-step tutorial that shows you how to configure NAT for a function connected to an Azure virtual network
++ Last updated : 2/26/2021+
+#Customer intent: As an enterprise developer, I want a consistent and predictable outbound IP address for my function so that an external party can add my function's IP to the allowlist.
++
+# Tutorial: Control Azure Functions outbound IP with an Azure virtual network NAT gateway
+
+Virtual network address translation (NAT) simplifies outbound-only internet connectivity for virtual networks. When configured on a subnet, all outbound connectivity uses your specified static public IP addresses. An NAT can be useful for Azure Functions or Web Apps that need to consume a third-party service that uses an allowlist of IP address as a security measure. To learn more, see [What is Virtual Network NAT?](../virtual-network/nat-overview.md).
+
+This tutorial shows you how to use virtual network NATs to route outbound traffic from an HTTP triggered function. This function lets you check its own outbound IP address. During this tutorial, you'll:
+
+> [!div class="checklist"]
+> * Create a virtual network
+> * Create a Premium plan function app
+> * Create a public IP address
+> * Create a NAT gateway
+> * Configure function app to route outbound traffic through the NAT gateway
+
+## Topology
+
+The following diagram shows the architecture of the solution that you create:
+
+![UI for NAT gateway integration](./media/functions-how-to-use-nat-gateway/topology.png)
+
+Functions running in the Premium plan have the same hosting capabilities as web apps in Azure App Service, which includes the VNet Integration feature. To learn more about VNet Integration, including troubleshooting and advanced configuration, see [Integrate your app with an Azure virtual network](../app-service/web-sites-integrate-with-vnet.md).
+
+## Prerequisites
+
+For this tutorial, it's important that you understand IP addressing and subnetting. You can start with [this article that covers the basics of addressing and subnetting](https://support.microsoft.com/help/164015/understanding-tcp-ip-addressing-and-subnetting-basics). Many more articles and videos are available online.
+
+If you donΓÇÖt have an Azure subscription, create a [free account](https://azure.microsoft.com/free/?WT.mc_id=A261C142F) before you begin.
+
+If you've already completed the [integrate Functions with an Azure virtual network](./functions-create-vnet.md) tutorial, you can skip to [Create an HTTP trigger function](#create-function).
+
+## Create a virtual network
+
+1. From the Azure portal menu, select **Create a resource**. From the Azure Marketplace, select **Networking** > **Virtual network**.
+
+1. In **Create virtual network**, enter or select the settings specified as shown in the following table:
+
+ | Setting | Value |
+ | - | -- |
+ | Subscription | Select your subscription.|
+ | Resource group | Select **Create new**, enter *myResourceGroup*, then select **OK**. |
+ | Name | Enter *myResourceGroup-vnet*. |
+ | Location | Select **East US**.|
+
+1. Select **Next: IP Addresses**, and for **IPv4 address space**, enter *10.10.0.0/16*.
+
+1. Select **Add subnet**, then enter *Tutorial-Net* for **Subnet name** and *10.10.1.0/24* for **Subnet address range**.
+
+ ![IP Addresses tab for creating a vnet](./media/functions-how-to-use-nat-gateway/create-vnet-2-ip-space.png)
+
+1. Select **Add**, then select **Review + create**. Leave the rest as default and select **Create**.
+
+1. In **Create virtual network**, select **Create**.
+
+Next, you create a function app in the [Premium plan](functions-premium-plan.md). This plan provides serverless scale while supporting virtual network integration.
+
+## Create a function app in a Premium plan
+
+> [!NOTE]
+> For the best experience in this tutorial, choose .NET for runtime stack and choose Windows for operating system. Also, create you function app in the same region as your virtual network.
++
+## Connect your function app to the virtual network
+
+You can now connect your function app to the virtual network.
+
+1. In your function app, select **Networking** in the left menu, then under **VNet Integration**, select **Click here to configure**.
+
+ :::image type="content" source="./media/functions-how-to-use-nat-gateway/networking-0.png" alt-text="Choose networking in the function app":::
+
+1. On the **VNET Integration** page, select **Add VNet**.
+
+1. In **Network Feature Status**, use the settings in the table below the image:
+
+ ![Define the function app virtual network](./media/functions-how-to-use-nat-gateway/networking-3.png)
+
+ | Setting | Suggested value | Description |
+ | | - | - |
+ | **Virtual Network** | MyResourceGroup-vnet | This virtual network is the one you created earlier. |
+ | **Subnet** | Create New Subnet | Create a subnet in the virtual network for your function app to use. VNet Integration must be configured to use an empty subnet. |
+ | **Subnet name** | Function-Net | Name of the new subnet. |
+ | **Virtual network address block** | 10.10.0.0/16 | You should only have one address block defined. |
+ | **Subnet Address Block** | 10.10.2.0/24 | The subnet size restricts the total number of instances that your Premium plan function app can scale out to. This example uses a `/24` subnet with 254 available host addresses. This subnet is over-provisioned, but easy to calculate. |
+
+1. Select **OK** to add the subnet. Close the **VNet Integration** and **Network Feature Status** pages to return to your function app page.
+
+The function app can now access the virtual network. Next, you'll add an HTTP-triggered function to the function app.
+
+## <a name="create-function"></a>Create an HTTP trigger function
+
+1. From the left menu of the **Functions** window, select **Functions**, then select **Add** from the top menu.
+
+1. From the **New Function** window, select **Http trigger** and accept the default name for **New Function**, or enter a new name.
+
+1. In **Code + Test**, replace the template-generated C# script (.csx) code with the following code:
+
+ ```csharp
+ #r "Newtonsoft.Json"
+
+ using System.Net;
+ using Microsoft.AspNetCore.Mvc;
+ using Microsoft.Extensions.Primitives;
+ using Newtonsoft.Json;
+
+ public static async Task<IActionResult> Run(HttpRequest req, ILogger log)
+ {
+ log.LogInformation("C# HTTP trigger function processed a request.");
+
+ var client = new HttpClient();
+ var response = await client.GetAsync(@"https://ifconfig.me");
+ var responseMessage = await response.Content.ReadAsStringAsync();
+
+ return new OkObjectResult(responseMessage);
+ }
+ ```
+
+ This code calls an external website that returns the IP address of the caller, which in this case is this function. This method lets you easily determine the outbound IP address being used by your function app.
+
+Now you're ready to run the function and check the current outbound IPs.
+
+## Verify current outbound IPs
+
+Now, you can run the function. But first, check in the portal and see what outbound IPs are being use by the function app.
+
+1. In your function app, select **Properties** and review the **Outbound IP Addresses** field.
+
+ ![View function app outbound IP addresses](./media/functions-how-to-use-nat-gateway/function-properties-ip.png)
+
+1. Now, return to your HTTP trigger function, select **Code + Test** and then **Test/Run**.
+
+ ![Test function](./media/functions-how-to-use-nat-gateway/function-code-test.png)
+
+1. Select **Run** to execute the function, then switch to the **Output**.
+
+ ![Test function output](./media/functions-how-to-use-nat-gateway/function-test-1-output.png)
+
+1. Verify that IP address in the HTTP response body is one of the values from the outbound IP addresses you viewed earlier.
+
+Now, you can create a public IP and use a NAT gateway to modify this outbound IP address.
+
+## Create public IP
+
+1. From your resource group, select **Add**, search the Azure Marketplace for **Public IP address**, and select **Create**. Use the settings in the table below the image:
+
+ ![Create Public IP Address](./media/functions-how-to-use-nat-gateway/create-public-ip.png)
+
+ | Setting | Suggested value |
+ | | - |
+ | **IP Version** | IPv4 |
+ | **SKU** | Standard |
+ | **Tier** | Regional |
+ | **Name** | Outbound-IP |
+ | **Subscription** | ensure your subscription is displayed |
+ | **Resource group** | myResourceGroup (or name you assigned to your resource group) |
+ | **Location** | East US (or location you assigned to your other resources) |
+ | **Availability Zone** | No Zone |
+
+1. Select **Create** to submit the deployment.
+
+1. Once the deployment completes, navigate to your newly created Public IP Address resource and view the IP Address in the **Overview**.
+
+ ![View Public IP Address](./media/functions-how-to-use-nat-gateway/public-ip-overview.png)
+
+## Create NAT gateway
+
+Now, let's create the NAT gateway. When you start with the [previous virtual networking tutorial](functions-create-vnet.md), `Function-Net` was the suggested subnet name and `MyResourceGroup-vnet` was the suggested virtual network name in that tutorial.
+
+1. From your resource group, select **Add**, search the Azure Marketplace for **NAT gateway**, and select **Create**. Use the settings in the table below the image to populate the **Basics** tab:
+
+ ![Create NAT gateway](./media/functions-how-to-use-nat-gateway/create-nat-1-basics.png)
+
+ | Setting | Suggested value |
+ | | - |
+ | **Subscription** | Your subscription |
+ | **Resource group** | myResourceGroup (or name you assigned to your resource group) |
+ | **NAT gateway name** | myNatGateway |
+ | **Region** | East US (or location you assigned to your other resources) |
+ | **Availability Zone** | None |
+
+1. Select **Next: Outbound IP**. In the **Public IP addresses** field, select the previously created public IP address. Leave **Public IP Prefixes** unselected.
+
+1. Select **Next: Subnet**. Select the *myResourceGroup-vnet* resource in the **Virtual network** field and *Function-Net* subnet.
+
+ ![Select subnet](./media/functions-how-to-use-nat-gateway/create-nat-3-subnet.png)
+
+1. Select **Review + Create** then **Create** to submit the deployment.
+
+Once the deployment completes, the NAT gateway is ready to route traffic from your function app subnet to the Internet.
+
+## Update function configuration
+
+Now, you must add an application setting `WEBSITE_VNET_ROUTE_ALL` set to a value of `1`. This setting forces outbound traffic through the virtual network and associated NAT gateway. Without this setting, internet traffic isn't routed through the integrated virtual network, and you'll see the same outbound IPs.
+
+1. Navigate to your function app in the Azure portal and select **Configuration** from the left-hand menu.
+
+1. Under **Application settings**, select **+ New application setting** and complete use the following values to fill out the fields:
+
+ |Field Name |Value |
+ |||
+ |**Name** |WEBSITE_VNET_ROUTE_ALL|
+ |**Value** |1|
+
+1. Select **OK** to close the new application setting dialog.
+
+1. Select **Save** and then **Continue** to save the settings.
+
+The function app's now configured to route traffic through its associated virtual network.
+
+## Verify new outbound IPs
+
+Repeat [the steps earlier](#verify-current-outbound-ips) to run the function again. You should now see the outbound IP address that you configured in the NAT shown in the function output.
+
+## Clean up resources
+
+You created resources to complete this tutorial. You'll be billed for these resources, depending on your [account status](https://azure.microsoft.com/account/) and [service pricing](https://azure.microsoft.com/pricing/). To avoid incurring extra costs, delete the resources when you know longer need them.
++
+## Next steps
+
+> [!div class="nextstepaction"]
+> [Azure Functions networking options](functions-networking-options.md)
azure-functions Functions Networking Faq https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-functions/functions-networking-faq.md
This article lists frequently asked questions about networking in Azure Function
## How do I set a static IP in Functions?
-Deploying a function in an App Service Environment is currently the only way to have a static inbound and outbound IP for your function. For details on using an App Service Environment, start with the article [Create and use an internal load balancer with an App Service Environment](../app-service/environment/create-ilb-ase.md).
+Deploying a function in an App Service Environment is the primary way to have static inbound and outbound IP addresses for your functions. For details on using an App Service Environment, start with the article [Create and use an internal load balancer with an App Service Environment](../app-service/environment/create-ilb-ase.md).
+
+You can also use a virtual network NAT gateway to route outbound traffic through a public IP address that you control. To learn more, see [Tutorial: Control Azure Functions outbound IP with an Azure virtual network NAT gateway](functions-how-to-use-nat-gateway.md).
## How do I restrict internet access to my function?
Keep in mind that the Azure portal editor requires direct access to your running
You are able to restrict **inbound** traffic for a function app to a virtual network using [Service Endpoints](./functions-networking-options.md#use-service-endpoints). This configuration still allows the function app to make outbound calls to the internet.
-To completely restrict a function such that all traffic flows through a virtual network, you can use an [private endpoints](./functions-networking-options.md#private-endpoint-connections) with outbound virtual network integration or an App Service Environment.
+To completely restrict a function such that all traffic flows through a virtual network, you can use a [private endpoints](./functions-networking-options.md#private-endpoint-connections) with outbound virtual network integration or an App Service Environment. To learn more, see [Integrate Azure Functions with an Azure virtual network by using private endpoints](functions-create-vnet.md).
## How can I access resources in a virtual network from a function app?
azure-functions Functions Networking Options https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-functions/functions-networking-options.md
Last updated 1/21/2021 - + # Azure Functions networking options This article describes the networking features available across the hosting options for Azure Functions. All the following networking options give you some ability to access resources without using internet-routable addresses or to restrict internet access to a function app.
To learn how to set up virtual network integration, see [Integrate a function ap
## Connect to service endpoint secured resources
-To provide a higher level of security, you can restrict a number of Azure services to a virtual network by using service endpoints. You must then integrate your function app with that virtual network to access the resource. This configuration is supported on all plans that support virtual network integration.
+To provide a higher level of security, you can restrict a number of Azure services to a virtual network by using service endpoints. You must then integrate your function app with that virtual network to access the resource. This configuration is supported on all [plans](functions-scale.md#networking-features) that support virtual network integration.
To learn more, see [Virtual network service endpoints](../virtual-network/virtual-network-service-endpoints-overview.md). ## Restrict your storage account to a virtual network
-When you create a function app, you must create or link to a general-purpose Azure Storage account that supports Blob, Queue, and Table storage. You can replace this storage account with one that is secured with service endpoints or private endpoint. This feature currently works for all Windows virtual network supported skus which includes Standard and Premium, except for on flex stamps where virtual networks are available only for Premium sku. To set up a function with a storage account restricted to a private network:
-
-1. Create a function with a storage account that does not have service endpoints enabled.
-1. Configure the function to connect to your virtual network.
-1. Create or configure a different storage account. This will be the storage account we secure with service endpoints and connect our function.
-1. [Create a file share](../storage/files/storage-how-to-create-file-share.md#create-file-share) in the secured storage account.
-1. Enable service endpoints or private endpoint for the storage account.
- * If using private endpoint connections, the storage account will need a private endpoint for the `file` and `blob` subresources. If using certain capabilities like Durable Functions, you will also need `queue` and `table` accessible through a private endpoint connection.
- * If using service endpoints, enable the subnet dedicated to your function apps for storage accounts.
-1. Copy the file and blob content from the function app storage account to the secured storage account and file share.
-1. Copy the connection string for this storage account.
-1. Update the **Application Settings** under **Configuration** for the function app to the following:
- - `AzureWebJobsStorage` to the connection string for the secured storage account.
- - `WEBSITE_CONTENTAZUREFILECONNECTIONSTRING` to the connection string for the secured storage account.
- - `WEBSITE_CONTENTSHARE` to the name of the file share created in the secured storage account.
- - Create a new setting with the name `WEBSITE_CONTENTOVERVNET` and value of `1`.
- - If the storage account is using private endpoint connections, verify or add the following settings
- - `WEBSITE_VNET_ROUTE_ALL` with a value of `1`.
- - `WEBSITE_DNS_SERVER` with a value of `168.63.129.16`
-1. Save the application settings.
-
-The function app will restart and will now be connected to a secured storage account.
+When you create a function app, you must create or link to a general-purpose Azure Storage account that supports Blob, Queue, and Table storage. You can replace this storage account with one that is secured with service endpoints or private endpoint.
+
+This feature currently works for all Windows virtual network-supported SKUs in the Dedicated (App Service) plan and for the Premium plan. The Consumption plan isn't supported. To learn how to set up a function with a storage account restricted to a private network, see [Restrict your storage account to a virtual network](configure-networking-how-to.md#restrict-your-storage-account-to-a-virtual-network).
## Use Key Vault references
Outbound IP restrictions are available in a Premium plan, App Service plan, or A
When you integrate a function app in a Premium plan or an App Service plan with a virtual network, the app can still make outbound calls to the internet by default. By adding the application setting `WEBSITE_VNET_ROUTE_ALL=1`, you force all outbound traffic to be sent into your virtual network, where network security group rules can be used to restrict traffic.
+To learn how to control the outbound IP using a virtual network, see [Tutorial: Control Azure Functions outbound IP with an Azure virtual network NAT gateway](functions-how-to-use-nat-gateway.md).
+ ## Automation The following APIs let you programmatically manage regional virtual network integrations:
azure-functions Ip Addresses https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-functions/ip-addresses.md
Last updated 12/03/2018
# IP addresses in Azure Functions
-This article explains the following topics related to IP addresses of function apps:
+This article explains the following concepts related to IP addresses of function apps:
-* How to find the IP addresses currently in use by a function app.
-* What causes a function app's IP addresses to be changed.
-* How to restrict the IP addresses that can access a function app.
-* How to get dedicated IP addresses for a function app.
+* Locating the IP addresses currently in use by a function app.
+* Conditions that cause function app IP addresses to changed.
+* Restricting the IP addresses that can access a function app.
+* Defining dedicated IP addresses for a function app.
IP addresses are associated with function apps, not with individual functions. Incoming HTTP requests can't use the inbound IP address to call individual functions; they must use the default domain name (functionappname.azurewebsites.net) or a custom domain name.
az webapp show --resource-group <group_name> --name <app_name> --query possibleO
## Data center outbound IP addresses
-If you need to add the outbound IP addresses used by your function apps to an allow list, another option is to add the function apps' data center (Azure region) to an allow list. You can [download a JSON file that lists IP addresses for all Azure data centers](https://www.microsoft.com/en-us/download/details.aspx?id=56519). Then find the JSON fragment that applies to the region that your function app runs in.
+If you need to add the outbound IP addresses used by your function apps to an allowlist, another option is to add the function apps' data center (Azure region) to an allowlist. You can [download a JSON file that lists IP addresses for all Azure data centers](https://www.microsoft.com/en-us/download/details.aspx?id=56519). Then find the JSON fragment that applies to the region that your function app runs in.
-For example, this is what the Western Europe JSON fragment might look like:
+For example, the following JSON fragment is what the allowlist for Western Europe might look like:
``` {
The set of available outbound IP addresses for a function app might change when
When your function app runs in a [Consumption plan](consumption-plan.md) or in a [Premium plan](functions-premium-plan.md), the outbound IP address might also change even when you haven't taken any actions such as the ones [listed above](#inbound-ip-address-changes).
-To deliberately force an outbound IP address change:
+Use the following procedure to deliberately force an outbound IP address change:
1. Scale your App Service plan up or down between Standard and Premium v2 pricing tiers.+ 2. Wait 10 minutes.+ 3. Scale back to where you started. ## IP address restrictions
You can configure a list of IP addresses that you want to allow or deny access t
## Dedicated IP addresses
-If you need static, dedicated IP addresses, we recommend [App Service Environments](../app-service/environment/intro.md) (the [Isolated tier](https://azure.microsoft.com/pricing/details/app-service/) of App Service plans). For more information, see [App Service Environment IP addresses](../app-service/environment/network-info.md#ase-ip-addresses) and [How to control inbound traffic to an App Service Environment](../app-service/environment/app-service-app-service-environment-control-inbound-traffic.md).
+There are several strategies to explore when your function app requires static, dedicated IP addresses.
+
+### Virtual network NAT gateway for outbound static IP
+
+You can control the IP address of outbound traffic from your functions by using a virtual network NAT gateway to direct traffic through a static public IP address. You can use this topology when running in a [Premium plan](functions-premium-plan.md). To learn more, see [Tutorial: Control Azure Functions outbound IP with an Azure virtual network NAT gateway](functions-how-to-use-nat-gateway.md).
+
+### App Service Environments
+
+For full control over the IP addresses, both inbound and outbound, we recommend [App Service Environments](../app-service/environment/intro.md) (the [Isolated tier](https://azure.microsoft.com/pricing/details/app-service/) of App Service plans). For more information, see [App Service Environment IP addresses](../app-service/environment/network-info.md#ase-ip-addresses) and [How to control inbound traffic to an App Service Environment](../app-service/environment/app-service-app-service-environment-control-inbound-traffic.md).
To find out if your function app runs in an App Service Environment:
azure-functions Run Functions From Deployment Package https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-functions/run-functions-from-deployment-package.md
The following shows a function app configured to run from a .zip file hosted in
- Run From Package makes `wwwroot` read-only, so you will receive an error when writing files to this directory. - Tar and gzip formats are not supported.
+- The ZIP file can be at most 1GB.
- This feature does not compose with local cache. - For improved cold-start performance, use the local Zip option (`WEBSITE_RUN_FROM_PACKAGE`=1). - Run From Package is incompatible with deployment customization option (`SCM_DO_BUILD_DURING_DEPLOYMENT=true`), the build step will be ignored during deployment.
azure-monitor Data Collection Rule Azure Monitor Agent https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/agents/data-collection-rule-azure-monitor-agent.md
description: Describes how to create a data collection rule to collect data from
Previously updated : 08/19/2020 Last updated : 03/16/2021
Click **Add Data Source** and then **Review + create** to review the details of
> [!NOTE] > After the data collection rule and associations have been created, it might take up to 5 minutes for data to be sent to the destinations.
+## Limit data collection with custom XPath queries
+Since you're charged for any data collected in a Log Analytics workspace, you should collect only the data that you require. Using basic configuration in the Azure portal, you only have limited ability to filter events to collect. For Application and System logs, this is all logs with a particular severity. For Security logs, this is all audit success or all audit failure logs.
+
+To specify additional filters, you must use Custom configuration and specify an XPath that filters out the events you don't. XPath entries are written in the form `LogName!XPathQuery`. For example, you may want to return only events from the Application event log with an event ID of 1035. The XPathQuery for these events would be `*[System[EventID=1035]]`. Since you want to retrieve the events from the Application event log, the XPath would be `Application!*[System[EventID=1035]]`
+
+> [!TIP]
+> Use the PowerShell cmdlet `Get-WinEvent` with the `FilterXPath` parameter to test the validity of an XPathQuery. The following script shows an example.
+>
+> ```powershell
+> $XPath = '*[System[EventID=1035]]'
+> Get-WinEvent -LogName 'Application' -FilterXPath $XPath
+> ```
+>
+> - If events are returned, the query is valid.
+> - If you receive the message *No events were found that match the specified selection criteria.*, the query may be valid, but there are no matching events on the local machine.
+> - If you receive the message *The specified query is invalid* , the query syntax is invalid.
+
+The following table shows examples for filtering events using a custom XPath.
+
+| Description | XPath |
+|:|:|
+| Collect only System events with Event ID = 4648 | `System!*[System[EventID=4648]]`
+| Collect only System events with Event ID = 4648 and a process name of consent.exe | `System!*[System[(EventID=4648) and (EventData[@Name='ProcessName']='C:\Windows\System32\consent.exe')]]`
+| Collect all Critical, Error, Warning, and Information events from the System event log except for Event ID = 6 (Driver loaded) | `System!*[System[(Level=1 or Level=2 or Level=3) and (EventID != 6)]]` |
+| Collect all success and failure Security events except for Event ID 4624 (Successful logon) | `Security!*[System[(band(Keywords,13510798882111488)) and (EventID != 4624)]]` |
+ ## Create rule and association using REST API
Follow the steps below to create a data collection rule and association
You cannot create a data collection rule using a Resource Manager template, but you can create an association between an Azure virtual machine or Azure Arc enabled server using a Resource Manager template. See [Resource Manager template samples for data collection rules in Azure Monitor](./resource-manager-data-collection-rules.md) for sample templates. ++ ## Next steps - Learn more about the [Azure Monitor Agent](azure-monitor-agent-overview.md).
azure-monitor Data Collection Rule Overview https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/agents/data-collection-rule-overview.md
The sample data collection rule below is for virtual machines with Azure Managem
- Destinations - Sends all data to a Log Analytics workspace named centralWorkspace.
+> [!NOTE]
+> For an explanation of XPaths that are used to specify event collection in data collection rules, see [Limit data collection with custom XPath queries](data-collection-rule-azure-monitor-agent.md#limit-data-collection-with-custom-xpath-queries)
++ ```json { "location": "eastus",
azure-monitor Resource Manager Data Collection Rules https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/agents/resource-manager-data-collection-rules.md
Last updated 11/17/2020
# Resource Manager template samples for data collection rules in Azure Monitor
-This article includes sample [Azure Resource Manager templates](../../azure-resource-manager/templates/template-syntax.md) to deploy and configure the [Log Analytics agent](./log-analytics-agent.md) and [diagnostic extension](./diagnostics-extension-overview.md) for virtual machines in Azure Monitor. Each sample includes a template file and a parameters file with sample values to provide to the template.
+This article includes sample [Azure Resource Manager templates](../../azure-resource-manager/templates/template-syntax.md) to create an association between a [data collection rule](data-collection-rule-overview.md) and the [Azure Monitor agent](./azure-monitor-agent-overview.md). Each sample includes a template file and a parameters file with sample values to provide to the template.
[!INCLUDE [azure-monitor-samples](../../../includes/azure-monitor-resource-manager-samples.md)]
azure-monitor Java Jmx Metrics Configuration https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/app/java-jmx-metrics-configuration.md
+
+ Title: How to configure JMX metrics - Azure Monitor application insights for Java
+description: Configure additional JMX metrics collection for Azure Monitor application insights Java agent
+ Last updated : 03/16/2021+++++
+# Configuring JMX metrics
+
+Application insights Java 3.0 agent collects some of the JMX metrics by default, but in many cases this is not enough. This document describes the JMX configuration option in details.
+
+## How do I collect additional JMX metrics?
+
+JMX metrics collection can be configured by adding a ```"jmxMetrics"``` section to the applicationinsights.json file. You can specify the name of the metric the way you want it to appear in Azure portal in application insights resource. You have to define the object name and attribute for each of the metrics you want collected.
+
+## How do I know what metrics are available to configure?
+
+You nailed it - you must know the object names and the attributes, those properties are different for various libraries, frameworks, and application servers, and are often not well documented. To get the object names and attributes, you need to view the MBean tree. An MBean is a managed Java object, that can represent a device, an application, or a resource, and has a set of attributes.
+
+To view the available metrics and browse through the available metrics, we recommend using [Java Mission Control](https://www.oracle.com/java/technologies/jdk-mission-control.html).
+
+### How to navigate the Java Mission Control to get to the right metrics?
+
+When you run the Java Mission Control tool, you'll have a selection of JVMs available on the left side, click on the relevant process under the 'JVM Browser' tab. Wait until JMC loads the dashboard for the process, select 'MBean Browser' tab on the bottom (see below). The JMC must be located in the same folder as the JVM and your process/app must be up and running.
+
+![Screenshot of JMC MBean browser](media/java-ipa/jmx/jmc-mbean-browser.png)
+
+### How to get to the metrics I want, and the necessary attributes?
+
+The MBean browser opens the MBean tree with the list of categories that can be expanded. Selecting a category on the left opens the list of attributes on the right. Below is an example of a metric, its object name, and the attributes. The attributes may be nested, as in the example below.
+
+![Screenshot of JMC MBean tree](media/java-ipa/jmx/jmc-metric-sample.png)
+
+### Configuration example
+
+From the selection as shown in the image above, lets configure a few metrics. The first one is an example of a nested metric - `LastGcInfo` that has several properties, and we want to capture the `GcThreadCount`.
+
+```json
+"jmxMetrics": [
+ {
+ "name": "Demo - GC Thread Count",
+ "objectName": "java.lang:type=GarbageCollector,name=PS MarkSweep",
+ "attribute": "LastGcInfo.GcThreadCount"
+ },
+ {
+ "name": "Demo - GC Collection Count",
+ "objectName": "java.lang:type=GarbageCollector,name=PS MarkSweep",
+ "attribute": "CollectionCount"
+ },
+ {
+ "name": "Demo - Thread Count",
+ "objectName": "java.lang:type=Threading",
+ "attribute": "ThreadCount"
+ }
+],
+```
+
+### Types of collected metrics and available configuration options?
+
+We support numeric and boolean JMX metrics, while other types aren't supported and will be ignored.
+
+Currently, the wildcards and aggregated attributes aren't supported, that's why every attribute 'object name'/'attribute' pair must be configured separately.
++
+## Where do I find the JMX Metrics in application insights?
+
+As your application is running and the JMX metrics are collected, you can view them by going to Azure portal and navigate to your application insights resource. Under Metrics tab, select the dropdown as shown below to view the metrics.
+
+![Screenshot of metrics in portal](media/java-ipa/jmx/jmx-portal.png)
azure-monitor App Insights Metrics https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/essentials/app-insights-metrics.md
Browser metrics are collected by the Application Insights JavaScript SDK from re
### Browser page load time (browserTimings/totalDuration)
+Time from user request until DOM, stylesheets, scripts and images are loaded.
+ |Unit of measure|Supported aggregations|Pre-aggregated dimensions| |||| |Milliseconds|Average, Min, Max|None|
browserTimings
### Client processing time (browserTiming/processingDuration)
+Time between receiving the last byte of a document until the DOM is loaded. Async requests may still be processing.
+ |Unit of measure|Supported aggregations|Pre-aggregated dimensions| |||| |Milliseconds|Average, Min, Max|None|
browserTimings
### Page load network connect time (browserTimings/networkDuration)
+Time between user request and network connection. Includes DNS lookup and transport connection.
+ |Unit of measure|Supported aggregations|Pre-aggregated dimensions| |||| |Milliseconds|Average, Min, Max|None|
browserTimings
### Receiving response time (browserTimings/receiveDuration)
+Time between the first and last bytes, or until disconnection.
+ |Unit of measure|Supported aggregations|Pre-aggregated dimensions| |||| |Milliseconds|Average, Min, Max|None|
browserTimings
### Send request time (browserTimings/sendDuration)
+Time between network connection and receiving the first byte.
+ |Unit of measure|Supported aggregations|Pre-aggregated dimensions| |||| |Milliseconds|Average, Min, Max|None|
azure-monitor Faq https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/faq.md
The log collection from containers in the kube-system namespace is disabled by d
To learn how to upgrade the agent, see [Agent management](containers/container-insights-manage-agent.md).
+### Why are log lines larger than 16KB split into multiple records in Log Analytics?
+
+The agent uses the [Docker JSON file logging driver](https://docs.docker.com/config/containers/logging/json-file/) to capture the stdout and stderr of containers. This logging driver splits log lines [larger than 16KB](https://github.com/moby/moby/pull/22982) into multiple lines when copied from stdout or stderr to a file.
+ ### How do I enable multi-line logging? Currently Container insights doesn't support multi-line logging, but there are workarounds available. You can configure all the services to write in JSON format and then Docker/Moby will write them as a single line.
azure-monitor Network Insights Overview https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/insights/network-insights-overview.md
Diagnostic Toolkit provides access to all the diagnostic features available for
![Screenshot that shows the Diagnostic Toolkit tab.](media/network-insights-overview/azure-monitor-for-networks-diagnostic-toolkit.png)
-## Troubleshooting
+## Onboarded resources
-For general troubleshooting guidance, see the dedicated workbook-based insights [troubleshooting article](troubleshoot-workbooks.md).
+Onboarded resources have built-in workbooks, and dependency views. Currently onboarded resources are Virtual WAN, Application Gateway, Load Balancer, and ExpressRoute.
+## Troubleshooting
+For general troubleshooting guidance, see the dedicated workbook-based insights [troubleshooting article](troubleshoot-workbooks.md).
This section will help you diagnose and troubleshoot some common problems you might encounter when you use Azure Monitor for Networks. ### How do I resolve performance problems or failures?
You can edit the workbook you see in any side-panel or detailed metric view by u
## Next steps - Learn more about network monitoring: [What is Azure Network Watcher?](../../network-watcher/network-watcher-monitoring-overview.md)-- Learn the scenarios workbooks are designed to support, how to create reports and customize existing reports, and more: [Create interactive reports with Azure Monitor workbooks](../visualize/workbooks-overview.md)
+- Learn the scenarios workbooks are designed to support, how to create reports and customize existing reports, and more: [Create interactive reports with Azure Monitor workbooks](../visualize/workbooks-overview.md)
azure-monitor Private Link Security https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/logs/private-link-security.md
Some Azure Monitor services use global endpoints, meaning they serve requests ta
When you set up a Private Link connection, your DNS is updated to map Azure Monitor endpoints to private IP addresses from your VNet's IP range. This change overrides any previous mapping of these endpoints, which can have meaningful implications, reviewed below. ### Azure Monitor Private Link applies to all Azure Monitor resources - it's All or Nothing
-Since some Azure Monitor endpoints are global, it's impossible to create a Private Link connection for a specific component or workspace. Instead, when you set up a Private Link to a single Application Insights component, your DNS records are updated for **all** Application Insights component. Any attempt to ingest or query a component will go through the Private Link, and possibly fail. Similarly, setting up a Private Link to a single workspace will cause all Log Analytics queries to go through the Private Link query endpoint (but not ingestion requests, which have workspace-specific endpoints).
+Since some Azure Monitor endpoints are global, it's impossible to create a Private Link connection for a specific component or workspace. Instead, when you set up a Private Link to a single Application Insights component or Log Analytics workspace, your DNS records are updated for **all** Application Insights components. Any attempt to ingest or query a component will go through the Private Link, and possibly fail. With regard to Log Analytics, ingestion and configuration endpoints are workspace-specific, meaning the Private-link setup will only apply for the specified workspaces. Ingestion and configuration of other workspaces will be directed to the default public Log Analytics endpoints.
![Diagram of DNS overrides in a single VNet](./media/private-link-security/dns-overrides-single-vnet.png)
That's true not only for a specific VNet, but for all VNets that share the same
> [!NOTE] > To conclude:
-> Once your setup a Private Link connection to a single resource, it applies to all Azure Monitor resources in your network - it's All or Nothing. That effectively means you should add all Azure Monitor resources in your network to your AMPLS, or none of them.
+> Once your setup a Private Link connection to a single resource, it applies to Azure Monitor resources across your network. For Application Insights resources, that's 'All or Nothing'. That effectively means you should add all Application Insights resources in your network to your AMPLS, or none of them.
+>
+> To handle data exfiltration risks, our recommendation is to add all Application Insights and Log Analytics resources to your AMPLS, and block your networks egress traffic as much as possible.
### Azure Monitor Private Link applies to your entire network Some networks are composed of multiple VNets. If the VNets use the same DNS server, they will override each other's DNS mappings and possibly break each other's communication with Azure Monitor (see [The issue of DNS overrides](#the-issue-of-dns-overrides)). Ultimately, only the last VNet will be able to communicate with Azure Monitor, since the DNS will map Azure Monitor endpoints to private IPs from this VNets range (which may not be reachable from other VNets).
azure-monitor Security Controls Policy https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/security-controls-policy.md
Title: Azure Policy Regulatory Compliance controls for Azure Monitor description: Lists Azure Policy Regulatory Compliance controls available for Azure Monitor. These built-in policy definitions provide common approaches to managing the compliance of your Azure resources. Previously updated : 03/10/2021 Last updated : 03/17/2021
azure-monitor Vminsights Health Configure https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/vm/vminsights-health-configure.md
Last updated 12/14/2020
VM insights guest health allows you to view the health of a virtual machine as defined by a set of performance measurements that are sampled at regular intervals. This article describes how you can modify default monitoring using the Azure portal. It also describes fundamental concepts of monitors required for [configuring monitoring using a data collection rule](vminsights-health-configure-dcr.md). ## Open monitor configuration
-Open monitor configuration bin the Azure portal by selecting the monitor and then the **Configuration** tab.
+Open monitor configuration in the Azure portal by selecting the monitor and then the **Configuration** tab.
[![Monitor details configuration](media/vminsights-health-overview/monitor-details-configuration.png)](media/vminsights-health-overview/monitor-details-configuration.png#lightbox)
In the following example, CPU utilization is set to following health states:
## Next steps -- [Configure monitors at scale using data collection rules.](vminsights-health-configure-dcr.md)
+- [Configure monitors at scale using data collection rules.](vminsights-health-configure-dcr.md)
azure-netapp-files Azure Netapp Files Resize Capacity Pools Or Volumes https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-netapp-files/azure-netapp-files-resize-capacity-pools-or-volumes.md
na ms.devlang: na Previously updated : 09/22/2020 Last updated : 03/10/2021 # Resize a capacity pool or a volume
You can change the size of a volume as necessary. A volume's capacity consumptio
2. Right-click the name of the volume that you want to resize or click the "…" icon at the end of the volume's row to display the context menu. 3. Use the context menu options to resize or delete the volume.
+## Resize a cross-region replication destination volume
+
+In a [cross-region replication](cross-region-replication-introduction.md) relationship, a destination volume is automatically resized based on the size of the source volume. As such, you donΓÇÖt need to resize the destination volume separately. This automatic resizing behavior is applicable when the volumes are in an active replication relationship, or when replication peering is broken with the [resync operation](cross-region-replication-manage-disaster-recovery.md#resync-replication).
+
+The following table describes the destination volume resizing behavior based on the [Mirror state](cross-region-replication-display-health-status.md):
+
+| Mirror state | Destination volume resizing behavior |
+|-|-|
+| *Mirrored* | When the destination volume has been initialized and is ready to receive mirroring updates, resizing the source volume automatically resizes the destination volumes. |
+| *Broken* | When you resize the source volume and the Mirror state is *broken*, the destination volume is automatically resized with the [resync operation](cross-region-replication-manage-disaster-recovery.md#resync-replication). |
+| *Uninitialized* | When you resize the source volume and the Mirror state is still *uninitialized*, resizing the destination volume needs to be done manually. As such, it's recommended that you wait for the initialization to complete (that is, when the Mirror state becomes *mirrored*) to resize the source volume. |
+
+> [!IMPORTANT]
+> Ensure that you have enough headroom in the capacity pools for both the source and the destination volumes of cross-region replication. When you resize the source volume, the destination volume is automatically resized. But if the capacity pool hosting the destination volume doesnΓÇÖt have enough headroom, the resizing of both the source and the destination volumes will fail.
+ ## Next steps - [Set up a capacity pool](azure-netapp-files-set-up-capacity-pool.md)
azure-netapp-files Cross Region Replication Create Peering https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-netapp-files/cross-region-replication-create-peering.md
na ms.devlang: na Previously updated : 09/16/2020 Last updated : 03/10/2021 # Create volume replication for Azure NetApp Files
You can also select an existing NetApp account in a different region.
* Capacity pool * Volume quota > [!NOTE]
- > It is recommended that the volume quota size mirror that of the source volume.
+ > The volume quota (size) for the destination volume should mirror that of the source volume. If you specify a size that is smaller than the source volume, the destination volume is automatically resized to the source volume size.
* Virtual network * Subnet
azure-netapp-files Cross Region Replication Display Health Status https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-netapp-files/cross-region-replication-display-health-status.md
na ms.devlang: na Previously updated : 09/16/2020 Last updated : 03/11/2021 # Display health status of replication relationship
You can view replication status on the source volume or the destination volume.
* [Cross-region replication](cross-region-replication-introduction.md) * [Manage disaster recovery](cross-region-replication-manage-disaster-recovery.md)
+* [Resize a cross-region replication destination volume](azure-netapp-files-resize-capacity-pools-or-volumes.md#resize-a-cross-region-replication-destination-volume)
* [Volume replication metrics](azure-netapp-files-metrics.md#replication) * [Delete volume replications or volumes](cross-region-replication-delete.md) * [Troubleshoot cross-region replication](troubleshoot-cross-region-replication.md)
azure-netapp-files Cross Region Replication Introduction https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-netapp-files/cross-region-replication-introduction.md
na ms.devlang: na Previously updated : 02/25/2021 Last updated : 03/10/2021
Regular Azure NetApp Files storage capacity charge for Month 2 applies to the de
* [Create volume replication](cross-region-replication-create-peering.md) * [Display health status of replication relationship](cross-region-replication-display-health-status.md) * [Manage disaster recovery](cross-region-replication-manage-disaster-recovery.md)
+* [Resize a cross-region replication destination volume](azure-netapp-files-resize-capacity-pools-or-volumes.md#resize-a-cross-region-replication-destination-volume)
* [Volume replication metrics](azure-netapp-files-metrics.md#replication) * [Delete volume replications or volumes](cross-region-replication-delete.md) * [Troubleshoot cross-region replication](troubleshoot-cross-region-replication.md)
azure-netapp-files Cross Region Replication Manage Disaster Recovery https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-netapp-files/cross-region-replication-manage-disaster-recovery.md
na ms.devlang: na Previously updated : 09/16/2020 Last updated : 03/10/2021 # Manage disaster recovery using cross-region replication
After the resync operation from destination to source is complete, you need to b
* [Cross-region replication](cross-region-replication-introduction.md) * [Requirements and considerations for using cross-region replication](cross-region-replication-requirements-considerations.md) * [Display health status of replication relationship](cross-region-replication-display-health-status.md)
+* [Resize a cross-region replication destination volume](azure-netapp-files-resize-capacity-pools-or-volumes.md#resize-a-cross-region-replication-destination-volume)
* [Volume replication metrics](azure-netapp-files-metrics.md#replication) * [Delete volume replications or volumes](cross-region-replication-delete.md) * [Troubleshoot cross-region replication](troubleshoot-cross-region-replication.md)
azure-netapp-files Troubleshoot Cross Region Replication https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-netapp-files/troubleshoot-cross-region-replication.md
na ms.devlang: na Previously updated : 11/18/2020 Last updated : 03/10/2021 # Troubleshoot cross-region replication
This article describes error messages and resolutions that can help you troubles
| `Snapshot cannot be deleted, parent volume is a Data Protection volume with a replication object` | Validate that you have broken the volume's replication if you want to delete this snapshot. | | `Cannot delete volume replication generated snapshot` | Deletion of replication baseline snapshots is not allowed. |
+## Errors resizing volumes
+
+| Error Message | Resolution |
+|-|-|
+| Attempt to resize a source volume is failing with the error `"PoolSizeTooSmall","message":"Pool size too small for total volume size."` | Ensure that you have enough headroom in the capacity pools for both the source and the destination volumes of cross-region replication. When you resize the source volume, the destination volume is automatically resized. But if the capacity pool hosting the destination volume doesnΓÇÖt have enough headroom, the resizing of both the source and the destination volumes will fail. See [Resize a cross-region replication destination volume](azure-netapp-files-resize-capacity-pools-or-volumes.md#resize-a-cross-region-replication-destination-volume) for details. |
+ ## Next steps * [Cross-region replication](cross-region-replication-introduction.md)
This article describes error messages and resolutions that can help you troubles
* [Create volume replication](cross-region-replication-create-peering.md) * [Display health status of replication relationship](cross-region-replication-display-health-status.md) * [Manage disaster recovery](cross-region-replication-manage-disaster-recovery.md)
+* [Resize a cross-region replication destination volume](azure-netapp-files-resize-capacity-pools-or-volumes.md#resize-a-cross-region-replication-destination-volume)
* [Troubleshoot cross-region replication](troubleshoot-cross-region-replication.md)
azure-netapp-files Whats New https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-netapp-files/whats-new.md
na ms.devlang: na Previously updated : 12/04/2020 Last updated : 03/11/2021
Azure NetApp Files is updated on a regular basis. This article provides a summary about the latest new features and enhancements.
+## March 2021
+
+* [Automatic resizing of a cross-region replication destination volume](azure-netapp-files-resize-capacity-pools-or-volumes.md#resize-a-cross-region-replication-destination-volume)
+
+ In a cross-region replication relationship, a destination volume is automatically resized based on the size of the source volume. As such, you donΓÇÖt need to resize the destination volume separately. This automatic resizing behavior is applicable when the volumes are in an active replication relationship, or when replication peering is broken with the resync operation. For this feature to work, you need to ensure sufficient headroom in the capacity pools for both the source and the destination volumes.
+ ## December 2020 * [Azure Application Consistent Snapshot Tool](azacsnap-introduction.md) (Public Preview)
azure-percept Overview 8020 Integration https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-percept/overview-8020-integration.md
The Azure Percept DK and Audio Accessory were designed to integrate with the [80
Each hardware component is built with the notches and protrusions to fit in the 1010 extrusion type. This integration enables customers and solution builders to more easily extend their proof of concepts to production environments.
-<!
-## Check out this video for more information on how to use Azure Percept DK with 80/20
->
+Check out this video for more information on how to use Azure Percept DK with 80/20:
+
+</br>
+
+> [!VIDEO https://www.youtube.com/embed/Dg6mtD9psLU]
## Next steps
azure-percept Overview Ai Models https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-percept/overview-ai-models.md
Through Azure Percept Studio, you can develop custom [vision](./tutorial-nocode-
For custom vision solutions, both object detection and classification AI models are available. Simply upload and tag your training images, which can be taken directly with the Azure Percept Vision SoM of the Azure Percept DK, if desired. Model training and evaluation are easily performed in [Custom Vision](https://www.customvision.ai/), which is part of [Azure Cognitive Services](https://azure.microsoft.com/services/cognitive-services/#overview).
+</br>
+
+> [!VIDEO https://www.youtube.com/embed/9LvafyazlJM]
+ For custom speech solutions, voice assistant templates are currently available for the following applications: - Hospitality: hotel room equipped with voice-controlled smart devices.
azure-percept Overview Azure Percept Audio https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-percept/overview-azure-percept-audio.md
Azure Percept Audio is an accessory device that adds speech AI capabilities to t
> [!div class="nextstepaction"] > [Buy now](https://go.microsoft.com/fwlink/p/?LinkId=2155270)
+<!
:::image type="content" source="./media/overview-azure-percept-audio/percept-audio.png" alt-text="Azure Percept Audio device.":::
+>
+</br>
+
+> [!VIDEO https://www.youtube.com/embed/Qj8NGn-7s5A]
## Azure Percept Audio components
azure-percept Overview Azure Percept Dk https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-percept/overview-azure-percept-dk.md
Azure Percept DK is an edge AI and IoT development kit designed for developing v
> [!div class="nextstepaction"] > [Buy now](https://go.microsoft.com/fwlink/p/?LinkId=2155270)
+<!
:::image type="content" source="./media/overview-azure-percept-dk/dk-image.png" alt-text="Azure Percept DK device.":::
+>
+</br>
+
+> [!VIDEO https://www.youtube.com/embed/Qj8NGn-7s5A]
## Key Features
azure-percept Overview Azure Percept Studio https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-percept/overview-azure-percept-studio.md
[Azure Percept Studio](https://go.microsoft.com/fwlink/?linkid=2135819) is the single launch point for creating edge AI models and solutions. Azure Percept Studio allows you to discover and complete guided workflows that make it easy to integrate edge AI capable hardware and powerful Azure AI and IoT cloud services. In the Studio, you can see your edge AI capable devices as end points for collecting initial and ongoing training data as well as deployment targets for model iterations. Having access to devices and training data allows for rapid prototyping and iterative Edge AI model development for both [vision](./tutorial-nocode-vision.md) and [speech](./tutorial-no-code-speech.md) scenarios.-
+<!
:::image type="content" source="./media/overview-azure-percept-studio/percept-studio-flow.png" alt-text="Flow from homepage in Azure Percept Studio.":::
+>
The workflows in Azure Percept Studio integrate many underlying Azure AI and IoT services, like Azure IoT Hub, Custom Vision, Speech Studio, and Azure ML Services, so you can use these services to create an end-to-end solution, without significant pre-existing knowledge. If you are already familiar with these Azure services, you can also connect to and modify existing resources outside of the Azure Percept Studio.-
+<!
:::image type="content" source="./media/overview-azure-percept-studio/device-flow.png" alt-text="Device flow in Azure Percept Studio.":::
+>
Regardless of if you are a beginner or a more advanced AI model and solution developer, working on a prototype or moving to a production solution, for speech or vision Edge AI, the Azure Percept Studio offers access to workflows you can use to reduce friction around building Edge AI solutions.-
+<!
:::image type="content" source="./media/overview-azure-percept-studio/image-flow.png" alt-text="Image capture flow in Azure Percept Studio.":::
+>
+</br>
+
+> [!VIDEO https://www.youtube.com/embed/rZsUuCytZWY]
## Next steps
azure-percept Quickstart Percept Dk Set Up https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-percept/quickstart-percept-dk-set-up.md
Previously updated : 02/15/2021 Last updated : 03/17/2021 # Set up your Azure Percept DK and deploy your first AI model
-Get started with Azure Percept DK and Azure Percept Studio by using the Azure Percept DK setup experience to connect your device to Azure and to deploy your first AI model. After verifying that your Azure account is compatible with Azure Percept Studio, you complete the setup experience to ensure your Azure Percept DK is configured to create Edge AI proof of concepts.
+Complete the Azure Percept DK setup experience to configure your dev kit and deploy your first AI model. After verifying that your Azure account is compatible with Azure Percept, you will:
-If you experience any issues during this Quick Start, refer to the [troubleshooting](./troubleshoot-dev-kit.md) guide for possible solutions.
+- Connect your dev kit to a Wi-Fi network
+- Set up an SSH login for remote access to your dev kit
+- Create a new IoT Hub to use with Azure Percept
+- Connect your dev kit to your IoT Hub and Azure account
+
+If you experience any issues during this process, refer to the [setup troubleshooting guide](./how-to-troubleshoot-setup.md) for possible solutions.
## Prerequisites -- An Azure Percept DK.-- A Windows, Linux, or OS X based host computer with wi-fi capability and a web browser.-- An Azure account with an active subscription. [Create an account for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F)-- The Azure account must have the ΓÇ£ownerΓÇ¥ or ΓÇ£contributorΓÇ¥ role on the subscription. Learn more about [Azure role definitions](https://docs.microsoft.com/azure/role-based-access-control/rbac-and-directory-admin-roles#azure-roles).
+- An Azure Percept DK (dev kit).
+- A Windows, Linux, or OS X based host computer with Wi-Fi capability and a web browser.
+- An Azure account with an active subscription. [Create an account for free.](https://azure.microsoft.com/free/?WT.mc_id=A261C142F)
+- The Azure account must have the **owner** or **contributor** role within the subscription. Follow the steps below to check your Azure account role. For more information on Azure role definitions, check out the [Azure role-based access control documentation](https://docs.microsoft.com/azure/role-based-access-control/rbac-and-directory-admin-roles#azure-roles).
-### Prerequisite check
+ > [!CAUTION]
+ > If you have multiple Azure accounts, your browser may cache credentials from another account. To avoid confusion, it is recommended that you close all unused browser windows and log into the [Azure portal](https://portal.azure.com/) before starting the setup experience. See the [setup troubleshooting guide](./how-to-troubleshoot-setup.md) for additional information on how to ensure you are signed in with the correct account.
-To verify if your Azure account is an ΓÇ£ownerΓÇ¥ or ΓÇ£contributorΓÇ¥ on the subscription, following these steps.
+### Check your Azure account role
-1. Go to the Azure portal and log in with the same Azure account you intend to use with Azure Percept Studio.
+To verify if your Azure account is an ΓÇ£ownerΓÇ¥ or ΓÇ£contributorΓÇ¥ within the subscription, follow these steps:
- > [!NOTE]
- > If you have multiple Azure accounts, your browser may cache credentials from another account. See the troubleshooting guide for more information on how to ensure you are signed in with the correct account.
+1. Go to the [Azure portal](https://portal.azure.com/) and log in with the same Azure account you intend to use with Azure Percept.
-1. Expand the main menu from the upper left corner of your screen and click on ΓÇ£SubscriptionsΓÇ¥ or select ΓÇ£SubscriptionsΓÇ¥ from the menu of icons on the home page.
- <!
- :::image type="content" source="./media/quickstart-percept-dk-setup/prereq-01-subscription.png" alt-text="supscription icon in Azure portal.":::
- >
-1. Select your subscription from the list. If you do not see your subscription in the list, make sure you are signed in with the correct Azure account.
- <!
- :::image type="content" source="./media/quickstart-percept-dk-setup/prereq-02-sub-list.png" alt-text="supscription list in Azure portal.":::
- >
-If you wish to create a new subscription, follow [these steps](https://docs.microsoft.com/azure/cost-management-billing/manage/create-subscription).
+1. Click on the **Subscriptions** icon (it looks like a yellow key).
+
+1. Select your subscription from the list. If you do not see your subscription, make sure you are signed in with the correct Azure account. If you wish to create a new subscription, follow [these steps](https://docs.microsoft.com/azure/cost-management-billing/manage/create-subscription).
-1. From the Subscription menu select ΓÇ£Access control (IAM)ΓÇ¥
-1. Click on the ΓÇ£View my accessΓÇ¥ button
-1. Check the role
- - If it shows the role of ΓÇ£ReaderΓÇ¥ or if you get a message that says you do not have permissions to see roles, you will need to follow the necessary process in your organization to get your account role elevated.
- - If it shows the role as ΓÇ£ownerΓÇ¥ or ΓÇ£contributorΓÇ¥, your account will work with Azure Percept Studio.
+1. From the Subscription menu, select **Access control (IAM)**.
+1. Click **View my access**.
+1. Check the role:
+ - If your role is listed as **Reader** or if you get a message that says you do not have permission to see roles, you will need to follow the necessary process in your organization to elevate your account role.
+ - If your role is listed as **owner** or **contributor**, your account will work with Azure Percept, and you may proceed with the setup experience.
## Launch the Azure Percept DK Setup Experience
-<!
-> [!NOTE]
-> Connecting over ethernet? See [this how-to guide](<link needed>) for detailed instructions.
->
-1. Connect your host computer directly to the dev kitΓÇÖs wi-fi access point. This is done just like connecting to any other wi-fi network,
- - **network name**: scz-xxxx (where ΓÇ£xxxxΓÇ¥ is the last four digits of the dev kitΓÇÖs MAC network address)
- - **password**: can be found on the Welcome Card that came with the dev kit
+1. Connect your host computer directly to the dev kitΓÇÖs Wi-Fi access point. Like connecting to any other Wi-Fi network, open the network and internet settings on your computer, click on the following network, and enter the network password when prompted:
+
+ - **Network name**: depending on your dev kit's operating system version, the name of the Wi-Fi access point is either **scz-xxxx** or **apd-xxxx** (where ΓÇ£xxxxΓÇ¥ is the last four digits of the dev kitΓÇÖs MAC address)
+ - **Password**: can be found on the Welcome Card that came with the dev kit
> [!WARNING]
- > While connected to the Azure Percept DK wi-fi access point, your host computer will temporarily lose its connection to the Internet. Active video conference calls, web streaming, or other network-based experiences will be interrupted until step 3 of the Azure Percept DK setup experience is completed.
+ > While connected to the Azure Percept DK Wi-Fi access point, your host computer will temporarily lose its connection to the Internet. Active video conference calls, web streaming, or other network-based experiences will be interrupted.
-1. Once connected to the dev kitΓÇÖs wi-fi access point, the host device will automatically launch the Azure Percept DK setup experience in a new browser window. If it does not automatically open, you can launch it manually by opening a browser window and navigating to [http://10.1.1.1](http://10.1.1.1).
+1. Once connected to the dev kitΓÇÖs Wi-Fi access point, the host computer will automatically launch the setup experience in a new browser window with **your.new.device/** in the address bar. If the tab does not open automatically, launch the setup experience by going to [http://10.1.1.1](http://10.1.1.1). Make sure your browser is signed in with the same Azure account credentials you intend to use with Azure Percept.
-1. Now that you have launched the Azure Percept setup experience, you are ready to proceed through the setup experience.
+ :::image type="content" source="./media/quickstart-percept-dk-setup/main-01-welcome.png" alt-text="Welcome page.":::
- > [!NOTE]
- > The Azure Percept DK setup experience web service will shut down after 30 minutes of non-use and at the completion of the setup experience. When this happens, it is recommended to restart the dev kit to avoid connectivity issues with the dev kit wi-fi access point.
+ > [!CAUTION]
+ > The setup experience web service will shut down after 30 minutes of non-use. If this happens, restart the dev kit to avoid connectivity issues with the dev kit's Wi-Fi access point.
## Complete the Azure Percept DK Setup Experience
-1. Get Started - Click **Next** on the Welcome screen.
+1. Click **Next** on the **Welcome** screen.
- :::image type="content" source="./media/quickstart-percept-dk-setup/main-01-welcome.png" alt-text="Welcome page.":::
+1. On the **Network connection** page, click **Connect to a new WiFi network**.
+
+ If you have already connected your dev kit to your Wi-Fi network, click **Skip**.
+
+1. Select your Wi-Fi network from the list of available networks and click **connect**. Enter your network password when prompted.
-1. Connect to wi-fi - On the Network connection page, click **Connect to a new WiFi network** to connect your devkit to your wi-fi network.
+1. Once your dev kit has successfully connected to your network of choice, the page will show the IPv4 address assigned to your dev kit. **Write down the IPv4 address displayed on the page.** You will need the IP address when connecting to your dev kit over SSH for troubleshooting and device updates.
- If you have previously connected this dev kit to your wi-fi network or if you are already connected to the Azure Percept DK setup experience via your wi-fi network, click the **Skip** link.
+ :::image type="content" source="./media/quickstart-percept-dk-setup/main-04-success-wi-fi.png" alt-text="Copy IP address.":::
- :::image type="content" source="./media/quickstart-percept-dk-setup/main-02-connect-to-wi-fi.png" alt-text="Connect to wi-fi.":::
+ > [!NOTE]
+ > The IP address may change with each device boot.
-1. Select your wi-fi network from the available connections and connect. (Will require your local wi-fi password)
+1. Read through the License Agreement, select **I have read and agree to the License Agreement** (you must scroll to the bottom of the agreement), and click **Next**.
- :::image type="content" source="./media/quickstart-percept-dk-setup/main-03-select-wi-fi.png" alt-text="Select wi-fi network.":::
+ :::image type="content" source="./media/quickstart-percept-dk-setup/main-05-eula.png" alt-text="Accept EULA.":::
-1. Copy your IP address - Once your devkit has successfully connected to your network of choice, write down the **IPv4 address** displayed on the page. **You will need this IP address later in this quick start guide**.
+1. Enter an SSH account name and password, and **write down your login information for later use**.
> [!NOTE]
- > The IP address may change with each device boot.
+ > SSH (Secure Shell) is a network protocol that enables you to connect to the dev kit remotely via a host computer.
- :::image type="content" source="./media/quickstart-percept-dk-setup/main-04-success-wi-fi.png" alt-text="Copy IP address.":::
+1. On the next page, click **Setup as a new device** to create a new device within your Azure account.
-1. Review and accept the License Agreement - Read through the License Agreement, select **I have read and agree to the License Agreement** (must scroll to the bottom of the agreement), and click **Next**.
+1. Click **Copy** to copy your device code. Afterward, click **Login to Azure**.
- :::image type="content" source="./media/quickstart-percept-dk-setup/main-05-eula.png" alt-text="Accept EULA.":::
+ :::image type="content" source="./media/quickstart-percept-dk-setup/main-08-copy-code.png" alt-text="Copy device code.":::
-1. Create your SSH login account - Set up SSH for remote access to your devkit. Create a SSH username and password.
+1. A new browser tab will open with a window that says **Enter code**. Paste the code into the window and click **Next**. Do NOT close the **Welcome** tab with the setup experience.
- > [!NOTE]
- > SSH (Secure Shell) is a network protocol used for secure communication between the host device and the dev kit. For more information about SSH, see [this article](https://en.wikipedia.org/wiki/SSH_(Secure_Shell)).
+ :::image type="content" source="./media/quickstart-percept-dk-setup/main-09-enter-code.png" alt-text="Enter device code.":::
- :::image type="content" source="./media/quickstart-percept-dk-setup/main-06-ssh-login.png" alt-text="Create SSH account.":::
+1. Sign into Azure Percept using the Azure account credentials you will use with your dev kit. Leave the browser tab open when complete.
-1. Begin the dev kit connection process - On the next screen, click **Connect with a new device** to begin the process of connecting your dev kit to Azure IoT Hub.
+ > [!CAUTION]
+ > Your browser may auto cache other credentials. Double check that you are signing in with the correct account.
- <!
- Connecting with an existing IoT Edge device connection string? See this [how-to guide](<link needed>) for reference.
- >
- :::image type="content" source="./media/quickstart-percept-dk-setup/main-07-connect-device.png" alt-text="Connect to Azure.":::
+ After successfully signing into Azure Percent on the device, return to the **Welcome** tab to continue the setup experience.
-1. Copy the device code - Click the **Copy** link to copy your device code. Then click **Login to Azure**.
+1. When the **Assign your device to your Azure IoT Hub** page appears on the **Welcome** tab, take one of the following actions:
- :::image type="content" source="./media/quickstart-percept-dk-setup/main-08-copy-code.png" alt-text="Copy device code.":::
+ - If you already have an IoT Hub you would like to use with Azure Percept and it is listed on this page, select it and jump to step 15.
+ - If you do not have an IoT Hub or would like to create a new one, click **Create a new Azure IoT Hub**.
-1. Paste the device code - A new browser tab will open with a window that asks for the copied device code. Paste the code into the window and click **Next**.
+ > [!IMPORTANT]
+ > If you have an IoT Hub, but it is not appearing in the list, you may have signed into Azure Percept with the wrong credentials. See the [setup troubleshooting guide](./how-to-troubleshoot-setup.md) for help.
- :::image type="content" source="./media/quickstart-percept-dk-setup/main-09-enter-code.png" alt-text="Enter device code.":::
+ :::image type="content" source="./media/quickstart-percept-dk-setup/main-13-iot-hub-select.png" alt-text="Select an IoT Hub.":::
-1. Sign into Azure - The next window requires you to sign in with the Azure account you verified at the beginning of the Quick Start. Enter those login credentials and click **Next**.
+1. To create a new IoT Hub, complete the following fields:
+
+ - Select the Azure subscription you will use with Azure Percept.
+ - Select an existing Resource Group. If one does not exist, click **Create new** and follow the prompts.
+ - Select the Azure region closest to your physical location.
+ - Give your new IoT Hub a name.
+ - Select the S1 (standard) pricing tier.
> [!NOTE]
- > Your browser may auto cache other credentials. Double check that you are signing in with the correct account.
+ > If you end up needing a higher [message throughput](https://docs.microsoft.com/azure/iot-hub/iot-hub-scaling#message-throughput) for your edge AI applications, you may [upgrade your IoT Hub to a higher standard tier](https://docs.microsoft.com/azure/iot-hub/iot-hub-upgrade) in the Azure Portal at any time. B and F tiers do NOT support Azure Percept.
- :::image type="content" source="./media/quickstart-percept-dk-setup/main-10-azure-sign-in.png" alt-text="Sign-in to Azure.":::
-
-1. Do not close the setup experience browser tab at this step - After signing in you will be presented with a screen acknowledging that you have signed in. Although it says you many close the window, **we recommend that you do not close any windows**.
+1. IoT Hub deployment may take a few minutes. When the deployment is complete, click **Register**.
- :::image type="content" source="./media/quickstart-percept-dk-setup/main-11-sign-in-success.png" alt-text="Sign-in success.":::
+ :::image type="content" source="./media/quickstart-percept-dk-setup/main-16-iot-hub-success.png" alt-text="IoT Hub successfully deployed.":::
-1. Return to the browser tab hosting the setup experience.
-1. Select your IoT Hub option
- - If you already have an IoT Hub and it is listed on this page, you can select it and **jump to step 17**.
- - If you do not have an IoT Hub or would like to create a new one, go to the bottom of the list and click on **Create a new Azure IoT Hub**.
+1. Enter a device name for your dev kit and click **Next**.
- :::image type="content" source="./media/quickstart-percept-dk-setup/main-13-iot-hub-select.png" alt-text="Select an IoT Hub.":::
+1. Wait for the device modules to download ΓÇô this will take a few minutes.
-1. Create your new IoT Hub ΓÇô Fill out all fields on this page.
- - Select the Azure subscription you will use with Azure Percept Studio
- - Select an existing Resource Group. If one does not exist, click ΓÇ£Create newΓÇ¥ and follow the prompts.
- - Select the Azure region.
- - Give your new IoT Hub a name
- - Select the pricing tier (it will usually match the subscription)
+ :::image type="content" source="./media/quickstart-percept-dk-setup/main-18-finalize.png" alt-text="Finalizing setup.":::
- :::image type="content" source="./media/quickstart-percept-dk-setup/main-14-create-iot-hub.png" alt-text="Create a new IoT Hub.":::
+1. When you see the **Device setup complete!** page, your dev kit has successfully linked to your IoT Hub and downloaded the necessary software. Your dev kit will automatically disconnect from the Wi-Fi access point resulting in these two notifications:
-1. Wait for the IoT Hub to get deployed ΓÇô It may take a few minutes
+ <!
+ > [!NOTE]
+ > The onboarding process and connection to the device Wifi access to your host computer shuts down at this point, but your dev kit will stay connected to the internet. You can restart the onboarding experience with a dev kit reboot, which will allow you to go back through the onboarding and reconnect the device to a different IOT hub associated with the same or a different Azure Subscription..
+ >
- :::image type="content" source="./media/quickstart-percept-dk-setup/main-15-iot-hub-deploy.png" alt-text="Deploy IoT Hub.":::
+ :::image type="content" source="./media/quickstart-percept-dk-setup/main-19-0-warning.png" alt-text="Setup experience disconnect warning.":::
-1. Register your dev kit - When the deployment is completed, click the **Register** button
+1. Connect your host computer to the Wi-Fi network your devkit connected to in Step 2.
- :::image type="content" source="./media/quickstart-percept-dk-setup/main-16-iot-hub-success.png" alt-text="IoT Hub successfully deployed.":::
+1. Click **Continue to the Azure portal**.
-1. Name your dev kit - Enter a device name for your dev kit and click **Next**.
+ :::image type="content" source="./media/quickstart-percept-dk-setup/main-20-azure-portal-continue.png" alt-text="Go to Azure Percept Studio.":::
- :::image type="content" source="./media/quickstart-percept-dk-setup/main-17-device-name.png" alt-text="Name the device.":::
+## View your dev kit video stream and deploy a sample model
-1. Wait for the default AI models to download ΓÇô this will take a few minutes
+1. The [Azure Percept Studio Overview page](https://go.microsoft.com/fwlink/?linkid=2135819) is your launch point for accessing many different workflows for both beginning and advanced edge AI solution development. To get started, click on **Devices** from the left menu.
- :::image type="content" source="./media/quickstart-percept-dk-setup/main-18-finalize.png" alt-text="Finalizing setup.":::
+ :::image type="content" source="./media/quickstart-percept-dk-setup/portal-01-get-device-list.png" alt-text="View your list of devices.":::
-1. See vision AI in action - Your devkit has been successfully linked to your Azure IoT Hub and it has received the default vision AI object detection model. The Azure Percept Vision camera can now make object detection inferencing without a connection to the cloud.
+1. Verify your dev kit is listed as **Connected** and click on it to view the device page.
- :::image type="content" source="./media/quickstart-percept-dk-setup/main-19-2-preview-video-output.png" alt-text="Click Preview Video Output.":::
-
- > [!NOTE]
- > The onboarding process and connection to the device Wifi access to your host computer shuts down at this point, but your dev kit will stay connected to the internet. You can restart the onboarding experience with a dev kit reboot, which will allow you to go back through the onboarding and reconnect the device to a different IOT hub associated with the same or a different Azure Subscription..
+ :::image type="content" source="./media/quickstart-percept-dk-setup/portal-02-select-device.png" alt-text="Select your device.":::
- :::image type="content" source="./media/quickstart-percept-dk-setup/main-19-0-warning.png" alt-text="Setup experience disconnect warning.":::
+1. Click **View your device stream**. If this is the first time viewing the video stream of your device, you will see a notification that a new model is being deployed in the upper right-hand corner. This may take a few minutes.
-1. Continue to the Azure portal ΓÇô Go back to the setup experience window and click on the **Continue to the Azure portal** button to begin creating your custom AI models in Azure Percept Studio.
+ :::image type="content" source="./media/quickstart-percept-dk-setup/portal-03-1-start-video-stream.png" alt-text="View your video stream.":::
- > [!NOTE]
- > Verify that your host computer is no longer connected to the dev kit access point in your wifi settings and is now reconnected to your local wifi.
+ Once the model has deployed, you will get another notification with a **View stream** link. Click on the link to view the video stream from your Azure Percept Vision camera in a new browser window. The dev kit is preloaded with an AI model that automatically performs object detection of many common objects.
- :::image type="content" source="./media/quickstart-percept-dk-setup/main-20-azure-portal-continue.png" alt-text="Go to Azure Percept Studio.":::
+ :::image type="content" source="./media/quickstart-percept-dk-setup/portal-03-2-object-detection.png" alt-text="See object detection.":::
-## View your Device in the Azure Percept Studio and deploy common prebuilt sample apps
+1. Azure Percept Studio also has a number of sample AI models. To deploy a sample model to your dev kit, navigate back to your device page and click **Deploy a sample model**.
-1. View your list of Devices from the [Azure Percept Studio](https://go.microsoft.com/fwlink/?linkid=2135819) Overview Page. The Azure Percept Overview page is your launch point for accessing many different workflows for both beginning and advanced AI Edge Model and Solution Development
+ :::image type="content" source="./media/quickstart-percept-dk-setup/portal-04-explore-prebuilt.png" alt-text="Explore pre-built models.":::
- :::image type="content" source="./media/quickstart-percept-dk-setup/portal-01-get-device-list.png" alt-text="View your list of devices.":::
-
-1. Verify the device you just created is connected and click on it.
+1. Select a sample model from the library and click **Deploy to device**.
- :::image type="content" source="./media/quickstart-percept-dk-setup/portal-02-select-device.png" alt-text="Select your device.":::
+ :::image type="content" source="./media/quickstart-percept-dk-setup/portal-05-2-select-journey.png" alt-text="See object detection in action.":::
-1. View your device stream to see what your dev kit camera is seeing. A default object detection model is deployed out of the box and will detect a number of common objects.
+1. Once the model has successfully deployed, you will see a notification with a **View stream** link in the upper right corner of the screen. To view the model inferencing in action, click the link in the notification or return to the device page and click **View your device stream**. Any models previously running on the dev kit will now be replaced with the new model.
- > [!NOTE]
- > the first time you do this on a new device you will get a notification that a new module is being deployed in the upper right hand corner. Once this is competed, you will be able to launch the window with the camera video stream.
-
- :::image type="content" source="./media/quickstart-percept-dk-setup/portal-03-1-start-video-stream.png" alt-text="View your video stream.":::
-
- :::image type="content" source="./media/quickstart-percept-dk-setup/portal-03-2-object-detection.png" alt-text="See object detection.":::
+## Video walkthrough
-1. Explore Pre-built sample AI Models. The Azure Precept Studio has a number of common pre-built samples which can be deployed with a single click. Select ΓÇ£Deploy a sample modelΓÇ¥ to view and deploy these.
+For a visual walkthrough of the steps described above, please see the following video (setup experience starts at 0:50):
- :::image type="content" source="./media/quickstart-percept-dk-setup/portal-04-explore-prebuilt.png" alt-text="Explore pre-built models.":::
-
-1. Deploy a new pre-built sample to your connected device. Select a sample from the library and click on ΓÇ£Deploy to DeviceΓÇ¥
+</br>
- :::image type="content" source="./media/quickstart-percept-dk-setup/portal-05-2-select-journey.png" alt-text="See object detection in action.":::
+> [!VIDEO https://www.youtube.com/embed/-dmcE2aQkDE]
## Next steps
-You can follow a similar flow to try out [prebuilt speech models](./tutorial-no-code-speech.md).
+> [!div class="nextstepaction"]
+> [Create a no-code vision solution](./tutorial-nocode-vision.md)
azure-percept Quickstart Percept Dk Unboxing https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-percept/quickstart-percept-dk-unboxing.md
Once you have received your Azure Percept DK, reference this guide for informati
> [!NOTE] > The power button is for powering off or restarting the device while connected to a power outlet. In the event of a power outage, the device will automatically restart.
+For a visual demonstration of the devkit assembly, please see 0:00 through 0:50 of the following video:
+
+</br>
+
+> [!VIDEO https://www.youtube.com/embed/-dmcE2aQkDE]
+ ## Next steps
-Now that your devkit is connected and powered on, please see the Azure Percept DK setup experience walkthrough to complete device setup. The setup experience allows you to connect your devkit to a Wi-Fi network, set up an SSH login, create an IoT Hub, and provision your devkit to your Azure account. Once you have completed device setup, you will be ready to start prototyping.
+Now that your devkit is connected and powered on, please see the [Azure Percept DK setup experience walkthrough](./quickstart-percept-dk-set-up.md) to complete device setup. The setup experience allows you to connect your devkit to a Wi-Fi network, set up an SSH login, create an IoT Hub, and provision your devkit to your Azure account. Once you have completed device setup, you will be ready to start prototyping.
azure-percept Tutorial Nocode Vision https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-percept/tutorial-nocode-vision.md
If you created a new Azure resource for this tutorial and you no longer wish to
1. Click the checkbox next to the resource created during this tutorial. The resource type will be listed as **Cognitive Services**. 1. Click the **Delete** icon near the top of the screen.
+## Video walkthrough
+
+For a visual walkthrough of the steps described above, please see the following video:
+
+</br>
+
+> [!VIDEO https://www.youtube.com/embed/9LvafyazlJM]
+
+</br>
+ ## Next Steps Next, check out the vision how-to articles for information on additional vision solution features in Azure Percept Studio.
azure-resource-manager Delete Resource Group https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-resource-manager/management/delete-resource-group.md
Title: Delete resource group and resources description: Describes how to delete resource groups and resources. It describes how Azure Resource Manager orders the deletion of resources when a deleting a resource group. It describes the response codes and how Resource Manager handles them to determine if the deletion succeeded. Previously updated : 09/03/2019 Last updated : 03/18/2021
az resource delete \
+## Required access
+
+To delete a resource group, you need access to the delete action for the **Microsoft.Resources/subscriptions/resourceGroups** resource. You also need delete for all resources in the resource group.
+
+For a list of operations, see [Azure resource provider operations](../../role-based-access-control/resource-provider-operations.md). For a list of built-in roles, see [Azure built-in roles](../../role-based-access-control/built-in-roles.md).
+
+If you have the required access, but the delete request fails, it may be because there's a [lock](lock-resources.md) on the resource group.
## Next steps
azure-resource-manager Security Controls Policy https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-resource-manager/management/security-controls-policy.md
Title: Azure Policy Regulatory Compliance controls for Azure Resource Manager description: Lists Azure Policy Regulatory Compliance controls available for Azure Resource Manager. These built-in policy definitions provide common approaches to managing the compliance of your Azure resources. Previously updated : 03/10/2021 Last updated : 03/17/2021
azure-resource-manager Bicep Overview https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-resource-manager/templates/bicep-overview.md
Title: Bicep language for Azure Resource Manager templates description: Describes the Bicep language for deploying infrastructure to Azure through Azure Resource Manager templates. Previously updated : 03/12/2021 Last updated : 03/17/2021 # What is Bicep (Preview)?
Bicep is a language for declaratively deploying Azure resources. You can use Bic
The JSON syntax for creating template can be verbose and require complicated expression. Bicep improves that experience without losing any of the capabilities of a JSON template. It's a transparent abstraction over the JSON for ARM templates. Each Bicep file compiles to a standard ARM template. Resource types, API versions, and properties that are valid in an ARM template are valid in a Bicep file. There are a few [known limitations](#known-limitations) in the current release.
+To learn about Bicep, see the following video.
+
+> [!VIDEO https://mediusprodstatic.studios.ms/asset-cccfdaf2-cdbe-49dd-9c58-91a4fe5ff0fd/OD340_1920x1080_AACAudio_5429.mp4?sv=2018-03-28&sr=b&sig=N3DuBaTrK3nt5TGwIagTbCqjVrzgwiJ9at80MXQJFwg%3D&st=2021-03-02T01%3A22%3A57Z&se=2026-03-02T01%3A27%3A57Z&sp=r&rscd=filename%3DIGFY21Q3-OD340-Learn%2Beverything%2Babout%2Bthe%2Bnext%2Bgeneration%2Bof%2BARM.mp4]
+ ## Get started To start with Bicep, [install the tools](https://github.com/Azure/bicep/blob/main/docs/installing.md).
azure-resource-manager Deploy To Management Group https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-resource-manager/templates/deploy-to-management-group.md
Title: Deploy resources to management group description: Describes how to deploy resources at the management group scope in an Azure Resource Manager template. Previously updated : 03/16/2021 Last updated : 03/18/2021 # Management group deployments with ARM templates
The next example creates a new management group in the management group specifie
} ```
+## Subscriptions
+
+To use an ARM template to create a new Azure subscription in a management group, see:
+
+* [Programmatically create Azure Enterprise Agreement subscriptions](../../cost-management-billing/manage/programmatically-create-subscription-enterprise-agreement.md)
+* [Programmatically create Azure subscriptions for a Microsoft Customer Agreement](../../cost-management-billing/manage/programmatically-create-subscription-microsoft-customer-agreement.md)
+* [Programmatically create Azure subscriptions for a Microsoft Partner Agreement](../../cost-management-billing/manage/programmatically-create-subscription-microsoft-partner-agreement.md)
+ To deploy a template that moves an existing Azure subscription to a new management group, see [Move subscriptions in ARM template](../../governance/management-groups/manage.md#move-subscriptions-in-arm-template) ## Azure Policy
azure-resource-manager Deployment Script Template https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-resource-manager/templates/deployment-script-template.md
Previously updated : 12/28/2020 Last updated : 03/18/2021
Property value details:
> [!NOTE] > The Azure portal can't parse a deployment script with multiple lines. To deploy a template with deployment script from the Azure portal, you can either chain the PowerShell commands by using semicolons into one line, or use the `primaryScriptUri` property with an external script file. -- `primaryScriptUri`: Specify a publicly accessible Url to the primary deployment script with supported file extensions.-- `supportingScriptUris`: Specify an array of publicly accessible Urls to supporting files that are called in either `scriptContent` or `primaryScriptUri`.
+- `primaryScriptUri`: Specify a publicly accessible URL to the primary deployment script with supported file extensions. For more information, see [Use external scripts](#use-external-scripts).
+- `supportingScriptUris`: Specify an array of publicly accessible URLs to supporting files that are called in either `scriptContent` or `primaryScriptUri`. For more information, see [Use external scripts](#use-external-scripts).
- `timeout`: Specify the maximum allowed script execution time specified in the [ISO 8601 format](https://en.wikipedia.org/wiki/ISO_8601). Default value is **P1D**. - `cleanupPreference`. Specify the preference of cleaning up deployment resources when the script execution gets in a terminal state. Default setting is **Always**, which means deleting the resources despite the terminal state (Succeeded, Failed, Canceled). To learn more, see [Clean up deployment script resources](#clean-up-deployment-script-resources).-- `retentionInterval`: Specify the interval for which the service retains the deployment script resources after the deployment script execution reaches a terminal state. The deployment script resources will be deleted when this duration expires. Duration is based on the [ISO 8601 pattern](https://en.wikipedia.org/wiki/ISO_8601). The retention interval is between 1 and 26 hours (PT26H). This property is used when `cleanupPreference` is set to **OnExpiration**. The **OnExpiration** property isn't enabled currently. To learn more, see [Clean up deployment script resources](#clean-up-deployment-script-resources).
+- `retentionInterval`: Specify the interval for which the service retains the deployment script resources after the deployment script execution reaches a terminal state. The deployment script resources will be deleted when this duration expires. Duration is based on the [ISO 8601 pattern](https://en.wikipedia.org/wiki/ISO_8601). The retention interval is between 1 and 26 hours (PT26H). This property is used when `cleanupPreference` is set to **OnExpiration**. To learn more, see [Clean up deployment script resources](#clean-up-deployment-script-resources).
### Additional samples
In addition to inline scripts, you can also use external script files. Only prim
For more information, see the [example template](https://github.com/Azure/azure-docs-json-samples/blob/master/deployment-script/deploymentscript-helloworld-primaryscripturi.json).
-The external script files must be accessible. To secure your script files that are stored in Azure storage accounts, see [Deploy private ARM template with SAS token](./secure-template-with-sas-token.md).
+The external script files must be accessible. To secure your script files that are stored in Azure storage accounts, generate a SAS token and include it in the URI for the template. Set the expiry time to allow enough time to complete the deployment. For more information, see [Deploy private ARM template with SAS token](./secure-template-with-sas-token.md).
You're responsible for ensuring the integrity of the scripts that are referenced by deployment script, either `primaryScriptUri` or `supportingScriptUris`. Reference only scripts that you trust.
The script service sets the resource provisioning state to **Failed** when the s
### Pass secured strings to deployment script
-Setting environment variables (EnvironmentVariable) in your container instances allows you to provide dynamic configuration of the application or script run by the container. Deployment script handles non-secured and secured environment variables in the same way as Azure Container Instance. For more information, see [Set environment variables in container instances](../../container-instances/container-instances-environment-variables.md#secure-values).
+Setting environment variables (EnvironmentVariable) in your container instances allows you to provide dynamic configuration of the application or script run by the container. Deployment script handles non-secured and secured environment variables in the same way as Azure Container Instance. For more information, see [Set environment variables in container instances](../../container-instances/container-instances-environment-variables.md#secure-values). For an example, see [Sample templates](#sample-templates).
The max allowed size for environment variables is 64 KB.
azure-signalr Security Controls Policy https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-signalr/security-controls-policy.md
Title: Azure Policy Regulatory Compliance controls for Azure SignalR description: Lists Azure Policy Regulatory Compliance controls available for Azure SignalR. These built-in policy definitions provide common approaches to managing the compliance of your Azure resources. Previously updated : 03/10/2021 Last updated : 03/17/2021
azure-signalr Signalr Howto Troubleshoot Guide https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-signalr/signalr-howto-troubleshoot-guide.md
This guidance is to provide useful troubleshooting guide based on the common iss
## Access token too long
-### Possible errors:
+### Possible errors
* Client-side `ERR_CONNECTION_` * 414 URI Too Long * 413 Payload Too Large * Access Token must not be longer than 4K. 413 Request Entity Too Large
-### Root cause:
+### Root cause
For HTTP/2, the max length for a single header is **4 K**, so if using browser to access Azure service, there will be an error `ERR_CONNECTION_` for this limitation.
For HTTP/1.1, or C# clients, the max URI length is **12 K**, the max header leng
With SDK version **1.0.6** or higher, `/negotiate` will throw `413 Payload Too Large` when the generated access token is larger than **4 K**.
-### Solution:
+### Solution
By default, claims from `context.User.Claims` are included when generating JWT access token to **ASRS**(**A**zure **S**ignal**R** **S**ervice), so that the claims are preserved and can be passed from **ASRS** to the `Hub` when the client connects to the `Hub`.
-In some cases, `context.User.Claims` are leveraged to store lots of information for app server, most of which are not used by `Hub`s but by other components.
+In some cases, `context.User.Claims` are used to store lots of information for app server, most of which are not used by `Hub`s but by other components.
The generated access token is passed through the network, and for WebSocket/SSE connections, access tokens are passed through query strings. So as the best practice, we suggest only passing **necessary** claims from the client through **ASRS** to your app server when the Hub needs. There is a `ClaimsProvider` for you to customize the claims passing to **ASRS** inside the access token. For ASP.NET Core:
-```cs
+
+```csharp
services.AddSignalR() .AddAzureSignalR(options => {
services.AddSignalR()
``` For ASP.NET:
-```cs
+
+```csharp
services.MapAzureSignalR(GetType().FullName, options => { // pick up necessary claims
services.MapAzureSignalR(GetType().FullName, options =>
## TLS 1.2 required
-### Possible errors:
+### Possible errors
* ASP.NET "No server available" error [#279](https://github.com/Azure/azure-signalr/issues/279) * ASP.NET "The connection is not active, data cannot be sent to the service." error [#324](https://github.com/Azure/azure-signalr/issues/324)
-* "An error occurred while making the HTTP request to https://<API endpoint>. This error could be due to the fact that the server certificate is not configured properly with HTTP.SYS in the HTTPS case. This error could also be caused by a mismatch of the security binding between the client and the server."
+* "An error occurred while making the HTTP request to https://<API endpoint>. This error could be because the server certificate is not configured properly with HTTP.SYS in the HTTPS case. This error could also be caused by a mismatch of the security binding between the client and the server."
-### Root cause:
+### Root cause
Azure Service only supports TLS1.2 for security concerns. With .NET framework, it is possible that TLS1.2 is not the default protocol. As a result, the server connections to ASRS cannot be successfully established.
Azure Service only supports TLS1.2 for security concerns. With .NET framework, i
:::image type="content" source="./media/signalr-howto-troubleshoot-guide/tls-throws.png" alt-text="Exception throws"::: 2. For ASP.NET ones, you can also add following code to your `Startup.cs` to enable detailed trace and see the errors from the log.
-```cs
-app.MapAzureSignalR(this.GetType().FullName);
-// Make sure this switch is called after MapAzureSignalR
-GlobalHost.TraceManager.Switch.Level = SourceLevels.Information;
-```
-### Solution:
+ ```cs
+ app.MapAzureSignalR(this.GetType().FullName);
+ // Make sure this switch is called after MapAzureSignalR
+ GlobalHost.TraceManager.Switch.Level = SourceLevels.Information;
+ ```
+
+### Solution
Add following code to your Startup:
-```cs
+
+```csharp
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12; ```
For ASP.NET SignalR, when the [client connection drops](#client_connection_drop)
There are two cases.
-### **Concurrent** connection count exceeds limit.
+### **Concurrent** connection count exceeds limit
For **Free** instances, **Concurrent** connection count limit is 20 For **Standard** instances, **concurrent** connection count limit **per unit** is 1 K, which means Unit100 allows 100-K concurrent connections. The connections include both client and server connections. check [here](./signalr-concept-messages-and-connections.md#how-connections-are-counted) for how connections are counted.
-### Too many negotiate requests at the same time.
+### Too many negotiate requests at the same time
-We suggest having a random delay before reconnecting, please check [here](#restart_connection) for retry samples.
+We suggest having a random delay before reconnecting, check [here](#restart_connection) for retry samples.
[Having issues or feedback about the troubleshooting? Let us know.](https://aka.ms/asrs/survey/troubleshooting)
-## 500 Error when negotiate: Azure SignalR Service is not connected yet, please try again later.
+## 500 Error when negotiate: Azure SignalR Service is not connected yet, please try again later
### Root cause
This error is reported when there is no server connection to Azure SignalR Servi
Enable server-side trace to find out the error details when the server tries to connect to Azure SignalR Service.
-#### Enable server-side logging for ASP.NET Core SignalR
+### Enable server-side logging for ASP.NET Core SignalR
+
+Server-side logging for ASP.NET Core SignalR integrates with the `ILogger` based [logging](/aspnet/core/fundamentals/logging/?tabs=aspnetcore2x&view=aspnetcore-2.1&preserve-view=true) provided in the ASP.NET Core framework. You can enable server-side logging by using `ConfigureLogging`, a sample usage as follows:
-Server-side logging for ASP.NET Core SignalR integrates with the `ILogger` based [logging](/aspnet/core/fundamentals/logging/?tabs=aspnetcore2x&view=aspnetcore-2.1) provided in the ASP.NET Core framework. You can enable server-side logging by using `ConfigureLogging`, a sample usage as follows:
-```cs
+```csharp
.ConfigureLogging((hostingContext, logging) => { logging.AddConsole(); logging.AddDebug(); }) ```+ Logger categories for Azure SignalR always start with `Microsoft.Azure.SignalR`. To enable detailed logs from Azure SignalR, configure the preceding prefixes to `Debug` level in your **appsettings.json** file like below:
-```JSON
+
+```json
{ "Logging": { "LogLevel": {
Logger categories for Azure SignalR always start with `Microsoft.Azure.SignalR`.
#### Enable server-side traces for ASP.NET SignalR When using SDK version >= `1.0.0`, you can enable traces by adding the following to `web.config`: ([Details](https://github.com/Azure/azure-signalr/issues/452#issuecomment-478858102))+ ```xml <system.diagnostics> <sources>
When using SDK version >= `1.0.0`, you can enable traces by adding the following
When the client is connected to the Azure SignalR, the persistent connection between the client and Azure SignalR can sometimes drop for different reasons. This section describes several possibilities causing such connection drop and provides some guidance on how to identify the root cause.
-### Possible errors seen from the client-side
+### Possible errors seen from the client side
* `The remote party closed the WebSocket connection without completing the close handshake` * `Service timeout. 30.00ms elapsed without receiving a message from service.` * `{"type":7,"error":"Connection closed with an error."}` * `{"type":7,"error":"Internal server error."}`
-### Root cause:
+### Root cause
Client connections can drop under various circumstances: * When `Hub` throws exceptions with the incoming request.
Client connections rise constantly for a long time in Azure SignalR's Metrics.
:::image type="content" source="./media/signalr-howto-troubleshoot-guide/client-connection-increasing-constantly.jpg" alt-text="Client connection increasing constantly":::
-### Root cause:
+### Root cause
SignalR client connection's `DisposeAsync` never be called, the connection keeps open. ### Troubleshooting guide
-1. Check if the SignalR client **never** close.
+Check if the SignalR client **never** closes.
### Solution
Check if you close connection. Manually call `HubConnection.DisposeAsync()` to s
For example:
-```C#
+```csharp
var connection = new HubConnectionBuilder() .WithUrl(...) .Build();
On a regular basis, there are new version releases for the Azure SignalR Service
This section describes several possibilities leading to server connection drop, and provides some guidance on how to identify the root cause.
-### Possible errors seen from server-side:
+### Possible errors seen from the server side
* `[Error]Connection "..." to the service was dropped` * `The remote party closed the WebSocket connection without completing the close handshake` * `Service timeout. 30.00ms elapsed without receiving a message from service.`
-### Root cause:
+### Root cause
Server-service connection is closed by **ASRS**(**A**zure **S**ignal**R** **S**ervice).
+For ping timeout, it might be caused by high CPU usage or thread pool starvation on the server side.
+
+For ASP.NET SignalR, a known issue was fixed in SDK 1.6.0. Upgrade your SDK to newest version.
+
+## Thread pool starvation
+
+If your server is starving, that means no threads are working on message processing. All threads are hanging in a certain method.
+
+Normally, this scenario is caused by async over sync or by `Task.Result`/`Task.Wait()` in async methods.
+
+See [ASP.NET Core performance best practices](/aspnet/core/performance/performance-best-practices#avoid-blocking-calls).
+
+See more about [thread pool starvation](https://docs.microsoft.com/archive/blogs/vancem/diagnosing-net-core-threadpool-starvation-with-perfview-why-my-service-is-not-saturating-all-cores-or-seems-to-stall).
+
+### How to detect thread pool starvation
+
+Check your thread count. If there are no spikes at that time, take these steps:
+* If you're using Azure App Service, check the thread count in metrics. Check the `Max` aggregation:
+
+ :::image type="content" source="media/signalr-howto-troubleshoot-guide/metrics-thread-count.png" alt-text="Screenshot of the Max thread count pane in Azure App Service.":::
+
+* If you're using the .NET Framework, you can find [metrics](https://docs.microsoft.com/dotnet/framework/debug-trace-profile/performance-counters#lock-and-thread-performance-counters) in the performance monitor in your server VM.
+* If you're using .NET Core in a container, see [Collect diagnostics in containers](https://docs.microsoft.com/dotnet/core/diagnostics/diagnostics-in-containers).
+
+You also can use code to detect thread pool starvation:
+
+```csharp
+public class ThreadPoolStarvationDetector : EventListener
+{
+ private const int EventIdForThreadPoolWorkerThreadAdjustmentAdjustment = 55;
+ private const uint ReasonForStarvation = 6;
+
+ private readonly ILogger<ThreadPoolStarvationDetector> _logger;
+
+ public ThreadPoolStarvationDetector(ILogger<ThreadPoolStarvationDetector> logger)
+ {
+ _logger = logger;
+ }
+
+ protected override void OnEventSourceCreated(EventSource eventSource)
+ {
+ if (eventSource.Name == "Microsoft-Windows-DotNETRuntime")
+ {
+ EnableEvents(eventSource, EventLevel.Informational, EventKeywords.All);
+ }
+ }
+
+ protected override void OnEventWritten(EventWrittenEventArgs eventData)
+ {
+ // See: https://docs.microsoft.com/en-us/dotnet/framework/performance/thread-pool-etw-events#threadpoolworkerthreadadjustmentadjustment
+ if (eventData.EventId == EventIdForThreadPoolWorkerThreadAdjustmentAdjustment &&
+ eventData.Payload[3] as uint? == ReasonForStarvation)
+ {
+ _logger.LogWarning("Thread pool starvation detected!");
+ }
+ }
+}
+```
+
+Add it to your service:
+
+```csharp
+service.AddSingleton<ThreadPoolStarvationDetector>();
+```
+
+Then, check your log when the server connection is disconnected by ping timeout.
+
+### How to find the root cause of thread pool starvation
+
+To find the root cause of thread pool starvation:
+
+* Dump the memory, and then analyze the call stack. For more information, see [Collect and analyze memory dumps](https://devblogs.microsoft.com/dotnet/collecting-and-analyzing-memory-dumps/).
+* Use [clrmd](https://github.com/microsoft/clrmd) to dump the memory when thread pool starvation is detected. Then, log the call stack.
+ ### Troubleshooting guide
-1. Open app server-side log to see if anything abnormal took place
-2. Check app server-side event log to see if the app server restarted
-3. Create an issue to us providing the time frame, and email the resource name to us
+1. Open the app server-side log to see if anything abnormal took place.
+2. Check the app server-side event log to see if the app server restarted.
+3. Create an issue. Provide the time frame, and email the resource name to us.
[Having issues or feedback about the troubleshooting? Let us know.](https://aka.ms/asrs/survey/troubleshooting)
Take ASP.NET Core one for example (ASP.NET one is similar):
In this guide, you learned about how to handle the common issues. You could also learn more generic troubleshooting methods. > [!div class="nextstepaction"]
-> [How to troubleshoot connectivity and message delivery issues](./signalr-howto-troubleshoot-method.md)
+> [How to troubleshoot connectivity and message delivery issues](./signalr-howto-troubleshoot-method.md)
azure-sql Azure Sql Iaas Vs Paas What Is Overview https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-sql/azure-sql-iaas-vs-paas-what-is-overview.md
If you're new to Azure SQL, check out the *What is Azure SQL* video from our in-
> [!VIDEO https://channel9.msdn.com/Series/Azure-SQL-for-Beginners/What-is-Azure-SQL-3-of-61/player] > [!TIP]
-> How can we make Azure SQL better? [Take the survey](https://aka.ms/AzureSQLSurvey).
+> How can we make Azure SQL better? [Take the survey](https://microsoft.qualtrics.com/jfe/form/SV_ePOznHhP4gDKfGu?channel=456).
## Overview
azure-sql Auditing Overview https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-sql/database/auditing-overview.md
Azure SQL Database and Azure Synapse Audit stores 4000 characters of data for ch
The following section describes the configuration of auditing using the Azure portal. > [!NOTE]
- > - Enabling auditing on a paused dedicated SQL pool is not possible. To enable auditing, un-pause the dedicated SQL pool. Learn more about [dedicated SQL pool](../..//synapse-analytics/sql/best-practices-sql-pool.md).
+ > - Enabling auditing on a paused dedicated SQL pool is not possible. To enable auditing, un-pause the dedicated SQL pool. Learn more about [dedicated SQL pool](../..//synapse-analytics/sql/best-practices-dedicated-sql-pool.md).
> - When auditing is configured to a Log Analytics workspace or to an Even Hub destination via the Azure portal or PowerShell cmdlet, a [Diagnostic Setting](../../azure-monitor/essentials/diagnostic-settings.md) is created with "SQLSecurityAuditEvents" category enabled. 1. Go to the [Azure portal](https://portal.azure.com).
azure-sql Auto Failover Group Overview https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-sql/database/auto-failover-group-overview.md
When you are using auto-failover groups with automatic failover policy, any outa
- [Azure portal](geo-distributed-application-configure-tutorial.md) - [Azure CLI: Failover Group](scripts/add-database-to-failover-group-cli.md) - [PowerShell: Failover Group](scripts/add-database-to-failover-group-powershell.md)-- [REST API: Failover group](/rest/api/sql/failovergroups).
+- [REST API: Failover group](/rest/api/sql/failovergroups)
After failover, ensure the authentication requirements for your database and server, or instance are configured on the new primary. For details, see [SQL Database security after disaster recovery](active-geo-replication-security-configure.md).
To achieve real business continuity, adding database redundancy between datacent
- Perform disaster recovery (DR) drills in production when the data loss is not acceptable - Relocate the databases to a different region
- - Return the databases to the primary region after the outage has been mitigated (failback).
+ - Return the databases to the primary region after the outage has been mitigated (failback)
- **Unplanned failover**
To achieve real business continuity, adding database redundancy between datacent
- **Grace period with data loss**
- Because the primary and secondary databases are synchronized using asynchronous replication, the failover may result in data loss. You can customize the automatic failover policy to reflect your applicationΓÇÖs tolerance to data loss. By configuring `GracePeriodWithDataLossHours`, you can control how long the system waits before initiating the failover that is likely to result data loss.
+ Because the primary and secondary databases are synchronized using asynchronous replication, the failover may result in data loss. You can customize the automatic failover policy to reflect your applicationΓÇÖs tolerance to data loss. By configuring `GracePeriodWithDataLossHours`, you can control how long the system waits before initiating the failover that is likely to result in data loss.
- **Multiple failover groups**
When performing OLTP operations, use `<fog-name>.database.windows.net` as the se
### Using read-only listener for read-only workload
-If you have a logically isolated read-only workload that is tolerant to certain staleness of data, you can use the secondary database in the application. For read-only sessions, use `<fog-name>.secondary.database.windows.net` as the server URL and the connection is automatically directed to the secondary. It is also recommended that you indicate in connection string read intent by using `ApplicationIntent=ReadOnly`.
+If you have a logically isolated read-only workload that is tolerant to certain staleness of data, you can use the secondary database in the application. For read-only sessions, use `<fog-name>.secondary.database.windows.net` as the server URL and the connection is automatically directed to the secondary. It is also recommended that you indicate read intent in the connection string by using `ApplicationIntent=ReadOnly`.
### Preparing for performance degradation
azure-sql Connect Query Portal https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-sql/database/connect-query-portal.md
keywords: connect to sql database,query sql database, azure portal, portal, quer
-+ ms.devlang:
azure-sql Security Controls Policy https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-sql/database/security-controls-policy.md
Title: Azure Policy Regulatory Compliance controls for Azure SQL Database description: Lists Azure Policy Regulatory Compliance controls available for Azure SQL Database and SQL Managed Instance. These built-in policy definitions provide common approaches to managing the compliance of your Azure resources. Previously updated : 03/10/2021 Last updated : 03/17/2021
azure-sql Sql Database Paas Overview https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-sql/database/sql-database-paas-overview.md
If you're new to Azure SQL Database, check out the *Azure SQL Database Overview*
> [!VIDEO https://channel9.msdn.com/Series/Azure-SQL-for-Beginners/Azure-SQL-Database-Overview-7-of-61/player] > [!TIP]
-> How can we make Azure SQL better? [Take the survey](https://aka.ms/AzureSQLSurvey).
+> How can we make Azure SQL better? [Take the survey](https://microsoft.qualtrics.com/jfe/form/SV_ePOznHhP4gDKfGu?channel=456).
## Deployment models
azure-sql Machine Learning Services Overview https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-sql/managed-instance/machine-learning-services-overview.md
RECONFIGURE WITH OVERRIDE;
For details on how this command affects SQL Managed Instance resources, see [Resource Governance](machine-learning-services-differences.md#resource-governance).
+### Enable Machine Learning Services in a failover group
+
+In a [failover group](failover-group-add-instance-tutorial.md), system databases are not replicated to the secondary instance (see [Limitations of failover groups](../database/auto-failover-group-overview.md#limitations-of-failover-groups) for more information).
+
+If the Managed Instance you're using is part of a failover group, do the following:
+
+- Run the `sp_configure` and `RECONFIGURE` commands on each instance of the failover group to enable Machine Learning Services.
+
+- Install the R/Python libraries on a user database rather than the master database.
+ ## Next steps - See the [key differences from SQL Server Machine Learning Services](machine-learning-services-differences.md).
azure-sql Sql Managed Instance Paas Overview https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-sql/managed-instance/sql-managed-instance-paas-overview.md
The following diagram outlines key features of SQL Managed Instance:
Azure SQL Managed Instance is designed for customers looking to migrate a large number of apps from an on-premises or IaaS, self-built, or ISV provided environment to a fully managed PaaS cloud environment, with as low a migration effort as possible. Using the fully automated [Azure Data Migration Service](../../dms/tutorial-sql-server-to-managed-instance.md#create-an-azure-database-migration-service-instance), customers can lift and shift their existing SQL Server instance to SQL Managed Instance, which offers compatibility with SQL Server and complete isolation of customer instances with native VNet support. For more information on migration options and tools, see [Migration overview: SQL Server to Azure SQL Managed Instance](../migration-guides/managed-instance/sql-server-to-managed-instance-overview.md).</br> With Software Assurance, you can exchange your existing licenses for discounted rates on SQL Managed Instance using the [Azure Hybrid Benefit for SQL Server](https://azure.microsoft.com/pricing/hybrid-benefit/). SQL Managed Instance is the best migration destination in the cloud for SQL Server instances that require high security and a rich programmability surface. > [!TIP]
-> How can we make Azure SQL better? [Take the survey](https://aka.ms/AzureSQLSurvey).
+> How can we make Azure SQL better? [Take the survey](https://microsoft.qualtrics.com/jfe/form/SV_ePOznHhP4gDKfGu?channel=456).
## Key features and capabilities
azure-sql Oracle To Managed Instance Guide https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-sql/migration-guides/managed-instance/oracle-to-managed-instance-guide.md
To create an assessment, follow these steps:
1. Open [SQL Server Migration Assistant for Oracle](https://www.microsoft.com/en-us/download/details.aspx?id=54258). 1. Select **File** and then choose **New Project**. 1. Provide a project name, a location to save your project, and then select Azure SQL Managed Instance as the migration target from the drop-down. Select **OK**.
-1. Enter in values for the Oracle connection details on the Connect to **Connect to Oracle** dialog box.
+
+ ![New Project](./media/oracle-to-managed-instance-guide/new-project.png)
+
+1. Select **Connect to Oracle**. Enter in values for Oracle connection details on the **Connect to Oracle** dialog box.
+
+ ![Connect to Oracle](./media/oracle-to-managed-instance-guide/connect-to-oracle.png)
+
+ Select the Oracle schema(s) you want to migrate:
+
+ ![Choose Oracle schema](./media/oracle-to-managed-instance-guide/select-schema.png)
+ 1. Right-click the Oracle schema you want to migrate in the **Oracle Metadata Explorer**, and then choose **Create report**. This will generate an HTML report. Alternatively, you can choose **Create report** from the navigation bar after selecting the database.+
+ ![Create Report](./media/oracle-to-managed-instance-guide/create-report.png)
+ 1. Review the HTML report to understand conversion statistics and any errors or warnings. You can also open the report in Excel to get an inventory of Oracle objects and the effort required to perform schema conversions. The default location for the report is in the report folder within SSMAProjects. For example: `drive:\<username>\Documents\SSMAProjects\MyOracleMigration\report\report_2020_11_12T02_47_55\`
+ ![Assessment Report](./media/oracle-to-managed-instance-guide/assessment-report.png)
+ ### Validate data types
Validate the default data type mappings and change them based on requirements if
1. Select **Tools** from the menu. 1. Select **Project Settings**. 1. Select the **Type mappings** tab. +
+ ![Type Mappings](./media/oracle-to-managed-instance-guide/type-mappings.png)
+ 1. You can change the type mapping for each table by selecting the table in the **Oracle Metadata Explorer**. ### Convert schema
To convert the schema, follow these steps:
1. Enter connection details to connect your database in Azure SQL Managed Instance. 1. Choose your target database from the drop-down. 1. Select **Connect**.
-1. Right-click the schema and then choose **Convert Schema**. Alternatively, you can choose **Convert Schema** from the top navigation bar after selecting your schema.
+
+ ![Connect to SQL Managed Instance](./media/oracle-to-managed-instance-guide/connect-to-sql-managed-instance.png)
+
+1. Right-click the Oracle schema in the **Oracle Metadata Explorer** and then choose **Convert Schema**. Alternatively, you can choose **Convert Schema** from the top navigation bar after selecting your schema.
+
+ ![Convert Schema](./media/oracle-to-managed-instance-guide/convert-schema.png)
+ 1. After the conversion completes, compare and review the converted objects to the original objects to identify potential problems and address them based on the recommendations.+
+ ![Compare table recommendations](./media/oracle-to-managed-instance-guide/table-comparison.png)
+
+ Compare the converted Transact-SQL text to the original stored procedures and review the recommendations:
+
+ ![Compare procedure recommendations](./media/oracle-to-managed-instance-guide/procedure-comparison.png)
+ 1. Save the project locally for an offline schema remediation exercise. Select **Save Project** from the **File** menu. ## Migrate
After you have completed assessing your databases and addressing any discrepanci
To publish your schema and migrate your data, follow these steps: 1. Publish the schema: Right-click the database from the **Databases** node in the **Azure SQL Managed Instance Metadata Explorer** and choose **Synchronize with Database**.+
+ ![Synchronize with Database](./media/oracle-to-managed-instance-guide/synchronize-with-database.png)
+
+ Review the mapping between your source project and your target:
+
+ ![Synchronize with Database Review](./media/oracle-to-managed-instance-guide/synchronize-with-database-review.png)
+ 1. Migrate the data: Right-click the schema from the **Oracle Metadata Explorer** and choose **Migrate Data**. +
+ ![Migrate Data](./media/oracle-to-managed-instance-guide/migrate-data.png)
+ 1. Provide connection details for both Oracle and Azure SQL Managed Instance. 1. View the **Data Migration report**.+
+ ![Data Migration Report](./media/oracle-to-managed-instance-guide/data-migration-report.png)
+ 1. Connect to your Azure SQL Managed Instance by using [SQL Server Management Studio](/sql/ssms/download-sql-server-management-studio-ssms) and validate the migration by reviewing the data and schema.
+ ![Validate in SSMA](./media/oracle-to-managed-instance-guide/validate-data.png)
++ Alternatively, you can also use SQL Server Integration Services (SSIS) to perform the migration. To learn more, see: - [SQL Server Migration Assistant: How to assess and migrate data from non-Microsoft data platforms to SQL Server](https://blogs.msdn.microsoft.com/datamigration/2016/11/16/sql-server-migration-assistant-how-to-assess-and-migrate-databases-from-non-microsoft-data-platforms-to-sql-server/)
azure-vmware Concepts Identity https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-vmware/concepts-identity.md
Title: Concepts - Identity and access description: Learn about the identity and access concepts of Azure VMware Solution Previously updated : 02/02/2021 Last updated : 03/18/2021 # Azure VMware Solution identity concepts
-Azure VMware Solution private clouds are provisioned with a vCenter server and NSX-T Manager. You use vCenter to manage virtual machine (VM) workloads. You use the NSX-T Manager to extend the private cloud.
+Azure VMware Solution private clouds are provisioned with a vCenter server and NSX-T Manager. You use vCenter to manage virtual machine (VM) workloads. You use the NSX-T Manager to manage and extend the private cloud network.
-Access and identity management use CloudAdmin group privileges for vCenter and restricted administrator rights for NSX-T Manager. It ensures that your private cloud platform upgrades automatically with the newest features and patches. For more information, see [private cloud upgrades concepts article][concepts-upgrades].
+The vCenter Access and identity management uses the buildin CloudAdmin group privileges. The NSX-T Manager uses restricted administrator permissions. This is by nature of the managed service and ensures that your private cloud platform upgrades with the newest features and patches as to be expected. For more information, see [private cloud upgrades concepts article][concepts-upgrades].
## vCenter access and identity
-The CloudAdmin group provides the privileges in vCenter. You manage the group locally in vCenter. Another option is through the integration of vCenter LDAP single sign-on with Azure Active Directory. You enable that integration after you deploy your private cloud.
+The vCenter CloudAdmin group defines and provides the privileges in vCenter. Another option is to provide access and identity through the integration of vCenter LDAP single sign-on with Azure Active Directory. You enable that integration after you deploy your private cloud.
The table shows **CloudAdmin** and **CloudGlobalAdmin** privileges.
The table shows **CloudAdmin** and **CloudGlobalAdmin** privileges.
## NSX-T Manager access and identity
-Use the *administrator* account to access NSX-T Manager. It has full privileges and lets you create and manage Tier-1 (T1) Gateways, segments (logical switches), and all services. The privileges give you access to the NSX-T Tier-0 (T0) Gateway. A change to the T0 Gateway could result in degraded network performance or no private cloud access. Open a support request in the Azure portal to request any changes to your NSX-T T0 Gateway.
+Use the *administrator* account to access NSX-T Manager. It has full privileges and lets you create and manage Tier-1 (T1) Gateways, segments (logical switches) and all services. This account also provides access to the NSX-T Tier-0 (T0) Gateway. Be mindfull on makeing such changes, since that could result in degraded network performance or no private cloud access. Open a support request in the Azure portal to request any changes to your NSX-T T0 Gateway.
## Next steps
Now that you've covered Azure VMware Solution access and identity concepts, you
<!-- LINKS - external --> <!-- LINKS - internal -->
-[concepts-upgrades]: ./concepts-upgrades.md
+[concepts-upgrades]: ./concepts-upgrades.md
azure-vmware Concepts Role Based Access Control https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-vmware/concepts-role-based-access-control.md
Title: Concepts - vSphere role-based access control (vSphere RBAC) description: Learn about the key capabilities of vSphere role-based access control for Azure VMware Solution Previously updated : 03/16/2021 Last updated : 03/18/2021 # vSphere role-based access control (vSphere RBAC) for Azure VMware Solution
Last updated 03/16/2021
In Azure VMware Solution, vCenter has a built-in local user called cloudadmin and assigned to the built-in CloudAdmin role. The local cloudadmin user is used to set up users in AD. In general, the CloudAdmin role creates and manages workloads in your private cloud. In Azure VMware Solution, the CloudAdmin role has vCenter privileges that differ from other VMware cloud solutions. > [!NOTE]
-> Azure VMware Solution offers custom roles on vCenter but currently does not offer them on the Azure VMware Solution portal. For more information, see the [Create custom roles on vCenter](#create-custom-roles-on-vcenter) section later in this article.
+> Azure VMware Solution offers custom roles on vCenter does not offer them on the Azure VMware Solution portal. For more information, see the [Create custom roles on vCenter](#create-custom-roles-on-vcenter) section later in this article.
In a vCenter and ESXi on-premises deployment, the administrator has access to the vCenter administrator@vsphere.local account. They can also have more Active Directory (AD) users/groups assigned. In an Azure VMware Solution deployment, the administrator doesn't have access to the administrator user account. But they can assign AD users and groups to the CloudAdmin role on vCenter.
-The private cloud user doesn't have access to and can't configure specific management components supported and managed by Microsoft. For example, clusters, hosts, datastores, and distributed virtual switches.
+The private cloud user doesn't have access and can not configure specific management components supported and managed by Microsoft. For example clusters, hosts, datastores, and distributed virtual switches.
## Azure VMware Solution CloudAdmin role on vCenter You can view the privileges granted to the Azure VMware Solution CloudAdmin role on your Azure VMware Solution private cloud vCenter.
-1. Log into the SDDC vSphere Client and go to **Menu** > **Administration**.
+1. Log into vCenter and go to **Menu** > **Administration**.
1. Under **Access Control**, select **Roles**. 1. From the list of roles, select **CloudAdmin** and then select **Privileges**.
Azure VMware Solution supports the use of custom roles with equal or lesser priv
The CloudAdmin role can create, modify, or delete custom roles that have privileges lesser than or equal to their current role. You may be able to create roles that have privileges greater than CloudAdmin but you will not be able to assign the role to any users or groups or delete the role.
-To prevent the creation of roles that can't be assigned or deleted, Azure VMware Solution recommends cloning the CloudAdmin role as the basis for creating new custom roles.
+To prevent the creation of roles that can't be assigned or deleted it is recommends to clone the CloudAdmin role as the basis for creating new custom roles.
### Create a custom role 1. Sign into vCenter with cloudadmin\@vsphere.local or a user with the CloudAdmin role.
azure-vmware Production Ready Deployment Steps https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-vmware/production-ready-deployment-steps.md
Title: Planning the Azure VMware Solution deployment description: This article outlines an Azure VMware Solution deployment workflow. The final result is an environment ready for virtual machine (VM) creation and migration. Previously updated : 03/13/2021 Last updated : 03/17/2021 # Planning the Azure VMware Solution deployment
The steps outlined in this quick start give you a production-ready environment f
>[!IMPORTANT] >Before you create your Azure VMware Solution resource, follow the [How to enable Azure VMware Solution resource](enable-azure-vmware-solution.md) article to submit a support ticket to have your hosts allocated. Once the support team receives your request, it takes up to five business days to confirm your request and allocate your hosts. If you have an existing Azure VMware Solution private cloud and want more hosts allocated, you'll go through the same process. - ## Subscription Identify the subscription you plan to use to deploy Azure VMware Solution. You can either create a new subscription or reuse an existing one.
Identify the size hosts that you want to use when deploying Azure VMware Solutio
## Number of clusters and hosts
-In the Azure VMware Solution, you'll deploy a private cloud and create multiple clusters. For your deployment, you'll need to define the number of clusters and the f hosts that you want to deploy in each cluster. The minimum number of hosts per cluster is three, and the maximum is 16. The maximum number of clusters per private cloud is four. The maximum number of nodes per private cloud is 64.
+The first Azure VMware Solution deployment you do will consist of a private cloud containing a single cluster. For your deployment, you'll need to define the number of hosts you want to deploy to the first cluster.
+
+>[!NOTE]
+>The minimum number of hosts per cluster is three, and the maximum is 16. The maximum number of clusters per private cloud is four.
For more information, see the [Azure VMware Solution private cloud and clusters](concepts-private-clouds-clusters.md#clusters) documentation. >[!TIP]
->You can always extend the cluster later if you need to go beyond the initial deployment number.
+>You can always extend the cluster and add additional clusters later if you need to go beyond the initial deployment number.
## IP address segment for private cloud management
-The first step in planning the deployment is to plan out the IP segmentation. Azure VMware Solution requires a /22 CIDR network. This address space carves it up into smaller network segments (subnets) and used for vCenter, VMware HCX, NSX-T, and vMotion functionality.
+The first step in planning the deployment is to plan out the IP segmentation. Azure VMware Solution requires a /22 CIDR network. This address space is carved up into smaller network segments (subnets) and used for Azure VMware Solution management segments, including vCenter, VMware HCX, NSX-T, and vMotion functionality. The visualization below highlights where this segment will be used.
-This /22 CIDR network address block shouldn't overlap with anything existing network segment you already have on-premises or in Azure.
+This /22 CIDR network address block shouldn't overlap with any existing network segment you already have on-premises or in Azure.
**Example:** 10.0.0.0/22
-Azure VMware Solution connects to your Microsoft Azure Virtual Network through an internal ExpressRoute Global Reach circuit (D-MSEE in below visualization). This functionality is part of the Azure VMware Solution service and won't be charged.
-
-For more information, see the [Network planning checklist](tutorial-network-checklist.md#routing-and-subnet-considerations).
+For a detailed breakdown of how the /22 CIDR network is broken down per private cloud [Network planning checklist](tutorial-network-checklist.md#routing-and-subnet-considerations).
:::image type="content" source="media/pre-deployment/management-vmotion-vsan-network-ip-diagram.png" alt-text="Identify - IP address segment" border="false"::: ## IP address segment for virtual machine workloads
-Identify an IP segment to create your first network for workloads (NSX segment) in your private cloud. In other words, youΓÇÖll need to create a network segment on Azure VMware Solution so you can deploy VMs in Azure VMware Solution.
+Like with any VMware environment, the virtual machines must connect to a network segment. In Azure VMware Solution, there are two types of segments, L2 extended segments (discussed later) and NSX-T network segments. As the production deployment of Azure VMware Solution expands, there is often a combination of L2 extended segments from on-premises and local NSX-T network segments. To plan the initial deployment, In Azure VMware Solution, identify a single network segment (IP network). This network must not overlap with any network segments on-premises or within the rest of Azure and must not be within the /22 network segment defined earlier.
-Even if you plan to extend networks from on-premises into Azure VMware Solution (L2), you still need to create a network segment that validates the environment.
+This network segment is used primarily for testing purposes during the initial deployment.
-Remember, any IP segments created must be unique across your Azure and on-premises footprint.
+>[!NOTE]
+>This network or networks will not be needed during the deployment. They get created as a post-deployment step.
**Example:** 10.0.4.0/24 :::image type="content" source="media/pre-deployment/nsx-segment-diagram.png" alt-text="Identify - IP address segment for virtual machine workloads" border="false":::
-## (Optional) Extend networks
+## (Optional) Extend your networks
You can extend network segments from on-premises to Azure VMware Solution, and if you do, identify those networks now.
Keep in mind that:
- If you plan to extend networks from on-premises, those networks must connect to a [vSphere Distributed Switch (vDS)](https://docs.vmware.com/en/VMware-vSphere/6.7/com.vmware.vsphere.networking.doc/GUID-B15C6A13-797E-4BCB-B9D9-5CBC5A60C3A6.html) in your on-premises VMware environment. - If the network(s) you wish to extend live on a [vSphere Standard Switch](https://docs.vmware.com/en/VMware-vSphere/6.7/com.vmware.vsphere.networking.doc/GUID-350344DE-483A-42ED-B0E2-C811EE927D59.html), then they can't be extended.
+>[!NOTE]
+>These networks are extended as a final step of the configuration, not during deployment.
+ ## Attach Azure Virtual Network to Azure VMware Solution
-In this step, you'll identify an ExpressRoute virtual network gateway and the supporting Azure Virtual Network used to connect the Azure VMware Solution ExpressRoute circuit. The ExpressRoute circuit facilitates connectivity to and from the Azure VMware Solution private cloud to other Azure services, Azure resources, and on-premises environments.
+To provide connectivity to Azure VMware Solution, an ExpressRoute is built from Azure VMware Solution private cloud to an ExpressRoute virtual network gateway.
You can use an *existing* OR *new* ExpressRoute virtual network gateway.
You can use an *existing* OR *new* ExpressRoute virtual network gateway.
### Use an existing ExpressRoute virtual network gateway
-If you use an *existing* ExpressRoute virtual network gateway, the Azure VMware Solution ExpressRoute circuit is established after you deploy the private cloud. In this case, leave the **Virtual Network** field blank.
+If you plan to use an *existing* ExpressRoute virtual network gateway, the Azure VMware Solution ExpressRoute circuit is established as a post-deployment step. In this case, leave the **Virtual Network** field blank.
-Make note of which ExpressRoute virtual network gateway you'll use and continue to the next step.
+As a general recommendation, it's acceptable to use an existing ExpressRoute virtual network gateway. For planning purposes, make note of which ExpressRoute virtual network gateway you'll use and then continue to the next step.
### Create a new ExpressRoute virtual network gateway When you create a *new* ExpressRoute virtual network gateway, you can use an existing Azure Virtual Network or create a new one. - For an existing Azure Virtual network:
- 1. Verify there are no pre-existing ExpressRoute virtual network gateways in the virtual network.
- 1. Select the existing Azure Virtual Network from the **Virtual Network** list.
+ 1. Identify an Azure Virtual network where there are no pre-existing ExpressRoute virtual network gateways.
+ 2. Prior to deployment, create a [GatewaySubnet](../expressroute/expressroute-howto-add-gateway-portal-resource-manager.md#create-the-gateway-subnet) in the Azure Virtual Network.
- For a new Azure Virtual Network, you can create it in advance or during deployment. Select the **Create new** link under the **Virtual Network** list.
backup Security Controls Policy https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/backup/security-controls-policy.md
Title: Azure Policy Regulatory Compliance controls for Azure Backup description: Lists Azure Policy Regulatory Compliance controls available for Azure Backup. These built-in policy definitions provide common approaches to managing the compliance of your Azure resources. Previously updated : 03/10/2021 Last updated : 03/17/2021
batch Batch Compute Node Environment Variables https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/batch/batch-compute-node-environment-variables.md
The command lines executed by tasks on compute nodes don't run under a shell. Th
| AZ_BATCH_TASK_ID | The ID of the current task. | All tasks except start task. | task001 | | AZ_BATCH_TASK_SHARED_DIR | A directory path that is identical for the primary task and every subtask of a [multi-instance task](batch-mpi.md). The path exists on every node on which the multi-instance task runs, and is read/write accessible to the task commands running on that node (both the [coordination command](batch-mpi.md#coordination-command) and the [application command](batch-mpi.md#application-command). Subtasks or a primary task that execute on other nodes do not have remote access to this directory (it is not a "shared" network directory). | Multi-instance primary and subtasks. | C:\user\tasks\workitems\multiinstancesamplejob\job-1\multiinstancesampletask | | AZ_BATCH_TASK_WORKING_DIR | The full path of the [task working directory](files-and-directories.md) on the node. The currently running task has read/write access to this directory. | All tasks. | C:\user\tasks\workitems\batchjob001\job-1\task001\wd |
+| AZ_BATCH_TASK_WORKING_DIR | The full path of the [task working directory](files-and-directories.md) on the node. The currently running task has read/write access to this directory. | All tasks. | C:\user\tasks\workitems\batchjob001\job-1\task001\wd |
+| AZ_BATCH_TASK_RESERVED_EPHEMERAL_DISK_SPACE_BYTES | The current threshold for disk space upon which the VM will be marked as `DiskFull`. | All tasks. | 1000000 |
| CCP_NODES | The list of nodes and number of cores per node that are allocated to a [multi-instance task](batch-mpi.md). Nodes and cores are listed in the format `numNodes<space>node1IP<space>node1Cores<space>`<br/>`node2IP<space>node2Cores<space> ...`, where the number of nodes is followed by one or more node IP addresses and the number of cores for each. | Multi-instance primary and subtasks. |`2 10.0.0.4 1 10.0.0.5 1` | ## Next steps
batch Security Controls Policy https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/batch/security-controls-policy.md
Title: Azure Policy Regulatory Compliance controls for Azure Batch description: Lists Azure Policy Regulatory Compliance controls available for Azure Batch. These built-in policy definitions provide common approaches to managing the compliance of your Azure resources. Previously updated : 03/10/2021 Last updated : 03/17/2021
cloud-services-extended-support Certificates And Key Vault https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cloud-services-extended-support/certificates-and-key-vault.md
Key Vault is used to store certificates that are associated to Cloud Services (e
:::image type="content" source="media/certs-and-key-vault-4.png" alt-text="Image shows selecting the generate/ import option":::
-4. Complete the required information to finish uploading the certificate.
+4. Complete the required information to finish uploading the certificate. The certificate needs to be in **.PFX** format.
:::image type="content" source="media/certs-and-key-vault-5.png" alt-text="Image shows importing window in the Azure portal.":::
Key Vault is used to store certificates that are associated to Cloud Services (e
## Next steps - Review the [deployment prerequisites](deploy-prerequisite.md) for Cloud Services (extended support). - Review [frequently asked questions](faq.md) for Cloud Services (extended support).-- Deploy a Cloud Service (extended support) using the [Azure portal](deploy-portal.md), [PowerShell](deploy-powershell.md), [Template](deploy-template.md) or [Visual Studio](deploy-visual-studio.md).
+- Deploy a Cloud Service (extended support) using the [Azure portal](deploy-portal.md), [PowerShell](deploy-powershell.md), [Template](deploy-template.md) or [Visual Studio](deploy-visual-studio.md).
cloud-services-extended-support Deploy Template https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cloud-services-extended-support/deploy-template.md
This tutorial explains how to create a Cloud Service (extended support) deployme
## Deploy a Cloud Service (extended support) > [!NOTE]
-> An alternative way of deploying your cloud service (extended support) is via [Azure portal](https://portal.azure.com). You can download the generated ARM template via the portal for your future deployments
+> An alternative way of deploying your cloud service (extended support) is via [Azure portal](https://portal.azure.com). You can [download the generated ARM template](generate-template-portal.md) via the portal for your future deployments
1. Create virtual network. The name of the virtual network must match the references in the Service Configuration (.cscfg) file. If using an existing virtual network, omit this section from the ARM template.
cloud-services-extended-support Generate Template Portal https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cloud-services-extended-support/generate-template-portal.md
# Generate ARM Template for Cloud Services (extended support) using the Azure portal
-This article explains how to get the ARM template and parameter file from the [Azure portal](https://portal.azure.com) after the cloud service (extended support) is deployed. The ARM template and parameter file can be used in future deployments to upgrade or update a cloud service (extended support)
+This article explains how to download the ARM template and parameter file from the [Azure portal](https://portal.azure.com) after the Cloud Service (extended support) is deployed. The ARM template and parameter file can be used in future deployments to upgrade or update a cloud service (extended support)
## Get ARM template via portal
cognitive-services Get Answer From Knowledge Base Using Url Tool https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/QnAMaker/Quickstarts/get-answer-from-knowledge-base-using-url-tool.md
Title: "Quickstart: Use URL tool to get answer from knowledge base - QnA Maker"
+ Title: Use URL tool to get answer from knowledge base - QnA Maker
-description: This quickstart walks you through getting an answer from your knowledge base using a URL test tool such as cURL or Postman.
+description: This article walks you through getting an answer from your knowledge base using a URL test tool such as cURL or Postman.
zone_pivot_groups: URL-test-interface-+ Last updated 07/16/2020
-#Customer intent: As an knowledge base manager new to the QnA Maker service, I want to get an answer from a published knowledge base using a URL tool such as Postman or cURL.
+
-# Quickstart: Get an answer from knowledge base
+# Get an answer from a knowledge base
::: zone pivot="url-test-tool-curl"
cognitive-services Quickstart Sdk https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/QnAMaker/Quickstarts/quickstart-sdk.md
zone_pivot_groups: qnamaker-quickstart
Get started with the QnA Maker client library. Follow these steps to install the package and try out the example code for basic tasks. + ::: zone pivot="programming-language-csharp" [!INCLUDE [QnA Maker C# client library quickstart](../includes/quickstart-sdk-csharp.md)] ::: zone-end
Get started with the QnA Maker client library. Follow these steps to install the
[!INCLUDE [QnA Maker Ruby client library quickstart](../includes/quickstart-sdk-ruby.md)] ::: zone-end ## Clean up resources
cognitive-services How To Speech Synthesis Viseme https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/Speech-Service/how-to-speech-synthesis-viseme.md
+
+ Title: How to get viseme data for lip-sync
+
+description: The Speech SDK supports viseme event in speech synthesis, which are used to represent the key poses in observed speech (i.e. the position of the lips, jaw and tongue when producing a particular phoneme).
++++++ Last updated : 03/03/2021++
+zone_pivot_groups: programming-languages-speech-services-nomore-variant
++
+# Visemes
+
+A viseme is the visual description of a phoneme in spoken language.
+It defines the position of the face and mouth when speaking a word.
+Each viseme depicts the key facial poses for a specific set of phonemes.
+There is no one-to-one correspondence between visemes and phonemes.
+Often several phonemes correspond to a single viseme, as several phonemes look the same on the face when produced, such as `s`, `z`.
+See the [mapping table between Visemes and phonemes](#visemes-and-phonemes-table).
+
+Using visemes, you can create more natural and intelligent news broadcast assistant, more interactive gaming and Cartoon characters, and more intuitive language teaching videos. The hearing-impaired can also pick up sounds visually and "lip-read" any speech content.
+
+## Get viseme outputs with the Speech SDK
+
+In viseme event, we convert the input text into a set of phoneme sequences and their corresponding viseme sequences.
+At the same time, the start time of each viseme will be predicted according to the selected voice.
+Viseme sequences can be represented by a set of viseme IDs, and viseme start time can be represented by audio offsets. Viseme ID and audio offset are defined as the output parameters of speech viseme event. They are used to drive the mouth animations that help simulate mouth motions of the input text.
+
+| Parameter | Description |
+|--|-|
+| Viseme ID | Integer numbers that specify different visemes. In English (United States), we offer 22 different visemes to depict the mouth shapes for a specific set of phonemes. See the [mapping table between Viseme ID and IPA](#visemes-and-phonemes-table). |
+| Audio offset | The start time of each viseme, in ticks (100 nanoseconds) |
+
+To get viseme event outputs, you need to subscribe the `VisemeReceived` event in Speech SDK. The following snippets illustrate how to subscribe the viseme event.
++
+```csharp
+using (var synthesizer = new SpeechSynthesizer(speechConfig, audioConfig))
+{
+ // Subscribes to viseme received event
+ synthesizer.VisemeReceived += (s, e) =>
+ {
+ Console.WriteLine($"Viseme event received. Audio offset: " +
+ $"{e.AudioOffset / 10000}ms, viseme id: {e.VisemeId}.");
+ };
+
+ var result = await synthesizer.SpeakSsmlAsync(ssml));
+}
+
+```
+++
+```cpp
+auto synthesizer = SpeechSynthesizer::FromConfig(speechConfig, audioConfig);
+
+// Subscribes to viseme received event
+synthesizer->VisemeReceived += [](const SpeechSynthesisVisemeEventArgs& e)
+{
+ cout << "viseme event received. "
+ // The unit of e.AudioOffset is tick (1 tick = 100 nanoseconds), divide by 10,000 to convert to milliseconds.
+ << "Audio offset: " << e.AudioOffset / 10000 << "ms, "
+ << "viseme id: " << e.VisemeId << "." << endl;
+};
+
+auto result = synthesizer->SpeakSsmlAsync(ssml).get();
+```
+++
+```java
+SpeechSynthesizer synthesizer = new SpeechSynthesizer(speechConfig, audioConfig);
+
+// Subscribes to viseme received event
+synthesizer.VisemeReceived.addEventListener((o, e) -> {
+ // The unit of e.AudioOffset is tick (1 tick = 100 nanoseconds), divide by 10,000 to convert to milliseconds.
+ System.out.print("Viseme event received. Audio offset: " + e.getAudioOffset() / 10000 + "ms, ");
+ System.out.println("viseme id: " + e.getVisemeId() + ".");
+});
+
+SpeechSynthesisResult result = synthesizer.SpeakSsmlAsync(ssml).get();
+```
+++
+```Python
+speech_synthesizer = speechsdk.SpeechSynthesizer(speech_config=speech_config, audio_config=audio_config)
+
+# Subscribes to viseme received event
+speech_synthesizer.viseme_received.connect(lambda evt: print(
+ "Viseme event received: audio offset: {}ms, viseme id: {}.".format(evt.audio_offset / 10000, evt.viseme_id)))
+
+result = speech_synthesizer.speak_ssml_async(ssml).get()
+```
+++
+```Javascript
+var synthesizer = new SpeechSDK.SpeechSynthesizer(speechConfig, audioConfig);
+
+// Subscribes to viseme received event
+synthesizer.visemeReceived = function (s, e) {
+ window.console.log("(Viseme), Audio offset: " + e.audioOffset / 10000 + "ms. Viseme ID: " + e.visemeId);
+}
+
+synthesizer.speakSsmlAsync(ssml);
+```
+++
+```Objective-C
+SPXSpeechSynthesizer *synthesizer =
+ [[SPXSpeechSynthesizer alloc] initWithSpeechConfiguration:speechConfig
+ audioConfiguration:audioConfig];
+
+// Subscribes to viseme received event
+[synthesizer addVisemeReceivedEventHandler: ^ (SPXSpeechSynthesizer *synthesizer, SPXSpeechSynthesisVisemeEventArgs *eventArgs) {
+ NSLog(@"Viseme event received. Audio offset: %fms, viseme id: %lu.", eventArgs.audioOffset/10000., eventArgs.visemeId);
+}];
+
+[synthesizer speakSsml:ssml];
+```
++
+## Visemes and phonemes table
+
+Visemes vary by languages. Each language has a set of viseme that correspond to their specific phonemes. The table shows the correspondence between International Phonetic Alphabet (IPA) phonemes and viseme IDs for English (United States).
+
+| IPA | Example | Viseme ID |
+|--||--|
+| i | **ea**t | 6 |
+| ɪ | **i**f | 6 |
+| eɪ | **a**te | 4 |
+| ɛ | **e**very | 4 |
+|æ | **a**ctive |1|
+|ɑ | **o**bstinate |2|
+|ɔ | c**au**se |3|
+|ʊ | b**oo**k |4|
+|oʊ | **o**ld |8|
+|u | **U**ber |7|
+|ʌ | **u**ncle |1|
+|aɪ | **i**ce |11|
+|aʊ | **ou**t |9|
+|ɔɪ | **oi**l |10|
+|ju | **Yu**ma |[6, 7]|
+|ə | **a**go |1|
+|ɪɹ | **ear**s |[6, 13]|
+|ɛɹ | **air**plane |[4, 13]|
+|ʊɹ | c**ur**e |[4, 13]|
+|aɪ(ə)ɹ | **Ire**land |[11, 13]|
+|aʊ(ə)ɹ | **hour**s |[9, 13]|
+|ɔɹ | **or**ange |[3, 13]|
+|ɑɹ | **ar**tist |[2, 13]|
+|ɝ | **ear**th |[5, 13]|
+|ɚ | all**er**gy |[1, 13]|
+|w | **w**ith, s**ue**de |7|
+|j | **y**ard, f**e**w |6|
+|p | **p**ut |21|
+|b | **b**ig |21|
+|t | **t**alk |19|
+|d | **d**ig |19|
+|k | **c**ut |20|
+|g | **g**o |20|
+|m | **m**at, s**m**ash |21|
+|n | **n**o, s**n**ow |19|
+|ŋ | li**n**k |20|
+|f | **f**ork |18|
+|v | **v**alue |18|
+|╬╕ | **th**in |17|
+|├░ | **th**en |17|
+|s | **s**it |15|
+|z | **z**ap |15|
+|ʃ | **sh**e |16|
+|ʒ | **J**acques |16|
+|h | **h**elp |12|
+|tʃ | **ch**in |16|
+|dʒ | **j**oy |16|
+|l | **l**id, g**l**ad |14|
+|╔╣ | **r**ed, b**r**ing |13|
++
+## Next steps
+
+* [Speech SDK reference documentation](speech-sdk.md)
cognitive-services Releasenotes https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/Speech-Service/releasenotes.md
Previously updated : 01/27/2021 Last updated : 03/18/2021 # Speech Service release notes
+## Speech SDK 1.16.0: 2021-March release
+
+**Note**: The Speech SDK on Windows depends on the shared Microsoft Visual C++ Redistributable for Visual Studio 2015, 2017 and 2019. Download it [here](https://support.microsoft.com/help/2977003/the-latest-supported-visual-c-downloads).
+
+#### New features
+
+- **C++/C#/Java/Python**: Moved to the latest version of GStreamer (1.18.3) to add support for transcribing any media format on Windows, Linux and Android. See documentation [here](https://docs.microsoft.com/azure/cognitive-services/speech-service/how-to-use-codec-compressed-audio-input-streams).
+- **C++/C#/Java/Objective-C/Python**: Added support for decoding compressed TTS/synthesized audio to the SDK. If you set output audio format to PCM and GStreamer is available on your system, the SDK will automatically request compressed audio from the service to save bandwidth and decode the audio on the client. You can set `SpeechServiceConnection_SynthEnableCompressedAudioTransmission` to `false` to disable this feature. Details for [C++](https://docs.microsoft.com/cpp/cognitive-services/speech/microsoft-cognitiveservices-speech-namespace#propertyid), [C#](https://docs.microsoft.com/dotnet/api/microsoft.cognitiveservices.speech.propertyid?view=azure-dotnet), [Java](https://docs.microsoft.com/java/api/com.microsoft.cognitiveservices.speech.propertyid?view=azure-java-stable), [Objective-C](https://docs.microsoft.com/objectivec/cognitive-services/speech/spxpropertyid), [Python](https://docs.microsoft.com/python/api/azure-cognitiveservices-speech/azure.cognitiveservices.speech.propertyid?view=azure-python).
+- **JavaScript**: Node.js users can now use the [`AudioConfig.fromWavFileInput` API](https://docs.microsoft.com/javascript/api/microsoft-cognitiveservices-speech-sdk/audioconfig?view=azure-node-latest#fromWavFileInput_File_). This addresses [GitHub issue #252](https://github.com/microsoft/cognitive-services-speech-sdk-JavaScript/issues/252).
+- **C++/C#/Java/Objective-C/Python**: Added `GetVoicesAsync()` method for TTS to return all available synthesis voices. Details for [C++](https://docs.microsoft.com/cpp/cognitive-services/speech/speechsynthesizer#getvoicesasync), [C#](https://docs.microsoft.com/dotnet/api/microsoft.cognitiveservices.speech.speechsynthesizer?view=azure-dotnet#methods), [Java](https://docs.microsoft.com/java/api/com.microsoft.cognitiveservices.speech.speechsynthesizer?view=azure-java-stable#methods), [Objective-C](https://docs.microsoft.com/objectivec/cognitive-services/speech/spxspeechsynthesizer#getvoiceasync), and [Python](https://docs.microsoft.com/python/api/azure-cognitiveservices-speech/azure.cognitiveservices.speech.speechsynthesizer?view=azure-python#methods).
+- **C++/C#/Java/JavaScript/Objective-C/Python**: Added `VisemeReceived` event for TTS/speech synthesis to return synchronous viseme animation. See documentation [here](https://docs.microsoft.com/azure/cognitive-services/speech-service/how-to-speech-synthesis-viseme).
+- **C++/C#/Java/JavaScript/Objective-C/Python**: Added `BookmarkReached` event for TTS. You can set bookmarks in the input SSML and get the audio offsets for each bookmark. See documentation [here](https://docs.microsoft.com/azure/cognitive-services/speech-service/speech-synthesis-markup#bookmark-element).
+- **Java**: Added support for speaker recognition APIs. Details [here](https://docs.microsoft.com/java/api/com.microsoft.cognitiveservices.speech.speakerrecognizer?view=azure-java-stable).
+- **C++/C#/Java/JavaScript/Objective-C/Python**: Added two new output audio formats with WebM container for TTS (Webm16Khz16BitMonoOpus and Webm24Khz16BitMonoOpus). These are better formats for streaming audio with the Opus codec. Details for [C++](https://docs.microsoft.com/cpp/cognitive-services/speech/microsoft-cognitiveservices-speech-namespace#speechsynthesisoutputformat), [C#](https://docs.microsoft.com/dotnet/api/microsoft.cognitiveservices.speech.speechsynthesisoutputformat?view=azure-dotnet), [Java](https://docs.microsoft.com/java/api/com.microsoft.cognitiveservices.speech.speechsynthesisoutputformat?view=azure-java-stable), [JavaScript](https://docs.microsoft.com/javascript/api/microsoft-cognitiveservices-speech-sdk/speechsynthesisoutputformat?view=azure-node-latest), [Objective-C](https://docs.microsoft.com/objectivec/cognitive-services/speech/spxspeechsynthesisoutputformat), [Python](https://docs.microsoft.com/python/api/azure-cognitiveservices-speech/azure.cognitiveservices.speech.speechsynthesisoutputformat?view=azure-python).
+- **C++/C#/Java/Python**: Added support on Linux to allow connections to succeed in environments where network access to Certificate Revocation Lists has been blocked. See documentation [here](https://docs.microsoft.com/azure/cognitive-services/speech-service/how-to-configure-openssl-linux).
+- **C++/C#/Java**: Added support for retrieving voice profile for speaker recognition scenario. Details for [C++](https://docs.microsoft.com/cpp/cognitive-services/speech/speakerrecognizer), [C#](https://docs.microsoft.com/dotnet/api/microsoft.cognitiveservices.speech.speakerrecognizer?view=azure-dotnet), and [Java](https://docs.microsoft.com/java/api/com.microsoft.cognitiveservices.speech.speakerrecognizer?view=azure-java-stable).
+- **C++/C#/Java/Objective-C/Python**: Added support for separate shared library for audio microphone and speaker control. This allows to use the SDK in environments that do not have required audio library dependencies.
+- **Objective-C/Swift**: Added support for module framework with umbrella header. This allows to import Speech SDK as a module in iOS/Mac Objective-C/Swift apps. This addresses [GitHub issue #452](https://github.com/Azure-Samples/cognitive-services-speech-sdk/issues/452).
+- **Python**: Added support for [Python 3.9](https://docs.microsoft.com/azure/cognitive-services/speech-service/quickstarts/setup-platform?pivots=programming-language-python) and dropped support for Python 3.5 per Python's [end-of-life for 3.5](https://devguide.python.org/devcycle/#end-of-life-branches).
+
+#### Improvements
+
+- As part of our multi release effort to reduce the Speech SDK's memory usage and disk footprint, Android binaries are now 3% to 5% smaller.
+- Improved accuracy, readability and see-also sections of our C# reference documentation [here](https://docs.microsoft.com/dotnet/api/microsoft.cognitiveservices.speech?view=azure-dotnet).
+
+#### Bug fixes
+
+- **JavaScript**: Large WAV file headers are now parsed correctly (increases header slice to 512 bytes). This addresses [GitHub issue #962](https://github.com/Azure-Samples/cognitive-services-speech-sdk/issues/962).
+- **JavaScript**: Corrected microphone timing issue if mic stream ends before stop recognition, addressing an issue with Speech Recognition not working in Firefox.
+- **JavaScript**: We now correctly handle initialization promise when the browser forces mic off before turnOn completes.
+- **JavaScript**: We replaced url dependency with url-parse. This addresses [GitHub issue #264](https://github.com/microsoft/cognitive-services-speech-sdk-js/issues/264).
+- **Android**: Fixed callbacks not working when `minifyEnabled` is set to true.
+- **C++/C#/Java/Objective-C/Python**: `TCP_NODELAY` will be correctly set to underlying socket IO for TTS to reduce latency.
+- **C++/C#/Java/Python/Objective-C/Go**: Fixed an occasional crash when the recognizer was destroyed just after starting a recognition.
+- **C++/C#/Java**: Fixed an occasional crash in the destruction of speaker recognizer.
+
+#### Samples
+
+- **JavaScript**: [Browser samples](https://github.com/Azure-Samples/cognitive-services-speech-sdk/tree/master/samples/js/browser) no longer require separate JavaScript library file download.
+
+## Speech CLI (also known as SPX): 2021-March release
+
+**Note**: Get started with the Azure Speech service command line interface (CLI) [here](https://docs.microsoft.com/azure/cognitive-services/speech-service/spx-basics). The CLI enables you to use the Azure Speech service without writing any code.
+
+#### New features
+
+- Added `spx intent` command for intent recognition, replacing `spx recognize intent`.
+- Recognize and intent can now use Azure functions to calculate word error rate using `spx recognize --wer url <URL>`.
+- Recognize can now output results as VTT files using `spx recognize --output vtt file <FILENAME>`.
+- Sensitive key info now obscured in debug/verbose output.
+- Added URL checking and error message for content field in batch transcription create.
+
+**COVID-19 abridged testing**:
+
+As the ongoing pandemic continues to require our engineers to work from home, pre-pandemic manual verification scripts have been significantly reduced. We test on fewer devices with fewer configurations, and the likelihood of environment-specific bugs slipping through may be increased. We still rigorously validate with a large set of automation. In the unlikely event that we missed something, please let us know on [GitHub](https://github.com/Azure-Samples/cognitive-services-speech-sdk/issues?q=is%3Aissue+is%3Aopen).<br>
+Stay healthy!
++ ## Speech SDK 1.15.0: 2021-January release **Note**: The Speech SDK on Windows depends on the shared Microsoft Visual C++ Redistributable for Visual Studio 2015, 2017 and 2019. Download it [here](https://support.microsoft.com/help/2977003/the-latest-supported-visual-c-downloads).
More samples have been added and are constantly being updated. For the latest se
## Cognitive Services Speech SDK 0.2.12733: 2018-May release
-This release is the first public preview release of the Cognitive Services Speech SDK.
+This release is the first public preview release of the Cognitive Services Speech SDK.
cognitive-services Speech Synthesis Markup https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/Speech-Service/speech-synthesis-markup.md
Only one background audio file is allowed per SSML document. However, you can in
</speak> ```
+## Bookmark element
+
+The `bookmark` element allows you insert bookmarks in the SSML and get the audio offset of each bookmark of audio stream for asynchronous notification.
+
+**Syntax**
+
+```xml
+<bookmark mark="string"/>
+```
+
+**Attributes**
+
+| Attribute | Description | Required / Optional |
+|--|--||
+| `mark` | Specifies the bookmark text of the `bookmark` element. | Required. |
+
+**Example**
+
+```xml
+<speak version="1.0" xmlns="http://www.w3.org/2001/10/synthesis" xml:lang="en-US">
+ <voice name="en-US-GuyNeural">
+ <bookmark mark='bookmark_one'/> one.
+ <bookmark mark='bookmark_two'/> two. three. four.
+ </voice>
+</speak>
+```
+
+### Get bookmark using Speech SDK
+
+You can subscribe to the `BookmarkReached` event in Speech SDK to get the bookmark offsets.
+
+> [!NOTE]
+> `BookmarkReached` event is only available since Speech SDK version 1.16.0.
++
+# [C#](#tab/csharp)
+
+For more information, see <a href="https://docs.microsoft.com/dotnet/api/microsoft.cognitiveservices.speech.speechsynthesizer.bookmarkreached" target="_blank"> `BookmarkReached` </a>.
+
+```csharp
+synthesizer.BookmarkReached += (s, e) =>
+{
+ // The unit of e.AudioOffset is tick (1 tick = 100 nanoseconds), divide by 10,000 to convert to milliseconds.
+ Console.WriteLine($"Bookmark reached. Audio offset: " +
+ $"{e.AudioOffset / 10000}ms, bookmark text: {e.Text}.");
+};
+```
+
+# [C++](#tab/cpp)
+
+For more information, see <a href="https://docs.microsoft.com/cpp/cognitive-services/speech/speechsynthesizer#bookmarkreached" target="_blank"> `BookmarkReached` </a>.
+
+```cpp
+synthesizer->BookmarkReached += [](const SpeechSynthesisBookmarkEventArgs& e)
+{
+ cout << "bookmark reached. "
+ // The unit of e.AudioOffset is tick (1 tick = 100 nanoseconds), divide by 10,000 to convert to milliseconds.
+ << "Audio offset: " << e.AudioOffset / 10000 << "ms, "
+ << "Bookmark text: " << e.Text << "." << endl;
+};
+```
+
+# [Java](#tab/java)
+
+For more information, see <a href="https://docs.microsoft.com/java/api/com.microsoft.cognitiveservices.speech.speechsynthesizer.bookmarkReached#com_microsoft_cognitiveservices_speech_SpeechSynthesizer_BookmarkReached" target="_blank"> `BookmarkReached` </a>.
+
+```java
+synthesizer.BookmarkReached.addEventListener((o, e) -> {
+ // The unit of e.AudioOffset is tick (1 tick = 100 nanoseconds), divide by 10,000 to convert to milliseconds.
+ System.out.print("Bookmark reached. Audio offset: " + e.getAudioOffset() / 10000 + "ms, ");
+ System.out.println("bookmark text: " + e.getText() + ".");
+});
+```
+
+# [Python](#tab/python)
+
+For more information, see <a href="https://docs.microsoft.com/python/api/azure-cognitiveservices-speech/azure.cognitiveservices.speech.speechsynthesizer#bookmark-reached" target="_blank"> `bookmark_reached` </a>.
+
+```python
+# The unit of evt.audio_offset is tick (1 tick = 100 nanoseconds), divide it by 10,000 to convert to milliseconds.
+speech_synthesizer.bookmark_reached.connect(lambda evt: print(
+ "Bookmark reached: {}, audio offset: {}ms, bookmark text: {}.".format(evt, evt.audio_offset / 10000, evt.text)))
+```
+
+# [JavaScript](#tab/javascript)
+
+For more information, see <a href="https://docs.microsoft.com/javascript/api/microsoft-cognitiveservices-speech-sdk/speechsynthesizer#bookmarkReached" target="_blank"> `bookmarkReached`</a>.
+
+```javascript
+synthesizer.bookmarkReached = function (s, e) {
+ window.console.log("(Bookmark reached), Audio offset: " + e.audioOffset / 10000 + "ms. Bookmark text: " + e.text);
+}
+```
+
+# [Objective-C](#tab/objectivec)
+
+For more information, see <a href="https://docs.microsoft.com/objectivec/cognitive-services/speech/spxspeechsynthesizer#addbookmarkreachedeventhandler" target="_blank"> `addBookmarkReachedEventHandler` </a>.
+
+```objectivec
+[synthesizer addBookmarkReachedEventHandler: ^ (SPXSpeechSynthesizer *synthesizer, SPXSpeechSynthesisBookmarkEventArgs *eventArgs) {
+ // The unit of AudioOffset is tick (1 tick = 100 nanoseconds), divide by 10,000 to converted to milliseconds.
+ NSLog(@"Bookmark reached. Audio offset: %fms, bookmark text: %@.", eventArgs.audioOffset/10000., eventArgs.text);
+}];
+```
+
+# [Swift](#tab/swift)
+
+For more information, see <a href="https://docs.microsoft.com/swift/cognitive-services/speech/spxspeechsynthesizer#addbookmarkreachedeventhandler" target="_blank"> `addBookmarkReachedEventHandler` </a>.
+++ ## Next steps * [Language support: voices, locales, languages](language-support.md)
cognitive-services Text To Speech https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/Speech-Service/text-to-speech.md
In this overview, you learn about the benefits and capabilities of the text-to-s
* Adjust speaking styles with SSML - Speech Synthesis Markup Language (SSML) is an XML-based markup language used to customize speech-to-text outputs. With SSML, you can adjust pitch, add pauses, improve pronunciation, speed up or slow down speaking rate, increase or decrease volume, and attribute multiple voices to a single document. See the [how-to](speech-synthesis-markup.md) for adjusting speaking styles.
+* Visemes - [Visemes](how-to-speech-synthesis-viseme.md) are used to represent the key poses in observed speech (i.e. the position of the lips, jaw and tongue when producing a particular phoneme). It has a strong correlation with voices and phonemes. Using Viseme in Speech SDK, you can generate facial animation data, which is usually used for animated lip-reading communication, education, entertainment, and customer service.
+ ## Get started See the [quickstart](get-started-text-to-speech.md) to get started with text-to-speech. The text-to-speech service is available via the [Speech SDK](speech-sdk.md), the [REST API](rest-text-to-speech.md), and the [Speech CLI](spx-overview.md)
For detailed information, see [Pricing](https://azure.microsoft.com/pricing/deta
## Next steps - [Get a free Speech service subscription](overview.md#try-the-speech-service-for-free)-- [Get the Speech SDK](speech-sdk.md)
+- [Get the Speech SDK](speech-sdk.md)
cognitive-services Overview https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/immersive-reader/overview.md
keywords: readers, language learners, display pictures, improve reading, read co
[Immersive Reader](https://www.onenote.com/learningtools) is an inclusively designed tool that implements proven techniques to improve reading comprehension for new readers, language learners, and people with learning differences such as dyslexia. With the Immersive Reader client library, you can leverage the same technology used in Microsoft Word and Microsoft One Note to improve your web applications.
+This documentation contains the following types of articles:
+
+* **[Quickstarts](quickstarts/client-libraries.md)** are step-by-step instructions that enable you to make calls to the service and get results.
+* **[How-to guides](how-to-create-immersive-reader.md)** contain instructions for using the service in more specific or customized ways.
+ ## Use Immersive Reader to improve reading accessibility Immersive Reader is designed to make reading easier and more accessible for everyone. Let's take a look at a few of Immersive Reader's core features.
Immersive Reader is a standalone web application. When invoked using the Immersi
The Immersive Reader client library is available in C#, JavaScript, Java (Android), Kotlin (Android), and Swift (iOS). Get started with: * [Quickstart: Use the Immersive Reader client library](quickstarts/client-libraries.md)-
-## Next steps
-
-Get started with Immersive Reader:
-
-* Read the [Immersive Reader client library Reference](./reference.md)
-* Explore the [Immersive Reader client library on GitHub](https://github.com/microsoft/immersive-reader-sdk)
cognitive-services Security Controls Policy https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/security-controls-policy.md
Title: Azure Policy Regulatory Compliance controls for Azure Cognitive Services description: Lists Azure Policy Regulatory Compliance controls available for Azure Cognitive Services. These built-in policy definitions provide common approaches to managing the compliance of your Azure resources. Previously updated : 03/10/2021 Last updated : 03/17/2021
cognitive-services Model Versioning https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/text-analytics/concepts/model-versioning.md
Use the table below to find which model versions are supported by each hosted en
| `/entities/linking` | `2019-10-01`, `2020-02-01` | `2020-02-01` | | `/entities/recognition/general` | `2019-10-01`, `2020-02-01`, `2020-04-01`,`2021-01-15` | `2021-01-15` | | `/entities/recognition/pii` | `2019-10-01`, `2020-02-01`, `2020-04-01`,`2020-07-01`, `2021-01-15` | `2021-01-15` |
-| `/entities/health` | `2020-09-03` | `2020-09-03` |
+| `/entities/health` | `2021-03-01` | `2021-03-01` |
| `/keyphrases` | `2019-10-01`, `2020-07-01` | `2020-07-01` |
The [Text Analytics for Health](../how-tos/text-analytics-for-health.md) contain
| Endpoint | Container Image Tag | Model version | ||--||
-| `/entities/health` | `1.1.013530001-amd64-preview` or latest | `2020-09-03` |
+| `/entities/health` | `3.0.015370001-onprem-amd64` or latest | `2021-03-01` |
+| `/entities/health` | `1.1.013530001-amd64-preview` | `2020-09-03` |
| `/entities/health` | `1.1.013150001-amd64-preview` | `2020-07-24` | | `/domains/health` | `1.1.012640001-amd64-preview` | `2020-05-08` | | `/domains/health` | `1.1.012420001-amd64-preview` | `2020-05-08` |
cognitive-services Text Analytics For Health https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/text-analytics/how-tos/text-analytics-for-health.md
Previously updated : 02/03/2021 Last updated : 03/11/2021
Named Entity Recognition detects words and phrases mentioned in unstructured tex
### [Relation Extraction](#tab/relation-extraction)
-Relation extraction identifies meaningful connections between concepts mentioned in text. For example, a "time of condition" relation is found by associating a condition name with a time.
+Relation extraction identifies meaningful connections between concepts mentioned in text. For example, a "time of condition" relation is found by associating a condition name with a time or between an abbreviation and the full description.
> [!div class="mx-imgBorder"] > ![Health RE](../media/ta-for-health/health-relation-extraction.png)
Relation extraction identifies meaningful connections between concepts mentioned
### [Entity Linking](#tab/entity-linking)
-Entity Linking disambiguates distinct entities by associating named entities mentioned in text to concepts found in a predefined database of concepts. For example, the Unified Medical Language System (UMLS).
+Entity Linking disambiguates distinct entities by associating named entities mentioned in text to concepts found in a predefined database of concepts including the Unified Medical Language System (UMLS). Medical concepts are also assigned preferred naming, as an additional form of normalization.
> [!div class="mx-imgBorder"] > ![Health EL](../media/ta-for-health/health-entity-linking.png) Text Analytics for health supports linking to the health and biomedical vocabularies found in the Unified Medical Language System ([UMLS](https://www.nlm.nih.gov/research/umls/sourcereleasedocs/https://docsupdatetracker.net/index.html)) Metathesaurus Knowledge Source.
-### [Negation Detection](#tab/negation-detection)
+### [Assertion Detection](#tab/assertion-detection)
-The meaning of medical content is highly affected by modifiers such as negation, which can have critical implication if misdiagnosed. Text Analytics for health supports negation detection for the different entities mentioned in the text.
+The meaning of medical content is highly affected by modifiers, such as negative or conditional assertions which can have critical implications if misrepresented. Text Analytics for health supports three categories of assertion detection for entities in the text:
+
+* certainty
+* conditional
+* association
> [!div class="mx-imgBorder"]
-> ![Health NEG](../media/ta-for-health/health-negation.png)
+> ![Health NEG](../media/ta-for-health/assertions.png)
example.json
Since this POST request is used to submit a job for the asynchronous operation, there is no text in the response object. However, you need the value of the operation-location KEY in the response headers to make a GET request to check the status of the job and the output. Below is an example of the value of the operation-location KEY in the response header of the POST request:
-`https://<your-custom-subdomain>.cognitiveservices.azure.com/text/analytics/v3.1-preview.3/entities/health/jobs/<jobID>`
+`https://<your-custom-subdomain>.cognitiveservices.azure.com/text/analytics/v3.1-preview.4/entities/health/jobs/<jobID>`
To check the job status, make a GET request to the URL in the value of the operation-location KEY header of the POST response. The following states are used to reflect the status of a job: `NotStarted`, `running`, `succeeded`, `failed`, `rejected`, `cancelling`, and `cancelled`. You can cancel a job with a `NotStarted` or `running` status with a DELETE HTTP call to the same URL as the GET request. More information on the DELETE call is available in the [Text Analytics for health hosted API reference](https://westus2.dev.cognitive.microsoft.com/docs/services/TextAnalytics-v3-1-preview-3/operations/CancelHealthJob).
-The following is an example of the response of a GET request. Please note that the output is available for retrieval until the `expirationDateTime` (24 hours from the time the job was created) has passed after which the output is purged.
+The following is an example of the response of a GET request. The output is available for retrieval until the `expirationDateTime` (24 hours from the time the job was created) has passed after which the output is purged.
```json {
- "jobId": "b672c6f5-7c0d-4783-ba8c-4d0c47213454",
- "lastUpdateDateTime": "2020-11-18T01:45:00Z",
- "createdDateTime": "2020-11-18T01:44:55Z",
- "expirationDateTime": "2020-11-19T01:44:55Z",
+ "jobId": "be437134-a76b-4e45-829e-9b37dcd209bf",
+ "lastUpdateDateTime": "2021-03-11T05:43:37Z",
+ "createdDateTime": "2021-03-11T05:42:32Z",
+ "expirationDateTime": "2021-03-12T05:42:32Z",
"status": "succeeded", "errors": [], "results": {
The following is an example of the response of a GET request. Please note that
"length": 5, "text": "100mg", "category": "Dosage",
- "confidenceScore": 1.0,
- "isNegated": false
+ "confidenceScore": 1.0
}, { "offset": 31,
The following is an example of the response of a GET request. Please note that
"text": "remdesivir", "category": "MedicationName", "confidenceScore": 1.0,
- "isNegated": false,
+ "name": "remdesivir",
"links": [ { "dataSource": "UMLS", "id": "C4726677" },
+ {
+ "dataSource": "DRUGBANK",
+ "id": "DB14761"
+ },
+ {
+ "dataSource": "GS",
+ "id": "6192"
+ },
+ {
+ "dataSource": "MEDCIN",
+ "id": "398132"
+ },
+ {
+ "dataSource": "MMSL",
+ "id": "d09540"
+ },
{ "dataSource": "MSH", "id": "C000606551" },
+ {
+ "dataSource": "MTHSPL",
+ "id": "3QKI37EEHE"
+ },
{ "dataSource": "NCI", "id": "C152185"
The following is an example of the response of a GET request. Please note that
{ "dataSource": "NCI_FDA", "id": "3QKI37EEHE"
+ },
+ {
+ "dataSource": "NDDF",
+ "id": "018308"
+ },
+ {
+ "dataSource": "RXNORM",
+ "id": "2284718"
+ },
+ {
+ "dataSource": "SNOMEDCT_US",
+ "id": "870592005"
+ },
+ {
+ "dataSource": "VANDF",
+ "id": "4039395"
} ] },
The following is an example of the response of a GET request. Please note that
"length": 13, "text": "intravenously", "category": "MedicationRoute",
- "confidenceScore": 1.0,
- "isNegated": false
- },
- {
- "offset": 56,
- "length": 4,
- "text": "over",
- "category": "Time",
- "confidenceScore": 0.87,
- "isNegated": false
+ "confidenceScore": 1.0
}, { "offset": 73, "length": 7, "text": "120 min", "category": "Time",
- "confidenceScore": 0.99,
- "isNegated": false
+ "confidenceScore": 0.94
} ], "relations": [ { "relationType": "DosageOfMedication",
- "bidirectional": false,
- "source": "#/results/documents/0/entities/0",
- "target": "#/results/documents/0/entities/1"
+ "entities": [
+ {
+ "ref": "#/results/documents/0/entities/0",
+ "role": "Dosage"
+ },
+ {
+ "ref": "#/results/documents/0/entities/1",
+ "role": "Medication"
+ }
+ ]
}, { "relationType": "RouteOfMedication",
- "bidirectional": false,
- "source": "#/results/documents/0/entities/2",
- "target": "#/results/documents/0/entities/1"
- },
- {
- "relationType": "TimeOfMedication",
- "bidirectional": false,
- "source": "#/results/documents/0/entities/3",
- "target": "#/results/documents/0/entities/1"
+ "entities": [
+ {
+ "ref": "#/results/documents/0/entities/1",
+ "role": "Medication"
+ },
+ {
+ "ref": "#/results/documents/0/entities/2",
+ "role": "Route"
+ }
+ ]
}, { "relationType": "TimeOfMedication",
- "bidirectional": false,
- "source": "#/results/documents/0/entities/4",
- "target": "#/results/documents/0/entities/1"
+ "entities": [
+ {
+ "ref": "#/results/documents/0/entities/1",
+ "role": "Medication"
+ },
+ {
+ "ref": "#/results/documents/0/entities/3",
+ "role": "Time"
+ }
+ ]
} ], "warnings": [] } ], "errors": [],
- "modelVersion": "2020-09-03"
+ "modelVersion": "2021-03-01"
} } ```
The following JSON is an example of the Text Analytics for health API response b
"id": "1", "entities": [ {
- "id": "0",
"offset": 25, "length": 5, "text": "100mg", "category": "Dosage",
- "confidenceScore": 1.0,
- "isNegated": false
+ "confidenceScore": 1.0
}, {
- "id": "1",
"offset": 31, "length": 10, "text": "remdesivir", "category": "MedicationName", "confidenceScore": 1.0,
- "isNegated": false,
+ "name": "remdesivir",
"links": [ { "dataSource": "UMLS", "id": "C4726677" },
+ {
+ "dataSource": "DRUGBANK",
+ "id": "DB14761"
+ },
+ {
+ "dataSource": "GS",
+ "id": "6192"
+ },
+ {
+ "dataSource": "MEDCIN",
+ "id": "398132"
+ },
+ {
+ "dataSource": "MMSL",
+ "id": "d09540"
+ },
{ "dataSource": "MSH", "id": "C000606551" },
+ {
+ "dataSource": "MTHSPL",
+ "id": "3QKI37EEHE"
+ },
{ "dataSource": "NCI", "id": "C152185"
The following JSON is an example of the Text Analytics for health API response b
{ "dataSource": "NCI_FDA", "id": "3QKI37EEHE"
+ },
+ {
+ "dataSource": "NDDF",
+ "id": "018308"
+ },
+ {
+ "dataSource": "RXNORM",
+ "id": "2284718"
+ },
+ {
+ "dataSource": "SNOMEDCT_US",
+ "id": "870592005"
+ },
+ {
+ "dataSource": "VANDF",
+ "id": "4039395"
} ] }, {
- "id": "2",
"offset": 42, "length": 13, "text": "intravenously", "category": "MedicationRoute",
- "confidenceScore": 1.0,
- "isNegated": false
- },
- {
- "id": "3",
- "offset": 56,
- "length": 4,
- "text": "over",
- "category": "Time",
- "confidenceScore": 0.87,
- "isNegated": false
+ "confidenceScore": 1.0
}, {
- "id": "4",
"offset": 73, "length": 7, "text": "120 min", "category": "Time",
- "confidenceScore": 0.99,
- "isNegated": false
+ "confidenceScore": 0.94
} ], "relations": [ { "relationType": "DosageOfMedication",
- "bidirectional": false,
- "source": "#/documents/0/entities/0",
- "target": "#/documents/0/entities/1"
+ "entities": [
+ {
+ "ref": "#/documents/0/entities/0",
+ "role": "Dosage"
+ },
+ {
+ "ref": "#/documents/0/entities/1",
+ "role": "Medication"
+ }
+ ]
}, { "relationType": "RouteOfMedication",
- "bidirectional": false,
- "source": "#/documents/0/entities/2",
- "target": "#/documents/0/entities/1"
- },
- {
- "relationType": "TimeOfMedication",
- "bidirectional": false,
- "source": "#/documents/0/entities/3",
- "target": "#/documents/0/entities/1"
+ "entities": [
+ {
+ "ref": "#/documents/0/entities/1",
+ "role": "Medication"
+ },
+ {
+ "ref": "#/documents/0/entities/2",
+ "role": "Route"
+ }
+ ]
}, { "relationType": "TimeOfMedication",
- "bidirectional": false,
- "source": "#/documents/0/entities/4",
- "target": "#/documents/0/entities/1"
+ "entities": [
+ {
+ "ref": "#/documents/0/entities/1",
+ "role": "Medication"
+ },
+ {
+ "ref": "#/documents/0/entities/3",
+ "role": "Time"
+ }
+ ]
}
- ]
+ ],
+ "warnings": []
} ], "errors": [],
- "modelVersion": "2020-09-03"
+ "modelVersion": "2021-03-01"
} ```
-### Negation detection output
+### Assertion output
+
+Text Analytics for health returns assertion modifiers, which are informative attributes assigned to medical concepts that provide deeper understanding of the conceptsΓÇÖ context within the text. These modifiers are divided into three categories, each focusing on a different aspect, and containing a set of mutually exclusive values. Only one value per category is assigned to each entity. The most common value for each category is the Default value. The serviceΓÇÖs output response contains only assertion modifiers that are different from the default value.
+
+**CERTAINTY** ΓÇô provides information regarding the presence (present vs. absent) of the concept and how certain the text is regarding its presence (definite vs. possible).
+* **Positive** [Default]: the concept exists or happened.
+* **Negative**: the concept does not exist now or never happened.
+* **Positive_Possible**: the concept likely exists but there is some uncertainty.
+* **Negative_Possible**: the conceptΓÇÖs existence is unlikely but there is some uncertainty.
+* **Neutral_Possible**: the concept may or may not exist without a tendency to either side.
+
+**CONDITIONALITY** ΓÇô provides information regarding whether the existence of a concept depends on certain conditions.
+* **None** [Default]: the concept is a fact and not hypothetical and does not depend on certain conditions.
+* **Hypothetical**: the concept may develop or occur in the future.
+* **Conditional**: the concept exists or occurs only under certain conditions.
-When using negation detection, in some cases a single negation term may address several terms at once. The negation of a recognized entity is represented in the JSON output by the boolean value of the `isNegated` flag, for example:
+**ASSOCIATION** ΓÇô describes whether the concept is associated with the subject of the text or someone else.
+* **Subject** [Default]: the concept is associated with the subject of the text, usually the patient.
+* **Someone_Else**: the concept is associated with someone who is not the subject of the text.
++
+Assertion detection represents negated entities as a negative value for the certainty category, for example:
```json {
- "id": "2",
- "offset": 90,
- "length": 10,
- "text": "chest pain",
- "category": "SymptomOrSign",
- "score": 0.9972,
- "isNegated": true,
- "links": [
- {
- "dataSource": "UMLS",
- "id": "C0008031"
- },
- {
- "dataSource": "CHV",
- "id": "0000023593"
- },
+ "offset": 381,
+ "length": 3,
+ "text": "SOB",
+ "category": "SymptomOrSign",
+ "confidenceScore": 0.98,
+ "assertion": {
+ "certainty": "negative"
+ },
+ "name": "Dyspnea",
+ "links": [
+ {
+ "dataSource": "UMLS",
+ "id": "C0013404"
+ },
+ {
+ "dataSource": "AOD",
+ "id": "0000005442"
+ },
... ``` ### Relation extraction output
-Relation extraction output contains URI references to the *source* of the relation, and its *target*. Entities with relation role of `ENTITY` are assigned to the `target` field. Entities with relation role of `ATTRIBUTE` are assigned to the `source` field. Abbreviation relations contain bidirectional `source` and `target` fields, and `bidirectional` will be set to `true`.
+Text Analytics for Health recognizes relations between different concepts, including relations between attribute and entity (for example, direction of body structure, dosage of medication) and between entities (for example, abbreviation detection).
+
+**ABBREVIATION**
+
+**DIRECTION_OF_BODY_STRUCTURE**
+
+**DIRECTION_OF_CONDITION**
+
+**DIRECTION_OF_EXAMINATION**
+
+**DIRECTION_OF_TREATMENT**
+
+**DOSAGE_OF_MEDICATION**
+
+**FORM_OF_MEDICATION**
+
+**FREQUENCY_OF_MEDICATION**
+
+**FREQUENCY_OF_TREATMENT**
+
+**QUALIFIER_OF_CONDITION**
+
+**RELATION_OF_EXAMINATION**
+
+**ROUTE_OF_MEDICATION**
+
+**TIME_OF_CONDITION**
+
+**TIME_OF_EVENT**
+
+**TIME_OF_EXAMINATION**
+
+**TIME_OF_MEDICATION**
+
+**TIME_OF_TREATMENT**
+
+**UNIT_OF_CONDITION**
+
+**UNIT_OF_EXAMINATION**
+
+**VALUE_OF_CONDITION**
+
+**VALUE_OF_EXAMINATION**
+
+> [!NOTE]
+> * Relations referring to CONDITION may refer to either the DIAGNOSIS entity type or the SYMPTOM_OR_SIGN entity type.
+> * Relations referring to MEDICATION may refer to either the MEDICATION_NAME entity type or the MEDICATION_CLASS entity type.
+> * Relations referring to TIME may refer to either the TIME entity type or the DATE entity type.
+
+Relation extraction output contains URI references and assigned roles of the entities of the relation type. For example:
```json
-"relations": [
- {
- "relationType": "DosageOfMedication",
- "bidirectional": false,
- "source": "#/documents/1/entities/0",
- "target": "#/documents/1/entities/1"
- },
- {
- "relationType": "FrequencyOfMedication",
- "bidirectional": false,
- "source": "#/documents/1/entities/2",
- "target": "#/documents/1/entities/1"
- }
- ]
- },
+ "relations": [
+ {
+ "relationType": "DosageOfMedication",
+ "entities": [
+ {
+ "ref": "#/results/documents/0/entities/0",
+ "role": "Dosage"
+ },
+ {
+ "ref": "#/results/documents/0/entities/1",
+ "role": "Medication"
+ }
+ ]
+ },
+ {
+ "relationType": "RouteOfMedication",
+ "entities": [
+ {
+ "ref": "#/results/documents/0/entities/1",
+ "role": "Medication"
+ },
+ {
+ "ref": "#/results/documents/0/entities/2",
+ "role": "Route"
+ }
+ ]
... ] ```
cognitive-services Text Analytics How To Call Api https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/text-analytics/how-tos/text-analytics-how-to-call-api.md
Previously updated : 12/17/2020 Last updated : 03/01/2021
See the table below to see which features can be used asynchronously. Note that
| Opinion mining | Γ£ö | | | Key phrase extraction | Γ£ö | Γ£ö* | | Named Entity Recognition (including PII and PHI) | Γ£ö | Γ£ö* |
+| Entity linking | Γ£ö | Γ£ö* |
| Text Analytics for health (container) | Γ£ö | | | Text Analytics for health (API) | | Γ£ö |
The following is an example of an API request for the synchronous Text Analytics
The `/analyze` endpoint lets you choose which of the supported Text Analytics features you want to use in a single API call. This endpoint currently supports:
-* key phrase extraction
+* Key Phrase Extraction
* Named Entity Recognition (including PII and PHI)
+* Entity Linking
| Element | Valid values | Required? | Usage | ||--|--|-|
The `/analyze` endpoint lets you choose which of the supported Text Analytics fe
|`documents` | Includes the `id` and `text` fields below | Required | Contains information for each document being sent, and the raw text of the document. | |`id` | String | Required | The IDs you provide are used to structure the output. | |`text` | Unstructured raw text, up to 125,000 characters. | Required | Must be in the English language, which is the only language currently supported. |
-|`tasks` | Includes the following Text Analytics features: `entityRecognitionTasks`, `keyPhraseExtractionTasks` or `entityRecognitionPiiTasks`. | Required | One or more of the Text Analytics features you want to use. Note that `entityRecognitionPiiTasks` has an optional `domain` parameter that can be set to `pii` or `phi`. If unspecified, the system defaults to `pii`. |
+|`tasks` | Includes the following Text Analytics features: `entityRecognitionTasks`,`entityLinkingTasks`,`keyPhraseExtractionTasks` or `entityRecognitionPiiTasks`. | Required | One or more of the Text Analytics features you want to use. Note that `entityRecognitionPiiTasks` has an optional `domain` parameter that can be set to `pii` or `phi` and the `pii-categories` for detection of selected entity types. If the `domain` parameter is unspecified, the system defaults to `pii`. |
|`parameters` | Includes the `model-version` and `stringIndexType` fields below | Required | This field is included within the above feature tasks that you choose. They contain information about the model version that you want to use and the index type. | |`model-version` | String | Required | Specify which version of the model being called that you want to use. | |`stringIndexType` | String | Required | Specify the text decoder that matches your programming environment. Types supported are `textElement_v8` (default), `unicodeCodePoint`, `utf16CodeUnit`. Please see the [Text offsets article](../concepts/text-offsets.md#offsets-in-api-version-31-preview) for more information. |
The `/analyze` endpoint lets you choose which of the supported Text Analytics fe
} } ],
+ "entityLinkingTasks": [
+ {
+ "parameters": {
+ "model-version": "latest",
+ "stringIndexType": "TextElements_v8"
+ }
+ }
+ ],
"keyPhraseExtractionTasks": [{ "parameters": { "model-version": "latest"
The `/analyze` endpoint lets you choose which of the supported Text Analytics fe
}], "entityRecognitionPiiTasks": [{ "parameters": {
- "model-version": "latest"
+ "model-version": "latest",
+ "stringIndexType": "TextElements_v8",
+ "domain": "phi",
+ "pii-categories":"default"
} }] }
In Postman (or another web API test tool), add the endpoint for the feature you
| Feature | Request type | Resource endpoints | |--|--|--|
-| Submit analysis job | POST | `https://<your-text-analytics-resource>/text/analytics/v3.1-preview.3/analyze` |
-| Get analysis status and results | GET | `https://<your-text-analytics-resource>/text/analytics/v3.1-preview.3/analyze/jobs/<Operation-Location>` |
+| Submit analysis job | POST | `https://<your-text-analytics-resource>/text/analytics/v3.1-preview.4/analyze` |
+| Get analysis status and results | GET | `https://<your-text-analytics-resource>/text/analytics/v3.1-preview.4/analyze/jobs/<Operation-Location>` |
### Endpoints for sending asynchronous requests to the `/health` endpoint | Feature | Request type | Resource endpoints | |--|--|--|
-| Submit Text Analytics for health job | POST | `https://<your-text-analytics-resource>/text/analytics/v3.1-preview.3/entities/health/jobs` |
-| Get job status and results | GET | `https://<your-text-analytics-resource>/text/analytics/v3.1-preview.3/entities/health/jobs/<Operation-Location>` |
-| Cancel job | DELETE | `https://<your-text-analytics-resource>/text/analytics/v3.1-preview.3/entities/health/jobs/<Operation-Location>` |
+| Submit Text Analytics for health job | POST | `https://<your-text-analytics-resource>/text/analytics/v3.1-preview.4/entities/health/jobs` |
+| Get job status and results | GET | `https://<your-text-analytics-resource>/text/analytics/v3.1-preview.4/entities/health/jobs/<Operation-Location>` |
+| Cancel job | DELETE | `https://<your-text-analytics-resource>/text/analytics/v3.1-preview.4/entities/health/jobs/<Operation-Location>` |
If you made the call to the asynchronous `/analyze` or `/health` endpoints, chec
1. In the API response, find the `Operation-Location` from the header, which identifies the job you sent to the API. 2. Create a GET request for the endpoint you used. refer to the [table above](#set-up-a-request) for the endpoint format, and review the [API reference documentation](https://westus2.dev.cognitive.microsoft.com/docs/services/TextAnalytics-v3-1-preview-3/operations/AnalyzeStatus). For example:
- `https://my-resource.cognitiveservices.azure.com/text/analytics/v3.1-preview.3/analyze/jobs/<Operation-Location>`
+ `https://my-resource.cognitiveservices.azure.com/text/analytics/v3.1-preview.4/analyze/jobs/<Operation-Location>`
3. Add the `Operation-Location` to the request.
cognitive-services Text Analytics How To Entity Linking https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/text-analytics/how-tos/text-analytics-how-to-entity-linking.md
Previously updated : 02/17/2021 Last updated : 03/15/2021
The PII feature is part of NER and it can identify and redact sensitive entities
## Named Entity Recognition features and versions
-| Feature | NER v3.0 | NER v3.1-preview.3 |
+| Feature | NER v3.0 | NER v3.1-preview.4 |
|--|--|-| | Methods for single, and batch requests | X | X | | Expanded entity recognition across several categories | X | X |
See [language support](../language-support.md) for information.
Named Entity Recognition v3 provides expanded detection across multiple types. Currently, NER v3.0 can recognize entities in the [general entity category](../named-entity-types.md).
-Named Entity Recognition v3.1-preview.3 includes the detection capabilities of v3.0, and:
-* The ability to detect personal information (`PII`) using the `v3.1-preview.3/entities/recognition/pii` endpoint.
+Named Entity Recognition v3.1-preview.4 includes the detection capabilities of v3.0, and:
+* The ability to detect personal information (`PII`) using the `v3.1-preview.4/entities/recognition/pii` endpoint.
* An optional `domain=phi` parameter to detect confidential health information (`PHI`). * [Asynchronous operation](text-analytics-how-to-call-api.md) using the `/analyze` endpoint.
Create a POST request. You can [use Postman](text-analytics-how-to-call-api.md)
### Request endpoints
-#### [Version 3.1-preview.3](#tab/version-3-preview)
+#### [Version 3.1-preview](#tab/version-3-preview)
-Named Entity Recognition `v3.1-preview.3` uses separate endpoints for NER, PII, and entity linking requests. Use a URL format below based on your request.
+Named Entity Recognition `v3.1-preview.4` uses separate endpoints for NER, PII, and entity linking requests. Use a URL format below based on your request.
**Entity linking**
-* `https://<your-custom-subdomain>.cognitiveservices.azure.com/text/analytics/v3.1-preview.3/entities/linking`
+* `https://<your-custom-subdomain>.cognitiveservices.azure.com/text/analytics/v3.1-preview.4/entities/linking`
-[Named Entity Recognition version 3.1-preview reference for `Linking`](https://westus2.dev.cognitive.microsoft.com/docs/services/TextAnalytics-v3-1-Preview-3/operations/EntitiesLinking)
+[Named Entity Recognition version 3.1-preview reference for `Linking`](https://westus2.dev.cognitive.microsoft.com/docs/services/TextAnalytics-v3-1-Preview-4/operations/EntitiesLinking)
**Named Entity Recognition**
-* General entities - `https://<your-custom-subdomain>.cognitiveservices.azure.com/text/analytics/v3.1-preview.3/entities/recognition/general`
+* General entities - `https://<your-custom-subdomain>.cognitiveservices.azure.com/text/analytics/v3.1-preview.4/entities/recognition/general`
-[Named Entity Recognition version 3.1-preview reference for `General`](https://westus2.dev.cognitive.microsoft.com/docs/services/TextAnalytics-v3-1-Preview-3/operations/EntitiesRecognitionGeneral)
+[Named Entity Recognition version 3.1-preview reference for `General`](https://westus2.dev.cognitive.microsoft.com/docs/services/TextAnalytics-v3-1-Preview-4/operations/EntitiesRecognitionGeneral)
**Personally Identifiable Information (PII)**
-* Personal (`PII`) information - `https://<your-custom-subdomain>.cognitiveservices.azure.com/text/analytics/v3.1-preview.3/entities/recognition/pii`
+* Personal (`PII`) information - `https://<your-custom-subdomain>.cognitiveservices.azure.com/text/analytics/v3.1-preview.4/entities/recognition/pii`
You can also use the optional `domain=phi` parameter to detect health (`PHI`) information in text.
-`https://<your-custom-subdomain>.cognitiveservices.azure.com/text/analytics/v3.1-preview.3/entities/recognition/pii?domain=phi`
+`https://<your-custom-subdomain>.cognitiveservices.azure.com/text/analytics/v3.1-preview.4/entities/recognition/pii?domain=phi`
+
+Starting in `v3.1-preview.4`, The JSON response includes a `redactedText` property, which contains the modified input text where the detected PII entities are replaced by an `*` for each character in the entities.
+
+[Named Entity Recognition version 3.1-preview reference for `PII`](https://westus2.dev.cognitive.microsoft.com/docs/services/TextAnalytics-v3-1-Preview-4/operations/EntitiesRecognitionPii)
-Starting in `v3.1-preview.3`, The JSON response includes a `redactedText` property, which contains the modified input text where the detected PII entities are replaced by an `*` for each character in the entities.
+The API will attempt to detect the [listed entity categories](../named-entity-types.md?tabs=personal) for a given document language. If you want to specify which entities will be detected and returned, use the optional pii-categories parameter with the appropriate entity categories. This parameter can also let you detect entities that aren't enabled by default for your document language. For example, a French driver's license number that might occur in English text.
-[Named Entity Recognition version 3.1-preview reference for `PII`](https://westus2.dev.cognitive.microsoft.com/docs/services/TextAnalytics-v3-1-Preview-3/operations/EntitiesRecognitionPii)
+`https://<your-custom-subdomain>.cognitiveservices.azure.com/text/analytics/v3.1-preview.4/entities/recognition/pii?piiCategories=[FRDriversLicenseNumber]`
**Asynchronous operation**
-Starting in `v3.1-preview.3`, You can send NER requests asynchronously using the `/analyze` endpoint.
+Starting in `v3.1-preview.4`, You can send NER and entity linking requests asynchronously using the `/analyze` endpoint.
-* Asynchronous operation - `https://<your-custom-subdomain>.cognitiveservices.azure.com/text/analytics/v3.1-preview.3/analyze`
+* Asynchronous operation - `https://<your-custom-subdomain>.cognitiveservices.azure.com/text/analytics/v3.1-preview.4/analyze`
See [How to call the Text Analytics API](text-analytics-how-to-call-api.md) for information on sending asynchronous requests.
cognitive-services Text Analytics How To Sentiment Analysis https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/text-analytics/how-tos/text-analytics-how-to-sentiment-analysis.md
Previously updated : 12/04/2020 Last updated : 03/09/2021 # How to: Sentiment analysis and Opinion Mining
-The Text Analytics API's Sentiment Analysis feature provides two ways for detecting positive and negative sentiment. If you send a Sentiment Analysis request, the API will return sentiment labels (such as "negative", "neutral" and "positive") and confidence scores at the sentence and document-level. You can also send Opinion Mining requests using the Sentiment Analysis endpoint, which provides granular information about the opinions related to aspects (such as the attributes of products or services) in text.
+The Text Analytics API's Sentiment Analysis feature provides two ways for detecting positive and negative sentiment. If you send a Sentiment Analysis request, the API will return sentiment labels (such as "negative", "neutral" and "positive") and confidence scores at the sentence and document-level. You can also send Opinion Mining requests using the Sentiment Analysis endpoint, which provides granular information about the opinions related to words (such as the attributes of products or services) in the text.
The AI models used by the API are provided by the service, you just have to send content for analysis.
Confidence scores range from 1 to 0. Scores closer to 1 indicate a higher confid
## Opinion Mining
-Opinion Mining is a feature of Sentiment Analysis, starting in the preview of version 3.1. Also known as Aspect-based Sentiment Analysis in Natural Language Processing (NLP), this feature provides more granular information about the opinions related to aspects (such as the attributes of products or services) in text.
+Opinion Mining is a feature of Sentiment Analysis, starting in the preview of version 3.1. Also known as Aspect-based Sentiment Analysis in Natural Language Processing (NLP), this feature provides more granular information about the opinions related to attributes of products or services in text. The API surfaces opinions as a target (noun or verb) and an assessment (adjective).
-For example, if a customer leaves feedback about a hotel such as "The room was great, but the staff was unfriendly.", Opinion Mining will locate aspects in the text, and their associated opinions and sentiments. Sentiment Analysis might only report a negative sentiment.
+For example, if a customer leaves feedback about a hotel such as "The room was great, but the staff was unfriendly.", Opinion Mining will locate targets (aspects) in the text, and their associated assessments (opinions) and sentiments. Sentiment Analysis might only report a negative sentiment.
:::image type="content" source="../media/how-tos/opinion-mining.png" alt-text="A diagram of the Opinion Mining example" lightbox="../media/how-tos/opinion-mining.png":::
Document size must be under 5,120 characters per document. For the maximum numbe
Create a POST request. You can [use Postman](text-analytics-how-to-call-api.md) or the **API testing console** in the following reference links to quickly structure and send one.
-#### [Version 3.1-preview.3](#tab/version-3-1)
+#### [Version 3.1-preview](#tab/version-3-1)
[Sentiment Analysis v3.1 reference](https://westcentralus.dev.cognitive.microsoft.com/docs/services/TextAnalytics-v3-1-preview-3/operations/Sentiment)
Set the HTTPS endpoint for sentiment analysis by using either a Text Analytics r
> [!NOTE] > You can find your key and endpoint for your Text Analytics resource on the Azure portal. They will be located on the resource's **Quick start** page, under **resource management**.
-#### [Version 3.1-preview.3](#tab/version-3-1)
+#### [Version 3.1-preview](#tab/version-3-1)
**Sentiment Analysis**
-`https://<your-custom-subdomain>.cognitiveservices.azure.com/text/analytics/v3.1-preview.3/sentiment`
+`https://<your-custom-subdomain>.cognitiveservices.azure.com/text/analytics/v3.1-preview.4/sentiment`
**Opinion Mining** To get Opinion Mining results, you must include the `opinionMining=true` parameter. For example:
-`https://<your-custom-subdomain>.cognitiveservices.azure.com/text/analytics/v3.1-preview.3/sentiment?opinionMining=true`
+`https://<your-custom-subdomain>.cognitiveservices.azure.com/text/analytics/v3.1-preview.4/sentiment?opinionMining=true`
This parameter is set to `false` by default.
The Text Analytics API is stateless. No data is stored in your account, and resu
Output is returned immediately. You can stream the results to an application that accepts JSON or save the output to a file on the local system. Then, import the output into an application that you can use to sort, search, and manipulate the data. Due to multilingual and emoji support, the response may contain text offsets. See [how to process offsets](../concepts/text-offsets.md) for more information.
-#### [Version 3.1-preview.3](#tab/version-3-1)
+#### [Version 3.1-preview](#tab/version-3-1)
### Sentiment Analysis and Opinion Mining example response
Output is returned immediately. You can stream the results to an application tha
Sentiment Analysis v3.1 can return response objects for both Sentiment Analysis and Opinion Mining.
-Sentiment analysis returns a sentiment label and confidence score for the entire document, and each sentence within it. Scores closer to 1 indicate a higher confidence in the label's classification, while lower scores indicate lower confidence. A document can have multiple sentences, and the confidence scores within each document or sentence add up to 1.
+Sentiment analysis returns a sentiment label and confidence score for the entire document, and each sentence within it. Scores closer to 1 indicate a higher confidence in the label's classification, while lower scores indicate lower confidence. A document can have multiple sentences, and the confidence scores within each document or sentence add up to 1. assessments
+
+Opinion Mining will locate targets (nouns or verbs) in the text, and their associated assessment (adjective). In the below response, the sentence *The restaurant had great food and our waiter was friendly* has two targets: *food* and *waiter*. Each target's `relations` property contains a `ref` value with the URI-reference to the associated `documents`, `sentences`, and `assessments` objects.
-Opinion Mining will locate aspects in the text, and their associated opinions and sentiments. In the below response, the sentence *The restaurant had great food and our waiter was friendly* has two aspects: *food* and *waiter*. Each aspect's `relations` property contains a `ref` value with the URI-reference to the associated `documents`, `sentences`, and `opinions` objects.
+The API returns opinions as a target (noun or verb) and an assessment (adjective).
```json {
- "documents": [
+ "documents": [
+ {
+ "id": "1",
+ "sentiment": "positive",
+ "confidenceScores": {
+ "positive": 1,
+ "neutral": 0,
+ "negative": 0
+ },
+ "sentences": [
{
- "id": "1",
- "sentiment": "positive",
- "confidenceScores": {
- "positive": 1.0,
- "neutral": 0.0,
- "negative": 0.0
+ "sentiment": "positive",
+ "confidenceScores": {
+ "positive": 1,
+ "neutral": 0,
+ "negative": 0
+ },
+ "offset": 0,
+ "length": 58,
+ "text": "The restaurant had great food and our waiter was friendly.",
+ "targets": [
+ {
+ "sentiment": "positive",
+ "confidenceScores": {
+ "positive": 1,
+ "negative": 0
+ },
+ "offset": 25,
+ "length": 4,
+ "text": "food",
+ "relations": [
+ {
+ "relationType": "assessment",
+ "ref": "#/documents/0/sentences/0/assessments/0"
+ }
+ ]
},
- "sentences": [
+ {
+ "sentiment": "positive",
+ "confidenceScores": {
+ "positive": 1,
+ "negative": 0
+ },
+ "offset": 38,
+ "length": 6,
+ "text": "waiter",
+ "relations": [
{
- "sentiment": "positive",
- "confidenceScores": {
- "positive": 1.0,
- "neutral": 0.0,
- "negative": 0.0
- },
- "offset": 0,
- "length": 58,
- "text": "The restaurant had great food and our waiter was friendly.",
- "aspects": [
- {
- "sentiment": "positive",
- "confidenceScores": {
- "positive": 1.0,
- "negative": 0.0
- },
- "offset": 25,
- "length": 4,
- "text": "food",
- "relations": [
- {
- "relationType": "opinion",
- "ref": "#/documents/0/sentences/0/opinions/0"
- }
- ]
- },
- {
- "sentiment": "positive",
- "confidenceScores": {
- "positive": 1.0,
- "negative": 0.0
- },
- "offset": 38,
- "length": 6,
- "text": "waiter",
- "relations": [
- {
- "relationType": "opinion",
- "ref": "#/documents/0/sentences/0/opinions/1"
- }
- ]
- }
- ],
- "opinions": [
- {
- "sentiment": "positive",
- "confidenceScores": {
- "positive": 1.0,
- "negative": 0.0
- },
- "offset": 19,
- "length": 5,
- "text": "great",
- "isNegated": false
- },
- {
- "sentiment": "positive",
- "confidenceScores": {
- "positive": 1.0,
- "negative": 0.0
- },
- "offset": 49,
- "length": 8,
- "text": "friendly",
- "isNegated": false
- }
- ]
+ "relationType": "assessment",
+ "ref": "#/documents/0/sentences/0/assessments/1"
}
- ],
- "warnings": []
+ ]
+ }
+ ],
+ "assessments": [
+ {
+ "sentiment": "positive",
+ "confidenceScores": {
+ "positive": 1,
+ "negative": 0
+ },
+ "offset": 19,
+ "length": 5,
+ "text": "great",
+ "isNegated": false
+ },
+ {
+ "sentiment": "positive",
+ "confidenceScores": {
+ "positive": 1,
+ "negative": 0
+ },
+ "offset": 49,
+ "length": 8,
+ "text": "friendly",
+ "isNegated": false
+ }
+ ]
}
- ],
- "errors": [],
- "modelVersion": "2020-04-01"
+ ],
+ "warnings": []
+ }
+ ],
+ "errors": [],
+ "modelVersion": "2020-04-01"
} ```
cognitive-services Named Entity Types https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/text-analytics/named-entity-types.md
Previously updated : 01/22/2021 Last updated : 03/11/2021
cognitive-services Overview https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/text-analytics/overview.md
Previously updated : 02/09/2021 Last updated : 03/09/2021 keywords: text mining, sentiment analysis, text analytics
Use [sentiment analysis](how-tos/text-analytics-how-to-sentiment-analysis.md) an
The feature provides sentiment labels (such as "negative", "neutral" and "positive") based on the highest confidence score found by the service at a sentence and document-level. This feature also returns confidence scores between 0 and 1 for each document & sentences within it for positive, neutral and negative sentiment. You can also be run the service on premises [using a container](how-tos/text-analytics-how-to-install-containers.md).
-Starting in the v3.1 preview, opinion mining is a feature of Sentiment Analysis. Also known as Aspect-based Sentiment Analysis in Natural Language Processing (NLP), this feature provides more granular information about the opinions related to aspects (such as the attributes of products or services) in text.
+Starting in the v3.1 preview, opinion mining is a feature of Sentiment Analysis. Also known as Aspect-based Sentiment Analysis in Natural Language Processing (NLP), this feature provides more granular information about the opinions related to words (such as the attributes of products or services) in text.
## Key phrase extraction
cognitive-services Client Libraries Rest Api https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/text-analytics/quickstarts/client-libraries-rest-api.md
Previously updated : 01/20/2021 Last updated : 03/11/2021 keywords: text mining, sentiment analysis, text analytics
cognitive-services Whats New https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/text-analytics/whats-new.md
Previously updated : 02/23/2021 Last updated : 03/18/2021
The Text Analytics API is updated on an ongoing basis. To stay up-to-date with recent developments, this article provides you with information about new releases and features.
+## March 2021
+
+### General API updates
+* Release of the new API v3.1-preview.4 which includes
+ * Changes in the Opinion Mining JSON response body:
+ * `aspects` is now `targets` and `opinions` is now `assessments`.
+ * Changes in the JSON response body of the hosted web API of Text Analytics for health:
+ * The `isNegated` boolean name of a detected entity object for Negation is deprecated and replaced by Assertion Detection.
+ * A new property called `role` is now part of the extracted relation between an attribute and an entity as well as the relation between entities. This adds specificity to the detected relation type.
+ * Entity linking is now available as an asynchronous task in the `/analyze` endpoint.
+ * A new `pii-categories` parameter is now available in the `/pii` endpoint.
+ * This parameter lets you specify select PII entities as well as those not supported by default for the input language.
+* Updated client libraries, which include asynchronous Analyze, and Text Analytics for health operations. You can find examples on GitHub:
+
+ * [C#](https://github.com/Azure/azure-sdk-for-net/tree/master/sdk/textanalytics/Azure.AI.TextAnalytics)
+ * [Python](https://github.com/Azure/azure-sdk-for-python/tree/master/sdk/textanalytics/azure-ai-textanalytics/)
+ * [Java](https://github.com/Azure/azure-sdk-for-java/tree/master/sdk/textanalytics/azure-ai-textanalytics)
+ * [JavaScript](https://github.com/Azure/azure-sdk-for-js/tree/master/sdk/textanalytics/ai-text-analytics/samples/javascript)
+
+> [!div class="nextstepaction"]
+> [Learn more about Text Analytics API v3.1-Preview.4](https://westcentralus.dev.cognitive.microsoft.com/docs/services/TextAnalytics-v3-1-preview-4/operations/Languages)
+
+### Text Analytics for health updates
+
+* A new model version `2021-03-01` for the `/health` endpoint and on-premise container which provides
+ * A rename of the `Gene` entity type to `GeneOrProtein`.
+ * A new `Date` entity type.
+ * Assertion detection which replaces negation detection (only available in API v3.1-preview.4).
+ * A new preferred `name` property for linked entities that is normalized from various ontologies and coding systems (only available in API v3.1-preview.4).
+* A new container image with tag `3.0.015370001-onprem-amd64` and the new model-version `2021-03-01` has been released to the container preview repository.
+* The Text Analytics for health container image will be moving to a new repository next month. Please watch for an email communication on the location of its new home.
+> [!div class="nextstepaction"]
+> [Learn more about Text Analytics for health](how-tos/text-analytics-for-health.md)
+>
+
+### Text Analytics resource portal update
+* **Processed Text Records** is now available as a metric in the **Monitoring** section for your Text Analytics resource in the Azure portal.
+ ## February 2021 * The `2021-01-15` model version for the PII endpoint in [Named Entity Recognition](how-tos/text-analytics-how-to-entity-linking.md) v3.1-preview.x, which provides
These model versions are currently unavailable in the East US region.
## December 2020
-* [Updated pricing](https://azure.microsoft.com/pricing/details/cognitive-services/text-analytics/) details for the Text Analytics API
+* [Updated pricing](https://azure.microsoft.com/pricing/details/cognitive-services/text-analytics/) details for the Text Analytics API.
## November 2020
These model versions are currently unavailable in the East US region.
* [C#](https://github.com/Azure/azure-sdk-for-net/tree/master/sdk/textanalytics/Azure.AI.TextAnalytics) * [Python](https://github.com/Azure/azure-sdk-for-python/tree/master/sdk/textanalytics/azure-ai-textanalytics/) * [Java](https://github.com/Azure/azure-sdk-for-java/tree/master/sdk/textanalytics/azure-ai-textanalytics)--
+ *
> [!div class="nextstepaction"] > [Learn more about Text Analytics API v3.1-Preview.3](https://westcentralus.dev.cognitive.microsoft.com/docs/services/TextAnalytics-v3-1-preview-3/operations/Languages)
communication-services Calling Sdk Features https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/communication-services/concepts/voice-video-calling/calling-sdk-features.md
The Communication Services calling client library supports the following streami
| |Web | Android/iOS| |--|-||
-|**# of outgoing streams that can be sent simultaneously** |1 video + 1 screen sharing | 1 video + 1 screen sharing|
-|**# of incoming streams that can be rendered simultaneously** |1 video + 1 screen sharing| 6 video + 1 screen sharing |
+|**# of outgoing streams that can be sent simultaneously** |1 video or 1 screen sharing | 1 video + 1 screen sharing|
+|**# of incoming streams that can be rendered simultaneously** |1 video or 1 screen sharing| 6 video + 1 screen sharing |
## Next steps
communication-services Calling Hero Sample https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/communication-services/samples/calling-hero-sample.md
Last updated 03/10/2021
-zone_pivot_groups: acs-web-ios
# Get started with the group calling hero sample [!INCLUDE [Web Calling Hero Sample](./includes/web-calling-hero.md)]
container-registry Container Registry Tasks Overview https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/container-registry/container-registry-tasks-overview.md
The inner-loop development cycle, the iterative process of writing code, buildin
Before you commit your first line of code, ACR Tasks's [quick task](container-registry-tutorial-quick-task.md) feature can provide an integrated development experience by offloading your container image builds to Azure. With quick tasks, you can verify your automated build definitions and catch potential problems prior to committing your code.
-Using the familiar `docker build` format, the [az acr build][az-acr-build] command in the Azure CLI takes a [context](#context-locations) (the set of files to build), sends it ACR Tasks and, by default, pushes the built image to its registry upon completion.
+Using the familiar `docker build` format, the [az acr build][az-acr-build] command in the Azure CLI takes a [context](#context-locations) (the set of files to build), sends it to ACR Tasks and, by default, pushes the built image to its registry upon completion.
For an introduction, see the quickstart to [build and run a container image](container-registry-quickstart-task-cli.md) in Azure Container Registry.
container-registry Security Controls Policy https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/container-registry/security-controls-policy.md
Title: Azure Policy Regulatory Compliance controls for Azure Container Registry description: Lists Azure Policy Regulatory Compliance controls available for Azure Container Registry. These built-in policy definitions provide common approaches to managing the compliance of your Azure resources. Previously updated : 03/10/2021 Last updated : 03/17/2021
cosmos-db Analytical Store Introduction https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cosmos-db/analytical-store-introduction.md
The following constraints are applicable on the operational data in Azure Cosmos
* While JSON documents (and Cosmos DB collections/containers) are case sensitive from the uniqueness perspective, analytical store is not.
- * In the same document: Properties names in the same level should be unique when compared case insensitively. For example, the following JSON document has "Name" and "name" in the same level of the document. While it's a valid JSON document, it doesn't satisfy analytical store constraint and hence will not be fully represented in the analytical store. In this case, "Name" and "name" are the same when compared in a case insensitive manner. Only "Name" will be represented in analytical store, because it is the first occurrence. And `"name": "john"` won't be represented at all.
+ * **In the same document:** Properties names in the same level should be unique when compared case insensitively. For example, the following JSON document has "Name" and "name" in the same level. While it's a valid JSON document, it doesn't satisfy the uniqueness constraint and hence will not be fully represented in the analytical store. In this example, "Name" and "name" are the same when compared in a case insensitive manner. Only `"Name": "fred"` will be represented in analytical store, because it is the first occurrence. And `"name": "john"` won't be represented at all.
```json {"id": 1, "Name": "fred", "name": "john"} ```
- * In different documents: Properties in the same level and with the same name, but in different cases, will be represented with the first occurrence. For example, the following documents have "Name" and "name" in the same level. Since the first document has "Name", this format will be used to represent this property in analytical store. In other words, the column name in analytical store will be "Name". Both `"fred"` and `"john"` will be represented, in the "Name" column.
+ * **In different documents:** Properties in the same level and with the same name, but in different cases, will be represented within the same column, using the name format of the first occurrence. For example, the following JSON documents have `"Name"` and `"name"` in the same level. Since the first document format is `"Name"`, this is what will be used to represent the property name in analytical store. In other words, the column name in analytical store will be `"Name"`. Both `"fred"` and `"john"` will be represented, in the `"Name"` column.
```json
The following constraints are applicable on the operational data in Azure Cosmos
* Currently we do not support Azure Synapse Spark reading column names that contain blanks (white spaces). * Expect different behavior in regard to `NULL` values:
- * Spark pools in Azure Synapse will read these value as a 0 (zero).
+ * Spark pools in Azure Synapse will read these values as 0 (zero).
* SQL serverless pools in Azure Synapse will read these values as `NULL`. * Expect different behavior in regard to missing columns:
The well-defined schema representation creates a simple tabular representation o
* A property always has the same type across multiple items.
- * For example, `{"a":123} {"a": "str"}` does not have a well-defined schema because `"a"` is sometimes a string and sometimes a number. In this case, the analytical store registers the data type of `ΓÇ£aΓÇ¥` as the data type of `ΓÇ£aΓÇ¥` in the first-occurring item in the lifetime of the container. Items where the data type of `ΓÇ£aΓÇ¥` differs will not be included in the analytical store.
+ * For example, `{"a":123} {"a": "str"}` does not have a well-defined schema because `"a"` is sometimes a string and sometimes a number. In this case, the analytical store registers the data type of `"a"` as the data type of `ΓÇ£aΓÇ¥` in the first-occurring item in the lifetime of the container. The document will still be included in analytical store, but items where the data type of `"a"` differs will not.
This condition does not apply for null properties. For example, `{"a":123} {"a":null}` is still well defined.
cosmos-db High Availability https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cosmos-db/high-availability.md
For the rare cases of regional outage, Azure Cosmos DB makes sure your database
* During a write region outage, the Azure Cosmos account will automatically promote a secondary region to be the new primary write region when **enable automatic failover** is configured on the Azure Cosmos account. When enabled, the failover will occur to another region in the order of region priority you've specified.
+* Note that manual failover should not be triggered and will not succeed in presence of an outage of the source or destination region. This is because of a consistency check required by the failover procedure which requires connectivity between the regions.
+ * When the previously impacted region is back online, any write data that was not replicated when the region failed, is made available through the [conflicts feed](how-to-manage-conflicts.md#read-from-conflict-feed). Applications can read the conflicts feed, resolve the conflicts based on the application-specific logic, and write the updated data back to the Azure Cosmos container as appropriate. * Once the previously impacted write region recovers, it becomes automatically available as a read region. You can switch back to the recovered region as the write region. You can switch the regions by using [PowerShell, Azure CLI or Azure portal](how-to-manage-database-account.md#manual-failover). There is **no data or availability loss** before, during or after you switch the write region and your application continues to be highly available. > [!IMPORTANT]
-> It is strongly recommended that you configure the Azure Cosmos accounts used for production workloads to **enable automatic failover**. Manual failover requires connectivity between secondary and primary write region to complete a consistency check to ensure there is no data loss during the failover. If the primary region is unavailable, this consistency check cannot complete and the manual failover will not succeed, resulting in loss of write availability for the duration of the regional outage.
+> It is strongly recommended that you configure the Azure Cosmos accounts used for production workloads to **enable automatic failover**. This enables Cosmos DB to failover the account databases to availabile regions automatically. In the absence of this configuration, the account will experience loss of write availability for all the duration of the write region outage, as manual failover will not succeed due to lack of region connectivity.
### Multi-region accounts with a single-write region (read region outage)
Availability Zones can be enabled via:
* Even if your Azure Cosmos account is highly available, your application may not be correctly designed to remain highly available. To test the end-to-end high availability of your application, as a part of your application testing or disaster recovery (DR) drills, temporarily disable automatic-failover for the account, invoke the [manual failover by using PowerShell, Azure CLI or Azure portal](how-to-manage-database-account.md#manual-failover), then monitor your application's failover. Once complete, you can fail back over to the primary region and restore automatic-failover for the account.
+> [!IMPORTANT]
+> Do not invoke manual failover during a Cosmos DB outage on either the source or destination regions, as it requires regions connectivity to maintain data consistency and it will not succeed.
+ * Within a globally distributed database environment, there is a direct relationship between the consistency level and data durability in the presence of a region-wide outage. As you develop your business continuity plan, you need to understand the maximum acceptable time before the application fully recovers after a disruptive event. The time required for an application to fully recover is known as recovery time objective (RTO). You also need to understand the maximum period of recent data updates the application can tolerate losing when recovering after a disruptive event. The time period of updates that you might afford to lose is known as recovery point objective (RPO). To see the RPO and RTO for Azure Cosmos DB, see [Consistency levels and data durability](./consistency-levels.md#rto)
+## What to expect during a region outage
+
+For single-region accounts, clients will experience loss of read and write availability.
+
+Multi-region accounts will experience different behaviors depending on the following table.
+
+| Write regions | Automatic failover | What to expect | What to do |
+| -- | -- | -- | -- |
+| Single write region | Not enabled | In case of outage in a read region, all clients will redirect to other regions. No read or write availability loss. No data loss. <p/> In case of an outage in the write region, clients will experience write availability loss. Data loss will be dependent on the constistency level selected. <p/> Cosmos DB will restore write availability automatically when the outage ends. | During the outage, ensure that there is enough capacity provisioned in the remaining regions to support read traffic. <p/> Do *not* trigger a manual failover during the outage, as it will not succeed. <p/> When the outage is over, re-adjust provisioned capacity as appropriate. |
+| Single write region | Enabled | In case of outage in a read region, all clients will redirect to other regions. No read or write availability loss. No data loss. <p/> In case of an outage in the write region, clients will experience write availability loss until Cosmos DB automatically elects a new region as the new write region according to your preferences. Data loss will be dependent on the constistency level selected. | During the outage, ensure that there is enough capacity provisioned in the remaining regions to support read traffic. <p/> Do *not* trigger a manual failover during the outage, as it will not succeed. <p/> When the outage is over, you may recover the non-replicated data in the failed region from your [conflicts feed](how-to-manage-conflicts.md#read-from-conflict-feed), move the write region back to the original region, and re-adjust provisioned capacity as appropriate. |
+| Multiple write regions | Not applicable | No read or write availability loss. <p/> Data loss as per consistency level selected. | During the outage, ensure that there is enough capacity provisioned in the remaining regions to support additional traffic. <p/> When the outage is over, you may recover the non-replicated data in the failed region from your [conflicts feed](how-to-manage-conflicts.md#read-from-conflict-feed) and re-adjust provisioned capacity as appropriate. |
+ ## Next steps Next you can read the following articles:
cosmos-db Security Controls Policy https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cosmos-db/security-controls-policy.md
Title: Azure Policy Regulatory Compliance controls for Azure Cosmos DB description: Lists Azure Policy Regulatory Compliance controls available for Azure Cosmos DB. These built-in policy definitions provide common approaches to managing the compliance of your Azure resources. Previously updated : 03/10/2021 Last updated : 03/17/2021
cost-management-billing Create Subscription Template https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cost-management-billing/manage/create-subscription-template.md
- Title: Programmatically create Azure subscriptions with an Azure Resource Manager template
-description: Learn how to create Azure subscriptions programmatically using an Azure Resource Manager template.
---- Previously updated : 11/17/2020-----
-# Programmatically create Azure subscriptions with an Azure Resource Manager template
-
-This article helps you programmatically create Azure subscriptions using an Azure Resource Manager template (ARM template). Azure customers with a billing account for the following agreement types can create subscriptions using an ARM template:
--- Enterprise Agreement (EA)
- - For more information, see [Azure Enterprise REST APIs](ea-portal-rest-apis.md)
-- Microsoft Customer Agreement (MCA)
- - [Azure Billing REST API](/rest/api/billing)
- - [Azure Subscription APIs](/rest/api/subscription)
-- Microsoft Partner Agreement (MPA)
- - [Azure Billing REST API](/rest/api/billing)
- - [Azure Subscription APIs](/rest/api/subscription)
-
-When you create an Azure subscription programmatically using a template, that subscription is governed by the agreement under which you obtained Azure services from Microsoft or an authorized reseller. For more information, see [Microsoft Azure Legal Information](https://azure.microsoft.com/support/legal/).
--
-## Create subscriptions using ARM templates
-
-You can create subscriptions with an Azure Resource Manager template (ARM template), allowing you to automate your production/test deployment processes. In the following example, you use an ARM template to create an Azure subscription and an Azure resource group.
-
-## Prerequisites
-
-To create subscriptions, you must have one of the following roles:
--- Azure Subscription Owner on an Invoice Section-- Azure Subscription Contributor on an Invoice Section-- Azure Subscription Creator role on an Invoice Section-- Azure Subscription Owner on a Billing Profile or a Billing account-- Azure Subscription Contributor Role on a Billing Profile or a Billing account-
-For more information, see [Subscription billing roles and tasks](understand-mca-roles.md#subscription-billing-roles-and-tasks).
-
-Additionally, since you're doing an ARM template deployment, you need to have write permissions on the root object. To create the ARM deployment under a management group, you need to have write permissions on the management group. The action is purely to create an ARM deployment. If a subscription is created, it's created only in the management group specified in the ARM template.
-
-The following examples use REST APIs. Currently, PowerShell and Azure CLI aren't supported.
-
-## Find billing accounts that you have access to
-
-Make the following request to list all the billing accounts.
-
-### [REST](#tab/rest-getBillingAccounts)
-
-```json
-GET https://management.azure.com/providers/Microsoft.Billing/billingaccounts/?api-version=2020-05-01
-```
-
-The API response lists the billing accounts that you have access to.
-
-```json
-{
- "value": [
- {
- "id": "/providers/Microsoft.Billing/billingAccounts/5e98e158-xxxx-xxxx-xxxx-xxxxxxxxxxxx:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx_xxxx-xx-xx",
- "name": "5e98e158-xxxx-xxxx-xxxx-xxxxxxxxxxxx:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx_xxxx-xx-xx",
- "properties": {
- "accountStatus": "Active",
- "accountType": "Enterprise",
- "agreementType": "MicrosoftCustomerAgreement",
- "billingProfiles": {
- "hasMoreResults": false
- },
- "displayName": "Contoso",
- "hasReadAccess": false
- },
- "type": "Microsoft.Billing/billingAccounts"
- }
- ]
-}
-```
-
-Use the `displayName` property to identify the billing account for which you want to create subscriptions. Ensure, the agreementType of the account is *MicrosoftCustomerAgreement*. Copy the `name` of the account. For example, to create a subscription for the `Contoso` billing account, copy `5e98e158-xxxx-xxxx-xxxx-xxxxxxxxxxxx:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx_xxxx-xx-xx`. Paste the value somewhere so that you can use it in the next step.
-
-<!--
-### [PowerShell](#tab/azure-powershell-getBillingAccounts)
-
-we're still working on enabling PowerShell SDK for billing APIs. Check back soon.
>-
-<!--
-### [Azure CLI](#tab/azure-cli-getBillingAccounts)
-
-we're still working on enabling CLI SDK for billing APIs. Check back soon.
>---
-## Find billing profiles & invoice sections to create subscriptions
-
-The charges for your subscription appear on a section of a billing profile's invoice. Use the following API to get the list of billing profiles and invoice sections on which you have permission to create Azure subscriptions.
-
-First you get the list of billing profiles under the billing account that you have access to.
-
-### [REST](#tab/rest-getBillingProfiles)
-
-```json
-GET https://management.azure.com/providers/Microsoft.Billing/billingaccounts/5e98e158-xxxx-xxxx-xxxx-xxxxxxxxxxxx:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx_xxxx-xx-xx/billingprofiles/?api-version=2020-05-01
-```
-
-The API response lists all the billing profiles on which you have access to create subscriptions:
-
-```json
-{
- "value": [
- {
- "id": "/providers/Microsoft.Billing/billingAccounts/5e98e158-xxxx-xxxx-xxxx-xxxxxxxxxxxx:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx_xxxx-xx-xx/billingProfiles/AW4F-xxxx-xxx-xxx",
- "name": "AW4F-xxxx-xxx-xxx",
- "properties": {
- "billingRelationshipType": "Direct",
- "billTo": {
- "addressLine1": "One Microsoft Way",
- "city": "Redmond",
- "companyName": "Contoso",
- "country": "US",
- "email": "kenny@contoso.com",
- "phoneNumber": "425xxxxxxx",
- "postalCode": "98052",
- "region": "WA"
- },
- "currency": "USD",
- "displayName": "Contoso Billing Profile",
- "enabledAzurePlans": [
- {
- "skuId": "0002",
- "skuDescription": "Microsoft Azure Plan for DevTest"
- },
- {
- "skuId": "0001",
- "skuDescription": "Microsoft Azure Plan"
- }
- ],
- "hasReadAccess": true,
- "invoiceDay": 5,
- "invoiceEmailOptIn": false,
- "invoiceSections": {
- "hasMoreResults": false
- },
- "poNumber": "001",
- "spendingLimit": "Off",
- "status": "Active",
- "systemId": "AW4F-xxxx-xxx-xxx",
- "targetClouds": []
- },
- "type": "Microsoft.Billing/billingAccounts/billingProfiles"
- }
- ]
-}
-```
-
- Copy the `id` to next identify the invoice sections underneath the billing profile. For example, copy `/providers/Microsoft.Billing/billingAccounts/5e98e158-xxxx-xxxx-xxxx-xxxxxxxxxxxx:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx_xxxx-xx-xx/billingProfiles/AW4F-xxxx-xxx-xxx` and call the following API.
-
-```json
-GET https://management.azure.com/providers/Microsoft.Billing/billingAccounts/5e98e158-xxxx-xxxx-xxxx-xxxxxxxxxxxx:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx_xxxx-xx-xx/billingProfiles/AW4F-xxxx-xxx-xxx/invoicesections?api-version=2020-05-01
-```
-
-### Response
-
-```json
-{
- "totalCount": 1,
- "value": [
- {
- "id": "/providers/Microsoft.Billing/billingAccounts/5e98e158-xxxx-xxxx-xxxx-xxxxxxxxxxxx:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx_xxxx-xx-xx/billingProfiles/AW4F-xxxx-xxx-xxx/invoiceSections/SH3V-xxxx-xxx-xxx",
- "name": "SH3V-xxxx-xxx-xxx",
- "properties": {
- "displayName": "Development",
- "state": "Active",
- "systemId": "SH3V-xxxx-xxx-xxx"
- },
- "type": "Microsoft.Billing/billingAccounts/billingProfiles/invoiceSections"
- }
- ]
-}
-```
-
-Use the `id` property to identify the invoice section for which you want to create subscriptions. Copy the entire string. For example, `/providers/Microsoft.Billing/billingAccounts/5e98e158-xxxx-xxxx-xxxx-xxxxxxxxxxxx:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx_xxxx-xx-xx/billingProfiles/AW4F-xxxx-xxx-xxx/invoiceSections/SH3V-xxxx-xxx-xxx`.
-
-<!--
-### [PowerShell](#tab/azure-powershell-getBillingProfiles)
-
-we're still working on enabling PowerShell SDK for billing APIs. Check back soon.
-
-### [Azure CLI](#tab/azure-cli-getBillingProfiles)
-
-we're still working on enabling CLI SDK for billing APIs. Check back soon.
>---
-## Create a subscription and resource group with a template
-
-The following ARM template creates a subscription named *Dev Team subscription* for the *Development* invoice section. The subscription is billed to the *Contoso Billing Profile* billing profile and appear on the *Development* section of its invoice. You use the copied billing scope from previous step: `/providers/Microsoft.Billing/billingAccounts/5e98e158-xxxx-xxxx-xxxx-xxxxxxxxxxxx:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx_xxxx-xx-xx/billingProfiles/AW4F-xxxx-xxx-xxx/invoiceSections/SH3V-xxxx-xxx-xxx`.
-
-### Request
-
-```rest
-PUT https://management.azure.com/providers/Microsoft.Resources/deployments/sampleTemplate?api-version=2019-10-01
-```
-
-### Request body
-
-```json
-{
- "properties":
- {
- "location": "westus",
- "properties": {
- "template": {
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {},
- "variables": {
- "uniqueAliasName": "sampleAlias"
- },
- "resources": [
- {
- "type": "Microsoft.Resources/deployments",
- "apiVersion": "2019-10-01",
- "name": "sampleTemplate",
- "location": "westus",
- "properties": {
- "expressionEvaluationOptions": {
- "scope": "inner"
- },
- "mode": "Incremental",
- "template": {
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
- "contentVersion": "1.0.0.0",
- "variables": {
- "uniqueAliasName": "sampleAlias"
- },
- "resources": [
- {
- "name": "[variables('uniqueAliasName')]",
- "type": "Microsoft.Subscription/aliases",
- "apiVersion": "2020-09-01",
- "properties": {
- "workLoad": "Production",
- "displayName": "Dev Team subscription",
- "billingScope": "/providers/Microsoft.Billing/billingAccounts/5e98e158-xxxx-xxxx-xxxx-xxxxxxxxxxxx:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx_xxxx-xx-xx/billingProfiles/AW4F-xxxx-xxx-xxx/invoiceSections/SH3V-xxxx-xxx-xxx"
- },
- "dependsOn": [],
- "tags": {}
- }
- ],
- "outputs": {
- "subscriptionId": {
- "type": "string",
- "value": "[replace(reference(variables('uniqueAliasName')).subscriptionId, 'invalidrandom/', '')]"
- }
- }
- }
- }
- },
- {
- "name": "sampleOuterResource",
- "type": "Microsoft.Resources/deployments",
- "apiVersion": "2019-10-01",
- "location": "westus",
- "properties": {
- "expressionEvaluationOptions": {
- "scope": "inner"
- },
- "mode": "Incremental",
- "parameters": {
- "subscriptionId": {
- "value": "[reference('sampleTemplate').outputs.subscriptionId.value]"
- }
- },
- "template": {
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- "subscriptionId": {
- "type": "string"
- }
- },
- "variables": {},
- "resources": [
- {
- "name": "sampleInnerResource",
- "type": "Microsoft.Resources/deployments",
- "subscriptionId": "[parameters('subscriptionId')]",
- "apiVersion": "2019-10-01",
- "location": "westus",
- "properties": {
- "expressionEvaluationOptions": {
- "scope": "inner"
- },
- "mode": "Incremental",
- "parameters": {},
- "template": {
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {},
- "variables": {},
- "resources": [
- {
- "type": "Microsoft.Resources/resourceGroups",
- "apiVersion": "2020-05-01",
- "location": "[deployment().location]",
- "name": "sampleRG",
- "properties": {},
- "tags": {}
- }
- ],
- "outputs": {}
- }
- }
- }
- ],
- "outputs": {}
- }
- }
- }
- ],
- "outputs": {
- "messageFromLinkedTemplate": {
- "type": "string",
- "value": "[reference('sampleTemplate').outputs.subscriptionId.value]"
- }
- }
- },
- "mode": "Incremental"
- }
- }
-}
-```
-
-### Response
-
-```json
-{
- "id": "/providers/Microsoft.Resources/deployments/sampleTemplate",
- "name": "sampleTemplate",
- "type": "Microsoft.Resources/deployments",
- "location": "westus",
- "properties": {
- "templateHash": "16005880870587497948",
- "parameters": {},
- "mode": "Incremental",
- "provisioningState": "Accepted",
- "timestamp": "2020-10-07T19:06:34.110811Z",
- "duration": "PT0.1345459S",
- "correlationId": "2b57ddf6-7e27-42cb-90b4-90eeccd11a28",
- "providers": [
- {
- "namespace": "Microsoft.Resources",
- "resourceTypes": [
- {
- "resourceType": "deployments",
- "locations": [
- "westus"
- ]
- }
- ]
- }
- ],
- "dependencies": [
- {
- "dependsOn": [
- {
- "id": "/providers/Microsoft.Resources/deployments/sampleTemplate",
- "resourceType": "Microsoft.Resources/deployments",
- "resourceName": "anuragTemplate1"
- }
- ],
- "id": "/providers/Microsoft.Resources/deployments/sampleOuterResource",
- "resourceType": "Microsoft.Resources/deployments",
- "resourceName": "sampleOuterResource"
- }
- ]
- }
-}
-```
-
-You can GET the status of the deployment to monitor progress.
-
-```json
-GET https://management.azure.com/providers/Microsoft.Resources/deployments/sampleTemplate?api-version=2019-10-01
-```
-
-### Response
-
-```json
-{
- "id": "/providers/Microsoft.Resources/deployments/sampleDeployment5",
- "name": "sampleDeployment5",
- "type": "Microsoft.Resources/deployments",
- "location": "westus",
- "properties": {
- "templateHash": "16005880870587497948",
- "parameters": {},
- "mode": "Incremental",
- "provisioningState": "Succeeded",
- "timestamp": "2020-10-07T19:07:20.8007311Z",
- "duration": "PT46.824466S",
- "correlationId": "2b57ddf6-7e27-42cb-90b4-90eeccd11a28",
- "providers": [
- {
- "namespace": "Microsoft.Resources",
- "resourceTypes": [
- {
- "resourceType": "deployments",
- "locations": [
- "westus"
- ]
- }
- ]
- }
- ],
- "dependencies": [
- {
- "dependsOn": [
- {
- "id": "/providers/Microsoft.Resources/deployments/sampleTemplate",
- "resourceType": "Microsoft.Resources/deployments",
- "resourceName": "sampleTemplate"
- }
- ],
- "id": "/providers/Microsoft.Resources/deployments/sampleOuterResource",
- "resourceType": "Microsoft.Resources/deployments",
- "resourceName": "sampleOuterResource"
- }
- ],
- "outputs": {
- "messageFromLinkedTemplate": {
- "type": "String",
- "value": "16edf959-11fd-48bb-9a46-85190963ead9"
- }
- },
- "outputResources": [
- {
- "id": "/providers/Microsoft.Subscription/aliases/sampleAlias"
- },
- {
- "id": "/subscriptions/16edf959-11fd-48bb-9a46-85190963ead9/resourceGroups/sampleRG"
- }
- ]
- }
-}
-```
-
-In the preceding example, you can see the subscription created was `16edf959-11fd-48bb-9a46-85190963ead9` and RG created was `sampleRG`.
-
-## Next steps
-
-* Now that you've created a subscription, you can grant that ability to other users and service principals. For more information, see [Grant access to create Azure Enterprise subscriptions (preview)](grant-access-to-create-subscription.md).
-* For more information about managing large numbers of subscriptions using management groups, see [Organize your resources with Azure management groups](../../governance/management-groups/overview.md).
cost-management-billing Programmatically Create Subscription Enterprise Agreement https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cost-management-billing/manage/programmatically-create-subscription-enterprise-agreement.md
Title: Programmatically create Azure Enterprise Agreement subscriptions with the latest APIs
-description: Learn how to create Azure Enterprise Agreement subscriptions programmatically using the latest versions of REST API, Azure CLI, and Azure PowerShell.
+description: Learn how to create Azure Enterprise Agreement subscriptions programmatically using the latest versions of REST API, Azure CLI, Azure PowerShell, and Azure Resource Manager templates.
Previously updated : 01/13/2021 Last updated : 03/12/2021
After you're added to an Enrollment Account associated to an Account Owner, Azur
To run the following commands, you must be logged in to the Account Owner's *home directory*, which is the directory that subscriptions are created in by default.
-### [REST](#tab/rest-getEnrollments)
+### [REST](#tab/rest)
Request to list all enrollment accounts you have access to:
The API response lists all enrollment accounts you have access to:
```
-The value for a billing scope and `id` are the same thing. The `id` for your enrollment account is the billing scope under which the subscription request is initiated. ItΓÇÖs important to know the ID because itΓÇÖs a required parameter that you use later in the article to create a subscription.
+The values for a billing scope and `id` are the same thing. The `id` for your enrollment account is the billing scope under which the subscription request is initiated. ItΓÇÖs important to know the ID because itΓÇÖs a required parameter that you use later in the article to create a subscription.
-<!--
-### [PowerShell](#tab/azure-powershell-getEnrollments)
+### [PowerShell](#tab/azure-powershell)
-we're still working on enabling PowerShell SDK for billing APIs. Check back soon.
+Please use either Azure CLI or REST API to get this value.
>--
-### [Azure CLI](#tab/azure-cli-getEnrollments)
+### [Azure CLI](#tab/azure-cli)
Request to list all enrollment accounts you have access to:
Response lists all enrollment accounts you have access to
"type": "Microsoft.Billing/billingAccounts" }, ```
-The value for a billing scope and `id` are the same thing. The `id` for your enrollment account is the billing scope under which the subscription request is initiated. ItΓÇÖs important to know the ID because itΓÇÖs a required parameter that you use later in the article to create a subscription.
+
+The values for a billing scope and `id` are the same thing. The `id` for your enrollment account is the billing scope under which the subscription request is initiated. ItΓÇÖs important to know the ID because itΓÇÖs a required parameter that you use later in the article to create a subscription.
The value for a billing scope and `id` are the same thing. The `id` for your enr
The following example creates a subscription named *Dev Team Subscription* in the enrollment account selected in the previous step.
-### [REST](#tab/rest-EA)
+### [REST](#tab/rest)
Call the PUT API to create a subscription creation request/alias.
GET https://management.azure.com/providers/Microsoft.Subscription/aliases/sample
An in-progress status is returned as an `Accepted` state under `provisioningState`.
-### [PowerShell](#tab/azure-powershell-EA)
+### [PowerShell](#tab/azure-powershell)
To install the latest version of the module that contains the `New-AzSubscriptionAlias` cmdlet, run `Install-Module Az.Subscription`. To install a recent version of PowerShellGet, see [Get PowerShellGet Module](/powershell/scripting/gallery/installing-psget).
You get the subscriptionId as part of the response from the command.
} ```
-### [Azure CLI](#tab/azure-cli-EA)
+### [Azure CLI](#tab/azure-cli)
First, install the extension by running `az extension add --name account` and `az extension add --name alias`.
You get the subscriptionId as part of the response from the command.
+## Use ARM template
+
+The previous section showed how to create a subscription with PowerShell, CLI, or REST API. If you need to automate creating subscriptions, consider using an Azure Resource Manager template (ARM template).
+
+The following template creates a subscription. For `billingScope`, provide the enrollment account ID. For `targetManagementGroup`, provide the management group where you want to create the subscription.
+
+```json
+{
+ "$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "subscriptionAliasName": {
+ "type": "string",
+ "metadata": {
+ "description": "Provide a name for the alias. This name will also be the display name of the subscription."
+ }
+ },
+ "billingScope": {
+ "type": "string",
+ "metadata": {
+ "description": "Provide the full resource ID of billing scope to use for subscription creation."
+ }
+ },
+ "targetManagementGroup": {
+ "type": "string",
+ "metadata": {
+ "description": "Provide the ID of the target management group to place the subscription."
+ }
+ }
+ },
+ "resources": [
+ {
+ "scope": "/",
+ "name": "[parameters('subscriptionAliasName')]",
+ "type": "Microsoft.Subscription/aliases",
+ "apiVersion": "2020-09-01",
+ "properties": {
+ "workLoad": "Production",
+ "displayName": "[parameters('subscriptionAliasName')]",
+ "billingScope": "[parameters('billingScope')]",
+ "managementGroupId": "[tenantResourceId('Microsoft.Management/managementGroups/', parameters('targetManagementGroup'))]"
+ }
+ }
+ ],
+ "outputs": {}
+}
+```
+
+Deploy the template at the [management group level](../../azure-resource-manager/templates/deploy-to-management-group.md).
+
+### [REST](#tab/rest)
+
+```json
+PUT https://management.azure.com/providers/Microsoft.Management/managementGroups/mg1/providers/Microsoft.Resources/deployments/exampledeployment?api-version=2020-06-01
+```
+
+With a request body:
+
+```json
+{
+ "location": "eastus",
+ "properties": {
+ "templateLink": {
+ "uri": "http://mystorageaccount.blob.core.windows.net/templates/template.json"
+ },
+ "parameters": {
+ "subscriptionAliasName": {
+ "value": "sampleAlias"
+ },
+ "billingScope": {
+ "value": "/providers/Microsoft.Billing/BillingAccounts/1234567/enrollmentAccounts/7654321"
+ },
+ "targetManagementGroup": {
+ "value": "mg2"
+ }
+ },
+ "mode": "Incremental"
+ }
+}
+```
+
+### [PowerShell](#tab/azure-powershell)
+
+```azurepowershell-interactive
+New-AzManagementGroupDeployment `
+ -Name exampledeployment `
+ -Location eastus `
+ -ManagementGroupId mg1 `
+ -TemplateFile azuredeploy.json `
+ -subscriptionAliasName sampleAlias `
+ -billingScope "/providers/Microsoft.Billing/BillingAccounts/1234567/enrollmentAccounts/7654321" `
+ -targetManagementGroup mg2
+```
+
+### [Azure CLI](#tab/azure-cli)
+
+```azurecli-interactive
+az deployment mg create \
+ --name exampledeployment \
+ --location eastus \
+ --management-group-id mg1 \
+ --template-file azuredeploy.json \
+ --parameters subscriptionAliasName='sampleAlias' billingScope='/providers/Microsoft.Billing/BillingAccounts/1234567/enrollmentAccounts/7654321' targetManagementGroup=mg2
+```
+++ ## Limitations of Azure Enterprise subscription creation API - Only Azure Enterprise subscriptions are created using the API.
You get the subscriptionId as part of the response from the command.
* Now that you've created a subscription, you can grant that ability to other users and service principals. For more information, see [Grant access to create Azure Enterprise subscriptions (preview)](grant-access-to-create-subscription.md). * For more information about managing large numbers of subscriptions using management groups, see [Organize your resources with Azure management groups](../../governance/management-groups/overview.md).
+* To change the management group for a subscription, see [Move subscriptions](../../governance/management-groups/manage.md#move-subscriptions).
cost-management-billing Programmatically Create Subscription Microsoft Customer Agreement https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cost-management-billing/manage/programmatically-create-subscription-microsoft-customer-agreement.md
Title: Programmatically create Azure subscriptions for a Microsoft Customer Agreement with the latest APIs
-description: Learn how to create Azure subscriptions for a Microsoft Customer Agreement programmatically using the latest versions of REST API, Azure CLI, and Azure PowerShell.
+description: Learn how to create Azure subscriptions for a Microsoft Customer Agreement programmatically using the latest versions of REST API, Azure CLI, Azure PowerShell, and Azure Resource Manager templates.
Previously updated : 11/17/2020 Last updated : 03/12/2021
You must have an owner, contributor, or Azure subscription creator role on an in
If you don't know whether you have access to a Microsoft Customer Agreement account, see [Check access to a Microsoft Customer Agreement](../understand/mca-overview.md#check-access-to-a-microsoft-customer-agreement).
-The following examples use REST APIs. Currently, PowerShell and Azure CLI aren't supported.
- ## Find billing accounts that you have access to Make the following request to list all the billing accounts.
-### [REST](#tab/rest-getBillingAccounts)
+### [REST](#tab/rest)
```json GET https://management.azure.com/providers/Microsoft.Billing/billingaccounts/?api-version=2020-05-01
The API response lists the billing accounts that you have access to.
Use the `displayName` property to identify the billing account for which you want to create subscriptions. Ensure, the agreementType of the account is *MicrosoftCustomerAgreement*. Copy the `name` of the account. For example, to create a subscription for the `Contoso` billing account, copy `5e98e158-xxxx-xxxx-xxxx-xxxxxxxxxxxx:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx_xxxx-xx-xx`. Paste the value somewhere so that you can use it in the next step.
-### [PowerShell](#tab/azure-powershell-getBillingAccounts)
+### [PowerShell](#tab/azure-powershell)
-```azurepowershell-interactive
-PS C:\WINDOWS\system32> Get-AzBillingAccount
+```azurepowershell
+Get-AzBillingAccount
``` You will get back a list of all billing accounts that you have access to
HasReadAccess : True
Use the `displayName` property to identify the billing account for which you want to create subscriptions. Ensure, the agreementType of the account is *MicrosoftCustomerAgreement*. Copy the `name` of the account. For example, to create a subscription for the `Contoso` billing account, copy `5e98e158-xxxx-xxxx-xxxx-xxxxxxxxxxxx:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx_xxxx-xx-xx`. Paste the value somewhere so that you can use it in the next step.
-### [Azure CLI](#tab/azure-cli-getBillingAccounts)
+### [Azure CLI](#tab/azure-cli)
+ ```azurecli
-> az billing account list
+az billing account list
``` You will get back a list of all billing accounts that you have access to
The charges for your subscription appear on a section of a billing profile's inv
First you get the list of billing profiles under the billing account that you have access to (Use the `name` that you got from the previous step)
-### [REST](#tab/rest-getBillingProfiles)
+### [REST](#tab/rest)
+ ```json GET https://management.azure.com/providers/Microsoft.Billing/billingaccounts/5e98e158-xxxx-xxxx-xxxx-xxxxxxxxxxxx:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx_xxxx-xx-xx/billingprofiles/?api-version=2020-05-01 ```
GET https://management.azure.com/providers/Microsoft.Billing/billingAccounts/5e9
Use the `id` property to identify the invoice section for which you want to create subscriptions. Copy the entire string. For example, `/providers/Microsoft.Billing/billingAccounts/5e98e158-xxxx-xxxx-xxxx-xxxxxxxxxxxx:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx_xxxx-xx-xx/billingProfiles/AW4F-xxxx-xxx-xxx/invoiceSections/SH3V-xxxx-xxx-xxx`.
-### [PowerShell](#tab/azure-powershell-getBillingProfiles)
+### [PowerShell](#tab/azure-powershell)
-```powershell-interactive
-PS C:\WINDOWS\system32> Get-AzBillingProfile -BillingAccountName 5e98e158-xxxx-xxxx-xxxx-xxxxxxxxxxxx:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx_xxxx-xx-xx
+```azurepowershell
+Get-AzBillingProfile -BillingAccountName 5e98e158-xxxx-xxxx-xxxx-xxxxxxxxxxxx:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx_xxxx-xx-xx
``` You will get the list of billing profiles under this account as part of the response.
Country : US
PostalCode : 98052 ```
-Note the `name` of the billing profile from the above response. Next steps is to get the invoice section that you have access to underneath this billing profile. You will need the `name` of the billing account and billing profile
+Note the `name` of the billing profile from the above response. The next step is to get the invoice section that you have access to underneath this billing profile. You will need the `name` of the billing account and billing profile
-```powershell-interactive
-PS C:\WINDOWS\system32> Get-AzInvoiceSection -BillingAccountName 5e98e158-xxxx-xxxx-xxxx-xxxxxxxxxxxx:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx_xxxx-xx-xx -BillingProfileName AW4F-xxxx-xxx-xxx
+```azurepowershell
+Get-AzInvoiceSection -BillingAccountName 5e98e158-xxxx-xxxx-xxxx-xxxxxxxxxxxx:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx_xxxx-xx-xx -BillingProfileName AW4F-xxxx-xxx-xxx
``` You will get the invoice section returned
Name : SH3V-xxxx-xxx-xxx
DisplayName : Development ```
-The `name` above is the Invoice section name you need to create a subscription under. Construct your billing scope using the format "/providers/Microsoft.Billing/billingAccounts/<BillingAccountName>/billingProfiles/<BillingProfileName>/invoiceSections/<InvoiceSectionName>". In this example, this will equate to `"/providers/Microsoft.Billing/billingAccounts/5e98e158-xxxx-xxxx-xxxx-xxxxxxxxxxxx:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx_xxxx-xx-xx/billingProfiles/AW4F-xxxx-xxx-xxx/invoiceSections/SH3V-xxxx-xxx-xxx"`.
+The `name` above is the Invoice section name you need to create a subscription under. Construct your billing scope using the format "/providers/Microsoft.Billing/billingAccounts/<BillingAccountName>/billingProfiles/<BillingProfileName>/invoiceSections/<InvoiceSectionName>". In this example, this value will equate to `"/providers/Microsoft.Billing/billingAccounts/5e98e158-xxxx-xxxx-xxxx-xxxxxxxxxxxx:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx_xxxx-xx-xx/billingProfiles/AW4F-xxxx-xxx-xxx/invoiceSections/SH3V-xxxx-xxx-xxx"`.
-### [Azure CLI](#tab/azure-cli-getBillingProfiles)
+### [Azure CLI](#tab/azure-cli)
-```azurecli-interactive
-> az billing profile list --account-name "5e98e158-xxxx-xxxx-xxxx-xxxxxxxxxxxx:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx_xxxx-xx-xx" --expand "InvoiceSections"
+```a