Updates from: 03/25/2022 02:26:10
Service Microsoft Docs article Related commit history on GitHub Change details
active-directory-b2c Deploy Custom Policies Devops https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/deploy-custom-policies-devops.md
Previously updated : 08/26/2021 Last updated : 03/25/2022
## Prerequisites * Complete the steps in the [Get started with custom policies in Active Directory B2C](tutorial-create-user-flows.md).
-* If you haven't created an DevOps organization, create one by following the instructions in [Sign up, sign in to Azure DevOps](/azure/devops/user-guide/sign-up-invite-teammates).
+* If you haven't created a DevOps organization, create one by following the instructions in [Sign up, sign in to Azure DevOps](/azure/devops/user-guide/sign-up-invite-teammates).
## Register an application for management tasks
try {
$graphuri = 'https://graph.microsoft.com/beta/trustframework/policies/' + $PolicyId + '/$value' $content = [System.Text.Encoding]::UTF8.GetBytes($policycontent)
- $response = Invoke-RestMethod -Uri $graphuri -Method Put -Body $content -Headers $headers
+ $response = Invoke-RestMethod -Uri $graphuri -Method Put -Body $content -Headers $headers -ContentType "application/xml; charset=utf-8"
Write-Host "Policy" $PolicyId "uploaded successfully." }
A pipeline task is a pre-packaged script that performs an action. Add a task tha
1. In the pipeline you created, select the **Tasks** tab. 1. Select **Agent job**, and then select the plus sign (**+**) to add a task to the Agent job.
-1. Search for and select **PowerShell**. Do not select "Azure PowerShell," "PowerShell on target machines," or another PowerShell entry.
+1. Search for and select **PowerShell**. Don't select "Azure PowerShell," "PowerShell on target machines," or another PowerShell entry.
1. Select newly added **PowerShell Script** task. 1. Enter following values for the PowerShell Script task: * **Task version**: 2.*
active-directory-domain-services Concepts Migration Benefits https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-domain-services/concepts-migration-benefits.md
After migration, Azure AD DS provides many features that are only available for
* [Email notifications for alerts on your managed domain][email-alerts]. * [Use Azure Workbooks and Azure monitor to view audit logs and sign-in activity][workbooks]. * In supported regions, [Azure Availability Zones][availability-zones].
-* Integrations with other Azure products such as [Azure Files][azure-files], [HD Insights][hd-insights], and [Windows Virtual Desktop][wvd].
+* Integrations with other Azure products such as [Azure Files][azure-files], [HD Insights][hd-insights], and [Azure Virtual Desktop][avd].
* Support has access to more telemetry and can help troubleshoot more effectively. * Encryption at rest using [Azure Managed Disks][managed-disks] for the data on the managed domain controllers.
To get started, see [Migrate Azure AD Domain Services from the Classic virtual n
[workbooks]: use-azure-monitor-workbooks.md [azure-files]: ../storage/files/storage-files-identity-auth-active-directory-domain-service-enable.md [hd-insights]: ../hdinsight/domain-joined/apache-domain-joined-configure-using-azure-adds.md
-[wvd]: ../virtual-desktop/overview.md
+[avd]: ../virtual-desktop/overview.md
[availability-zones]: ../availability-zones/az-overview.md [howto-migrate]: migrate-from-classic-vnet.md [attributes]: synchronization.md#attribute-synchronization-and-mapping-to-azure-ad-ds
active-directory Application Proxy Release Version History https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/app-proxy/application-proxy-release-version-history.md
Previously updated : 04/27/2021 Last updated : 03/24/2022
Here is a list of related resources:
| Understand Azure AD Application Proxy connectors | Find out more about [connector management](application-proxy-connectors.md) and how connectors [auto-upgrade](application-proxy-connectors.md#automatic-updates). | | Azure AD Application Proxy Connector Download | [Download the latest connector](https://download.msappproxy.net/subscription/d3c8b69d-6bf7-42be-a529-3fe9c2e70c90/connector/download). |
+## 1.5.2846.0
+
+### Release status
+
+March 22, 2022: Released for download. This version is only available for install via the download page.
+
+### New features and improvements
+
+- Increased the number of HTTP headers supported on HTTP requests from 41 to 60.
+- Improved error handling of SSL failures between the connector and Azure services.
+- Updated the default connection limit to 200 for connector traffic when going through outbound proxy. To learn more about outbound proxy, see [Work with existing on-premises proxy servers](application-proxy-configure-connectors-with-proxy-servers.md#use-the-outbound-proxy-server).
+- Deprecated the use of ADAL and implemented MSAL as part of the connector installation flow.
+
+### Fixed issues
+- Return original error code and response instead of a 400 Bad Request code for failing websocket connect attempts.
+ ## 1.5.1975.0 ### Release status
active-directory Fido2 Compatibility https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/fido2-compatibility.md
This table shows support for authenticating Azure Active Directory (Azure AD) an
|::|::|::|::|::|::|::|::|::|::| | | USB | NFC | BLE | USB | NFC | BLE | USB | NFC | BLE | | **Windows** | ![Chrome supports USB on Windows for AAD accounts.][y] | ![Chrome supports NFC on Windows for AAD accounts.][y] | ![Chrome supports BLE on Windows for AAD accounts.][y] | ![Edge supports USB on Windows for AAD accounts.][y] | ![Edge supports NFC on Windows for AAD accounts.][y] | ![Edge supports BLE on Windows for AAD accounts.][y] | ![Firefox supports USB on Windows for AAD accounts.][y] | ![Firefox supports NFC on Windows for AAD accounts.][y] | ![Firefox supports BLE on Windows for AAD accounts.][y] |
-| **macOS** | ![Chrome supports USB on macOS for AAD accounts.][y] | ![Chrome does not support NFC on macOS for AAD accounts.][n] | ![Chrome does not support BLE on macOS for AAD accounts.][n] | ![Edge supports USB on macOS for AAD accounts.][y] | ![Edge does not support NFC on macOS for AAD accounts.][n] | ![Edge does not support BLE on macOS for AAD accounts.][n] | ![Firefox does not support USB on macOS for AAD accounts.][n] | ![Firefox does not support NFC on macOS for AAD accounts.][n] | ![Firefox does not support BLE on macOS for AAD accounts.][n] |
+| **MacOS** | ![Chrome supports USB on MacOS for AAD accounts.][y] | ![Chrome does not support NFC on MacOS for AAD accounts.][n] | ![Chrome does not support BLE on MacOS for AAD accounts.][n] | ![Edge supports USB on MacOS for AAD accounts.][y] | ![Edge does not support NFC on MacOS for AAD accounts.][n] | ![Edge does not support BLE on MacOS for AAD accounts.][n] | ![Firefox supports USB on MacOS for AAD accounts.][y] | ![Firefox does not support NFC on MacOS for AAD accounts.][n] | ![Firefox does not support BLE on MacOS for AAD accounts.][n] |
+| **ChromeOS** | ![Chrome supports USB on ChromeOS for AAD accounts.][y] | ![Chrome supports NFC on ChromeOS for AAD accounts.][n] | ![Chrome supports BLE on ChromeOS for AAD accounts.][n] | ![Edge supports USB on ChromeOS for AAD accounts.][n] | ![Edge supports NFC on ChromeOS for AAD accounts.][n] | ![Edge supports BLE on ChromeOS for AAD accounts.][n] | ![Firefox supports USB on ChromeOS for AAD accounts.][n] | ![Firefox supports NFC on ChromeOS for AAD accounts.][n] | ![Firefox supports BLE on ChromeOS for AAD accounts.][n] |
| **Linux** | ![Chrome supports USB on Linux for AAD accounts.][y] | ![Chrome does not support NFC on Linux for AAD accounts.][n] | ![Chrome does not support BLE on Linux for AAD accounts.][n] | ![Edge does not support USB on Linux for AAD accounts.][n] | ![Edge does not support NFC on Linux for AAD accounts.][n] | ![Edge does not support BLE on Linux for AAD accounts.][n] | ![Firefox does not support USB on Linux for AAD accounts.][n] | ![Firefox does not support NFC on Linux for AAD accounts.][n] | ![Firefox does not support BLE on Linux for AAD accounts.][n] |
The following operating system and browser combinations are not supported, but f
| iOS | Safari, Brave | | macOS | Safari | | Android | Chrome |
-| ChromeOS | Chrome |
## Minimum browser version
active-directory Howto Mfa Nps Extension https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/howto-mfa-nps-extension.md
The following script is available to perform basic health check steps when troub
[MFA_NPS_Troubleshooter.ps1](/samples/azure-samples/azure-mfa-nps-extension-health-check/azure-mfa-nps-extension-health-check/)
+### How to fix the error "Service principal was not found" while running `AzureMfaNpsExtnConfigSetup.ps1` script?
+
+If for any reason the "Azure Multi-Factor Auth Client" service principal was not created in the tenant , it can be manually created by running the `New-MsolServicePrincipal` cmdlet as shown below.
+
+```powershell
+import-module MSOnline
+Connect-MsolService
+New-MsolServicePrincipal -AppPrincipalId 981f26a1-7f43-403b-a875-f8b09b8cd720 -DisplayName "Azure Multi-Factor Auth Client"
+```
+Once done , go to https://aad.portal.azure.com > "Enterprise Applications" > Search for "Azure Multi-Factor Auth Client" > Check properties for this app > Confirm if the service principal is enabled or disabled > Click on the application entry > Go to Properties of the app > If the option "Enabled for users to sign-in? is set to No in Properties of this app , please set it to Yes.
+
+Run the `AzureMfaNpsExtnConfigSetup.ps1` script again and it should not return the `Service principal was not found` error.
+ ### How do I verify that the client cert is installed as expected? Look for the self-signed certificate created by the installer in the cert store, and check that the private key has permissions granted to user *NETWORK SERVICE*. The cert has a subject name of **CN \<tenantid\>, OU = Microsoft NPS Extension**
active-directory Howto Sspr Deployment https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/howto-sspr-deployment.md
+adobe-target: true
# Plan an Azure Active Directory self-service password reset deployment
active-directory Concept Conditional Access Cloud Apps https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/conditional-access/concept-conditional-access-cloud-apps.md
The following key applications are included in the Office 365 client app:
- Microsoft Whiteboard Services - Office Delve - Office Online-- Office.com - OneDrive - Power Apps - Power Automate
For more information about authentication context use in applications, see the f
- [Conditional Access: Conditions](concept-conditional-access-conditions.md) - [Conditional Access common policies](concept-conditional-access-policy-common.md)-- [Client application dependencies](service-dependencies.md)
+- [Client application dependencies](service-dependencies.md)
active-directory Howto Vm Sign In Azure Ad Linux https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/devices/howto-vm-sign-in-azure-ad-linux.md
Azure Cloud Shell is a free, interactive shell that you can use to run the steps
If you choose to install and use the CLI locally, this article requires that youΓÇÖre running the Azure CLI version 2.22.1 or later. Run `az --version` to find the version. If you need to install or upgrade, see the article Install Azure CLI.
-1. Create a resource group with [az group create](/cli/azure/group#az_group_create).
-1. Create a VM with [az vm create](/cli/azure/vm#az_vm_create&preserve-view=true) using a supported distribution in a supported region.
-1. Install the Azure AD login VM extension with [az vm extension set](/cli/azure/vm/extension#az_vm_extension_set).
+1. Create a resource group with [az group create](/cli/azure/group#az-group-create).
+1. Create a VM with [az vm create](/cli/azure/vm#az-vm-create&preserve-view=true) using a supported distribution in a supported region.
+1. Install the Azure AD login VM extension with [az vm extension set](/cli/azure/vm/extension#az-vm-extension-set).
The following example deploys a VM and then installs the extension to enable Azure AD login for Linux VM. VM extensions are small applications that provide post-deployment configuration and automation tasks on Azure virtual machines.
After a few moments, the security principal is assigned the role at the selected
### Using the Azure Cloud Shell experience
-The following example uses [az role assignment create](/cli/azure/role/assignment#az_role_assignment_create) to assign the Virtual Machine Administrator Login role to the VM for your current Azure user. The username of your current Azure account is obtained with [az account show](/cli/azure/account#az_account_show), and the scope is set to the VM created in a previous step with [az vm show](/cli/azure/vm#az_vm_show). The scope could also be assigned at a resource group or subscription level, normal Azure RBAC inheritance permissions apply.
+The following example uses [az role assignment create](/cli/azure/role/assignment#az-role-assignment-create) to assign the Virtual Machine Administrator Login role to the VM for your current Azure user. The username of your current Azure account is obtained with [az account show](/cli/azure/account#az-account-show), and the scope is set to the VM created in a previous step with [az vm show](/cli/azure/vm#az-vm-show). The scope could also be assigned at a resource group or subscription level, normal Azure RBAC inheritance permissions apply.
```azurecli-interactive username=$(az account show --query user.name --output tsv)
az role assignment create \
``` > [!NOTE]
-> If your Azure AD domain and logon username domain do not match, you must specify the object ID of your user account with the `--assignee-object-id`, not just the username for `--assignee`. You can obtain the object ID for your user account with [az ad user list](/cli/azure/ad/user#az_ad_user_list).
+> If your Azure AD domain and logon username domain do not match, you must specify the object ID of your user account with the `--assignee-object-id`, not just the username for `--assignee`. You can obtain the object ID for your user account with [az ad user list](/cli/azure/ad/user#az-ad-user-list).
For more information on how to use Azure RBAC to manage access to your Azure subscription resources, see the article [Steps to assign an Azure role](../../role-based-access-control/role-assignments-steps.md).
Solution 2: Perform these actions:
Virtual machine scale set VM connections may fail if the virtual machine scale set instances are running an old model. Upgrading virtual machine scale set instances to the latest model may resolve issues, especially if an upgrade hasnΓÇÖt been done since the Azure AD Login extension was installed. Upgrading an instance applies a standard virtual machine scale set configuration to the individual instance.
+### AllowGroups / DenyGroups statements in sshd_config cause first login to fail for Azure AD users
+
+Cause 1: If sshd_config contains either AllowGroups or DenyGroups statements, the very first login fails for Azure AD users. If the statement was added after a user already has a successful login, they can log in.
+
+Solution 1: Remove AllowGroups and DenyGroups statements from sshd_config.
+
+Solution 2: Move AllowGroups and DenyGroups to a "match user" section in sshd_config. Make sure the match template excludes Azure AD users.
+ ## Next steps [What is a device identity?](overview.md)
active-directory Howto Vm Sign In Azure Ad Windows https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/devices/howto-vm-sign-in-azure-ad-windows.md
Azure Cloud Shell is a free, interactive shell that you can use to run the steps
If you choose to install and use the CLI locally, this article requires that you are running the Azure CLI version 2.0.31 or later. Run az --version to find the version. If you need to install or upgrade, see the article [Install Azure CLI](/cli/azure/install-azure-cli).
-1. Create a resource group with [az group create](/cli/azure/group#az_group_create).
-1. Create a VM with [az vm create](/cli/azure/vm#az_vm_create) using a supported distribution in a supported region.
+1. Create a resource group with [az group create](/cli/azure/group#az-group-create).
+1. Create a VM with [az vm create](/cli/azure/vm#az-vm-create) using a supported distribution in a supported region.
1. Install the Azure AD login VM extension. The following example deploys a VM named myVM that uses Win2019Datacenter, into a resource group named myResourceGroup, in the southcentralus region. In the following examples, you can provide your own resource group and VM names as needed.
az vm create \
It takes a few minutes to create the VM and supporting resources.
-Finally, install the Azure AD login VM extension to enable Azure AD login for Windows VM. VM extensions are small applications that provide post-deployment configuration and automation tasks on Azure virtual machines. Use [az vm extension](/cli/azure/vm/extension#az_vm_extension_set) set to install the AADLoginForWindows extension on the VM named `myVM` in the `myResourceGroup` resource group:
+Finally, install the Azure AD login VM extension to enable Azure AD login for Windows VM. VM extensions are small applications that provide post-deployment configuration and automation tasks on Azure virtual machines. Use [az vm extension](/cli/azure/vm/extension#az-vm-extension-set) set to install the AADLoginForWindows extension on the VM named `myVM` in the `myResourceGroup` resource group:
> [!NOTE] > You can install AADLoginForWindows extension on an existing Windows Server 2019 or Windows 10 1809 and later VM to enable it for Azure AD authentication. An example of AZ CLI is shown below.
To configure role assignments for your Azure AD enabled Windows Server 2019 Data
### Using the Azure Cloud Shell experience
-The following example uses [az role assignment create](/cli/azure/role/assignment#az_role_assignment_create) to assign the Virtual Machine Administrator Login role to the VM for your current Azure user. The username of your active Azure account is obtained with [az account show](/cli/azure/account#az_account_show), and the scope is set to the VM created in a previous step with [az vm show](/cli/azure/vm#az_vm_show). The scope could also be assigned at a resource group or subscription level, and normal Azure RBAC inheritance permissions apply. For more information, see [Log in to a Linux virtual machine in Azure using Azure Active Directory authentication](../../virtual-machines/linux/login-using-aad.md).
+The following example uses [az role assignment create](/cli/azure/role/assignment#az-role-assignment-create) to assign the Virtual Machine Administrator Login role to the VM for your current Azure user. The username of your active Azure account is obtained with [az account show](/cli/azure/account#az-account-show), and the scope is set to the VM created in a previous step with [az vm show](/cli/azure/vm#az-vm-show). The scope could also be assigned at a resource group or subscription level, and normal Azure RBAC inheritance permissions apply. For more information, see [Log in to a Linux virtual machine in Azure using Azure Active Directory authentication](../../virtual-machines/linux/login-using-aad.md).
``` AzureCLI $username=$(az account show --query user.name --output tsv)
az role assignment create \
``` > [!NOTE]
-> If your AAD domain and logon username domain do not match, you must specify the object ID of your user account with the `--assignee-object-id`, not just the username for `--assignee`. You can obtain the object ID for your user account with [az ad user list](/cli/azure/ad/user#az_ad_user_list).
+> If your AAD domain and logon username domain do not match, you must specify the object ID of your user account with the `--assignee-object-id`, not just the username for `--assignee`. You can obtain the object ID for your user account with [az ad user list](/cli/azure/ad/user#az-ad-user-list).
For more information on how to use Azure RBAC to manage access to your Azure subscription resources, see the following articles:
active-directory Active Directory How To Find Tenant https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/fundamentals/active-directory-how-to-find-tenant.md
az account list
az account tenant list ```
-For more information, see [az login](/cli/azure/reference-index#az_login) command reference, [az account](/cli/azure/account) command reference, or [az account tenant](/cli/azure/account/tenant) command reference.
+For more information, see [az login](/cli/azure/reference-index#az-login) command reference, [az account](/cli/azure/account) command reference, or [az account tenant](/cli/azure/account/tenant) command reference.
For Microsoft 365 CLI, use the cmdlet **tenant id** as shown in the following example:
active-directory Entitlement Management Access Package Approval Policy https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/governance/entitlement-management-access-package-approval-policy.md
If you selected a multi-stage approval, you'll need to add an approver for each
1. Set the Require approver justification toggle to **Yes** or **No**.
- You also have the option to add an additional stage for a three-stage approval process. For example, you might want an employeeΓÇÖs manager to be the first stage approver for an access package. But, one of the resources in the access package contains confidential information. In this case, you could designate the resource owner as a second approver and a security reviewer as the third approver (Preview).
+ You also have the option to add an additional stage for a three-stage approval process. For example, you might want an employeeΓÇÖs manager to be the first stage approver for an access package. But, one of the resources in the access package contains confidential information. In this case, you could designate the resource owner as a second approver and a security reviewer as the third approver. That allows a security team to have oversight into the process and the ability to, for example, reject a request based on risk criteria not known to the resource owner.
-1. Add the **Third Approver (Preview)**:
+1. Add the **Third Approver**:
If the users are in your directory, add a specific user as the third approver by clicking **Add approvers** under Choose specific approvers.
- If the users aren't in your directory, select **Internal sponsor** or **External sponsor** as the third approver. After selecting the approver, add the fallback approvers.
+ If the users aren't in your directory, you also have the option to select **Internal sponsor** or **External sponsor** as the third approver. After selecting the approver, add the fallback approvers.
> [!NOTE] > <ul>Like the second stage, if the users are in your directory and **Manager as approver** is selected in either the first or second stage of approval, you will only see an option to select specific approvers for the third stage of approval.</ul><ul>If you want to designate the manager as a third approver, you can adjust your selections in the previous approval stages to ensure that **Manager as approver** isnΓÇÖt selected. Then, you should see **Manager as approver** as an option in the dropdown.</ul><ul>If the users arenΓÇÖt in your directory and you have not selected **Internal sponsor** or **External sponsor** as approvers in previous stages, you will see them as options for **Third Approver**. Otherwise, you will only be able to select **Choose specific approvers**.</ul>
-1. Specify the number of days the third approver (Preview) has to approve the request in the box under **Decision must be made in how many days?**.
+1. Specify the number of days the third approver has to approve the request in the box under **Decision must be made in how many days?**.
1. Set the Require approver justification toggle to **Yes** or **No**.
active-directory How To Connect Password Hash Synchronization https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/how-to-connect-password-hash-synchronization.md
To support temporary passwords in Azure AD for synchronized users, you can enabl
> [!NOTE] > Forcing a user to change their password on next logon requires a password change at the same time. Azure AD Connect will not pick up the force password change flag by itself; it is supplemental to the detected password change that occurs during password hash sync.
+>
+> If the user has the option "Password never expires" set in Active Directory (AD), the force password change flag will not be set in Active Directory (AD), so the user will not be prompted to change the password during the next sign-in.
> [!CAUTION] > You should only use this feature when SSPR and Password Writeback are enabled on the tenant. This is so that if a user changes their password via SSPR, it will be synchronized to Active Directory.
active-directory How Manage User Assigned Managed Identities https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/managed-identities-azure-resources/how-manage-user-assigned-managed-identities.md
In this article, you learn how to create, list, delete, or assign a role to a us
To create a user-assigned managed identity, your account needs the [Managed Identity Contributor](../../role-based-access-control/built-in-roles.md#managed-identity-contributor) role assignment.
-Use the [az identity create](/cli/azure/identity#az_identity_create) command to create a user-assigned managed identity. The `-g` parameter specifies the resource group where to create the user-assigned managed identity. The `-n` parameter specifies its name. Replace the `<RESOURCE GROUP>` and `<USER ASSIGNED IDENTITY NAME>` parameter values with your own values.
+Use the [az identity create](/cli/azure/identity#az-identity-create) command to create a user-assigned managed identity. The `-g` parameter specifies the resource group where to create the user-assigned managed identity. The `-n` parameter specifies its name. Replace the `<RESOURCE GROUP>` and `<USER ASSIGNED IDENTITY NAME>` parameter values with your own values.
[!INCLUDE [ua-character-limit](~/includes/managed-identity-ua-character-limits.md)]
az identity create -g <RESOURCE GROUP> -n <USER ASSIGNED IDENTITY NAME>
To list or read a user-assigned managed identity, your account needs the [Managed Identity Operator](../../role-based-access-control/built-in-roles.md#managed-identity-operator) or [Managed Identity Contributor](../../role-based-access-control/built-in-roles.md#managed-identity-contributor) role assignment.
-To list user-assigned managed identities, use the [az identity list](/cli/azure/identity#az_identity_list) command. Replace the `<RESOURCE GROUP>` value with your own value.
+To list user-assigned managed identities, use the [az identity list](/cli/azure/identity#az-identity-list) command. Replace the `<RESOURCE GROUP>` value with your own value.
```azurecli-interactive az identity list -g <RESOURCE GROUP>
In the JSON response, user-assigned managed identities have the `"Microsoft.Mana
To delete a user-assigned managed identity, your account needs the [Managed Identity Contributor](../../role-based-access-control/built-in-roles.md#managed-identity-contributor) role assignment.
-To delete a user-assigned managed identity, use the [az identity delete](/cli/azure/identity#az_identity_delete) command. The -n parameter specifies its name. The -g parameter specifies the resource group where the user-assigned managed identity was created. Replace the `<USER ASSIGNED IDENTITY NAME>` and `<RESOURCE GROUP>` parameter values with your own values.
+To delete a user-assigned managed identity, use the [az identity delete](/cli/azure/identity#az-identity-delete) command. The -n parameter specifies its name. The -g parameter specifies the resource group where the user-assigned managed identity was created. Replace the `<USER ASSIGNED IDENTITY NAME>` and `<RESOURCE GROUP>` parameter values with your own values.
```azurecli-interactive az identity delete -n <USER ASSIGNED IDENTITY NAME> -g <RESOURCE GROUP>
In this article, you learn how to create, list, and delete a user-assigned manag
az login ```
-1. Obtain an access token by using [az account get-access-token](/cli/azure/account#az_account_get_access_token).
+1. Obtain an access token by using [az account get-access-token](/cli/azure/account#az-account-get-access-token).
```azurecli-interactive az account get-access-token
active-directory Howto Assign Access Cli https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/managed-identities-azure-resources/howto-assign-access-cli.md
If you don't already have an Azure account, [sign up for a free account](https:/
After you've enabled managed identity on an Azure resource, such as an [Azure virtual machine](qs-configure-cli-windows-vm.md) or [Azure virtual machine scale set](qs-configure-cli-windows-vmss.md):
-1. In this example, we are giving an Azure virtual machine access to a storage account. First we use [az resource list](/cli/azure/resource/#az_resource_list) to get the service principal for the virtual machine named myVM:
+1. In this example, we are giving an Azure virtual machine access to a storage account. First we use [az resource list](/cli/azure/resource/#az-resource-list) to get the service principal for the virtual machine named myVM:
```azurecli-interactive spID=$(az resource list -n myVM --query [*].identity.principalId --out tsv)
After you've enabled managed identity on an Azure resource, such as an [Azure vi
spID=$(az resource list -n DevTestVMSS --query [*].identity.principalId --out tsv) ```
-1. Once you have the service principal ID, use [az role assignment create](/cli/azure/role/assignment#az_role_assignment_create) to give the virtual machine or virtual machine scale set "Reader" access to a storage account called "myStorageAcct":
+1. Once you have the service principal ID, use [az role assignment create](/cli/azure/role/assignment#az-role-assignment-create) to give the virtual machine or virtual machine scale set "Reader" access to a storage account called "myStorageAcct":
```azurecli-interactive az role assignment create --assignee $spID --role 'Reader' --scope /subscriptions/<mySubscriptionID>/resourceGroups/<myResourceGroup>/providers/Microsoft.Storage/storageAccounts/myStorageAcct
active-directory Msi Tutorial Linux Vm Access Arm https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/managed-identities-azure-resources/msi-tutorial-linux-vm-access-arm.md
In this tutorial, you learn how to:
- You also need a Linux Virtual machine. If you need to create a virtual machine for this tutorial, you can follow the article titled [Create a Linux virtual machine with the Azure portal](../../virtual-machines/linux/quick-create-portal.md#create-virtual-machine) - To run the example scripts, you have two options: - Use the [Azure Cloud Shell](../../cloud-shell/overview.md), which you can open using the **Try It** button on the top-right corner of code blocks.
- - Run scripts locally by installing the latest version of the [Azure CLI](/cli/azure/install-azure-cli), then sign in to Azure using [az login](/cli/azure/reference-index#az_login).
+ - Run scripts locally by installing the latest version of the [Azure CLI](/cli/azure/install-azure-cli), then sign in to Azure using [az login](/cli/azure/reference-index#az-login).
## Create a user-assigned managed identity
-Create a user-assigned managed identity using [az identity create](/cli/azure/identity#az_identity_create). The `-g` parameter specifies the resource group where the user-assigned managed identity is created, and the `-n` parameter specifies its name. Be sure to replace the `<RESOURCE GROUP>` and `<UAMI NAME>` parameter values with your own values:
+Create a user-assigned managed identity using [az identity create](/cli/azure/identity#az-identity-create). The `-g` parameter specifies the resource group where the user-assigned managed identity is created, and the `-n` parameter specifies its name. Be sure to replace the `<RESOURCE GROUP>` and `<UAMI NAME>` parameter values with your own values:
[!INCLUDE [ua-character-limit](~/includes/managed-identity-ua-character-limits.md)]
active-directory Qs Configure Cli Windows Vm https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/managed-identities-azure-resources/qs-configure-cli-windows-vm.md
In this section, you learn how to enable and disable the system-assigned managed
To create an Azure VM with the system-assigned managed identity enabled, your account needs the [Virtual Machine Contributor](../../role-based-access-control/built-in-roles.md#virtual-machine-contributor) role assignment. No other Azure AD directory role assignments are required.
-1. Create a [resource group](../../azure-resource-manager/management/overview.md#terminology) for containment and deployment of your VM and its related resources, using [az group create](/cli/azure/group/#az_group_create). You can skip this step if you already have resource group you would like to use instead:
+1. Create a [resource group](../../azure-resource-manager/management/overview.md#terminology) for containment and deployment of your VM and its related resources, using [az group create](/cli/azure/group/#az-group-create). You can skip this step if you already have resource group you would like to use instead:
```azurecli-interactive az group create --name myResourceGroup --location westus ```
-1. Create a VM using [az vm create](/cli/azure/vm/#az_vm_create). The following example creates a VM named *myVM* with a system-assigned managed identity, as requested by the `--assign-identity` parameter. The `--admin-username` and `--admin-password` parameters specify the administrative user name and password account for virtual machine sign-in. Update these values as appropriate for your environment:
+1. Create a VM using [az vm create](/cli/azure/vm/#az-vm-create). The following example creates a VM named *myVM* with a system-assigned managed identity, as requested by the `--assign-identity` parameter. The `--admin-username` and `--admin-password` parameters specify the administrative user name and password account for virtual machine sign-in. Update these values as appropriate for your environment:
```azurecli-interactive az vm create --resource-group myResourceGroup --name myVM --image win2016datacenter --generate-ssh-keys --assign-identity --admin-username azureuser --admin-password myPassword12
To create an Azure VM with the system-assigned managed identity enabled, your ac
To enable system-assigned managed identity on a VM, your account needs the [Virtual Machine Contributor](../../role-based-access-control/built-in-roles.md#virtual-machine-contributor) role assignment. No other Azure AD directory role assignments are required.
-1. If you're using the Azure CLI in a local console, first sign in to Azure using [az login](/cli/azure/reference-index#az_login). Use an account that is associated with the Azure subscription that contains the VM.
+1. If you're using the Azure CLI in a local console, first sign in to Azure using [az login](/cli/azure/reference-index#az-login). Use an account that is associated with the Azure subscription that contains the VM.
```azurecli-interactive az login
In this section, you will learn how to add and remove a user-assigned managed id
To assign a user-assigned identity to a VM during its creation, your account needs the [Virtual Machine Contributor](../../role-based-access-control/built-in-roles.md#virtual-machine-contributor) and [Managed Identity Operator](../../role-based-access-control/built-in-roles.md#managed-identity-operator) role assignments. No other Azure AD directory role assignments are required.
-1. You can skip this step if you already have a resource group you would like to use. Create a [resource group](~/articles/azure-resource-manager/management/overview.md#terminology) for containment and deployment of your user-assigned managed identity, using [az group create](/cli/azure/group/#az_group_create). Be sure to replace the `<RESOURCE GROUP>` and `<LOCATION>` parameter values with your own values. :
+1. You can skip this step if you already have a resource group you would like to use. Create a [resource group](~/articles/azure-resource-manager/management/overview.md#terminology) for containment and deployment of your user-assigned managed identity, using [az group create](/cli/azure/group/#az-group-create). Be sure to replace the `<RESOURCE GROUP>` and `<LOCATION>` parameter values with your own values. :
```azurecli-interactive az group create --name <RESOURCE GROUP> --location <LOCATION> ```
-2. Create a user-assigned managed identity using [az identity create](/cli/azure/identity#az_identity_create). The `-g` parameter specifies the resource group where the user-assigned managed identity is created, and the `-n` parameter specifies its name.
+2. Create a user-assigned managed identity using [az identity create](/cli/azure/identity#az-identity-create). The `-g` parameter specifies the resource group where the user-assigned managed identity is created, and the `-n` parameter specifies its name.
[!INCLUDE [ua-character-limit](~/includes/managed-identity-ua-character-limits.md)]
To assign a user-assigned identity to a VM during its creation, your account nee
} ```
-3. Create a VM using [az vm create](/cli/azure/vm/#az_vm_create). The following example creates a VM associated with the new user-assigned identity, as specified by the `--assign-identity` parameter. Be sure to replace the `<RESOURCE GROUP>`, `<VM NAME>`, `<USER NAME>`, `<PASSWORD>`, and `<USER ASSIGNED IDENTITY NAME>` parameter values with your own values.
+3. Create a VM using [az vm create](/cli/azure/vm/#az-vm-create). The following example creates a VM associated with the new user-assigned identity, as specified by the `--assign-identity` parameter. Be sure to replace the `<RESOURCE GROUP>`, `<VM NAME>`, `<USER NAME>`, `<PASSWORD>`, and `<USER ASSIGNED IDENTITY NAME>` parameter values with your own values.
```azurecli-interactive az vm create --resource-group <RESOURCE GROUP> --name <VM NAME> --image UbuntuLTS --admin-username <USER NAME> --admin-password <PASSWORD> --assign-identity <USER ASSIGNED IDENTITY NAME>
To assign a user-assigned identity to a VM during its creation, your account nee
To assign a user-assigned identity to a VM, your account needs the [Virtual Machine Contributor](../../role-based-access-control/built-in-roles.md#virtual-machine-contributor) and [Managed Identity Operator](../../role-based-access-control/built-in-roles.md#managed-identity-operator) role assignments. No other Azure AD directory role assignments are required.
-1. Create a user-assigned identity using [az identity create](/cli/azure/identity#az_identity_create). The `-g` parameter specifies the resource group where the user-assigned identity is created, and the `-n` parameter specifies its name. Be sure to replace the `<RESOURCE GROUP>` and `<USER ASSIGNED IDENTITY NAME>` parameter values with your own values:
+1. Create a user-assigned identity using [az identity create](/cli/azure/identity#az-identity-create). The `-g` parameter specifies the resource group where the user-assigned identity is created, and the `-n` parameter specifies its name. Be sure to replace the `<RESOURCE GROUP>` and `<USER ASSIGNED IDENTITY NAME>` parameter values with your own values:
> [!IMPORTANT] > Creating user-assigned managed identities with special characters (i.e. underscore) in the name is not currently supported. Please use alphanumeric characters. Check back for updates. For more information, see [FAQs and known issues](known-issues.md)
active-directory Qs Configure Cli Windows Vmss https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/managed-identities-azure-resources/qs-configure-cli-windows-vmss.md
In this section, you learn how to enable and disable the system-assigned managed
To create a virtual machine scale set with the system-assigned managed identity enabled:
-1. Create a [resource group](../../azure-resource-manager/management/overview.md#terminology) for containment and deployment of your virtual machine scale set and its related resources, using [az group create](/cli/azure/group/#az_group_create). You can skip this step if you already have a resource group you would like to use instead:
+1. Create a [resource group](../../azure-resource-manager/management/overview.md#terminology) for containment and deployment of your virtual machine scale set and its related resources, using [az group create](/cli/azure/group/#az-group-create). You can skip this step if you already have a resource group you would like to use instead:
```azurecli-interactive az group create --name myResourceGroup --location westus ```
-1. [Create](/cli/azure/vmss/#az_vmss_create) a virtual machine scale set. The following example creates a virtual machine scale set named *myVMSS* with a system-assigned managed identity, as requested by the `--assign-identity` parameter. The `--admin-username` and `--admin-password` parameters specify the administrative user name and password account for virtual machine sign-in. Update these values as appropriate for your environment:
+1. [Create](/cli/azure/vmss/#az-vmss-create) a virtual machine scale set. The following example creates a virtual machine scale set named *myVMSS* with a system-assigned managed identity, as requested by the `--assign-identity` parameter. The `--admin-username` and `--admin-password` parameters specify the administrative user name and password account for virtual machine sign-in. Update these values as appropriate for your environment:
```azurecli-interactive az vmss create --resource-group myResourceGroup --name myVMSS --image win2016datacenter --upgrade-policy-mode automatic --custom-data cloud-init.txt --admin-username azureuser --admin-password myPassword12 --assign-identity --generate-ssh-keys
To create a virtual machine scale set with the system-assigned managed identity
### Enable system-assigned managed identity on an existing Azure virtual machine scale set
-If you need to [Enable](/cli/azure/vmss/identity/#az_vmss_identity_assign) the system-assigned managed identity on an existing Azure virtual machine scale set:
+If you need to [Enable](/cli/azure/vmss/identity/#az-vmss-identity-assign) the system-assigned managed identity on an existing Azure virtual machine scale set:
```azurecli-interactive az vmss identity assign -g myResourceGroup -n myVMSS
In this section, you learn how to enable and remove a user-assigned managed iden
This section walks you through creation of a virtual machine scale set and assignment of a user-assigned managed identity to the virtual machine scale set. If you already have a virtual machine scale set you want to use, skip this section and proceed to the next.
-1. You can skip this step if you already have a resource group you would like to use. Create a [resource group](~/articles/azure-resource-manager/management/overview.md#terminology) for containment and deployment of your user-assigned managed identity, using [az group create](/cli/azure/group/#az_group_create). Be sure to replace the `<RESOURCE GROUP>` and `<LOCATION>` parameter values with your own values. :
+1. You can skip this step if you already have a resource group you would like to use. Create a [resource group](~/articles/azure-resource-manager/management/overview.md#terminology) for containment and deployment of your user-assigned managed identity, using [az group create](/cli/azure/group/#az-group-create). Be sure to replace the `<RESOURCE GROUP>` and `<LOCATION>` parameter values with your own values. :
```azurecli-interactive az group create --name <RESOURCE GROUP> --location <LOCATION> ```
-2. Create a user-assigned managed identity using [az identity create](/cli/azure/identity#az_identity_create). The `-g` parameter specifies the resource group where the user-assigned managed identity is created, and the `-n` parameter specifies its name. Be sure to replace the `<RESOURCE GROUP>` and `<USER ASSIGNED IDENTITY NAME>` parameter values with your own values:
+2. Create a user-assigned managed identity using [az identity create](/cli/azure/identity#az-identity-create). The `-g` parameter specifies the resource group where the user-assigned managed identity is created, and the `-n` parameter specifies its name. Be sure to replace the `<RESOURCE GROUP>` and `<USER ASSIGNED IDENTITY NAME>` parameter values with your own values:
[!INCLUDE [ua-character-limit](~/includes/managed-identity-ua-character-limits.md)]
This section walks you through creation of a virtual machine scale set and assig
} ```
-3. [Create](/cli/azure/vmss/#az_vmss_create) a virtual machine scale set. The following example creates a virtual machine scale set associated with the new user-assigned managed identity, as specified by the `--assign-identity` parameter. Be sure to replace the `<RESOURCE GROUP>`, `<VMSS NAME>`, `<USER NAME>`, `<PASSWORD>`, and `<USER ASSIGNED IDENTITY>` parameter values with your own values.
+3. [Create](/cli/azure/vmss/#az-vmss-create) a virtual machine scale set. The following example creates a virtual machine scale set associated with the new user-assigned managed identity, as specified by the `--assign-identity` parameter. Be sure to replace the `<RESOURCE GROUP>`, `<VMSS NAME>`, `<USER NAME>`, `<PASSWORD>`, and `<USER ASSIGNED IDENTITY>` parameter values with your own values.
```azurecli-interactive az vmss create --resource-group <RESOURCE GROUP> --name <VMSS NAME> --image UbuntuLTS --admin-username <USER NAME> --admin-password <PASSWORD> --assign-identity <USER ASSIGNED IDENTITY>
This section walks you through creation of a virtual machine scale set and assig
### Assign a user-assigned managed identity to an existing virtual machine scale set
-1. Create a user-assigned managed identity using [az identity create](/cli/azure/identity#az_identity_create). The `-g` parameter specifies the resource group where the user-assigned managed identity is created, and the `-n` parameter specifies its name. Be sure to replace the `<RESOURCE GROUP>` and `<USER ASSIGNED IDENTITY NAME>` parameter values with your own values:
+1. Create a user-assigned managed identity using [az identity create](/cli/azure/identity#az-identity-create). The `-g` parameter specifies the resource group where the user-assigned managed identity is created, and the `-n` parameter specifies its name. Be sure to replace the `<RESOURCE GROUP>` and `<USER ASSIGNED IDENTITY NAME>` parameter values with your own values:
```azurecli-interactive az identity create -g <RESOURCE GROUP> -n <USER ASSIGNED IDENTITY NAME>
This section walks you through creation of a virtual machine scale set and assig
### Remove a user-assigned managed identity from an Azure virtual machine scale set
-To [remove](/cli/azure/vmss/identity#az_vmss_identity_remove) a user-assigned managed identity from a virtual machine scale set use `az vmss identity remove`. If this is the only user-assigned managed identity assigned to the virtual machine scale set, `UserAssigned` will be removed from the identity type value. Be sure to replace the `<RESOURCE GROUP>` and `<VIRTUAL MACHINE SCALE SET NAME>` parameter values with your own values. The `<USER ASSIGNED IDENTITY>` will be the user-assigned managed identity's `name` property, which can be found in the identity section of the virtual machine scale set using `az vmss identity show`:
+To [remove](/cli/azure/vmss/identity#az-vmss-identity-remove) a user-assigned managed identity from a virtual machine scale set use `az vmss identity remove`. If this is the only user-assigned managed identity assigned to the virtual machine scale set, `UserAssigned` will be removed from the identity type value. Be sure to replace the `<RESOURCE GROUP>` and `<VIRTUAL MACHINE SCALE SET NAME>` parameter values with your own values. The `<USER ASSIGNED IDENTITY>` will be the user-assigned managed identity's `name` property, which can be found in the identity section of the virtual machine scale set using `az vmss identity show`:
```azurecli-interactive az vmss identity remove -g <RESOURCE GROUP> -n <VIRTUAL MACHINE SCALE SET NAME> --identities <USER ASSIGNED IDENTITY>
active-directory Qs Configure Rest Vm https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/managed-identities-azure-resources/qs-configure-rest-vm.md
In this section, you learn how to enable and disable system-assigned managed ide
To create an Azure VM with the system-assigned managed identity enabled, your account needs the [Virtual Machine Contributor](../../role-based-access-control/built-in-roles.md#virtual-machine-contributor) role assignment. No other Azure AD directory role assignments are required.
-1. Create a [resource group](../../azure-resource-manager/management/overview.md#terminology) for containment and deployment of your VM and its related resources, using [az group create](/cli/azure/group/#az_group_create). You can skip this step if you already have resource group you would like to use instead:
+1. Create a [resource group](../../azure-resource-manager/management/overview.md#terminology) for containment and deployment of your VM and its related resources, using [az group create](/cli/azure/group/#az-group-create). You can skip this step if you already have resource group you would like to use instead:
```azurecli-interactive az group create --name myResourceGroup --location westus ```
-2. Create a [network interface](/cli/azure/network/nic#az_network_nic_create) for your VM:
+2. Create a [network interface](/cli/azure/network/nic#az-network-nic-create) for your VM:
```azurecli-interactive az network nic create -g myResourceGroup --vnet-name myVnet --subnet mySubnet -n myNic
To assign a user-assigned identity to a VM, your account needs the [Virtual Mach
az account get-access-token ```
-2. Create a [network interface](/cli/azure/network/nic#az_network_nic_create) for your VM:
+2. Create a [network interface](/cli/azure/network/nic#az-network-nic-create) for your VM:
```azurecli-interactive az network nic create -g myResourceGroup --vnet-name myVnet --subnet mySubnet -n myNic
active-directory Qs Configure Rest Vmss https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/managed-identities-azure-resources/qs-configure-rest-vmss.md
In this section, you learn how to enable and disable system-assigned managed ide
To create a virtual machine scale set with system-assigned managed identity enabled, you need create a virtual machine scale set and retrieve an access token to use CURL to call the Resource Manager endpoint with the system-assigned managed identity type value.
-1. Create a [resource group](../../azure-resource-manager/management/overview.md#terminology) for containment and deployment of your virtual machine scale set and its related resources, using [az group create](/cli/azure/group/#az_group_create). You can skip this step if you already have resource group you would like to use instead:
+1. Create a [resource group](../../azure-resource-manager/management/overview.md#terminology) for containment and deployment of your virtual machine scale set and its related resources, using [az group create](/cli/azure/group/#az-group-create). You can skip this step if you already have resource group you would like to use instead:
```azurecli-interactive az group create --name myResourceGroup --location westus ```
-2. Create a [network interface](/cli/azure/network/nic#az_network_nic_create) for your virtual machine scale set:
+2. Create a [network interface](/cli/azure/network/nic#az-network-nic-create) for your virtual machine scale set:
```azurecli-interactive az network nic create -g myResourceGroup --vnet-name myVnet --subnet mySubnet -n myNic
In this section, you learn how to add and remove user-assigned managed identity
az account get-access-token ```
-2. Create a [network interface](/cli/azure/network/nic#az_network_nic_create) for your virtual machine scale set:
+2. Create a [network interface](/cli/azure/network/nic#az-network-nic-create) for your virtual machine scale set:
```azurecli-interactive az network nic create -g myResourceGroup --vnet-name myVnet --subnet mySubnet -n myNic
active-directory Tutorial Linux Vm Access Cosmos Db https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/managed-identities-azure-resources/tutorial-linux-vm-access-cosmos-db.md
This tutorial shows you how to use a system-assigned managed identity for a Linu
- To perform the required resource creation and role management, your account needs "Owner" permissions at the appropriate scope (your subscription or resource group). If you need assistance with role assignment, see [Assign Azure roles to manage access to your Azure subscription resources](../../role-based-access-control/role-assignments-portal.md). - To run the example scripts, you have two options: - Use the [Azure Cloud Shell](../../cloud-shell/overview.md), which you can open using the **Try It** button on the top right corner of code blocks.
- - Run scripts locally by installing the latest version of the [Azure CLI](/cli/azure/install-azure-cli), then sign in to Azure using [az login](/cli/azure/reference-index#az_login). Use an account associated with the Azure subscription in which you'd like to create resources.
+ - Run scripts locally by installing the latest version of the [Azure CLI](/cli/azure/install-azure-cli), then sign in to Azure using [az login](/cli/azure/reference-index#az-login). Use an account associated with the Azure subscription in which you'd like to create resources.
## Create a Cosmos DB account
active-directory Tutorial Vm Managed Identities Cosmos https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/managed-identities-azure-resources/tutorial-vm-managed-identities-cosmos.md
New-AzVm `
# [Azure CLI](#tab/azure-cli)
-Create a VM using [az vm create](/cli/azure/vm/#az_vm_create). The following example creates a VM named *myVM* with a system-assigned managed identity, as requested by the `--assign-identity` parameter. The `--admin-username` and `--admin-password` parameters specify the administrative user name and password account for virtual machine sign-in. Update these values as appropriate for your environment:
+Create a VM using [az vm create](/cli/azure/vm/#az-vm-create). The following example creates a VM named *myVM* with a system-assigned managed identity, as requested by the `--assign-identity` parameter. The `--admin-username` and `--admin-password` parameters specify the administrative user name and password account for virtual machine sign-in. Update these values as appropriate for your environment:
```azurecli-interactive az vm create --resource-group myResourceGroup --name myVM --image win2016datacenter --generate-ssh-keys --assign-identity --admin-username azureuser --admin-password myPassword12
active-directory Amazon Web Service Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/amazon-web-service-tutorial.md
Previously updated : 03/08/2022 Last updated : 03/24/2022
We recommend this approach for the following reasons:
To get started, you need the following items: * An Azure AD subscription. If you don't have a subscription, you can get a [free account](https://azure.microsoft.com/free/).
-* An AWS single sign-on (SSO) enabled subscription.
+* An AWS IAM IdP enabled subscription.
+* Along with Cloud Application Administrator, Application Administrator can also add or manage applications in Azure AD.
+For more information, see [Azure built-in roles](../roles/permissions-reference.md).
> [!Note] > Roles should not be manually edited in Azure AD when doing role imports.
active-directory Clarizen Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/clarizen-tutorial.md
Title: 'Tutorial: Azure Active Directory integration with Clarizen One | Microsoft Docs'
+ Title: 'Tutorial: Azure AD SSO integration with Clarizen One'
description: Learn how to configure single sign-on between Azure Active Directory and Clarizen One.
Previously updated : 04/08/2021 Last updated : 03/24/2022
-# Tutorial: Azure Active Directory integration with Clarizen One
+# Tutorial: Azure AD SSO integration with Clarizen One
In this tutorial, you'll learn how to integrate Clarizen One with Azure Active Directory (Azure AD). When you integrate Clarizen One with Azure AD, you can:
To get started, you need the following items:
* An Azure AD subscription. If you don't have a subscription, you can get a [free account](https://azure.microsoft.com/free/). * Clarizen One single sign-on (SSO) enabled subscription.
+* Along with Cloud Application Administrator, Application Administrator can also add or manage applications in Azure AD.
+For more information, see [Azure built-in roles](../roles/permissions-reference.md).
## Scenario description
Follow these steps to enable Azure AD SSO in the Azure portal.
![Edit Basic SAML Configuration](common/edit-urls.png)
-4. On the **Set up Single Sign-On with SAML** page, perform the following steps:
+4. On the **Basic SAML Configuration** section, perform the following steps:
a. In the **Identifier** text box, type the value: `Clarizen`
- b. In the **Reply URL** text box, type the URL:
- `https://.clarizen.com/Clarizen/Pages/Integrations/SAML/SamlResponse.aspx`
+ b. In the **Reply URL** text box, type a URL using the following pattern:
+ `https://<SUBDOMAIN>.clarizen.com/Clarizen/Pages/Integrations/SAML/SamlResponse.aspx`
+
+ > [!NOTE]
+ > This value is not real. Update this value with the actual Reply URL. You can also refer to the patterns shown in the **Basic SAML Configuration** section in the Azure portal.
4. On the **Set up Single Sign-On with SAML** page, in the **SAML Signing Certificate** section, click **Download** to download the **Certificate (Base64)** from the given options as per your requirement and save it on your computer.
In this section, you test your Azure AD single sign-on configuration with follow
## Next steps
-Once you configure Clarizen One you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Defender for Cloud Apps](/cloud-app-security/proxy-deployment-any-app).
+Once you configure Clarizen One you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Defender for Cloud Apps](/cloud-app-security/proxy-deployment-any-app).
active-directory Embed Signage Provisioning Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/embed-signage-provisioning-tutorial.md
+
+ Title: 'Tutorial: Configure embed signage for automatic user provisioning with Azure Active Directory | Microsoft Docs'
+description: Learn how to automatically provision and de-provision user accounts from Azure AD to embed signage.
+
+documentationcenter: ''
+
+writer: Thwimmer
++
+ms.assetid: 92edbf22-3f7b-43ca-9a9e-0209ac9a12ec
+++
+ms.devlang: na
+ Last updated : 03/24/2022+++
+# Tutorial: Configure embed signage for automatic user provisioning
+
+This tutorial describes the steps you need to perform in both embed signage and Azure Active Directory (Azure AD) to configure automatic user provisioning. When configured, Azure AD automatically provisions and de-provisions users and groups to [embed signage](https://embedsignage.com/) using the Azure AD Provisioning service. For important details on what this service does, how it works, and frequently asked questions, see [Automate user provisioning and deprovisioning to SaaS applications with Azure Active Directory](../app-provisioning/user-provisioning.md).
++
+## Capabilities supported
+> [!div class="checklist"]
+> * Create users in embed signage.
+> * Remove users in embed signage when they do not require access anymore.
+> * Keep user attributes synchronized between Azure AD and embed signage.
+> * Provision groups and group memberships in embed signage.
+> * [Single sign-on](./embed-signage-tutorial.md) to embed signage (recommended)
+
+## Prerequisites
+
+The scenario outlined in this tutorial assumes that you already have the following prerequisites:
+
+* [An Azure AD tenant](../develop/quickstart-create-new-tenant.md).
+* A user account in Azure AD with [permission](../roles/permissions-reference.md) to configure provisioning (for example, Application Administrator, Cloud Application administrator, Application Owner, or Global Administrator).
+* A user account in embed signage with Admin rights.
++
+## Step 1. Plan your provisioning deployment
+1. Learn about [how the provisioning service works](../app-provisioning/user-provisioning.md).
+1. Determine who will be in [scope for provisioning](../app-provisioning/define-conditional-rules-for-provisioning-user-accounts.md).
+1. Determine what data to [map between Azure AD and embed signage](../app-provisioning/customize-application-attributes.md).
+
+## Step 2. Configure embed signage to support provisioning with Azure AD
+
+1. Login to [embed signage admin console](https://app.embedsignage.com/login).
+1. Navigate to **Account settings > Security > User provisioning**.
+1. Create a token and copy this somewhere safe. This value will be entered in the **Secret Token** * field in the Provisioning tab of your embed signage application in the Azure portal.
+
+## Step 3. Add embed signage from the Azure AD application gallery
+
+Add embed signage from the Azure AD application gallery to start managing provisioning to embed signage. If you have previously setup embed signage for SSO, you can use the same application. However it is recommended that you create a separate app when testing out the integration initially. Learn more about adding an application from the gallery [here](../manage-apps/add-application-portal.md).
+
+## Step 4. Define who will be in scope for provisioning
+
+The Azure AD provisioning service allows you to scope who will be provisioned based on assignment to the application and or based on attributes of the user / group. If you choose to scope who will be provisioned to your app based on assignment, you can use the following [steps](../manage-apps/assign-user-or-group-access-portal.md) to assign users and groups to the application. If you choose to scope who will be provisioned based solely on attributes of the user or group, you can use a scoping filter as described [here](../app-provisioning/define-conditional-rules-for-provisioning-user-accounts.md).
+
+* When assigning users and groups to embed signage, you must select a role other than **Default Access**. Users with the Default Access role are excluded from provisioning and will be marked as not effectively entitled in the provisioning logs. If the only role available on the application is the default access role, you can [update the application manifest](../develop/howto-add-app-roles-in-azure-ad-apps.md) to add more roles.
+
+* Start small. Test with a small set of users and groups before rolling out to everyone. When scope for provisioning is set to assigned users and groups, you can control this by assigning one or two users or groups to the app. When scope is set to all users and groups, you can specify an [attribute based scoping filter](../app-provisioning/define-conditional-rules-for-provisioning-user-accounts.md).
++
+## Step 5. Configure automatic user provisioning to embed signage
+
+This section guides you through the steps to configure the Azure AD provisioning service to create, update, and disable users and/or groups in embed signage based on user and/or group assignments in Azure AD.
+
+### To configure automatic user provisioning for embed signage in Azure AD:
+
+1. Sign in to the [Azure portal](https://portal.azure.com). Select **Enterprise Applications**, then select **All applications**.
+
+ ![Enterprise applications blade](common/enterprise-applications.png)
+
+1. In the applications list, select **embed signage**.
+
+ ![The embed signage link in the Applications list](common/all-applications.png)
+
+1. Select the **Provisioning** tab.
+
+ ![Provisioning tab](common/provisioning.png)
+
+1. Set the **Provisioning Mode** to **Automatic**.
+
+ ![Provisioning tab automatic](common/provisioning-automatic.png)
+
+11. Under the **Admin Credentials** section, input your Palo Alto Networks SCIM Connector Tenant URL and Secret Token. Click **Test Connection** to ensure Azure AD can connect to Palo Alto Networks SCIM Connector. If the connection fails, ensure your Palo Alto Networks account has Admin permissions and try again.
+
+ ![Token](common/provisioning-testconnection-tenanturltoken.png)
+
+1. In the **Notification Email** field, enter the email address of a person or group who should receive the provisioning error notifications and select the **Send an email notification when a failure occurs** check box.
+
+ ![Notification Email](common/provisioning-notification-email.png)
+
+1. Select **Save**.
+
+1. Under the **Mappings** section, select **Synchronize Azure Active Directory Users to embed signage**.
+
+1. Review the user attributes that are synchronized from Azure AD to embed signage in the **Attribute-Mapping** section. The attributes selected as **Matching** properties are used to match the user accounts in embed signage for update operations. If you choose to change the [matching target attribute](../app-provisioning/customize-application-attributes.md), you will need to ensure that the embed signage API supports filtering users based on that attribute. Select the **Save** button to commit any changes.
+
+ |Attribute|Type|Supported for filtering|Required by embed signage|
+ |||||
+ |userName|String|&check;|&check;
+ |displayName|String||&check;
+ |name.givenName|String||
+ |name.familyName|String||
+ |active|Boolean||
+
+1. Under the **Mappings** section, select **Synchronize Azure Active Directory Groups to embed signage**.
+
+1. Review the group attributes that are synchronized from Azure AD to embed signage in the **Attribute-Mapping** section. The attributes selected as **Matching** properties are used to match the groups in embed signage for update operations. Select the **Save** button to commit any changes.
+
+ |Attribute|Type|Supported for filtering|Required by embed signage|
+ |||||
+ |displayName|String|&check;|&check;
+ |members|Reference||
+
+1. To configure scoping filters, refer to the following instructions provided in the [Scoping filter tutorial](../app-provisioning/define-conditional-rules-for-provisioning-user-accounts.md).
+
+1. To enable the Azure AD provisioning service for embed signage, change the **Provisioning Status** to **On** in the **Settings** section.
+
+ ![Provisioning Status Toggled On](common/provisioning-toggle-on.png)
+
+1. Define the users and/or groups that you would like to provision to embed signage by choosing the desired values in **Scope** in the **Settings** section.
+
+ ![Provisioning Scope](common/provisioning-scope.png)
+
+1. When you are ready to provision, click **Save**.
+
+ ![Saving Provisioning Configuration](common/provisioning-configuration-save.png)
+
+This operation starts the initial synchronization cycle of all users and groups defined in **Scope** in the **Settings** section. The initial cycle takes longer to perform than subsequent cycles, which occur approximately every 40 minutes as long as the Azure AD provisioning service is running.
+
+## Step 6. Monitor your deployment
+Once you've configured provisioning, use the following resources to monitor your deployment:
+
+* Use the [provisioning logs](../reports-monitoring/concept-provisioning-logs.md) to determine which users have been provisioned successfully or unsuccessfully
+* Check the [progress bar](../app-provisioning/application-provisioning-when-will-provisioning-finish-specific-user.md) to see the status of the provisioning cycle and how close it is to completion
+* If the provisioning configuration seems to be in an unhealthy state, the application will go into quarantine. Learn more about quarantine states [here](../app-provisioning/application-provisioning-quarantine-status.md).
+
+## More resources
+
+* [Managing user account provisioning for Enterprise Apps](../app-provisioning/configure-automatic-user-provisioning-portal.md)
+* [What is application access and single sign-on with Azure Active Directory?](../manage-apps/what-is-single-sign-on.md)
+
+## Next steps
+
+* [Learn how to review logs and get reports on provisioning activity](../app-provisioning/check-status-user-account-provisioning.md)
active-directory Iauditor Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/iauditor-tutorial.md
Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with iAuditor | Microsoft Docs'
+ Title: 'Tutorial: Azure AD SSO integration with iAuditor'
description: Learn how to configure single sign-on between Azure Active Directory and iAuditor.
Previously updated : 09/01/2021 Last updated : 03/24/2022
-# Tutorial: Azure Active Directory single sign-on (SSO) integration with iAuditor
+# Tutorial: Azure AD SSO integration with iAuditor
In this tutorial, you'll learn how to integrate iAuditor with Azure Active Directory (Azure AD). When you integrate iAuditor with Azure AD, you can:
To get started, you need the following items:
* An Azure AD subscription. If you don't have a subscription, you can get a [free account](https://azure.microsoft.com/free/). * iAuditor single sign-on (SSO) enabled subscription.
+* Along with Cloud Application Administrator, Application Administrator can also add or manage applications in Azure AD.
+For more information, see [Azure built-in roles](../roles/permissions-reference.md).
## Scenario description
Follow these steps to enable Azure AD SSO in the Azure portal.
`urn:auth0:safetyculture:<CustomerName>` b. In the **Reply URL** text box, type a URL using the following pattern:
- `https://safetyculture.au.auth0.com/login/callback?connection=<CustomerName>`
+ `https://auth.safetyculture.com/login/callback?connection=<CustomerName>`
1. Click **Set additional URLs** and perform the following step if you wish to configure the application in **SP** initiated mode:
In this section, you'll enable B.Simon to use Azure single sign-on by granting a
## Configure iAuditor SSO
-To configure single sign-on on **iAuditor** side, you need to send the **Certificate (PEM)** to [iAuditor support team](mailto:support@safetyculture.com). They set this setting to have the SAML SSO connection set properly on both sides.
+To configure single sign-on on **iAuditor** side, you need to send the **Certificate (PEM)** and sign in URL to [iAuditor support team](mailto:support@safetyculture.com). They set this setting to have the SAML SSO connection set properly on both sides.
### Create iAuditor test user
active-directory Intsights Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/intsights-tutorial.md
Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with IntSights | Microsoft Docs'
+ Title: 'Tutorial: Azure AD SSO integration with IntSights'
description: Learn how to configure single sign-on between Azure Active Directory and IntSights.
Previously updated : 11/06/2020 Last updated : 03/24/2022
-# Tutorial: Azure Active Directory single sign-on (SSO) integration with IntSights
+# Tutorial: Azure AD SSO integration with IntSights
In this tutorial, you'll learn how to integrate IntSights with Azure Active Directory (Azure AD). When you integrate IntSights with Azure AD, you can:
To get started, you need the following items:
* An Azure AD subscription. If you don't have a subscription, you can get a [free account](https://azure.microsoft.com/free/). * IntSights single sign-on (SSO) enabled subscription.
+* Along with Cloud Application Administrator, Application Administrator can also add or manage applications in Azure AD.
+For more information, see [Azure built-in roles](../roles/permissions-reference.md).
## Scenario description In this tutorial, you configure and test Azure AD SSO in a test environment.
-* IntSights supports **SP and IDP** initiated SSO
+* IntSights supports **SP and IDP** initiated SSO.
-* IntSights supports **Just In Time** user provisioning
+* IntSights supports **Just In Time** user provisioning.
-## Adding IntSights from the gallery
+## Add IntSights from the gallery
To configure the integration of IntSights into Azure AD, you need to add IntSights from the gallery to your list of managed SaaS apps.
To configure the integration of IntSights into Azure AD, you need to add IntSigh
1. In the **Add from the gallery** section, type **IntSights** in the search box. 1. Select **IntSights** from results panel and then add the app. Wait a few seconds while the app is added to your tenant. - ## Configure and test Azure AD SSO for IntSights Configure and test Azure AD SSO with IntSights using a test user called **B.Simon**. For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in IntSights.
Follow these steps to enable Azure AD SSO in the Azure portal.
1. In the Azure portal, on the **IntSights** application integration page, find the **Manage** section and select **single sign-on**. 1. On the **Select a single sign-on method** page, select **SAML**.
-1. On the **Set up single sign-on with SAML** page, click the edit/pen icon for **Basic SAML Configuration** to edit the settings.
+1. On the **Set up single sign-on with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.
![Edit Basic SAML Configuration](common/edit-urls.png)
-1. On the **Basic SAML Configuration** section, if you wish to configure the application in **IDP** initiated mode, enter the values for the following fields:
+1. On the **Basic SAML Configuration** section, if you wish to configure the application in **IDP** initiated mode, perform the following steps:
a. In the **Identifier (Entity ID)** text box, type a URL using the following pattern:
- `https://<SUBDOMAIN>.intsights.com/auth/saml-callback/azure`
+ `https://<SUBDOMAIN>.ti.insight.rapid7.com/auth/saml-callback/azure`
b. In the **Reply URL** text box, type a URL using the following pattern:
- `https://<SUBDOMAIN>.intsights.com/auth/saml-callback/azure`
+ `https://<SUBDOMAIN>.ti.insight.rapid7.com/auth/saml-callback/azure`
1. Click **Set additional URLs** and perform the following step if you wish to configure the application in **SP** initiated mode: In the **Sign-on URL** text box, type a URL using the following pattern:
- `https://<SUBDOMAIN>.intsights.com/auth/saml-callback/azure`
+ `https://<SUBDOMAIN>.ti.insight.rapid7.com/auth/saml-callback/azure`
> [!NOTE]
- > These values are not real. Update these values with the actual Sign-on URL, Identifier and Reply URL. Contact [IntSights Client support team](mailto:supportteam@intsights.com) to get these values. You can also refer to the patterns shown in the **Basic SAML Configuration** section in the Azure portal.
+ > These values are not real. Update these values with the actual Identifier, Reply URL and Sign on URL. Contact [IntSights Client support team](mailto:supportteam@intsights.com) to get these values. You can also refer to the patterns shown in the **Basic SAML Configuration** section in the Azure portal.
1. IntSights application expects the SAML assertions in a specific format, which requires you to add custom attribute mappings to your SAML token attributes configuration. The following screenshot shows the list of default attributes.
active-directory Mimecast Admin Console Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/mimecast-admin-console-tutorial.md
- Title: 'Tutorial: Azure Active Directory integration with Mimecast Admin Console | Microsoft Docs'
-description: Learn how to configure single sign-on between Azure Active Directory and Mimecast Admin Console.
-------- Previously updated : 01/15/2021---
-# Tutorial: Azure Active Directory single sign-on (SSO) integration with Mimecast Admin Console
-
-In this tutorial, you'll learn how to integrate Mimecast Admin Console with Azure Active Directory (Azure AD). When you integrate Mimecast Admin Console with Azure AD, you can:
-
-* Control in Azure AD who has access to Mimecast Admin Console.
-* Enable your users to be automatically signed-in to Mimecast Admin Console with their Azure AD accounts.
-* Manage your accounts in one central location - the Azure portal.
-
-## Prerequisites
-
-To get started, you need the following items:
-
-* An Azure AD subscription. If you don't have a subscription, you can get a [free account](https://azure.microsoft.com/free/).
-* Mimecast Admin Console single sign-on (SSO) enabled subscription.
-
-## Scenario description
-
-In this tutorial, you configure and test Azure AD SSO in a test environment.
-
-* Mimecast Admin Console supports **SP and IDP** initiated SSO
-
-## Add Mimecast Admin Console from the gallery
-
-To configure the integration of Mimecast Admin Console into Azure AD, you need to add Mimecast Admin Console from the gallery to your list of managed SaaS apps.
-
-1. Sign in to the Azure portal using either a work or school account, or a personal Microsoft account.
-1. On the left navigation pane, select the **Azure Active Directory** service.
-1. Navigate to **Enterprise Applications** and then select **All Applications**.
-1. To add new application, select **New application**.
-1. In the **Add from the gallery** section, type **Mimecast Admin Console** in the search box.
-1. Select **Mimecast Admin Console** from results panel and then add the app. Wait a few seconds while the app is added to your tenant.
-
-## Configure and test Azure AD SSO for Mimecast Admin Console
-
-Configure and test Azure AD SSO with Mimecast Admin Console using a test user called **B.Simon**. For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in Mimecast Admin Console.
-
-To configure and test Azure AD SSO with Mimecast Admin Console, perform the following steps:
-
-1. **[Configure Azure AD SSO](#configure-azure-ad-sso)** - to enable your users to use this feature.
- 1. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon.
- 1. **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable B.Simon to use Azure AD single sign-on.
-1. **[Configure Mimecast Admin Console SSO](#configure-mimecast-admin-console-sso)** - to configure the single sign-on settings on application side.
- 1. **[Create Mimecast Admin Console test user](#create-mimecast-admin-console-test-user)** - to have a counterpart of B.Simon in Mimecast Admin Console that is linked to the Azure AD representation of user.
-1. **[Test SSO](#test-sso)** - to verify whether the configuration works.
-
-## Configure Azure AD SSO
-
-Follow these steps to enable Azure AD SSO in the Azure portal.
-
-1. In the Azure portal, on the **Mimecast Admin Console** application integration page, find the **Manage** section and select **single sign-on**.
-1. On the **Select a single sign-on method** page, select **SAML**.
-1. On the **Set up single sign-on with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.
-
- ![Edit Basic SAML Configuration](common/edit-urls.png)
-
-1. On the **Basic SAML Configuration** section, if you wish to configure the application in IDP initiated mode, perform the following steps:
-
- a. In the **Identifier** textbox, type the URL using the following pattern:
-
- | Region | Value |
- | | |
- | Europe | `https://eu-api.mimecast.com/sso/<accountcode>`|
- | United States | `https://us-api.mimecast.com/sso/<accountcode>`|
- | South Africa | `https://za-api.mimecast.com/sso/<accountcode>`|
- | Australia | `https://au-api.mimecast.com/sso/<accountcode>`|
- | Offshore | `https://jer-api.mimecast.com/sso/<accountcode>`|
-
- > [!NOTE]
- > You will find the `accountcode` value in the Mimecast Admin Console under **Account** > **Settings** > **Account Code**. Append the `accountcode` to the Identifier.
-
- b. In the **Reply URL** textbox, type the URL:
-
- | Region | Value |
- | | |
- | Europe | `https://eu-api.mimecast.com/login/saml`|
- | United States | `https://us-api.mimecast.com/login/saml`|
- | South Africa | `https://za-api.mimecast.com/login/saml`|
- | Australia | `https://au-api.mimecast.com/login/saml`|
- | Offshore | `https://jer-api.mimecast.com/login/saml`|
-
-1. If you wish to configure the application in **SP** initiated mode:
-
- In the **Sign-on URL** textbox, type the URL:
-
- | Region | Value |
- | | |
- | Europe | `https://login-eu.mimecast.com/administration/app/#/administration-dashboard`|
- | United States | `https://login-us.mimecast.com/administration/app/#/administration-dashboard`|
- | South Africa | `https://login-za.mimecast.com/administration/app/#/administration-dashboard`|
- | Australia | `https://login-au.mimecast.com/administration/app/#/administration-dashboard`|
- | Offshore | `https://login-jer.mimecast.com/administration/app/#/administration-dashboard`|
-
-1. Click **Save**.
-
-1. On the **Set up single sign-on with SAML** page, In the **SAML Signing Certificate** section, click copy button to copy **App Federation Metadata Url** and save it on your computer.
-
- ![The Certificate download link](common/copy-metadataurl.png)
-
-### Create an Azure AD test user
-
-In this section, you'll create a test user in the Azure portal called B.Simon.
-
-1. From the left pane in the Azure portal, select **Azure Active Directory**, select **Users**, and then select **All users**.
-1. Select **New user** at the top of the screen.
-1. In the **User** properties, follow these steps:
- 1. In the **Name** field, enter `B.Simon`.
- 1. In the **User name** field, enter the username@companydomain.extension. For example, `B.Simon@contoso.com`.
- 1. Select the **Show password** check box, and then write down the value that's displayed in the **Password** box.
- 1. Click **Create**.
-
-### Assign the Azure AD test user
-
-In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Mimecast Admin Console.
-
-1. In the Azure portal, select **Enterprise Applications**, and then select **All applications**.
-1. In the applications list, select **Mimecast Admin Console**.
-1. In the app's overview page, find the **Manage** section and select **Users and groups**.
-1. Select **Add user**, then select **Users and groups** in the **Add Assignment** dialog.
-1. In the **Users and groups** dialog, select **B.Simon** from the Users list, then click the **Select** button at the bottom of the screen.
-1. If you are expecting a role to be assigned to the users, you can select it from the **Select a role** dropdown. If no role has been set up for this app, you see "Default Access" role selected.
-1. In the **Add Assignment** dialog, click the **Assign** button.
-
-## Configure Mimecast Admin Console SSO
-
-1. In a different web browser window, sign into Mimecast Administration Console.
-
-1. Navigate to **Administration** > **Services** > **Applications**.
-
- ![Screenshot shows Mimecast window with Applications selected.](./media/mimecast-admin-console-tutorial/services.png)
-
-1. Click **Authentication Profiles** tab.
-
- ![Screenshot shows the Application tab with Authentication Profiles selected.](./media/mimecast-admin-console-tutorial/authentication-profiles.png)
-
-1. Click **New Authentication Profile** tab.
-
- ![Screenshot shows New Authentication Profile selected.](./media/mimecast-admin-console-tutorial/new-authenticatio-profile.png)
-
-1. Provide a valid description in the **Description** textbox and select **Enforce SAML Authentication for Administration Console** checkbox.
-
- ![Screenshot shows where to select Enforce SAML Authentication for Administration Console.](./media/mimecast-admin-console-tutorial/selecting-admin-consle.png)
-
-1. On the **SAML Configuration for Administration Console** page, perform the following steps:
-
- ![Screenshot shows the SAML Configuration for Administration Console page where you can enter the values described.](./media/mimecast-admin-console-tutorial/sso-settings.png)
-
- a. For **Provider**, select **Azure Active Directory** from the Dropdown.
-
- b. In the **Metadata URL** textbox, paste the **App Federation Metadata URL** value, which you have copied from the Azure portal.
-
- c. Click **Import**. After importing the Metadata URL, the fields will be populated automatically, no need to perform any action on these fields.
-
- d. Make sure you uncheck **Use Password protected Context** and **Use Integrated Authentication Context** checkboxes.
-
- e. Click **Save**.
-
-### Create Mimecast Admin Console test user
-
-1. In a different web browser window, sign into Mimecast Administration Console.
-
-1. Navigate to **Administration** > **Directories** > **Internal Directories**.
-
- ![Screenshot shows Mimecast window with Internal Directories selected.](./media/mimecast-admin-console-tutorial/internal-directories.png)
-
-1. Select on your domain, if the domain is mentioned below, otherwise please create a new domain by clicking on the **New Domain**.
-
- ![Screenshot shows the domain selected.](./media/mimecast-admin-console-tutorial/domain-name.png)
-
-1. Click **New Address** tab.
-
- ![Screenshot shows New Address selected.](./media/mimecast-admin-console-tutorial/new-address.png)
-
-1. Provide the required user information on the following page:
-
- ![Screenshot shows the page where you can enter the values described.](./media/mimecast-admin-console-tutorial/user-information.png)
-
- a. In the **Email Address** textbox, enter the email address of the user like `B.Simon@yourdomainname.com`.
-
- b. In the **Global Name** textbox, enter the **Full name** of the user.
-
- c. In the **Password** and **Confirm Password** textboxes, enter the password of the user.
-
- d. Select **Force Change at Login** checkbox.
-
- e. Click **Save**.
-
- f. To assign roles to the user, click on **Role Edit** and assign the required role to user as per your organization requirement.
-
- ![Screenshot shows Address Settings where you can select Role Edit.](./media/mimecast-admin-console-tutorial/assign-role.png)
-
-## Test SSO
-
-In this section, you test your Azure AD single sign-on configuration with following options.
-
-#### SP initiated:
-
-* Click on **Test this application** in Azure portal. This will redirect to Mimecast Admin Console Sign on URL where you can initiate the login flow.
-
-* Go to Mimecast Admin Console Sign-on URL directly and initiate the login flow from there.
-
-#### IDP initiated:
-
-* Click on **Test this application** in Azure portal and you should be automatically signed in to the Mimecast Admin Console for which you set up the SSO
-
-You can also use Microsoft My Apps to test the application in any mode. When you click the Mimecast Admin Console tile in the My Apps, if configured in SP mode you would be redirected to the application sign on page for initiating the login flow and if configured in IDP mode, you should be automatically signed in to the Mimecast Admin Console for which you set up the SSO. For more information about the My Apps, see [Introduction to the My Apps](https://support.microsoft.com/account-billing/sign-in-and-start-apps-from-the-my-apps-portal-2f3b1bae-0e5a-4a86-a33e-876fbd2a4510).
-
-## Next steps
-
-Once you configure Mimecast Admin Console you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Defender for Cloud Apps](/cloud-app-security/proxy-deployment-any-app).
active-directory Palo Alto Networks Scim Connector Provisioning Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/palo-alto-networks-scim-connector-provisioning-tutorial.md
This section guides you through the steps to configure the Azure AD provisioning
|urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:department|String|| |urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:manager|String||
- >![NOTE]
- >**Schema Discovery** is enabled on this app. Hence you might see more attributes in the application than mentioned in the table above.
+> [!NOTE]
+> **Schema Discovery** is enabled on this app. Hence you might see more attributes in the application than mentioned in the table above.
1. Under the **Mappings** section, select **Synchronize Azure Active Directory Groups to Palo Alto Networks SCIM Connector**.
active-directory Saml Toolkit Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/saml-toolkit-tutorial.md
Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Azure AD SAML Toolkit | Microsoft Docs'
+ Title: 'Tutorial: Azure AD SSO integration with Azure AD SAML Toolkit'
description: Learn how to configure single sign-on between Azure Active Directory and Azure AD SAML Toolkit.
Previously updated : 09/10/2020 Last updated : 03/24/2022
-# Tutorial: Azure Active Directory single sign-on (SSO) integration with Azure AD SAML Toolkit
+# Tutorial: Azure AD SSO integration with Azure AD SAML Toolkit
In this tutorial, you'll learn how to integrate Azure AD SAML Toolkit with Azure Active Directory (Azure AD). When you integrate Azure AD SAML Toolkit with Azure AD, you can:
To get started, you need the following items:
* An Azure AD subscription. If you don't have a subscription, you can get a [free account](https://azure.microsoft.com/free/). * Azure AD SAML Toolkit single sign-on (SSO) enabled subscription.
+* Along with Cloud Application Administrator, Application Administrator can also add or manage applications in Azure AD.
+For more information, see [Azure built-in roles](../roles/permissions-reference.md).
## Scenario description In this tutorial, you configure and test Azure AD SSO in a test environment.
-* Azure AD SAML Toolkit supports **SP** initiated SSO
+* Azure AD SAML Toolkit supports **SP** initiated SSO.
> [!NOTE] > Identifier of this application is a fixed string value so only one instance can be configured in one tenant.
-## Adding Azure AD SAML Toolkit from the gallery
+## Add Azure AD SAML Toolkit from the gallery
To configure the integration of Azure AD SAML Toolkit into Azure AD, you need to add Azure AD SAML Toolkit from the gallery to your list of managed SaaS apps.
Follow these steps to enable Azure AD SSO in the Azure portal.
1. In the Azure portal, on the **Azure AD SAML Toolkit** application integration page, find the **Manage** section and select **single sign-on**. 1. On the **Select a single sign-on method** page, select **SAML**.
-1. On the **Set up single sign-on with SAML** page, click the edit/pen icon for **Basic SAML Configuration** to edit the settings.
+1. On the **Set up single sign-on with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.
![Edit Basic SAML Configuration](common/edit-urls.png)
-1. On the **Basic SAML Configuration** page, enter the values for the following fields:
+1. On the **Basic SAML Configuration** section, perform the following steps:
- a. In the **Sign on URL** text box, type the URL:
- `https://samltoolkit.azurewebsites.net/`
-
- b. In the **Reply URL** text box, type the URL:
+ a. In the **Reply URL** text box, type the URL:
`https://samltoolkit.azurewebsites.net/SAML/Consume`
+ b. In the **Sign on URL** text box, type the URL:
+ `https://samltoolkit.azurewebsites.net/`
+ 1. On the **Set up single sign-on with SAML** page, in the **SAML Signing Certificate** section, find **Certificate (Raw)** and select **Download** to download the certificate and save it on your computer. ![The Certificate download link](common/certificateraw.png)
In this section, you'll enable B.Simon to use Azure single sign-on by granting a
## Configure Azure AD SAML Toolkit SSO
-1. Open a new web browser window, if you have not registered in the Azure AD SAML Toolkit website, first register by clicking on the **Register**. If you have registered already, sign into your Azure AD SAML Toolkit company site using the registered sign in credentials.
+1. Open a new web browser window, if you have not registered in the Azure AD SAML Toolkit website, first register by clicking on the **Register**. If you have registered already, sign into your Azure AD SAML Toolkit company site using the registered sign-in credentials.
![Azure AD SAML Toolkit Register](./media/saml-toolkit-tutorial/register.png)
In this section, a user called B.Simon is created in Azure AD SAML Toolkit. Plea
In this section, you test your Azure AD single sign-on configuration with following options.
-1. Click on **Test this application** in Azure portal. This will redirect to SAML Toolkit Sign-on URL where you can initiate the login flow.
+* Click on **Test this application** in Azure portal. This will redirect to Azure AD SAML Toolkit Sign-on URL where you can initiate the login flow.
-2. Go to SAML Toolkit Sign-on URL directly and initiate the login flow from there.
+* Go to Azure AD SAML Toolkit Sign-on URL directly and initiate the login flow from there.
-3. You can use Microsoft Access Panel. When you click the SAML Toolkit tile in the Access Panel, you should be automatically signed in to the SAML Toolkit for which you set up the SSO. For more information about the Access Panel, see [Introduction to the Access Panel](https://support.microsoft.com/account-billing/sign-in-and-start-apps-from-the-my-apps-portal-2f3b1bae-0e5a-4a86-a33e-876fbd2a4510).
+* You can use Microsoft My Apps. When you click the Azure AD SAML Toolkit tile in the My Apps, this will redirect to Azure AD SAML Toolkit Sign-on URL. For more information about the My Apps, see [Introduction to the My Apps](../user-help/my-apps-portal-end-user-access.md).
-## Next Steps
+## Next steps
-Once you configure Azure AD SAML Toolkit you can enforce Session Control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session Control extends from Conditional Access. [Learn how to enforce session control with Microsoft Defender for Cloud Apps](/cloud-app-security/proxy-deployment-aad).
+Once you configure Azure AD SAML Toolkit you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-aad).
active-directory Securedeliver Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/securedeliver-tutorial.md
Title: 'Tutorial: Azure Active Directory integration with SECURE DELIVER | Microsoft Docs'
+ Title: 'Tutorial: Azure AD SSO integration with SECURE DELIVER'
description: Learn how to configure single sign-on between Azure Active Directory and SECURE DELIVER.
Previously updated : 09/01/2021 Last updated : 03/24/2022
-# Tutorial: Azure Active Directory integration with SECURE DELIVER
+# Tutorial: Azure AD SSO integration with SECURE DELIVER
In this tutorial, you'll learn how to integrate SECURE DELIVER with Azure Active Directory (Azure AD). When you integrate SECURE DELIVER with Azure AD, you can:
To configure Azure AD integration with SECURE DELIVER, you need the following it
* An Azure AD subscription. If you don't have an Azure AD environment, you can get a [free account](https://azure.microsoft.com/free/). * SECURE DELIVER single sign-on enabled subscription.
+* Along with Cloud Application Administrator, Application Administrator can also add or manage applications in Azure AD.
+For more information, see [Azure built-in roles](../roles/permissions-reference.md).
## Scenario description
Follow these steps to enable Azure AD SSO in the Azure portal.
4. On the **Basic SAML Configuration** section, perform the following steps:
- a. In the **Sign on URL** text box, type a URL using the following pattern:
- `https://<companyname>.i-securedeliver.jp/sd/<tenantname>/jsf/login/sso`
-
- b. In the **Identifier (Entity ID)** text box, type a URL using the following pattern:
+ a. In the **Identifier (Entity ID)** text box, type a URL using the following pattern:
`https://<companyname>.i-securedeliver.jp/sd/<tenantname>/postResponse`
- > [!NOTE]
- > These values are not real. Update these values with the actual Sign on URL and Identifier. Contact [SECURE DELIVER Client support team](mailto:iw-sd-support@fujifilm.com) to get these values. You can also refer to the patterns shown in the **Basic SAML Configuration** section in the Azure portal.
-
-5. On the **Set up Single Sign-On with SAML** page, in the **SAML Signing Certificate** section, click **Download** to download the **Certificate (Base64)** from the given options as per your requirement and save it on your computer.
+ b. In the **Sign on URL** text box, type a URL using the following pattern:
+ `https://<companyname>.i-securedeliver.jp/sd/<tenantname>/jsf/login/sso`
- ![The Certificate download link](common/certificatebase64.png)
+ > [!NOTE]
+ > These values are not real. Update these values with the actual Identifier and Sign on URL. Contact [SECURE DELIVER Client support team](mailto:iw-sd-support@fujifilm.com) to get these values. You can also refer to the patterns shown in the **Basic SAML Configuration** section in the Azure portal.
-6. On the **Set up SECURE DELIVER** section, copy the appropriate URL(s) as per your requirement.
+5. On the **Set up Single Sign-On with SAML** page, in the **SAML Signing Certificate** section, click **Download** to download the **Federation Metadata XML** from the given options as per your requirement and save it on your computer.
- ![Copy configuration URLs](common/copy-configuration-urls.png)
+ ![The Certificate download link](common/metadataxml.png)
### Create an Azure AD test user
In this section, you'll enable B.Simon to use Azure single sign-on by granting a
## Configure SECURE DELIVER SSO
-To configure single sign-on on **SECURE DELIVER** side, you need to send the downloaded **Certificate (Base64)** and appropriate copied URLs from Azure portal to [SECURE DELIVER support team](mailto:iw-sd-support@fujifilm.com). They set this setting to have the SAML SSO connection set properly on both sides.
+To configure single sign-on on **SECURE DELIVER** side, you need to send the downloaded **Federation Metadata XML** and appropriate copied URLs from Azure portal to [SECURE DELIVER support team](mailto:iw-sd-support@fujifilm.com). They set this setting to have the SAML SSO connection set properly on both sides.
### Create SECURE DELIVER test user
In this section, you test your Azure AD single sign-on configuration with follow
## Next steps
-Once you configure SECURE DELIVER you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Defender for Cloud Apps](/cloud-app-security/proxy-deployment-aad).
+Once you configure SECURE DELIVER you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Defender for Cloud Apps](/cloud-app-security/proxy-deployment-aad).
active-directory Yellowbox Provisioning Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/saas-apps/yellowbox-provisioning-tutorial.md
+
+ Title: 'Tutorial: Configure Yellowbox for automatic user provisioning with Azure Active Directory | Microsoft Docs'
+description: Learn how to automatically provision and de-provision user accounts from Azure AD to Yellowbox.
+
+documentationcenter: ''
+
+writer: Thwimmer
++
+ms.assetid: 0899c687-c36b-4b53-8fea-f762f0616521
+++
+ms.devlang: na
+ Last updated : 03/02/2022+++
+# Tutorial: Configure Yellowbox for automatic user provisioning
+
+This tutorial describes the steps you need to perform in both Yellowbox and Azure Active Directory (Azure AD) to configure automatic user provisioning. When configured, Azure AD automatically provisions and de-provisions users and groups to [Yellowbox](https://yellowbox.app/) using the Azure AD Provisioning service. For important details on what this service does, how it works, and frequently asked questions, see [Automate user provisioning and deprovisioning to SaaS applications with Azure Active Directory](../manage-apps/user-provisioning.md).
++
+## Capabilities Supported
+> [!div class="checklist"]
+> * Create users in Yellowbox
+> * Remove users in Yellowbox when they do not require access anymore
+> * Keep user attributes synchronized between Azure AD and Yellowbox
+
+## Prerequisites
+
+The scenario outlined in this tutorial assumes that you already have the following prerequisites:
+
+* [An Azure AD tenant](../develop/quickstart-create-new-tenant.md).
+* A user account in Azure AD with [permission](../roles/permissions-reference.md) to configure provisioning (for example, Application Administrator, Cloud Application administrator, Application Owner, or Global Administrator).
+* A user account in Yellowbox with Admin rights.
+
+## Step 1. Plan your provisioning deployment
+1. Learn about [how the provisioning service works](../app-provisioning/user-provisioning.md).
+1. Determine who will be in [scope for provisioning](../app-provisioning/define-conditional-rules-for-provisioning-user-accounts.md).
+1. Determine what data to [map between Azure AD and Yellowbox](../app-provisioning/customize-application-attributes.md).
+
+## Step 2. Configure Yellowbox to support provisioning with Azure AD
+
+Contact [Yellowbox Help desk](https://dashboard.yellowbox.app/#/help-desk) to obtain the SCIM Url and corresponding Token.
+
+## Step 3. Add Yellowbox from the Azure AD application gallery
+
+Add Yellowbox from the Azure AD application gallery to start managing provisioning to Yellowbox. If you have previously setup Yellowbox for SSO, you can use the same application. However it is recommended that you create a separate app when testing out the integration initially. Learn more about adding an application from the gallery [here](../manage-apps/add-application-portal.md).
+
+## Step 4. Define who will be in scope for provisioning
+
+The Azure AD provisioning service allows you to scope who will be provisioned based on assignment to the application and or based on attributes of the user / group. If you choose to scope who will be provisioned to your app based on assignment, you can use the following [steps](../manage-apps/assign-user-or-group-access-portal.md) to assign users and groups to the application. If you choose to scope who will be provisioned based solely on attributes of the user or group, you can use a scoping filter as described [here](../app-provisioning/define-conditional-rules-for-provisioning-user-accounts.md).
+
+* When assigning users and groups to Yellowbox, you must select a role other than **Default Access**. Users with the Default Access role are excluded from provisioning and will be marked as not effectively entitled in the provisioning logs. If the only role available on the application is the default access role, you can [update the application manifest](../develop/howto-add-app-roles-in-azure-ad-apps.md) to add more roles.
+
+* Start small. Test with a small set of users and groups before rolling out to everyone. When scope for provisioning is set to assigned users and groups, you can control this by assigning one or two users or groups to the app. When scope is set to all users and groups, you can specify an [attribute based scoping filter](../app-provisioning/define-conditional-rules-for-provisioning-user-accounts.md).
++
+## Step 5. Configure automatic user provisioning to Yellowbox
+
+This section guides you through the steps to configure the Azure AD provisioning service to create, update, and disable users and/or groups in Yellowbox based on user and/or group assignments in Azure AD.
+
+### To configure automatic user provisioning for Yellowbox in Azure AD:
+
+1. Sign in to the [Azure portal](https://portal.azure.com). Select **Enterprise Applications**, then select **All applications**.
+
+ ![Enterprise applications blade](common/enterprise-applications.png)
+
+1. In the applications list, select **Yellowbox**.
+
+ ![The Yellowbox link in the Applications list](common/all-applications.png)
+
+1. elect the **Provisioning** tab.
+
+ ![Provisioning tab](common/provisioning.png)
+
+1. Set the **Provisioning Mode** to **Automatic**.
+
+ ![Provisioning tab automatic](common/provisioning-automatic.png)
+
+1. In the **Admin Credentials** section, input your Yellowbox Tenant URL and Secret Token. Click **Test Connection** to ensure Azure AD can connect to Yellowbox. If the connection fails, ensure your Yellowbox account has Admin permissions and try again.
+
+ ![Token](common/provisioning-testconnection-tenanturltoken.png)
+
+1. In the **Notification Email** field, enter the email address of a person or group who should receive the provisioning error notifications and select the **Send an email notification when a failure occurs** check box.
+
+ ![Notification Email](common/provisioning-notification-email.png)
+
+1. Select **Save**.
+
+1. Under the **Mappings** section, select **Synchronize Azure Active Directory Users to Yellowbox**.
+
+1. Review the user attributes that are synchronized from Azure AD to Yellowbox in the **Attribute-Mapping** section. The attributes selected as **Matching** properties are used to match the user accounts in Yellowbox for update operations. If you choose to change the [matching target attribute](../app-provisioning/customize-application-attributes.md), you will need to ensure that the Yellowbox API supports filtering users based on that attribute. Select the **Save** button to commit any changes.
+
+ |Attribute|Type|Supported for filtering|Required by Yellowbox|
+ |||||
+ |userName|String|&check;|&check;
+ |roles[primary eq "True"].value|String||&check;
+ |active|Boolean||&check;
+ |displayName|String||&check;
+ |externalId|String||&check;
+
+1. To configure scoping filters, refer to the following instructions provided in the [Scoping filter tutorial](../app-provisioning/define-conditional-rules-for-provisioning-user-accounts.md).
+
+1. To enable the Azure AD provisioning service for Yellowbox, change the **Provisioning Status** to **On** in the **Settings** section.
+
+ ![Provisioning Status Toggled On](common/provisioning-toggle-on.png)
+
+1. Define the users and/or groups that you would like to provision to Yellowbox by choosing the desired values in **Scope** in the **Settings** section.
+
+ ![Provisioning Scope](common/provisioning-scope.png)
+
+1. When you are ready to provision, click **Save**.
+
+ ![Saving Provisioning Configuration](common/provisioning-configuration-save.png)
+
+This operation starts the initial synchronization cycle of all users and groups defined in **Scope** in the **Settings** section. The initial cycle takes longer to perform than subsequent cycles, which occur approximately every 40 minutes as long as the Azure AD provisioning service is running.
+
+## Step 6. Monitor your deployment
+Once you've configured provisioning, use the following resources to monitor your deployment:
+
+* Use the [provisioning logs](../reports-monitoring/concept-provisioning-logs.md) to determine which users have been provisioned successfully or unsuccessfully
+* Check the [progress bar](../app-provisioning/application-provisioning-when-will-provisioning-finish-specific-user.md) to see the status of the provisioning cycle and how close it is to completion
+* If the provisioning configuration seems to be in an unhealthy state, the application will go into quarantine. Learn more about quarantine states [here](../app-provisioning/application-provisioning-quarantine-status.md).
+
+## More resources
+
+* [Managing user account provisioning for Enterprise Apps](../app-provisioning/configure-automatic-user-provisioning-portal.md)
+* [What is application access and single sign-on with Azure Active Directory?](../manage-apps/what-is-single-sign-on.md)
+
+## Next steps
+
+* [Learn how to review logs and get reports on provisioning activity](../app-provisioning/check-status-user-account-provisioning.md)
advisor Advisor Operational Excellence Recommendations https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/advisor/advisor-operational-excellence-recommendations.md
If the customer finds it in their best interest to assign the same policy again,
## No validation environment enabled
-Azure Advisor determines that you do not have a validation environment enabled in current subscription. When creating your host pools, you have selected \"No\" for \"Validation environment\" in the properties tab. Having at least one host pool with a validation environment enabled ensures the business continuity through Windows Virtual Desktop service deployments with early detection of potential issues. [Learn more](../virtual-desktop/create-validation-host-pool.md)
+Azure Advisor determines that you do not have a validation environment enabled in current subscription. When creating your host pools, you have selected \"No\" for \"Validation environment\" in the properties tab. Having at least one host pool with a validation environment enabled ensures the business continuity through Azure Virtual Desktop service deployments with early detection of potential issues. [Learn more](../virtual-desktop/create-validation-host-pool.md)
## Ensure production (non-validation) environment to benefit from stable functionality
-Azure Advisor detects that too many of your host pools have validation environment enabled. In order for validation environments to best serve their purpose, you should have at least one, but never more than half of your host pools in validation environment. By having a healthy balance between your host pools with validation environment enabled and those with it disabled, you will best be able to utilize the benefits of the multistage deployments that Windows Virtual Desktop offers with certain updates. To fix this issue, open your host pool's properties and select \"No\" next to the \"Validation Environment\" setting.
+Azure Advisor detects that too many of your host pools have validation environment enabled. In order for validation environments to best serve their purpose, you should have at least one, but never more than half of your host pools in validation environment. By having a healthy balance between your host pools with validation environment enabled and those with it disabled, you will best be able to utilize the benefits of the multistage deployments that Azure Virtual Desktop offers with certain updates. To fix this issue, open your host pool's properties and select \"No\" next to the \"Validation Environment\" setting.
## Enable Traffic Analytics to view insights into traffic patterns across Azure resources Traffic Analytics is a cloud-based solution that provides visibility into user and application activity in Azure. Traffic analytics analyzes Network Watcher network security group (NSG) flow logs to provide insights into traffic flow. With traffic analytics, you can view top talkers across Azure and non Azure deployments, investigate open ports, protocols and malicious flows in your environment and optimize your network deployment for performance. You can process flow logs at 10 mins and 60 mins processing intervals, giving you faster analytics on your traffic. It's a good practice to enable Traffic Analytics for your Azure resources.
advisor Advisor Performance Recommendations https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/advisor/advisor-performance-recommendations.md
Advisor analysis indicates that your MySQL server may be incurring unnecessary I
## Distribute data in server group to distribute workload among nodes Advisor identifies the server groups where the data has not been distributed but stays on the coordinator. Based on this, Advisor recommends that for full Hyperscale (Citus) benefits distribute data on worker nodes for your server groups. This will improve query performance by utilizing resource of each node in the server group. [Learn more](https://go.microsoft.com/fwlink/?linkid=2135201)
-## Improve user experience and connectivity by deploying VMs closer to Windows Virtual Desktop deployment location
-We have determined that your VMs are located in a region different or far from where your users are connecting from, using Windows Virtual Desktop (WVD). This may lead to prolonged connection response times and will impact overall user experience on WVD. When creating VMs for your host pools, you should attempt to use a region closer to the user. Having close proximity ensures continuing satisfaction with the WVD service and a better overall quality of experience. [Learn more about connection latency here](../virtual-desktop/connection-latency.md).
+## Improve user experience and connectivity by deploying VMs closer to Azure Virtual Desktop deployment location
+We have determined that your VMs are located in a region different or far from where your users are connecting from, using Azure Virtual Desktop. This may lead to prolonged connection response times and will impact overall user experience on Azure Virtual Desktop. When creating VMs for your host pools, you should attempt to use a region closer to the user. Having close proximity ensures continuing satisfaction with the Azure Virtual Desktop service and a better overall quality of experience. [Learn more about connection latency here](../virtual-desktop/connection-latency.md).
## Upgrade to the latest version of the Immersive Reader SDK We have identified resources under this subscription using outdated versions of the Immersive Reader SDK. Using the latest version of the Immersive Reader SDK provides you with updated security, performance and an expanded set of features for customizing and enhancing your integration experience.
Learn more about [Immersive reader SDK](../applied-ai-services/immersive-reader/
Advisor detects that you have a host pool that has depth first set as the load balancing algorithm, and that host pool's max session limit is greater than or equal to 999999. Depth first load balancing uses the max session limit to determine the maximum number of users that can have concurrent sessions on a single session host. If the max session limit is too high, all user sessions will be directed to the same session host, and this will cause performance and reliability issues. Therefore, when setting a host pool to have depth first load balancing, you must set an appropriate max session limit according to the configuration of your deployment and capacity of your VMs.
-To learn more about load balancing in Windows Virtual Desktop, see [Configure the Windows Virtual Desktop load-balancing method](../virtual-desktop/troubleshoot-set-up-overview.md).
+To learn more about load balancing in Azure Virtual Desktop, see [Host pool load-balancing algorithms](../virtual-desktop/host-pool-load-balancing.md).
## Upgrade to the latest version of the Azure Communication Services SDKs
advisor Advisor Reference Operational Excellence Recommendations https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/advisor/advisor-reference-operational-excellence-recommendations.md
Learn more about [Host Pool - AVDStartVMonConnect (Permissions missing for start
### No validation environment enabled
-We have determined that you do not have a validation environment enabled in current subscription. When creating your host pools, you have selected "No" for "Validation environment" in the properties tab. Having at least one host pool with a validation environment enabled ensures the business continuity through Windows Virtual Desktop service deployments with early detection of potential issues.
+We have determined that you do not have a validation environment enabled in current subscription. When creating your host pools, you have selected "No" for "Validation environment" in the properties tab. Having at least one host pool with a validation environment enabled ensures the business continuity through Azure Virtual Desktop service deployments with early detection of potential issues.
Learn more about [Host Pool - ValidationEnvHostPools (No validation environment enabled)](../virtual-desktop/create-validation-host-pool.md). ### Not enough production environments enabled
-We have determined that too many of your host pools have Validation Environment enabled. In order for Validation Environments to best serve their purpose, you should have at least one, but never more than half of your host pools in Validation Environment. By having a healthy balance between your host pools with Validation Environment enabled and those with it disabled, you will best be able to utilize the benefits of the multistage deployments that Windows Virtual Desktop offers with certain updates. To fix this issue, open your host pool's properties and select "No" next to the "Validation Environment" setting.
+We have determined that too many of your host pools have Validation Environment enabled. In order for Validation Environments to best serve their purpose, you should have at least one, but never more than half of your host pools in Validation Environment. By having a healthy balance between your host pools with Validation Environment enabled and those with it disabled, you will best be able to utilize the benefits of the multistage deployments that Azure Virtual Desktop offers with certain updates. To fix this issue, open your host pool's properties and select "No" next to the "Validation Environment" setting.
Learn more about [Host Pool - ProductionEnvHostPools (Not enough production environments enabled)](../virtual-desktop/create-host-pools-powershell.md).
advisor Advisor Reference Performance Recommendations https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/advisor/advisor-reference-performance-recommendations.md
Learn more about [Communication service - UpgradeTurnSdk (Use recommended versio
### Improve user experience and connectivity by deploying VMs closer to userΓÇÖs location.
-We have determined that your VMs are located in a region different or far from where your users are connecting from, using Windows Virtual Desktop (WVD). This may lead to prolonged connection response times and will impact overall user experience on WVD.
+We have determined that your VMs are located in a region different or far from where your users are connecting from, using Azure Virtual Desktop. This may lead to prolonged connection response times and will impact overall user experience on Azure Virtual Desktop.
Learn more about [Virtual machine - RegionProximitySessionHosts (Improve user experience and connectivity by deploying VMs closer to userΓÇÖs location.)](../virtual-desktop/connection-latency.md).
Learn more about [Azure Database for PostgreSQL flexible server - OrcasPostgreSq
### Improve user experience and connectivity by deploying VMs closer to userΓÇÖs location.
-We have determined that your VMs are located in a region different or far from where your users are connecting from, using Windows Virtual Desktop (WVD). This may lead to prolonged connection response times and will impact overall user experience on WVD. When creating VMs for your host pools, you should attempt to use a region closer to the user. Having close proximity ensures continuing satisfaction with the WVD service and a better overall quality of experience.
+We have determined that your VMs are located in a region different or far from where your users are connecting from, using Azure Virtual Desktop. This may lead to prolonged connection response times and will impact overall user experience on Azure Virtual Desktop. When creating VMs for your host pools, you should attempt to use a region closer to the user. Having close proximity ensures continuing satisfaction with the Azure Virtual Desktop service and a better overall quality of experience.
Learn more about [Host Pool - RegionProximityHostPools (Improve user experience and connectivity by deploying VMs closer to userΓÇÖs location.)](../virtual-desktop/connection-latency.md).
advisor Advisor Reference Reliability Recommendations https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/advisor/advisor-reference-reliability-recommendations.md
We have identified that your Virtual Machine might be running a version of Check
Learn more about [Virtual machine - CheckPointPlatformServicingKnownIssueA (Check Point Virtual Machine may lose Network Connectivity.)](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk151752&partition=Advanced&product=CloudGuard).
-### Access to mandatory URLs missing for your Windows Virtual Desktop environment
+### Access to mandatory URLs missing for your Azure Virtual Desktop environment
-In order for a session host to deploy and register to WVD properly, you need to add a set of URLs to allowed list in case your virtual machine runs in restricted environment. After visiting "Learn More" link, you will be able to see the minimum list of URLs you need to unblock to have a successful deployment and functional session host. For specific URL(s) missing from allowed list, you may also search Application event log for event 3702.
+In order for a session host to deploy and register to Azure Virtual Desktop properly, you need to add a set of URLs to allowed list in case your virtual machine runs in restricted environment. After visiting the "Learn More" link, you will be able to see the minimum list of URLs you need to unblock to have a successful deployment and functional session host. For specific URL(s) missing from allowed list, you may also search Application event log for event 3702.
-Learn more about [Virtual machine - SessionHostNeedsAssistanceForUrlCheck (Access to mandatory URLs missing for your Windows Virtual Desktop environment)](../virtual-desktop/safe-url-list.md).
+Learn more about [Virtual machine - SessionHostNeedsAssistanceForUrlCheck (Access to mandatory URLs missing for your Azure Virtual Desktop environment)](../virtual-desktop/safe-url-list.md).
## PostgreSQL
aks Availability Zones https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/aks/availability-zones.md
This article detailed how to create an AKS cluster that uses availability zones.
<!-- LINKS - internal --> [install-azure-cli]: /cli/azure/install-azure-cli
-[az-feature-register]: /cli/azure/feature#az_feature_register
-[az-feature-list]: /cli/azure/feature#az_feature_list
-[az-provider-register]: /cli/azure/provider#az_provider_register
-[az-aks-create]: /cli/azure/aks#az_aks_create
+[az-feature-register]: /cli/azure/feature#az-feature-register
+[az-feature-list]: /cli/azure/feature#az-feature-list
+[az-provider-register]: /cli/azure/provider#az-provider-register
+[az-aks-create]: /cli/azure/aks#az-aks-create
[az-overview]: ../availability-zones/az-overview.md [best-practices-bc-dr]: operator-best-practices-multi-region.md [aks-support-policies]: support-policies.md [aks-faq]: faq.md [standard-lb-limitations]: load-balancer-standard.md#limitations
-[az-extension-add]: /cli/azure/extension#az_extension_add
-[az-extension-update]: /cli/azure/extension#az_extension_update
-[az-aks-nodepool-add]: /cli/azure/aks/nodepool#az_aks_nodepool_add
-[az-aks-get-credentials]: /cli/azure/aks#az_aks_get_credentials
+[az-extension-add]: /cli/azure/extension#az-extension-add
+[az-extension-update]: /cli/azure/extension#az-extension-update
+[az-aks-nodepool-add]: /cli/azure/aks/nodepool#az-aks-nodepool-add
+[az-aks-get-credentials]: /cli/azure/aks#az-aks-get-credentials
[vmss-zone-balancing]: ../virtual-machine-scale-sets/virtual-machine-scale-sets-use-availability-zones.md#zone-balancing [arm-template-null]: ../azure-resource-manager/templates/template-expressions.md#null-values
aks Cluster Autoscaler https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/aks/cluster-autoscaler.md
This article showed you how to automatically scale the number of AKS nodes. You
[aks-view-master-logs]: monitor-aks.md#configure-monitoring [autoscaler-profile-properties]: #using-the-autoscaler-profile [azure-cli-install]: /cli/azure/install-azure-cli
-[az-aks-show]: /cli/azure/aks#az_aks_show
-[az-extension-add]: /cli/azure/extension#az_extension_add
-[az-extension-update]: /cli/azure/extension#az_extension_update
-[az-aks-create]: /cli/azure/aks#az_aks_create
-[az-aks-update]: /cli/azure/aks#az_aks_update
-[az-aks-scale]: /cli/azure/aks#az_aks_scale
-[az-feature-register]: /cli/azure/feature#az_feature_register
-[az-feature-list]: /cli/azure/feature#az_feature_list
-[az-provider-register]: /cli/azure/provider#az_provider_register
+[az-aks-show]: /cli/azure/aks#az-aks-show
+[az-extension-add]: /cli/azure/extension#az-extension-add
+[az-extension-update]: /cli/azure/extension#az-extension-update
+[az-aks-create]: /cli/azure/aks#az-aks-create
+[az-aks-update]: /cli/azure/aks#az-aks-update
+[az-aks-scale]: /cli/azure/aks#az-aks-scale
+[az-feature-register]: /cli/azure/feature#az-feature-register
+[az-feature-list]: /cli/azure/feature#az-feature-list
+[az-provider-register]: /cli/azure/provider#az-provider-register
<!-- LINKS - external --> [az-aks-update-preview]: https://github.com/Azure/azure-cli-extensions/tree/master/src/aks-preview
aks Cluster Container Registry Integration https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/aks/cluster-container-registry-integration.md
nginx0-deployment-669dfc4d4b-xdpd6 1/1 Running 0 20s
``` ### Troubleshooting
-* Run the [az aks check-acr](/cli/azure/aks#az_aks_check_acr) command to validate that the registry is accessible from the AKS cluster.
+* Run the [az aks check-acr](/cli/azure/aks#az-aks-check-acr) command to validate that the registry is accessible from the AKS cluster.
* Learn more about [ACR Monitoring](../container-registry/monitor-service.md) * Learn more about [ACR Health](../container-registry/container-registry-check-health.md)
aks Cluster Extensions https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/aks/cluster-extensions.md
az k8s-extension delete --name azureml --cluster-name <clusterName> --resource-g
<!-- LINKS --> <!-- INTERNAL --> [arc-k8s-extensions]: ../azure-arc/kubernetes/conceptual-extensions.md
-[az-feature-register]: /cli/azure/feature#az_feature_register
-[az-feature-list]: /cli/azure/feature#az_feature_list
-[az-provider-register]: /cli/azure/provider#az_provider_register
+[az-feature-register]: /cli/azure/feature#az-feature-register
+[az-feature-list]: /cli/azure/feature#az-feature-list
+[az-provider-register]: /cli/azure/provider#az-provider-register
[azure-ml-overview]: ../machine-learning/how-to-attach-arc-kubernetes.md [dapr-overview]: ./dapr.md [gitops-overview]: ../azure-arc/kubernetes/conceptual-gitops-flux2.md
aks Csi Secrets Store Driver https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/aks/csi-secrets-store-driver.md
The following table lists the metrics provided by the Secrets Store CSI Driver:
Now that you've learned how to use the Azure Key Vault Provider for Secrets Store CSI Driver with an AKS cluster, see [Enable CSI drivers for Azure Disks and Azure Files on AKS][csi-storage-drivers]. <!-- LINKS INTERNAL -->
-[az-feature-register]: /cli/azure/feature#az_feature_register
-[az-feature-list]: /cli/azure/feature#az_feature_list
-[az-provider-register]: /cli/azure/provider#az_provider_register
-[az-extension-add]: /cli/azure/extension#az_extension_add
-[az-extension-update]: /cli/azure/extension#az_extension_update
-[az-aks-create]: /cli/azure/aks#az_aks_create
-[az-aks-enable-addons]: /cli/azure/aks#az_aks_enable_addons
-[az-aks-disable-addons]: /cli/azure/aks#az_aks_disable_addons
+[az-feature-register]: /cli/azure/feature#az-feature-register
+[az-feature-list]: /cli/azure/feature#az-feature-list
+[az-provider-register]: /cli/azure/provider#az-provider-register
+[az-extension-add]: /cli/azure/extension#az-extension-add
+[az-extension-update]: /cli/azure/extension#az-extension-update
+[az-aks-create]: /cli/azure/aks#az-aks-create
+[az-aks-enable-addons]: /cli/azure/aks#az-aks-enable-addons
+[az-aks-disable-addons]: /cli/azure/aks#az-aks-disable-addons
[key-vault-provider]: ../key-vault/general/key-vault-integrate-kubernetes.md [csi-storage-drivers]: ./csi-storage-drivers.md [create-key-vault]: ../key-vault/general/quick-create-cli.md
aks Custom Node Configuration https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/aks/custom-node-configuration.md
az aks nodepool add --name mynodepool1 --cluster-name myAKSCluster --resource-gr
[aks-view-master-logs]: ../azure-monitor/containers/container-insights-log-query.md#enable-resource-logs [autoscaler-profile-properties]: #using-the-autoscaler-profile [azure-cli-install]: /cli/azure/install-azure-cli
-[az-aks-show]: /cli/azure/aks#az_aks_show
-[az-extension-add]: /cli/azure/extension#az_extension_add
-[az-extension-update]: /cli/azure/extension#az_extension_update
-[az-aks-create]: /cli/azure/aks#az_aks_create
-[az-aks-update]: /cli/azure/aks#az_aks_update
-[az-aks-scale]: /cli/azure/aks#az_aks_scale
-[az-feature-register]: /cli/azure/feature#az_feature_register
-[az-feature-list]: /cli/azure/feature#az_feature_list
-[az-provider-register]: /cli/azure/provider#az_provider_register
+[az-aks-show]: /cli/azure/aks#az-aks-show
+[az-extension-add]: /cli/azure/extension#az-extension-add
+[az-extension-update]: /cli/azure/extension#az-extension-update
+[az-aks-create]: /cli/azure/aks#az-aks-create
+[az-aks-update]: /cli/azure/aks#az-aks-update
+[az-aks-scale]: /cli/azure/aks#az-aks-scale
+[az-feature-register]: /cli/azure/feature#az-feature-register
+[az-feature-list]: /cli/azure/feature#az-feature-list
+[az-provider-register]: /cli/azure/provider#az-provider-register
[upgrade-cluster]: upgrade-cluster.md [use-multiple-node-pools]: use-multiple-node-pools.md [max-surge]: upgrade-cluster.md#customize-node-surge-upgrade
aks Dapr https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/aks/dapr.md
az k8s-extension delete --resource-group myResourceGroup --cluster-name myAKSClu
<!-- LINKS INTERNAL --> [deploy-cluster]: ./tutorial-kubernetes-deploy-cluster.md
-[az-feature-register]: /cli/azure/feature#az_feature_register
-[az-feature-list]: /cli/azure/feature#az_feature_list
-[az-provider-register]: /cli/azure/provider#az_provider_register
+[az-feature-register]: /cli/azure/feature#az-feature-register
+[az-feature-list]: /cli/azure/feature#az-feature-list
+[az-provider-register]: /cli/azure/provider#az-provider-register
[sample-application]: ./quickstart-dapr.md [k8s-version-support-policy]: ./supported-kubernetes-versions.md?tabs=azure-cli#kubernetes-version-support-policy
aks Faq https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/aks/faq.md
AKS doesn't apply Network Security Groups (NSGs) to its subnet and will not modi
[aks-rbac-aad]: ./azure-ad-integration-cli.md [node-updates-kured]: node-updates-kured.md [aks-preview-cli]: /cli/azure/aks
-[az-aks-create]: /cli/azure/aks#az_aks_create
+[az-aks-create]: /cli/azure/aks#az-aks-create
[aks-rm-template]: /azure/templates/microsoft.containerservice/2019-06-01/managedclusters [aks-cluster-autoscaler]: cluster-autoscaler.md [nodepool-upgrade]: use-multiple-node-pools.md#upgrade-a-node-pool
aks Gpu Cluster https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/aks/gpu-cluster.md
Register the `GPUDedicatedVHDPreview` feature:
az feature register --name GPUDedicatedVHDPreview --namespace Microsoft.ContainerService ```
-It might take several minutes for the status to show as **Registered**. You can check the registration status by using the [az feature list](/cli/azure/feature#az_feature_list) command:
+It might take several minutes for the status to show as **Registered**. You can check the registration status by using the [az feature list](/cli/azure/feature#az-feature-list) command:
```azurecli az feature list -o table --query "[?contains(name, 'Microsoft.ContainerService/GPUDedicatedVHDPreview')].{Name:name,State:properties.state}" ```
-When the status shows as registered, refresh the registration of the `Microsoft.ContainerService` resource provider by using the [az provider register](/cli/azure/provider#az_provider_register) command:
+When the status shows as registered, refresh the registration of the `Microsoft.ContainerService` resource provider by using the [az provider register](/cli/azure/provider#az-provider-register) command:
```azurecli az provider register --namespace Microsoft.ContainerService
aks Howto Deploy Java Liberty App With Postgresql https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/aks/howto-deploy-java-liberty-app-with-postgresql.md
The steps in this section guide you through creating an Azure Database for Postg
An Azure resource group is a logical group in which Azure resources are deployed and managed.
- Create a resource group called *java-liberty-project-postgresql* using the [az group create](/cli/azure/group#az_group_create) command in the *eastus* location.
+ Create a resource group called *java-liberty-project-postgresql* using the [az group create](/cli/azure/group#az-group-create) command in the *eastus* location.
```bash RESOURCE_GROUP_NAME=java-liberty-project-postgresql
The steps in this section guide you through creating an Azure Database for Postg
1. Create the PostgreSQL server
- Use the [az postgres server create](/cli/azure/postgres/server#az_postgres_server_create) command to create the DB server. The following example creates a DB server named *youruniquedbname*. Make sure *youruniqueacrname* is unique within Azure.
+ Use the [az postgres server create](/cli/azure/postgres/server#az-postgres-server-create) command to create the DB server. The following example creates a DB server named *youruniquedbname*. Make sure *youruniqueacrname* is unique within Azure.
> [!TIP] > To help ensure a globally unique name, prepend a disambiguation string such as your intitials and the MMDD of today's date.
The steps in this section deploy and test the application.
## Clean up resources
-To avoid Azure charges, you should clean up unnecessary resources. When the cluster is no longer needed, use the [az group delete](/cli/azure/group#az_group_delete) command to remove the resource group, container service, container registry, and all related resources.
+To avoid Azure charges, you should clean up unnecessary resources. When the cluster is no longer needed, use the [az group delete](/cli/azure/group#az-group-delete) command to remove the resource group, container service, container registry, and all related resources.
```azurecli-interactive az group delete --name <RESOURCE_GROUP_NAME> --yes --no-wait
aks Howto Deploy Java Liberty App https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/aks/howto-deploy-java-liberty-app.md
For more details on Open Liberty, see [the Open Liberty project page](https://op
An Azure resource group is a logical group in which Azure resources are deployed and managed.
-Create a resource group called *java-liberty-project* using the [az group create](/cli/azure/group#az_group_create) command in the *eastus* location. This resource group will be used later for creating the Azure Container Registry (ACR) instance and the AKS cluster.
+Create a resource group called *java-liberty-project* using the [az group create](/cli/azure/group#az-group-create) command in the *eastus* location. This resource group will be used later for creating the Azure Container Registry (ACR) instance and the AKS cluster.
```azurecli-interactive RESOURCE_GROUP_NAME=java-liberty-project
az group create --name $RESOURCE_GROUP_NAME --location eastus
## Create an ACR instance
-Use the [az acr create](/cli/azure/acr#az_acr_create) command to create the ACR instance. The following example creates an ACR instance named *youruniqueacrname*. Make sure *youruniqueacrname* is unique within Azure.
+Use the [az acr create](/cli/azure/acr#az-acr-create) command to create the ACR instance. The following example creates an ACR instance named *youruniqueacrname*. Make sure *youruniqueacrname* is unique within Azure.
```azurecli-interactive export REGISTRY_NAME=youruniqueacrname
You should see `Login Succeeded` at the end of command output if you have logged
## Create an AKS cluster
-Use the [az aks create](/cli/azure/aks#az_aks_create) command to create an AKS cluster. The following example creates a cluster named *myAKSCluster* with one node. This will take several minutes to complete.
+Use the [az aks create](/cli/azure/aks#az-aks-create) command to create an AKS cluster. The following example creates a cluster named *myAKSCluster* with one node. This will take several minutes to complete.
```azurecli-interactive CLUSTER_NAME=myAKSCluster
After a few minutes, the command completes and returns JSON-formatted informatio
### Connect to the AKS cluster
-To manage a Kubernetes cluster, you use [kubectl](https://kubernetes.io/docs/reference/kubectl/overview/), the Kubernetes command-line client. If you use Azure Cloud Shell, `kubectl` is already installed. To install `kubectl` locally, use the [az aks install-cli](/cli/azure/aks#az_aks_install_cli) command:
+To manage a Kubernetes cluster, you use [kubectl](https://kubernetes.io/docs/reference/kubectl/overview/), the Kubernetes command-line client. If you use Azure Cloud Shell, `kubectl` is already installed. To install `kubectl` locally, use the [az aks install-cli](/cli/azure/aks#az-aks-install-cli) command:
```azurecli-interactive az aks install-cli ```
-To configure `kubectl` to connect to your Kubernetes cluster, use the [az aks get-credentials](/cli/azure/aks#az_aks_get_credentials) command. This command downloads credentials and configures the Kubernetes CLI to use them.
+To configure `kubectl` to connect to your Kubernetes cluster, use the [az aks get-credentials](/cli/azure/aks#az-aks-get-credentials) command. This command downloads credentials and configures the Kubernetes CLI to use them.
```azurecli-interactive az aks get-credentials --resource-group $RESOURCE_GROUP_NAME --name $CLUSTER_NAME --overwrite-existing
Open a web browser to the external IP address of your service (`52.152.189.57` f
## Clean up the resources
-To avoid Azure charges, you should clean up unnecessary resources. When the cluster is no longer needed, use the [az group delete](/cli/azure/group#az_group_delete) command to remove the resource group, container service, container registry, and all related resources.
+To avoid Azure charges, you should clean up unnecessary resources. When the cluster is no longer needed, use the [az group delete](/cli/azure/group#az-group-delete) command to remove the resource group, container service, container registry, and all related resources.
```azurecli-interactive az group delete --name $RESOURCE_GROUP_NAME --yes --no-wait
aks Http Application Routing https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/aks/http-application-routing.md
ingress "aks-helloworld" deleted
For information on how to install an HTTPS-secured Ingress controller in AKS, see [HTTPS Ingress on Azure Kubernetes Service (AKS)][ingress-https]. <!-- LINKS - internal -->
-[az-aks-create]: /cli/azure/aks#az_aks_create
-[az-aks-show]: /cli/azure/aks#az_aks_show
+[az-aks-create]: /cli/azure/aks#az-aks-create
+[az-aks-show]: /cli/azure/aks#az-aks-show
[ingress-https]: ./ingress-tls.md
-[az-aks-enable-addons]: /cli/azure/aks#az_aks_enable_addons
-[az aks install-cli]: /cli/azure/aks#az_aks_install_cli
-[az aks get-credentials]: /cli/azure/aks#az_aks_get_credentials
+[az-aks-enable-addons]: /cli/azure/aks#az-aks-enable-addons
+[az aks install-cli]: /cli/azure/aks#az-aks-install-cli
+[az aks get-credentials]: /cli/azure/aks#az-aks-get-credentials
<!-- LINKS - external --> [dns-pricing]: https://azure.microsoft.com/pricing/details/dns/
aks Ingress Tls https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/aks/ingress-tls.md
You can also:
- [Create an ingress controller that uses Let's Encrypt to automatically generate TLS certificates with a static public IP address][aks-ingress-static-tls] <!-- LINKS - external -->
-[az-network-dns-record-set-a-add-record]: /cli/azure/network/dns/record-set/#az_network_dns_record_set_a_add_record
+[az-network-dns-record-set-a-add-record]: /cli/azure/network/dns/record-set/#az-network-dns-record-set-a-add-record
[new-az-dns-recordset-create-a-record]: /powershell/module/az.dns/new-azdnsrecordset [custom-domain]: ../app-service/manage-custom-dns-buy-domain.md#buy-an-app-service-domain [dns-zone]: ../dns/dns-getstarted-cli.md
You can also:
[cert-manager-issuer]: https://cert-manager.io/docs/concepts/issuer/ [lets-encrypt]: https://letsencrypt.org/ [nginx-ingress]: https://github.com/kubernetes/ingress-nginx
-[helm-install]: https://docs.helm.sh/using_helm/#installing-helm
+[helm-install]: https://docs.helm.sh/using-helm/#installing-helm
[ingress-nginx-helm-chart]: https://github.com/kubernetes/ingress-nginx/tree/main/charts/ingress-nginx <!-- LINKS - internal -->
aks Kubernetes Action https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/aks/kubernetes-action.md
For a workflow targeting AKS, the file has three sections:
## Create a service principal
-You can create a [service principal](../active-directory/develop/app-objects-and-service-principals.md#service-principal-object) by using the [az ad sp create-for-rbac](/cli/azure/ad/sp#az_ad_sp_create_for_rbac) command in the [Azure CLI](/cli/azure/). You can run this command using [Azure Cloud Shell](https://shell.azure.com/) in the Azure portal or by selecting the **Try it** button.
+You can create a [service principal](../active-directory/develop/app-objects-and-service-principals.md#service-principal-object) by using the [az ad sp create-for-rbac](/cli/azure/ad/sp#az-ad-sp-create-for-rbac) command in the [Azure CLI](/cli/azure/). You can run this command using [Azure Cloud Shell](https://shell.azure.com/) in the Azure portal or by selecting the **Try it** button.
```azurecli-interactive az ad sp create-for-rbac --name "myApp" --role contributor --scopes /subscriptions/<SUBSCRIPTION_ID>/resourceGroups/<RESOURCE_GROUP> --sdk-auth
aks Open Service Mesh Azure Monitor https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/aks/open-service-mesh-azure-monitor.md
- Title: Configure Monitoring and Observability with Open Service Mesh on Azure Kubernetes Service (AKS)
-description: Configure Monitoring and Observability with Open Service Mesh on Azure Kubernetes Service (AKS)
-- Previously updated : 8/26/2021---
-# Configure Monitoring and Observability with Open Service Mesh on Azure Kubernetes Service (AKS)
-
-Both Azure Monitor and Azure Application Insights assist with maximizing the availability and performance of your applications and services. These services deliver a comprehensive solution for collecting, analyzing, and acting on telemetry from your cloud and on-premises environments.
-
-The OSM AKS add-on will have deep integrations into both of these Azure services, and provide a seamless Azure experience for viewing and responding to critical KPIs provided by OSM metrics.
-
-## Enable Azure Monitor
-
-Once the OSM AKS add-on has been enabled on the AKS cluster, Azure Monitor needs to be enabled in the cluster via Azure portal. Click on the AKS cluster, navigate to the "Insights" tab under "Monitoring," and select "Enable."
-
-Once Azure Monitor has been enabled, you should be able to see the following pods in the kube-system namespace:
-
-```
-kube-system omsagent-5pn4c 1/1 Running 0 24m
-kube-system omsagent-6r6zt 1/1 Running 0 24m
-kube-system omsagent-j8xrh 1/1 Running 0 24m
-kube-system omsagent-rs-74b8f7dfd8-rp5vx 1/1 Running 1 24m
-```
-
-## Enable metrics in OSM monitored namespaces
-
-For metrics to be scraped from a particular namespace monitored by the mesh, the following command needs to be run:
-
-```sh
-osm metrics enable --namespace <namespace>
-```
-
-For instance, if you are running the [bookstore demo](https://docs.openservicemesh.io/docs/getting_started/install_apps/), you would run the `osm metrics enable` command on the following namespaces:
-
-```sh
-osm metrics enable --namespace bookbuyer
-osm metrics enable --namespace bookstore
-osm metrics enable --namespace bookthief
-osm metrics enable --namespace bookwarehouse
-```
-
-## Apply ConfigMap
-
-Create the following ConfigMap in `kube-system`, which will tell Azure Monitor what namespaces should be monitored. For instance, for the bookbuyer / bookstore demo, the ConfigMap would look as follows:
-
-```yaml
-kind: ConfigMap
-apiVersion: v1
-data:
- schema-version: v1
- config-version: ver1
- osm-metric-collection-configuration: |-
- # OSM metric collection settings
- [osm_metric_collection_configuration]
- [osm_metric_collection_configuration.settings]
- # Namespaces to monitor
- monitor_namespaces = ["bookstore", "bookbuyer", "bookthief", "bookwarehouse"]
-metadata:
- name: container-azm-ms-osmconfig
- namespace: kube-system
-```
-
-## View metrics in the Azure portal
-
-In Azure portal, select the Kubernetes cluster and then the "Logs" tab under "Monitoring." You should be now able to query the `InsightsMetrics` table to view metrics in the enabled namespaces. For instance, if you wanted to see the envoy metrics for `bookbuyer`, you would use the following query:
-
-```sh
-InsightsMetrics
-| where Name contains "envoy"
-| extend t=parse_json(Tags)
-| where t.app == "bookbuyer"
-```
-
-## Additional information
-
-For more information on how to enable and configure Azure Monitor and Azure Application Insights for the OSM AKS add-on, visit the [Azure Monitor for OSM](https://aka.ms/azmon/osmpreview) page.
-
-In addition, there are open source tools you can use with OSM for observability. For more information, see the [OSM Observability][osm-observeability].
-
-[osm-observeability]: https://docs.openservicemesh.io/docs/guides/observability/
aks Open Service Mesh Deploy Addon Bicep https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/aks/open-service-mesh-deploy-addon-bicep.md
For deployment of a new AKS cluster, you enable the OSM add-on at cluster creati
### Create a resource group
-In Azure, you can associate related resources by using a resource group. Create a resource group by using [az group create](/cli/azure/group#az_group_create). The following example creates a resource group named *my-osm-bicep-aks-cluster-rg* in a specified Azure location (region):
+In Azure, you can associate related resources by using a resource group. Create a resource group by using [az group create](/cli/azure/group#az-group-create). The following example creates a resource group named *my-osm-bicep-aks-cluster-rg* in a specified Azure location (region):
```azurecli-interactive az group create --name <my-osm-bicep-aks-cluster-rg> --location <azure-region>
aks Open Service Mesh Integrations https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/aks/open-service-mesh-integrations.md
+
+ Title: Integrations with Open Service Mesh on Azure Kubernetes Service (AKS)
+description: Integrations with Open Service Mesh on Azure Kubernetes Service (AKS)
++ Last updated : 03/23/2022++
+# Integrations with Open Service Mesh on Azure Kubernetes Service (AKS)
+
+The Open Service Mesh (OSM) add-on integrates with features provided by Azure as well as open source projects.
+
+> [!IMPORTANT]
+> Integrations with open source projects are not covered by the [AKS support policy][aks-support-policy].
+
+## Ingress
+
+Ingress allows for traffic external to the mesh to be routed to services within the mesh. With OSM, you can configure most ingress solutions to work with your mesh, but OSM works best with either [NGINX ingress][osm-nginx] or [Contour ingress][osm-contour]. Open source projects integrating with OSM, including NGINX ingress and Contour ingress, are not covered by the [AKS support policy][aks-support-policy].
+
+Using [Azure Gateway Ingress Controller (AGIC)][agic] for ingress with OSM is not supported and not recommended.
+
+## Metrics observability
+
+Observability of metrics allows you to view the metrics of your mesh and the deployments in your mesh. With OSM, you can use [Prometheus and Grafana][osm-metrics] for metrics observability, but those integrations are not covered by the [AKS support policy][aks-support-policy].
+
+You can also integrate OSM with [Azure Monitor][azure-monitor].
+
+Before you can enable metrics on your mesh to integrate with Azure Monitor:
+
+* Enable Azure Monitor on your cluster
+* Enable the OSM add-on for your AKS cluster
+* Onboard your application namespaces to the mesh
+
+To enable metrics for a namespace in the mesh use `osm metrics enable`. For example:
+
+```console
+osm metrics enable --namespace myappnamespace
+```
+
+Create a Configmap in the `kube-system` namespace that enables Azure Monitor to monitor your namespaces. For example, create a `monitor-configmap.yaml` with the following to monitor the `myappnamespace`:
+
+```yaml
+kind: ConfigMap
+apiVersion: v1
+data:
+ schema-version: v1
+ config-version: ver1
+ osm-metric-collection-configuration: |-
+ # OSM metric collection settings
+ [osm_metric_collection_configuration]
+ [osm_metric_collection_configuration.settings]
+ # Namespaces to monitor
+ monitor_namespaces = ["myappnamespace"]
+metadata:
+ name: container-azm-ms-osmconfig
+ namespace: kube-system
+```
+
+Apply that ConfigMap using `kubectl apply`.
+
+```console
+kubectl apply -f monitor-configmap.yaml
+```
+
+To access your metrics from the Azure portal, select your AKS cluster, then select *Logs* under *Monitoring*. From the *Monitoring* section, query the `InsightsMetrics` table to view metrics in the enabled namespaces. For example, the following query shows the *envoy* metrics for the *myappnamespace* namespace.
+
+```sh
+InsightsMetrics
+| where Name contains "envoy"
+| extend t=parse_json(Tags)
+| where t.app == "myappnamespace"
+```
+
+## Automation and developer tools
+
+OSM can integrate with certain automation projects and developer tooling to help operators and developers build and release applications. For example, OSM integrates with [Flagger][osm-flagger] for progressive delivery and [Dapr][osm-dapr] for building applications. OSM's integration with Flagger and Dapr are not covered by the [AKS support policy][aks-support-policy].
+
+## External authorization
+
+External authorization allows you to offload authorization of HTTP requests to an external service. OSM can use external authorization by integrating with [Open Policy Agent (OPA)][osm-opa], but that integration is not covered by the [AKS support policy][aks-support-policy].
+
+## Certificate management
+
+OSM has several types of certificates it uses to operate on your AKS cluster. OSM includes its own certificate manager called Tresor, which is used by default. Alternatively, OSM allows you to integrate with [Hashicorp Vault][osm-hashi-vault], [Tresor][osm-tresor], and [cert-manager][osm-cert-manager], but those integrations are not covered by the [AKS support policy][aks-support-policy].
+++
+[agic]: ../application-gateway/ingress-controller-overview.md
+[agic-aks]: ../application-gateway/tutorial-ingress-controller-add-on-existing.md
+[aks-support-policy]: support-policies.md
+[azure-monitor]: ../azure-monitor/overview.md
+[nginx]: https://github.com/kubernetes/ingress-nginx
+[osm-ingress-policy]: https://release-v1-0.docs.openservicemesh.io/docs/demos/ingress_k8s_nginx/#http-ingress
+[osm-nginx]: https://release-v1-0.docs.openservicemesh.io/docs/demos/ingress_k8s_nginx/
+[osm-contour]: https://release-v1-0.docs.openservicemesh.io/docs/guides/traffic_management/ingress/#1-using-contour-ingress-controller-and-gateway
+[osm-metrics]: https://release-v1-0.docs.openservicemesh.io/docs/guides/observability/metrics/
+[osm-dapr]: https://release-v1-0.docs.openservicemesh.io/docs/guides/integrations/dapr/
+[osm-flagger]: https://release-v1-0.docs.openservicemesh.io/docs/guides/integrations/flagger/
+[osm-opa]: https://release-v1-0.docs.openservicemesh.io/docs/guides/integrations/external_auth_opa/
+[osm-hashi-vault]: https://release-v1-0.docs.openservicemesh.io/docs/guides/certificates/#using-hashicorp-vault
+[osm-cert-manager]: https://release-v1-0.docs.openservicemesh.io/docs/guides/certificates/#using-cert-manager
+[open-source-integrations]: open-service-mesh-integrations.md#additional-open-source-integrations
+[osm-traffic-management-example]: https://github.com/MicrosoftDocs/azure-docs/pull/81085/files
+[osm-tresor]: https://release-v1-0.docs.openservicemesh.io/docs/guides/certificates/#using-osms-tresor-certificate-issuer
aks Out Of Tree https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/aks/out-of-tree.md
az aks upgrade -n aks -g myResourceGroup -k <version> --aks-custom-headers Enabl
<!-- LINKS - internal -->
-[az-provider-register]: /cli/azure/provider#az_provider_register
-[az-feature-register]: /cli/azure/feature#az_feature_register
-[az-feature-list]: /cli/azure/feature#az_feature_list
+[az-provider-register]: /cli/azure/provider#az-provider-register
+[az-feature-register]: /cli/azure/feature#az-feature-register
+[az-feature-list]: /cli/azure/feature#az-feature-list
[csi-docs]: csi-storage-drivers.md <!-- LINKS - External -->
aks Quickstart Dapr https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/aks/quickstart-dapr.md
After successfully deploying this sample application:
<!-- INTERNAL --> [cluster-extensions]: ./cluster-extensions.md [dapr-overview]: ./dapr.md
-[az-group-delete]: /cli/azure/group#az_group_delete
+[az-group-delete]: /cli/azure/group#az-group-delete
<!-- EXTERNAL --> [hello-world-gh]: https://github.com/dapr/quickstarts/tree/v1.4.0/hello-kubernetes
aks Use Labels https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/aks/use-labels.md
+
+ Title: Use labels in an Azure Kubernetes Service (AKS) cluster
+description: Learn how to use labels in an Azure Kubernetes Service (AKS) cluster.
++++ Last updated : 03/03/2022+
+#Customer intent: As a cluster operator, I want to learn how to use labels in an AKS cluster so that I can set scheduling rules for nodes.
++
+# Use labels in an Azure Kubernetes Service (AKS) cluster
+
+If you have multiple node pools, you may want to add a label during node pool creation. [These labels][kubernetes-labels] are visible in Kubernetes for handling scheduling rules for nodes. You can add labels to a node pool anytime, and they'll be set on all nodes in the node pool.
+
+In this how-to guide, you'll learn how to use labels in an AKS cluster.
+
+## Prerequisites
+
+You need the Azure CLI version 2.2.0 or later installed and configured. Run `az --version` to find the version. If you need to install or upgrade, see [Install Azure CLI][install-azure-cli].
+
+## Create an AKS cluster with a label
+
+To create an AKS cluster with a label, use [az aks create][az-aks-create]. Specify the `--node-labels` parameter to set your labels. Labels must be a key/value pair and have a [valid syntax][kubernetes-label-syntax].
+
+```azurecli-interactive
+az aks create \
+ --resource-group myResourceGroup \
+ --name myAKSCluster \
+ --node-count 2 \
+ --nodepool-labels dept=IT costcenter=9000
+```
+
+Verify the labels were set by running `kubectl get nodes --show-labels`.
+
+```bash
+kubectl get nodes --show-labels | grep -e "costcenter=9000" -e "dept=IT"
+```
+
+## Create a node pool with a label
+
+To create a node pool with a label, use [az aks nodepool add][az-aks-nodepool-add]. Specify the name *labelnp* and use the `--labels` parameter to specify *dept=HR* and *costcenter=5000* for labels. Labels must be a key/value pair and have a [valid syntax][kubernetes-label-syntax]
+
+```azurecli-interactive
+az aks nodepool add \
+ --resource-group myResourceGroup \
+ --cluster-name myAKSCluster \
+ --name labelnp \
+ --node-count 1 \
+ --labels dept=HR costcenter=5000 \
+ --no-wait
+```
+
+The following example output from the [az aks nodepool list][az-aks-nodepool-list] command shows that *labelnp* is *Creating* nodes with the specified *nodeLabels*:
+
+```azurecli
+az aks nodepool list -g myResourceGroup --cluster-name myAKSCluster
+
+```output
+[
+ {
+ ...
+ "count": 1,
+ ...
+ "name": "labelnp",
+ "orchestratorVersion": "1.15.7",
+ ...
+ "provisioningState": "Creating",
+ ...
+ "nodeLabels": {
+ "costcenter": "5000",
+ "dept": "HR"
+ },
+ ...
+ },
+ ...
+]
+```
+
+Verify the labels were set by running `kubectl get nodes --show-labels`.
+
+```bash
+kubectl get nodes --show-labels | grep -e "costcenter=5000" -e "dept=HR"
+```
+
+## Updating labels on existing node pools
+
+To update a label on existing node pools, use [az aks nodepool update][az-aks-nodepool-update]. Updating labels on existing node pools will overwrite the old labels with the new labels. Labels must be a key/value pair and have a [valid syntax][kubernetes-label-syntax].
+
+```azurecli-interactive
+az aks nodepool update \
+ --resource-group myResourceGroup \
+ --cluster-name myAKSCluster \
+ --name labelnp \
+ --labels dept=ACCT costcenter=6000 \
+ --no-wait
+```
+
+Verify the labels were set by running `kubectl get nodes --show-labels`.
+
+```bash
+kubectl get nodes --show-labels | grep -e "costcenter=6000" -e "dept=ACCT"
+```
+
+## Unavailable labels
+
+### Reserved system labels
+
+Since the [2021-08-19 AKS release][aks-release-2021-gh], Azure Kubernetes Service (AKS) has stopped the ability to make changes to AKS reserved labels. Attempting to change these labels will result in an error message.
+
+The following labels are reserved for use by AKS. *Virtual node usage* specifies if these labels could be a supported system feature on virtual nodes.
+
+Some properties that these system features change aren't available on the virtual nodes, because they require modifying the host.
+
+| Label | Value | Example/Options | Virtual node usage |
+| - | | | |
+| kubernetes.azure.com/agentpool | \<agent pool name> | nodepool1 | Same |
+| kubernetes.io/arch | amd64 | runtime.GOARCH | N/A |
+| kubernetes.io/os | \<OS Type> | Linux/Windows | Same |
+| node.kubernetes.io/instance-type | \<VM size> | Standard_NC6 | Virtual |
+| topology.kubernetes.io/region | \<Azure region> | westus2 | Same |
+| topology.kubernetes.io/zone | \<Azure zone> | 0 | Same |
+| kubernetes.azure.com/cluster | \<MC_RgName> | MC_aks_myAKSCluster_westus2 | Same |
+| kubernetes.azure.com/mode | \<mode> | User or system | User |
+| kubernetes.azure.com/role | agent | Agent | Same |
+| kubernetes.azure.com/scalesetpriority | \<VMSS priority> | Spot or regular | N/A |
+| kubernetes.io/hostname | \<hostname> | aks-nodepool-00000000-vmss000000 | Same |
+| kubernetes.azure.com/storageprofile | \<OS disk storage profile> | Managed | N/A |
+| kubernetes.azure.com/storagetier | \<OS disk storage tier> | Premium_LRS | N/A |
+| kubernetes.azure.com/instance-sku | \<SKU family> | Standard_N | Virtual |
+| kubernetes.azure.com/node-image-version | \<VHD version> | AKSUbuntu-1804-2020.03.05 | Virtual node version |
+| kubernetes.azure.com/subnet | \<nodepool subnet name> | subnetName | Virtual node subnet name |
+| kubernetes.azure.com/vnet | \<nodepool vnet name> | vnetName | Virtual node virtual network |
+| kubernetes.azure.com/ppg | \<nodepool ppg name> | ppgName | N/A |
+| kubernetes.azure.com/encrypted-set | \<nodepool encrypted-set name> | encrypted-set-name | N/A |
+| kubernetes.azure.com/accelerator | \<accelerator> | nvidia | N/A |
+| kubernetes.azure.com/fips_enabled | \<is fips enabled?> | true | N/A |
+| kubernetes.azure.com/os-sku | \<os/sku> | [Create or update OS SKU][create-or-update-os-sku] | Linux |
+
+* *Same* is included in places where the expected values for the labels don't differ between a standard node pool and a virtual node pool. As virtual node pods don't expose any underlying virtual machine (VM), the VM SKU values are replaced with the SKU *Virtual*.
+* *Virtual node version* refers to the current version of the [virtual Kubelet-ACI connector release][virtual-kubelet-release].
+* *Virtual node subnet name* is the name of the subnet where virtual node pods are deployed into Azure Container Instance (ACI).
+* *Virtual node virtual network* is the name of the virtual network, which contains the subnet where virtual node pods are deployed on ACI.
+
+### Reserved prefixes
+
+The following list of prefixes are reserved for usage by AKS and can't be used for any node.
+
+* kubernetes.azure.com/
+* kubernetes.io/
+
+For additional reserved prefixes, see [Kubernetes well-known labels, annotations, and taints][kubernetes-well-known-labels].
+
+### Deprecated labels
+
+The following labels are planned for deprecation with the release of [Kubernetes v1.24][aks-release-calendar]. Customers should change any label references to the recommended substitute.
+
+| Label | Recommended substitute | Maintainer |
+| | | |
+| failure-domain.beta.kubernetes.io/region | topology.kubernetes.io/region | [Kubernetes][kubernetes-labels]
+| failure-domain.beta.kubernetes.io/zone | topology.kubernetes.io/zone | [Kubernetes][kubernetes-labels]
+| beta.kubernetes.io/arch | kubernetes.io/arch | [Kubernetes][kubernetes-labels]
+| beta.kubernetes.io/instance-type | node.kubernetes.io/instance-type | [Kubernetes][kubernetes-labels]
+| beta.kubernetes.io/os | kubernetes.io/os | [Kubernetes][kubernetes-labels]
+| node-role.kubernetes.io/agent* | kubernetes.azure.com/role=agent | Azure Kubernetes Service
+| kubernetes.io/role* | kubernetes.azure.com/role=agent | Azure Kubernetes Service
+| Agentpool* | kubernetes.azure.com/agentpool | Azure Kubernetes Service
+| Storageprofile* | kubernetes.azure.com/storageprofile | Azure Kubernetes Service
+| Storagetier* | kubernetes.azure.com/storagetier | Azure Kubernetes Service
+| Accelerator* | kubernetes.azure.com/accelerator | Azure Kubernetes Service
+
+*Newly deprecated. For more information, see [Release Notes][aks-release-notes-gh] on when these labels will no longer be maintained.
+
+## Next steps
+
+Learn more about Kubernetes labels at the [Kubernetes labels documentation][kubernetes-labels].
+
+<!-- LINKS - external -->
+[aks-release-2021-gh]: https://github.com/Azure/AKS/releases/tag/2021-08-19
+[aks-release-notes-gh]: https://github.com/Azure/AKS/releases
+[kubernetes-labels]: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
+[kubernetes-label-syntax]: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#syntax-and-character-set
+[kubernetes-well-known-labels]: https://kubernetes.io/docs/reference/labels-annotations-taints/
+[virtual-kubelet-release]: https://github.com/virtual-kubelet/azure-aci/releases
+
+<!-- LINKS - internal -->
+[aks-release-calendar]: ./supported-kubernetes-versions.md#aks-kubernetes-release-calendar
+[az-aks-create]: /cli/azure/aks#az-aks-create
+[az-aks-nodepool-add]: /cli/azure/aks#az-aks-nodepool-add
+[az-aks-nodepool-list]: /cli/azure/aks/nodepool#az-aks-nodepool-list
+[az-aks-nodepool-update]: /cli/azure/aks/nodepool#az-aks-nodepool-update
+[create-or-update-os-sku]: /rest/api/aks/agent-pools/create-or-update#ossku
+[install-azure-cli]: /cli/azure/install-azure-cli
api-management Api Management Access Restriction Policies https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/api-management/api-management-access-restriction-policies.md
Title: Azure API Management access restriction policies | Microsoft Docs
-description: Learn about the access restriction policies available for use in Azure API Management.
+description: Reference for the access restriction policies available for use in Azure API Management. Provides policy usage, settings, and examples.
documentationcenter: '' - Previously updated : 02/02/2022+ Last updated : 03/04/2022 # API Management access restriction policies
-This topic provides a reference for the following API Management policies. For information on adding and configuring policies, see [Policies in API Management](./api-management-policies.md).
+This article provides a reference for API Management access restriction policies.
+ ## <a name="AccessRestrictionPolicies"></a> Access restriction policies -- [Check HTTP header](#CheckHTTPHeader) - Enforces existence and/or value of a HTTP header.
+- [Check HTTP header](#CheckHTTPHeader) - Enforces existence and/or value of an HTTP header.
- [Limit call rate by subscription](#LimitCallRate) - Prevents API usage spikes by limiting call rate, on a per subscription basis. - [Limit call rate by key](#LimitCallRateByKey) - Prevents API usage spikes by limiting call rate, on a per key basis. - [Restrict caller IPs](#RestrictCallerIPs) - Filters (allows/denies) calls from specific IP addresses and/or address ranges.
This topic provides a reference for the following API Management policies. For i
Use the `check-header` policy to enforce that a request has a specified HTTP header. You can optionally check to see if the header has a specific value or check for a range of allowed values. If the check fails, the policy terminates request processing and returns the HTTP status code and error message specified by the policy. + ### Policy statement ```xml
This policy can be used in the following policy [sections](./api-management-howt
The `rate-limit` policy prevents API usage spikes on a per subscription basis by limiting the call rate to a specified number per a specified time period. When the call rate is exceeded, the caller receives a `429 Too Many Requests` response status code.
+To understand the difference between rate limits and quotas, [see Rate limits and quotas.](./api-management-sample-flexible-throttling.md#rate-limits-and-quotas)
+ > [!IMPORTANT]
-> This policy can be used only once per policy document.
->
-> [Policy expressions](api-management-policy-expressions.md) cannot be used in any of the policy attributes for this policy.
+> * This policy can be used only once per policy document.
+> * [Policy expressions](api-management-policy-expressions.md) cannot be used in any of the policy attributes for this policy.
> [!CAUTION]
-> Due to the distributed nature of throttling architecture, rate limiting is never completely accurate. The difference between configured and the real number of allowed requests vary based on request volume and rate, backend latency, and other factors.
+> Due to the distributed nature of throttling architecture, rate limiting is never completely accurate. The difference between configured and the real number of allowed requests varyies based on request volume and rate, backend latency, and other factors.
-> [!NOTE]
-> To understand the difference between rate limits and quotas, [see Rate limits and quotas.](./api-management-sample-flexible-throttling.md#rate-limits-and-quotas)
### Policy statement
This policy can be used in the following policy [sections](./api-management-howt
The `rate-limit-by-key` policy prevents API usage spikes on a per key basis by limiting the call rate to a specified number per a specified time period. The key can have an arbitrary string value and is typically provided using a policy expression. Optional increment condition can be added to specify which requests should be counted towards the limit. When this call rate is exceeded, the caller receives a `429 Too Many Requests` response status code.
+To understand the difference between rate limits and quotas, [see Rate limits and quotas.](./api-management-sample-flexible-throttling.md#rate-limits-and-quotas)
+ For more information and examples of this policy, see [Advanced request throttling with Azure API Management](./api-management-sample-flexible-throttling.md). > [!CAUTION] > Due to the distributed nature of throttling architecture, rate limiting is never completely accurate. The difference between configured and the real number of allowed requests vary based on request volume and rate, backend latency, and other factors.
-> [!NOTE]
-> To understand the difference between rate limits and quotas, [see Rate limits and quotas.](./api-management-sample-flexible-throttling.md#rate-limits-and-quotas)
### Policy statement
This policy can be used in the following policy [sections](./api-management-howt
The `ip-filter` policy filters (allows/denies) calls from specific IP addresses and/or address ranges. + ### Policy statement ```xml
This policy can be used in the following policy [sections](./api-management-howt
The `quota` policy enforces a renewable or lifetime call volume and/or bandwidth quota, on a per subscription basis.
+To understand the difference between rate limits and quotas, [see Rate limits and quotas.](./api-management-sample-flexible-throttling.md#rate-limits-and-quotas)
+ > [!IMPORTANT]
-> This policy can be used only once per policy document.
->
-> [Policy expressions](api-management-policy-expressions.md) cannot be used in any of the policy attributes for this policy.
+> * This policy can be used only once per policy document.
+> * [Policy expressions](api-management-policy-expressions.md) cannot be used in any of the policy attributes for this policy.
-> [!NOTE]
-> To understand the difference between rate limits and quotas, [see Rate limits and quotas.](./api-management-sample-flexible-throttling.md#rate-limits-and-quotas)
### Policy statement
The `quota-by-key` policy enforces a renewable or lifetime call volume and/or ba
For more information and examples of this policy, see [Advanced request throttling with Azure API Management](./api-management-sample-flexible-throttling.md).
-> [!NOTE]
-> To understand the difference between rate limits and quotas, [see Rate limits and quotas.](./api-management-sample-flexible-throttling.md#rate-limits-and-quotas)
+To understand the difference between rate limits and quotas, [see Rate limits and quotas.](./api-management-sample-flexible-throttling.md#rate-limits-and-quotas)
++ ### Policy statement
The `validate-jwt` policy enforces existence and validity of a JSON web token (J
> The `validate-jwt` policy supports HS256 and RS256 signing algorithms. For HS256 the key must be provided inline within the policy in the base64 encoded form. For RS256 the key may be provided either via an Open ID configuration endpoint, or by providing the ID of an uploaded certificate that contains the public key or modulus-exponent pair of the public key. > The `validate-jwt` policy supports tokens encrypted with symmetric keys using the following encryption algorithms: A128CBC-HS256, A192CBC-HS384, A256CBC-HS512. ++ ### Policy statement ```xml
Use this policy to check incoming certificate properties against desired propert
* If you have uploaded custom CA certificates to validate client requests to the managed gateway * If you configured custom certificate authorities to validate client requests to a self-managed gateway
-For more information about custom CA certificates and certificate authorities, see [How to add a custom CA certificate in Azure API Management](api-management-howto-ca-certificates.md).
+For more information about custom CA certificates and certificate authorities, see [How to add a custom CA certificate in Azure API Management](api-management-howto-ca-certificates.md).
+
### Policy statement
This policy can be used in the following policy [sections](./api-management-howt
- **Policy sections:** inbound - **Policy scopes:** all scopes
-## Next steps
-
-For more information working with policies, see:
--- [Policies in API Management](api-management-howto-policies.md)-- [Transform APIs](transform-api.md)-- [Policy Reference](./api-management-policies.md) for a full list of policy statements and their settings-- [Policy samples](./policy-reference.md)
api-management Api Management Advanced Policies https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/api-management/api-management-advanced-policies.md
Title: Azure API Management advanced policies | Microsoft Docs
-description: Learn about the advanced policies available for use in Azure API Management. See examples and view additional available resources.
+description: Reference for the advanced policies available for use in Azure API Management. Provides policy usage, settings and examples.
- Previously updated : 07/19/2021+ Last updated : 03/07/2022 # API Management advanced policies
-This topic provides a reference for the following API Management policies. For information on adding and configuring policies, see [Policies in API Management](./api-management-policies.md).
+This article provides a reference for advanced API Management policies, such as those that are based on policy expressions.
+ ## <a name="AdvancedPolicies"></a> Advanced policies - [Control flow](api-management-advanced-policies.md#choose) - Conditionally applies policy statements based on the results of the evaluation of Boolean [expressions](api-management-policy-expressions.md). - [Forward request](#ForwardRequest) - Forwards the request to the backend service. - [Limit concurrency](#LimitConcurrency) - Prevents enclosed policies from executing by more than the specified number of requests at a time.-- [Log to Event Hub](#log-to-eventhub) - Sends messages in the specified format to an Event Hub defined by a Logger entity.
+- [Log to event hub](#log-to-eventhub) - Sends messages in the specified format to an event hub defined by a Logger entity.
- [Emit metrics](#emit-metrics) - Sends custom metrics to Application Insights at execution. - [Mock response](#mock-response) - Aborts pipeline execution and returns a mocked response directly to the caller. - [Retry](#Retry) - Retries execution of the enclosed policy statements, if and until the condition is met. Execution will repeat at the specified time intervals and up to the specified retry count.
This topic provides a reference for the following API Management policies. For i
The `choose` policy applies enclosed policy statements based on the outcome of evaluation of Boolean expressions, similar to an if-then-else or a switch construct in a programming language. + ### <a name="ChoosePolicyStatement"></a> Policy statement ```xml
This policy can be used in the following policy [sections](./api-management-howt
The `forward-request` policy forwards the incoming request to the backend service specified in the request [context](api-management-policy-expressions.md#ContextVariables). The backend service URL is specified in the API [settings](./import-and-publish.md) and can be changed using the [set backend service](api-management-transformation-policies.md) policy.
-> [!NOTE]
-> Removing this policy results in the request not being forwarded to the backend service and the policies in the outbound section are evaluated immediately upon the successful completion of the policies in the inbound section.
+> [!IMPORTANT]
+> * This policy is required to forward requests to an API backend. By default, API Management sets up this policy at the global scope.
+> * Removing this policy results in the request not being forwarded to the backend service. Policies in the outbound section are evaluated immediately upon the successful completion of the policies in the inbound section.
+ ### Policy statement
This operation level policy uses the `base` element to inherit the backend polic
#### Example
-This operation level policy explicitly forwards all requests to the backend service with a timeout of 120 and does not inherit the parent API level backend policy. If the backend service responds with a error status code from 400 to 599 inclusive, [on-error](api-management-error-handling-policies.md) section will be triggered.
+This operation level policy explicitly forwards all requests to the backend service with a timeout of 120 and does not inherit the parent API level backend policy. If the backend service responds with an error status code from 400 to 599 inclusive, [on-error](api-management-error-handling-policies.md) section will be triggered.
```xml <!-- operation level -->
This operation level policy does not forward requests to the backend service.
| | -- | -- | - | | timeout="integer" | The amount of time in seconds to wait for the HTTP response headers to be returned by the backend service before a timeout error is raised. Minimum value is 0 seconds. Values greater than 240 seconds may not be honored as the underlying network infrastructure can drop idle connections after this time. | No | None | | follow-redirects="false &#124; true" | Specifies whether redirects from the backend service are followed by the gateway or returned to the caller. | No | false |
-| buffer-request-body="false &#124; true" | When set to "true" request is buffered and will be reused on [retry](api-management-advanced-policies.md#Retry). | No | false |
-| buffer-response="false &#124; true" | Affects processing of chunked responses. When set to "false", each chunk received from the backend is immediately returned to the caller. When set to "true", chunks are buffered (8KB, unless end of stream is detected) and only then returned to the caller.<br/><br/>Set to "false" with backends such as those implementing [server-sent events (SSE)](how-to-server-sent-events.md) that require content to be returned or streamed immediately to the caller. | No | true |
-| fail-on-error-status-code="false &#124; true" | When set to true triggers [on-error](api-management-error-handling-policies.md) section for response codes in the range from 400 to 599 inclusive. | No | false |
+| buffer-request-body="false &#124; true" | When set to "true", request is buffered and will be reused on [retry](api-management-advanced-policies.md#Retry). | No | false |
+| buffer-response="false &#124; true" | Affects processing of chunked responses. When set to "false", each chunk received from the backend is immediately returned to the caller. When set to "true", chunks are buffered (8 KB, unless end of stream is detected) and only then returned to the caller.<br/><br/>Set to "false" with backends such as those implementing [server-sent events (SSE)](how-to-server-sent-events.md) that require content to be returned or streamed immediately to the caller. | No | true |
+| fail-on-error-status-code="false &#124; true" | When set to true, triggers [on-error](api-management-error-handling-policies.md) section for response codes in the range from 400 to 599 inclusive. | No | false |
### Usage
This policy can be used in the following policy [sections](./api-management-howt
## <a name="LimitConcurrency"></a> Limit concurrency
-The `limit-concurrency` policy prevents enclosed policies from executing by more than the specified number of requests at any time. Upon exceeding that number, new requests will fail immediately with 429 Too Many Requests status code.
+The `limit-concurrency` policy prevents enclosed policies from executing by more than the specified number of requests at any time. When that number is exceeded, new requests will fail immediately with the `429` Too Many Requests status code.
+ ### <a name="LimitConcurrencyStatement"></a> Policy statement
This policy can be used in the following policy [sections](./api-management-howt
- **Policy scopes:** all scopes
-## <a name="log-to-eventhub"></a> Log to Event Hub
+## <a name="log-to-eventhub"></a> Log to event hub
-The `log-to-eventhub` policy sends messages in the specified format to an Event Hub defined by a Logger entity. As its name implies, the policy is used for saving selected request or response context information for online or offline analysis.
+The `log-to-eventhub` policy sends messages in the specified format to an event hub defined by a Logger entity. As its name implies, the policy is used for saving selected request or response context information for online or offline analysis.
> [!NOTE] > For a step-by-step guide on configuring an event hub and logging events, see [How to log API Management events with Azure Event Hubs](./api-management-howto-log-event-hubs.md). ++ ### Policy statement ```xml
The `emit-metric` policy sends custom metrics in the specified format to Applica
> * Custom metrics are a [preview feature](../azure-monitor/essentials/metrics-custom-overview.md) of Azure Monitor and subject to [limitations](../azure-monitor/essentials/metrics-custom-overview.md#design-limitations-and-considerations). > * For more information about the API Management data added to Application Insights, see [How to integrate Azure API Management with Azure Application Insights](./api-management-howto-app-insights.md#what-data-is-added-to-application-insights). + ### Policy statement ```xml
This policy can be used in the following policy [sections](./api-management-howt
The `mock-response`, as the name implies, is used to mock APIs and operations. It aborts normal pipeline execution and returns a mocked response to the caller. The policy always tries to return responses of highest fidelity. It prefers response content examples, whenever available. It generates sample responses from schemas, when schemas are provided and examples are not. If neither examples or schemas are found, responses with no content are returned. ++ ### Policy statement ```xml
This policy can be used in the following policy [sections](./api-management-howt
The `retry` policy executes its child policies once and then retries their execution until the retry `condition` becomes `false` or retry `count` is exhausted. ++ ### Policy statement ```xml
In the following example, request forwarding is retried up to ten times using an
### Usage
-This policy can be used in the following policy [sections](./api-management-howto-policies.md#sections) and [scopes](./api-management-howto-policies.md#scopes) . Note that child policy usage restrictions will be inherited by this policy.
+This policy can be used in the following policy [sections](./api-management-howto-policies.md#sections) and [scopes](./api-management-howto-policies.md#scopes). Child policy usage restrictions will be inherited by this policy.
- **Policy sections:** inbound, outbound, backend, on-error
This policy can be used in the following policy [sections](./api-management-howt
The `return-response` policy aborts pipeline execution and returns either a default or custom response to the caller. Default response is `200 OK` with no body. Custom response can be specified via a context variable or policy statements. When both are provided, the response contained within the context variable is modified by the policy statements before being returned to the caller. ++ ### Policy statement ```xml
This policy can be used in the following policy [sections](./api-management-howt
The `send-one-way-request` policy sends the provided request to the specified URL without waiting for a response. ++ ### Policy statement ```xml
This policy can be used in the following policy [sections](./api-management-howt
The `send-request` policy sends the provided request to the specified URL, waiting no longer than the set timeout value. ++ ### Policy statement ```xml
This policy can be used in the following policy [sections](./api-management-howt
The `proxy` policy allows you to route requests forwarded to backends via an HTTP proxy. Only HTTP (not HTTPS) is supported between the gateway and the proxy. Basic and NTLM authentication only. ++ ### Policy statement ```xml
This policy can be used in the following policy [sections](./api-management-howt
The `set-method` policy allows you to change the HTTP request method for a request. ++ ### Policy statement ```xml
This policy can be used in the following policy [sections](./api-management-howt
The `set-status` policy sets the HTTP status code to the specified value. ++ ### Policy statement ```xml
This policy can be used in the following policy [sections](./api-management-howt
The `set-variable` policy declares a [context](api-management-policy-expressions.md#ContextVariables) variable and assigns it a value specified via an [expression](api-management-policy-expressions.md) or a string literal. if the expression contains a literal it will be converted to a string and the type of the value will be `System.String`. ++ ### <a name="set-variablePolicyStatement"></a> Policy statement ```xml
The `trace` policy adds a custom trace into the API Inspector output, Applicatio
- The policy creates a [Trace](../azure-monitor/app/data-model-trace-telemetry.md) telemetry in Application Insights, when [Application Insights integration](./api-management-howto-app-insights.md) is enabled and the `severity` specified in the policy is equal to or greater than the `verbosity` specified in the diagnostic setting. - The policy adds a property in the log entry when [Resource Logs](./api-management-howto-use-azure-monitor.md#activity-logs) is enabled and the severity level specified in the policy is at or higher than the verbosity level specified in the diagnostic setting. ++ ### Policy statement ```xml
This policy can be used in the following policy [sections](./api-management-howt
The `wait` policy executes its immediate child policies in parallel, and waits for either all or one of its immediate child policies to complete before it completes. The wait policy can have as its immediate child policies [Send request](api-management-advanced-policies.md#SendRequest), [Get value from cache](api-management-caching-policies.md#GetFromCacheByKey), and [Control flow](api-management-advanced-policies.md#choose) policies. ++ ### Policy statement ```xml
The `wait` policy executes its immediate child policies in parallel, and waits f
### Example
-In the following example there are two `choose` policies as immediate child policies of the `wait` policy. Each of these `choose` policies executes in parallel. Each `choose` policy attempts to retrieve a cached value. If there is a cache miss, a backend service is called to provide the value. In this example the `wait` policy does not complete until all of its immediate child policies complete, because the `for` attribute is set to `all`. In this example the context variables (`execute-branch-one`, `value-one`, `execute-branch-two`, and `value-two`) are declared outside of the scope of this example policy.
+In the following example, there are two `choose` policies as immediate child policies of the `wait` policy. Each of these `choose` policies executes in parallel. Each `choose` policy attempts to retrieve a cached value. If there is a cache miss, a backend service is called to provide the value. In this example the `wait` policy does not complete until all of its immediate child policies complete, because the `for` attribute is set to `all`. In this example the context variables (`execute-branch-one`, `value-one`, `execute-branch-two`, and `value-two`) are declared outside of the scope of this example policy.
```xml <wait for="all">
This policy can be used in the following policy [sections](./api-management-howt
- **Policy sections:** inbound, outbound, backend - **Policy scopes:** all scopes
-## Next steps
-
-For more information working with policies, see:
--- [Policies in API Management](api-management-howto-policies.md)-- [Policy expressions](api-management-policy-expressions.md)-- [Policy Reference](./api-management-policies.md) for a full list of policy statements and their settings-- [Policy samples](./policy-reference.md)
api-management Api Management Api Import Restrictions https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/api-management/api-management-api-import-restrictions.md
You can create [SOAP pass-through](import-soap-api.md) and [SOAP-to-REST](restif
- Only SOAP bindings of "document" and ΓÇ£literalΓÇ¥ encoding style are supported. - No support for ΓÇ£rpcΓÇ¥ style or SOAP-Encoding.
-### Unsupported directives
-`wsdl:import`, `xsd:import`, and `xsd:include` aren't supported. Instead, merge the dependencies into one document.
+### Imports and includes
+* The `wsdl:import`, `xsd:import`, and `xsd:include` directives aren't supported. Instead, merge the dependencies into one document.
-For an open-source tool to resolve and merge `wsdl:import`, `xsd:import`, and `xsd:include` dependencies in a WSDL file, see this [GitHub repo](https://github.com/Azure-Samples/api-management-schema-import).
+* For an open-source tool to resolve and merge `wsdl:import`, `xsd:import`, and `xsd:include` dependencies in a WSDL file, see this [GitHub repo](https://github.com/Azure-Samples/api-management-schema-import).
### Messages with multiple parts This message type is not supported.
api-management Api Management Authentication Policies https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/api-management/api-management-authentication-policies.md
Title: Azure API Management authentication policies | Microsoft Docs
-description: Learn about the authentication policies available for use in Azure API Management.
+description: Reference for the authentication policies available for use in Azure API Management. Provides policy usage, settings, and examples.
documentationcenter: '' - -- Previously updated : 01/27/2021+ Last updated : 03/07/2022 # API Management authentication policies
-This topic provides a reference for the following API Management policies. For information on adding and configuring policies, see [Policies in API Management](./api-management-policies.md).
+
+This article provides a reference for API Management policies used for authentication with API backends.
+ ## <a name="AuthenticationPolicies"></a> Authentication policies
This topic provides a reference for the following API Management policies. For i
## <a name="Basic"></a> Authenticate with Basic Use the `authentication-basic` policy to authenticate with a backend service using Basic authentication. This policy effectively sets the HTTP Authorization header to the value corresponding to the credentials provided in the policy. ++ ### Policy statement ```xml
This topic provides a reference for the following API Management policies. For i
> [!CAUTION] > If the certificate references a certificate stored in Azure Key Vault, identify it using the certificate ID. When a key vault certificate is rotated, its thumbprint in API Management will change, and the policy will not resolve the new certificate if it is identified by thumbprint. ++ ### Policy statement ```xml
In this example, the client certificate is set in the policy rather than retriev
## <a name="ManagedIdentity"></a> Authenticate with managed identity Use the `authentication-managed-identity` policy to authenticate with a backend service using the managed identity. This policy essentially uses the managed identity to obtain an access token from Azure Active Directory for accessing the specified resource. After successfully obtaining the token, the policy will set the value of the token in the `Authorization` header using the `Bearer` scheme.
-Both system-assigned identity and any of the multiple user-assigned identity can be used to request token. If `client-id` is not provided system-assigned identity is assumed. If the `client-id` variable is provided token is requested for that user-assigned identity from Azure Active Directory
+Both system-assigned identity and any of the multiple user-assigned identities can be used to request a token. If `client-id` is not provided, system-assigned identity is assumed. If the `client-id` variable is provided, token is requested for that user-assigned identity from Azure Active Directory.
++ ### Policy statement
Both system-assigned identity and any of the multiple user-assigned identity can
- **Policy scopes:** all scopes
-## Next steps
-For more information working with policies, see:
-
-+ [Policies in API Management](api-management-howto-policies.md)
-+ [Transform APIs](transform-api.md)
-+ [Policy Reference](./api-management-policies.md) for a full list of policy statements and their settings
-+ [Policy samples](./policy-reference.md)
api-management Api Management Caching Policies https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/api-management/api-management-caching-policies.md
Title: Azure API Management caching policies | Microsoft Docs
-description: Learn about the caching policies available for use in Azure API Management. See examples and view additional available resources.
+description: Reference for the caching policies available for use in Azure API Management. Provides policy usage, settings, and examples.
- Previously updated : 03/08/2021+ Last updated : 03/07/2022 + # API Management caching policies
-This article provides a reference for the following API Management policies. For information on adding and configuring policies, see [Policies in API Management](./api-management-policies.md).
+This article provides a reference for API Management policies used for caching responses.
++ > [!IMPORTANT] > Built-in cache is volatile and is shared by all units in the same region in the same API Management service.
This article provides a reference for the following API Management policies. For
## <a name="CachingPolicies"></a> Caching policies - Response caching policies
- - [Get from cache](#GetFromCache) - Perform cache look up and return a valid cached responses when available.
+ - [Get from cache](#GetFromCache) - Perform cache lookup and return a valid cached response when available.
- [Store to cache](#StoreToCache) - Caches responses according to the specified cache control configuration. - Value caching policies - [Get value from cache](#GetFromCacheByKey) - Retrieve a cached item by key.
This article provides a reference for the following API Management policies. For
- [Remove value from cache](#RemoveCacheByKey) - Remove an item in the cache by key. ## <a name="GetFromCache"></a> Get from cache
-Use the `cache-lookup` policy to perform cache look up and return a valid cached response when available. This policy can be applied in cases where response content remains static over a period of time. Response caching reduces bandwidth and processing requirements imposed on the backend web server and lowers latency perceived by API consumers.
+Use the `cache-lookup` policy to perform cache lookup and return a valid cached response when available. This policy can be applied in cases where response content remains static over a period of time. Response caching reduces bandwidth and processing requirements imposed on the backend web server and lowers latency perceived by API consumers.
> [!NOTE] > This policy must have a corresponding [Store to cache](#StoreToCache) policy. + ### Policy statement ```xml
The `cache-store` policy caches responses according to the specified cache setti
> [!NOTE] > This policy must have a corresponding [Get from cache](api-management-caching-policies.md#GetFromCache) policy. + ### Policy statement ```xml
Use the `cache-lookup-value` policy to perform cache lookup by key and return a
> [!NOTE] > This policy must have a corresponding [Store value in cache](#StoreToCacheByKey) policy. + ### Policy statement ```xml
This policy can be used in the following policy [sections](./api-management-howt
The `cache-store-value` performs cache storage by key. The key can have an arbitrary string value and is typically provided using a policy expression. > [!NOTE]
-> The operation of storing the value in cache performed by this policy is asynchronous. The stored value can be retrieved using [Get value from cache](#GetFromCacheByKey) policy. However, the stored value may not be immediately available for retrieval since the asynchronous operation that stores the value in cache may still be in progress.
+> The operation of storing the value in cache performed by this policy is asynchronous. The stored value can be retrieved using [Get value from cache](#GetFromCacheByKey) policy. However, the stored value may not be immediately available for retrieval since the asynchronous operation that stores the value in cache may still be in progress.
+ ### Policy statement
This policy can be used in the following policy [sections](./api-management-howt
## <a name="RemoveCacheByKey"></a> Remove value from cache The `cache-remove-value` deletes a cached item identified by its key. The key can have an arbitrary string value and is typically provided using a policy expression. + #### Policy statement ```xml
This policy can be used in the following policy [sections](./api-management-howt
- **Policy sections:** inbound, outbound, backend, on-error - **Policy scopes:** all scopes
-## Next steps
-
-For more information working with policies, see:
-
-+ [Policies in API Management](api-management-howto-policies.md)
-+ [Transform APIs](transform-api.md)
-+ [Policy Reference](./api-management-policies.md) for a full list of policy statements and their settings
-+ [Policy samples](./policy-reference.md)
api-management Api Management Cross Domain Policies https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/api-management/api-management-cross-domain-policies.md
Title: Azure API Management cross domain policies | Microsoft Docs
-description: Learn about the cross domain policies available for use in Azure API Management.
+description: Reference for the cross domain policies available for use in Azure API Management. Provides policy usage, settings, and examples.
- -- Previously updated : 03/01/2021+ Last updated : 03/07/2022 # API Management cross domain policies
-This topic provides a reference for the following API Management policies. For information on adding and configuring policies, see [Policies in API Management](./api-management-policies.md).
+This article provides a reference for API Management policies used to enable cross domain calls from different clients.
+ ## <a name="CrossDomainPolicies"></a> Cross domain policies
This topic provides a reference for the following API Management policies. For i
## <a name="AllowCrossDomainCalls"></a> Allow cross-domain calls Use the `cross-domain` policy to make the API accessible from Adobe Flash and Microsoft Silverlight browser-based clients. ++ ### Policy statement ```xml
CORS allows a browser and a server to interact and determine whether or not to a
You need to apply the CORS policy to enable the interactive console in the developer portal. Refer to the [developer portal documentation](./developer-portal-faq.md#cors) for details. + ### Policy statement ```xml
This policy can be used in the following policy [sections](./api-management-howt
## <a name="JSONP"></a> JSONP The `jsonp` policy adds JSON with padding (JSONP) support to an operation or an API to allow cross-domain calls from JavaScript browser-based clients. JSONP is a method used in JavaScript programs to request data from a server in a different domain. JSONP bypasses the limitation enforced by most web browsers where access to web pages must be in the same domain. + ### Policy statement ```xml
The `jsonp` policy adds JSON with padding (JSONP) support to an operation or an
<jsonp callback-parameter-name="cb" /> ```
-If you call the method without the callback parameter ?cb=XXX it will return plain JSON (without a function call wrapper).
+If you call the method without the callback parameter `?cb=XXX`, it will return plain JSON (without a function call wrapper).
-If you add the callback parameter `?cb=XXX` it will return a JSONP result, wrapping the original JSON results around the callback function like `XYZ('<json result goes here>');`
+If you add the callback parameter `?cb=XXX`, it will return a JSONP result, wrapping the original JSON results around the callback function like `XYZ('<json result goes here>');`
### Elements
This policy can be used in the following policy [sections](./api-management-howt
- **Policy sections:** outbound - **Policy scopes:** all scopes
-## Next steps
-
-For more information working with policies, see:
-
-+ [Policies in API Management](api-management-howto-policies.md)
-+ [Transform APIs](transform-api.md)
-+ [Policy Reference](./api-management-policies.md) for a full list of policy statements and their settings
-+ [Policy samples](./policy-reference.md)
api-management Api Management Dapr Policies https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/api-management/api-management-dapr-policies.md
Title: Azure API Management Dapr integration policies | Microsoft Docs
-description: Learn about Azure API Management policies for interacting with Dapr microservices extensions.
+description: Reference for Azure API Management policies for interacting with Dapr microservices extensions. Provides policy usage, settings and examples.
Previously updated : 02/18/2021- Last updated : 03/07/2022+ # API Management Dapr integration policies
-This topic provides a reference for Dapr integration API Management policies. Dapr is a portable runtime for building stateless and stateful microservices-based applications with any language or framework. It codifies the common microservice patterns, like service discovery and invocation with build-in retry logic, publish-and-subscribe with at-least-once delivery semantics, or pluggable binding resources to ease composition using external services. Go to [dapr.io](https://dapr.io) for detailed information and instruction on how to get started with Dapr. For information on adding and configuring policies, see [Policies in API Management](api-management-howto-policies.md).
+This article provides a reference for API Management policies used for integrating with Distributed Application Runtime (Dapr) microservices extensions.
++
+## About Dapr
+
+Dapr is a portable runtime for building stateless and stateful microservices-based applications with any language or framework. It codifies the common microservice patterns, like service discovery and invocation with build-in retry logic, publish-and-subscribe with at-least-once delivery semantics, or pluggable binding resources to ease composition using external services. Go to [dapr.io](https://dapr.io) for detailed information and instruction on how to get started with Dapr.
> [!IMPORTANT] > Policies referenced in this topic work only in the [self-hosted version of the API Management gateway](self-hosted-gateway-overview.md) with Dapr support enabled.
This policy sets the target URL for the current request to `http://localhost:350
The policy assumes that Dapr runs in a sidecar container in the same pod as the gateway. Upon receiving the request, Dapr runtime performs service discovery and actual invocation, including possible protocol translation between HTTP and gRPC, retries, distributed tracing, and error handling. + ### Policy statement ```xml
This policy instructs API Management gateway to send a message to a Dapr Publish
The policy assumes that Dapr runtime is running in a sidecar container in the same pod as the gateway. Dapr runtime implements the Pub/Sub semantics. + ### Policy statement ```xml
This policy instructs API Management gateway to trigger an outbound Dapr [bindin
The policy assumes that Dapr runtime is running in a sidecar container in the same pod as the gateway. Dapr runtime is responsible for invoking the external resource represented by the binding. + ### Policy statement ```xml
This policy can be used in the following policy [sections](./api-management-howt
- **Policy sections:** inbound, outbound, on-error - **Policy scopes:** all scopes++
api-management Api Management Get Started Publish Versions https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/api-management/api-management-get-started-publish-versions.md
You can interact directly with version sets by using the Azure CLI:
[!INCLUDE [azure-cli-prepare-your-environment-no-header.md](../../includes/azure-cli-prepare-your-environment-no-header.md)]
-To see all your version sets, run the [az apim api versionset list](/cli/azure/apim/api/versionset#az_apim_api_versionset_list) command:
+To see all your version sets, run the [az apim api versionset list](/cli/azure/apim/api/versionset#az-apim-api-versionset-list) command:
```azurecli az apim api versionset list --resource-group apim-hello-world-resource-group \
az apim api versionset list --resource-group apim-hello-world-resource-group \
When the Azure portal creates a version set for you, it assigns an alphanumeric name, which appears in the **Name** column of the list. Use this name in other Azure CLI commands.
-To see details about a version set, run the [az apim api versionset show](/cli/azure/apim/api/versionset#az_apim_api_versionset_show) command:
+To see details about a version set, run the [az apim api versionset show](/cli/azure/apim/api/versionset#az-apim-api-versionset-show) command:
```azurecli az apim api versionset show --resource-group apim-hello-world-resource-group \
api-management Api Management Get Started Revise Api https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/api-management/api-management-get-started-revise-api.md
To begin using Azure CLI:
Use this procedure to create and update a release.
-1. Run the [az apim api list](/cli/azure/apim/api#az_apim_api_list) command to see your API IDs:
+1. Run the [az apim api list](/cli/azure/apim/api#az-apim-api-list) command to see your API IDs:
```azurecli az apim api list --resource-group apim-hello-word-resource-group \
Use this procedure to create and update a release.
The API ID to use in the next command is the `Name` value. The API revision is in the `ApiRevision` column.
-1. To create the release, with a release note, run the [az apim api release create](/cli/azure/apim/api/release#az_apim_api_release_create) command:
+1. To create the release, with a release note, run the [az apim api release create](/cli/azure/apim/api/release#az-apim-api-release-create) command:
```azurecli az apim api release create --resource-group apim-hello-word-resource-group \
Use this procedure to create and update a release.
The revision that you release becomes the current revision.
-1. To see your releases, use the [az apim api release list](/cli/azure/apim/api/release#az_apim_api_release_list) command:
+1. To see your releases, use the [az apim api release list](/cli/azure/apim/api/release#az-apim-api-release-list) command:
```azurecli az apim api release list --resource-group apim-hello-word-resource-group \
Use this procedure to create and update a release.
The notes you specify appear in the changelog. You can see them in the output of the previous command.
-1. When you create a release, the `--notes` parameter is optional. You can add or change the notes later by using the [az apim api release update](/cli/azure/apim/api/release#az_apim_api_release_update) command:
+1. When you create a release, the `--notes` parameter is optional. You can add or change the notes later by using the [az apim api release update](/cli/azure/apim/api/release#az-apim-api-release-update) command:
```azurecli az apim api release update --resource-group apim-hello-word-resource-group \
Use this procedure to create and update a release.
Use the value in the `Name` column for the release ID.
-You can remove any release by running the [az apim api release delete ](/cli/azure/apim/api/release#az_apim_api_release_delete) command:
+You can remove any release by running the [az apim api release delete ](/cli/azure/apim/api/release#az-apim-api-release-delete) command:
```azurecli az apim api release delete --resource-group apim-hello-word-resource-group \
api-management Api Management Howto Add Products https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/api-management/api-management-howto-add-products.md
To begin using Azure CLI:
[!INCLUDE [azure-cli-prepare-your-environment-no-header.md](../../includes/azure-cli-prepare-your-environment-no-header.md)]
-To create a product, run the [az apim product create](/cli/azure/apim/product#az_apim_product_create) command:
+To create a product, run the [az apim product create](/cli/azure/apim/product#az-apim-product-create) command:
```azurecli az apim product create --resource-group apim-hello-word-resource-group \
You can specify various values for your product:
| `--subscriptions-limit` | Optionally, limit the count of multiple simultaneous subscriptions.| | `--legal-terms` | You can include the terms of use for the product, which subscribers must accept to use the product. |
-To see your current products, use the [az apim product list](/cli/azure/apim/product#az_apim_product_list) command:
+To see your current products, use the [az apim product list](/cli/azure/apim/product#az-apim-product-list) command:
```azurecli az apim product list --resource-group apim-hello-word-resource-group \ --service-name apim-hello-world --output table ```
-You can delete a product by using the [az apim product delete](/cli/azure/apim/product#az_apim_product_delete) command:
+You can delete a product by using the [az apim product delete](/cli/azure/apim/product#az-apim-product-delete) command:
```azurecli az apim product delete --product-id contoso-product \
Products are associations of one or more APIs. You can include many APIs and off
### [Azure CLI](#tab/azure-cli)
-1. To see your managed APIs, use the [az apim api list](/cli/azure/apim/api#az_apim_api_list) command:
+1. To see your managed APIs, use the [az apim api list](/cli/azure/apim/api#az-apim-api-list) command:
```azurecli az apim api list --resource-group apim-hello-word-resource-group \ --service-name apim-hello-world --output table ```
-1. To add an API to your product, run the [az apim product api add](/cli/azure/apim/product/api#az_apim_product_api_add) command:
+1. To add an API to your product, run the [az apim product api add](/cli/azure/apim/product/api#az-apim-product-api-add) command:
```azurecli az apim product api add --resource-group apim-hello-word-resource-group \
Products are associations of one or more APIs. You can include many APIs and off
--service-name apim-hello-world ```
-1. Verify the addition by using the [az apim product api list](/cli/azure/apim/product/api#az_apim_product_api_list) command:
+1. Verify the addition by using the [az apim product api list](/cli/azure/apim/product/api#az-apim-product-api-list) command:
```azurecli az apim product api list --resource-group apim-hello-word-resource-group \ --product-id contoso-product --service-name apim-hello-world --output table ```
-You can remove an API from a product by using the [az apim product api delete](/cli/azure/apim/product/api#az_apim_product_api_delete) command:
+You can remove an API from a product by using the [az apim product api delete](/cli/azure/apim/product/api#az-apim-product-api-delete) command:
```azurecli az apim product api delete --resource-group apim-hello-word-resource-group \
api-management Api Management Howto Policies https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/api-management/api-management-howto-policies.md
Title: Policies in Azure API Management | Microsoft Docs
-description: Learn how to create, edit, and configure policies in API Management. See code examples and other available resources.
+description: Learn about policies in API Management, a way for API publishers to change API behavior through configuration. Policies are statements that run sequentially on the request or response of an API.
documentationcenter: '' - - Previously updated : 08/25/2021 Last updated : 03/23/2022 # Policies in Azure API Management
-In Azure API Management, API publishers can change API behavior through configuration using policies. Policies are a collection of statements executed sequentially on the request or response of an API. Popular statements include:
+In Azure API Management, API publishers can change API behavior through configuration using *policies*. Policies are a collection of statements that are run sequentially on the request or response of an API. Popular statements include:
-* Format conversion from XML to JSON.
-* Call rate limiting to restrict the number of incoming calls from a developer.
+* Format conversion from XML to JSON
+* Call rate limiting to restrict the number of incoming calls from a developer
+* Filtering requests that come from certain IP addresses
-Many more policies are available out of the box.
+Many more policies are available out of the box. For a complete list, see [API Management policy reference](api-management-policies.md).
Policies are applied inside the gateway between the API consumer and the managed API. While the gateway receives requests and forwards them, unaltered, to the underlying API, a policy can apply changes to both the inbound request and outbound response.
-Unless the policy specifies otherwise, policy expressions can be used as attribute values or text values in any of the API Management policies. Some policies are based on policy expressions, such as the [Control flow][Control flow] and [Set variable][Set variable]. For more information, see the [Advanced policies][Advanced policies] and [Policy expressions][Policy expressions] articles.
- ## <a name="sections"> </a>Understanding policy configuration
-Policy definitions are simple XML documents that describe a sequence of inbound and outbound statements. You can edit the XML directly in the definition window, which also provides:
-* A list of statements to the right.
-* Statements applicable to the current scope enabled and highlighted.
+Policy definitions are simple XML documents that describe a sequence of statements to apply to requests and responses. To help you configure policy definitions, the portal provides these options:
-Clicking an enabled statement will add the appropriate XML at the cursor in the definition view.
+* A guided, form-based editor to simplify configuring popular policies without coding XML
+* A code editor where you can insert XML snippets or edit XML directly
-> [!NOTE]
-> If the policy that you want to add is not enabled, ensure that you are in the correct scope for that policy. Each policy statement is designed for use in certain scopes and policy sections. To review the policy sections and scopes for a policy, check the **Usage** section in the [Policy Reference][Policy Reference].
+For more information about configuring policies, see [Set or edit policies](set-edit-policies.md).
-The configuration is divided into `inbound`, `backend`, `outbound`, and `on-error`. This series of specified policy statements is executed in order for a request and a response.
+The policy XML configuration is divided into `inbound`, `backend`, `outbound`, and `on-error` sections. This series of specified policy statements is executed in order for a request and a response.
```xml <policies>
The configuration is divided into `inbound`, `backend`, `outbound`, and `on-erro
</policies> ```
+For policy XML examples, see [API Management policy samples](./policies/index.md).
+
+### Error handling
+ If an error occurs during the processing of a request: * Any remaining steps in the `inbound`, `backend`, or `outbound` sections are skipped. * Execution jumps to the statements in the `on-error` section.
By placing policy statements in the `on-error` section, you can:
* Inspect and customize the error response using the `set-body` policy. * Configure what happens if an error occurs.
-For more information, see [Error handling in API Management policies](./api-management-error-handling-policies.md) for error codes for:
-* Built-in steps
-* Errors that may occur during the processing of policy statements.
+For more information, see [Error handling in API Management policies](./api-management-error-handling-policies.md)
+
+## Policy expressions
+
+Unless the policy specifies otherwise, [policy expressions](api-management-policy-expressions.md) can be used as attribute values or text values in any of the API Management policies. A policy expression is either:
+
+* a single C# statement enclosed in `@(expression)`, or
+* a multi-statement C# code block, enclosed in `@{expression}`, that returns a value
-## <a name="scopes"> </a>How to configure policies
+Each expression has access to the implicitly provided `context` variable and an allowed subset of .NET Framework types.
-For information on how to configure policies, see [Set or edit policies](set-edit-policies.md).
+Policy expressions provide a sophisticated means to control traffic and modify API behavior without requiring you to write specialized code or modify backend services. Some policies are based on policy expressions, such as the [Control flow][Control flow] and [Set variable][Set variable]. For more information, see [Advanced policies][Advanced policies].
-## Policy Reference
+## Scopes
-See the [Policy reference](./api-management-policies.md) for a full list of policy statements and their settings.
+API Management allows you to define policies at the following *scopes*, from most broad to most narrow:
-## Policy samples
+* Global (all APIs)
+* Product (APIs associated with a selected product)
+* API (all operations in an API)
+* Operation (single operation in an API)
-See [Policy samples](./policy-reference.md) for more code examples.
+When configuring a policy, you must first select the scope at which the policy applies.
++
+### Things to know
+
+* For fine-grained control for different API consumers, you can configure policy definitions at more than one scope
+* Not all policies can be applied at each scope and policy section
+* When configuring policy definitions at more than one scope, you control the policy evaluation order in each policy section by placement of the `base` element
+
+For more information, see [Set or edit policies](set-edit-policies.md#use-base-element-to-set-policy-evaluation-order).
## Examples ### Apply policies specified at different scopes
-If you have a policy at the global level and a policy configured for an API, both policies will be applied whenever that particular API is used. API Management allows for deterministic ordering of combined policy statements via the `base` element.
+If you have a policy at the global level and a policy configured for an API, both policies can be applied whenever that particular API is used. API Management allows for deterministic ordering of combined policy statements via the `base` element.
+
+Example policy definition at API scope:
```xml <policies>
If you have a policy at the global level and a policy configured for an API, bot
``` In the example policy definition above:
-* The `cross-domain` statement would execute before any higher policies.
-* The `find-and-replace` policy would execute after any higher policies.
+* The `cross-domain` statement would execute first.
+* The [`find-and-replace` policy](api-management-transformation-policies.md#Findandreplacestringinbody) would execute after any policies at a broader scope.
>[!NOTE]
-> If you remove the `<base />` tag at the API scope, only policies configured at the API scope will be applied. Neither product nor global scope policies would be applied.
-
-### Restrict incoming requests
+> If you remove the `base` element at the API scope, only policies configured at the API scope will be applied. Neither product nor global scope policies would be applied.
-To add a new statement to restrict incoming requests to specified IP addresses, place the cursor just inside the content of the `inbound` XML element and click the **Restrict caller IPs** statement.
+### Use policy expressions to modify requests
-![Restriction policies][policies-restrict]
-
-This will add an XML snippet to the `inbound` element that provides guidance on how to configure the statement.
+The following example uses [policy expressions][Policy expressions] and the [`set-header`](api-management-transformation-policies.md#SetHTTPheader) policy to add user data to the incoming request. The added header includes the user ID associated with the subscription key in the request, and the region where the gateway processing the request is hosted.
```xml
-<ip-filter action="allow | forbid">
- <address>address</address>
- <address-range from="address" to="address"/>
-</ip-filter>
-```
-
-To limit inbound requests and accept only those from an IP address of 1.2.3.4 modify the XML as follows:
+<policies>
+ <inbound>
+ <base />
+ <set-header name="x-request-context-data" exists-action="override">
+ <value>@(context.User.Id)</value>
+ <value>@(context.Deployment.Region)</value>
+ </set-header>
+ </inbound>
+</policies>
-```xml
-<ip-filter action="allow">
- <address>1.2.3.4</address>
-</ip-filter>
```
-## Next steps
-
-For more information working with policies, see:
-
-+ [Transform APIs](transform-api.md)
-+ [Policy Reference](./api-management-policies.md) for a full list of policy statements and their settings
-+ [Policy samples](./policy-reference.md)
[Policy Reference]: ./api-management-policies.md [Product]: api-management-howto-add-products.md
For more information working with policies, see:
[Set variable]: ./api-management-advanced-policies.md#set-variable [Policy expressions]: ./api-management-policy-expressions.md
-[policies-restrict]: ./media/api-management-howto-policies/api-management-policies-restrict.png
api-management Api Management Howto Properties https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/api-management/api-management-howto-properties.md
To begin using Azure CLI:
[!INCLUDE [azure-cli-prepare-your-environment-no-header.md](../../includes/azure-cli-prepare-your-environment-no-header.md)]
-To add a named value, use the [az apim nv create](/cli/azure/apim/nv#az_apim_nv_create) command:
+To add a named value, use the [az apim nv create](/cli/azure/apim/nv#az-apim-nv-create) command:
```azurecli az apim nv create --resource-group apim-hello-word-resource-group \
az apim nv create --resource-group apim-hello-word-resource-group \
--secret true --service-name apim-hello-world --value test ```
-After you create a named value, you can update it by using the [az apim nv update](/cli/azure/apim/nv#az_apim_nv_update) command. To see all your named values, run the [az apim nv list](/cli/azure/apim/nv#az_apim_nv_list) command:
+After you create a named value, you can update it by using the [az apim nv update](/cli/azure/apim/nv#az-apim-nv-update) command. To see all your named values, run the [az apim nv list](/cli/azure/apim/nv#az-apim-nv-list) command:
```azurecli az apim nv list --resource-group apim-hello-word-resource-group \ --service-name apim-hello-world --output table ```
-To see the details of the named value you created for this example, run the [az apim nv show](/cli/azure/apim/nv#az_apim_nv_show) command:
+To see the details of the named value you created for this example, run the [az apim nv show](/cli/azure/apim/nv#az-apim-nv-show) command:
```azurecli az apim nv show --resource-group apim-hello-word-resource-group \ --service-name apim-hello-world --named-value-id named_value_01 ```
-This example is a secret value. The previous command does not return the value. To see the value, run the [az apim nv show-secret](/cli/azure/apim/nv#az_apim_nv_show_secret) command:
+This example is a secret value. The previous command does not return the value. To see the value, run the [az apim nv show-secret](/cli/azure/apim/nv#az-apim-nv-show-secret) command:
```azurecli az apim nv show-secret --resource-group apim-hello-word-resource-group \ --service-name apim-hello-world --named-value-id named_value_01 ```
-To delete a named value, use the [az apim nv delete](/cli/azure/apim/nv#az_apim_nv_delete) command:
+To delete a named value, use the [az apim nv delete](/cli/azure/apim/nv#az-apim-nv-delete) command:
```azurecli az apim nv delete --resource-group apim-hello-word-resource-group \
api-management Api Management Policies https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/api-management/api-management-policies.md
Title: Azure API Management policies | Microsoft Docs
-description: Learn about the policies available for use in Azure API Management. Policies allow the publisher to change API behavior through configuration.
+ Title: Azure API Management policy reference | Microsoft Docs
+description: Reference index for all Azure API Management policies and settings. Policies allow the API publisher to change API behavior through configuration.
- Previously updated : 07/19/2021+ Last updated : 03/04/2022 -
-# API Management policies
-This section provides a reference for the following API Management policies. For information on adding and configuring policies, see [Policies in API Management](api-management-howto-policies.md).
+# API Management policy reference
+This section provides links to reference articles for all API Management policies.
- Policies are a powerful capability of the system that allow the publisher to change the behavior of the API through configuration. Policies are a collection of Statements that are executed sequentially on the request or response of an API. Popular Statements include format conversion from XML to JSON and call rate limiting to restrict the amount of incoming calls from a developer. Many more policies are available out of the box.
+More information about policies:
- Policy expressions can be used as attribute values or text values in any of the API Management policies, unless the policy specifies otherwise. Some policies such as the [Control flow](api-management-advanced-policies.md#choose) and [Set variable](api-management-advanced-policies.md#set-variable) policies are based on policy expressions. For more information, see [Advanced policies](api-management-advanced-policies.md#AdvancedPolicies) and [Policy expressions](api-management-policy-expressions.md).
++ [Policy overview](api-management-howto-policies.md)++ [Set or edit policies](set-edit-policies.md)++ [Policy expressions](api-management-policy-expressions.md)
-## <a name="ProxyPolicies"></a> Policies
+## [Access restriction policies](api-management-access-restriction-policies.md)
+- [Check HTTP header](api-management-access-restriction-policies.md#CheckHTTPHeader) - Enforces existence and/or value of an HTTP Header.
+- [Limit call rate by subscription](api-management-access-restriction-policies.md#LimitCallRate) - Prevents API usage spikes by limiting call rate, on a per subscription basis.
+- [Limit call rate by key](api-management-access-restriction-policies.md#LimitCallRateByKey) - Prevents API usage spikes by limiting call rate, on a per key basis.
+- [Restrict caller IPs](api-management-access-restriction-policies.md#RestrictCallerIPs) - Filters (allows/denies) calls from specific IP addresses and/or address ranges.
+- [Set usage quota by subscription](api-management-access-restriction-policies.md#SetUsageQuota) - Allows you to enforce a renewable or lifetime call volume and/or bandwidth quota, on a per subscription basis.
+- [Set usage quota by key](api-management-access-restriction-policies.md#SetUsageQuotaByKey) - Allows you to enforce a renewable or lifetime call volume and/or bandwidth quota, on a per key basis.
+- [Validate JWT](api-management-access-restriction-policies.md#ValidateJWT) - Enforces existence and validity of a JWT extracted from either a specified HTTP Header or a specified query parameter.
+- [Validate client certificate](api-management-access-restriction-policies.md#validate-client-certificate) - Enforces that a certificate presented by a client to an API Management instance matches specified validation rules and claims.
-- [Access restriction policies](api-management-access-restriction-policies.md#AccessRestrictionPolicies)
- - [Check HTTP header](api-management-access-restriction-policies.md#CheckHTTPHeader) - Enforces existence and/or value of an HTTP Header.
- - [Limit call rate by subscription](api-management-access-restriction-policies.md#LimitCallRate) - Prevents API usage spikes by limiting call rate, on a per subscription basis.
- - [Limit call rate by key](api-management-access-restriction-policies.md#LimitCallRateByKey) - Prevents API usage spikes by limiting call rate, on a per key basis.
- - [Restrict caller IPs](api-management-access-restriction-policies.md#RestrictCallerIPs) - Filters (allows/denies) calls from specific IP addresses and/or address ranges.
- - [Set usage quota by subscription](api-management-access-restriction-policies.md#SetUsageQuota) - Allows you to enforce a renewable or lifetime call volume and/or bandwidth quota, on a per subscription basis.
- - [Set usage quota by key](api-management-access-restriction-policies.md#SetUsageQuotaByKey) - Allows you to enforce a renewable or lifetime call volume and/or bandwidth quota, on a per key basis.
- - [Validate JWT](api-management-access-restriction-policies.md#ValidateJWT) - Enforces existence and validity of a JWT extracted from either a specified HTTP Header or a specified query parameter.
- - [Validate client certificate](api-management-access-restriction-policies.md#validate-client-certificate) - Enforces that a certificate presented by a client to an API Management instance matches specified validation rules and claims.
-- [Advanced policies](api-management-advanced-policies.md#AdvancedPolicies)
- - [Control flow](api-management-advanced-policies.md#choose) - Conditionally applies policy statements based on the evaluation of Boolean expressions.
- - [Forward request](api-management-advanced-policies.md#ForwardRequest) - Forwards the request to the backend service.
- - [Limit concurrency](api-management-advanced-policies.md#LimitConcurrency) - Prevents enclosed policies from executing by more than the specified number of requests at a time.
- - [Log to Event Hub](api-management-advanced-policies.md#log-to-eventhub) - Sends messages in the specified format to a message target defined by a Logger entity.
- - [Emit metrics](api-management-advanced-policies.md#emit-metrics) - Sends custom metrics to Application Insights at execution.
- - [Mock response](api-management-advanced-policies.md#mock-response) - Aborts pipeline execution and returns a mocked response directly to the caller.
- - [Retry](api-management-advanced-policies.md#Retry) - Retries execution of the enclosed policy statements, if and until the condition is met. Execution will repeat at the specified time intervals and up to the specified retry count.
- - [Return response](api-management-advanced-policies.md#ReturnResponse) - Aborts pipeline execution and returns the specified response directly to the caller.
- - [Send one way request](api-management-advanced-policies.md#SendOneWayRequest) - Sends a request to the specified URL without waiting for a response.
- - [Send request](api-management-advanced-policies.md#SendRequest) - Sends a request to the specified URL.
- - [Set HTTP proxy](api-management-advanced-policies.md#SetHttpProxy) - Allows you to route forwarded requests via an HTTP proxy.
- - [Set variable](api-management-advanced-policies.md#set-variable) - Persist a value in a named context variable for later access.
- - [Set request method](api-management-advanced-policies.md#SetRequestMethod) - Allows you to change the HTTP method for a request.
- - [Set status code](api-management-advanced-policies.md#SetStatus) - Changes the HTTP status code to the specified value.
- - [Trace](api-management-advanced-policies.md#Trace) - Adds custom traces into the [API Inspector](./api-management-howto-api-inspector.md) output, Application Insights telemetries, and Resource Logs.
- - [Wait](api-management-advanced-policies.md#Wait) - Waits for enclosed [Send request](api-management-advanced-policies.md#SendRequest), [Get value from cache](api-management-caching-policies.md#GetFromCacheByKey), or [Control flow](api-management-advanced-policies.md#choose) policies to complete before proceeding.
-- [Authentication policies](api-management-authentication-policies.md#AuthenticationPolicies)
- - [Authenticate with Basic](api-management-authentication-policies.md#Basic) - Authenticate with a backend service using Basic authentication.
- - [Authenticate with client certificate](api-management-authentication-policies.md#ClientCertificate) - Authenticate with a backend service using client certificates.
- - [Authenticate with managed identity](api-management-authentication-policies.md#ManagedIdentity) - Authenticate with a backend service using a [managed identity](../active-directory/managed-identities-azure-resources/overview.md).
-- [Caching policies](api-management-caching-policies.md#CachingPolicies)
- - [Get from cache](api-management-caching-policies.md#GetFromCache) - Perform cache look up and return a valid cached response when available.
- - [Store to cache](api-management-caching-policies.md#StoreToCache) - Caches response according to the specified cache control configuration.
- - [Get value from cache](api-management-caching-policies.md#GetFromCacheByKey) - Retrieve a cached item by key.
- - [Store value in cache](api-management-caching-policies.md#StoreToCacheByKey) - Store an item in the cache by key.
- - [Remove value from cache](api-management-caching-policies.md#RemoveCacheByKey) - Remove an item in the cache by key.
-- [Cross domain policies](api-management-cross-domain-policies.md#CrossDomainPolicies)
- - [Allow cross-domain calls](api-management-cross-domain-policies.md#AllowCrossDomainCalls) - Makes the API accessible from Adobe Flash and Microsoft Silverlight browser-based clients.
- - [CORS](api-management-cross-domain-policies.md#CORS) - Adds cross-origin resource sharing (CORS) support to an operation or an API to allow cross-domain calls from browser-based clients.
- - [JSONP](api-management-cross-domain-policies.md#JSONP) - Adds JSON with padding (JSONP) support to an operation or an API to allow cross-domain calls from JavaScript browser-based clients.
-- [Transformation policies](api-management-transformation-policies.md#TransformationPolicies)
- - [Convert JSON to XML](api-management-transformation-policies.md#ConvertJSONtoXML) - Converts request or response body from JSON to XML.
- - [Convert XML to JSON](api-management-transformation-policies.md#ConvertXMLtoJSON) - Converts request or response body from XML to JSON.
- - [Find and replace string in body](api-management-transformation-policies.md#Findandreplacestringinbody) - Finds a request or response substring and replaces it with a different substring.
- - [Mask URLs in content](api-management-transformation-policies.md#MaskURLSContent) - Re-writes (masks) links in the response body so that they point to the equivalent link via the gateway.
- - [Set backend service](api-management-transformation-policies.md#SetBackendService) - Changes the backend service for an incoming request.
- - [Set body](api-management-transformation-policies.md#SetBody) - Sets the message body for incoming and outgoing requests.
- - [Set HTTP header](api-management-transformation-policies.md#SetHTTPheader) - Assigns a value to an existing response and/or request header or adds a new response and/or request header.
- - [Set query string parameter](api-management-transformation-policies.md#SetQueryStringParameter) - Adds, replaces value of, or deletes request query string parameter.
- - [Rewrite URL](api-management-transformation-policies.md#RewriteURL) - Converts a request URL from its public form to the form expected by the web service.
- - [Transform XML using an XSLT](api-management-transformation-policies.md#XSLTransform) - Applies an XSL transformation to XML in the request or response body.
-- [Dapr integration policies](api-management-dapr-policies.md)
- - [Send request to a service](api-management-dapr-policies.md#invoke) - uses Dapr runtime to locate and reliably communicate with a Dapr microservice.
- - [Send message to Pub/Sub topic](api-management-dapr-policies.md#pubsub) - uses Dapr runtime to publish a message to a Publish/Subscribe topic.
- - [Trigger output binding](api-management-dapr-policies.md#bind) - uses Dapr runtime to invoke an external system via output binding.
-- [Validation policies](validation-policies.md)
- - [Validate content](validation-policies.md#validate-content) - Validates the size or JSON schema of a request or response body against the API schema.
-.
- - [Validate parameters](validation-policies.md#validate-parameters) - Validates the request header, query, or path parameters against the API schema.
- - [Validate headers](validation-policies.md#validate-headers) - Validates the response headers against the API schema.
- - [Validate status code](validation-policies.md#validate-status-code) - Validates the HTTP status codes in responses against the API schema.
-- [Graph QL validation policy](graphql-validation-policies.md)
- - [Validate GraphQL request](graphql-validation-policies.md#validate-graphql-request) - Validates and authorizes a request to a GraphQL API.
+## [Advanced policies](api-management-advanced-policies.md)
+- [Control flow](api-management-advanced-policies.md#choose) - Conditionally applies policy statements based on the evaluation of Boolean expressions.
+- [Forward request](api-management-advanced-policies.md#ForwardRequest) - Forwards the request to the backend service.
+- [Limit concurrency](api-management-advanced-policies.md#LimitConcurrency) - Prevents enclosed policies from executing by more than the specified number of requests at a time.
+- [Log to event hub](api-management-advanced-policies.md#log-to-eventhub) - Sends messages in the specified format to a message target defined by a Logger entity.
+- [Emit metrics](api-management-advanced-policies.md#emit-metrics) - Sends custom metrics to Application Insights at execution.
+- [Mock response](api-management-advanced-policies.md#mock-response) - Aborts pipeline execution and returns a mocked response directly to the caller.
+- [Retry](api-management-advanced-policies.md#Retry) - Retries execution of the enclosed policy statements, if and until the condition is met. Execution will repeat at the specified time intervals and up to the specified retry count.
+- [Return response](api-management-advanced-policies.md#ReturnResponse) - Aborts pipeline execution and returns the specified response directly to the caller.
+- [Send one way request](api-management-advanced-policies.md#SendOneWayRequest) - Sends a request to the specified URL without waiting for a response.
+- [Send request](api-management-advanced-policies.md#SendRequest) - Sends a request to the specified URL.
+- [Set HTTP proxy](api-management-advanced-policies.md#SetHttpProxy) - Allows you to route forwarded requests via an HTTP proxy.
+- [Set variable](api-management-advanced-policies.md#set-variable) - Persist a value in a named context variable for later access.
+- [Set request method](api-management-advanced-policies.md#SetRequestMethod) - Allows you to change the HTTP method for a request.
+- [Set status code](api-management-advanced-policies.md#SetStatus) - Changes the HTTP status code to the specified value.
+- [Trace](api-management-advanced-policies.md#Trace) - Adds custom traces into the [API Inspector](./api-management-howto-api-inspector.md) output, Application Insights telemetries, and Resource Logs.
+- [Wait](api-management-advanced-policies.md#Wait) - Waits for enclosed [Send request](api-management-advanced-policies.md#SendRequest), [Get value from cache](api-management-caching-policies.md#GetFromCacheByKey), or [Control flow](api-management-advanced-policies.md#choose) policies to complete before proceeding.
+
+## [Authentication policies](api-management-authentication-policies.md)
+- [Authenticate with Basic](api-management-authentication-policies.md#Basic) - Authenticate with a backend service using Basic authentication.
+- [Authenticate with client certificate](api-management-authentication-policies.md#ClientCertificate) - Authenticate with a backend service using client certificates.
+- [Authenticate with managed identity](api-management-authentication-policies.md#ManagedIdentity) - Authenticate with a backend service using a [managed identity](../active-directory/managed-identities-azure-resources/overview.md).
+
+## [Caching policies](api-management-caching-policies.md)
+- [Get from cache](api-management-caching-policies.md#GetFromCache) - Perform cache lookup and return a valid cached response when available.
+- [Store to cache](api-management-caching-policies.md#StoreToCache) - Caches response according to the specified cache control configuration.
+- [Get value from cache](api-management-caching-policies.md#GetFromCacheByKey) - Retrieve a cached item by key.
+- [Store value in cache](api-management-caching-policies.md#StoreToCacheByKey) - Store an item in the cache by key.
+- [Remove value from cache](api-management-caching-policies.md#RemoveCacheByKey) - Remove an item in the cache by key.
+
+## [Cross domain policies](api-management-cross-domain-policies.md)
+- [Allow cross-domain calls](api-management-cross-domain-policies.md#AllowCrossDomainCalls) - Makes the API accessible from Adobe Flash and Microsoft Silverlight browser-based clients.
+- [CORS](api-management-cross-domain-policies.md#CORS) - Adds cross-origin resource sharing (CORS) support to an operation or an API to allow cross-domain calls from browser-based clients.
+- [JSONP](api-management-cross-domain-policies.md#JSONP) - Adds JSON with padding (JSONP) support to an operation or an API to allow cross-domain calls from JavaScript browser-based clients.
+
+## [Dapr integration policies](api-management-dapr-policies.md)
+- [Send request to a service](api-management-dapr-policies.md#invoke) - uses Dapr runtime to locate and reliably communicate with a Dapr microservice.
+- [Send message to Pub/Sub topic](api-management-dapr-policies.md#pubsub) - uses Dapr runtime to publish a message to a Publish/Subscribe topic.
+- [Trigger output binding](api-management-dapr-policies.md#bind) - uses Dapr runtime to invoke an external system via output binding.
+
+## [Graph QL validation policy](graphql-validation-policies.md)
+- [Validate GraphQL request](graphql-validation-policies.md#validate-graphql-request) - Validates and authorizes a request to a GraphQL API.
+
+## [Transformation policies](api-management-transformation-policies.md)
+- [Convert JSON to XML](api-management-transformation-policies.md#ConvertJSONtoXML) - Converts request or response body from JSON to XML.
+- [Convert XML to JSON](api-management-transformation-policies.md#ConvertXMLtoJSON) - Converts request or response body from XML to JSON.
+- [Find and replace string in body](api-management-transformation-policies.md#Findandreplacestringinbody) - Finds a request or response substring and replaces it with a different substring.
+- [Mask URLs in content](api-management-transformation-policies.md#MaskURLSContent) - Re-writes (masks) links in the response body so that they point to the equivalent link via the gateway.
+- [Set backend service](api-management-transformation-policies.md#SetBackendService) - Changes the backend service for an incoming request.
+- [Set body](api-management-transformation-policies.md#SetBody) - Sets the message body for incoming and outgoing requests.
+- [Set HTTP header](api-management-transformation-policies.md#SetHTTPheader) - Assigns a value to an existing response and/or request header or adds a new response and/or request header.
+- [Set query string parameter](api-management-transformation-policies.md#SetQueryStringParameter) - Adds, replaces value of, or deletes request query string parameter.
+- [Rewrite URL](api-management-transformation-policies.md#RewriteURL) - Converts a request URL from its public form to the form expected by the web service.
+- [Transform XML using an XSLT](api-management-transformation-policies.md#XSLTransform) - Applies an XSL transformation to XML in the request or response body.
+
+## [Validation policies](validation-policies.md)
+- [Validate content](validation-policies.md#validate-content) - Validates the size or JSON schema of a request or response body against the API schema.
+- [Validate parameters](validation-policies.md#validate-parameters) - Validates the request header, query, or path parameters against the API schema.
+- [Validate headers](validation-policies.md#validate-headers) - Validates the response headers against the API schema.
+- [Validate status code](validation-policies.md#validate-status-code) - Validates the HTTP status codes in responses against the API schema.
## Next steps
-For more information working with policies, see:
-+ [Policies in API Management](api-management-howto-policies.md)
-+ [Transform APIs](transform-api.md)
-+ [Policy samples](./policy-reference.md)
+For more information about working with policies, see:
+++ [Tutorial: Transform and protect your API](transform-api.md)++ [Set or edit policies](set-edit-policies.md)++ [Policy samples](./policies/index.md)
api-management Api Management Subscriptions https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/api-management/api-management-subscriptions.md
By default, a developer can only access a product or API by using a subscription
To disable the subscription requirement using the portal:
-* **Product** - Disable **Requires subscription** on the **Settings** page of the product.
-* **API** - Disable **Subscription required** on the **Settings** page of the API.
+* **Disable requirement for product** - Disable **Requires subscription** on the **Settings** page of the product.
+* **Disable requirement for API** - Disable **Subscription required** on the **Settings** page of the API.
-After disabling the subscription requirement, the selected API or APIs can be accessed without a subscription key.
+After the subscription requirement is disabled, the selected API or APIs can be accessed without a subscription key.
When API Management receives an API request from a client without a subscription key, it handles the request according to these rules:
When API Management receives an API request from a client without a subscription
## Next steps Get more information on API Management:
-+ Learn how API Management [policies](set-edit-policies.md#configure-scope) get applied at different scopes.
++ Learn how API Management [policies](set-edit-policies.md#configure-policies-at-different-scopes) get applied at different scopes. + Learn other [concepts](api-management-terminology.md) in API Management. + Follow our [tutorials](import-and-publish.md) to learn more about API Management. + Check our [FAQ page](api-management-faq.yml) for common questions.
api-management Api Management Transformation Policies https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/api-management/api-management-transformation-policies.md
Title: Azure API Management transformation policies | Microsoft Docs
-description: Learn about the transformation policies available for use in Azure API Management.
+description: Reference for the transformation policies available for use in Azure API Management. Provides policy usage, settings, and examples.
- -- Previously updated : 03/11/2019+ Last updated : 03/07/2022 + # API Management transformation policies
-This topic provides a reference for the following API Management policies. For information on adding and configuring policies, see [Policies in API Management](./api-management-policies.md).
+This article provides a reference for API Management policies used to transform API requests or responses.
+ ## <a name="TransformationPolicies"></a> Transformation policies
This topic provides a reference for the following API Management policies. For i
## <a name="ConvertJSONtoXML"></a> Convert JSON to XML The `json-to-xml` policy converts a request or response body from JSON to XML. + ### Policy statement ```xml
This topic provides a reference for the following API Management policies. For i
## <a name="ConvertXMLtoJSON"></a> Convert XML to JSON The `xml-to-json` policy converts a request or response body from XML to JSON. This policy can be used to modernize APIs based on XML-only backend web services. + ### Policy statement ```xml
This topic provides a reference for the following API Management policies. For i
## <a name="Findandreplacestringinbody"></a> Find and replace string in body The `find-and-replace` policy finds a request or response substring and replaces it with a different substring. ++ ### Policy statement ```xml
This topic provides a reference for the following API Management policies. For i
> [!NOTE] > This policy does not change any header values such as `Location` headers. To change header values, use the [set-header](api-management-transformation-policies.md#SetHTTPheader) policy. + ### Policy statement ```xml
This topic provides a reference for the following API Management policies. For i
## <a name="SetBackendService"></a> Set backend service Use the `set-backend-service` policy to redirect an incoming request to a different backend than the one specified in the API settings for that operation. This policy changes the backend service base URL of the incoming request to the one specified in the policy. + ### Policy statement ```xml
In this example the policy routes the request to a service fabric backend, using
|sf-partition-key|Only applicable when the backend is a Service Fabric service and is specified using 'backend-id'. Used to resolve a specific partition from the name resolution service.|No|N/A| |sf-replica-type|Only applicable when the backend is a Service Fabric service and is specified using 'backend-id'. Controls if the request should go to the primary or secondary replica of a partition. |No|N/A| |sf-resolve-condition|Only applicable when the backend is a Service Fabric service. Condition identifying if the call to Service Fabric backend has to be repeated with new resolution.|No|N/A|
-|sf-service-instance-name|Only applicable when the backend is a Service Fabric service. Allows to change service instances at runtime. |No|N/A|
+|sf-service-instance-name|Only applicable when the backend is a Service Fabric service. Allows changing service instances at runtime. |No|N/A|
|sf-listener-name|Only applicable when the backend is a Service Fabric service and is specified using ΓÇÿbackend-idΓÇÖ. Service Fabric Reliable Services allows you to create multiple listeners in a service. This attribute is used to select a specific listener when a backend Reliable Service has more than one listener. If this attribute is not specified, API Management will attempt to use a listener without a name. A listener without a name is typical for Reliable Services that have only one listener. |No|N/A| ### Usage
In this example the policy routes the request to a service fabric backend, using
For more information, see the `context.Request.Body`, `context.Response.Body`, and the `IMessage` sections in the [Context variable](api-management-policy-expressions.md#ContextVariables) table. + ### Policy statement ```xml
The `set-body` policy can be configured to use the [Liquid](https://shopify.gith
|Name|Description|Required| |-|--|--|
-|set-body|Root element. Contains the body text or an expressions that returns a body.|Yes|
+|set-body|Root element. Contains the body text or an expression that returns a body.|Yes|
### Properties
OriginalUrl.
## <a name="SetHTTPheader"></a> Set HTTP header The `set-header` policy assigns a value to an existing response and/or request header or adds a new response and/or request header.
- Inserts a list of HTTP headers into an HTTP message. When placed in an inbound pipeline, this policy sets the HTTP headers for the request being passed to the target service. When placed in an outbound pipeline, this policy sets the HTTP headers for the response being sent to the gatewayΓÇÖs client.
+ Use the policy to insert a list of HTTP headers into an HTTP message. When placed in an inbound pipeline, this policy sets the HTTP headers for the request being passed to the target service. When placed in an outbound pipeline, this policy sets the HTTP headers for the response being sent to the gatewayΓÇÖs client.
+ ### Policy statement
OriginalUrl.
## <a name="SetQueryStringParameter"></a> Set query string parameter The `set-query-parameter` policy adds, replaces value of, or deletes request query string parameter. Can be used to pass query parameters expected by the backend service which are optional or never present in the request. + ### Policy statement ```xml
OriginalUrl.
> [!NOTE] > You can only add query string parameters using the policy. You cannot add extra template path parameters in the rewrite URL. + ### Policy statement ```xml
OriginalUrl.
## <a name="XSLTransform"></a> Transform XML using an XSLT The `Transform XML using an XSLT` policy applies an XSL transformation to XML in the request or response body. + ### Policy statement ```xml
OriginalUrl.
- **Policy scopes:** all scopes
-## Next steps
-
-For more information, see the following topics:
-
-+ [Policies in API Management](api-management-howto-policies.md)
-+ [Policy Reference](./api-management-policies.md) for a full list of policy statements and their settings
-+ [Policy samples](./policy-reference.md)
api-management Compute Infrastructure https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/api-management/compute-infrastructure.md
description: Learn about the compute platform used to host your API Management s
Previously updated : 08/23/2021 Last updated : 03/16/2022
As a cloud platform-as-a-service (PaaS), Azure API Management abstracts many det
To enhance service capabilities, we're upgrading the API Management compute platform version - the Azure compute resources that host the service - for instances in several [service tiers](api-management-features.md). This article gives you context about the upgrade and the major versions of API Management's compute platform: `stv1` and `stv2`.
-We've minimized impacts of this upgrade on your operation of your API Management instance. However, if your instance is connected to an [Azure virtual network](virtual-network-concepts.md), you'll need to change some network configuration settings when the instance upgrades to the `stv2` platform version.
+We've minimized impacts of this upgrade on your operation of your API Management instance. Upgrades are managed by the platform, and new instances created in service tiers other than the Consumption tier are mostly hosted on the `stv2` platform. However, for existing instances hosted on the `stv1` platform, you have options to trigger migration to the `stv2` platform.
-## Compute platform versions
+## What are the compute platforms for API Management?
-| Version | Description | Architecture | API Management tiers |
-| -| -| -- | - |
-| `stv2` | Single-tenant v2 | [Virtual machine scale sets](../virtual-machine-scale-sets/overview.md) | Developer, Basic, Standard, and Premium |
-| `stv1` | Single-tenant v1 | [Cloud Service (classic)](../cloud-services/cloud-services-choose-me.md) | Developer, Basic, Standard, and Premium |
-| `mtv1` | Multi-tenant v1 | [App service](../app-service/overview.md) | Consumption |
+The following table summarizes the compute platforms currently used for instances in the different API Management service tiers.
+| Version | Description | Architecture | Tiers |
+| -| -| -- | - |
+| `stv2` | Single-tenant v2 | [Virtual machine scale sets](../virtual-machine-scale-sets/overview.md) | Developer, Basic, Standard, Premium<sup>1</sup> |
+| `stv1` | Single-tenant v1 | [Cloud Service (classic)](../cloud-services/cloud-services-choose-me.md) | Developer, Basic, Standard, Premium |
+| `mtv1` | Multi-tenant v1 | [App service](../app-service/overview.md) | Consumption |
+
+<sup>1</sup> Newly created instances in these tiers, created using the Azure portal or specifying API version 2021-01-01-preview or later. Includes some existing instances in Developer and Premium tiers configured with virtual networks or availability zones.
## How do I know which platform hosts my API Management instance?
-### Developer, Basic, Standard, and Premium tiers
+Starting with API version `2021-04-01-preview`, the API Management instance exposes a read-only `platformVersion` property that shows this platform information.
+
+You can find this information using the portal or the API Management [REST API](/rest/api/apimanagement/current-ga/api-management-service/get).
+
+To find the `platformVersion` property in the portal:
+
+1. Go to your API Management instance.
+1. On the **Overview** page, select **JSON view**.
+1. In **API version**, select a current version such as `2021-08-01` or later.
+1. In the JSON view, scroll down to find the `platformVersion` property.
+
+ :::image type="content" source="media/compute-infrastructure/platformversion property.png" alt-text="platformVersion property in JSON view":::
+
+## How do I migrate to the `stv2` platform?
-* Instances with virtual network connections created or updated using the Azure portal after **April 2021**, or using the API Management REST API version **2021-01-01-preview** or later, are hosted on the `stv2` platform
-* If you enabled [zone redundancy](zone-redundancy.md) in your Premium tier instance, it's hosted on the `stv2` platform
-* Otherwise, the instance is hosted on the `stv1` platform
+The following table summarizes migration options for instances in the different API Management service tiers that are currently hosted on the `stv1` platform. See the linked documentation for detailed steps.
-> [!TIP]
-> Starting with API version `2021-04-01-preview`, the API Management instance has a read-only `PlatformVersion` property that shows this platform information.
+> [!NOTE]
+> Check the [`platformVersion` property](#how-do-i-know-which-platform-hosts-my-api-management-instance) before starting migration, and after your configuration change.
-### Consumption tier
+|Tier |Migration options |
+|||
+|Premium | 1. Enable [zone redundancy](zone-redundancy.md)<br/> -or-<br/> 2. Create new [external](api-management-using-with-vnet.md) or [internal](api-management-using-with-internal-vnet.md) VNet connection<sup>1</sup><br/> -or-<br/> 3. Update existing [VNet configuration](#update-vnet-configuration) |
+|Developer | 1. Create new [external](api-management-using-with-vnet.md) or [internal](api-management-using-with-internal-vnet.md) VNet connection<sup>1</sup><br/>-or-<br/> 2. Update existing [VNet configuration](#update-vnet-configuration) |
+| Standard | 1. [Change your service tier](upgrade-and-scale.md#change-your-api-management-service-tier) (downgrade to Developer or upgrade to Premium). Follow migration options in new tier.<br/>-or-<br/>2. Deploy new instance in existing tier and migrate configurations<sup>2</sup> |
+| Basic | 1. [Change your service tier](upgrade-and-scale.md#change-your-api-management-service-tier) (downgrade to Developer or upgrade to Premium). Follow migration options in new tier<br/>-or-<br/>2. Deploy new instance in existing tier and migrate configurations<sup>2</sup> |
+| Consumption | Not applicable |
-* All instances are hosted on the `mtv1` platform
+<sup>1</sup> Use Azure portal or specify API version 2021-01-01-preview or later.
+
+<sup>2</sup> Migrate configurations with the following mechanisms: [Backup and restore](api-management-howto-disaster-recovery-backup-restore.md), [Migration script for the developer portal](automate-portal-deployments.md), [APIOps with Azure API Management](/azure/architecture/example-scenario/devops/automated-api-deployments-apiops).
-## How do I upgrade to the `stv2` platform?
+## Update VNet configuration
-Update is only possible for an instance in the Developer, Basic, Standard, or Premium tier.
+If you have an existing Developer or Premium tier instance that's connected to a virtual network and hosted on the `stv1` platform, trigger migration to the `stv2` platform by updating the VNet configuration.
-Create or update the virtual network connection, or availability zone configuration, in an API Management instance using:
+### Prerequisites
-* [Azure portal](https://portal.azure.com)
-* Azure REST API, or ARM template, specifying API version **2021-01-01-preview** or later
+* A new or existing virtual network and subnet in the same region and subscription as your API Management instance.
-> [!IMPORTANT]
-> When you update the compute platform version of an instance connected to an Azure [virtual network](virtual-network-concepts.md):
-> * You must provide a Standard SKU [public IPv4 address](../virtual-network/ip-services/public-ip-addresses.md#sku) resource
+* A new or existing Standard SKU [public IPv4 address](../virtual-network/ip-services/public-ip-addresses.md#sku) resource in the same region and subscription as your API Management instance.
+
+To update the existing external or internal VNet configuration using the portal:
+
+1. Navigate to your API Management instance.
+1. In the left menu, select **Network** > **Virtual network**.
+1. Select the network connection in the location you want to update.
+1. Select the virtual network, subnet, and IP address resources you want to configure, and select **Apply**.
+1. Continue configuring VNet settings for the remaining locations of your API Management instance.
+1. In the top navigation bar, select **Save**, then select **Apply network configuration**.
+
+The virtual network configuration is updated, and the instance is migrated to the `stv2` platform. Confirm migration by checking the [`platformVersion` property](#how-do-i-know-which-platform-hosts-my-api-management-instance).
+
+> [!NOTE]
+> * Updating the VNet configuration takes from 15 to 45 minutes to complete.
> * The VIP address(es) of your API Management instance will change. + ## Next steps * Learn more about using a [virtual network](virtual-network-concepts.md) with API Management. * Learn more about [zone redundancy](zone-redundancy.md).+
api-management Get Started Create Service Instance Cli https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/api-management/get-started-create-service-instance-cli.md
This quickstart describes the steps for creating a new API Management instance u
Azure API Management instances, like all Azure resources, must be deployed into a resource group. Resource groups allow you to organize and manage related Azure resources.
-First, create a resource group named *myResourceGroup* in the Central US location with the following [az group create](/cli/azure/group#az_group_create) command:
+First, create a resource group named *myResourceGroup* in the Central US location with the following [az group create](/cli/azure/group#az-group-create) command:
```azurecli-interactive az group create --name myResourceGroup --location centralus
az group create --name myResourceGroup --location centralus
## Create a new service
-Now that you have a resource group, you can create an API Management service instance. Create one by using the [az apim create](/cli/azure/apim#az_apim_create) command and provide a service name and publisher details. The service name must be unique within Azure.
+Now that you have a resource group, you can create an API Management service instance. Create one by using the [az apim create](/cli/azure/apim#az-apim-create) command and provide a service name and publisher details. The service name must be unique within Azure.
In the following example, *myapim* is used for the service name. Update the name to a unique value. Also update the name of the API publisher's organization and the email address to receive notifications.
By default, the command creates the instance in the Developer tier, an economica
> [!TIP] > It can take between 30 and 40 minutes to create and activate an API Management service in this tier. The previous command uses the `--no-wait` option so that the command returns immediately while the service is created.
-Check the status of the deployment by running the [az apim show](/cli/azure/apim#az_apim_show) command:
+Check the status of the deployment by running the [az apim show](/cli/azure/apim#az-apim-show) command:
```azurecli-interactive az apim show --name myapim --resource-group myResourceGroup --output table
When your API Management service instance is online, you're ready to use it. Sta
## Clean up resources
-When no longer needed, you can use the [az group delete](/cli/azure/group#az_group_delete) command to remove the resource group and the API Management service instance.
+When no longer needed, you can use the [az group delete](/cli/azure/group#az-group-delete) command to remove the resource group and the API Management service instance.
```azurecli-interactive az group delete --name myResourceGroup
api-management Graphql Validation Policies https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/api-management/graphql-validation-policies.md
Title: Azure API Management validation policy for GraphQL requests | Microsoft Docs
-description: Learn about a new policy you can use in Azure API Management to validate and authorize GraphQL requests.
+description: Reference for an Azure API Management policy to validate and authorize GraphQL requests. Provides policy usage, settings, and examples.
- Previously updated : 01/21/2022+ Last updated : 03/07/2022
This article provides a reference for an API Management policy to validate and authorize requests to a [GraphQL API](graphql-api.md) imported to API Management.
-For more information on adding and configuring policies, see [Policies in API Management](./api-management-policies.md).
## Validation policy
For more information on adding and configuring policies, see [Policies in API Ma
The `validate-graphql-request` policy validates the GraphQL request and authorizes access to specific query paths. An invalid query is a "request error". Authorization is only done for valid requests. ++ **Permissions** Because GraphQL queries use a flattened schema: * Permissions may be applied at any leaf node of an output type:
Failure to validate against the GraphQL schema, or a failure for the request's s
Similar to the [`Context.LastError`](api-management-error-handling-policies.md#lasterror) property, all GraphQL validation errors are automatically propagated in the `GraphQLErrors` variable. If the errors need to be propagated separately, you can specify an error variable name. Errors are pushed onto the `error` variable and the `GraphQLErrors` variable.
-## Next steps
-
-For more information about working with policies, see:
--- [Policies in API Management](api-management-howto-policies.md)-- [Transform APIs](transform-api.md)-- [Policy reference](./api-management-policies.md) for a full list of policy statements and their settings-- [Policy samples](./policy-reference.md)-- [Error handling](./api-management-error-handling-policies.md)
api-management How To Event Grid https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/api-management/how-to-event-grid.md
In this article, you subscribe to Event Grid events in your API Management insta
In this section, you use a Resource Manager template to deploy a pre-built sample web application to Azure App Service. Later, you subscribe to your API Management instance's Event Grid events and specify this app as the endpoint to which the events are sent.
-To deploy the sample app, you can use the Azure CLI, Azure PowerShell, or the Azure portal. The following example uses the [az deployment group create](/cli/azure/deployment/group#az_deployment_group_create) command in the Azure CLI.
+To deploy the sample app, you can use the Azure CLI, Azure PowerShell, or the Azure portal. The following example uses the [az deployment group create](/cli/azure/deployment/group#az-deployment-group-create) command in the Azure CLI.
* Set `RESOURCE_GROUP_NAME` to the name of an existing resource group * Set `SITE_NAME` to a unique name for your web app
api-management Mock Api Responses https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/api-management/mock-api-responses.md
To begin using Azure CLI:
[!INCLUDE [azure-cli-prepare-your-environment-no-header.md](../../includes/azure-cli-prepare-your-environment-no-header.md)]
-To add an operation to your test API, run the [az apim api operation create](/cli/azure/apim/api/operation#az_apim_api_operation_create) command:
+To add an operation to your test API, run the [az apim api operation create](/cli/azure/apim/api/operation#az-apim-api-operation-create) command:
```azurecli az apim api operation create --resource-group apim-hello-word-resource-group \
az apim api operation create --resource-group apim-hello-word-resource-group \
--url-template /test --service-name apim-hello-world ```
-Run the [az apim api operation list](/cli/azure/apim/api/operation#az_apim_api_operation_list) command to see all your operations for an API:
+Run the [az apim api operation list](/cli/azure/apim/api/operation#az-apim-api-operation-list) command to see all your operations for an API:
```azurecli az apim api operation list --resource-group apim-hello-word-resource-group \ --api-id test-api --service-name apim-hello-world --output table ```
-To remove an operation, use the [az apim api operation delete](/cli/azure/apim/api/operation#az_apim_api_operation_delete) command. Get the operation ID from the previous command.
+To remove an operation, use the [az apim api operation delete](/cli/azure/apim/api/operation#az-apim-api-operation-delete) command. Get the operation ID from the previous command.
```azurecli az apim api operation delete --resource-group apim-hello-word-resource-group \
api-management Set Edit Policies https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/api-management/set-edit-policies.md
Title: How to set or edit Azure API Management policies | Microsoft Docs
-description: Learn how to set or edit Azure API Management policies. These policies are XML documents that describe a sequence of inbound and outbound statements.
+description: Learn how to use the Azure portal to set or edit policies in an Azure API Management instance. Policies are defined in XML documents that contain a sequence of statements that are run sequentially on the request or response of an API.
documentationcenter: '' - -- Previously updated : 11/01/2018+ Last updated : 03/01/2022 # How to set or edit Azure API Management policies
-The policy definition is an XML document that describes a sequence of inbound and outbound statements. The XML can be edited directly in the definition window. You can also select a predefined policy from the list that is provided to the right of the policy window. The statements applicable to the current scope are enabled and highlighted. Clicking an enabled statement adds the appropriate XML at the location of the cursor in the definition view.
+This article shows you how to configure policies in your API Management instance by editing policy definitions in the Azure portal. Each policy definition is an XML document that describes a sequence of inbound and outbound statements that run sequentially on an API request and response.
-For detailed information about policies, see [Policies in Azure API Management](api-management-howto-policies.md).
+The policy editor in the portal provides guided forms for API publishers to add and edit policies in policy definitions. You can also edit the XML directly in the policy code editor.
-## Set or edit a policy
+More information about policies:
-To set or edit a policy, follow the following steps:
+* [Policy overview](api-management-howto-policies.md)
+* [Policy reference](api-management-policies.md) for a full list of policy statements and their settings
+* [Policy samples](./policies/index.md)
-1. Sign in to the Azure portal at [https://portal.azure.com](https://portal.azure.com).
-2. Browse to your APIM instance.
-3. Click the **APIs** tab.
+## Prerequisites
- ![Edit policy](./media/set-edit-policies/code-editor.png)
+If you don't already have an API Management instance and a backend API, see:
-4. Select one of the APIs that you previously imported.
-5. Select the **Design** tab.
-6. Select an operation to which you want to apply the policy. If you want to apply the policy to all operations, select **All operations**.
-7. Select the **</>** (code editor) icon in the **Inbound processing** or **Outbound processing** section.
-8. Paste the desired policy code into one of the appropriate blocks.
+- [Create an Azure API Management instance](get-started-create-service-instance.md)
+- [Import and publish an API](import-and-publish.md)
+
+## Configure policy in the portal
+
+The following example shows how to configure a policy using two options in the policy editor in the portal:
+
+* A guided form-based editor to simplify configuring many policies
+* A code editor where you can add or edit XML directly
+
+In this example, the policy filters requests from certain incoming IP addresses. It's scoped to a selected API.
+
+> [!NOTE]
+> You can configure policies at other [scopes](api-management-howto-policies.md#scopes), such as for all APIs, a product, or a single API operation. See [Configure scope](#configure-policies-at-different-scopes), later in this article, for other examples.
+
+To configure a policy:
+
+# [Form](#tab/form)
+
+1. In the left navigation of your API Management instance, select **APIs**.
+1. Select an API that you previously imported.
+1. Select the **Design** tab.
+1. To apply the policy to all operations, select **All operations**.
+1. In the **Inbound processing** section, select **+ Add policy**.
++
+ :::image type="content" source="media/set-edit-policies/form-editor.png" alt-text="Add policy in API Management":::
+
+1. In **Add inbound policy**, select a policy to add. For example, select **Filter IP addresses**.
+
+ :::image type="content" source="media/set-edit-policies/filter-ip-addresses.png" alt-text="Filter IP addresses policy":::
+
+ > [!TIP]
+ > * Policies shown are scoped to the policy section you're configuring - in this case, for inbound processing.
+ > * If you don't see a policy you want, select the **Other policies** tile. This will open the XML code editor and display a complete list of policies for that section and scope.
+1. Select **Allowed IPs** > **+ Add IP filter** and add the first and last IP addresses of a range of incoming addresses that are allowed to make API requests. Add other IP address ranges, if needed.
+
+ :::image type="content" source="media/set-edit-policies/configure-ip-filter.png" alt-text="Configure allowed IP addresses":::
+1. Select **Save** to propagate changes to the API Management gateway immediately.
+
+ The **ip-filter** policy now appears in the **Inbound processing** section.
+
+# [Code](#tab/editor)
+
+1. In the left navigation of your API Management instance, select **APIs**.
+1. Select an API that you previously imported.
+1. Select the **Design** tab.
+1. To apply the policy to all operations, select **All operations**.
+1. In the **Inbound processing** section, select the **</>** (code editor) icon.
++
+ :::image type="content" source="media/set-edit-policies/code-editor.png" alt-text="Add policy in API Management":::
+
+1. To see available policy XML code snippets, select **Show snippets**. For example, select **Restrict caller IPs**.
+
+ :::image type="content" source="media/set-edit-policies/insert-policy-snippet.png" alt-text="Insert policy snippet":::
+
+1. Paste or enter the desired policy code snippet into one of the appropriate blocks, and complete the policy configuration.
```xml <policies> <inbound> <base />
+ <ip-filter action="allow">
+ <address-range from="10.100.7.0" to="10.100.127.0" />
+ </ip-filter>
</inbound> <backend> <base />
To set or edit a policy, follow the following steps:
</on-error> </policies> ```
-
-## Configure scope
-
-Policies can be configured globally or at the scope of a Product, API, or Operation. To begin configuring a policy, you must first select the scope at which the policy should apply.
+1. Select **Save** to propagate changes to the API Management gateway immediately.
+
+ The **ip-filter** policy now appears in the **Inbound processing** section.
+
-Policy scopes are evaluated in the following order:
+## Configure policies at different scopes
-1. Global scope
-2. Product scope
-3. API scope
-4. Operation scope
+API Management gives you flexibility to configure policy definitions at multiple [scopes](api-management-howto-policies.md#scopes), in each of the policy sections.
-The statements within policies are evaluated according to the placement of the `base` element, if it is present. Global policy has no parent policy and using the `<base>` element in it has no effect.
+> [!IMPORTANT]
+> Not all policies can be applied at each scope or policy section. If the policy that you want to add isn't enabled, ensure that you are in a supported policy section and scope for that policy. To review the policy sections and scopes for a policy, check the **Usage** section in the [Policy reference](api-management-policies.md) topics.
-To see the policies in the current scope in the policy editor, click **Recalculate effective policy for selected scope**.
+> [!NOTE]
+> The **Backend** policy section can only contain one policy element. By default, API Management configures the [`forward-request`](api-management-advanced-policies.md#ForwardRequest) policy in the **Backend** section at the global scope, and the `base` element at other scopes.
### Global scope
-Global scope is configured for **All APIs** in your APIM instance.
+Global scope is configured for **All APIs** in your API Management instance.
-1. Sign in to the [Azure portal](https://portal.azure.com/) and navigate to your APIM instance.
-2. Click **All APIs**.
+1. In the left navigation of your API Management instance, select **APIs** > **All APIs**.
+1. Select the **Design** tab.
- ![Global scope](./media/api-management-howto-policies/global-scope.png)
+ :::image type="content" source="media/set-edit-policies/global-scope-policy.png" alt-text="Configure policy at product scope":::
-3. Click the triangle icon.
-4. Select **Code editor**.
-5. Add or edit policies.
-6. Press **Save**.
+1. In a policy section, select **+ Add policy** to use a form-based policy editor, or select the **</>** (code editor) icon to add and edit XML directly.
- The changes are propagated to the API Management gateway immediately.
+1. Select **Save** to propagate changes to the API Management gateway immediately.
### Product scope
-Product scope is configured for the selected product.
+Product scope is configured for a selected product.
-1. Click **Products**.
+1. In the left menu, select **Products**, and then select a product to which you want to apply policies.
+1. In the product window, select **Policies**.
- ![Product scope](./media/api-management-howto-policies/product-scope.png)
+ :::image type="content" source="media/set-edit-policies/product-scope-policy.png" alt-text="Configure policy at global scope":::
+1. In a policy section, select **+ Add policy** to use a form-based policy editor, or select the **</>** (code editor) icon to add and edit XML directly.
-2. Select the product to which you want to apply policies.
-3. Click **Policies**.
-4. Add or edit policies.
-5. Press **Save**.
+1. Select **Save** to propagate changes to the API Management gateway immediately.
### API scope
-API scope is configured for **All Operations** of the selected API.
+API scope is configured for **All operations** of the selected API.
-1. Select the **API** you want to apply policies to.
+1. In the left navigation of your API Management instance, select **APIs**, and then select the API that you want to apply policies to.
+1. Select the **Design** tab.
+1. Select **All operations**.
- ![API scope](./media/api-management-howto-policies/api-scope.png)
+ :::image type="content" source="media/set-edit-policies/api-scope-policy.png" alt-text="Configure policy at API scope":::
-2. Select **All operations**
-3. Click the triangle icon.
-4. Select **Code editor**.
-5. Add or edit policies.
-6. Press **Save**.
+1. In a policy section, select **+ Add policy** to use a form-based policy editor, or select the **</>** (code editor) icon to add and edit XML directly.
+
+6. Select **Save** to propagate changes to the API Management gateway immediately.
### Operation scope
-Operation scope is configured for the selected operation.
+Operation scope is configured for a selected API operation.
+
+1. In the left navigation of your API Management instance, select **APIs**.
+1. Select the **Design** tab.
+1. Select the operation to which you want to apply policies.
+
+ :::image type="content" source="media/set-edit-policies/operation-scope-policy.png" alt-text="Configure policy at operation scope":::
+
+1. In a policy section, select **+ Add policy** to use a form-based policy editor, or select the **</>** (code editor) icon to add and edit XML directly.
+
+1. Select **Save** to propagate changes to the API Management gateway immediately.
+
+## Use `base` element to set policy evaluation order
+
+If you configure policy definitions at more than one scope, multiple policies could apply to an API request or response. Depending on the order that the policies from the different scopes are applied, the transformation of the request or response could differ.
-1. Select an **API**.
-2. Select the operation you want to apply policies to.
+In API Management, determine the policy evaluation order by placement of the `base` element in each section in the policy definition at each scope. The `base` element inherits the policies configured in that section at the next broader (parent) scope. The `base` element is included by default in each policy section.
+
+> [!NOTE]
+> To view the effective policies at the current scope, select **Recalculate effective policy** in the policy editor.
+
+To modify the policy evaluation order using the policy editor:
+
+1. Begin with the definition at the most *narrow* scope you configured, which API Management will apply first.
+
+ For example, when using policy definitions configured at the global scope and the API scope, begin with the configuration at the API scope.
+1. Place the `base` element within a section to determine where to inherit all policies from the corresponding section at the parent scope.
+
+ For example, in an `inbound` section configured at the API scope, place a `base` element to control where to inherit policies configured in the `inbound` section at the global scope. In the following example, policies inherited from the global scope are applied before the `ip-filter` policy.
+
+ ```xml
+ <policies>
+ <inbound>
+ <base />
+ <ip-filter action="allow">
+ <address>10.100.7.1</address>
+ </ip-filter>
+ </inbound>
+ [...]
+ </policies>
+ ```
+
+ > [!NOTE]
+ > * You can place the `base` element before or after any policy element in a section.
+ > * If you want to prevent inheriting policies from the parent scope, remove the `base` element. In most cases, this isn't recommended.
- ![Operation scope](./media/api-management-howto-policies/operation-scope.png)
+1. Continue to configure the `base` element in policy definitions at successively broader scopes.
-3. Click the triangle icon.
-4. Select **Code editor**.
-5. Add or edit policies.
-6. Press **Save**.
+ A globally scoped policy has no parent scope, and using the `base` element in it has no effect.
## Next steps
-See the following related topics:
+For more information about working with policies, see:
-+ [Transform APIs](transform-api.md)
-+ [Policy Reference](./api-management-policies.md) for a full list of policy statements and their settings
-+ [Policy samples](./policy-reference.md)
++ [Tutorial: Transform and protect APIs](transform-api.md)++ [Set or edit policies](set-edit-policies.md)++ [Policy reference](./api-management-policies.md) for a full list of policy statements and their settings++ [Policy samples](./policies/index.md)
api-management Transform Api https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/api-management/transform-api.md
Previously updated : 12/22/2021 Last updated : 03/15/2022 # Tutorial: Transform and protect your API
-In this tutorial, you'll learn how to transform your API so it doesn't reveal private backend info. Transforming an API might help you hide the technology stack info that's running in the backend. It also helps you hide the original URLs that appear in the body of the API's HTTP response.
+In this tutorial, you'll learn about configuring common [policies](api-management-howto-policies.md) to transform your API. You might want to transform your API so it doesn't reveal private backend info. Transforming an API can help you hide the technology stack info that's running in the backend, or hide the original URLs that appear in the body of the API's HTTP response.
-The tutorial also explains how to add protection to your backend API by configuring a rate limit with Azure API Management. You might want to limit the rate of API calls so the API isn't overused by developers. For more information, see [API Management policies](api-management-policies.md).
+This tutorial also explains how to add protection to your backend API by configuring a rate limit policy, so that the API isn't overused by developers. For more policy options, see [API Management policies](api-management-policies.md).
+
+> [!NOTE]
+> By default, API Management configures a global [`forward-request`](api-management-advanced-policies.md#ForwardRequest) policy. The `forward-request` policy is needed for the gateway to complete a request to a backend service.
In this tutorial, you learn how to:
As you can see, the response includes the **X-AspNet-Version** and **X-Powered-B
### Set the transformation policy
+This example shows how to use the form-based policy editor, which helps you configure many policies without having to edit the policy XML statements directly.
+ 1. Select **Demo Conference API** > **Design** > **All operations**.
-1. In the **Outbound processing** section, select the code editor (**</>**) icon.
+1. In the **Outbound processing** section, select **+ Add policy**.
:::image type="content" source="media/transform-api/outbound-policy.png" alt-text="Navigate to outbound policy" border="false":::
-1. Position the cursor inside the **&lt;outbound&gt;** element, and then select **Show snippets** at the top-right corner of the screen.
-
- :::image type="content" source="media/transform-api/show-snippets.png" alt-text="Show snippets":::
-
-1. In the right window, under **Transformation policies**, select **Set HTTP header** twice (to insert two policy snippets).
+1. In the **Add outbound policy** window, select **Set headers**.
:::image type="content" source="media/transform-api/set-http-header.png" alt-text="Set HTTP header policy":::
-1. Modify your **\<outbound>** code to the following code:
-
- ```
- <set-header name="X-Powered-By" exists-action="delete" />
- <set-header name="X-AspNet-Version" exists-action="delete" />
- ```
+1. To configure the set headers policy, do the following:
+ 1. Under **Name**, enter **X-Powered-By**. Under **Action**, select **delete**.
+ 1. Select **+ Add header**.
+ 1. Under **Name**, enter **X-AspNet-Version**. Under **Action**, select **delete**.
:::image type="content" source="media/transform-api/set-policy.png" alt-text="Set HTTP header":::
-1. Select **Save**.
+1. Select **Save**. Two **set-header** policy elements appear in the **Outbound processing** section.
## Replace original URLs in the body of the API response with API Management gateway URLs
-This section shows how to hide original URLs that appear in the body of the API's HTTP response and instead redirect them to the API Management gateway.
+This section shows how to replace original URLs that appear in the body of the API's HTTP response with API Management gateway URLs. You might want to hide the original backend URLs from users.
### Test the original response
To see the original response:
### Set the transformation policy
+In this example, you use the policy code editor to add the policy XML snippet directly to the policy definition.
+ 1. Select **Demo Conference API** > **Design** > **All operations**. 1. In the **Outbound processing** section, select the code editor (**</>**) icon.
- :::image type="content" source="media/transform-api/outbound-policy.png" alt-text="Navigate to outbound policy" border="false":::
+ :::image type="content" source="media/transform-api/outbound-policy-code.png" alt-text="Navigate to outbound policy code editor":::
-1. Position the cursor inside the **&lt;outbound&gt;** element, and then select **Show snippets** at the top-right corner of the screen.
+1. Position the cursor inside the **`<outbound>`** element on a blank line. Then select **Show snippets** at the top-right corner of the screen.
:::image type="content" source="media/transform-api/show-snippets-1.png" alt-text="Select show snippets":::
-1. In the right window, under **Transformation policies**, select **Mask URLs in content**.
+1. In the right window, under **Transformation policies**, select **Mask URLs in content**.
+
+ The **`<redirect-content-urls />`** element is added at the cursor.
:::image type="content" source="media/transform-api/mask-urls-new.png" alt-text="Mask URLs in content":::
To see the original response:
## Protect an API by adding rate limit policy (throttling)
-This section shows how to add protection to your backend API by configuring rate limits. You might also want to limit the rate of API calls so that the API isn't overused by developers. In this example, the limit is set to three calls per 15 seconds for each subscription ID. After 15 seconds, a developer can retry calling an API.
+This section shows how to add protection to your backend API by configuring rate limits, so that the API isn't overused by developers. In this example, the limit is set to three calls per 15 seconds for each subscription ID. After 15 seconds, a developer can retry calling an API.
1. Select **Demo Conference API** > **Design** > **All operations**. 1. In the **Inbound processing** section, select the code editor (**</>**) icon.
- :::image type="content" source="media/transform-api/inbound-policy.png" alt-text="Navigate to inbound policy":::
+ :::image type="content" source="media/transform-api/inbound-policy-code.png" alt-text="Navigate to inbound policy":::
-1. Position the cursor inside the **&lt;inbound&gt;** element, and then select **Show snippets** at the top-right corner of the screen.
+1. Position the cursor inside the **`<inbound>`** element on a blank line. Then, select **Show snippets** at the top-right corner of the screen.
:::image type="content" source="media/transform-api/show-snippets-2.png" alt-text="Set inbound policy" border="false":::
-1. In the right window, under **Access restriction policies**, select **Limit call rate per key**.
+1. In the right window, under **Access restriction policies**, select **Limit call rate per key**.
+
+ The **`<rate-limit-by-key />`** element is added at the cursor.
:::image type="content" source="media/transform-api/limit-call-rate-per-key.png" alt-text="Select limit call rate per key":::
-1. Modify your **rate-limit-by-key** code in the **\<inbound\>** element to the following code:
+1. Modify your **`<rate-limit-by-key />`** code in the **`<inbound>`** element to the following code. Then select **Save**.
``` <rate-limit-by-key calls="3" renewal-period="15" counter-key="@(context.Subscription.Id)" />
api-management Validation Policies https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/api-management/validation-policies.md
Title: Azure API Management validation policies | Microsoft Docs
-description: Learn about policies you can use in Azure API Management to validate requests and responses.
+description: Reference for Azure API Management policies to validate API requests and responses. Provides policy usage, settings, and examples.
documentationcenter: '' - Previously updated : 02/22/2022+ Last updated : 03/07/2022 # API Management policies to validate requests and responses
-This article provides a reference for the following API Management policies. For information on adding and configuring policies, see [Policies in API Management](./api-management-policies.md).
-
-Use validation policies to validate REST or SOAP API requests and responses against schemas defined in the API definition or supplementary JSON or XML schemas. Validation policies protect from vulnerabilities such as injection of headers or payload or leaking sensitive data.
+This article provides a reference for API Management policies to validate REST or SOAP API requests and responses against schemas defined in the API definition or supplementary JSON or XML schemas. Validation policies protect from vulnerabilities such as injection of headers or payload or leaking sensitive data.
While not a replacement for a Web Application Firewall, validation policies provide flexibility to respond to an additional class of threats that arenΓÇÖt covered by security products that rely on static, predefined rules. + ## Validation policies - [Validate content](#validate-content) - Validates the size or content of a request or response body against one or more API schemas. The supported schema formats are JSON and XML.
We recommend performing load tests with your expected production workloads to as
The `validate-content` policy validates the size or content of a request or response body against one or more [supported schemas](#schemas-for-content-validation). + The following table shows the schema formats and request or response content types that the policy supports. Content type values are case insensitive. | Format | Content types |
The `validate-parameters` policy validates the header, query, or path parameters
> [!IMPORTANT] > If you imported an API using a management API version prior to `2021-01-01-preview`, the `validate-parameters` policy might not work. You may need to [reimport your API](/rest/api/apimanagement/current-ga/apis/create-or-update) using management API version `2021-01-01-preview` or later. + ### Policy statement
The `validate-headers` policy validates the response headers against the API sch
> [!IMPORTANT] > If you imported an API using a management API version prior to `2021-01-01-preview`, the `validate-headers` policy might not work. You may need to reimport your API using management API version `2021-01-01-preview` or later. ++ ### Policy statement ```xml
This policy can be used in the following policy [sections](./api-management-howt
## Validate status code
-The `validate-status-code` policy validates the HTTP status codes in responses against the API schema. This policy may be used to prevent leakage of backend errors, which can contain stack traces.
+The `validate-status-code` policy validates the HTTP status codes in responses against the API schema. This policy may be used to prevent leakage of backend errors, which can contain stack traces.
+ ### Policy statement
The following table lists all the possible Reason values of a validation error a
-## Next steps
-
-For more information about working with policies, see:
--- [Policies in API Management](api-management-howto-policies.md)-- [Transform APIs](transform-api.md)-- [Policy reference](./api-management-policies.md) for a full list of policy statements and their settings-- [Policy samples](./policy-reference.md)-- [Error handling](./api-management-error-handling-policies.md)
app-service App Service Sql Asp Github Actions https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/app-service/app-service-sql-asp-github-actions.md
az group create --name {resource-group-name} --location {resource-group-location
## Generate deployment credentials
-You'll need to authenticate with a service principal for the resource deployment script to work. You can create a [service principal](../active-directory/develop/app-objects-and-service-principals.md#service-principal-object) with the [az ad sp create-for-rbac](/cli/azure/ad/sp#az_ad_sp_create_for_rbac) command in the [Azure CLI](/cli/azure/). Run this command with [Azure Cloud Shell](https://shell.azure.com/) in the Azure portal or by selecting the **Try it** button.
+You'll need to authenticate with a service principal for the resource deployment script to work. You can create a [service principal](../active-directory/develop/app-objects-and-service-principals.md#service-principal-object) with the [az ad sp create-for-rbac](/cli/azure/ad/sp#az-ad-sp-create-for-rbac) command in the [Azure CLI](/cli/azure/). Run this command with [Azure Cloud Shell](https://shell.azure.com/) in the Azure portal or by selecting the **Try it** button.
```azurecli-interactive az ad sp create-for-rbac --name "{service-principal-name}" --sdk-auth --role contributor --scopes /subscriptions/{subscription-id}
app-service App Service Sql Github Actions https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/app-service/app-service-sql-github-actions.md
Open the Azure Cloud Shell at https://shell.azure.com. You can alternately use t
## Generate deployment credentials
-You'll need to authenticate with a service principal for the resource deployment script to work. You can create a [service principal](../active-directory/develop/app-objects-and-service-principals.md#service-principal-object) with the [az ad sp create-for-rbac](/cli/azure/ad/sp#az_ad_sp_create_for_rbac) command in the [Azure CLI](/cli/azure/). Run this command with [Azure Cloud Shell](https://shell.azure.com/) in the Azure portal or by selecting the **Try it** button.
+You'll need to authenticate with a service principal for the resource deployment script to work. You can create a [service principal](../active-directory/develop/app-objects-and-service-principals.md#service-principal-object) with the [az ad sp create-for-rbac](/cli/azure/ad/sp#az-ad-sp-create-for-rbac) command in the [Azure CLI](/cli/azure/). Run this command with [Azure Cloud Shell](https://shell.azure.com/) in the Azure portal or by selecting the **Try it** button.
```azurecli-interactive az ad sp create-for-rbac --name "{service-principal-name}" --sdk-auth --role contributor --scopes /subscriptions/{subscription-id}/resourceGroups/{resource-group-name}
app-service App Service Web Restore Snapshots https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/app-service/app-service-web-restore-snapshots.md
The following table shows which app configuration is restored:
az webapp config snapshot restore --name <target-app-name> --resource-group <target-group-name> --source-name <source-app-name> --source-resource-group <source-group-name> --time <source-snapshot-timestamp> ```
- To restore app content only and not the app configuration, use the `--restore-content-only` parameter. For more information, see [az webapp config snapshot restore](/cli/webapp/config/snapshot#az_webapp_config_snapshot_restore).
+ To restore app content only and not the app configuration, use the `--restore-content-only` parameter. For more information, see [az webapp config snapshot restore](/cli/webapp/config/snapshot#az-webapp-config-snapshot-restore).
--
app-service App Service Web Tutorial Rest Api https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/app-service/app-service-web-tutorial-rest-api.md
Next, you enable the built-in CORS support in App Service for your API.
### Enable CORS
-In the Cloud Shell, enable CORS to your client's URL by using the [`az webapp cors add`](/cli/azure/webapp/cors#az_webapp_cors_add) command. Replace the _&lt;app-name>_ placeholder.
+In the Cloud Shell, enable CORS to your client's URL by using the [`az webapp cors add`](/cli/azure/webapp/cors#az-webapp-cors-add) command. Replace the _&lt;app-name>_ placeholder.
```azurecli-interactive az webapp cors add --resource-group myResourceGroup --name <app-name> --allowed-origins 'http://localhost:5000'
app-service Configure Authentication Api Version https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/app-service/configure-authentication-api-version.md
You can view the current version of the platform authentication middleware eithe
##### From the Azure CLI
-Using the Azure CLI, view the current middleware version with the [az webapp auth show](/cli/azure/webapp/auth#az_webapp_auth_show) command.
+Using the Azure CLI, view the current middleware version with the [az webapp auth show](/cli/azure/webapp/auth#az-webapp-auth-show) command.
```azurecli-interactive az webapp auth show --name <my_app_name> \
You can also hit /.auth/version endpoint on an app also to view the current midd
#### Update the current runtime version
-Using the Azure CLI, you can update the `runtimeVersion` setting in the app with the [az webapp auth update](/cli/azure/webapp/auth#az_webapp_auth_update) command.
+Using the Azure CLI, you can update the `runtimeVersion` setting in the app with the [az webapp auth update](/cli/azure/webapp/auth#az-webapp-auth-update) command.
```azurecli-interactive az webapp auth update --name <my_app_name> \
az webapp auth update --name <my_app_name> \
Replace `<my_app_name>` with the name of your app. Also replace `<my_resource_group>` with the name of the resource group for your app. Also, replace `<version>` with a valid version of the 1.x runtime or `~1` for the latest version. See the [release notes on the different runtime versions](https://github.com/Azure/app-service-announcements) to help determine the version to pin to.
-You can run this command from the [Azure Cloud Shell](../cloud-shell/overview.md) by choosing **Try it** in the preceding code sample. You can also use the [Azure CLI locally](/cli/azure/install-azure-cli) to execute this command after executing [az login](/cli/azure/reference-index#az_login) to sign in.
+You can run this command from the [Azure Cloud Shell](../cloud-shell/overview.md) by choosing **Try it** in the preceding code sample. You can also use the [Azure CLI locally](/cli/azure/install-azure-cli) to execute this command after executing [az login](/cli/azure/reference-index#az-login) to sign in.
## Next steps
app-service Configure Authentication Provider Aad https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/app-service/configure-authentication-provider-aad.md
To register the app, perform the following steps:
|Application (client) ID| Use the **Application (client) ID** of the app registration. | |Client Secret| Use the client secret you generated in the app registration. With a client secret, hybrid flow is used and the App Service will return access and refresh tokens. When the client secret is not set, implicit flow is used and only an ID token is returned. These tokens are sent by the provider and stored in the EasyAuth token store.| |Issuer Url| Use `<authentication-endpoint>/<tenant-id>/v2.0`, and replace *\<authentication-endpoint>* with the [authentication endpoint for your cloud environment](../active-directory/develop/authentication-national-cloud.md#azure-ad-authentication-endpoints) (e.g., "https://login.microsoftonline.com" for global Azure), also replacing *\<tenant-id>* with the **Directory (tenant) ID** in which the app registration was created. This value is used to redirect users to the correct Azure AD tenant, as well as to download the appropriate metadata to determine the appropriate token signing keys and token issuer claim value for example. For applications that use Azure AD v1, omit `/v2.0` in the URL.|
- |Allowed Token Audiences| If this is a cloud or server app and you want to allow authentication tokens from a web app, add the **Application ID URI** of the web app here. The configured **Client ID** is *always* implicitly considered to be an allowed audience.|
+ |Allowed Token Audiences| The configured **Application (client) ID** is *always* implicitly considered to be an allowed audience. If this is a cloud or server app and you want to accept authentication tokens from a client App Service app (the authentication token can be retrieved in the [X-MS-TOKEN-AAD-ID-TOKEN header](configure-authentication-oauth-tokens.md#retrieve-tokens-in-app-code)), add the **Application (client) ID** of the client app here. |
The client secret will be stored as a slot-sticky [application setting](./configure-common.md#configure-app-settings) named `MICROSOFT_PROVIDER_AUTHENTICATION_SECRET`. You can update that setting later to use [Key Vault references](./app-service-key-vault-references.md) if you wish to manage the secret in Azure Key Vault.
app-service Configure Common https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/app-service/configure-common.md
App settings are always encrypted when stored (encrypted-at-rest).
# [Azure CLI](#tab/cli)
-Add or edit an app setting with [az webapp config app settings set](/cli/azure/webapp/config/appsettings#az_webapp_config_appsettings_set):
+Add or edit an app setting with [az webapp config app settings set](/cli/azure/webapp/config/appsettings#az-webapp-config-appsettings-set):
```azurecli-interactive az webapp config appsettings set --name <app-name> --resource-group <group-name> --settings <setting-name>="<value>"
az webapp config appsettings set --name <app-name> --resource-group <group-name>
Replace `<setting-name>` with the name of the setting, and `<value>` with the value to assign to it.
-Show all settings and their values with [az webapp config appsettings list](/cli/azure/webapp/config/appsettings#az_webapp_config_appsettings_list):
+Show all settings and their values with [az webapp config appsettings list](/cli/azure/webapp/config/appsettings#az-webapp-config-appsettings-list):
```azurecli-interactive az webapp config appsettings list --name <app-name> --resource-group <group-name> ```
-Remove one or more settings with [az webapp config app settings delete](/cli/azure/webapp/config/appsettings#az_webapp_config_appsettings_delete):
+Remove one or more settings with [az webapp config app settings delete](/cli/azure/webapp/config/appsettings#az-webapp-config-appsettings-delete):
```azurecli-interactive az webapp config appsettings delete --name <app-name> --resource-group <group-name> --setting-names {<setting-name1>,<setting-name2>,...}
App settings have the following JSON formatting:
# [Azure CLI](#tab/cli)
-Run [az webapp config app settings set](/cli/azure/webapp/config/appsettings#az_webapp_config_appsettings_set) with the name of the JSON file.
+Run [az webapp config app settings set](/cli/azure/webapp/config/appsettings#az-webapp-config-appsettings-set) with the name of the JSON file.
```azurecli-interactive az webapp config appsettings set --resource-group <group-name> --name <app-name> --settings "@fileName.json"
az webapp config appsettings set --resource-group <group-name> --name <app-name>
] ```
-For convenience, you can save existing settings into a JSON file with [az webapp config appsettings list](/cli/azure/webapp/config/appsettings#az_webapp_config_appsettings_list). The following example can be run in Bash.
+For convenience, you can save existing settings into a JSON file with [az webapp config appsettings list](/cli/azure/webapp/config/appsettings#az-webapp-config-appsettings-list). The following example can be run in Bash.
```azurecli-interactive # Save the settings
Connection strings are always encrypted when stored (encrypted-at-rest).
# [Azure CLI](#tab/cli)
-Add or edit an app setting with [az webapp config connection-string set](/cli/azure/webapp/config/connection-string#az_webapp_config_connection_string_set):
+Add or edit an app setting with [az webapp config connection-string set](/cli/azure/webapp/config/connection-string#az-webapp-config-connection-string-set):
```azurecli-interactive az webapp config connection-string set --name <app-name> --resource-group <group-name> --connection-string-type <type> --settings <string-name>='<value>' ```
-Replace `<string-name>` with the name of the connection string, and `<value>` with the value to assign to it. For possible values of `<type>` (for example, `SQLAzure`), see the [CLI command documentation](/cli/azure/webapp/config/connection-string#az_webapp_config_connection_string_set).
+Replace `<string-name>` with the name of the connection string, and `<value>` with the value to assign to it. For possible values of `<type>` (for example, `SQLAzure`), see the [CLI command documentation](/cli/azure/webapp/config/connection-string#az-webapp-config-connection-string-set).
-Show all connection strings and their values with [az webapp config connection-string list](/cli/azure/webapp/config/connection-string#az_webapp_config_connection_string_list):
+Show all connection strings and their values with [az webapp config connection-string list](/cli/azure/webapp/config/connection-string#az-webapp-config-connection-string-list):
```azurecli-interactive az webapp config connection-string list --name <app-name> --resource-group <group-name> ```
-Remove one or more connection strings with [az webapp config connection-string delete](/cli/azure/webapp/config/appsettings#az_webapp_config_appsettings_delete):
+Remove one or more connection strings with [az webapp config connection-string delete](/cli/azure/webapp/config/appsettings#az-webapp-config-appsettings-delete):
```azurecli-interactive az webapp config connection-string delete --name <app-name> --resource-group <group-name> --setting-names {<string-name1>,<string-name2>,...}
Connection strings have the following JSON formatting:
# [Azure CLI](#tab/cli)
-Run [az webapp config connection-string set](/cli/azure/webapp/config/connection-string#az_webapp_config_connection_string_set) with the name of the JSON file.
+Run [az webapp config connection-string set](/cli/azure/webapp/config/connection-string#az-webapp-config-connection-string-set) with the name of the JSON file.
```azurecli-interactive az webapp config connection-string set --resource-group <group-name> --name <app-name> --settings "@fileName.json"
The file format needed is a JSON array of connection strings where the slot sett
] ```
-For convenience, you can save existing connection strings into a JSON file with [az webapp config connection-string list](/cli/azure/webapp/config/connection-string#az_webapp_config_connection_string_list). The following example can be run in Bash.
+For convenience, you can save existing connection strings into a JSON file with [az webapp config connection-string list](/cli/azure/webapp/config/connection-string#az-webapp-config-connection-string-list). The following example can be run in Bash.
```azurecli-interactive # Save the connection strings
Here, you can configure some common settings for the app. Some settings require
![General settings for Linux containers](./media/configure-common/open-general-linux.png) - **Platform settings**: Lets you configure settings for the hosting platform, including:
+ - **FTP state**: Allow only FTPS or disable FTP altogether.
- **Bitness**: 32-bit or 64-bit. (Defaults to 32-bit for App Service created in the portal.) - **WebSocket protocol**: For [ASP.NET SignalR] or [socket.io](https://socket.io/), for example. - **Always On**: Keeps the app loaded even when there's no traffic. When **Always On** is not turned on (default), the app is unloaded after 20 minutes without any incoming requests. The unloaded app can cause high latency for new requests because of its warm-up time. When **Always On** is turned on, the front-end load balancer sends a GET request to the application root every five minutes. The continuous ping prevents the app from being unloaded.
Here, you can configure some common settings for the app. Some settings require
# [Azure CLI](#tab/cli)
-You can set many of the common configurable options using [az webapp config set](/cli/azure/webapp/config#az_webapp_config_set). The following example shows a subset of the configurable options.
+You can set many of the common configurable options using [az webapp config set](/cli/azure/webapp/config#az-webapp-config-set). The following example shows a subset of the configurable options.
```azurecli-interactive az webapp config set --resource-group <group-name> --name <app-name> --use-32bit-worker-process [true|false] --web-sockets-enabled [true|false] --always-on [true|false]--http20-enabled --auto-heal-enabled [true|false] --remote-debugging-enabled [true|false] --number-of-workers ```
-To show the existing settings, use the [az webapp config show](/cli/azure/webapp/config#az_webapp_config_show) command.
+To show the existing settings, use the [az webapp config show](/cli/azure/webapp/config#az-webapp-config-show) command.
# [Azure PowerShell](#tab/ps)
The default document is the web page that's displayed at the root URL of an App
# [Azure CLI](#tab/cli)
-Add a default document by using [az resource update](/cli/azure/resource#az_resource_update):
+Add a default document by using [az resource update](/cli/azure/resource#az-resource-update):
```azurecli-interactive az resource update --resource-group <group-name> --resource-type "Microsoft.Web/sites/config" --name <app-name>/config/web --add properties.defaultDocuments <filename>
app-service Configure Connect To Azure Storage https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/app-service/configure-connect-to-azure-storage.md
The following features are supported for Linux containers:
# [Azure CLI](#tab/cli)
-Use the [`az webapp config storage-account add`](/cli/azure/webapp/config/storage-account#az_webapp_config_storage_account_add) command. For example:
+Use the [`az webapp config storage-account add`](/cli/azure/webapp/config/storage-account#az-webapp-config-storage-account-add) command. For example:
```azurecli-interactive az webapp config storage-account add --resource-group <group-name> --name <app-name> --custom-id <custom-id> --storage-type AzureFiles --share-name <share-name> --account-name <storage-account-name> --access-key "<access-key>" --mount-path <mount-path-directory>
app-service Configure Custom Container https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/app-service/configure-custom-container.md
For *\<username>* and *\<password>*, supply the login credentials for your priva
Use the following steps to configure your web app to pull from ACR using managed identity. The steps will use system-assigned managed identity, but you can use user-assigned managed identity as well.
-1. Enable [the system-assigned managed identity](./overview-managed-identity.md) for the web app by using the [`az webapp identity assign`](/cli/azure/webapp/identity#az_webapp_identity-assign) command:
+1. Enable [the system-assigned managed identity](./overview-managed-identity.md) for the web app by using the [`az webapp identity assign`](/cli/azure/webapp/identity#az-webapp-identity-assign) command:
```azurecli-interactive az webapp identity assign --resource-group <group-name> --name <app-name> --query principalId --output tsv
SSH enables secure communication between a container and a client. In order for
Multi-container apps like WordPress need persistent storage to function properly. To enable it, your Docker Compose configuration must point to a storage location *outside* your container. Storage locations inside your container don't persist changes beyond app restart.
-Enable persistent storage by setting the `WEBSITES_ENABLE_APP_SERVICE_STORAGE` app setting, using the [az webapp config appsettings set](/cli/azure/webapp/config/appsettings#az_webapp_config_appsettings_set) command in [Cloud Shell](https://shell.azure.com).
+Enable persistent storage by setting the `WEBSITES_ENABLE_APP_SERVICE_STORAGE` app setting, using the [az webapp config appsettings set](/cli/azure/webapp/config/appsettings#az-webapp-config-appsettings-set) command in [Cloud Shell](https://shell.azure.com).
```azurecli-interactive az webapp config appsettings set --resource-group <group-name> --name <app-name> --settings WEBSITES_ENABLE_APP_SERVICE_STORAGE=TRUE
app-service Configure Encrypt At Rest Using Cmk https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/app-service/configure-encrypt-at-rest-using-cmk.md
Adding this application setting causes your web app to restart. After the app ha
Now you can replace the value of the `WEBSITE_RUN_FROM_PACKAGE` application setting with a Key Vault reference to the SAS-encoded URL. This keeps the SAS URL encrypted in Key Vault, which provides an extra layer of security.
-1. Use the following [`az keyvault create`](/cli/azure/keyvault#az_keyvault_create) command to create a Key Vault instance.
+1. Use the following [`az keyvault create`](/cli/azure/keyvault#az-keyvault-create) command to create a Key Vault instance.
```azurecli az keyvault create --name "Contoso-Vault" --resource-group <group-name> --location eastus
Now you can replace the value of the `WEBSITE_RUN_FROM_PACKAGE` application sett
1. Follow [these instructions to grant your app access](app-service-key-vault-references.md#granting-your-app-access-to-key-vault) to your key vault:
-1. Use the following [`az keyvault secret set`](/cli/azure/keyvault/secret#az_keyvault_secret_set) command to add your external URL as a secret in your key vault:
+1. Use the following [`az keyvault secret set`](/cli/azure/keyvault/secret#az-keyvault-secret-set) command to add your external URL as a secret in your key vault:
```azurecli az keyvault secret set --vault-name "Contoso-Vault" --name "external-url" --value "<SAS-URL>" ```
-1. Use the following [`az webapp config appsettings set`](/cli/azure/webapp/config/appsettings#az_webapp_config_appsettings_set) command to create the `WEBSITE_RUN_FROM_PACKAGE` application setting with the value as a Key Vault reference to the external URL:
+1. Use the following [`az webapp config appsettings set`](/cli/azure/webapp/config/appsettings#az-webapp-config-appsettings-set) command to create the `WEBSITE_RUN_FROM_PACKAGE` application setting with the value as a Key Vault reference to the external URL:
```azurecli az webapp config appsettings set --settings WEBSITE_RUN_FROM_PACKAGE="@Microsoft.KeyVault(SecretUri=https://Contoso-Vault.vault.azure.net/secrets/external-url/<secret-version>"
app-service Configure Language Java https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/app-service/configure-language-java.md
Use [FTPS](deploy-ftp.md) to download your JFR file to your local machine. To an
::: zone pivot="platform-windows"
-Enable [application logging](troubleshoot-diagnostic-logs.md#enable-application-logging-windows) through the Azure portal or [Azure CLI](/cli/azure/webapp/log#az_webapp_log_config) to configure App Service to write your application's standard console output and standard console error streams to the local filesystem or Azure Blob Storage. Logging to the local App Service filesystem instance is disabled 12 hours after it is configured. If you need longer retention, configure the application to write output to a Blob storage container. Your Java and Tomcat app logs can be found in the */home/LogFiles/Application/* directory.
+Enable [application logging](troubleshoot-diagnostic-logs.md#enable-application-logging-windows) through the Azure portal or [Azure CLI](/cli/azure/webapp/log#az-webapp-log-config) to configure App Service to write your application's standard console output and standard console error streams to the local filesystem or Azure Blob Storage. Logging to the local App Service filesystem instance is disabled 12 hours after it is configured. If you need longer retention, configure the application to write output to a Blob storage container. Your Java and Tomcat app logs can be found in the */home/LogFiles/Application/* directory.
::: zone-end ::: zone pivot="platform-linux"
-Enable [application logging](troubleshoot-diagnostic-logs.md#enable-application-logging-linuxcontainer) through the Azure portal or [Azure CLI](/cli/azure/webapp/log#az_webapp_log_config) to configure App Service to write your application's standard console output and standard console error streams to the local filesystem or Azure Blob Storage. If you need longer retention, configure the application to write output to a Blob storage container. Your Java and Tomcat app logs can be found in the */home/LogFiles/Application/* directory.
+Enable [application logging](troubleshoot-diagnostic-logs.md#enable-application-logging-linuxcontainer) through the Azure portal or [Azure CLI](/cli/azure/webapp/log#az-webapp-log-config) to configure App Service to write your application's standard console output and standard console error streams to the local filesystem or Azure Blob Storage. If you need longer retention, configure the application to write output to a Blob storage container. Your Java and Tomcat app logs can be found in the */home/LogFiles/Application/* directory.
Azure Blob Storage logging for Linux based App Services can only be configured using [Azure Monitor](./troubleshoot-diagnostic-logs.md#send-logs-to-azure-monitor)
app-service Configure Language Nodejs https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/app-service/configure-language-nodejs.md
If you deploy your files by using Git, or by using ZIP deployment [with build au
The generated *web.config* is tailored to the detected start script. For other deployment methods, add this *web.config* manually. Make sure the file is formatted properly.
-If you use [ZIP deployment](deploy-zip.md) (through Visual Studio Code, for example), be sure to [enable build automation](deploy-zip.md#enable-build-automation-for-zip-deploy) because it's not enabled by default. [`az webapp up`](/cli/azure/webapp#az_webapp_up) uses ZIP deployment with build automation enabled.
+If you use [ZIP deployment](deploy-zip.md) (through Visual Studio Code, for example), be sure to [enable build automation](deploy-zip.md#enable-build-automation-for-zip-deploy) because it's not enabled by default. [`az webapp up`](/cli/azure/webapp#az-webapp-up) uses ZIP deployment with build automation enabled.
::: zone-end
app-service Configure Language Php https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/app-service/configure-language-php.md
getenv("DB_HOST")
The web framework of your choice may use a subdirectory as the site root. For example, [Laravel](https://laravel.com/), uses the *public/* subdirectory as the site root.
-To customize the site root, set the virtual application path for the app by using the [`az resource update`](/cli/azure/resource#az_resource_update) command. The following example sets the site root to the *public/* subdirectory in your repository.
+To customize the site root, set the virtual application path for the app by using the [`az resource update`](/cli/azure/resource#az-resource-update) command. The following example sets the site root to the *public/* subdirectory in your repository.
```azurecli-interactive az resource update --name web --resource-group <group-name> --namespace Microsoft.Web --resource-type config --parent sites/<app-name> --set properties.virtualApplications[0].physicalPath="site\wwwroot\public" --api-version 2015-06-01
app-service Configure Language Python https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/app-service/configure-language-python.md
Last updated 06/11/2021
ms.devlang: python
+adobe-target: true
# Configure a Linux Python app for Azure App Service
You can use either the [Azure portal](https://portal.azure.com) or the Azure CLI
- **Azure CLI**: you have two options. - Run commands in the [Azure Cloud Shell](../cloud-shell/overview.md).
- - Run commands locally by installing the latest version of the [Azure CLI](/cli/azure/install-azure-cli), then sign in to Azure using [az login](/cli/azure/reference-index#az_login).
+ - Run commands locally by installing the latest version of the [Azure CLI](/cli/azure/install-azure-cli), then sign in to Azure using [az login](/cli/azure/reference-index#az-login).
> [!NOTE] > Linux is currently the recommended option for running Python apps in App Service. For information on the Windows option, see [Python on the Windows flavor of App Service](/visualstudio/python/managing-python-on-azure-app-service).
You can use either the [Azure portal](https://portal.azure.com) or the Azure CLI
- **Azure CLI**:
- - Show the current Python version with [az webapp config show](/cli/azure/webapp/config#az_webapp_config_show):
+ - Show the current Python version with [az webapp config show](/cli/azure/webapp/config#az-webapp-config-show):
```azurecli az webapp config show --resource-group <resource-group-name> --name <app-name> --query linuxFxVersion
You can use either the [Azure portal](https://portal.azure.com) or the Azure CLI
Replace `<resource-group-name>` and `<app-name>` with the names appropriate for your web app.
- - Set the Python version with [az webapp config set](/cli/azure/webapp/config#az_webapp_config_set)
+ - Set the Python version with [az webapp config set](/cli/azure/webapp/config#az-webapp-config-set)
```azurecli az webapp config set --resource-group <resource-group-name> --name <app-name> --linux-fx-version "PYTHON|3.7" ```
- - Show all Python versions that are supported in Azure App Service with [az webapp list-runtimes](/cli/azure/webapp#az_webapp_list_runtimes):
+ - Show all Python versions that are supported in Azure App Service with [az webapp list-runtimes](/cli/azure/webapp#az-webapp-list-runtimes):
```azurecli az webapp list-runtimes --os linux | grep PYTHON
To specify a startup command or command file:
- **Azure portal**: select the app's **Configuration** page, then select **General settings**. In the **Startup Command** field, place either the full text of your startup command or the name of your startup command file. Then select **Save** to apply the changes. See [Configure general settings](configure-common.md#configure-general-settings) for Linux containers. -- **Azure CLI**: use the [az webapp config set](/cli/azure/webapp/config#az_webapp_config_set) command with the `--startup-file` parameter to set the startup command or file:
+- **Azure CLI**: use the [az webapp config set](/cli/azure/webapp/config#az-webapp-config-set) command with the `--startup-file` parameter to set the startup command or file:
```azurecli az webapp config set --resource-group <resource-group-name> --name <app-name> --startup-file "<custom-command>"
app-service Configure Linux Open Ssh Session https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/app-service/configure-linux-open-ssh-session.md
Using TCP tunneling you can create a network connection between your development
To get started, you need to install [Azure CLI](/cli/azure/install-azure-cli). To see how it works without installing Azure CLI, open [Azure Cloud Shell](../cloud-shell/overview.md).
-Open a remote connection to your app using the [az webapp create-remote-connection](/cli/azure/webapp#az_webapp_create_remote_connection) command. Specify _\<subscription-id>_, _\<group-name>_ and _\<app-name>_ for your app.
+Open a remote connection to your app using the [az webapp create-remote-connection](/cli/azure/webapp#az-webapp-create-remote-connection) command. Specify _\<subscription-id>_, _\<group-name>_ and _\<app-name>_ for your app.
```azurecli-interactive az webapp create-remote-connection --subscription <subscription-id> --resource-group <resource-group-name> -n <app-name> &
app-service Deploy Ci Cd Custom Container https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/app-service/deploy-ci-cd-custom-container.md
You can customize the GitHub Actions build provider in the following ways:
This optional configuration replaces the default authentication with publishing profiles in the generated workflow file.
-**Generate** a service principal with the [az ad sp create-for-rbac](/cli/azure/ad/sp#az_ad_sp_create_for_rbac) command in the [Azure CLI](/cli/azure/). In the following example, replace *\<subscription-id>*, *\<group-name>*, and *\<app-name>* with your own values. **Save** the entire JSON output for the next step, including the top-level `{}`.
+**Generate** a service principal with the [az ad sp create-for-rbac](/cli/azure/ad/sp#az-ad-sp-create-for-rbac) command in the [Azure CLI](/cli/azure/). In the following example, replace *\<subscription-id>*, *\<group-name>*, and *\<app-name>* with your own values. **Save** the entire JSON output for the next step, including the top-level `{}`.
```azurecli-interactive az ad sp create-for-rbac --name "myAppDeployAuth" --role contributor \
In the workflow file generated by the **Deployment Center**, **revise** the `azu
## Automate with CLI
-To configure the container registry and the Docker image, **run** [az webapp config container set](/cli/azure/webapp/config/container#az_webapp_config_container_set).
+To configure the container registry and the Docker image, **run** [az webapp config container set](/cli/azure/webapp/config/container#az-webapp-config-container-set).
# [Azure Container Registry](#tab/acr)
az webapp config container set --name <app-name> --resource-group <group-name> -
-- ::: zone pivot="container-linux"
-To configure a multi-container (Docker Compose) app, **prepare** a Docker Compose file locally, then **run** [az webapp config container set](/cli/azure/webapp/config/container#az_webapp_config_container_set) with the `--multicontainer-config-file` parameter. If your Docker Compose file contains private images, **add** `--docker-registry-server-*` parameters as shown in the previous example.
+To configure a multi-container (Docker Compose) app, **prepare** a Docker Compose file locally, then **run** [az webapp config container set](/cli/azure/webapp/config/container#az-webapp-config-container-set) with the `--multicontainer-config-file` parameter. If your Docker Compose file contains private images, **add** `--docker-registry-server-*` parameters as shown in the previous example.
```azurecli-interactive az webapp config container set --resource-group <group-name> --name <app-name> --multicontainer-config-file <docker-compose-file> ``` ::: zone-end
-To configure CI/CD from the container registry to your app, **run** [az webapp deployment container config](/cli/azure/webapp/deployment/container#az_webapp_deployment-container-config) with the `--enable-cd` parameter. The command outputs the webhook URL, but you must create the webhook in your registry manually in a separate step. The following example enables CI/CD on your app, then uses the webhook URL in the output to create the webhook in Azure Container Registry.
+To configure CI/CD from the container registry to your app, **run** [az webapp deployment container config](/cli/azure/webapp/deployment/container#az-webapp-deployment-container-config) with the `--enable-cd` parameter. The command outputs the webhook URL, but you must create the webhook in your registry manually in a separate step. The following example enables CI/CD on your app, then uses the webhook URL in the output to create the webhook in Azure Container Registry.
```azurecli-interactive ci_cd_url=$(az webapp deployment container config --name <app-name> --resource-group <group-name> --enable-cd true --query CI_CD_URL --output tsv)
app-service Deploy Configure Credentials https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/app-service/deploy-configure-credentials.md
and [FTP/S deployment](deploy-ftp.md). These credentials are not the same as you
# [Azure CLI](#tab/cli)
-Run the [az webapp deployment user set](/cli/azure/webapp/deployment/user#az_webapp_deployment_user_set) command. Replace \<username> and \<password> with a deployment user username and password.
+Run the [az webapp deployment user set](/cli/azure/webapp/deployment/user#az-webapp-deployment-user-set) command. Replace \<username> and \<password> with a deployment user username and password.
- The username must be unique within Azure, and for local Git pushes, must not contain the ΓÇÿ@ΓÇÖ symbol. - The password must be at least eight characters long, with two of the following three elements: letters, numbers, and symbols.
Since user-scope credentials are linked to the user and not a specific resource,
# [Azure CLI](#tab/cli)
-Get the application-scope credentials using the [az webapp deployment list-publishing-profiles](/cli/azure/webapp/deployment#az_webapp_deployment_list_publishing_profiles) command. For example:
+Get the application-scope credentials using the [az webapp deployment list-publishing-profiles](/cli/azure/webapp/deployment#az-webapp-deployment-list-publishing-profiles) command. For example:
```azurecli-interactive az webapp deployment list-publishing-profiles --resource-group <group-name> --name <app-name> ```
-For [local Git deployment](deploy-local-git.md), you can also use the [az webapp deployment list-publishing-credentials](/cli/azure/webapp/deployment#az_webapp_deployment_list_publishing_credentials) command to get a Git remote URI for your app, with the application-scope credentials already embedded. For example:
+For [local Git deployment](deploy-local-git.md), you can also use the [az webapp deployment list-publishing-credentials](/cli/azure/webapp/deployment#az-webapp-deployment-list-publishing-credentials) command to get a Git remote URI for your app, with the application-scope credentials already embedded. For example:
```azurecli-interactive az webapp deployment list-publishing-credentials --resource-group <group-name> --name <app-name> --query scmUri
Get-AzWebAppPublishingProfile -ResourceGroupName <group-name> -Name <app-name>
# [Azure CLI](#tab/cli)
-Reset the application-scope credentials using the [az resource invoke-action](/cli/azure/resource#az_resource_invoke_action) command:
+Reset the application-scope credentials using the [az resource invoke-action](/cli/azure/resource#az-resource-invoke-action) command:
```azurecli-interactive az resource invoke-action --action newpassword --resource-group <group-name> --name <app-name> --resource-type Microsoft.Web/sites
app-service Deploy Container Github Action https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/app-service/deploy-container-github-action.md
A publish profile is an app-level credential. Set up your publish profile as a G
# [Service principal](#tab/service-principal)
-You can create a [service principal](../active-directory/develop/app-objects-and-service-principals.md#service-principal-object) with the [az ad sp create-for-rbac](/cli/azure/ad/sp#az_ad_sp_create_for_rbac) command in the [Azure CLI](/cli/azure/). Run this command with [Azure Cloud Shell](https://shell.azure.com/) in the Azure portal or by selecting the **Try it** button.
+You can create a [service principal](../active-directory/develop/app-objects-and-service-principals.md#service-principal-object) with the [az ad sp create-for-rbac](/cli/azure/ad/sp#az-ad-sp-create-for-rbac) command in the [Azure CLI](/cli/azure/). Run this command with [Azure Cloud Shell](https://shell.azure.com/) in the Azure portal or by selecting the **Try it** button.
```azurecli-interactive az ad sp create-for-rbac --name "myApp" --role contributor \
app-service Deploy Continuous Deployment https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/app-service/deploy-continuous-deployment.md
You can customize the GitHub Actions build provider in these ways:
This optional configuration replaces the default authentication with publishing profiles in the generated workflow file.
-1. Generate a service principal by using the [az ad sp create-for-rbac](/cli/azure/ad/sp#az_ad_sp_create_for_rbac) command in the [Azure CLI](/cli/azure/). In the following example, replace \<subscription-id>, \<group-name>, and \<app-name> with your own values:
+1. Generate a service principal by using the [az ad sp create-for-rbac](/cli/azure/ad/sp#az-ad-sp-create-for-rbac) command in the [Azure CLI](/cli/azure/). In the following example, replace \<subscription-id>, \<group-name>, and \<app-name> with your own values:
```azurecli-interactive az ad sp create-for-rbac --name "myAppDeployAuth" --role contributor \
app-service Deploy Ftp https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/app-service/deploy-ftp.md
In the same management page for your app where you copied the deployment credent
# [Azure CLI](#tab/cli)
-Run the [az webapp deployment list-publishing-profiles](/cli/azure/webapp/deployment#az_webapp_deployment_list_publishing_profiles) command. The following example uses a [JMES path](https://jmespath.org/) to extract the FTP/S endpoints from the output.
+Run the [az webapp deployment list-publishing-profiles](/cli/azure/webapp/deployment#az-webapp-deployment-list-publishing-profiles) command. The following example uses a [JMES path](https://jmespath.org/) to extract the FTP/S endpoints from the output.
```azurecli-interactive az webapp deployment list-publishing-profiles --name <app-name> --resource-group <group-name> --query "[?ends_with(profileName, 'FTP')].{profileName: profileName, publishUrl: publishUrl}"
For enhanced security, you should allow FTP over TLS/SSL only. You can also disa
# [Azure CLI](#tab/cli)
-Run the [az webapp config set](/cli/azure/webapp/deployment#az_webapp_deployment_list_publishing_profiles) command with the `--ftps-state` argument.
+Run the [az webapp config set](/cli/azure/webapp/deployment#az-webapp-deployment-list-publishing-profiles) command with the `--ftps-state` argument.
```azurecli-interactive az webapp config set --name <app-name> --resource-group <group-name> --ftps-state FtpsOnly
app-service Deploy Github Actions https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/app-service/deploy-github-actions.md
A publish profile is an app-level credential. Set up your publish profile as a G
# [Service principal](#tab/userlevel)
-You can create a [service principal](../active-directory/develop/app-objects-and-service-principals.md#service-principal-object) with the [az ad sp create-for-rbac](/cli/azure/ad/sp#az_ad_sp_create_for_rbac) command in the [Azure CLI](/cli/azure/). Run this command with [Azure Cloud Shell](https://shell.azure.com/) in the Azure portal or by selecting the **Try it** button.
+You can create a [service principal](../active-directory/develop/app-objects-and-service-principals.md#service-principal-object) with the [az ad sp create-for-rbac](/cli/azure/ad/sp#az-ad-sp-create-for-rbac) command in the [Azure CLI](/cli/azure/). Run this command with [Azure Cloud Shell](https://shell.azure.com/) in the Azure portal or by selecting the **Try it** button.
```azurecli-interactive az ad sp create-for-rbac --name "myApp" --role contributor \
app-service Deploy Local Git https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/app-service/deploy-local-git.md
If you already have an App Service app and want to configure local Git deploymen
# [Azure CLI](#tab/cli)
-Run [`az webapp create`](/cli/azure/webapp#az_webapp_create) with the `--deployment-local-git` option. For example:
+Run [`az webapp create`](/cli/azure/webapp#az-webapp-create) with the `--deployment-local-git` option. For example:
```azurecli-interactive az webapp create --resource-group <group-name> --plan <plan-name> --name <app-name> --runtime "<runtime-flag>" --deployment-local-git
If you haven't created an app yet, see [Create a Git enabled app](#create-a-git-
# [Azure CLI](#tab/cli)
-Run [`az webapp deployment source config-local-git`](/cli/azure/webapp/deployment/source#az_webapp_deployment_source_config_local_git). For example:
+Run [`az webapp deployment source config-local-git`](/cli/azure/webapp/deployment/source#az-webapp-deployment-source-config-local-git). For example:
```azurecli-interactive az webapp deployment source config-local-git --name <app-name> --resource-group <group-name>
app-service Deploy Run Package https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/app-service/deploy-run-package.md
az webapp config appsettings set --resource-group <group-name> --name <app-name>
## Run the package
-The easiest way to run a package in your App Service is with the Azure CLI [az webapp deployment source config-zip](/cli/azure/webapp/deployment/source#az_webapp_deployment_source_config_zip) command. For example:
+The easiest way to run a package in your App Service is with the Azure CLI [az webapp deployment source config-zip](/cli/azure/webapp/deployment/source#az-webapp-deployment-source-config-zip) command. For example:
```azurecli-interactive az webapp deployment source config-zip --resource-group <group-name> --name <app-name> --src <filename>.zip
app-service Deploy Staging Slots https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/app-service/deploy-staging-slots.md
After the setting is saved, the specified percentage of clients is randomly rout
After a client is automatically routed to a specific slot, it's "pinned" to that slot for the life of that client session. On the client browser, you can see which slot your session is pinned to by looking at the `x-ms-routing-name` cookie in your HTTP headers. A request that's routed to the "staging" slot has the cookie `x-ms-routing-name=staging`. A request that's routed to the production slot has the cookie `x-ms-routing-name=self`. > [!NOTE]
- > You can also use the [`az webapp traffic-routing set`](/cli/azure/webapp/traffic-routing#az_webapp_traffic_routing_set) command in the Azure CLI to set the routing percentages from CI/CD tools like GitHub Actions, DevOps pipelines, or other automation systems.
+ > You can also use the [`az webapp traffic-routing set`](/cli/azure/webapp/traffic-routing#az-webapp-traffic-routing-set) command in the Azure CLI to set the routing percentages from CI/CD tools like GitHub Actions, DevOps pipelines, or other automation systems.
### Route production traffic manually
app-service Deploy Zip https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/app-service/deploy-zip.md
For more information, see [Kudu documentation](https://github.com/projectkudu/ku
# [Azure CLI](#tab/cli)
-Deploy a ZIP package to your web app by using the [az webapp deploy](/cli/azure/webapp#az_webapp_deploy) command. The CLI command uses the [Kudu publish API](#kudu-publish-api-reference) to deploy the files and can be fully customized.
+Deploy a ZIP package to your web app by using the [az webapp deploy](/cli/azure/webapp#az-webapp-deploy) command. The CLI command uses the [Kudu publish API](#kudu-publish-api-reference) to deploy the files and can be fully customized.
The following example pushes a ZIP package to your site. Specify the path to your local ZIP package for `--src-path`.
The deployment process places the package on the shared file drive correctly (se
# [Azure CLI](#tab/cli)
-Deploy a WAR package to Tomcat or JBoss EAP by using the [az webapp deploy](/cli/azure/webapp#az_webapp_deploy) command. Specify the path to your local Java package for `--src-path`.
+Deploy a WAR package to Tomcat or JBoss EAP by using the [az webapp deploy](/cli/azure/webapp#az-webapp-deploy) command. Specify the path to your local Java package for `--src-path`.
```azurecli-interactive az webapp deploy --resource-group <group-name> --name <app-name> --src-path ./<package-name>.war
The Kudu UI does not support deploying JAR, WAR, or EAR applications. Please use
# [Azure CLI](#tab/cli)
-Deploy a startup script, library, and static file to your web app by using the [az webapp deploy](/cli/azure/webapp#az_webapp_deploy) command with the `--type` parameter.
+Deploy a startup script, library, and static file to your web app by using the [az webapp deploy](/cli/azure/webapp#az-webapp-deploy) command with the `--type` parameter.
If you deploy a startup script this way, App Service automatically uses your script to start your app.
app-service Overview https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/app-service/overview.md
App Service can also host web apps natively on Linux for supported application s
### Built-in languages and frameworks
-App Service on Linux supports a number of language specific built-in images. Just deploy your code. Supported languages include: Node.js, Java (JRE 8 & JRE 11), PHP, Python, .NET Core, and Ruby. Run [`az webapp list-runtimes --linux`](/cli/azure/webapp#az_webapp_list_runtimes) to view the latest languages and supported versions. If the runtime your application requires is not supported in the built-in images, you can deploy it with a custom container.
+App Service on Linux supports a number of language specific built-in images. Just deploy your code. Supported languages include: Node.js, Java (JRE 8 & JRE 11), PHP, Python, .NET Core, and Ruby. Run [`az webapp list-runtimes --linux`](/cli/azure/webapp#az-webapp-list-runtimes) to view the latest languages and supported versions. If the runtime your application requires is not supported in the built-in images, you can deploy it with a custom container.
Outdated runtimes are periodically removed from the Web Apps Create and Configuration blades in the Portal. These runtimes are hidden from the Portal when they are deprecated by the maintaining organization or found to have significant vulnerabilities. These options are hidden to guide customers to the latest runtimes where they will be the most successful.
app-service Quickstart Arc https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/app-service/quickstart-arc.md
You can learn more about log queries in [getting started with Kusto](../azure-mo
## (Optional) Deploy a custom container
-To create a custom containerized app, run [az webapp create](/cli/azure/webapp#az_webapp_create) with `--deployment-container-image-name`. For a private repository, add `--docker-registry-server-user` and `--docker-registry-server-password`.
+To create a custom containerized app, run [az webapp create](/cli/azure/webapp#az-webapp-create) with `--deployment-container-image-name`. For a private repository, add `--docker-registry-server-user` and `--docker-registry-server-password`.
For example, try:
app-service Quickstart Arm Template Uiex https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/app-service/quickstart-arm-template-uiex.md
az deployment group create --resource-group myResourceGroup --parameters webAppN
<ul> <li>Create a default <abbr title="A logical container for related Azure resources that you can manage as a unit.">resource group</abbr>.</li> <li>Create a default <abbr title="The plan that specifies the location, size, and features of the web server farm that hosts your app.">App Service plan</abbr>.</li>
-<li><a href="/cli/azure/webapp#az_webapp_create">Create an <abbr title="The representation of your web app, which contains your app code, DNS hostnames, certificates, and related resources.">App Service app</abbr></a> with the specified name.</li>
+<li><a href="/cli/azure/webapp#az-webapp-create">Create an <abbr title="The representation of your web app, which contains your app code, DNS hostnames, certificates, and related resources.">App Service app</abbr></a> with the specified name.</li>
</ul> </details>
app-service Quickstart Dotnetcore Uiex https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/app-service/quickstart-dotnetcore-uiex.md
az login
<li>If the <code>az</code> command isn't recognized, be sure you have the Azure CLI installed as described in <a href="#1-prepare-your-environment">Prepare your environment</a>.</li> <li>Replace <code>&lt;app-name&gt;</code> with a name that's unique across all of Azure (<em>valid characters are <code>a-z</code>, <code>0-9</code>, and <code>-</code></em>). A good pattern is to use a combination of your company name and an app identifier.</li> <li>The <code>--sku F1</code> argument creates the web app on the Free pricing tier. Omit this argument to use a faster premium tier, which incurs an hourly cost.</li>
- <li>You can optionally include the argument <code>--location &lt;location-name&gt;</code> where <code>&lt;location-name&gt;</code> is an available Azure region. You can retrieve a list of allowable regions for your Azure account by running the <a href="/cli/azure/appservice#az_appservice_list_locations"><code>az account list-locations</code></a> command.</li>
+ <li>You can optionally include the argument <code>--location &lt;location-name&gt;</code> where <code>&lt;location-name&gt;</code> is an available Azure region. You can retrieve a list of allowable regions for your Azure account by running the <a href="/cli/azure/appservice#az-appservice-list-locations"><code>az account list-locations</code></a> command.</li>
</ul> </details>
az login
<ul> <li>Create a default resource group.</li> <li>Create a default App Service plan.</li>
- <li><a href="/cli/azure/webapp#az_webapp_create">Create an App Service app</a> with the specified name.</li>
+ <li><a href="/cli/azure/webapp#az-webapp-create">Create an App Service app</a> with the specified name.</li>
<li><a href="/azure/app-service/deploy-zip">Zip deploy</a> files from the current working directory to the app.</li> <li>While running, it provides messages about resource creation, logging, and ZIP deployment.</li> </ul>
app-service Quickstart Dotnetcore https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/app-service/quickstart-dotnetcore.md
Follow these steps to create your App Service resources and publish your project
:::zone target="docs" pivot="development-environment-cli" <!-- markdownlint-enable MD044 -->
-1. Sign into your Azure account by using the [`az login`](/cli/azure/reference-index#az_login) command and following the prompt:
+1. Sign into your Azure account by using the [`az login`](/cli/azure/reference-index#az-login) command and following the prompt:
```azurecli az login ```
-1. Deploy the code in your local *MyFirstAzureWebApp* directory using the [`az webapp up`](/cli/azure/webapp#az_webapp_up) command:
+1. Deploy the code in your local *MyFirstAzureWebApp* directory using the [`az webapp up`](/cli/azure/webapp#az-webapp-up) command:
```azurecli az webapp up --sku F1 --name <app-name> --os-type <os>
Follow these steps to create your App Service resources and publish your project
- Replace `<app-name>` with a name that's unique across all of Azure (*valid characters are `a-z`, `0-9`, and `-`*). A good pattern is to use a combination of your company name and an app identifier. - The `--sku F1` argument creates the web app on the **Free** [pricing tier][app-service-pricing-tier]. Omit this argument to use a faster premium tier, which incurs an hourly cost. - Replace `<os>` with either `linux` or `windows`. You must use `windows` when targeting *ASP.NET Framework 4.8*.
- - You can optionally include the argument `--location <location-name>` where `<location-name>` is an available Azure region. You can retrieve a list of allowable regions for your Azure account by running the [`az account list-locations`](/cli/azure/appservice#az_appservice_list_locations) command.
+ - You can optionally include the argument `--location <location-name>` where `<location-name>` is an available Azure region. You can retrieve a list of allowable regions for your Azure account by running the [`az account list-locations`](/cli/azure/appservice#az-appservice-list-locations) command.
The command might take a few minutes to complete. While running, it provides messages about creating the resource group, the App Service plan, and hosting app, configuring logging, then performing ZIP deployment. Then it shows a message with the app's URL:
app-service Quickstart Html Uiex https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/app-service/quickstart-html-uiex.md
The command may take a few minutes to complete.
<ul> <li>Create a default resource group.</li> <li>Create a default App Service plan.</li>
-<li><a href="/cli/azure/webapp#az_webapp_create">Create an App Service app</a> with the specified name.</li>
+<li><a href="/cli/azure/webapp#az-webapp-create">Create an App Service app</a> with the specified name.</li>
<li><a href="/azure/app-service/deploy-zip">Zip deploy</a> files from the current working directory to the app.</li> <li>While running, it provides messages about resource creation, logging, and ZIP deployment.</li> </ul>
app-service Quickstart Multi Container https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/app-service/quickstart-multi-container.md
cd multicontainerwordpress
[!INCLUDE [resource group intro text](../../includes/resource-group.md)]
-In the Cloud Shell, create a resource group with the [`az group create`](/cli/azure/group#az_group_create) command. The following example creates a resource group named *myResourceGroup* in the *South Central US* location. To see all supported locations for App Service on Linux in **Standard** tier, run the [`az appservice list-locations --sku S1 --linux-workers-enabled`](/cli/azure/appservice#az_appservice_list_locations) command.
+In the Cloud Shell, create a resource group with the [`az group create`](/cli/azure/group#az-group-create) command. The following example creates a resource group named *myResourceGroup* in the *South Central US* location. To see all supported locations for App Service on Linux in **Standard** tier, run the [`az appservice list-locations --sku S1 --linux-workers-enabled`](/cli/azure/appservice#az-appservice-list-locations) command.
```azurecli-interactive az group create --name myResourceGroup --location "South Central US"
When the command finishes, a JSON output shows you the resource group properties
## Create an Azure App Service plan
-In the Cloud Shell, create an App Service plan in the resource group with the [`az appservice plan create`](/cli/azure/appservice/plan#az_appservice_plan_create) command.
+In the Cloud Shell, create an App Service plan in the resource group with the [`az appservice plan create`](/cli/azure/appservice/plan#az-appservice-plan-create) command.
The following example creates an App Service plan named `myAppServicePlan` in the **Standard** pricing tier (`--sku S1`) and in a Linux container (`--is-linux`).
When the App Service plan has been created, the Azure CLI shows information simi
> [!NOTE] > Docker Compose on Azure App Services currently has a limit of 4,000 characters at this time.
-In your Cloud Shell terminal, create a multi-container [web app](overview.md#app-service-on-linux) in the `myAppServicePlan` App Service plan with the [az webapp create](/cli/azure/webapp#az_webapp_create) command. Don't forget to replace _\<app_name>_ with a unique app name (valid characters are `a-z`, `0-9`, and `-`).
+In your Cloud Shell terminal, create a multi-container [web app](overview.md#app-service-on-linux) in the `myAppServicePlan` App Service plan with the [az webapp create](/cli/azure/webapp#az-webapp-create) command. Don't forget to replace _\<app_name>_ with a unique app name (valid characters are `a-z`, `0-9`, and `-`).
```azurecli az webapp create --resource-group myResourceGroup --plan myAppServicePlan --name <app_name> --multicontainer-config-type compose --multicontainer-config-file compose-wordpress.yml
app-service Quickstart Nodejs https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/app-service/quickstart-nodejs.md
az webapp up --sku F1 --name <app-name> --os-type Windows
- If the `az` command isn't recognized, ensure you have the Azure CLI installed as described in [Set up your initial environment](#set-up-your-initial-environment). - Replace `<app_name>` with a name that's unique across all of Azure (*valid characters are `a-z`, `0-9`, and `-`*). A good pattern is to use a combination of your company name and an app identifier. - The `--sku F1` argument creates the web app on the Free pricing tier, which incurs a no cost.-- You can optionally include the argument `--location <location-name>` where `<location_name>` is an available Azure region. You can retrieve a list of allowable regions for your Azure account by running the [`az account list-locations`](/cli/azure/appservice#az_appservice_list_locations) command.
+- You can optionally include the argument `--location <location-name>` where `<location_name>` is an available Azure region. You can retrieve a list of allowable regions for your Azure account by running the [`az account list-locations`](/cli/azure/appservice#az-appservice-list-locations) command.
- The command creates a Linux app for Node.js by default. To create a Windows app instead, use the `--os-type` argument. - If you see the error, "Could not auto-detect the runtime stack of your app," ensure you're running the command in the *myExpressApp* directory (See [Troubleshooting auto-detect issues with az webapp up](https://github.com/Azure/app-service-linux-docs/blob/master/AzWebAppUP/runtime_detection.md)).
You can stream log output (calls to `console.log()`) from the Azure app directly
You can access the console logs generated from inside the app and the container in which it runs. Logs include any output generated by calls to `console.log()`.
-To stream logs, run the [az webapp log tail](/cli/azure/webapp/log#az_webapp_log_tail) command:
+To stream logs, run the [az webapp log tail](/cli/azure/webapp/log#az-webapp-log-tail) command:
```azurecli az webapp log tail
app-service Quickstart Php https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/app-service/quickstart-php.md
To complete this quickstart:
## Create a web app
-1. In the Cloud Shell, create a web app in the `myAppServicePlan` App Service plan with the [`az webapp create`](/cli/azure/webapp#az_webapp_create) command.
+1. In the Cloud Shell, create a web app in the `myAppServicePlan` App Service plan with the [`az webapp create`](/cli/azure/webapp#az-webapp-create) command.
- In the following example, replace `<app-name>` with a globally unique app name (valid characters are `a-z`, `0-9`, and `-`). The runtime is set to `PHP|7.4`. To see all supported runtimes, run [`az webapp list-runtimes`](/cli/azure/webapp#az_webapp_list_runtimes).
+ In the following example, replace `<app-name>` with a globally unique app name (valid characters are `a-z`, `0-9`, and `-`). The runtime is set to `PHP|7.4`. To see all supported runtimes, run [`az webapp list-runtimes`](/cli/azure/webapp#az-webapp-list-runtimes).
```azurecli-interactive az webapp create --resource-group myResourceGroup --plan myAppServicePlan --name <app-name> --runtime 'PHP|7.4' --deployment-local-git
app-service Quickstart Python 1 https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/app-service/quickstart-python-1.md
az webapp up --sku B1 --name <app-name>
- If the `webapp` command isn't recognized, because that your Azure CLI version is 2.0.80 or higher. If not, [install the latest version](/cli/azure/install-azure-cli). - Replace `<app_name>` with a name that's unique across all of Azure (*valid characters are `a-z`, `0-9`, and `-`*). A good pattern is to use a combination of your company name and an app identifier. - The `--sku B1` argument creates the web app on the Basic pricing tier, which incurs a small hourly cost. Omit this argument to use a faster premium tier.-- You can optionally include the argument `--location <location-name>` where `<location_name>` is an available Azure region. You can retrieve a list of allowable regions for your Azure account by running the [az account list-locations](/cli/azure/appservice#az_appservice_list_locations) command.
+- You can optionally include the argument `--location <location-name>` where `<location_name>` is an available Azure region. You can retrieve a list of allowable regions for your Azure account by running the [az account list-locations](/cli/azure/appservice#az-appservice-list-locations) command.
- If you see the error, "Could not auto-detect the runtime stack of your app," make sure you're running the command in the *python-docs-hello-world* folder (Flask) or the *python-docs-hello-django* folder (Django) that contains the *requirements.txt* file. (See [Troubleshooting auto-detect issues with az webapp up](https://github.com/Azure/app-service-linux-docs/blob/master/AzWebAppUP/runtime_detection.md) (GitHub).) The command may take a few minutes to complete. While running, it provides messages about creating the resource group, the App Service plan and hosting app, configuring logging, then performing ZIP deployment. It then gives the message, "You can launch the app at http://&lt;app-name&gt;.azurewebsites.net", which is the app's URL on Azure.
Once deployment is complete, switch back to the browser window open to `http://<
You can access the console logs generated from inside the app and the container in which it runs. Logs include any output generated using `print` statements.
-To stream logs, run the [az webapp log tail](/cli/azure/webapp/log#az_webapp_log_tail) command:
+To stream logs, run the [az webapp log tail](/cli/azure/webapp/log#az-webapp-log-tail) command:
```azurecli az webapp log tail
app-service Quickstart Python https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/app-service/quickstart-python.md
The contents of the App Service diagnostic logs can be reviewed in the Azure por
### [Azure CLI](#tab/azure-cli)
-First, you need to configure Azure App Service to output logs to the App Service filesystem using the [az webapp log config](/cli/azure/webapp/log#az_webapp_log_config) command.
+First, you need to configure Azure App Service to output logs to the App Service filesystem using the [az webapp log config](/cli/azure/webapp/log#az-webapp-log-config) command.
[!INCLUDE [CLI stream logs configure](<./includes/quickstart-python/stream-logs-cli-1.md>)]
-To stream logs, use the [az webapp log tail](/cli/azure/webapp/log#az_webapp_log_tail) command.
+To stream logs, use the [az webapp log tail](/cli/azure/webapp/log#az-webapp-log-tail) command.
[!INCLUDE [CLI stream logs tail](<./includes/quickstart-python/stream-logs-cli-2.md>)]
Follow these steps while signed-in to the Azure portal to delete a resource grou
### [Azure CLI](#tab/azure-cli)
-Delete the resource group by using the [az group delete](/cli/azure/group#az_group_delete) command.
+Delete the resource group by using the [az group delete](/cli/azure/group#az-group-delete) command.
```azurecli az group delete \
app-service Cli Backup Onetime https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/app-service/scripts/cli-backup-onetime.md
This script uses the following commands. Each command in the table links to comm
| Command | Notes | |||
-| [`az group create`](/cli/azure/group#az_group_create) | Creates a resource group in which all resources are stored. |
-| [`az storage account create`](/cli/azure/storage/account#az_storage_account_create) | Creates a storage account. |
-| [`az storage container create`](/cli/azure/storage/container#az_storage_container_create) | Creates an Azure storage container. |
-| [`az storage container generate-sas`](/cli/azure/storage/container#az_storage_container_generate_sas) | Generates an SAS token for an Azure storage container. |
-| [`az appservice plan create`](/cli/azure/appservice/plan#az_appservice_plan_create) | Creates an App Service plan. |
-| [`az webapp create`](/cli/azure/webapp#az_webapp_create) | Creates an App Service app. |
-| [`az webapp config backup create`](/cli/azure/webapp/config/backup#az_webapp_config_backup_create) | Creates a backup for an App Service app. |
-| [`az webapp config backup list`](/cli/azure/webapp/config/backup#az_webapp_config_backup_list) | Gets a list of backups for an App Service app. |
+| [`az group create`](/cli/azure/group#az-group-create) | Creates a resource group in which all resources are stored. |
+| [`az storage account create`](/cli/azure/storage/account#az-storage-account-create) | Creates a storage account. |
+| [`az storage container create`](/cli/azure/storage/container#az-storage-container-create) | Creates an Azure storage container. |
+| [`az storage container generate-sas`](/cli/azure/storage/container#az-storage-container-generate-sas) | Generates an SAS token for an Azure storage container. |
+| [`az appservice plan create`](/cli/azure/appservice/plan#az-appservice-plan-create) | Creates an App Service plan. |
+| [`az webapp create`](/cli/azure/webapp#az-webapp-create) | Creates an App Service app. |
+| [`az webapp config backup create`](/cli/azure/webapp/config/backup#az-webapp-config-backup-create) | Creates a backup for an App Service app. |
+| [`az webapp config backup list`](/cli/azure/webapp/config/backup#az-webapp-config-backup-list) | Gets a list of backups for an App Service app. |
## Next steps
app-service Cli Backup Restore https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/app-service/scripts/cli-backup-restore.md
This script uses the following commands. Each command in the table links to comm
| Command | Notes | |||
-| [`az webapp config backup list`](/cli/azure/webapp/config/backup#az_webapp_config_backup_list) | Gets a list of backups for a web app. |
-| [`az webapp config backup restore`](/cli/azure/webapp/config/backup#az_webapp_config_backup_restore) | Restores a web app from a backup. |
+| [`az webapp config backup list`](/cli/azure/webapp/config/backup#az-webapp-config-backup-list) | Gets a list of backups for a web app. |
+| [`az webapp config backup restore`](/cli/azure/webapp/config/backup#az-webapp-config-backup-restore) | Restores a web app from a backup. |
## Next steps
app-service Cli Backup Scheduled https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/app-service/scripts/cli-backup-scheduled.md
This script uses the following commands. Each command in the table links to comm
| Command | Notes | |||
-| [`az group create`](/cli/azure/group#az_group_create) | Creates a resource group in which all resources are stored. |
-| [`az storage account create`](/cli/azure/storage/account#az_storage_account_create) | Creates a storage account. |
-| [`az storage container create`](/cli/azure/storage/container#az_storage_container_create) | Creates an Azure storage container. |
-| [`az storage container generate-sas`](/cli/azure/storage/container#az_storage_container_generate_sas) | Generates an SAS token for an Azure storage container. |
-| [`az appservice plan create`](/cli/azure/appservice/plan#az_appservice_plan_create) | Creates an App Service plan. |
-| [`az webapp create`](/cli/azure/webapp#az_webapp_create) | Creates an App Service app. |
-| [`az webapp config backup update`](/cli/azure/webapp/config/backup#az_webapp_config_backup_update) | Configures a new backup schedule for an App Service app. |
-| [`az webapp config backup show`](/cli/azure/webapp/config/backup#az_webapp_config_backup_show) | Shows the backup schedule for an App Service app. |
-| [`az webapp config backup list`](/cli/azure/webapp/config/backup#az_webapp_config_backup_list) | Gets a list of backups for an App Service app. |
+| [`az group create`](/cli/azure/group#az-group-create) | Creates a resource group in which all resources are stored. |
+| [`az storage account create`](/cli/azure/storage/account#az-storage-account-create) | Creates a storage account. |
+| [`az storage container create`](/cli/azure/storage/container#az-storage-container-create) | Creates an Azure storage container. |
+| [`az storage container generate-sas`](/cli/azure/storage/container#az-storage-container-generate-sas) | Generates an SAS token for an Azure storage container. |
+| [`az appservice plan create`](/cli/azure/appservice/plan#az-appservice-plan-create) | Creates an App Service plan. |
+| [`az webapp create`](/cli/azure/webapp#az-webapp-create) | Creates an App Service app. |
+| [`az webapp config backup update`](/cli/azure/webapp/config/backup#az-webapp-config-backup-update) | Configures a new backup schedule for an App Service app. |
+| [`az webapp config backup show`](/cli/azure/webapp/config/backup#az-webapp-config-backup-show) | Shows the backup schedule for an App Service app. |
+| [`az webapp config backup list`](/cli/azure/webapp/config/backup#az-webapp-config-backup-list) | Gets a list of backups for an App Service app. |
## Next steps
app-service Cli Configure Custom Domain https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/app-service/scripts/cli-configure-custom-domain.md
This script uses the following commands. Each command in the table links to comm
| Command | Notes | |||
-| [`az group create`](/cli/azure/group#az_group_create) | Creates a resource group in which all resources are stored. |
-| [`az appservice plan create`](/cli/azure/appservice/plan#az_appservice_plan_create) | Creates an App Service plan. |
-| [`az webapp create`](/cli/azure/webapp#az_webapp_create) | Creates an App Service app. |
-| [`az webapp config hostname add`](/cli/azure/webapp/config/hostname#az_webapp_config_hostnam_eadd) | Maps a custom domain to an App Service app. |
+| [`az group create`](/cli/azure/group#az-group-create) | Creates a resource group in which all resources are stored. |
+| [`az appservice plan create`](/cli/azure/appservice/plan#az-appservice-plan-create) | Creates an App Service plan. |
+| [`az webapp create`](/cli/azure/webapp#az-webapp-create) | Creates an App Service app. |
+| [`az webapp config hostname add`](/cli/azure/webapp/config/hostname#az-webapp-config-hostnam-eadd) | Maps a custom domain to an App Service app. |
## Next steps
app-service Cli Configure Ssl Certificate https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/app-service/scripts/cli-configure-ssl-certificate.md
This script uses the following commands. Each command in the table links to comm
| Command | Notes | |||
-| [`az group create`](/cli/azure/group#az_group_create) | Creates a resource group in which all resources are stored. |
-| [`az appservice plan create`](/cli/azure/appservice/plan#az_appservice_plan_create) | Creates an App Service plan. |
-| [`az webapp create`](/cli/azure/webapp#az_webapp_create) | Creates an App Service app. |
-| [`az webapp config hostname add`](/cli/azure/webapp/config/hostname#az_webapp_config_hostname_add) | Maps a custom domain to an App Service app. |
-| [`az webapp config ssl upload`](/cli/azure/webapp/config/ssl#az_webapp_config_ssl_upload) | Uploads a TLS/SSL certificate to an App Service app. |
-| [`az webapp config ssl bind`](/cli/azure/webapp/config/ssl#az_webapp_config_ssl_bind) | Binds an uploaded TLS/SSL certificate to an App Service app. |
+| [`az group create`](/cli/azure/group#az-group-create) | Creates a resource group in which all resources are stored. |
+| [`az appservice plan create`](/cli/azure/appservice/plan#az-appservice-plan-create) | Creates an App Service plan. |
+| [`az webapp create`](/cli/azure/webapp#az-webapp-create) | Creates an App Service app. |
+| [`az webapp config hostname add`](/cli/azure/webapp/config/hostname#az-webapp-config-hostname-add) | Maps a custom domain to an App Service app. |
+| [`az webapp config ssl upload`](/cli/azure/webapp/config/ssl#az-webapp-config-ssl-upload) | Uploads a TLS/SSL certificate to an App Service app. |
+| [`az webapp config ssl bind`](/cli/azure/webapp/config/ssl#az-webapp-config-ssl-bind) | Binds an uploaded TLS/SSL certificate to an App Service app. |
## Next steps
app-service Cli Connect To Documentdb https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/app-service/scripts/cli-connect-to-documentdb.md
This script uses the following commands to create a resource group, App Service
| Command | Notes | |||
-| [`az group create`](/cli/azure/group#az_group_create) | Creates a resource group in which all resources are stored. |
-| [`az appservice plan create`](/cli/azure/appservice/plan#az_appservice_plan_create) | Creates an App Service plan. |
-| [`az webapp create`](/cli/azure/webapp#az_webapp_create) | Creates an App Service app. |
-| [`az cosmosdb create`](/cli/azure/cosmosdb#az_cosmosdb_create) | Creates a Cosmos DB account. |
-| [`az cosmosdb list-connection-strings`](/cli/azure/cosmosdb#az_cosmosdb_list_connection_strings) | Lists connection strings for the specified Cosmos DB account. |
-| [`az webapp config appsettings set`](/cli/azure/webapp/config/appsettings#az_webapp_config_appsettings_set) | Creates or updates an app setting for an App Service app. App settings are exposed as environment variables for your app (see [Environment variables and app settings reference](../reference-app-settings.md)). |
+| [`az group create`](/cli/azure/group#az-group-create) | Creates a resource group in which all resources are stored. |
+| [`az appservice plan create`](/cli/azure/appservice/plan#az-appservice-plan-create) | Creates an App Service plan. |
+| [`az webapp create`](/cli/azure/webapp#az-webapp-create) | Creates an App Service app. |
+| [`az cosmosdb create`](/cli/azure/cosmosdb#az-cosmosdb-create) | Creates a Cosmos DB account. |
+| [`az cosmosdb list-connection-strings`](/cli/azure/cosmosdb#az-cosmosdb-list-connection-strings) | Lists connection strings for the specified Cosmos DB account. |
+| [`az webapp config appsettings set`](/cli/azure/webapp/config/appsettings#az-webapp-config-appsettings-set) | Creates or updates an app setting for an App Service app. App settings are exposed as environment variables for your app (see [Environment variables and app settings reference](../reference-app-settings.md)). |
## Next steps
app-service Cli Connect To Redis https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/app-service/scripts/cli-connect-to-redis.md
This script uses the following commands to create a resource group, App Service
| Command | Notes | |||
-| [`az group create`](/cli/azure/group#az_group_create) | Creates a resource group in which all resources are stored. |
-| [`az appservice plan create`](/cli/azure/appservice/plan#az_appservice_plan_create) | Creates an App Service plan. |
-| [`az webapp create`](/cli/azure/webapp#az_webapp_create) | Creates an App Service app. |
-| [`az redis create`](/cli/azure/redis#az_redis-create) | Create new Azure Cache for Redis instance. |
-| [`az redis list-keys`](/cli/azure/redis#az_redis_list_keys) | Lists the access keys for the Azure Cache for Redis instance. |
-| [`az webapp config appsettings set`](/cli/azure/webapp/config/appsettings#az_webapp_config_appsettings_set) | Creates or updates an app setting for an App Service app. App settings are exposed as environment variables for your app. |
+| [`az group create`](/cli/azure/group#az-group-create) | Creates a resource group in which all resources are stored. |
+| [`az appservice plan create`](/cli/azure/appservice/plan#az-appservice-plan-create) | Creates an App Service plan. |
+| [`az webapp create`](/cli/azure/webapp#az-webapp-create) | Creates an App Service app. |
+| [`az redis create`](/cli/azure/redis#az-redis-create) | Create new Azure Cache for Redis instance. |
+| [`az redis list-keys`](/cli/azure/redis#az-redis-list-keys) | Lists the access keys for the Azure Cache for Redis instance. |
+| [`az webapp config appsettings set`](/cli/azure/webapp/config/appsettings#az-webapp-config-appsettings-set) | Creates or updates an app setting for an App Service app. App settings are exposed as environment variables for your app. |
## Next steps
app-service Cli Connect To Sql https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/app-service/scripts/cli-connect-to-sql.md
This script uses the following commands to create a resource group, App Service
| Command | Notes | |||
-| [`az group create`](/cli/azure/group#az_group_create) | Creates a resource group in which all resources are stored. |
-| [`az appservice plan create`](/cli/azure/appservice/plan#az_appservice_plan_create) | Creates an App Service plan. |
-| [`az webapp create`](/cli/azure/webapp#az_webapp_create) | Creates an App Service app. |
-| [`az sql server create`](/cli/azure/sql/server#az_sql_server_create) | Creates a server. |
-| [`az sql db create`](/cli/azure/sql/db#az_sql_db_create) | Creates a new database. |
-| [`az sql db show-connection-string`](/cli/azure/sql/db#az_sql_db_show-connection_string) | Generates a connection string to a database. |
-| [`az webapp config appsettings set`](/cli/azure/webapp/config/appsettings#az_webapp_config_appsettings_set) | Creates or updates an app setting for an App Service app. App settings are exposed as environment variables for your app. |
+| [`az group create`](/cli/azure/group#az-group-create) | Creates a resource group in which all resources are stored. |
+| [`az appservice plan create`](/cli/azure/appservice/plan#az-appservice-plan-create) | Creates an App Service plan. |
+| [`az webapp create`](/cli/azure/webapp#az-webapp-create) | Creates an App Service app. |
+| [`az sql server create`](/cli/azure/sql/server#az-sql-server-create) | Creates a server. |
+| [`az sql db create`](/cli/azure/sql/db#az-sql-db-create) | Creates a new database. |
+| [`az sql db show-connection-string`](/cli/azure/sql/db#az-sql-db-show-connection-string) | Generates a connection string to a database. |
+| [`az webapp config appsettings set`](/cli/azure/webapp/config/appsettings#az-webapp-config-appsettings-set) | Creates or updates an app setting for an App Service app. App settings are exposed as environment variables for your app. |
## Next steps
app-service Cli Connect To Storage https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/app-service/scripts/cli-connect-to-storage.md
This script uses the following commands to create a resource group, App Service
| Command | Notes | |||
-| [`az group create`](/cli/azure/group#az_group_create) | Creates a resource group in which all resources are stored. |
-| [`az appservice plan create`](/cli/azure/appservice/plan#az_appservice_plan_create) | Creates an App Service plan. |
-| [`az webapp create`](/cli/azure/webapp#az_webapp_create) | Creates an App Service app. |
-| [`az storage account create`](/cli/azure/storage/account#az_storage_account_create) | Creates a storage account. |
-| [`az storage account show-connection-string`](/cli/azure/storage/account#az_storage_account_show_connection_string) | Get the connection string for a storage account. |
-| [`az webapp config appsettings set`](/cli/azure/webapp/config/appsettings#az_webapp_config_appsettings_set) | Creates or updates an app setting for an App Service app. App settings are exposed as environment variables for your app. |
+| [`az group create`](/cli/azure/group#az-group-create) | Creates a resource group in which all resources are stored. |
+| [`az appservice plan create`](/cli/azure/appservice/plan#az-appservice-plan-create) | Creates an App Service plan. |
+| [`az webapp create`](/cli/azure/webapp#az-webapp-create) | Creates an App Service app. |
+| [`az storage account create`](/cli/azure/storage/account#az-storage-account-create) | Creates a storage account. |
+| [`az storage account show-connection-string`](/cli/azure/storage/account#az-storage-account-show-connection-string) | Get the connection string for a storage account. |
+| [`az webapp config appsettings set`](/cli/azure/webapp/config/appsettings#az-webapp-config-appsettings-set) | Creates or updates an app setting for an App Service app. App settings are exposed as environment variables for your app. |
## Next steps
app-service Cli Continuous Deployment Github https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/app-service/scripts/cli-continuous-deployment-github.md
This script uses the following commands. Each command in the table links to comm
| Command | Notes | |||
-| [`az group create`](/cli/azure/group#az_group_create) | Creates a resource group in which all resources are stored. |
-| [`az appservice plan create`](/cli/azure/appservice/plan#az_appservice_plan_create) | Creates an App Service plan. |
-| [`az webapp create`](/cli/azure/webapp#az_webapp_create) | Creates an App Service app. |
-| [`az webapp deployment source config`](/cli/azure/webapp/deployment/source#az_webapp_deployment_source_config) | Associates an App Service app with a Git or Mercurial repository. |
+| [`az group create`](/cli/azure/group#az-group-create) | Creates a resource group in which all resources are stored. |
+| [`az appservice plan create`](/cli/azure/appservice/plan#az-appservice-plan-create) | Creates an App Service plan. |
+| [`az webapp create`](/cli/azure/webapp#az-webapp-create) | Creates an App Service app. |
+| [`az webapp deployment source config`](/cli/azure/webapp/deployment/source#az-webapp-deployment-source-config) | Associates an App Service app with a Git or Mercurial repository. |
## Next steps
app-service Cli Continuous Deployment Vsts https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/app-service/scripts/cli-continuous-deployment-vsts.md
This script uses the following commands. Each command in the table links to comm
| Command | Notes | |||
-| [`az group create`](/cli/azure/group#az_group_create) | Creates a resource group in which all resources are stored. |
-| [`az appservice plan create`](/cli/azure/appservice/plan#az_appservice_plan_create) | Creates an App Service plan. |
-| [`az webapp create`](/cli/azure/webapp#az_webapp_create) | Creates an App Service app. |
-| [`az webapp deployment source config`](/cli/azure/webapp/deployment/source#az_webapp_deployment_source_config) | Associates an App Service app with a Git or Mercurial repository. |
+| [`az group create`](/cli/azure/group#az-group-create) | Creates a resource group in which all resources are stored. |
+| [`az appservice plan create`](/cli/azure/appservice/plan#az-appservice-plan-create) | Creates an App Service plan. |
+| [`az webapp create`](/cli/azure/webapp#az-webapp-create) | Creates an App Service app. |
+| [`az webapp deployment source config`](/cli/azure/webapp/deployment/source#az-webapp-deployment-source-config) | Associates an App Service app with a Git or Mercurial repository. |
## Next steps
app-service Cli Deploy Ftp https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/app-service/scripts/cli-deploy-ftp.md
This script uses the following commands. Each command in the table links to comm
| Command | Notes | |||
-| [`az group create`](/cli/azure/group#az_group_create) | Creates a resource group in which all resources are stored. |
-| [`az appservice plan create`](/cli/azure/appservice/plan#az_appservice_plan_create) | Creates an App Service plan. |
-| [`az webapp create`](/cli/azure/webapp#az_webapp_create) | Creates an App Service app. |
-| [`az webapp deployment list-publishing-profiles`](/cli/azure/webapp/deployment#az_webapp_deployment_list_publishing_profiles) | Get the details for available app deployment profiles. |
+| [`az group create`](/cli/azure/group#az-group-create) | Creates a resource group in which all resources are stored. |
+| [`az appservice plan create`](/cli/azure/appservice/plan#az-appservice-plan-create) | Creates an App Service plan. |
+| [`az webapp create`](/cli/azure/webapp#az-webapp-create) | Creates an App Service app. |
+| [`az webapp deployment list-publishing-profiles`](/cli/azure/webapp/deployment#az-webapp-deployment-list-publishing-profiles) | Get the details for available app deployment profiles. |
## Next steps
app-service Cli Deploy Github https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/app-service/scripts/cli-deploy-github.md
This script uses the following commands. Each command in the table links to comm
| Command | Notes | |||
-| [`az group create`](/cli/azure/group#az_group_create) | Creates a resource group in which all resources are stored. |
-| [`az appservice plan create`](/cli/azure/appservice/plan#az_appservice_plan_create) | Creates an App Service plan. |
-| [`az webapp create`](/cli/azure/webapp#az_webapp_create) | Creates an App Service app. |
-| [`az webapp deployment source config`](/cli/azure/webapp/deployment/source#az_webapp_deployment_source_config) | Associates an App Service app with a Git or Mercurial repository. |
+| [`az group create`](/cli/azure/group#az-group-create) | Creates a resource group in which all resources are stored. |
+| [`az appservice plan create`](/cli/azure/appservice/plan#az-appservice-plan-create) | Creates an App Service plan. |
+| [`az webapp create`](/cli/azure/webapp#az-webapp-create) | Creates an App Service app. |
+| [`az webapp deployment source config`](/cli/azure/webapp/deployment/source#az-webapp-deployment-source-config) | Associates an App Service app with a Git or Mercurial repository. |
## Next steps
app-service Cli Deploy Local Git https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/app-service/scripts/cli-deploy-local-git.md
This script uses the following commands. Each command in the table links to comm
| Command | Notes | |||
-| [`az group create`](/cli/azure/group#az_group_create) | Creates a resource group in which all resources are stored. |
-| [`az appservice plan create`](/cli/azure/appservice/plan#az_appservice_plan_create) | Creates an App Service plan. |
-| [`az webapp create`](/cli/azure/webapp#az_webapp_create) | Creates an App Service app. |
-| [`az webapp deployment user set`](/cli/azure/webapp/deployment/user#az_webapp_deployment_user_set) | Sets the account-level deployment credentials for App Service. |
-| [`az webapp deployment source config-local-git`](/cli/azure/webapp/deployment/source#az_webapp_deployment_source_config_local_git) | Creates a source control configuration for a local Git repository. |
+| [`az group create`](/cli/azure/group#az-group-create) | Creates a resource group in which all resources are stored. |
+| [`az appservice plan create`](/cli/azure/appservice/plan#az-appservice-plan-create) | Creates an App Service plan. |
+| [`az webapp create`](/cli/azure/webapp#az-webapp-create) | Creates an App Service app. |
+| [`az webapp deployment user set`](/cli/azure/webapp/deployment/user#az-webapp-deployment-user-set) | Sets the account-level deployment credentials for App Service. |
+| [`az webapp deployment source config-local-git`](/cli/azure/webapp/deployment/source#az-webapp-deployment-source-config-local-git) | Creates a source control configuration for a local Git repository. |
## Next steps
app-service Cli Deploy Privateendpoint https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/app-service/scripts/cli-deploy-privateendpoint.md
az group create --name myResourceGroup --location francecentral
## Create an App Service Plan You need to create an App Service Plan to host your Web App.
-Create an App Service Plan with [az appservice plan create](/cli/azure/appservice/plan#az_appservice_plan_create).
+Create an App Service Plan with [az appservice plan create](/cli/azure/appservice/plan#az-appservice-plan-create).
This example creates App Service Plan named *myAppServicePlan* in the *francecentral* location with *P1V2* sku and only one worker: ```azurecli-interactive
az appservice plan create \
## Create a Web App Now that you have an App Service Plan you can deploy a Web App.
-Create a Web App with [az webapp create](/cli/azure/webapp#az_webapp_create).
+Create a Web App with [az webapp create](/cli/azure/webapp#az-webapp-create).
This example creates a Web App named *mySiteName* in the Plan named *myAppServicePlan* ```azurecli-interactive
az network vnet create \
## Configure the Subnet
-You need to update the subnet to disable private endpoint network policies. Update a subnet configuration named *mySubnet* with [az network vnet subnet update](/cli/azure/network/vnet/subnet#az_network_vnet_subnet_update):
+You need to update the subnet to disable private endpoint network policies. Update a subnet configuration named *mySubnet* with [az network vnet subnet update](/cli/azure/network/vnet/subnet#az-network-vnet-subnet-update):
```azurecli-interactive az network vnet subnet update \
app-service Cli Deploy Staging Environment https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/app-service/scripts/cli-deploy-staging-environment.md
This script uses the following commands. Each command in the table links to comm
| Command | Notes | |||
-| [`az group create`](/cli/azure/group#az_group_create) | Creates a resource group in which all resources are stored. |
-| [`az appservice plan create`](/cli/azure/appservice/plan#az_appservice_plan_create) | Creates an App Service plan. |
-| [`az webapp create`](/cli/azure/webapp#az_webapp_create) | Creates an App Service app. |
-| [`az webapp deployment slot create`](/cli/azure/webapp/deployment/slot#az_webapp_deployment_slot_create) | Create a deployment slot. |
-| [`az webapp deployment source config`](/cli/azure/webapp/deployment/source#az_webapp_deployment_source_config) | Associates an App Service app with a Git or Mercurial repository. |
-| [`az webapp deployment slot swap`](/cli/azure/webapp/deployment/slot#az_webapp_deployment_slot_swap) | Swap a specified deployment slot into production. |
+| [`az group create`](/cli/azure/group#az-group-create) | Creates a resource group in which all resources are stored. |
+| [`az appservice plan create`](/cli/azure/appservice/plan#az-appservice-plan-create) | Creates an App Service plan. |
+| [`az webapp create`](/cli/azure/webapp#az-webapp-create) | Creates an App Service app. |
+| [`az webapp deployment slot create`](/cli/azure/webapp/deployment/slot#az-webapp-deployment-slot-create) | Create a deployment slot. |
+| [`az webapp deployment source config`](/cli/azure/webapp/deployment/source#az-webapp-deployment-source-config) | Associates an App Service app with a Git or Mercurial repository. |
+| [`az webapp deployment slot swap`](/cli/azure/webapp/deployment/slot#az-webapp-deployment-slot-swap) | Swap a specified deployment slot into production. |
## Next steps
app-service Cli Integrate App Service With Application Gateway https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/app-service/scripts/cli-integrate-app-service-with-application-gateway.md
This script uses the following commands to create a resource group, App Service
| Command | Notes | |||
-| [`az group create`](/cli/azure/group#az_group_create) | Creates a resource group in which all resources are stored. |
-| [`az network vnet create`](/cli/azure/network/vnet#az_network_vnet_create) | Creates a virtual network. |
-| [`az network public-ip create`](/cli/azure/network/public-ip#az_network_public_ip_create) | Creates a public IP address. |
-| [`az network public-ip show`](/cli/azure/network/public-ip#az_network_public_ip_show) | Show details of a public IP address. |
-| [`az appservice plan create`](/cli/azure/appservice/plan#az_appservice_plan_create) | Creates an App Service plan. |
-| [`az webapp create`](/cli/azure/webapp#az_webapp_create) | Creates an App Service web app. |
-| [`az webapp show`](/cli/azure/webapp#az_webapp_show) | Show details of an App Service web app. |
-| [`az webapp config access-restriction add`](/cli/azure/webapp/config/access-restriction#az_webapp_config_access_restriction_add) | Adds an access restriction to the App Service web app. |
-| [`az network application-gateway create`](/cli/azure/network/application-gateway#az_network_application_gateway_create) | Creates an Application Gateway. |
-| [`az network application-gateway http-settings update`](/cli/azure/network/application-gateway/http-settings#az_network-application-gateway-http_settings_update) | Updates Application Gateway HTTP settings. |
+| [`az group create`](/cli/azure/group#az-group-create) | Creates a resource group in which all resources are stored. |
+| [`az network vnet create`](/cli/azure/network/vnet#az-network-vnet-create) | Creates a virtual network. |
+| [`az network public-ip create`](/cli/azure/network/public-ip#az-network-public-ip-create) | Creates a public IP address. |
+| [`az network public-ip show`](/cli/azure/network/public-ip#az-network-public-ip-show) | Show details of a public IP address. |
+| [`az appservice plan create`](/cli/azure/appservice/plan#az-appservice-plan-create) | Creates an App Service plan. |
+| [`az webapp create`](/cli/azure/webapp#az-webapp-create) | Creates an App Service web app. |
+| [`az webapp show`](/cli/azure/webapp#az-webapp-show) | Show details of an App Service web app. |
+| [`az webapp config access-restriction add`](/cli/azure/webapp/config/access-restriction#az-webapp-config-access-restriction-add) | Adds an access restriction to the App Service web app. |
+| [`az network application-gateway create`](/cli/azure/network/application-gateway#az-network-application-gateway-create) | Creates an Application Gateway. |
+| [`az network application-gateway http-settings update`](/cli/azure/network/application-gateway/http-settings#az-network-application-gateway-http-settings-update) | Updates Application Gateway HTTP settings. |
## Next steps
app-service Cli Linux Acr Aspnetcore https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/app-service/scripts/cli-linux-acr-aspnetcore.md
This script uses the following commands to create a resource group, App Service
| Command | Notes | |||
-| [`az group create`](/cli/azure/group#az_group_create) | Creates a resource group in which all resources are stored. |
-| [`az appservice plan create`](/cli/azure/appservice/plan#az_appservice_plan_create) | Creates an App Service plan. |
-| [`az webapp create`](/cli/azure/webapp#az_webapp_create) | Creates an App Service app. |
-| [`az webapp config container set`](/cli/azure/webapp/config/container#az_webapp_config_container_set) | Sets the Docker container for the App Service app. |
+| [`az group create`](/cli/azure/group#az-group-create) | Creates a resource group in which all resources are stored. |
+| [`az appservice plan create`](/cli/azure/appservice/plan#az-appservice-plan-create) | Creates an App Service plan. |
+| [`az webapp create`](/cli/azure/webapp#az-webapp-create) | Creates an App Service app. |
+| [`az webapp config container set`](/cli/azure/webapp/config/container#az-webapp-config-container-set) | Sets the Docker container for the App Service app. |
## Next steps
app-service Cli Linux Docker Aspnetcore https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/app-service/scripts/cli-linux-docker-aspnetcore.md
This script uses the following commands to create a resource group, App Service
| Command | Notes | |||
-| [`az group create`](/cli/azure/group#az_group_create) | Creates a resource group in which all resources are stored. |
-| [`az appservice plan create`](/cli/azure/appservice/plan#az_appservice_plan_create) | Creates an App Service plan. |
-| [`az webapp create`](/cli/azure/webapp#az_webapp_create) | Creates an App Service app. |
-| [`az webapp config container set`](/cli/azure/webapp/config/container#az_webapp_config_container_set) | Sets the Docker container for the App Service app. |
+| [`az group create`](/cli/azure/group#az-group-create) | Creates a resource group in which all resources are stored. |
+| [`az appservice plan create`](/cli/azure/appservice/plan#az-appservice-plan-create) | Creates an App Service plan. |
+| [`az webapp create`](/cli/azure/webapp#az-webapp-create) | Creates an App Service app. |
+| [`az webapp config container set`](/cli/azure/webapp/config/container#az-webapp-config-container-set) | Sets the Docker container for the App Service app. |
## Next steps
app-service Cli Monitor https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/app-service/scripts/cli-monitor.md
This script uses the following commands to create a resource group, App Service
| Command | Notes | |||
-| [`az group create`](/cli/azure/group#az_group_create) | Creates a resource group in which all resources are stored. |
-| [`az appservice plan create`](/cli/azure/appservice/plan#az_appservice_plan_create) | Creates an App Service plan. |
-| [`az webapp create`](/cli/azure/webapp#az_webapp_create) | Creates an App Service app. |
-| [`az webapp log config`](/cli/azure/webapp/log#az_webapp_log_config) | Configures which logs an App Service app persists. |
-| [`az webapp log download`](/cli/azure/webapp/log#az_webapp_log_download) | Downloads the logs of an App Service app to your local machine. |
+| [`az group create`](/cli/azure/group#az-group-create) | Creates a resource group in which all resources are stored. |
+| [`az appservice plan create`](/cli/azure/appservice/plan#az-appservice-plan-create) | Creates an App Service plan. |
+| [`az webapp create`](/cli/azure/webapp#az-webapp-create) | Creates an App Service app. |
+| [`az webapp log config`](/cli/azure/webapp/log#az-webapp-log-config) | Configures which logs an App Service app persists. |
+| [`az webapp log download`](/cli/azure/webapp/log#az-webapp-log-download) | Downloads the logs of an App Service app to your local machine. |
## Next steps
app-service Cli Scale High Availability https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/app-service/scripts/cli-scale-high-availability.md
This script uses the following commands to create a resource group, App Service
| Command | Notes | |||
-| [`az group create`](/cli/azure/group#az_group_create) | Creates a resource group in which all resources are stored. |
-| [`az appservice plan create`](/cli/azure/appservice/plan#az_appservice_plan_create) | Creates an App Service plan. |
-| [`az webapp create`](/cli/azure/webapp#az_webapp_create) | Creates an App Service app. |
-| [`az network traffic-manager profile create`](/cli/azure/network/traffic-manager/profile#az_network_traffic_manager_profile_create) | Creates an Azure Traffic Manager profile. |
-| [`az network traffic-manager endpoint create`](/cli/azure/network/traffic-manager/endpoint#az_network_traffic-manager_endpoint_create) | Adds an endpoint to an Azure Traffic Manager Profile. |
+| [`az group create`](/cli/azure/group#az-group-create) | Creates a resource group in which all resources are stored. |
+| [`az appservice plan create`](/cli/azure/appservice/plan#az-appservice-plan-create) | Creates an App Service plan. |
+| [`az webapp create`](/cli/azure/webapp#az-webapp-create) | Creates an App Service app. |
+| [`az network traffic-manager profile create`](/cli/azure/network/traffic-manager/profile#az-network-traffic-manager-profile-create) | Creates an Azure Traffic Manager profile. |
+| [`az network traffic-manager endpoint create`](/cli/azure/network/traffic-manager/endpoint#az-network-traffic-manager-endpoint-create) | Adds an endpoint to an Azure Traffic Manager Profile. |
## Next steps
app-service Cli Scale Manual https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/app-service/scripts/cli-scale-manual.md
This script uses the following commands to create a resource group, App Service
| Command | Notes | |||
-| [`az group create`](/cli/azure/group#az_group_create) | Creates a resource group in which all resources are stored. |
-| [`az appservice plan create`](/cli/azure/appservice/plan#az_appservice_plan_create) | Creates an App Service plan. |
-| [`az webapp create`](/cli/azure/webapp#az_webapp_create) | Creates an App Service app. |
-| [`az appservice plan update`](/cli/azure/appservice/plan#az_appservice_plan_update) | Updates properties of the App Service plan. |
+| [`az group create`](/cli/azure/group#az-group-create) | Creates a resource group in which all resources are stored. |
+| [`az appservice plan create`](/cli/azure/appservice/plan#az-appservice-plan-create) | Creates an App Service plan. |
+| [`az webapp create`](/cli/azure/webapp#az-webapp-create) | Creates an App Service app. |
+| [`az appservice plan update`](/cli/azure/appservice/plan#az-appservice-plan-update) | Updates properties of the App Service plan. |
## Next steps
app-service Tutorial Auth Aad https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/app-service/tutorial-auth-aad.md
az webapp create --resource-group myAuthResourceGroup --plan myAuthAppServicePla
### Push to Azure from Git
-1. Since you're deploying the `main` branch, you need to set the default deployment branch for your two App Service apps to `main` (see [Change deployment branch](deploy-local-git.md#change-deployment-branch)). In the Cloud Shell, set the `DEPLOYMENT_BRANCH` app setting with the [`az webapp config appsettings set`](/cli/azure/webapp/config/appsettings#az_webapp_config_appsettings_set) command.
+1. Since you're deploying the `main` branch, you need to set the default deployment branch for your two App Service apps to `main` (see [Change deployment branch](deploy-local-git.md#change-deployment-branch)). In the Cloud Shell, set the `DEPLOYMENT_BRANCH` app setting with the [`az webapp config appsettings set`](/cli/azure/webapp/config/appsettings#az-webapp-config-appsettings-set) command.
```azurecli-interactive az webapp config appsettings set --name <front-end-app-name> --resource-group myAuthResourceGroup --settings DEPLOYMENT_BRANCH=main
While the server code has access to request headers, client code can access `GET
### Configure CORS
-In the Cloud Shell, enable CORS to your client's URL by using the [`az webapp cors add`](/cli/azure/webapp/cors#az_webapp_cors_add) command. Replace the _\<back-end-app-name>_ and _\<front-end-app-name>_ placeholders.
+In the Cloud Shell, enable CORS to your client's URL by using the [`az webapp cors add`](/cli/azure/webapp/cors#az-webapp-cors-add) command. Replace the _\<back-end-app-name>_ and _\<front-end-app-name>_ placeholders.
```azurecli-interactive az webapp cors add --resource-group myAuthResourceGroup --name <back-end-app-name> --allowed-origins 'https://<front-end-app-name>.azurewebsites.net'
app-service Tutorial Connect Msi Sql Database https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/app-service/tutorial-connect-msi-sql-database.md
First, enable Azure Active Directory authentication to SQL Database by assigning
1. If your Azure AD tenant doesn't have a user yet, create one by following the steps at [Add or delete users using Azure Active Directory](../active-directory/fundamentals/add-users-azure-active-directory.md).
-1. Find the object ID of the Azure AD user using the [`az ad user list`](/cli/azure/ad/user#az_ad_user_list) and replace *\<user-principal-name>*. The result is saved to a variable.
+1. Find the object ID of the Azure AD user using the [`az ad user list`](/cli/azure/ad/user#az-ad-user-list) and replace *\<user-principal-name>*. The result is saved to a variable.
```azurecli-interactive azureaduser=$(az ad user list --filter "userPrincipalName eq '<user-principal-name>'" --query [].objectId --output tsv)
First, enable Azure Active Directory authentication to SQL Database by assigning
> To see the list of all user principal names in Azure AD, run `az ad user list --query [].userPrincipalName`. >
-1. Add this Azure AD user as an Active Directory admin using [`az sql server ad-admin create`](/cli/azure/sql/server/ad-admin#az_sql_server_ad_admin_create) command in the Cloud Shell. In the following command, replace *\<server-name>* with the server name (without the `.database.windows.net` suffix).
+1. Add this Azure AD user as an Active Directory admin using [`az sql server ad-admin create`](/cli/azure/sql/server/ad-admin#az-sql-server-ad-admin-create) command in the Cloud Shell. In the following command, replace *\<server-name>* with the server name (without the `.database.windows.net` suffix).
```azurecli-interactive az sql server ad-admin create --resource-group myResourceGroup --server-name <server-name> --display-name ADMIN --object-id $azureaduser
Next, you configure your App Service app to connect to SQL Database with a syste
### Enable managed identity on app
-To enable a managed identity for your Azure app, use the [az webapp identity assign](/cli/azure/webapp/identity#az_webapp_identity_assign) command in the Cloud Shell. In the following command, replace *\<app-name>*.
+To enable a managed identity for your Azure app, use the [az webapp identity assign](/cli/azure/webapp/identity#az-webapp-identity-assign) command in the Cloud Shell. In the following command, replace *\<app-name>*.
```azurecli-interactive az webapp identity assign --resource-group myResourceGroup --name <app-name>
app-service Tutorial Custom Container https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/app-service/tutorial-custom-container.md
The streamed logs look like this:
::: zone pivot="container-linux"
-Azure App Service uses the Docker container technology to host both built-in images and custom images. To see a list of built-in images, run the Azure CLI command, ['az webapp list-runtimes--linux'](/cli/azure/webapp#az_webapp_list_runtimes). If those images don't satisfy your needs, you can build and deploy a custom image.
+Azure App Service uses the Docker container technology to host both built-in images and custom images. To see a list of built-in images, run the Azure CLI command, ['az webapp list-runtimes--linux'](/cli/azure/webapp#az-webapp-list-runtimes). If those images don't satisfy your needs, you can build and deploy a custom image.
In this tutorial, you learn how to:
ENTRYPOINT ["init.sh"]
In this section and the following sections, you prepare resources in Azure to which you push the image and then deploy a container to Azure App Service. You can start by creating a resource group in which you want to collect all the resources.
-Run the [az group create](/cli/azure/group#az_group_create) command to create a resource group:
+Run the [az group create](/cli/azure/group#az-group-create) command to create a resource group:
```azurecli-interactive az group create --name myResourceGroup --location westeurope
You can change the `--location` value to specify a region near you.
In this section, you push the image to Azure Container Registry from which App Service can deploy it.
-1. Run the [`az acr create`](/cli/azure/acr#az_acr_create) command to create an Azure Container Registry:
+1. Run the [`az acr create`](/cli/azure/acr#az-acr-create) command to create an Azure Container Registry:
```azurecli-interactive az acr create --name <registry-name> --resource-group myResourceGroup --sku Basic --admin-enabled true
In this section, you push the image to Azure Container Registry from which App S
Replace `<registry-name>` with a suitable name for your registry. The name must contain only letters, numbers, and must be unique across all of Azure.
-1. Run the [`az acr show`](/cli/azure/acr#az_acr_show) command to retrieve credentials for the registry:
+1. Run the [`az acr show`](/cli/azure/acr#az-acr-show) command to retrieve credentials for the registry:
```azurecli-interactive az acr credential show --resource-group myResourceGroup --name <registry-name>
In this section, you push the image to Azure Container Registry from which App S
To deploy a container to Azure App Service, you first create a web app on App Service, then connect the web app to the container registry. When the web app starts, App Service automatically pulls the image from the registry.
-1. Create an App Service plan using the [`az appservice plan create`](/cli/azure/appservice/plan#az_appservice_plan_create) command:
+1. Create an App Service plan using the [`az appservice plan create`](/cli/azure/appservice/plan#az-appservice-plan-create) command:
```azurecli-interactive az appservice plan create --name myAppServicePlan --resource-group myResourceGroup --is-linux
To deploy a container to Azure App Service, you first create a web app on App Se
An App Service plan corresponds to the virtual machine that hosts the web app. By default, the previous command uses an inexpensive [B1 pricing tier](https://azure.microsoft.com/pricing/details/app-service/linux/) that is free for the first month. You can control the tier with the `--sku` parameter.
-1. Create the web app with the [`az webpp create`](/cli/azure/webapp#az_webapp_create) command:
+1. Create the web app with the [`az webpp create`](/cli/azure/webapp#az-webapp-create) command:
```azurecli-interactive az webapp create --resource-group myResourceGroup --plan myAppServicePlan --name <app-name> --deployment-container-image-name <registry-name>.azurecr.io/appsvc-tutorial-custom-image:latest
To deploy a container to Azure App Service, you first create a web app on App Se
Replace `<app-name>` with a name for the web app, which must be unique across all of Azure. Also replace `<registry-name>` with the name of your registry from the previous section.
-1. Use [`az webapp config appsettings set`](/cli/azure/webapp/config/appsettings#az_webapp_config_appsettings_set) to set the `WEBSITES_PORT` environment variable as expected by the app code:
+1. Use [`az webapp config appsettings set`](/cli/azure/webapp/config/appsettings#az-webapp-config-appsettings-set) to set the `WEBSITES_PORT` environment variable as expected by the app code:
```azurecli-interactive az webapp config appsettings set --resource-group myResourceGroup --name <app-name> --settings WEBSITES_PORT=8000
To deploy a container to Azure App Service, you first create a web app on App Se
For more information on this environment variable, see the [readme in the sample's GitHub repository](https://github.com/Azure-Samples/docker-django-webapp-linux).
-1. Enable [the system-assigned managed identity](./overview-managed-identity.md) for the web app by using the [`az webapp identity assign`](/cli/azure/webapp/identity#az_webapp_identity-assign) command:
+1. Enable [the system-assigned managed identity](./overview-managed-identity.md) for the web app by using the [`az webapp identity assign`](/cli/azure/webapp/identity#az-webapp-identity-assign) command:
```azurecli-interactive az webapp identity assign --resource-group myResourceGroup --name <app-name> --query principalId --output tsv
To deploy a container to Azure App Service, you first create a web app on App Se
Managed identity allows you to grant permissions to the web app to access other Azure resources without needing any specific credentials.
-1. Retrieve your subscription ID with the [`az account show`](/cli/azure/account#az_account_show) command, which you need in the next step:
+1. Retrieve your subscription ID with the [`az account show`](/cli/azure/account#az-account-show) command, which you need in the next step:
```azurecli-interactive az account show --query id --output tsv
To deploy a container to Azure App Service, you first create a web app on App Se
You can complete these steps once the image is pushed to the container registry and the App Service is fully provisioned.
-1. Use the [`az webapp config container set`](/cli/azure/webapp/config/container#az_webapp_config_container_set) command to specify the container registry and the image to deploy for the web app:
+1. Use the [`az webapp config container set`](/cli/azure/webapp/config/container#az-webapp-config-container-set) command to specify the container registry and the image to deploy for the web app:
```azurecli-interactive az webapp config container set --name <app-name> --resource-group myResourceGroup --docker-custom-image-name <registry-name>.azurecr.io/appsvc-tutorial-custom-image:latest --docker-registry-server-url https://<registry-name>.azurecr.io
app-service Tutorial Dotnetcore Sqldb App https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/app-service/tutorial-dotnetcore-sqldb-app.md
Sign in to the [Azure portal](https://portal.azure.com/) and follow these steps
You can run Azure CLI commands in the [Azure Cloud Shell](https://shell.azure.com) or on a workstation with the [Azure CLI installed](/cli/azure/install-azure-cli).
-First, create a resource group using the [az group create](/cli/azure/group#az_group_create) command. The resource group acts as a container for all of the Azure resources related to this application.
+First, create a resource group using the [az group create](/cli/azure/group#az-group-create) command. The resource group acts as a container for all of the Azure resources related to this application.
```azurecli-interactive # Use 'az account list-locations --output table' to list available locations close to you
First, create a resource group using the [az group create](/cli/azure/group#az_g
az group create --location eastus --name msdocs-core-sql ```
-Next, create an App Service plan using the [az appservice plan create](/cli/azure/appservice/plan#az_appservice_plan_create) command.
+Next, create an App Service plan using the [az appservice plan create](/cli/azure/appservice/plan#az-appservice-plan-create) command.
* The `--sku` parameter defines the size (CPU, memory) and cost of the app service plan. This example uses the F1 (Free) service plan. For a full list of App Service plans, view the [App Service pricing](https://azure.microsoft.com/pricing/details/app-service/windows/) page.
az appservice plan create \
--sku F1 ```
-Finally, create the App Service web app using the [az webapp create](/cli/azure/webapp#az_webapp_create) command.
+Finally, create the App Service web app using the [az webapp create](/cli/azure/webapp#az-webapp-create) command.
* The App Service name is used as both the name of the resource in Azure and to form the fully qualified domain name for your app in the form of `https://<app service name>.azurewebsites.com`. * The runtime specifies what version of .NET your app is running. This example uses .NET 6.0 LTS. To list all available runtimes, use the command `az webapp list-runtimes --linux --output table` for Linux and `az webapp list-runtimes --output table` for Windows.
Sign in to the [Azure portal](https://portal.azure.com/) and follow these steps
### [Azure CLI](#tab/azure-cli)
-First, create an Azure SQL Server to host the database. A new Azure SQL Server is created by using the [az sql server create ](/cli/azure/sql/server#az_sql_server_create) command.
+First, create an Azure SQL Server to host the database. A new Azure SQL Server is created by using the [az sql server create ](/cli/azure/sql/server#az-sql-server-create) command.
Replace the *server-name* placeholder with a unique SQL Database name. The SQL Database name is used as part of the globally unique SQL Database endpoint. Also, replace *db-username* and *db-username* with a username and password of your choice.
az sql server create \
--admin-password <db-password> ```
-Setting up an SQL Server might take a few minutes. When the resource is available, we can create a database with the [az sql db create](/cli/azure/sql/db#az_sql_db_create) command.
+Setting up an SQL Server might take a few minutes. When the resource is available, we can create a database with the [az sql db create](/cli/azure/sql/db#az-sql-db-create) command.
```azurecli-interactive az sql db create \
Sign in to the [Azure portal](https://portal.azure.com/) and follow the steps to
Run Azure CLI commands in the [Azure Cloud Shell](https://shell.azure.com) or on a workstation with the [Azure CLI installed](/cli/azure/install-azure-cli).
-We can retrieve the Connection String for our database using the [az sql db show-connection-string](/cli/azure/sql/db#az_sql_db_show_connection_string) command. This command allows us to add the Connection String to our App Service configuration settings. Copy this Connection String value for later use.
+We can retrieve the Connection String for our database using the [az sql db show-connection-string](/cli/azure/sql/db#az-sql-db-show-connection-string) command. This command allows us to add the Connection String to our App Service configuration settings. Copy this Connection String value for later use.
```azurecli-interactive az sql db show-connection-string \
In the Azure portal:
### [Azure CLI](#tab/azure-cli)
-Run the [az sql server firewall-rule create](/cli/azure/sql/server/firewall-rule#az_sql_server_firewall_rule_create) command to add a firewall rule to your SQL Server instance.
+Run the [az sql server firewall-rule create](/cli/azure/sql/server/firewall-rule#az-sql-server-firewall-rule-create) command to add a firewall rule to your SQL Server instance.
```azurecli-interactive az sql server firewall-rule create -resource-group msdocs-core-sql --server <yoursqlserver> --name LocalAccess --start-ip-address <your-ip> --end-ip-address <your-ip>
Azure App Service captures messages logged to the console to assist you in diagn
### [Azure CLI](#tab/azure-cli-logs)
-You can configure Azure App Service to output logs to the App Service filesystem using the [az webapp log config](/cli/azure/webapp/log#az_webapp_log_config) command.
+You can configure Azure App Service to output logs to the App Service filesystem using the [az webapp log config](/cli/azure/webapp/log#az-webapp-log-config) command.
```azurecli az webapp log config \
az webapp log config \
--resource-group $RESOURCE_GROUP_NAME ```
-You can also stream logs directly to the console using the [az webapp log tail](/cli/azure/webapp/log#az_webapp_log_tail) command.
+You can also stream logs directly to the console using the [az webapp log tail](/cli/azure/webapp/log#az-webapp-log-tail) command.
```azurecli az webapp log tail \
Follow these steps while signed-in to the Azure portal to delete a resource grou
### [Azure CLI](#tab/azure-cli-resources)
-You can delete the resource group you created by using the [az group delete](/cli/azure/group#az_group_delete) command. Deleting the resource group deletes all of the resources contained within it.
+You can delete the resource group you created by using the [az group delete](/cli/azure/group#az-group-delete) command. Deleting the resource group deletes all of the resources contained within it.
```azurecli az group delete --name msdocs-core-sql
app-service Tutorial Multi Container App https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/app-service/tutorial-multi-container-app.md
cd multicontainerwordpress
[!INCLUDE [resource group intro text](../../includes/resource-group.md)]
-In Cloud Shell, create a resource group with the [`az group create`](/cli/azure/group#az_group_create) command. The following example creates a resource group named *myResourceGroup* in the *South Central US* location. To see all supported locations for App Service on Linux in **Standard** tier, run the [`az appservice list-locations --sku S1 --linux-workers-enabled`](/cli/azure/appservice#az_appservice_list_locations) command.
+In Cloud Shell, create a resource group with the [`az group create`](/cli/azure/group#az-group-create) command. The following example creates a resource group named *myResourceGroup* in the *South Central US* location. To see all supported locations for App Service on Linux in **Standard** tier, run the [`az appservice list-locations --sku S1 --linux-workers-enabled`](/cli/azure/appservice#az-appservice-list-locations) command.
```azurecli-interactive az group create --name myResourceGroup --location "South Central US"
When the command finishes, a JSON output shows you the resource group properties
## Create an Azure App Service plan
-In Cloud Shell, create an App Service plan in the resource group with the [`az appservice plan create`](/cli/azure/appservice/plan#az_appservice_plan_create) command.
+In Cloud Shell, create an App Service plan in the resource group with the [`az appservice plan create`](/cli/azure/appservice/plan#az-appservice-plan-create) command.
<!-- [!INCLUDE [app-service-plan](app-service-plan-linux.md)] -->
When the App Service plan has been created, Cloud Shell shows information simila
## Create a Docker Compose app
-In your Cloud Shell, create a multi-container [web app](overview.md) in the `myAppServicePlan` App Service plan with the [az webapp create](/cli/azure/webapp#az_webapp_create) command. Don't forget to replace _\<app-name>_ with a unique app name.
+In your Cloud Shell, create a multi-container [web app](overview.md) in the `myAppServicePlan` App Service plan with the [az webapp create](/cli/azure/webapp#az-webapp-create) command. Don't forget to replace _\<app-name>_ with a unique app name.
```azurecli-interactive az webapp create --resource-group myResourceGroup --plan myAppServicePlan --name <app-name> --multicontainer-config-type compose --multicontainer-config-file docker-compose-wordpress.yml
It's not recommended to use database containers in a production environment. The
### Create an Azure Database for MySQL server
-Create an Azure Database for MySQL server with the [`az mysql server create`](/cli/azure/mysql/server#az_mysql_server_create) command.
+Create an Azure Database for MySQL server with the [`az mysql server create`](/cli/azure/mysql/server#az-mysql-server-create) command.
In the following command, substitute your MySQL server name where you see the _&lt;mysql-server-name>_ placeholder (valid characters are `a-z`, `0-9`, and `-`). This name is part of the MySQL server's hostname (`<mysql-server-name>.database.windows.net`), it needs to be globally unique.
Creating the server may take a few minutes to complete. When the MySQL server is
### Configure server firewall
-Create a firewall rule for your MySQL server to allow client connections by using the [`az mysql server firewall-rule create`](/cli/azure/mysql/server/firewall-rule#az_mysql_server_firewall_rule_create) command. When both starting IP and end IP are set to 0.0.0.0, the firewall is only opened for other Azure resources.
+Create a firewall rule for your MySQL server to allow client connections by using the [`az mysql server firewall-rule create`](/cli/azure/mysql/server/firewall-rule#az-mysql-server-firewall-rule-create) command. When both starting IP and end IP are set to 0.0.0.0, the firewall is only opened for other Azure resources.
```azurecli-interactive az mysql server firewall-rule create --name allAzureIPs --server <mysql-server-name> --resource-group myResourceGroup --start-ip-address 0.0.0.0 --end-ip-address 0.0.0.0
When the database has been created, Cloud Shell shows information similar to the
To connect the WordPress app to this new MySQL server, you'll configure a few WordPress-specific environment variables, including the SSL CA path defined by `MYSQL_SSL_CA`. The [Baltimore CyberTrust Root](https://www.digicert.com/digicert-root-certificates.htm) from [DigiCert](https://www.digicert.com/) is provided in the [custom image](#use-a-custom-image-for-mysql-tlsssl-and-other-configurations) below.
-To make these changes, use the [az webapp config appsettings set](/cli/azure/webapp/config/appsettings#az_webapp_config_appsettings_set) command in Cloud Shell. App settings are case-sensitive and space-separated.
+To make these changes, use the [az webapp config appsettings set](/cli/azure/webapp/config/appsettings#az-webapp-config-appsettings-set) command in Cloud Shell. App settings are case-sensitive and space-separated.
```azurecli-interactive az webapp config appsettings set --resource-group myResourceGroup --name <app-name> --settings WORDPRESS_DB_HOST="<mysql-server-name>.mysql.database.azure.com" WORDPRESS_DB_USER="adminuser@<mysql-server-name>" WORDPRESS_DB_PASSWORD="My5up3rStr0ngPaSw0rd!" WORDPRESS_DB_NAME="wordpress" MYSQL_SSL_CA="BaltimoreCyberTrustroot.crt.pem"
Save your changes and exit nano. Use the command `^O` to save and `^X` to exit.
### Update app with new configuration
-In Cloud Shell, reconfigure your multi-container [web app](overview.md) with the [az webapp config container set](/cli/azure/webapp/config/container#az_webapp_config_container_set) command. Don't forget to replace _\<app-name>_ with the name of the web app you created earlier.
+In Cloud Shell, reconfigure your multi-container [web app](overview.md) with the [az webapp config container set](/cli/azure/webapp/config/container#az-webapp-config-container-set) command. Don't forget to replace _\<app-name>_ with the name of the web app you created earlier.
```azurecli-interactive az webapp config container set --resource-group myResourceGroup --name <app-name> --multicontainer-config-type compose --multicontainer-config-file docker-compose-wordpress.yml
Your multi-container is now running in Web App for Containers. However, if you i
### Configure environment variables
-To use persistent storage, you'll enable this setting within App Service. To make this change, use the [az webapp config appsettings set](/cli/azure/webapp/config/appsettings#az_webapp_config_appsettings_set) command in Cloud Shell. App settings are case-sensitive and space-separated.
+To use persistent storage, you'll enable this setting within App Service. To make this change, use the [az webapp config appsettings set](/cli/azure/webapp/config/appsettings#az-webapp-config-appsettings-set) command in Cloud Shell. App settings are case-sensitive and space-separated.
```azurecli-interactive az webapp config appsettings set --resource-group myResourceGroup --name <app-name> --settings WEBSITES_ENABLE_APP_SERVICE_STORAGE=TRUE
### Update app with new configuration
-In Cloud Shell, reconfigure your multi-container [web app](overview.md) with the [az webapp config container set](/cli/azure/webapp/config/container#az_webapp_config_container_set) command. Don't forget to replace _\<app-name>_ with a unique app name.
+In Cloud Shell, reconfigure your multi-container [web app](overview.md) with the [az webapp config container set](/cli/azure/webapp/config/container#az-webapp-config-container-set) command. Don't forget to replace _\<app-name>_ with a unique app name.
```azurecli-interactive az webapp config container set --resource-group myResourceGroup --name <app-name> --multicontainer-config-type compose --multicontainer-config-file docker-compose-wordpress.yml
### Configure environment variables
-To use Redis, you'll enable this setting, `WP_REDIS_HOST`, within App Service. This is a *required setting* for WordPress to communicate with the Redis host. To make this change, use the [az webapp config appsettings set](/cli/azure/webapp/config/appsettings#az_webapp_config_appsettings_set) command in Cloud Shell. App settings are case-sensitive and space-separated.
+To use Redis, you'll enable this setting, `WP_REDIS_HOST`, within App Service. This is a *required setting* for WordPress to communicate with the Redis host. To make this change, use the [az webapp config appsettings set](/cli/azure/webapp/config/appsettings#az-webapp-config-appsettings-set) command in Cloud Shell. App settings are case-sensitive and space-separated.
```azurecli-interactive az webapp config appsettings set --resource-group myResourceGroup --name <app-name> --settings WP_REDIS_HOST="redis"
When the app setting has been created, Cloud Shell shows information similar to
### Update app with new configuration
-In Cloud Shell, reconfigure your multi-container [web app](overview.md) with the [az webapp config container set](/cli/azure/webapp/config/container#az_webapp_config_container_set) command. Don't forget to replace _\<app-name>_ with a unique app name.
+In Cloud Shell, reconfigure your multi-container [web app](overview.md) with the [az webapp config container set](/cli/azure/webapp/config/container#az-webapp-config-container-set) command. Don't forget to replace _\<app-name>_ with a unique app name.
```azurecli-interactive az webapp config container set --resource-group myResourceGroup --name <app-name> --multicontainer-config-type compose --multicontainer-config-file compose-wordpress.yml
app-service Tutorial Php Mysql App https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/app-service/tutorial-php-mysql-app.md
In this step, you create a MySQL database in [Azure Database for MySQL](../mysql
### Create a MySQL server
-In the Cloud Shell, create a server in Azure Database for MySQL with the [`az mysql server create`](/cli/azure/mysql/server#az_mysql_server_create) command.
+In the Cloud Shell, create a server in Azure Database for MySQL with the [`az mysql server create`](/cli/azure/mysql/server#az-mysql-server-create) command.
In the following command, substitute a unique server name for the *\<mysql-server-name>* placeholder, a user name for the *\<admin-user>*, and a password for the *\<admin-password>* placeholder. The server name is used as part of your MySQL endpoint (`https://<mysql-server-name>.mysql.database.azure.com`), so the name needs to be unique across all servers in Azure. For details on selecting MySQL DB SKU, see [Create an Azure Database for MySQL server](../mysql/quickstart-create-mysql-server-database-using-azure-cli.md#create-an-azure-database-for-mysql-server).
When the MySQL server is created, the Azure CLI shows information similar to the
### Configure server firewall
-1. In the Cloud Shell, create a firewall rule for your MySQL server to allow client connections by using the [`az mysql server firewall-rule create`](/cli/azure/mysql/server/firewall-rule#az_mysql_server_firewall_rule_create) command. When both starting IP and end IP are set to 0.0.0.0, the firewall is only opened for other Azure resources.
+1. In the Cloud Shell, create a firewall rule for your MySQL server to allow client connections by using the [`az mysql server firewall-rule create`](/cli/azure/mysql/server/firewall-rule#az-mysql-server-firewall-rule-create) command. When both starting IP and end IP are set to 0.0.0.0, the firewall is only opened for other Azure resources.
```azurecli-interactive az mysql server firewall-rule create --name allAzureIPs --server <mysql-server-name> --resource-group myResourceGroup --start-ip-address 0.0.0.0 --end-ip-address 0.0.0.0
In this step, you deploy the MySQL-connected PHP application to Azure App Servic
### Configure database settings
-In App Service, you set environment variables as _app settings_ by using the [`az webapp config appsettings set`](/cli/azure/webapp/config/appsettings#az_webapp_config_appsettings_set) command.
+In App Service, you set environment variables as _app settings_ by using the [`az webapp config appsettings set`](/cli/azure/webapp/config/appsettings#az-webapp-config-appsettings-set) command.
The following command configures the app settings `DB_HOST`, `DB_DATABASE`, `DB_USERNAME`, and `DB_PASSWORD`. Replace the placeholders _&lt;app-name>_ and _&lt;mysql-server-name>_.
Laravel needs an application key in App Service. You can configure it with app s
php artisan key:generate --show ```
-1. In the Cloud Shell, set the application key in the App Service app by using the [`az webapp config appsettings set`](/cli/azure/webapp/config/appsettings#az_webapp_config_appsettings_set) command. Replace the placeholders _&lt;app-name>_ and _&lt;outputofphpartisankey:generate>_.
+1. In the Cloud Shell, set the application key in the App Service app by using the [`az webapp config appsettings set`](/cli/azure/webapp/config/appsettings#az-webapp-config-appsettings-set) command. Replace the placeholders _&lt;app-name>_ and _&lt;outputofphpartisankey:generate>_.
```azurecli-interactive az webapp config appsettings set --name <app-name> --resource-group myResourceGroup --settings APP_KEY="<output_of_php_artisan_key:generate>" APP_DEBUG="true"
Laravel needs an application key in App Service. You can configure it with app s
Set the virtual application path for the app. This step is required because the [Laravel application lifecycle](https://laravel.com/docs/5.4/lifecycle) begins in the _public_ directory instead of the application's root directory. Other PHP frameworks whose lifecycle start in the root directory can work without manual configuration of the virtual application path.
-In the Cloud Shell, set the virtual application path by using the [`az resource update`](/cli/azure/resource#az_resource_update) command. Replace the _&lt;app-name>_ placeholder.
+In the Cloud Shell, set the virtual application path by using the [`az resource update`](/cli/azure/resource#az-resource-update) command. Replace the _&lt;app-name>_ placeholder.
```azurecli-interactive az resource update --name web --resource-group myResourceGroup --namespace Microsoft.Web --resource-type config --parent sites/<app_name> --set properties.virtualApplications[0].physicalPath="site\wwwroot\public" --api-version 2015-06-01
If you add any task, they're retained in the database. Updates to the data schem
While the PHP application runs in Azure App Service, you can get the console logs piped to your terminal. That way, you can get the same diagnostic messages to help you debug application errors.
-To start log streaming, use the [`az webapp log tail`](/cli/azure/webapp/log#az_webapp_log_tail) command in the Cloud Shell.
+To start log streaming, use the [`az webapp log tail`](/cli/azure/webapp/log#az-webapp-log-tail) command in the Cloud Shell.
```azurecli-interactive az webapp log tail --name <app_name> --resource-group myResourceGroup
app-service Tutorial Ruby Postgres App https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/app-service/tutorial-ruby-postgres-app.md
In this step, you create a Postgres database in [Azure Database for PostgreSQL](
az extension add --name db-up ```
-1. Create the Postgres database in Azure with the [`az postgres up`](/cli/azure/postgres#az_postgres_up) command, as shown in the following example. Replace *\<postgresql-name>* with a *unique* name (the server endpoint is *https://\<postgresql-name>.postgres.database.azure.com*). For *\<admin-username>* and *\<admin-password>*, specify credentials to create an administrator user for this Postgres server.
+1. Create the Postgres database in Azure with the [`az postgres up`](/cli/azure/postgres#az-postgres-up) command, as shown in the following example. Replace *\<postgresql-name>* with a *unique* name (the server endpoint is *https://\<postgresql-name>.postgres.database.azure.com*). For *\<admin-username>* and *\<admin-password>*, specify credentials to create an administrator user for this Postgres server.
<!-- Issue: without --location --> ```azurecli
In this step, you create a Postgres database in [Azure Database for PostgreSQL](
<!-- not all locations support az postgres up --> > [!TIP]
- > `--location <location-name>`, can be set to any one of the [Azure regions](https://azure.microsoft.com/global-infrastructure/regions/). You can get the regions available to your subscription with the [`az account list-locations`](/cli/azure/account#az_account_list_locations) command. For production apps, put your database and your app in the same location.
+ > `--location <location-name>`, can be set to any one of the [Azure regions](https://azure.microsoft.com/global-infrastructure/regions/). You can get the regions available to your subscription with the [`az account list-locations`](/cli/azure/account#az-account-list-locations) command. For production apps, put your database and your app in the same location.
## Connect app to Azure Postgres
In this step, you deploy the Postgres-connected Rails application to Azure App S
### Configure database settings
-In App Service, you set environment variables as _app settings_ by using the [`az webapp config appsettings set`](/cli/azure/webapp/config/appsettings#az_webapp_config_appsettings_set) command in the Cloud Shell.
+In App Service, you set environment variables as _app settings_ by using the [`az webapp config appsettings set`](/cli/azure/webapp/config/appsettings#az-webapp-config-appsettings-set) command in the Cloud Shell.
The following Cloud Shell command configures the app settings `DB_HOST`, `DB_DATABASE`, `DB_USERNAME`, and `DB_PASSWORD`. Replace the placeholders _&lt;appname>_ and _&lt;postgres-server-name>_.
az webapp config appsettings set --name <app-name> --resource-group myResourceGr
### Push to Azure from Git
-1. Since you're deploying the `main` branch, you need to set the default deployment branch for your App Service app to `main` (see [Change deployment branch](deploy-local-git.md#change-deployment-branch)). In the Cloud Shell, set the `DEPLOYMENT_BRANCH` app setting with the [`az webapp config appsettings set`](/cli/azure/webapp/config/appsettings#az_webapp_config_appsettings_set) command.
+1. Since you're deploying the `main` branch, you need to set the default deployment branch for your App Service app to `main` (see [Change deployment branch](deploy-local-git.md#change-deployment-branch)). In the Cloud Shell, set the `DEPLOYMENT_BRANCH` app setting with the [`az webapp config appsettings set`](/cli/azure/webapp/config/appsettings#az-webapp-config-appsettings-set) command.
```azurecli-interactive az webapp config appsettings set --name <app-name> --resource-group myResourceGroup --settings DEPLOYMENT_BRANCH='main'
application-gateway Application Gateway Backend Health Troubleshooting https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/application-gateway/application-gateway-backend-health-troubleshooting.md
successfully, Application Gateway resumes forwarding the requests.
### How to check backend health To check the health of your backend pool, you can use the
-**Backend Health** page on the Azure portal. Or, you can use [Azure PowerShell](/powershell/module/az.network/get-azapplicationgatewaybackendhealth), [CLI](/cli/azure/network/application-gateway#az_network_application_gateway_show_backend_health), or [REST API](/rest/api/application-gateway/applicationgateways/backendhealth).
+**Backend Health** page on the Azure portal. Or, you can use [Azure PowerShell](/powershell/module/az.network/get-azapplicationgatewaybackendhealth), [CLI](/cli/azure/network/application-gateway#az-network-application-gateway-show-backend-health), or [REST API](/rest/api/application-gateway/applicationgateways/backendhealth).
The status retrieved by any of these methods can be any one of the following:
application-gateway Redirect Http To Https Cli https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/application-gateway/redirect-http-to-https-cli.md
az network public-ip create \
## Create the application gateway
-You can use [az network application-gateway create](/cli/azure/network/application-gateway#az_network_application_gateway_create) to create the application gateway named *myAppGateway*. When you create an application gateway using the Azure CLI, you specify configuration information, such as capacity, sku, and HTTP settings.
+You can use [az network application-gateway create](/cli/azure/network/application-gateway#az-network-application-gateway-create) to create the application gateway named *myAppGateway*. When you create an application gateway using the Azure CLI, you specify configuration information, such as capacity, sku, and HTTP settings.
The application gateway is assigned to *myAGSubnet* and *myAGPublicIPAddress* that you previously created. In this example, you associate the certificate that you created and its password when you create the application gateway.
az network application-gateway create \
### Add the HTTP port
-You can use [az network application-gateway frontend-port create](/cli/azure/network/application-gateway/frontend-port#az_network-application_gateway_frontend_port_create) to add the HTTP port to the application gateway.
+You can use [az network application-gateway frontend-port create](/cli/azure/network/application-gateway/frontend-port#az-network-application-gateway-frontend-port-create) to add the HTTP port to the application gateway.
```azurecli-interactive az network application-gateway frontend-port create \
az network application-gateway frontend-port create \
### Add the HTTP listener
-You can use [az network application-gateway http-listener create](/cli/azure/network/application-gateway/http-listener#az_network_application_gateway_http_listener_create) to add the listener named *myListener* to the application gateway.
+You can use [az network application-gateway http-listener create](/cli/azure/network/application-gateway/http-listener#az-network-application-gateway-http-listener-create) to add the listener named *myListener* to the application gateway.
```azurecli-interactive az network application-gateway http-listener create \
az network application-gateway http-listener create \
### Add the redirection configuration
-Add the HTTP to HTTPS redirection configuration to the application gateway using [az network application-gateway redirect-config create](/cli/azure/network/application-gateway/redirect-config#az_network_application_gateway_redirect_config_create).
+Add the HTTP to HTTPS redirection configuration to the application gateway using [az network application-gateway redirect-config create](/cli/azure/network/application-gateway/redirect-config#az-network-application-gateway-redirect-config-create).
```azurecli-interactive az network application-gateway redirect-config create \
az network application-gateway redirect-config create \
### Add the routing rule
-Add the routing rule named *rule2* with the redirection configuration to the application gateway using [az network application-gateway rule create](/cli/azure/network/application-gateway/rule#az_network_application_gateway_rule_create).
+Add the routing rule named *rule2* with the redirection configuration to the application gateway using [az network application-gateway rule create](/cli/azure/network/application-gateway/rule#az-network-application-gateway-rule-create).
```azurecli-interactive az network application-gateway rule create \
az network application-gateway rule create \
## Create a virtual machine scale set
-In this example, you create a virtual machine scale set named *myvmss* that provides servers for the backend pool in the application gateway. The virtual machines in the scale set are associated with *myBackendSubnet* and *appGatewayBackendPool*. To create the scale set, you can use [az vmss create](/cli/azure/vmss#az_vmss_create).
+In this example, you create a virtual machine scale set named *myvmss* that provides servers for the backend pool in the application gateway. The virtual machines in the scale set are associated with *myBackendSubnet* and *appGatewayBackendPool*. To create the scale set, you can use [az vmss create](/cli/azure/vmss#az-vmss-create).
```azurecli-interactive az vmss create \
application-gateway Redirect Internal Site Cli https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/application-gateway/redirect-internal-site-cli.md
az group create --name myResourceGroupAG --location eastus
## Create network resources
-Create the virtual network named *myVNet* and the subnet named *myAGSubnet* using [az network vnet create](/cli/azure/network/vnet). You can then add the subnet named *myBackendSubnet* that's needed by the backend pool of servers using [az network vnet subnet create](/cli/azure/network/vnet/subnet). Create the public IP address named *myAGPublicIPAddress* using [az network public-ip create](/cli/azure/network/public-ip#az_network_public_ip_create).
+Create the virtual network named *myVNet* and the subnet named *myAGSubnet* using [az network vnet create](/cli/azure/network/vnet). You can then add the subnet named *myBackendSubnet* that's needed by the backend pool of servers using [az network vnet subnet create](/cli/azure/network/vnet/subnet). Create the public IP address named *myAGPublicIPAddress* using [az network public-ip create](/cli/azure/network/public-ip#az-network-public-ip-create).
```azurecli-interactive az network vnet create \
It may take several minutes for the application gateway to be created. After the
A listener is required to enable the application gateway to route traffic appropriately to the backend pool. In this tutorial, you create two listeners for your two domains. In this example, listeners are created for the domains of *www\.contoso.com* and *www\.contoso.org*.
-Add the backend listeners that are needed to route traffic using [az network application-gateway http-listener create](/cli/azure/network/application-gateway/http-listener#az_network_application_gateway_http_listener_create).
+Add the backend listeners that are needed to route traffic using [az network application-gateway http-listener create](/cli/azure/network/application-gateway/http-listener#az-network-application-gateway-http-listener-create).
```azurecli-interactive az network application-gateway http-listener create \
az network application-gateway http-listener create \
### Add the redirection configuration
-Add the redirection configuration that sends traffic from *www\.consoto.org* to the listener for *www\.contoso.com* in the application gateway using [az network application-gateway redirect-config create](/cli/azure/network/application-gateway/redirect-config#az_network_application_gateway_redirect_config_create).
+Add the redirection configuration that sends traffic from *www\.consoto.org* to the listener for *www\.contoso.com* in the application gateway using [az network application-gateway redirect-config create](/cli/azure/network/application-gateway/redirect-config#az-network-application-gateway-redirect-config-create).
```azurecli-interactive az network application-gateway redirect-config create \
az network application-gateway redirect-config create \
Rules are processed in the order in which they are created, and traffic is directed using the first rule that matches the URL sent to the application gateway. For example, if you have a rule using a basic listener and a rule using a multi-site listener both on the same port, the rule with the multi-site listener must be listed before the rule with the basic listener in order for the multi-site rule to function as expected.
-In this example, you create two new rules and delete the default rule that was created. You can add the rule using [az network application-gateway rule create](/cli/azure/network/application-gateway/rule#az_network_application_gateway_rule_create).
+In this example, you create two new rules and delete the default rule that was created. You can add the rule using [az network application-gateway rule create](/cli/azure/network/application-gateway/rule#az-network-application-gateway-rule-create).
```azurecli-interactive az network application-gateway rule create \
az vmss extension set \
## Create CNAME record in your domain
-After the application gateway is created with its public IP address, you can get the DNS address and use it to create a CNAME record in your domain. You can use [az network public-ip show](/cli/azure/network/public-ip#az_network_public_ip_show) to get the DNS address of the application gateway. Copy the *fqdn* value of the DNSSettings and use it as the value of the CNAME record that you create. The use of A-records is not recommended because the VIP may change when the application gateway is restarted.
+After the application gateway is created with its public IP address, you can get the DNS address and use it to create a CNAME record in your domain. You can use [az network public-ip show](/cli/azure/network/public-ip#az-network-public-ip-show) to get the DNS address of the application gateway. Copy the *fqdn* value of the DNSSettings and use it as the value of the CNAME record that you create. The use of A-records is not recommended because the VIP may change when the application gateway is restarted.
```azurecli-interactive az network public-ip show \
application-gateway Create Vmss Cli https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/application-gateway/scripts/create-vmss-cli.md
This script uses the following commands to create the deployment. Each item in t
||| | [az group create](/cli/azure/group) | Creates a resource group in which all resources are stored. | | [az network vnet create](/cli/azure/network/vnet) | Creates a virtual network. |
-| [az network vnet subnet create](/cli/azure/network/vnet/subnet#az_network_vnet_subnet_create) | Creates a subnet in a virtual network. |
+| [az network vnet subnet create](/cli/azure/network/vnet/subnet#az-network-vnet-subnet-create) | Creates a subnet in a virtual network. |
| [az network public-ip create](/cli/azure/network/public-ip) | Creates the public IP address for the application gateway. | | [az network application-gateway create](/cli/azure/network/application-gateway) | Create an application gateway. | | [az vmss create](/cli/azure/vmss) | Creates a virtual machine scale set. |
application-gateway Create Vmss Waf Cli https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/application-gateway/scripts/create-vmss-waf-cli.md
This script uses the following commands to create the deployment. Each item in t
| Command | Notes | |||
-| [az group create](/cli/azure/group#az_group_create) | Creates a resource group in which all resources are stored. |
-| [az network vnet create](/cli/azure/network/vnet#az_network_vnet_create) | Creates a virtual network. |
-| [az network vnet subnet create](/cli/azure/network/vnet/subnet#az_network_vnet_subnet_create) | Creates a subnet in a virtual network. |
+| [az group create](/cli/azure/group#az-group-create) | Creates a resource group in which all resources are stored. |
+| [az network vnet create](/cli/azure/network/vnet#az-network-vnet-create) | Creates a virtual network. |
+| [az network vnet subnet create](/cli/azure/network/vnet/subnet#az-network-vnet-subnet-create) | Creates a subnet in a virtual network. |
| [az network public-ip create](/cli/azure/network/public-ip) | Creates the public IP address for the application gateway. | | [az network application-gateway create](/cli/azure/network/application-gateway) | Create an application gateway. |
-| [az vmss create](/cli/azure/vmss#az_vmss_create) | Creates a virtual machine scale set. |
-| [az storage account create](/cli/azure/storage/account#az_storage_account_create) | Creates a storage account. |
-| [az monitor diagnostic-settings create](/cli/azure/monitor/diagnostic-settings#az_monitor_diagnostic_settings_create) | Creates a storage account. |
-| [az network public-ip show](/cli/azure/network/public-ip#az_network_public_ip_show) | Gets the public IP address of the application gateway. |
+| [az vmss create](/cli/azure/vmss#az-vmss-create) | Creates a virtual machine scale set. |
+| [az storage account create](/cli/azure/storage/account#az-storage-account-create) | Creates a storage account. |
+| [az monitor diagnostic-settings create](/cli/azure/monitor/diagnostic-settings#az-monitor-diagnostic-settings-create) | Creates a storage account. |
+| [az network public-ip show](/cli/azure/network/public-ip#az-network-public-ip-show) | Gets the public IP address of the application gateway. |
## Next steps
application-gateway Tutorial Ingress Controller Add On Existing https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/application-gateway/tutorial-ingress-controller-add-on-existing.md
In this tutorial, you learn how to:
## Create a resource group
-In Azure, you allocate related resources to a resource group. Create a resource group by using [az group create](/cli/azure/group#az_group_create). The following example creates a resource group named *myResourceGroup* in the *canadacentral* location (region).
+In Azure, you allocate related resources to a resource group. Create a resource group by using [az group create](/cli/azure/group#az-group-create). The following example creates a resource group named *myResourceGroup* in the *canadacentral* location (region).
```azurecli-interactive az group create --name myResourceGroup --location canadacentral
In the following example, you'll be deploying a new AKS cluster named *myCluster
az aks create -n myCluster -g myResourceGroup --network-plugin azure --enable-managed-identity ```
-To configure additional parameters for the `az aks create` command, visit references [here](/cli/azure/aks#az_aks_create).
+To configure additional parameters for the `az aks create` command, visit references [here](/cli/azure/aks#az-aks-create).
## Deploy a new Application Gateway
application-gateway Tutorial Ingress Controller Add On New https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/application-gateway/tutorial-ingress-controller-add-on-new.md
In this tutorial, you learn how to:
## Create a resource group
-In Azure, you allocate related resources to a resource group. Create a resource group by using [az group create](/cli/azure/group#az_group_create). The following example creates a resource group named *myResourceGroup* in the *canadacentral* location (region):
+In Azure, you allocate related resources to a resource group. Create a resource group by using [az group create](/cli/azure/group#az-group-create). The following example creates a resource group named *myResourceGroup* in the *canadacentral* location (region):
```azurecli-interactive az group create --name myResourceGroup --location canadacentral
Deploying a new AKS cluster with the AGIC add-on enabled without specifying an e
az aks create -n myCluster -g myResourceGroup --network-plugin azure --enable-managed-identity -a ingress-appgw --appgw-name myApplicationGateway --appgw-subnet-cidr "10.2.0.0/16" --generate-ssh-keys ```
-To configure additional parameters for the `az aks create` command, see [these references](/cli/azure/aks#az_aks_create).
+To configure additional parameters for the `az aks create` command, see [these references](/cli/azure/aks#az-aks-create).
> [!NOTE] > The AKS cluster that you created will appear in the resource group that you created, *myResourceGroup*. However, the automatically created Application Gateway instance will be in the node resource group, where the agent pools are. The node resource group by is named *MC_resource-group-name_cluster-name_location* by default, but can be modified.
application-gateway Tutorial Manage Web Traffic Cli https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/application-gateway/tutorial-manage-web-traffic-cli.md
If you prefer, you can complete this procedure using [Azure PowerShell](tutorial
## Create a resource group
-A resource group is a logical container into which Azure resources are deployed and managed. Create a resource group using [az group create](/cli/azure/group#az_group_create).
+A resource group is a logical container into which Azure resources are deployed and managed. Create a resource group using [az group create](/cli/azure/group#az-group-create).
The following example creates a resource group named *myResourceGroupAG* in the *eastus* location.
az network application-gateway create \
## Create a Virtual Machine Scale Set
-In this example, you create a virtual machine scale set that provides servers for the backend pool in the application gateway. The virtual machines in the scale set are associated with *myBackendSubnet* and *appGatewayBackendPool*. To create the scale set, use [az vmss create](/cli/azure/vmss#az_vmss_create).
+In this example, you create a virtual machine scale set that provides servers for the backend pool in the application gateway. The virtual machines in the scale set are associated with *myBackendSubnet* and *appGatewayBackendPool*. To create the scale set, use [az vmss create](/cli/azure/vmss#az-vmss-create).
```azurecli-interactive az vmss create \
application-gateway Tutorial Multiple Sites Cli https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/application-gateway/tutorial-multiple-sites-cli.md
az network public-ip create \
## Create the application gateway
-You can use [az network application-gateway create](/cli/azure/network/application-gateway#az_network_application_gateway_create) to create the application gateway. When you create an application gateway using the Azure CLI, you specify configuration information, such as capacity, sku, and HTTP settings. The application gateway is assigned to *myAGSubnet* and *myAGPublicIPAddress* that you previously created.
+You can use [az network application-gateway create](/cli/azure/network/application-gateway#az-network-application-gateway-create) to create the application gateway. When you create an application gateway using the Azure CLI, you specify configuration information, such as capacity, sku, and HTTP settings. The application gateway is assigned to *myAGSubnet* and *myAGPublicIPAddress* that you previously created.
```azurecli-interactive az network application-gateway create \
It may take several minutes for the application gateway to be created. After the
### Add the backend pools
-Add the backend pools that are needed to contain the backend servers using [az network application-gateway address-pool create](/cli/azure/network/application-gateway/address-pool#az_network_application_gateway_address-pool_create)
+Add the backend pools that are needed to contain the backend servers using [az network application-gateway address-pool create](/cli/azure/network/application-gateway/address-pool#az-network-application-gateway-address-pool-create)
```azurecli-interactive az network application-gateway address-pool create \ --gateway-name myAppGateway \
az network application-gateway address-pool create \
### Add listeners
-Add listeners that are needed to route traffic using [az network application-gateway http-listener create](/cli/azure/network/application-gateway/http-listener#az_network_application_gateway_http_listener_create).
+Add listeners that are needed to route traffic using [az network application-gateway http-listener create](/cli/azure/network/application-gateway/http-listener#az-network-application-gateway-http-listener-create).
>[!NOTE] > With Application Gateway or WAF v2 SKU, you can also configure up to 5 host names per listener and you can use wildcard characters in the host name. See [wildcard host names in listener](multiple-site-overview.md#wildcard-host-names-in-listener) for more information.
az network application-gateway http-listener create \
Rules are processed in the order they're listed if rule priority field is not used. Traffic is directed using the first rule that matches regardless of specificity. For example, if you have a rule using a basic listener and a rule using a multi-site listener both on the same port, the rule with the multi-site listener must be listed before the rule with the basic listener in order for the multi-site rule to function as expected.
-In this example, you create two new rules and delete the default rule created when you deployed the application gateway. You can add the rule using [az network application-gateway rule create](/cli/azure/network/application-gateway/rule#az_network_application_gateway_rule_create).
+In this example, you create two new rules and delete the default rule created when you deployed the application gateway. You can add the rule using [az network application-gateway rule create](/cli/azure/network/application-gateway/rule#az-network-application-gateway-rule-create).
```azurecli-interactive az network application-gateway rule create \
done
## Create a CNAME record in your domain
-After the application gateway is created with its public IP address, you can get the DNS address and use it to create a CNAME record in your domain. You can use [az network public-ip show](/cli/azure/network/public-ip#az_network_public_ip_show) to get the DNS address of the application gateway. Copy the *fqdn* value of the DNSSettings and use it as the value of the CNAME record that you create.
+After the application gateway is created with its public IP address, you can get the DNS address and use it to create a CNAME record in your domain. You can use [az network public-ip show](/cli/azure/network/public-ip#az-network-public-ip-show) to get the DNS address of the application gateway. Copy the *fqdn* value of the DNSSettings and use it as the value of the CNAME record that you create.
```azurecli-interactive az network public-ip show \
application-gateway Tutorial Ssl Cli https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/application-gateway/tutorial-ssl-cli.md
az network application-gateway create \
## Create a virtual machine scale set
-In this example, you create a virtual machine scale set that provides servers for the default backend pool in the application gateway. The virtual machines in the scale set are associated with *myBackendSubnet* and *appGatewayBackendPool*. To create the scale set, you can use [az vmss create](/cli/azure/vmss#az_vmss_create).
+In this example, you create a virtual machine scale set that provides servers for the default backend pool in the application gateway. The virtual machines in the scale set are associated with *myBackendSubnet* and *appGatewayBackendPool*. To create the scale set, you can use [az vmss create](/cli/azure/vmss#az-vmss-create).
```azurecli-interactive az vmss create \
application-gateway Tutorial Url Redirect Cli https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/application-gateway/tutorial-url-redirect-cli.md
done
## Test the application gateway
-To get the public IP address of the application gateway, use [az network public-ip show](/cli/azure/network/public-ip#az_network_public_ip_show). Copy the public IP address, and then paste it into the address bar of your browser. Such as, `http://40.121.222.19`, `http://40.121.222.19:8080/images/test.htm`, `http://40.121.222.19:8080/video/test.htm`, or `http://40.121.222.19:8081/images/test.htm`.
+To get the public IP address of the application gateway, use [az network public-ip show](/cli/azure/network/public-ip#az-network-public-ip-show). Copy the public IP address, and then paste it into the address bar of your browser. Such as, `http://40.121.222.19`, `http://40.121.222.19:8080/images/test.htm`, `http://40.121.222.19:8080/video/test.htm`, or `http://40.121.222.19:8081/images/test.htm`.
```azurecli-interactive az network public-ip show \
applied-ai-services Generate Sas Tokens https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/applied-ai-services/form-recognizer/generate-sas-tokens.md
To get started, you'll need:
1. To create a user delegation SAS for a container by using the Azure CLI, make sure that you've installed version 2.0.78 or later. To check your installed version, use the `az --version` command.
-1. Call the [az storage container generate-sas](/cli/azure/storage/container#az_storage_container_generate_sas) command.
+1. Call the [az storage container generate-sas](/cli/azure/storage/container#az-storage-container-generate-sas) command.
1. The following parameters are required:
attestation Quickstart Azure Cli https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/attestation/quickstart-azure-cli.md
If you don't have an Azure subscription, create a [free account](https://azure.m
az account set --subscription 00000000-0000-0000-0000-000000000000 ```
-1. Register the Microsoft.Attestation resource provider in the subscription with the [az provider register](/cli/azure/provider#az_provider_register) command:
+1. Register the Microsoft.Attestation resource provider in the subscription with the [az provider register](/cli/azure/provider#az-provider-register) command:
```azurecli az provider register --name Microsoft.Attestation
If you don't have an Azure subscription, create a [free account](https://azure.m
> [!NOTE] > You only need to register a resource provider once for a subscription.
-1. Create a resource group for the attestation provider. You can put other Azure resources in the same resource group, including a virtual machine with a client application instance. Run the [az group create](/cli/azure/group#az_group_create) command to create a resource group, or use an existing resource group:
+1. Create a resource group for the attestation provider. You can put other Azure resources in the same resource group, including a virtual machine with a client application instance. Run the [az group create](/cli/azure/group#az-group-create) command to create a resource group, or use an existing resource group:
```azurecli az group create --name attestationrg --location uksouth
If you don't have an Azure subscription, create a [free account](https://azure.m
Here are commands you can use to create and manage the attestation provider:
-1. Run the [az attestation create](/cli/azure/attestation#az_attestation_create) command to create an attestation provider without policy signing requirement:
+1. Run the [az attestation create](/cli/azure/attestation#az-attestation-create) command to create an attestation provider without policy signing requirement:
```azurecli az attestation create --name "myattestationprovider" --resource-group "MyResourceGroup" --location westus ```
-1. Run the [az attestation show](/cli/azure/attestation#az_attestation_show) command to retrieve attestation provider properties such as status and AttestURI:
+1. Run the [az attestation show](/cli/azure/attestation#az-attestation-show) command to retrieve attestation provider properties such as status and AttestURI:
```azurecli az attestation show --name "myattestationprovider" --resource-group "MyResourceGroup"
Here are commands you can use to create and manage the attestation provider:
TagsTable: ```
-You can delete an attestation provider by using the [az attestation delete](/cli/azure/attestation#az_attestation_delete) command:
+You can delete an attestation provider by using the [az attestation delete](/cli/azure/attestation#az-attestation-delete) command:
```azurecli az attestation delete --name "myattestationprovider" --resource-group "sample-resource-group"
az attestation delete --name "myattestationprovider" --resource-group "sample-re
Use the commands described here to provide policy management for an attestation provider, one attestation type at a time.
-The [az attestation policy show](/cli/azure/attestation/policy#az_attestation_policy_show) command returns the current policy for the specified TEE:
+The [az attestation policy show](/cli/azure/attestation/policy#az-attestation-policy-show) command returns the current policy for the specified TEE:
```azurecli az attestation policy show --name "myattestationprovider" --resource-group "MyResourceGroup" --attestation-type SGX-IntelSDK
The following are supported TEE types:
- `SGX-OpenEnclaveSDK` - `TPM`
-Use the [az attestation policy set](/cli/azure/attestation/policy#az_attestation_policy_set) command to set a new policy for the specified attestation type.
+Use the [az attestation policy set](/cli/azure/attestation/policy#az-attestation-policy-set) command to set a new policy for the specified attestation type.
To set policy in text format for a given kind of attestation type using file path:
automation Enforce Job Execution Hybrid Worker https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/automation/enforce-job-execution-hybrid-worker.md
Here we compose the policy rule and then assign it to either a management group
az policy definition create --name 'audit-enforce-jobs-on-automation-hybrid-runbook-workers' --display-name 'Audit Enforce Jobs on Automation Hybrid Runbook Workers' --description 'This policy enforces job execution on Automation account user Hybrid Runbook Workers.' --rules 'AuditAutomationHRWJobExecution.json' --mode All ```
- The command creates a policy definition named **Audit Enforce Jobs on Automation Hybrid Runbook Workers**. For more information about other parameters that you can use, see [az policy definition create](/cli/azure/policy/definition#az_policy_definition_create).
+ The command creates a policy definition named **Audit Enforce Jobs on Automation Hybrid Runbook Workers**. For more information about other parameters that you can use, see [az policy definition create](/cli/azure/policy/definition#az-policy-definition-create).
When called without location parameters, `az policy definition create` defaults to saving the policy definition in the selected subscription of the sessions context. To save the definition to a different location, use the following parameters:
automation Operating System Requirements https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/automation/update-management/operating-system-requirements.md
The following table lists operating systems not supported by Update Management:
|Operating system |Notes | |||
-|Windows client | Client operating systems (such as Windows 7 and Windows 10) aren't supported.<br> For Azure Windows Virtual Desktop (WVD), the recommended method<br> to manage updates is [Microsoft Endpoint Configuration Manager](../../virtual-desktop/configure-automatic-updates.md) for Windows 10 client machine patch management. |
+|Windows client | Client operating systems (such as Windows 7 and Windows 10) aren't supported.<br>For Azure Virtual Desktop, the recommended method to manage updates is [Microsoft Endpoint Configuration Manager](../../virtual-desktop/configure-automatic-updates.md) for Windows 10 client machine patch management. |
|Windows Server 2016 Nano Server | Not supported. | |Azure Kubernetes Service Nodes | Not supported. Use the patching process described in [Apply security and kernel updates to Linux nodes in Azure Kubernetes Service (AKS)](../../aks/node-updates-kured.md)|
azure-app-configuration Integrate Kubernetes Deployment Helm https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-app-configuration/integrate-kubernetes-deployment-helm.md
settings:
First, download the configuration from App Configuration to a *myConfig.yaml* file. Use a key filter to only download those keys that start with **settings.**. If in your case the key filter is not sufficient to exclude keys of Key Vault references, you may use the argument **--skip-keyvault** to exclude them. > [!TIP]
-> Learn more about the [export command](/cli/azure/appconfig/kv#az_appconfig_kv_export).
+> Learn more about the [export command](/cli/azure/appconfig/kv#az-appconfig-kv-export).
```azurecli-interactive az appconfig kv export -n myAppConfiguration -d file --path myConfig.yaml --key "settings.*" --separator "." --format yaml
azure-app-configuration Monitor App Configuration https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-app-configuration/monitor-app-configuration.md
Resource Logs are not collected and stored until you create a diagnostic setting
az account set --subscription <your-subscription-id> ```
-1. Enable logs by using the az monitor [diagnostic-settings create command](/cli/azure/monitor/diagnostic-settings#az_monitor_diagnostic_settings_create).
+1. Enable logs by using the az monitor [diagnostic-settings create command](/cli/azure/monitor/diagnostic-settings#az-monitor-diagnostic-settings-create).
```Azure CLI az monitor diagnostic-settings create --name <setting-name> --workspace <log-analytics-workspace-resource-id> --resource <app-configuration-resource-id> --logs '[{"category": <category name>, "enabled": true "retentionPolicy": {"days": <days>, "enabled": <retention-bool}}]'
azure-app-configuration Overview Managed Identity https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-app-configuration/overview-managed-identity.md
The following steps will walk you through creating a user-assigned identity and
## Removing an identity
-A system-assigned identity can be removed by disabling the feature by using the [az appconfig identity remove](/cli/azure/appconfig/identity#az_appconfig_identity_remove) command in the Azure CLI. User-assigned identities can be removed individually. Removing a system-assigned identity in this way will also delete it from Azure AD. System-assigned identities are also automatically removed from Azure AD when the app resource is deleted.
+A system-assigned identity can be removed by disabling the feature by using the [az appconfig identity remove](/cli/azure/appconfig/identity#az-appconfig-identity-remove) command in the Azure CLI. User-assigned identities can be removed individually. Removing a system-assigned identity in this way will also delete it from Azure AD. System-assigned identities are also automatically removed from Azure AD when the app resource is deleted.
## Next steps
azure-app-configuration Cli Create Service https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-app-configuration/scripts/cli-create-service.md
This script uses the following commands to create a new resource group and an Ap
| Command | Notes | |||
-| [az group create](/cli/azure/group#az_group_create) | Creates a resource group in which all resources are stored. |
-| [az appconfig create](/cli/azure/appconfig#az_appconfig_create) | Creates an App Configuration store resource. |
-| [az appconfig credential list](/cli/azure/appconfig/credential#az_appconfig_credential_list) | List access keys for an App Configuration store. |
+| [az group create](/cli/azure/group#az-group-create) | Creates a resource group in which all resources are stored. |
+| [az appconfig create](/cli/azure/appconfig#az-appconfig-create) | Creates an App Configuration store resource. |
+| [az appconfig credential list](/cli/azure/appconfig/credential#az-appconfig-credential-list) | List access keys for an App Configuration store. |
## Next steps
azure-app-configuration Cli Delete Service https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-app-configuration/scripts/cli-delete-service.md
This script uses the following commands to delete an App Configuration store. Ea
| Command | Notes | |||
-| [az appconfig delete](/cli/azure/appconfig#az_appconfig_delete) | Deletes an App Configuration store resource. |
+| [az appconfig delete](/cli/azure/appconfig#az-appconfig-delete) | Deletes an App Configuration store resource. |
## Next steps
azure-app-configuration Cli Export https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-app-configuration/scripts/cli-export.md
This script uses the following commands to export from an App Configuration stor
| Command | Notes | |||
-| [az appconfig kv export](/cli/azure/appconfig/kv#az_appconfig_kv_export) | Exports from an App Configuration store resource. |
+| [az appconfig kv export](/cli/azure/appconfig/kv#az-appconfig-kv-export) | Exports from an App Configuration store resource. |
## Next steps
azure-app-configuration Cli Import https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-app-configuration/scripts/cli-import.md
This script uses the following commands to import to an App Configuration store.
| Command | Notes | |||
-| [az appconfig kv import](/cli/azure/appconfig/kv#az_appconfig_kv_import) | Imports to an App Configuration store resource. |
+| [az appconfig kv import](/cli/azure/appconfig/kv#az-appconfig-kv-import) | Imports to an App Configuration store resource. |
## Next steps
azure-app-configuration Cli Work With Keys https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-app-configuration/scripts/cli-work-with-keys.md
This table lists the commands used in our sample script.
| Command | Notes | |||
-| [az appconfig kv set](/cli/azure/appconfig/kv#az_appconfig_kv_set) | Create or update a key-value pair. |
-| [az appconfig kv list](/cli/azure/appconfig/kv#az_appconfig_kv_list) | List key-value pairs in an App Configuration store. |
-| [az appconfig kv delete](/cli/azure/appconfig/kv#az_appconfig_kv_delete) | Delete a key-value pair. |
+| [az appconfig kv set](/cli/azure/appconfig/kv#az-appconfig-kv-set) | Create or update a key-value pair. |
+| [az appconfig kv list](/cli/azure/appconfig/kv#az-appconfig-kv-list) | List key-value pairs in an App Configuration store. |
+| [az appconfig kv delete](/cli/azure/appconfig/kv#az-appconfig-kv-delete) | Delete a key-value pair. |
## Next steps
azure-app-configuration Use Key Vault References Spring Boot https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-app-configuration/use-key-vault-references-spring-boot.md
To add a secret to the vault, you need to take just a few additional steps. In t
## Connect to Key Vault
-1. In this tutorial, you use a service principal for authentication to Key Vault. To create this service principal, use the Azure CLI [az ad sp create-for-rbac](/cli/azure/ad/sp#az_ad_sp_create_for_rbac) command:
+1. In this tutorial, you use a service principal for authentication to Key Vault. To create this service principal, use the Azure CLI [az ad sp create-for-rbac](/cli/azure/ad/sp#az-ad-sp-create-for-rbac) command:
```azurecli az ad sp create-for-rbac -n "http://mySP" --role Contributor --sdk-auth
azure-arc Create Complete Managed Instance Directly Connected https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-arc/data/create-complete-managed-instance-directly-connected.md
In addition, you need the following additional extensions to connect the cluster
## Access your Kubernetes cluster
-After installing the client tools, you need access to a Kubernetes cluster. You can create Kubernetes cluster with [`az aks create`](/cli/azure/aks#az_aks_create), or you can follow the steps below to create the cluster in the Azure portal.
+After installing the client tools, you need access to a Kubernetes cluster. You can create Kubernetes cluster with [`az aks create`](/cli/azure/aks#az-aks-create), or you can follow the steps below to create the cluster in the Azure portal.
### Create a cluster
azure-arc Create Complete Managed Instance Indirectly Connected https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-arc/data/create-complete-managed-instance-indirectly-connected.md
Follow the steps below to deploy the cluster from the Azure CLI.
az aks create --resource-group <resource_group_name> --name <cluster_name> --node-count 3 --enable-addons monitoring --generate-ssh-keys --node-vm-size <node size> ```
- For command details, see [az aks create](/cli/azure/aks#az_aks_create).
+ For command details, see [az aks create](/cli/azure/aks#az-aks-create).
For a complete demonstration, including an application on a single-node Kubernetes cluster, go to [Quickstart: Deploy an Azure Kubernetes Service cluster using the Azure CLI](../../aks/kubernetes-walkthrough.md).
azure-arc Cluster Connect https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-arc/kubernetes/cluster-connect.md
A conceptual overview of this feature is available in [Cluster connect - Azure A
## Prerequisites -- [Install or upgrade Azure CLI](/cli/azure/install-azure-cli) to version >= 2.16.0 and <= 2.29.0
+- [Install](/cli/azure/install-azure-cli) or [update](/cli/azure/update-azure-cli) Azure CLI to version >= 2.16.0.
-- Install the `connectedk8s` Azure CLI extension of version >= 1.2.0:
+- Install the `connectedk8s` Azure CLI extension of version >= 1.2.5:
```azurecli az extension add --name connectedk8s
azure-arc Quick Enable Hybrid Vm https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-arc/servers/learn/quick-enable-hybrid-vm.md
Title: Connect hybrid machine with Azure Arc-enabled servers
-description: Learn how to connect and register your hybrid machine with Azure Arc-enabled servers.
+ Title: Quickstart - Connect hybrid machine with Azure Arc-enabled servers
+description: In this quickstart, you connect and register a hybrid machine with Azure Arc-enabled servers.
Previously updated : 12/15/2020 Last updated : 03/23/2022 # Quickstart: Connect hybrid machines with Azure Arc-enabled servers
-[Azure Arc-enabled servers](../overview.md) enables you to manage and govern your Windows and Linux machines hosted across on-premises, edge, and multicloud environments. In this quickstart, you'll deploy and configure the Connected Machine agent on your Windows or Linux machine hosted outside of Azure for management by Azure Arc-enabled servers.
+Get started with [Azure Arc-enabled servers](../overview.md) to manage and govern your Windows and Linux machines hosted across on-premises, edge, and multicloud environments.
-## Prerequisites
-
-* If you don't have an Azure subscription, create a [free account](https://azure.microsoft.com/free/?WT.mc_id=A261C142F) before you begin.
-
-* Deploying the Azure Arc-enabled servers Hybrid Connected Machine agent requires that you have administrator permissions on the machine to install and configure the agent. On Linux, by using the root account, and on Windows, with an account that is a member of the Local Administrators group.
-
-* Before you get started, be sure to review the agent [prerequisites](../prerequisites.md) and verify the following:
-
- * Your target machine is running a supported [operating system](../prerequisites.md#supported-operating-systems).
-
- * Your account is granted assignment to the [required Azure roles](../prerequisites.md#required-permissions).
-
- * If the machine connects through a firewall or proxy server to communicate over the Internet, make sure the URLs [listed](../network-requirements.md#urls) are not blocked.
-
- * Azure Arc-enabled servers supports only the regions specified [here](../overview.md#supported-regions).
-
-> [!WARNING]
-> The Linux hostname or Windows computer name cannot use one of the reserved words or trademarks in the name, otherwise attempting to register the connected machine with Azure will fail. See [Resolve reserved resource name errors](../../../azure-resource-manager/templates/error-reserved-resource-name.md) for a list of the reserved words.
--
-## Register Azure resource providers
+In this quickstart, you'll deploy and configure the Azure Connected Machine agent on a Windows or Linux machine hosted outside of Azure, so that it can be managed through Azure Arc-enabled servers.
-Azure Arc-enabled servers depends on the following Azure resource providers in your subscription in order to use this service:
-
-* Microsoft.HybridCompute
-* Microsoft.GuestConfiguration
-* Microsoft.HybridConnectivity
-
-Register them using the following commands:
-
-```azurepowershell-interactive
-Login-AzAccount
-Set-AzContext -SubscriptionId [subscription you want to onboard]
-Register-AzResourceProvider -ProviderNamespace Microsoft.HybridCompute
-Register-AzResourceProvider -ProviderNamespace Microsoft.GuestConfiguration
-Register-AzResourceProvider -ProviderNamespace Microsoft.HybridConnectivity
-```
+## Prerequisites
-```azurecli-interactive
-az account set --subscription "{Your Subscription Name}"
-az provider register --namespace 'Microsoft.HybridCompute'
-az provider register --namespace 'Microsoft.GuestConfiguration'
-az provider register --namespace 'Microsoft.HybridConnectivity'
-```
+* An Azure account with an active subscription. [Create an account for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F).
+* Deploying the Connected Machine agent on a machine requires that you have administrator permissions to install and configure the agent. On Linux this is done by using the root account, and on Windows, with an account that is a member of the Local Administrators group.
+* The Microsoft.HybridCompute, Microsoft.GuestConfiguration, and Microsoft.HybridConnectivity resource providers must be registered on your subscription. You can [register these resource providers ahead of time](../prerequisites.md#azure-resource-providers), or while completing the steps in this quickstart.
+* Before you get started, be sure to review the [agent prerequisites](../prerequisites.md) and verify the following:
+ * Your target machine is running a supported [operating system](../prerequisites.md#supported-operating-systems).
+ * Your account has the [required Azure built-in roles](../prerequisites.md#required-permissions).
+ * Ensure the machine is in a [supported region](../overview.md#supported-regions).
+ * Confirm that the Linux hostname or Windows computer name doesn't use a [reserved word or trademark](../../../azure-resource-manager/templates/error-reserved-resource-name.md).
+ * If the machine connects through a firewall or proxy server to communicate over the Internet, make sure the URLs [listed](../network-requirements.md#urls) are not blocked.
## Generate installation script
-The script to automate the download, installation, and establish the connection with Azure Arc, is available from the Azure portal. To complete the process, do the following:
-
-1. Launch the Azure Arc service in the Azure portal by clicking **All services**, then searching for and selecting **Servers - Azure Arc**.
+Use the Azure portal to create a script that automates the agent download and installation, and establishes the connection with Azure Arc.
- :::image type="content" source="./media/quick-enable-hybrid-vm/search-machines.png" alt-text="Search for Azure Arc-enabled servers in All Services" border="false":::
+1. Launch the Azure Arc service in the Azure portal by searching for and selecting **Servers - Azure Arc**.
-1. On the **Servers - Azure Arc** page, select **Add** at the upper left.
+ :::image type="content" source="media/quick-enable-hybrid-vm/search-machines.png" alt-text="Search for Azure Arc-enabled servers in the Azure portal.":::
-1. On the **Select a method** page, select the **Add servers using interactive script** tile, and then select **Generate script**.
+1. On the **Servers - Azure Arc** page, select **Add** near the upper left.
-1. On the **Generate script** page, select the subscription and resource group where you want the machine to be managed within Azure. Select an Azure location where the machine metadata will be stored. This location can be the same or different, as the resource group's location.
+1. On the next page, from the **Add a single server** tile, select **Generate script**.
-1. On the **Prerequisites** page, review the information and then select **Next: Resource details**.
+1. Review the information on the **Prerequisites** page, then select **Next**.
1. On the **Resource details** page, provide the following:
- 1. In the **Resource group** drop-down list, select the resource group the machine will be managed from.
- 1. In the **Region** drop-down list, select the Azure region to store the servers metadata.
- 1. In the **Operating system** drop-down list, select the operating system that the script be configured to run on.
- 1. If the machine is communicating through a proxy server to connect to the internet, specify the proxy server IP address or the name and port number that the machine will use to communicate with the proxy server. Enter the value in the format `http://<proxyURL>:<proxyport>`.
- 1. Select **Next: Tags**.
+ 1. Select the subscription and resource group where you want the machine to be managed within Azure.
+ 1. For **Region**, choose the Azure region in which the server's metadata will be stored.
+ 1. For **Operating system**, select the operating system of the server you want to connect.
+ 1. For **Connectivity method**, choose how the Azure Connected Machine agent should connect to the internet. If you select **Proxy server**, enter the proxy server IP address or the name and port number that the machine will use in the format `http://<proxyURL>:<proxyport>`.
+ 1. Select **Next**.
-1. On the **Tags** page, review the default **Physical location tags** suggested and enter a value, or specify one or more **Custom tags** to support your standards.
+1. On the **Tags** page, review the default **Physical location tags** suggested and enter a value, or specify one or more **Custom tags** to support your standards. Then select **Next**.
-1. Select **Next: Download and run script**.
+1. On the **Download and run script** page, select the **Register** button to register the required resource providers in your subscription, if you haven't already done so.
-1. On the **Download and run script** page, review the summary information, and then select **Download**. If you still need to make changes, select **Previous**.
+1. In the **Download or copy the following script** section, review the script. If you want to make any changes, use the **Previous** button to go back and update your selections. Otherwise, select **Download** to save the script file.
## Install the agent using the script
+Now that you've generated the script, the next step is to run it on the server that you want to onboard to Azure Arc. The script will download the Connected Machine agent from the Microsoft Download Center, install the agent on the server, create the Azure Arc-enabled server resource, and associate it with the agent.
+
+Follow the steps below for the operating system of your server.
+ ### Windows agent 1. Log in to the server. 1. Open an elevated 64-bit PowerShell command prompt.
-1. Change to the folder or share that you copied the script to, and execute it on the server by running the `./OnboardingScript.ps1` script.
+1. Change to the folder or share that you copied the script to, then execute it on the server by running the `./OnboardingScript.ps1` script.
### Linux agent
The script to automate the download, installation, and establish the connection
bash ~/Install_linux_azcmagent.sh ```
- * If the target machine communicates through a proxy server, run the following command:
+1. Alternately, if the target machine communicates through a proxy server, run the following command:
- ```bash
- bash ~/Install_linux_azcmagent.sh --proxy "{proxy-url}:{proxy-port}"
- ```
+ ```bash
+ bash ~/Install_linux_azcmagent.sh --proxy "{proxy-url}:{proxy-port}"
+ ```
## Verify the connection with Azure Arc
After you install the agent and configure it to connect to Azure Arc-enabled ser
:::image type="content" source="./media/quick-enable-hybrid-vm/enabled-machine.png" alt-text="A successful machine connection" border="false":::
+> [!TIP]
+> You can repeat these steps as needed to onboard additional machines. We also provide a variety of other options for deploying the agent, including several methods designed to onboard machines at scale. For more information, see [Azure Connected Machine agent deployment options](../deployment-options.md).
+ ## Next steps Now that you've enabled your Linux or Windows hybrid machine and successfully connected to the service, you are ready to enable Azure Policy to understand compliance in Azure.
azure-arc Manage Vm Extensions Cli https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-arc/servers/manage-vm-extensions-cli.md
az extension add --name connectedmachine
## Enable extension
-To enable a VM extension on your Azure Arc-enabled server, use [az connectedmachine extension create](/cli/azure/connectedmachine/extension#az_connectedmachine_extension_create) with the `--machine-name`, `--extension-name`, `--location`, `--type`, `settings`, and `--publisher` parameters.
+To enable a VM extension on your Azure Arc-enabled server, use [az connectedmachine extension create](/cli/azure/connectedmachine/extension#az-connectedmachine-extension-create) with the `--machine-name`, `--extension-name`, `--location`, `--type`, `settings`, and `--publisher` parameters.
The following example enables the Log Analytics VM extension on an Azure Arc-enabled server:
az connectedmachine extension create --resource-group "resourceGroupName" --mach
## List extensions installed
-To get a list of the VM extensions on your Azure Arc-enabled server, use [az connectedmachine extension list](/cli/azure/connectedmachine/extension#az_connectedmachine_extension_list) with the `--machine-name` and `--resource-group` parameters.
+To get a list of the VM extensions on your Azure Arc-enabled server, use [az connectedmachine extension list](/cli/azure/connectedmachine/extension#az-connectedmachine-extension-list) with the `--machine-name` and `--resource-group` parameters.
Example:
The following example shows the partial JSON output from the `az connectedmachin
## Update extension configuration
-Some VM extensions require configuration settings in order to install them on the Arc-enabled server, like the Custom Script Extension and the Log Analytics agent VM extension. To upgrade the configuration of an extension, use [az connectedmachine extension update](/cli/azure/connectedmachine/extension#az_connectedmachine_extension_update).
+Some VM extensions require configuration settings in order to install them on the Arc-enabled server, like the Custom Script Extension and the Log Analytics agent VM extension. To upgrade the configuration of an extension, use [az connectedmachine extension update](/cli/azure/connectedmachine/extension#az-connectedmachine-extension-update).
The following example shows how to configure the Custom Script Extension:
az connectedmachine extension update --name "CustomScriptExtension" --type "Cust
When a new version of a supported VM extension is released, you can upgrade it to that latest release. To upgrade a VM extension, use [az connectedmachine upgrade-extension](/cli/azure/connectedmachine) with the `--machine-name`, `--resource-group`, and `--extension-targets` parameters.
-For the `--extension-targets` parameter, you need to specify the extension and the latest version available. To find out what the latest version available is, you can get this information from the **Extensions** page for the selected Arc-enabled server in the Azure portal, or by running [az vm extension image list](/cli/azure/vm/extension/image#az_vm_extension_image_list).
+For the `--extension-targets` parameter, you need to specify the extension and the latest version available. To find out what the latest version available is, you can get this information from the **Extensions** page for the selected Arc-enabled server in the Azure portal, or by running [az vm extension image list](/cli/azure/vm/extension/image#az-vm-extension-image-list).
To upgrade the Log Analytics agent extension for Windows that has a newer version available, run the following command:
To upgrade the Log Analytics agent extension for Windows that has a newer versio
az connectedmachine upgrade-extension --machine-name "myMachineName" --resource-group "myResourceGroup --extension-targets --extension-targets "{\"MicrosoftMonitoringAgent\":{\"targetVersion\":\"1.0.18053.0\"}}"" ```
-You can review the version of installed VM extensions at any time by running the command [az connectedmachine extension list](/cli/azure/connectedmachine/extension#az_connectedmachine_extension_list). The `typeHandlerVersion` property value represents the version of the extension.
+You can review the version of installed VM extensions at any time by running the command [az connectedmachine extension list](/cli/azure/connectedmachine/extension#az-connectedmachine-extension-list). The `typeHandlerVersion` property value represents the version of the extension.
## Remove extensions
-To remove an installed VM extension on your Azure Arc-enabled server, use [az connectedmachine extension delete](/cli/azure/connectedmachine/extension#az_connectedmachine_extension_delete) with the `--extension-name`, `--machine-name`, and `--resource-group` parameters.
+To remove an installed VM extension on your Azure Arc-enabled server, use [az connectedmachine extension delete](/cli/azure/connectedmachine/extension#az-connectedmachine-extension-delete) with the `--extension-name`, `--machine-name`, and `--resource-group` parameters.
For example, to remove the Log Analytics VM extension for Linux, run the following command:
azure-cache-for-redis Cache Best Practices Development https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-cache-for-redis/cache-best-practices-development.md
description: Learn how to develop code for Azure Cache for Redis.
Previously updated : 02/25/2022 Last updated : 03/23/2022
A large request/response can cause timeouts. As an example, suppose your timeout
In the following example, request 'A' and 'B' are sent quickly to the server. The server starts sending responses 'A' and 'B' quickly. Because of data transfer times, response 'B' must wait behind response 'A' times out even though the server responded quickly.
-```console
+```dos
|-- 1 Second Timeout (A)-| |-Request A-| |-- 1 Second Timeout (B) -|
Locate your cache instance and your application in the same region. Connecting t
While you can connect from outside of Azure, it isn't recommended *especially when using Redis as a cache*. If you're using Redis server as just a key/value store, latency may not be the primary concern.
+## Rely on hostname not public IP address
+
+The public IP address assigned to your cache can change as a result of a scale operation or backend improvement. We recommend relying on the hostname, in the form `<cachename>.redis.cache.windows.net`, instead of an explicit public IP address.
+ ## Use TLS encryption Azure Cache for Redis requires TLS encrypted communications by default. TLS versions 1.0, 1.1 and 1.2 are currently supported. However, TLS 1.0 and 1.1 are on a path to deprecation industry-wide, so use TLS 1.2 if at all possible.
To continue to pin intermediate certificates, add the following to the pinned in
If your application validates certificate in code, you need to modify it to recognize the properties for example, Issuers, Thumbprint of the newly pinned certificates. This extra verification should cover all pinned certificates to be more future-proof.
-#### Rely on hostname not public IP address
-
-The public IP address assigned to your cache can change as a result of a scale operation or backend improvement. We recommend relying on the hostname, in the form `<cachename>.redis.cache.windows.net`, instead of an explicit public IP address.
- ## Client library-specific guidance - [StackExchange.Redis (.NET)](cache-best-practices-connection.md#using-forcereconnect-with-stackexchangeredis)
azure-cache-for-redis Cache Monitor Diagnostic Settings https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-cache-for-redis/cache-monitor-diagnostic-settings.md
PUT https://management.azure.com/{resourceUri}/providers/Microsoft.Insights/diag
## Create diagnostic setting via Azure CLI
-Use the `az monitor diagnostic-settings create` command to create a diagnostic setting with the Azure CLI. For more for information on command and parameter descriptions, see [Create diagnostic settings to send platform logs and metrics to different destinations](/cli/azure/monitor/diagnostic-settings#az_monitor_diagnostic_settings_create).
+Use the `az monitor diagnostic-settings create` command to create a diagnostic setting with the Azure CLI. For more for information on command and parameter descriptions, see [Create diagnostic settings to send platform logs and metrics to different destinations](/cli/azure/monitor/diagnostic-settings#az-monitor-diagnostic-settings-create).
```azurecli az monitor diagnostic-settings create
azure-cache-for-redis Cli Samples https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-cache-for-redis/cli-samples.md
ms.devlang: azurecli Previously updated : 04/14/2017 Last updated : 03/11/2022 # Manage Azure Cache for Redis with Azure CLI
The following table includes links to bash scripts built using the Azure CLI.
| Create cache | Description | | | -- |
-| [Create a cache](./scripts/create-cache.md) | Creates a resource group and a basic tier Azure Cache for Redis. |
-| [Create a premium cache with clustering](./scripts/create-premium-cache-cluster.md) | Creates a resource group and a premium tier cache with clustering enabled.|
-| [Get cache details](./scripts/show-cache.md) | Gets details of an Azure Cache for Redis instance, including provisioning status. |
-| [Get the hostname, ports, and keys](./scripts/cache-keys-ports.md) | Gets the hostname, ports, and keys for an Azure Cache for Redis instance. |
-|**Web app plus cache**| **Description**|
-| [Connect a web app to an Azure Cache for Redis](./../app-service/scripts/cli-connect-to-redis.md) | Creates an Azure web app and an Azure Cache for Redis, then adds the redis connection details to the app settings. |
-|**Delete cache**| **Description** |
-| [Delete a cache](./scripts/delete-cache.md) | Deletes an Azure Cache for Redis instance |
+| [Create and manage a cache](./scripts/create-manage-cache.md) | Creates a resource group and a basic tier Azure Cache for Redis. It then gets details of an Azure Cache for Redis instance, including provisioning status, the hostname, ports, and keys for an Azure Cache for Redis instance. Finally, it deletes the cache.|
+| [Create and manage a premium cache with clustering](./scripts/create-manage-premium-cache-cluster.md) | Creates a resource group and a premium tier cache with clustering enabled. It then gets details of an Azure Cache for Redis instance, including provisioning status, the hostname, ports, and keys for an Azure Cache for Redis instance. Finally, it deletes the cache.|
For more information about the Azure CLI, see [Install the Azure CLI](/cli/azure/install-azure-cli) and [Get started with Azure CLI](/cli/azure/get-started-with-azure-cli).
azure-cache-for-redis Cache Keys Ports https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-cache-for-redis/scripts/cache-keys-ports.md
- Title: Get the hostname, ports, keys - Azure Cache for Redis - Azure CLI
-description: This Azure CLI code sample shows how to get the hostname, ports, and keys for an Azure Cache for Redis instance.
--
-tags: azure-service-management
-- Previously updated : 08/30/2017 ---
-# Get the hostname, ports, and keys for Azure Cache for Redis
-
-In this scenario, you learn how to retrieve the hostname, ports, and keys used to connect to an Azure Cache for Redis instance.
--
-## Sample script
-
-[!code-azurecli[main](../../../cli_scripts/redis-cache/cache-keys-ports/cache-keys-ports.sh "Azure Cache for Redis")]
--
-## Script explanation
-
-This script uses the following commands to retrieve the hostname, keys, and ports of an Azure Cache for Redis instance. Each command in the table links to command specific documentation.
-
-| Command | Notes |
-|||
-| [az redis show](/cli/azure/redis) | Retrieve details of an Azure Cache for Redis instance. |
-| [az redis list-keys](/cli/azure/redis) | Retrieve access keys for an Azure Cache for Redis instance. |
--
-## Next steps
-
-For more information on the Azure CLI, see [Azure CLI documentation](/cli/azure).
-
-Additional Azure Cache for Redis CLI script samples can be found in the [Azure Cache for Redis documentation](../cli-samples.md).
azure-cache-for-redis Create Cache https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-cache-for-redis/scripts/create-cache.md
- Title: Create an Azure Cache for Redis - Azure CLI
-description: This Azure CLI code sample shows how to create an Azure Cache for Redis instance using the command az redis create.
-
-tags: azure-service-management
-- Previously updated : 08/30/2017----
-# Create an Azure Cache for Redis
-
-In this scenario, you learn how to create an Azure Cache for Redis.
--
-## Sample script
-
-[!code-azurecli[main](../../../cli_scripts/redis-cache/create-cache/create-cache.sh "Azure Cache for Redis")]
---
-## Script explanation
-
-This script uses the following commands to create a resource group and an Azure Cache for Redis. Each command in the table links to command specific documentation.
-
-| Command | Notes |
-|||
-| [az group create](/cli/azure/group) | Creates a resource group in which all resources are stored. |
-| [az redis create](/cli/azure/redis) | Create Azure Cache for Redis instance. |
--
-## Next steps
-
-For more information on the Azure CLI, see [Azure CLI documentation](/cli/azure).
-
-Additional Azure Cache for Redis CLI script samples can be found in the [Azure Cache for Redis documentation](../cli-samples.md).
azure-cache-for-redis Create Manage Cache https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-cache-for-redis/scripts/create-manage-cache.md
+
+ Title: Create, query, and delete an Azure Cache for Redis - Azure CLI
+description: This Azure CLI code sample shows how to create an Azure Cache for Redis instance using the command az redis create. It then gets details of an Azure Cache for Redis instance, including provisioning status, the hostname, ports, and keys for an Azure Cache for Redis instance. Finally, it deletes the cache.
+
+tags: azure-service-management
+
+ms.devlang: azurecli
+ Last updated : 03/11/2022++++
+# Create an Azure Cache for Redis using the Azure CLI
+
+In this scenario, you learn how to create an Azure Cache for Redis. You then learn to get details of an Azure Cache for Redis instance, including provisioning status, the hostname, ports, and keys for an Azure Cache for Redis instance. Finally, you learn to delete the cache.
+++
+## Sample script
++
+### Run the script
++
+## Clean up resources
++
+```azurecli
+az group delete --name $resourceGroup
+```
+
+## Sample reference
+
+This script uses the following commands to create a resource group and an Azure Cache for Redis. Each command in the table links to command specific documentation.
+
+| Command | Notes |
+|||
+| [az group create](/cli/azure/group) | Creates a resource group in which all resources are stored. |
+| [az redis create](/cli/azure/redis) | Create Azure Cache for Redis instance. |
+| [az redis show](/cli/azure/redis) | Retrieve details of an Azure Cache for Redis instance. |
+| [az redis list-keys](/cli/azure/redis) | Retrieve access keys for an Azure Cache for Redis instance. |
+| [az redis delete](/cli/azure/redis) | Delete Azure Cache for Redis instance. |
+
+## Next steps
+
+For more information on the Azure CLI, see [Azure CLI documentation](/cli/azure).
+
+For an Azure Cache for Redis CLI script sample that creates a premium Azure Cache for Redis with clustering, see [Premium Azure Cache for Redis with Clustering](create-manage-premium-cache-cluster.md).
azure-cache-for-redis Create Manage Premium Cache Cluster https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-cache-for-redis/scripts/create-manage-premium-cache-cluster.md
+
+ Title: Create, query, and delete a Premium Azure Cache for Redis with clustering - Azure CLI
+description: This Azure CLI code sample shows how to create a 6 GB Premium tier Azure Cache for Redis with clustering enabled and two shards. It then gets details of an Azure Cache for Redis instance, including provisioning status, the hostname, ports, and keys for an Azure Cache for Redis instance. Finally, it deletes the cache.
++
+tags: azure-service-management
+
+ms.devlang: azurecli
+ Last updated : 03/11/2022+++
+# Create a Premium Azure Cache for Redis with clustering
+
+In this scenario, you learn how to create a 6 GB Premium tier Azure Cache for Redis with clustering enabled and two shards. You then learn to get details of an Azure Cache for Redis instance, including provisioning status, the hostname, ports, and keys for an Azure Cache for Redis instance. Finally, you learn to delete the cache.
+++
+## Sample script
++
+### Run the script
++
+## Clean up resources
++
+```azurecli
+az group delete --name $resourceGroup
+```
+
+## Sample reference
+
+This script uses the following commands to create a resource group and a Premium tier Azure Cache for Redis with clustering enable. Each command in the table links to command specific documentation.
+
+| Command | Notes |
+|||
+| [az group create](/cli/azure/group) | Creates a resource group in which all resources are stored. |
+| [az redis create](/cli/azure/redis) | Create Azure Cache for Redis instance. |
+| [az redis show](/cli/azure/redis) | Retrieve details of an Azure Cache for Redis instance. |
+| [az redis list-keys](/cli/azure/redis) | Retrieve access keys for an Azure Cache for Redis instance. |
+| [az redis delete](/cli/azure/redis) | Delete Azure Cache for Redis instance. |
+
+## Next steps
+
+For more information on the Azure CLI, see [Azure CLI documentation](/cli/azure).
+
+For an Azure Cache for Redis CLI script sample that creates a basic Azure Cache for Redis, see [Azure Cache for Redis](create-manage-cache.md).
azure-cache-for-redis Create Premium Cache Cluster https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-cache-for-redis/scripts/create-premium-cache-cluster.md
- Title: Create a Premium Azure Cache for Redis with clustering - Azure CLI
-description: This Azure CLI code sample shows how to create a 6 GB Premium tier Azure Cache for Redis with clustering enabled and two shards.
--
-tags: azure-service-management
-- Previously updated : 08/30/2017 ---
-# Create a Premium Azure Cache for Redis with clustering
-
-In this scenario, you learn how to create a 6 GB Premium tier Azure Cache for Redis with clustering enabled and two shards.
--
-## Sample script
-
-[!code-azurecli[main](../../../cli_scripts/redis-cache/create-premium-cache-cluster/create-premium-cache-cluster.sh "Azure Cache for Redis")]
--
-## Script explanation
-
-This script uses the following commands to create a resource group and a Premium tier Azure Cache for Redis with clustering enable. Each command in the table links to command specific documentation.
-
-| Command | Notes |
-|||
-| [az group create](/cli/azure/group) | Creates a resource group in which all resources are stored. |
-| [az redis create](/cli/azure/redis) | Create Azure Cache for Redis instance. |
--
-## Next steps
-
-For more information on the Azure CLI, see [Azure CLI documentation](/cli/azure).
-
-Additional Azure Cache for Redis CLI script samples can be found in the [Azure Cache for Redis documentation](../cli-samples.md).
azure-cache-for-redis Delete Cache https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-cache-for-redis/scripts/delete-cache.md
- Title: Delete an Azure Cache for Redis - Azure CLI
-description: This Azure CLI code sample shows how to delete an Azure Cache for Redis instance using the command az redis delete.
--
-tags: azure-service-management
-- Previously updated : 08/30/2017 ---
-# Delete an Azure Cache for Redis
-
-In this scenario, you learn how to delete an Azure Cache for Redis.
--
-## Sample script
-
-[!code-azurecli[main](../../../cli_scripts/redis-cache/delete-cache/delete-cache.sh "Azure Cache for Redis")]
--
-## Script explanation
-
-This script uses the following commands to delete an Azure Cache for Redis instance. Each command in the table links to command specific documentation.
-
-| Command | Notes |
-|||
-| [az redis delete](/cli/azure/redis) | Delete Azure Cache for Redis instance. |
--
-## Next steps
-
-For more information on the Azure CLI, see [Azure CLI documentation](/cli/azure).
-
-Additional Azure Cache for Redis CLI script samples can be found in the [Azure Cache for Redis documentation](../cli-samples.md).
azure-cache-for-redis Show Cache https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-cache-for-redis/scripts/show-cache.md
- Title: Get details of an Azure Cache for Redis - Azure CLI
-description: This Azure CLI code sample shows how to retrieve the details of an Azure Cache for Redis instance, including its provisioning status.
--
-tags: azure-service-management
-- Previously updated : 08/30/2017 ---
-# Get details of an Azure Cache for Redis
-
-In this scenario, you learn how to retrieve the details of an Azure Cache for Redis instance, including its provisioning status.
--
-## Sample script
-
-[!code-azurecli[main](../../../cli_scripts/redis-cache/show-cache/show-cache.sh "Azure Cache for Redis")]
-
-## Script explanation
-
-This script uses the following commands to retrieve the details of an Azure Cache for Redis instance. Each command in the table links to command specific documentation.
-
-| Command | Notes |
-|||
-| [az redis show](/cli/azure/redis) | Retrieve details of an Azure Cache for Redis instance. |
--
-## Next steps
-
-For more information on the Azure CLI, see [Azure CLI documentation](/cli/azure).
-
-Additional Azure Cache for Redis CLI script samples can be found in the [Azure Cache for Redis documentation](../cli-samples.md).
azure-functions Bring Dependency To Functions https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-functions/bring-dependency-to-functions.md
When running your function app on Linux, there's another way to bring in third-p
First, you need to create an Azure Storage Account. In the account, you also need to create file share in Azure files. To create these resources, follow this [guide](../storage/files/storage-how-to-use-files-portal.md)
-After you created the storage account and file share, use the [az webapp config storage-account add](/cli/azure/webapp/config/storage-account#az_webapp_config_storage_account_add) command to attach the file share to your functions app, as shown in the following example.
+After you created the storage account and file share, use the [az webapp config storage-account add](/cli/azure/webapp/config/storage-account#az-webapp-config-storage-account-add) command to attach the file share to your functions app, as shown in the following example.
```azurecli az webapp config storage-account add \
azure-functions Configure Encrypt At Rest Using Cmk https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-functions/configure-encrypt-at-rest-using-cmk.md
Adding this application setting causes your function app to restart. After the a
Now you can replace the value of the `WEBSITE_RUN_FROM_PACKAGE` application setting with a Key Vault reference to the SAS-encoded URL. This keeps the SAS URL encrypted in Key Vault, which provides an extra layer of security.
-1. Use the following [`az keyvault create`](/cli/azure/keyvault#az_keyvault_create) command to create a Key Vault instance.
+1. Use the following [`az keyvault create`](/cli/azure/keyvault#az-keyvault-create) command to create a Key Vault instance.
```azurecli az keyvault create --name "Contoso-Vault" --resource-group <group-name> --location eastus
Now you can replace the value of the `WEBSITE_RUN_FROM_PACKAGE` application sett
1. Follow [these instructions to grant your app access](../app-service/app-service-key-vault-references.md#granting-your-app-access-to-key-vault) to your key vault:
-1. Use the following [`az keyvault secret set`](/cli/azure/keyvault/secret#az_keyvault_secret_set) command to add your external URL as a secret in your key vault:
+1. Use the following [`az keyvault secret set`](/cli/azure/keyvault/secret#az-keyvault-secret-set) command to add your external URL as a secret in your key vault:
```azurecli az keyvault secret set --vault-name "Contoso-Vault" --name "external-url" --value "<SAS-URL>" ```
-1. Use the following [`az webapp config appsettings set`](/cli/azure/webapp/config/appsettings#az_webapp_config_appsettings_set) command to create the `WEBSITE_RUN_FROM_PACKAGE` application setting with the value as a Key Vault reference to the external URL:
+1. Use the following [`az webapp config appsettings set`](/cli/azure/webapp/config/appsettings#az-webapp-config-appsettings-set) command to create the `WEBSITE_RUN_FROM_PACKAGE` application setting with the value as a Key Vault reference to the external URL:
```azurecli az webapp config appsettings set --settings WEBSITE_RUN_FROM_PACKAGE="@Microsoft.KeyVault(SecretUri=https://Contoso-Vault.vault.azure.net/secrets/external-url/<secret-version>"
azure-functions Create First Function Arc Cli https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-functions/create-first-function-arc-cli.md
Before you can deploy your function code to your new App Service Kubernetes envi
### Create Storage account
-Use the [az storage account create](/cli/azure/storage/account#az_storage_account_create) command to create a general-purpose storage account in your resource group and region:
+Use the [az storage account create](/cli/azure/storage/account#az-storage-account-create) command to create a general-purpose storage account in your resource group and region:
```azurecli az storage account create --name <STORAGE_NAME> --location westeurope --resource-group myResourceGroup --sku Standard_LRS
In the previous example, replace `<STORAGE_NAME>` with a name that is appropriat
### Create the function app
-Run the [az functionapp create](/cli/azure/functionapp#az_functionapp_create) command to create a new function app in the environment.
+Run the [az functionapp create](/cli/azure/functionapp#az-functionapp-create) command to create a new function app in the environment.
# [C\#](#tab/csharp) ```azurecli
azure-functions Create First Function Arc Custom Container https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-functions/create-first-function-arc-custom-container.md
Before you can deploy your container to your new App Service Kubernetes environm
### Create Storage account
-Use the [az storage account create](/cli/azure/storage/account#az_storage_account_create) command to create a general-purpose storage account in your resource group and region:
+Use the [az storage account create](/cli/azure/storage/account#az-storage-account-create) command to create a general-purpose storage account in your resource group and region:
```azurecli az storage account create --name <STORAGE_NAME> --location westeurope --resource-group myResourceGroup --sku Standard_LRS
In the previous example, replace `<STORAGE_NAME>` with a name that is appropriat
### Create the function app
-Run the [az functionapp create](/cli/azure/functionapp#az_functionapp_create) command to create a new function app in the environment.
+Run the [az functionapp create](/cli/azure/functionapp#az-functionapp-create) command to create a new function app in the environment.
# [C\#](#tab/csharp) ```azurecli
az functionapp create --resource-group MyResourceGroup --name <APP_NAME> --custo
In this example, replace `<CUSTOM_LOCATION_ID>` with the ID of the custom location you determined for the App Service Kubernetes environment. Also, replace `<STORAGE_NAME>` with the name of the account you used in the previous step, `<APP_NAME>` with a globally unique name appropriate to you, and `<DOCKER_ID>` with your Docker Hub ID.
-The *deployment-container-image-name* parameter specifies the image to use for the function app. You can use the [az functionapp config container show](/cli/azure/functionapp/config/container#az_functionapp_config_container_show) command to view information about the image used for deployment. You can also use the [az functionapp config container set](/cli/azure/functionapp/config/container#az_functionapp_config_container_set) command to deploy from a different image.
+The *deployment-container-image-name* parameter specifies the image to use for the function app. You can use the [az functionapp config container show](/cli/azure/functionapp/config/container#az-functionapp-config-container-show) command to view information about the image used for deployment. You can also use the [az functionapp config container set](/cli/azure/functionapp/config/container#az-functionapp-config-container-set) command to deploy from a different image.
When you first create the function app, it pulls the initial image from your Docker Hub. You can also [Enable continuous deployment to Azure](functions-create-function-linux-custom-image.md#enable-continuous-deployment-to-azure) from Docker Hub.
azure-functions Create First Function Cli Csharp Ieux https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-functions/create-first-function-cli-csharp-ieux.md
Before you can deploy your function code to Azure, you need to create a <abbr ti
az group create --name AzureFunctionsQuickstart-rg --location westeurope ```
- The [az group create](/cli/azure/group#az_group_create) command creates a resource group. You generally create your resource group and resources in a <abbr title="A geographical reference to a specific Azure datacenter in which resources are allocated.">region</abbr> near you, using an available region returned from the `az account list-locations` command.
+ The [az group create](/cli/azure/group#az-group-create) command creates a resource group. You generally create your resource group and resources in a <abbr title="A geographical reference to a specific Azure datacenter in which resources are allocated.">region</abbr> near you, using an available region returned from the `az account list-locations` command.
# [Azure PowerShell](#tab/azure-powershell)
azure-functions Create First Function Cli Csharp https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-functions/create-first-function-cli-csharp.md
To learn more, see [Azure Functions HTTP triggers and bindings](./functions-bind
```azurecli az functionapp create --resource-group AzureFunctionsQuickstart-rg --consumption-plan-location <REGION> --runtime dotnet --functions-version 3 --name <APP_NAME> --storage-account <STORAGE_NAME> ```
- The [az functionapp create](/cli/azure/functionapp#az_functionapp_create) command creates the function app in Azure.
+ The [az functionapp create](/cli/azure/functionapp#az-functionapp-create) command creates the function app in Azure.
# [Azure CLI](#tab/azure-cli/isolated-process)
To learn more, see [Azure Functions HTTP triggers and bindings](./functions-bind
az functionapp create --resource-group AzureFunctionsQuickstart-rg --consumption-plan-location <REGION> --runtime dotnet-isolated --functions-version 3 --name <APP_NAME> --storage-account <STORAGE_NAME> ```
- The [az functionapp create](/cli/azure/functionapp#az_functionapp_create) command creates the function app in Azure.
+ The [az functionapp create](/cli/azure/functionapp#az-functionapp-create) command creates the function app in Azure.
# [Azure PowerShell](#tab/azure-powershell/in-process)
azure-functions Create First Function Cli Java Uiex https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-functions/create-first-function-cli-java-uiex.md
To create a function app running on Linux instead of Windows, change the `runtim
az login ```
- The [az login](/cli/azure/reference-index#az_login) command signs you into your Azure account.
+ The [az login](/cli/azure/reference-index#az-login) command signs you into your Azure account.
# [Azure PowerShell](#tab/azure-powershell) ```azurepowershell
azure-functions Create First Function Cli Java https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-functions/create-first-function-cli-java.md
A function app and related resources are created in Azure when you first deploy
az login ```
- The [az login](/cli/azure/reference-index#az_login) command signs you into your Azure account.
+ The [az login](/cli/azure/reference-index#az-login) command signs you into your Azure account.
# [Azure PowerShell](#tab/azure-powershell) ```azurepowershell
azure-functions Create First Function Cli Node https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-functions/create-first-function-cli-node.md
Each binding requires a direction, a type, and a unique name. The HTTP trigger h
az functionapp create --resource-group AzureFunctionsQuickstart-rg --consumption-plan-location <REGION> --runtime node --runtime-version 14 --functions-version 4 --name <APP_NAME> --storage-account <STORAGE_NAME> ```
- The [az functionapp create](/cli/azure/functionapp#az_functionapp_create) command creates the function app in Azure. If you're using Node.js 16, also change `--runtime-version` to `16`.
+ The [az functionapp create](/cli/azure/functionapp#az-functionapp-create) command creates the function app in Azure. If you're using Node.js 16, also change `--runtime-version` to `16`.
# [Azure PowerShell](#tab/azure-powershell)
azure-functions Create First Function Cli Powershell https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-functions/create-first-function-cli-powershell.md
Each binding requires a direction, a type, and a unique name. The HTTP trigger h
az functionapp create --resource-group AzureFunctionsQuickstart-rg --consumption-plan-location <REGION> --runtime powershell --functions-version 3 --name <APP_NAME> --storage-account <STORAGE_NAME> ```
- The [az functionapp create](/cli/azure/functionapp#az_functionapp_create) command creates the function app in Azure.
+ The [az functionapp create](/cli/azure/functionapp#az-functionapp-create) command creates the function app in Azure.
# [Azure PowerShell](#tab/azure-powershell)
azure-functions Create First Function Cli Python Uiex https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-functions/create-first-function-cli-python-uiex.md
Before you can deploy your function code to Azure, you need to create a <abbr ti
az login ```
- The [az login](/cli/azure/reference-index#az_login) command signs you into your Azure account.
+ The [az login](/cli/azure/reference-index#az-login) command signs you into your Azure account.
# [Azure PowerShell](#tab/azure-powershell) ```azurepowershell
Before you can deploy your function code to Azure, you need to create a <abbr ti
az group create --name AzureFunctionsQuickstart-rg --location westeurope ```
- The [az group create](/cli/azure/group#az_group_create) command creates a resource group. You generally create your resource group and resources in a <abbr title="A geographical reference to a specific Azure datacenter in which resources are allocated.">region</abbr> near you, using an available region returned from the `az account list-locations` command.
+ The [az group create](/cli/azure/group#az-group-create) command creates a resource group. You generally create your resource group and resources in a <abbr title="A geographical reference to a specific Azure datacenter in which resources are allocated.">region</abbr> near you, using an available region returned from the `az account list-locations` command.
# [Azure PowerShell](#tab/azure-powershell)
Before you can deploy your function code to Azure, you need to create a <abbr ti
az storage account create --name <STORAGE_NAME> --location westeurope --resource-group AzureFunctionsQuickstart-rg --sku Standard_LRS ```
- The [az storage account create](/cli/azure/storage/account#az_storage_account_create) command creates the storage account.
+ The [az storage account create](/cli/azure/storage/account#az-storage-account-create) command creates the storage account.
# [Azure PowerShell](#tab/azure-powershell)
Before you can deploy your function code to Azure, you need to create a <abbr ti
az functionapp create --resource-group AzureFunctionsQuickstart-rg --consumption-plan-location westeurope --runtime python --runtime-version 3.8 --functions-version 3 --name <APP_NAME> --storage-account <STORAGE_NAME> --os-type linux ```
- The [az functionapp create](/cli/azure/functionapp#az_functionapp_create) command creates the function app in Azure. If you are using Python 3.7 or 3.6, change `--runtime-version` to `3.7` or `3.6`, respectively.
+ The [az functionapp create](/cli/azure/functionapp#az-functionapp-create) command creates the function app in Azure. If you are using Python 3.7 or 3.6, change `--runtime-version` to `3.7` or `3.6`, respectively.
# [Azure PowerShell](#tab/azure-powershell)
azure-functions Create First Function Cli Python https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-functions/create-first-function-cli-python.md
Use the following commands to create these items. Both Azure CLI and PowerShell
az login ```
- The [az login](/cli/azure/reference-index#az_login) command signs you into your Azure account.
+ The [az login](/cli/azure/reference-index#az-login) command signs you into your Azure account.
# [Azure PowerShell](#tab/azure-powershell) ```azurepowershell
Use the following commands to create these items. Both Azure CLI and PowerShell
az group create --name AzureFunctionsQuickstart-rg --location <REGION> ```
- The [az group create](/cli/azure/group#az_group_create) command creates a resource group. In the above command, replace `<REGION>` with a region near you, using an available region code returned from the [az account list-locations](/cli/azure/account#az_account_list_locations) command.
+ The [az group create](/cli/azure/group#az-group-create) command creates a resource group. In the above command, replace `<REGION>` with a region near you, using an available region code returned from the [az account list-locations](/cli/azure/account#az-account-list-locations) command.
# [Azure PowerShell](#tab/azure-powershell)
Use the following commands to create these items. Both Azure CLI and PowerShell
az storage account create --name <STORAGE_NAME> --sku Standard_LRS ```
- The [az storage account create](/cli/azure/storage/account#az_storage_account_create) command creates the storage account.
+ The [az storage account create](/cli/azure/storage/account#az-storage-account-create) command creates the storage account.
# [Azure PowerShell](#tab/azure-powershell)
Use the following commands to create these items. Both Azure CLI and PowerShell
az functionapp create --consumption-plan-location westeurope --runtime python --runtime-version 3.8 --functions-version 3 --name <APP_NAME> --os-type linux --storage-account <STORAGE_NAME> ```
- The [az functionapp create](/cli/azure/functionapp#az_functionapp_create) command creates the function app in Azure. If you are using Python 3.7 or 3.6, change `--runtime-version` to `3.7` or `3.6`, respectively. You must supply `--os-type linux` because Python functions can't run on Windows, which is the default.
+ The [az functionapp create](/cli/azure/functionapp#az-functionapp-create) command creates the function app in Azure. If you are using Python 3.7 or 3.6, change `--runtime-version` to `3.7` or `3.6`, respectively. You must supply `--os-type linux` because Python functions can't run on Windows, which is the default.
# [Azure PowerShell](#tab/azure-powershell)
azure-functions Create First Function Cli Typescript https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-functions/create-first-function-cli-typescript.md
Each binding requires a direction, a type, and a unique name. The HTTP trigger h
az functionapp create --resource-group AzureFunctionsQuickstart-rg --consumption-plan-location <REGION> --runtime node --runtime-version 14 --functions-version 4 --name <APP_NAME> --storage-account <STORAGE_NAME> ```
- The [az functionapp create](/cli/azure/functionapp#az_functionapp_create) command creates the function app in Azure. If you're using Node.js 16, also change `--runtime-version` to `16`.
+ The [az functionapp create](/cli/azure/functionapp#az-functionapp-create) command creates the function app in Azure. If you're using Node.js 16, also change `--runtime-version` to `16`.
# [Azure PowerShell](#tab/azure-powershell)
azure-functions Deployment Zip Push https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-functions/deployment-zip-push.md
When you are developing on a local computer, you can manually create a .zip file
## <a name="cli"></a>Deploy by using Azure CLI
-You can use Azure CLI to trigger a push deployment. Push deploy a .zip file to your function app by using the [az functionapp deployment source config-zip](/cli/azure/functionapp/deployment/source#az_functionapp_deployment_source_config_zip) command. To use this command, you must use Azure CLI version 2.0.21 or later. To see what Azure CLI version you are using, use the `az --version` command.
+You can use Azure CLI to trigger a push deployment. Push deploy a .zip file to your function app by using the [az functionapp deployment source config-zip](/cli/azure/functionapp/deployment/source#az-functionapp-deployment-source-config-zip) command. To use this command, you must use Azure CLI version 2.0.21 or later. To see what Azure CLI version you are using, use the `az --version` command.
In the following command, replace the `<zip_file_path>` placeholder with the path to the location of your .zip file. Also, replace `<app_name>` with the unique name of your function app and replace `<resource_group>` with the name of your resource group.
azure-functions Event Grid How Tos https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-functions/event-grid-how-tos.md
For more information about how to create subscriptions by using the Azure portal
### Azure CLI
-To create a subscription by using [the Azure CLI](/cli/azure/get-started-with-azure-cli), use the [az eventgrid event-subscription create](/cli/azure/eventgrid/event-subscription#az_eventgrid_event_subscription_create) command.
+To create a subscription by using [the Azure CLI](/cli/azure/get-started-with-azure-cli), use the [az eventgrid event-subscription create](/cli/azure/eventgrid/event-subscription#az-eventgrid-event-subscription-create) command.
The command requires the endpoint URL that invokes the function, and the endpoint varies between version 1.x of the Functions runtime and later versions. The following example shows the version-specific URL pattern:
To test an Event Grid trigger locally, you have to get Event Grid HTTP requests
1. [Generate a request](#generate-a-request) and copy the request body from the viewer app. 1. [Manually post the request](#manually-post-the-request) to the localhost URL of your Event Grid trigger function.
-When you're done testing, you can use the same subscription for production by updating the endpoint. Use the [az eventgrid event-subscription update](/cli/azure/eventgrid/event-subscription#az_eventgrid_event_subscription_update) Azure CLI command.
+When you're done testing, you can use the same subscription for production by updating the endpoint. Use the [az eventgrid event-subscription update](/cli/azure/eventgrid/event-subscription#az-eventgrid-event-subscription-update) Azure CLI command.
### Create a viewer web app
azure-functions Functions Bindings Azure Sql https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-functions/functions-bindings-azure-sql.md
The Azure SQL bindings for Azure Functions are open-source and available on the
- [Read data from a database (Input binding)](./functions-bindings-azure-sql-input.md) - [Save data to a database (Output binding)](./functions-bindings-azure-sql-output.md) - [Review ToDo API sample with Azure SQL bindings](/samples/azure-samples/azure-sql-binding-func-dotnet-todo/todo-backend-dotnet-azure-sql-bindings-azure-functions/)-- [Learn how to connect Azure Function to Azure SQL with managed identity](./functions-identity-access-azure-sql-with-managed-identity.md)
+- [Learn how to connect Azure Function to Azure SQL with managed identity](./functions-identity-access-azure-sql-with-managed-identity.md)
azure-functions Functions Create First Java Gradle https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-functions/functions-create-first-java-gradle.md
az login
``` > [!TIP]
-> If your account can access multiple subscriptions, use [az account set](/cli/azure/account#az_account_set) to set the default subscription for this session.
+> If your account can access multiple subscriptions, use [az account set](/cli/azure/account#az-account-set) to set the default subscription for this session.
Use the following command to deploy your project to a new function app.
azure-functions Functions Create Function Linux Custom Image https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-functions/functions-create-function-linux-custom-image.md
Use the following commands to create these items. Both Azure CLI and PowerShell
az login ```
- The [az login](/cli/azure/reference-index#az_login) command signs you into your Azure account.
+ The [az login](/cli/azure/reference-index#az-login) command signs you into your Azure account.
# [Azure PowerShell](#tab/azure-powershell) ```azurepowershell
Use the following commands to create these items. Both Azure CLI and PowerShell
az group create --name AzureFunctionsContainers-rg --location <REGION> ```
- The [az group create](/cli/azure/group#az_group_create) command creates a resource group. In the above command, replace `<REGION>` with a region near you, using an available region code returned from the [az account list-locations](/cli/azure/account#az_account_list_locations) command.
+ The [az group create](/cli/azure/group#az-group-create) command creates a resource group. In the above command, replace `<REGION>` with a region near you, using an available region code returned from the [az account list-locations](/cli/azure/account#az-account-list-locations) command.
# [Azure PowerShell](#tab/azure-powershell)
Use the following commands to create these items. Both Azure CLI and PowerShell
az storage account create --name <STORAGE_NAME> --location <REGION> --resource-group AzureFunctionsContainers-rg --sku Standard_LRS ```
- The [az storage account create](/cli/azure/storage/account#az_storage_account_create) command creates the storage account.
+ The [az storage account create](/cli/azure/storage/account#az-storage-account-create) command creates the storage account.
# [Azure PowerShell](#tab/azure-powershell)
A function app on Azure manages the execution of your functions in your hosting
az functionapp create --name <APP_NAME> --storage-account <STORAGE_NAME> --resource-group AzureFunctionsContainers-rg --plan myPremiumPlan --deployment-container-image-name <DOCKER_ID>/azurefunctionsimage:v1.0.0 ```
- In the [az functionapp create](/cli/azure/functionapp#az_functionapp_create) command, the *deployment-container-image-name* parameter specifies the image to use for the function app. You can use the [az functionapp config container show](/cli/azure/functionapp/config/container#az_functionapp_config_container_show) command to view information about the image used for deployment. You can also use the [az functionapp config container set](/cli/azure/functionapp/config/container#az_functionapp_config_container_set) command to deploy from a different image. NOTE: If you are using a custom container registry then the *deployment-container-image-name* parameter will refer to the registry URL.
+ In the [az functionapp create](/cli/azure/functionapp#az-functionapp-create) command, the *deployment-container-image-name* parameter specifies the image to use for the function app. You can use the [az functionapp config container show](/cli/azure/functionapp/config/container#az-functionapp-config-container-show) command to view information about the image used for deployment. You can also use the [az functionapp config container set](/cli/azure/functionapp/config/container#az-functionapp-config-container-set) command to deploy from a different image. NOTE: If you are using a custom container registry then the *deployment-container-image-name* parameter will refer to the registry URL.
# [Azure PowerShell](#tab/azure-powershell) ```azurepowershell
A function app on Azure manages the execution of your functions in your hosting
```azurecli az functionapp config appsettings set --name <APP_NAME> --resource-group AzureFunctionsContainers-rg --settings AzureWebJobsStorage=<CONNECTION_STRING> ```
- The [az functionapp config appsettings set](/cli/azure/functionapp/config/appsettings#az_functionapp_config_ppsettings_set) command creates the setting.
+ The [az functionapp config appsettings set](/cli/azure/functionapp/config/appsettings#az-functionapp-config-ppsettings-set) command creates the setting.
# [Azure PowerShell](#tab/azure-powershell) ```azurepowershell
You can enable Azure Functions to automatically update your deployment of an ima
az functionapp deployment container config --enable-cd --query CI_CD_URL --output tsv --name <APP_NAME> --resource-group AzureFunctionsContainers-rg ```
- The [az functionapp deployment container config](/cli/azure/functionapp/deployment/container#az_functionapp_deployment_container_config) command enables continuous deployment and returns the deployment webhook URL. You can retrieve this URL at any later time by using the [az functionapp deployment container show-cd-url](/cli/azure/functionapp/deployment/container#az_functionapp_deployment_container_show_cd_url) command.
+ The [az functionapp deployment container config](/cli/azure/functionapp/deployment/container#az-functionapp-deployment-container-config) command enables continuous deployment and returns the deployment webhook URL. You can retrieve this URL at any later time by using the [az functionapp deployment container show-cd-url](/cli/azure/functionapp/deployment/container#az-functionapp-deployment-container-show-cd-url) command.
# [Azure PowerShell](#tab/azure-powershell) ```azurepowershell
azure-functions Functions Identity Access Azure Sql With Managed Identity https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-functions/functions-identity-access-azure-sql-with-managed-identity.md
Enabling Azure AD authentication can be completed via the Azure portal, PowerShe
1. If your Azure AD tenant doesn't have a user yet, create one by following the steps at [Add or delete users using Azure Active Directory](../active-directory/fundamentals/add-users-azure-active-directory.md).
-1. Find the object ID of the Azure AD user using the [`az ad user list`](/cli/azure/ad/user#az_ad_user_list) and replace *\<user-principal-name>*. The result is saved to a variable.
+1. Find the object ID of the Azure AD user using the [`az ad user list`](/cli/azure/ad/user#az-ad-user-list) and replace *\<user-principal-name>*. The result is saved to a variable.
```azurecli-interactive azureaduser=$(az ad user list --filter "userPrincipalName eq '<user-principal-name>'" --query [].objectId --output tsv)
Enabling Azure AD authentication can be completed via the Azure portal, PowerShe
> To see the list of all user principal names in Azure AD, run `az ad user list --query [].userPrincipalName`. >
-1. Add this Azure AD user as an Active Directory admin using [`az sql server ad-admin create`](/cli/azure/sql/server/ad-admin#az_sql_server_ad_admin_create) command in the Cloud Shell. In the following command, replace *\<server-name>* with the server name (without the `.database.windows.net` suffix).
+1. Add this Azure AD user as an Active Directory admin using [`az sql server ad-admin create`](/cli/azure/sql/server/ad-admin#az-sql-server-ad-admin-create) command in the Cloud Shell. In the following command, replace *\<server-name>* with the server name (without the `.database.windows.net` suffix).
```azurecli-interactive az sql server ad-admin create --resource-group myResourceGroup --server-name <server-name> --display-name ADMIN --object-id $azureaduser
azure-functions Functions Reference Python https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-functions/functions-reference-python.md
Azure Functions supports the following Python versions:
<sup>*</sup>Official CPython distributions
-To request a specific Python version when you create your function app in Azure, use the `--runtime-version` option of the [`az functionapp create`](/cli/azure/functionapp#az_functionapp_create) command. The Functions runtime version is set by the `--functions-version` option. The Python version is set when the function app is created and can't be changed.
+To request a specific Python version when you create your function app in Azure, use the `--runtime-version` option of the [`az functionapp create`](/cli/azure/functionapp#az-functionapp-create) command. The Functions runtime version is set by the `--functions-version` option. The Python version is set when the function app is created and can't be changed.
When running locally, the runtime uses the available Python version.
azure-functions Functions Cli Create App Service Plan https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-functions/scripts/functions-cli-create-app-service-plan.md
Each command in the table links to command specific documentation. This script u
| Command | Notes | |||
-| [az group create](/cli/azure/group#az_group_create) | Creates a resource group in which all resources are stored. |
-| [az storage account create](/cli/azure/storage/account#az_storage_account_create) | Creates an Azure Storage account. |
-| [az functionapp plan create](/cli/azure/functionapp/plan#az_functionapp_plan_create) | Creates a Premium plan. |
-| [az functionapp create](/cli/azure/functionapp#az_functionapp_create) | Creates a function app in the App Service plan. |
+| [az group create](/cli/azure/group#az-group-create) | Creates a resource group in which all resources are stored. |
+| [az storage account create](/cli/azure/storage/account#az-storage-account-create) | Creates an Azure Storage account. |
+| [az functionapp plan create](/cli/azure/functionapp/plan#az-functionapp-plan-create) | Creates a Premium plan. |
+| [az functionapp create](/cli/azure/functionapp#az-functionapp-create) | Creates a function app in the App Service plan. |
## Next steps
azure-functions Functions Cli Create Function App Connect To Cosmos Db https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-functions/scripts/functions-cli-create-function-app-connect-to-cosmos-db.md
This script uses the following commands: Each command in the table links to comm
| Command | Notes | |||
-| [az group create](/cli/azure/group#az_group_create) | Create a resource group with location |
-| [az storage accounts create](/cli/azure/storage/account#az_storage_account_create) | Create a storage account |
-| [az functionapp create](/cli/azure/functionapp#az_functionapp_create) | Creates a function app in the serverless [Consumption plan](../consumption-plan.md). |
-| [az cosmosdb create](/cli/azure/cosmosdb#az_cosmosdb_create) | Create an Azure Cosmos DB database. |
-| [az cosmosdb show](/cli/azure/cosmosdb#az_cosmosdb_show)| Gets the database account connection. |
-| [az cosmosdb list-keys](/cli/azure/cosmosdb#az_cosmosdb_list_keys)| Gets the keys for the database. |
-| [az functionapp config appsettings set](/cli/azure/functionapp/config/appsettings#az_functionapp_config_appsettings_set) | Sets the connection string as an app setting in the function app. |
+| [az group create](/cli/azure/group#az-group-create) | Create a resource group with location |
+| [az storage accounts create](/cli/azure/storage/account#az-storage-account-create) | Create a storage account |
+| [az functionapp create](/cli/azure/functionapp#az-functionapp-create) | Creates a function app in the serverless [Consumption plan](../consumption-plan.md). |
+| [az cosmosdb create](/cli/azure/cosmosdb#az-cosmosdb-create) | Create an Azure Cosmos DB database. |
+| [az cosmosdb show](/cli/azure/cosmosdb#az-cosmosdb-show)| Gets the database account connection. |
+| [az cosmosdb list-keys](/cli/azure/cosmosdb#az-cosmosdb-list-keys)| Gets the keys for the database. |
+| [az functionapp config appsettings set](/cli/azure/functionapp/config/appsettings#az-functionapp-config-appsettings-set) | Sets the connection string as an app setting in the function app. |
## Next steps
azure-functions Functions Cli Create Function App Connect To Storage Account https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-functions/scripts/functions-cli-create-function-app-connect-to-storage-account.md
This script uses the following commands. Each command in the table links to comm
| Command | Notes | |||
-| [az group create](/cli/azure/group#az_group_create) | Create a resource group with location. |
-| [az storage account create](/cli/azure/storage/account#az_storage_account_create) | Create a storage account. |
-| [az functionapp create](/cli/azure/functionapp#az_functionapp_create) | Creates a function app in the serverless [Consumption plan](../consumption-plan.md). |
-| [az storage account show-connection-string](/cli/azure/storage/account#az_storage_account_show_connection_string) | Gets the connection string for the account. |
-| [az functionapp config appsettings set](/cli/azure/functionapp/config/appsettings#az_functionapp_config_appsettings_set) | Sets the connection string as an app setting in the function app. |
+| [az group create](/cli/azure/group#az-group-create) | Create a resource group with location. |
+| [az storage account create](/cli/azure/storage/account#az-storage-account-create) | Create a storage account. |
+| [az functionapp create](/cli/azure/functionapp#az-functionapp-create) | Creates a function app in the serverless [Consumption plan](../consumption-plan.md). |
+| [az storage account show-connection-string](/cli/azure/storage/account#az-storage-account-show-connection-string) | Gets the connection string for the account. |
+| [az functionapp config appsettings set](/cli/azure/functionapp/config/appsettings#az-functionapp-config-appsettings-set) | Sets the connection string as an app setting in the function app. |
## Next steps
azure-functions Functions Cli Create Function App Github Continuous https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-functions/scripts/functions-cli-create-function-app-github-continuous.md
Each command in the table links to command specific documentation. This script u
| Command | Notes | |||
-| [az group create](/cli/azure/group#az_group_create) | Creates a resource group in which all resources are stored. |
-| [az storage account create](/cli/azure/storage/account#az_storage_account_create) | Creates the storage account required by the function app. |
-| [az functionapp create](/cli/azure/functionapp#az_functionapp_create) | Creates a function app in the serverless [Consumption plan](../consumption-plan.md) and associates it with a Git or Mercurial repository. |
+| [az group create](/cli/azure/group#az-group-create) | Creates a resource group in which all resources are stored. |
+| [az storage account create](/cli/azure/storage/account#az-storage-account-create) | Creates the storage account required by the function app. |
+| [az functionapp create](/cli/azure/functionapp#az-functionapp-create) | Creates a function app in the serverless [Consumption plan](../consumption-plan.md) and associates it with a Git or Mercurial repository. |
## Next steps
azure-functions Functions Cli Create Function App Vsts Continuous https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-functions/scripts/functions-cli-create-function-app-vsts-continuous.md
This script uses the following commands to create a resource group, storage acco
| Command | Notes | |||
-| [az group create](/cli/azure/group#az_group_create) | Creates a resource group in which all resources are stored. |
-| [az storage account create](/cli/azure/storage/account#az_storage_account_create) | Creates the storage account required by the function app. |
-| [az functionapp create](/cli/azure/functionapp#az_functionapp_create) | Creates a function app in the serverless [Consumption plan](../consumption-plan.md). |
-| [az functionapp deployment source config](/cli/azure/functionapp/deployment/source#az_functionapp_deployment_source_config) | Associates a function app with a Git or Mercurial repository. |
+| [az group create](/cli/azure/group#az-group-create) | Creates a resource group in which all resources are stored. |
+| [az storage account create](/cli/azure/storage/account#az-storage-account-create) | Creates the storage account required by the function app. |
+| [az functionapp create](/cli/azure/functionapp#az-functionapp-create) | Creates a function app in the serverless [Consumption plan](../consumption-plan.md). |
+| [az functionapp deployment source config](/cli/azure/functionapp/deployment/source#az-functionapp-deployment-source-config) | Associates a function app with a Git or Mercurial repository. |
## Next steps
azure-functions Functions Cli Create Premium Plan https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-functions/scripts/functions-cli-create-premium-plan.md
Each command in the table links to command specific documentation. This script u
| Command | Notes | |||
-| [az group create](/cli/azure/group#az_group_create) | Creates a resource group in which all resources are stored. |
-| [az storage account create](/cli/azure/storage/account#az_storage_account_create) | Creates an Azure Storage account. |
-| [az functionapp plan create](/cli/azure/functionapp/plan#az_functionapp_plan_create) | Creates a Premium plan in a [specific SKU](../functions-premium-plan.md#available-instance-skus). |
-| [az functionapp create](/cli/azure/functionapp#az_functionapp_create) | Creates a function app in the App Service plan. |
+| [az group create](/cli/azure/group#az-group-create) | Creates a resource group in which all resources are stored. |
+| [az storage account create](/cli/azure/storage/account#az-storage-account-create) | Creates an Azure Storage account. |
+| [az functionapp plan create](/cli/azure/functionapp/plan#az-functionapp-plan-create) | Creates a Premium plan in a [specific SKU](../functions-premium-plan.md#available-instance-skus). |
+| [az functionapp create](/cli/azure/functionapp#az-functionapp-create) | Creates a function app in the App Service plan. |
## Next steps
azure-functions Functions Cli Create Serverless Python https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-functions/scripts/functions-cli-create-serverless-python.md
Each command in the table links to command specific documentation. This script u
| Command | Notes | |||
-| [az group create](/cli/azure/group#az_group_create) | Creates a resource group in which all resources are stored. |
-| [az storage account create](/cli/azure/storage/account#az_storage_account_create) | Creates an Azure Storage account. |
-| [az functionapp create](/cli/azure/functionapp#az_functionapp_create) | Creates a function app. |
+| [az group create](/cli/azure/group#az-group-create) | Creates a resource group in which all resources are stored. |
+| [az storage account create](/cli/azure/storage/account#az-storage-account-create) | Creates an Azure Storage account. |
+| [az functionapp create](/cli/azure/functionapp#az-functionapp-create) | Creates a function app. |
## Next steps
azure-functions Functions Cli Create Serverless https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-functions/scripts/functions-cli-create-serverless.md
Each command in the table links to command specific documentation. This script u
| Command | Notes | |||
-| [az group create](/cli/azure/group#az_group_create) | Creates a resource group in which all resources are stored. |
-| [az storage account create](/cli/azure/storage/account#az_storage_account_create) | Creates an Azure Storage account. |
-| [az functionapp create](/cli/azure/functionapp#az_functionapp_create) | Creates a function app. |
+| [az group create](/cli/azure/group#az-group-create) | Creates a resource group in which all resources are stored. |
+| [az storage account create](/cli/azure/storage/account#az-storage-account-create) | Creates an Azure Storage account. |
+| [az functionapp create](/cli/azure/functionapp#az-functionapp-create) | Creates a function app. |
## Next steps
azure-functions Functions Cli Mount Files Storage Linux https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-functions/scripts/functions-cli-mount-files-storage-linux.md
Each command in the table links to command specific documentation. This script u
| Command | Notes | |||
-| [az group create](/cli/azure/group#az_group_create) | Creates a resource group in which all resources are stored. |
-| [az storage account create](/cli/azure/storage/account#az_storage_account_create) | Creates an Azure Storage account. |
-| [az functionapp create](/cli/azure/functionapp#az_functionapp_create) | Creates a function app. |
-| [az storage share create](/cli/azure/storage/share#az_storage_share_create) | Creates an Azure Files share in storage account. |
-| [az storage directory create](/cli/azure/storage/directory#az_storage_directory_create) | Creates a directory in the share. |
-| [az webapp config storage-account add](/cli/azure/webapp/config/storage-account#az_webapp_config_storage_account_add) | Mounts the share to the function app. |
-| [az webapp config storage-account list](/cli/azure/webapp/config/storage-account#az_webapp_config_storage_account_list) | Shows file shares mounted to the function app. |
+| [az group create](/cli/azure/group#az-group-create) | Creates a resource group in which all resources are stored. |
+| [az storage account create](/cli/azure/storage/account#az-storage-account-create) | Creates an Azure Storage account. |
+| [az functionapp create](/cli/azure/functionapp#az-functionapp-create) | Creates a function app. |
+| [az storage share create](/cli/azure/storage/share#az-storage-share-create) | Creates an Azure Files share in storage account. |
+| [az storage directory create](/cli/azure/storage/directory#az-storage-directory-create) | Creates a directory in the share. |
+| [az webapp config storage-account add](/cli/azure/webapp/config/storage-account#az-webapp-config-storage-account-add) | Mounts the share to the function app. |
+| [az webapp config storage-account list](/cli/azure/webapp/config/storage-account#az-webapp-config-storage-account-list) | Shows file shares mounted to the function app. |
## Next steps
azure-government Compare Azure Government Global Azure https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-government/compare-azure-government-global-azure.md
Azure Government services operate the same way as the corresponding services in
You can use AzureCLI or PowerShell to obtain Azure Government endpoints for services you provisioned: -- Use **Azure CLI** to run the [az cloud show](/cli/azure/cloud#az_cloud_show) command and provide `AzureUSGovernment` as the name of the target cloud environment. For example,
+- Use **Azure CLI** to run the [az cloud show](/cli/azure/cloud#az-cloud-show) command and provide `AzureUSGovernment` as the name of the target cloud environment. For example,
```azurecli az cloud show --name AzureUSGovernment
azure-government Documentation Government Csp List https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-government/documentation-government-csp-list.md
Below you can find a list of all the authorized Cloud Solution Providers (CSPs),
|[DLT Solutions](https://www.dlt.com)| |[Ingram Micro Inc.](https://usa.ingrammicro.com/)| |[Insight Public Sector Inc](https://www.ips.insight.com/en_US/public-sector.html)|
+|[Pax8](https://www.pax8.com/en-us/microsoft/)|
|[Synnex](https://www.synnexcorp.com)| |[Tech Data Corporation](https://www.techdata.com/)| |[Tech Data Government Solutions, LLC](https://gov.as.techdata.com/en-us/Pages/default.aspx)|
azure-maps Render Coverage https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-maps/render-coverage.md
Title: Render coverage | Microsoft Azure Maps
-description: Learn whether Azure Maps renders various regions with detailed or simplified data. See the level it uses for raster-tile and vector-tile maps in those regions.
+ Title: Render coverage
+
+description: Render coverage tables list the countries that support Azure Maps road tiles.
Previously updated : 01/14/2022 Last updated : 03/23/2022 - # Azure Maps render coverage
-Azure Maps uses both raster tiles and vector tiles to create maps. At the lowest resolution, the entire world fits in a single tile. At the highest resolution, a single tile represents 38 square meters. You'll see more details about continents, regions, cities, and individual streets as you zoom in the map. For more information about tiles, see [Zoom levels and tile grid](zoom-levels-and-tile-grid.md).
-
-However, Maps doesn't have the same level of information and accuracy for all regions. The following tables detail the level of information you can render for each region.
+The render coverage tables below list the countries that support Azure Maps road tiles. Both raster and vector tiles are supported. At the lowest resolution, the entire world fits in a single tile. At the highest resolution, a single tile represents 38 square meters. You'll see more details about continents, regions, cities, and individual streets as you zoom in the map. For more information about tiles, see [Zoom levels and tile grid](zoom-levels-and-tile-grid.md).
### Legend
However, Maps doesn't have the same level of information and accuracy for all re
|--|-| | Γ£ô | Country is provided with detailed data. | | Γùæ | Country is provided with simplified data. |
-| Country is missing | Country data is not provided. |
+| Country is missing | Country data isn't provided. |
## Americas
However, Maps doesn't have the same level of information and accuracy for all re
| Zambia | Γ£ô | | Zimbabwe | Γ£ô |
-## Additional information
+## Next steps
+
+> [!div class="nextstepaction"]
+> [Zoom levels and tile grid](zoom-levels-and-tile-grid.md)
-- See [Zoom levels and tile grid](zoom-levels-and-tile-grid.md) for more information about Azure Maps rendering.
+> [!div class="nextstepaction"]
+> [Get map tiles](/rest/api/maps/render/getmaptile)
-- [Azure Maps routing service](routing-coverage.md).
+> [!div class="nextstepaction"]
+> [Azure Maps routing coverage](routing-coverage.md)
azure-maps Traffic Coverage https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-maps/traffic-coverage.md
Title: Traffic coverage | Microsoft Azure Maps
description: Learn about traffic coverage in Azure Maps. See whether information on traffic flow and incidents is available in various regions throughout the world. Previously updated : 01/13/2022 Last updated : 03/24/2022
# Azure Maps traffic coverage
-Azure Maps provides rich traffic information in the form of traffic **flow** and **incidents**. This data can be visualized on maps or used to generate smarter routes that factor in real driving conditions.
+The Azure Maps [Traffic API](/rest/api/maps/traffic) is a suite of web services designed for developers to create web and mobile applications around real-time traffic. This data can be visualized on maps or used to generate smarter routes that factor in current driving conditions.
The following tables provide information about what kind of traffic information you can request from each country or region. If a market is missing in the following tables, it isn't currently supported.
+- **Incidents**: Provides an accurate view about traffic jams and incidents around a road network.
+- **Flow**: Provides real time observed speeds and travel times for all key roads in a network.
+ ## Americas | Country/Region | Incidents | Flow |
The following tables provide information about what kind of traffic information
| South Africa | Γ£ô | Γ£ô | | United Arab Emirates | Γ£ô | Γ£ô |
-## Additional information
+## Next steps
+
+See the following articles in the REST API documentation for detailed information.
+
+> [!div class="nextstepaction"]
+> [Get Traffic Flow Segment](/rest/api/maps/traffic/get-traffic-flow-segment)
+
+> [!div class="nextstepaction"]
+> [Get Traffic Flow Tile](/rest/api/maps/traffic/get-traffic-flow-tile)
+
+> [!div class="nextstepaction"]
+> [Get Traffic Incident Detail](/rest/api/maps/traffic/get-traffic-incident-detail)
-Use the [Traffic](/rest/api/maps/traffic) REST API to incorporate Azure Maps traffic data into your mapping applications.
+> [!div class="nextstepaction"]
+> [Get Traffic Incident Tile](/rest/api/maps/traffic/get-traffic-incident-tile)
azure-monitor Diagnostics Extension Windows Install https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/agents/diagnostics-extension-windows-install.md
You can install and configure the diagnostics extension on an individual virtual
See [Use monitoring and diagnostics with a Windows VM and Azure Resource Manager templates](../../virtual-machines/extensions/diagnostics-template.md) on deploying the diagnostics extension with Azure Resource Manager templates. ## Azure CLI deployment
-The Azure CLI can be used to deploy the Azure Diagnostics extension to an existing virtual machine using [az vm extension set](/cli/azure/vm/extension#az_vm_extension_set) as in the following example.
+The Azure CLI can be used to deploy the Azure Diagnostics extension to an existing virtual machine using [az vm extension set](/cli/azure/vm/extension#az-vm-extension-set) as in the following example.
```azurecli az vm extension set \
azure-monitor Alerts Resource Move https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/alerts/alerts-resource-move.md
Navigate to Alerts > Alert processing rules (preview) > filter by the containing
### Change the scope of a rule using Azure CLI
-1. Get the existing rule ([metric alerts](/cli/azure/monitor/metrics/alert#az_monitor_metrics_alert_show), [activity log alerts](/cli/azure/monitor/activity-log/alert#az_monitor_activity_log-alert_list)).
-2. Update the rule scope directly ([metric alerts](/cli/azure/monitor/metrics/alert#az_monitor_metrics_alert_update), [activity log alerts](/cli/azure/monitor/activity-log/alert/scope))
+1. Get the existing rule ([metric alerts](/cli/azure/monitor/metrics/alert#az-monitor-metrics-alert-show), [activity log alerts](/cli/azure/monitor/activity-log/alert#az-monitor-activity-log-alert-list)).
+2. Update the rule scope directly ([metric alerts](/cli/azure/monitor/metrics/alert#az-monitor-metrics-alert-update), [activity log alerts](/cli/azure/monitor/activity-log/alert/scope))
3. If needed, split into two rules (relevant for some cases of metric alerts, as noted above). ## Next steps
azure-monitor Alerts Troubleshoot Metric https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/alerts/alerts-troubleshoot-metric.md
To check the current usage of metric alert rules, follow the steps below.
- PowerShell - [Get-AzMetricAlertRuleV2](/powershell/module/az.monitor/get-azmetricalertrulev2) - REST API - [List by subscription](/rest/api/monitor/metricalerts/listbysubscription)-- Azure CLI - [az monitor metrics alert list](/cli/azure/monitor/metrics/alert#az_monitor_metrics_alert_list)
+- Azure CLI - [az monitor metrics alert list](/cli/azure/monitor/metrics/alert#az-monitor-metrics-alert-list)
## Managing alert rules using Resource Manager templates, REST API, Azure PowerShell, or the Azure CLI
azure-monitor Asp Net https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/app/asp-net.md
This section will guide you through automatically adding Application Insights to
3. Before the closing `</ApplicationInsights>` tag, add a line that contains the connection string for your Application Insights resource. Find your connection string on the overview pane of the newly created Application Insights resource. ```xml
- <InstrumentationKey>Copy connection string from Application Insights Resource Overview</InstrumentationKey>
+ <ConnectionString>Copy connection string from Application Insights Resource Overview</ConnectionString>
``` 4. Select **Project** > **Manage NuGet Packages** > **Updates**. Then update each `Microsoft.ApplicationInsights` NuGet package to the latest stable release.
This section will guide you through manually adding Application Insights to a te
Learn more about Application Insights configuration with ApplicationInsights.config here: http://go.microsoft.com/fwlink/?LinkID=513840 -->
- <InstrumentationKey>Copy connection string from Application Insights Resource Overview</InstrumentationKey>
+ <ConnectionString>Copy connection string from Application Insights Resource Overview</ConnectionString>
</ApplicationInsights> ``` 4. Before the closing `</ApplicationInsights>` tag, add the connection string for your Application Insights resource. You can find your connection string on the overview pane of the newly created Application Insights resource. ```xml
- <InstrumentationKey>Copy connection string from Application Insights Resource Overview</InstrumentationKey>
+ <ConnectionString>Copy connection string from Application Insights Resource Overview</ConnectionString>
``` 5. At the same level of your project as the *ApplicationInsights.config* file, create a folder called *ErrorHandler* with a new C# file called *AiHandleErrorAttribute.cs*. The contents of the file will look like this:
azure-monitor Ip Collection https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/app/ip-collection.md
By default, IP addresses are temporarily collected but not stored in Application
When telemetry is sent to Azure, Application Insights uses the IP address to do a geolocation lookup by using [GeoLite2 from MaxMind](https://dev.maxmind.com/geoip/geoip2/geolite2/). Application Insights uses the results of this lookup to populate the fields `client_City`, `client_StateOrProvince`, and `client_CountryOrRegion`. The address is then discarded, and `0.0.0.0` is written to the `client_IP` field.
+> [!NOTE]
+> Application Insights uses an older version of the GeoLite2 database. If you experience accuracy issues with IP to geolocation mappings, then as a workaround you can disable IP masking and utilize another geomapping service to convert the client_IP field of the underlying telemetry to a more accurate geolocation. We are currently working on an update to improve the geolocation accuracy.
+ The telemetry types are: * Browser telemetry: Application Insights collects the sender's IP address. The ingestion endpoint calculates the IP address.
azure-monitor Troubleshoot Portal Connectivity https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/app/troubleshoot-portal-connectivity.md
++
+ Title: Application Insights portal connectivity troubleshooting
+description: Troubleshooting guide for Application Insights portal connectivity issues
++ Last updated : 03/09/2022++++
+# "Error retrieving data" message on Application Insights portal
+
+This is a troubleshooting guide for the Application Insights portal when encountering connectivity errors similar to `Error retrieving data` or `Missing localization resource`.
+
+![image Portal connectivity error](./media/troubleshoot-portal-connectivity/troubleshoot-portal-connectivity.png)
+
+The source of the issue is likely third-party browser plugins that interfere with the portal's connectivity.
+
+To confirm that this is the source of the issue and to identify which plugin is interfering:
+
+- Open the portal in an InPrivate or Incognito window and verify the site functions correctly.
+
+- Attempt disabling plugins to identify the one that is causing the connectivity issue.
azure-monitor Azure Cli Metrics Alert Sample https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/azure-cli-metrics-alert-sample.md
condition=$(az monitor metrics alert condition create --aggregation Average \
--dimension $dim01 --output tsv) ```
-To see a list of the possible metrics, run the [az monitor metrics list-definitions](/cli/azure/monitor/metrics#az_monitor_metrics_list_definitions) command. The `--output` parameter displays the values in a readable format.
+To see a list of the possible metrics, run the [az monitor metrics list-definitions](/cli/azure/monitor/metrics#az-monitor-metrics-list-definitions) command. The `--output` parameter displays the values in a readable format.
```azurecli
az monitor metrics alert delete --name alert-02
This article uses the following Azure CLI commands: -- [az appservice plan create](/cli/azure/appservice/plan#az_appservice_plan_create)-- [az appservice plan show](/cli/azure/appservice/plan#az_appservice_plan_show)
+- [az appservice plan create](/cli/azure/appservice/plan#az-appservice-plan-create)
+- [az appservice plan show](/cli/azure/appservice/plan#az-appservice-plan-show)
- [az group create](/cli/azure/group#az-group-create) - [az group delete](/cli/azure/group#az-group-delete)-- [az monitor action-group create](/cli/azure/monitor/action-group#az_monitor_action_group_create)
+- [az monitor action-group create](/cli/azure/monitor/action-group#az-monitor-action-group-create)
- [az monitor metrics alert condition create](/cli/azure/monitor/metrics/alert#az-monitor-metrics-alert-condition-create) - [az monitor metrics alert create](/cli/azure/monitor/metrics/alert#az-monitor-metrics-alert-create) - [az monitor metrics alert delete](/cli/azure/monitor/metrics/alert#az-monitor-metrics-alert-delete) - [az monitor metrics alert dimension create](/cli/azure/monitor/metrics/alert#az-monitor-metrics-alert-dimension-create)-- [az monitor metrics list-definitions](/cli/azure/monitor/metrics#az_monitor_metrics_list_definitions)-- [az vm show](/cli/azure/vm#az_vm_show)
+- [az monitor metrics list-definitions](/cli/azure/monitor/metrics#az-monitor-metrics-list-definitions)
+- [az vm show](/cli/azure/vm#az-vm-show)
## Next steps
azure-monitor Container Insights Azure Redhat Setup https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/containers/container-insights-azure-redhat-setup.md
Container insights provides rich monitoring experience for the Azure Kubernetes
Container insights can be enabled for new, or one or more existing deployments of Azure Red Hat OpenShift using the following supported methods: - For an existing cluster from the Azure portal or using Azure Resource Manager template.-- For a new cluster using Azure Resource Manager template, or while creating a new cluster using the [Azure CLI](/cli/azure/openshift#az_openshift_create).
+- For a new cluster using Azure Resource Manager template, or while creating a new cluster using the [Azure CLI](/cli/azure/openshift#az-openshift-create).
## Supported and unsupported features
azure-monitor Container Insights Azure Redhat4 Setup https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/containers/container-insights-azure-redhat4-setup.md
Container insights provides a rich monitoring experience for Azure Kubernetes Se
You can enable Container insights for one or more existing deployments of Azure Red Hat OpenShift v4.x by using the supported methods described in this article.
-For an existing cluster, run this [Bash script in the Azure CLI](/cli/azure/openshift#az_openshift_create&preserve-view=true).
+For an existing cluster, run this [Bash script in the Azure CLI](/cli/azure/openshift#az-openshift-create&preserve-view=true).
## Supported and unsupported features
azure-monitor Container Insights Hybrid Setup https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/containers/container-insights-hybrid-setup.md
To first identify the full resource ID of your Log Analytics workspace required
} ```
-7. Edit the values for **workspaceResourceId** using the value you copied in step 3, and for **workspaceRegion** copy the **Region** value after running the Azure CLI command [az monitor log-analytics workspace show](/cli/azure/monitor/log-analytics/workspace#az_monitor-log-analytics-workspace-list&preserve-view=true).
+7. Edit the values for **workspaceResourceId** using the value you copied in step 3, and for **workspaceRegion** copy the **Region** value after running the Azure CLI command [az monitor log-analytics workspace show](/cli/azure/monitor/log-analytics/workspace#az-monitor-log-analytics-workspace-list&preserve-view=true).
8. Save this file as containerSolutionParams.json to a local folder.
azure-monitor Container Insights Log Alerts https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/containers/container-insights-log-alerts.md
To alert for high CPU or memory utilization, or low free disk space on cluster n
If you're not familiar with Azure Monitor alerts, see [Overview of alerts in Microsoft Azure](../alerts/alerts-overview.md) before you start. To learn more about alerts that use log queries, see [Log alerts in Azure Monitor](../alerts/alerts-unified-log.md). For more about metric alerts, see [Metric alerts in Azure Monitor](../alerts/alerts-metric-overview.md). ## Log query measurements
-Log query alerts can perform two different measurements of the result of a log query, each of which support distinct scenarios for monitoring virtual machines.
+[Log alerts](../alerts/alerts-unified-log.md) can measure two different things, which can be used to monitor virtual machines in different scenarios:
-[Metric measurement](../alerts/alerts-unified-log.md#calculation-of-a-value) create a separate alert for each record in the query results that has a numeric value that exceeds a threshold defined in the alert rule. These are ideal for numeric data such as CPU.
+- [Result count](../alerts/alerts-unified-log.md#result-count): Counts the number of rows returned by the query, and can be used to work with events such as Windows event logs, syslog, application exceptions.
+- [Calculation of a value](../alerts/alerts-unified-log.md#calculation-of-a-value): Makes a calculation based on a numeric column, and can be used to include any number of resources. For example, CPU percentage.
+### Targeting resources and dimensions
-[Number of results](../alerts/alerts-unified-log.md#result-count) create a single alert when a query returns at least a specified number of records. These are ideal for non-numeric data such or for analyzing performance trends across multiple computers. You may also choose this strategy if you want to minimize your number of alerts or possibly create an alert only when multiple components have the same error condition.
+You can monitor multiple instancesΓÇÖ values with one rule using dimensions. For example, you would use dimensions if you want to monitor the CPU usage on multiple instances running your web site or app, and create an alert for CPU usage of over 80%.
-> [!NOTE]
-> Resource-centric log alert rules, currently in public preview, will simplify log query alerts and replace the functionality currently provided by metric measurement queries. You can use the AKS cluster as a target for the rule which will better identify it as the affected resource. When resource-center log query alerts become generally available, the guidance in this scenario will be updated.
+To create resource-centric alerts at scale for a subscription or resource group, you can **Split by dimensions**. When you want to monitor the same condition on multiple Azure resources, splitting by dimensions splits the alerts into separate alerts by grouping unique combinations using numerical or string columns. Splitting on Azure resource ID column makes the specified resource into the alert target.
+You may also decide not to split when you want a condition on multiple resources in the scope. For example, if you want to create an alert if at least five machines in the resource group scope have CPU usage over 80%.
++
+You might want to see a list of the alerts by affected computer. You can use a custom workbook that uses a custom [Resource Graph](../../governance/resource-graph/overview.md) to provide this view. Use the following query to display alerts, and use the data source **Azure Resource Graph** in the workbook.
## Create a log query alert rule
-[Comparison of log query alert measures](../vm/monitor-virtual-machine-alerts.md#example-log-query-alert) provides a complete walkthrough of log query alert rules for each type of measurement, including a comparison of the log queries supporting each. You can use these same processes to create alert rules for AKS clusters using queries similar to the ones in this article.
+[This example of a log query alert](../vm/monitor-virtual-machine-alerts.md#example-log-query-alert) provides a complete walkthrough of creating a log query alert rule. You can use these same processes to create alert rules for AKS clusters using queries similar to the ones in this article.
## Resource utilization
KubePodInventory
>[!NOTE] >To alert on certain pod phases, such as *Pending*, *Failed*, or *Unknown*, modify the last line of the query. For example, to alert on *FailedCount* use: <br/>`| summarize AggregatedValue = avg(FailedCount) by bin(TimeGenerated, trendBinSize)`
-The following query returns cluster nodes disks which exceed 90% free space used. To get the cluster ID, first run the following query and copy the value from the `ClusterId` property:
+The following query returns cluster nodes disks that exceed 90% free space used. To get the cluster ID, first run the following query and copy the value from the `ClusterId` property:
```kusto InsightsMetrics
azure-monitor Container Insights Optout https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/containers/container-insights-optout.md
After you enable monitoring of your AKS cluster, you can stop monitoring the clu
## Azure CLI
-Use the [az aks disable-addons](/cli/azure/aks#az_aks_disable_addons) command to disable Container insights. The command removes the agent from the cluster nodes, it does not remove the solution or the data already collected and stored in your Azure Monitor resource.
+Use the [az aks disable-addons](/cli/azure/aks#az-aks-disable-addons) command to disable Container insights. The command removes the agent from the cluster nodes, it does not remove the solution or the data already collected and stored in your Azure Monitor resource.
```azurecli az aks disable-addons -a monitoring -n MyExistingManagedCluster -g MyExistingManagedClusterRG
azure-monitor Azure Cli Application Insights Component https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/insights/azure-cli-application-insights-component.md
The examples in this article do the following management tasks:
## Create a component
-If you don't already have a resource group and workspace, create them by using [az group create](/cli/azure/group#az_group_create) and [az monitor log-analytics workspace create](/cli/azure/monitor/log-analytics/workspace#az_monitor_log_analytics_workspace_create):
+If you don't already have a resource group and workspace, create them by using [az group create](/cli/azure/group#az-group-create) and [az monitor log-analytics workspace create](/cli/azure/monitor/log-analytics/workspace#az-monitor-log-analytics-workspace-create):
```azurecli az group create --name ContosoAppInsightRG --location eastus2
az monitor log-analytics workspace create --resource-group ContosoAppInsightRG \
--workspace-name AppInWorkspace ```
-To create a component, run the [az monitor app-insights component create](/cli/azure/monitor/app-insights/component#az_monitor_app_insights_component_create) command. The [az monitor app-insights component show](/cli/azure/monitor/app-insights/component#az_monitor_app_insights_component_show) command displays the component.
+To create a component, run the [az monitor app-insights component create](/cli/azure/monitor/app-insights/component#az-monitor-app-insights-component-create) command. The [az monitor app-insights component show](/cli/azure/monitor/app-insights/component#az-monitor-app-insights-component-show) command displays the component.
```azurecli az monitor app-insights component create --resource-group ContosoAppInsightRG \
az monitor app-insights component show --resource-group ContosoAppInsightRG --ap
## Connect a webapp
-This example connects your component to a webapp. You can create a webapp by using the [az appservice plan create](/cli/azure/appservice/plan#az_appservice_plan_create) and [az webapp create](/cli/azure/webapp#az_webapp_create) commands:
+This example connects your component to a webapp. You can create a webapp by using the [az appservice plan create](/cli/azure/appservice/plan#az-appservice-plan-create) and [az webapp create](/cli/azure/webapp#az-webapp-create) commands:
```azurecli az appservice plan create --resource-group ContosoAppInsightRG --name ContosoAppService
az webapp create --resource-group ContosoAppInsightRG --name ContosoApp \
--plan ContosoAppService --name ContosoApp8765 ```
-Run the [az monitor app-insights component connect-webapp](/cli/azure/monitor/app-insights/component#az_monitor_app_insights_component_connect_webapp) command to connect your component to the webapp:
+Run the [az monitor app-insights component connect-webapp](/cli/azure/monitor/app-insights/component#az-monitor-app-insights-component-connect-webapp) command to connect your component to the webapp:
```azurecli az monitor app-insights component connect-webapp --resource-group ContosoAppInsightRG \ --app ContosoApp --web-app ContosoApp8765 --enable-debugger false --enable-profiler false ```
-You can instead connect to an Azure function by using the [az monitor app-insights component connect-function](/cli/azure/monitor/app-insights/component#az_monitor_app_insights_component_connect_function) command.
+You can instead connect to an Azure function by using the [az monitor app-insights component connect-function](/cli/azure/monitor/app-insights/component#az-monitor-app-insights-component-connect-function) command.
## Link a component to storage
-You can link a component to a storage account. To create a storage account, use the [az storage account create](/cli/azure/storage/account#az_storage_account_create) command:
+You can link a component to a storage account. To create a storage account, use the [az storage account create](/cli/azure/storage/account#az-storage-account-create) command:
```azurecli az storage account create --resource-group ContosoAppInsightRG \ --name contosolinkedstorage --location eastus2 --sku Standard_LRS ```
-To link your component to the storage account, run the [az monitor app-insights component linked-storage link](/cli/azure/monitor/app-insights/component/linked-storage#az_monitor_app_insights_component_linked_storage_link) command. You can see the existing links by using the [az monitor app-insights component linked-storage show](/cli/azure/monitor/app-insights/component/linked-storage#az_monitor_app_insights_component_linked_storage_show) command:
+To link your component to the storage account, run the [az monitor app-insights component linked-storage link](/cli/azure/monitor/app-insights/component/linked-storage#az-monitor-app-insights-component-linked-storage-link) command. You can see the existing links by using the [az monitor app-insights component linked-storage show](/cli/azure/monitor/app-insights/component/linked-storage#az-monitor-app-insights-component-linked-storage-show) command:
```azurecli
az monitor app-insights component linked-storage show --resource-group ContosoAp
--app ContosoApp ```
-To unlink the storage, run the [az monitor app-insights component linked-storage unlink](/cli/azure/monitor/app-insights/component/linked-storage#az_monitor_app_insights_component_linked_storage_unlink) command:
+To unlink the storage, run the [az monitor app-insights component linked-storage unlink](/cli/azure/monitor/app-insights/component/linked-storage#az-monitor-app-insights-component-linked-storage-unlink) command:
```AzureCLI az monitor app-insights component linked-storage unlink \
Continuous export saves events from Application Insights portal in a storage con
> Continuous export is only supported for classic Application Insights resources. [Workspace-based Application Insights resources](../app/create-workspace-resource.md) must use [diagnostic settings](../app/create-workspace-resource.md#export-telemetry). >
-To create a storage container, run the [az storage container create](/cli/azure/storage/container#az_storage_container_create) command.
+To create a storage container, run the [az storage container create](/cli/azure/storage/container#az-storage-container-create) command.
```azurecli az storage container create --name contosostoragecontainer --account-name contosolinkedstorage \ --public-access blob ```
-You need access for the container to be write only. Run the [az storage container policy create](/cli/azure/storage/container/policy#az_storage_container_policy_create) cmdlet:
+You need access for the container to be write only. Run the [az storage container policy create](/cli/azure/storage/container/policy#az-storage-container-policy-create) cmdlet:
```azurecli az storage container policy create --container-name contosostoragecontainer \ --account-name contosolinkedstorage --name WAccessPolicy --permissions w ```
-Create an SAS key by using the [az storage container generate-sas](/cli/azure/storage/container#az_storage_container_generate_sas) command. Be sure to use the `--output tsv` parameter value to save the key without unwanted formatting like quotation marks. For more information, see [Use Azure CLI effectively](/cli/azure/use-cli-effectively).
+Create an SAS key by using the [az storage container generate-sas](/cli/azure/storage/container#az-storage-container-generate-sas) command. Be sure to use the `--output tsv` parameter value to save the key without unwanted formatting like quotation marks. For more information, see [Use Azure CLI effectively](/cli/azure/use-cli-effectively).
```azurecli containersas=$(az storage container generate-sas --name contosostoragecontainer \ --account-name contosolinkedstorage --permissions w --output tsv) ```
-To create a continuous export, run the [az monitor app-insights component continues-export create](/cli/azure/monitor/app-insights/component/continues-export#az_monitor_app_insights_component_continues_export_create) command:
+To create a continuous export, run the [az monitor app-insights component continues-export create](/cli/azure/monitor/app-insights/component/continues-export#az-monitor-app-insights-component-continues-export-create) command:
```azurecli az monitor app-insights component continues-export create --resource-group ContosoAppInsightRG \
az monitor app-insights component continues-export create --resource-group Conto
--dest-sas $containersas ```
-You can delete a configured continuous export by using the [az monitor app-insights component continues-export delete](/cli/azure/monitor/app-insights/component/continues-export#az_monitor_app_insights_component_continues_export_delete) command:
+You can delete a configured continuous export by using the [az monitor app-insights component continues-export delete](/cli/azure/monitor/app-insights/component/continues-export#az-monitor-app-insights-component-continues-export-delete) command:
```azurecli az monitor app-insights component continues-export list \
az monitor app-insights component continues-export delete \
## Clean up deployment
-If you created a resource group to test these commands, you can remove the resource group and all its contents by using the [az group delete](/cli/azure/group#az_group_delete) command:
+If you created a resource group to test these commands, you can remove the resource group and all its contents by using the [az group delete](/cli/azure/group#az-group-delete) command:
```azurecli az group delete --name ContosoAppInsightRG
az group delete --name ContosoAppInsightRG
## Azure CLI commands used in this article -- [az appservice plan create](/cli/azure/appservice/plan#az_appservice_plan_create)-- [az group create](/cli/azure/group#az_group_create)-- [az group delete](/cli/azure/group#az_group_delete)-- [az monitor app-insights component connect-webapp](/cli/azure/monitor/app-insights/component#az_monitor_app_insights_component_connect_webapp)-- [az monitor app-insights component continues-export create](/cli/azure/monitor/app-insights/component/continues-export#az_monitor_app_insights_component_continues_export_create)-- [az monitor app-insights component continues-export delete](/cli/azure/monitor/app-insights/component/continues-export#az_monitor_app_insights_component_continues_export_delete)-- [az monitor app-insights component continues-export list](/cli/azure/monitor/app-insights/component/continues-export#az_monitor_app_insights_component_continues_export_list)-- [az monitor app-insights component create](/cli/azure/monitor/app-insights/component#az_monitor_app_insights_component_create)-- [az monitor app-insights component linked-storage link](/cli/azure/monitor/app-insights/component/linked-storage#az_monitor_app_insights_component_linked_storage_link)-- [az monitor app-insights component linked-storage unlink](/cli/azure/monitor/app-insights/component/linked-storage#az_monitor_app_insights_component_linked_storage_unlink)-- [az monitor app-insights component show](/cli/azure/monitor/app-insights/component#az_monitor_app_insights_component_show)-- [az monitor log-analytics workspace create](/cli/azure/monitor/log-analytics/workspace#az_monitor_log_analytics_workspace_create)-- [az storage account create](/cli/azure/storage/account#az_storage_account_create)-- [az storage container create](/cli/azure/storage/container#az_storage_container_create)-- [az storage container generate-sas](/cli/azure/storage/container#az_storage_container_generate_sas)-- [az storage container policy create](/cli/azure/storage/container/policy#az_storage_container_policy_create)-- [az webapp create](/cli/azure/webapp#az_webapp_create)
+- [az appservice plan create](/cli/azure/appservice/plan#az-appservice-plan-create)
+- [az group create](/cli/azure/group#az-group-create)
+- [az group delete](/cli/azure/group#az-group-delete)
+- [az monitor app-insights component connect-webapp](/cli/azure/monitor/app-insights/component#az-monitor-app-insights-component-connect-webapp)
+- [az monitor app-insights component continues-export create](/cli/azure/monitor/app-insights/component/continues-export#az-monitor-app-insights-component-continues-export-create)
+- [az monitor app-insights component continues-export delete](/cli/azure/monitor/app-insights/component/continues-export#az-monitor-app-insights-component-continues-export-delete)
+- [az monitor app-insights component continues-export list](/cli/azure/monitor/app-insights/component/continues-export#az-monitor-app-insights-component-continues-export-list)
+- [az monitor app-insights component create](/cli/azure/monitor/app-insights/component#az-monitor-app-insights-component-create)
+- [az monitor app-insights component linked-storage link](/cli/azure/monitor/app-insights/component/linked-storage#az-monitor-app-insights-component-linked-storage-link)
+- [az monitor app-insights component linked-storage unlink](/cli/azure/monitor/app-insights/component/linked-storage#az-monitor-app-insights-component-linked-storage-unlink)
+- [az monitor app-insights component show](/cli/azure/monitor/app-insights/component#az-monitor-app-insights-component-show)
+- [az monitor log-analytics workspace create](/cli/azure/monitor/log-analytics/workspace#az-monitor-log-analytics-workspace-create)
+- [az storage account create](/cli/azure/storage/account#az-storage-account-create)
+- [az storage container create](/cli/azure/storage/container#az-storage-container-create)
+- [az storage container generate-sas](/cli/azure/storage/container#az-storage-container-generate-sas)
+- [az storage container policy create](/cli/azure/storage/container/policy#az-storage-container-policy-create)
+- [az webapp create](/cli/azure/webapp#az-webapp-create)
## Next steps
azure-monitor Azure Cli Log Analytics Workspace Sample https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/logs/azure-cli-log-analytics-workspace-sample.md
Use the Azure CLI commands described here to manage your log analytics workspace
## Create a workspace for Monitor Logs
-Run the [az group create](/cli/azure/group#az_group_create) command to create a resource group or use an existing resource group. To create a workspace, use the [az monitor log-analytics workspace create](/cli/azure/monitor/log-analytics/workspace#az_monitor_log_analytics_workspace_create) command.
+Run the [az group create](/cli/azure/group#az-group-create) command to create a resource group or use an existing resource group. To create a workspace, use the [az monitor log-analytics workspace create](/cli/azure/monitor/log-analytics/workspace#az-monitor-log-analytics-workspace-create) command.
```azurecli az group create --name ContosoRG --location eastus2
For more information about workspaces, see [Azure Monitor Logs overview](./data-
Each workspace contains tables with columns that have multiple rows of data. Each table is defined by a unique set of columns of data provided by the data source.
-To see the tables in your workspace, use the [az monitor log-analytics workspace table list](/cli/azure/monitor/log-analytics/workspace/table#az_monitor_log_analytics_workspace_table_list) command:
+To see the tables in your workspace, use the [az monitor log-analytics workspace table list](/cli/azure/monitor/log-analytics/workspace/table#az-monitor-log-analytics-workspace-table-list) command:
```azurecli az monitor log-analytics workspace table list --resource-group ContosoRG \
az monitor log-analytics workspace table list --resource-group ContosoRG \
The output value `table` presents the results in a more readable format. For more information, see [Output formatting](/cli/azure/use-cli-effectively#output-formatting).
-To change the retention time for a table, run the [az monitor log-analytics workspace table update](/cli/azure/monitor/log-analytics/workspace/table#az_monitor_log_analytics_workspace_table_update) command:
+To change the retention time for a table, run the [az monitor log-analytics workspace table update](/cli/azure/monitor/log-analytics/workspace/table#az-monitor-log-analytics-workspace-table-update) command:
```azurecli az monitor log-analytics workspace table update --resource-group ContosoRG \
az monitor log-analytics workspace table delete ΓÇôsubscription ContosoSID --res
## Export data from selected tables
-You can continuously export data from selected tables to an Azure storage account or Azure Event Hubs. Use the [az monitor log-analytics workspace data-export create](/cli/azure/monitor/log-analytics/workspace/data-export#az_monitor_log_analytics_workspace_data_export_create) command:
+You can continuously export data from selected tables to an Azure storage account or Azure Event Hubs. Use the [az monitor log-analytics workspace data-export create](/cli/azure/monitor/log-analytics/workspace/data-export#az-monitor-log-analytics-workspace-data-export-create) command:
```azurecli az monitor log-analytics workspace data-export create --resource-group ContosoRG \
az monitor log-analytics workspace data-export create --resource-group ContosoRG
--enable ```
-To see your data exports, run the [az monitor log-analytics workspace data-export list](/cli/azure/monitor/log-analytics/workspace/data-export#az_monitor_log_analytics_workspace_data_export_list) command.
+To see your data exports, run the [az monitor log-analytics workspace data-export list](/cli/azure/monitor/log-analytics/workspace/data-export#az-monitor-log-analytics-workspace-data-export-list) command.
```azurecli az monitor log-analytics workspace data-export list --resource-group ContosoRG \ --workspace-name ContosoWorkspace --output table ```
-To delete a data export, run the [az monitor log-analytics workspace data-export delete](/cli/azure/monitor/log-analytics/workspace/data-export#az_monitor_log_analytics_workspace_data_export_delete) command. The `--yes` parameter skips confirmation.
+To delete a data export, run the [az monitor log-analytics workspace data-export delete](/cli/azure/monitor/log-analytics/workspace/data-export#az-monitor-log-analytics-workspace-data-export-delete) command. The `--yes` parameter skips confirmation.
```azurecli az monitor log-analytics workspace data-export delete --resource-group ContosoRG \
For more information about data export, see [Log Analytics workspace data export
Linked services define a relation from the workspace to another Azure resource. Azure Monitor Logs and Azure resources use this connection in their operations. Example uses of linked services, including an automation account and a workspace association to customer-managed keys.
-To create a linked service, run the [az monitor log-analytics workspace linked-service create](/cli/azure/monitor/log-analytics/workspace/linked-service#az_monitor_log_analytics_workspace_linked_service_create) command:
+To create a linked service, run the [az monitor log-analytics workspace linked-service create](/cli/azure/monitor/log-analytics/workspace/linked-service#az-monitor-log-analytics-workspace-linked-service-create) command:
```azurecli az monitor log-analytics workspace linked-service create --resource-group ContosoRG \
az monitor log-analytics workspace linked-service list --resource-group ContosoR
--workspace-name ContosoWorkspace ```
-To remove a linked service relation, run the [az monitor log-analytics workspace linked-service delete](/cli/azure/monitor/log-analytics/workspace/linked-service#az_monitor_log_analytics_workspace_linked_service_delete) command:
+To remove a linked service relation, run the [az monitor log-analytics workspace linked-service delete](/cli/azure/monitor/log-analytics/workspace/linked-service#az-monitor-log-analytics-workspace-linked-service-delete) command:
```azurecli az monitor log-analytics workspace linked-service delete --resource-group ContosoRG \
For more information, see [az monitor log-analytics workspace linked-service](/c
If you provide and manage your own storage account for log analytics, you can manage it with these Azure CLI commands.
-To link your workspace to a storage account, run the [az monitor log-analytics workspace linked-storage create](/cli/azure/monitor/log-analytics/workspace/linked-storage#az_monitor_log_analytics_workspace_linked_storage_create) command:
+To link your workspace to a storage account, run the [az monitor log-analytics workspace linked-storage create](/cli/azure/monitor/log-analytics/workspace/linked-storage#az-monitor-log-analytics-workspace-linked-storage-create) command:
```azurecli az monitor log-analytics workspace linked-storage create --resource-group ContosoRG \
az monitor log-analytics workspace linked-storage list --resource-group ContosoR
--workspace-name ContosoWorkspace --output table ```
-To remove the link to a storage account, run the [az monitor log-analytics workspace linked-storage delete](/cli/azure/monitor/log-analytics/workspace/linked-storage#az_monitor_log_analytics_workspace_linked_storage_delete) command:
+To remove the link to a storage account, run the [az monitor log-analytics workspace linked-storage delete](/cli/azure/monitor/log-analytics/workspace/linked-storage#az-monitor-log-analytics-workspace-linked-storage-delete) command:
```azurecli az monitor log-analytics workspace linked-storage delete --resource-group ContosoRG \
For more information, see, [Using customer-managed storage accounts in Azure Mon
## Manage intelligence packs
-To see the available intelligence packs, run the [az monitor log-analytics workspace pack list](/cli/azure/monitor/log-analytics/workspace/pack#az_monitor_log_analytics_workspace_pack_list) command. The command also tells you whether the pack is enabled.
+To see the available intelligence packs, run the [az monitor log-analytics workspace pack list](/cli/azure/monitor/log-analytics/workspace/pack#az-monitor-log-analytics-workspace-pack-list) command. The command also tells you whether the pack is enabled.
```azurecli az monitor log-analytics workspace pack list --resource-group ContosoRG \ --workspace-name ContosoWorkspace ```
-Use the [az monitor log-analytics workspace pack enable](/cli/azure/monitor/log-analytics/workspace/pack#az_monitor_log_analytics_workspace_pack_enable) or [az monitor log-analytics workspace pack disable](/cli/azure/monitor/log-analytics/workspace/pack#az_monitor_log_analytics_workspace_pack_disable) commands:
+Use the [az monitor log-analytics workspace pack enable](/cli/azure/monitor/log-analytics/workspace/pack#az-monitor-log-analytics-workspace-pack-enable) or [az monitor log-analytics workspace pack disable](/cli/azure/monitor/log-analytics/workspace/pack#az-monitor-log-analytics-workspace-pack-disable) commands:
```azurecli az monitor log-analytics workspace pack enable --resource-group ContosoRG \
az monitor log-analytics workspace pack disable --resource-group ContosoRG \
## Manage saved searches
-To create a saved search, run the [az monitor log-analytics workspace saved-search](/cli/azure/monitor/log-analytics/workspace/saved-search#az_monitor_log_analytics_workspace_saved_search_create) command:
+To create a saved search, run the [az monitor log-analytics workspace saved-search](/cli/azure/monitor/log-analytics/workspace/saved-search#az-monitor-log-analytics-workspace-saved-search-create) command:
```azurecli az monitor log-analytics workspace saved-search create --resource-group ContosoRG \
az monitor log-analytics workspace saved-search create --resource-group ContosoR
--saved-query "AzureActivity | summarize count() by bin(TimeGenerated, 1h)" --fa Function01 --fp "a:string = value" ```
-View your saved search by using the [az monitor log-analytics workspace saved-search show](/cli/azure/monitor/log-analytics/workspace/saved-search#az_monitor_log_analytics_workspace_saved_search_show) command. See all saved searches by using [az monitor log-analytics workspace saved-search list](/cli/azure/monitor/log-analytics/workspace/saved-search#az_monitor_log_analytics_workspace_saved_search_list).
+View your saved search by using the [az monitor log-analytics workspace saved-search show](/cli/azure/monitor/log-analytics/workspace/saved-search#az-monitor-log-analytics-workspace-saved-search-show) command. See all saved searches by using [az monitor log-analytics workspace saved-search list](/cli/azure/monitor/log-analytics/workspace/saved-search#az-monitor-log-analytics-workspace-saved-search-list).
```azurecli az monitor log-analytics workspace saved-search show --resource-group ContosoRG \
az monitor log-analytics workspace saved-search list --resource-group ContosoRG
--workspace-name ContosoWorkspace ```
-To delete a saved search, run the [az monitor log-analytics workspace saved-search delete](/cli/azure/monitor/log-analytics/workspace/saved-search#az_monitor_log_analytics_workspace_saved_search_delete) command:
+To delete a saved search, run the [az monitor log-analytics workspace saved-search delete](/cli/azure/monitor/log-analytics/workspace/saved-search#az-monitor-log-analytics-workspace-saved-search-delete) command:
```azurecli az monitor log-analytics workspace saved-search delete --resource-group ContosoRG \
If you created a resource group to test these commands, you can remove the resou
az group delete --name ContosoRG ```
-If you want to remove a new workspace from an existing resource group, run the [az monitor log-analytics workspace delete](/cli/azure/monitor/log-analytics/workspace#az_monitor_log_analytics_workspace_delete) command:
+If you want to remove a new workspace from an existing resource group, run the [az monitor log-analytics workspace delete](/cli/azure/monitor/log-analytics/workspace#az-monitor-log-analytics-workspace-delete) command:
```azurecli az monitor log-analytics workspace delete --resource-group ContosoRG --workspace-name ContosoWorkspace --yes ```
-Log analytics workspaces have a soft delete option. You can recover a deleted workspace for two weeks after deletion. Run the [az monitor log-analytics workspace recover](/cli/azure/monitor/log-analytics/workspace#az_monitor_log_analytics_workspace_recover) command:
+Log analytics workspaces have a soft delete option. You can recover a deleted workspace for two weeks after deletion. Run the [az monitor log-analytics workspace recover](/cli/azure/monitor/log-analytics/workspace#az-monitor-log-analytics-workspace-recover) command:
```azurecli az monitor log-analytics workspace recover --resource-group ContosoRG
In the delete command, add the `--force` parameter to delete the workspace immed
## Azure CLI commands used in this article -- [az group create](/cli/azure/group#az_group_create)
+- [az group create](/cli/azure/group#az-group-create)
- [az group delete](/cli/azure/group#az-group-delete)-- [az monitor log-analytics workspace create](/cli/azure/monitor/log-analytics/workspace#az_monitor_log_analytics_workspace_create)-- [az monitor log-analytics workspace data-export create](/cli/azure/monitor/log-analytics/workspace/data-export#az_monitor_log_analytics_workspace_data_export_create)-- [az monitor log-analytics workspace data-export delete](/cli/azure/monitor/log-analytics/workspace/data-export#az_monitor_log_analytics_workspace_data_export_delete)-- [az monitor log-analytics workspace data-export list](/cli/azure/monitor/log-analytics/workspace/data-export#az_monitor_log_analytics_workspace_data_export_list)-- [az monitor log-analytics workspace delete](/cli/azure/monitor/log-analytics/workspace#az_monitor_log_analytics_workspace_delete)-- [az monitor log-analytics workspace linked-service create](/cli/azure/monitor/log-analytics/workspace/linked-service#az_monitor_log_analytics_workspace_linked_service_create)-- [az monitor log-analytics workspace linked-service delete](/cli/azure/monitor/log-analytics/workspace/linked-service#az_monitor_log_analytics_workspace_linked_service_delete)-- [az monitor log-analytics workspace linked-storage create](/cli/azure/monitor/log-analytics/workspace/linked-storage#az_monitor_log_analytics_workspace_linked_storage_create)-- [az monitor log-analytics workspace linked-storage delete](/cli/azure/monitor/log-analytics/workspace/linked-storage#az_monitor_log_analytics_workspace_linked_storage_delete)-- [az monitor log-analytics workspace pack disable](/cli/azure/monitor/log-analytics/workspace/pack#az_monitor_log_analytics_workspace_pack_disable)-- [az monitor log-analytics workspace pack enable](/cli/azure/monitor/log-analytics/workspace/pack#az_monitor_log_analytics_workspace_pack_enable)-- [az monitor log-analytics workspace pack list](/cli/azure/monitor/log-analytics/workspace/pack#az_monitor_log_analytics_workspace_pack_list)-- [az monitor log-analytics workspace recover](/cli/azure/monitor/log-analytics/workspace#az_monitor_log_analytics_workspace_recover)-- [az monitor log-analytics workspace saved-search delete](/cli/azure/monitor/log-analytics/workspace/saved-search#az_monitor_log_analytics_workspace_saved_search_delete)-- [az monitor log-analytics workspace saved-search list](/cli/azure/monitor/log-analytics/workspace/saved-search#az_monitor_log_analytics_workspace_saved_search_list)-- [az monitor log-analytics workspace saved-search show](/cli/azure/monitor/log-analytics/workspace/saved-search#az_monitor_log_analytics_workspace_saved_search_show)-- [az monitor log-analytics workspace saved-search](/cli/azure/monitor/log-analytics/workspace/saved-search#az_monitor_log_analytics_workspace_saved_search_create)-- [az monitor log-analytics workspace table list](/cli/azure/monitor/log-analytics/workspace/table#az_monitor_log_analytics_workspace_table_list)-- [az monitor log-analytics workspace table update](/cli/azure/monitor/log-analytics/workspace/table#az_monitor_log_analytics_workspace_table_update)
+- [az monitor log-analytics workspace create](/cli/azure/monitor/log-analytics/workspace#az-monitor-log-analytics-workspace-create)
+- [az monitor log-analytics workspace data-export create](/cli/azure/monitor/log-analytics/workspace/data-export#az-monitor-log-analytics-workspace-data-export-create)
+- [az monitor log-analytics workspace data-export delete](/cli/azure/monitor/log-analytics/workspace/data-export#az-monitor-log-analytics-workspace-data-export-delete)
+- [az monitor log-analytics workspace data-export list](/cli/azure/monitor/log-analytics/workspace/data-export#az-monitor-log-analytics-workspace-data-export-list)
+- [az monitor log-analytics workspace delete](/cli/azure/monitor/log-analytics/workspace#az-monitor-log-analytics-workspace-delete)
+- [az monitor log-analytics workspace linked-service create](/cli/azure/monitor/log-analytics/workspace/linked-service#az-monitor-log-analytics-workspace-linked-service-create)
+- [az monitor log-analytics workspace linked-service delete](/cli/azure/monitor/log-analytics/workspace/linked-service#az-monitor-log-analytics-workspace-linked-service-delete)
+- [az monitor log-analytics workspace linked-storage create](/cli/azure/monitor/log-analytics/workspace/linked-storage#az-monitor-log-analytics-workspace-linked-storage-create)
+- [az monitor log-analytics workspace linked-storage delete](/cli/azure/monitor/log-analytics/workspace/linked-storage#az-monitor-log-analytics-workspace-linked-storage-delete)
+- [az monitor log-analytics workspace pack disable](/cli/azure/monitor/log-analytics/workspace/pack#az-monitor-log-analytics-workspace-pack-disable)
+- [az monitor log-analytics workspace pack enable](/cli/azure/monitor/log-analytics/workspace/pack#az-monitor-log-analytics-workspace-pack-enable)
+- [az monitor log-analytics workspace pack list](/cli/azure/monitor/log-analytics/workspace/pack#az-monitor-log-analytics-workspace-pack-list)
+- [az monitor log-analytics workspace recover](/cli/azure/monitor/log-analytics/workspace#az-monitor-log-analytics-workspace-recover)
+- [az monitor log-analytics workspace saved-search delete](/cli/azure/monitor/log-analytics/workspace/saved-search#az-monitor-log-analytics-workspace-saved-search-delete)
+- [az monitor log-analytics workspace saved-search list](/cli/azure/monitor/log-analytics/workspace/saved-search#az-monitor-log-analytics-workspace-saved-search-list)
+- [az monitor log-analytics workspace saved-search show](/cli/azure/monitor/log-analytics/workspace/saved-search#az-monitor-log-analytics-workspace-saved-search-show)
+- [az monitor log-analytics workspace saved-search](/cli/azure/monitor/log-analytics/workspace/saved-search#az-monitor-log-analytics-workspace-saved-search-create)
+- [az monitor log-analytics workspace table list](/cli/azure/monitor/log-analytics/workspace/table#az-monitor-log-analytics-workspace-table-list)
+- [az monitor log-analytics workspace table update](/cli/azure/monitor/log-analytics/workspace/table#az-monitor-log-analytics-workspace-table-update)
## Next steps
azure-monitor Unify App Resource Data https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/logs/unify-app-resource-data.md
na Previously updated : 09/22/2020+ Last updated : 03/23/2022
azure-monitor Monitor Reference https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/monitor-reference.md
The table below lists the available curated visualizations and more detailed inf
| [Azure Monitor SAP](../virtual-machines/workloads/sap/monitor-sap-on-azure.md) | GA | No | An Azure-native monitoring product for anyone running their SAP landscapes on Azure. It works with both SAP on Azure Virtual Machines and SAP on Azure Large Instances. Collects telemetry data from Azure infrastructure and databases in one central location and visually correlate the data for faster troubleshooting. You can monitor different components of an SAP landscape, such as Azure virtual machines (VMs), high-availability cluster, SAP HANA database, SAP NetWeaver, and so on, by adding the corresponding provider for that component. | | [Azure Stack HCI insights](/azure-stack/hci/manage/azure-stack-hci-insights) | Preview | [Yes](https://portal.azure.com/#blade/Microsoft_Azure_Monitoring/AzureMonitoringBrowseBlade/azureStackHCIInsights) | Azure Monitor Workbook based. Provides health, performance, and usage insights about registered Azure Stack HCI, version 21H2 clusters that are connected to Azure and are enrolled in monitoring. It stores its data in a Log Analytics workspace, which allows it to deliver powerful aggregation and filtering and analyze data trends over time. | | [Azure VM Insights](/azure/azure-monitor/insights/vminsights-overview) | GA | [Yes](https://portal.azure.com/#blade/Microsoft_Azure_Monitoring/AzureMonitoringBrowseBlade/virtualMachines) | Monitors your Azure virtual machines (VM) and virtual machine scale sets at scale. It analyzes the performance and health of your Windows and Linux VMs, and monitors their processes and dependencies on other resources and external processes. |
- | [Azure Virtual Desktop Insights](../virtual-desktop/azure-monitor.md) | GA | [Yes](https://portal.azure.com/#blade/Microsoft_Azure_WVD/WvdManagerMenuBlade/insights/menuId/insights) | Azure Virtual Desktop Insights is a dashboard built on Azure Monitor Workbooks that helps IT professionals understand their Windows Virtual Desktop environments. |
+ | [Azure Virtual Desktop Insights](../virtual-desktop/azure-monitor.md) | GA | [Yes](https://portal.azure.com/#blade/Microsoft_Azure_WVD/WvdManagerMenuBlade/insights/menuId/insights) | Azure Virtual Desktop Insights is a dashboard built on Azure Monitor Workbooks that helps IT professionals understand their Azure Virtual Desktop environments. |
## Product integrations
The following table lists Azure services and the data they collect into Azure Mo
| [Azure Database for PostgreSQL](../postgresql/index.yml) | Microsoft.DBforPostgreSQL/serverGroupsv2 | [**Yes**](./essentials/metrics-supported.md#microsoftdbforpostgresqlservergroupsv2) | [**Yes**](./essentials/resource-logs-categories.md#microsoftdbforpostgresqlservergroupsv2) | | | | [Azure Database for PostgreSQL](../postgresql/index.yml) | Microsoft.DBforPostgreSQL/servers | [**Yes**](./essentials/metrics-supported.md#microsoftdbforpostgresqlservers) | [**Yes**](./essentials/resource-logs-categories.md#microsoftdbforpostgresqlservers) | | | | [Azure Database for PostgreSQL](../postgresql/index.yml) | Microsoft.DBforPostgreSQL/serversv2 | [**Yes**](./essentials/metrics-supported.md#microsoftdbforpostgresqlserversv2) | [**Yes**](./essentials/resource-logs-categories.md#microsoftdbforpostgresqlserversv2) | | |
- | [Microsoft Windows Virtual Desktop](../virtual-desktop/index.yml) | Microsoft.DesktopVirtualization/applicationgroups | No | [**Yes**](./essentials/resource-logs-categories.md#microsoftdesktopvirtualizationapplicationgroups) | [Windows Virtual Desktop Insights](../virtual-desktop/azure-monitor.md) | |
- | [Microsoft Windows Virtual Desktop](../virtual-desktop/index.yml) | Microsoft.DesktopVirtualization/hostpools | No | [**Yes**](./essentials/resource-logs-categories.md#microsoftdesktopvirtualizationhostpools) | [Windows Virtual Desktop Insights](../virtual-desktop/azure-monitor.md) | |
- | [Microsoft Windows Virtual Desktop](../virtual-desktop/index.yml) | Microsoft.DesktopVirtualization/workspaces | No | [**Yes**](./essentials/resource-logs-categories.md#microsoftdesktopvirtualizationworkspaces) | | |
+ | [Microsoft Azure Virtual Desktop](../virtual-desktop/index.yml) | Microsoft.DesktopVirtualization/applicationgroups | No | [**Yes**](./essentials/resource-logs-categories.md#microsoftdesktopvirtualizationapplicationgroups) | [Azure Virtual Desktop Insights](../virtual-desktop/azure-monitor.md) | |
+ | [Microsoft Azure Virtual Desktop](../virtual-desktop/index.yml) | Microsoft.DesktopVirtualization/hostpools | No | [**Yes**](./essentials/resource-logs-categories.md#microsoftdesktopvirtualizationhostpools) | [Azure Virtual Desktop Insights](../virtual-desktop/azure-monitor.md) | |
+ | [Microsoft Azure Virtual Desktop](../virtual-desktop/index.yml) | Microsoft.DesktopVirtualization/workspaces | No | [**Yes**](./essentials/resource-logs-categories.md#microsoftdesktopvirtualizationworkspaces) | | |
| [Azure IoT Hub](../iot-hub/index.yml) | Microsoft.Devices/ElasticPools | [**Yes**](./essentials/metrics-supported.md#microsoftdeviceselasticpools) | No | | | | [Azure IoT Hub](../iot-hub/index.yml) | Microsoft.Devices/ElasticPools/IotHubTenants | [**Yes**](./essentials/metrics-supported.md#microsoftdeviceselasticpoolsiothubtenants) | [**Yes**](./essentials/resource-logs-categories.md#microsoftdeviceselasticpoolsiothubtenants) | | | | [Azure IoT Hub](../iot-hub/index.yml) | Microsoft.Devices/IotHubs | [**Yes**](./essentials/metrics-supported.md#microsoftdevicesiothubs) | [**Yes**](./essentials/resource-logs-categories.md#microsoftdevicesiothubs) | | |
azure-monitor Monitor Virtual Machine Alerts https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/vm/monitor-virtual-machine-alerts.md
Metric rules for virtual machines can use the following data:
> When VM insights supports the Azure Monitor agent, which is currently in public preview, it sends performance data from the guest operating system to Metrics so that you can use metric alerts. ### Log alerts
-[Log alerts](../alerts/alerts-unified-log.md) can measure two different things, each of which supports distinct scenarios for monitoring virtual machines:
+[Log alerts](../alerts/alerts-unified-log.md) can measure two different things which can be used to monitor virtual machines in different scenarios:
-- [Result count](../alerts/alerts-unified-log.md#result-count): This measure counts the number of rows returned by the query, and can be used to work with events such as Windows event logs, syslog, application exceptions.-- [Calculation of a value](../alerts/alerts-unified-log.md#calculation-of-a-value): This measure is based on a numeric column and can be used to include any number of resources. For example, CPU percentage.
+- [Result count](../alerts/alerts-unified-log.md#result-count): Counts the number of rows returned by the query, and can be used to work with events such as Windows event logs, syslog, application exceptions.
+- [Calculation of a value](../alerts/alerts-unified-log.md#calculation-of-a-value): Makes a calculation based on a numeric column, and can be used to include any number of resources. For example, CPU percentage.
### Targeting resources and dimensions You can monitor multiple instancesΓÇÖ values with one rule using dimensions. You would use dimensions if, for example, you want to monitor CPU usage on multiple instances running your web site or app for CPU usage over 80%.
-To create resource-centric alerts at scale for a subscription or resource group, you can use the **Split by dimensions** section of the condition to split alerts into separate alerts by grouping unique combinations using numerical or string columns. When you want to monitor the same condition on multiple Azure resources, splitting on Azure resource ID column will change the target of the alert to the specified resource.
+To create resource-centric alerts at scale for a subscription or resource group, you can **Split by dimensions**. When you want to monitor the same condition on multiple Azure resources, splitting by dimensions splits the alerts into separate alerts by grouping unique combinations using numerical or string columns. Splitting on Azure resource ID column makes the specified resource into the alert target.
You may also decide not to split when you want a condition on multiple resources in the scope, for example, if you want to alert if at least five machines in the resource group scope have CPU usage over 80%.
azure-netapp-files Azure Netapp Files Quickstart Set Up Account Create Volumes https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-netapp-files/azure-netapp-files-quickstart-set-up-account-create-volumes.md
Use the Azure portal, PowerShell, or the Azure CLI to [register for NetApp Resou
> To obtain the region name that is supported by our command line tools, please use `az account list-locations --query "[].{Region:name}" --out table` >
-2. Create a new resource group by using the [az group create](/cli/azure/group#az_group_create) command:
+2. Create a new resource group by using the [az group create](/cli/azure/group#az-group-create) command:
```azurecli-interactive az group create \
Use the Azure portal, PowerShell, or the Azure CLI to [register for NetApp Resou
--location $LOCATION ```
-3. Create Azure NetApp Files account with [az netappfiles account create](/cli/azure/netappfiles/account#az_netappfiles_account_create) command:
+3. Create Azure NetApp Files account with [az netappfiles account create](/cli/azure/netappfiles/account#az-netappfiles-account-create) command:
```azurecli-interactive az netappfiles account create \
The following code snippet shows how to create a NetApp account in an Azure Reso
SERVICE_LEVEL="Premium" # Valid values are Standard, Premium and Ultra ```
-2. Create a new capacity pool by using the [az netappfiles pool create](/cli/azure/netappfiles/pool#az_netappfiles_pool_create)
+2. Create a new capacity pool by using the [az netappfiles pool create](/cli/azure/netappfiles/pool#az-netappfiles-pool-create)
```azurecli-interactive az netappfiles pool create \
The following code snippet shows how to create a capacity pool in an Azure Resou
SUBNET_NAME="myANFSubnet" ```
-1. Create virtual network without subnet by using the [az network vnet create](/cli/azure/network/vnet#az_network_vnet_create) command.
+1. Create virtual network without subnet by using the [az network vnet create](/cli/azure/network/vnet#az-network-vnet-create) command.
```azurecli-interactive az network vnet create \
The following code snippet shows how to create a capacity pool in an Azure Resou
```
-2. Create a delegated subnet by using [az network vnet subnet create](/cli/azure/network/vnet/subnet#az_network_vnet_subnet_create) command.
+2. Create a delegated subnet by using [az network vnet subnet create](/cli/azure/network/vnet/subnet#az-network-vnet-subnet-create) command.
```azurecli-interactive az network vnet subnet create \
The following code snippet shows how to create a capacity pool in an Azure Resou
--delegations "Microsoft.NetApp/volumes" ```
-3. Create the volume by using the [az netappfiles volume create](/cli/azure/netappfiles/volume#az_netappfiles_volume_create) command.
+3. Create the volume by using the [az netappfiles volume create](/cli/azure/netappfiles/volume#az-netappfiles-volume-create) command.
```azurecli-interactive VNET_ID=$(az network vnet show --resource-group $RESOURCE_GROUP --name $VNET_NAME --query "id" -o tsv)
When you are done and if you want to, you can delete the resource group. The act
> [!IMPORTANT] > All resources within the resource groups will be permanently deleted and cannot be undone.
-1. Delete resource group by using the [az group delete](/cli/azure/group#az_group_delete) command.
+1. Delete resource group by using the [az group delete](/cli/azure/group#az-group-delete) command.
```azurecli-interactive az group delete \
azure-netapp-files Troubleshoot Capacity Pools https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-netapp-files/troubleshoot-capacity-pools.md
na Previously updated : 01/14/2021 Last updated : 03/24/2022 # Troubleshoot capacity pool errors
This article describes resolutions to issues you might have when managing capaci
| Error condition | Resolution | |-|-| | Issues creating a capacity pool | Make sure that the capacity pool count does not exceed the limit. See [Resource limits for Azure NetApp Files](azure-netapp-files-resource-limits.md). If the count is less than the limit and you still experience issues, file a support ticket and specify the capacity pool name. |
-| Issues deleting a capacity pool | Make sure that you remove all Azure NetApp Files volumes and snapshots in the subscription where you are trying to delete the capacity pool. <br> If you already removed all volumes and snapshots and you still cannot delete the capacity pool, references to resources might still exist without showing in the portal. In this case, file a support ticket, and specify that you have performed the above recommended steps. |
+| Issues deleting a capacity pool | Make sure that you remove all Azure NetApp Files volumes and snapshots in the subscription where you're trying to delete the capacity pool. <br> If you already removed all volumes and snapshots and you still cannot delete the capacity pool, references to resources might still exist without showing in the portal. In this case, file a support ticket, and specify that you've performed the above recommended steps. |
| Volume creation or modification fails with `Requested throughput not available` error | Available throughput for a volume is determined by its capacity poolΓÇÖs size and the service level. If you do not have sufficient throughput, you should increase the pool size or adjust the existing volume throughput. | ## Issues when changing the capacity pool of a volume | Error condition | Resolution | |-|-|
-| Changing the capacity pool for a volume is not permitted. | You might not be authorized yet to use this feature. <br> The feature to move a volume to another capacity pool is currently in preview. If you are using this feature for the first time, you need to register the feature first and set `-FeatureName ANFTierChange`. See the registration steps in [Dynamically change the service level of a volume](dynamic-change-volume-service-level.md). |
+| Changing the capacity pool for a volume is not permitted. | You might not be authorized yet to use this feature. <br> The feature to move a volume to another capacity pool is currently in preview. If you're using this feature for the first time, you need to register the feature first and set `-FeatureName ANFTierChange`. See the registration steps in [Dynamically change the service level of a volume](dynamic-change-volume-service-level.md). |
| The capacity pool size is too small for total volume size. | The error is a result of the destination capacity pool not having the available capacity for the volume being moved. <br> Increase the size of the destination pool, or choose another pool that is larger. See [Resize a capacity pool or a volume](azure-netapp-files-resize-capacity-pools-or-volumes.md). | | The pool change cannot be completed because a volume called `'{source pool name}'` already exists in the target pool `'{target pool name}'` | This error occurs because the volume with same name already exists in the target capacity pool. Select another capacity pool that does not have a volume with same name. |
+| Error changing volume's pool. Pool: `'{target pool name}'` not available or does not exit | You cannot change a volume's capacity pool when the destination capacity pool is not healthy. Check the status of the destination capacity pool. If the pool is in a failed state (not "Succeeded"), try performing an update on the capacity pool by adding a tag name and value pair, then save. |
+| Cannot change the volume's pool because the selected pool is the same as the existing pool: `'{Pool Name}'` | Confirm you're moving the volume to the correct destination capacity pool and try again. |
+| Cannot change QoS type from manual to auto | Once the QoS type is changed to manual, you cannot change it to auto. Given this, there are three options: <ul><li> Do not move the volume if it must be in a capacity pool with QoS type auto.</li><li> Create a new capacity pool with QoS type manual enabled, then you can move the volume to the new capacity pool. </li><li> Change the destination pool to QoS type manual from auto. Then perform the move. </li></ul> For information about QoS, see [Storage hierarchy of Azure NetApp Files](azure-netapp-files-understand-storage-hierarchy.md#qos_types). |
+| Cannot change a volume from a Double Encrypted Pool to a Single Encrypted Pool or from a Single Encrypted Pool to a Double Encrypted Pool | The destination pool must be of the same encryption type as the source pool. |
## Next steps
azure-netapp-files Volume Hard Quota Guidelines https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-netapp-files/volume-hard-quota-guidelines.md
This action will open the Azure Cloud Shell:
[ ![Screenshot that shows Cloud Shell window.](../media/azure-netapp-files/hard-quota-update-cloud-shell-window.png) ](../media/azure-netapp-files/hard-quota-update-cloud-shell-window.png#lightbox)
-The following examples use the commands to [show](/cli/azure/netappfiles/volume#az_netappfiles_volume_show) and [update](/cli/azure/netappfiles/volume#az_netappfiles_volume_update) the size of a volume:
+The following examples use the commands to [show](/cli/azure/netappfiles/volume#az-netappfiles-volume-show) and [update](/cli/azure/netappfiles/volume#az-netappfiles-volume-update) the size of a volume:
[ ![Screenshot that shows using PowerShell to show volume size.](../media/azure-netapp-files/hard-quota-update-powershell-volume-show.png) ](../media/azure-netapp-files/hard-quota-update-powershell-volume-show.png#lightbox) [ ![Screenshot that shows using PowerShell to update volume size.](../media/azure-netapp-files/hard-quota-update-powershell-volume-update.png) ](../media/azure-netapp-files/hard-quota-update-powershell-volume-update.png#lightbox)
-The following examples use the commands to [show](/cli/azure/netappfiles/pool#az_netappfiles_pool_show) and [update](/cli/azure/netappfiles/pool#az_netappfiles_pool_update) the size of a capacity pool:
+The following examples use the commands to [show](/cli/azure/netappfiles/pool#az-netappfiles-pool-show) and [update](/cli/azure/netappfiles/pool#az-netappfiles-pool-update) the size of a capacity pool:
[ ![Screenshot that shows using PowerShell to show capacity pool size.](../media/azure-netapp-files/hard-quota-update-powershell-pool-show.png) ](../media/azure-netapp-files/hard-quota-update-powershell-pool-show.png#lightbox)
azure-portal Azure Portal Dashboards Create Programmatically https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-portal/azure-portal-dashboards-create-programmatically.md
Once you've configured your template, deploy it using any of the following metho
- [REST APIs](/rest/api/resources/deployments) - [PowerShell](../azure-resource-manager/templates/deploy-powershell.md)-- [Azure CLI](/cli/azure/group/deployment#az_group_deployment_create)
+- [Azure CLI](/cli/azure/group/deployment#az-group-deployment-create)
- [The Azure portal template deployment page](https://portal.azure.com/#create/Microsoft.Template) Next you'll see two versions of our example dashboard JSON. The first is the version that we exported from the portal that was already bound to a resource. The second is the template version that can be programmatically bound to any virtual machine and deployed using Azure Resource Manager.
Prepare your environment for the Azure CLI.
- These examples use the following dashboard: [portal-dashboard-template-testvm.json](https://raw.githubusercontent.com/Azure/azure-docs-powershell-samples/master/azure-portal/portal-dashboard-template-testvm.json). Be sure to replace all of the content in angled brackets with your values.
-Run the [az portal dashboard create](/cli/azure/portal/dashboard#az_portal_dashboard_create) command to create a dashboard based on your template:
+Run the [az portal dashboard create](/cli/azure/portal/dashboard#az-portal-dashboard-create) command to create a dashboard based on your template:
```azurecli az portal dashboard create --resource-group myResourceGroup --name 'Simple VM Dashboard' \ --input-path portal-dashboard-template-testvm.json --location centralus ```
-You can update a dashboard by using the [az portal dashboard update](/cli/azure/portal/dashboard#az_portal_dashboard_update) command:
+You can update a dashboard by using the [az portal dashboard update](/cli/azure/portal/dashboard#az-portal-dashboard-update) command:
```azurecli az portal dashboard update --resource-group myResourceGroup --name 'Simple VM Dashboard' \ --input-path portal-dashboard-template-testvm.json --location centralus ```
-See the details of a dashboard by running the [az portal dashboard show](/cli/azure/portal/dashboard#az_portal_dashboard_show) command:
+See the details of a dashboard by running the [az portal dashboard show](/cli/azure/portal/dashboard#az-portal-dashboard-show) command:
```azurecli az portal dashboard show --resource-group myResourceGroup --name 'Simple VM Dashboard' ```
-To see all the dashboards for the current subscription, use [az portal dashboard list](/cli/azure/portal/dashboard#az_portal_dashboard_list):
+To see all the dashboards for the current subscription, use [az portal dashboard list](/cli/azure/portal/dashboard#az-portal-dashboard-list):
```azurecli az portal dashboard list
azure-portal Quickstart Portal Dashboard Azure Cli https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-portal/quickstart-portal-dashboard-azure-cli.md
To remove the virtual machine and associated dashboard that you created, delete
az group delete --name myResourceGroup ```
-To remove only the dashboard, use the [az portal dashboard delete](/cli/azure/portal/dashboard#az_portal_dashboard_delete) command:
+To remove only the dashboard, use the [az portal dashboard delete](/cli/azure/portal/dashboard#az-portal-dashboard-delete) command:
```azurecli az portal dashboard delete --resource-group myResourceGroup --name "Simple VM Dashboard"
azure-portal Networking Quota Requests https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-portal/supportability/networking-quota-requests.md
This article shows how to request increases for networking quotas in the [Azure
To view your current networking usage and quota in the Azure portal, open your subscription, then select **Usage + quotas**. You can also use the following options to view your network usage and limits. -- [Usage CLI](/cli/azure/network#az_network_list_usages)
+- [Usage CLI](/cli/azure/network#az-network-list-usages)
- [PowerShell](/powershell/module/azurerm.network/get-azurermnetworkusage) - [The network usage API](/rest/api/virtualnetwork/virtualnetworks/listusage)
azure-resource-manager Bicep Config Modules https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-resource-manager/bicep/bicep-config-modules.md
module stgModule 'ts/CoreSpecs:storage:v1' = {
## Credentials for publishing/restoring modules
-To [publish](bicep-cli.md#publish) modules to a private module registry or to [restore](bicep-cli.md#restore) external modules to the local cache, the account must have the correct permissions to access the registry. You can configure the credential precedence for authenticating to the registry. By default, Bicep uses the credentials from the user authenticated in Azure CLI or Azure PowerShell. To customize the credential precedence, add `cloud` and `credentialPrecedence` elements to the config file.
-
-```json
-{
- "cloud": {
- "credentialPrecedence": [
- "AzureCLI",
- "AzurePowerShell"
- ]
- }
-}
-```
-
-The available credentials are:
--- AzureCLI-- AzurePowerShell-- Environment-- ManagedIdentity-- VisualStudio-- VisualStudioCode
+To [publish](bicep-cli.md#publish) modules to a private module registry or to [restore](bicep-cli.md#restore) external modules to the local cache, the account must have the correct permissions to access the registry. You can configure the credential precedence for authenticating to the registry. By default, Bicep uses the credentials from the user authenticated in Azure CLI or Azure PowerShell. To customize the credential precedence, see [Add credential precedence to Bicep config](bicep-config.md#credential-precedence).
## Next steps
azure-resource-manager Bicep Config https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-resource-manager/bicep/bicep-config.md
Last updated 11/16/2021
# Configure your Bicep environment
-Bicep supports a configuration file named **bicepconfig.json**. Within this file, you can add values that customize your Bicep development experience. If you don't add this file, Bicep uses default values.
+Bicep supports a configuration file named `bicepconfig.json`. Within this file, you can add values that customize your Bicep development experience. If you don't add this file, Bicep uses default values.
-To customize values, create this file in the directory where you store Bicep files. You can add bicepconfig.json files in multiple directories. The closest configuration file in the directory hierarchy is used.
+To customize values, create this file in the directory where you store Bicep files. You can add `bicepconfig.json` files in multiple directories. The configuration file closest to the Bicep file in the directory hierarchy is used.
## Available settings
-When working with [modules](modules.md), you can add aliases for module paths. These aliases simplify your Bicep file because you don't have to repeat complicated paths. You can also configure the credential precedence for authenticating to the registry. The credential is used to restore external modules to the local cache. For more information, see [Add module settings to Bicep config](bicep-config-modules.md).
+When working with [modules](modules.md), you can add aliases for module paths. These aliases simplify your Bicep file because you don't have to repeat complicated paths. For more information, see [Add module settings to Bicep config](bicep-config-modules.md).
-When working with the [Bicep linter](linter.md), you can override the default settings for the Bicep file validation. For more information, see [Add linter settings to Bicep config](bicep-config-linter.md).
+The [Bicep linter](linter.md) checks Bicep files for syntax errors and best practice violations. You can override the default settings for the Bicep file validation by modifying `bicepconfig.json`. For more information, see [Add linter settings to Bicep config](bicep-config-linter.md).
+
+You can also configure the credential precedence for authenticating to Azure from Bicep CLI and Visual Studio Code. The credentials are used to publish modules to registries and to restore external modules to the local cache when using the insert resource function.
+
+## Credential precedence
+
+You can configure the credential precedence for authenticating to the registry. By default, Bicep uses the credentials from the user authenticated in Azure CLI or Azure PowerShell. To customize the credential precedence, add `cloud` and `credentialPrecedence` elements to the config file.
+
+```json
+{
+ "cloud": {
+ "credentialPrecedence": [
+ "AzureCLI",
+ "AzurePowerShell"
+ ]
+ }
+}
+```
+
+The available credential types are:
+
+- AzureCLI
+- AzurePowerShell
+- Environment
+- ManagedIdentity
+- VisualStudio
+- VisualStudioCode
## Intellisense
-The Bicep extension for Visual Studio Code supports intellisense for your **bicepconfig.json** file. Use the intellisense to discover available properties and values.
+The Bicep extension for Visual Studio Code supports intellisense for your `bicepconfig.json` file. Use the intellisense to discover available properties and values.
:::image type="content" source="./media/bicep-config/bicep-linter-configure-intellisense.png" alt-text="The intellisense support in configuring bicepconfig.json.":::
azure-resource-manager Deploy Github Actions https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-resource-manager/bicep/deploy-github-actions.md
az group create -n exampleRG -l westus
## Generate deployment credentials
-Your GitHub action runs under an identity. Use the [az ad sp create-for-rbac](/cli/azure/ad/sp#az_ad_sp_create_for_rbac) command to create a [service principal](../../active-directory/develop/app-objects-and-service-principals.md#service-principal-object) for the identity.
+Your GitHub action runs under an identity. Use the [az ad sp create-for-rbac](/cli/azure/ad/sp#az-ad-sp-create-for-rbac) command to create a [service principal](../../active-directory/develop/app-objects-and-service-principals.md#service-principal-object) for the identity.
Replace the placeholder `myApp` with the name of your application. Replace `{subscription-id}` with your subscription ID.
azure-resource-manager Deploy Powershell https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-resource-manager/bicep/deploy-powershell.md
The deployment can take several minutes to complete.
## Deploy remote Bicep file
-Currently, Azure PowerShell doesn't support deploying remote Bicep files. Use [Bicep CLI](./install.md#vs-code-and-bicep-extension) to [build](/cli/azure/bicep#az_bicep_build) the Bicep file to a JSON template, and then load the JSON file to the remote location.
+Currently, Azure PowerShell doesn't support deploying remote Bicep files. Use [Bicep CLI](./install.md#vs-code-and-bicep-extension) to [build](/cli/azure/bicep#az-bicep-build) the Bicep file to a JSON template, and then load the JSON file to the remote location.
## Parameters
azure-resource-manager Deploy To Management Group https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-resource-manager/bicep/deploy-to-management-group.md
To deploy to a management group, use the management group deployment commands.
# [Azure CLI](#tab/azure-cli)
-For Azure CLI, use [az deployment mg create](/cli/azure/deployment/mg#az_deployment_mg_create):
+For Azure CLI, use [az deployment mg create](/cli/azure/deployment/mg#az-deployment-mg-create):
```azurecli-interactive az deployment mg create \
azure-resource-manager Deploy To Tenant https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-resource-manager/bicep/deploy-to-tenant.md
The commands for tenant deployments are different than the commands for resource
# [Azure CLI](#tab/azure-cli)
-For Azure CLI, use [az deployment tenant create](/cli/azure/deployment/tenant#az_deployment_tenant_create):
+For Azure CLI, use [az deployment tenant create](/cli/azure/deployment/tenant#az-deployment-tenant-create):
```azurecli-interactive az deployment tenant create \
azure-resource-manager Deploy What If https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-resource-manager/bicep/deploy-what-if.md
The preceding commands return a text summary that you can manually inspect. To g
To preview changes before deploying a Bicep file, use:
-* [az deployment group what-if](/cli/azure/deployment/group#az_deployment_group_what_if) for resource group deployments
-* [az deployment sub what-if](/cli/azure/deployment/sub#az_deployment_sub_what_if) for subscription level deployments
-* [az deployment mg what-if](/cli/azure/deployment/mg#az_deployment_mg_what_if) for management group deployments
-* [az deployment tenant what-if](/cli/azure/deployment/tenant#az_deployment_tenant_what_if) for tenant deployments
+* [az deployment group what-if](/cli/azure/deployment/group#az-deployment-group-what-if) for resource group deployments
+* [az deployment sub what-if](/cli/azure/deployment/sub#az-deployment-sub-what-if) for subscription level deployments
+* [az deployment mg what-if](/cli/azure/deployment/mg#az-deployment-mg-what-if) for management group deployments
+* [az deployment tenant what-if](/cli/azure/deployment/tenant#az-deployment-tenant-what-if) for tenant deployments
You can use the `--confirm-with-what-if` switch (or its short form `-c`) to preview the changes and get prompted to continue with the deployment. Add this switch to:
-* [az deployment group create](/cli/azure/deployment/group#az_deployment_group_create)
-* [az deployment sub create](/cli/azure/deployment/sub#az_deployment_sub_create).
-* [az deployment mg create](/cli/azure/deployment/mg#az_deployment_mg_create)
-* [az deployment tenant create](/cli/azure/deployment/tenant#az_deployment_tenant_create)
+* [az deployment group create](/cli/azure/deployment/group#az-deployment-group-create)
+* [az deployment sub create](/cli/azure/deployment/sub#az-deployment-sub-create).
+* [az deployment mg create](/cli/azure/deployment/mg#az-deployment-mg-create)
+* [az deployment tenant create](/cli/azure/deployment/tenant#az-deployment-tenant-create)
For example, use `az deployment group create --confirm-with-what-if` or `-c` for resource group deployments.
azure-resource-manager Deployment Script Bicep https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-resource-manager/bicep/deployment-script-bicep.md
For deployment script API version 2020-10-01 or later, there are two principals
- **Deployment script principal**: This principal is only required if the deployment script needs to authenticate to Azure and call Azure CLI/PowerShell. There are two ways to specify the deployment script principal: - Specify a [user-assigned managed identity]() in the `identity` property (see [Sample Bicep files](#sample-bicep-files)). When specified, the script service calls `Connect-AzAccount -Identity` before invoking the deployment script. The managed identity must have the required access to complete the operation in the script. Currently, only user-assigned managed identity is supported for the `identity` property. To login with a different identity, use the second method in this list.
- - Pass the service principal credentials as secure environment variables, and then can call [Connect-AzAccount](/powershell/module/az.accounts/connect-azaccount) or [az login](/cli/azure/reference-index#az_login) in the deployment script.
+ - Pass the service principal credentials as secure environment variables, and then can call [Connect-AzAccount](/powershell/module/az.accounts/connect-azaccount) or [az login](/cli/azure/reference-index#az-login) in the deployment script.
If a managed identity is used, the deployment principal needs the **Managed Identity Operator** role (a built-in role) assigned to the managed identity resource.
Timeout : PT1H
Using Azure CLI, you can manage deployment scripts at subscription or resource group scope: -- [az deployment-scripts delete](/cli/azure/deployment-scripts#az_deployment_scripts_delete): Delete a deployment script.-- [az deployment-scripts list](/cli/azure/deployment-scripts#az_deployment_scripts_list): List all deployment scripts.-- [az deployment-scripts show](/cli/azure/deployment-scripts#az_deployment_scripts_show): Retrieve a deployment script.-- [az deployment-scripts show-log](/cli/azure/deployment-scripts#az_deployment_scripts_show_log): Show deployment script logs.
+- [az deployment-scripts delete](/cli/azure/deployment-scripts#az-deployment-scripts-delete): Delete a deployment script.
+- [az deployment-scripts list](/cli/azure/deployment-scripts#az-deployment-scripts-list): List all deployment scripts.
+- [az deployment-scripts show](/cli/azure/deployment-scripts#az-deployment-scripts-show): Retrieve a deployment script.
+- [az deployment-scripts show-log](/cli/azure/deployment-scripts#az-deployment-scripts-show-log): Show deployment script logs.
The list command output is similar to:
azure-resource-manager Private Module Registry https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-resource-manager/bicep/private-module-registry.md
A Bicep registry is hosted on [Azure Container Registry (ACR)](../../container-r
# [Azure CLI](#tab/azure-cli)
- To get the login server name, use [az acr show](/cli/azure/acr#az_acr_show).
+ To get the login server name, use [az acr show](/cli/azure/acr#az-acr-show).
```azurecli az acr show --resource-group <resource-group-name> --name <registry-name> --query loginServer
azure-resource-manager Create Custom Provider https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-resource-manager/custom-providers/create-custom-provider.md
Prepare your environment for the Azure CLI.
[!INCLUDE [azure-cli-prepare-your-environment-no-header.md](../../../includes/azure-cli-prepare-your-environment-no-header.md)]
-Azure CLI examples use `az rest` for `REST` requests. For more information, see [az rest](/cli/azure/reference-index#az_rest).
+Azure CLI examples use `az rest` for `REST` requests. For more information, see [az rest](/cli/azure/reference-index#az-rest).
# [PowerShell](#tab/azure-powershell)
To deploy the custom provider, use Azure CLI, PowerShell, or the Azure portal:
# [Azure CLI](#tab/azure-cli)
-This example prompts you to enter a resource group, location, and provider's function app name. The names are stored in variables that are used in other commands. The [az group create](/cli/azure/group#az_group_create) and [az deployment group create](/cli/azure/deployment/group#az_deployment_group_create) commands deploy the resources.
+This example prompts you to enter a resource group, location, and provider's function app name. The names are stored in variables that are used in other commands. The [az group create](/cli/azure/group#az-group-create) and [az deployment group create](/cli/azure/deployment/group#az-deployment-group-create) commands deploy the resources.
```azurecli-interactive read -p "Enter a resource group name:" rgName &&
azure-resource-manager Managed Application Define Create Cli Sample https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-resource-manager/managed-applications/scripts/managed-application-define-create-cli-sample.md
This script uses the following command to create the managed application definit
| Command | Notes | |||
-| [az managedapp definition create](/cli/azure/managedapp/definition#az_managedapp_definition_create) | Create a managed application definition. Provide the package that contains the required files. |
+| [az managedapp definition create](/cli/azure/managedapp/definition#az-managedapp-definition-create) | Create a managed application definition. Provide the package that contains the required files. |
## Next steps
azure-resource-manager Azure Services Resource Providers https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-resource-manager/management/azure-services-resource-providers.md
The resources providers that are marked with **- registered** are registered by
| Microsoft.DBforMariaDB | [Azure Database for MariaDB](../../mariadb/index.yml) | | Microsoft.DBforMySQL | [Azure Database for MySQL](../../mysql/index.yml) | | Microsoft.DBforPostgreSQL | [Azure Database for PostgreSQL](../../postgresql/index.yml) |
-| Microsoft.DesktopVirtualization | [Windows Virtual Desktop](../../virtual-desktop/index.yml) |
+| Microsoft.DesktopVirtualization | [Azure Virtual Desktop](../../virtual-desktop/index.yml) |
| Microsoft.Devices | [Azure IoT Hub](../../iot-hub/index.yml)<br />[Azure IoT Hub Device Provisioning Service](../../iot-dps/index.yml) | | Microsoft.DeviceUpdate | [Device Update for IoT Hub](../../iot-hub-device-update/index.yml) | Microsoft.DevOps | [Azure DevOps](/azure/devops/) |
azure-resource-manager Create Private Link Access Portal https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-resource-manager/management/create-private-link-access-portal.md
Title: Create private link for managing resources - Azure portal description: Use Azure portal to create private link for managing resources. Previously updated : 07/29/2021 Last updated : 03/24/2022 # Use portal to create private link for managing Azure resources (preview)
azure-resource-manager Create Private Link Access Rest https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-resource-manager/management/create-private-link-access-rest.md
Title: Manage resources through private link description: Restrict management access for resource to private link Previously updated : 07/29/2021 Last updated : 03/24/2022 # Use REST API to create private link for managing Azure resources (preview)
azure-resource-manager Extension Resource Types https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-resource-manager/management/extension-resource-types.md
Title: Extension resource types description: Lists the Azure resource types are used to extend the capabilities of other resource types. Previously updated : 10/20/2021 Last updated : 03/23/2022 # Resource types that extend capabilities of other resources
An extension resource is a resource that adds to another resource's capabilities
## Microsoft.Advisor -- Microsoft.Advisor/configurations-- Microsoft.Advisor/recommendations-- Microsoft.Advisor/suppressions
+* advisorScore
+* configurations
+* recommendations
+* suppressions
## Microsoft.AlertsManagement -- Microsoft.AlertsManagement/alerts
+* alerts
## Microsoft.Authorization -- Microsoft.Authorization/batchResourceCheckAccess-- Microsoft.Authorization/denyAssignments-- Microsoft.Authorization/eligibleChildResources-- Microsoft.Authorization/locks-- Microsoft.Authorization/policyAssignments-- Microsoft.Authorization/policyDefinitions-- Microsoft.Authorization/policyExemptions-- Microsoft.Authorization/policySetDefinitions-- Microsoft.Authorization/privateLinkAssociations-- Microsoft.Authorization/roleAssignmentApprovals-- Microsoft.Authorization/roleAssignments-- Microsoft.Authorization/roleAssignmentScheduleInstances-- Microsoft.Authorization/roleAssignmentScheduleRequests-- Microsoft.Authorization/roleAssignmentSchedules-- Microsoft.Authorization/roleDefinitions-- Microsoft.Authorization/roleEligibilityScheduleInstances-- Microsoft.Authorization/roleEligibilityScheduleRequests-- Microsoft.Authorization/roleEligibilitySchedules-- Microsoft.Authorization/roleManagementPolicies-- Microsoft.Authorization/roleManagementPolicyAssignments
+* batchResourceCheckAccess
+* denyAssignments
+* eligibleChildResources
+* locks
+* policyAssignments
+* policyDefinitions
+* policyExemptions
+* policySetDefinitions
+* privateLinkAssociations
+* roleAssignmentApprovals
+* roleAssignments
+* roleAssignmentScheduleInstances
+* roleAssignmentScheduleRequests
+* roleAssignmentSchedules
+* roleDefinitions
+* roleEligibilityScheduleInstances
+* roleEligibilityScheduleRequests
+* roleEligibilitySchedules
+* roleManagementPolicies
+* roleManagementPolicyAssignments
## Microsoft.Automanage -- Microsoft.Automanage/configurationProfileAssignmentIntents-- Microsoft.Automanage/configurationProfileAssignments
+* configurationProfileAssignmentIntents
+* configurationProfileAssignments
## Microsoft.Billing -- Microsoft.Billing/billingPeriods-- Microsoft.Billing/billingPermissions-- Microsoft.Billing/billingRoleAssignments-- Microsoft.Billing/billingRoleDefinitions-- Microsoft.Billing/createBillingRoleAssignment
+* billingPeriods
+* billingPermissions
+* billingRoleAssignments
+* billingRoleDefinitions
+* createBillingRoleAssignment
## Microsoft.Blueprint -- Microsoft.Blueprint/blueprintAssignments-- Microsoft.Blueprint/blueprints
+* blueprintAssignments
+* blueprints
## Microsoft.Capacity -- Microsoft.Capacity/listSkus
+* listSkus
## Microsoft.ChangeAnalysis -- Microsoft.ChangeAnalysis/changes-- Microsoft.ChangeAnalysis/changeSnapshots-- Microsoft.ChangeAnalysis/computeChanges
+* changes
+* changeSnapshots
+* computeChanges
+
+## Microsoft.Chaos
+
+* artifactSetDefinitions
+* artifactSetSnapshots
+* chaosProviderConfigurations
+* chaosTargets
+* targets
## Microsoft.Consumption -- Microsoft.Consumption/AggregatedCost-- Microsoft.Consumption/Balances-- Microsoft.Consumption/Budgets-- Microsoft.Consumption/Charges-- Microsoft.Consumption/CostTags-- Microsoft.Consumption/credits-- Microsoft.Consumption/events-- Microsoft.Consumption/Forecasts-- Microsoft.Consumption/lots-- Microsoft.Consumption/Marketplaces-- Microsoft.Consumption/Pricesheets-- Microsoft.Consumption/products-- Microsoft.Consumption/ReservationDetails-- Microsoft.Consumption/ReservationRecommendationDetails-- Microsoft.Consumption/ReservationRecommendations-- Microsoft.Consumption/ReservationSummaries-- Microsoft.Consumption/ReservationTransactions
+* AggregatedCost
+* Balances
+* Budgets
+* Charges
+* CostTags
+* credits
+* events
+* Forecasts
+* lots
+* Marketplaces
+* Pricesheets
+* products
+* ReservationDetails
+* ReservationRecommendationDetails
+* ReservationRecommendations
+* ReservationSummaries
+* ReservationTransactions
## Microsoft.ContainerInstance -- Microsoft.ContainerInstance/serviceAssociationLinks
+* serviceAssociationLinks
## Microsoft.CostManagement -- Microsoft.CostManagement/Alerts-- Microsoft.CostManagement/Budgets-- Microsoft.CostManagement/CheckNameAvailability-- Microsoft.CostManagement/Dimensions-- Microsoft.CostManagement/Exports-- Microsoft.CostManagement/ExternalSubscriptions-- Microsoft.CostManagement/Forecast-- Microsoft.CostManagement/GenerateDetailedCostReport-- Microsoft.CostManagement/Insights-- Microsoft.CostManagement/OperationResults-- Microsoft.CostManagement/OperationStatus-- Microsoft.CostManagement/Query-- Microsoft.CostManagement/Reportconfigs-- Microsoft.CostManagement/Reports-- Microsoft.CostManagement/ScheduledActions-- Microsoft.CostManagement/Views
+* Alerts
+* BenefitUtilizationSummaries
+* Budgets
+* CheckNameAvailability
+* Dimensions
+* Exports
+* ExternalSubscriptions
+* Forecast
+* GenerateDetailedCostReport
+* Insights
+* OperationResults
+* OperationStatus
+* Query
+* Reportconfigs
+* Reports
+* ScheduledActions
+* Views
## Microsoft.CustomProviders -- Microsoft.CustomProviders/associations
+* associations
## Microsoft.DataMigration -- Microsoft.DataMigration/DatabaseMigrations
+* DatabaseMigrations
## Microsoft.Diagnostics -- Microsoft.Diagnostics/InsightDiagnostics-- Microsoft.Diagnostics/solutions
+* InsightDiagnostics
+* Solutions
## Microsoft.EventGrid -- Microsoft.EventGrid/eventSubscriptions-- Microsoft.EventGrid/extensionTopics
+* eventSubscriptions
+* extensionTopics
## Microsoft.GuestConfiguration -- Microsoft.GuestConfiguration/configurationProfileAssignments-- Microsoft.GuestConfiguration/guestConfigurationAssignments-- Microsoft.GuestConfiguration/software
+* configurationProfileAssignments
+* guestConfigurationAssignments
+* software
## Microsoft.HybridConnectivity -- Microsoft.HybridConnectivity/endpoints
+* endpoints
## microsoft.insights -- microsoft.insights/baseline-- microsoft.insights/dataCollectionRuleAssociations-- microsoft.insights/diagnosticSettings-- microsoft.insights/diagnosticSettingsCategories-- microsoft.insights/eventtypes-- microsoft.insights/extendedDiagnosticSettings-- microsoft.insights/guestDiagnosticSettingsAssociation-- microsoft.insights/logDefinitions-- microsoft.insights/logs-- microsoft.insights/metricbaselines-- microsoft.insights/metricDefinitions-- microsoft.insights/metricNamespaces-- microsoft.insights/metrics-- microsoft.insights/myWorkbooks-- microsoft.insights/topology-- microsoft.insights/transactions
+* dataCollectionRuleAssociations
+* diagnosticSettings
+* diagnosticSettingsCategories
+* eventtypes
+* extendedDiagnosticSettings
+* guestDiagnosticSettingsAssociation
+* logDefinitions
+* logs
+* metricbaselines
+* metricDefinitions
+* metricNamespaces
+* metrics
+* myWorkbooks
+* topology
+* transactions
## Microsoft.IoTSecurity -- Microsoft.IoTSecurity/sensors-- Microsoft.IoTSecurity/sites
+* sensors
+* sites
## Microsoft.KubernetesConfiguration -- Microsoft.KubernetesConfiguration/extensions-- Microsoft.KubernetesConfiguration/fluxConfigurations-- Microsoft.KubernetesConfiguration/sourceControlConfigurations
+* extensions
+* fluxConfigurations
+* namespaces
+* sourceControlConfigurations
## Microsoft.Maintenance -- Microsoft.Maintenance/applyUpdates-- Microsoft.Maintenance/configurationAssignments-- Microsoft.Maintenance/updates
+* applyUpdates
+* configurationAssignments
+* updates
## Microsoft.ManagedIdentity -- Microsoft.ManagedIdentity/Identities
+* Identities
## Microsoft.ManagedServices -- Microsoft.ManagedServices/registrationAssignments-- Microsoft.ManagedServices/registrationDefinitions
+* registrationAssignments
+* registrationDefinitions
+
+## Microsoft.Network
+
+* networkManagerConnections
## Microsoft.OperationalInsights -- Microsoft.OperationalInsights/storageInsightConfigs
+* storageInsightConfigs
## Microsoft.OperationsManagement -- Microsoft.OperationsManagement/managementassociations
+* managementassociations
## Microsoft.PolicyInsights -- Microsoft.PolicyInsights/attestations-- Microsoft.PolicyInsights/eventGridFilters-- Microsoft.PolicyInsights/policyEvents-- Microsoft.PolicyInsights/policyStates-- Microsoft.PolicyInsights/policyTrackedResources-- Microsoft.PolicyInsights/remediations
+* attestations
+* eventGridFilters
+* policyEvents
+* policyStates
+* policyTrackedResources
+* remediations
## Microsoft.Quota -- Microsoft.Quota/operationsStatus-- Microsoft.Quota/quotaRequests-- Microsoft.Quota/quotas-- Microsoft.Quota/usages
+* operationsStatus
+* quotaRequests
+* quotas
+* usages
## Microsoft.RecoveryServices -- Microsoft.RecoveryServices/backupProtectedItems-- Microsoft.RecoveryServices/replicationEligibilityResults
+* backupProtectedItems
+* replicationEligibilityResults
## Microsoft.ResourceHealth -- Microsoft.ResourceHealth/childResources-- Microsoft.ResourceHealth/events-- Microsoft.ResourceHealth/impactedResources
+* childResources
+* events
+* impactedResources
## Microsoft.Resources -- Microsoft.Resources/links-- Microsoft.Resources/tags
+* links
+* tags
## Microsoft.Security -- Microsoft.Security/adaptiveNetworkHardenings-- Microsoft.Security/advancedThreatProtectionSettings-- Microsoft.Security/antiMalwareSettings-- Microsoft.Security/assessmentMetadata-- Microsoft.Security/assessments-- Microsoft.Security/Compliances-- Microsoft.Security/dataCollectionAgents-- Microsoft.Security/deviceSecurityGroups-- Microsoft.Security/InformationProtectionPolicies-- Microsoft.Security/insights-- Microsoft.Security/jitPolicies-- Microsoft.Security/serverVulnerabilityAssessments-- Microsoft.Security/sqlVulnerabilityAssessments
+* adaptiveNetworkHardenings
+* advancedThreatProtectionSettings
+* antiMalwareSettings
+* assessmentMetadata
+* assessments
+* Compliances
+* dataCollectionAgents
+* deviceSecurityGroups
+* InformationProtectionPolicies
+* insights
+* jitPolicies
+* serverVulnerabilityAssessments
+* sqlVulnerabilityAssessments
## Microsoft.SecurityInsights -- Microsoft.SecurityInsights/aggregations-- Microsoft.SecurityInsights/alertRules-- Microsoft.SecurityInsights/alertRuleTemplates-- Microsoft.SecurityInsights/automationRules-- Microsoft.SecurityInsights/bookmarks-- Microsoft.SecurityInsights/cases-- Microsoft.SecurityInsights/dataConnectors-- Microsoft.SecurityInsights/dataConnectorsCheckRequirements-- Microsoft.SecurityInsights/enrichment-- Microsoft.SecurityInsights/entities-- Microsoft.SecurityInsights/entityQueryTemplates-- Microsoft.SecurityInsights/incidents-- Microsoft.SecurityInsights/listrepositories-- Microsoft.SecurityInsights/metadata-- Microsoft.SecurityInsights/onboardingStates-- Microsoft.SecurityInsights/settings-- Microsoft.SecurityInsights/sourceControls-- Microsoft.SecurityInsights/threatIntelligence-- Microsoft.SecurityInsights/watchlists
+* aggregations
+* alertRules
+* alertRuleTemplates
+* automationRules
+* bookmarks
+* cases
+* dataConnectors
+* dataConnectorsCheckRequirements
+* enrichment
+* entities
+* entityQueryTemplates
+* incidents
+* listrepositories
+* metadata
+* MitreCoverageRecords
+* onboardingStates
+* settings
+* sourceControls
+* threatIntelligence
+* watchlists
## Microsoft.SerialConsole -- Microsoft.SerialConsole/serialPorts
+* serialPorts
## Microsoft.ServiceLinker -- Microsoft.ServiceLinker/linkers
+* dryruns
+* linkers
## Microsoft.SoftwarePlan -- Microsoft.SoftwarePlan/hybridUseBenefits
+* hybridUseBenefits
## Microsoft.Subscription -- Microsoft.Subscription/policies
+* policies
## microsoft.support -- microsoft.support/supporttickets
+* supporttickets
## Microsoft.WorkloadMonitor -- Microsoft.WorkloadMonitor/monitors
+* monitors
## Next steps
azure-resource-manager Preview Features https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-resource-manager/management/preview-features.md
The portal only shows a preview feature when the service that owns the feature h
# [Azure CLI](#tab/azure-cli)
-To list all the subscription's preview features, use the [az feature list](/cli/azure/feature#az_feature_list) command.
+To list all the subscription's preview features, use the [az feature list](/cli/azure/feature#az-feature-list) command.
The default output for Azure CLI is JSON. For more information about other output formats, see [Output formats for Azure CLI commands](/cli/azure/format-output-azure-cli).
Microsoft.Compute/AllowPreReleaseRegions Pending
Microsoft.Compute/InGuestPatchVMPreview NotRegistered ```
-To filter output for a specific preview feature, use the [az feature show](/cli/azure/feature#az_feature_show) command.
+To filter output for a specific preview feature, use the [az feature show](/cli/azure/feature#az-feature-show) command.
```azurecli-interactive az feature show --name InGuestPatchVMPreview --namespace Microsoft.Compute --output table
The **Preview features** screen refreshes and the preview feature's **State** is
# [Azure CLI](#tab/azure-cli)
-To register a preview feature, use the [az feature register](/cli/azure/feature#az_feature_register) command.
+To register a preview feature, use the [az feature register](/cli/azure/feature#az-feature-register) command.
```azurecli-interactive az feature register --name InGuestPatchVMPreview --namespace Microsoft.Compute
You can unregister preview features from **Preview features**. The **State** cha
# [Azure CLI](#tab/azure-cli)
-To unregister a preview feature, use the [az feature unregister](/cli/azure/feature#az_feature_unregister) command. The `RegistrationState` state changes to **Unregistered**.
+To unregister a preview feature, use the [az feature unregister](/cli/azure/feature#az-feature-unregister) command. The `RegistrationState` state changes to **Unregistered**.
```azurecli-interactive az feature unregister --name InGuestPatchVMPreview --namespace Microsoft.Compute
azure-resource-manager Resource Manager Personal Data https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-resource-manager/management/resource-manager-personal-data.md
To list **deployments** in the history, use:
* [List By Resource Group](/rest/api/resources/deployments/listbyresourcegroup) * [Get-AzResourceGroupDeployment](/powershell/module/az.resources/Get-AzResourceGroupDeployment)
-* [az deployment group list](/cli/azure/deployment/group#az_deployment_group_list)
+* [az deployment group list](/cli/azure/deployment/group#az-deployment-group-list)
To delete **deployments** from the history, use: * [Delete](/rest/api/resources/deployments/delete) * [Remove-AzResourceGroupDeployment](/powershell/module/az.resources/Remove-AzResourceGroupDeployment)
-* [az deployment group delete](/cli/azure/deployment/group#az_deployment_group_delete)
+* [az deployment group delete](/cli/azure/deployment/group#az-deployment-group-delete)
## Delete personal data in resource group names
To list **resource groups**, use:
* [List](/rest/api/resources/resourcegroups/list) * [Get-AzResourceGroup](/powershell/module/az.resources/Get-AzResourceGroup)
-* [az group list](/cli/azure/group#az_group_list)
+* [az group list](/cli/azure/group#az-group-list)
To delete **resource groups**, use: * [Delete](/rest/api/resources/resourcegroups/delete) * [Remove-AzResourceGroup](/powershell/module/az.resources/Remove-AzResourceGroup)
-* [az group delete](/cli/azure/group#az_group_delete)
+* [az group delete](/cli/azure/group#az-group-delete)
## Delete personal data in tags
To list **tags**, use:
* [List](/rest/api/resources/tags/list) * [Get-AzTag](/powershell/module/az.resources/Get-AzTag)
-* [az tag list](/cli/azure/tag#az_tag_list)
+* [az tag list](/cli/azure/tag#az-tag-list)
To delete **tags**, use: * [Delete](/rest/api/resources/tags/delete) * [Remove-AzTag](/powershell/module/az.resources/Remove-AzTag)
-* [az tag delete](/cli/azure/tag#az_tag_delete)
+* [az tag delete](/cli/azure/tag#az-tag-delete)
## Next steps * For an overview of Azure Resource Manager, see the [What is Resource Manager?](overview.md)
azure-resource-manager Deploy Github Actions https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-resource-manager/templates/deploy-github-actions.md
The file has two sections:
## Generate deployment credentials
-You can create a [service principal](../../active-directory/develop/app-objects-and-service-principals.md#service-principal-object) with the [az ad sp create-for-rbac](/cli/azure/ad/sp#az_ad_sp_create_for_rbac) command in the [Azure CLI](/cli/azure/). Run this command with [Azure Cloud Shell](https://shell.azure.com/) in the Azure portal or by selecting the **Try it** button.
+You can create a [service principal](../../active-directory/develop/app-objects-and-service-principals.md#service-principal-object) with the [az ad sp create-for-rbac](/cli/azure/ad/sp#az-ad-sp-create-for-rbac) command in the [Azure CLI](/cli/azure/). Run this command with [Azure Cloud Shell](https://shell.azure.com/) in the Azure portal or by selecting the **Try it** button.
Create a resource group if you do not already have one.
azure-resource-manager Deploy To Management Group https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-resource-manager/templates/deploy-to-management-group.md
To deploy to a management group, use the management group deployment commands.
# [Azure CLI](#tab/azure-cli)
-For Azure CLI, use [az deployment mg create](/cli/azure/deployment/mg#az_deployment_mg_create):
+For Azure CLI, use [az deployment mg create](/cli/azure/deployment/mg#az-deployment-mg-create):
```azurecli-interactive az deployment mg create \
azure-resource-manager Deploy To Tenant https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-resource-manager/templates/deploy-to-tenant.md
The commands for tenant deployments are different than the commands for resource
# [Azure CLI](#tab/azure-cli)
-For Azure CLI, use [az deployment tenant create](/cli/azure/deployment/tenant#az_deployment_tenant_create):
+For Azure CLI, use [az deployment tenant create](/cli/azure/deployment/tenant#az-deployment-tenant-create):
```azurecli-interactive az deployment tenant create \
azure-resource-manager Deployment History Deletions https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-resource-manager/templates/deployment-history-deletions.md
To reenable automatic deletions, use Azure REST API or Azure CLI.
# [Azure CLI](#tab/azure-cli)
-For Azure CLI, use [az feature register](/cli/azure/feature#az_feature_register).
+For Azure CLI, use [az feature register](/cli/azure/feature#az-feature-register).
```azurecli-interactive az feature register --namespace Microsoft.Resources --name DisableDeploymentGrooming
To see the current status of your subscription, use:
az feature show --namespace Microsoft.Resources --name DisableDeploymentGrooming ```
-To reenable automatic deletions, use [az feature unregister](/cli/azure/feature#az_feature_unregister).
+To reenable automatic deletions, use [az feature unregister](/cli/azure/feature#az-feature-unregister).
```azurecli-interactive az feature unregister --namespace Microsoft.Resources --name DisableDeploymentGrooming
azure-resource-manager Deployment Script Template https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-resource-manager/templates/deployment-script-template.md
For deployment script API version 2020-10-01 or later, there are two principals
- **Deployment script principal**: This principal is only required if the deployment script needs to authenticate to Azure and call Azure CLI/PowerShell. There are two ways to specify the deployment script principal: - Specify a user-assigned managed identity in the `identity` property (see [Sample templates](#sample-templates)). When specified, the script service calls `Connect-AzAccount -Identity` before invoking the deployment script. The managed identity must have the required access to complete the operation in the script. Currently, only user-assigned managed identity is supported for the `identity` property. To log in with a different identity, use the second method in this list.
- - Pass the service principal credentials as secure environment variables, and then can call [Connect-AzAccount](/powershell/module/az.accounts/connect-azaccount) or [az login](/cli/azure/reference-index#az_login) in the deployment script.
+ - Pass the service principal credentials as secure environment variables, and then can call [Connect-AzAccount](/powershell/module/az.accounts/connect-azaccount) or [az login](/cli/azure/reference-index#az-login) in the deployment script.
If a managed identity is used, the deployment principal needs the **Managed Identity Operator** role (a built-in role) assigned to the managed identity resource.
azure-resource-manager Export Template Cli https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-resource-manager/templates/export-template-cli.md
This article shows how to export templates through **Azure CLI**. For other opti
After setting up your resource group successfully, you can export an Azure Resource Manager template for the resource group.
-To export all resources in a resource group, use [az group export](/cli/azure/group#az_group_export) and provide the resource group name.
+To export all resources in a resource group, use [az group export](/cli/azure/group#az-group-export) and provide the resource group name.
```azurecli-interactive az group export --name demoGroup
If you use the `--include-parameter-default-value` parameter when exporting the
You can save a template from a deployment in the deployment history. The template you get is exactly the one that was used for deployment.
-To get a template from a resource group deployment, use the [az deployment group export](/cli/azure/deployment/group#az_deployment_group_export) command. You specify the name of the deployment to retrieve. For help with getting the name of a deployment, see [View deployment history with Azure Resource Manager](deployment-history.md).
+To get a template from a resource group deployment, use the [az deployment group export](/cli/azure/deployment/group#az-deployment-group-export) command. You specify the name of the deployment to retrieve. For help with getting the name of a deployment, see [View deployment history with Azure Resource Manager](deployment-history.md).
```azurecli-interactive az deployment group export --resource-group demoGroup --name demoDeployment
az deployment group export --resource-group demoGroup --name demoDeployment > de
To get templates deployed at other levels, use:
-* [az deployment sub export](/cli/azure/deployment/sub#az_deployment_sub_export) for deployments to subscriptions
-* [az deployment mg export](/cli/azure/deployment/mg#az_deployment_mg_export) for deployments to management groups
-* [az deployment tenant export](/cli/azure/deployment/tenant#az_deployment_tenant_export) for deployments to tenants
+* [az deployment sub export](/cli/azure/deployment/sub#az-deployment-sub-export) for deployments to subscriptions
+* [az deployment mg export](/cli/azure/deployment/mg#az-deployment-mg-export) for deployments to management groups
+* [az deployment tenant export](/cli/azure/deployment/tenant#az-deployment-tenant-export) for deployments to tenants
## Next steps
azure-resource-manager Quickstart Create Templates Use The Portal https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-resource-manager/templates/quickstart-create-templates-use-the-portal.md
Title: Deploy template - Azure portal
-description: Learn how to create your first Azure Resource Manager template (ARM template) using the Azure portal, and how to deploy it.
+description: Learn how to create your first Azure Resource Manager template (ARM template) using the Azure portal. You also learn how to deploy it.
Previously updated : 04/27/2021 Last updated : 03/24/2022
# Quickstart: Create and deploy ARM templates by using the Azure portal
-Learn how to generate an Azure Resource Manager template (ARM template) using the Azure portal, and the process of editing and deploying the template from the portal. ARM templates are JSON files that define the resources you need to deploy for your solution. To understand the concepts associated with deploying and managing your Azure solutions, see [template deployment overview](overview.md).
+In this quickstart, you learn how to generate an Azure Resource Manager template (ARM template) in the Azure portal. You edit and deploy the template from the portal.
+
+ARM templates are JSON files that define the resources you need to deploy for your solution. To understand the concepts associated with deploying and managing your Azure solutions, see [template deployment overview](overview.md).
After completing the tutorial, you deploy an Azure Storage account. The same process can be used to deploy other Azure resources.
If you don't have an Azure subscription, [create a free account](https://azure.m
## Generate a template using the portal
-Creating an ARM template from scratch is not an easy task, especially if you are new to Azure deployment and you are not familiar with the JSON format. Using the Azure portal, you can configure a resource, for example an Azure Storage account. Before you deploy the resource, you can export your configuration into a template. You can save the template and reuse it in the future.
+If you're new to Azure deployment, you may find it challenging to create an ARM template. To get around this challenge, you can configure your deployment in the Azure portal and download the corresponding ARM template. You save the template and reuse it in the future.
-Many experienced template developers use this method to generate templates when they try to deploy Azure resources that they are not familiar with. For more information about exporting templates by using the portal, see [Export resource groups to templates](../management/manage-resource-groups-portal.md#export-resource-groups-to-templates). The other way to find a working template is from [Azure Quickstart templates](https://azure.microsoft.com/resources/templates/).
+Many experienced template developers use this method to generate templates when they try to deploy Azure resources that they aren't familiar with. For more information about exporting templates by using the portal, see [Export resource groups to templates](../management/manage-resource-groups-portal.md#export-resource-groups-to-templates). The other way to find a working template is from [Azure Quickstart templates](https://azure.microsoft.com/resources/templates/).
1. In a web browser, go to the [Azure portal](https://portal.azure.com) and sign in. 1. From the Azure portal menu, select **Create a resource**.
Many experienced template developers use this method to generate templates when
> [!NOTE] > Some of the exported templates require some edits before you can deploy them.
-1. Select **Review + create** on the bottom of the screen. Do not select **Create** in the next step.
+1. Select **Review + create** on the bottom of the screen. Don't select **Create** in the next step.
1. Select **Download a template for automation** on the bottom of the screen. The portal shows the generated template: ![Generate a template from the portal](./media/quickstart-create-templates-use-the-portal/azure-resource-manager-template-tutorial-create-storage-account-template.png)
- The main pane shows the template. It is a JSON file with six top-level elements - `schema`, `contentVersion`, `parameters`, `variables`, `resources`, and `output`. For more information, see [Understand the structure and syntax of ARM templates](./syntax.md)
+ The main pane shows the template. It's a JSON file with six top-level elements - `schema`, `contentVersion`, `parameters`, `variables`, `resources`, and `output`. For more information, see [Understand the structure and syntax of ARM templates](./syntax.md)
There are nine parameters defined. One of them is called **storageAccountName**. The second highlighted part on the previous screenshot shows how to reference this parameter in the template. In the next section, you edit the template to use a generated name for the storage account.
Azure requires that each Azure service has a unique name. The deployment could f
1. Select **Build your own template in the editor**. 1. Select **Load file**, and then follow the instructions to load template.json you downloaded in the last section.+
+ After the file is loaded, you may notice a warning that the template schema wasn't loaded. You can ignore this warning. The schema is valid.
+ 1. Make the following three changes to the template: ![Azure Resource Manager templates](./media/quickstart-create-templates-use-the-portal/azure-resource-manager-template-tutorial-edit-storage-account-template-revised.png)
Azure requires that each Azure service has a unique name. The deployment could f
![Azure Resource Manager templates deployment resource group](./media/quickstart-create-templates-use-the-portal/azure-resource-manager-template-tutorial-portal-deployment-resource-group.png)
- You can see the deployment status was successful, and there is only one storage account in the resource group. The storage account name is a unique string generated by the template. To learn more about using Azure storage accounts, see [Quickstart: Upload, download, and list blobs using the Azure portal](../../storage/blobs/storage-quickstart-blobs-portal.md).
+ You can see the deployment status was successful, and there's only one storage account in the resource group. The storage account name is a unique string generated by the template. To learn more about using Azure storage accounts, see [Quickstart: Upload, download, and list blobs using the Azure portal](../../storage/blobs/storage-quickstart-blobs-portal.md).
## Clean up resources
When the Azure resources are no longer needed, clean up the resources you deploy
## Next steps
-In this tutorial, you learned how to generate a template from the Azure portal, and how to deploy the template using the portal. The template used in this Quickstart is a simple template with one Azure resource. When the template is complex, it is easier to use Visual Studio Code or Visual Studio to develop the template. To learn more about template development, see our new beginner tutorial series:
+In this tutorial, you learned how to generate a template from the Azure portal, and how to deploy the template using the portal. The template used in this Quickstart is a simple template with one Azure resource. When the template is complex, it's easier to use Visual Studio Code or Visual Studio to develop the template. To learn more about template development, see our new beginner tutorial series:
> [!div class="nextstepaction"] > [Beginner tutorials](./template-tutorial-create-first-template.md)
azure-resource-manager Template Functions Resource https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-resource-manager/templates/template-functions-resource.md
Title: Template functions - resources description: Describes the functions to use in an Azure Resource Manager template (ARM template) to retrieve values about resources. Previously updated : 03/10/2022 Last updated : 03/24/2022
You can use the response from `pickZones` to determine whether to provide null f
}, ```
-The following example shows how to use the `pickZones` function to enable zone redundancy for Cosmos DB.
+Cosmos DB isn't a zonal resource but you can use the `pickZones` function to determine whether to enable zone redundancy for georeplication. Pass the **Microsoft.Storage/storageAccounts** resource type to determine whether to enable zone redundancy.
:::code language="json" source="~/resourcemanager-templates/azure-resource-manager/functions/resource/pickzones-cosmosdb.json":::
azure-resource-manager Template Specs Create Portal Forms https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-resource-manager/templates/template-specs-create-portal-forms.md
New-AzTemplateSpec `
-UIFormDefinitionFile keyvaultform.json ```
-For Azure CLI, use [az ts create](/cli/azure/ts#az_ts_create) and provide the form in the `--ui-form-definition` parameter.
+For Azure CLI, use [az ts create](/cli/azure/ts#az-ts-create) and provide the form in the `--ui-form-definition` parameter.
```azurecli az ts create \
azure-resource-manager Create Troubleshooting Template https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-resource-manager/troubleshooting/create-troubleshooting-template.md
For example, an error occurs when your deployment template references an existin
## Deploy a troubleshooting template
-The following ARM template and Bicep file get information from an existing storage account. You run the deployment with Azure PowerShell [New-AzResourceGroupDeployment](/powershell/module/az.resources/new-azresourcegroupdeployment) or Azure CLI [az deployment group create](/cli/azure/deployment/group#az_deployment_group_create). Specify the storage account's name and resource group. The output is an object with the storage account's property names and values.
+The following ARM template and Bicep file get information from an existing storage account. You run the deployment with Azure PowerShell [New-AzResourceGroupDeployment](/powershell/module/az.resources/new-azresourcegroupdeployment) or Azure CLI [az deployment group create](/cli/azure/deployment/group#az-deployment-group-create). Specify the storage account's name and resource group. The output is an object with the storage account's property names and values.
```json {
azure-resource-manager Deployment Quota Exceeded https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-resource-manager/troubleshooting/deployment-quota-exceeded.md
During deployment, you receive an error that states the current deployment will
# [Azure CLI](#tab/azure-cli)
-Use the [az deployment group delete](/cli/azure/deployment/group#az_deployment_group_delete) command to delete deployments from the history.
+Use the [az deployment group delete](/cli/azure/deployment/group#az-deployment-group-delete) command to delete deployments from the history.
```azurecli-interactive az deployment group delete --resource-group exampleGroup --name deploymentName
azure-resource-manager Enable Debug Logging https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-resource-manager/troubleshooting/enable-debug-logging.md
You can specify a property, like `StatusMessage` or `StatusCode` to filter the o
You can't enable debug logging with Azure CLI but you can retrieve debug logging data.
-Get the deployment operations with the [az deployment operation group list](/cli/azure/deployment/operation/group#az_deployment_operation_group_list) command:
+Get the deployment operations with the [az deployment operation group list](/cli/azure/deployment/operation/group#az-deployment-operation-group-list) command:
```azurecli az deployment operation group list \
azure-resource-manager Error Not Found https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-resource-manager/troubleshooting/error-not-found.md
When you receive this error while doing a management task, check the values you
- Resource group name - Subscription
-If you're using PowerShell or Azure CLI, check that you're running commands in the subscription that contains the resource. You can change the subscription with [Set-AzContext](/powershell/module/Az.Accounts/Set-AzContext) or [az account set](/cli/azure/account#az_account_set). Many commands provide a subscription parameter that lets you specify a different subscription than the current context.
+If you're using PowerShell or Azure CLI, check that you're running commands in the subscription that contains the resource. You can change the subscription with [Set-AzContext](/powershell/module/Az.Accounts/Set-AzContext) or [az account set](/cli/azure/account#az-account-set). Many commands provide a subscription parameter that lets you specify a different subscription than the current context.
If you can't verify the properties, sign in to the [Microsoft Azure portal](https://portal.azure.com). Find the resource you're trying to use and examine the resource name, resource group, and subscription.
azure-resource-manager Error Policy Requestdisallowedbypolicy https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-resource-manager/troubleshooting/error-policy-requestdisallowedbypolicy.md
You can use the name of a policy assignment or policy definition to get more det
# [Azure CLI](#tab/azure-cli)
-To get more information about a policy definition, use [az policy definition show](/cli/azure/policy/definition#az_policy_definition_show).
+To get more information about a policy definition, use [az policy definition show](/cli/azure/policy/definition#az-policy-definition-show).
```azurecli defname=<policy definition name> az policy definition show --name $defname ```
-To get more information about a policy assignment, use [az policy assignment show](/cli/azure/policy/assignment#az_policy_assignment_show).
+To get more information about a policy assignment, use [az policy assignment show](/cli/azure/policy/assignment#az-policy-assignment-show).
```azurecli rg=<resource group name>
azure-resource-manager Error Register Resource Provider https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-resource-manager/troubleshooting/error-register-resource-provider.md
You receive these errors for one of these reasons:
You can use Azure CLI to get information about a resource provider's registration status and register a resource provider.
-Use [az provider list](/cli/azure/provider#az_provider_list) to display the registration status for your subscription's resource providers. The examples use the `--output table` parameter to filter the output for readability. You can omit the parameter to see all properties.
+Use [az provider list](/cli/azure/provider#az-provider-list) to display the registration status for your subscription's resource providers. The examples use the `--output table` parameter to filter the output for readability. You can omit the parameter to see all properties.
The following command lists all the subscription's resource providers and whether they're `Registered` or `NotRegistered`.
Get the registration status for a specific resource provider:
az provider list --query "[?namespace=='Microsoft.Compute']" --output table ```
-To register a resource provider, use the [az provider register](/cli/azure/provider#az_provider_register) command, and specify the _namespace_ to register.
+To register a resource provider, use the [az provider register](/cli/azure/provider#az-provider-register) command, and specify the _namespace_ to register.
```azurecli-interactive az provider register --namespace Microsoft.Cdn ```
-To get a resource type's supported locations, use [az provider show](/cli/azure/provider#az_provider_show):
+To get a resource type's supported locations, use [az provider show](/cli/azure/provider#az-provider-show):
```azurecli-interactive az provider show --namespace Microsoft.Web --query "resourceTypes[?resourceType=='sites'].locations"
azure-resource-manager Error Resource Quota https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-resource-manager/troubleshooting/error-resource-quota.md
For quota information, see [Azure subscription and service limits, quotas, and c
# [Azure CLI](#tab/azure-cli)
-For Azure CLI, use the [az vm list-usage](/cli/azure/vm#az_vm_list_usage) command to find virtual machine quotas.
+For Azure CLI, use the [az vm list-usage](/cli/azure/vm#az-vm-list-usage) command to find virtual machine quotas.
```azurecli az vm list-usage --location "West US" --output table
azure-resource-manager Error Sku Not Available https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-resource-manager/troubleshooting/error-sku-not-available.md
# Resolve errors for SKU not available
-This article describes how to resolve errors when a SKU isn't available in an Azure subscription's region or availability zones. Examples of resource SKUs are virtual machine (VM) size or storage account types. Errors occur during deployments with an Azure Resource Manager template (ARM template) or Bicep file. The error also occurs with commands like [New-AzVM](/powershell/module/az.compute/new-azvm) or [az vm create](/cli/azure/vm#az_vm_create) that specify a **size** parameter for a SKU that's not available.
+This article describes how to resolve errors when a SKU isn't available in an Azure subscription's region or availability zones. Examples of resource SKUs are virtual machine (VM) size or storage account types. Errors occur during deployments with an Azure Resource Manager template (ARM template) or Bicep file. The error also occurs with commands like [New-AzVM](/powershell/module/az.compute/new-azvm) or [az vm create](/cli/azure/vm#az-vm-create) that specify a **size** parameter for a SKU that's not available.
## Symptom
If a SKU isn't available for your subscription in a location or zone that meets
# [Azure CLI](#tab/azure-cli)
-To determine which SKUs are available in a location or zone, use the [az vm list-skus](/cli/azure/vm#az_vm_list_skus) command.
+To determine which SKUs are available in a location or zone, use the [az vm list-skus](/cli/azure/vm#az-vm-list-skus) command.
```azurecli-interactive az vm list-skus --location centralus --size Standard_D --all --output table
To determine which SKUs are available in a **Region**, use the [portal](https://
To determine which SKUs are available in a location, use the [Resource Skus - List](/rest/api/compute/resourceskus/list) operation.
-You can use [az rest](/cli/azure/reference-index#az_rest) to run the list operation. Replace `<subscription ID>` including the angle brackets with your subscription ID. The output is a large data set that you can save to a JSON file.
+You can use [az rest](/cli/azure/reference-index#az-rest) to run the list operation. Replace `<subscription ID>` including the angle brackets with your subscription ID. The output is a large data set that you can save to a JSON file.
```azurecli az rest --method get --uri https://management.azure.com/subscriptions/<subscription ID>/providers/Microsoft.Compute/skus?api-version=2021-07-01 --output-file .\sku-list.json
azure-resource-manager Find Error Code https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-resource-manager/troubleshooting/find-error-code.md
There are more PowerShell cmdlets available to validate deployment templates:
# [Azure CLI](#tab/azure-cli)
-To validate an ARM template before deployment, run [az deployment group validate](/cli/azure/deployment/group#az_deployment_group_validate).
+To validate an ARM template before deployment, run [az deployment group validate](/cli/azure/deployment/group#az-deployment-group-validate).
```azurecli az deployment group validate \
az deployment group validate \
There are more Azure CLI commands available to validate deployment templates: -- [az deployment sub validate](/cli/azure/deployment/sub#az_deployment_sub_validate)-- [az deployment mg validate](/cli/azure/deployment/mg#az_deployment_mg_validate)-- [az deployment tenant validate](/cli/azure/deployment/tenant#az_deployment_tenant_validate)
+- [az deployment sub validate](/cli/azure/deployment/sub#az-deployment-sub-validate)
+- [az deployment mg validate](/cli/azure/deployment/mg#az-deployment-mg-validate)
+- [az deployment tenant validate](/cli/azure/deployment/tenant#az-deployment-tenant-validate)
Get-AzResourceGroupDeployment `
# [Azure CLI](#tab/azure-cli)
-To see a deployment's operations messages with Azure CLI, use [az deployment operation group list](/cli/azure/deployment/operation/group#az_deployment_operation_group_list).
+To see a deployment's operations messages with Azure CLI, use [az deployment operation group list](/cli/azure/deployment/operation/group#az-deployment-operation-group-list).
To show all the operations for a deployment:
az deployment operation group list \
--query "[*].properties.statusCode" ```
-To get a deployment's result, use [az deployment group show](/cli/azure/deployment/group#az_deployment_group_show).
+To get a deployment's result, use [az deployment group show](/cli/azure/deployment/group#az-deployment-group-show).
```azurecli az deployment group show \
azure-resource-manager Overview https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-resource-manager/troubleshooting/overview.md
To follow best practices for developing your templates, use either:
* [Bicep linter](../bicep/linter.md) * [ARM template test toolkit](../templates/test-toolkit.md)
-When you deploy, you can find the cause of errors from the Azure portal in a resource group's **Deployments** or **Activity log**. If you're using Azure PowerShell, use commands like [Get-AzResourceGroupDeploymentOperation](/powershell/module/az.resources/get-azresourcegroupdeploymentoperation) and [Get-AzActivityLog](/powershell/module/az.monitor/get-azactivitylog). For Azure CLI, use commands like [az deployment operation group](/cli/azure/deployment/operation/group) and [az monitor activity-log list](/cli/azure/monitor/activity-log#az_monitor_activity_log_list).
+When you deploy, you can find the cause of errors from the Azure portal in a resource group's **Deployments** or **Activity log**. If you're using Azure PowerShell, use commands like [Get-AzResourceGroupDeploymentOperation](/powershell/module/az.resources/get-azresourcegroupdeploymentoperation) and [Get-AzActivityLog](/powershell/module/az.monitor/get-azactivitylog). For Azure CLI, use commands like [az deployment operation group](/cli/azure/deployment/operation/group) and [az monitor activity-log list](/cli/azure/monitor/activity-log#az-monitor-activity-log-list).
## Next steps
azure-signalr Availability Zones https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-signalr/availability-zones.md
Title: Availability zones support in Azure SignalR Service
-description: Availability zones support in Azure SignalR Service
+description: Azure availability zones and zone redundancy in Azure SignalR Service
Previously updated : 02/15/2022 Last updated : 03/22/2022
-# Availability zones support in Azure SignalR Service
-
-[Availability zones](../availability-zones/az-overview.md#availability-zones) are unique physical locations within an Azure region. To ensure resiliency, there's a minimum of three separate zones in all enabled regions. Each zone has one or more datacenters equipped with independent power, cooling, and networking.
-## Zone redundancy
+# Availability zones support in Azure SignalR Service
-Azure SignalR Service leverages availability zones in a Zone Redundant manner. That means, the service doesn't spin to a specific zone. Instead workloads are evenly distributed across multiple zones in a region. When a single zone fails, traffic are automatically routed to other zones, keeping the service available.
+Azure SignalR Service uses [Azure availability zones](../availability-zones/az-overview.md#availability-zones) to provide high availability and fault tolerance within an Azure region.
-## Region support
+> [!NOTE]
+> Zone redundancy is a Premium tier feature. It is implicitly enabled when you create or upgrade to a Premium tier resource. Standard tier resources can be upgraded to Premium tier without downtime.
-Not all Azure regions support availability zones. For the regions list, see [regions that support availability zones](../availability-zones/az-region.md).
+## Zone redundancy
-## Tier support
+Zone-enabled Azure regions (not all [regions support availability zones](../availability-zones/az-region.md)) have a minimum of three availability zones. A zone is one or more datacenters, each with its own independent power and network connections. All the zones in a region are connected by a dedicated low-latency regional network. If a zone fails, Azure SignalR Service traffic running on the affected zone is routed to other zones in the region.
-Zone redundancy is a Premium tier feature. It is implicitly enabled when you create or upgrade to a Premium tier resource. Standard tier resources can be upgraded to Premium tier without downtime.
+Azure SignalR Service uses availability zones in a *zone-redundant* manner. Zone redundancy means the service isn't constrained to run in a specific zone. Instead, total service is evenly distributed across multiple zones in a region. Zone redundancy reduces the potential for data loss and service interruption if one of the zones fails.
## Next steps * Learn more about [regions that support availability zones](../availability-zones/az-region.md).
-* Learn more about building for [reliability](/azure/architecture/framework/resiliency/app-design) in Azure.
+* Learn more about designing for [reliability](/azure/architecture/framework/resiliency/app-design) in Azure.
azure-signalr Signalr Cli Create Service https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-signalr/scripts/signalr-cli-create-service.md
Each command in the table links to command specific documentation. This script u
| Command | Notes | |||
-| [az group create](/cli/azure/group#az_group_create) | Creates a resource group in which all resources are stored. |
-| [az signalr create](/cli/azure/signalr#az_signalr_create) | Creates an Azure SignalR Service resource. |
-| [az signalr key list](/cli/azure/signalr/key#az_signalr_key_list) | List the keys, which will be used by your application when pushing real-time content updates with SignalR. |
+| [az group create](/cli/azure/group#az-group-create) | Creates a resource group in which all resources are stored. |
+| [az signalr create](/cli/azure/signalr#az-signalr-create) | Creates an Azure SignalR Service resource. |
+| [az signalr key list](/cli/azure/signalr/key#az-signalr-key-list) | List the keys, which will be used by your application when pushing real-time content updates with SignalR. |
## Next steps
azure-signalr Signalr Cli Create With App Service Github Oauth https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-signalr/scripts/signalr-cli-create-with-app-service-github-oauth.md
Each command in the table links to command specific documentation. This script u
| Command | Notes | |||
-| [az group create](/cli/azure/group#az_group_create) | Creates a resource group in which all resources are stored. |
-| [az signalr create](/cli/azure/signalr#az_signalr_create) | Creates an Azure SignalR Service resource. |
-| [az signalr key list](/cli/azure/signalr/key#az_signalr_key_list) | List the keys, which will be used by your application when pushing real-time content updates with SignalR. |
-| [az appservice plan create](/cli/azure/appservice/plan#az_appservice_plan_create) | Creates an Azure App Service Plan for hosting web apps. |
-| [az webapp create](/cli/azure/webapp#az_webapp_create) | Creates an Azure Web app using the App Service hosting plan. |
-| [az webapp config appsettings set](/cli/azure/webapp/config/appsettings#az_webapp_config_appsettings_set) | Adds new app settings for the web app. These app settings are used to store the SignalR connection string and GitHub OAuth app secrets. |
-| [az webapp deployment user set](/cli/azure/webapp/deployment/user#az_webapp_deployment_user_set) | Update deployment credentials. |
-| [az webapp deployment source config-local-git](/cli/azure/webapp/deployment/source#az_webapp_deployment_source_config_local_git) | Get a URL for a git repository endpoint to clone and push to for web app deployment. |
+| [az group create](/cli/azure/group#az-group-create) | Creates a resource group in which all resources are stored. |
+| [az signalr create](/cli/azure/signalr#az-signalr-create) | Creates an Azure SignalR Service resource. |
+| [az signalr key list](/cli/azure/signalr/key#az-signalr-key-list) | List the keys, which will be used by your application when pushing real-time content updates with SignalR. |
+| [az appservice plan create](/cli/azure/appservice/plan#az-appservice-plan-create) | Creates an Azure App Service Plan for hosting web apps. |
+| [az webapp create](/cli/azure/webapp#az-webapp-create) | Creates an Azure Web app using the App Service hosting plan. |
+| [az webapp config appsettings set](/cli/azure/webapp/config/appsettings#az-webapp-config-appsettings-set) | Adds new app settings for the web app. These app settings are used to store the SignalR connection string and GitHub OAuth app secrets. |
+| [az webapp deployment user set](/cli/azure/webapp/deployment/user#az-webapp-deployment-user-set) | Update deployment credentials. |
+| [az webapp deployment source config-local-git](/cli/azure/webapp/deployment/source#az-webapp-deployment-source-config-local-git) | Get a URL for a git repository endpoint to clone and push to for web app deployment. |
## Next steps
azure-signalr Signalr Cli Create With App Service https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-signalr/scripts/signalr-cli-create-with-app-service.md
Each command in the table links to command specific documentation. This script u
| Command | Notes | |||
-| [az group create](/cli/azure/group#az_group_create) | Creates a resource group in which all resources are stored. |
-| [az signalr create](/cli/azure/signalr#az_signalr_create) | Creates an Azure SignalR Service resource. |
-| [az signalr key list](/cli/azure/signalr/key#az_signalr_key_list) | List the keys, which will be used by your application when pushing real-time content updates with SignalR. |
-| [az appservice plan create](/cli/azure/appservice/plan#az_appservice_plan_create) | Creates an Azure App Service Plan for hosting web apps. |
-| [az webapp create](/cli/azure/webapp#az_webapp_create) | Creates an Azure Web app using the App Service hosting plan. |
-| [az webapp config appsettings set](/cli/azure/webapp/config/appsettings#az_webapp_config_appsettings_set) | Adds a new app setting for the web app. This app setting is used to store the SignalR connection string. |
+| [az group create](/cli/azure/group#az-group-create) | Creates a resource group in which all resources are stored. |
+| [az signalr create](/cli/azure/signalr#az-signalr-create) | Creates an Azure SignalR Service resource. |
+| [az signalr key list](/cli/azure/signalr/key#az-signalr-key-list) | List the keys, which will be used by your application when pushing real-time content updates with SignalR. |
+| [az appservice plan create](/cli/azure/appservice/plan#az-appservice-plan-create) | Creates an Azure App Service Plan for hosting web apps. |
+| [az webapp create](/cli/azure/webapp#az-webapp-create) | Creates an Azure Web app using the App Service hosting plan. |
+| [az webapp config appsettings set](/cli/azure/webapp/config/appsettings#az-webapp-config-appsettings-set) | Adds a new app setting for the web app. This app setting is used to store the SignalR connection string. |
## Next steps
azure-signalr Signalr Howto Azure Policy https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-signalr/signalr-howto-azure-policy.md
When a resource is non-compliant, there are many possible reasons. To determine
### Policy compliance in the Azure CLI
-You can also use the Azure CLI to get compliance data. For example, use the [az policy assignment list](/cli/azure/policy/assignment#az_policy_assignment_list) command in the CLI to get the policy IDs of the Azure SignalR Service policies that are applied:
+You can also use the Azure CLI to get compliance data. For example, use the [az policy assignment list](/cli/azure/policy/assignment#az-policy-assignment-list) command in the CLI to get the policy IDs of the Azure SignalR Service policies that are applied:
```azurecli az policy assignment list --query "[?contains(displayName,'SignalR')].{name:displayName, ID:id}" --output table
Name
[Preview]: Azure SignalR Service should use private links /subscriptions/<subscriptionId>/resourceGroups/<resourceGroup>/providers/Microsoft.Authorization/policyAssignments/<assignmentId> ```
-Then run [az policy state list](/cli/azure/policy/state#az_policy_state_list) to return the JSON-formatted compliance state for all resources under a specific resource group:
+Then run [az policy state list](/cli/azure/policy/state#az-policy-state-list) to return the JSON-formatted compliance state for all resources under a specific resource group:
```azurecli az policy state list --g <resourceGroup> ```
-Or run [az policy state list](/cli/azure/policy/state#az_policy_state_list) to return the JSON-formatted compliance state of a specific SignalR resource:
+Or run [az policy state list](/cli/azure/policy/state#az-policy-state-list) to return the JSON-formatted compliance state of a specific SignalR resource:
```azurecli az policy state list \
azure-signalr Signalr Howto Key Rotation https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-signalr/signalr-howto-key-rotation.md
For security reasons and compliance requirements, routinely rotate your access k
![Regenerate Keys](media/signalr-howto-key-rotation/regenerate-keys.png)
-You also can regenerate keys by using the [Azure CLI](/cli/azure/signalr/key#az_signalr_key_renew).
+You also can regenerate keys by using the [Azure CLI](/cli/azure/signalr/key#az-signalr-key-renew).
## Update configurations with new connection strings
azure-sql Active Geo Replication Configure Portal https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-sql/database/active-geo-replication-configure-portal.md
Select the database you want to set up for geo-replication. You'll need the foll
You can select any region for your secondary server, but we recommend the [paired region](../../availability-zones/cross-region-replication-azure.md).
-Run the [az sql db replica create](/cli/azure/sql/db/replica#az_sql_db_replica_create) command.
+Run the [az sql db replica create](/cli/azure/sql/db/replica#az-sql-db-replica-create) command.
```azurecli az sql db replica create --resource-group ContosoHotel --server contosoeast --name guestlist --partner-server contosowest --family Gen5 --capacity 2 --secondary-type Geo
Optionally, you can add a secondary database to an elastic pool. To create the s
The secondary database is created and the deployment process begins.
-When the deployment is complete, you can check the status of the secondary database by running the [az sql db replica list-links](/cli/azure/sql/db/replica#az_sql_db_replica_list-links) command:
+When the deployment is complete, you can check the status of the secondary database by running the [az sql db replica list-links](/cli/azure/sql/db/replica#az-sql-db-replica-list-links) command:
```azurecli az sql db replica list-links --name guestlist --resource-group ContosoHotel --server contosowest
The secondary database can be switched to become the primary.
# [Azure CLI](#tab/azure-cli)
-Run the [az sql db replica set-primary](/cli/azure/sql/db/replica#az_sql_db_replica_set-primary) command.
+Run the [az sql db replica set-primary](/cli/azure/sql/db/replica#az-sql-db-replica-set-primary) command.
```azurecli az sql db replica set-primary --name guestlist --resource-group ContosoHotel --server contosowest
This operation permanently stops the replication to the secondary database, and
# [Azure CLI](#tab/azure-cli)
-Run the [az sql db replica delete-link](/cli/azure/sql/db/replica#az_sql_db_replica_delete-link) command.
+Run the [az sql db replica delete-link](/cli/azure/sql/db/replica#az-sql-db-replica-delete-link) command.
```azurecli az sql db replica delete-link --name guestlist --resource-group ContosoHotel --server contosoeast --partner-server contosowest
azure-sql Alerts Insights Configure Portal https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-sql/database/alerts-insights-configure-portal.md
ms.devlang: --++ Last updated : "03/23/2022" Previously updated : 05/04/2020 # Create alerts for Azure SQL Database and Azure Synapse Analytics using the Azure portal [!INCLUDE[appliesto-sqldb-asa](../includes/appliesto-sqldb-asa.md)]
azure-sql Application Authentication Get Client Id Keys https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-sql/database/application-authentication-get-client-id-keys.md
$roleassignment = az role assignment create --role "Contributor" --scope /subscr
# output the values we need for our C# application to successfully authenticate Write-Output "Copy these values into the C# sample app"
-Write-Output "_subscriptionId:" (az account show --query "id")
+Write-Output "-subscriptionId:" (az account show --query "id")
Write-Output "_tenantId:" (az account show --query "tenantId") Write-Output "_applicationId:" $azureAdApplication.ApplicationId.Guid Write-Output "_applicationSecret:" $secret
azure-sql Audit Log Format https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-sql/database/audit-log-format.md
--++ Last updated : "03/23/2022" Previously updated : 06/03/2020 # SQL Database audit log format
azure-sql Audit Write Storage Account Behind Vnet Firewall https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-sql/database/audit-write-storage-account-behind-vnet-firewall.md
--++ Last updated : "03/23/2022" Previously updated : 06/17/2020 # Write audit to a storage account behind VNet and firewall
azure-sql Auditing Overview https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-sql/database/auditing-overview.md
--++ Last updated : "03/23/2022" Previously updated : 08/25/2021 # Auditing for Azure SQL Database and Azure Synapse Analytics
azure-sql Authentication Aad Configure https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-sql/database/authentication-aad-configure.md
You can also provision an Azure AD admin for the SQL Managed Instance by calling
| Command | Description | | | |
-|[az sql mi ad-admin create](/cli/azure/sql/mi/ad-admin#az_sql_mi_ad_admin_create) | Provisions an Azure Active Directory administrator for the SQL Managed Instance (must be from the current subscription). |
-|[az sql mi ad-admin delete](/cli/azure/sql/mi/ad-admin#az_sql_mi_ad_admin_delete) | Removes an Azure Active Directory administrator for the SQL Managed Instance. |
-|[az sql mi ad-admin list](/cli/azure/sql/mi/ad-admin#az_sql_mi_ad_admin_list) | Returns information about an Azure Active Directory administrator currently configured for the SQL Managed Instance. |
-|[az sql mi ad-admin update](/cli/azure/sql/mi/ad-admin#az_sql_mi_ad_admin_update) | Updates the Active Directory administrator for the SQL Managed Instance. |
+|[az sql mi ad-admin create](/cli/azure/sql/mi/ad-admin#az-sql-mi-ad-admin-create) | Provisions an Azure Active Directory administrator for the SQL Managed Instance (must be from the current subscription). |
+|[az sql mi ad-admin delete](/cli/azure/sql/mi/ad-admin#az-sql-mi-ad-admin-delete) | Removes an Azure Active Directory administrator for the SQL Managed Instance. |
+|[az sql mi ad-admin list](/cli/azure/sql/mi/ad-admin#az-sql-mi-ad-admin-list) | Returns information about an Azure Active Directory administrator currently configured for the SQL Managed Instance. |
+|[az sql mi ad-admin update](/cli/azure/sql/mi/ad-admin#az-sql-mi-ad-admin-update) | Updates the Active Directory administrator for the SQL Managed Instance. |
For more information about CLI commands, see [az sql mi](/cli/azure/sql/mi).
You can provision an Azure AD admin by calling the following CLI commands:
| Command | Description | | | |
-|[az sql server ad-admin create](/cli/azure/sql/server/ad-admin#az_sql_server_ad_admin_create) | Provisions an Azure Active Directory administrator for the server hosting SQL Database or Azure Synapse. (Must be from the current subscription) |
-|[az sql server ad-admin delete](/cli/azure/sql/server/ad-admin#az_sql_server_ad_admin_delete) | Removes an Azure Active Directory administrator for the server hosting SQL Database or Azure Synapse. |
-|[az sql server ad-admin list](/cli/azure/sql/server/ad-admin#az_sql_server_ad_admin_list) | Returns information about an Azure Active Directory administrator currently configured for the server hosting SQL Database or Azure Synapse. |
-|[az sql server ad-admin update](/cli/azure/sql/server/ad-admin#az_sql_server_ad_admin_update) | Updates the Active Directory administrator for the server hosting SQL Database or Azure Synapse. |
+|[az sql server ad-admin create](/cli/azure/sql/server/ad-admin#az-sql-server-ad-admin-create) | Provisions an Azure Active Directory administrator for the server hosting SQL Database or Azure Synapse. (Must be from the current subscription) |
+|[az sql server ad-admin delete](/cli/azure/sql/server/ad-admin#az-sql-server-ad-admin-delete) | Removes an Azure Active Directory administrator for the server hosting SQL Database or Azure Synapse. |
+|[az sql server ad-admin list](/cli/azure/sql/server/ad-admin#az-sql-server-ad-admin-list) | Returns information about an Azure Active Directory administrator currently configured for the server hosting SQL Database or Azure Synapse. |
+|[az sql server ad-admin update](/cli/azure/sql/server/ad-admin#az-sql-server-ad-admin-update) | Updates the Active Directory administrator for the server hosting SQL Database or Azure Synapse. |
For more information about CLI commands, see [az sql server](/cli/azure/sql/server).
azure-sql Authentication Azure Ad Only Authentication Create Server https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-sql/database/authentication-azure-ad-only-authentication-create-server.md
Replace the following values in the example:
az sql server create --enable-ad-only-auth --external-admin-principal-type User --external-admin-name <AzureADAccount> --external-admin-sid <AzureADAccountSID> -g <ResourceGroupName> -n <ServerName> ```
-For more information, see [az sql server create](/cli/azure/sql/server#az_sql_server_create).
+For more information, see [az sql server create](/cli/azure/sql/server#az-sql-server-create).
To check the server status after creation, see the following command:
Replace the following values in the example:
az sql mi create --enable-ad-only-auth --external-admin-principal-type User --external-admin-name <AzureADAccount> --external-admin-sid <AzureADAccountSID> -g <ResourceGroupName> -n <managedinstancename> --subnet /subscriptions/<Subscription ID>/resourceGroups/<ResourceGroupName>/providers/Microsoft.Network/virtualNetworks/<VNetName>/subnets/<SubnetName> ```
-For more information, see [az sql mi create](/cli/azure/sql/mi#az_sql_mi_create).
+For more information, see [az sql mi create](/cli/azure/sql/mi#az-sql-mi-create).
# [PowerShell](#tab/azure-powershell)
azure-sql Authentication Azure Ad User Assigned Managed Identity Create Server https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-sql/database/authentication-azure-ad-user-assigned-managed-identity-create-server.md
Replace the following values in the example:
az sql server create --assign-identity --identity-type UserAssigned --user-assigned-identity-id /subscriptions/<subscriptionId>/resourceGroups/<ResourceGroupName>/providers/Microsoft.ManagedIdentity/userAssignedIdentities/<managedIdentity> --primary-user-assigned-identity-id /subscriptions/<subscriptionId>/resourceGroups/<ResourceGroupName>/providers/Microsoft.ManagedIdentity/userAssignedIdentities/<primaryIdentity> --enable-ad-only-auth --external-admin-principal-type User --external-admin-name <AzureADAccount> --external-admin-sid <AzureADAccountSID> -g <ResourceGroupName> -n <ServerName> -l <Location> ```
-For more information, see [az sql server create](/cli/azure/sql/server#az_sql_server_create).
+For more information, see [az sql server create](/cli/azure/sql/server#az-sql-server-create).
> [!NOTE] > The above example provisions a server with only a user-assigned managed identity. You could set the `--identity-type` to be `UserAssigned,SystemAssigned` if you wanted both types of managed identities to be created with the server.
azure-sql Authentication Azure Ad User Assigned Managed Identity https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-sql/database/authentication-azure-ad-user-assigned-managed-identity.md
The Azure CLI 2.26.0 (or higher) is required to run these commands with UMI.
#### Azure SQL Database -- To provision a new server with UMI, use the [az sql server create](/cli/azure/sql/server#az_sql_server_create) command.-- To obtain the UMI server information, use the [az sql server show](/cli/azure/sql/server#az_sql_server_show) command. -- To update the UMI server setting, use the [az sql server update](/cli/azure/sql/server#az_sql_server_update) command.
+- To provision a new server with UMI, use the [az sql server create](/cli/azure/sql/server#az-sql-server-create) command.
+- To obtain the UMI server information, use the [az sql server show](/cli/azure/sql/server#az-sql-server-show) command.
+- To update the UMI server setting, use the [az sql server update](/cli/azure/sql/server#az-sql-server-update) command.
#### Azure SQL Managed Instance -- To provision a new managed instance with UMI, use the [az sql mi create](/cli/azure/sql/mi#az_sql_mi_create) command.-- To obtain the UMI managed instance information, use the [az sql server show](/cli/azure/sql/mi#az_sql_mi_show) command.-- To update the UMI managed instance setting, use the [az sql mi update](/cli/azure/sql/mi#az_sql_mi_update) command.
+- To provision a new managed instance with UMI, use the [az sql mi create](/cli/azure/sql/mi#az-sql-mi-create) command.
+- To obtain the UMI managed instance information, use the [az sql server show](/cli/azure/sql/mi#az-sql-mi-show) command.
+- To update the UMI managed instance setting, use the [az sql mi update](/cli/azure/sql/mi#az-sql-mi-update) command.
### Create or set a managed identity using PowerShell
azure-sql Automated Backups Overview https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-sql/database/automated-backups-overview.md
az sql db create \
--tier Hyperscale \ --backup-storage-redundancy Zone ```
-For more information, see [az sql db create](/cli/azure/sql/db#az_sql_db_create) and [az sql db update](/cli/azure/sql/db#az_sql_db_update).
+For more information, see [az sql db create](/cli/azure/sql/db#az-sql-db-create) and [az sql db update](/cli/azure/sql/db#az-sql-db-update).
Except for Hyperscale and Basic tier databases, you can update the backup storage redundancy setting for an existing database with the `--backup-storage-redundancy` parameter and the `az sql db update` command. It may take up to 48 hours for the changes to be applied on the database. Switching from geo-redundant backup storage to local or zone redundant storage disables geo-restore.
az sql db copy \
--backup-storage-redundancy Zone ```
-For syntax details, see [az sql db copy](/cli/azure/sql/db#az_sql_db_copy). For an overview of database copy, visit [Copy a transactionally consistent copy of a database in Azure SQL Database](database-copy.md).
+For syntax details, see [az sql db copy](/cli/azure/sql/db#az-sql-db-copy). For an overview of database copy, visit [Copy a transactionally consistent copy of a database in Azure SQL Database](database-copy.md).
#### [SQL Managed Instance](#tab/managed-instance)
azure-sql Block Crud Tsql https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-sql/database/block-crud-tsql.md
This feature allows Azure administrators to block the creation or modification o
To block creation or modification of resources through T-SQL and enforce resource management through an Azure Resource Manager template (ARM template) for a given subscription, the subscription level preview features in Azure portal can be used. This is particularly useful when you are using [Azure Policies](../../governance/policy/overview.md) to enforce organizational standards through ARM templates. Since T-SQL does not adhere to the Azure Policies, a block on T-SQL create or modify operations can be applied. The syntax blocked includes CRUD (create, update, delete) statements for databases in Azure SQL, specifically `CREATE DATABASE`, `ALTER DATABASE`, and `DROP DATABASE` statements.
-T-SQL CRUD operations can be blocked via Azure portal, [PowerShell](/powershell/module/az.resources/register-azproviderfeature), or [Azure CLI](/cli/azure/feature#az_feature_register).
+T-SQL CRUD operations can be blocked via Azure portal, [PowerShell](/powershell/module/az.resources/register-azproviderfeature), or [Azure CLI](/cli/azure/feature#az-feature-register).
## Permissions
azure-sql Connect Github Actions Sql Db https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-sql/database/connect-github-actions-sql-db.md
The file has two sections:
## Generate deployment credentials
-You can create a [service principal](../../active-directory/develop/app-objects-and-service-principals.md) with the [az ad sp create-for-rbac](/cli/azure/ad/sp#az_ad_sp_create_for_rbac) command in the [Azure CLI](/cli/azure/). Run this command with [Azure Cloud Shell](https://shell.azure.com/) in the Azure portal or by selecting the **Try it** button.
+You can create a [service principal](../../active-directory/develop/app-objects-and-service-principals.md) with the [az ad sp create-for-rbac](/cli/azure/ad/sp#az-ad-sp-create-for-rbac) command in the [Azure CLI](/cli/azure/). Run this command with [Azure Cloud Shell](https://shell.azure.com/) in the Azure portal or by selecting the **Try it** button.
Replace the placeholders `server-name` with the name of your SQL server hosted on Azure. Replace the `subscription-id` and `resource-group` with the subscription ID and resource group connected to your SQL server.
azure-sql Database Copy https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-sql/database/database-copy.md
az sql db copy --dest-name "CopyOfMySampleDatabase" --dest-resource-group "myRes
--name "<databaseName>" --resource-group "<resourceGroup>" --server $sourceserver ```
-The database copy is an asynchronous operation but the target database is created immediately after the request is accepted. If you need to cancel the copy operation while still in progress, drop the the target database using the [az sql db delete](/cli/azure/sql/db#az_sql_db_delete) comm