Updates from: 04/12/2021 03:04:51
Service Microsoft Docs article Related commit history on GitHub Change details
active-directory Howto Mfa Mfasettings https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/authentication/howto-mfa-mfasettings.md
The _Trusted IPs_ feature of Azure AD Multi-Factor Authentication bypasses multi
> [!NOTE] > The trusted IPs can include private IP ranges only when you use MFA Server. For cloud-based Azure AD Multi-Factor Authentication, you can only use public IP address ranges. >
-> IPv6 ranges are only supported in the [Named location (preview)](../conditional-access/location-condition.md#preview-features) interface.
+> IPv6 ranges are only supported in the [Named location (preview)](../conditional-access/location-condition.md) interface.
If your organization deploys the NPS extension to provide MFA to on-premises applications note the source IP address will always appear to be the NPS server the authentication attempt flows through.
active-directory Concept Continuous Access Evaluation https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/conditional-access/concept-continuous-access-evaluation.md
From this page, you can optionally limit the users and groups that will be subje
For CAE, we only have insights into named IP-based named locations. We have no insights into other location settings like [MFA trusted IPs](../authentication/howto-mfa-mfasettings.md#trusted-ips) or country-based locations. When user comes from an MFA trusted IP or trusted locations that include MFA Trusted IPs or country location, CAE will not be enforced after user move to a different location. In those cases, we will issue a 1-hour CAE token without instant IP enforcement check. > [!IMPORTANT]
-> When configuring locations for continuous access evaluation, use only the [IP based Conditional Access location condition](../conditional-access/location-condition.md#preview-features) and configure all IP addresses, **including both IPv4 and IPv6**, that can be seen by your identity provider and resources provider. Do not use country location conditions or the trusted ips feature that is available in Azure AD Multi-Factor Authentication's service settings page.
+> When configuring locations for continuous access evaluation, use only the [IP based Conditional Access location condition](../conditional-access/location-condition.md) and configure all IP addresses, **including both IPv4 and IPv6**, that can be seen by your identity provider and resources provider. Do not use country location conditions or the trusted ips feature that is available in Azure AD Multi-Factor Authentication's service settings page.
### IP address configuration
active-directory Services Support Managed Identities https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/managed-identities-azure-resources/services-support-managed-identities.md
Refer to the following list to configure managed identity for Azure Policy (in r
- [PowerShell](../../governance/policy/how-to/remediate-resources.md#create-managed-identity-with-powershell) - [Azure CLI](/cli/azure/policy/assignment#az-policy-assignment-create) - [Azure Resource Manager templates](/azure/templates/microsoft.authorization/policyassignments)-- [REST](/rest/api/resources/policyassignments/create)
+- [REST](/rest/api/policy/policyassignments/create)
### Azure Service Fabric
azure-cache-for-redis Cache High Availability https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-cache-for-redis/cache-high-availability.md
Azure Cache for Redis implements high availability by using multiple VMs, called
| Option | Description | Availability | Standard | Premium | Enterprise | | - | - | - | :: | :: | :: |
-| [Standard replication](#standard-replication)| Dual-node replicated configuration in a single datacenter with automatic failover | 99.9% |Γ£ö|Γ£ö|-|
-| [Zone redundancy](#zone-redundancy) | Multi-node replicated configuration across AZs, with automatic failover | 99.95% (Premium tier), 99.99% (Enterprise tiers) |-|Preview|Preview|
-| [Geo-replication](#geo-replication) | Linked cache instances in two regions, with user-controlled failover | 99.999% (Enterprise tier) |-|Γ£ö|Preview|
+| [Standard replication](#standard-replication)| Dual-node replicated configuration in a single datacenter with automatic failover | 99.9% (see [details](https://azure.microsoft.com/support/legal/sla/cache/v1_0/)) |Γ£ö|Γ£ö|-|
+| [Zone redundancy](#zone-redundancy) | Multi-node replicated configuration across AZs, with automatic failover | Up to 99.99% (see [details](https://azure.microsoft.com/support/legal/sla/cache/v1_0/)) |-|Preview|Preview|
+| [Geo-replication](#geo-replication) | Linked cache instances in two regions, with user-controlled failover | Up to 99.999% (see [details](https://azure.microsoft.com/support/legal/sla/cache/v1_0/)) |-|Γ£ö|Preview|
## Standard replication
azure-monitor Alerts Action Rules https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/alerts/alerts-action-rules.md
Title: Action rules for Azure Monitor alerts description: Understanding what action rules in Azure Monitor are and how to configure and manage them. Previously updated : 03/15/2021 Last updated : 04/08/2021
The available filters are:
* **Severity** This rule will apply only to alerts with the selected severities.
-For example, **severity = Sev1** means that the rule will apply only to alerts with Sev1 severity.
+For example, **severity = "Sev1"** means that the rule will apply only to alerts with Sev1 severity.
* **Monitor service** This rule will apply only to alerts coming from the selected monitoring services. For example, **monitor service = ΓÇ£Azure BackupΓÇ¥** means that the rule will apply only to backup alerts (coming from Azure Backup).
This rule will apply only to alerts coming from a specific alert rule. The value
For example, **alert rule ID = "/subscriptions/SubId1/resourceGroups/RG1/providers/microsoft.insights/metricalerts/API-Latency"** means this rule will apply only to alerts coming from "API-Latency" metric alert rule. _NOTE - you can get the proper alert rule ID by listing your alert rules from the CLI, or by opening a specific alert rule in the portal, clicking "Properties", and copying the "Resource ID" value._ * **Monitor condition**
-This rule will apply only to alert events with the specified monitor condition - either **Fired** or **Resolved**.
+This rule will apply only to alert events with the specified monitor condition - either **"Fired"** or **"Resolved"**.
* **Description** This rule will apply only to alerts that contains a specific string in the alert description field. That field contains the alert rule description.
-For example, **description contains 'prod'** means that the rule will only match alerts that contain the string "prod" in their description.
+For example, **description contains "prod"** means that the rule will only match alerts that contain the string "prod" in their description.
* **Alert context (payload)** This rule will apply only to alerts that contain any of one or more specific values in the alert context fields.
-For example, **alert context (payload) contains 'Computer-01'** means that the rule will only apply to alerts whose payload contain the string "Computer-01".
+For example, **alert context (payload) contains "Computer-01"** means that the rule will only apply to alerts whose payload contain the string "Computer-01".
-If you set multiple filters in a rule, all of them apply. For example, if you set **resource type' = Virtual Machines** and **severity' = Sev0**, then the rule will apply only for Sev0 alerts on virtual machines.
+> [!NOTE]
+> Each filter may include up to five values.
+> For example, a filter on monitor service may include up to five monitor service names.
++++
+If you set multiple filters in a rule, all of them apply. For example, if you set **resource type = "Virtual Machines"** and **severity = "Sev0"**, then the rule will apply only for Sev0 alerts on virtual machines.
![Action rule filters](media/alerts-action-rules/action-rules-new-rule-creation-flow-filters.png)
azure-monitor Sampling https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/app/sampling.md
The above code will disable adaptive sampling. Follow the steps below to add sam
Use extension methods of `TelemetryProcessorChainBuilder` as shown below to customize sampling behavior. > [!IMPORTANT]
-> If you use this method to configure sampling, please make sure to set the `aiOptions.EnableAdaptiveSampling` property to `false` when calling `AddApplicationInsightsTelemetry()`.
+> If you use this method to configure sampling, please make sure to set the `aiOptions.EnableAdaptiveSampling` property to `false` when calling `AddApplicationInsightsTelemetry()`. After making this change, you then need to follow the instructions in the code block below **exactly** in order to re-enable adaptive sampling with your customizations in place. Failure to do so can result in excess data ingestion. Always test post changing sampling settings, and set an appropriate [daily data cap](pricing.md#set-the-daily-cap) to help control your costs.
```csharp using Microsoft.ApplicationInsights.Extensibility
azure-monitor Cross Workspace Query https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/logs/cross-workspace-query.md
description: This article describes how you can query against resources from mul
Previously updated : 09/22/2020 Last updated : 04/11/2021
There are two methods to query data that is stored in multiple workspace and app
## Cross-resource query limits * The number of Application Insights resources and Log Analytics workspaces that you can include in a single query is limited to 100.
-* Cross-resource query is not supported in View Designer. You can Author a query in Log Analytics and pin it to Azure dashboard to [visualize a log query](../visualize/tutorial-logs-dashboards.md).
+* Cross-resource query is not supported in View Designer. You can Author a query in Log Analytics and pin it to Azure dashboard to [visualize a log query](../visualize/tutorial-logs-dashboards.md) or include in [Workbooks](../visualize/workbooks-overview.md).
* Cross-resource queries in log alerts are only supported in the current [scheduledQueryRules API](/rest/api/monitor/scheduledqueryrules). If you're using the legacy Log Analytics Alerts API, you'll need to [switch to the current API](../alerts/alerts-log-api-switch.md).
Identifying a workspace can be accomplished one of several ways:
* Resource name - is a human-readable name of the workspace, sometimes referred to as *component name*.
+ >[!Note]
+ >Because app and workspace names are not unique, this identifier might be ambiguous. When there are multiple instances of the resource name, reference should be by Qualified name, Resource ID, or Azure Resource ID.
+ `workspace("contosoretail-it").Update | count`
-* Qualified name - is the ΓÇ£full nameΓÇ¥ of the workspace, composed of the subscription name, resource group, and component name in this format: *subscriptionName/resourceGroup/componentName*.
+* Qualified name - is the "full name" of the workspace, composed of the subscription name, resource group, and component name in this format: *subscriptionName/resourceGroup/componentName*.
`workspace('contoso/contosoretail/contosoretail-it').Update | count` >[!NOTE]
- >Because Azure subscription names are not unique, this identifier might be ambiguous.
- >
+ >Because Azure subscription names are not unique, this identifier might be ambiguous.
* Workspace ID - A workspace ID is the unique, immutable, identifier assigned to each workspace represented as a globally unique identifier (GUID).
azure-monitor Workbooks Overview https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/visualize/workbooks-overview.md
Title: Azure Monitor Workbooks Overview description: Learn how workbooks provide a flexible canvas for data analysis and the creation of rich visual reports within the Azure portal.- ibiza
Last updated 07/23/2020
# Azure Monitor Workbooks
-Workbooks provide a flexible canvas for data analysis and the creation of rich visual reports within the Azure portal. They allow you to tap into multiple data sources from across Azure, and combine them into unified interactive experiences.
+Workbooks provide a flexible canvas for data analysis and the creation of rich visual reports within the Azure portal. They allow you to tap into multiple data sources from across Azure, and combine them into unified interactive experiences.
Here is a video walkthrough on creating workbooks.
Workbooks are currently compatible with the following data sources:
## Visualizations
-Workbooks provide a rich set of capabilities for visualizing your data. For detailed examples of each visualization type you can consult the example links below:
+Workbooks provide a rich set of capabilities for visualizing your data. For detailed examples of each visualization type, you can consult the links below:
* [Text](../visualize/workbooks-text-visualizations.md) * [Charts](../visualize/workbooks-chart-visualizations.md)
Workbooks provide a rich set of capabilities for visualizing your data. For deta
* [Graphs](../visualize/workbooks-graph-visualizations.md) * [Composite bar](../visualize/workbooks-composite-bar.md)
-![Example workbook visualizations](./media/workbooks-overview/visualizations.png)
## Getting started
To explore the workbooks experience, first navigate to the Azure Monitor service
Then select **Workbooks**.
-![Screenshot of Workbooks button highlighted in a red box](./media/workbooks-overview/workbooks.png)
### Gallery
-This takes you to the workbooks gallery:
+The gallery makes it convenient to organize, sort, and manage workbooks of all types.
-![Screenshot of Azure Monitor workbooks gallery view](./media/workbooks-overview/gallery.png)
+
+#### Gallery tabs
+
+There are four tabs in the gallery to help organize workbook types.
+
+| Tab | Description |
+|||
+| All | Shows the top four items for each type - workbooks, public templates, and my templates. Workbooks are sorted by modified date so you will see the most recent eight modified workbooks.|
+| Workbooks | Shows the list of all the available workbooks that you created or are shared with you. |
+| Public Templates | Shows the list of all the available ready to use, get started functional workbook templates published by Microsoft. Grouped by category. |
+| My Templates | Shows the list of all the available deployed workbook templates that you created or are shared with you. Grouped by category. |
+
+#### Features
+
+* In each tab, there is a grid with info on the workbooks. It includes description, last modified date, tags, subscription, resource group, region, and shared state. You can also sort the workbooks by this information.
+* Filter by resource group, subscriptions, workbook/template name, or template category.
+* Select multiple workbooks to delete or bulk delete.
+* Each Workbook has a context menu (ellipsis/three dots at the end), selecting it will open a list of quick actions.
+ * View resource - Access workbook resource tab to see the resource ID of the workbook, add tags, manage locks etc.
+ * Delete or rename workbook.
+ * Pin workbook to dashboard.
### Workbooks versus workbook templates
-You can see a _workbook_ in green and a number of _workbook templates_ in purple. Templates serve as curated reports that are designed for flexible reuse by multiple users and teams. Opening a template creates a transient workbook populated with the content of the template.
+You can see a _workbook_ in green and a number of _workbook templates_ in purple. Templates serve as curated reports that are designed for flexible reuse by multiple users and teams. Opening a template creates a transient workbook populated with the content of the template.
-You can adjust the template-based workbook's parameters and perform analysis without fear of breaking the future reporting experience for colleagues. If you open a template, make some adjustments, and then select the save icon you will be saving the template as a workbook which would then show in green leaving the original template untouched.
+You can adjust the template-based workbook's parameters and perform analysis without fear of breaking the future reporting experience for colleagues. If you open a template, make some adjustments, and then select the save icon you will be saving the template as a workbook which would then show in green leaving the original template untouched.
Under the hood, templates also differ from saved workbooks. Saving a workbook creates an associated Azure Resource Manager resource, whereas the transient workbook created when just opening a template has no unique resource associated with it. To learn more about how access control is managed in workbooks consult the [workbooks access control article](../visualize/workbooks-access-control.md).
Under the hood, templates also differ from saved workbooks. Saving a workbook cr
Select **Application Failure Analysis** to see one of the default application workbook templates.
-![Screenshot of application failure analysis template](./media/workbooks-overview/failure-analysis.png)
As stated previously, opening the template creates a temporary workbook for you to be able to interact with. By default, the workbook opens in reading mode which displays only the information for the intended analysis experience that was created by the original template author.
In the case of this particular workbook, the experience is interactive. You can
To understand how this workbook template is put together you need to swap to editing mode by selecting **Edit**.
-![Screenshot of edit button in workbooks.](./media/workbooks-overview/edit.png)
Once you have switched to editing mode you will notice a number of **Edit** boxes appear to the right corresponding with each individual aspect of your workbook.
-![Screenshot of Edit button](./media/workbooks-overview/edit-mode.png)
If we select the edit button immediately under the grid of request data we can see that this part of our workbook consists of a Kusto query against data from an Application Insights resource.
-![Screenshot of underlying Kusto query](./media/workbooks-overview/kusto.png)
+
-Clicking the other **Edit** buttons on the right will reveal a number of the core components that make up workbooks like markdown-based [text boxes](../visualize/workbooks-text-visualizations.md), [parameter selection](../visualize/workbooks-parameters.md) UI elements, and other [chart/visualization types](#visualizations).
+Clicking the other **Edit** buttons on the right will reveal a number of the core components that make up workbooks like markdown-based [text boxes](../visualize/workbooks-text-visualizations.md), [parameter selection](../visualize/workbooks-parameters.md) UI elements, and other [chart/visualization types](#visualizations).
Exploring the pre-built templates in edit-mode and then modifying them to fit your needs and save your own custom workbook is an excellent way to start to learn about what is possible with Azure Monitor workbooks. ## Pinning Visualizations
-Text, query, and metrics steps in a workbook can be pinned by using the pin button on those items while the workbook is in pin mode, or if the workbook author has enabled settings for that element to make the pin icon visible.
+Text, query, and metrics steps in a workbook can be pinned by using the pin button on those items while the workbook is in pin mode, or if the workbook author has enabled settings for that element to make the pin icon visible.
To access pin mode, click **Edit** to enter editing mode, and select the blue pin icon in the top bar. An individual pin icon will then appear above each corresponding workbook part's *Edit* box on the right-hand side of your screen.
-![Pin experience](./media/workbooks-overview/pin-experience.png)
> [!NOTE] > The state of the workbook is saved at the time of the pin, and pinned workbooks on a dashboard will not update if the underlying workbook is modified. In order to update a pinned workbook part, you will need to delete and re-pin that part. ## Dashboard time ranges
-Pinned workbook query parts will respect the dashboard's time range if the pinned item is configured to use a *Time Range* parameter. The dashboard's time range value will be used as the time range parameter's value, and any change of the dashboard time range will cause the pinned item to update. If a pinned part is using the dashboard's time range, you will see the subtitle of the pinned part update to show the dashboard's time range whenever the time range changes.
+Pinned workbook query parts will respect the dashboard's time range if the pinned item is configured to use a *Time Range* parameter. The dashboard's time range value will be used as the time range parameter's value, and any change of the dashboard time range will cause the pinned item to update. If a pinned part is using the dashboard's time range, you will see the subtitle of the pinned part update to show the dashboard's time range whenever the time range changes.
Additionally, pinned workbook parts using a time range parameter will auto refresh at a rate determined by the dashboard's time range. The last time the query ran will appear in the subtitle of the pinned part.
azure-netapp-files Configure Ldap Extended Groups https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-netapp-files/configure-ldap-extended-groups.md
na ms.devlang: na Previously updated : 04/08/2021 Last updated : 04/09/2021 # Configure ADDS LDAP with extended groups for NFS volume access
-When you [create an NFS volume](azure-netapp-files-create-volumes.md), you have the option to enable the LDAP with extended groups feature (the **LDAP** option) for the volume. This feature enables Active Directory LDAP users and extended groups (up to 1024 groups) to access the volume.
+When you [create an NFS volume](azure-netapp-files-create-volumes.md), you have the option to enable the LDAP with extended groups feature (the **LDAP** option) for the volume. This feature enables Active Directory LDAP users and extended groups (up to 1024 groups) to access the volume. You can use the LDAP with extended groups feature with both NFSv4.1 and NFSv3 volumes.
This article explains the considerations and steps for enabling LDAP with extended groups when you create an NFS volume. ## Considerations
+* LDAP with extended groups is supported only with Active Directory Domain Services (ADDS) or Azure Active Directory Domain services (AADDS). OpenLDAP or other third-party LDAP directory services are not supported.
+ * LDAP over TLS must *not* be enabled if you are using Azure Active Directory Domain Services (AADDS). * If you enable the LDAP with extended groups feature, LDAP-enabled [Kerberos volumes](configure-kerberos-encryption.md) will not correctly display the file ownership for LDAP users. A file or directory created by an LDAP user will default to `root` as the owner instead of the actual LDAP user. However, the `root` account can manually change the file ownership by using the command `chown <username> <filename>`.
This article explains the considerations and steps for enabling LDAP with extend
2. LDAP volumes require an Active Directory configuration for LDAP server settings. Follow instructions in [Requirements for Active Directory connections](create-active-directory-connections.md#requirements-for-active-directory-connections) and [Create an Active Directory connection](create-active-directory-connections.md#create-an-active-directory-connection) to configure Active Directory connections on the Azure portal.
+ > [!NOTE]
+ > Ensure that you have configured the Active Directory connection settings. A machine account will be created in the organizational unit (OU) that is specified in the Active Directory connection settings. The settings are used by the LDAP client to authenticate with your Active Directory.
+ 3. Ensure that the Active Directory LDAP server is up and running on the Active Directory. 4. LDAP NFS users need to have certain POSIX attributes on the LDAP server. Set the attributes for LDAP users and LDAP groups as follows:
This article explains the considerations and steps for enabling LDAP with extend
![Active Directory Attribute Editor](../media/azure-netapp-files/active-directory-attribute-editor.png)
-5. If you want to configure an LDAP-integrated Linux client, see [Configure an NFS client for Azure NetApp Files](configure-nfs-clients.md).
+5. If you want to configure an LDAP-integrated NFSv4.1 Linux client, see [Configure an NFS client for Azure NetApp Files](configure-nfs-clients.md).
6. Follow steps in [Create an NFS volume for Azure NetApp Files](azure-netapp-files-create-volumes.md) to create an NFS volume. During the volume creation process, under the **Protocol** tab, enable the **LDAP** option.
azure-resource-manager Tutorial Create Managed App With Custom Provider https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-resource-manager/managed-applications/tutorial-create-managed-app-with-custom-provider.md
You can go to managed application instance and perform **custom action** in "Ove
## Looking for help
-If you have questions about Azure Managed Applications, you can try asking on [Stack Overflow](https://stackoverflow.com/questions/tagged/azure-managed-app) with tag azure-managed-app or [Microsoft Q&A] (https://docs.microsoft.com/answers/topics/azure-managed-applications.html) with tag azure-managed-application. A similar question may have already been asked and answered, so check first before posting. Please use respective tags for faster response.
+If you have questions about Azure Managed Applications, you can try asking on [Stack Overflow](https://stackoverflow.com/questions/tagged/azure-managed-app) with tag azure-managed-app or [Microsoft Q&A](https://docs.microsoft.com/answers/topics/azure-managed-applications.html) with tag azure-managed-application. A similar question may have already been asked and answered, so check first before posting. Please use respective tags for faster response.
## Next steps
azure-resource-manager Template Specs Create Linked https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-resource-manager/templates/template-specs-create-linked.md
Create the main template and the linked template.
To link a template, add a [deployments resource](/azure/templates/microsoft.resources/deployments) to your main template. In the `templateLink` property, specify the relative path of the linked template in accordance with the path of the parent template.
-The linked template is called **linkedTemplate.json**, and is stored in a subfolder called **artifacts** in the path where the main template is stored. You can use one of the follow values for the relativePath:
+The linked template is called **linkedTemplate.json**, and is stored in a subfolder called **artifacts** in the path where the main template is stored. You can use one of the following values for the relativePath:
- `./artifacts/linkedTemplate.json` - `/artifacts/linkedTemplate.json`
azure-sql Elastic Pool Scale https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-sql/database/elastic-pool-scale.md
Previously updated : 09/16/2020 Last updated : 04/09/2021 # Scale elastic pool resources in Azure SQL Database [!INCLUDE[appliesto-sqldb](../includes/appliesto-sqldb.md)]
This article describes how to scale the compute and storage resources available
## Change compute resources (vCores or DTUs)
-After initially picking the number of vCores or eDTUs, you can scale an elastic pool up or down dynamically based on actual experience using the [Azure portal](elastic-pool-manage.md#azure-portal), [PowerShell](/powershell/module/az.sql/Get-AzSqlElasticPool), the [Azure CLI](/cli/azure/sql/elastic-pool#az-sql-elastic-pool-update), or the [REST API](/rest/api/sql/elasticpools/update).
+After initially picking the number of vCores or eDTUs, you can scale an elastic pool up or down dynamically based on actual experience using the using:
+
+* [Transact-SQL](/sql/t-sql/statements/alter-database-transact-sql#overview-sql-database)
+* [Azure portal](elastic-pool-manage.md#azure-portal)
+* [PowerShell](/powershell/module/az.sql/Get-AzSqlElasticPool)
+* [Azure CLI](/cli/azure/sql/elastic-pool#az-sql-elastic-pool-update)
+* [REST API](/rest/api/sql/elasticpools/update)
+ ### Impact of changing service tier or rescaling compute size
You are billed for each hour a database exists using the highest service tier +
### DTU-based purchasing model -- The eDTU price for an elastic pool includes a certain amount of storage at no additional cost. Extra storage beyond the included amount can be provisioned for an additional cost up to the max size limit in increments of 250 GB up to 1 TB, and then in increments of 256 GB beyond 1 TB. For included storage amounts and max size limits, see [Elastic pool: storage sizes and compute sizes](resource-limits-dtu-elastic-pools.md#elastic-pool-storage-sizes-and-compute-sizes).
+- The eDTU price for an elastic pool includes a certain amount of storage at no additional cost. Extra storage beyond the included amount can be provisioned for an additional cost up to the max size limit in increments of 250 GB up to 1 TB, and then in increments of 256 GB beyond 1 TB. For included storage amounts and max size limits, see [Resources limits for elastic pools using the DTU purchasing model](resource-limits-dtu-elastic-pools.md#elastic-pool-storage-sizes-and-compute-sizes) or [Resource limits for elastic pools using the vCore purchasing model](resource-limits-vcore-elastic-pools.md).
- Extra storage for an elastic pool can be provisioned by increasing its max size using the [Azure portal](elastic-pool-manage.md#azure-portal), [PowerShell](/powershell/module/az.sql/Get-AzSqlElasticPool), the [Azure CLI](/cli/azure/sql/elastic-pool#az-sql-elastic-pool-update), or the [REST API](/rest/api/sql/elasticpools/update). - The price of extra storage for an elastic pool is the extra storage amount multiplied by the extra storage unit price of the service tier. For details on the price of extra storage, see [SQL Database pricing](https://azure.microsoft.com/pricing/details/sql-database/).
azure-sql Resource Limits Dtu Elastic Pools https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-sql/database/resource-limits-dtu-elastic-pools.md
Previously updated : 03/30/2021 Last updated : 04/09/2021 # Resources limits for elastic pools using the DTU purchasing model [!INCLUDE[appliesto-sqldb](../includes/appliesto-sqldb.md)] This article provides the detailed resource limits for databases in Azure SQL Database that are within an elastic pool using the DTU purchasing model.
-* For DTU purchasing model resource limits for Azure SQL Database, see [DTU resource limits - Azure SQL Database](resource-limits-dtu-single-databases.md).
+* For DTU purchasing model limits for single databases on a server, see [Overview of resource limits on a server](resource-limits-logical-server.md).
+* For DTU purchasing model resource limits for Azure SQL Database, see [DTU resource limits single databases](resource-limits-dtu-single-databases.md) and [DTU resource limits elastic pools](resource-limits-dtu-elastic-pools.md).
* For vCore resource limits, see [vCore resource limits - Azure SQL Database](resource-limits-vcore-single-databases.md) and [vCore resource limits - elastic pools](resource-limits-vcore-elastic-pools.md).
+* For more information regarding the different purchasing models, see [Purchasing models and service tiers](purchasing-models.md).
+
+Each read-only replica has its own resources such as DTUs, workers, and sessions. Each read-only replica is subject to the resource limits detailed later in this article.
## Elastic pool: Storage sizes and compute sizes For Azure SQL Database elastic pools, the following tables show the resources available at each service tier and compute size. You can set the service tier, compute size, and storage amount using:
+* [Transact-SQL](elastic-pool-scale.md) via [ALTER DATABASE](/sql/t-sql/statements/alter-database-transact-sql#overview-sql-database)
* [Azure portal](elastic-pool-manage.md#azure-portal) * [PowerShell](elastic-pool-manage.md#powershell) * [Azure CLI](elastic-pool-manage.md#azure-cli)
-* [REST API](elastic-pool-manage.md#rest-api).
+* [REST API](elastic-pool-manage.md#rest-api)
+ > [!IMPORTANT] > For scaling guidance and considerations, see [Scale an elastic pool](elastic-pool-scale.md)
azure-sql Resource Limits Dtu Single Databases https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-sql/database/resource-limits-dtu-single-databases.md
Previously updated : 03/20/2019 Last updated : 04/09/2021 # Resource limits for single databases using the DTU purchasing model - Azure SQL Database [!INCLUDE[appliesto-sqldb](../includes/appliesto-sqldb.md)] This article provides the detailed resource limits for Azure SQL Database single databases using the DTU purchasing model.
-For DTU purchasing model resource limits for elastic pools, see [DTU resource limits - elastic pools](resource-limits-dtu-elastic-pools.md). For vCore resource limits, see [vCore resource limits - single databases](resource-limits-vcore-single-databases.md) and [vCore resource limits - elastic pools](resource-limits-vcore-elastic-pools.md). For more information regarding the different purchasing models, see [Purchasing models and service tiers](purchasing-models.md).
+* For DTU purchasing model limits for single databases on a server, see [Overview of resource limits on a server](resource-limits-logical-server.md).
+* For DTU purchasing model resource limits for Azure SQL Database, see [DTU resource limits single databases](resource-limits-dtu-single-databases.md) and [DTU resource limits elastic pools](resource-limits-dtu-elastic-pools.md).
+* For vCore resource limits, see [vCore resource limits - Azure SQL Database](resource-limits-vcore-single-databases.md) and [vCore resource limits - elastic pools](resource-limits-vcore-elastic-pools.md).
+* For more information regarding the different purchasing models, see [Purchasing models and service tiers](purchasing-models.md).
+
+Each read-only replica has its own resources such as DTUs, workers, and sessions. Each read-only replica is subject to the resource limits detailed later in this article.
+ ## Single database: Storage sizes and compute sizes
-The following tables show the resources available for a single database at each service tier and compute size. You can set the service tier, compute size, and storage amount for a single database using the [Azure portal](single-database-manage.md#the-azure-portal), [Transact-SQL](single-database-manage.md#transact-sql-t-sql), [PowerShell](single-database-manage.md#powershell), the [Azure CLI](single-database-manage.md#the-azure-cli), or the [REST API](single-database-manage.md#rest-api).
+The following tables show the resources available for a single database at each service tier and compute size. You can set the service tier, compute size, and storage amount for a single database using:
+
+* [Transact-SQL](single-database-manage.md#transact-sql-t-sql) via [ALTER DATABASE](/sql/t-sql/statements/alter-database-transact-sql#overview-sql-database)
+* [Azure portal](single-database-manage.md#the-azure-portal)
+* [PowerShell](single-database-manage.md#powershell)
+* [Azure CLI](single-database-manage.md#the-azure-cli)
+* [REST API](single-database-manage.md#rest-api)
> [!IMPORTANT] > For scaling guidance and considerations, see [Scale a single database](single-database-scale.md)
azure-sql Resource Limits Vcore Elastic Pools https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-sql/database/resource-limits-vcore-elastic-pools.md
Previously updated : 03/23/2021 Last updated : 04/09/2021 # Resource limits for elastic pools using the vCore purchasing model [!INCLUDE[appliesto-sqldb](../includes/appliesto-sqldb.md)] This article provides the detailed resource limits for Azure SQL Database elastic pools and pooled databases using the vCore purchasing model.
-For DTU purchasing model limits, see [SQL Database DTU resource limits - elastic pools](resource-limits-dtu-elastic-pools.md).
+* For DTU purchasing model limits for single databases on a server, see [Overview of resource limits on a server](resource-limits-logical-server.md).
+* For DTU purchasing model resource limits for Azure SQL Database, see [DTU resource limits single databases](resource-limits-dtu-single-databases.md) and [DTU resource limits elastic pools](resource-limits-dtu-elastic-pools.md).
+* For vCore resource limits, see [vCore resource limits - Azure SQL Database](resource-limits-vcore-single-databases.md) and [vCore resource limits - elastic pools](resource-limits-vcore-elastic-pools.md).
+* For more information regarding the different purchasing models, see [Purchasing models and service tiers](purchasing-models.md).
> [!IMPORTANT] > Under some circumstances, you may need to shrink a database to reclaim unused space. For more information, see [Manage file space in Azure SQL Database](file-space-manage.md).
-You can set the service tier, compute size (service objective), and storage amount using the [Azure portal](elastic-pool-manage.md#azure-portal), [PowerShell](elastic-pool-manage.md#powershell), the [Azure CLI](elastic-pool-manage.md#azure-cli), or the [REST API](elastic-pool-manage.md#rest-api).
+Each read-only replica has its own resources, such as vCores, memory, data IOPS, TempDB, workers, and sessions. Each read-only replica is subject to the resource limits detailed later in this article.
+
+You can set the service tier, compute size (service objective), and storage amount using:
+
+* [Transact-SQL](elastic-pool-scale.md) via [ALTER DATABASE](/sql/t-sql/statements/alter-database-transact-sql#overview-sql-database)
+* [Azure portal](elastic-pool-manage.md#azure-portal)
+* [PowerShell](elastic-pool-manage.md#powershell)
+* [Azure CLI](elastic-pool-manage.md#azure-cli)
+* [REST API](elastic-pool-manage.md#rest-api)
> [!IMPORTANT] > For scaling guidance and considerations, see [Scale an elastic pool](elastic-pool-scale.md).
azure-sql Resource Limits Vcore Single Databases https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-sql/database/resource-limits-vcore-single-databases.md
Previously updated : 03/23/2021 Last updated : 04/09/2021 # Resource limits for single databases using the vCore purchasing model [!INCLUDE[appliesto-sqldb](../includes/appliesto-sqldb.md)] This article provides the detailed resource limits for single databases in Azure SQL Database using the vCore purchasing model.
-For DTU purchasing model limits for single databases on a server, see [Overview of resource limits on a server](resource-limits-logical-server.md).
+* For DTU purchasing model limits for single databases on a server, see [Overview of resource limits on a server](resource-limits-logical-server.md).
+* For DTU purchasing model resource limits for Azure SQL Database, see [DTU resource limits single databases](resource-limits-dtu-single-databases.md) and [DTU resource limits elastic pools](resource-limits-dtu-elastic-pools.md).
+* For vCore resource limits, see [vCore resource limits - Azure SQL Database](resource-limits-vcore-single-databases.md) and [vCore resource limits - elastic pools](resource-limits-vcore-elastic-pools.md).
+* For more information regarding the different purchasing models, see [Purchasing models and service tiers](purchasing-models.md).
-You can set the service tier, compute size (service objective), and storage amount for a single database using the [Azure portal](single-database-manage.md#the-azure-portal), [Transact-SQL](single-database-manage.md#transact-sql-t-sql), [PowerShell](single-database-manage.md#powershell), the [Azure CLI](single-database-manage.md#the-azure-cli), or the [REST API](single-database-manage.md#rest-api).
+Each read-only replica has its own resources, such as vCores, memory, data IOPS, TempDB, workers, and sessions. Each read-only replica is subject to the resource limits detailed later in this article.
+
+You can set the service tier, compute size (service objective), and storage amount for a single database using:
+
+* [Transact-SQL](single-database-manage.md#transact-sql-t-sql) via [ALTER DATABASE](/sql/t-sql/statements/alter-database-transact-sql#overview-sql-database)
+* [Azure portal](single-database-manage.md#the-azure-portal)
+* [PowerShell](single-database-manage.md#powershell)
+* [Azure CLI](single-database-manage.md#the-azure-cli)
+* [REST API](single-database-manage.md#rest-api)
> [!IMPORTANT] > For scaling guidance and considerations, see [Scale a single database](single-database-scale.md).
azure-sql Single Database Scale https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-sql/database/single-database-scale.md
Previously updated : 02/22/2021 Last updated : 04/09/2021 # Scale single database resources in Azure SQL Database This article describes how to scale the compute and storage resources available for an Azure SQL Database in the provisioned compute tier. Alternatively, the [serverless compute tier](serverless-tier-overview.md) provides compute autoscaling and bills per second for compute used.
-After initially picking the number of vCores or DTUs, you can scale a single database up or down dynamically based on actual experience using the [Azure portal](single-database-manage.md#the-azure-portal), [Transact-SQL](/sql/t-sql/statements/alter-database-transact-sql#examples-1), [PowerShell](/powershell/module/az.sql/set-azsqldatabase), the [Azure CLI](/cli/azure/sql/db#az-sql-db-update), or the [REST API](/rest/api/sql/databases/update).
+After initially picking the number of vCores or DTUs, you can scale a single database up or down dynamically based on actual experience using:
+
+* [Transact-SQL](/sql/t-sql/statements/alter-database-transact-sql#overview-sql-database)
+* [Azure portal](single-database-manage.md#the-azure-portal)
+* [PowerShell](/powershell/module/az.sql/set-azsqldatabase)
+* [Azure CLI](/cli/azure/sql/db#az-sql-db-update)
+* [REST API](/rest/api/sql/databases/update)
+ The following video shows dynamically changing the service tier and compute size to increase available DTUs for a single database.
You're billed for each hour a database exists using the highest service tier + c
### vCore-based purchasing model -- Storage can be provisioned up to the data storage max size limit using 1-GB increments. The minimum configurable data storage is 1 GB. See resource limit documentation pages for [single databases](resource-limits-vcore-single-databases.md) and [elastic pools](resource-limits-vcore-elastic-pools.md) for data storage max size limits in each service objective.
+- Storage can be provisioned up to the data storage max size limit using 1-GB increments. The minimum configurable data storage is 1 GB. For data storage max size limits in each service objective, see resource limit documentation pages for [Resource limits for single databases using the vCore purchasing model](resource-limits-vcore-single-databases.md) and [Resource limits for single databases using the DTU purchasing model](resource-limits-dtu-single-databases.md).
- Data storage for a single database can be provisioned by increasing or decreasing its max size using the [Azure portal](https://portal.azure.com), [Transact-SQL](/sql/t-sql/statements/alter-database-transact-sql#examples-1), [PowerShell](/powershell/module/az.sql/set-azsqldatabase), [Azure CLI](/cli/azure/sql/db#az-sql-db-update), or [REST API](/rest/api/sql/databases/update). If the max size value is specified in bytes, it must be a multiple of 1 GB (1073741824 bytes). - The amount of data that can be stored in the data files of a database is limited by the configured data storage max size. In addition to that storage, Azure SQL Database automatically allocates 30% more storage to be used for the transaction log. - Azure SQL Database automatically allocates 32 GB per vCore for the `tempdb` database. `tempdb` is located on the local SSD storage in all service tiers.
azure-sql Transparent Data Encryption Byok Configure https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-sql/database/transparent-data-encryption-byok-configure.md
ms.devlang: --++ Last updated 03/12/2019
azure-sql Transparent Data Encryption Byok Key Rotation https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-sql/database/transparent-data-encryption-byok-key-rotation.md
ms.devlang: --++ Last updated 03/12/2019
azure-sql Transparent Data Encryption Byok Overview https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-sql/database/transparent-data-encryption-byok-overview.md
ms.devlang: --++ Last updated 02/01/2021
Auditors can use Azure Monitor to review key vault AuditEvent logs, if logging i
### Requirements for configuring TDE protector -- TDE protector can be only asymmetric, RSA or RSA HSM key. The supported key lengths are 2048 and 3072 bytes.
+- TDE protector can be only asymmetric, RSA or RSA HSM key. The supported key lengths are 2048 bytes and 3072 bytes.
- The key activation date (if set) must be a date and time in the past. Expiration date (if set) must be a future date and time. - The key must be in the *Enabled* state. -- If you are importing existing key into the key vault, make sure to provide it in the supported file formats (.pfx, .byok, or .backup).
+- If you are importing existing key into the key vault, make sure to provide it in the supported file formats (`.pfx`, `.byok`, or `.backup`).
> [!NOTE] > Azure SQL now supports using a RSA key stored in a Managed HSM as TDE Protector. This feature is in **public preview**.
Azure Key Vault Managed HSM is a fully managed, highly available, single-tenant,
- If the key is generated in the key vault, create a key backup before using the key in AKV for the first time. Backup can be restored to an Azure Key Vault only. Learn more about the [Backup-AzKeyVaultKey](/powershell/module/az.keyvault/backup-azkeyvaultkey) command. -- Create a new backup whenever any changes are made to the key (e.g. key attributes, tags, ACLs).
+- Create a new backup whenever any changes are made to the key (for example, key attributes, tags, ACLs).
- **Keep previous versions** of the key in the key vault when rotating keys, so older database backups can be restored. When the TDE protector is changed for a database, old backups of the database **are not updated** to use the latest TDE protector. At restore time, each backup needs the TDE protector it was encrypted with at creation time. Key rotations can be performed following the instructions at [Rotate the Transparent Data Encryption Protector Using PowerShell](transparent-data-encryption-byok-key-rotation.md).
When transparent data encryption is configured to use a customer-managed key, co
> [!NOTE] > If the database is inaccessible due to an intermittent networking outage, there is no action required and the databases will come back online automatically.
-After access to the key is restored, taking database back online requires additional time and steps, which may vary based on the time elapsed without access to the key and the size of the data in the database:
+After access to the key is restored, taking database back online requires extra time and steps, which may vary based on the time elapsed without access to the key and the size of the data in the database:
-- If key access is restored within 8 hours, the database will auto-heal within next hour.
+- If key access is restored within 8 hours, the database will autoheal within next hour.
-- If key access is restored after more than 8 hours, auto-heal is not possible and bringing the database back requires additional steps on the portal and can take a significant amount of time depending on the size of the database. Once the database is back online, previously configured server-level settings such as [failover group](auto-failover-group-overview.md) configuration, point-in-time-restore history, and tags **will be lost**. Therefore, it's recommended implementing a notification system that allows you to identify and address the underlying key access issues within 8 hours.
+- If key access is restored after more than 8 hours, autoheal is not possible and bringing back the database requires extra steps on the portal and can take a significant amount of time depending on the size of the database. Once the database is back online, previously configured server-level settings such as [failover group](auto-failover-group-overview.md) configuration, point-in-time-restore history, and tags **will be lost**. Therefore, it's recommended implementing a notification system that allows you to identify and address the underlying key access issues within 8 hours.
-Below is a view of the additional steps required on the portal to bring an inaccessible database back online.
+Below is a view of the extra steps required on the portal to bring an inaccessible database back online.
![TDE BYOK Inaccessible Database](./media/transparent-data-encryption-byok-overview/customer-managed-tde-inaccessible-database.jpg)
To monitor database state and to enable alerting for loss of TDE protector acces
- [Azure Resource Health](../../service-health/resource-health-overview.md). An inaccessible database that has lost access to the TDE protector will show as "Unavailable" after the first connection to the database has been denied. - [Activity Log](../../service-health/alerts-activity-log-service-notifications-portal.md) when access to the TDE protector in the customer-managed key vault fails, entries are added to the activity log. Creating alerts for these events will enable you to reinstate access as soon as possible.-- [Action Groups](../../azure-monitor/alerts/action-groups.md) can be defined to send you notifications and alerts based on your preferences, e.g. Email/SMS/Push/Voice, Logic App, Webhook, ITSM, or Automation Runbook.
+- [Action Groups](../../azure-monitor/alerts/action-groups.md) can be defined to send you notifications and alerts based on your preferences, for example, Email/SMS/Push/Voice, Logic App, Webhook, ITSM, or Automation Runbook.
## Database backup and restore with customer-managed TDE
To restore a backup encrypted with a TDE protector from Key Vault, make sure tha
> At any moment there can be not more than one TDE protector set for a server. It's the key marked with "Make the key the default TDE protector" in the Azure portal blade. However, multiple additional keys can be linked to a server without marking them as a TDE protector. These keys are not used for protecting DEK, but can be used during restore from a backup, if backup file is encrypted with the key with the corresponding thumbprint. If the key that is needed for restoring a backup is no longer available to the target server, the following error message is returned on the restore try:
-"Target server `<Servername>` does not have access to all AKV URIs created between \<Timestamp #1> and \<Timestamp #2>. Please retry operation after restoring all AKV URIs."
+"Target server `<Servername>` does not have access to all AKV URIs created between \<Timestamp #1> and \<Timestamp #2>. Retry operation after restoring all AKV URIs."
To mitigate it, run the [Get-AzSqlServerKeyVaultKey](/powershell/module/az.sql/get-azsqlserverkeyvaultkey) cmdlet for the target server or [Get-AzSqlInstanceKeyVaultKey](/powershell/module/az.sql/get-azsqlinstancekeyvaultkey) for the target managed instance to return the list of available keys and identify the missing ones. To ensure all backups can be restored, make sure the target server for the restore has access to all of keys needed. These keys don't need to be marked as TDE protector.
Additional consideration for log files: Backed up log files remain encrypted wit
## High availability with customer-managed TDE
-Even in cases when there is no configured geo-redundancy for server, it is highly recommended to configure the server to use two different key vaults in two different regions with the same key material. The key in the secondary key vault in the other region should not be marked as TDE protector, and it's not even allowed. If there is an outage affecting the primary key vault, and only then, the system will automatically switch to the other linked key with the same thumbprint in the secondary key vault, if it exists. Note though that switch will not happen if TDE protector is inaccessible because of revoked access rights, or because key or key vault is deleted, as it may indicate that customer intentionally wanted to restrict server from accessing the key.Providing the same key material to two key vaults in different regions can be done by creating the key outside of the key vault, and importing them into both key vaults.
+Even in cases when there is no configured geo-redundancy for server, it is highly recommended to configure the server to use two different key vaults in two different regions with the same key material. The key in the secondary key vault in the other region should not be marked as TDE protector, and it's not even allowed. If there is an outage affecting the primary key vault, and only then, the system will automatically switch to the other linked key with the same thumbprint in the secondary key vault, if it exists. Note though that switch will not happen if TDE protector is inaccessible because of revoked access rights, or because key or key vault is deleted, as it may indicate that customer intentionally wanted to restrict server from accessing the key. Providing the same key material to two key vaults in different regions can be done by creating the key outside of the key vault, and importing them into both key vaults.
-Alternatively, it can be accomplished by generating key using the primary key vault co-located in the same region as the server and cloning the key into a key vault in a different Azure region. Use the [Backup-AzKeyVaultKey](/powershell/module/az.keyvault/Backup-AzKeyVaultKey) cmdlet to retrieve the key in encrypted format from the primary key vault and then use the [Restore-AzKeyVaultKey](/powershell/module/az.keyvault/restore-azkeyvaultkey) cmdlet and specify a key vault in the second region to clone the key. Alternatively, use the Azure portal to back up and restore the key. Key backup/restore operation is only allowed between key vaults within the same Azure subscription and [Azure geography](https://azure.microsoft.com/global-infrastructure/geographies/).
+Alternatively, it can be accomplished by generating key using the primary key vault colocated in the same region as the server and cloning the key into a key vault in a different Azure region. Use the [Backup-AzKeyVaultKey](/powershell/module/az.keyvault/Backup-AzKeyVaultKey) cmdlet to retrieve the key in encrypted format from the primary key vault and then use the [Restore-AzKeyVaultKey](/powershell/module/az.keyvault/restore-azkeyvaultkey) cmdlet and specify a key vault in the second region to clone the key. Alternatively, use the Azure portal to back up and restore the key. Key backup/restore operation is only allowed between key vaults within the same Azure subscription and [Azure geography](https://azure.microsoft.com/global-infrastructure/geographies/).
![Single-Server HA](./media/transparent-data-encryption-byok-overview/customer-managed-tde-with-ha.png) ## Geo-DR and customer-managed TDE
-In both [active geo-replication](active-geo-replication-overview.md) and [failover groups](auto-failover-group-overview.md) scenarios, each server involved requires a separate key vault, that must be co-located with the server in the same Azure region. Customer is responsible for keeping the key material across the key vaults consistent, so that geo-secondary is in sync and can take over using the same key from its local key vault if primary becomes inaccessible due to an outage in the region and a failover is triggered. Up to four secondaries can be configured, and chaining (secondaries of secondaries) is not supported.
+In both [active geo-replication](active-geo-replication-overview.md) and [failover groups](auto-failover-group-overview.md) scenarios, each server involved requires a separate key vault, that must be colocated with the server in the same Azure region. Customer is responsible for keeping the key material across the key vaults consistent, so that geo-secondary is in sync and can take over using the same key from its local key vault if primary becomes inaccessible due to an outage in the region and a failover is triggered. Up to four secondaries can be configured, and chaining (secondaries of secondaries) is not supported.
To avoid issues while establishing or during geo-replication due to incomplete key material, it's important to follow these rules when configuring customer-managed TDE:
To avoid issues while establishing or during geo-replication due to incomplete k
![Failover groups and geo-dr](./media/transparent-data-encryption-byok-overview/customer-managed-tde-with-bcdr.png)
-To test a failover, follow the steps in [Active geo-replication overview](active-geo-replication-overview.md). Testing failover should be done on a regular basis to validate that SQL Database has maintained access permission to both key vaults.
+To test a failover, follow the steps in [Active geo-replication overview](active-geo-replication-overview.md). Testing failover should be done regularly to validate that SQL Database has maintained access permission to both key vaults.
## Next steps
azure-sql Transparent Data Encryption Byok Remove Tde Protector https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-sql/database/transparent-data-encryption-byok-remove-tde-protector.md
Title: Remove TDE protector (PowerShell & the Azure CLI)
-description: "Learn how to respond to a potentially compromised TDE protector for Azure SQL Database or Azure Synapse Analytics using TDE with Bring YOur Own Key (BYOK) support."
+description: "Learn how to respond to a potentially compromised TDE protector for Azure SQL Database or Azure Synapse Analytics using TDE with Bring Your Own Key (BYOK) support."
ms.devlang: --++ Last updated 02/24/2020
azure-sql Transparent Data Encryption Tde Overview https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-sql/database/transparent-data-encryption-tde-overview.md
ms.devlang: --++ Last updated 10/12/2020
certification Concepts Marketing https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/certification/concepts-marketing.md
Title: Marketing properties description: A description of the different marketing fields collected in the portal and how they will appear on the Azure Certified Device catalog-+
certification How To Edit Published Device https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/certification/how-to-edit-published-device.md
Title: How to edit your published Azure Certified Device description: A guide to edit you device information after you have certified and published your device through the Azure Certified Device program.-+
certification How To Using The Components Feature https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/certification/how-to-using-the-components-feature.md
Title: How to use the components feature in the Azure Certified Device portal description: A guide on how to best use the components feature of the Device details section to accurately describe your device-+
certification Overview https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/certification/overview.md
Title: Overview of the Azure Certified Device program
-description: An overview of the Azure Certified Device program for our partners and customers
-
+description: An overview of the Azure Certified Device program for our partners and customers. Use these resources to start the device certification process. Find out how to certify your device, from IoT device requirements to publishing your device.
+ Previously updated : 03/03/2021 Last updated : 04/09/2021
-# What is Azure Certified Device?
+# What is the Azure Certified Device program?
-Thank you for your interest in the Azure Certified Device program! This program is your one stop for easily differentiating, promoting, and finding IoT devices built to run on Azure. From intelligent cameras to connected sensors to edge infrastructure, this enhanced IoT device certification program helps device builders increase their product visibility and saves customers time in building solutions.
+Thank you for your interest in the Azure Certified Device program! This program is your one-stop shop for easily differentiating, promoting, and finding IoT devices built to run on Azure. From intelligent cameras to connected sensors to edge infrastructure, this enhanced IoT device certification program helps device builders increase their product visibility and saves customers time in building solutions.
## Our certification promise The Azure Certified Device program ensures customer solutions work great on Azure. It is a program that utilizes tools, services, and a catalog to share industry knowledge with our community of builders within the IoT ecosystem to help builders and customers alike.
-The three tenets of this program are:
+Across the device certification process, the three tenets of this program are:
- **Giving customers confidence:** Customers can confidently purchase Azure certified devices that carry the Microsoft promise. -- **Matchmaking customers with the right devices for them:** Device builders can set themselves apart with certification that highlights their unique capabilities, and customers can easily find the products that fit their needs.
+- **Matchmaking customers with the right devices for them:** Device builders can set themselves apart with certification that highlights their unique capabilities, and customers can easily find IoT qualified devices that fit their needs.
- **Promoting certified devices:** Device builders get increased visibility, contact with customers, and usage of MicrosoftΓÇÖs Azure Certified Device brand.
The three tenets of this program are:
The Azure Certified Device program serves two different audiences.
-1. **Device builders**: Easily differentiate your IoT device capabilities and gain access to a worldwide audience looking to reliably purchase devices built to run on Azure. Use the Azure Certified Device Catalog to increase product visibility and connect with customers by certifying your device.
-1. **Solution builders**: Confidently find and purchase IoT devices built to run on Azure, knowing they meet specific capabilities. Easily search and select the right certified device for your IoT solution on the [Azure Certified Device catalog](https://devicecatalog.azure.com/).
+1. **Device builders**: Do you build IoT devices? Easily differentiate your IoT device capabilities and gain access to a worldwide audience looking to reliably purchase devices built to run on Azure. Use the Azure Certified Device Catalog to increase product visibility and connect with customers by certifying your device and show it meets specific IoT device requirements.
+1. **Solution builders**: Wondering what are IoT qualified devices? Confidently find and purchase IoT devices built to run on Azure, knowing they meet specific IoT requirements. Easily search and select the right certified device for your IoT solution on the [Azure Certified Device catalog](https://devicecatalog.azure.com/).
-## Our certification programs
+## Our certification programs and IoT device requirements.
-There are four different certifications available now! Each certification is focused on delivering a different customer value. Depending on the type of device and your target audience, you can choose which certification(s) is most applicable for you to apply for. Select the titles of each program to learn more about the program requirements.
+There are four different certifications available now! Each certification is focused on delivering a different customer value. Depending on the type of device and your target audience, you can choose which certification(s) is most applicable for you to apply for. Select the titles of each program to learn more about the program and IoT requirements.
| Certification program | Overview | |-|
There are four different certifications available now! Each certification is foc
## How to certify your device
-Certifying a device involves four major steps on the [Azure Certified Device portal](https://certify.azure.com):
+Certifying a device involves several major steps on the [Azure Certified Device portal](https://certify.azure.com):
-1. Creating your project
-1. Providing hardware capability information
-1. Validating device functionality
-1. Submitting and completing the review process
+1. Select the right certification for your device based on the IoT device requirements.
+1. Create your project in the [Azure Certified Device portal](https://certify.azure.com).
+1. Add device details including hardware capability information to begin the device certification process.
+1. Validate device functionality
+1. Submit and complete the review process
-Once you have certified your device, you then can optionally complete two of the following activities:
+Once you have certified your device, you then can optionally complete two of the following activities:
1. Publishing to the Azure Certified Device Catalog (optional) 1. Updating your project after it has been approved/published (optional) ## Next steps
-Ready to get started with your certification journey? View our resources below to begin certifying your device!
+Ready to get started with your certification journey? View our resources below to start the device certification process!
- [Starting the certification process](tutorial-00-selecting-your-certification.md) - If you have additional questions or feedback, contact [the Azure Certified Device team](mailto:iotcert@microsoft.com).
certification Resources Glossary https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/certification/resources-glossary.md
Title: Azure Certified Device program glossary description: A list of common terms used in the Azure Certified Device program-+
certification Tutorial 01 Creating Your Project https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/certification/tutorial-01-creating-your-project.md
Title: Azure Certified Device program - Tutorial - Creating your project description: Guide to create a project on the Azure Certified Device portal -+
certification Tutorial 02 Adding Device Details https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/certification/tutorial-02-adding-device-details.md
Title: Azure Certified Device program - Tutorial - Adding device details description: A step-by-step guide to add device details to your project on the Azure Certified Device portal -+
certification Tutorial 03 Testing Your Device https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/certification/tutorial-03-testing-your-device.md
Title: Azure Certified Device program - Tutorial - Testing your device description: A step-by-step guide to test you device with AICS service on the Azure Certified Device portal-+
certification Tutorial 04 Publishing Your Device https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/certification/tutorial-04-publishing-your-device.md
Title: Azure Certified Device program - Tutorial - Publishing your device description: A step-by-step guide to publish your certified device to the Azure Certified Device catalog-+
cognitive-services Luis How To Add Features https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/LUIS/luis-how-to-add-features.md
Review [concepts](luis-concept-feature.md) to understand when and why to use a f
Once you have entered enough values for LUIS, suggestions appear. You can **+ Add all** of the proposed values, or select individual terms.
-1. Keep **These values are interchangeable** checked if the phrases can be used interchangeably.
+1. Keep **These values are interchangeable** checked if the phrases can be used interchangeably. Interchangeable phrase list feature serves as a list of synonyms for training. Non-interchangeable phrase list serves as separate features for training (meaning that features are similar but the intent changes when you swap phrases).
1. The phrase list can apply to the entire app with the **Global** setting, or to a specific model (intent or entity). If you create the phrase list, as a _feature_ from an intent or entity, the toggle is not set for global. In this case, the meaning of the toggle is that the feature is local only to that model, therefore, _not global_ to the application.
communication-services Managed Identity https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/communication-services/quickstarts/managed-identity.md
Get started with Azure Communication Services by using managed identities. The C
This quickstart shows you how to authorize access to the Identity and SMS SDKs from an Azure environment that supports managed identities. It also describes how to test your code in a development environment.
+## Prerequisites
+
+- An Azure account with an active subscription. [Create an account for free](https://azure.microsoft.com/free)
+- An active Azure Communication Services resource, see [create a Communication Services resource](./create-communication-resource.md) if you do not have one.
+- To send an SMS you will need a [Phone Number](./telephony-sms/get-phone-number.md).
+- A setup managed identity for a development environment, see [Authorize access with managed identity](./managed-identity-from-cli.md)
+ ::: zone pivot="programming-language-csharp" ::: zone-end ::: zone pivot="programming-language-javascript" ::: zone-end ::: zone pivot="programming-language-java" ::: zone-end ::: zone pivot="programming-language-python" ::: zone-end ## Next steps
data-factory Managed Virtual Network Private Endpoint https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/data-factory/managed-virtual-network-private-endpoint.md
Below data sources are supported to connect through private link from ADF Manage
- Southeast Asia - Australia East - Australia Southeast
+- Norway East
+- Japan East
+- Japan West
+- Korea Central
+- Brazil South
+- France Central
+- Switzerland North
+- UK West
+- Canada East
+- Canada Central
### Outbound communications through public endpoint from ADF Managed Virtual Network - Only port 443 is opened for outbound communications.
dns Private Dns Privatednszone https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/dns/private-dns-privatednszone.md
Previously updated : 9/24/2019 Last updated : 04/09/2021
Azure Private DNS provides a reliable, secure DNS service to manage and resolve domain names in a virtual network without the need to add a custom DNS solution. By using private DNS zones, you can use your own custom domain names rather than the Azure-provided names available today.
-The records contained in a private DNS zone are not resolvable from the Internet. DNS resolution against a private DNS zone works only from virtual networks that are linked to it.
+The records contained in a private DNS zone aren't resolvable from the Internet. DNS resolution against a private DNS zone works only from virtual networks that are linked to it.
You can link a private DNS zone to one or more virtual networks by creating [virtual network links](./private-dns-virtual-network-links.md).
-You can also enable [auto-registration](./private-dns-autoregistration.md) feature to automatically manage the life cycle of the DNS records for the virtual machines deployed in a virtual network.
+You can also enable the [autoregistration](./private-dns-autoregistration.md) feature to automatically manage the life cycle of the DNS records for the virtual machines that gets deployed in a virtual network.
## Limits
-To understand how many private DNS zones you can create in a subscription and how many record sets are supported in a private DNS zone see [Azure DNS limits](../azure-resource-manager/management/azure-subscription-service-limits.md#azure-dns-limits)
+To understand how many private DNS zones you can create in a subscription and how many record sets are supported in a private DNS zone, see [Azure DNS limits](../azure-resource-manager/management/azure-subscription-service-limits.md#azure-dns-limits)
## Restrictions
-* Single labeled private DNS zones are not supported. Your private DNS zone must have two or more labels. For example contoso.com has two labels separated by a dot. A private DNS zone can have a maximum 34 labels.
-* You can't create zone delegations (NS records) in a private DNS zone. If you intend to use a child domain, you can directly create the domain as a private DNS zone and link it to virtual network without setting up a nameserver delegation from the parent zone.
+* Single labeled private DNS zones aren't supported. Your private DNS zone must have two or more labels. For example contoso.com has two labels separated by a dot. A private DNS zone can have a maximum 34 labels.
+* You can't create zone delegations (NS records) in a private DNS zone. If you intend to use a child domain, you can directly create the domain as a private DNS zone. Then you can link it to virtual network without setting up a nameserver delegation from the parent zone.
## Next steps
To understand how many private DNS zones you can create in a subscription and ho
* Read about some common [private zone scenarios](./private-dns-scenarios.md) that can be realized with private zones in Azure DNS.
-* For common questions and answers about private zones in Azure DNS, including specific behavior you can expect for certain kinds of operations, see [Private DNS FAQ](./dns-faq-private.md).
+* For common questions and answers about private zones in Azure DNS, see [Private DNS FAQ](./dns-faq-private.md).
expressroute Expressroute Locations Providers https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/expressroute/expressroute-locations-providers.md
The following table shows connectivity locations and the service providers for e
| **Berlin** | [NTT GDC](https://www.e-shelter.de/en/location/berlin-1-data-center) | 1 | Germany North | 10G | Equinix, NTT Global DataCenters EMEA| | **Bogota** | [Equinix BG1](https://www.equinix.com/locations/americas-colocation/colombia-colocation/bogota-data-centers/bg1/) | 4 | n/a | 10G | Equinix | | **Busan** | [LG CNS](https://www.lgcns.com/En/Service/DataCenter) | 2 | Korea South | n/a | LG CNS |
-| **Canberra** | [CDC](https://cdcdatacentres.com.au/content/about-cdc) | 1 | Australia Central | 10G, 100G | CDC |
-| **Canberra2** | [CDC](https://cdcdatacentres.com.au/content/about-cdc) | 1 | Australia Central 2| 10G, 100G | CDC, Equinix |
+| **Canberra** | [CDC](https://cdcdatacentres.com.au/about-us/) | 1 | Australia Central | 10G, 100G | CDC |
+| **Canberra2** | [CDC](https://cdcdatacentres.com.au/about-us/) | 1 | Australia Central 2| 10G, 100G | CDC, Equinix |
| **Cape Town** | [Teraco CT1](https://www.teraco.co.za/data-centre-locations/cape-town/) | 3 | South Africa West | 10G | BCX, Internet Solutions - Cloud Connect, Liquid Telecom, Teraco | | **Chennai** | Tata Communications | 2 | South India | 10G | BSNL, Global CloudXchange (GCX), SIFY, Tata Communications, VodafoneIdea | | **Chennai2** | Airtel | 2 | South India | 10G | Airtel |
expressroute Expressroute Locations https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/expressroute/expressroute-locations.md
If you are remote and don't have fiber connectivity or you want to explore other
| **[Oncore Cloud Service Inc](https://www.oncore.cloud/services/ue-for-expressroute)**| Equinix | Toronto | | **[POST Telecom Luxembourg](https://www.teralinksolutions.com/cloud-connectivity/cloudbridge-to-azure-expressroute/)**|Equinix | Amsterdam | | **[Proximus](https://www.proximus.be/en/id_b_cl_proximus_external_cloud_connect/companies-and-public-sector/discover/magazines/expert-blog/proximus-external-cloud-connect.html)**|Equinix | Amsterdam, Dublin, London, Paris |
-| **[QSC AG](https://www.qsc.de/de/produkte-loesungen/cloud-services-und-it-outsourcing/pure-enterprise-cloud/multi-cloud-management/azure-expressroute/)** |Interxion | Frankfurt |
+| **[QSC AG](https://www2.qbeyond.de/en/)** |Interxion | Frankfurt |
| **[RETN](https://retn.net/services/cloud-connect/)** | Equinix | Amsterdam | | **[Tata Teleservices](https://www.tatateleservices.com/business-services/data-services/secure-cloud-connect)** | Tata Communications | Chennai, Mumbai | | **Rogers** | Cologix, Equinix | Montreal, Toronto |
governance Author Policies For Arrays https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/governance/policy/how-to/author-policies-for-arrays.md
To use this string with each SDK, use the following commands:
parameter **params** - Azure PowerShell: Cmdlet [New-AzPolicyAssignment](/powershell/module/az.resources/New-Azpolicyassignment) with parameter **PolicyParameter**-- REST API: In the _PUT_ [create](/rest/api/resources/policyassignments/create) operation as part of
+- REST API: In the _PUT_ [create](/rest/api/policy/policyassignments/create) operation as part of
the Request Body as the value of the **properties.parameters** property ## Using arrays in conditions
governance Programmatically Create https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/governance/policy/how-to/programmatically-create.md
Use the following procedure to create a policy definition.
Replace the preceding {subscriptionId} with the ID of your subscription or {managementGroupId} with the ID of your [management group](../../management-groups/overview.md).
- For more information about the structure of the query, see [Azure Policy Definitions ΓÇô Create or Update](/rest/api/resources/policydefinitions/createorupdate)
+ For more information about the structure of the query, see [Azure Policy Definitions ΓÇô Create or Update](/rest/api/policy/policydefinitions/createorupdate)
and
- [Policy Definitions ΓÇô Create or Update At Management Group](/rest/api/resources/policydefinitions/createorupdateatmanagementgroup)
+ [Policy Definitions ΓÇô Create or Update At Management Group](/rest/api/policy/policydefinitions/createorupdateatmanagementgroup)
Use the following procedure to create a policy assignment and assign the policy definition at the resource group level.
iot-hub-device-update Device Update Agent Provisioning https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/iot-hub-device-update/device-update-agent-provisioning.md
Follow these instructions to provision the Device Update agent on [IoT Edge enab
1. Follow the instructions to [Install and provision the Azure IoT Edge runtime](https://docs.microsoft.com/azure/iot-edge/how-to-install-iot-edge?view=iotedge-2020-11&preserve-view=true).
-1. Then install the Device Update agent from [Artifacts](https://github.com/Azure/iot-hub-device-update/releases) and you are now ready to start the Device Update agent on your IoT Edge device.
-
+1. Install the Device Update image update agent
+ - We provide sample images in [Artifacts](https://github.com/Azure/iot-hub-device-update/releases) to try image update rollouts to different versions using a base image (adu-base-image) and one update image (adu-update-image). See example of [how to flash the image to your IoT Hub device](https://docs.microsoft.com/azure/iot-hub-device-update/device-update-raspberry-pi#flash-sd-card-with-image).
+
+1. Install the Device Update package update agent
+ - For latest agent versions from packages.miscrosoft.com: Update package lists on your device and install the Device Update agent package and its dependencies using:
+ ```shell
+ sudo apt-get update
+ ```
+
+ ```shell
+ sudo apt-get install deviceupdate-agent deliveryoptimization-plugin-apt
+ ```
+
+ - For upcoming release candidate versions from [Artifacts](https://github.com/Azure/iot-hub-device-update/releases) : Download the .dep file to the machine you want to install the Device Update agent on, then:
+ ```shell
+ Sudo apt-get install -y ./"<PATH TO FILE>"/"<.DEP FILE NAME>"
+ ```
+
+1. You are now ready to start the Device Update agent on your IoT Edge device.
### On non-Edge IoT Linux devices
Follow these instructions to provision the Device Update agent on your IoT Linux
sudo aziotctl config apply ```
-1. Finally install the Device Update agent from [Artifacts](https://github.com/Azure/iot-hub-device-update/releases) and you are now ready to start the Device Update agent on your IoT Edge device.
+1. Finally install the Device Update agent. We provide sample images in [Artifacts](https://github.com/Azure/iot-hub-device-update/releases) to try image update rollouts to different versions using a base image (adu-base-image) and one update image (adu-update-image). See example of [how to flash the image to your IoT Hub device](https://docs.microsoft.com/azure/iot-hub-device-update/device-update-raspberry-pi#flash-sd-card-with-image).
+1. You are now ready to start the Device Update agent on your IoT device.
### Other IoT devices The Device Update agent can also be configured without the IoT Identity service for testing or on constrained devices. Follow the below steps to provision the Device Update agent using a connection string (from the Module or Device).
-1. Install Device Update agent from [Artifacts](https://github.com/Azure/iot-hub-device-update/releases).
+1. We provide sample images in [Artifacts](https://github.com/Azure/iot-hub-device-update/releases) to try image update rollouts to different versions using a base image (adu-base-image) and one update image (adu-update-image). See example of [how to flash the image to your IoT Hub device](https://docs.microsoft.com/azure/iot-hub-device-update/device-update-raspberry-pi#flash-sd-card-with-image).
1. Log onto the machine or IoT Edge device/IoT device.
The Device Update agent can also be configured without the IoT Identity service
1. You should see a window open with some text in it. Delete the entire string following 'connection_String=' the first-time you provision the Device Update agent on the IoT device. It is just place holder text.
- 1. In the terminal, replace <your-connection-string> with the connection string of the device for your instance of Device Update agent.
+ 1. In the terminal, replace "<your-connection-string>" with the connection string of the device for your instance of Device Update agent.
> [!Important] > Do not add quotes around the connection string.
- - connection_string=<your-connection-string>
+ - connection_string= "<ADD CONNECTION STRING HERE>"
1. Enter and save.
-1. Now you are now ready to start the Device Update agent on your IoT Edge device.
+1. Now you are now ready to start the Device Update agent on your IoT device.
## How to start the Device Update Agent
You can also build and modify your own customer Device Update agent.
Follow the instructions to [build](https://github.com/Azure/iot-hub-device-update/blob/main/docs/agent-reference/how-to-build-agent-code.md) the Device Update Agent from source.
-Once the agent is successfully building, it's time [run](https://github.com/Azure/iot-hub-device-update/blob/main/docs/agent-reference/how-to-run-agent.md)
+Once the agent is successfully building, it's time to [run](https://github.com/Azure/iot-hub-device-update/blob/main/docs/agent-reference/how-to-run-agent.md)
the agent. Now, make the changes needed to incorporate the agent into your image. Look at how to
machine-learning How To Secure Training Vnet https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/machine-learning/how-to-secure-training-vnet.md
In this article you learn how to secure the following training compute resources
+ To deploy resources into a virtual network or subnet, your user account must have permissions to the following actions in Azure role-based access control (Azure RBAC):
- - "Microsoft.Network/virtualNetworks/join/action" on the virtual network resource.
+ - "Microsoft.Network/virtualNetworks/*/read" on the virtual network resource.
- "Microsoft.Network/virtualNetworks/subnet/join/action" on the subnet resource. For more information on Azure RBAC with networking, see the [Networking built-in roles](../role-based-access-control/built-in-roles.md#networking)
mariadb Concepts Business Continuity https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/mariadb/concepts-business-continuity.md
Last updated 7/7/2020
-# Understand business continuity in Azure Database for MariaDB
+# Overview of business continuity with Azure Database for MariaDB
-This article describes the capabilities that Azure Database for MariaDB provides for business continuity and disaster recovery. Learn about options for recovering from disruptive events that could cause data loss or cause your database and application to become unavailable. Learn what to do when a user or application error affects data integrity, an Azure region has an outage, or your application requires maintenance.
+This article describes the capabilities that Azure Database for MySQL provides for business continuity and disaster recovery. Learn about options for recovering from disruptive events that could cause data loss or cause your database and application to become unavailable. Learn what to do when a user or application error affects data integrity, an Azure region has an outage, or your application requires maintenance.
## Features that you can use to provide business continuity
-Azure Database for MariaDB provides business continuity features that include automated backups and the ability for users to initiate geo-restore. Each has different characteristics for Estimated Recovery Time (ERT) and potential data loss. Once you understand these options, you can choose among them, and use them together for different scenarios. As you develop your business continuity plan, you need to understand the maximum acceptable time before the application fully recovers after the disruptive event - this is your Recovery Time Objective (RTO). You also need to understand the maximum amount of recent data updates (time interval) the application can tolerate losing when recovering after the disruptive event - this is your Recovery Point Objective (RPO).
+As you develop your business continuity plan, you need to understand the maximum acceptable time before the application fully recovers after the disruptive event - this is your Recovery Time Objective (RTO). You also need to understand the maximum amount of recent data updates (time interval) the application can tolerate losing when recovering after the disruptive event - this is your Recovery Point Objective (RPO).
-The following table compares the ERT and RPO for the available features:
+Azure Database for MariaDB provides business continuity and disaster recovery features that include geo-redundant backups with the ability to initiate geo-restore, and deploying read replicas in a different region. Each has different characteristics for the recovery time and the potential data loss. With [Geo-restore](concepts-backup.md) feature, a new server is created using the backup data that is replicated from another region. The overall time it takes to restore and recover depends on the size of the database and the amount of logs to recover. The overall time to establish the server varies from few minutes to few hours. With [read replicas](concepts-read-replicas.md), transaction logs from the primary are asynchronously streamed to the replica. In the event of a primary database outage due to a zone-level or a region-level fault, failing over to the replica provides a shorter RTO and reduced data loss.
+
+> [!NOTE]
+> The lag between the primary and the replica depends on the latency between the sites, the amount of data to be transmitted and most importantly on the write workload of the primary server. Heavy write workloads can generate significant lag.
+>
+> Because of asynchronous nature of replication used for read-replicas, they **should not** be considered as a High Availability (HA) solution since the higher lags can mean higher RTO and RPO. Only for workloads where the lag remains smaller through the peak and non-peak times of the workload, read replicas can act as a HA alternative. Otherwise read replicas are intended for true read-scale for ready heavy workloads and for (Disaster Recovery) DR scenarios.
+
+The following table compares RTO and RPO in a **typical workload** scenario:
| **Capability** | **Basic** | **General Purpose** | **Memory optimized** | | :: | :-: | :--: | :: |
-| Point in Time Restore from backup | Any restore point within the retention period | Any restore point within the retention period | Any restore point within the retention period |
-| Geo-restore from geo-replicated backups | Not supported | ERT < 12 h<br/>RPO < 1 h | ERT < 12 h<br/>RPO < 1 h |
+| Point in Time Restore from backup | Any restore point within the retention period <br/> RTO - Varies <br/>RPO < 15 min| Any restore point within the retention period <br/> RTO - Varies <br/>RPO < 15 min | Any restore point within the retention period <br/> RTO - Varies <br/>RPO < 15 min |
+| Geo-restore from geo-replicated backups | Not supported | RTO - Varies <br/>RPO < 1 h | RTO - Varies <br/>RPO < 1 h |
+| Read replicas | RTO - Minutes* <br/>RPO < 5 min* | RTO - Minutes* <br/>RPO < 5 min*| RTO - Minutes* <br/>RPO < 5 min*|
-> [!IMPORTANT]
-> If you delete the server, all databases contained in the server are also deleted and cannot be recovered. You cannot restore a deleted server.
+ \* RTO and RPO **can be much higher** in some cases depending on various factors including latency between sites, the amount of data to be transmitted, and importantly primary database write workload.
## Recover a server after a user or application error
You can use the service's backups to recover a server from various disruptive ev
You can perform a point-in-time-restore to create a copy of your server to a known good point in time. This point in time must be within the backup retention period you have configured for your server. After the data is restored to the new server, you can either replace the original server with the newly restored server or copy the needed data from the restored server into the original server.
+> [!IMPORTANT]
+> Deleted servers cannot be restored. To protect server resources, post deployment, from accidental deletion or unexpected changes, administrators can leverage [management locks](../azure-resource-manager/management/lock-resources.md).
+ ## Recover from an Azure regional data center outage Although rare, an Azure data center can have an outage. When an outage occurs, it causes a business disruption that might only last a few minutes, but could last for hours. One option is to wait for your server to come back online when the data center outage is over. This works for applications that can afford to have the server offline for some period of time, for example a development environment. When data center has an outage, you do not know how long the outage might last, so this option only works if you don't need your server for a while.
-The other option is to use the Azure Database for MariaDB's geo-restore feature that restores the server using geo-redundant backups. These backups are accessible even when the region your server is hosted in is offline. You can restore from these backups to any other region and bring your server back online.
+## Geo-restore
+
+The geo-restore feature restores the server using geo-redundant backups. The backups are hosted in your server's [paired region](../best-practices-availability-paired-regions.md). These backups are accessible even when the region your server is hosted in is offline. You can restore from these backups to any other region and bring your server back online. Learn more about geo-restore from the [backup and restore concepts article](concepts-backup.md).
> [!IMPORTANT]
-> Geo-restore is only possible if you provisioned the server with geo-redundant backup storage.
+> Geo-restore is only possible if you provisioned the server with geo-redundant backup storage. If you wish to switch from locally redundant to geo-redundant backups for an existing server, you must take a dump using mysqldump of your existing server and restore it to a newly created server configured with geo-redundant backups.
## Cross-region read replicas
-You can use cross region read replicas to enhance your business continuity and disaster recovery planning. Read replicas are updated asynchronously using MariaDB's binary log replication technology. Learn more about read replicas, available regions, and how to fail over from the [read replicas concepts article](concepts-read-replicas.md).
+You can use cross region read replicas to enhance your business continuity and disaster recovery planning. Read replicas are updated asynchronously using MySQL's binary log replication technology. Learn more about read replicas, available regions, and how to fail over from the [read replicas concepts article](concepts-read-replicas.md).
## FAQ
-### Where does Azure Database for MariaDB store customer data?
-By default, Azure Database for MariaDB doesn't move or store customer data out of the region it is deployed in. However, customers can optionally chose to enable [geo-redundant backups](concepts-backup.md#backup-redundancy-options) or create [cross-region read replica](concepts-read-replicas.md#cross-region-replication) for storing data in another region.
+
+### Where does Azure Database for MySQL store customer data?
+By default, Azure Database for MySQL doesn't move or store customer data out of the region it is deployed in. However, customers can optionally chose to enable [geo-redundant backups](concepts-backup.md#backup-redundancy-options) or create [cross-region read replica](concepts-read-replicas.md#cross-region-replication) for storing data in another region.
+ ## Next steps - Learn more about the [automated backups in Azure Database for MariaDB](concepts-backup.md). - Learn how to restore using [the Azure portal](howto-restore-server-portal.md) or [the Azure CLI](howto-restore-server-cli.md).-- Learn about [read replicas in Azure Database for MariaDB](concepts-read-replicas.md).
+- Learn about [read replicas in Azure Database for MariaDB](concepts-read-replicas.md).
marketplace Commercial Marketplace Lead Management Instructions Https https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/marketplace/partner-center-portal/commercial-marketplace-lead-management-instructions-https.md
Previously updated : 03/30/2020 Last updated : 04/09/2021 # Use an HTTPS endpoint to manage commercial marketplace leads
This article explains how to create a new flow in Power Automate to generate the
![Sign in My flows](./media/commercial-marketplace-lead-management-instructions-https/my-flows-automated.png)
-1. Under **+ New**, select **+ InstantΓÇöfrom blank**.
+1. Under **+ New**, select **+ Instant cloud flow**.
- ![My flows + Automated--from blank](./media/commercial-marketplace-lead-management-instructions-https/https-myflows-create-fromblank.png)
+ ![My flows + Automated--from blank](./media/commercial-marketplace-lead-management-instructions-https/https-my-flows-create-from-blank.png)
1. Name your flow, and then under **Choose how to trigger this flow**, select **When a HTTP request is received**.
- ![Build an automated flow window Skip button](./media/commercial-marketplace-lead-management-instructions-https/https-myflows-pick-request-trigger.png)
+ ![Build an automated flow window Skip button](./media/commercial-marketplace-lead-management-instructions-https/https-my-flows-pick-request-trigger.png)
1. Click the flow step to expand it.
This article explains how to create a new flow in Power Automate to generate the
``` >[!NOTE]
->At this point in the configuration, you can select to either connect to a CRM system or configure an email notification. Follow the remaining instructions based on your choice.
+>At this point in the configuration, you can select to either connect to a CRM system, or configure an email notification. Follow the remaining instructions based on your choice.
### Connect to a CRM system 1. Select **+ New step**.
-1. Choose the CRM system of your choice by searching for it where it says **Search connectors and actions**. Select it on the **Actions** tab with the action to create a new record. The following screen shows **Create a new record (Dynamics 365)** as an example.
+1. Choose the CRM system of your choice by searching for it where it says **Search connectors and actions**. The following screen shows Create a new record (Common Data Service) as an example.
![Create a new record](./media/commercial-marketplace-lead-management-instructions-https/create-new-record.png)
+1. Select the **Actions tab** with the action to **create a new record**.
+
+ ![Select create a new record](./media/commercial-marketplace-lead-management-instructions-https/select-create-new-record.png)
+ 1. Provide the **Organization Name** associated with the CRM system. Select **Leads** from the **Entity Name** drop-down list. ![Select leads](./media/commercial-marketplace-lead-management-instructions-https/select-leads.png)
mysql Concepts Business Continuity https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/mysql/concepts-business-continuity.md
Last updated 7/7/2020
-# Understand business continuity in Azure Database for MySQL
+# Overview of business continuity with Azure Database for MySQL - Single Server
This article describes the capabilities that Azure Database for MySQL provides for business continuity and disaster recovery. Learn about options for recovering from disruptive events that could cause data loss or cause your database and application to become unavailable. Learn what to do when a user or application error affects data integrity, an Azure region has an outage, or your application requires maintenance. ## Features that you can use to provide business continuity
-Azure Database for MySQL provides business continuity features that include automated backups and the ability for users to initiate geo-restore. Each has different characteristics for Estimated Recovery Time (ERT) and potential data loss. Estimated Recovery Time (ERT) is estimated duration for the database to be fully functional after a restore/failover request. Once you understand these options, you can choose among them, and use them together for different scenarios. As you develop your business continuity plan, you need to understand the maximum acceptable time before the application fully recovers after the disruptive event - this is your Recovery Time Objective (RTO). You also need to understand the maximum amount of recent data updates (time interval) the application can tolerate losing when recovering after the disruptive event - this is your Recovery Point Objective (RPO).
+As you develop your business continuity plan, you need to understand the maximum acceptable time before the application fully recovers after the disruptive event - this is your Recovery Time Objective (RTO). You also need to understand the maximum amount of recent data updates (time interval) the application can tolerate losing when recovering after the disruptive event - this is your Recovery Point Objective (RPO).
-The following table compares the ERT and RPO for the available features:
+Azure Database for MySQL Single Server provides business continuity and disaster recovery features that include geo-redundant backups with the ability to initiate geo-restore, and deploying read replicas in a different region. Each has different characteristics for the recovery time and the potential data loss. With [Geo-restore](concepts-backup.md) feature, a new server is created using the backup data that is replicated from another region. The overall time it takes to restore and recover depends on the size of the database and the amount of logs to recover. The overall time to establish the server varies from few minutes to few hours. With [read replicas](concepts-read-replicas.md), transaction logs from the primary are asynchronously streamed to the replica. In the event of a primary database outage due to a zone-level or a region-level fault, failing over to the replica provides a shorter RTO and reduced data loss.
+
+> [!NOTE]
+> The lag between the primary and the replica depends on the latency between the sites, the amount of data to be transmitted and most importantly on the write workload of the primary server. Heavy write workloads can generate significant lag.
+>
+> Because of asynchronous nature of replication used for read-replicas, they **should not** be considered as a High Availability (HA) solution since the higher lags can mean higher RTO and RPO. Only for workloads where the lag remains smaller through the peak and non-peak times of the workload, read replicas can act as a HA alternative. Otherwise read replicas are intended for true read-scale for ready heavy workloads and for (Disaster Recovery) DR scenarios.
+
+The following table compares RTO and RPO in a **typical workload** scenario:
| **Capability** | **Basic** | **General Purpose** | **Memory optimized** | | :: | :-: | :--: | :: |
-| Point in Time Restore from backup | Any restore point within the retention period | Any restore point within the retention period | Any restore point within the retention period |
-| Geo-restore from geo-replicated backups | Not supported | ERT < 12 h<br/>RPO < 1 h | ERT < 12 h<br/>RPO < 1 h |
+| Point in Time Restore from backup | Any restore point within the retention period <br/> RTO - Varies <br/>RPO < 15 min| Any restore point within the retention period <br/> RTO - Varies <br/>RPO < 15 min | Any restore point within the retention period <br/> RTO - Varies <br/>RPO < 15 min |
+| Geo-restore from geo-replicated backups | Not supported | RTO - Varies <br/>RPO < 1 h | RTO - Varies <br/>RPO < 1 h |
+| Read replicas | RTO - Minutes* <br/>RPO < 5 min* | RTO - Minutes* <br/>RPO < 5 min*| RTO - Minutes* <br/>RPO < 5 min*|
-> [!IMPORTANT]
-> Deleted servers **cannot** be restored. If you delete the server, all databases that belong to the server are also deleted and cannot be recovered.
+ \* RTO and RPO **can be much higher** in some cases depending on various factors including latency between sites, the amount of data to be transmitted, and importantly primary database write workload.
## Recover a server after a user or application error
You can use the service's backups to recover a server from various disruptive ev
You can perform a point-in-time-restore to create a copy of your server to a known good point in time. This point in time must be within the backup retention period you have configured for your server. After the data is restored to the new server, you can either replace the original server with the newly restored server or copy the needed data from the restored server into the original server.
+> [!IMPORTANT]
+> Deleted servers can be restored only within **five days** of deletion after which the backups are deleted. The database backup can be accessed and restored only from the Azure subscription hosting the server. To restore a dropped server, refer [documented steps](howto-restore-dropped-server.md). To protect server resources, post deployment, from accidental deletion or unexpected changes, administrators can leverage [management locks](../azure-resource-manager/management/lock-resources.md).
+ ## Recover from an Azure regional data center outage Although rare, an Azure data center can have an outage. When an outage occurs, it causes a business disruption that might only last a few minutes, but could last for hours. One option is to wait for your server to come back online when the data center outage is over. This works for applications that can afford to have the server offline for some period of time, for example a development environment. When data center has an outage, you do not know how long the outage might last, so this option only works if you don't need your server for a while.
-The other option is to use the Azure Database for MySQL's geo-restore feature that restores the server using geo-redundant backups. These backups are accessible even when the region your server is hosted in is offline. You can restore from these backups to any other region and bring your server back online.
+## Geo-restore
+
+The geo-restore feature restores the server using geo-redundant backups. The backups are hosted in your server's [paired region](../best-practices-availability-paired-regions.md). These backups are accessible even when the region your server is hosted in is offline. You can restore from these backups to any other region and bring your server back online. Learn more about geo-restore from the [backup and restore concepts article](concepts-backup.md).
> [!IMPORTANT] > Geo-restore is only possible if you provisioned the server with geo-redundant backup storage. If you wish to switch from locally redundant to geo-redundant backups for an existing server, you must take a dump using mysqldump of your existing server and restore it to a newly created server configured with geo-redundant backups.
The other option is to use the Azure Database for MySQL's geo-restore feature th
You can use cross region read replicas to enhance your business continuity and disaster recovery planning. Read replicas are updated asynchronously using MySQL's binary log replication technology. Learn more about read replicas, available regions, and how to fail over from the [read replicas concepts article](concepts-read-replicas.md). ## FAQ+ ### Where does Azure Database for MySQL store customer data? By default, Azure Database for MySQL doesn't move or store customer data out of the region it is deployed in. However, customers can optionally chose to enable [geo-redundant backups](concepts-backup.md#backup-redundancy-options) or create [cross-region read replica](concepts-read-replicas.md#cross-region-replication) for storing data in another region.
purview Register Scan Amazon S3 https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/purview/register-scan-amazon-s3.md
This procedure describes how to create a new Purview credential to use when scan
Select **Create** when you're done to finish creating the credential.
-For more information about Purview credentials, see the [Azure Purview public preview documentation](manage-credentials.md).
+1. If you haven't yet, copy and paste the **Microsoft account ID** and **External ID** values for use when [creating a new AWS role for Purview](#create-a-new-aws-role-for-purview), which is your next step.
+
+For more information about Purview credentials, see [Credentials for source authentication in Azure Purview](manage-credentials.md).
### Create a new AWS role for Purview
+This procedure requires that you enter the values for your Azure Account ID and External ID when creating your AWS role.
+
+If you don't have these values, locate them first in your [Purview credential](#create-a-purview-credential-for-your-aws-bucket-scan).
+
+**To locate your Microsoft Account ID and External ID**:
+
+1. In Purview, navigate to the **Management Center** > **Security and access** > **Credentials**.
+
+1. Select the credential that you [created for your AWS bucket scan](#create-a-purview-credential-for-your-aws-bucket-scan), and then in the toolbar, select **Edit**.
+
+1. In the **Edit credential** pane that appears on the right, copy the **Microsoft account ID** and **External ID** values to a separate file, or have them handy for pasting into the relevant field in AWS.
+
+ For example:
+
+ [ ![Locate your Microsoft account ID and External ID values.](./media/register-scan-amazon-s3/locate-account-id-external-id.png) ](./media/register-scan-amazon-s3/locate-account-id-external-id.png#lightbox)
++
+**To create your AWS role for Purview**:
+ 1. Open your **Amazon Web Services** console, and under **Security, Identity, and Compliance**, select **IAM**. 1. Select **Roles** and then **Create role**.
For more information about Purview credentials, see the [Azure Purview public pr
|Field |Description | ||| |**Account ID** | Enter your Microsoft Account ID. For example: `615019938638` |
- |**External ID** | Under options, select **Require external ID...**, and then enter your External ID in the designated field. <br>For example: `e7e2b8a3-0a9f-414f-a065-afaf4ac6d994` <br><br>You can find this external ID when you . |
+ |**External ID** | Under options, select **Require external ID...**, and then enter your External ID in the designated field. <br>For example: `e7e2b8a3-0a9f-414f-a065-afaf4ac6d994` |
| | |
- > [!NOTE]
- > You can find the values for both the **Microsoft Account ID** and **External ID** in the Purview **Management Center** > **Credentials** area, where you [created your Purview credentials](#create-a-purview-credential-for-your-aws-bucket-scan).
- >
- For example: ![Add the Microsoft Account ID to your AWS account.](./media/register-scan-amazon-s3/aws-create-role-amazon-s3.png)
security-center Kubernetes Workload Protections https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/security-center/kubernetes-workload-protections.md
spec:
labels: app: redis annotations:
- apparmor.security.beta.kubernetes.io/pod: runtime/default
container.apparmor.security.beta.kubernetes.io/redis: runtime/default spec: containers:
For other related material, see the following pages:
- [Security Center recommendations for compute](recommendations-reference.md#recs-compute) - [Alerts for AKS cluster level](alerts-reference.md#alerts-akscluster)-- [Alerts for Container host level](alerts-reference.md#alerts-containerhost)
+- [Alerts for Container host level](alerts-reference.md#alerts-containerhost)
security-center Release Notes https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/security-center/release-notes.md
Previously updated : 04/06/2021 Last updated : 04/11/2021
To learn about *planned* changes that are coming soon to Security Center, see [I
## April 2021 Updates in April include:-- [Four new recommendations related to guest configuration (preview)](#four-new-recommendations-related-to-guest-configuration-preview)
+- [Recently pulled container registry images are now rescanned weekly (General Availability)](#recently-pulled-container-registry-images-are-now-rescanned-weekly-general-availability)
- [Use Azure Defender for Kubernetes to protect hybrid and multi-cloud Kubernetes deployments (preview)](#use-azure-defender-for-kubernetes-to-protect-hybrid-and-multi-cloud-kubernetes-deployments-preview)
+- [Four new recommendations related to guest configuration (preview)](#four-new-recommendations-related-to-guest-configuration-preview)
+- [CMK recommendations moved to best practices security control](#cmk-recommendations-moved-to-best-practices-security-control)
- [11 Azure Defender alerts deprecated](#11-azure-defender-alerts-deprecated) - [Two recommendations from "Apply system updates" security control were deprecated](#two-recommendations-from-apply-system-updates-security-control-were-deprecated)
-### Four new recommendations related to guest configuration (preview)
+### Recently pulled container registry images are now rescanned weekly (General Availability)
-Azure's [Guest Configuration extension](../governance/policy/concepts/guest-configuration.md) reports to Security Center to help ensure your virtual machines' in-guest settings are hardened. The extension isn't required for Arc enabled servers because it's included in the Arc Connected Machine agent. The extension requires a system-managed identity on the machine.
+Azure Defender for container registries includes a built-in vulnerability scanner. This scanner immediately scans any image you push to your registry and any image pulled within the last 30 days.
-We've added four new recommendations to Security Center to make the most of this extension.
--- Two recommendations prompt you to install the extension and its required system-managed identity:
- - **Guest Configuration extension should be installed on your machines**
- - **Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity**
+New vulnerabilities are discovered every day. With this update, container images that were pulled from your registries during the last 30 days will be **rescanned** every week. This ensures that newly discovered vulnerabilities are identified in your images.
-- When the extension is installed and running, it'll begin auditing your machines and you'll be prompted to harden settings such as configuration of the operating system and environment settings. These two recommendations will prompt you to harden your Windows and Linux machines as described:
- - **Windows Defender Exploit Guard should be enabled on your machines**
- - **Authentication to Linux machines should require SSH keys**
+Scanning is charged on a per image basis, so there's no additional charge for these rescans.
-Learn more in [Understand Azure Policy's Guest Configuration](../governance/policy/concepts/guest-configuration.md).
+Learn more about this scanner in [Use Azure Defender for container registries to scan your images for vulnerabilities](defender-for-container-registries-usage.md).
### Use Azure Defender for Kubernetes to protect hybrid and multi-cloud Kubernetes deployments (preview)
Learn more in [Use Azure Defender for Kubernetes with your on-premises and multi
:::image type="content" source="media/defender-for-kubernetes-azure-arc/extension-recommendation.png" alt-text="Azure Security Center's recommendation for deploying the Azure Defender extension for Azure Arc enabled Kubernetes clusters." lightbox="media/defender-for-kubernetes-azure-arc/extension-recommendation.png":::
+### Four new recommendations related to guest configuration (preview)
+
+Azure's [Guest Configuration extension](../governance/policy/concepts/guest-configuration.md) reports to Security Center to help ensure your virtual machines' in-guest settings are hardened. The extension isn't required for Arc enabled servers because it's included in the Arc Connected Machine agent. The extension requires a system-managed identity on the machine.
+
+We've added four new recommendations to Security Center to make the most of this extension.
+
+- Two recommendations prompt you to install the extension and its required system-managed identity:
+ - **Guest Configuration extension should be installed on your machines**
+ - **Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity**
+
+- When the extension is installed and running, it'll begin auditing your machines and you'll be prompted to harden settings such as configuration of the operating system and environment settings. These two recommendations will prompt you to harden your Windows and Linux machines as described:
+ - **Windows Defender Exploit Guard should be enabled on your machines**
+ - **Authentication to Linux machines should require SSH keys**
+
+Learn more in [Understand Azure Policy's Guest Configuration](../governance/policy/concepts/guest-configuration.md).
+
+### CMK recommendations moved to best practices security control
+
+Every organization's security program includes data encryption requirements. By default, Azure customers' data is encrypted at rest with service-managed keys. However, customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs let you encrypt your data with an [Azure Key Vault](../key-vault/general/overview.md) key created and owned by you. This gives you full control and responsibility for the key lifecycle, including rotation and management.
+
+Azure Security Center's security controls are logical groups of related security recommendations, and reflect your vulnerable attack surfaces. Each control has a maximum number of points you can add to your secure score if you remediate all of the recommendations listed in the control, for all of your resources. The **Implement security best practices** security control is worth zero points. So recommendations in this control don't affect your secure score.
+
+The recommendations listed below are being moved to the **Implement security best practices** security control to better reflect their optional nature. This move ensures that these recommendations are in the most appropriate control to meet their objective.
+
+- Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest
+- Azure Machine Learning workspaces should be encrypted with a customer-managed key (CMK)
+- Cognitive Services accounts should enable data encryption with a customer-managed key (CMK)
+- Container registries should be encrypted with a customer-managed key (CMK)
+- SQL managed instances should use customer-managed keys to encrypt data at rest
+- SQL servers should use customer-managed keys to encrypt data at rest
+- Storage accounts should use customer-managed key (CMK) for encryption
+
+Learn which recommendations are in each security control in [Security controls and their recommendations](secure-score-security-controls.md#security-controls-and-their-recommendations).
+ ### 11 Azure Defender alerts deprecated
security End To End https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/security/fundamentals/end-to-end.md
The [Azure Security Benchmark](../benchmarks/introduction.md) program includes a
| [Azure DDoS Protection Standard](../../ddos-protection/ddos-protection-overview.md) | Provides enhanced DDoS mitigation features to defend against DDoS attacks. It is automatically tuned to help protect your specific Azure resources in a virtual network. | | [Azure Front Door](../../frontdoor/front-door-overview.md) | A global, scalable entry-point that uses the Microsoft global edge network to create fast, secure, and widely scalable web applications. | | [Azure Firewall](../../firewall/overview.md) | A managed, cloud-based network security service that protects your Azure Virtual Network resources. It's a fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability. |
-| [Azure Key Vault](../../key-vault/general/overview.md) | A managed, cloud-based network security service that protects your Azure Virtual Network resources. It's a fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability. |
-| [Key Vault Managed HSDM (preview)](../../key-vault/managed-hsm/overview.md) | A fully managed, highly available, single-tenant, standards-compliant cloud service that enables you to safeguard cryptographic keys for your cloud applications, using FIPS 140-2 Level 3 validated HSMs. |
+| [Azure Key Vault](../../key-vault/general/overview.md) | A secure secrets store for tokens, passwords, certificates, API keys, and other secrets. Key Vault can also be used to create and control the encryption keys used to encrypt your data. |
+| [Key Vault Managed HSM (preview)](../../key-vault/managed-hsm/overview.md) | A fully managed, highly available, single-tenant, standards-compliant cloud service that enables you to safeguard cryptographic keys for your cloud applications, using FIPS 140-2 Level 3 validated HSMs. |
| [Azure Private Link](../../private-link/private-link-overview.md) | Enables you to access Azure PaaS Services (for example, Azure Storage and SQL Database) and Azure hosted customer-owned/partner services over a private endpoint in your virtual network. | | [Azure Application Gateway](../../application-gateway/overview.md) | An advanced web traffic load balancer that enables you to manage traffic to your web applications. Application Gateway can make routing decisions based on additional attributes of an HTTP request, for example URI path or host headers. | | [Azure Service Bus](../../service-bus-messaging/service-bus-messaging-overview.md) | A fully managed enterprise message broker with message queues and publish-subscribe topics. Service Bus is used to decouple applications and services from each other. |
sentinel Roles https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/sentinel/roles.md
na ms.devlang: na Previously updated : 06/28/2020 Last updated : 04/11/2021
Use Azure RBAC to create and assign roles within your security operations team t
### Azure Sentinel-specific roles
-There are three dedicated built-in Azure Sentinel roles.
- **All Azure Sentinel built-in roles grant read access to the data in your Azure Sentinel workspace.** - [Azure Sentinel Reader](../role-based-access-control/built-in-roles.md#azure-sentinel-reader) can view data, incidents, workbooks, and other Azure Sentinel resources.
There are three dedicated built-in Azure Sentinel roles.
Users with particular job requirements may need to be assigned additional roles or specific permissions in order to accomplish their tasks. -- Working with playbooks to automate responses to threats
+- **Working with playbooks to automate responses to threats**
Azure Sentinel uses **playbooks** for automated threat response. Playbooks are built on **Azure Logic Apps**, and are a separate Azure resource. You might want to assign to specific members of your security operations team the ability to use Logic Apps for Security Orchestration, Automation, and Response (SOAR) operations. You can use the [Logic App Contributor](../role-based-access-control/built-in-roles.md#logic-app-contributor) role to assign explicit permission for using playbooks. -- Connecting data sources to Azure Sentinel
+- **Connecting data sources to Azure Sentinel**
For a user to add **data connectors**, you must assign the user write permissions on the Azure Sentinel workspace. Also, note the required additional permissions for each connector, as listed on the relevant connector page. -- Guest users assigning incidents
+- **Guest users assigning incidents**
+
+ If a guest user needs to be able to assign incidents, then in addition to the Azure Sentinel Responder role, the user will also need to be assigned the role of [Directory Reader](../active-directory/roles/permissions-reference.md#directory-readers). Note that this role is *not* an Azure role but an **Azure Active Directory** role, and that regular (non-guest) users have this role assigned by default.
- If a guest user needs to be able to assign incidents, then in addition to the Azure Sentinel Responder role, the user will also need to be assigned the role of [Directory Reader](../active-directory/roles/permissions-reference.md#directory-readers). Note that this role is *not* an Azure role but an **Azure Active Directory** role, and that regular (non-guest) users have this role assigned by default.
+- **Creating and deleting workbooks**
-For a side-by-side comparison, see the [table below](#roles-and-allowed-actions).
+ For a user to create and delete an Azure Sentinel workbook, the user will also need to be assigned with the Azure Monitor role of [Monitoring Contributor](../role-based-access-control/built-in-roles.md#monitoring-contributor). This role is not necessary for *using* workbooks, but only for creating and deleting.
### Other roles you might see assigned
In assigning Azure Sentinel-specific Azure roles, you may come across other Azur
- **Azure roles:** [Owner](../role-based-access-control/built-in-roles.md#owner), [Contributor](../role-based-access-control/built-in-roles.md#contributor), and [Reader](../role-based-access-control/built-in-roles.md#reader). Azure roles grant access across all your Azure resources, including Log Analytics workspaces and Azure Sentinel resources. -- **Log Analytics roles:** [Log Analytics Contributor](../role-based-access-control/built-in-roles.md#log-analytics-contributor) and [Log Analytics Reader](../role-based-access-control/built-in-roles.md#log-analytics-reader). Log Analytics roles grant access to your Log Analytics workspaces.
+- **Log Analytics roles:** [Log Analytics Contributor](../role-based-access-control/built-in-roles.md#log-analytics-contributor) and [Log Analytics Reader](../role-based-access-control/built-in-roles.md#log-analytics-reader). Log Analytics roles grant access to your Log Analytics workspaces.
For example, a user who is assigned the **Azure Sentinel Reader** role, but not the **Azure Sentinel Contributor** role, will still be able to edit items in Azure Sentinel if assigned the Azure-level **Contributor** role. Therefore, if you want to grant permissions to a user only in Azure Sentinel, you should carefully remove this userΓÇÖs prior permissions, making sure you do not break any needed access to another resource.
-## Roles and allowed actions
+## Azure Sentinel roles and allowed actions
-The following table summarizes the roles and allowed actions in Azure Sentinel.
+The following table summarizes the Azure Sentinel roles and their allowed actions in Azure Sentinel.
-| Role | Create and run playbooks| Create and edit workbooks, analytic rules, and other Azure Sentinel resources | Manage incidents (dismiss, assign, etc.) | View data, incidents, workbooks, and other Azure Sentinel resources |
+| Role | Create and run playbooks| Create and edit analytic rules and other Azure Sentinel resources [*](#workbooks) | Manage incidents (dismiss, assign, etc.) | View data, incidents, workbooks, and other Azure Sentinel resources |
|||||| | Azure Sentinel Reader | -- | -- | -- | &#10003; | | Azure Sentinel Responder | -- | -- | &#10003; | &#10003; | | Azure Sentinel Contributor | -- | &#10003; | &#10003; | &#10003; | | Azure Sentinel Contributor + Logic App Contributor | &#10003; | &#10003; | &#10003; | &#10003; |
+| | | | | |
+<a name=workbooks></a>* Creating and deleting workbooks requires the additional [Monitoring Contributor](../role-based-access-control/built-in-roles.md#monitoring-contributor) role. For more information, see [Additional roles and permissions](#additional-roles-and-permissions).
## Custom roles and advanced Azure RBAC - **Custom roles**. In addition to, or instead of, using Azure built-in roles, you can create Azure custom roles for Azure Sentinel. Azure custom roles for Azure Sentinel are created the same way you create other [Azure custom roles](../role-based-access-control/custom-roles-rest.md#create-a-custom-role), based on [specific permissions to Azure Sentinel](../role-based-access-control/resource-provider-operations.md#microsoftsecurityinsights) and to [Azure Log Analytics resources](../role-based-access-control/resource-provider-operations.md#microsoftoperationalinsights).
service-bus-messaging Service Bus Amqp Overview https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/service-bus-messaging/service-bus-amqp-overview.md
Title: Overview of AMQP 1.0 in Azure Service Bus description: Learn how Azure Service Bus supports Advanced Message Queuing Protocol (AMQP), an open standard protocol. Previously updated : 02/17/2021 Last updated : 04/08/2021
-# AMQP 1.0 support in Service Bus
-The Azure Service Bus cloud service uses the [Advanced Message Queueing Protocol (AMQP) 1.0](http://docs.oasis-open.org/amqp/core/v1.0/amqp-core-overview-v1.0.html) as its primary means of communication. Microsoft has been engaged with partners across the industry, both customers and vendors of competing messaging brokers, to develop and evolve AMQP over the past decade, with new extensions being developed in the [OASIS AMQP Technical Committee](https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=amqp). AMQP 1.0 is an ISO and IEC standard ([ISO 19464:20149](https://www.iso.org/standard/64955.html)).
+# Advanced Message Queueing Protocol (AMQP) 1.0 support in Service Bus
+The Azure Service Bus cloud service uses the [AMQP 1.0](http://docs.oasis-open.org/amqp/core/v1.0/amqp-core-overview-v1.0.html) as its primary means of communication. Microsoft has been engaged with partners across the industry, both customers and vendors of competing messaging brokers, to develop and evolve AMQP over the past decade, with new extensions being developed in the [OASIS AMQP Technical Committee](https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=amqp). AMQP 1.0 is an ISO and IEC standard ([ISO 19464:20149](https://www.iso.org/standard/64955.html)).
-AMQP enables you to build cross-platform, hybrid applications using an vendor-neutral and implementation-neutral, open standard protocol. You can construct applications using components that are built using different languages and frameworks, and that run on different operating systems. All these components can connect to Service Bus and seamlessly exchange structured business messages efficiently and at full fidelity.
+AMQP enables you to build cross-platform, hybrid applications using a vendor-neutral and implementation-neutral, open standard protocol. You can construct applications using components that are built using different languages and frameworks, and that run on different operating systems. All these components can connect to Service Bus and seamlessly exchange structured business messages efficiently and at full fidelity.
## Introduction: What is AMQP 1.0 and why is it important?
-Traditionally, message-oriented middleware products have used proprietary protocols for communication between client applications and brokers. This means that once you've selected a particular vendor's messaging broker, you must use that vendor's libraries to connect your client applications to that broker. This results in a degree of dependence on that vendor, since porting an application to a different product requires code changes in all the connected applications. In the Java community, language specific API standards like Java Message Service (JMS) and the Spring Framework's abstractions have alleviated that pain somewhat, but have a very narrow feature scope and exclude developers using other languages.
+Traditionally, message-oriented middleware products have used proprietary protocols for communication between client applications and brokers. It means that once you've selected a particular vendor's messaging broker, you must use that vendor's libraries to connect your client applications to that broker. It results in a degree of dependence on that vendor, since porting an application to a different product requires code changes in all the connected applications. In the Java community, language-specific API standards like Java Message Service (JMS) and the Spring Framework's abstractions have alleviated that pain somewhat, but have a narrow feature scope and exclude developers using other languages.
-Furthermore, connecting messaging brokers from different vendors is tricky. This typically requires application-level bridging to move messages from one system to another and to translate between their proprietary message formats. This is a common requirement; for example, when you must provide a new unified interface to older disparate systems, or integrate IT systems following a merger. AMQP allows for interconnecting connecting brokers directly, for instance using routers like [Apache Qpid Dispatch Router](https://qpid.apache.org/components/dispatch-router/https://docsupdatetracker.net/index.html) or broker-native "shovels" like the one of [RabbitMQ](service-bus-integrate-with-rabbitmq.md).
+Furthermore, connecting messaging brokers from different vendors is tricky. It typically requires application-level bridging to move messages from one system to another and to translate between their proprietary message formats. It's a common requirement; for example, when you must provide a new unified interface to older disparate systems, or integrate IT systems following a merger. AMQP allows for interconnecting connecting brokers directly, for instance using routers like [Apache Qpid Dispatch Router](https://qpid.apache.org/components/dispatch-router/https://docsupdatetracker.net/index.html) or broker-native "shovels" like the one of [RabbitMQ](service-bus-integrate-with-rabbitmq.md).
-The software industry is a fast-moving business; new programming languages and application frameworks are introduced at a sometimes bewildering pace. Similarly, the requirements of IT systems evolve over time and developers want to take advantage of the latest platform features. However, sometimes the selected messaging vendor does not support these platforms. If messaging protocols are proprietary, it's not possible for others to provide libraries for these new platforms. Therefore, you must use approaches such as building gateways or bridges that enable you to continue to use the messaging product.
+The software industry is a fast-moving business; new programming languages and application frameworks are introduced at a sometimes bewildering pace. Similarly, the requirements of IT systems evolve over time and developers want to take advantage of the latest platform features. However, sometimes the selected messaging vendor doesn't support these platforms. If messaging protocols are proprietary, it's not possible for others to provide libraries for these new platforms. Therefore, you must use approaches such as building gateways or bridges that enable you to continue to use the messaging product.
The development of the Advanced Message Queuing Protocol (AMQP) 1.0 was motivated by these issues. It originated at JP Morgan Chase, who, like most financial services firms, are heavy users of message-oriented middleware. The goal was simple: to create an open-standard messaging protocol that made it possible to build message-based applications using components built using different languages, frameworks, and operating systems, all using best-of-breed components from a range of suppliers. ## AMQP 1.0 technical features
-AMQP 1.0 is an efficient, reliable, wire-level messaging protocol that you can use to build robust, cross-platform, messaging applications. The protocol has a simple goal: to define the mechanics of the secure, reliable, and efficient transfer of messages between two parties. The messages themselves are encoded using a portable data representation that enables heterogeneous senders and receivers to exchange structured business messages at full fidelity. The following is a summary of the most important features:
+AMQP 1.0 is an efficient, reliable, wire-level messaging protocol that you can use to build robust, cross-platform, messaging applications. The protocol has a simple goal: to define the mechanics of the secure, reliable, and efficient transfer of messages between two parties. The messages themselves are encoded using a portable data representation that enables heterogeneous senders and receivers to exchange structured business messages at full fidelity. Here's a summary of the most important features:
-* **Efficient**: AMQP 1.0 is a connection-oriented protocol that uses a binary encoding for the protocol instructions and the business messages transferred over it. It incorporates sophisticated flow-control schemes to maximize the utilization of the network and the connected components. That said, the protocol was designed to strike a balance between efficiency, flexibility and interoperability.
-* **Reliable**: The AMQP 1.0 protocol allows messages to be exchanged with a range of reliability guarantees, from fire-and-forget to reliable, exactly-once acknowledged delivery.
+* **Efficient**: AMQP 1.0 is a connection-oriented protocol that uses a binary encoding for the protocol instructions and the business messages transferred over it. It incorporates sophisticated flow-control schemes to maximize the utilization of the network and the connected components. That said, the protocol was designed to strike a balance between efficiency, flexibility, and interoperability.
+* **Reliable**: The AMQP 1.0 protocol allows messages to be exchanged with a range of reliability guarantees, from fire-and-forget to reliable, exactly once acknowledged delivery.
* **Flexible**: AMQP 1.0 is a flexible protocol that can be used to support different topologies. The same protocol can be used for client-to-client, client-to-broker, and broker-to-broker communications.
-* **Broker-model independent**: The AMQP 1.0 specification does not make any requirements on the messaging model used by a broker. This means that it's possible to easily add AMQP 1.0 support to existing messaging brokers.
+* **Broker-model independent**: The AMQP 1.0 specification doesn't make any requirements on the messaging model used by a broker. This means that it's possible to easily add AMQP 1.0 support to existing messaging brokers.
## AMQP 1.0 is a Standard (with a capital 'S') AMQP 1.0 is an international standard, approved by ISO and IEC as ISO/IEC 19464:2014.
Some of the commonly cited benefits of open standards include:
* Lower and manageable risk ## AMQP 1.0 and Service Bus
-AMQP 1.0 support in Azure Service Bus means that you can leverage the Service Bus queuing and publish/subscribe brokered messaging features from a range of platforms using an efficient binary protocol. Furthermore, you can build applications comprised of components built using a mix of languages, frameworks, and operating systems.
+AMQP 1.0 support in Azure Service Bus means that you can use the Service Bus queuing and publish/subscribe brokered messaging features from a range of platforms using an efficient binary protocol. Furthermore, you can build applications comprised of components built using a mix of languages, frameworks, and operating systems.
The following figure illustrates an example deployment in which Java clients running on Linux, written using the standard Java Message Service (JMS) API and .NET clients running on Windows, exchange messages via Service Bus using AMQP 1.0.
service-fabric Release Notes https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/service-fabric/release-notes.md
hideEdit: true
This article provides more information on the latest releases and updates to the Service Fabric runtime and SDKs.
-## Service Fabric 7.2
+## Service Fabric 8.0
-We're excited to announce that 7.2 release of the Service Fabric runtime has started rolling out to the various Azure regions along with tooling and SDK updates. The updates for .NET SDK, Java SDK and Service Fabric runtime are available through Web Platform Installer, NuGet packages and Maven repositories.
+We are excited to announce that 8.0 release of the Service Fabric runtime has started rolling out to the various Azure regions along with tooling and SDK updates. The updates for .NET SDK, Java SDK and Service Fabric runtime are available through Web Platform Installer, NuGet packages and Maven repositories.
### Key Announcements
+- **General Availability** of support for .NET 5 for Windows
+- **General Availability** of [Stateless NodeTypes](https://docs.microsoft.com/azure/service-fabric/service-fabric-stateless-node-types)
+- Ability to move stateless service instances
+- Ability to add parameterized DefaultLoad in the application manifest
+- For singleton replica upgrades - ability to have some of the cluster level settings to be defined at an application level
+- Ability for smart placement based on node tags
+- Ability to define percentage threshold of unhealthy nodes that influence cluster health
+- Ability to query top loaded services
+- Ability to add a new interval for new error codes
+- Capability to mark service instance as completed
+- Support for wave-based deployment model for automatic upgrades
+- Added readiness probe for containerized applications
+- Enable UseSeparateSecondaryMoveCost to true by default
+- Fixed StateManager to release the reference as soon as safe to release
+- Block Central Secret Service removal while storing user secrets
++
+### Service Fabric 8.0 releases
+| Release date | Release | More info |
+||||
+| April 08, 2021 | [Azure Service Fabric 8.0](https://techcommunity.microsoft.com/t5/azure-service-fabric/azure-service-fabric-8-0-release/ba-p/2260016) | [Release notes](https://github.com/microsoft/service-fabric/blob/master/release_notes/Service_Fabric_ReleaseNotes_80.md)|
++
+## Previous versions
+
+### Service Fabric 7.2
+
+#### Key Announcements
+ - **Preview**: [**Service Fabric managed clusters**](https://techcommunity.microsoft.com/t5/azure-service-fabric/azure-service-fabric-managed-clusters-are-now-in-public-preview/ba-p/1721572) are now in public preview. Service Fabric managed clusters aim to simplify cluster deployment and management by encapsulating the underlying resources that make up a Service Fabric cluster into a single ARM resource. For more details see, [Service Fabric managed cluster overview](./overview-managed-cluster.md). - **Preview**: [**Supporting stateless services with a number of instances greater than the number of nodes**](./service-fabric-cluster-resource-manager-advanced-placement-rules-placement-policies.md) is now in public preview. A placement policy enables the creation of multiple stateless instances of a partition on a node. - [**FabricObserver (FO) 3.0**](https://aka.ms/sf/fabricobserver) is now available.
We're excited to announce that 7.2 release of the Service Fabric runtime has sta
- **RunToCompletion**: Service Fabric supports concept of run to completion for guest executables. With this update once the replica runs to completion, the cluster resources allocated to this replica will be released. - [**Resource governance support has been enhanced**](./service-fabric-resource-governance.md): allowing requests and limits specifications for cpu and memory resources.
-### Service Fabric 7.2 releases
+#### Service Fabric 7.2 releases
| Release date | Release | More info | |||| | October 21, 2020 | [Azure Service Fabric 7.2](https://techcommunity.microsoft.com/t5/azure-service-fabric/azure-service-fabric-7-2-release/ba-p/1805653) | [Release notes](https://github.com/microsoft/service-fabric/blob/master/release_notes/Service-Fabric-72-releasenotes.md)|
We're excited to announce that 7.2 release of the Service Fabric runtime has sta
| February 17, 2021 | [Azure Service Fabric 7.2 Sixth Refresh Release](https://techcommunity.microsoft.com/t5/azure-service-fabric/azure-service-fabric-sixth-refresh-release/ba-p/2144685) | [Release notes](https://github.com/microsoft/service-fabric/blob/master/release_notes/Service-Fabric-72CU6-ReleaseNotes.md) | March 10, 2021 | [Azure Service Fabric 7.2 Seventh Refresh Release](https://techcommunity.microsoft.com/t5/azure-service-fabric/azure-service-fabric-seventh-refresh-release/ba-p/2201100) | [Release notes](https://github.com/microsoft/service-fabric/blob/master/release_notes/Service-Fabric-72CU7-releasenotes.md)
-## Previous versions
### Service Fabric 7.1
site-recovery Azure To Azure Support Matrix https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/site-recovery/azure-to-azure-support-matrix.md
Oracle Linux | 6.4, 6.5, 6.6, 6.7, 6.8, 6.9, 6.10, 7.0, 7.1, 7.2, 7.3, 7.4, 7.5,
| | | 14.04 LTS | [9.37](https://support.microsoft.com/help/4582666/), [9.38](https://support.microsoft.com/help/4590304/), [9.39](https://support.microsoft.com/help/4597409/), [9.40](https://support.microsoft.com/en-us/topic/update-rollup-53-for-azure-site-recovery-060268ef-5835-bb49-7cbc-e8c1e6c6e12a), [9.41](https://support.microsoft.com/en-us/topic/update-rollup-54-for-azure-site-recovery-50873c7c-272c-4a7a-b9bb-8cd59c230533)| 3.13.0-24-generic to 3.13.0-170-generic,<br/>3.16.0-25-generic to 3.16.0-77-generic,<br/>3.19.0-18-generic to 3.19.0-80-generic,<br/>4.2.0-18-generic to 4.2.0-42-generic,<br/>4.4.0-21-generic to 4.4.0-148-generic,<br/>4.15.0-1023-azure to 4.15.0-1045-azure | |||
-16.04 LTS | [9.41](https://support.microsoft.com/en-us/topic/update-rollup-54-for-azure-site-recovery-50873c7c-272c-4a7a-b9bb-8cd59c230533) | 4.4.0-21-generic to 4.4.0-201-generic,<br/>4.8.0-34-generic to 4.8.0-58-generic,<br/>4.10.0-14-generic to 4.10.0-42-generic,<br/>4.11.0-13-generic to 4.11.0-14-generic,<br/>4.13.0-16-generic to 4.13.0-45-generic,<br/>4.15.0-13-generic to 4.15.0-133-generic<br/>4.11.0-1009-azure to 4.11.0-1016-azure,<br/>4.13.0-1005-azure to 4.13.0-1018-azure <br/>4.15.0-1012-azure to 4.15.0-1106-azure <br/> 4.4.0-203-generic, 4.4.0-204-generic, 4.4.0-206-generic, 4.15.0-136-generic, 4.15.0-137-generic, 4.15.0-139-generic, 4.15.0-1108-azure, 4.15.0-1109-azure, 4.15.0-1110-azure through 9.41 hot fix patch**|
+16.04 LTS | [9.41](https://support.microsoft.com/en-us/topic/update-rollup-54-for-azure-site-recovery-50873c7c-272c-4a7a-b9bb-8cd59c230533) | 4.4.0-21-generic to 4.4.0-201-generic,<br/>4.8.0-34-generic to 4.8.0-58-generic,<br/>4.10.0-14-generic to 4.10.0-42-generic,<br/>4.11.0-13-generic to 4.11.0-14-generic,<br/>4.13.0-16-generic to 4.13.0-45-generic,<br/>4.15.0-13-generic to 4.15.0-133-generic<br/>4.11.0-1009-azure to 4.11.0-1016-azure,<br/>4.13.0-1005-azure to 4.13.0-1018-azure <br/>4.15.0-1012-azure to 4.15.0-1106-azure <br/> 4.4.0-203-generic, 4.4.0-204-generic, 4.4.0-206-generic, 4.15.0-136-generic, 4.15.0-137-generic, 4.15.0-139-generic, 4.15.0-140-generic, 4.15.0-1108-azure, 4.15.0-1109-azure, 4.15.0-1110-azure, 4.15.0-1111-azure through 9.41 hot fix patch**|
16.04 LTS | [9.40](https://support.microsoft.com/en-us/topic/update-rollup-53-for-azure-site-recovery-060268ef-5835-bb49-7cbc-e8c1e6c6e12a) | 4.4.0-21-generic to 4.4.0-197-generic,<br/>4.8.0-34-generic to 4.8.0-58-generic,<br/>4.10.0-14-generic to 4.10.0-42-generic,<br/>4.11.0-13-generic to 4.11.0-14-generic,<br/>4.13.0-16-generic to 4.13.0-45-generic,<br/>4.15.0-13-generic to 4.15.0-128-generic<br/>4.11.0-1009-azure to 4.11.0-1016-azure,<br/>4.13.0-1005-azure to 4.13.0-1018-azure <br/>4.15.0-1012-azure to 4.15.0-1102-azure </br> 4.15.0-132-generic, 4.4.0-200-generic, 4.15.0-1106-azure, 4.15.0-133-generic, 4.4.0-201-generic through 9.40 hot fix patch**| 16.04 LTS | [9.39](https://support.microsoft.com/help/4597409/) | 4.4.0-21-generic to 4.4.0-194-generic,<br/>4.8.0-34-generic to 4.8.0-58-generic,<br/>4.10.0-14-generic to 4.10.0-42-generic,<br/>4.11.0-13-generic to 4.11.0-14-generic,<br/>4.13.0-16-generic to 4.13.0-45-generic,<br/>4.15.0-13-generic to 4.15.0-123-generic<br/>4.11.0-1009-azure to 4.11.0-1016-azure,<br/>4.13.0-1005-azure to 4.13.0-1018-azure <br/>4.15.0-1012-azure to 4.15.0-1098-azure </br> 4.4.0-197-generic, 4.15.0-126-generic, 4.15.0-128-generic, 4.15.0-1100-azure, 4.15.0-1102-azure through 9.39 hot fix patch**| 16.04 LTS | [9.38](https://support.microsoft.com/help/4590304/) | 4.4.0-21-generic to 4.4.0-190-generic,<br/>4.8.0-34-generic to 4.8.0-58-generic,<br/>4.10.0-14-generic to 4.10.0-42-generic,<br/>4.11.0-13-generic to 4.11.0-14-generic,<br/>4.13.0-16-generic to 4.13.0-45-generic,<br/>4.15.0-13-generic to 4.15.0-118-generic<br/>4.11.0-1009-azure to 4.11.0-1016-azure,<br/>4.13.0-1005-azure to 4.13.0-1018-azure <br/>4.15.0-1012-azure to 4.15.0-1096-azure </br> 4.4.0-193-generic, 4.15.0-120-generic, 4.15.0-122-generic, 4.15.0-1098-azure through 9.38 hot fix patch**| 16.04 LTS | [9.37](https://support.microsoft.com/help/4582666/) | 4.4.0-21-generic to 4.4.0-189-generic,<br/>4.8.0-34-generic to 4.8.0-58-generic,<br/>4.10.0-14-generic to 4.10.0-42-generic,<br/>4.11.0-13-generic to 4.11.0-14-generic,<br/>4.13.0-16-generic to 4.13.0-45-generic,<br/>4.15.0-13-generic to 4.15.0-115-generic<br/>4.11.0-1009-azure to 4.11.0-1016-azure,<br/>4.13.0-1005-azure to 4.13.0-1018-azure <br/>4.15.0-1012-azure to 4.15.0-1093-azure </br> 4.4.0-190-generic, 4.15.0-117-generic, 4.15.0-118-generic, 4.15.0-1095-azure, 4.15.0-1096-azure through 9.37 hot fix patch**| |||
-18.04 LTS | [9.41](https://support.microsoft.com/en-us/topic/update-rollup-54-for-azure-site-recovery-50873c7c-272c-4a7a-b9bb-8cd59c230533) | 4.15.0-20-generic to 4.15.0-135-generic </br> 4.18.0-13-generic to 4.18.0-25-generic </br> 5.0.0-15-generic to 5.0.0-65-generic </br> 5.3.0-19-generic to 5.3.0-70-generic </br> 5.4.0-37-generic to 5.4.0-59-generic</br> 5.4.0-60-generic to 5.4.0-65-generic </br> 4.15.0-1009-azure to 4.15.0-1106-azure </br> 4.18.0-1006-azure to 4.18.0-1025-azure </br> 5.0.0-1012-azure to 5.0.0-1036-azure </br> 5.3.0-1007-azure to 5.3.0-1035-azure </br> 5.4.0-1020-azure to 5.4.0-1039-azure </br> 4.15.0-136-generic, 4.15.0-137-generic, 4.15.0-139-generic, 5.4.0-66-generic, 5.4.0-67-generic, 4.15.0-1108-azure, 5.4.0-1040-azure, 5.4.0-1041-azure, 4.15.0-1109-azure, 4.15.0-1110-azure through 9.41 hot fix patch**|
+18.04 LTS | [9.41](https://support.microsoft.com/en-us/topic/update-rollup-54-for-azure-site-recovery-50873c7c-272c-4a7a-b9bb-8cd59c230533) | 4.15.0-20-generic to 4.15.0-135-generic </br> 4.18.0-13-generic to 4.18.0-25-generic </br> 5.0.0-15-generic to 5.0.0-65-generic </br> 5.3.0-19-generic to 5.3.0-70-generic </br> 5.4.0-37-generic to 5.4.0-59-generic</br> 5.4.0-60-generic to 5.4.0-65-generic </br> 4.15.0-1009-azure to 4.15.0-1106-azure </br> 4.18.0-1006-azure to 4.18.0-1025-azure </br> 5.0.0-1012-azure to 5.0.0-1036-azure </br> 5.3.0-1007-azure to 5.3.0-1035-azure </br> 5.4.0-1020-azure to 5.4.0-1039-azure </br> 4.15.0-136-generic, 4.15.0-137-generic, 4.15.0-139-generic, 4.15.0-140-generic, 5.3.0-72-generic, 5.4.0-66-generic, 5.4.0-67-generic, 5.4.0-70-generic, 4.15.0-1108-azure, 4.15.0-1111-azure, 5.4.0-1040-azure, 5.4.0-1041-azure, 5.4.0-1043-azure, 4.15.0-1109-azure, 4.15.0-1110-azure through 9.41 hot fix patch**|
18.04 LTS | [9.40](https://support.microsoft.com/en-us/topic/update-rollup-53-for-azure-site-recovery-060268ef-5835-bb49-7cbc-e8c1e6c6e12a) | 4.15.0-20-generic to 4.15.0-129-generic </br> 4.18.0-13-generic to 4.18.0-25-generic </br> 5.0.0-15-generic to 5.0.0-63-generic </br> 5.3.0-19-generic to 5.3.0-69-generic </br> 5.4.0-37-generic to 5.4.0-59-generic</br> 4.15.0-1009-azure to 4.15.0-1103-azure </br> 4.18.0-1006-azure to 4.18.0-1025-azure </br> 5.0.0-1012-azure to 5.0.0-1036-azure </br> 5.3.0-1007-azure to 5.3.0-1035-azure </br> 5.4.0-1020-azure to 5.4.0-1035-azure </br> 4.15.0-1104-azure, 4.15.0-130-generic, 4.15.0-132-generic, 5.4.0-1036-azure, 5.4.0-60-generic, 5.4.0-62-generic, 4.15.0-1106-azure, 4.15.0-134-generic, 4.15.0-135-generic, 5.4.0-1039-azure, 5.4.0-64-generic, 5.4.0-65-generic through 9.40 hot fix patch**| 18.04 LTS | [9.39](https://support.microsoft.com/help/4597409/) | 4.15.0-20-generic to 4.15.0-123-generic </br> 4.18.0-13-generic to 4.18.0-25-generic </br> 5.0.0-15-generic to 5.0.0-63-generic </br> 5.3.0-19-generic to 5.3.0-69-generic </br> 5.4.0-37-generic to 5.4.0-53-generic</br> 4.15.0-1009-azure to 4.15.0-1099-azure </br> 4.18.0-1006-azure to 4.18.0-1025-azure </br> 5.0.0-1012-azure to 5.0.0-1036-azure </br> 5.3.0-1007-azure to 5.3.0-1035-azure </br> 5.4.0-1020-azure to 5.4.0-1031-azure </br> 4.15.0-124-generic, 5.4.0-54-generic, 5.4.0-1032-azure, 5.4.0-56-generic, 4.15.0-1100-azure, 4.15.0-126-generic, 4.15.0-128-generic, 5.4.0-58-generic, 4.15.0-1102-azure, 5.4.0-1034-azure through 9.39 hot fix patch**| 18.04 LTS | [9.38](https://support.microsoft.com/help/4590304/) | 4.15.0-20-generic to 4.15.0-118-generic </br> 4.18.0-13-generic to 4.18.0-25-generic </br> 5.0.0-15-generic to 5.0.0-61-generic </br> 5.3.0-19-generic to 5.3.0-67-generic </br> 5.4.0-37-generic to 5.4.0-48-generic</br> 4.15.0-1009-azure to 4.15.0-1096-azure </br> 4.18.0-1006-azure to 4.18.0-1025-azure </br> 5.0.0-1012-azure to 5.0.0-1036-azure </br> 5.3.0-1007-azure to 5.3.0-1035-azure </br> 5.4.0-1020-azure to 5.4.0-1026-azure </br> 4.15.0-121-generic, 4.15.0-122-generic, 5.0.0-62-generic, 5.3.0-68-generic, 5.4.0-51-generic, 5.4.0-52-generic, 4.15.0-1099-azure, 5.4.0-1031-azure through 9.38 hot fix patch**| 18.04 LTS | [9.37](https://support.microsoft.com/help/4582666/) | 4.15.0-20-generic to 4.15.0-115-generic </br> 4.18.0-13-generic to 4.18.0-25-generic </br> 5.0.0-15-generic to 5.0.0-60-generic </br> 5.3.0-19-generic to 5.3.0-66-generic </br> 5.4.0-37-generic to 5.4.0-45-generic</br> 4.15.0-1009-azure to 4.15.0-1093-azure </br> 4.18.0-1006-azure to 4.18.0-1025-azure </br> 5.0.0-1012-azure to 5.0.0-1036-azure </br> 5.3.0-1007-azure to 5.3.0-1035-azure </br> 5.4.0-1020-azure to 5.4.0-1023-azure</br> 4.15.0-117-generic, 4.15.0-118-generic, 5.0.0-61-generic, 5.3.0-67-generic, 5.4.0-47-generic, 5.4.0-48-generic, 4.15.0-1095-azure, 4.15.0-1096-azure, 5.4.0-1025-azure, 5.4.0-1026-azure through 9.37 hot fix patch**| |||
-20.04 LTS |[9.41](https://support.microsoft.com/en-us/topic/update-rollup-54-for-azure-site-recovery-50873c7c-272c-4a7a-b9bb-8cd59c230533)| 5.4.0-26-generic to 5.4.0-65 </br> -generic 5.4.0-1010-azure to 5.4.0-1039-azure </br> 5.8.0-29-generic to 5.8.0-43-generic </br> 5.4.0-66-generic, 5.4.0-67-generic, 5.8.0-44-generic, 5.8.0-45-generic, 5.4.0-1040-azure, 5.4.0-1041-azure through 9.41 hot fix patch**|
+20.04 LTS |[9.41](https://support.microsoft.com/en-us/topic/update-rollup-54-for-azure-site-recovery-50873c7c-272c-4a7a-b9bb-8cd59c230533)| 5.4.0-26-generic to 5.4.0-65 </br> -generic 5.4.0-1010-azure to 5.4.0-1039-azure </br> 5.8.0-29-generic to 5.8.0-43-generic </br> 5.4.0-66-generic, 5.4.0-67-generic, 5.4.0-70-generic, 5.8.0-44-generic, 5.8.0-45-generic, 5.8.0-48-generic, 5.4.0-1040-azure, 5.4.0-1041-azure, 5.4.0-1043-azure through 9.41 hot fix patch**|
20.04 LTS |[9.40](https://support.microsoft.com/en-us/topic/update-rollup-53-for-azure-site-recovery-060268ef-5835-bb49-7cbc-e8c1e6c6e12a)| 5.4.0-26-generic to 5.4.0-59 </br> -generic 5.4.0-1010-azure to 5.4.0-1035-azure </br> 5.8.0-29-generic to 5.8.0-34-generic </br> 5.4.0-1036-azure, 5.4.0-60-generic, 5.4.0-62-generic, 5.8.0-36-generic, 5.8.0-38-generic, 5.4.0-1039-azure, 5.4.0-64-generic, 5.4.0-65-generic, 5.8.0-40-generic, 5.8.0-41-generic through 9.40 hot fix patch**| 20.04 LTS |[9.39](https://support.microsoft.com/help/4597409/) | 5.4.0-26-generic to 5.4.0-53 </br> -generic 5.4.0-1010-azure to 5.4.0-1031-azure </br> 5.4.0-54-generic, 5.8.0-29-generic, 5.4.0-1032-azure, 5.4.0-56-generic, 5.8.0-31-generic, 5.8.0-33-generic, 5.4.0-58-generic, 5.4.0-1034-azure through 9.39 hot fix patch** 20.04 LTS |[9.39](https://support.microsoft.com/help/4597409/) | 5.4.0-26-generic to 5.4.0-53 </br> -generic 5.4.0-1010-azure to 5.4.0-1031-azure </br> 5.4.0-54-generic, 5.8.0-29-generic, 5.4.0-1032-azure, 5.4.0-56-generic, 5.8.0-31-generic, 5.8.0-33-generic, 5.4.0-58-generic, 5.4.0-1034-azure through 9.39 hot fix patch**
Debian 7 | [9.37](https://support.microsoft.com/help/4582666/), [9.38](https://s
||| Debian 8 | [9.37](https://support.microsoft.com/help/4582666/), [9.38](https://support.microsoft.com/help/4590304/), [9.39](https://support.microsoft.com/help/4597409/), [9.40](https://support.microsoft.com/en-us/topic/update-rollup-53-for-azure-site-recovery-060268ef-5835-bb49-7cbc-e8c1e6c6e12a), [9.41](https://support.microsoft.com/en-us/topic/update-rollup-54-for-azure-site-recovery-50873c7c-272c-4a7a-b9bb-8cd59c230533) | 3.16.0-4-amd64 to 3.16.0-11-amd64, 4.9.0-0.bpo.4-amd64 to 4.9.0-0.bpo.11-amd64 | |||
-Debian 9.1 | [9.41](https://support.microsoft.com/en-us/topic/update-rollup-54-for-azure-site-recovery-50873c7c-272c-4a7a-b9bb-8cd59c230533) | 4.9.0-1-amd64 to 4.9.0-14-amd64 </br> 4.19.0-0.bpo.1-amd64 to 4.19.0-0.bpo.14-amd64 </br> 4.19.0-0.bpo.1-cloud-amd64 to 4.19.0-0.bpo.14-cloud-amd64 </br> 4.9.0-15-amd64 through 9.41 hot fix patch**
+Debian 9.1 | [9.41](https://support.microsoft.com/en-us/topic/update-rollup-54-for-azure-site-recovery-50873c7c-272c-4a7a-b9bb-8cd59c230533) | 4.9.0-1-amd64 to 4.9.0-14-amd64 </br> 4.19.0-0.bpo.1-amd64 to 4.19.0-0.bpo.14-amd64 </br> 4.19.0-0.bpo.1-cloud-amd64 to 4.19.0-0.bpo.14-cloud-amd64 </br> 4.9.0-15-amd64, 4.19.0-0.bpo.16-amd64, 4.19.0-0.bpo.16-cloud-amd64 through 9.41 hot fix patch**
Debian 9.1 | [9.40](https://support.microsoft.com/en-us/topic/update-rollup-53-for-azure-site-recovery-060268ef-5835-bb49-7cbc-e8c1e6c6e12a) | 4.9.0-1-amd64 to 4.9.0-14-amd64 </br> 4.19.0-0.bpo.1-amd64 to 4.19.0-0.bpo.13-amd64 </br> 4.19.0-0.bpo.1-cloud-amd64 to 4.19.0-0.bpo.13-cloud-amd64 Debian 9.1 | [9.39](https://support.microsoft.com/help/4597409/) | 4.9.0-1-amd64 to 4.9.0-14-amd64 </br> 4.19.0-0.bpo.1-amd64 to 4.19.0-0.bpo.12-amd64 </br> 4.19.0-0.bpo.1-cloud-amd64 to 4.19.0-0.bpo.12-cloud-amd64 </br> 4.19.0-0.bpo.13-amd64, 4.19.0-0.bpo.13-cloud-amd64 through 9.39 hot fix patch**</br> Debian 9.1 | [9.38](https://support.microsoft.com/help/4590304/) | 4.9.0-1-amd64 to 4.9.0-13-amd64 </br> 4.19.0-0.bpo.1-amd64 to 4.19.0-0.bpo.11-amd64 </br> 4.19.0-0.bpo.1-cloud-amd64 to 4.19.0-0.bpo.11-cloud-amd64 </br> 4.9.0-14-amd64, 4.19.0-0.bpo.12-amd64, 4.19.0-0.bpo.12-cloud-amd64 through 9.38 hot fix patch** Debian 9.1 | [9.37](https://support.microsoft.com/help/4582666/) | 4.9.0-3-amd64 to 4.9.0-13-amd64, 4.19.0-0.bpo.6-amd64 to 4.19.0-0.bpo.10-amd64, 4.19.0-0.bpo.6-cloud-amd64 to 4.19.0-0.bpo.10-cloud-amd64 |||
-Debian 10 | [9.41](https://support.microsoft.com/en-us/topic/update-rollup-54-for-azure-site-recovery-50873c7c-272c-4a7a-b9bb-8cd59c230533) | 4.19.0-5-amd64 to 4.19.0-14-amd64 </br> 4.19.0-6-cloud-amd64 to 4.19.0-14-cloud-amd64 </br> 5.8.0-0.bpo.2-amd64 </br> 5.8.0-0.bpo.2-cloud-amd64 </br> 4.19.0-10-cloud-amd64 through 9.41 hot fix patch**
+Debian 10 | [9.41](https://support.microsoft.com/en-us/topic/update-rollup-54-for-azure-site-recovery-50873c7c-272c-4a7a-b9bb-8cd59c230533) | 4.19.0-5-amd64 to 4.19.0-14-amd64 </br> 4.19.0-6-cloud-amd64 to 4.19.0-14-cloud-amd64 </br> 5.8.0-0.bpo.2-amd64 </br> 5.8.0-0.bpo.2-cloud-amd64 </br> 4.19.0-10-cloud-amd64, 4.19.0-16-amd64, 4.19.0-16-cloud-amd64 through 9.41 hot fix patch**
Debian 10 | [9.40](https://support.microsoft.com/en-us/topic/update-rollup-53-for-azure-site-recovery-060268ef-5835-bb49-7cbc-e8c1e6c6e12a) | 4.19.0-5-amd64 to 4.19.0-13-amd64 </br> 4.19.0-6-cloud-amd64 to 4.19.0-13-cloud-amd64 </br> 5.8.0-0.bpo.2-amd64 </br> 5.8.0-0.bpo.2-cloud-amd64 #### Supported SUSE Linux Enterprise Server 12 kernel versions for Azure virtual machines
stream-analytics Create Cluster https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/stream-analytics/create-cluster.md
Previously updated : 09/22/2020 Last updated : 04/09/2021 # Quickstart: Create a dedicated Azure Stream Analytics cluster using Azure portal
synapse-analytics Get Started Analyze Spark https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/synapse-analytics/get-started-analyze-spark.md
In this tutorial, you'll learn the basic steps to load and analyze data with Apa
A serverless Spark pool is a way of indicating how a user wants to work with Spark. When you start using a pool a Spark session is created if needed. The pool controls how many Spark resources will be used by that session and how long the session will last before it automatically pauses. You pay for spark resources used during that session not for the pool itself. In this way a Spark pool lets you work with Spark, without having to worry managing clusters. This is similar to how a serverless SQL pool works.
-## Analyze NYC Taxi data in blob storage using Spark
+## Analyze NYC Taxi data with a Spark pool
1. In Synapse Studio, go to the **Develop** hub
-2. Create a new Notebook with the default language set to **PySpark (Python)**.
+2. Create a new Notebook
3. Create a new code cell and paste the following code into that cell. ```py %%pyspark
A serverless Spark pool is a way of indicating how a user wants to work with Spa
1. If you just want to see the schema of the dataframe run a cell with the following code: ```py
+ %%pyspark
df.printSchema() ``` ## Load the NYC Taxi data into the Spark nyctaxi database
-Data is available via the dataframe named **data**. Load it into a Spark database named **nyctaxi**.
+Data is available via the dataframe named **df**. Load it into a Spark database named **nyctaxi**.
1. Add a new code cell to the notebook, and then enter the following code: ```py
+ %%pyspark
spark.sql("CREATE DATABASE IF NOT EXISTS nyctaxi") df.write.mode("overwrite").saveAsTable("nyctaxi.trip") ``` ## Analyze the NYC Taxi data using Spark and notebooks
-1. Return to your notebook.
1. Create a new code cell and enter the following code. ```py
synapse-analytics Get Started Analyze Sql On Demand https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/synapse-analytics/get-started-analyze-sql-on-demand.md
Serverless SQL pools let you use SQL without having to reserve capacity. Billing
Every workspace comes with a pre-configured serverless SQL pool called **Built-in**.
-## Analyze NYC Taxi data in blob storage using serverless SQL pool
+## Analyze NYC Taxi data with a serverless SQL pool
-In this section, you'll use a serverless SQL pool to analyze NYC Taxi data in an Azure Blob Storage account.
1. In Synapse Studio, go to the **Develop** hub 1. Create a new SQL script.
synapse-analytics Get Started Analyze Sql Pool https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/synapse-analytics/get-started-analyze-sql-pool.md
A dedicated SQL pool consumes billable resources as long as it's active. You can
1. In Synapse Studio, go to the **Data** hub. 1. Go to **SQLPOOL1** > **Tables**.
-3. Right-click the **dbo.Trip** table and select **New SQL Script** > **Select TOP 100 Rows**.
+3. Right-click the **dbo.NYCTaxiTripSmall** table and select **New SQL Script** > **Select TOP 100 Rows**.
4. Wait while a new SQL script is created and runs. 5. Notice that at the top of the SQL script **Connect to** is automatically set to the SQL pool called **SQLPOOL1**. 6. Replace the text of the SQL script with this code and run it.
A dedicated SQL pool consumes billable resources as long as it's active. You can
SELECT PassengerCount, SUM(TripDistanceMiles) as SumTripDistance, AVG(TripDistanceMiles) as AvgTripDistance
- FROM dbo.Trip
+ FROM dbo.NYCTaxiTripSmall
WHERE TripDistanceMiles > 0 AND PassengerCount > 0 GROUP BY PassengerCount ORDER BY PassengerCount;
virtual-desktop Azure Monitor Costs https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/virtual-desktop/azure-monitor-costs.md
The predefined datasets for Azure Monitor for Windows Virtual Desktop include:
- Windows Event Logs from the session hosts - Windows Virtual Desktop diagnostics from the service infrastructure
-Your data ingestion and storage costs depend on your environment size, health, and usage. The example estimates we'll use in this article to calculate the cost ranges you can expect are based on healthy virtual machines running light to power usage, based on our [virtual machine sizing guidelines](/remote/remote-desktop-services/virtual-machine-recs), to calculate a range of data ingestion and storage costs you could expect.
+Your data ingestion and storage costs depend on your environment size, health, and usage. The example estimates we'll use in this article to calculate the cost ranges you can expect are based on healthy virtual machines running light to power usage, based on our [virtual machine sizing guidelines](/windows-server/remote/remote-desktop-services/virtual-machine-recs), to calculate a range of data ingestion and storage costs you could expect.
The light usage VM we'll be using in our example includes the following components:
virtual-desktop Key Distribution Center Proxy https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/virtual-desktop/key-distribution-center-proxy.md
There are two components to the Windows Virtual Desktop service that need to be
- The feed in the Windows Virtual Desktop client that gives users a list of available desktops or applications they have access to. This authentication process happens in Azure Active Directory, which means this component isn't the focus of this article. - The RDP session that results from a user selecting one of those available resources. This component uses Kerberos authentication and requires a KDC proxy for remote users.
-This article will show you how to configure the feed in the Windows Virtual Desktop client in the Azure portal. If you want to learn how to configure the RD Gateway role, see [Deploy the RD Gateway role](/windows-server/remote/rd-gateway-role).
+This article will show you how to configure the feed in the Windows Virtual Desktop client in the Azure portal. If you want to learn how to configure the RD Gateway role, see [Deploy the RD Gateway role](/azure/virtual-desktop/rd-gateway-role).
## Requirements
virtual-desktop Rd Gateway Role https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/virtual-desktop/rd-gateway-role.md
- Title: Deploy RD Gateway role Windows Virtual Desktop - Azure
-description: How to deploy the RD Gateway role in Windows Virtual Desktop.
-- Previously updated : 01/30/2021----
-# Deploy the RD Gateway role in Windows Virtual Desktop (preview)
-
-> [!IMPORTANT]
-> This feature is currently in public preview.
-> This preview version is provided without a service level agreement, and we don't recommend using it for production workloads. Certain features might not be supported or might have constrained capabilities.
-> For more information, see [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/).
-
-This article will tell you how to use the RD Gateway role (preview) to deploy Remote Desktop Gateway servers in your environment. You can install the server roles on physical machines or virtual machines depending on whether you are creating an on-premises, cloud-based, or hybrid environment.
-
-## Install the RD Gateway role
-
-1. Sign into the target server with administrative credentials.
-
-2. In **Server Manager**, select **Manage**, then select **Add Roles and Features**. The **Add Roles and Features** installer will open.
-
-3. In **Before You Begin**, select **Next**.
-
-4. In **Select Installation Type**, select **Role-Based or feature-based installation**, then select **Next**.
-
-5. For **Select destination server**, select **Select a server from the server pool**. For **Server Pool**, select the name of your local computer. When you're done, select **Next**.
-
-6. In **Select Server Roles** > **Roles**, select **Remote Desktop Services**. When you're done, select **Next**.
-
-7. In **Remote Desktop Services**, select **Next.**
-
-8. For **Select role services**, select only **Remote Desktop Gateway** When you're prompted to add required features, select **Add Features**. When you're done, select **Next**.
-
-9. For **Network Policy and Access Services**, select **Next**.
-
-10. For **Web Server Role (IIS)**, select **Next**.
-
-11. For **Select role services**, select **Next**.
-
-12. For **Confirm installation selections**, select **Install**. Don't close the installer while the installation process is happening.
-
-## Configure RD Gateway role
-
-Once the RD Gateway role is installed, you'll need to configure it.
-
-To configure the RD Gateway role:
-
-1. Open the **Server Manager**, then select **Remote Desktop Services**.
-
-2. Go to **Servers**, right-click the name of your server, then select **RD Gateway Manager**.
-
-3. In the RD Gateway Manager, right-click the name of your gateway, then select **Properties**.
-
-4. Open the **SSL Certificate** tab, select the **Import a certificate into the RD Gateway** bubble, then select **Browse and Import Certificate…**.
-
-5. Select the name of your PFX file, then select **Open**.
-
-6. Enter the password for the PFX file when prompted.
-
-7. After you've imported the certificate and its private key, the display should show the certificateΓÇÖs key attributes.
-
->[!NOTE]
->Because the RD Gateway role is supposed to be public, we recommend you use a publicly issued certificate. If you use a privately issued certificate, you'll need to make sure to configure all clients with the certificate's trust chain beforehand.
-
-## Next steps
-
-If you want to add high availability to your RD Gateway role, see [Add high availability to the RD Web and Gateway web front](/windows-server/remote/remote-desktop-services/rds-rdweb-gateway-ha).
virtual-desktop Start Virtual Machine Connect https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/virtual-desktop/start-virtual-machine-connect.md
Title: Start virtual machine connect - Azure
description: How to configure the start virtual machine on connect feature. Previously updated : 03/31/2021 Last updated : 04/10/2021
The following remote desktop clients support the Start VM on Connect feature:
You can check for announcements about updates and client support on the [Tech Community forum](https://aka.ms/wvdtc).
->[!IMPORTANT]
->The Start VM on Connect feature currently only supports PowerShell and REST API, not the Azure portal. For more information, see [Create or update a host pool](/rest/api/desktopvirtualization/hostpools/createorupdate).
+The Azure Government cloud doesn't currently support Start VM on Connect.
## Create a custom role for Start VM on Connect
Start VM on Connect is a host pool setting. If you only want a select group of u
>[!IMPORTANT] > You can only configure this feature in existing host pools. This feature isn't available when you create a new host pool.
+### Use the Azure portal
+
+To use the Azure portal to configure Start VM on Connect:
+
+1. Open your browser and go to [the Azure portal](https://portal.azure.com/?feature.startVMonConnect=true#home). We recommend you open the Azure portal in an InPrivate window.
+
+2. In the Azure portal, go to **Windows Virtual Desktop**.
+
+3. Select **Host pools**, then find the host pool that contains the personal desktops you assigned the role to.
+
+ >[!NOTE]
+ > The host pool you configure this feature in must have personal desktops with direct role assignments. If the desktops in the host pool aren't configured correctly, the configuration process won't work.
+
+4. In the host pool, select **Properties**. Under **Start VM on connect**, select **Yes**, then select **Save** to instantly apply the setting.
+
+ > [!div class="mx-imgBorder"]
+ > ![A screenshot of the Properties window. The Start VM on connect option is highlighted in red.](media/properties-start-vm-on-connect.png)
+ ### Use PowerShell To configure this setting with PowerShell, you need to make sure you have the names of the resource group and host pools you want to configure. You'll also need to install [the Azure PowerShell module (version 2.1.0 or later)](https://www.powershellgallery.com/packages/Az.DesktopVirtualization/2.1.0).
virtual-machines Overview https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/virtual-machines/windows/overview.md
This table shows some of the ways you can get a list of available locations.
| | | | Azure portal |Select a location from the list when you create a VM. | | Azure PowerShell |Use the [Get-AzLocation](/powershell/module/az.resources/get-azlocation) command. |
-| REST API |Use the [List locations](/rest/api/resources/subscriptions/subscriptions/listlocations) operation. |
+| REST API |Use the [List locations](/rest/api/resources/subscriptions/listlocations) operation. |
| Azure CLI |Use the [az account list-locations](/cli/azure/account) operation. | ## Availability
virtual-machines Get Started https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/virtual-machines/workloads/sap/get-started.md
ms.assetid: ad8e5c75-0cf6-4564-ae62-ea1246b4e5f2
vm-linux Previously updated : 03/17/2021 Last updated : 04/09/2021
In this section, you find documents about Microsoft Power BI integration into SA
## Change Log
+- 04/07/2021: Clarified support for SQL Server multi-instance and multi-database support in [SQL Server Azure Virtual Machines DBMS deployment for SAP NetWeaver](./dbms_guide_sqlserver.md)
+- 04/07/2021: Added information related to secondary IP addresses in [Azure Virtual Machines planning and implementation for SAP NetWeaver](./planning-guide.md)
+- 04/07/2021: added support for Oracle DBMS support on ANF in [Azure Storage types for SAP workload](./planning-guide-storage.md)
- 03/17/2021: Change in [HA for SAP HANA on Azure VMs on SLES](./sap-hana-high-availability.md), [HA for SAP HANA on Azure VMs on RHEL](./sap-hana-high-availability-rhel.md) and [HA for SAP HANA scale-up with ANF on RHEL](./sap-hana-high-availability-netapp-files-red-hat.md) to add instructions for HANA Active/Read-enabled system replication in Pacemaker cluster - 03/15/2021: Change in [SAP ASCS/SCS instance with WSFC and file share](./sap-high-availability-guide-wsfc-file-share.md),[Install SAP ASCS/SCS instance with WSFC and file share](./sap-high-availability-installation-wsfc-file-share.md) and [SAP ASCS/SCS multi-SID with WSFC and file share](./sap-ascs-ha-multi-sid-wsfc-file-share.md) to clarify that the SAP ASCS/SCS instances and the SOFS share must be deployed in separate clusters - 03/03/2021: Change in [HA guide for SAP ASCS/SCS with WSFC and Azure NetApp Files(SMB)](./high-availability-guide-windows-netapp-files-smb.md) to add a cautionary statement that elevated privileges are required for the the user running SWPM, during the installation of the SAP system
virtual-machines Planning Guide Storage https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/virtual-machines/workloads/sap/planning-guide-storage.md
ANF storage is currently supported for several SAP workload scenarios:
- [High availability for SAP NetWeaver on Azure VMs on SUSE Linux Enterprise Server with Azure NetApp Files for SAP applications](./high-availability-guide-suse-netapp-files.md) - [Azure Virtual Machines high availability for SAP NetWeaver on Red Hat Enterprise Linux with Azure NetApp Files for SAP applications](./high-availability-guide-rhel-netapp-files.md) - SAP HANA deployments using NFS v4.1 shares for /han)-- Oracle deployments in Oracle Linux guest OS using [dNFS]((https://docs.oracle.com/en/database/oracle/oracle-database/19/ntdbi/creating-an-oracle-database-on-direct-nfs.html#GUID-2A0CCBAB-9335-45A8-B8E3-7E8C4B889DEA) dOracle data and redo log volumes. Some more details can be found in the article [Azure Virtual Machines Oracle DBMS deployment for SAP workload](./dbms_guide_oracle.md)
+- Oracle deployments in Oracle Linux guest OS using [dNFS](https://docs.oracle.com/en/database/oracle/oracle-database/19/ntdbi/creating-an-oracle-database-on-direct-nfs.html#GUID-2A0CCBAB-9335-45A8-B8E3-7E8C4B889DEA) for Oracle data and redo log volumes. Some more details can be found in the article [Azure Virtual Machines Oracle DBMS deployment for SAP workload](./dbms_guide_oracle.md)
> [!NOTE] > No other DBMS workload is supported for Azure NetApp Files based NFS or SMB shares. Updates and changes will be provided if this is going to change.