- <!-- <OutputClaim ClaimTypeReferenceId="givenName" PartnerClaimType="given_name" /> -->

- <!-- <OutputClaim ClaimTypeReferenceId="surName" PartnerClaimType="family_name" />

- <OutputClaim ClaimTypeReferenceId="displayName" PartnerClaimType="name" /> -->

- <!-- <OutputClaim ClaimTypeReferenceId="email" PartnerClaimType="email" /> -->

-In this sample tutorial, learn how to integrate Azure Active Directory B2C (Azure AD B2C) authentication with the xID digital ID solution. The xID app provides users with passwordless, secure, multifactor authentication. xID-authenticated users obtain their identities verified by a My Number Card, the digital ID card issued by the Japanese government. Organizations can get users verified Personal Identification Information (customer content) through the xID API. Furthermore, the xID app generates a private key in a secure area within userΓÇÖs mobile device, which can be used as a digital signing device.

-| 1. |User opens Azure AD B2C's sign in page, and then signs in or signs up by entering their username. |

-| 2. |Azure AD B2C redirects the user to xID authorize API endpoint using an OpenID Connect (OIDC) request. An OIDC endpoint is available containing information about the endpoints. xID Identity provider (IdP) redirects the user to the xID authorization sign in page, allows the user to fill in or select their email address. |

-| 3. |xID IdP sends the push notification to the userΓÇÖs mobile device. |

-| 4. |The user opens the xID app and checks the request, then enters the PIN or authenticates with their biometrics. If PIN or biometrics is successfully verified, xID app activates the private key and creates an electronic signature. |

-| 6. |xID IdP shows consent screen to the user, requesting authorization to give their personal information to the service they're signing in. |

-| 8. |Using the authorization code, Azure AD B2C sends a token request. |

-| 9. |xID IdP checks the token request, and if still valid, returns the OAuth access token and the ID token containing the requested userΓÇÖs identifier and email address. |

-| 11. |The xID userdata API returns the userΓÇÖs encrypted customer content. User can decrypt it with their private key, which they create when they request the xID client information. |

-Request for API documents by filling out [the form](https://xid.inc/contact-us). In the message field, indicate that you would like to onboard with Azure AD B2C. The xID sales representatives will contact you. Follow the instructions provided in the xID API document and request a xID API client. xID tech team will send client information to you in 3-4 working days.

-To enable users to sign in using xID, you need to define xID as a claims provider that Azure AD B2C can communicate with through an endpoint. The endpoint provides a set of claims that are used by Azure AD B2C to verify that a specific user has authenticated using digital identity available on their device, proving the userΓÇÖs identity.

- <Item Key="DefaultUserMessageIfRequestFailed">Cannot process your request right now, please try again later.</Item>

-At this point, you've set up the identity provider, but it's not yet available in any of the sign in pages. If you've your own custom user journey continue to [step 4](#step-4-add-the-identity-provider-to-a-user-journey), otherwise, create a duplicate of an existing template user journey as follows:

-Now that you have a user journey, add the new identity provider to the user journey.

-1. Find the orchestration step element that includes Type=`CombinedSignInAndSignUp`, or Type=`ClaimsProviderSelection` in the user journey. It's usually the first orchestration step. The **ClaimsProviderSelections** element contains a list of identity providers that a user can sign in with. The order of the elements controls the order of the sign-in buttons presented to the user. Add a **ClaimsProviderSelection** XML element. Set the value of **TargetClaimsExchangeId** to a friendly name, such as `X-IDExchange`.

-2. In the next orchestration step, add a **ClaimsExchange** element. Set the **Id** to the value of the target claims exchange ID to link the xID button to `X-ID-SignIn` action. Update the value of **TechnicalProfileReferenceId** to the ID of the technical profile you created earlier.

- The following XML demonstrates orchestration steps of a user journey with the identity provider:

- ```xml

- b. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.

-5. Select **Upload Custom Policy**, and then upload the files in the **LocalAccounts** starter pack in the following order: the extension policy, for example `TrustFrameworkExtensions.xml`, then the relying party policy, such as `SignUpSignIn.xml`.

-## Step 6: Test your custom policy

-1. In your Azure AD B2C tenant blade, and under **Policies**, select **Identity Experience Framework**.

-4. Select **Run now**. Your browser should be redirected to the xID sign in page.

-5. If the sign-in process is successful, your browser is redirected to `https://jwt.ms`, which displays the contents of the token returned by Azure AD B2C.

-1. Under **Implicit grant and hybrid flows**, select both the **Access tokens (used for implicit flows)** and **D tokens (used for implicit and hybrid flows)** check boxes.

-## Device state (preview)

-**This preview feature is being deprecated.** Customers should use the **Filter for devices** condition in the Conditional Access policy, to satisfy scenarios previously achieved using device state (preview) condition.

-The above scenario, can be configured using *All users* accessing the *Microsoft Azure Management* cloud app with **Filter for devices** condition in include mode using the following rule **device.trustType -ne "ServerAD" -or device.isCompliant -ne True** and for *Access controls*, **Block**.

-The Microsoft identity platform stores only the first 10 signing keys when they're downloaded from the external IdP's OIDC endpoint. If the external IdP exposes more than 10 signing keys, you may experience errors when using Workload Identity Federation.

-The [Azure AD Audit Log](../reports-monitoring/concept-audit-logs.md) contains information on all delete operations performed in your tenant. We recommend that you export these logs to a security information and event management (SIEM) tool such as [Microsoft Sentinel](../../sentinel/overview.md). You can also use Microsoft Graph to audit changes and build a custom solution to monitor differences over time. For more information on finding deleted items using Microsoft Graph, see [List deleted items - Microsoft Graph v1.0. ](/graph/api/directory-deleteditems-list?view=graph-rest-1.0&tabs=http)

-The Audit Log always records a ΓÇ£Delete <object>ΓÇ¥ event when an object in the tenant is removed from an active state by either a soft or hard deletion.

-A delete event for applications, users, and Microsoft 365 Groups is a soft delete. For any other object type, it's a hard delete. Track the occurrence of hard-delete events by comparing ΓÇ£Delete <object>ΓÇ¥ events with the type of object that has been deleted, noting those that do not support soft-delete. In addition, note "Hard Delete <object>" events.

-* See [Restore deleted item ΓÇô Microsoft Graph v1.0](%20/graph/api/directory-deleteditems-restore?view=graph-rest-1.0&tabs=http) for restoring with Microsoft Graph.

-* To restore by using Microsoft Graph, see [Restore deleted item ΓÇô Microsoft Graph v1.0](/graph/api/directory-deleteditems-restore?view=graph-rest-1.0&tabs=http).

-* Frequently [list deleted items](/graph/api/directory-deleteditems-list?view=graph-rest-1.0&tabs=http).

-| Users, groups, and other directory objects| [directoryObject API](/graph/api/resources/directoryObject?view=graph-rest-1.0) |

-| Directory roles| [directoryRole API](/graph/api/resources/directoryrole?view=graph-rest-1.0) |

-| Conditional Access policies| [Conditional Access policy API](/graph/api/resources/conditionalaccesspolicy?view=graph-rest-1.0) |

-| Devices| [devices API](/graph/api/resources/device?view=graph-rest-1.0) |

-| Domains| [domains API](/graph/api/domain-list?view=graph-rest-1.0&tabs=http) |

-| Administrative Units| [administrativeUnit API)](/graph/api/resources/administrativeunit?view=graph-rest-1.0) |

-| Deleted Items*| [deletedItems API](/graph/api/resources/directory?view=graph-rest-1.0) |

-The [Azure AD Audit Log](../reports-monitoring/concept-audit-logs.md) contains information on all delete and configuration operations performed in your tenant. We recommend that you export these logs to a security information and event management (SIEM) tool such as [Microsoft Sentinel](../../sentinel/overview.md). You can also use Microsoft Graph to audit changes, and build a custom solution to monitor differences over time. For more information on finding deleted items using Microsoft Graph, see [List deleted items - Microsoft Graph v1.0 ](/graph/api/directory-deleteditems-list?view=graph-rest-1.0&tabs=http)

-The Audit Log always records a ΓÇ£Delete <object>ΓÇ¥ event when an object in the tenant is removed from an active state (either from active to soft-deleted or active to hard-deleted).

-| | Activity in log| Result |

-| Microsoft 365 Group| Hard delete group| Hard deleted |

-| Expense | - Password + Multi-Factor Authentication management<br> - Onboarding process<br> - Identity cleanup<br> - Overhead of running a separate directory | - Small partners cannot afford the infrastructure<br> - Small partners do not have the expertise<br> - Small Partners might only have consumer emails (none IT) |

-Azure AD Connect was released several years ago. Since this time, several of the components that Azure AD Connect uses have been scheduled for deprecation and updated to newer versions. To attempt to update all of these components individually would take time and planning.

-To address this, we have bundled as many of these newer components into a new, single release, so you only have to update once. This release is Azure AD Connect V2. This is a new version of the same software used to accomplish your hybrid identity goals that is built using the latest foundational components.

-The previous versions of Azure AD Connect shipped with a SQL Server 2012 LocalDB. V2.0 ships with a SQL Server 2019 LocalDB, which promises enhanced stability and performance and has several security-related bug fixes. SQL Server 2012 will go out of extended support in July 2022. For more information see [Microsoft SQL 2019](https://www.microsoft.com/sql-server/sql-server-2019).

-The previous versions of Azure AD Connect shipped with the ADAL authentication library. This library will be deprecated in June 2022. The V2 release ships with the newer MSAL library. For more information see [Overview of the MSAL library](../../active-directory/develop/msal-overview.md).

-SQL Server 2019 requires the Visual C++ Redist 14 runtime, so we are updating the C++ runtime library to use this version. This will be installed with the Azure AD Connect V2 package, so you do not have to take any action for the C++ runtime update.

-Yes - your Azure AD Connect server will be upgraded to the latest release if you have enabled the auto-upgrade feature. Note that we have no yet release an autop upgrade version for Azure AD Connect.

-Yes, you still need to upgrade to remain in a supported state even if you do not use SQL Server 2012, due to the TLS1.0/1.1 and ADAL deprecation. Note that SQL Server 2012 can still be used as an external SQL database with Azure AD Connect V2 - the SQL 2019 drivers in Azure AD Connect V2 are compatible with SQL Server 2012.

-In June 2022, ADAL is planned to go out of support. When ADAL goes out of support authentication may stop working unexpectedly and this will block the Azure AD Connect server from working properly. We strongly advise you to upgrade to Azure AD Connect V2 before June 2022. You cannot upgrade to a supported authentication library with your current Azure AD Connect version.

-This is a known issue. To resolve this, restart your PowerShell session after installing or upgrading to version 2 and then re-import the module. Use the following instructions to import the module.

-> | Create VPN connectivity certificate | [Conditional Access Administrator](../roles/permissions-reference.md#conditional-access-administrator) | [Security Administrator](../roles/permissions-reference.md#security-administrator) |

-In this section, a user called Britta Simon is created in Envoy. Envoy supports just-in-time user provisioning, which is enabled by default. There is no action item for you in this section. If a user doesn't already exist in Envoy, a new one is created after authentication.

-Envoy also supports automatic user provisioning, you can find more details [here](./envoy-provisioning-tutorial.md) on how to configure automatic user provisioning.

-Azure Blob Storage is an object storage solution for the cloud. Azure AD Verifiable Credentials use [Azure Blob Storage](../../storage/blobs/storage-blobs-introduction.md) to store the configuration files when the service is issuing verifiable credentials.

-Azure AD Verifiable Credentials service uses two JSON configuration files, the rules file and the display file.

- 1. Under the **Display file**, select **Select display file**. In the Storage accounts section, select **vc-container**. Then select the **VerifiedCredentialExpertDisplay.json** file and select **Select**.

-1. At the risky website warning, select **Proceed anyways (unsafe)**. You're seeing this warning because your domain isn't linked to your decentralized identifier (DID). To verify your domain, follow the guidance in [Link your domain to your decentralized identifier (DID)](how-to-dnsbind.md). For this tutorial, you can skip the domain registration, and select **Proceed anyways (unsafe).**

-Decentralized Identifers(DIDs) are identifiers that can be used to secure access to resources, sign and verify credentials, and facilitate application data exchange. Unlike traditional usernames and email addresses, DIDs are owned and controlled by the entity itself (be it a person, device, or company). DIDs exist independently of any external organization or trusted intermediary. [The W3C Decentralized Identifier spec](https://www.w3.org/TR/did-core/) explains this in further detail.

-#### **5. Clean up configuration**

-**Suggested after May 6, 2022**. Once you have confirmed that the Azure AD verifiable credentials service is working normally, you can issue, verify, etc after May 6, 2022 you can proceed to clean up your tenant so that the Azure AD Verifiable Credentials service has only the new service principals.

-1. Run the following PowerShell command to connect to your Azure AD tenant. Replace ```<your tenant ID>``` with your Azure AD tenant ID.

-1. Run the following commands in the same PowerShell session. The AppId ```603b8c59-ba28-40ff-83d1-408eee9a93e5``` and ```bbb94529-53a3-4be5-a069-7eaf2712b826``` refer to the previous Verifiable Credentials service principals.

-From April 25th, 2022 the Verifiable Credentials service is available to more Azure tenants. This important update requires any tenant created prior to April 25, 2022 to make a 15 minutes reconfiguration of the service to ensure ongoing operation. Verifiable Credentials service Administrators must perform the [following steps](verifiable-credentials-faq.md?#updating-the-vc-service-configuration) to avoid service disruptions.

-> When the configuration on your tenant has not been updated, there will be errors on issuance and presentation flows of verifiable credentials from/to your tenant. [Service configuration instructions](verifiable-credentials-faq.md?#updating-the-vc-service-configuration).

-API Management uses a public IP address for connections outside the VNet and a private IP address for connections within the VNet.

-When API management is deployed in the [internal VNet configuration](api-management-using-with-internal-vnet.md) and API management connects to private (intranet-facing) backends, internal IP addresses (dynamic IP, or DIP addresses) from the subnet are used for the runtime API traffic. When a request is sent from API Management to a private backend, a private IP address will be visible as the origin of the request. Therefore in this configuration, if IP restriction lists secure resources within the VNet, it is recommended to use the whole API Management [subnet range](virtual-network-concepts.md#subnet-size) with an IP rule and not just the private IP address associated with the API Management resource.

-When a request is sent from API Management to a public-facing (internet-facing) backend, a public IP address will always be visible as the origin of the request.

-In the Developer, Basic, Standard, and Premium tiers of API Management, the public IP addresses (VIP) and private IP addresses (if configured in the internal VNet mode) are static for the lifetime of a service, with the following exceptions:

-This article explains how to set up VNet connectivity for your API Management instance in the *internal* mode, In this mode, you can only access the following service endpoints within a VNet whose access you control.

-The load-balanced public and private IP addresses can be found on the **Overview** blade in the Azure portal.

-> [!NOTE]

-> The VIP address(es) of the API Management instance will change when:

-> * The VNet is enabled or disabled.

-> * API Management is moved from **External** to **Internal** virtual network mode, or vice versa.

-> * [Zone redundancy](zone-redundancy.md) settings are enabled, updated, or disabled in a location for your instance (Premium SKU only).

->

-> You may need to update DNS registrations, routing rules, and IP restriction lists within the VNet.

-### VIP and DIP addresses

-Dynamic IP (DIP) addresses will be assigned to each underlying virtual machine in the service and used to access resources *within* the VNet. The API Management service's public virtual IP (VIP) address will be used to access resources *outside* the VNet. If IP restriction lists secure resources within the VNet, you must specify the entire subnet range where the API Management service is deployed to grant or restrict access from the service.

-Learn more about the [recommended subnet size](virtual-network-concepts.md#subnet-size).

-if you deploy 1 [capacity unit](api-management-capacity.md) of API Management in the Premium tier in an internal VNet, 3 IP addresses will be used: 1 for the private VIP and one each for the DIPs for two VMs. If you scale out to 4 units, more IPs will be consumed for additional DIPs from the subnet.

-+ An IP address from a subnet IP range (DIP) is used to access resources within the VNet.

-> * API analytics provides data on requests that are matched with an API and operation. Other calls aren't reported.

-[!code-azurecli[main](../../cli_scripts/app-service/configure-ssl-certificate/configure-ssl-certificate.sh?highlight=3-5 "Bind a custom TLS/SSL certificate to a web app")]

-[!code-azurecli[main](../../cli_scripts/app-service/configure-ssl-certificate/configure-ssl-certificate.sh?highlight=3-5 "Bind a custom TLS/SSL certificate to a web app")]

-From the [Azure portal](https://portal.azure.com), navigate to the **Overview** page for the App Service Environment you'll be migrating. The platform will validate if migration is supported for your App Service Environment. Wait a couple seconds after the page loads for this validation to take place. See the [troubleshooting](migrate.md#troubleshooting) section for descriptions of the potential error messages if migration for your environment isn't supported by the migration feature.

-If migration is supported for your App Service Environment, there are three ways to access the migration feature. These methods include a banner at the top of the Overview page, a new item in the left-hand side menu called **Migration**, and an info box on the **Configuration** page. Select any of these methods to move on to the next step in the migration process.

-

-If you don't see these elements, your App Service Environment isn't supported for migration at this time or your environment is in an unhealthy or suspended state (which blocks migration). If your environment [won't be supported for migration with the migration feature](migrate.md#supported-scenarios) or you want to migrate to App Service Environment v3 without using the migration feature, see the [manual migration options](migration-alternatives.md).

-The migration page will guide you through the series of steps to complete the migration.

-You can put your web application firewall devices, such as Azure Application Gateway, in front of inbound traffic. Doing so exposes specific apps on that App Service Environment. If you want to customize the outbound address of your applications on an App Service Environment, you can add a NAT gateway to your subnet.

-If you're using your own authentication system, the Health check path must allow anonymous access. To secure the Health check endpoint, you should first use features such as [IP restrictions](app-service-ip-restrictions.md#set-an-ip-address-based-rule), [client certificates](app-service-ip-restrictions.md#set-an-ip-address-based-rule), or a Virtual Network to restrict application access. You can secure the Health check endpoint by requiring the `User-Agent` of the incoming request matches `HealthCheck/1.0`. The User-Agent can't be spoofed since the request would already be secured by prior security features.

-For .NET apps and functions, the simplest way to work with a managed identity is through the [Azure Identity client library for .NET](/dotnet/api/overview/azure/identity-readme?). See the respective documentation headings of the client library for information:

-For Node.js apps and JavaScript functions, the simplest way to work with a managed identity is through the [Azure Identity client library for JavaScript](/javascript/api/overview/azure/identity-readme?). See the respective documentation headings of the client library for information:

-For Python apps and functions, the simplest way to work with a managed identity is through the [Azure Identity client library for Python](/python/api/overview/azure/identity-readme). See the respective documentation headings of the client library for information:

-For Java apps and functions, the simplest way to work with a managed identity is through the [Azure Identity client library for Java](/java/api/overview/azure/identity-readme). See the respective documentation headings of the client library for information:

-description: Secure database connectivity with managed identity from .NET web app, and also how to apply it to other Azure services.

-* Supported file formats: JPEG, PNG, BMP, TIFF, and PDF (text-embedded or scanned). Text-embedded PDFs are best to eliminate the possibility of error in character extraction and location.

-* The file size must be less than 50 MB.

-* For unsupervised learning (without labeled data):

- * Data must contain keys and values.

- * Keys must appear above or to the left of the values; they can't appear below or to the right.

-* Supported file formats are JPEG, PNG, BMP, TIFF, and PDF (text-embedded or scanned). Text-embedded PDFs are best to eliminate the possibility of error in character extraction and location.

-* The file size must be less than 50 MB.

-* For unsupervised learning (without labeled data):

- * Data must contain keys and values.

- * Keys must appear above or to the left of the values. They can't appear below or to the right.

-* Supported file formats: JPEG, PNG, BMP, TIFF, and PDF (text-embedded or scanned). Text-embedded PDFs are best to eliminate the possibility of error in character extraction and location.

-* The file size must be less than 50 MB.

-* For unsupervised learning (without labeled data):

- * Data must contain keys and values.

- * Keys must appear above or to the left of the values; they can't appear below or to the right.

-* Supported file formats: JPEG, PNG, BMP, TIFF, and PDF (text-embedded or scanned). Text-embedded PDFs are best to eliminate the possibility of error in character extraction and location.

-* The file size must be less than 50 MB.

-* For unsupervised learning (without labeled data):

- * Data must contain keys and values.

- * Keys must appear above or to the left of the values; they can't appear below or to the right.

-* Supported file formats: JPEG, PNG, BMP, TIFF, and PDF (text-embedded or scanned). Text-embedded PDFs are best to eliminate the possibility of error in character extraction and location.

-* The file size must be less than 50 MB.

-* For unsupervised learning (without labeled data):

- * Data must contain keys and values.

- * Keys must appear above or to the left of the values; they can't appear below or to the right.

-| VAT | Number | Stands for Value added tax. This is a flat tax levied on an item. Common in european countries | &euro;20.00 | |

-* Supported file formats: JPEG, PNG, BMP, TIFF, and PDF (text-embedded or scanned). Text-embedded PDFs are best to eliminate the possibility of error in character extraction and location.

-* The file size must be less than 50 MB (4 MB for the free tier).

-* Supported file formats: JPEG, PNG, BMP, TIFF, and PDF (text-embedded or scanned). Text-embedded PDFs are best to eliminate the possibility of error in character extraction and location.

-* The file size must be less than 50 MB.

-* For unsupervised learning (without labeled data):

- * Data must contain keys and values.

- * Keys must appear above or to the left of the values; they can't appear below or to the right.

-* Supported file formats: JPEG, PNG, BMP, TIFF, and PDF (text-embedded or scanned). Text-embedded PDFs are best to eliminate the possibility of error in character extraction and location.

-* The file size must be less than 50 MB (4 MB for the free tier)

-* Supported file formats: JPEG, PNG, BMP, TIFF, and PDF (text-embedded or scanned). Text-embedded PDFs are best to eliminate the possibility of error in character extraction and location.

-* The file size must be less than 50 MB.

-* For unsupervised learning (without labeled data):

- * Data must contain keys and values.

- * Keys must appear above or to the left of the values; they can't appear below or to the right.

-* Supported file formats: JPEG, PNG, BMP, TIFF, and PDF (text-embedded or scanned). Text-embedded PDFs are best to eliminate the possibility of error in character extraction and location.

-* The file size must be less than 50 MB.

-* For unsupervised learning (without labeled data):

- * Data must contain keys and values.

- * Keys must appear above or to the left of the values; they can't appear below or to the right.

- - **tcbinfohash**: SHA256 value of the TCB Info collateral

-## Obtain a runbook to use for updates

-To update the Azure modules in your Automation account, you must use the [Update-AutomationAzureModulesForAccount](https://github.com/Microsoft/AzureAutomation-Account-Modules-Update) runbook, which is available as open source. To start using this runbook to update your Azure modules, download it from the GitHub repository. You can then import it into your Automation account or run it as a script. To learn how to import a runbook in your Automation account, see [Import a runbook](manage-runbooks.md#import-a-runbook).

-## Use update runbook code as a regular PowerShell script

-## Use the update runbook on sovereign clouds

-## Use the update runbook to update a specific module version

-There is a native option to update modules to the latest Az module by the user for Automation accounts. The operation will handle all the module dependencies at the backend thereby removing the hassles of updating the modules [manually](../automation-update-azure-modules.md#update-az-modules) or executing the runbook to [update Azure modules](../automation-update-azure-modules.md#obtain-a-runbook-to-use-for-updates).

-Three types of Azure services support availability zones: *zonal*, *zone-redundant*, and *always-available* services. You can combine all three of these architecture approaches when you design your resiliency strategy.

-| Virtual Machines:ΓÇ»[Shared Image Gallery](../virtual-machines/shared-image-galleries.md#make-your-images-highly-available) |  |

-| [Azure Managed Instance for Apache Cassandra](../managed-instance-apache-cassandr) |  |

-| Azure Portal |  |

-### Helm issue

-| Identify machines with Log Analytics agent already installed | Run the following log query in [Log Analytics](../../azure-monitor/logs/log-analytics-overview.md) to support conversion of existing Log Analytics agent deployments to extension-managed agent:<br> Heartbeat <br> &#124; where TimeGenerated > ago(30d) <br> &#124; where ResourceType == "machines" and (ComputerEnvironment == "Non-Azure") <br> &#124; summarize by Computer, ResourceProvider, ResourceType, ComputerEnvironment | One hour |

-> The Azure CLI extension version must be greater than 1.0.1.

-Run the following commands:

- ```az rest --method put --uri https://management.azure.com/subscriptions/<subscription>/resourceGroups/<resourcegroup>/providers/Microsoft.HybridCompute/machines/<arc enabled server name>/providers/Microsoft.HybridConnectivity/endpoints/default?api-version=2021-10-06-preview --body '{\"properties\": {\"type\": \"default\"}}'```

- ```az rest --method get --uri https://management.azure.com/subscriptions/<subscription>/resourceGroups/<resourcegroup>/providers/Microsoft.HybridCompute/machines/<arc enabled server name>/providers/Microsoft.HybridConnectivity/endpoints/default?api-version=2021-10-06-preview```

-To migrate an app from 3.x to 4.x, set the `FUNCTIONS_EXTENSION_VERSION` application setting to `~4` with the following Azure CLI command:

-```

-az webapp show --resource-group <group_name> --name <app_name> --query sku --output tsv

-1. Go to [interactiveSearch.html](https://github.com/Azure-Samples/AzureMapsCodeSamples/blob/master/AzureMapsCodeSamples/Tutorials/interactiveSearch.html). Copy the contents of the file.

-## View Profiler data

-For Profiler to upload traces, your application must be actively handling requests. To generate requests:

-While the load test is running, select the **Profile Now** button on the [**Profiler Settings** pane](profiler-settings.md). Once Profiler starts running, it profiles randomly about once per hour, for a duration of two minutes. If your application is handling a steady stream of requests, Profiler uploads traces every hour.

-After your application receives some traffic and Profiler has had time to upload the traces, you should be able to view traces within 5 to 10 minutes. To view traces:

-1. Select **Take Actions** in the **Performance** pane.

-1. Select the **Profiler Traces** button.

- ![Application Insights Performance pane preview Profiler traces][performance-blade]

-1. Select a sample to display a code-level breakdown of time spent executing the request.

- ![Application Insights trace explorer][trace-explorer]

-The trace explorer displays the following information:

-| Category | Description |

-| -- | -- |

-| **Show Hot Path** | Opens the biggest leaf node, or at least something close. In most cases, this node is near a performance bottleneck. |

-| **Label** | The name of the function or event. The tree displays a mix of code and events that occurred, such as SQL and HTTP events. The top event represents the overall request duration. |

-| **Elapsed** | The time interval between the start of the operation and the end of the operation. |

-| **When** | The time when the function or event was running in relation to other functions. |

-### Other options for viewing profiler data

-Besides viewing the profiles in the Azure portal, you can download the profiles and open them in other tools. There are 3 options for viewing the contents' profiles. The downloaded file is a .diagsession file and can be opened natively by Visual Studio. Use the profiling tools in Visual Studio to examine the details of the file.

-If you rename the file by adding `.zip` to the end of the file name, you can also open it in:

- - [Download](https://www.microsoft.com/p/windows-performance-analyzer/9n0w1b2bxgnz)

- - [Documentation](https://docs.microsoft.com/windows-hardware/test/wpt/windows-performance-analyzer)

- - [Download](https://github.com/microsoft/perfview/blob/main/documentation/Downloading.md)

- - [How-to videos](https://docs.microsoft.com/shows/PerfView-Tutorial/)

-The Microsoft service Profiler uses a combination of sampling methods and instrumentation to analyze the performance of your application. During detailed collection the service Profiler:

- - Captures the complete call stack of the thread that's currently executing (the result of sampling and instrumentation).

- - Includes code from Microsoft .NET Framework and from other frameworks that you reference.

- - Gives detailed information about the thread actions, at both a high level and a low level of abstraction.

- - Context switching events

- - Task Parallel Library (TPL) events

- - Thread pool events

-## Updated Profiler Agent

-The trigger features only work with version 2.6 or newer of the profiler agent. If you are running an Azure App Service, your agent will be updated automatically. You can see what version of the agent you are running if you go to the Kudu URL for your website and append /DiagnosticServices to the end of it, like this: `https://yourwebsite.scm.azurewebsites.net/diagnosticservices`. The Application Insights Profiler Webjob should be version 2.6 or newer. You can force an upgrade by restarting your web app.

-If you are running the profiler on a VM or Cloud Service, you need to have Windows Azure Diagnostics (WAD) extension version 16.0.4 or newer installed. You can check the version of WAD by logging onto your VM and looking this directory: C:\Packages\Plugins\Microsoft.Azure.Diagnostics.IaaSDiagnostics\1.16.0.4. The directory name is the version of WAD that is installed. The Azure VM agent will update WAD automatically when new versions are available.

-## Profiler settings page

-To open the Azure Application Insights Profiler settings pane, go to the Application Insights Performance pane, and then select the **Configure Profiler** button.

-![Link to open Profiler settings page][configure-profiler-entry]

-That opens a page that looks like this:

-![Profiler settings page][configure-profiler-page]

-The **Configure Application Insights Profiler** page has these features:

-Recent profiling sessions | Displays information about past profiling sessions.

-This option allows you to start a profiling session on demand. When you click this link, all profiler agents that are sending data to this Application Insights instance will start to capture a profile. After 5 to 10 minutes, the profile session will show in the list below.

-For a user to manually trigger a profiler session, they require at minimum "write" access on their role for the Application Insights component. In most cases, you get this access automatically and no additional work is needed. If you're having issues, the subscription scope role to add would be the "Application Insights Component Contributor" role. [See more about role access control with Azure Monitoring](./resources-roles-access-control.md).

-![Trigger Settings Flyout][trigger-settings-flyout]

-Clicking the Triggers button on the menu bar opens the trigger settings box. You can set up trigger to start profiling when the percentage of CPU or Memory use hits the level you set.

-This section of the page shows information about recent profiling sessions. A profiling session represents the period of time when the profiler agent was taking a profile on one of the machines hosting your application. You can open the profiles from a session by clicking on one of the rows. For each session, we show:

-## <a id="profileondemand"></a> Use web performance tests to generate traffic to your application

-You can trigger Profiler manually with a single click. Suppose you're running a web performance test. You'll need traces to help you understand how your web app is running under load. Having control over when traces are captured is crucial, because you know when the load test will be running. But the random sampling interval might miss it.

-The next sections illustrate how this scenario works:

-### Step 1: Generate traffic to your web app by starting a web performance test

-If your web app already has incoming traffic or if you just want to manually generate traffic, skip this section and continue to Step 2.

-1. In the Application Insights portal, select **Configure** > **Performance Testing**.

-1. To start a new performance test, select the **New** button.

- ![create new performance test][create-performance-test]

-1. In the **New performance test** pane, configure the test target URL. Accept all default settings, and then select **Run test** to start running the load test.

- ![Configure load test][configure-performance-test]

- The new test is queued first, followed by a status of *in progress*.

- ![Load test is submitted and queued][load-test-queued]

- ![Load test is running in progress][load-test-in-progress]

-### Step 2: Start a Profiler on-demand session

-1. When the load test is running, start Profiler to capture traces on the web app while it's receiving load.

-1. Go to the **Configure Profiler** pane.

-### Step 3: View traces

-After Profiler finishes running, follow the instructions on notification to go to Performance pane and view traces.

-[configure-profiler-entry]: ./media/profiler-settings/configure-profiler-entry.png

-## Power BI

-[Power BI](https://powerbi.microsoft.com/documentation/powerbi-service-get-started/) is useful for creating business-centric dashboards and reports, along with reports that analyze long-term KPI trends. You can [import the results of a log query](./logs/log-powerbi.md) into a Power BI dataset and then take advantage of its features, such as combining data from different sources and sharing reports on the web and mobile devices.

-

-Common scenarios for Power BI include the following:

-You can add the [Azure Monitor data source plug-in for Grafana](visualize/grafana-plugin.md) to your Azure subscription to have it visualize your Azure metric data.

-Both Power BI datasets and Power BI dataflows have an incremental refresh option. Power BI dataflows and Power BI datasets support this feature, but you need Power BI Premium to use it.

-Get started with [Log Analytics queries](./log-query-overview.md).

-Azure NetApp Files volumes have a limit called *`maxfiles`*. The `maxfiles` limit is the number of files a volume can contain. Linux file systems refer to the limit as *inodes*. The `maxfiles` limit for an Azure NetApp Files volume is indexed based on the size (quota) of the volume. The `maxfiles` limit for a volume increases or decreases at the rate of 21,251,126 files per TiB of provisioned volume size.

-The service dynamically adjusts the `maxfiles` limit for a volume based on its provisioned size. For example, a volume configured initially with a size of 1 TiB would have a `maxfiles` limit of 21,251,126. Subsequent changes to the size of the volume would result in an automatic readjustment of the `maxfiles` limit based on the following rules:

-| <= 1 TiB | 21,251,126 |

-| > 1 TiB but <= 2 TiB | 42,502,252 |

-| > 2 TiB but <= 3 TiB | 63,753,378 |

-| > 3 TiB but <= 4 TiB | 85,004,504 |

-| > 4 TiB | 106,255,630 |

-If you have allocated at least 4 TiB of quota for a volume, you can initiate a [support request](#request-limit-increase) to increase the `maxfiles` (inodes) limit beyond 106,255,630. For every 106,255,630 files you increase (or a fraction thereof), you need to increase the corresponding volume quota by 4 TiB. For example, if you increase the `maxfiles` limit from 106,255,630 files to 212,511,260 files (or any number in between), you need to increase the volume quota from 4 TiB to 8 TiB.

-You can increase the `maxfiles` limit to 531,278,150 if your volume quota is at least 20 TiB.

-From the upper left corner, select the visualizer button to open the Bicep Visualizer.

-> | resourcegroups | subscription | 1-90 | Alphanumerics, underscores, parentheses, hyphens, periods, and unicode characters that match the [regex documentation](/rest/api/resources/resourcegroups/createorupdate).<br><br>Can't end with period. |

-IoT Plug and Play Preview enables solution builders to integrate smart devices with their solutions without any manual configuration. At the core of IoT Plug and Play, is a device model that a device uses to advertise its capabilities to an IoT Plug and Play-enabled application. This model is structured as a set of elements: Telemetry, Properties and Commands.

-1. Defined device models and interfaces are compliant with the [Digital Twin Definition Language](https://github.com/Azure/opendigitaltwins-dtdl)

-1. Easy integration with Azure IoT based solutions using the [Digital Twin APIs](../iot-develop/concepts-digital-twin.md) : Azure IoT Hub and Azure IoT Central

-1. Validated product truth on certified devices

-1. Meets all requirements of [Azure Certified Device](./program-requirements-azure-certified-device.md)

-**[Required] Physical device validation using the GSG**

-| **Name** | IoTPnP.Physicaldevice |

-| -- | |

-| **Target Availability** | Available now |

-| **Applies To** | Any device |

-| **OS** | Agnostic |

-| **Validation Type** | Manual |

-| **Validation** | Partners must engage with Microsoft contact ([iotcert@microsoft.com](mailto:iotcert@microsoft.com)) to make arrangements to perform additional validations on physical device. Due to COVID-19 situation, we are exploring various ways to perform physical device validation without shipping the device to Microsoft. |

-| **Resources** | Details are available later |

-| **Azure Recommended** | N/A |

-For captioning of a prerecoding, send file input to the Speech service. For more information, see [How to use compressed audio files](how-to-use-codec-compressed-audio-input-streams.md).

-| Maximum zip size | 2 GB |

-| Maximum archive size | 2 GB |

-description: Learn how to use compressed audio files to the Speech service with the Speech SDK.

-zone_pivot_groups: programming-languages-set-twenty-eight

-# How to use compressed audio files

-The Speech SDK and Speech CLI use GStreamer to support different kinds of input audio formats. GStreamer decompresses the audio before it's sent over the wire to the Speech service as raw PCM.

-## Install GStreamer

-Choose a platform for installation instructions.

-Platform | Languages | Supported GStreamer version

-| : | : | ::

-Android | Java | [1.18.3](https://gstreamer.freedesktop.org/data/pkg/android/1.18.3/)

-Linux | C++, C#, Java, Python, Go | [Supported Linux distributions and target architectures](~/articles/cognitive-services/speech-service/speech-sdk.md)

-Windows (excluding UWP) | C++, C#, Java, Python | [1.18.3](https://gstreamer.freedesktop.org/data/pkg/windows/1.18.3/msvc/gstreamer-1.0-msvc-x86_64-1.18.3.msi)

-### [Android](#tab/android)

-For more information about building libgstreamer_android.so, see [GStreamer configuration by programming language](#gstreamer-configuration).

-For more information, see [Android installation instructions](https://gstreamer.freedesktop.org/documentation/installing/for-android-development.html?gi-language=c).

-### [Linux](#tab/linux)

-For more information, see [Linux installation instructions](https://gstreamer.freedesktop.org/documentation/installing/on-linux.html?gi-language=c).

-```sh

-sudo apt install libgstreamer1.0-0 \

-gstreamer1.0-plugins-base \

-gstreamer1.0-plugins-good \

-gstreamer1.0-plugins-bad \

-gstreamer1.0-plugins-ugly

-```

-### [Windows](#tab/windows)

-Make sure that packages of the same platform (x64 or x86) are installed. For example, if you installed the x64 package for Python, you need to install the x64 GStreamer package. The following instructions are for the x64 packages.

-1. Create the folder c:\gstreamer.

-1. Download the [installer](https://gstreamer.freedesktop.org/data/pkg/windows/1.18.3/msvc/gstreamer-1.0-msvc-x86_64-1.18.3.msi).

-1. Copy the installer to c:\gstreamer.

-1. Open PowerShell as an administrator.

-1. Run the following command in PowerShell:

- ```powershell

- cd c:\gstreamer

- msiexec /passive INSTALLLEVEL=1000 INSTALLDIR=C:\gstreamer /i gstreamer-1.0-msvc-x86_64-1.18.3.msi

- ```

-1. Add the system variables GST_PLUGIN_PATH with the value C:\gstreamer\1.0\msvc_x86_64\lib\gstreamer-1.0.

-1. Add the system variables GSTREAMER_ROOT_X86_64 with the value C:\gstreamer\1.0\msvc_x86_64.

-1. Add another entry in the path variable as C:\gstreamer\1.0\msvc_x86_64\bin.

-1. Reboot the machine.

-For more information about GStreamer, see [Windows installation instructions](https://gstreamer.freedesktop.org/documentation/installing/on-windows.html?gi-language=c).

-***

-## GStreamer configuration

-> [!NOTE]

-> GStreamer configuration requirements vary by programming language. For more information, choose your programming language at the top of this page. The contents of this section will be updated.

-## Example

-> [!div class="nextstepaction"]

-> [Learn how to recognize speech](./get-started-speech-to-text.md)

-> [!NOTE]

-> Call Recording is available for Communication Services resources created in the US, UK, Europe, Asia and Australia regions. Call Recording is not enabled for [Teams interoperability](../teams-interop.md).

-Call Recording provides a set of APIs to start, stop, pause and resume recording. These APIs can be accessed from server-side business logic or via events triggered by user actions. Recorded media output is in MP4 Audio+Video format, which is the same format that Teams uses to record media. Notifications related to media and metadata are emitted via Event Grid. Recordings are stored for 48 hours on built-in temporary storage for retrieval and movement to a long-term storage solution of choice.

-**Maintain business continuity during regional outages.** Azure Cosmos DB supports [automatic failover](how-to-manage-database-account.md#automatic-failover) during a regional outage. During a regional outage, Azure Cosmos DB continues to maintain its latency, availability, consistency, and throughput SLAs. To help make sure that your entire application is highly available, Cosmos DB offers a manual failover API to simulate a regional outage. By using this API, you can carry out regular business continuity drills.

-> It is strongly recommended that you configure the Azure Cosmos accounts used for production workloads to **enable automatic failover**. This enables Cosmos DB to failover the account databases to available regions automatically. In the absence of this configuration, the account will experience loss of write availability for all the duration of the write region outage, as manual failover will not succeed due to lack of region connectivity.

-| Single write region | Write region outage | Clients will redirect reads to other regions. <p/> **Without service-manages failover**, clients will experience write availability loss, until write availability is restored automatically when the outage ends. <p/> **With service-managed failover** clients will experience write availability loss until the services manages a failover to a new write region selected according to your preferences. | If strong consistency level isn't selected, some data may not have been replicated to the remaining active regions. This depends on the consistency level selected as described in [this section](consistency-levels.md#rto). If the affected region suffers permanent data loss, unreplicated data may be lost. | During the outage, ensure that there are enough provisioned RUs in the remaining regions to support read traffic. <p/> Do *not* trigger a manual failover during the outage, as it will not succeed. <p/> When the outage is over, re-adjust provisioned RUs as appropriate. Accounts using SQL APIs may also recover the non-replicated data in the failed region from your [conflicts feed](how-to-manage-conflicts.md#read-from-conflict-feed). |

-* For multi-region Azure Cosmos accounts that are configured with a single-write region, [enable service-managed failover by using Azure CLI or Azure portal](how-to-manage-database-account.md#automatic-failover). After you enable automatic failover, whenever there's a regional disaster, Cosmos DB will fail over your account without any user inputs.

-| Write regions | Automatic failover | What to expect | What to do |

-* [SDK behavior on multi-regional environments](troubleshoot-sdk-availability.md)

-## <a id="automatic-failover"></a>Enable automatic failover for your Azure Cosmos account

-The Automatic failover option allows Azure Cosmos DB to failover to the region with the highest failover priority with no user action should a region become unavailable. When automatic failover is enabled, region priority can be modified. Account must have two or more regions to enable automatic failover.

-> You cannot modify the write region (failover priority of zero) when the account is configured for automatic failover. To change the write region, you must disable automatic failover and do a manual failover.

-> * [Xamarin](create-mongodb-xamarin.md)

-> * [Xamarin](create-mongodb-xamarin.md)

-> * [Xamarin](create-mongodb-xamarin.md)

-> * [Xamarin](create-mongodb-xamarin.md)

-> * [Xamarin](create-mongodb-xamarin.md)

-description: This quickstart demonstrates how to build a Rust application backed by Azure Cosmos DB's API for MongoDB.

-# Quickstart: Connect a Rust application to Azure Cosmos DB's API for MongoDB

-> [!div class="op_single_selector"]

-> * [.NET](create-mongodb-dotnet.md)

-> * [Python](create-mongodb-python.md)

-> * [Java](create-mongodb-java.md)

-> * [Node.js](create-mongodb-nodejs.md)

-> * [Xamarin](create-mongodb-xamarin.md)

-> * [Golang](create-mongodb-go.md)

-> * [Rust](create-mongodb-rust.md)

->

-Azure Cosmos DB is a multi-model database service that lets you quickly create and query document, table, key-value, and graph databases with global distribution and horizontal scale capabilities. The sample presented in this article is a simple command-line based application that uses the [Rust driver for MongoDB](https://github.com/mongodb/mongo-rust-driver). Since Azure Cosmos DB's API for MongoDB is [compatible with the MongoDB wire protocol](./mongodb-introduction.md), it is possible for any MongoDB client driver to connect to it.

-You will learn how to use the MongoDB Rust driver to interact with Azure Cosmos DB's API for MongoDB by exploring CRUD (create, read, update, delete) operations implemented in the sample code. Finally, you can run the application locally to see it in action.

-## Prerequisites

-## Set up Azure Cosmos DB

-To set up an Azure Cosmos DB account, follow the [instructions here](create-mongodb-dotnet.md). The application will need the MongoDB connection string which you can fetch using the Azure portal. For details, see [Get the MongoDB connection string to customize](connect-mongodb-account.md#get-the-mongodb-connection-string-to-customize).

-## Run the application

-### Clone the sample application

-Run the following commands to clone the sample repository.

-1. Open a command prompt, create a new folder named `git-samples`, then close the command prompt.

- ```bash

- mkdir "C:\git-samples"

- ```

-1. Open a git terminal window, such as git bash, and use the `cd` command to change to the new folder to install the sample app.

- ```bash

- cd "C:\git-samples"

- ```

-1. Run the following command to clone the sample repository. This command creates a copy of the sample app on your computer.

- ```bash

- git clone https://github.com/Azure-Samples/cosmosdb-rust-mongodb-quickstart

- ```

-### Build the application

-To build the binary:

-```bash

-cargo build --release

-```

-### Configure the application

-Export the connection string, MongoDB database, and collection names as environment variables.

-```bash

-export MONGODB_URL="mongodb://<COSMOSDB_ACCOUNT_NAME>:<COSMOSDB_PASSWORD>@<COSMOSDB_ACCOUNT_NAME>.mongo.cosmos.azure.com:10255/?ssl=true&replicaSet=globaldb&maxIdleTimeMS=120000&appName=@<COSMOSDB_ACCOUNT_NAME>@"

-```

-> [!NOTE]

-> The `ssl=true` option is important because of Cosmos DB requirements. For more information, see [Connection string requirements](connect-mongodb-account.md#connection-string-requirements).

->

-For the `MONGODB_URL` environment variable, replace the placeholders for `<COSMOSDB_ACCOUNT_NAME>` and `<COSMOSDB_PASSWORD>`

-```bash

-export MONGODB_DATABASE=todos_db

-export MONGODB_COLLECTION=todos

-```

-You can choose your preferred values for `MONGODB_DATABASE` and `MONGODB_COLLECTION` or leave them as is.

-To run the application, change to the correct folder (where the application binary exists):

-```bash

-cd target/release

-```

-To create a `todo`

-```bash

-./todo create "Create an Azure Cosmos DB database account"

-```

-If successful, you should see an output with the MongoDB `_id` of the newly created document:

-```bash

-inserted todo with id = ObjectId("5ffd1ca3004cc935004a0959")

-```

-Create another `todo`

-```bash

-./todo create "Get the MongoDB connection string using the Azure CLI"

-```

-List all the `todo`s

-```bash

-./todo list all

-```

-You should see the ones you just added:

-```bash

-todo_id: 5ffd1ca3004cc935004a0959 | description: Create an Azure Cosmos DB database account | status: pending

-todo_id: 5ffd1cbe003bcec40022c81c | description: Get the MongoDB connection string using the Azure CLI | status: pending

-```

-To update the status of a `todo` (for example, change it to `completed` status), use the `todo` ID as such:

-```bash

-./todo update 5ffd1ca3004cc935004a0959 completed

-#output

-updating todo_id 5ffd1ca3004cc935004a0959 status to completed

-updated status for todo id 5ffd1ca3004cc935004a0959

-```

-List only the completed `todo`s

-```bash

-./todo list completed

-```

-You should see the one you just updated

-```bash

-listing 'completed' todos

-todo_id: 5ffd1ca3004cc935004a0959 | description: Create an Azure Cosmos DB database account | status: completed

-```

-Delete a `todo` using it's ID

-```bash

-./todo delete 5ffd1ca3004cc935004a0959

-```

-List the `todo`s to confirm

-```bash

-./todo list all

-```

-The `todo` you just deleted should not be present.

-### View data in Data Explorer

-Data stored in Azure Cosmos DB is available to view and query in the Azure portal.

-To view, query, and work with the user data created in the previous step, login to the [Azure portal](https://portal.azure.com) in your web browser.

-In the top Search box, enter **Azure Cosmos DB**. When your Cosmos account blade opens, select your Cosmos account. In the left navigation, select **Data Explorer**. Expand your collection in the Collections pane, and then you can view the documents in the collection, query the data, and even create and run stored procedures, triggers, and UDFs.

-## Review the code (optional)

-If you're interested in learning how the application works, you can review the code snippets in this section. The following snippets are taken from the `src/main.rs` file.

-The `main` function is the entry point for the `todo` application. It expects the connection URL for Azure Cosmos DB's API for MongoDB to be provided by the `MONGODB_URL` environment variable. A new instance of `TodoManager` is created, followed by a [`match` expression](https://doc.rust-lang.org/book/ch06-02-match.html) that delegates to the appropriate `TodoManager` method based on the operation chosen by the user - `create`, `update`, `list`, or `delete`.

-```rust

-fn main() {

- let conn_string = std::env::var_os("MONGODB_URL").expect("missing environment variable MONGODB_URL").to_str().expect("failed to get MONGODB_URL").to_owned();

- let todos_db_name = std::env::var_os("MONGODB_DATABASE").expect("missing environment variable MONGODB_DATABASE").to_str().expect("failed to get MONGODB_DATABASE").to_owned();

- let todos_collection_name = std::env::var_os("MONGODB_COLLECTION").expect("missing environment variable MONGODB_COLLECTION").to_str().expect("failed to get MONGODB_COLLECTION").to_owned();

- let tm = Todo

-

- let ops: Vec<String> = std::env::args().collect();

- let op = ops[1].as_str();

- match op {

- CREATE_OPERATION_NAME => tm.add_todo(ops[2].as_str()),

- LIST_OPERATION_NAME => tm.list_todos(ops[2].as_str()),

- UPDATE_OPERATION_NAME => tm.update_todo_status(ops[2].as_str(), ops[3].as_str()),

- DELETE_OPERATION_NAME => tm.delete_todo(ops[2].as_str()),

- _ => panic!(INVALID_OP_ERR_MSG)

- }

-}

-```

-`TodoManager` is a `struct` that encapsulates a [mongodb::sync::Collection](https://docs.rs/mongodb/1.1.1/mongodb/sync/struct.Collection.html). When you try to instantiate a `TodoManager` using the `new` function, it initiates a connection to Azure Cosmos DB's API for MongoDB.

-```rust

-struct TodoManager {

- coll: Collection

-}

-....

-impl TodoManager{

- fn new(conn_string: String, db_name: &str, coll_name: &str) -> Self{

- let mongo_client = Client::with_uri_str(&*conn_string).expect("failed to create client");

- let todo_coll = mongo_client.database(db_name).collection(coll_name);

-

- TodoManager{coll: todo_coll}

- }

-....

-```

-Most importantly, `TodoManager` has methods to help manage `todo`s. Let's go over them one by one.

-The `add_todo` method takes in a `todo` description provided by the user and creates an instance of `Todo` struct, which looks like below. The [serde](https://github.com/serde-rs/serde) framework is used to map (serialize/de-serialize) BSON data into instances of `Todo` structs. Notice how `serde` field attributes are used to customize the serialization/de-serialzation process. For example, `todo_id` field in the Todo `struct` is an `ObjectId` and it is stored in MongoDB as `_id`.

-```rust

-#[derive(Serialize, Deserialize)]

-struct Todo {

- #[serde(rename = "_id", skip_serializing_if = "Option::is_none")]

- todo_id: Option<bson::oid::ObjectId>,

- #[serde(rename = "description")]

- desc: String,

- status: String,

-}

-```

-[Collection.insert_one](https://docs.rs/mongodb/1.1.1/mongodb/struct.Collection.html#method.insert_one) accepts a [Document](https://docs.rs/bson/1.1.0/bson/document/struct.Document.html) representing the `todo` details to be added. Note that the conversion from `Todo` to a `Document` is a two-step process, achieved using a combination of [to_bson](https://docs.rs/bson/1.1.0/bson/ser/fn.to_bson.html) and [as_document](https://docs.rs/bson/1.1.0/bson/enum.Bson.html#method.as_document).

-```rust

-fn add_todo(self, desc: &str) {

- let new_todo = Todo {

- todo_id: None,

- desc: String::from(desc),

- status: String::from(TODO_PENDING_STATUS),

- };

-

- let todo_doc = mongodb::bson::to_bson(&new_todo).expect("struct to BSON conversion failed").as_document().expect("BSON to Document conversion failed").to_owned();

-

- let r = self.coll.insert_one(todo_doc, None).expect("failed to add todo");

- println!("inserted todo with id = {}", r.inserted_id);

-}

-```

-[Collection.find](https://docs.rs/mongodb/1.1.1/mongodb/struct.Collection.html#method.find) is used to get the retrieve *all* the `todo`s or filters them based on the user provided status (`pending` or `completed`). Note how in the `while` loop, each `Document` obtained as a result of the search is converted into a `Todo` struct using [bson::from_bson](https://docs.rs/bson/1.1.0/bson/de/fn.from_bson.html). This is the opposite of what was done in the `add_todo` method.

-```rust

-fn list_todos(self, status_filter: &str) {

- let mut filter = doc!{};

- if status_filter == TODO_PENDING_STATUS || status_filter == TODO_COMPLETED_STATUS{

- println!("listing '{}' todos",status_filter);

- filter = doc!{"status": status_filter}

- } else if status_filter != "all" {

- panic!(INVALID_FILTER_ERR_MSG)

- }

- let mut todos = self.coll.find(filter, None).expect("failed to find todos");

-

- while let Some(result) = todos.next() {

- let todo_doc = result.expect("todo not present");

- let todo: Todo = bson::from_bson(Bson::Document(todo_doc)).expect("BSON to struct conversion failed");

- println!("todo_id: {} | description: {} | status: {}", todo.todo_id.expect("todo id missing"), todo.desc, todo.status);

- }

-}

-```

-A `todo` status can be updated (from `pending` to `completed` or vice versa). The `todo` is converted to a

-[bson::oid::ObjectId](https://docs.rs/bson/1.1.0/bson/oid/struct.ObjectId.html) which then used by the[Collection.update_one](https://docs.rs/mongodb/1.1.1/mongodb/struct.Collection.html#method.update_one) method to locate the document that needs to be

-updated.

-```rust

-fn update_todo_status(self, todo_id: &str, status: &str) {

- if status != TODO_COMPLETED_STATUS && status != TODO_PENDING_STATUS {

- panic!(INVALID_FILTER_ERR_MSG)

- }

- println!("updating todo_id {} status to {}", todo_id, status);

-

- let id_filter = doc! {"_id": bson::oid::ObjectId::with_string(todo_id).expect("todo_id is not valid ObjectID")};

- let r = self.coll.update_one(id_filter, doc! {"$set": { "status": status }}, None).expect("update failed");

- if r.modified_count == 1 {

- println!("updated status for todo id {}",todo_id);

- } else if r.matched_count == 0 {

- println!("could not update. check todo id {}",todo_id);

- }

-}

-```

-Deleting a `todo` is straightforward using the [Collection.delete_one](https://docs.rs/mongodb/1.1.1/mongodb/struct.Collection.html#method.delete_one) method.

-```rust

-fn delete_todo(self, todo_id: &str) {

- println!("deleting todo {}", todo_id);

-

- let id_filter = doc! {"_id": bson::oid::ObjectId::with_string(todo_id).expect("todo_id is not valid ObjectID")};

- self.coll.delete_one(id_filter, None).expect("delete failed").deleted_count;

-}

-```

-## Clean up resources

-## Next steps

-In this quickstart, you learned how to create an Azure Cosmos DB MongoDB API account using the Azure Cloud Shell, and create and run a Rust command-line app to manage `todo`s. You can now import additional data to your Azure Cosmos DB account.

-Trying to do capacity planning for a migration to Azure Cosmos DB? You can use information about your existing database cluster for capacity planning.

-* If all you know is the number of vcores and servers in your existing database cluster, read about [estimating request units using vCores or vCPUs](../convert-vcore-to-request-unit.md)

-* If you know typical request rates for your current database workload, read about [estimating request units using Azure Cosmos DB capacity planner](estimate-ru-capacity-planner.md)

-> [!div class="nextstepaction"]

-> [Import MongoDB data into Azure Cosmos DB](../../dms/tutorial-mongodb-cosmos-db.md?toc=%2fazure%2fcosmos-db%2ftoc.json%253ftoc%253d%2fazure%2fcosmos-db%2ftoc.json)

-description: Presents a Xamarin code sample you can use to connect to and query with Azure Cosmos DB's API for MongoDB

-# QuickStart: Build a Xamarin.Forms app with .NET SDK and Azure Cosmos DB's API for MongoDB

-> [!div class="op_single_selector"]

-> * [.NET](create-mongodb-dotnet.md)

-> * [Python](create-mongodb-python.md)

-> * [Java](create-mongodb-java.md)

-> * [Node.js](create-mongodb-nodejs.md)

-> * [Xamarin](create-mongodb-xamarin.md)

-> * [Golang](create-mongodb-go.md)

->

-Azure Cosmos DB is Microsoft's globally distributed multi-model database service. You can quickly create and query document, key/value, and graph databases, all of which benefit from the global distribution and horizontal scale capabilities at the core of Azure Cosmos DB.

-This quickstart demonstrates how to create a [Cosmos account configured with Azure Cosmos DB's API for MongoDB](mongodb-introduction.md), document database, and collection using the Azure portal. You'll then build a todo app Xamarin.Forms app by using the [MongoDB .NET driver](https://docs.mongodb.com/ecosystem/drivers/csharp/).

-## Prerequisites to run the sample app

-To run the sample, you'll need [Visual Studio](https://www.visualstudio.com/downloads/) or [Visual Studio for Mac](https://visualstudio.microsoft.com/vs/mac/) and a valid Azure CosmosDB account.

-If you don't already have Visual Studio, download [Visual Studio 2019 Community Edition](https://www.visualstudio.com/downloads/) with the **Mobile development with .NET** workload installed with setup.

-If you prefer to work on a Mac, download [Visual Studio for Mac](https://visualstudio.microsoft.com/vs/mac/) and run the setup.

-<a id="create-account"></a>

-## Create a database account

-The sample described in this article is compatible with MongoDB.Driver version 2.6.1.

-## Clone the sample app

-First, download the sample app from GitHub. It implements a todo app with MongoDB's document storage model.

-# [Windows](#tab/windows)

-1. On Windows open a command prompt or on Mac open the terminal, create a new folder named git-samples, then close the window.

- ```batch

- md "C:\git-samples"

- ```

- ```bash

- mkdir '$home\git-samples\

- ```

-2. Open a git terminal window, such as git bash, and use the `cd` command to change to the new folder to install the sample app.

- ```bash

- cd "C:\git-samples"

- ```

-3. Run the following command to clone the sample repository. This command creates a copy of the sample app on your computer.

- ```bash

- git clone https://github.com/Azure-Samples/azure-cosmos-db-mongodb-xamarin-getting-started.git

- ```

-If you don't wish to use git, you can also [download the project as a ZIP file](https://github.com/Azure-Samples/azure-cosmos-db-mongodb-xamarin-getting-started/archive/master.zip)

-## Review the code

-This step is optional. If you're interested in learning how the database resources are created in the code, you can review the following snippets. Otherwise, you can skip ahead to [Update your connection string](#update-your-connection-string).

-The following snippets are all taken from the `MongoService` class, found at the following path: src/TaskList.Core/Services/MongoService.cs.

-* Initialize the Mongo Client.

- ```cs

- MongoClientSettings settings = MongoClientSettings.FromUrl(new MongoUrl(APIKeys.ConnectionString));

- settings.SslSettings = new SslSettings() { EnabledSslProtocols = SslProtocols.Tls12 };

- settings.RetryWrites = false;

- MongoClient mongoClient = new MongoClient(settings);

- ```

-* Retrieve a reference to the database and collection. The MongoDB .NET SDK will automatically create both the database and collection if they do not already exist.

- ```cs

- string dbName = "MyTasks";

- string collectionName = "TaskList";

- var db = mongoClient.GetDatabase(dbName);

- var collectionSettings = new MongoCollectionSettings

- {

- ReadPreference = ReadPreference.Nearest

- };

- tasksCollection = db.GetCollection<MyTask>(collectionName, collectionSettings);

- ```

-* Retrieve all documents as a List.

- ```cs

- var allTasks = await TasksCollection

- .Find(new BsonDocument())

- .ToListAsync();

- ```

-* Query for particular documents.

- ```cs

- public async Task<List<MyTask>> GetIncompleteTasksDueBefore(DateTime date)

- {

- var tasks = await TasksCollection

- .AsQueryable()

- .Where(t => t.Complete == false)

- .Where(t => t.DueDate < date)

- .ToListAsync();

- return tasks;

- }

- ```

-* Create a task and insert it into the collection.

- ```cs

- public async Task CreateTask(MyTask task)

- {

- await TasksCollection.InsertOneAsync(task);

- }

- ```

-* Update a task in a collection.

- ```cs

- public async Task UpdateTask(MyTask task)

- {

- await TasksCollection.ReplaceOneAsync(t => t.Id.Equals(task.Id), task);

- }

- ```

-* Delete a task from a collection.

- ```cs

- public async Task DeleteTask(MyTask task)

- {

- await TasksCollection.DeleteOneAsync(t => t.Id.Equals(task.Id));

- }

- ```

-<a id="update-your-connection-string"></a>

-## Update your connection string

-Now go back to the Azure portal to get your connection string information and copy it into the app.

-1. In the [Azure portal](https://portal.azure.com/), in your Azure Cosmos DB account, in the left navigation click **Connection String**, and then click **Read-write Keys**. You'll use the copy buttons on the right side of the screen to copy the Primary Connection String in the next steps.

-2. Open the **APIKeys.cs** file in the **Helpers** directory of the **TaskList.Core** project.

-3. Copy your **primary connection string** value from the portal (using the copy button) and make it the value of the **ConnectionString** field in your **APIKeys.cs** file.

-4. Remove `&replicaSet=globaldb` from the connection string. You will get a runtime error if you do not remove that value from the query string.

-> [!IMPORTANT]

-> You must remove the `&replicaSet=globaldb` key/value pair from the connection string's query string in order to avoid a runtime error.

-You've now updated your app with all the info it needs to communicate with Azure Cosmos DB.

-## Run the app

-### Visual Studio 2019

-1. In Visual Studio, right-click on each project in **Solution Explorer** and then click **Manage NuGet Packages**.

-2. Click **Restore all NuGet packages**.

-3. Right click on the **TaskList.Android** and select **Set as startup project**.

-4. Press F5 to start debugging the application.

-5. If you want to run on iOS, first your machine is connected to a Mac (here are [instructions](/xamarin/ios/get-started/installation/windows/introduction-to-xamarin-ios-for-visual-studio) on how to do so).

-6. Right click on **TaskList.iOS** project and select **Set as startup project**.

-7. Click F5 to start debugging the application.

-### Visual Studio for Mac

-1. In the platform dropdown list, select either TaskList.iOS or TaskList.Android, depending which platform you want to run on.

-2. Press cmd+Enter to start debugging the application.

-## Review SLAs in the Azure portal

-## Clean up resources

-## Next steps

-In this quickstart, you've learned how to create an Azure Cosmos DB account and run a Xamarin.Forms app using the API for MongoDB. You can now import additional data to your Cosmos DB account.

-Trying to do capacity planning for a migration to Azure Cosmos DB? You can use information about your existing database cluster for capacity planning.

-* If all you know is the number of vcores and servers in your existing database cluster, read about [estimating request units using vCores or vCPUs](../convert-vcore-to-request-unit.md)

-* If you know typical request rates for your current database workload, read about [estimating request units using Azure Cosmos DB capacity planner](estimate-ru-capacity-planner.md)

-> [!div class="nextstepaction"]

-> [Import data into Azure Cosmos DB configured with Azure Cosmos DB's API for MongoDB](../../dms/tutorial-mongodb-cosmos-db.md?toc=%2fazure%2fcosmos-db%2ftoc.json%253ftoc%253d%2fazure%2fcosmos-db%2ftoc.json)

-|Region failed over |Operator: Greater than, Aggregation type: Count, Threshold value: 1 | When a single region is failed over. This alert is helpful if you didn't enable automatic failover. |

-* [Enable automatic failover](#enable-automatic-failover)

-Set the failover priority for an Azure Cosmos account configured for automatic failover

-### Enable automatic failover

-# Enable automatic failover on an existing account

-* [Additional Azure CLI samples for Azure Cosmos DB](cli-samples.md)

-This command creates an Azure Cosmos DB database account with [multiple regions][distribute-data-globally], [automatic failover](../how-to-manage-database-account.md#automatic-failover) and bounded-staleness [consistency policy](../consistency-levels.md).

-# First disable automatic failover - cannot have both automatic

-### <a id="enable-automatic-failover"></a> Enable automatic failover

-# Now enable automatic failover

-For accounts configured with Automatic Failover, you can change the order in which Cosmos will promote secondary replicas to primary should the primary become unavailable.

-# Quickstart: Build a Java app to manage Azure Cosmos DB Table API data

-In this quickstart, you create an Azure Cosmos DB Table API account, and use Data Explorer and a Java app cloned from GitHub to create tables and entities. Azure Cosmos DB is a multi-model database service that lets you quickly create and query document, table, key-value, and graph databases with global distribution and horizontal scale capabilities.

-## Create a database account

-> [!IMPORTANT]

-> You need to create a new Table API account to work with the generally available Table API SDKs. Table API accounts created during preview are not supported by the generally available SDKs.

->

-## Add a table

-## Add sample data

-## Clone the sample application

-Now let's clone a Table app from GitHub, set the connection string, and run it. You'll see how easy it is to work with data programmatically.

-1. Open a command prompt, create a new folder named git-samples, then close the command prompt.

- ```bash

- md "C:\git-samples"

- ```

-2. Open a git terminal window, such as git bash, and use the `cd` command to change to the new folder to install the sample app.

- ```bash

- cd "C:\git-samples"

- ```

-3. Run the following command to clone the sample repository. This command creates a copy of the sample app on your computer.

- ```bash

- git clone https://github.com/Azure-Samples/storage-table-java-getting-started.git

- ```

-> [!TIP]

-> For a more detailed walkthrough of similar code, see the [Cosmos DB Table API sample](how-to-use-java.md) article.

-## Review the code

-This step is optional. If you're interested in learning how the database resources are created in the code, you can review the following snippets. Otherwise, you can skip ahead to [update the connection string](#update-your-connection-string) section of this doc.

-* The following code shows how to create a table within the Azure Storage:

- ```java

- private static CloudTable createTable(CloudTableClient tableClient, String tableName) throws StorageException, RuntimeException, IOException, InvalidKeyException, IllegalArgumentException, URISyntaxException, IllegalStateException {

-

- // Create a new table

- CloudTable table = tableClient.getTableReference(tableName);

- try {

- if (table.createIfNotExists() == false) {

- throw new IllegalStateException(String.format("Table with name \"%s\" already exists.", tableName));

- catch (StorageException s) {

- if (s.getCause() instanceof java.net.ConnectException) {

- System.out.println("Caught connection exception from the client. If running with the default configuration please make sure you have started the storage emulator.");

- throw s;

- return table;

- }

- ```

-* The following code shows how to insert data into the table:

- ```javascript

- private static void batchInsertOfCustomerEntities(CloudTable table) throws StorageException {

-

- // Create the batch operation

- TableBatchOperation batchOperation1 = new TableBatchOperation();

- for (int i = 1; i <= 50; i++) {

- CustomerEntity entity = new CustomerEntity("Smith", String.format("%04d", i));

- entity.setEmail(String.format("smith%04d@contoso.com", i));

- entity.setHomePhoneNumber(String.format("425-555-%04d", i));

- entity.setWorkPhoneNumber(String.format("425-556-%04d", i));

- batchOperation1.insertOrMerge(entity);

- }

-

- // Execute the batch operation

- table.execute(batchOperation1);

- }

- ```

-* The following code shows how to query data from the table:

- ```java

- private static void partitionScan(CloudTable table, String partitionKey) throws StorageException {

-

- // Create the partition scan query

- TableQuery<CustomerEntity> partitionScanQuery = TableQuery.from(CustomerEntity.class).where(

- (TableQuery.generateFilterCondition("PartitionKey", QueryComparisons.EQUAL, partitionKey)));

-

- // Iterate through the results

- for (CustomerEntity entity : table.execute(partitionScanQuery)) {

- System.out.println(String.format("\tCustomer: %s,%s\t%s\t%s\t%s", entity.getPartitionKey(), entity.getRowKey(), entity.getEmail(), entity.getHomePhoneNumber(), entity. getWorkPhoneNumber()));

- }

- }

- ```

-* The following code shows how to delete data from the table:

- ```java

-

- System.out.print("\nDelete any tables that were created.");

-

- if (table1 != null && table1.deleteIfExists() == true) {

- System.out.println(String.format("\tSuccessfully deleted the table: %s", table1.getName()));

- }

-

- if (table2 != null && table2.deleteIfExists() == true) {

- System.out.println(String.format("\tSuccessfully deleted the table: %s", table2.getName()));

- }

- ```

-## Update your connection string

-Now go back to the Azure portal to get your connection string information and copy it into the app. This enables your app to communicate with your hosted database.

-1. In your Azure Cosmos DB account in the [Azure portal](https://portal.azure.com/), select **Connection String**.

- :::image type="content" source="./media/create-table-java/cosmos-db-quickstart-connection-string.png" alt-text="View the connection string information in the Connection String pane":::

-2. Copy the PRIMARY CONNECTION STRING using the copy button on the right.

-3. Open *config.properties* from the *C:\git-samples\storage-table-java-getting-started\src\main\resources* folder.

-5. Comment out line one and uncomment line two. The first two lines should now look like this.

- ```xml

- #StorageConnectionString = UseDevelopmentStorage=true

- StorageConnectionString = DefaultEndpointsProtocol=https;AccountName=[ACCOUNTNAME];AccountKey=[ACCOUNTKEY]

- ```

-6. Paste your PRIMARY CONNECTION STRING from the portal into the StorageConnectionString value in line 2.

- > [!IMPORTANT]

- > If your Endpoint uses documents.azure.com, that means you have a preview account, and you need to create a [new Table API account](#create-a-database-account) to work with the generally available Table API SDK.

- >

-7. Save the *config.properties* file.

-You've now updated your app with all the info it needs to communicate with Azure Cosmos DB.

-## Run the app

-1. In the git terminal window, `cd` to the storage-table-java-getting-started folder.

- ```git

- cd "C:\git-samples\storage-table-java-getting-started"

- ```

-2. In the git terminal window, run the following commands to run the Java application.

- ```git

- mvn compile exec:java

- ```

- The console window displays the table data being added to the new table database in Azure Cosmos DB.

- You can now go back to Data Explorer and see, query, modify, and work with this new data.

-## Review SLAs in the Azure portal

-In this quickstart, you learned how to create an Azure Cosmos DB account, create a table using the Data Explorer, and run a Java app to add table data. Now you can query your data using the Table API.

-> [Import table data to the Table API](table-import.md)

-The Azure Cosmos DB Emulator provides a local environment that emulates the Azure Cosmos DB service for development purposes. The emulator allows you to develop and test your application locally, without creating an Azure subscription or incurring any costs.

-The Azure Cosmos DB Emulator build task for Azure DevOps allows you to do the same in a CI environment. With the build task, you can run tests against the emulator as part of your build and release workflows. The task spins up a Docker container with the emulator already running and provides an endpoint that can be used by the rest of the build definition. You can create and start as many instances of the emulator as you need, each running in a separate container.

-This article demonstrates how to set up a CI pipeline in Azure DevOps for an ASP.NET application that uses the Cosmos DB emulator build task to run tests. You can use a similar approach to set up a CI pipeline for a Node.js or a Python application.

-## Install the emulator build task

-To use the build task, we first need to install it onto our Azure DevOps organization. Find the extension **Azure Cosmos DB Emulator** in the [Marketplace](https://marketplace.visualstudio.com/items?itemName=azure-cosmosdb.emulator-public-preview) and click **Get it free.**

-Next, choose the organization in which to install the extension.

-> To install an extension to an Azure DevOps organization, you must be an account owner or project collection administrator. If you do not have permissions, but you are an account member, you can request extensions instead. [Learn more.](/azure/devops/marketplace/faq-extensions)

-## Create a build definition

-Now that the extension is installed, sign in to your Azure DevOps organization and find your project from the projects dashboard. You can add a [build pipeline](/azure/devops/pipelines/get-started-designer?preserve-view=true&tabs=new-nav) to your project or modify an existing build pipeline. If you already have a build pipeline, you can skip ahead to [Add the Emulator build task to a build definition](#addEmulatorBuildTaskToBuildDefinition).

-1. To create a new build definition, navigate to the **Builds** tab in Azure DevOps. Select **+New.** \> **New build pipeline**

- :::image type="content" source="./media/tutorial-setup-ci-cd/CreateNewBuildDef_1.png" alt-text="Create a new build pipeline":::

-2. Select the desired **source**, **Team project**, **Repository**, and the **Default branch for manual and scheduled builds**. After choosing the required options, select **Continue**

- :::image type="content" source="./media/tutorial-setup-ci-cd/CreateNewBuildDef_2.png" alt-text="Select the team project, repository, and branch for the build pipeline":::

-3. Finally, select the desired template for the build pipeline. We'll select the **ASP.NET** template in this tutorial. Now you have a build pipeline that you can set up to use the Azure Cosmos DB Emulator build task.

-> [!NOTE]

-> The agent pool to be selected for this CI should have Docker for Windows installed unless the installation is done manually in a prior task as a part of the CI. See [Microsoft hosted agents](/azure/devops/pipelines/agents/hosted?tabs=yaml) article for a selection of agent pools; we recommend to start with `Hosted VS2017`.

-Azure Cosmos DB Emulator currently doesnΓÇÖt support hosted VS2019 agent pool. However, the emulator already comes with VS2019 installed and you use it by starting the emulator with the following PowerShell cmdlets. If you run into any issues when using the VS2019, reach out to the [Azure DevOps](https://developercommunity.visualstudio.com/spaces/21/https://docsupdatetracker.net/index.html) team for help:

-```powershell

-Start-CosmosDbEmulator

-```

-## <a name="addEmulatorBuildTaskToBuildDefinition"></a>Add the task to a build pipeline

-1. Before adding a task to the build pipeline, you should add an agent job. Navigate to your build pipeline, select the **...** and choose **Add an agent job**.

-1. Next select the **+** symbol next to the agent job to add the emulator build task. Search for **cosmos** in the search box, select **Azure Cosmos DB Emulator** and add it to the agent job. The build task will start up a container with an instance of the Cosmos DB emulator already running on it. The Azure Cosmos DB Emulator task should be placed before any other tasks that expect the emulator to be in running state.

- :::image type="content" source="./media/tutorial-setup-ci-cd/addExtension_3.png" alt-text="Add the Emulator build task to the build definition":::

-In this tutorial, you'll add the task to the beginning to ensure the emulator is available before our tests execute.

-### Add the task using YAML

-This step is optional and it's only required if you are setting up the CI/CD pipeline by using a YAML task. In such cases, you can define the YAML task as shown in the following code:

-```yml

- displayName: 'Run Azure Cosmos DB Emulator'

- displayName: 'Run API tests (Cosmos DB)'

- env:

- HOST: $(CosmosDbEmulator.Endpoint)

- # Hardcoded key for emulator, not a secret

- AUTH_KEY: C2y6yDjf5/R+ob0N8A7Cgv30VRDJIWEHLM+4QDU5DE2nQ9nDuVTqobD4b8mGGyPMbIZnqyMsEcaGQy67XIw/Jw==

- # The emulator uses a self-signed cert, disable TLS auth errors

- NODE_TLS_REJECT_UNAUTHORIZED: '0'

-```

-## Configure tests to use the emulator

-Now, we'll configure our tests to use the emulator. The emulator build task exports an environment variable ΓÇô ΓÇÿCosmosDbEmulator.EndpointΓÇÖ ΓÇô that any tasks further in the build pipeline can issue requests against.

-In this tutorial, we'll use the [Visual Studio Test task](https://github.com/Microsoft/azure-pipelines-tasks/blob/master/Tasks/VsTestV2/README.md) to run unit tests configured via a **.runsettings** file. To learn more about unit test setup, visit the [documentation](/visualstudio/test/configure-unit-tests-by-using-a-dot-runsettings-file?preserve-view=true&view=vs-2017). The complete Todo application code sample that you use in this document is available on [GitHub](https://github.com/Azure-Samples/cosmos-dotnet-core-todo-app)

-Below is an example of a **.runsettings** file that defines parameters to be passed into an application's unit tests. Note the `authKey` variable used is the [well-known key](./local-emulator.md#authenticate-requests) for the emulator. This `authKey` is the key expected by the emulator build task and should be defined in your **.runsettings** file.

-```csharp

-<RunSettings>

- <TestRunParameters>

- <Parameter name="endpoint" value="https://localhost:8081" />

- <Parameter name="authKey" value="C2y6yDjf5/R+ob0N8A7Cgv30VRDJIWEHLM+4QDU5DE2nQ9nDuVTqobD4b8mGGyPMbIZnqyMsEcaGQy67XIw/Jw==" />

- <Parameter name="database" value="ToDoListTest" />

- <Parameter name="collection" value="ItemsTest" />

- </TestRunParameters>

-</RunSettings>

-```

-If you are setting up a CI/CD pipeline for an application that uses the Azure Cosmos DB's API for MongoDB, the connection string by default includes the port number 10255. However, this port is not currently open, as an alternate, you should use port 10250 to establish the connection. The Azure Cosmos DB's API for MongoDB connection string remains the same except the supported port number is 10250 instead of 10255.

-These parameters `TestRunParameters` are referenced via a `TestContext` property in the application's test project. Here is an example of a test that runs against Cosmos DB.

-```csharp

-namespace todo.Tests

-{

- [TestClass]

- public class TodoUnitTests

- {

- public TestContext TestContext { get; set; }

- [TestInitialize()]

- public void Initialize()

- {

- string endpoint = TestContext.Properties["endpoint"].ToString();

- string authKey = TestContext.Properties["authKey"].ToString();

- Console.WriteLine("Using endpoint: ", endpoint);

- DocumentDBRepository<Item>.Initialize(endpoint, authKey);

- }

- [TestMethod]

- public async Task TestCreateItemsAsync()

- {

- var item = new Item

- {

- Id = "1",

- Name = "testName",

- Description = "testDescription",

- Completed = false,

- Category = "testCategory"

- };

- // Create the item

- await DocumentDBRepository<Item>.CreateItemAsync(item);

- // Query for the item

- var returnedItem = await DocumentDBRepository<Item>.GetItemAsync(item.Id, item.Category);

- // Verify the item returned is correct.

- Assert.AreEqual(item.Id, returnedItem.Id);

- Assert.AreEqual(item.Category, returnedItem.Category);

- }

- [TestCleanup()]

- public void Cleanup()

- {

- DocumentDBRepository<Item>.Teardown();

- }

- }

-Navigate to the Execution Options in the Visual Studio Test task. In the **Settings file** option, specify that the tests are configured using the **.runsettings** file. In the **Override test run parameters** option, add in `-endpoint $(CosmosDbEmulator.Endpoint)`. Doing so will configure the Test task to refer to the endpoint of the emulator build task, instead of the one defined in the **.runsettings** file.

-## Run the build

-Now, **Save and queue** the build.

-Once the build has started, observe the Cosmos DB emulator task has begun pulling down the Docker image with the emulator installed.

-After the build completes, observe that your tests pass, all running against the Cosmos DB emulator from the build task!

-To export emulator TLS/SSL certificates, see [Export the Azure Cosmos DB Emulator certificates for use with Java, Python, and Node.js](./local-emulator-export-ssl-certificates.md)

-> [!VIDEO https://aka.ms/docs.modeling-data]

-* If you'd like to read more about customers using Azure Cosmos DB, see the [customer case studies](https://azure.microsoft.com/case-studies/?service=cosmos-db) page.

-An invoice is generated based on your billing account type. Invoices are created for Microsoft Online Service Program (MOSP), Microsoft Customer Agreement (MCA), and Microsoft Partner Agreement (MPA) billing accounts. Invoices are also generated for Enterprise Agreement (EA) billing accounts. However, invoices for EA billing accounts aren't shown in the Azure portal.

-An invoice is only generated for a support plan subscription that belongs to an MOSP billing account. [Check your access to an MOSP account](../manage/view-all-accounts.md#check-the-type-of-your-account).

-You must have an account admin role on a subscription or a support plan to opt in to receive its invoice by email. Once you've opted-in you can add additional recipients, who receive the invoice by email as well.

-1. Sign in to the [Azure portal](https://portal.azure.com).

-2. Search for **Cost Management + Billing**.

-3. Select **Invoices** from the left-hand side.

-4. Select your Azure subscription or support plan subscription and then select **Receive invoice by email**.

- [](./media/download-azure-invoice/cmb-email-invoice-zoomed-in.png#lightbox)

-5. Click **Email invoice** and accept the terms.

- 

-6. The invoice is sent to your preferred communication email. Select **Update profile** to update the email.

- 

-## Share subscription and support plan invoice

-You may want to share the invoice for your subscription and support plan every month with your accounting team or send them to one of your other email addresses.

-1. Follow the steps in [Get your subscription's and support plan's invoices in email](#get-mosp-subscription-invoice-in-email) and select **Configure recipients**.

- [](./media/download-azure-invoice/invoice-article-step03-zoomed.png#lightbox)

-1. Enter an email address, and then select **Add recipient**. You can add multiple email addresses.

- 

-1. Once you've added all the email addresses, select **Done** from the bottom of the screen.

-**Enable incremental extract (preview)**: If your table has a timestamp column, you can enable incremental extract. ADF will prompt you to choose a timestamp field that will be used to query for changed rows from the last time the pipeline ran. ADF will handle storing the watermark and querying changed rows for you. This feature is currently in public preview.

- disjoint: true

-When the scanner reports vulnerabilities to Defender for Cloud, Defender for Cloud presents the findings and related information as recommendations. In addition, the findings include related information such as remediation steps, relevant CVEs, CVSS scores, and more. You can view the identified vulnerabilities for one or more subscriptions, or for a specific registry.

-1. To view the findings, open the **Recommendations** page. If issues were found, you'll see the recommendation [Container registry images should have vulnerability findings resolved (powered by Qualys)](https://portal.azure.com/#blade/Microsoft_Azure_Security/RecommendationsBlade/assessmentKey/dbd0cb49-b563-45e7-9724-889e799fa648).

- 1. Check the recommendations page for the recommendation [Container registry images should have vulnerability findings resolved (powered by Qualys)](https://portal.azure.com/#blade/Microsoft_Azure_Security/RecommendationsBlade/assessmentKey/dbd0cb49-b563-45e7-9724-889e799fa648).

-1. From the recommendations detail page for [Container registry images should have vulnerability findings resolved (powered by Qualys)](https://portal.azure.com/#blade/Microsoft_Azure_Security/RecommendationsBlade/assessmentKey/dbd0cb49-b563-45e7-9724-889e799fa648), select **Disable rule**.

-| Security Policy & Regulatory Compliance | | :::image type="icon" source="./media/icons/yes-icon.png"::: |

-Yes, you can create custom alerts based on multiple parameters including IP/MAC address, protocol type, class, service, function, command, etc. as well as values of custom tags contained in the payloads. See [Create custom alerts](quickstart-create-custom-alerts.md) to learn more about custom alerts and how to create them.

-Microsoft Defender for IoT supports both physical and virtual deployments. For physical deployments, you'll be able to purchase certified appliances with software pre-installed, or download software to install yourself.

-description: Learn about hardware and virtual appliances for certified Microsoft Defender for IoT sensors and the on-premises management console.

-# OT monitoring appliance catalog

-This article provides information on certified Defender for IoT sensor appliances. Defender for IoT can be deployed on physical and virtual appliances.

-This includes certified *pre-configured* appliances, on which software is already installed, and non-configured certified appliances, on which you can download and install required software.

-The article also provides specifications for an on-premises management console appliance. The on-premises management console is not available as a pre-configured appliance.

-After you've completed the tasks here, you can install the software and set up your network.

-## Sensor appliances

-Defender for IoT supports both physical and virtual deployments.

-### Physical sensors

-This section provides an overview of physical sensor models that are available. You can purchase sensors with pre-configured software or purchase sensors that are not pre-configured.

- :::image type="content" source="media/how-to-prepare-your-network/azure-defender-for-iot-sensor-download-software-screen.png" alt-text="Network sensors ISO.":::

- > [!NOTE]

- > <a name="anchortext"></a>For each model, bandwidth capacity can vary, depending on the distribution of protocols.

-For more information about each model, see [Appliance specifications](#appliance-specifications).

-#### Corporate sensors

-|Element |Description |

-|||

-|**Model** | HPE ProLiant DL360 |

-|**Monitoring ports** | Up to 15 RJ45 or 8 OPT |

-|**Maximum bandwidth**^{[1](#anchortext)} | 3 Gb/sec |

-|**Maximum protected devices** | 12,000 |

-#### Enterprise sensors

-|Element |Description |

-|||

-|**Model** | HPE ProLiant DL20 |

-|**Monitoring ports** | Up to 8 RJ45 or 6 OPT |

-|**Maximum bandwidth**^{[1](#anchortext)} | 1 Gb/sec |

-|**Maximum protected devices** | 10,000 |

-#### SMB rack mount

-|Element |Description |

-|||

-|**Model** | HPE ProLiant DL20 |

-|**Monitoring ports** | Up to 4 RJ45 |

-|**Maximum bandwidth**^{[1](#anchortext)} | 200 Mb/Sec |

-|**Maximum protected devices** | 1,000 |

-#### SMB ruggedized

-|Element |Description |

-|||

-|**Model** | HPE EL300 |

-|**Monitoring ports** | Up to 5 RJ45 |

-|**Maximum bandwidth**^{[1](#anchortext)} | 100 Mb/sec |

-|**Maximum protected devices** | 800 |

-#### Office Ruggedized

-|Element |Description |

-|||

-|**Model** | YS-techsystems YS-FIT2 |

-|**Monitoring ports** | Up to 2 RJ45 |

-|**Maximum bandwidth**^{[1](#anchortext)} | 10 Mb/sec |

-|**Maximum protected devices** | 100 |

-### Virtual sensors

-This section describes virtual sensors that are available.

-| Deployment type | Corporate | Enterprise | SMB |

-|--|--|--|--|

-| Maximum bandwidth | 2.5 Gb/sec | 800 Mb/sec | 160 Mb/sec |

-| Maximum protected devices | 12,000 | 10,000 | 800 |

-## On-premises management console appliance

-The management console is available as a virtual deployment.

-| Deployment type | Enterprise |

-|--|--|

-| Appliance type | HPE DL20, VM |

-| Number of managed sensors | Up to 300 |

-After you acquire an on-premises management console, go to **Defender for IoT** > **On-premises management console** > **ISO Installation** to download the ISO.

-## Appliance specifications

-This section describes hardware specifications for supported models.

-### Corporate deployment: HPE ProLiant DL360

-| Component | Technical specifications |

-|--|--|

-| Chassis | 1U rack server |

-| Dimensions | 42.9 x 43.46 x 70.7 (cm)/1.69" x 17.11" x 27.83" (in) |

-| Weight | Max 16.27 kg (35.86 lb) |

-| Processor | Intel Xeon Silver 4215 R 3.2 GHz, 11M cache, 8c/16T, 130 W |

-| Chipset | Intel C621 |

-| Memory | 32 GB = 2 x 16-GB 2666MT/s DDR4 ECC UDIMM |

-| Storage | 6 x 1.2-TB SAS 12G Enterprise 10K SFF (2.5 in) in Hot-Plug Hard Drive - RAID 5 |

-| Network controller | On-board: 2 x 1 Gb <br>On-board: iLO Port Card 1 Gb <br>External: 1 x HPE Ethernet 1-Gb 4-port 366FLR Adapter |

-| Management | HPE iLO Advanced |

-| Device access | Two rear USB 3.0<br>One front USB 2.0<br>One internal USB 3.0 |

-| Power | 2 x HPE 500 W Flex Slot Platinum Hot Plug Low Halogen Power Supply Kit |

-| Rack support | HPE 1U Gen10 SFF Easy Install Rail Kit |

-#### Appliance BOM

-| PN | Description | Quantity |

-|--|--|--|

-| P19766-B21 | HPE DL360 Gen10 8SFF NC CTO Server | 1 |

-| P19766-B21 | Europe - Multilingual Localization | 1 |

-| P24479-L21 | Intel Xeon-S 4215 R FIO Kit for DL360 G10 | 1 |

-| P24479-B21 | Intel Xeon-S 4215 R Kit for DL360 Gen10 | 1 |

-| P00922-B21 | HPE 16-GB 2Rx8 PC4-2933Y-R Smart Kit | 2 |

-| 872479-B21 | HPE 1.2-TB SAS 10K SFF SC DS HDD | 6 |

-| 811546-B21 | HPE 1-GbE 4-p BASE-T I350 Adapter | 1 |

-| P02377-B21 | HPE Smart Hybrid Capacitor w\_ 145 mm Cable | 1 |

-| 804331-B21 | HPE Smart Array P408i-a SR Gen10 Controller | 1 |

-| 665240-B21 | HPE 1-GbE 4-p FLR-T I350 Adapter | 1 |

-| 871244-B21 | HPE DL360 Gen10 High Performance Fan Kit | 1 |

-| 865408-B21 | HPE 500-W FS Plat Hot Plug LH Power Supply Kit | 2 |

-| 512485-B21 | HPE iLO Adv 1-Server License 1 Year Support | 1 |

-| 874543-B21 | HPE 1U Gen10 SFF Easy Install Rail Kit | 1 |

-### Enterprise deployment: HPE ProLiant DL20

-| Component | Technical specifications |

-|--|--|

-| Chassis | 1U rack server |

-| Dimensions (height x width x depth) | 4.32 x 43.46 x 38.22 cm/1.70 x 17.11 x 15.05 inch |

-| Weight | 7.9 kg/17.41 lb |

-| Processor | Intel Xeon E-2234, 3.6 GHz, 4C/8T, 71 W |

-| Chipset | Intel C242 |

-| Memory | 2 x 16-GB Dual Rank x8 DDR4-2666 |

-| Storage | 3 x 1-TB SATA 6G Midline 7.2 K SFF (2.5 in) ΓÇô RAID 5 with Smart Array P408i-a SR Controller |

-| Network controller | On-board: 2 x 1 Gb <br>On-board: iLO Port Card 1 Gb <br>External: 1 x HPE Ethernet 1-Gb 4-port 366FLR Adapter |

-| Management | HPE iLO Advanced |

-| Device access | Front: 1 x USB 3.0, 1 x USB iLO Service Port <br>Rear: 2 x USB 3.0 <br>Internal: 1 x USB 3.0 |

-| Power | Dual Hot Plug Power Supplies 500 W |

-| Rack support | HPE 1U Short Friction Rail Kit |

-#### Appliance BOM

-| PN | Description: high end | Quantity |

-|--|--|--|

-| P06963-B21 | HPE DL20 Gen10 4SFF CTO Server | 1 |

-| P06963-B21 | HPE DL20 Gen10 4SFF CTO Server | 1 |

-| P17104-L21 | HPE DL20 Gen10 E-2234 FIO Kit | 1 |

-| 879507-B21 | HPE 16-GB 2Rx8 PC4-2666V-E STND Kit | 2 |

-| 655710-B21 | HPE 1-TB SATA 7.2 K SFF SC DS HDD | 3 |

-| P06667-B21 | HPE DL20 Gen10 x8x16 FLOM Riser Kit | 1 |

-| 665240-B21 | HPE Ethernet 1-Gb 4-port 366FLR Adapter | 1 |

-| 782961-B21 | HPE 12-W Smart Storage Battery | 1 |

-| 869081-B21 | HPE Smart Array P408i-a SR G10 LH Controller | 1 |

-| 865408-B21 | HPE 500-W FS Plat Hot Plug LH Power Supply Kit | 2 |

-| 512485-B21 | HPE iLO Adv 1-Server License 1 Year Support | 1 |

-| P06722-B21 | HPE DL20 Gen10 RPS Enablement FIO Kit | 1 |

-| 775612-B21 | HPE 1U Short Friction Rail Kit | 1 |

-### SMB deployment: HPE ProLiant DL20

-| Component | Technical specifications |

-|--|--|

-| Chassis | 1U rack server |

-| Dimensions (height x width x depth) | 4.32 x 43.46 x 38.22 cm/1.70 x 17.11 x 15.05 inch |

-| Weight | 7.88 kg/17.37 lb |

-| Processor | Intel Xeon E-2224, 3.4 GHz, 4C, 71 W |

-| Chipset | Intel C242 |

-| Memory | 1 x 8-GB Dual Rank x8 DDR4-2666 |

-| Storage | 2 x 1-TB SATA 6G Midline 7.2 K SFF (2.5 in) ΓÇô RAID 1 with Smart Array P208i-a |

-| Network controller | On-board: 2 x 1 Gb <br>On-board: iLO Port Card 1 Gb <br>External: 1 x HPE Ethernet 1-Gb 4-port 366FLR Adapter |

-| Management | HPE iLO Advanced |

-| Device access | Front: 1 x USB 3.0, 1 x USB iLO Service Port <br>Rear: 2 x USB 3.0 <br>Internal: 1 x USB 3.0 |

-| Power | Hot Plug Power Supply 290 W |

-| Rack support | HPE 1U Short Friction Rail Kit |

-#### Appliance BOM

-| PN | Description | Quantity |

-|--|--|--|

-| P06961-B21 | HPE DL20 Gen10 NHP 2LFF CTO Server | 1 |

-| P06961-B21 | HPE DL20 Gen10 NHP 2LFF CTO Server | 1 |

-| P17102-L21 | HPE DL20 Gen10 E-2224 FIO Kit | 1 |

-| 879505-B21 | HPE 8-GB 1Rx8 PC4-2666V-E STND Kit | 1 |

-| 801882-B21 | HPE 1-TB SATA 7.2 K LFF RW HDD | 2 |

-| P06667-B21 | HPE DL20 Gen10 x8x16 FLOM Riser Kit | 1 |

-| 665240-B21 | HPE Ethernet 1-Gb 4-port 366FLR Adapter | 1 |

-| 869079-B21 | HPE Smart Array E208i-a SR G10 LH Controller | 1 |

-| P21649-B21 | HPE DL20 Gen10 Plat 290 W FIO PSU Kit | 1 |

-| P06683-B21 | HPE DL20 Gen10 M.2 SATA/LFF AROC Cable Kit | 1 |

-| 512485-B21 | HPE iLO Adv 1-Server License 1 Year Support | 1 |

-| 775612-B21 | HPE 1U Short Friction Rail Kit | 1 |

-### SMB Rugged: HPE Edgeline EL300

-| Component | Technical specifications |

-|--|--|

-| Construction | Aluminum, Fanless & Dust-proof Design |

-| Dimensions (height x width x depth) | 200.5 mm (7.9ΓÇ¥) tall, 232 mm (9.14ΓÇ¥) wide by 100 mm (3.9ΓÇ¥) deep |

-| Weight | 4.91 KG (10.83 lbs.) |

-| CPU | Intel Core i7-8650U (1.9GHz/4-core/15W) |

-| Chipset | Intel® Q170 Platform Controller Hub |

-| Memory | 8 GB DDR4 2133 MHz Wide Temperature SODIMM |

-| Storage | 128 GB 3ME3 Wide Temperature mSATA SSD |

-| Network controller | 6x Gigabit Ethernet ports by Intel® I219 |

-| Device access | 4 USBs: 2 fronts; 2 rears; 1 internal |

-| Power Adapter | 250V/10A |

-| Mounting | Mounting kit, Din Rail |

-| Operating Temperature | 0C to +70C |

-| Humidity | 10%~90%, non-condensing |

-| Vibration | 0.3 gram 10 Hz to 300 Hz, 15 minutes per axis - Din rail |

-| Shock | 10G 10 ms, half-sine, three for each axis. (Both positive & negative pulse) ΓÇô Din Rail |

-#### Appliance BOM

-| Product | Description |

-|--|--|

-| P25828-B21 | HPE Edgeline EL300 v2 Converged Edge System |

-| P25828-B21 B19 | HPE EL300 v2 Converged Edge System |

-| P25833-B21 | Intel Core i7-8650U (1.9GHz/4-core/15W) FIO Basic Processor Kit for HPE Edgeline EL300 |

-| P09176-B21 | HPE Edgeline 8GB (1x8GB) Dual Rank x8 DDR4-2666 SODIMM WT CAS-19-19-19 Registered Memory FIO Kit |

-| P09188-B21 | HPE Edgeline 256GB SATA 6G Read Intensive M.2 2242 3yr Wty Wide Temp SSD |

-| P04054-B21 | HPE Edgeline EL300 SFF to M.2 Enablement Kit |

-| P08120-B21 | HPE Edgeline EL300 12VDC FIO Transfer Board |

-| P08641-B21 | HPE Edgeline EL300 80W 12VDC Power Supply |

-| AF564A | HPE C13 - SI-32 IL 250V 10Amp 1.83m Power Cord |

-| P25835-B21 | HPE EL300 v2 FIO Carrier Board |

-| R1P49AAE | HPE EL300 iSM Adv 3yr 24x7 Sup_Upd E-LTU |

-| P08018-B21 optional | HPE Edgeline EL300 Low Profile Bracket Kit |

-| P08019-B21 optional | HPE Edgeline EL300 DIN Rail Mount Kit |

-| P08020-B21 optional | HPE Edgeline EL300 Wall Mount Kit |

-| P03456-B21 optional | HPE Edgeline 1GbE 4-port TSN FIO Daughter Card |

-### Office Rugged: YS-techsystems YS-FIT2

-| Component | Technical specifications |

-|--|--|

-| Construction | Aluminum, zinc die cast parts, Fanless & Dust-proof Design |

-| Dimensions (height x width x depth) | 112mm (W) x 112mm (D) x 25mm (H) / 4.41in (W) x 4.41in (D) x 0.98 in (H) |

-| Weight | 0.35kg (0.77 lbs) |

-| CPU | Intel Atom® x7-E3950 Processor |

-| Chipset | Intel® Q170 Platform Controller Hub |

-| Memory | 8GB SODIMM 1 x 204-pin DDR3L non-ECC 1866 (1.35V) |

-| Storage | 128GB M.2 M-key 2260* or 2242 (SATA 3 6 Gbps) PLP |

-| Network controller | 2x 1GbE LAN Ports |

-| Device access | 2 x USB 2.0, 2 X USB 3.0 |

-| Power Adapter | 7V-20V (Optional 9V-36V) DC / 5W-15W Power Adapter / Vehicle DC cable for fitlet2 (Optional) / UPS fit-uptime Miniature 12V UPS for miniPCs (Optional) |

-| Mounting | VESA / wall or Din Rail mounting kit |

-| Operating Temperature | 0┬░C ~ 70┬░C |

-| Humidity | 5%~95%, non-condensing |

-| Vibration | IEC TR 60721-4-7:2001+A1:03, Class 7M1, test method IEC 60068-2-27 (15g , 6 directions) |

-| Shock | 10G 10 ms, half-sine, three for each axis. (Both positive & negative pulse) ΓÇô Din Rail |

-| EMC | CE/FCC Class B |

-## Virtual appliance specifications

-### Sensors

-| Type | Corporate | Enterprise | SMB |

-|--|--|--|--|

-| vCPU | 32 | 8 | 4 |

-| Memory | 32 GB | 32 GB | 8 GB |

-| Storage | 5.6 TB | 1.8 TB | 500 GB |

-### On-premises management console appliance

-| Type | Enterprise |

-|--|--|

-| Description | Virtual appliance for enterprise deployment types |

-| vCPU | 8 |

-| Memory | 32 GB |

-| Storage | 1.8 TB |

-Supported hypervisors: VMware ESXi version 5.0 and later, Hyper-V

-## Additional certified appliances

-This section details additional appliances that were certified by Microsoft but are not offered as preconfigured appliances.

-| Deployment type | Enterprise |

-|--|--|

-| Image | :::image type="content" source="media/how-to-prepare-your-network/deployment-type-enterprise-for-azure-defender-for-iot-v2.png" alt-text="Enterprise deployment type."::: |

-| Model | Dell PowerEdge R340 XL |

-| Monitoring ports | Up to nine RJ45 or six OPT |

-| Max bandwidth [1](#anchortext2)| 1 Gb/sec |

-| Max protected devices | 10,000 |

-<a id="anchortext2">One</a> Bandwidth capacity can vary, depending on protocols distribution.

-After you purchase the appliance, go to **Defender for IoT** > **Network Sensors ISO** > **Installation** to download the software.

-## Next steps

-[About Microsoft Defender for IoT installation](how-to-install-software.md)

-[About Microsoft Defender for IoT network setup](how-to-set-up-your-network.md)

-# Defender for IoT installation

-This article describes how to install the following Microsoft Defender for IoT components:

-This article covers the following installation information:

-After the software is installed, connect your sensor to your network.

-## About Defender for IoT appliances

-The following sections provide information about Defender for IoT sensor appliances and the appliance for the Defender for IoT on-premises management console.

-### Physical appliances

-The Defender for IoT appliance sensor connects to a SPAN port, or network TAP. Once connected, the sensor immediately collects ICS network traffic by using passive (agentless) monitoring. This process has zero impact on OT networks, and devices because it isn't placed in the data path, and doesn't actively scan OT devices.

-The following rack mount appliances are available:

-| **Deployment type** | **Corporate** | **Enterprise** | **SMB** |**SMB Ruggedized** |

-|--|--|--|--|--|

-| **Model** | HPE ProLiant DL360 | HPE ProLiant DL20 | HPE ProLiant DL20 | HPE EL300 |

-| **Monitoring ports** | up to 15 RJ45 or 8 OPT | up to 8 RJ45 or 6 OPT | up to 4 RJ45 | Up to 5 RJ45 |

-| **Max Bandwidth\*** | 3 Gb/Sec | 1 Gb/Sec | 200 Mb/Sec | 100 Mb/Sec |

-| **Max Protected Devices** | 12,000 | 10,000 | 1,000 | 800 |

-*Maximum bandwidth capacity might vary depending on protocol distribution.

-### Virtual appliances

-The following virtual appliances are available:

-| **Deployment type** | **Corporate** | **Enterprise** | **SMB** |

-|--|--|--|--|

-| **Description** | Virtual appliance for corporate deployments | Virtual appliance for enterprise deployments | Virtual appliance for SMB deployments |

-| **Max Bandwidth\*** | 2.5 Gb/Sec | 800 Mb/sec | 160 Mb/sec |

-| **Max protected devices** | 12,000 | 10,000 | 800 |

-| **Deployment Type** | Corporate | Enterprise | SMB |

-*Maximum bandwidth capacity might vary depending on protocol distribution.

-### Hardware specifications for the on-premises management console

- | Item | Description |

- |-|--|

- **Description** | In a multi-tier architecture, the on-premises management console delivers visibility and control across geographically distributed sites. It integrates with SOC security stacks, including SIEMs, ticketing systems, next-generation firewalls, secure remote access platforms, and the Defender for IoT ICS malware sandbox. |

- **Deployment type** | Enterprise |

- **Appliance type** | Dell R340, VM |

- **Number of managed sensors** | Unlimited |

-## Prepare for the installation

-### Access the ISO installation image

-The installation image is accessible from Defender for IoT, in the [Azure portal](https://ms.portal.azure.com).

-**To access the file**:

-1. Navigate to the [Azure portal](https://ms.portal.azure.com).

-1. Search for, and select **Microsoft Defender for IoT**.

-1. Select the **Sensor**, or **On-premises management console** tab.

- :::image type="content" source="media/tutorial-install-components/sensor-tab.png" alt-text="Screeshot of the sensor tab under Defender for IoT.":::

-1. Select a version from the drop-down menu.

-1. Select the **Download** button.

-### Install from DVD

-Before the installation, ensure you have:

-**To Burn the image to a DVD**:

-1. Connect a portable DVD drive to your computer.

-1. Insert a blank DVD into the portable DVD drive.

-1. Right-click the ISO image, and select **Burn to disk**.

-1. Connect the DVD drive to the device, and configure the appliance to boot from DVD.

-### Install from disk on a key

-Before the installation, ensure you have:

-

-This process will format the disk on a key and any data stored on the disk on key will be erased.

-**To prepare a disk on a key**:

-1. Run Rufus, and select **SENSOR ISO**.

-1. Connect the disk on a key to the front panel.

-1. Set the BIOS of the server to boot from the USB.

-## Dell PowerEdgeR340XL installation

-Before installing the software on the Dell appliance, you need to adjust the appliance's BIOS configuration:

-### Dell PowerEdge R340XL requirements

-To install the Dell PowerEdge R340XL appliance, you need:

- - BIOS version 2.1.6

- - iDrac version 3.23.23.23

-### Dell PowerEdge R340 front panel

- 1. Left control panel

- 1. Optical drive (optional)

- 1. Right control panel

- 1. Information tag

- 1. Drives

-### Dell PowerEdge R340 back panel

-1. Serial port

-1. NIC port (Gb 1)

-1. NIC port (Gb 1)

-1. Half-height PCIe

-1. Full-height PCIe expansion card slot

-1. Power supply unit 1

-1. Power supply unit 2

-1. System identification

-1. System status indicator cable port (CMA) button

-1. USB 3.0 port (2)

-1. iDRAC9 dedicated network port

-1. VGA port

-### Dell BIOS configuration

-Dell BIOS configuration is required to adjust the Dell appliance to work with the software.

-The Dell appliance is managed by an integrated iDRAC with Lifecycle Controller (LC). The LC is embedded in every Dell PowerEdge server and provides functionality that helps you deploy, update, monitor, and maintain your Dell PowerEdge appliances.

-To establish the communication between the Dell appliance and the management computer, you need to define the iDRAC IP address and the management computer's IP address on the same subnet.

-When the connection is established, the BIOS is configurable.

-**To configure Dell BIOS**:

-1. [Configure the iDRAC IP address](#configure-idrac-ip-address)

-1. [Configuring the BIOS](#configuring-the-bios)

-#### Configure iDRAC IP address

-1. Power up the sensor.

-1. If the OS is already installed, select the F2 key to enter the BIOS configuration.

-1. Select **iDRAC Settings**.

-1. Select **Network**.

- > [!NOTE]

- > During the installation, you must configure the default iDRAC IP address and password mentioned in the following steps. After the installation, you change these definitions.

-1. Change the static IPv4 address to **10.100.100.250**.

-1. Change the static subnet mask to **255.255.255.0**.

- :::image type="content" source="media/tutorial-install-components/idrac-network-settings-screen-v2.png" alt-text="Screenshot that shows the static subnet mask.":::

-1. Select **Back** > **Finish**.

-#### Configuring the BIOS

-Configure the appliance BIOS if:

-After you access the BIOS, go to **Device Settings**.

-**To configure the BIOS**:

-1. Access the appliance's BIOS directly by using a keyboard and screen, or use iDRAC.

- - If the appliance is not a Defender for IoT appliance, open a browser and go to the IP address that was configured before. Sign in with the Dell default administrator privileges. Use **root** for the username and **calvin** for the password.

- - If the appliance is a Defender for IoT appliance, sign in by using **XXX** for the username and **XXX** for the password.

-1. After you access the BIOS, go to **Device Settings**.

-1. Choose the RAID-controlled configuration by selecting **Integrated RAID controller 1: Dell PERC\<PERC H330 Adapter\> Configuration Utility**.

-1. Select **Configuration Management**.

-1. Select **Create Virtual Disk**.

-1. In the **Select RAID Level** field, select **RAID5**. In the **Virtual Disk Name** field, enter **ROOT** and select **Physical Disks**.

-1. Select **Check All** and then select **Apply Changes**

-1. Select **Ok**.

-1. Scroll down and select **Create Virtual Disk**.

-1. Select the **Confirm** check box and select **Yes**.

-1. Select **OK**.

-1. Return to the main screen and select **System BIOS**.

-1. Select **Boot Settings**.

-1. For the **Boot Mode** option, select **BIOS**.

-1. Select **Back**, and then select **Finish** to exit the BIOS settings.

-### Software installation (Dell R340)

-The installation process takes about 20 minutes. After the installation, the system is restarted several times.

-**To install the software**:

-1. Verify that the version media is mounted to the appliance in one of the following ways:

- - Connect the external CD, or disk on a key with the release.

- - Mount the ISO image by using iDRAC. After signing in to iDRAC, select the virtual console, and then select **Virtual Media**.

-1. In the **Map CD/DVD** section, select **Choose File**.

-1. Choose the version ISO image file for this version from the dialog box that opens.

-1. Select the **Map Device** button.

- :::image type="content" source="media/tutorial-install-components/mapped-device-on-virtual-media-screen-v2.png" alt-text="Screenshot that shows a mapped device.":::

-1. The media is mounted. Select **Close**.

-1. Start the appliance. When you're using iDRAC, you can restart the servers by selecting the **Consul Control** button. Then, on the **Keyboard Macros**, select the **Apply** button, which will start the Ctrl+Alt+Delete sequence.

-1. Follow the software installation instructions located [here](#install-the-software).

-## HPE ProLiant DL20 installation

-This section describes the HPE ProLiant DL20 installation process, which includes the following steps:

-### About the installation

-### HPE ProLiant DL20 front panel

-### HPE ProLiant DL20 back panel

-### Enable remote access and update the password

-Use the following procedure to set up network options and update the default password.

-**To enable, and update the password**:

-1. Connect a screen, and a keyboard to the HP appliance, turn on the appliance, and press **F9**.

- :::image type="content" source="media/tutorial-install-components/hpe-proliant-screen-v2.png" alt-text="Screenshot that shows the HPE ProLiant window.":::

-1. Go to **System Utilities** > **System Configuration** > **iLO 5 Configuration Utility** > **Network Options**.

- :::image type="content" source="media/tutorial-install-components/system-configuration-window-v2.png" alt-text="Screenshot that shows the System Configuration window.":::

- 1. Select **Shared Network Port-LOM** from the **Network Interface Adapter** field.

- 1. Disable DHCP.

- 1. Enter the IP address, subnet mask, and gateway IP address.

-1. Select **F10: Save**.

-1. Select **Esc** to get back to the **iLO 5 Configuration Utility**, and then select **User Management**.

-1. Select **Edit/Remove User**. The administrator is the only default user defined.

-1. Change the default password and select **F10: Save**.

-### Configure the HPE BIOS

-The following procedure describes how to configure the HPE BIOS for the enterprise, and SMB appliances.

-**To configure the HPE BIOS**:

-1. Select **System Utilities** > **System Configuration** > **BIOS/Platform Configuration (RBSU)**.

-1. In the **BIOS/Platform Configuration (RBSU)** form, select **Boot Options**.

-1. Change **Boot Mode** to **Legacy BIOS Mode**, and then select **F10: Save**.

-1. Select **Esc** twice to close the **System Configuration** form.

-#### For the enterprise appliance

-1. Select **Embedded RAID 1: HPE Smart Array P408i-a SR Gen 10** > **Array Configuration** > **Create Array**.

-1. In the **Create Array** form, select all the options. Three options are available for the **Enterprise** appliance.

-#### For the SMB appliance

-1. Select **Embedded RAID 1: HPE Smart Array P208i-a SR Gen 10** > **Array Configuration** > **Create Array**.

-1. Select **Proceed to Next Form**.

-1. In the **Set RAID Level** form, set the level to **RAID 5** for enterprise deployments and **RAID 1** for SMB deployments.

-1. Select **Proceed to Next Form**.

-1. In the **Logical Drive Label** form, enter **Logical Drive 1**.

-1. Select **Submit Changes**.

-1. In the **Submit** form, select **Back to Main Menu**.

-1. Select **F10: Save** and then press **Esc** twice.

-1. In the **System Utilities** window, select **One-Time Boot Menu**.

-1. In the **One-Time Boot Menu** form, select **Legacy BIOS One-Time Boot Menu**.

-1. The **Booting in Legacy** and **Boot Override** windows appear. Choose a boot override option; for example, to a CD-ROM, USB, HDD, or UEFI shell.

- :::image type="content" source="media/tutorial-install-components/boot-override-window-one-v2.png" alt-text="Screenshot that shows the first Boot Override window.":::

- :::image type="content" source="media/tutorial-install-components/boot-override-window-two-v2.png" alt-text="Screenshot that shows the second Boot Override window.":::

-### Software installation (HPE ProLiant DL20 appliance)

-The installation process takes about 20 minutes. After the installation, the system is restarted several times.

-To install the software:

-1. Connect the screen and keyboard to the appliance, and then connect to the CLI.

-1. Connect an external CD or disk on the key with the ISO image that you downloaded from the **Updates** page of Defender for IoT in the Azure portal.

-1. Start the appliance.

-1. Follow the software installation instructions located [here](#install-the-software).

-## HPE ProLiant DL360 installation

-### HPE ProLiant DL360 front panel

-### HPE ProLiant DL360 back panel

-### Enable remote access and update the password

-Refer to the preceding sections for HPE ProLiant DL20 installation:

-The enterprise configuration is identical.

-> [!Note]

-> In the array form, verify that you select all the options.

-### iLO remote installation (from a virtual drive)

-This procedure describes the iLO installation from a virtual drive.

-**To perform the iLO installation from a virtual drive**:

-1. Sign in to the iLO console, and then right-click the servers' screen.

-1. Select **HTML5 Console**.

-1. In the console, select the CD icon, and choose the CD/DVD option.

-1. Select **Local ISO file**.

-1. In the dialog box, choose the relevant ISO file.

-1. Go to the left icon, select **Power**, and the select **Reset**.

-1. The appliance will restart, and run the sensor installation process.

-### Software installation (HPE DL360)

-The installation process takes about 20 minutes. After the installation, the system is restarted several times.

-**To install the software**:

-1. Connect a screen, and keyboard to the appliance, and then connect to the CLI.

-1. Connect an external CD or disk on a key with the ISO image that you downloaded from the **Updates** page of Defender for IoT in the Azure portal.

-1. Follow the software installation instructions located [here](#install-the-software).

-## HP EdgeLine 300 installation

-### HP EdgeLine 300 back panel

-### Enable remote access

-1. Enter the iSM IP Address into your web browser.

-1. Sign in using the default username, and password found on your appliance.

-1. Navigate to **Wired and Wireless Network** > **IPV4**

- :::image type="content" source="media/tutorial-install-components/wired-and-wireless.png" alt-text="navigate to highlighted sections.":::

-1. Disable **DHCP toggle**.

-1. Configure the IPv4 addresses as such:

- - **IPV4 Address**: `192.168.1.125`

- - **IPV4 Subnet Mask**: `255.255.255.0`

- - **IPV4 Gateway**: `192.168.1.1`

-1. Select **Apply**.

-1. Sign out, and reboot the appliance.

-### Configure the BIOS

-The following procedure describes how to configure the BIOS for HP EL300 appliance.

-**To configure the BIOS**:

-1. Turn on the appliance, and push **F9** to enter the BIOS.

-1. Select **Advanced**, and scroll down to **CSM Support**.

- :::image type="content" source="media/tutorial-install-components/csm-support.png" alt-text="Enable CSM support to open the additional menu.":::

-1. Push **Enter** to enable CSM Support.

-1. Navigate to Storage, and push **+/-** to change it to Legacy.

-1. Navigate to Video, and push **+/-** to change it to Legacy.

- :::image type="content" source="media/tutorial-install-components/storage-and-video.png" alt-text="Navigate to storage and video and change them to Legacy.":::

-1. Navigate to **Boot** > **Boot mode select**.

-1. Push **+/-** to change it to Legacy.

- :::image type="content" source="media/tutorial-install-components/boot-mode.png" alt-text="Change Boot mode select to Legacy.":::

-1. Navigate to **Save & Exit**.

-1. Select **Save Changes and Exit**.

- :::image type="content" source="media/tutorial-install-components/save-and-exit.png" alt-text="Save your changes and exit the system.":::

-1. Select **Yes**, and the appliance will reboot.

-1. Push **F11** to enter the **Boot Menu**.

-1. Select the device with the sensor image. Either **DVD** or **USB**.

-1. Follow the software installation instructions located [here](#install-the-software).

-## Sensor installation for the virtual appliance

-You can deploy the virtual machine for the Defender for IoT sensor in the following architectures:

-| Architecture | Specifications | Usage | Comments |

-|||||

-| **Enterprise** | CPU: 8<br/>Memory: 32G RAM<br/>HDD: 1800 GB | Production environment | Default and most common |

-| **Small Business** | CPU: 4 <br/>Memory: 8G RAM<br/>HDD: 500 GB | Test or small production environments | - |

-| **Office** | CPU: 4<br/>Memory: 8G RAM<br/>HDD: 100 GB | Small test environments | - |

-### Prerequisites

-The on-premises management console supports both VMware and Hyper-V deployment options. Before you begin the installation, make sure you have the following items:

-Make sure the hypervisor is running.

-### Create the virtual machine (ESXi)

-This procedure describes how to create a virtual machine by using ESXi.

-**To create the virtual machine using ESXi**:

-1. Sign in to the ESXi, choose the relevant **datastore**, and select **Datastore Browser**.

-1. Select **Upload**, to upload the image, and select **Close**.

-1. Navigate to VM, and then select **Create/Register VM**.

-1. Select **Create new virtual machine**, and then select **Next**.

-1. Add a sensor name, and select the following options:

- - Compatibility: **&lt;latest ESXi version&gt;**

- - Guest OS family: **Linux**

- - Guest OS version: **Ubuntu Linux (64-bit)**

-1. Select **Next**.

-1. Choose the relevant datastore and select **Next**.

-1. Change the virtual hardware parameters according to the required architecture.

-1. For **CD/DVD Drive 1**, select **Datastore ISO file** and choose the ISO file that you uploaded earlier.

-1. Select **Next** > **Finish**.

-### Create the virtual machine (Hyper-V)

-This procedure describes how to create a virtual machine by using Hyper-V.

-**To create the virtual machine using Hyper-V**:

-1. Create a virtual disk in Hyper-V Manager.

-1. Select **format = VHDX**.

-1. Select **type = Dynamic Expanding**.

-1. Enter the name and location for the VHD.

-1. Enter the required size (according to the architecture).

-1. Review the summary, and select **Finish**.

-1. On the **Actions** menu, create a new virtual machine.

-1. Enter a name for the virtual machine.

-1. Select **Specify Generation** > **Generation 1**.

-1. Specify the memory allocation (according to the architecture), and select the check box for dynamic memory.

-1. Configure the network adaptor according to your server network topology.

-1. Connect the VHDX created previously to the virtual machine.

-1. Review the summary, and select **Finish**.

-1. Right-click on the new virtual machine, and select **Settings**.

-1. Select **Add Hardware**, and add a new network adapter.

-1. Select the virtual switch that will connect to the sensor management network.

-1. Allocate CPU resources (according to the architecture).

-1. Connect the management console's ISO image to a virtual DVD drive.

-1. Start the virtual machine.

-1. On the **Actions** menu, select **Connect** to continue the software installation.

-### Software installation (ESXi and Hyper-V)

-This section describes the ESXi and Hyper-V software installation.

-To install:

-1. Open the virtual machine console.

-1. The VM will start from the ISO image, and the language selection screen will appear.

-1. Follow the software installation instructions located [here](#install-the-software).

-## Install the software

-Ensure you followed the installation instruction for your device prior to starting the software installation, and have downloaded the containerized sensor version ISO file.

-Mount the ISO file using one of the following options;

-1. The Sensor will reboot, and the Package configuration screen will appear. Press the up, or down arrows to navigate, and the Space bar to select an option. Press the Enter key to advance to the next screen.

-1. Select the monitor interface, and press the **Enter** key.

-1. If one of the monitoring ports is for ERSPAN, select it, and press the **Enter** key.

-1. Select the interface to be used as the management interface, and press the **Enter** key.

-1. Enter the sensor's IP address, and press the **Enter** key.

-1. Enter the path of the mounted logs folder. We recommend using the default path, and press the **Enter** key.

-1. Enter the Subnet Mask IP address, and press the **Enter** key.

-1. Enter the default gateway IP address, and press the **Enter** key.

-1. Enter the DNS Server IP address, and press the **Enter** key.

-1. Enter the sensor hostname, and press the **Enter** key.

-## On-premises management console installation

-Before installing the software on the appliance, you need to adjust the appliance's BIOS configuration:

-### BIOS configuration

-**To configure the BIOS for your appliance**:

-1. [Enable remote access and update the password](#enable-remote-access-and-update-the-password).

-1. [Configure the BIOS](#configure-the-hpe-bios).

-### Software installation

-During the installation process, you can add a secondary NIC. If you choose not to install the secondary NIC during installation, you can [add a secondary NIC](#add-a-secondary-nic) at a later time.

-To install the software:

- | **configure management network IP address:** | **IP address provided by the customer** |

- | **configure subnet mask:** | **IP address provided by the customer** |

- | **configure DNS:** | **IP address provided by the customer** |

- | **configure default gateway IP address:** | **IP address provided by the customer** |

- | **configure sensor monitoring interface (Optional):** | **eth1**, or **possible value** |

- | **configure an IP address for the sensor monitoring interface:** | **IP address provided by the customer** |

- | **configure a subnet mask for the sensor monitoring interface:** | **IP address provided by the customer** |

- :::image type="content" source="media/tutorial-install-components/credentials-screen.png" alt-text="Copy these credentials as they will not be presented again.":::

-### Add a secondary NIC

-You can enhance security to your on-premises management console by adding a secondary NIC. By adding a secondary NIC you will have one dedicated for your users, and the other will support the configuration of a gateway for routed networks. The second NIC is dedicated to all attached sensors within an IP address range.

-If you have already configured your on-premises management console, and would like to add a secondary NIC to your on-premises management console, use the following steps:

- :::image type="content" source="media/tutorial-install-components/network-reconfig-command.png" alt-text="Enter the following answers to configure your appliance.":::

- | **Sensor monitoring interface (Optional. Applicable when sensors are on a different network segment. For more information, see the Installation instructions)**| `Y`, **select a possible value** |

- | **An IP address for the sensor monitoring interface (accessible by the sensors)** | `Y`, **IP address provided by the customer**|

- | **A subnet mask for the sensor monitoring interface (accessible by the sensors)** | `Y`, **IP address provided by the customer** |

- | **Hostname** | **provided by the customer** |

-## Virtual appliance: On-premises management console installation

-The on-premises management console VM supports the following architectures:

-| Architecture | Specifications | Usage |

-|--|--|--|

-| Enterprise <br/>(Default and most common) | CPU: 8 <br/>Memory: 32G RAM<br/> HDD: 1.8 TB | Large production environments |

-| Small | CPU: 4 <br/> Memory: 8G RAM<br/> HDD: 500 GB | Large production environments |

-| Office | CPU: 4 <br/>Memory: 8G RAM <br/> HDD: 100 GB | Small test environments |

-### Prerequisites

-The on-premises management console supports both VMware and Hyper-V deployment options. Before you begin the installation, verify the following:

-### Create the virtual machine (ESXi)

-To create a virtual machine (ESXi):

-1. Sign in to the ESXi, choose the relevant **datastore**, and select **Datastore Browser**.

-1. Upload the image and select **Close**.

-1. Go to **Virtual Machines**.

-1. Select **Create/Register VM**.

-1. Select **Create new virtual machine** and select **Next**.

-1. Add a sensor name and choose:

- - Compatibility: \<latest ESXi version>

- - Guest OS family: Linux

- - Guest OS version: Ubuntu Linux (64-bit)

-1. Select **Next**.

-1. Choose relevant datastore and select **Next**.

-1. Change the virtual hardware parameters according to the required architecture.

-1. For **CD/DVD Drive 1**, select **Datastore ISO file** and choose the ISO file that you uploaded earlier.

-1. Select **Next** > **Finish**.

-### Create the virtual machine (Hyper-V)

-To create a virtual machine by using Hyper-V:

-1. Create a virtual disk in Hyper-V Manager.

-1. Select the format **VHDX**.

-1. Select **Next**.

-1. Select the type **Dynamic expanding**.

-1. Select **Next**.

-1. Enter the name and location for the VHD.

-1. Select **Next**.

-1. Enter the required size (according to the architecture).

-1. Select **Next**.

-1. Review the summary and select **Finish**.

-1. On the **Actions** menu, create a new virtual machine.

-1. Select **Next**.

-1. Enter a name for the virtual machine.

-1. Select **Next**.

-1. Select **Generation** and set it to **Generation 1**.

-1. Select **Next**.

-1. Specify the memory allocation (according to the architecture) and select the check box for dynamic memory.

-1. Select **Next**.

-1. Configure the network adaptor according to your server network topology.

-1. Select **Next**.

-1. Connect the VHDX created previously to the virtual machine.

-1. Select **Next**.

-1. Review the summary and select **Finish**.

-1. Right-click the new virtual machine, and then select **Settings**.

-1. Select **Add Hardware** and add a new adapter for **Network Adapter**.

-1. For **Virtual Switch**, select the switch that will connect to the sensor management network.

-1. Allocate CPU resources (according to the architecture).

-1. Connect the management console's ISO image to a virtual DVD drive.

-1. Start the virtual machine.

-1. On the **Actions** menu, select **Connect** to continue the software installation.

-### Software installation (ESXi and Hyper-V)

-Starting the virtual machine will start the installation process from the ISO image.

-To install the software:

-1. Select **English**.

-1. Select the required architecture for your deployment.

-1. Define the network interface for the sensor management network: interface, IP, subnet, DNS server, and default gateway.

-1. Sign-in credentials are automatically generated. Save the username and passwords, you'll need these credentials to access the platform the first time you use it.

- The appliance will then reboot.

-1. Access the management console via the IP address previously configured: `<https://ip_address>`.

- :::image type="content" source="media/tutorial-install-components/defender-for-iot-management-console-sign-in-screen.png" alt-text="Screenshot that shows the management console's sign-in screen.":::

-## Legacy appliances

-This section describes installation procedures for *legacy* appliances only. See [Identify required appliances](how-to-identify-required-appliances.md), if you are buying a new appliance.

-### Nuvo 5006LP installation

-This section provides the Nuvo 5006LP installation procedure. Before installing the software on the Nuvo 5006LP appliance, you need to adjust the appliance BIOS configuration.

-#### Nuvo 5006LP front panel

-1. Power button, Power indicator

-1. DVI video connectors

-1. HDMI video connectors

-1. VGA video connectors

-1. Remote on/off Control, and status LED output

-1. Reset button

-1. Management network adapter

-1. Ports to receive mirrored data

-#### Nuvo back panel

-1. SIM card slot

-1. Microphone, and speakers

-1. COM ports

-1. USB connectors

-1. DC power port (DC IN)

-#### Configure the Nuvo 5006LP BIOS

-The following procedure describes how to configure the Nuvo 5006LP BIOS. Make sure the operating system was previously installed on the appliance.

-**To configure the BIOS**:

-1. Power on the appliance.

-1. Press **F2** to enter the BIOS configuration.

-1. Navigate to **Power** and change Power On after Power Failure to S0-Power On.

- :::image type="content" source="media/tutorial-install-components/nuvo-power-on.png" alt-text="Change your Nuvo 5006 to power on after a power failure.":::

-1. Navigate to **Boot** and ensure that **PXE Boot to LAN** is set to **Disabled**.

-1. Press **F10** to save, and then select **Exit**.

-#### Software installation (Nuvo 5006LP)

-The installation process takes approximately 20 minutes. After installation, the system is restarted several times.

-**To install the software**:

-1. Connect the external CD, or disk on key with the ISO image.

-1. Boot the appliance.

-1. Select **English**.

-1. Select **XSENSE-RELEASE-\<version> Office...**.

- :::image type="content" source="media/tutorial-install-components/sensor-version-select-screen-v2.png" alt-text="Select the version of the sensor to install.":::

-1. Define the appliance architecture, and network properties:

- :::image type="content" source="media/tutorial-install-components/nuvo-profile-appliance.png" alt-text="Define the Nuvo's architecture and network properties.":::

- | Parameter | Configuration |

- | -| - |

- | **Hardware profile** | Select **office**. |

- | **Management interface** | **eth0** |

- | **Management network IP address** | **IP address provided by the customer** |

- | **Management subnet mask** | **IP address provided by the customer** |

- | **DNS** | **IP address provided by the customer** |

- | **Default gateway IP address** | **0.0.0.0** |

- | **Input interface** | The list of input interfaces is generated for you by the system. <br />To mirror the input interfaces, copy all the items presented in the list with a comma separator. |

- | **Bridge interface** | - |

-1. Accept the settings and continue by entering `Y`.

-After approximately 10 minutes, sign-in credentials are automatically generated. Save the username and passwords, you'll need these credentials to access the platform the first time you use it.

-### Fitlet2 mini sensor Installation

-This section provides the Fitlet2 installation procedure. Before installing the software on the Fitlet appliance, you need to adjust the appliance's BIOS configuration.

-#### Fitlet2 front panel

-#### Fitlet2 back panel

-#### Configure the Fitlet2 BIOS

-**To configure the Fitlet2 BIOS**:

-1. Power on the appliance.

-1. Navigate to **Main** > **OS Selection**.

-1. Press **+/-** to select **Linux**.

- :::image type="content" source="media/tutorial-install-components/fitlet-linux.png" alt-text="Set the OS to Linux on your Fitlet2.":::

-1. Verify that the system date, and time are updated with the installation date, and time.

-1. Navigate to **Advanced**, and select **ACPI Settings**.

-1. Select **Enable Hibernation**, and press **+/-** to select **Disabled**.

- :::image type="content" source="media/tutorial-install-components/disable-hibernation.png" alt-text="Diable the hibernation mode on your Fitlet2.":::

-1. Press **Esc**.

-1. Navigate to **Advanced** > **TPM Configuration**.

-1. Select **fTPM**, and press **+/-** to select **Disabled**.

-1. Press **Esc**.

-1. Navigate to **CPU Configuration** > **VT-d**.

-1. Press **+/-** to select **Enabled**.

-1. Navigate to **CSM Configuration** > **CSM Support**.

-1. Press **+/-** to select **Enabled**.

-1. Navigate to **Advanced** > **Boot option filter [Legacy only]** and change setting in the following fields to **Legacy**:

- - Network

- - Storage

- - Video

- - Other PCI

- :::image type="content" source="media/tutorial-install-components/legacy-only.png" alt-text="Set all fields to Legacy.":::

-1. Press **Esc**.

-1. Navigate to **Security** > **Secure Boot Customization**.

-1. Press **+/-** to select **Disabled**.

-1. Press **Esc**.

-1. Navigate to **Boot** > **Boot mode** select, and select **Legacy**.

-1. Select **Boot Option #1 ΓÇô [USB CD/DVD]**.

-1. Select **Save & Exit**.

-#### Software installation (Fitlet2)

-The installation process takes approximately 20 minutes. After installation, the system is restarted several times.

-1. Connect the external CD, or disk on key with the ISO image.

-1. Boot the appliance.

-1. Select **English**.

-1. Select **XSENSE-RELEASE-\<version> Office...**.

- :::image type="content" source="media/tutorial-install-components/sensor-version-select-screen-v2.png" alt-text="Select the version of the sensor to install.":::

- > [!Note]

- > Do not select Ruggedized.

-1. Define the appliance architecture, and network properties:

- :::image type="content" source="media/tutorial-install-components/nuvo-profile-appliance.png" alt-text="Define the Nuvo's architecture and network properties.":::

- | Parameter | Configuration |

- | -| - |

- | **Hardware profile** | Select **office**. |

- | **Management interface** | **em1** |

- | **Management network IP address** | **IP address provided by the customer** |

- | **Management subnet mask** | **IP address provided by the customer** |

- | **DNS** | **IP address provided by the customer** |

- | **Default gateway IP address** | **0.0.0.0** |

- | **Input interface** | The list of input interfaces is generated for you by the system. <br />To mirror the input interfaces, copy all the items presented in the list with a comma separator. |

- | **Bridge interface** | - |

-1. Accept the settings and continue by entering `Y`.

-After approximately 10 minutes, sign-in credentials are automatically generated. Save the username and passwords, you'll need these credentials to access the platform the first time you use it.

-### Check system health by using the GUI

-## Configure a SPAN port

-A virtual switch does not have mirroring capabilities. However, you can use promiscuous mode in a virtual switch environment. Promiscuous mode is a mode of operation, and a security, monitoring and administration technique, that is defined at the virtual switch, or portgroup level. By default, Promiscuous mode is disabled. When Promiscuous mode is enabled the virtual machineΓÇÖs network interfaces that are in the same portgroup will use the Promiscuous mode to view all network traffic that goes through that virtual switch. You can implement a workaround with either ESXi, or Hyper-V.

-### Configure a SPAN port with ESXi

-**To configure a SPAN port with ESXi**:

-1. Open vSwitch properties.

-1. Select **Add**.

-1. Select **Virtual Machine** > **Next**.

-1. Insert a network label **SPAN Network**, select **VLAN ID** > **All**, and then select **Next**.

-1. Select **Finish**.

-1. Select **SPAN Network** > **Edit*.

-1. Select **Security**, and verify that the **Promiscuous Mode** policy is set to **Accept** mode.

-1. Select **OK**, and then select **Close** to close the vSwitch properties.

-1. Open the **XSense VM** properties.

-1. For **Network Adapter 2**, select the **SPAN** network.

-1. Select **OK**.

-1. Connect to the sensor, and verify that mirroring works.

-### Configure a SPAN port with Hyper-V

-Prior to starting you will need to:

-**To configure a SPAN port with Hyper-V**:

-1. Open the Virtual Switch Manager.

-1. In the Virtual Switches list, select **New virtual network switch** > **External** as the dedicated spanned network adapter type.

- :::image type="content" source="media/tutorial-install-components/new-virtual-network.png" alt-text="Screenshot of selecting new virtual network and external before creating the virtual switch.":::

-1. Select **Create Virtual Switch**.

-1. Under connection type, select **External Network**.

-1. Ensure the checkbox for **Allow management operating system to share this network adapter** is checked.

- :::image type="content" source="media/tutorial-install-components/external-network.png" alt-text="Select external network, and allow the management operating system to share the network adapter.":::

-1. Select **OK**.

-#### Attach a SPAN Virtual Interface to the virtual switch

-You are able to attach a SPAN Virtual Interface to the Virtual Switch through Windows PowerShell, or through Hyper-V Manager.

-**To attach a SPAN Virtual Interface to the virtual switch with PowerShell**:

-1. Select the newly added SPAN virtual switch, and add a new network adapter with the following command:

- ```bash

- ADD-VMNetworkAdapter -VMName VK-C1000V-LongRunning-650 -Name Monitor -SwitchName vSwitch_Span

- ```

-1. Enable port mirroring for the selected interface as the span destination with the following command:

- ```bash

- Get-VMNetworkAdapter -VMName VK-C1000V-LongRunning-650 | ? Name -eq Monitor | Set-VMNetworkAdapter -PortMirroring Destination

- ```

- | Parameter | Description |

- |--|--|

- | VK-C1000V-LongRunning-650 | CPPM VA name |

- |vSwitch_Span |Newly added SPAN virtual switch name |

- |Monitor |Newly added adapter name |

-1. Select **OK**.

-These commands set the name of the newly added adapter hardware to be `Monitor`. If you are using Hyper-V Manager, the name of the newly added adapter hardware is set to `Network Adapter`.

-**To attach a SPAN Virtual Interface to the virtual switch with Hyper-V Manager**:

-1. Under the Hardware list, select **Network Adapter**.

-1. In the Virtual Switch field, select **vSwitch_Span**.

- :::image type="content" source="media/tutorial-install-components/vswitch-span.png" alt-text="Screenshot of selecting the following options on the virtual switch screen.":::

-1. In the Hardware list, under the Network Adapter drop-down list, select **Advanced Features**.

-1. In the Port Mirroring section, select **Destination** as the mirroring mode for the new virtual interface.

- :::image type="content" source="media/tutorial-install-components/destination.png" alt-text="Screenshot of the selections needed to configure mirroring mode.":::

-1. Select **OK**.

-#### Enable Microsoft NDIS capture extensions for the virtual switch

-Microsoft NDIS Capture Extensions will need to be enabled for the new virtual switch.

-**To enable Microsoft NDIS capture extensions for the newly added virtual switch**:

-1. Open the Virtual Switch Manager on the Hyper-V host.

-1. In the Virtual Switches list, expand the virtual switch name `vSwitch_Span` and select **Extensions**.

-1. In the Switch Extensions field, select **Microsoft NDIS Capture**.

- :::image type="content" source="media/tutorial-install-components/microsoft-ndis.png" alt-text="Screenshot of enabling the Microsoft NDIS by selecting it from the switch extensions menu.":::

-1. Select **OK**.

-#### Set the Mirroring Mode on the external port

-Mirroring mode will need to be set on the external port of the new virtual switch to be the source.

-You will need to configure the Hyper-V virtual switch (vSwitch_Span) to forward any traffic that comes to the external source port, to the virtual network adapter that you configured as the destination.

-Use the following PowerShell commands to set the external virtual switch port to source mirror mode:

-```bash

-$ExtPortFeature=Get-VMSystemSwitchExtensionPortFeature -FeatureName "Ethernet Switch Port Security Settings"

-$ExtPortFeature.SettingData.MonitorMode=2

-Add-VMSwitchExtensionPortFeature -ExternalPort -SwitchName vSwitch_Span -VMSwitchExtensionFeature $ExtPortFeature

-```

-| Parameter | Description |

-|--|--|

-| vSwitch_Span | Newly added SPAN virtual switch name. |

-| MonitorMode=2 | Source |

-| MonitorMode=1 | Destination |

-| MonitorMode=0 | None |

-Use the following PowerShell command to verify the monitoring mode status:

-```bash

-Get-VMSwitchExtensionPortFeature -FeatureName "Ethernet Switch Port Security Settings" -SwitchName vSwitch_Span -ExternalPort | select -ExpandProperty SettingData

-```

-| Parameter | Description |

-|--|--|

-| vSwitch_Span | Newly added SPAN virtual switch name |

- - To buy a pre-configured appliance, select **Contact** under **Buy preconfigured appliance**. This open an email to [hardware.sales@arrow.com](mailto:hardware.sales@arrow.com) with a template request for Defender for IoT appliances.

- 1. Make sure that you have a supported appliance available. For more information, see [Identify required appliances](how-to-identify-required-appliances.md).

-1. Make sure that you have a supported appliance available. For more information, see [Identify required appliances](how-to-identify-required-appliances.md).

-1. Under *Select version**, select the software version you want to install. We recommend that you always select the most recent version.

-> To learn about costs associated with the Shared Image Gallery service, see [Billing for Shared Image Gallery](../virtual-machines/shared-image-galleries.md#billing).

->At this time, the ability to switch contexts within the app isn't available for personal Microsoft Accounts (MSA). MSA users will need to access the explorer from the chosen instance in the Azure portal, or may connect to a certain instance through a [direct link to the environment](#link-to-your-environment).

-## Link to your environment

-To share your environment, you can send a link to the recipient that will open an Azure Digital Twins Explorer window connected to your instance. Use the link below and replace the placeholders for your *tenant ID* and the *host name* of your Azure Digital Twins instance.

-### Link with a query

-|PowerShell |SQL Server to **Azure SQL Database** |[Azure-Samples/data-migration-sql/PowerShell/sql-server-to-sql-db](https://github.com/Azure-Samples/data-migration-sql/tree/main/PowerShell/sql-server-to-sql-db) |

-|CLI |SQL Server to **Azure SQL Database** |[Azure-Samples/data-migration-sql/CLI/sql-server-to-sql-db](https://github.com/Azure-Samples/data-migration-sql/tree/main/CLI/sql-server-to-sql-db) |

-It has the following characteristics:

-For more information, see [Event Grid overview](overview.md).

-|`PartitionKey` | Static |

-## Known limitations

-While testing your query, the test results take approximately 6 seconds to load. We're working on improving the performance of testing. However, when deployed in production, Azure Stream Analytics will have subsecond latency.

-You use JSON to create a policy assignment. The policy assignment contains elements for:

-# System assigned identity

-# User assigned identity

-

-Policy assignments can either use a system assigned managed identity that is created by the policy service or a user assigned identity provided by the user. The managed identity needs to be assigned the minimum role(s) required to remediate resources.

-automatically grants the managed identity the listed roles once assignment starts. When using SDK,

-following code:

-When creating an assignment using the portal, Azure Policy can both generate a managed identity and

-grant it the roles defined in **roleDefinitionIds**. In the following conditions, steps to create

-When creating an assignment using the portal, you can select either a system assigned managed identity or a user assigned managed identity.

-To set a system assigned managed identity in the portal:

-To set a user assigned managed identity in the portal:

-`$assignment.Identity.PrincipalId` for system assigned managed identities and `$assignment.Identity.UserAssignedIdentities[$userassignedidentityid].PrincipalId` for user assigned managed identities.

-1. Add a pre- or post-deployment condition that includes the **Security and compliance assessment** task as a gate.

-* [Use Apache Spark structured streaming with Apache Kafka](../hdinsight-apache-kafka-spark-structured-streaming.md)

- *getting-started\tools\get-toolchain.bat*

- * Place limits on log size

-### Place limits on log size

-By default the Moby container engine does not set container log size limits. Over time this can lead to the device filling up with logs and running out of disk space. Consider the following options to prevent this:

-#### Option: Set global limits that apply to all container modules

-You can limit the size of all container logfiles in the container engine log options. The following example sets the log driver to `json-file` (recommended) with limits on size and number of files:

- "log-driver": "json-file",

- "Type": "json-file",

-* *Configuration checks* examines details that could prevent IoT Edge devices from connecting to the cloud, including issues with the config file and the container engine.

-For ongoing logs maintenance and production scenarios, [place limits on log size](production-checklist.md#place-limits-on-log-size).

- "$etag": "123",

-In the root object are the device identity properties, and container objects for `tags` and both `reported` and `desired` properties. The `properties` container contains some read-only elements (`$metadata`, `$etag`, and `$version`) described in the [Device twin metadata](iot-hub-devguide-device-twins.md#device-twin-metadata) and [Optimistic concurrency](iot-hub-devguide-device-twins.md#optimistic-concurrency) sections.

-IoT Hub enforces an 8 KB size limit on the value of `tags`, and a 32 KB size limit each on the value of `properties/desired` and `properties/reported`. These totals are exclusive of read-only elements like `$etag`, `$version`, and `$metadata/$lastUpdated`.

-Tags have an ETag, as per [RFC7232](https://tools.ietf.org/html/rfc7232), that represents the tag's JSON representation. You can use ETags in conditional update operations from the solution back end to ensure consistency.

-Device twin desired and reported properties do not have ETags, but have a `$version` value that is guaranteed to be incremental. Similarly to an ETag, the version can be used by the updating party to enforce consistency of updates. For example, a device app for a reported property or the solution back end for a desired property.

-Versions are also useful when an observing agent (such as the device app observing the desired properties) must reconcile races between the result of a retrieve operation and an update notification. The [Device reconnection flow section](iot-hub-devguide-device-twins.md#device-reconnection-flow) provides more information.

- "$etag": "123",

-In the root object are the module identity properties, and container objects for `tags` and both `reported` and `desired` properties. The `properties` container contains some read-only elements (`$metadata`, `$etag`, and `$version`) described in the [Module twin metadata](iot-hub-devguide-module-twins.md#module-twin-metadata) and [Optimistic concurrency](iot-hub-devguide-device-twins.md#optimistic-concurrency) sections.

-IoT Hub enforces an 8 KB size limit on the value of `tags`, and a 32 KB size limit each on the value of `properties/desired` and `properties/reported`. These totals are exclusive of read-only elements like `$etag`, `$version`, and `$metadata/$lastUpdated`.

-Tags have an ETag, as per [RFC7232](https://tools.ietf.org/html/rfc7232), that represents the tag's JSON representation. You can use ETags in conditional update operations from the solution back end to ensure consistency.

-Module twin desired and reported properties do not have ETags, but have a `$version` value that is guaranteed to be incremental. Similarly to an ETag, the version can be used by the updating party to enforce consistency of updates. For example, a module app for a reported property or the solution back end for a desired property.

-Versions are also useful when an observing agent (such as the module app observing the desired properties) must reconcile races between the result of a retrieve operation and an update notification. The section [Device reconnection flow](iot-hub-devguide-device-twins.md#device-reconnection-flow) provides more information.

- When an image is saved to a shared image gallery, Azure Lab Services replicates the saved image to other regions available in the same [geography](https://azure.microsoft.com/global-infrastructure/geographies/). It ensures that the image is available for labs created in other regions in the same geography. Saving images to a shared image gallery incurs an additional cost, which includes cost for all replicated images. This cost is separate from the Azure Lab Services usage cost. For more information about Shared Image Gallery pricing, see [Shared Image Gallery ΓÇô Billing](../virtual-machines/shared-image-galleries.md#billing).

-Saving images to a compute gallery and replicating those images incurs additional cost. This cost is separate from the Azure Lab Services usage cost. For more information about Azure Compute Gallery pricing, see [Azure Compute Gallery ΓÇô Billing](../virtual-machines/shared-image-galleries.md#billing).

-description: How to create and deploy a logic app using Azure Resource Manager templates.

-#Customer intent: As a developer, I want to automate creating and deploying a logic app workflow to whichever environment that I want by using Azure Resource Manager templates.

-# Quickstart: Create and deploy a logic app workflow by using an ARM template

-[Azure Logic Apps](../logic-apps/logic-apps-overview.md) is a cloud service that helps you create and run automated workflows that integrate data, apps, cloud-based services, and on-premises systems by selecting from [hundreds of connectors](/connectors/connector-reference/connector-reference-logicapps-connectors). This quickstart focuses on the process for deploying an Azure Resource Manager template (ARM template) to create a basic logic app that checks the status for Azure on an hourly schedule.

-If your environment meets the prerequisites and you're familiar with using ARM templates, select the **Deploy to Azure** button. The template will open in the Azure portal.

-The quickstart template creates a logic app workflow that uses the Recurrence trigger, which is set to run every hour, and an HTTP [*built-in* action](../connectors/built-in.md), which calls a URL that returns the status for Azure. A built-in action is native to the Azure Logic Apps platform.

-* [**Microsoft.Logic/workflows**](/azure/templates/microsoft.logic/workflows), which creates the workflow for a logic app.

-| [Azure portal](../logic-apps/quickstart-create-deploy-azure-resource-manager-template.md?tabs=azure-portal#deploy-template) | If your Azure environment meets the prerequisites, and you're familiar with using ARM templates, these steps help you sign in directly to Azure and open the quickstart template in the Azure portal. For more information, see [Deploy resources with ARM templates and Azure portal](../azure-resource-manager/templates/deploy-portal.md). |

-| [Azure CLI](../logic-apps/quickstart-create-deploy-azure-resource-manager-template.md?tabs=azure-cli#deploy-template) | The Azure CLI provides a command-line experience for creating and managing Azure resources. To run these commands, you need Azure CLI version 2.6 or later. To check your CLI version, type `az --version`. For more information, see these topics: <p><p>- [What is Azure CLI](/cli/azure/what-is-azure-cli) <br>- [Get started with Azure CLI](/cli/azure/get-started-with-azure-cli) |

-| [Azure PowerShell](../logic-apps/quickstart-create-deploy-azure-resource-manager-template.md?tabs=azure-powershell#deploy-template) | Azure PowerShell provides a set of cmdlets that use the Azure Resource Manager model for managing your Azure resources. For more information, see these topics: <p><p>- [Azure PowerShell Overview](/powershell/azure/azurerm/overview) <br>- [Introducing the Azure PowerShell Az module](/powershell/azure/new-azureps-module-az) <br>- [Get started with Azure PowerShell](/powershell/azure/get-started-azureps) |

-| [Azure Resource Management REST API](../logic-apps/quickstart-create-deploy-azure-resource-manager-template.md?tabs=rest-api#deploy-template) | Azure provides Representational State Transfer (REST) APIs, which are service endpoints that support HTTP operations (methods) that you use to create, retrieve, update, or delete access to service resources. For more information, see [Get started with Azure REST API](/rest/api/azure/). |

-1. Select the following image to sign in with your Azure account and open the quickstart template in the Azure portal:

-1. In the portal, on the **Create a logic app using a template** page, enter or select these values:

- | **Resource group** | <*Azure-resource-group-name*> | The name for a new or existing Azure resource group. This example uses `Check-Azure-Status-RG`. |

- | **Region** | <*Azure-region*> | The Azure datacenter region to use your logic app. This example uses `West US`. |

- | **Logic App Name** | <*logic-app-name*> | The name to use for your logic app. This example uses `Check-Azure-Status-LA`. |

- | **Test Uri** | <*test-URI*> | The URI for the service to call based on a specific schedule. This example uses `https://status.azure.com/en-us/status/`, which is the Azure status page. |

- | **Location** | <*Azure-region-for-all-resources*> | The Azure region to use for all resources, if different from the default value. This example uses the default value, `[resourceGroup().location]`, which is the resource group location. |

- Here is how the page looks with the values used in this example:

- 

-For more information, see these topics:

-For more information, see these topics:

- | `subscriptionId`| The GUID for the Azure subscription that you want to use |

- | `resourceGroupName` | The name for the Azure resource group to create. This example uses `Check-Azure-Status-RG`. |

- For more information, see these topics:

- | `subscriptionId`| The GUID for the Azure subscription that you want to use |

- | `resourceGroupName` | The name for the Azure resource group to use. This example uses `Check-Azure-Status-RG`. |

- | `deploymentName` | The name to use for your deployment. This example uses `Check-Azure-Status-LA`. |

- | `location`| <*Azure-region*> | The Azure region to use for deployment. This example uses `West US`. |

- | `templateLink` : `uri` | <*quickstart-template-URL*> | The URL location for the quickstart template to use for deployment: <p><p>`https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/quickstarts/microsoft.logic/logic-app-create/azuredeploy.json`. |

- | `parametersLink` : `uri` | <*quickstart-template-parameter-file-URL*> | The URL location for the quickstart template's parameter file to use for deployment: <p><p>`https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/quickstarts/microsoft.logic/logic-app-create/azuredeploy.parameters.json` <p><p>For more information about the Resource Manager parameter file, see these topics: <p><p>- [Create Resource Manager parameter file](../azure-resource-manager/templates/parameter-files.md) <br>- [Tutorial: Use parameter files to deploy your ARM template](../azure-resource-manager/templates/template-tutorial-use-parameter-file.md) |

- | `mode` | <*deployment-mode*> | Run either a incremental update or complete update. This example uses `Incremental`, which is the default value. For more information, see [Azure Resource Manager deployment modes](../azure-resource-manager/templates/deployment-modes.md). |

-To view the logic app, you can use the Azure portal, run a script that you create with Azure CLI or Azure PowerShell, or use the Logic App REST API.

-1. In the Azure portal search box, enter your logic app's name, which is `Check-Azure-Status-LA` in this example. From the results list, select your logic app.

-1. In the Azure portal, find and select your logic app, which is `Check-Azure-Status-RG` in this example.

-1. When the Logic App Designer opens, review the logic app created by the quickstart template.

-| `subscriptionId`| The GUID for the Azure subscription where you deployed the quickstart template. |

-| `resourceGroupName` | The name for the Azure resource group where you deployed the quickstart template. This example uses `Check-Azure-Status-RG`. |

-| `workflowName` | The name for the logic app that you deployed. This example uses `Check-Azure-Status-LA`. |

-1. In the Azure portal, find and select the resource group that you want to delete, which is `Check-Azure-Status-RG` in this example.

-| `subscriptionId`| The GUID for the Azure subscription where you deployed the quickstart template. |

-| `resourceGroupName` | The name for the Azure resource group where you deployed the quickstart template. This example uses `Check-Azure-Status-RG`. |

-```yaml

-name: Example_Train

-display_name: Example Train

-version: 20

-type: command

-description: Example of a torchvision training component

-tags: {category: Component Tutorial, contact: user@contoso.com}

-inputs:

- training_data:

- type: path

- description: Training data organized in torchvision structure

- max_epochs:

- type: integer

- description: Maximum epochs for training

- learning_rate:

- type: number

- description: Learning rate, default is 0.01

- default: 0.01

- learning_rate_schedule:

- type: string

- default: time-based

-outputs:

- model_output:

- type: path

-code:

- local_path: ./train_src

-environment: azureml:AzureML-Minimal:1

-command: >-

- python train.py

- --training_data ${{inputs.training_data}}

- --max_epochs ${{inputs.max_epochs}}

- --learning_rate ${{inputs.learning_rate}}

- --learning_rate_schedule ${{inputs.learning_rate_schedule}}

- --model_output ${{outputs.model_output}}

-```

-```python

-## Required imports

-import argparse

-import os

-## Import other dependencies your script needs

-from pathlib import Path

-from uuid import uuid4

-from datetime import datetime

-## Define an argument parser that matches the arguments from the components specification file

-parser = argparse.ArgumentParser("train")

-parser.add_argument("--training_data", type=str, help="Path to training data")

-parser.add_argument("--max_epochs", type=int, help="Max # of epochs for the training")

-parser.add_argument("--learning_rate", type=float, help="Learning rate")

-parser.add_argument("--learning_rate_schedule", type=str, help="Learning rate schedule")

-parser.add_argument("--model_output", type=str, help="Path of output model")

-args = parser.parse_args()

-## Implement your custom logic (in this case a training script)

-print ("hello training world...")

-lines = [

- f'Training data path: {args.training_data}',

- f'Max epochs: {args.max_epochs}',

- f'Learning rate: {args.learning_rate}',

- f'Learning rate: {args.learning_rate_schedule}',

- f'Model output path: {args.model_output}',

-]

-for line in lines:

- print(line)

-print("mounted_path files: ")

-arr = os.listdir(args.training_data)

-print(arr)

-for filename in arr:

- print ("reading file: %s ..." % filename)

- with open(os.path.join(args.training_data, filename), 'r') as handle:

- print (handle.read())

-## Do the train and save the trained model as a file into the output folder.

-## Here only output a dummy data for example.

-curtime = datetime.now().strftime("%b-%d-%Y %H:%M:%S")

-model = f"This is a dummy model with id: {str(uuid4())} generated at: {curtime}\n"

-(Path(args.model_output) / 'model.txt').write_text(model)

-```

- To deploy a registered model from an `AutoMLRun`, we recommend doing so via the [one-click deploy button in Azure Machine learning studio](how-to-use-automated-ml-for-ml-models.md#deploy-your-model).

-> [!NOTE]

-> Azure Machine Learning reinforcement learning is currently a preview feature. Only Ray and RLlib frameworks are supported at this time.

-| Virtual Network support | Public Preview | NO | NO |

-| Virtual Network support | Preview | YES | N/A |

-The source JSON schema can be found at https://azuremlschemas.azureedge.net/latest/kubernetesCompute.schema.json.

-Learn about the best practices that can be used to monitor your database operations and ensure that the performance is not compromised as data size grows. As we add new capabilities to the platform, we will continue refine the best practices detailed in this section.

-Monitor CPU usage and if the database is exhausting CPU resources. If CPU usage is 90% or more than you should scale up your compute by increasing the number of vCores or scale to next pricing tier. Make sure that the throughput or concurrency is as expected as you scale up/down the CPU.

-Flexible server provides two methods for you to perform on-demand failover to the standby server. These are useful if you want to test the failover time and downtime impact for your applications and if you want to failover to the preferred availability zone.

-* **Can I enable or disable HA any any point of time?** <br>

-![Multi-tenant

-colocation](../media/concepts-hyperscale-choosing-distribution-column/multi-tenant-colocation.png)

- :::image type="content" source="./media/how-to-link-azure-data-factory/connect-data-factory.png" alt-text="Screenshot showing how to connect Azure Data Factory." lightbox="./media/how-to-link-azure-data-factory/connect-data-factory.png":::

-If you discover a data asset in the catalog that you would like access to, you can request access directly through Microsoft Purview.

-The request will trigger a workflow that will request that the owners of the data resource grant you access to that data source.

-1. To find a data asset, use Microsoft Purview's [search](how-to-search-catalog.md) or [browse](how-to-browse-catalog.md) functionality.

-# Self-service data access workflows for hybrid data estates

-This guide will take you through the creation and management of self-service data access [workflows](concept-workflow.md) for hybrid data estates.

-## Create and enable self-service data access workflow

-1. To create a new self-service workflow, select **+New** button.

- 1. Condition to check if data source is registered for use governance (policy)

- 1. Create self-service policy

- 1. Task connector to assign a task to a user or Microsoft Azure Active Directory group to manually provide access to requestor.

- 1. Send an email to requestor that access is provided once the task is complete.

- > Please configure the workflow to create self-service policies ONLY for sources supported by Microsft Purview's policy feature. To see what's supported by policy, check the [Data owner policies documentation](tutorial-data-owner-policies-storage.md).

- :::image type="content" source="media/register-scan-azure-blob-storage-source/register-blob-purview-acct.png" alt-text="Screenshot that shows the Microsoft Purview account used to register the data source":::

- :::image type="content" source="media/register-scan-azure-cosmos-database/register-cosmos-db-purview-acct.png" alt-text="Screenshot that shows the Microsoft Purview account used to register the data source":::

- | Setting | Value |

- | | |

- | Role | Storage Blob Data Contributor |

- | Assign access to | User, group, or service principal |

- | Members | Remote Rendering Account |

-> | Microsoft.SignalRService/SignalR/privateEndpointConnectionProxies/updatePrivateEndpointProperties/action | |

-> | Microsoft.SignalRService/WebPubSub/privateEndpointConnectionProxies/updatePrivateEndpointProperties/action | |

-> | Microsoft.SignalRService/SignalR/livetrace/read | Read live trace tool results |

-> | Microsoft.SignalRService/SignalR/livetrace/write | Create live trace connections |

-> | Microsoft.SignalRService/WebPubSub/livetrace/read | Read live trace tool results |

-> | Microsoft.SignalRService/WebPubSub/livetrace/write | Create live trace connections |

-> | Microsoft.ServiceBus/namespaces/authorizationRules/action | Updates Namespace Authorization Rule. This API is deprecated. Please use a PUT call to update the Namespace Authorization Rule instead. |

-> | Microsoft.ServiceBus/namespaces/diagnosticSettings/read | Get list of Namespace diagnostic settings Resource Descriptions |

-> | Microsoft.ServiceBus/namespaces/diagnosticSettings/write | Get list of Namespace diagnostic settings Resource Descriptions |

-> | Microsoft.ServiceBus/namespaces/eventhubs/write | Create or Update EventHub properties. |

-> | Microsoft.ServiceBus/namespaces/eventhubs/Delete | Operation to delete EventHub Resource |

-> | Microsoft.ServiceBus/namespaces/eventhubs/authorizationRules/write | Create EventHub Authorization Rules and Update its properties. The Authorization Rules Access Rights can be updated. |

-> | Microsoft.ServiceBus/namespaces/eventhubs/authorizationRules/read | Get the list of EventHub Authorization Rules |

-> | Microsoft.ServiceBus/namespaces/eventhubs/authorizationRules/delete | Operation to delete EventHub Authorization Rules |

-> | Microsoft.ServiceBus/namespaces/eventhubs/authorizationRules/listkeys/action | Get the Connection String to EventHub |

-> | Microsoft.ServiceBus/namespaces/eventhubs/authorizationRules/regenerateKeys/action | Regenerate the Primary or Secondary key to the Resource |

-> | Microsoft.ServiceBus/namespaces/eventHubs/consumergroups/write | Create or Update ConsumerGroup properties. |

-> | Microsoft.ServiceBus/namespaces/eventHubs/consumergroups/read | Get list of ConsumerGroup Resource Descriptions |

-> | Microsoft.ServiceBus/namespaces/eventHubs/consumergroups/Delete | Operation to delete ConsumerGroup Resource |

-> | Microsoft.ServiceBus/namespaces/logDefinitions/read | Get list of Namespace logs Resource Descriptions |

-> | Microsoft.ServiceBus/namespaces/messagingPlan/read | Gets the Messaging Plan for a namespace. This API is deprecated. Properties exposed via the MessagingPlan resource are moved to the (parent) Namespace resource in later API versions. |

-> | Microsoft.ServiceBus/namespaces/messagingPlan/write | Updates the Messaging Plan for a namespace. This API is deprecated. Properties exposed via the MessagingPlan resource are moved to the (parent) Namespace resource in later API versions. |

-> | Microsoft.ServiceBus/namespaces/messagingplan/write | Create or Update MessagingPlan properties. |

-> | Microsoft.ServiceBus/namespaces/messagingplan/read | Get list of MessagingPlan Resource Descriptions |

-> | Microsoft.ServiceBus/namespaces/metricDefinitions/read | Get list of Namespace metrics Resource Descriptions |

-> | Microsoft.ServiceBus/namespaces/operationresults/read | Get the list of Namespace Resource Description |

-> | Microsoft.ServiceBus/namespaces/queues/authorizationRules/action | Operation to update Queue Authorization Rules. Please use a PUT call to update Authorization Rule. |

-> | Microsoft.ServiceBus/namespaces/topics/authorizationRules/action | Operation to update Topic Authorization Rules. Please use a PUT call to update Authorization Rule. |

-> | microsoft.recoveryservices/Locations/backupCrossRegionRestore/action | Trigger Cross region restore. |

-> | microsoft.recoveryservices/Locations/backupCrrJob/action | Get Cross Region Restore Job Details in the secondary region for Recovery Services Vault. |

-> | microsoft.recoveryservices/Locations/backupCrrJobs/action | List Cross Region Restore Jobs in the secondary region for Recovery Services Vault. |

-> | microsoft.recoveryservices/Locations/backupPreValidateProtection/action | |

-> | microsoft.recoveryservices/Locations/backupStatus/action | Check Backup Status for Recovery Services Vaults |

-> | microsoft.recoveryservices/Locations/backupValidateFeatures/action | Validate Features |

-> | microsoft.recoveryservices/Locations/backupAadProperties/read | Get AAD Properties for authentication in the third region for Cross Region Restore. |

-> | microsoft.recoveryservices/Locations/backupCrrOperationResults/read | Returns CRR Operation Result for Recovery Services Vault. |

-> | microsoft.recoveryservices/Locations/backupCrrOperationsStatus/read | Returns CRR Operation Status for Recovery Services Vault. |

-> | microsoft.recoveryservices/Locations/backupProtectedItem/write | Create a backup Protected Item |

-> | microsoft.recoveryservices/Locations/backupProtectedItems/read | Returns the list of all Protected Items. |

-> | microsoft.recoveryservices/Vaults/backupJobsExport/action | Export Jobs |

-> | microsoft.recoveryservices/Vaults/backupSecurityPIN/action | Returns Security PIN Information for Recovery Services Vault. |

-> | microsoft.recoveryservices/Vaults/backupTriggerValidateOperation/action | Validate Operation on Protected Item |

-> | microsoft.recoveryservices/Vaults/backupValidateOperation/action | Validate Operation on Protected Item |

-> | microsoft.recoveryservices/Vaults/backupconfig/read | Returns Configuration for Recovery Services Vault. |

-> | microsoft.recoveryservices/Vaults/backupconfig/write | Updates Configuration for Recovery Services Vault. |

-> | microsoft.recoveryservices/Vaults/backupEncryptionConfigs/read | Gets Backup Resource Encryption Configuration. |

-> | microsoft.recoveryservices/Vaults/backupEncryptionConfigs/write | Updates Backup Resource Encryption Configuration |

-> | microsoft.recoveryservices/Vaults/backupEngines/read | Returns all the backup management servers registered with vault. |

-> | microsoft.recoveryservices/Vaults/backupFabrics/refreshContainers/action | Refreshes the container list |

-> | microsoft.recoveryservices/Vaults/backupFabrics/backupProtectionIntent/delete | Delete a backup Protection Intent |

-> | microsoft.recoveryservices/Vaults/backupFabrics/backupProtectionIntent/read | Get a backup Protection Intent |

-> | microsoft.recoveryservices/Vaults/backupFabrics/backupProtectionIntent/write | Create a backup Protection Intent |

-> | microsoft.recoveryservices/Vaults/backupFabrics/operationResults/read | Returns status of the operation |

-> | microsoft.recoveryservices/Vaults/backupFabrics/operationsStatus/read | Returns status of the operation |

-> | microsoft.recoveryservices/Vaults/backupFabrics/protectableContainers/read | Get all protectable containers |

-> | microsoft.recoveryservices/Vaults/backupFabrics/protectionContainers/delete | Deletes the registered Container |

-> | microsoft.recoveryservices/Vaults/backupFabrics/protectionContainers/inquire/action | Do inquiry for workloads within a container |

-> | microsoft.recoveryservices/Vaults/backupFabrics/protectionContainers/read | Returns all registered containers |

-> | microsoft.recoveryservices/Vaults/backupFabrics/protectionContainers/write | Creates a registered container |

-> | microsoft.recoveryservices/Vaults/backupFabrics/protectionContainers/items/read | Get all items in a container |

-> | microsoft.recoveryservices/Vaults/backupFabrics/protectionContainers/operationResults/read | Gets result of Operation performed on Protection Container. |

-> | microsoft.recoveryservices/Vaults/backupFabrics/protectionContainers/operationsStatus/read | Gets status of Operation performed on Protection Container. |

-> | microsoft.recoveryservices/Vaults/backupFabrics/protectionContainers/protectedItems/backup/action | Performs Backup for Protected Item. |

-> | microsoft.recoveryservices/Vaults/backupFabrics/protectionContainers/protectedItems/delete | Deletes Protected Item |

-> | microsoft.recoveryservices/Vaults/backupFabrics/protectionContainers/protectedItems/read | Returns object details of the Protected Item |

-> | microsoft.recoveryservices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPointsRecommendedForMove/action | Get Recovery points recommended for move to another tier |

-> | microsoft.recoveryservices/Vaults/backupFabrics/protectionContainers/protectedItems/write | Create a backup Protected Item |

-> | microsoft.recoveryservices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/read | Gets Result of Operation Performed on Protected Items. |

-> | microsoft.recoveryservices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/read | Returns the status of Operation performed on Protected Items. |

-> | microsoft.recoveryservices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/accessToken/action | Get AccessToken for Cross Region Restore. |

-> | microsoft.recoveryservices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/move/action | Move Recovery point to another tier |

-> | microsoft.recoveryservices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/provisionInstantItemRecovery/action | Provision Instant Item Recovery for Protected Item |

-> | microsoft.recoveryservices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/read | Get Recovery Points for Protected Items. |

-> | microsoft.recoveryservices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/restore/action | Restore Recovery Points for Protected Items. |

-> | microsoft.recoveryservices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/revokeInstantItemRecovery/action | Revoke Instant Item Recovery for Protected Item |

-> | microsoft.recoveryservices/Vaults/backupJobs/cancel/action | Cancel the Job |

-> | microsoft.recoveryservices/Vaults/backupJobs/read | Returns all Job Objects |

-> | microsoft.recoveryservices/Vaults/backupJobs/operationResults/read | Returns the Result of Job Operation. |

-> | microsoft.recoveryservices/Vaults/backupJobs/operationsStatus/read | Returns the status of Job Operation. |

-> | microsoft.recoveryservices/Vaults/backupOperationResults/read | Returns Backup Operation Result for Recovery Services Vault. |

-> | microsoft.recoveryservices/Vaults/backupOperations/read | Returns Backup Operation Status for Recovery Services Vault. |

-> | microsoft.recoveryservices/Vaults/backupPolicies/delete | Delete a Protection Policy |

-> | microsoft.recoveryservices/Vaults/backupPolicies/read | Returns all Protection Policies |

-> | microsoft.recoveryservices/Vaults/backupPolicies/write | Creates Protection Policy |

-> | microsoft.recoveryservices/Vaults/backupPolicies/operationResults/read | Get Results of Policy Operation. |

-> | microsoft.recoveryservices/Vaults/backupPolicies/operations/read | Get Status of Policy Operation. |

-> | microsoft.recoveryservices/Vaults/backupProtectableItems/read | Returns list of all Protectable Items. |

-> | microsoft.recoveryservices/Vaults/backupProtectedItems/read | Returns the list of all Protected Items. |

-> | microsoft.recoveryservices/Vaults/backupProtectionContainers/read | Returns all containers belonging to the subscription |

-> | microsoft.recoveryservices/Vaults/backupProtectionIntents/read | List all backup Protection Intents |

-> | microsoft.recoveryservices/Vaults/backupResourceGuardProxies/delete | The Delete ResourceGuard proxy operation deletes the specified Azure resource of type 'ResourceGuard proxy' |

-> | microsoft.recoveryservices/Vaults/backupResourceGuardProxies/read | Get the list of ResourceGuard proxies for a resource |

-> | microsoft.recoveryservices/Vaults/backupResourceGuardProxies/read | Get ResourceGuard proxy operation gets an object representing the Azure resource of type 'ResourceGuard proxy' |

-> | microsoft.recoveryservices/Vaults/backupResourceGuardProxies/unlockDelete/action | Unlock delete ResourceGuard proxy operation unlocks the next delete critical operation |

-> | microsoft.recoveryservices/Vaults/backupResourceGuardProxies/write | Create ResourceGuard proxy operation creates an Azure resource of type 'ResourceGuard Proxy' |

-> | microsoft.recoveryservices/Vaults/backupstorageconfig/read | Returns Storage Configuration for Recovery Services Vault. |

-> | microsoft.recoveryservices/Vaults/backupstorageconfig/write | Updates Storage Configuration for Recovery Services Vault. |

-> | microsoft.recoveryservices/Vaults/backupUsageSummaries/read | Returns summaries for Protected Items and Protected Servers for a Recovery Services . |

-> | microsoft.recoveryservices/Vaults/backupValidateOperationResults/read | Validate Operation on Protected Item |

-> | microsoft.recoveryservices/Vaults/backupValidateOperationsStatuses/read | Validate Operation on Protected Item |

-> | microsoft.recoveryservices/Vaults/privateEndpointConnectionProxies/delete | Wait for a few minutes and then try the operation again. If the issue persists, please contact Microsoft support. |

-> | microsoft.recoveryservices/Vaults/privateEndpointConnectionProxies/read | Get all protectable containers |

-> | microsoft.recoveryservices/Vaults/privateEndpointConnectionProxies/validate/action | Get all protectable containers |

-> | microsoft.recoveryservices/Vaults/privateEndpointConnectionProxies/write | Get all protectable containers |

-> | microsoft.recoveryservices/Vaults/privateEndpointConnectionProxies/operationsStatus/read | Get all protectable containers |

-> | microsoft.recoveryservices/Vaults/privateEndpointConnections/delete | Delete Private Endpoint requests. This call is made by Backup Admin. |

-> | microsoft.recoveryservices/Vaults/privateEndpointConnections/write | Approve or Reject Private Endpoint requests. This call is made by Backup Admin. |

-> | microsoft.recoveryservices/Vaults/privateEndpointConnections/operationsStatus/read | Returns the operation status for a private endpoint connection. |

-> | microsoft.recoveryservices/Vaults/usages/read | Returns usage details for a Recovery Services Vault. |

-AIP is part of the Microsoft Information Protection (MIP) solution, and extends the [labeling](/microsoft-365/compliance/sensitivity-labels) and [classification](/microsoft-365/compliance/data-classification-overview) functionality provided by Microsoft 365.

-^{<a name="aipnote7"></a>7} The number of [Sensitive Information Types](/microsoft-365/compliance/sensitive-information-type-entity-definitions) in your Microsoft 365 Security & Compliance Center may vary based on region.

-| - [Microsft Purview](../../sentinel/data-connectors-reference.md#microsoft-purview) | Public Preview | Not Available |

-| [ClearPass (Alerts & Inventory)](../../defender-for-iot/organizations/how-to-install-software.md#attach-a-span-virtual-interface-to-the-virtual-switch) | GA | GA |

-| [CyberArk PSM](../../defender-for-iot/organizations/concept-key-concepts.md#integrations) | GA | GA |

-1. In the **Alert enrichment (Preview)** section, expand **Alert details**.

-| **License prerequisites/<br>Cost information** | <li>[Microsoft Dynamics 365 production license](/office365/servicedescriptions/microsoft-dynamics-365-online-service-description). Not available for sandbox environments.<li>Microsoft 365 Enterprise [E3 or E5](/power-platform/admin/enable-use-comprehensive-auditing#requirements) subscription is required to do Activity Logging.<br>Other charges may apply |

-> - The new version of the entity mapping feature is in **PREVIEW**. See the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for additional legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.

-> [!IMPORTANT]

->

-> - See [Notes on the new version](#notes-on-the-new-version) at the end of this document for important information about backward compatibility and differences between the new and old versions of entity mapping.

-1. In the **Alert enrichment (Preview)** section, expand **Entity mapping**.

- - The limits of the old version will continue to apply. You can map only the user, host, IP address, URL, and file hash entities, and only one of each.

- - You must **remove** any entity mappings created using the new version **before** you return to the old version, otherwise any entity mappings that use the old version **will not work**.

-> [!IMPORTANT]

->

-> - The custom details feature is in **PREVIEW**. See the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for additional legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.

-1. In the **Alert enrichment (Preview)** section, expand **Custom details**.

-If you are using **Azure PowerShell**, use the [`New-AzServiceBusKey`](/powershell/module/az.servicebus/new-azservicebuskey) cmdlet to regenerate primary and secondary keys for a Service Bus namespace. With PowerShell, you can also specify values for primary and secondary keys that are being generated, by using the `-KeyValue` parameter.

-If you are using **Azure CLI**, use the [`az servicebus namespace authorization-rule keys renew`](/cli/azure/servicebus/namespace/authorization-rule/keys#az-servicebus-namespace-authorization-rule-keys-renew) command to regenerate primary and secondary keys for a Service Bus namespace.

-Microsoft Azure Service Bus is a multi-tenant cloud messaging service that sends information between applications and services. Asynchronous operations give you flexible, brokered messaging, along with structured first-in, first-out (FIFO) messaging, and publish/subscribe capabilities. This tutorial shows how to use Service Bus topics and subscriptions in a retail inventory scenario, with publish/subscribe channels using the Azure portal and .NET.

-> * Create a Service Bus topic and one or more subscriptions to that topic using the Azure portal

-> * Add topic filters using .NET code

-> * Create two messages with different content

-> * Send the messages and verify they arrived in the expected subscriptions

-An example of this scenario is an inventory assortment update for multiple retail stores. In this scenario, each store, or set of stores, gets messages intended for them to update their assortments. This tutorial shows how to implement this scenario using subscriptions and filters. First, you create a topic with 3 subscriptions, add some rules and filters, and then send and receive messages from the topic and subscriptions.

-

-If you don't have an Azure subscription, you can create a [free account][] before you begin.

-To complete this tutorial, make sure you have installed:

-After the namespace and topic/subscriptions are provisioned, and you have the necessary credentials, you are ready to create filter rules on the subscriptions, then send and receive messages. You can examine the code in [this GitHub sample folder](https://github.com/Azure/azure-service-bus/tree/master/samples/Java/azure-servicebus/TopicFilters).

-To run the code, do the following:

-7. Follow the instructions in the console to select filter creation first. Part of creating filters is to remove the default filters. When you use PowerShell or CLI you don't need to remove the default filter, but if you do this in code, you must remove them. The console commands 1 and 3 help you manage the filters on the subscriptions you previously created:

- - Execute 3: to optionally remove your own filters. Note that this will not recreate the default filters.

-9. Press 5 and observe the messages being received. If you did not get 10 messages back, press "m" to display the menu, then press 5 again.

-When no longer needed, delete the namespace and topic. To do so, select these resources on the portal and click **Delete**.

-Messages are again received via a task list, and the code uses batching. You can send and receive using batching, but this example only shows how to batch receive. In reality, you would not break out of the loop, but keep looping and set a higher timespan, such as one minute. The receive call to the broker is kept open for this amount of time and if messages arrive, they are returned immediately and a new receive call is issued. This concept is called *long polling*. Using the receive pump which you can see in the [quickstart](service-bus-quickstart-portal.md), and in several other samples in the repository, is a more typical option.

-