Updates from: 05/01/2021 03:06:03
Service Microsoft Docs article Related commit history on GitHub Change details
active-directory-b2c Custom Policy Developer Notes https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory-b2c/custom-policy-developer-notes.md
Title: Developer notes for custom policies
+ Title: Developer notes for user flows and custom policies
-description: Notes for developers on configuring and maintaining Azure AD B2C with custom policies.
+description: Notes for developers on configuring and maintaining Azure AD B2C with user flows and custom policies.
Previously updated : 04/26/2021 Last updated : 04/30/2021
-# Developer notes for custom policies in Azure Active Directory B2C
+# Developer notes for Azure Active Directory B2C
-Custom policy configuration in Azure Active Directory B2C is now generally available. This method of configuration is targeted at advanced identity developers building complex identity solutions. Custom policies make the power of the Identity Experience Framework available in Azure AD B2C tenants.
-Advanced identity developers using custom policies should plan to invest some time completing walk-throughs and reading reference documents.
+Azure Active Directory B2C [user flows and custom policies](user-flow-overview.md) are generally available. Azure AD B2C capabilities are under continual development, so although most features are generally available, some features are at different stages in the software release cycle. This article discusses cumulative improvements in Azure AD B2C and specifies feature availability.
-While most of the custom policy options available are now generally available, there are underlying capabilities, such as technical profile types and content definition APIs that are at different stages in the software lifecycle. Many more are coming. The table below specifies the level of availability at a more granular level.
+## Terms for features in public preview
+
+- We encourage you to use public preview features for evaluation purposes only.
+- Service level agreements (SLAs) don't apply to public preview features.
+- Support requests for public preview features can be submitted through regular support channels.
+
+## User flows
+
+|Feature |User flow |Custom policy |Notes |
+||::|::||
+| [Sign-up and sign-in](add-sign-up-and-sign-in-policy.md) with email and password. | GA | GA| |
+| [Sign-up and sign-in](add-sign-up-and-sign-in-policy.md) with username and password.| GA | GA | |
+| [Profile editing flow](add-profile-editing-policy.md) | GA | GA | |
+| [Self-Service password reset](add-password-reset-policy.md) | GA| GA| |
+| [Force password reset](force-password-reset.md) | Preview | NA | |
+| [phone sign-up and sign-in](phone-authentication-user-flows.md) | GA | GA | |
+
+## User experience customization
+
+|Feature |User flow |Custom policy |Notes |
+||::|::||
+| [Multi-language support](localization.md)| GA | GA | |
+| [Custom email verification](custom-email-mailjet.md) | NA | GA| |
+| [Customize the user interface with built-in templates](customize-ui.md) | GA| GA| |
+| [Customize the user interface with custom templates](customize-ui-with-html.md) | GA| GA| By using HTML templates. |
+| [JavaScript](javascript-and-page-layout.md) | GA | GA | |
+| [Embedded sign-in experience](embedded-login.md) | NA | Preview| By using the inline frame element `<iframe>`. |
+| [Password complexity](password-complexity.md) | GA | GA | |
+| [Disable email verification](disable-email-verification.md) | GA| GA| Not recommended for production environments. Disabling email verification in the sign-up process may lead to spam. |
++
+## Protocols and authorization flows
+
+|Feature |User flow |Custom policy |Notes |
+||::|::||
+|[OAuth2 authorization code](authorization-code-flow.md) | GA | GA |
+|[OAuth2 authorization code with PKCE](authorization-code-flow.md)| GA | GA | Public clients and single-page applications. |
+|[OAuth2 implicit flow](implicit-flow-single-page-application.md) | GA | GA | |
+|[OAuth2 resource owner password credentials](add-ropc-policy.md) | Preview | Preview | |
+|OAuth1 | NA | NA | Not supported. |
+|[OpenId Connect](openid-connect.md) | GA | GA | |
+|[SAML2](saml-service-provider.md) | NA | GA | POST and Redirect bindings. |
+| WSFED | NA | NA | Not supported. |
+
+## Identity providers
+
+|Feature |User flow |Custom policy |Notes |
+||::|::||
+|[AD FS](identity-provider-adfs.md) | NA | GA | |
+|[Amazon](identity-provider-amazon.md) | GA | GA | |
+|[Apple](identity-provider-apple-id.md) | Preview | Preview | |
+|[Azure AD (Single-tenant)](identity-provider-azure-ad-single-tenant.md) | GA | GA | |
+|[Azure AD (Multi-tenant)](identity-provider-azure-ad-multi-tenant.md) | NA | GA | |
+|[Azure AD B2C](identity-provider-azure-ad-b2c.md) | GA | GA | |
+|[eBay](identity-provider-ebay.md) | NA | Preview | |
+|[Facebook](identity-provider-facebook.md) | GA | GA | |
+|[GitHub](identity-provider-github.md) | GA | GA | |
+|[Google](identity-provider-google.md) | GA | GA | |
+|[ID.me](identity-provider-id-me.md) | GA | GA | |
+|[LinkedIn](identity-provider-linkedin.md) | GA | GA | |
+|[Microsoft Account](identity-provider-microsoft-account.md) | GA | GA | |
+|[QQ](identity-provider-qq.md) | Preview | GA | |
+|[Salesforce](identity-provider-salesforce.md) | GA | GA | |
+|[Salesforce (SAML protocol)](identity-provider-salesforce-saml.md) | NA | GA | |
+|[Twitter](identity-provider-twitter.md) | GA | GA | |
+|[WeChat](identity-provider-wechat.md) | Preview | GA | |
+|[Weibo](identity-provider-weibo.md) | Preview | GA | |
+
+## Generic identity providers
+
+|Feature |User flow |Custom policy |Notes |
+||::|::||
+|[OAuth2](oauth2-technical-profile.md) | NA | GA | For example, [Google](identity-provider-google.md), [GitHub](identity-provider-github.md), and [Facebook](identity-provider-facebook.md).|
+|[OAuth1](oauth1-technical-profile.md) | NA | GA | For example, [Twitter](identity-provider-twitter.md). |
+|[OpenID Connect](openid-connect-technical-profile.md) | GA | GA | For example, [Azure AD](identity-provider-azure-ad-single-tenant.md). |
+|[SAML2](identity-provider-generic-saml.md) | NA | GA | For example, [Salesforce](identity-provider-salesforce-saml.md) and [AD-FS].(identity-provider-adfs.md) |
+| WSFED | NA | NA | |
+
+### API connectors
+
+|Feature |User flow |Custom policy |Notes |
+||::|::||
+|[API connectors](api-connectors-overview.md) | Preview | GA | |
+|[Secure with basic authentication](secure-rest-api.md#http-basic-authentication) | Preview | GA | |
+|[Secure with client certificate authentication](secure-rest-api.md#https-client-certificate-authentication) | Preview | GA | |
+|[Secure with OAuth2 bearer authentication](secure-rest-api.md#oauth2-bearer-authentication) | NA | GA | |
+|[Secure API key authentication](secure-rest-api.md#api-key-authentication) | NA | GA | |
+
+### Application and Azure AD B2C integration
+
+|Feature |User flow |Custom policy |Notes |
+||::|::||
+| [Redirect sign-in to a social provider](direct-signin.md#redirect-sign-in-to-a-social-provider) | GA | GA | Query string parameter `domain_hint`. |
+| [Prepopulate the sign-in name](direct-signin.md#prepopulate-the-sign-in-name) | GA | GA | Query string parameter `login_hint`. |
+| Insert JSON into user journey via `client_assertion`| NA| Deprecated | |
+| Insert JSON into user journey as [id_token_hint](id-token-hint.md) | NA | GA | |
+| [Pass identity provider token to the application](idp-pass-through-user-flow.md)| Preview| Preview| For example, from Facebook to app. |
++
+## Custom policy features
+
+### Session management
+
+| Feature | Custom policy | Notes |
+| - | :--: | -- |
+| [Default SSO session provider](custom-policy-reference-sso.md#defaultssosessionprovider) | GA | |
+| [External login session provider](custom-policy-reference-sso.md#externalloginssosessionprovider) | GA | |
+| [SAML SSO session provider](custom-policy-reference-sso.md#samlssosessionprovider) | GA | |
+| [OAuth SSO Session Provider](custom-policy-reference-sso.md#oauthssosessionprovider) | GA| |
+| [Single sign-out](session-behavior.md#sign-out) | Preview | |
+
+### Components
+
+| Feature | Custom policy | Notes |
+| - | :--: | -- |
+| [Phone factor authentication](phone-factor-technical-profile.md) | GA | |
+| [Azure AD MFA authentication](multi-factor-auth-technical-profile.md) | Preview | |
+| [One-time password](one-time-password-technical-profile.md) | GA | |
+| [Azure Active Directory](active-directory-technical-profile.md) as local directory | GA | |
+| [Predicate validations](predicates.md) | GA | For example, password complexity. |
+| [Display controls](display-controls.md) | GA | |
-## Features that are generally available
+### Developer interface
-- Author and upload custom authentication user journeys by using custom policies.
- - Describe user journeys step by step as exchanges between claims providers.
- - Define conditional branching in user journeys.
-- Interoperate with REST API-enabled services in your custom authentication user journeys.-- Federate with identity providers that are compliant with the OpenIDConnect protocol.-- Federate with identity providers that adhere to the SAML 2.0 protocol.
+| Feature | Custom policy | Notes |
+| - | :--: | -- |
+| Azure portal | GA | |
+| [Application Insights user journey logs](troubleshoot-with-application-insights.md) | Preview | Used for troubleshooting during development. |
+| [Application Insights event logs](analytics-with-application-insights.md) | Preview | Used to monitor user flows in production. |
## Responsibilities of custom policy feature-set developers
-Manual policy configuration grants lower-level access to the underlying platform of Azure AD B2C and results in the creation of a unique, trust framework. The many possible permutations of custom identity providers, trust relationships, integrations with external services, and step by step workflows require a methodical approach to design and configuration.
+Manual policy configuration grants lower-level access to the underlying platform of Azure AD B2C and results in the creation of a unique, trust framework. The many possible permutations of custom identity providers, trust relationships, integrations with external services, and step-by-step workflows require a methodical approach to design and configuration.
Developers consuming the custom policy feature set should adhere to the following guidelines:
Developers consuming the custom policy feature set should adhere to the followin
- Keep contact email addresses current in the Azure subscription, and stay responsive to the Microsoft live-site team emails. - Take timely action when advised to do so by the Microsoft live-site team.
-## Terms for features in public preview
--- We encourage you to use the public preview features for evaluation purposes only.-- Service level agreements (SLAs) do not apply to the public preview features.-- Support requests for public preview features can be filed through regular support channels.-
-## Features by stage and known issues
-
-Custom policy capabilities are under constant development. The following table is an index of features and component availability.
--
-### Protocols and authorization flows
-
-| Feature | Development | Preview | GA | Notes |
-|-- | :--: | :-: | :--: | -- |
-| [OAuth2 authorization code](authorization-code-flow.md) | | | X | |
-| OAuth2 authorization code with PKCE | | | X | [Public clients and single-page applications](authorization-code-flow.md) |
-| [OAuth2 implicit flow](implicit-flow-single-page-application.md) | | | X | |
-| [OAuth2 resource owner password credentials](add-ropc-policy.md) | | X | | |
-| [OIDC Connect](openid-connect.md) | | | X | |
-| [SAML2](saml-service-provider.md) | | |X | POST and Redirect bindings. |
-| OAuth1 | | | | Not supported. |
-| WSFED | X | | | |
-
-### Identify providers federation
-
-| Feature | Development | Preview | GA | Notes |
-|-- | :--: | :-: | :--: | -- |
-| [OpenID Connect](openid-connect-technical-profile.md) | | | X | For example, Google+. |
-| [OAuth2](oauth2-technical-profile.md) | | | X | For example, Facebook. |
-| [OAuth1](oauth1-technical-profile.md) | | X | | For example, Twitter. |
-| [SAML2](identity-provider-generic-saml.md) | | | X | For example, Salesforce, ADFS. |
-| WSFED| X | | | |
--
-### REST API integration
-
-| Feature | Development | Preview | GA | Notes |
-|-- | :--: | :-: | :--: | -- |
-| [REST API with basic auth](secure-rest-api.md#http-basic-authentication) | | | X | |
-| [REST API with client certificate auth](secure-rest-api.md#https-client-certificate-authentication) | | | X | |
-| [REST API with OAuth2 bearer auth](secure-rest-api.md#oauth2-bearer-authentication) | | X | | |
-
-### Component support
-
-| Feature | Development | Preview | GA | Notes |
-| - | :--: | :-: | :--: | -- |
-| [Phone factor authentication](phone-factor-technical-profile.md) | | | X | |
-| [Azure AD MFA authentication](multi-factor-auth-technical-profile.md) | | X | | |
-| [One-time password](one-time-password-technical-profile.md) | | | X | |
-| [Azure Active Directory](active-directory-technical-profile.md) as local directory | | | X | |
-| Azure email subsystem for email verification | | | X | |
-| [Third party email service providers](custom-email-mailjet.md) | | | X | |
-| [Multi-language support](localization.md)| | | X | |
-| [Predicate validations](predicates.md) | | | X | For example, password complexity. |
-| [Display controls](display-controls.md) | | |X | |
--
-### App-IEF integration
-
-| Feature | Development | Preview | GA | Notes |
-| - | :--: | :-: | :--: | -- |
-| Query string parameter `domain_hint` | | | X | Available as claim, can be passed to IDP. |
-| Query string parameter `login_hint` | | | X | Available as claim, can be passed to IDP. |
-| Insert JSON into user journey via `client_assertion` | X | | | Will be deprecated. |
-| Insert JSON into user journey as `id_token_hint` | | X | | Go-forward approach to pass JSON. |
-| [Pass identity provider token to the application](idp-pass-through-user-flow.md) | | X | | For example, from Facebook to app. |
--
-### Session Management
-
-| Feature | Development | Preview | GA | Notes |
-| - | :--: | :-: | :--: | -- |
-| [Default SSO session provider](custom-policy-reference-sso.md#defaultssosessionprovider) | | | X | |
-| [External login session provider](custom-policy-reference-sso.md#externalloginssosessionprovider) | | | X | |
-| [SAML SSO session provider](custom-policy-reference-sso.md#samlssosessionprovider) | | | X | |
-| [OAuthSSOSessionProvider](custom-policy-reference-sso.md#oauthssosessionprovider) | | X | | |
-| [Single sign-out](session-behavior.md#sign-out) | | X | | |
-
-### Security
-
-| Feature | Development | Preview | GA | Notes |
-|-- | :--: | :-: | :--: | -- |
-| Policy Keys- Generate, Manual, Upload | | | X | |
-| Policy Keys- RSA/Cert, Secrets | | | X | |
--
-### Developer interface
-
-| Feature | Development | Preview | GA | Notes |
-| - | :--: | :-: | :--: | -- |
-| Azure Portal-IEF UX | | | X | |
-| Policy upload | | | X | |
-| [Application Insights user journey logs](troubleshoot-with-application-insights.md) | | X | | Used for troubleshooting during development. |
-| [Application Insights event logs](analytics-with-application-insights.md) | | X | | Used to monitor user flows in production. |
-- ## Next steps - Check the [Microsoft Graph operations available for Azure AD B2C](microsoft-graph-operations.md)
active-directory-b2c Identity Provider Google https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory-b2c/identity-provider-google.md
Previously updated : 03/17/2021 Last updated : 04/30/2021
zone_pivot_groups: b2c-policy-type
[!INCLUDE [active-directory-b2c-choose-user-flow-or-custom-policy](../../includes/active-directory-b2c-choose-user-flow-or-custom-policy.md)]
+> [!IMPORTANT]
+> **Starting in the second half of 2021**, Google is [deprecating web-view sign-in support](https://developers.googleblog.com/2016/08/modernizing-oauth-interactions-in-native-apps.html). If youΓÇÖre using Google federation for Azure AD B2B invitations or Azure AD B2C, or if you're using self-service sign-up with Gmail, Google Gmail users won't be able to sign in if your apps authenticate users with an embedded web-view. [Learn more](../active-directory/external-identities/google-federation.md#deprecation-of-web-view-sign-in-support).
+ ::: zone pivot="b2c-custom-policy" [!INCLUDE [active-directory-b2c-advanced-audience-warning](../../includes/active-directory-b2c-advanced-audience-warning.md)]
active-directory-b2c User Profile Attributes https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory-b2c/user-profile-attributes.md
The table below lists the [user resource type](/graph/api/resources/user) attrib
|mobile (mobilePhone) |String|The primary cellular telephone number for the user. Max length 64.|Yes|No|Persisted, Output| |netId |String|Net ID.|No|No|Persisted, Output| |objectId |String|A globally unique identifier (GUID) that is the unique identifier for the user. Example: 12345678-9abc-def0-1234-56789abcde. Read only, Immutable.|Read only|Yes|Input, Persisted, Output|
-|otherMails |String collection|A list of other email addresses for the user. Example: ["bob@contoso.com", "Robert@fabrikam.com"].|Yes (Alternate email)|No|Persisted, Output|
+|otherMails |String collection|A list of other email addresses for the user. Example: ["bob@contoso.com", "Robert@fabrikam.com"]. NOTE: Accent characters are not allowed.|Yes (Alternate email)|No|Persisted, Output|
|password |String|The password for the local account during user creation.|No|No|Persisted| |passwordPolicies |String|Policy of the password. It's a string consisting of different policy name separated by comma. For example, "DisablePasswordExpiration, DisableStrongPassword".|No|No|Persisted, Output| |physicalDeliveryOfficeName (officeLocation)|String|The office location in the user's place of business. Max length 128.|Yes|No|Persisted, Output|
The table below lists the [user resource type](/graph/api/resources/user) attrib
|preferredLanguage |String|The preferred language for the user. The preferred language format is based on RFC 4646. The name is a combination of an ISO 639 two-letter lowercase culture code associated with the language, and an ISO 3166 two-letter uppercase subculture code associated with the country or region. Example: "en-US", or "es-ES".|No|No|Persisted, Output| |refreshTokensValidFromDateTime (signInSessionsValidFromDateTime)|DateTime|Any refresh tokens issued before this time are invalid, and applications will get an error when using an invalid refresh token to acquire a new access token. If this happens, the application will need to acquire a new refresh token by making a request to the authorize endpoint. Read-only.|No|No|Output| |signInNames ([Identities](#identities-attribute)) |String|The unique sign-in name of the local account user of any type in the directory. Use this attribute to get a user with sign-in value without specifying the local account type.|No|No|Input|
-|signInNames.userName ([Identities](#identities-attribute)) |String|The unique username of the local account user in the directory. Use this attribute to create or get a user with a specific sign-in username. Specifying this in PersistedClaims alone during Patch operation will remove other types of signInNames. If you would like to add a new type of signInNames, you also need to persist existing signInNames.|No|No|Input, Persisted, Output|
+|signInNames.userName ([Identities](#identities-attribute)) |String|The unique username of the local account user in the directory. Use this attribute to create or get a user with a specific sign-in username. Specifying this in PersistedClaims alone during Patch operation will remove other types of signInNames. If you would like to add a new type of signInNames, you also need to persist existing signInNames. NOTE: Accent characters are not allowed in the username.|No|No|Input, Persisted, Output|
|signInNames.phoneNumber ([Identities](#identities-attribute)) |String|The unique phone number of the local account user in the directory. Use this attribute to create or get a user with a specific sign-in phone number. Specifying this attribute in PersistedClaims alone during Patch operation will remove other types of signInNames. If you would like to add a new type of signInNames, you also need to persist existing signInNames.|No|No|Input, Persisted, Output| |signInNames.emailAddress ([Identities](#identities-attribute))|String|The unique email address of the local account user in the directory. Use this to create or get a user with a specific sign-in email address. Specifying this attribute in PersistedClaims alone during Patch operation will remove other types of signInNames. If you would like to add a new type of signInNames, you also need to persist existing signInNames.|No|No|Input, Persisted, Output| |state |String|The state or province in the user's address. Max length 128.|Yes|Yes|Persisted, Output| |streetAddress |String|The street address of the user's place of business. Max length 1024.|Yes|Yes|Persisted, Output| |strongAuthentication AlternativePhoneNumber<sup>1</sup>|String|The secondary telephone number of the user, used for multi-factor authentication.|Yes|No|Persisted, Output|
-|strongAuthenticationEmailAddress<sup>1</sup>|String|The SMTP address for the user. Example: "bob@contoso.com" This attribute is used for sign-in with username policy, to store the user email address. The email address then used in a password reset flow.|Yes|No|Persisted, Output|
+|strongAuthenticationEmailAddress<sup>1</sup>|String|The SMTP address for the user. Example: "bob@contoso.com" This attribute is used for sign-in with username policy, to store the user email address. The email address then used in a password reset flow. Accent characters are not allowed in this attribute.|Yes|No|Persisted, Output|
|strongAuthenticationPhoneNumber<sup>2</sup>|String|The primary telephone number of the user, used for multi-factor authentication.|Yes|No|Persisted, Output| |surname |String|The user's surname (family name or last name). Max length 64.|Yes|Yes|Persisted, Output| |telephoneNumber (first entry of businessPhones)|String|The primary telephone number of the user's place of business.|Yes|No|Persisted, Output|
active-directory Concept Authentication Passwordless https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/authentication/concept-authentication-passwordless.md
Previously updated : 02/22/2021 Last updated : 04/29/2021
Features like multi-factor authentication (MFA) are a great way to secure your o
| | | | | Passwordless | Windows 10 Device, phone, or security key | Biometric or PIN |
-Each organization has different needs when it comes to authentication. Microsoft offers the following three passwordless authentication options that integrate with Azure Active Directory (Azure AD):
+Each organization has different needs when it comes to authentication. Microsoft global Azure and Azure Government offer the following three passwordless authentication options that integrate with Azure Active Directory (Azure AD):
- Windows Hello for Business - Microsoft Authenticator app
active-directory What Is Cloud Sync https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/cloud-sync/what-is-cloud-sync.md
The following table provides a comparison between Azure AD Connect and Azure AD
| Azure AD Domain Services support|ΓùÅ | | | [Exchange hybrid writeback](../hybrid/reference-connect-sync-attributes-synchronized.md#exchange-hybrid-writeback) |ΓùÅ | | | Support for up to 150,000 objects per AD domain |ΓùÅ |ΓùÅ |
-| Large group support - groups with up to 50,000 members |ΓùÅ |ΓùÅ |
+| Groups with up to 50,000 members |ΓùÅ |ΓùÅ |
+| Large groups with up to 250,000 members |ΓùÅ | |
| Cross domain references|ΓùÅ | | | On-demand provisioning| |ΓùÅ |
active-directory Faq https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/external-identities/faq.md
These frequently asked questions (FAQs) about Azure Active Directory (Azure AD) business-to-business (B2B) collaboration are periodically updated to include new topics. > [!IMPORTANT]
-> - **Starting January 4, 2021**, Google is [deprecating WebView sign-in support](https://developers.googleblog.com/2020/08/guidance-for-our-effort-to-block-less-secure-browser-and-apps.html). If youΓÇÖre using Google federation or self-service sign-up with Gmail, you should [test your line-of-business native applications for compatibility](google-federation.md#deprecation-of-webview-sign-in-support).
+> - **Starting in the second half of 2021**, Google is [deprecating web-view sign-in support](https://developers.googleblog.com/2016/08/modernizing-oauth-interactions-in-native-apps.html). If youΓÇÖre using Google federation for B2B invitations or [Azure AD B2C](../../active-directory-b2c/identity-provider-google.md), or if you're using self-service sign-up with Gmail, Google Gmail users won't be able to sign in if your apps authenticate users with an embedded web-view. [Learn more](google-federation.md#deprecation-of-web-view-sign-in-support).
> - **Starting October 2021**, Microsoft will no longer support the redemption of invitations by creating unmanaged Azure AD accounts and tenants for B2B collaboration scenarios. In preparation, we encourage customers to opt into [email one-time passcode authentication](one-time-passcode.md). We welcome your feedback on this public preview feature and are excited to create even more ways to collaborate. ### Can we customize our sign-in page so it's more intuitive for our B2B collaboration guest users?
active-directory Google Federation https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/external-identities/google-federation.md
Previously updated : 04/06/2021 Last updated : 04/30/2021
After you've added Google as one of your application's sign-in options, on the *
> Google federation is designed specifically for Gmail users. To federate with G Suite domains, use [direct federation](direct-federation.md). > [!IMPORTANT]
-> **Starting January 4, 2021**, Google is [deprecating WebView sign-in support](https://developers.googleblog.com/2020/08/guidance-for-our-effort-to-block-less-secure-browser-and-apps.html). If youΓÇÖre using Google federation or self-service sign-up with Gmail, you should [test your line-of-business native applications for compatibility](google-federation.md#deprecation-of-webview-sign-in-support).
+> **Starting in the second half of 2021**, Google is [deprecating web-view sign-in support](https://developers.googleblog.com/2016/08/modernizing-oauth-interactions-in-native-apps.html). If youΓÇÖre using Google federation for B2B invitations or [Azure AD B2C](../../active-directory-b2c/identity-provider-google.md), or if you're using self-service sign-up with Gmail, Google Gmail users won't be able to sign in if your apps authenticate users with an embedded web-view. [Learn more](#deprecation-of-web-view-sign-in-support).
## What is the experience for the Google user?
Google guest users can also use application endpoints that include your tenant i
You can also give Google guest users a direct link to an application or resource by including your tenant information, for example `https://myapps.microsoft.com/signin/Twitter/<application ID?tenantId=<your tenant ID>`.
-## Deprecation of WebView sign-in support
+## Deprecation of web-view sign-in support
-Starting January 4, 2021, Google is [deprecating embedded WebView sign-in support](https://developers.googleblog.com/2020/08/guidance-for-our-effort-to-block-less-secure-browser-and-apps.html). If youΓÇÖre using Google federation or [self-service sign-up with Gmail](identity-providers.md), you should test your line-of-business native applications for compatibility. If your apps include WebView content that requires authentication, Google Gmail users won't be able to authenticate. The following are known scenarios that will impact Gmail users:
+Starting in the second half of 2021, Google is [deprecating embedded web-view sign-in support](https://developers.googleblog.com/2016/08/modernizing-oauth-interactions-in-native-apps.html). If youΓÇÖre using Google federation for B2B or [Azure AD B2C](../../active-directory-b2c/identity-provider-google.md), or if you're using [self-service sign-up with Gmail](identity-providers.md), if your apps authenticate users with an embedded web-view, Google Gmail users won't be able to authenticate.
-- Windows apps that use embedded WebView or the WebAccountManager (WAM) on older versions of Windows.-- Other native apps youΓÇÖve developed that use an embedded browser framework for authentication.
+The following are known scenarios that will impact Gmail users:
+- Windows apps that use the [WebView](https://docs.microsoft.com/windows/communitytoolkit/controls/wpf-winforms/webview) control, [WebView2](https://docs.microsoft.com/microsoft-edge/webview2/), or the older WebBrowser control, for authentication. These apps should migrate to using the Web Account Manager (WAM) flow.
+- Android applications using the WebView UI element
+- iOS applications using UIWebView/WKWebview
+- Apps using ADAL
This change does not affect: -- Windows apps that use embedded WebView or the WebAccountManager (WAM) on the latest versions of Windows-- Microsoft iOS apps
+- Microsoft apps on Windows
+- Web apps
+- Mobile apps using system web-views for authentication ([SFSafariViewController](https://developer.apple.com/documentation/safariservices/sfsafariviewcontroller) on iOS, [Custom Tabs](https://developer.chrome.com/docs/android/custom-tabs/overview/) on Android).
- G Suite identities, for example when youΓÇÖre using SAML-based [direct federation](direct-federation.md) with G Suite
-WeΓÇÖre continuing to test various platforms and scenarios, and will update this article accordingly.
-### To test your apps for compatibility
+WeΓÇÖre confirming with Google whether this change affects the following:
+- Windows apps that use the Web Account Manager (WAM) or Web Authentication Broker (WAB).
-1. Follow [GoogleΓÇÖs guidance](https://developers.googleblog.com/2020/08/guidance-for-our-effort-to-block-less-secure-browser-and-apps.html) to determine if your apps are affected.
-2. Using Fiddler or another testing tool, inject a header during sign-in and use a Google external identity to test sign-in:
+WeΓÇÖre continuing to test various platforms and scenarios, and will update this article accordingly.
+### Action needed for embedded web-views
+Modify your apps to use the system browser for sign-in. For details, see [Embedded vs System Web UI](https://docs.microsoft.com/azure/active-directory/develop/msal-net-web-browsers#embedded-vs-system-web-ui) in the MSAL.NET documentation. All MSAL SDKs use the system web-view by default.
+### What to expect
+Before Google puts these changes into place in the second half of 2021, Microsoft will deploy a workaround for apps still using embedded web-views to ensure that authentication isn't blocked.
- 1. Add Google-Accounts-Check-OAuth-Login:true to your HTTP request headers when the requests are sent to accounts.google.com.
- 1. Attempt to sign in to the app by entering a Gmail address in the accounts.google.com sign-in page.
- 1. If sign-in fails and you see an error such as ΓÇ£This browser or app may not be secure,ΓÇ¥ your Google external identities will be blocked from signing in.
+Applications that are migrated to an allowed web-view for authentication won't be affected, and users will be allowed to authenticate via Google as usual.
-3. Resolve the issue by doing one of the following:
+We will update this document as dates and further details are shared by Google.
- - If your Windows app uses embedded WebView or the WebAccountManager (WAM) on an older version of Windows, update to the latest version of Windows.
- - Modify your apps to use the system browser for sign-in. For details, see [Embedded vs System Web UI](../develop/msal-net-web-browsers.md#embedded-vs-system-web-ui) in the MSAL.NET documentation.
+### Distinguishing between CEF/Electron and embedded web-views
+In addition to the [deprecation of embedded web-view and framework sign-in support](#deprecation-of-web-view-sign-in-support), Google is also [deprecating Chromium Embedded Framework (CEF) based Gmail authentication](https://developers.googleblog.com/2020/08/guidance-for-our-effort-to-block-less-secure-browser-and-apps.html). For applications built on CEF, such as Electron apps, Google will disable authentication on June 30, 2021. Impacted applications have received notice from Google directly, and are not covered in this documentation. This document pertains to the embedded web-views described above, which Google will restrict at a separate date later in 2021.
+### Action needed for embedded frameworks
+Follow [GoogleΓÇÖs guidance](https://developers.googleblog.com/2016/08/modernizing-oauth-interactions-in-native-apps.html) to determine if your apps are affected.
## Step 1: Configure a Google developer project First, create a new project in the Google Developers Console to obtain a client ID and a client secret that you can later add to Azure Active Directory (Azure AD).
You can delete your Google federation setup. If you do so, Google guest users wh
`Remove-AzureADMSIdentityProvider -Id Google-OAUTH` > [!NOTE]
- > For more information, see [Remove-AzureADMSIdentityProvider](/powershell/module/azuread/Remove-AzureADMSIdentityProvider?view=azureadps-2.0-preview&preserve-view=true).
+ > For more information, see [Remove-AzureADMSIdentityProvider](/powershell/module/azuread/Remove-AzureADMSIdentityProvider?view=azureadps-2.0-preview&preserve-view=true).
active-directory Identity Providers https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/external-identities/identity-providers.md
In addition to Azure AD accounts, External Identities offers a variety of identi
- **Google**: Google federation allows external users to redeem invitations from you by signing in to your apps with their own Gmail accounts. Google federation can also be used in your self-service sign-up user flows. See how to [add Google as an identity provider](google-federation.md). > [!IMPORTANT]
- > **Starting January 4, 2021**, Google is [deprecating WebView sign-in support](https://developers.googleblog.com/2020/08/guidance-for-our-effort-to-block-less-secure-browser-and-apps.html). If youΓÇÖre using Google federation or self-service sign-up with Gmail, you should [test your line-of-business native applications for compatibility](google-federation.md#deprecation-of-webview-sign-in-support).
+ > **Starting in the second half of 2021**, Google is [deprecating web-view sign-in support](https://developers.googleblog.com/2016/08/modernizing-oauth-interactions-in-native-apps.html). If youΓÇÖre using Google federation for B2B invitations or [Azure AD B2C](../../active-directory-b2c/identity-provider-google.md), or if you're using self-service sign-up with Gmail, Google Gmail users won't be able to sign in if your apps authenticate users with an embedded web-view. [Learn more](google-federation.md#deprecation-of-web-view-sign-in-support).
- **Facebook**: When building an app, you can configure self-service sign-up and enable Facebook federation so that users can sign up for your app using their own Facebook accounts. Facebook can only be used for self-service sign-up user flows and isn't available as a sign-in option when users are redeeming invitations from you. See how to [add Facebook as an identity provider](facebook-federation.md).
active-directory Redemption Experience https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/external-identities/redemption-experience.md
This article describes the ways guest users can access your resources and the co
When you add a guest user to your directory, the guest user account has a consent status (viewable in PowerShell) thatΓÇÖs initially set to **PendingAcceptance**. This setting remains until the guest accepts your invitation and agrees to your privacy policy and terms of use. After that, the consent status changes to **Accepted**, and the consent pages are no longer presented to the guest. > [!IMPORTANT]
- > - **Starting January 4, 2021**, Google is [deprecating WebView sign-in support](https://developers.googleblog.com/2020/08/guidance-for-our-effort-to-block-less-secure-browser-and-apps.html). If youΓÇÖre using Google federation or self-service sign-up with Gmail, you should [test your line-of-business native applications for compatibility](google-federation.md#deprecation-of-webview-sign-in-support).
+ > - **Starting in the second half of 2021**, Google is [deprecating web-view sign-in support](https://developers.googleblog.com/2016/08/modernizing-oauth-interactions-in-native-apps.html). If youΓÇÖre using Google federation for B2B invitations or [Azure AD B2C](../../active-directory-b2c/identity-provider-google.md), or if you're using self-service sign-up with Gmail, Google Gmail users won't be able to sign in if your apps authenticate users with an embedded web-view. [Learn more](google-federation.md#deprecation-of-web-view-sign-in-support).
> - **Starting October 2021**, Microsoft will no longer support the redemption of invitations by creating unmanaged Azure AD accounts and tenants for B2B collaboration scenarios. In preparation, we encourage customers to opt into [email one-time passcode authentication](one-time-passcode.md). We welcome your feedback on this public preview feature and are excited to create even more ways to collaborate. ## Redemption and sign-in through a common endpoint
active-directory Self Service Sign Up Add Api Connector https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/external-identities/self-service-sign-up-add-api-connector.md
To use an [API connector](api-connectors-overview.md), you first create the API connector and then enable it in a user flow. > [!IMPORTANT]
->**Starting January 4, 2021**, Google is [deprecating WebView sign-in support](https://developers.googleblog.com/2020/08/guidance-for-our-effort-to-block-less-secure-browser-and-apps.html). If youΓÇÖre using Google federation or self-service sign-up with Gmail, you should [test your line-of-business native applications for compatibility](google-federation.md#deprecation-of-webview-sign-in-support).
+> **Starting in the second half of 2021**, Google is [deprecating web-view sign-in support](https://developers.googleblog.com/2016/08/modernizing-oauth-interactions-in-native-apps.html). If youΓÇÖre using Google federation for B2B invitations or [Azure AD B2C](../../active-directory-b2c/identity-provider-google.md), or if you're using self-service sign-up with Gmail, Google Gmail users won't be able to sign in if your apps authenticate users with an embedded web-view. [Learn more](google-federation.md#deprecation-of-web-view-sign-in-support).
## Create an API connector
active-directory Self Service Sign Up Add Approvals https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/external-identities/self-service-sign-up-add-approvals.md
This article gives an example of how to integrate with an approval system. In th
- Trigger a manual review. If the request is approved, the approval system uses Microsoft Graph to provision the user account. The approval system can also notify the user that their account has been created. > [!IMPORTANT]
->**Starting January 4, 2021**, Google is [deprecating WebView sign-in support](https://developers.googleblog.com/2020/08/guidance-for-our-effort-to-block-less-secure-browser-and-apps.html). If youΓÇÖre using Google federation or self-service sign-up with Gmail, you should [test your line-of-business native applications for compatibility](google-federation.md#deprecation-of-webview-sign-in-support).
+> **Starting in the second half of 2021**, Google is [deprecating web-view sign-in support](https://developers.googleblog.com/2016/08/modernizing-oauth-interactions-in-native-apps.html). If youΓÇÖre using Google federation for B2B invitations or [Azure AD B2C](../../active-directory-b2c/identity-provider-google.md), or if you're using self-service sign-up with Gmail, Google Gmail users won't be able to sign in if your apps authenticate users with an embedded web-view. [Learn more](google-federation.md#deprecation-of-web-view-sign-in-support).
## Register an application for your approval system
active-directory Troubleshoot https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/external-identities/troubleshoot.md
Here are some remedies for common problems with Azure Active Directory (Azure AD) B2B collaboration. > [!IMPORTANT]
- > - **Starting January 4, 2021**, Google is [deprecating WebView sign-in support](https://developers.googleblog.com/2020/08/guidance-for-our-effort-to-block-less-secure-browser-and-apps.html). If youΓÇÖre using Google federation or self-service sign-up with Gmail, you should [test your line-of-business native applications for compatibility](google-federation.md#deprecation-of-webview-sign-in-support).
+ > - **Starting in the second half of 2021**, Google is [deprecating web-view sign-in support](https://developers.googleblog.com/2016/08/modernizing-oauth-interactions-in-native-apps.html). If youΓÇÖre using Google federation for B2B invitations or [Azure AD B2C](../../active-directory-b2c/identity-provider-google.md), or if you're using self-service sign-up with Gmail, Google Gmail users won't be able to sign in if your apps authenticate users with an embedded web-view. [Learn more](google-federation.md#deprecation-of-web-view-sign-in-support).
> - **Starting October 2021**, Microsoft will no longer support the redemption of invitations by creating unmanaged Azure AD accounts and tenants for B2B collaboration scenarios. In preparation, we encourage customers to opt into [email one-time passcode authentication](one-time-passcode.md). We welcome your feedback on this public preview feature and are excited to create even more ways to collaborate. ## IΓÇÖve added an external user but do not see them in my Global Address Book or in the people picker
active-directory What Is B2b https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/external-identities/what-is-b2b.md
Azure Active Directory (Azure AD) business-to-business (B2B) collaboration is a feature within External Identities that lets you invite guest users to collaborate with your organization. With B2B collaboration, you can securely share your company's applications and services with guest users from any other organization, while maintaining control over your own corporate data. Work safely and securely with external partners, large or small, even if they don't have Azure AD or an IT department. A simple invitation and redemption process lets partners use their own credentials to access your company's resources. Developers can use Azure AD business-to-business APIs to customize the invitation process or write applications like self-service sign-up portals. For licensing and pricing information related to guest users, refer to [Azure Active Directory pricing](https://azure.microsoft.com/pricing/details/active-directory/). > [!IMPORTANT]
-> - **Starting January 4, 2021**, Google is [deprecating WebView sign-in support](https://developers.googleblog.com/2020/08/guidance-for-our-effort-to-block-less-secure-browser-and-apps.html). If youΓÇÖre using Google federation or self-service sign-up with Gmail, you should [test your line-of-business native applications for compatibility](google-federation.md#deprecation-of-webview-sign-in-support).
+> - **Starting in the second half of 2021**, Google is [deprecating web-view sign-in support](https://developers.googleblog.com/2016/08/modernizing-oauth-interactions-in-native-apps.html). If youΓÇÖre using Google federation for B2B invitations or [Azure AD B2C](../../active-directory-b2c/identity-provider-google.md), or if you're using self-service sign-up with Gmail, Google Gmail users won't be able to sign in if your apps authenticate users with an embedded web-view. [Learn more](google-federation.md#deprecation-of-web-view-sign-in-support).
> - **Starting October 2021**, Microsoft will no longer support the redemption of invitations by creating unmanaged Azure AD accounts and tenants for B2B collaboration scenarios. In preparation, we encourage customers to opt into [email one-time passcode authentication](one-time-passcode.md). We welcome your feedback on this public preview feature and are excited to create even more ways to collaborate. ## Collaborate with any partner using their identities
active-directory Application Management Certs Faq https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/manage-apps/application-management-certs-faq.md
To replace certificates for Azure AD Application Proxy applications, see [PowerS
## How do I manage certificates for custom domains in Azure AD Application Proxy?
-To configure an on-premises app to use a custom domain, you need a verified Azure Active Directory custom domain, a PFX certificate for the custom domain, and an on-premises app to configure. To learn more, see [Custom domains in Azure AD Application Proxy](application-proxy-configure-custom-domain.md).
+To configure an on-premises app to use a custom domain, you need a verified Azure Active Directory custom domain, a PFX certificate for the custom domain, and an on-premises app to configure. To learn more, see [Custom domains in Azure AD Application Proxy](../app-proxy/application-proxy-configure-custom-domain.md).
## I need to update the token signing certificate on the application side. Where can I get it on Azure AD side?
active-directory Application Management Fundamentals https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/manage-apps/application-management-fundamentals.md
This article contains recommendations and best practices for managing applicatio
| Recommendation | Comments | | | | | Use Application Proxy for remote access to internal resources | Application Proxy is recommended for giving remote users access to internal resources, replacing the need for a VPN or reverse proxy. It is not intended for accessing resources from within the corporate network because it could add latency.
-| Use custom domains | Set up custom domains for your applications (see [Configure custom domains](application-proxy-configure-custom-domain.md)) so that URLs for users and between applications will work from either inside or outside of your network. You'll also be able to control your branding and customize your URLs. When using custom domain names, plan to acquire a public certificate from a non-Microsoft trusted certificate authority. Azure Application Proxy supports standard, ([wildcard](application-proxy-wildcard.md)), or SAN-based certificates. (See [Application Proxy planning](application-proxy-deployment-plan.md).) |
-| Synchronize users before deploying Application Proxy | Before deploying application proxy, synchronize user identities from an on-premises directory or create them directly in Azure AD. Identity synchronization allows Azure AD to pre-authenticate users before granting them access to App Proxy published applications. It also provides the necessary user identifier information to perform single sign-on (SSO). (See [Application Proxy planning](application-proxy-deployment-plan.md).) |
-| Follow our tips for high availability and load balancing | To learn how traffic flows among users, Application Proxy connectors, and back-end app servers, and to get tips for optimizing performance and load balancing, see [High availability and load balancing of your Application Proxy connectors and applications](application-proxy-high-availability-load-balancing.md). |
-| Use multiple connectors | Use two or more Application Proxy connectors for greater resiliency, availability, and scale (see [Application Proxy connectors](application-proxy-connectors.md)). Create connector groups and ensure each connector group has at least two connectors (three connectors is optimal). |
+| Use custom domains | Set up custom domains for your applications (see [Configure custom domains](../app-proxy/application-proxy-configure-custom-domain.md)) so that URLs for users and between applications will work from either inside or outside of your network. You'll also be able to control your branding and customize your URLs. When using custom domain names, plan to acquire a public certificate from a non-Microsoft trusted certificate authority. Azure Application Proxy supports standard, ([wildcard](../app-proxy/application-proxy-wildcard.md)), or SAN-based certificates. (See [Application Proxy planning](../app-proxy/application-proxy-deployment-plan.md).) |
+| Synchronize users before deploying Application Proxy | Before deploying application proxy, synchronize user identities from an on-premises directory or create them directly in Azure AD. Identity synchronization allows Azure AD to pre-authenticate users before granting them access to App Proxy published applications. It also provides the necessary user identifier information to perform single sign-on (SSO). (See [Application Proxy planning](../app-proxy/application-proxy-deployment-plan.md).) |
+| Follow our tips for high availability and load balancing | To learn how traffic flows among users, Application Proxy connectors, and back-end app servers, and to get tips for optimizing performance and load balancing, see [High availability and load balancing of your Application Proxy connectors and applications](../app-proxy/application-proxy-high-availability-load-balancing.md). |
+| Use multiple connectors | Use two or more Application Proxy connectors for greater resiliency, availability, and scale (see [Application Proxy connectors](../app-proxy/application-proxy-connectors.md)). Create connector groups and ensure each connector group has at least two connectors (three connectors is optimal). |
| Locate connector servers close to application servers, and make sure they're in the same domain | To optimize performance, physically locate the connector server close to the application servers (see [Network topology considerations](../app-proxy/application-proxy-network-topology.md)). Also, the connector server and web applications servers should belong to the same Active Directory domain, or they should span trusting domains. This configuration is required for SSO with Integrated Windows Authentication (IWA) and Kerberos Constrained Delegation (KCD). If the servers are in different domains, you'll need to use resource-based delegation for SSO (see [KCD for single sign-on with Application Proxy](../app-proxy/application-proxy-configure-single-sign-on-with-kcd.md)). |
-| Enable auto-updates for connectors | Enable auto-updates for your connectors for the latest features and bug fixes. Microsoft provides direct support for the latest connector version and one version before. (See [Application Proxy release version history](application-proxy-release-version-history.md).) |
-| Bypass your on-premises proxy | For easier maintenance, configure the connector to bypass your on-premises proxy so it directly connects to the Azure services. (See [Application Proxy connectors and proxy servers](application-proxy-configure-connectors-with-proxy-servers.md).) |
-| Use Azure AD Application Proxy over Web Application Proxy | Use Azure AD Application Proxy for most on-premises scenarios. Web Application Proxy is only preferred in scenarios that require a proxy server for AD FS and where you can't use custom domains in Azure Active Directory. (See [Application Proxy migration](application-proxy-migration.md).) |
+| Enable auto-updates for connectors | Enable auto-updates for your connectors for the latest features and bug fixes. Microsoft provides direct support for the latest connector version and one version before. (See [Application Proxy release version history](../app-proxy/application-proxy-release-version-history.md).) |
+| Bypass your on-premises proxy | For easier maintenance, configure the connector to bypass your on-premises proxy so it directly connects to the Azure services. (See [Application Proxy connectors and proxy servers](../app-proxy/application-proxy-configure-connectors-with-proxy-servers.md).) |
+| Use Azure AD Application Proxy over Web Application Proxy | Use Azure AD Application Proxy for most on-premises scenarios. Web Application Proxy is only preferred in scenarios that require a proxy server for AD FS and where you can't use custom domains in Azure Active Directory. (See [Application Proxy migration](../app-proxy/application-proxy-migration.md).) |
active-directory Common Scenarios https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/manage-apps/common-scenarios.md
Identity can only be your control plane if it can connect everything across clou
|Feature |Description|Recommendation | ||||
-|Application Proxy|Employees today want to be productive at any place, at any time, and from any device. They need to access SaaS apps in the cloud and corporate apps on-premises. Azure AD Application proxy enables this robust access without costly and complex virtual private networks (VPNs) or demilitarized zones (DMZs).|Setup [remote access](./application-proxy.md) for your on-prem apps. |
+|Application Proxy|Employees today want to be productive at any place, at any time, and from any device. They need to access SaaS apps in the cloud and corporate apps on-premises. Azure AD Application proxy enables this robust access without costly and complex virtual private networks (VPNs) or demilitarized zones (DMZs).|Setup [remote access](../app-proxy/application-proxy.md) for your on-prem apps. |
|F5, Akamai, Zscaler|Using your existing networking and delivery controller, you can easily protect legacy applications that are still critical to your business processes but that you couldn't protect before with Azure AD. It's likely you already have everything you need to start protecting these applications.| Using Akamai, Citrix, F5, or Zscaler? Check out our [pre-built solutions](./secure-hybrid-access.md). | ## Related articles
active-directory Manage Self Service Access https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/manage-apps/manage-self-service-access.md
# How to configure self-service application assignment
-Before your users can self-discover applications from their My Apps, you need to enable **Self-service application access** to any applications that you wish to allow users to self-discover and request access to. This functionality is available for applications that were added from the [Azure AD Gallery](./add-application-portal.md), [Azure AD Application Proxy](./application-proxy.md) or were added via [user or admin consent](../develop/application-consent-experience.md).
+Before your users can self-discover applications from their My Apps, you need to enable **Self-service application access** to any applications that you wish to allow users to self-discover and request access to. This functionality is available for applications that were added from the [Azure AD Gallery](./add-application-portal.md), [Azure AD Application Proxy](../app-proxy/application-proxy.md) or were added via [user or admin consent](../develop/application-consent-experience.md).
This feature is a great way for you to save time and money as an IT group, and is highly recommended as part of a modern applications deployment with Azure Active Directory.
active-directory Migrate Adfs Apps To Azure https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/manage-apps/migrate-adfs-apps-to-azure.md
Your applications may use modern or legacy protocols for authentication. When yo
For more information, see:
-* [Using Azure AD Application Proxy to publish on-premises apps for remote users](what-is-application-proxy.md).
+* [Using Azure AD Application Proxy to publish on-premises apps for remote users](../app-proxy/what-is-application-proxy.md).
* [What is application management?](what-is-application-management.md) * [AD FS application activity report to migrate applications to Azure AD](migrate-adfs-application-activity.md). * [Monitor AD FS using Azure AD Connect Health](../hybrid/how-to-connect-health-adfs.md).
If your users sign in to SaaS apps such as Salesforce, ServiceNow, or Workday, a
Most SaaS applications can be configured in Azure AD. Microsoft has many preconfigured connections to SaaS apps in the [Azure AD app gallery](https://azuremarketplace.microsoft.com/marketplace/apps/category/azure-active-directory-apps), which makes your transition easier. SAML 2.0 applications can be integrated with Azure AD via the Azure AD app gallery or as [non-gallery applications](add-application-portal.md).
-Apps that use OAuth 2.0 or OpenID Connect can be similarly integrated with Azure AD as [app registrations](../develop/quickstart-register-app.md). Apps that use legacy protocols can use [Azure AD Application Proxy](application-proxy.md) to authenticate with Azure AD.
+Apps that use OAuth 2.0 or OpenID Connect can be similarly integrated with Azure AD as [app registrations](../develop/quickstart-register-app.md). Apps that use legacy protocols can use [Azure AD Application Proxy](../app-proxy/application-proxy.md) to authenticate with Azure AD.
For any issues with onboarding your SaaS apps, you can contact the [SaaS Application Integration support alias](mailto:SaaSApplicationIntegrations@service.microsoft.com).
Depending on how you configure your app, verify that SSO works properly.
| OAuth / OpenID Connect| Select **Enterprise applications > Permissions** and ensure you have consented to the application in the user settings for your app.| | SAML-based SSO | Use the [Test SAML Settings](debug-saml-sso-issues.md) button found under **Single Sign-On**. | | Password-Based SSO | Download and install the [MyApps Secure Sign](../user-help/my-apps-portal-end-user-access.md)[-](../user-help/my-apps-portal-end-user-access.md)[in Extension](../user-help/my-apps-portal-end-user-access.md). This extension helps you start any of your organization's cloud apps that require you to use an SSO process. |
-| Application Proxy | Ensure your connector is running and assigned to your application. Visit the [Application Proxy troubleshooting guide](application-proxy-troubleshoot.md) for further assistance. |
+| Application Proxy | Ensure your connector is running and assigned to your application. Visit the [Application Proxy troubleshooting guide](../app-proxy/application-proxy-troubleshoot.md) for further assistance. |
> [!NOTE] > Cookies from the old AD FS environment persist on the user machines. These cookies might cause problems with the migration, as users could be directed to the old AD FS login environment versus the new Azure AD login. You may need to clear the user browser cookies manually or using a script. You can also use the System Center Configuration Manager or a similar platform.
active-directory Migrate Application Authentication To Azure Active Directory https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/manage-apps/migrate-application-authentication-to-azure-active-directory.md
Your organization may have multiple Identity Access Management (IAM) solutions i
**With Azure AD, you can reduce infrastructure costs by:** -- Providing secure remote access to on-premises apps using [Azure AD Application Proxy](./application-proxy.md).
+- Providing secure remote access to on-premises apps using [Azure AD Application Proxy](../app-proxy/application-proxy.md).
- Decoupling apps from the on-prem credential approach in your tenant by [setting up Azure AD as the trusted universal identity provider](../hybrid/plan-connect-user-signin.md#choosing-the-user-sign-in-method-for-your-organization).
For certain apps using legacy authentication protocols, sometimes modernizing th
Azure AD can bring great benefits to these legacy apps, as you can enable modern Azure AD security and governance features like [Multi-Factor Authentication](../authentication/concept-mfa-howitworks.md), [Conditional Access](../conditional-access/overview.md), [Identity Protection](../identity-protection/index.yml), [Delegated Application Access](./access-panel-manage-self-service-access.md), and [Access Reviews](../governance/manage-user-access-with-access-reviews.md#create-and-perform-an-access-review) against these apps without touching the app at all!
-Start by **extending these apps into the cloud** with Azure AD [Application Proxy](./application-proxy-configure-single-sign-on-password-vaulting.md) using simple means of authentication (like Password Vaulting) to get your users migrated quickly, or via our [partner integrations](https://azure.microsoft.com/services/active-directory/sso/secure-hybrid-access/) with application delivery controllers you might have deployed already.
+Start by **extending these apps into the cloud** with Azure AD [Application Proxy](../app-proxy/application-proxy-configure-single-sign-on-password-vaulting.md) using simple means of authentication (like Password Vaulting) to get your users migrated quickly, or via our [partner integrations](https://azure.microsoft.com/services/active-directory/sso/secure-hybrid-access/) with application delivery controllers you might have deployed already.
### New Line of Business (LoB) apps
Use the tools and guidance below to follow the precise steps needed to migrate y
- **SaaS applications** ΓÇô See our list of [hundreds of SaaS app tutorials](../saas-apps/tutorial-list.md) and the complete [Azure AD SSO deployment plan](https://aka.ms/ssodeploymentplan) to walk through the end-to-end process. -- **Applications running on-premises** ΓÇô Learn all [about the Azure AD Application Proxy](./application-proxy.md) and use the complete [Azure AD Application Proxy deployment plan](https://aka.ms/AppProxyDPDownload) to get going quickly.
+- **Applications running on-premises** ΓÇô Learn all [about the Azure AD Application Proxy](../app-proxy/application-proxy.md) and use the complete [Azure AD Application Proxy deployment plan](https://aka.ms/AppProxyDPDownload) to get going quickly.
- **Apps youΓÇÖre developing** ΓÇô Read our step-by-step [integration](../develop/quickstart-register-app.md) and [registration](../develop/quickstart-register-app.md) guidance.
Depending on how you configure your app, verify that SSO works properly.
| **SAML-based SSO** | Use the [Test SAML Settings](./debug-saml-sso-issues.md) button found under **Single Sign-On.** | | **Password-Based SSO** | Download and install the [MyApps Secure Sign-in Extension](../user-help/my-apps-portal-end-user-access.md#download-and-install-the-my-apps-secure-sign-in-extension). This extension helps you start any of your organization's cloud apps that require you to use an SSO process. |
-| **[Application Proxy](./application-proxy.md)** | Ensure your connector is running and assigned to your application. Visit the [Application Proxy troubleshooting guide](./application-proxy-troubleshoot.md) for further assistance. |
+| **[Application Proxy](../app-proxy/application-proxy.md)** | Ensure your connector is running and assigned to your application. Visit the [Application Proxy troubleshooting guide](../app-proxy/application-proxy-troubleshoot.md) for further assistance. |
### Troubleshoot
Once you have migrated the apps, you can enrich your userΓÇÖs experience in many
**Make apps discoverable**
-**Point your user** to the [MyApps](../user-help/my-apps-portal-end-user-access.md#download-and-install-the-my-apps-secure-sign-in-extension)portal experience. Here, they can access all cloud-based apps, apps you make available by using [Azure AD Connect](../hybrid/whatis-azure-ad-connect.md), and apps using [Application Proxy](./application-proxy.md) provided they have permissions to access those apps.
+**Point your user** to the [MyApps](../user-help/my-apps-portal-end-user-access.md#download-and-install-the-my-apps-secure-sign-in-extension)portal experience. Here, they can access all cloud-based apps, apps you make available by using [Azure AD Connect](../hybrid/whatis-azure-ad-connect.md), and apps using [Application Proxy](../app-proxy/application-proxy.md) provided they have permissions to access those apps.
You can guide your users on how to discover their apps:
Users can [download the MyApps Secure Sign-in Extension](https://www.microsoft.c
- **Search for their apps and have their most-recently-used apps appear** -- **Automatically convert internal URLs** that you have configured in [Application Proxy](./application-proxy.md) to the appropriate external URLs. Your users can now work with the links they are familiar with no matter where they are.
+- **Automatically convert internal URLs** that you have configured in [Application Proxy](../app-proxy/application-proxy.md) to the appropriate external URLs. Your users can now work with the links they are familiar with no matter where they are.
**Let users open their apps from Office.com.**
active-directory My Apps Deployment Plan https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/manage-apps/my-apps-deployment-plan.md
The extension allows users to launch any app from its search bar, finding access
#### Plan for mobile access
-For applications that use password-based SSO or accessed by using [Microsoft Azure AD Application Proxy](../manage-apps/application-proxy.md), you must use Microsoft Edge mobile. For other applications, any mobile browser can be used.
+For applications that use password-based SSO or accessed by using [Microsoft Azure AD Application Proxy](../app-proxy/application-proxy.md), you must use Microsoft Edge mobile. For other applications, any mobile browser can be used.
### Linked SSO
You can use [Privileged Identity Management](../privileged-identity-management/p
[Plan a deployment of Azure AD Multi-Factor Authentication](../authentication/howto-mfa-getstarted.md)
-[Plan an Application Proxy deployment](application-proxy-deployment-plan.md)
+[Plan an Application Proxy deployment](../app-proxy/application-proxy-deployment-plan.md)
active-directory Sso Options https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/manage-apps/sso-options.md
To configure a SaaS application for SAML-based single sign-on, see [Configure SA
To configure an application for WS-Federation, follow the same guidance to configure application for SAML-based single sign-on. In the step to configure the application to use Azure AD, you will need to replace the Azure AD login URL for the WS-Federation end-point `https://login.microsoftonline.com/<tenant-ID>/wsfed`.
-To configure an on-premises application for SAML-based single sign-on, see [SAML single-sign-on for on-premises applications with Application Proxy](application-proxy-configure-single-sign-on-on-premises-apps.md).
+To configure an on-premises application for SAML-based single sign-on, see [SAML single-sign-on for on-premises applications with Application Proxy](../app-proxy/application-proxy-configure-single-sign-on-on-premises-apps.md).
For more information about the SAML protocol, see [Single sign-on SAML protocol](../develop/single-sign-on-saml-protocol.md).
With password-based sign-on, users sign on to the application with a username an
Password-based single sign-on uses the existing authentication process provided by the application. When you enable password single sign-on for an application, Azure AD collects and securely stores user names and passwords for the application. User credentials are stored in an encrypted state in the directory.
-Additionaly, Administrator can enable Azure AD conditional access policies or multi-factor authentication for password-based SSO.
+Additionally, Administrator can enable Azure AD conditional access policies or multi-factor authentication for password-based SSO.
Choose password-based single sign-on when:
Password-based single sign-on is supported for any cloud-based application that
To configure a cloud application for password-based single sign-on, see [Configure password single sign-on](configure-password-single-sign-on-non-gallery-applications.md).
-To configure an on-premises application for single sign-on through Application Proxy, see [Password vaulting for single sign-on with Application Proxy](application-proxy-configure-single-sign-on-password-vaulting.md)
+To configure an on-premises application for single sign-on through Application Proxy, see [Password vaulting for single sign-on with Application Proxy](../app-proxy/application-proxy-configure-single-sign-on-password-vaulting.md)
### How authentication works for password-based SSO
Note that if you have configured the application for SP-initiated SAML based sin
## Integrated Windows Authentication (IWA) SSO
-[Application Proxy](application-proxy.md) provides single sign-on (SSO) to applications that use [Integrated Windows Authentication (IWA)](/aspnet/web-api/overview/security/integrated-windows-authentication), or claims-aware applications. If your application uses IWA, Application Proxy authenticates to the application by using Kerberos Constrained Delegation (KCD). For a claims-aware application that trusts Azure Active Directory, single sign-on works because the user was already authenticated by using Azure AD.
+[Application Proxy](../app-proxy/application-proxy.md) provides single sign-on (SSO) to applications that use [Integrated Windows Authentication (IWA)](/aspnet/web-api/overview/security/integrated-windows-authentication), or claims-aware applications. If your application uses IWA, Application Proxy authenticates to the application by using Kerberos Constrained Delegation (KCD). For a claims-aware application that trusts Azure Active Directory, single sign-on works because the user was already authenticated by using Azure AD.
Choose Integrated Windows Authentication single sign-on mode to provide single sign-on to an on-premises app that authenticates with IWA.
-To configure an on-premises app for IWA, see [Kerberos Constrained Delegation for single sign-on to your applications with Application Proxy](application-proxy-configure-single-sign-on-with-kcd.md).
+To configure an on-premises app for IWA, see [Kerberos Constrained Delegation for single sign-on to your applications with Application Proxy](../app-proxy/application-proxy-configure-single-sign-on-with-kcd.md).
### How single sign-on with KCD works This diagram explains the flow when a user accesses an on-premises application that uses IWA.
Header-based single sign-on works for applications that use HTTP headers for aut
Choose header-based single sign-on when Application Proxy is configured for the on-premises application.
-To learn more about header-based authentication, see [Header-based SSO](application-proxy-configure-single-sign-on-with-headers.md).
+To learn more about header-based authentication, see [Header-based SSO](../app-proxy/application-proxy-configure-single-sign-on-with-headers.md).
## Next steps * [Quickstart Series on Application Management](view-applications-portal.md) * [Plan a single sign-on deployment](plan-sso-deployment.md)
-* [Single sign-on with on-premises apps](application-proxy-config-sso-how-to.md)
+* [Single sign-on with on-premises apps](../app-proxy/application-proxy-config-sso-how-to.md)
active-directory What Is Application Management https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/manage-apps/what-is-application-management.md
You can use Azure AD as your identity system for just about any app. Many apps a
You can manually configure most apps for single sign-on if they aren't already in the gallery. Azure AD provides several SSO options. Some of the most popular are SAML-based SSO and OIDC-based SSO. To learn more about integrating apps to enable SSO, see [single sign-on options](sso-options.md).
-Does your organization use on-premises apps? You can integrate them using App Proxy. To learn more, see [Provide remote access to on-premises applications through Azure AD's Application Proxy](application-proxy.md).
+Does your organization use on-premises apps? You can integrate them using App Proxy. To learn more, see [Provide remote access to on-premises applications through Azure AD's Application Proxy](../app-proxy/application-proxy.md).
>[!TIP] >When building your own line-of-business applications, you can integrate them with Azure AD to support single sign-on. To learn more about developing apps for Azure AD, see [Microsoft identity platform](..//develop/v2-overview.md).
active-directory Whats New Docs https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/manage-apps/whats-new-docs.md
Welcome to what's new in Azure Active Directory application management documenta
- [Plan Azure Active Directory My Apps configuration](my-apps-deployment-plan.md) - [Integrating Azure Active Directory with applications getting started guide](plan-an-application-integration.md)-- [Integrate with SharePoint (SAML)](application-proxy-integrate-with-sharepoint-server-saml.md)
+- [Integrate with SharePoint (SAML)](../app-proxy/application-proxy-integrate-with-sharepoint-server-saml.md)
- [Migrate application authentication to Azure Active Directory](migrate-application-authentication-to-azure-active-directory.md) - [Use the AD FS application activity report to migrate applications to Azure AD](migrate-adfs-application-activity.md) - [Plan a single sign-on deployment](plan-sso-deployment.md) - [Azure Active Directory PowerShell examples for Application Management](app-management-powershell-samples.md)-- [Troubleshoot Kerberos constrained delegation configurations for Application Proxy](application-proxy-back-end-kerberos-constrained-delegation-how-to.md)
+- [Troubleshoot Kerberos constrained delegation configurations for Application Proxy](../app-proxy/application-proxy-back-end-kerberos-constrained-delegation-how-to.md)
- [Quickstart: Set up SAML-based single sign-on (SSO) for an application in your Azure Active Directory (Azure AD) tenant](add-application-portal-setup-sso.md) - [Azure Active Directory application management: What's new](whats-new-docs.md) - [Active Directory (Azure AD) Application Proxy frequently asked questions](../app-proxy/application-proxy-faq.yml) - [Troubleshoot problems signing in to an application from Azure AD My Apps](application-sign-in-other-problem-access-panel.md) - [Tutorial: Add an on-premises application for remote access through Application Proxy in Azure Active Directory](../app-proxy/application-proxy-add-on-premises-application.md) - [Optimize traffic flow with Azure Active Directory Application Proxy](../app-proxy/application-proxy-network-topology.md)-- [Azure AD Application Proxy: Version release history](application-proxy-release-version-history.md)
+- [Azure AD Application Proxy: Version release history](../app-proxy/application-proxy-release-version-history.md)
- [Configure Azure Active Directory sign in behavior for an application by using a Home Realm Discovery policy](configure-authentication-for-federated-users-portal.md) - [Moving application authentication from Active Directory Federation Services to Azure Active Directory](migrate-adfs-apps-to-azure.md)
Welcome to what's new in Azure Active Directory application management documenta
### New articles -- [Integrate with SharePoint (SAML)](application-proxy-integrate-with-sharepoint-server-saml.md)
+- [Integrate with SharePoint (SAML)](../app-proxy/application-proxy-integrate-with-sharepoint-server-saml.md)
- [Migrate application authentication to Azure Active Directory](migrate-application-authentication-to-azure-active-directory.md) ### Updated articles -- [Integrate with SharePoint (SAML)](application-proxy-integrate-with-sharepoint-server-saml.md)
+- [Integrate with SharePoint (SAML)](../app-proxy/application-proxy-integrate-with-sharepoint-server-saml.md)
- [Grant tenant-wide admin consent to an application](grant-admin-consent.md) - [Moving application authentication from Active Directory Federation Services to Azure Active Directory](migrate-adfs-apps-to-azure.md) - [Tutorial: Add an on-premises application for remote access through Application Proxy in Azure Active Directory](../app-proxy/application-proxy-add-on-premises-application.md)
Welcome to what's new in Azure Active Directory application management documenta
- [Plan Azure Active Directory My Apps configuration](my-apps-deployment-plan.md) ### Updated articles-- [Problem installing the Application Proxy Agent Connector](application-proxy-connector-installation-problem.md)
+- [Problem installing the Application Proxy Agent Connector](../app-proxy/application-proxy-connector-installation-problem.md)
- [Troubleshoot password-based single sign-on in Azure AD](troubleshoot-password-based-sso.md) - [Application management best practices](application-management-fundamentals.md) - [Integrating Azure Active Directory with applications getting started guide](plan-an-application-integration.md) - [What is application management?](what-is-application-management.md) - [Active Directory (Azure AD) Application Proxy frequently asked questions](../app-proxy/application-proxy-faq.yml) - [Tutorial: Add an on-premises application for remote access through Application Proxy in Azure Active Directory](../app-proxy/application-proxy-add-on-premises-application.md)-- [Work with existing on-premises proxy servers](application-proxy-configure-connectors-with-proxy-servers.md)
+- [Work with existing on-premises proxy servers](../app-proxy/application-proxy-configure-connectors-with-proxy-servers.md)
- [Develop line-of-business apps for Azure Active Directory](../develop/v2-overview.md)-- [Understand Azure AD Application Proxy connectors](application-proxy-connectors.md)
+- [Understand Azure AD Application Proxy connectors](../app-proxy/application-proxy-connectors.md)
- [Understand linked sign-on](configure-linked-sign-on.md) - [Understand password-based single sign-on](configure-password-single-sign-on-non-gallery-applications.md) - [Understand SAML-based single sign-on](configure-saml-single-sign-on.md)
Welcome to what's new in Azure Active Directory application management documenta
- [Viewing apps using your Azure AD tenant for identity management](application-types.md) - [Understand how users are assigned to apps in Azure Active Directory](ways-users-get-assigned-to-applications.md) - [Quickstart: Delete an application from your Azure Active Directory (Azure AD) tenant](delete-application-portal.md)-- [Publish Remote Desktop with Azure AD Application Proxy](application-proxy-integrate-with-remote-desktop-services.md)
+- [Publish Remote Desktop with Azure AD Application Proxy](../app-proxy/application-proxy-integrate-with-remote-desktop-services.md)
- [Take action on overprivileged or suspicious applications in Azure Active Directory](manage-application-permissions.md)
active-directory Concept Audit Logs https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/reports-monitoring/concept-audit-logs.md
na Previously updated : 04/26/2021 Last updated : 04/30/2021
To support you with this goal, the Azure Active Directory portal gives you acces
This article gives you an overview of the audit logs.
-## What can you do with it?
+## What is it?
-With the Azure AD audit logs, you get records of system activities for compliance.
+With the audit logs in Azure AD, you get access to records of system activities for compliance.
The most common views of this log are based on the following categories: - User management
The most common views of this log are based on the following categories:
- Application management
-With a user or group-centric view, you can get answers to questions such as:
+With a user-centric view, you can get answers to questions such as:
- What types of updates have been applied to users?
With a user or group-centric view, you can get answers to questions such as:
- What has an administrator done in a directory? +
+With a group-centric view, you can get answers to questions such as:
+ - What are the groups that have been added? - Are there groups with membership changes?
With a user or group-centric view, you can get answers to questions such as:
- What licenses have been assigned to a group or a user? - With an application-centric view, you can get answers to questions such as: - What applications have been added or updated?
With an application-centric view, you can get answers to questions such as:
- Who gave consent to an application?
+## What license do I need?
+
+The audit activity report is available in all editions of Azure AD.
+ ## Who can access it? To access the audit logs, you need to be in one of the following roles:
To access the audit logs, you need to be in one of the following roles:
- Global Reader - Global Administrator
-## Where can you find it in the Azure portal?
+## Where can I find it?
The Azure portal provides you with several options to access the log. For example, on the Azure Active Directory menu, you can open the log in the **Monitoring** section.
-![Open provisioning logs](./media/concept-provisioning-logs/provisioning-logs-menu.png)
+![Open audit logs](./media/concept-audit-logs/audit-logs-menu.png)
-Additionally, you can get directly get to the audit logs using this link: [https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/ProvisioningEvents](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/ProvisioningEvents)
+Additionally, you can get directly get to the audit logs using [this link](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/ProvisioningEvents).
++
+You can also access the audit log through the Microsoft Graph API.
## What is the default view?
Select an item in the list view to get more detailed information.
![select item](./media/concept-audit-logs/details.png "Select item") - ## Filtering audit logs You can filter the audit data on the following fields:
You can also choose to download the filtered data, up to 250,000 records, by sel
- ## Microsoft 365 activity logs You can view Microsoft 365 activity logs from the [Microsoft 365 admin center](/office365/admin/admin-overview/about-the-admin-center). Even though Microsoft 365 activity and Azure AD activity logs share a lot of the directory resources, only the Microsoft 365 admin center provides a full view of the Microsoft 365 activity logs.
active-directory Kpifire Provisioning Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/kpifire-provisioning-tutorial.md
+
+ Title: 'Tutorial: Configure kpifire for automatic user provisioning with Azure Active Directory | Microsoft Docs'
+description: Learn how to automatically provision and de-provision user accounts from Azure AD to kpifire.
+
+documentationcenter: ''
+
+writer: Zhchia
++
+ms.assetid: 8c5dd093-20da-4ff6-a9b2-8071f44accd6
+++
+ na
+ms.devlang: na
+ Last updated : 04/23/2021+++
+# Tutorial: Configure kpifire for automatic user provisioning
+
+This tutorial describes the steps you need to perform in both kpifire and Azure Active Directory (Azure AD) to configure automatic user provisioning. When configured, Azure AD automatically provisions and de-provisions users and groups to [kpifire](https://www.kpifire.com/) using the Azure AD Provisioning service. For important details on what this service does, how it works, and frequently asked questions, see [Automate user provisioning and deprovisioning to SaaS applications with Azure Active Directory](../app-provisioning/user-provisioning.md).
++
+## Capabilities Supported
+> [!div class="checklist"]
+> * Create users in kpifire
+> * Remove users in kpifire when they do not require access anymore
+> * Keep user attributes synchronized between Azure AD and kpifire
+> * Provision groups and group memberships in kpifire
+> * [Single sign-on](kpifire-tutorial.md) to kpifire (recommended)
+
+## Prerequisites
+
+The scenario outlined in this tutorial assumes that you already have the following prerequisites:
+
+* [An Azure AD tenant](../develop/quickstart-create-new-tenant.md)
+* A user account in Azure AD with [permission](../roles/permissions-reference.md) to configure provisioning (for example, Application Administrator, Cloud Application administrator, Application Owner, or Global Administrator).
+* A [kpifire tenant](https://www.kpifire.com/).
+* A user account in kpifire with Admin permissions.
+
+## Step 1. Plan your provisioning deployment
+
+1. Learn about [how the provisioning service works](../app-provisioning/user-provisioning.md).
+1. Determine who will be in [scope for provisioning](../app-provisioning/define-conditional-rules-for-provisioning-user-accounts.md).
+1. Determine what data to [map between Azure AD and kpifire](../app-provisioning/customize-application-attributes.md).
+
+## Step 2. Configure kpifire to support provisioning with Azure AD
+1. Sign in to https://app.kpifire.com with admin rights
+1. Navigate to **Settings->API Settings->Add New Token** to generate the SCIM token.
+
+ [ ![kpifire token generation](media/kpifire-provisioning-tutorial/kpifire-token-generation.png) ](media/kpifire-provisioning-tutorial/kpifire-token-generation.png#lightbox)
+
+1. Copy and save the SCIM token. This value will be entered in the **Secret Token** field in the Provisioning tab of your kpifire application in the Azure portal.
++
+## Step 3. Add kpifire from the Azure AD application gallery
+
+Add kpifire from the Azure AD application gallery to start managing provisioning to kpifire. If you have previously setup kpifire for SSO, you can use the same application. However it's recommended that you create a separate app when testing out the integration initially. Learn more about adding an application from the gallery [here](../manage-apps/add-application-portal.md).
+
+## Step 4. Define who will be in scope for provisioning
+
+The Azure AD provisioning service allows you to scope who will be provisioned based on assignment to the application and or based on attributes of the user / group. If you choose to scope who will be provisioned to your app based on assignment, you can use the following [steps](../manage-apps/assign-user-or-group-access-portal.md) to assign users and groups to the application. If you choose to scope who will be provisioned based solely on attributes of the user or group, you can use a scoping filter as described [here](../app-provisioning/define-conditional-rules-for-provisioning-user-accounts.md).
+
+* When assigning users and groups to kpifire, you must select a role other than **Default Access**. Users with the Default Access role are excluded from provisioning and will be marked as not effectively entitled in the provisioning logs. If the only role available on the application is the default access role, you can [update the application manifest](../develop/howto-add-app-roles-in-azure-ad-apps.md) to add more roles.
+
+* Start small. Test with a small set of users and groups before rolling out to everyone. When scope for provisioning is set to assigned users and groups, you can control this by assigning one or two users or groups to the app. When scope is set to all users and groups, you can specify an [attribute based scoping filter](../app-provisioning/define-conditional-rules-for-provisioning-user-accounts.md).
++
+## Step 5. Configure automatic user provisioning to kpifire
+
+This section guides you through the steps to configure the Azure AD provisioning service to create, update, and disable users and/or groups in kpifire app based on user and group assignments in Azure AD.
+
+### To configure automatic user provisioning for kpifire in Azure AD:
+
+1. Sign in to the [Azure portal](https://portal.azure.com). Select **Enterprise Applications**, then select **All applications**.
+
+ ![Enterprise applications blade](common/enterprise-applications.png)
+
+1. In the applications list, select **kpifire**.
+
+ ![The kpifire link in the Applications list](common/all-applications.png)
+
+1. Select the **Provisioning** tab.
+
+ ![Provisioning tab](common/provisioning.png)
+
+1. Set the **Provisioning Mode** to **Automatic**.
+
+ ![Provisioning tab automatic](common/provisioning-automatic.png)
+
+1. In the **Admin Credentials** section, enter your kpifire **Tenant URL** and **Secret token** information. Select **Test Connection** to ensure that Azure AD can connect to kpifire. If the connection fails, ensure that your kpifire account has admin permissions and try again.
+
+ ![Token](common/provisioning-testconnection-tenanturltoken.png)
+
+1. In the **Notification Email** field, enter the email address of a person or group who should receive the provisioning error notifications. Select the **Send an email notification when a failure occurs** check box.
+
+ ![Notification Email](common/provisioning-notification-email.png)
+
+1. Select **Save**.
+
+1. In the **Mappings** section, select **Synchronize Azure Active Directory Users to kpifire**.
+
+1. Review the user attributes that are synchronized from Azure AD to kpifire in the **Attribute Mapping** section. The attributes selected as **Matching** properties are used to match the user accounts in kpifire for update operations. If you change the [matching target attribute](../app-provisioning/customize-application-attributes.md), you'll need to ensure that the kpifire API supports filtering users based on that attribute. Select **Save** to commit any changes.
+
+ |Attribute|Type|Supported for filtering|
+ ||||
+ |userName|String|&check;|
+ |active|Boolean|
+ |name.givenName|String|
+ |name.familyName|String|
+ |phoneNumbers[type eq "work"].value|String|
+ |urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:department|String|
++
+1. In the **Mappings** section, select **Synchronize Azure Active Directory Groups to kpifire**.
+
+1. Review the group attributes that are synchronized from Azure AD to kpifire in the **Attribute-Mapping** section. The attributes selected as **Matching** properties are used to match the groups in kpifire for update operations. Select the **Save** button to commit any changes.
+
+ |Attribute|Type|Supported for filtering|
+ ||||
+ |displayName|String|&check;
+ |members|Reference|
+
+1. To configure scoping filters, see the instructions provided in the [Scoping filter tutorial](../app-provisioning/define-conditional-rules-for-provisioning-user-accounts.md).
+
+1. To enable the Azure AD provisioning service for kpifire, change **Provisioning Status** to **On** in the **Settings** section.
+
+ ![Provisioning Status Toggled On](common/provisioning-toggle-on.png)
+
+1. Define the users or groups that you want to provision to kpifire by selecting the desired values in **Scope** in the **Settings** section.
+
+ ![Provisioning Scope](common/provisioning-scope.png)
+
+1. When you're ready to provision, select **Save**.
+
+ ![Saving Provisioning Configuration](common/provisioning-configuration-save.png)
+
+This operation starts the initial synchronization cycle of all users and groups defined in **Scope** in the **Settings** section. The initial cycle takes longer to do than next cycles, which occur about every 40 minutes as long as the Azure AD provisioning service is running.
+
+## Step 6. Monitor your deployment
+
+After you've configured provisioning, use the following resources to monitor your deployment:
+
+* Use the [provisioning logs](../reports-monitoring/concept-provisioning-logs.md) to determine which users were provisioned successfully or unsuccessfully.
+* Check the [progress bar](../app-provisioning/application-provisioning-when-will-provisioning-finish-specific-user.md) to see the status of the provisioning cycle and how close it's to completion.
+* If the provisioning configuration seems to be in an unhealthy state, the application will go into quarantine. To learn more about quarantine states, see [Application provisioning status of quarantine](../app-provisioning/application-provisioning-quarantine-status.md).
+
+## More resources
+
+* [Managing user account provisioning for enterprise apps](../app-provisioning/configure-automatic-user-provisioning-portal.md)
+* [What is application access and single sign-on with Azure Active Directory?](../manage-apps/what-is-single-sign-on.md)
+
+## Next steps
+
+* [Learn how to review logs and get reports on provisioning activity](../app-provisioning/check-status-user-account-provisioning.md)
application-gateway Add Http Header Rewrite Rule Powershell https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/application-gateway/add-http-header-rewrite-rule-powershell.md
Last updated 04/12/2019-++ # Rewrite HTTP request and response headers with Azure Application Gateway - Azure PowerShell
set-AzApplicationGateway -ApplicationGateway $appgw
## Next steps
-To learn more about how to set up some common use cases, see [common header rewrite scenarios](./rewrite-http-headers-url.md).
+To learn more about how to set up some common use cases, see [common header rewrite scenarios](./rewrite-http-headers-url.md).
application-gateway Application Gateway Backend Health Troubleshooting https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/application-gateway/application-gateway-backend-health-troubleshooting.md
Last updated 06/09/2020-++ Troubleshoot backend health issues in Application Gateway
application-gateway Application Gateway Configure Ssl Policy Powershell https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/application-gateway/application-gateway-configure-ssl-policy-powershell.md
Last updated 11/14/2019-++ # Configure TLS policy versions and cipher suites on Application Gateway
$SetGW = Set-AzApplicationGateway -ApplicationGateway $AppGW
Visit [Application Gateway redirect overview](./redirect-overview.md) to learn how to redirect HTTP traffic to an HTTPS endpoint.
-Check out setting up listener specific SSL policies at [setting up SSL listener specific policy through Portal](./application-gateway-configure-listener-specific-ssl-policy.md)
+Check out setting up listener specific SSL policies at [setting up SSL listener specific policy through Portal](./application-gateway-configure-listener-specific-ssl-policy.md)
application-gateway Application Gateway Create Probe Ps https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/application-gateway/application-gateway-create-probe-ps.md
Last updated 07/09/2020-++ # Create a custom probe for Azure Application Gateway by using PowerShell for Azure Resource Manager
DnsSettings : {
## Next steps
-Learn to configure TLS offloading by visiting: [Configure TLS Offload](./tutorial-ssl-powershell.md)
+Learn to configure TLS offloading by visiting: [Configure TLS Offload](./tutorial-ssl-powershell.md)
application-gateway Application Gateway Diagnostics https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/application-gateway/application-gateway-diagnostics.md
Last updated 11/22/2019-++ # Back-end health and diagnostic logs for Application Gateway
application-gateway Application Gateway End To End Ssl Powershell https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/application-gateway/application-gateway-end-to-end-ssl-powershell.md
Last updated 06/09/2020-++ # Configure end to end TLS by using Application Gateway with PowerShell
DnsSettings : {
For more information about hardening the security of your web applications with Web Application Firewall through Application Gateway, see the [Web application firewall overview](../web-application-firewall/ag/ag-overview.md).
-[scenario]: ./media/application-gateway-end-to-end-SSL-powershell/scenario.png
+[scenario]: ./media/application-gateway-end-to-end-SSL-powershell/scenario.png
application-gateway Application Gateway Ilb Arm https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/application-gateway/application-gateway-ilb-arm.md
-
+ Title: Use with Internal Load Balancer - Azure Application Gateway description: This page provides instructions to create, configure, start, and delete an Azure application gateway with internal load balancer (ILB) for Azure Resource Manager
Last updated 11/13/2019-++ # Create an application gateway with an internal load balancer (ILB)
If you want to configure SSL offload, see [Configure an application gateway for
If you want more information about load balancing options in general, see: * [Azure Load Balancer](https://azure.microsoft.com/documentation/services/load-balancer/)
-* [Azure Traffic Manager](https://azure.microsoft.com/documentation/services/traffic-manager/)
+* [Azure Traffic Manager](https://azure.microsoft.com/documentation/services/traffic-manager/)
application-gateway Application Gateway Probe Overview https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/application-gateway/application-gateway-probe-overview.md
Last updated 07/09/2020-++ # Application Gateway health monitoring overview
application-gateway Application Gateway Troubleshooting 502 https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/application-gateway/application-gateway-troubleshooting-502.md
Last updated 11/16/2019-++ # Troubleshooting bad gateway errors in Application Gateway
Ensure that the instances are healthy and the application is properly configured
## Next steps
-If the preceding steps don't resolve the issue, open a [support ticket](https://azure.microsoft.com/support/options/).
+If the preceding steps don't resolve the issue, open a [support ticket](https://azure.microsoft.com/support/options/).
application-gateway Configuration Listeners https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/application-gateway/configuration-listeners.md
Last updated 09/09/2020-++ # Application Gateway listener configuration
After you create a listener, you associate it with a request-routing rule. That
## Next steps -- [Learn about request routing rules](configuration-request-routing-rules.md).
+- [Learn about request routing rules](configuration-request-routing-rules.md).
application-gateway Configure Keyvault Ps https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/application-gateway/configure-keyvault-ps.md
Last updated 05/26/2020-++ # Configure TLS termination with Key Vault certificates using Azure PowerShell
application-gateway Create Web App https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/application-gateway/create-web-app.md
Last updated 11/15/2019-++ # Configure App Service with Application Gateway using PowerShell
application-gateway Custom Error https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/application-gateway/custom-error.md
Last updated 11/16/2019-++ # Create Application Gateway custom error pages
application-gateway Mutual Authentication Powershell https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/application-gateway/mutual-authentication-powershell.md
Last updated 04/02/2021-++ # Configure mutual authentication with Application Gateway through PowerShell (Preview)
In the case that your client CA certificate has expired, you can update the cert
## Next steps -- [Manage web traffic with an application gateway using the Azure CLI](./tutorial-manage-web-traffic-cli.md)
+- [Manage web traffic with an application gateway using the Azure CLI](./tutorial-manage-web-traffic-cli.md)
application-gateway Quick Create Powershell https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/application-gateway/quick-create-powershell.md
Last updated 01/19/2021 -+ - mvc - mode-api
application-gateway Quick Create Template https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/application-gateway/quick-create-template.md
Last updated 01/20/2021 -+ - mvc - subject-armqs - mode-arm
application-gateway Redirect External Site Powershell https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/application-gateway/redirect-external-site-powershell.md
Last updated 09/24/2020-++ # Create an application gateway with external redirection using Azure PowerShell
application-gateway Redirect Http To Https Portal https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/application-gateway/redirect-http-to-https-portal.md
Last updated 11/13/2019-++ # Create an application gateway with HTTP to HTTPS redirection using the Azure portal
application-gateway Redirect Http To Https Powershell https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/application-gateway/redirect-http-to-https-powershell.md
Last updated 09/28/2020-++ # Create an application gateway with HTTP to HTTPS redirection using Azure PowerShell
application-gateway Redirect Internal Site Powershell https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/application-gateway/redirect-internal-site-powershell.md
Last updated 09/28/2020-++ # Create an application gateway with internal redirection using Azure PowerShell
application-gateway Renew Certificates https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/application-gateway/renew-certificates.md
Last updated 01/20/2021-++ # Renew Application Gateway certificates
az network application-gateway ssl-cert update \
## Next steps
-To learn how to configure TLS Offloading with Azure Application Gateway, see [Configure TLS Offload](./create-ssl-portal.md)
+To learn how to configure TLS Offloading with Azure Application Gateway, see [Configure TLS Offload](./create-ssl-portal.md)
application-gateway Self Signed Certificates https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/application-gateway/self-signed-certificates.md
Last updated 07/23/2019-++ # Generate an Azure Application Gateway self-signed certificate with a custom root CA
Set-AzApplicationGateway -ApplicationGateway $gw
## Next steps
-To learn more about SSL\TLS in Application Gateway, see [Overview of TLS termination and end to end TLS with Application Gateway](ssl-overview.md).
+To learn more about SSL\TLS in Application Gateway, see [Overview of TLS termination and end to end TLS with Application Gateway](ssl-overview.md).
application-gateway Troubleshoot App Service Redirection App Service Url https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/application-gateway/troubleshoot-app-service-redirection-app-service-url.md
Last updated 04/15/2021-++ # Troubleshoot App Service issues in Application Gateway
Set-AzApplicationGateway -ApplicationGateway $gw
``` ## Next steps
-If the preceding steps didn't resolve the issue, open a [support ticket](https://azure.microsoft.com/support/options/).
+If the preceding steps didn't resolve the issue, open a [support ticket](https://azure.microsoft.com/support/options/).
application-gateway Tutorial Autoscale Ps https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/application-gateway/tutorial-autoscale-ps.md
Last updated 03/08/2021 -+ #Customer intent: As an IT administrator new to Application Gateway, I want to configure the service in a way that automatically scales based on customer demand and is highly available across availability zones to ensure my customers can access their web applications when they need them. # Tutorial: Create an application gateway that improves web application access
application-gateway Tutorial Http Header Rewrite Powershell https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/application-gateway/tutorial-http-header-rewrite-powershell.md
Last updated 11/19/2019-++ # Create an application gateway and rewrite HTTP headers
First explore the resources that were created with the application gateway. Then
## Next steps -- [Create an application gateway with URL path-based routing rules](./tutorial-url-route-powershell.md)
+- [Create an application gateway with URL path-based routing rules](./tutorial-url-route-powershell.md)
application-gateway Tutorial Manage Web Traffic Powershell https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/application-gateway/tutorial-manage-web-traffic-powershell.md
Last updated 07/19/2019 -+ # Manage web traffic with an application gateway using Azure PowerShell
Remove-AzResourceGroup -Name myResourceGroupAG
## Next steps
-[Restrict web traffic with a web application firewall](../web-application-firewall/ag/tutorial-restrict-web-traffic-powershell.md)
+[Restrict web traffic with a web application firewall](../web-application-firewall/ag/tutorial-restrict-web-traffic-powershell.md)
application-gateway Tutorial Multiple Sites Powershell https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/application-gateway/tutorial-multiple-sites-powershell.md
Last updated 07/20/2020 -+ #Customer intent: As an IT administrator, I want to use Azure PowerShell to configure Application Gateway to host multiple web sites , so I can ensure my customers can access the web information they need.
application-gateway Tutorial Url Redirect Powershell https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/application-gateway/tutorial-url-redirect-powershell.md
Last updated 03/24/2021 -++ #Customer intent: As an IT administrator, I want to use Azure PowerShell to set up URL path redirection of web traffic to specific pools of servers so I can ensure my customers have access to the information they need.
Remove-AzResourceGroup -Name myResourceGroupAG
## Next steps > [!div class="nextstepaction"]
-> [Learn more about what you can do with application gateway](./overview.md)
+> [Learn more about what you can do with application gateway](./overview.md)
application-gateway Tutorial Url Route Powershell https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/application-gateway/tutorial-url-route-powershell.md
Last updated 07/31/2019 -+ #Customer intent: As an IT administrator, I want to use PowerShell to set up routing of web traffic to specific pools of servers based on the URL that the customer uses, so I can ensure my customers have the most efficient route to the information they need. # Route web traffic based on the URL using Azure PowerShell
Remove-AzResourceGroup -Name myResourceGroupAG
## Next steps
-[Redirect web traffic based on the URL](./tutorial-url-redirect-powershell.md)
+[Redirect web traffic based on the URL](./tutorial-url-redirect-powershell.md)
automation Enable Managed Identity For Automation https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/automation/enable-managed-identity-for-automation.md
description: This article describes how to set up managed identity for Azure Aut
Last updated 04/28/2021-++ # Enable a managed identity for your Azure Automation account (preview)
This topic shows you how to create a managed identity for an Azure Automation ac
## Enable system-assigned identity >[!IMPORTANT]
->The new Automation account-level identity will override any previous VM-level system-assigned identities (which are described in [Use runbook authentication with managed identities](/automation-hrw-run-runbooks#runbook-auth-managed-identities)). If you're running hybrid jobs on Azure VMs that use a VM's system-assigned identity to access runbook resources, then the Automation account identity will be used for the hybrid jobs. This means your existing job execution may be affected if you've been using the Customer Managed Keys (CMK) feature of your Automation account.<br/><br/>If you wish to continue using the VM's managed identity, you shouldn't enable the Automation account-level identity. If you've already enabled it, you can disable the Automation account managed identity. See [Disable your Azure Automation account managed identity](./disable-managed-identity-for-automation.md).
+>The new Automation account-level identity will override any previous VM-level system-assigned identities which are described in [Use runbook authentication with managed identities](./automation-hrw-run-runbooks.md#runbook-auth-managed-identities). If you're running hybrid jobs on Azure VMs that use a VM's system-assigned identity to access runbook resources, then the Automation account identity will be used for the hybrid jobs. This means your existing job execution may be affected if you've been using the Customer Managed Keys (CMK) feature of your Automation account.<br/><br/>If you wish to continue using the VM's managed identity, you shouldn't enable the Automation account-level identity. If you've already enabled it, you can disable the Automation account managed identity. See [Disable your Azure Automation account managed identity](./disable-managed-identity-for-automation.md).
Setting up system-assigned identities for Azure Automation can be done one of two ways. You can either use the Azure portal, or the Azure REST API.
azure-arc Install Client Tools https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-arc/data/install-client-tools.md
# Install client tools for deploying and managing Azure Arc enabled data services > [!IMPORTANT]
-> If you are updating to a new monthly release, please be sure to also update to the latest version of Azure Data Studio, the [!INCLUDE [azure-data-cli-azdata](../../../includes/azure-data-cli-azdata.md)] tool, and the [!INCLUDE [azure-data-cli-azdata](../../../includes/azure-data-cli-azdata.md)] and Azure Arc extensions for Azure Data Studio.
+> If you are updating to a new monthly release, please be sure to also update to the latest version of Azure Data Studio, the [!INCLUDE [azure-data-cli-azdata](../../../includes/azure-data-cli-azdata.md)] tool and Azure Arc extensions for Azure Data Studio.
This document walks you through the steps for installing the [!INCLUDE [azure-data-cli-azdata](../../../includes/azure-data-cli-azdata.md)], Azure Data Studio, Azure CLI (az), and the Kubernetes CLI tool (kubectl) on your client machine.
The following table lists common tools required for creating and managing Azure
## Next steps
-[Create the Azure Arc data controller](create-data-controller.md)
+[Create the Azure Arc data controller](create-data-controller.md)
azure-maps Choose Map Style https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-maps/choose-map-style.md
Title: Change the style of the Azure Maps Web Map Control
description: "Learn how to change a map's style and options. See how to add a style picker control to a map in Azure Maps so that users can switch between different styles." Previously updated : 07/27/2020 Last updated : 04/26/2020
The image below shows the style picker control displayed in `list` layout.
:::image type="content" source="./media/choose-map-style/style-picker-list-layout.png" alt-text="Style picker list layout"::: > [!IMPORTANT]
-> By default the style picker control lists all the styles available under the S0 pricing tier of Azure Maps. If you want to reduce the number of styles in this list, pass an array of the styles you want to appear in the list into the `mapStyle` option of the style picker. If you are using S1 and want to show all the available styles, set the `mapStyles` option of the style picker to `"all"`.
+> By default the style picker control lists all the styles available under the S0 pricing tier of Azure Maps. If you want to reduce the number of styles in this list, pass an array of the styles you want to appear in the list into the `mapStyle` option of the style picker. If you are using Gen 1 (S1) or Gen 2 pricing tier and want to show all available styles, set the `mapStyles` option of the style picker to `"all"`.
The following code shows you how to override the default `mapStyles` base style list. In this example, we're setting the `mapStyles` option to list which base styles we want to be displayed by the style picker control.
azure-maps Choose Pricing Tier https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-maps/choose-pricing-tier.md
Title: Choose the right pricing tier for Microsoft Azure Maps
description: Learn about Azure Maps pricing tiers. See which features are offered at which tiers, and view key considerations for choosing a pricing tier. Previously updated : 12/07/2020 Last updated : 04/27/2020
# Choose the right pricing tier in Azure Maps
-Azure Maps offers two pricing tiers: S0 and S1. The purpose of this article is to help you choose the right pricing tier for your needs. To choose the right pricing tier, ask yourself the following two questions.
+Azure Maps now offers two pricing tiers: Gen 1 and Gen 2. The Gen 2 new pricing tier contains all Azure Maps capabilities without any QPS (Queries Per Second) restriction and allows you to achieve cost savings as Azure Maps transactions increases. The purpose of this article is to help you choose the right pricing tier for your needs.
-## How many concurrent users do I plan to support?
+## Pricing tier targeted customers
-The S0 and S1 pricing tiers handle different amounts of data throughput. The S0 pricing tier handles up to **50 queries per second**. Whereas the S1 tier handles **more than 50 queries per second**.
+See the **pricing tier targeted customers** table below for a better understanding of Gen 1 and Gen 2 pricing tiers. For more information, see [Azure Maps pricing](https://azure.microsoft.com/pricing/details/azure-maps/). If you're a current Azure Maps customer, you can learn how to change from Gen 1 to Gen 2 pricing [here](how-to-manage-pricing-tier.md)
-## What geospatial capabilities do I plan to use?
-
-If the core geospatial APIs meet your service requirements, choose the S0 pricing tier. If you want more advanced capabilities for your application, consider choosing for the S1 pricing tier. Advanced capabilities include: Aerial plus hybrid imagery, getting route range, and batch geocoding. To select the pricing tier most suitable for your application, review the **pricing tier capabilities** table below:
-
-### Pricing tier capabilities
-
-| Capability | S0 | S1 |
-|--|:-:|:--:|
-| Map Render | Γ£ô | Γ£ô |
-| Satellite Imagery | | Γ£ô |
-| Search | Γ£ô | Γ£ô |
-| Batch Search | | Γ£ô |
-| Route | Γ£ô |Γ£ô |
-| Batch Routing | | Γ£ô |
-| Matrix Routing | | Γ£ô |
-| Route Range (Isochrones) | | Γ£ô |
-| Traffic |Γ£ô |Γ£ô |
-| Time Zone |Γ£ô |Γ£ô |
-| Geolocation (Preview) |Γ£ô |Γ£ô |
-| Spatial Operations | |Γ£ô |
-| Geofencing | |Γ£ô |
-| Azure Maps Data (Preview) | | Γ£ô |
-| Mobility (Preview) | | Γ£ô |
-| Weather |Γ£ô |Γ£ô |
-| Creator (Preview) | |Γ£ô |
-| Elevation (Preview) | |Γ£ô |
-
-Consider these additional points:
-
-* What type of enterprise do you have?
-* How critical is your application?
-
-### Pricing tier targeted customers
-
-See the **pricing tier targeted customers** table to get a better sense of the S0 and S1 pricing tiers. For more information, see [Azure Maps pricing](https://azure.microsoft.com/pricing/details/azure-maps/).
-
-| Pricing tier | Targeted customers |
-|--|:--|
-| S0 | The S0 pricing tier works for applications in all stages of production: from proof-of-concept development and early stage testing to application production and deployment. However, this tier is designed for small-scale development, or customers with low concurrent users, or both.
-| S1 | The S1 pricing tier is for customers with large-scale enterprise applications, mission-critical applications, or high volumes of concurrent users. It's also for those customers who require advanced geospatial services.
+| Pricing tier | SKU | Targeted Customers|
+|--|-| --|
+| **Gen 1** | S0 | The S0 pricing tier works for applications in all stages of production: from proof-of-concept development and early stage testing to application production and deployment. However, this tier is designed for small-scale development, or customers with low concurrent users, or both.
+| |S1 | The S1 pricing tier is for customers with large-scale enterprise applications, mission-critical applications, or high volumes of concurrent users. It's also for those customers who require advanced geospatial services.
+| **Gen 2** | Maps/Location Insights | Gen 2 pricing is for new and current Azure Maps customers. Gen 2 comes with a free monthly tier of transactions to be used to test and build on Azure maps. Maps and Location Insights SKUΓÇÖs contain all of Azure Maps capabilities. Additionally, thereΓÇÖs no QPS (Queries Per Second) restrictions, which for most services, achieves cost savings as Azure Maps transactions increase.
+| | |
## Next steps
azure-maps How To Create Template https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-maps/how-to-create-template.md
Title: Create your Azure Maps account using an ARM template | Microsoft Azure Maps
-description: Learn how to create an Azure Maps account using an Azure Resource Manager (ARM) template.
+ Title: Create your Azure Maps account using an Azure Resource Manager template in Azure Maps
+description: Learn how to create an Azure Maps account using an Azure Resource Manager template.
Previously updated : 10/20/2020 Last updated : 04/27/2021
azure-maps How To Manage Account Keys https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-maps/how-to-manage-account-keys.md
Title: Manage your Azure Maps account in the Azure portal | Microsoft Azure Maps
description: Learn how to use the Azure portal to manage an Azure Maps account. See how to create a new account and how to delete an existing account. Previously updated : 01/27/2020 Last updated : 04/26/2021
If you don't have an Azure subscription, create a [free account](https://azure.m
4. Enter the information for your new account.
-[![Enter Azure Maps account information in the Azure portal](./media/how-to-manage-account-keys/new-account-portal.png)](./media/how-to-manage-account-keys/new-account-portal.png#lightbox)
## Delete an account
azure-maps How To Manage Creator https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-maps/how-to-manage-creator.md
Title: Manage Microsoft Azure Maps Creator (Preview)
description: In this article, you'll learn how to manage Microsoft Azure Maps Creator (Preview). Previously updated : 02/16/2021 Last updated : 04/26/2021
> This preview version is provided without a service level agreement, and it's not recommended for production workloads. Certain features might not be supported or might have constrained capabilities. > For more information, see [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/).
-Azure Maps Creator lets you create private indoor map data. Using the Azure Maps API and the Indoor Maps module, you can develop interactive and dynamic indoor map web applications. Currently, Creator is only available in the United States using the S1 pricing tier.
+Azure Maps Creator lets you create private indoor map data. Using the Azure Maps API and the Indoor Maps module, you can develop interactive and dynamic indoor map web applications. Currently, Creator is only available in the United States using Gen 2 or Gen 1 (S1) pricing tiers.
This article takes you through the steps to create and delete a Creator resource in an Azure Maps account.
azure-maps How To Manage Pricing Tier https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-maps/how-to-manage-pricing-tier.md
Title: Manage your Azure Maps account's pricing tier | Microsoft Azure Maps
description: You can use the Azure portal to manage your Microsoft Azure Maps account and its pricing tier. Previously updated : 01/27/2020 Last updated : 04/26/2020
Get more information about [choosing the right pricing tier in Azure Maps](./cho
To view your chosen pricing tier, navigate to the **Pricing Tier** option in the settings menu.
-[ ![View chosen pricing tier](./media/how-to-manage-pricing-tier/view-pricing-tier.png) ](./media/how-to-manage-pricing-tier/view-pricing-tier.png#lightbox)
## Change a pricing tier
-After you create your Azure Maps account, you can upgrade or downgrade the pricing tier for your Azure Maps account. To upgrade or downgrade, navigate to the **Pricing Tier** option in the settings menu. Select the pricing tier that isn't highlighted. Select the **Save** button to save your chosen pricing tier option.
+After you create your Azure Maps account, you can upgrade or downgrade the pricing tier for your Azure Maps account. To upgrade or downgrade, navigate to the **Pricing Tier** option in the settings menu. Select the pricing tier from drop down list. Note ΓÇô current pricing tier will be default selection. Select the **Save** button to save your chosen pricing tier option.
-[ ![Change a pricing tier](./media/how-to-manage-pricing-tier/change-pricing-tier.png) ](./media/how-to-manage-pricing-tier/change-pricing-tier.png#lightbox)
> [!NOTE] > You don't have to generate new subscription keys or client ID (for Azure AD authentication) if you upgrade or downgrade the pricing tier for your Azure Maps account.
azure-maps How To Render Custom Data https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-maps/how-to-render-custom-data.md
Title: Render custom data on a raster map | Microsoft Azure Maps
description: Learn how to add pushpins, labels, and geometric shapes to a raster map. See how to use the static image service in Azure Maps for this purpose. Previously updated : 12/07/2020 Last updated : 04/26/2020
To complete the procedures in this article, you first need to create an Azure Ma
## Render pushpins with labels and a custom image > [!Note]
-> The procedure in this section requires an Azure Maps account in pricing tier S0 or S1.
+> The procedure in this section requires an Azure Maps account in Gen 1 or Gen 2 pricing tier.
The Azure Maps account S0 tier supports only a single instance of the `pins` parameter. It allows you to render up to five pushpins, specified in the URL request, with a custom image.
To render pushpins with labels and a custom image, complete these steps:
## Get data from Azure Maps data storage > [!Note]
-> The procedure in this section requires an Azure Maps account in pricing tier S1.
+> The procedure in this section requires an Azure Maps account Gen 1 (S1) or Gen 2 pricing tier.
You can also obtain the path and pin location information by using the [Data Upload API](/rest/api/maps/data/uploadpreview). Follow the steps below to upload the path and pins data.
You can also obtain the path and pin location information by using the [Data Upl
## Render a polygon with color and opacity > [!Note]
-> The procedure in this section requires an Azure Maps account in pricing tier S1.
+> The procedure in this section requires an Azure Maps account Gen 1 (S1) or Gen 2 pricing tier.
You can modify the appearance of a polygon by using style modifiers with the [path parameter](/rest/api/maps/render/getmapimage#uri-parameters).
You can modify the appearance of a polygon by using style modifiers with the [pa
## Render a circle and pushpins with custom labels > [!Note]
-> The procedure in this section requires an Azure Maps account in pricing tier S1.
+> The procedure in this section requires an Azure Maps account Gen 1 (S1) or Gen 2 pricing tier.
You can modify the appearance of the pins by adding style modifiers. For example, to make pushpins and their labels larger or smaller, use the `sc` "scale style" modifier. This modifier takes a value that's greater than zero. A value of 1 is the standard scale. Values larger than 1 will make the pins larger, and values smaller than 1 will make them smaller. For more information about style modifiers, see [static image service path parameters](/rest/api/maps/render/getmapimage#uri-parameters).
azure-maps How To Request Elevation Data https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-maps/how-to-request-elevation-data.md
Title: Request elevation data using the Azure Maps Elevation service (Preview)
description: Learn how to request elevation data using the Azure Maps Elevation service (Preview). Previously updated : 12/07/2020 Last updated : 04/26/2021
The Azure Maps [Elevation service](/rest/api/maps/elevation) provides APIs to qu
## Prerequisites
-1. [Make an Azure Maps account in the S1 pricing tier](quick-demo-map-app.md#create-an-azure-maps-account)
+1. [Make an Azure Maps account in Gen 1 (S1) or Gen 2 pricing tier](quick-demo-map-app.md#create-an-azure-maps-account).
2. [Obtain a primary subscription key](quick-demo-map-app.md#get-the-primary-key-for-your-account), also known as the primary key or the subscription key. For more information on authentication in Azure Maps, [Manage Authentication in Azure Maps](how-to-manage-authentication.md).
azure-maps How To Request Weather Data https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-maps/how-to-request-weather-data.md
Title: Request real-time and forecasted weather data using Azure Maps Weather se
description: Learn how to request real-time (current) and forecasted (minute, hourly, daily) weather data using Microsoft Azure Maps Weather services Previously updated : 12/07/2020 Last updated : 04/26/2021
This video provides examples for making REST calls to Azure Maps Weather service
2. [Obtain a primary subscription key](quick-demo-map-app.md#get-the-primary-key-for-your-account), also known as the primary key or the subscription key. For more information on authentication in Azure Maps, see [manage authentication in Azure Maps](./how-to-manage-authentication.md). >[!IMPORTANT]
- >The [Get Minute Forecast API](/rest/api/maps/weather/getminuteforecast) requires an S1 pricing tier key. All other APIs require an S0 pricing tier key.
+ >The [Get Minute Forecast API](/rest/api/maps/weather/getminuteforecast)requires a Gen 1 (S1) or Gen 2 pricing tier. All other APIs require an S0 pricing tier key.
This tutorial uses the [Postman](https://www.postman.com/) application, but you may choose a different API development environment.
In this example, you'll use the [Get Severe Weather Alerts API](/rest/api/maps/w
The [Get Daily Forecast API](/rest/api/maps/weather/getdailyforecast) returns detailed daily weather forecast such as temperature and wind. The request can specify how many days to return: 1, 5, 10, 15, 25, or 45 days for a given coordinate location. The response includes details such as temperature, wind, precipitation, air quality, and UV index. In this example, we request for five days by setting `duration=5`. >[!IMPORTANT]
->In the S0 pricing tier, you can request daily forecast for the next 1, 5, 10, and 15 days. In the S1 pricing tier, you can also request daily forecast for the next 25 days, and 45 days.
+>In the S0 pricing tier, you can request daily forecast for the next 1, 5, 10, and 15 days. In either Gen 1 (S1) or Gen 2 pricing tier, you can request daily forecast for the next 25 days, and 45 days.
In this example, you'll use the [Get Daily Forecast API](/rest/api/maps/weather/getdailyforecast) to retrieve the five-day weather forecast for coordinates located in Seattle, WA.
In this example, you'll use the [Get Daily Forecast API](/rest/api/maps/weather/
The [Get Hourly Forecast API](/rest/api/maps/weather/gethourlyforecast) returns detailed weather forecast by the hour for the next 1, 12, 24 (1 day), 72 (3 days), 120 (5 days), and 240 hours (10 days) for the given coordinate location. The API returns details such as temperature, humidity, wind, precipitation, and UV index. >[!IMPORTANT]
->In the S0 pricing tier, you can request hourly forecast for the next 1, 12, 24 hours (1 day), and 72 hours (3 days). In the S1 pricing tier, you can also request hourly forecast for the next 120 (5 days) and 240 hours (10 days).
+>In the S0 pricing tier, you can request hourly forecast for the next 1, 12, 24 hours (1 day), and 72 hours (3 days). In either Gen 1 (S1) or Gen 2 pricing tier, you can request hourly forecast for the next 120 (5 days) and 240 hours (10 days).
In this example, you'll use the [Get Hourly Forecast API](/rest/api/maps/weather/gethourlyforecast) to retrieve the hourly weather forecast for the next 12 hours at coordinates located in Seattle, WA.
azure-maps Migrate From Bing Maps Web Services https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-maps/migrate-from-bing-maps-web-services.md
Title: 'Tutorial: Migrate web services from Bing Maps | Microsoft Azure Maps'
description: Tutorial on how to migrate web services from Bing Maps to Microsoft Azure Maps. Previously updated : 12/07/2020 Last updated : 04/26/2021
Batch geocoding is the process of taking a large number of addresses or places,
Bing Maps allows up to 200,000 addresses to be passed in a single batch geocode request. This request goes into a queue and usually processes over a period of time, anywhere from a few minutes to a few hours depending on the size of the data set and the load on the service. Each address in the request generated a transaction.
-Azure Maps has a batch geocoding service, however it allows up to 10,000 addresses to be passed in a single request and is processed over seconds to a few minutes depending on the size of the data set and the load on the service. Each address in the request generated a transaction. In Azure Maps, the batch geocoding service is only available the S1 tier.
+Azure Maps has a batch geocoding service, however it allows up to 10,000 addresses to be passed in a single request and is processed over seconds to a few minutes depending on the size of the data set and the load on the service. Each address in the request generated a transaction. In Azure Maps, the batch geocoding service is only available the Gen 2 or S1 pricing tier. For more information on pricing tiers, see [Choose the right pricing tier in Azure Maps](choose-pricing-tier.md).
-Another option for geocoding a large number addresses with Azure Maps is to make parallel requests to the standard search APIs. These services only accept a single address per request but can be used with the S0 tier that also provides free usage limits. The S0 tier allows up to 50 requests per second to the Azure Maps platform from a single account. So if you process limit these to stay within that limit, it is possible to geocode upwards of 180,000 address an hour. The S1 tier doesnΓÇÖt have a documented limit on the number of queries per second that can be made from an account, so a lot more data can be processed faster when using that pricing tier, however using the batch geocoding service will help reduce the total amount of data transferred and will drastically reduce the network traffic.
+Another option for geocoding a large number addresses with Azure Maps is to make parallel requests to the standard search APIs. These services only accept a single address per request but can be used with the S0 tier that also provides free usage limits. The S0 tier allows up to 50 requests per second to the Azure Maps platform from a single account. So if you process limit these to stay within that limit, it is possible to geocode upwards of 180,000 address an hour. The Gen 2 or S1 pricing tier doesnΓÇÖt have a documented limit on the number of queries per second that can be made from an account, so a lot more data can be processed faster when using that pricing tier, however using the batch geocoding service will help reduce the total amount of data transferred and will drastically reduce the network traffic.
- [Free-form address geocoding](/rest/api/maps/search/getsearchaddress): Specify a single address string (like `"1 Microsoft way, Redmond, WA"`) and process the request immediately. This service is recommended if you need to geocode individual addresses quickly. - [Structured address geocoding](/rest/api/maps/search/getsearchaddressstructured): Specify the parts of a single address, such as the street name, city, country, and postal code and process the request immediately. This service is recommended if you need to geocode individual addresses quickly and the data is already parsed into its individual address parts.
azure-maps Quick Android Map https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-maps/quick-android-map.md
Title: 'Quickstart: Create an Android app with Azure Maps | Microsoft Azure '
description: 'Quickstart: Learn how to create an Android app using the Azure Maps Android SDK.' Previously updated : 12/10/2020 Last updated : 04/26/2021
Create a new Azure Maps account with the following steps:
* Read the *License* and *Privacy Statement*, and check the checkbox to accept the terms. * Click the **Create** button.
- ![Create Maps account in portal](media/quick-android-map/create-account.png)
+ :::image type="content" source="./media/quick-demo-map-app/create-account.png" alt-text="Create Maps account in portal":::
## Get the primary key for your account
azure-maps Quick Demo Map App https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-maps/quick-demo-map-app.md
Title: 'Quickstart: Interactive map search with Azure Maps'
description: 'Quickstart: Learn how to create interactive, searchable maps. See how to create an Azure Maps account, get a primary key, and use the Web SDK to set up map applications' Previously updated : 7/10/2020 Last updated : 04/26/2021
azure-maps Set Android Map Styles https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-maps/set-android-map-styles.md
This article shows you two ways to set map styles using the Azure Maps Android S
Be sure to complete the steps in the [Quickstart: Create an Android app](quick-android-map.md) document.
+>[!important]
+>The procedure in this section requires an Azure Maps account in Gen 1 or Gen 2 pricing tier. For more information on pricing tiers, see [Choose the right pricing tier in Azure Maps](choose-pricing-tier.md).
++ ## Set map style in the layout You can set a map style in the layout file for your activity class when adding the map control. The following code sets the center location, zoom level, and map style.
azure-maps Supported Map Styles https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-maps/supported-map-styles.md
Title: Supported built-in Azure Maps map styles
description: Learn about the built-in map styles that Azure Maps supports, such as road, blank_accessible, satellite, satellite_road_labels, road_shaded_relief, and night. Previously updated : 07/24/2020 Last updated : 04/26/2020
Azure Maps supports several different built-in map styles as described below.
+>[!important]
+>The procedure in this section requires an Azure Maps account in Gen 1 or Gen 2 pricing tier. For more information on pricing tiers, see [Choose the right pricing tier in Azure Maps](choose-pricing-tier.md).
+ ## road A **road** map is a standard map that displays roads. It also displays natural and artificial features, and the labels for those features.
azure-maps Tutorial Create Store Locator https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-maps/tutorial-create-store-locator.md
Jump ahead to the [live store locator example](https://azuremapscodesamples.azur
## Prerequisites
-1. [Make an Azure Maps account with S1 pricing tier](quick-demo-map-app.md#create-an-azure-maps-account)
+1. [Make an Azure Maps account in Gen 1 (S1) or Gen 2 pricing tier](quick-demo-map-app.md#create-an-azure-maps-account).
2. [Obtain a primary subscription key](quick-demo-map-app.md#get-the-primary-key-for-your-account), also known as the primary key or the subscription key. For more information on authentication in Azure Maps, see [manage authentication in Azure Maps](how-to-manage-authentication.md).
azure-maps Tutorial Ev Routing https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-maps/tutorial-ev-routing.md
Title: 'Tutorial: Route electric vehicles by using Azure Notebooks (Python) with
description: Tutorial on how to route electric vehicles by using Microsoft Azure Maps routing APIs and Azure Notebooks Previously updated : 12/07/2020 Last updated : 04/26/2021
In this tutorial, you will:
> * Render the reachable range boundary and charging stations on a map. > * Find and visualize a route to the closest electric vehicle charging station based on drive time.
+## Prerequisites
-## Prerequisites
+1. [Make an Azure Maps account](quick-demo-map-app.md#create-an-azure-maps-account), and [choose either Gen 2 or S1 pricing tier](choose-pricing-tier.md).
+2. [Obtain a primary subscription key](quick-demo-map-app.md#get-the-primary-key-for-your-account), also known as the primary key or the subscription key.
-To complete this tutorial, you first need to create an Azure Maps account and get your primary key (subscription key).
+For more information on authentication in Azure Maps, see [manage authentication in Azure Maps](how-to-manage-authentication.md).
-To create an Azure Maps account subscription, follow instructions in [Create an account](quick-demo-map-app.md#create-an-azure-maps-account). You need an Azure Maps account subscription with the S1 price tier.
-
-To get the primary subscription key for your account, follow the instructions in [get primary key](quick-demo-map-app.md#get-the-primary-key-for-your-account).
-
-For more information on authentication in Azure Maps, see [manage authentication in Azure Maps](./how-to-manage-authentication.md).
## Create an Azure Notebooks project
azure-maps Tutorial Route Location https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-maps/tutorial-route-location.md
Title: 'Tutorial: Find route to a location | Microsoft Azure Maps'
description: Tutorial on how to find a route to a point of interest. See how to set address coordinates and query the Azure Maps Route service for directions to the point. Previously updated : 09/01/2020 Last updated : 04/26/2021
azure-monitor Azure Monitor Agent Install https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/agents/azure-monitor-agent-install.md
description: Options for installing the Azure Monitor Agent (AMA) on Azure virtu
Previously updated : 11/17/2020 Last updated : 11/17/2020 +
azure-monitor Alerts Activity Log https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/alerts/alerts-activity-log.md
Title: Create, view, and manage activity log alerts in Azure Monitor description: Create activity log alerts by using the Azure portal, an Azure Resource Manager template, and Azure PowerShell. Previously updated : 06/25/2019 Last updated : 06/25/2019 +
azure-monitor Alerts Log https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/alerts/alerts-log.md
description: Use Azure Monitor to create, view, and manage log alert rules
Previously updated : 09/22/2020 Last updated : 09/22/2020 + # Create, view, and manage log alerts using Azure Monitor
azure-monitor Alerts Metric Create Templates https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/alerts/alerts-metric-create-templates.md
Previously updated : 10/7/2020 Last updated : 10/7/2020 + # Create a metric alert with a Resource Manager template
az deployment group create \
- Read more about [alerts in Azure](./alerts-overview.md) - Learn how to [create an action group with Resource Manager templates](../alerts/action-groups-create-resource-manager-template.md)-- For the JSON syntax and properties, see [Microsoft.Insights/metricAlerts](/azure/templates/microsoft.insights/metricalerts) template reference.
+- For the JSON syntax and properties, see [Microsoft.Insights/metricAlerts](/azure/templates/microsoft.insights/metricalerts) template reference.
azure-monitor Alerts Metric Logs https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/alerts/alerts-metric-logs.md
description: Tutorial on creating near-real time metric alerts on popular log an
Previously updated : 02/14/2021 Last updated : 02/14/2021 + # Create Metric Alerts for Logs in Azure Monitor
az deployment group create --resource-group myRG --template-file metricfromLogsA
- Learn more about the [metric alerts](../alerts/alerts-metric.md). - Learn about [log alerts in Azure](./alerts-unified-log.md).-- Learn about [alerts in Azure](./alerts-overview.md).
+- Learn about [alerts in Azure](./alerts-overview.md).
azure-monitor Alerts Troubleshoot Log https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/alerts/alerts-troubleshoot-log.md
description: Common issues, errors, and resolutions for log alert rules in Azure
Previously updated : 09/22/2020 Last updated : 09/22/2020 + # Troubleshoot log alerts in Azure Monitor
If query fails for seven days continuously, Azure Monitor will disable the log a
- Learn about [log alerts in Azure](./alerts-unified-log.md). - Learn more about [configuring log alerts](../logs/log-query-overview.md).-- Learn more about [log queries](../logs/log-query-overview.md).
+- Learn more about [log queries](../logs/log-query-overview.md).
azure-monitor Itsmc Service Manager Script https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/alerts/itsmc-service-manager-script.md
description: Create a Service Manager Web app using an automated script to conne
Previously updated : 01/23/2018 Last updated : 01/23/2018 +
azure-monitor Api Custom Events Metrics https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/app/api-custom-events-metrics.md
appInsights.trackMetric("queueLength", 42.0);
```csharp var sample = new MetricTelemetry();
-sample.Name = "metric name";
+sample.Name = "queueLength";
sample.Value = 42.3; telemetryClient.TrackMetric(sample); ```
azure-monitor Azure Vm Vmss Apps https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/app/azure-vm-vmss-apps.md
Title: Monitor performance on Azure VMs - Azure Application Insights description: Application performance monitoring for Azure VM and Azure virtual machine scale sets. Chart load and response time, dependency information, and set alerts on performance. Previously updated : 08/26/2019 Last updated : 08/26/2019 +
C:\WindowsAzure\Logs\Plugins\Microsoft.Azure.Diagnostics.ApplicationMonitoringWi
## Next steps * Learn how to [deploy an application to an Azure virtual machine scale set](../../virtual-machine-scale-sets/virtual-machine-scale-sets-deploy-app.md).
-* [Set up Availability web tests](monitor-web-app-availability.md) to be alerted if your endpoint is down.
+* [Set up Availability web tests](monitor-web-app-availability.md) to be alerted if your endpoint is down.
azure-monitor Azure Web Apps https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/app/azure-web-apps.md
Title: Monitor Azure app services performance | Microsoft Docs
description: Application performance monitoring for Azure app services. Chart load and response time, dependency information, and set alerts on performance. Last updated 08/06/2020-+ # Monitor Azure App Service performance
For the latest updates and bug fixes [consult the release notes](./web-app-exten
* [Monitor service health metrics](../data-platform.md) to make sure your service is available and responsive. * [Receive alert notifications](../alerts/alerts-overview.md) whenever operational events happen or metrics cross a threshold. * Use [Application Insights for JavaScript apps and web pages](javascript.md) to get client telemetry from the browsers that visit a web page.
-* [Set up Availability web tests](monitor-web-app-availability.md) to be alerted if your site is down.
+* [Set up Availability web tests](monitor-web-app-availability.md) to be alerted if your site is down.
azure-monitor Change Analysis Troubleshoot https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/app/change-analysis-troubleshoot.md
description: Learn how to troubleshoot problems in Application Change Analysis.
Previously updated : 02/11/2021 Last updated : 02/11/2021 +
Register-AzResourceProvider -ProviderNamespace "Microsoft.ChangeAnalysis"
## Next steps -- Learn more about [Azure Resource Graph](../../governance/resource-graph/overview.md), which helps power Change Analysis.
+- Learn more about [Azure Resource Graph](../../governance/resource-graph/overview.md), which helps power Change Analysis.
azure-monitor Change Analysis https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/app/change-analysis.md
description: Use Application Change Analysis in Azure Monitor to troubleshoot ap
Previously updated : 05/04/2020 Last updated : 05/04/2020 +
azure-monitor Convert Classic Resource https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/app/convert-classic-resource.md
Title: Migrate an Azure Monitor Application Insights classic resource to a workspace-based resource | Microsoft Docs description: Learn about the steps required to upgrade your Azure Monitor Application Insights classic resource to the new workspace-based model. Previously updated : 09/23/2020 Last updated : 09/23/2020 +
azure-monitor Create New Resource https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/app/create-new-resource.md
Title: Create a new Azure Application Insights resource | Microsoft Docs description: Manually set up Application Insights monitoring for a new live application. Previously updated : 02/10/2021 Last updated : 02/10/2021 +
azure-monitor Create Workspace Resource https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/app/create-workspace-resource.md
Title: Create a new Azure Monitor Application Insights workspace-based resource | Microsoft Docs description: Learn about the steps required to enable the new Azure Monitor Application Insights workspace-based resources. Previously updated : 10/06/2020 Last updated : 10/06/2020 +
azure-monitor Ip Collection https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/app/ip-collection.md
Title: Azure Application Insights IP address collection | Microsoft Docs
description: Understanding how IP addresses and geolocation are handled with Azure Application Insights Last updated 09/23/2020-+ # Geolocation and IP address handling
azure-monitor Powershell Azure Diagnostics https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/app/powershell-azure-diagnostics.md
Title: Using PowerShell to setup Application Insights in an Azure | Microsoft Docs description: Automate configuring Azure Diagnostics to pipe data to Application Insights. Previously updated : 08/06/2019 Last updated : 08/06/2019 +
azure-monitor Powershell https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/app/powershell.md
Title: Automate Azure Application Insights with PowerShell | Microsoft Docs description: Automate creating and managing resources, alerts, and availability tests in PowerShell using an Azure Resource Manager template. Previously updated : 05/02/2020 Last updated : 05/02/2020 +
Other automation articles:
* [Create an Application Insights resource](./create-new-resource.md#creating-a-resource-automatically) - quick method without using a template. * [Create web tests](../alerts/resource-manager-alerts-metric.md#availability-test-with-metric-alert) * [Send Azure Diagnostics to Application Insights](powershell-azure-diagnostics.md)
-* [Create release annotations](https://github.com/MohanGsk/ApplicationInsights-Home/blob/master/API/CreateReleaseAnnotation.ps1)
+* [Create release annotations](https://github.com/MohanGsk/ApplicationInsights-Home/blob/master/API/CreateReleaseAnnotation.ps1)
azure-monitor Autoscale Common Metrics https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/autoscale/autoscale-common-metrics.md
Title: Autoscale common metrics
description: Learn which metrics are commonly used for autoscaling your Cloud Services, Virtual Machines and Web Apps. Last updated 12/6/2016-++ # Azure Monitor autoscaling common metrics
azure-monitor Container Insights Enable Existing Clusters https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/containers/container-insights-enable-existing-clusters.md
Title: Monitor an Azure Kubernetes Service (AKS) cluster deployed | Microsoft Do
description: Learn how to enable monitoring of an Azure Kubernetes Service (AKS) cluster with Container insights already deployed in your subscription. Last updated 09/12/2019-+ # Enable monitoring of Azure Kubernetes Service (AKS) cluster already deployed
azure-monitor Container Insights Optout Hybrid https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/containers/container-insights-optout-hybrid.md
Title: How to stop monitoring your hybrid Kubernetes cluster | Microsoft Docs description: This article describes how you can stop monitoring of your hybrid Kubernetes cluster with Container insights. Previously updated : 06/16/2020 Last updated : 06/16/2020 +
bash disable-monitoring.sh --resource-id $azureArcClusterResourceId --kube-conte
## Next steps
-If the Log Analytics workspace was created only to support monitoring the cluster and it's no longer needed, you have to manually delete it. If you are not familiar with how to delete a workspace, see [Delete an Azure Log Analytics workspace](../logs/delete-workspace.md).
+If the Log Analytics workspace was created only to support monitoring the cluster and it's no longer needed, you have to manually delete it. If you are not familiar with how to delete a workspace, see [Delete an Azure Log Analytics workspace](../logs/delete-workspace.md).
azure-monitor Container Insights Optout Openshift V3 https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/containers/container-insights-optout-openshift-v3.md
Title: How to stop monitoring your Azure Red Hat OpenShift v3 cluster | Microsoft Docs description: This article describes how you can stop monitoring of your Azure Red Hat OpenShift cluster with Container insights. Previously updated : 04/24/2020 Last updated : 04/24/2020 +
ProvisioningState : Succeeded
## Next steps
-If the workspace was created only to support monitoring the cluster and it's no longer needed, you have to manually delete it. If you are not familiar with how to delete a workspace, see [Delete an Azure Log Analytics workspace](../logs/delete-workspace.md).
+If the workspace was created only to support monitoring the cluster and it's no longer needed, you have to manually delete it. If you are not familiar with how to delete a workspace, see [Delete an Azure Log Analytics workspace](../logs/delete-workspace.md).
azure-monitor Container Insights Optout https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/containers/container-insights-optout.md
Title: How to Stop Monitoring Your Azure Kubernetes Service cluster | Microsoft Docs description: This article describes how you can discontinue monitoring of your Azure AKS cluster with Container insights. Previously updated : 08/19/2019 Last updated : 08/19/2019 +
ProvisioningState : Succeeded
## Next steps
-If the workspace was created only to support monitoring the cluster and it's no longer needed, you have to manually delete it. If you are not familiar with how to delete a workspace, see [Delete an Azure Log Analytics workspace with the Azure portal](../logs/delete-workspace.md). Don't forget about the **Workspace Resource ID** copied earlier in step 4, you're going to need that.
+If the workspace was created only to support monitoring the cluster and it's no longer needed, you have to manually delete it. If you are not familiar with how to delete a workspace, see [Delete an Azure Log Analytics workspace with the Azure portal](../logs/delete-workspace.md). Don't forget about the **Workspace Resource ID** copied earlier in step 4, you're going to need that.
azure-monitor Collect Custom Metrics Guestos Vm Cloud Service Classic https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/essentials/collect-custom-metrics-guestos-vm-cloud-service-classic.md
Last updated 09/09/2019-++ # Send Guest OS metrics to the Azure Monitor metric store classic Cloud Services
You use the dimension filtering and splitting capabilities to view the total mem
## Next steps -- Learn more about [custom metrics](./metrics-custom-overview.md).
+- Learn more about [custom metrics](./metrics-custom-overview.md).
azure-monitor Quick Collect Activity Log Arm https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/essentials/quick-collect-activity-log-arm.md
Title: Send Azure Activity log to Log Analytics workspace using Azure Resource Manager template description: Use ARM templates to create a Log Analytics workspace and a diagnostic setting to send the Activity log to Azure Monitor Logs. -+ Last updated 06/25/2020
Remove-AzResourceGroup -Name my-resource-group
In this quickstart, you configured the Activity log to be sent to a Log Analytics workspace. You can now configure other data to be collected into the workspace where you can analyze it together using [log queries](../logs/log-query-overview.md) in Azure Monitor and leverage features such as [log alerts](../alerts/alerts-log-query.md) and [workbooks](../visualize/workbooks-overview.md). You should next gather [resource logs](../essentials/resource-logs.md) from your Azure resources which compliment the data in the Activity log providing insight into the operations that were performed within each resource. > [!div class="nextstepaction"]
-> [Collect and analyze resource logs with Azure Monitor](../essentials/tutorial-resource-logs.md)
+> [Collect and analyze resource logs with Azure Monitor](../essentials/tutorial-resource-logs.md)
azure-monitor Rest Api Walkthrough https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/essentials/rest-api-walkthrough.md
Title: Azure Monitoring REST API walkthrough
description: How to authenticate requests and use the Azure Monitor REST API to retrieve available metric definitions and metric values. Last updated 03/19/2018-+ # Azure Monitoring REST API walkthrough
GET https://management.azure.com/subscriptions/089bd33f-d4ec-47fe-8ba5-0753aa5c5
* Review the [Overview of Monitoring](../overview.md). * View the [Supported metrics with Azure Monitor](./metrics-supported.md). * Review the [Microsoft Azure Monitor REST API Reference](/rest/api/monitor/).
-* Review the [Azure Management Library](/previous-versions/azure/reference/mt417623(v=azure.100)).
+* Review the [Azure Management Library](/previous-versions/azure/reference/mt417623(v=azure.100)).
azure-monitor Azure Key Vault Deprecated https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/insights/azure-key-vault-deprecated.md
description: You can use the Azure Key Vault solution in Azure Monitor to review
Previously updated : 03/27/2019 Last updated : 03/27/2019 +
azure-monitor Azure Networking Analytics https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/insights/azure-networking-analytics.md
description: You can use the Azure Networking Analytics solution in Azure Monito
Previously updated : 06/21/2018 Last updated : 06/21/2018 +
azure-monitor Azure Sql https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/insights/azure-sql.md
Last updated 09/19/2020 -++ # Monitor Azure SQL Database using Azure SQL Analytics (Preview)
azure-monitor App Insights Connector https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/logs/app-insights-connector.md
description: You can use the Application Insights Connector solution to diagnose
Previously updated : 02/13/2019 Last updated : 02/13/2019 +
ApplicationInsights | summarize by ApplicationName
## Next steps -- Use [Log Search](./log-query-overview.md) to view detailed information for your Application Insights apps.
+- Use [Log Search](./log-query-overview.md) to view detailed information for your Application Insights apps.
azure-monitor Azure Data Explorer Query Storage https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/logs/azure-data-explorer-query-storage.md
Previously updated : 10/13/2020 Last updated : 10/13/2020 +
external_table("HBTest","map") | take 10000
## Next steps -- Learn to [write queries in Azure Data Explorer](/azure/data-explorer/write-queries)
+- Learn to [write queries in Azure Data Explorer](/azure/data-explorer/write-queries)
azure-monitor Customer Managed Keys https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/logs/customer-managed-keys.md
description: Information and steps to configure Customer-managed key to encrypt
Previously updated : 04/21/2021 Last updated : 04/21/2021 +
Customer-Managed key is provided on dedicated cluster and these operations are r
## Next steps - Learn about [Log Analytics dedicated cluster billing](./manage-cost-storage.md#log-analytics-dedicated-clusters)-- Learn about [proper design of Log Analytics workspaces](./design-logs-deployment.md)
+- Learn about [proper design of Log Analytics workspaces](./design-logs-deployment.md)
azure-monitor Delete Workspace https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/logs/delete-workspace.md
description: Learn how to delete your Log Analytics workspace if you created one
Previously updated : 12/20/2020 Last updated : 12/20/2020 +
azure-monitor Logs Data Export https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/logs/logs-data-export.md
Title: Log Analytics workspace data export in Azure Monitor (preview) description: Log Analytics data export allows you to continuously export data of selected tables from your Log Analytics workspace to an Azure storage account or Azure Event Hubs as it's collected. -+ Last updated 02/07/2021
azure-monitor Logs Dedicated Clusters https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/logs/logs-dedicated-clusters.md
description: Customers who ingest more than 1 TB a day of monitoring data may us
Previously updated : 09/16/2020 Last updated : 09/16/2020 + # Azure Monitor Logs Dedicated Clusters
Use the following REST call to delete a cluster:
## Next steps - Learn about [Log Analytics dedicated cluster billing](./manage-cost-storage.md#log-analytics-dedicated-clusters)-- Learn about [proper design of Log Analytics workspaces](../logs/design-logs-deployment.md)
+- Learn about [proper design of Log Analytics workspaces](../logs/design-logs-deployment.md)
azure-monitor Manage Access https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/logs/manage-access.md
description: You can manage access to data stored in a Log Analytics workspace i
Previously updated : 04/10/2019 Last updated : 04/10/2019 +
Sometimes custom logs come from sources that are not directly associated to a sp
* See [Log Analytics agent overview](../agents/log-analytics-agent.md) to gather data from computers in your datacenter or other cloud environment.
-* See [Collect data about Azure virtual machines](../vm/quick-collect-azurevm.md) to configure data collection from Azure VMs.
+* See [Collect data about Azure virtual machines](../vm/quick-collect-azurevm.md) to configure data collection from Azure VMs.
azure-monitor Manage Cost Storage https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/logs/manage-cost-storage.md
na Last updated 03/28/2021-++ # Manage usage and costs with Azure Monitor Logs
There are some additional Log Analytics limits, some of which depend on the Log
- Change [performance counter configuration](../agents/data-sources-performance-counters.md). - To modify your event collection settings, review [event log configuration](../agents/data-sources-windows-events.md). - To modify your syslog collection settings, review [syslog configuration](../agents/data-sources-syslog.md).-- To modify your syslog collection settings, review [syslog configuration](../agents/data-sources-syslog.md).
+- To modify your syslog collection settings, review [syslog configuration](../agents/data-sources-syslog.md).
azure-monitor Move Workspace https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/logs/move-workspace.md
description: Learn how to move your Log Analytics workspace to another subscript
Previously updated : 11/12/2020 Last updated : 11/12/2020 +
azure-monitor Powershell Workspace Configuration https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/logs/powershell-workspace-configuration.md
description: Log Analytics workspaces in Azure Monitor store data from servers i
Previously updated : 05/26/2020 Last updated : 05/26/2020 + # Create and configure a Log Analytics workspace in Azure Monitor using PowerShell
azure-monitor Resource Manager Workspace https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/logs/resource-manager-workspace.md
description: Sample Azure Resource Manager templates to deploy Log Analytics wor
Previously updated : 05/18/2020 Last updated : 05/18/2020 +
The following sample adds collection of [IIS logs](../agents/data-sources-iis-lo
* [Get other sample templates for Azure Monitor](../resource-manager-samples.md). * [Learn more about Log Analytics workspaces](./quick-create-workspace.md).
-* [Learn more about agent data sources](../agents/agent-data-sources.md).
+* [Learn more about agent data sources](../agents/agent-data-sources.md).
azure-monitor Resource Manager Samples https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/resource-manager-samples.md
Previously updated : 05/18/2020 Last updated : 05/18/2020 + # Resource Manager template samples for Azure Monitor
az deployment group create \
## Next steps -- Learn more about [Resource Manager templates](../azure-resource-manager/templates/overview.md)
+- Learn more about [Resource Manager templates](../azure-resource-manager/templates/overview.md)
azure-monitor Roles Permissions Security https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/roles-permissions-security.md
Title: Roles, permissions, and security in Azure Monitor
description: Learn how to use Azure Monitor's built-in roles and permissions to restrict access to monitoring resources. Previously updated : 11/27/2017 Last updated : 11/27/2017 + # Roles, permissions, and security in Azure Monitor
azure-monitor View Designer Conversion Access https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/visualize/view-designer-conversion-access.md
Title: Azure Monitor view designer to workbooks conversion summary and access description: Permissions required for accessing workbooks when transitioning from views in Azure Monitor.--++ Last updated 02/07/2020
azure-monitor View Designer Conversion Examples https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/visualize/view-designer-conversion-examples.md
Title: Azure Monitor view designer to workbooks conversion examples description: Examples for transitioning from views to workbooks in Azure Monitor.--++ Last updated 02/07/2020
azure-monitor View Designer Conversion Options https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/visualize/view-designer-conversion-options.md
Title: Azure Monitor view designer to workbooks conversion options description: Conversion options for transitioning from views to workbooks in Azure Monitor.--++ Last updated 02/07/2020
azure-monitor View Designer Conversion Overview https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/visualize/view-designer-conversion-overview.md
Title: Azure Monitor view designer to workbooks transition guide description: Transition from views to workbooks in Azure Monitor.--++ Last updated 08/04/2020
azure-monitor View Designer Conversion Tasks https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/visualize/view-designer-conversion-tasks.md
Title: Azure Monitor view designer to workbooks conversion common tasks description: Common tasks when transitioning from views to workbooks in Azure Monitor.--++ Last updated 02/07/2020
azure-monitor View Designer Conversion Tiles https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/visualize/view-designer-conversion-tiles.md
Title: Azure Monitor view designer to workbooks tile conversions description: Details for converting tiles to workbooks when transitioning from views in Azure Monitor.--++ Last updated 02/07/2020
azure-monitor Workbooks Automate https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/visualize/workbooks-automate.md
Workbook types specify which workbook gallery type the new workbook instance wil
| `tsg` | The Troubleshooting Guides gallery in Application Insights | | `usage` | The _More_ gallery under _Usage_ in Application Insights |
+### Working with JSON formatted Workbook data in the serializedData Template parameter
+
+When exporting an Azure Resource Manager template for an Azure Workbook, there are often fixed resource links embedded within the exported `serializedData` template parameter. These include potentially sensitive values such as Subscription ID and Resource Group name, and other types of resource IDs.
+
+The example below demonstrates the customization of an exported Workbook Azure Resource Manager Template, without resorting to string manipulation. The pattern shown in this example is intended to work with the unaltered data as exported from the Azure portal. It is also a best practice to mask out any embedded sensitive values when managing workbooks programmatically, therefore the Subscription ID and Resource Group have been masked here. No other modifications were made to the raw incoming `serializedData` value.
+
+```json
+{
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "workbookDisplayName": {
+ "type": "string"
+ },
+ "workbookSourceId": {
+ "type": "string",
+ "defaultValue": "[resourceGroup().id]"
+ },
+ "workbookId": {
+ "type": "string",
+ "defaultValue": "[newGuid()]"
+ }
+ },
+ "variables": {
+ // serializedData from original exported Azure Resource Manager template
+ "serializedData": "{\"version\":\"Notebook/1.0\",\"items\":[{\"type\":1,\"content\":{\"json\":\"Replace with Title\"},\"name\":\"text - 0\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"{\\\"version\\\":\\\"ARMEndpoint/1.0\\\",\\\"data\\\":null,\\\"headers\\\":[],\\\"method\\\":\\\"GET\\\",\\\"path\\\":\\\"/subscriptions/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX/resourceGroups\\\",\\\"urlParams\\\":[{\\\"key\\\":\\\"api-version\\\",\\\"value\\\":\\\"2019-06-01\\\"}],\\\"batchDisabled\\\":false,\\\"transformers\\\":[{\\\"type\\\":\\\"jsonpath\\\",\\\"settings\\\":{\\\"tablePath\\\":\\\"$..*\\\",\\\"columns\\\":[]}}]}\",\"size\":0,\"queryType\":12,\"visualization\":\"map\",\"tileSettings\":{\"showBorder\":false},\"graphSettings\":{\"type\":0},\"mapSettings\":{\"locInfo\":\"AzureLoc\",\"locInfoColumn\":\"location\",\"sizeSettings\":\"location\",\"sizeAggregation\":\"Count\",\"opacity\":0.5,\"legendAggregation\":\"Count\",\"itemColorSettings\":null}},\"name\":\"query - 1\"}],\"isLocked\":false,\"fallbackResourceIds\":[\"/subscriptions/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX/resourceGroups/XXXXXXX\"]}",
+
+ // parse the original into a JSON object, so that it can be manipulated
+ "parsedData": "[json(variables('serializedData'))]",
+
+ // create new JSON objects that represent only the items/properties to be modified
+ "updatedTitle": {
+ "content":{
+ "json": "[concat('Resource Group Regions in subscription \"', subscription().displayName, '\"')]"
+ }
+ },
+ "updatedMap": {
+ "content": {
+ "path": "[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups')]"
+ }
+ },
+
+ // the union function applies the updates to the original data
+ "updatedItems": [
+ "[union(variables('parsedData')['items'][0], variables('updatedTitle'))]",
+ "[union(variables('parsedData')['items'][1], variables('updatedMap'))]"
+ ],
+
+ // copy to a new workbook object, with the updated items
+ "updatedWorkbookData": {
+ "version": "[variables('parsedData')['version']]",
+ "items": "[variables('updatedItems')]",
+ "isLocked": "[variables('parsedData')['isLocked']]",
+ "fallbackResourceIds": ["[parameters('workbookSourceId')]"]
+ },
+
+ // convert back to an encoded string
+ "reserializedData": "[string(variables('updatedWorkbookData'))]"
+ },
+ "resources": [
+ {
+ "name": "[parameters('workbookId')]",
+ "type": "microsoft.insights/workbooks",
+ "location": "[resourceGroup().location]",
+ "apiVersion": "2018-06-17-preview",
+ "dependsOn": [],
+ "kind": "shared",
+ "properties": {
+ "displayName": "[parameters('workbookDisplayName')]",
+ "serializedData": "[variables('reserializedData')]",
+ "version": "1.0",
+ "sourceId": "[parameters('workbookSourceId')]",
+ "category": "workbook"
+ }
+ }
+ ],
+ "outputs": {
+ "workbookId": {
+ "type": "string",
+ "value": "[resourceId( 'microsoft.insights/workbooks', parameters('workbookId'))]"
+ }
+ },
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#"
+}
+```
+
+In this example, the following steps facilitated the customization of an exported Azure Resource Manager template:
+1. Export the Workbook as an Azure Resource Manager template as explained in the above section
+2. In the template's `variables` section:
+ 1. Parse the `serializedData` value into a JSON object variable, which creates a JSON structure including an array of items that represent the content of the Workbook.
+ 2. Create new JSON objects that represent only the items/properties to be modified.
+ 3. Project a new set of JSON content items (`updatedItems`), using the `union()` function to apply the modifications to the original JSON items.
+ 4. Create a new workbook object, `updatedWorkbookData`, that contains `updatedItems` and the `version`/`isLocked` data from the original parsed data, as well as a corrected set of `fallbackResourceIds`.
+ 5. Serialize the new JSON content back into a new string variable, `reserializedData`.
+3. Use the new `reserializedData` variable in place of the original `serializedData` property.
+4. Deploy the new Workbook resource using the updated Azure Resource Manager template.
+ ### Limitations For a technical reason, this mechanism cannot be used to create workbook instances in the _Workbooks_ gallery of Application Insights. We are working on addressing this limitation. In the meanwhile, we recommend that you use the Troubleshooting Guide gallery (workbookType: `tsg`) to deploy Application Insights related workbooks.
azure-monitor Vminsights Configure Workspace https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/vm/vminsights-configure-workspace.md
Title: Configure Log Analytics workspace for VM insights description: Describes how to create and configure the Log Analytics workspace used by VM insights. -+ Last updated 12/22/2020
azure-monitor Vminsights Health Enable https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/vm/vminsights-health-enable.md
Last updated 04/05/2021-+
azure-netapp-files Azure Netapp Files Resize Capacity Pools Or Volumes https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-netapp-files/azure-netapp-files-resize-capacity-pools-or-volumes.md
You can change the capacity pool size in 1-TiB increments or decrements. However
1. From the NetApp Account view, go to **Capacity pools**, and click the capacity pool that you want to resize. 2. Right-click the capacity pool name or click the "…" icon at the end of the capacity pool row to display the context menu. Click **Resize**.
-3. In the Resize pool window, specify the pool size. Click **OK**.
![Screenshot that shows pool context menu.](../media/azure-netapp-files/resize-pool-context-menu.png)
+3. In the Resize pool window, specify the pool size. Click **OK**.
+ ![Screenshot that shows Resize pool window.](../media/azure-netapp-files/resize-pool-window.png) ## Resize a volume using the Azure portal
You can change the size of a volume as necessary. A volume's capacity consumptio
1. From the NetApp Account view, go to **Volumes**, and click the volume that you want to resize. 2. Right-click the volume name or click the "…" icon at the end of the volume's row to display the context menu. Click **Resize**.
-3. In the Update volume quota window, specify the quota for the volume. Click **OK**.
![Screenshot that shows volume context menu.](../media/azure-netapp-files/resize-volume-context-menu.png)
+
+3. In the Update volume quota window, specify the quota for the volume. Click **OK**.
![Screenshot that shows Update Volume Quota window.](../media/azure-netapp-files/resize-volume-quota-window.png)
The following table describes the destination volume resizing behavior based on
- [Dynamically change the service level of a volume](dynamic-change-volume-service-level.md) - [Understand volume quota](volume-quota-introduction.md) - [Monitor the capacity of a volume](monitor-volume-capacity.md)-- [Capacity management FAQs](azure-netapp-files-faqs.md#capacity-management-faqs)
+- [Capacity management FAQs](azure-netapp-files-faqs.md#capacity-management-faqs)
azure-resource-manager Create Custom Provider Quickstart Powershell https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-resource-manager/custom-providers/create-custom-provider-quickstart-powershell.md
Last updated 09/22/2020 ms.devlang: azurepowershell-+ - devx-track-azurepowershell - mode-api
azure-resource-manager Create Custom Provider https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-resource-manager/custom-providers/create-custom-provider.md
description: Describes how to create a resource provider and deploy its custom r
Last updated 06/24/2020-++ # Quickstart: Create a custom provider and deploy custom resources
azure-resource-manager Publish Service Catalog App https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-resource-manager/managed-applications/publish-service-catalog-app.md
description: Shows how to create an Azure managed application that is intended f
-+ Last updated 04/14/2020
azure-resource-manager Tutorial Create Managed App With Custom Provider https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-resource-manager/managed-applications/tutorial-create-managed-app-with-custom-provider.md
Last updated 06/20/2019 -+ # Tutorial: Create managed application with custom actions and resources
If you have questions about Azure Managed Applications, you can try asking on [S
To publish your managed application to the Azure Marketplace, see [Azure managed applications in the Marketplace](../../marketplace/create-new-azure-apps-offer.md).
-Learn more about [Azure Custom Providers](../custom-providers/overview.md).
+Learn more about [Azure Custom Providers](../custom-providers/overview.md).
azure-resource-manager Azure Services Resource Providers https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-resource-manager/management/azure-services-resource-providers.md
Title: Resource providers by Azure services description: Lists all resource provider namespaces for Azure Resource Manager and shows the Azure service for that namespace. Previously updated : 03/16/2021 Last updated : 03/16/2021 + # Resource providers for Azure services
azure-resource-manager Delete Resource Group https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-resource-manager/management/delete-resource-group.md
Title: Delete resource group and resources
description: Describes how to delete resource groups and resources. It describes how Azure Resource Manager orders the deletion of resources when a deleting a resource group. It describes the response codes and how Resource Manager handles them to determine if the deletion succeeded. Last updated 03/18/2021-+ # Azure Resource Manager resource group and resource deletion
azure-resource-manager Deployment Models https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-resource-manager/management/deployment-models.md
Title: Resource Manager and classic deployment description: Describes the differences between the Resource Manager deployment model and the classic (or Service Management) deployment model. Previously updated : 04/12/2021 Last updated : 04/12/2021 + # Azure Resource Manager vs. classic deployment: Understand deployment models and the state of your resources
A comprehensive set of starter templates can be found on [Azure Resource Manager
## Next steps
-* To see the commands for deploying a template, see [Deploy an application with Azure Resource Manager template](../templates/deploy-powershell.md).
+* To see the commands for deploying a template, see [Deploy an application with Azure Resource Manager template](../templates/deploy-powershell.md).
azure-resource-manager Lock Resources https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-resource-manager/management/lock-resources.md
Title: Lock resources to prevent changes
description: Prevent users from updating or deleting Azure resources by applying a lock for all users and roles. Last updated 04/28/2021-+ # Lock resources to prevent unexpected changes
azure-resource-manager Manage Resource Groups Powershell https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-resource-manager/management/manage-resource-groups-powershell.md
description: Use Azure PowerShell to manage your resource groups through Azure R
Last updated 09/01/2020-++ # Manage Azure Resource Manager resource groups by using Azure PowerShell
For more information, see [Single and multi-resource export to template in Azure
- To learn Azure Resource Manager, see [Azure Resource Manager overview](overview.md). - To learn the Resource Manager template syntax, see [Understand the structure and syntax of Azure Resource Manager templates](../templates/template-syntax.md). - To learn how to develop templates, see the [step-by-step tutorials](../index.yml).-- To view the Azure Resource Manager template schemas, see [template reference](/azure/templates/).
+- To view the Azure Resource Manager template schemas, see [template reference](/azure/templates/).
azure-resource-manager Manage Resources Powershell https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-resource-manager/management/manage-resources-powershell.md
description: Use Azure PowerShell and Azure Resource Manager to manage your reso
Last updated 02/11/2019-++ # Manage Azure resources by using Azure PowerShell
Tagging helps organizing your resource group and resources logically. For inform
- To learn Azure Resource Manager, see [Azure Resource Manager overview](overview.md). - To learn the Resource Manager template syntax, see [Understand the structure and syntax of Azure Resource Manager templates](../templates/template-syntax.md). - To learn how to develop templates, see the [step-by-step tutorials](../index.yml).-- To view the Azure Resource Manager template schemas, see [template reference](/azure/templates/).
+- To view the Azure Resource Manager template schemas, see [template reference](/azure/templates/).
azure-resource-manager Virtual Machines Move Limitations https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-resource-manager/management/move-limitations/virtual-machines-move-limitations.md
Title: Move Azure VMs to new subscription or resource group description: Use Azure Resource Manager to move virtual machines to a new resource group or subscription. Previously updated : 04/23/2021 Last updated : 04/23/2021 + # Move guidance for virtual machines
azure-resource-manager Move Resource Group And Subscription https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-resource-manager/management/move-resource-group-and-subscription.md
Title: Move resources to a new subscription or resource group
description: Use Azure Resource Manager to move resources to a new resource group or subscription. Last updated 04/16/2021-+ # Move resources to a new resource group or subscription
azure-resource-manager Request Limits And Throttling https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-resource-manager/management/request-limits-and-throttling.md
Title: Request limits and throttling
description: Describes how to use throttling with Azure Resource Manager requests when subscription limits have been reached. Last updated 12/15/2020-+ # Throttling Resource Manager requests
azure-resource-manager Resource Providers And Types https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-resource-manager/management/resource-providers-and-types.md
Title: Resource providers and resource types
description: Describes the resource providers that support Azure Resource Manager. It describes their schemas, available API versions, and the regions that can host the resources. Last updated 03/15/2021 -+ # Azure resource providers and types
azure-resource-manager Tag Resources https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-resource-manager/management/tag-resources.md
Title: Tag resources, resource groups, and subscriptions for logical organizatio
description: Shows how to apply tags to organize Azure resources for billing and managing. Last updated 01/04/2021 -+ # Use tags to organize your Azure resources and management hierarchy
azure-resource-manager View Activity Logs https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-resource-manager/management/view-activity-logs.md
Title: View Azure activity logs to monitor resources description: Use the activity logs to review user actions and errors. Shows Azure portal PowerShell, Azure CLI, and REST. Previously updated : 05/13/2019 Last updated : 05/13/2019 + # View activity logs to monitor actions on resources
azure-resource-manager Bicep Decompile https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-resource-manager/templates/bicep-decompile.md
Title: Convert templates between JSON and Bicep description: Describes commands for converting Azure Resource Manager templates from Bicep to JSON and from JSON to Bicep. Previously updated : 03/12/2021 Last updated : 03/12/2021 + # Converting ARM templates between JSON and Bicep
azure-resource-manager Bicep Install https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-resource-manager/templates/bicep-install.md
Title: Set up Bicep development and deployment environments description: How to configure Bicep development and deployment environments Previously updated : 03/26/2021 Last updated : 03/26/2021 + # Install Bicep (Preview)
azure-resource-manager Bicep Tutorial Add Modules https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-resource-manager/templates/bicep-tutorial-add-modules.md
description: Use modules to encapsulate complex details of the raw resource decl
Last updated 03/25/2021 -++ # Tutorial: Add modules to Azure Resource Manager Bicep file
azure-resource-manager Bicep Tutorial Add Parameters https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-resource-manager/templates/bicep-tutorial-add-parameters.md
description: Add parameters to your Bicep file to make it reusable.
Last updated 03/10/2021 -++ # Tutorial: Add parameters to Azure Resource Manager Bicep file
azure-resource-manager Bicep Tutorial Create First Bicep https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-resource-manager/templates/bicep-tutorial-create-first-bicep.md
Last updated 04/12/2021 -+ #Customer intent: As a developer new to Azure deployment, I want to learn how to use Visual Studio Code to create and edit Bicep files, so I can use the Bicep files to deploy Azure resources.
azure-resource-manager Bicep Tutorial Use Parameter File https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-resource-manager/templates/bicep-tutorial-use-parameter-file.md
description: Use parameter files that contain the values to use for deploying yo
Last updated 04/27/2021 -++ # Tutorial: Use parameter files to deploy Azure Resource Manager Bicep file
azure-resource-manager Common Deployment Errors https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-resource-manager/templates/common-deployment-errors.md
Title: Troubleshoot common deployment errors
description: Describes how to resolve common errors when you deploy resources to Azure using Azure Resource Manager. tags: top-support-issue Previously updated : 01/20/2021 Last updated : 01/20/2021 + # Troubleshoot common Azure deployment errors with Azure Resource Manager
Or, suppose you're getting deployment errors that you believe are related to inc
* To go through a troubleshooting tutorial, see [Tutorial: Troubleshoot Resource Manager template deployments](template-tutorial-troubleshoot.md) * To learn about auditing actions, see [Audit operations with Resource Manager](../management/view-activity-logs.md).
-* To learn about actions to determine the errors during deployment, see [View deployment operations](deployment-history.md).
+* To learn about actions to determine the errors during deployment, see [View deployment operations](deployment-history.md).
azure-resource-manager Deploy Powershell https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-resource-manager/templates/deploy-powershell.md
Title: Deploy resources with PowerShell and template description: Use Azure Resource Manager and Azure PowerShell to deploy resources to Azure. The resources are defined in a Resource Manager template or a Bicep file. Previously updated : 03/25/2021 Last updated : 03/25/2021 + # Deploy resources with ARM templates and Azure PowerShell
azure-resource-manager Deploy To Management Group https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-resource-manager/templates/deploy-to-management-group.md
Title: Deploy resources to management group description: Describes how to deploy resources at the management group scope in an Azure Resource Manager template. Previously updated : 03/18/2021 Last updated : 03/18/2021 + # Management group deployments with ARM templates
azure-resource-manager Deploy To Resource Group https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-resource-manager/templates/deploy-to-resource-group.md
Title: Deploy resources to resource groups description: Describes how to deploy resources in an Azure Resource Manager template. It shows how to target more than one resource group. Previously updated : 01/13/2021 Last updated : 01/13/2021 + # Resource group deployments with ARM templates
azure-resource-manager Deploy To Subscription https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-resource-manager/templates/deploy-to-subscription.md
Title: Deploy resources to subscription description: Describes how to create a resource group in an Azure Resource Manager template. It also shows how to deploy resources at the Azure subscription scope. Previously updated : 01/13/2021 Last updated : 01/13/2021 + # Subscription deployments with ARM templates
azure-resource-manager Deploy To Tenant https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-resource-manager/templates/deploy-to-tenant.md
Title: Deploy resources to tenant description: Describes how to deploy resources at the tenant scope in an Azure Resource Manager template. Previously updated : 04/27/2021 Last updated : 04/27/2021 + # Tenant deployments with ARM templates
azure-resource-manager Deployment History Deletions https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-resource-manager/templates/deployment-history-deletions.md
Title: Deployment history deletions description: Describes how Azure Resource Manager automatically deletes deployments from the deployment history. Deployments are deleted when the history is close to exceeding the limit of 800. Previously updated : 03/23/2021 Last updated : 03/23/2021 + # Automatic deletions from deployment history
azure-resource-manager Deployment History https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-resource-manager/templates/deployment-history.md
Title: Deployment history
description: Describes how to view Azure Resource Manager deployment operations with the portal, PowerShell, Azure CLI, and REST API. tags: top-support-issue Previously updated : 09/23/2020 Last updated : 09/23/2020 + # View deployment history with Azure Resource Manager
azure-resource-manager Deployment Manager Tutorial Health Check https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-resource-manager/templates/deployment-manager-tutorial-health-check.md
description: Use health check to safely deploy Azure resources with Azure Deploy
Last updated 10/09/2019 -++
azure-resource-manager Deployment Manager Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-resource-manager/templates/deployment-manager-tutorial.md
description: Learn how to use Resource Manager templates with Azure Deployment M
Last updated 08/25/2020 -++
azure-resource-manager Deployment Quota Exceeded https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-resource-manager/templates/deployment-quota-exceeded.md
Title: Deployment quota exceeded description: Describes how to resolve the error of having more than 800 deployments in the resource group history. Previously updated : 08/07/2020 Last updated : 08/07/2020 + # Resolve error when deployment count exceeds 800
azure-resource-manager Deployment Script Template Configure Dev https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-resource-manager/templates/deployment-script-template-configure-dev.md
Last updated 12/14/2020-++
azure-resource-manager Deployment Script Template https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-resource-manager/templates/deployment-script-template.md
Last updated 04/15/2021-++ # Use deployment scripts in ARM templates
In this article, you learned how to use deployment scripts. To walk through a de
> [Tutorial: Use deployment scripts in Azure Resource Manager templates](./template-tutorial-deployment-script.md) > [!div class="nextstepaction"]
-> [Learn module: Extend ARM templates by using deployment scripts](/learn/modules/extend-resource-manager-template-deployment-scripts/)
+> [Learn module: Extend ARM templates by using deployment scripts](/learn/modules/extend-resource-manager-template-deployment-scripts/)
azure-resource-manager Deployment Tutorial Linked Template https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-resource-manager/templates/deployment-tutorial-linked-template.md
description: Learn how to deploy a linked template
Last updated 02/12/2021 -+ # Tutorial: Deploy a linked template
Clean up the resources you deployed by deleting the resource group.
You learned how to deploy a linked template. In the next tutorial, you learn how to create a DevOps pipeline to deploy a template. > [!div class="nextstepaction"]
-> [Create a pipeline](./deployment-tutorial-pipeline.md)
+> [Create a pipeline](./deployment-tutorial-pipeline.md)
azure-resource-manager Deployment Tutorial Local Template https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-resource-manager/templates/deployment-tutorial-local-template.md
description: Learn how to deploy an Azure Resource Manager template (ARM templat
Last updated 02/10/2021 -+ # Tutorial: Deploy a local ARM template
azure-resource-manager Error Not Found https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-resource-manager/templates/error-not-found.md
Title: Resource not found errors description: Describes how to resolve errors when a resource can't be found. The error can occur when deploying an Azure Resource Manager template or when taking management actions. Previously updated : 03/23/2021 Last updated : 03/23/2021 + # Resolve resource not found errors
azure-resource-manager Error Policy Requestdisallowedbypolicy https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-resource-manager/templates/error-policy-requestdisallowedbypolicy.md
description: Describes the cause of the RequestDisallowedByPolicy error when dep
Last updated 10/31/2018-++ # RequestDisallowedByPolicy error with Azure resource policy
azure-resource-manager Error Resource Quota https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-resource-manager/templates/error-resource-quota.md
Title: Quota errors description: Describes how to resolve resource quota errors when deploying resources with Azure Resource Manager. Previously updated : 03/09/2018 Last updated : 03/09/2018 + # Resolve errors for resource quotas
To request a quota increase, go to the portal and file a support issue. In the s
5. Fill in the forms for the type of quota you need to increase.
- ![Fill in form](./media/error-resource-quota/forms.png)
+ ![Fill in form](./media/error-resource-quota/forms.png)
azure-resource-manager Error Sku Not Available https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-resource-manager/templates/error-sku-not-available.md
Title: SKU not available errors description: Describes how to troubleshoot the SKU not available error when deploying resources with Azure Resource Manager. Previously updated : 04/14/2021 Last updated : 04/14/2021 + # Resolve errors for SKU not available
It returns available SKUs and regions in the following format:
... ] }
-```
+```
azure-resource-manager Key Vault Parameter https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-resource-manager/templates/key-vault-parameter.md
Title: Key Vault secret with template description: Shows how to pass a secret from a key vault as a parameter during deployment. Previously updated : 04/23/2021 Last updated : 04/23/2021 + # Use Azure Key Vault to pass secure parameter value during deployment
azure-resource-manager Linked Templates https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-resource-manager/templates/linked-templates.md
Title: Link templates for deployment description: Describes how to use linked templates in an Azure Resource Manager template (ARM template) to create a modular template solution. Shows how to pass parameters values, specify a parameter file, and dynamically created URLs. Previously updated : 03/25/2021 Last updated : 03/25/2021 + # Using linked and nested templates when deploying Azure resources
azure-resource-manager Parameter Files https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-resource-manager/templates/parameter-files.md
Title: Create parameter file description: Create parameter file for passing in values during deployment of an Azure Resource Manager template Previously updated : 04/15/2021 Last updated : 04/15/2021 + # Create Resource Manager parameter file
azure-resource-manager Quickstart Create Bicep Use Visual Studio Code https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-resource-manager/templates/quickstart-create-bicep-use-visual-studio-code.md
description: Use Visual Studio Code and the Bicep extension to Bicep files for d
Last updated 04/12/2021 -++ #Customer intent: As a developer new to Azure deployment, I want to learn how to use Visual Studio Code to create and edit Bicep files, so I can use them to deploy Azure resources.
azure-resource-manager Quickstart Create Templates Use Visual Studio Code https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-resource-manager/templates/quickstart-create-templates-use-visual-studio-code.md
description: Use Visual Studio Code and the Azure Resource Manager tools extensi
Last updated 08/09/2020 -++ #Customer intent: As a developer new to Azure deployment, I want to learn how to use Visual Studio Code to create and edit Resource Manager templates, so I can use the templates to deploy Azure resources.
azure-resource-manager Resource Location https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-resource-manager/templates/resource-location.md
Title: Template resource location
description: Describes how to set resource location in an Azure Resource Manager template (ARM template). Last updated 09/04/2019-+ # Set resource location in ARM template
azure-resource-manager Rollback On Error https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-resource-manager/templates/rollback-on-error.md
Title: Roll back on error to successful deployment description: Specify that a failed deployment should roll back to a successful deployment. Previously updated : 02/02/2021 Last updated : 02/02/2021 + # Rollback on error to successful deployment
azure-resource-manager Scope Extension Resources https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-resource-manager/templates/scope-extension-resources.md
Title: Scope on extension resource types description: Describes how to use the scope property when deploying extension resource types. Previously updated : 01/13/2021 Last updated : 01/13/2021 + # Setting scope for extension resources in ARM templates
azure-resource-manager Scope Functions https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-resource-manager/templates/scope-functions.md
Title: Template functions in scoped deployments description: Describes how template functions are resolved in scoped deployments. The scope can be a tenant, management groups, subscriptions, and resource groups. Previously updated : 10/22/2020 Last updated : 10/22/2020 + # ARM template functions in deployment scopes
azure-resource-manager Secure Template With Sas Token https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-resource-manager/templates/secure-template-with-sas-token.md
Title: Securely deploy template with SAS token description: Deploy resources to Azure with an Azure Resource Manager template that is protected by a SAS token. Shows Azure PowerShell and Azure CLI. Previously updated : 08/25/2020 Last updated : 08/25/2020 + # Deploy private ARM template with SAS token
azure-resource-manager Template Deploy What If https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-resource-manager/templates/template-deploy-what-if.md
description: Determine what changes will happen to your resources before deployi
Last updated 03/09/2021-++ # ARM template deployment what-if operation
azure-resource-manager Template Expressions https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-resource-manager/templates/template-expressions.md
Title: Template syntax and expressions description: Describes the declarative JSON syntax for Azure Resource Manager templates (ARM templates). Previously updated : 03/17/2020 Last updated : 03/17/2020 + # Syntax and expressions in ARM templates
azure-sql Public Endpoint Overview https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-sql/managed-instance/public-endpoint-overview.md
Last updated 05/08/2019
# Use Azure SQL Managed Instance securely with public endpoints [!INCLUDE[appliesto-sqlmi](../includes/appliesto-sqlmi.md)]
-Azure SQL Managed Instance can provide user connectivity over [public endpoints](../../virtual-network/virtual-network-service-endpoints-overview.md). This article explains how to make this configuration more secure.
+Azure SQL Managed Instance can provide user connectivity over [public endpoints](public-endpoint-configure.md). This article explains how to make this configuration more secure.
## Scenarios
The following diagram shows the recommended security configurations:
![Security configurations for locking down inbound and outbound connectivity](./media/public-endpoint-overview/managed-instance-vnet.png)
-A managed instance has a [dedicated public endpoint address](management-endpoint-find-ip-address.md). In the client-side outbound firewall and in the network security group rules, set this public endpoint IP address to limit outbound connectivity.
+A managed instance has a public endpoint address that is dedicated to a customer. This endpoint shares the IP with the [management endpoint](management-endpoint-find-ip-address.md) but uses a different port. In the client-side outbound firewall and in the network security group rules, set this public endpoint IP address to limit outbound connectivity.
To ensure traffic to the managed instance is coming from trusted sources, we recommend connecting from sources with well-known IP addresses. Use a network security group to limit access to the managed instance public endpoint on port 3342.
backup Backup Azure Delete Vault https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/backup/backup-azure-delete-vault.md
To stop protection and delete backup data, do the following steps:
>[!NOTE] >The PIN is valid for only five minutes. 1. In the management console, paste the PIN, and then select **Submit**.
- ![Enter Security PIN](./media/backup-azure-delete-vault/enter-security-pin.png)
+ ![Enter security PIN to delete backup items from the MABS and DPM management console](./media/backup-azure-delete-vault/enter-security-pin.png)
4. If you had selected **Delete storage online** in the **Stop Protection** dialog box earlier, ignore this step. Right-click the inactive protection group and select **Remove inactive protection**.
To stop protection and delete backup data, do the following steps:
>[!NOTE] >The PIN is valid for only five minutes. 1. In the management console, paste the PIN, and then select **Submit**.
- ![Enter Security PIN](./media/backup-azure-delete-vault/enter-security-pin.png)
+ ![Enter security PIN to delete backup items from the MABS and DPM management console](./media/backup-azure-delete-vault/enter-security-pin.png)
The protected member status changes to *Inactive replica available*.
backup Backup Azure Mars Troubleshoot https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/backup/backup-azure-mars-troubleshoot.md
We recommend that you check the following before you start troubleshooting Micro
- [Ensure the MARS agent is up to date](https://go.microsoft.com/fwlink/?linkid=229525&clcid=0x409). - [Ensure you have network connectivity between the MARS agent and Azure](#the-microsoft-azure-recovery-service-agent-was-unable-to-connect-to-microsoft-azure-backup). - Ensure MARS is running (in Service console). If you need to, restart and retry the operation.-- [Ensure 5% to 10% free volume space is available in the scratch folder location](./backup-azure-file-folder-backup-faq.yml#what-s-the-minimum-size-requirement-for-the-cache-folder-).
+- [Ensure 5% to 10% free volume space is available in the scratch folder location](/azure/backup/backup-azure-file-folder-backup-faq#what-s-the-minimum-size-requirement-for-the-cache-folder-).
- [Check if another process or antivirus software is interfering with Azure Backup](./backup-azure-troubleshoot-slow-backup-performance-issue.md#cause-another-process-or-antivirus-software-interfering-with-azure-backup). - If the backup job completed with warnings, see [Backup Jobs Completed with Warning](#backup-jobs-completed-with-warning) - If scheduled backup fails but manual backup works, see [Backups don't run according to schedule](#backups-dont-run-according-to-schedule).
We recommend that you check the following before you start troubleshooting Micro
| Error code | Reasons | Recommendations | | - | | | | 0x80070570 | The file or directory is corrupted and unreadable. | Run **chkdsk** on the source volume. |
- | 0x80070002, 0x80070003 | The system cannot find the file specified. | [Ensure the scratch folder isn't full](/backup-azure-file-folder-backup-faq.yml#manage-the-backup-cache-folder) <br><br> Check if the volume where scratch space is configured exists (not deleted) <br><br> [Ensure the MARS agent is excluded from the antivirus installed on the machine](./backup-azure-troubleshoot-slow-backup-performance-issue.md#cause-another-process-or-antivirus-software-interfering-with-azure-backup) |
+ | 0x80070002, 0x80070003 | The system cannot find the file specified. | [Ensure the scratch folder isn't full](/azure/backup/backup-azure-file-folder-backup-faq#manage-the-backup-cache-folder) <br><br> Check if the volume where scratch space is configured exists (not deleted) <br><br> [Ensure the MARS agent is excluded from the antivirus installed on the machine](./backup-azure-troubleshoot-slow-backup-performance-issue.md#cause-another-process-or-antivirus-software-interfering-with-azure-backup) |
| 0x80070005 | Access Is Denied | [Check if antivirus or other third-party software is blocking access](./backup-azure-troubleshoot-slow-backup-performance-issue.md#cause-another-process-or-antivirus-software-interfering-with-azure-backup) | | 0x8007018b | Access to the cloud file is denied. | OneDrive files, Git Files, or any other files that can be in offline state on the machine |
We recommend that you check the following before you start troubleshooting Micro
| Error | Possible causes | Recommended actions | ||||
-|<br />The activation did not complete successfully. The current operation failed due to an internal service error [0x1FC07]. Retry the operation after some time. If the issue persists, please contact Microsoft support. | <li> The scratch folder is located on a volume that doesn't have enough space. <li> The scratch folder has been incorrectly moved. <li> The OnlineBackup.KEK file is missing. | <li>Upgrade to the [latest version](https://aka.ms/azurebackup_agent) of the MARS agent.<li>Move the scratch folder or cache location to a volume with free space that's between 5% and 10% of the total size of the backup data. To correctly move the cache location, refer to the steps in [Common questions about backing up files and folders](/backup-azure-file-folder-backup-faq.yml#manage-the-backup-cache-folder).<li> Ensure that the OnlineBackup.KEK file is present. <br>*The default location for the scratch folder or the cache path is C:\Program Files\Microsoft Azure Recovery Services Agent\Scratch*. |
+|<br />The activation did not complete successfully. The current operation failed due to an internal service error [0x1FC07]. Retry the operation after some time. If the issue persists, please contact Microsoft support. | <li> The scratch folder is located on a volume that doesn't have enough space. <li> The scratch folder has been incorrectly moved. <li> The OnlineBackup.KEK file is missing. | <li>Upgrade to the [latest version](https://aka.ms/azurebackup_agent) of the MARS agent.<li>Move the scratch folder or cache location to a volume with free space that's between 5% and 10% of the total size of the backup data. To correctly move the cache location, refer to the steps in [Common questions about backing up files and folders](/azure/backup/backup-azure-file-folder-backup-faq#manage-the-backup-cache-folder).<li> Ensure that the OnlineBackup.KEK file is present. <br>*The default location for the scratch folder or the cache path is C:\Program Files\Microsoft Azure Recovery Services Agent\Scratch*. |
## Encryption passphrase not correctly configured | Error | Possible causes | Recommended actions | ||||
-| <br />Error 34506. The encryption passphrase stored on this computer is not correctly configured. | <li> The scratch folder is located on a volume that doesn't have enough space. <li> The scratch folder has been incorrectly moved. <li> The OnlineBackup.KEK file is missing. | <li>Upgrade to the [latest version](https://aka.ms/azurebackup_agent) of the MARS Agent.<li>Move the scratch folder or cache location to a volume with free space that's between 5% and 10% of the total size of the backup data. To correctly move the cache location, refer to the steps in [Common questions about backing up files and folders](/backup-azure-file-folder-backup-faq.yml#manage-the-backup-cache-folder).<li> Ensure that the OnlineBackup.KEK file is present. <br>*The default location for the scratch folder or the cache path is C:\Program Files\Microsoft Azure Recovery Services Agent\Scratch*. |
+| <br />Error 34506. The encryption passphrase stored on this computer is not correctly configured. | <li> The scratch folder is located on a volume that doesn't have enough space. <li> The scratch folder has been incorrectly moved. <li> The OnlineBackup.KEK file is missing. | <li>Upgrade to the [latest version](https://aka.ms/azurebackup_agent) of the MARS Agent.<li>Move the scratch folder or cache location to a volume with free space that's between 5% and 10% of the total size of the backup data. To correctly move the cache location, refer to the steps in [Common questions about backing up files and folders](/azure/backup/backup-azure-file-folder-backup-faq#manage-the-backup-cache-folder).<li> Ensure that the OnlineBackup.KEK file is present. <br>*The default location for the scratch folder or the cache path is C:\Program Files\Microsoft Azure Recovery Services Agent\Scratch*. |
## Backups don't run according to schedule
backup Backup Azure Move Recovery Services Vault https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/backup/backup-azure-move-recovery-services-vault.md
All public regions and sovereign regions are supported, except France Central, F
- During vault move across resource groups, both the source and target resource groups are locked preventing the write and delete operations. For more information, see this [article](../azure-resource-manager/management/move-resource-group-and-subscription.md). - Only admin subscription has the permissions to move a vault.-- For moving vaults across subscriptions, the target subscription must reside in the same tenant as the source subscription and its state must be enabled. To move a vault to a different Azure AD directory, see [Transfer subscription to a different directory](../role-based-access-control/transfer-subscription.md) and [Recovery Service vault FAQs](/backup-azure-backup-faq.yml#recovery-services-vault).
+- For moving vaults across subscriptions, the target subscription must reside in the same tenant as the source subscription and its state must be enabled. To move a vault to a different Azure AD directory, see [Transfer subscription to a different directory](../role-based-access-control/transfer-subscription.md) and [Recovery Service vault FAQs](/azure/backup/backup-azure-backup-faq#recovery-services-vault).
- You must have permission to perform write operations on the target resource group. - Moving the vault only changes the resource group. The Recovery Services vault will reside on the same location and it can't be changed. - You can move only one Recovery Services vault, per region, at a time.
If you need to keep the current protected data in the old vault and continue the
You can move many different types of resources between resource groups and subscriptions.
-For more information, see [Move resources to new resource group or subscription](../azure-resource-manager/management/move-resource-group-and-subscription.md).
+For more information, see [Move resources to new resource group or subscription](../azure-resource-manager/management/move-resource-group-and-subscription.md).
backup Backup Encryption https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/backup/backup-encryption.md
Azure Backup includes encryption on two levels:
## Next steps - [Azure Storage encryption for data at rest](../storage/common/storage-service-encryption.md)-- [Azure Backup FAQ](/backup-azure-backup-faq.yml#encryption) for any questions you may have about encryption
+- [Azure Backup FAQ](/azure/backup/backup-azure-backup-faq#encryption) for any questions you may have about encryption
backup Whats New https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/backup/whats-new.md
For more information, see [Azure Resource Manager templates for Azure Backup](ba
Azure Backup now supports incremental backups for SAP HANA databases hosted on Azure VMs. This allows for faster and more cost-efficient backups of your SAP HANA data.
-For more information, see [various options available during creation of a backup policy](/sap-hana-faq-backup-azure-vm.yml#policy) and [how to create a backup policy for SAP HANA databases](tutorial-backup-sap-hana-db.md#creating-a-backup-policy).
+For more information, see [various options available during creation of a backup policy](/azure/backup/sap-hana-faq-backup-azure-vm#policy) and [how to create a backup policy for SAP HANA databases](tutorial-backup-sap-hana-db.md#creating-a-backup-policy).
## Backup Center (in preview)
For more information, see [Encryption for Azure Backup using customer-managed ke
## Next steps -- [Azure Backup guidance and best practices](guidance-best-practices.md)
+- [Azure Backup guidance and best practices](guidance-best-practices.md)
cognitive-services Regions https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/Speech-Service/regions.md
The Speech service is available in these regions for **speech recognition**, **t
[!INCLUDE [](../../../includes/cognitive-services-speech-service-region-identifier.md)]
-If you use the [Speech SDK](speech-sdk.md), regions are specified by the **Region identifier** (for example, as a parameter to `SpeechConfig.FromSubscription`). Make sure the region is matching the region of your subscription.
+If you use the [Speech SDK](speech-sdk.md), regions are specified by the **Region identifier** (for example, as a parameter to `SpeechConfig.FromSubscription`). Make sure the region matches the region of your subscription.
If you plan to train a custom model with audio data, use one of the [regions with dedicated hardware](custom-speech-overview.md#set-up-your-azure-account) for faster training. You can use the [REST API](https://centralus.dev.cognitive.microsoft.com/docs/services/speech-to-text-api-v3-0/operations/CopyModelToSubscription) to copy the fully trained model to another region later.
Replace `<REGION_IDENTIFIER>` with the identifier matching the region of your su
For text-to-speech reference documentation, see [Text-to-speech REST API](rest-text-to-speech.md).
communication-services Detailed Call Flows https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/communication-services/concepts/detailed-call-flows.md
To learn more about the details on the media path that is chosen, refer to the [
### Communication Services (internet)
-This topology is used by customers that use Communication Services from the cloud without any on-premises deployment, such as SIP Interface. In this topology, traffic to and from Communication Services flows over the Internet.
+This topology is used by customers that use Communication Services from the cloud without any on-premises deployment, such as Azure direct routing. In this topology, traffic to and from Communication Services flows over the Internet.
:::image type="content" source="./media/call-flows/detailed-flow-general.png" alt-text="Azure Communication Services Topology.":::
This media transmission is bidirectional. The direction of Flow 6 to the remote
### Use Case: Communication Services client to PSTN through Communication Services Trunk
-Communication Services allows placing and receiving calls from the Public Switched Telephone Network (PSTN). If the PSTN trunk is connected using phone numbers provided by Communication Services, there are no special connectivity requirements for this use case. If you want to connect your own on-premises PSTN trunk to Azure Communication Services, you can use SIP Interface (available in CY2021).
+Communication Services allows placing and receiving calls from the Public Switched Telephone Network (PSTN). If the PSTN trunk is connected using phone numbers provided by Communication Services, there are no special connectivity requirements for this use case. If you want to connect your own on-premises PSTN trunk to Azure Communication Services, you can use Azure direct routing (available in CY2021).
:::image type="content" source="./media/call-flows/acs-to-pstn.png" alt-text="One to One Call with a PSTN Participant":::
communication-services Sip Interface Infrastructure https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/communication-services/concepts/telephony-sms/sip-interface-infrastructure.md
Title: SIP Interface infrastructure requirements - Azure Communication Services
-description: Familiarize yourself with the infrastructure requirements for Azure Communication Services SIP Interface configuration
+ Title: Azure direct routing infrastructure requirements - Azure Communication Services
+description: Familiarize yourself with the infrastructure requirements for Azure Communication Services direct routing configuration
-# SIP Interface infrastructure requirements
+# Azure direct routing infrastructure requirements
[!INCLUDE [Private Preview Notice](../../includes/private-preview-include.md)]
-This article describes infrastructure, licensing, and session border controller (SBC) connectivity details that you'll want to keep in mind as your plan your SIP Interface deployment.
+This article describes infrastructure, licensing, and Session Border Controller (SBC) connectivity details that you'll want to keep in mind as your plan your Azure direct routing deployment.
## Infrastructure requirements
-The infrastructure requirements for the supported SBCs, domains, and other network connectivity requirements to deploy SIP Interface are listed in the following table:
+The infrastructure requirements for the supported SBCs, domains, and other network connectivity requirements to deploy Azure direct routing are listed in the following table:
|Infrastructure requirement|You need the following| |: |: | |Session Border Controller (SBC)|A supported SBC. For more information, see [Supported SBCs](#supported-session-border-controllers-sbcs).|
-|Telephony trunks connected to the SBC|One or more telephony trunks connected to the SBC. On one end, the SBC connects to the Azure Communication Service via SIP Interface. The SBC can also connect to third-party telephony entities, such as PBXs, Analog Telephony Adapters, and so on. Any PSTN connectivity option connected to the SBC will work. (For configuration of the PSTN trunks to the SBC, please refer to the SBC vendors or trunk providers.)|
+|Telephony trunks connected to the SBC|One or more telephony trunks connected to the SBC. On one end, the SBC connects to the Azure Communication Service via direct routing. The SBC can also connect to third-party telephony entities, such as PBXs, Analog Telephony Adapters, and so on. Any PSTN connectivity option connected to the SBC will work. (For configuration of the PSTN trunks to the SBC, refer to the SBC vendors or trunk providers.)|
|Azure subscription|An Azure subscription that you use to create ACS resource, and the configuration and connection to the SBC.| |Communication Services Access Token|To make calls, you need a valid Access Token with `voip` scope. See [Access Tokens](../identity-model.md#access-tokens)| |Public IP address for the SBC|A public IP address that can be used to connect to the SBC. Based on the type of SBC, the SBC can use NAT.|
-|Fully Qualified Domain Name (FQDN) for the SBC|A FQDN for the SBC, where the domain portion of the FQDN does not match registered domains in your Microsoft 365 or Office 365 organization. For more information, see [SBC domain names](#sbc-domain-names).|
+|Fully Qualified Domain Name (FQDN) for the SBC|An FQDN for the SBC, where the domain portion of the FQDN does not match registered domains in your Microsoft 365 or Office 365 organization. For more information, see [SBC domain names](#sbc-domain-names).|
|Public DNS entry for the SBC |A public DNS entry mapping the SBC FQDN to the public IP Address. |
-|Public trusted certificate for the SBC |A certificate for the SBC to be used for all communication with SIP Interface. For more information, see [Public trusted certificate for the SBC](#public-trusted-certificate-for-the-sbc).|
+|Public trusted certificate for the SBC |A certificate for the SBC to be used for all communication with Azure direct routing. For more information, see [Public trusted certificate for the SBC](#public-trusted-certificate-for-the-sbc).|
|Firewall IP addresses and ports for SIP signaling and media |The SBC communicates to the following services in the cloud:<br/><br/>SIP Proxy, which handles the signaling<br/>Media Processor, which handles media<br/><br/>These two services have separate IP addresses in Microsoft Cloud, described later in this document.
The infrastructure requirements for the supported SBCs, domains, and other netwo
Customers without Office 365 can use any domain name for which they can obtain a public certificate.
-The following table shows examples of DNS names registered for the tenant, whether the name can be used as an fully qualified domain name (FQDN) for the SBC, and examples of valid FQDN names:
+The following table shows examples of DNS names registered for the tenant, whether the name can be used as a fully qualified domain name (FQDN) for the SBC, and examples of valid FQDN names:
|DNS name|Can be used for SBC FQDN|Examples of FQDN names| |: |: |: |
Microsoft recommends that you request the certificate for the SBC by generating
The certificate needs to have the SBC FQDN as the common name (CN) or the subject alternative name (SAN) field. The certificate should be issued directly from a certification authority, not from an intermediate provider.
-Alternatively, Communication Services SIP Interface supports a wildcard in the CN and/or SAN, and the wildcard needs to conform to standard [RFC HTTP Over TLS](https://tools.ietf.org/html/rfc2818#section-3.1).
+Alternatively, Communication Services direct routing supports a wildcard in the CN and/or SAN, and the wildcard needs to conform to standard [RFC HTTP Over TLS](https://tools.ietf.org/html/rfc2818#section-3.1).
-An example would be using `\*.contoso.com` which would match the SBC FQDN `sbc.contoso.com`, but wouldn't match with `sbc.test.contoso.com`.
+An example would be using `\*.contoso.com`, which would match the SBC FQDN `sbc.contoso.com`, but wouldn't match with `sbc.test.contoso.com`.
The certificate needs to be generated by one of the following root certificate authorities:
Microsoft is working on adding additional certification authorities based on cus
## SIP Signaling: FQDNs
-The connection points for Communication Services SIP Interface are the following three FQDNs:
+The connection points for Communication Services direct routing are the following three FQDNs:
- **sip.pstnhub.microsoft.com** ΓÇô Global FQDN ΓÇô must be tried first. When the SBC sends a request to resolve this name, the Microsoft Azure DNS servers return an IP address pointing to the primary Azure datacenter assigned to the SBC. The assignment is based on performance metrics of the datacenters and geographical proximity to the SBC. The IP address returned corresponds to the primary FQDN. - **sip2.pstnhub.microsoft.com** ΓÇô Secondary FQDN ΓÇô geographically maps to the second priority region.
Placing these three FQDNs in order is required to:
- Provide optimal experience (less loaded and closest to the SBC datacenter assigned by querying the first FQDN). - Provide failover when connection from an SBC is established to a datacenter that is experiencing a temporary issue. For more information, see [Failover mechanism](#failover-mechanism-for-sip-signaling) below.
-The FQDNs ΓÇô sip.pstnhub.microsoft.com, sip2.pstnhub.microsoft.com and sip3.pstnhub.microsoft.com ΓÇô will be resolved to one of the following IP addresses:
+The FQDNs ΓÇô sip.pstnhub.microsoft.com, sip2.pstnhub.microsoft.com, and sip3.pstnhub.microsoft.com ΓÇô will be resolved to one of the following IP addresses:
- `52.114.148.0` - `52.114.132.46`
Open firewall ports for these IP addresses to allow incoming and outgoing traffi
## SIP Signaling: Ports
-Use the following ports for Communication Services SIP Interface:
+Use the following ports for Communication Services Azure direct routing:
|Traffic|From|To|Source port|Destination port| |: |: |: |: |: |
Locations where only media processors are deployed (SIP flows via the closest da
### Leg between SBC and Cloud Media Processor or Microsoft Teams client. Applies to both media bypass case and non-bypass cases.
-The Direct Routing interface on the leg between the Session Border Controller and Cloud Media Processor can use the following codecs:
+The Azure direct routing interface on the leg between the Session Border Controller and Cloud Media Processor can use the following codecs:
- SILK, G.711, G.722, G.729
communication-services Telephony Concept https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/communication-services/concepts/telephony-sms/telephony-concept.md
Azure Communication Services Calling SDKs can be used to add telephony and PSTN to your applications. This page summarizes key telephony concepts and capabilities. See the [calling library](../../quickstarts/voice-video-calling/calling-client-samples.md) to learn more about specific SDK languages and capabilities. ## Overview of telephony
-Whenever your users interact with a traditional telephone number, calls are facilitated by PSTN (Public Switched Telephone Network) voice calling. To make and receive PSTN calls, you need to add telephony capabilities to your Azure Communication Services resource. In this case, signaling and media use a combination of IP-based and PSTN-based technologies to connect your users. Communication Services provides two discrete ways to reach the PSTN network: Azure Cloud Calling and SIP interface.
+Whenever your users interact with a traditional telephone number, calls are facilitated by PSTN (Public Switched Telephone Network) voice calling. To make and receive PSTN calls, you need to add telephony capabilities to your Azure Communication Services resource. In this case, signaling and media use a combination of IP-based and PSTN-based technologies to connect your users. Communication Services provides two discrete ways to reach the PSTN network: Voice Calling (PSTN) and Azure direct routing.
-### Azure Cloud Calling
+### Voice Calling (PSTN)
An easy way of adding PSTN connectivity to your app or service, in this case, Microsoft is your telco provider. You can buy numbers directly from Microsoft. Azure Cloud Calling is an all-in-the-cloud telephony solution for Communication services. This is the simplest option that connects ACS to the Public Switched Telephone Network (PSTN) to enable calls to landlines and mobile phones worldwide. With this option, Microsoft acts as your PSTN carrier, as shown in the following diagram:
-![Azure Cloud Calling diagram.](../media/telephony-concept/azure-calling-diagram.png)
+![Voice Calling (PSTN) diagram.](../media/telephony-concept/azure-calling-diagram.png)
-If you answer ΓÇÿyesΓÇÖ to the following, then Azure Cloud Calling is the right solution for you:
-- Azure cloud calling is available in your region.
+If you answer ΓÇÿyesΓÇÖ to the following, then Voice Calling (PSTN) is the right solution for you:
+- Voice Calling (PSTN) is available in your region.
- You do not need to retain your current PSTN carrier. - You want to use Microsoft-managed access to the PSTN. With this option: - You get numbers directly from Microsoft and can call phones around the world.-- You do not require deployment or maintenance of an on-premises deploymentΓÇöbecause Azure Cloud calling operates out of Azure Communication Services.-- Note: If necessary, you can choose to connect a supported Session Border Controller (SBC) through SIP Interface for interoperability with third-party PBXs, analog devices, and other third-party telephony equipment supported by the SBC.
+- You do not require deployment or maintenance of an on-premises deploymentΓÇöbecause Voice Calling (PSTN) operates out of Azure Communication Services.
+- Note: If necessary, you can choose to connect a supported Session Border Controller (SBC) through Azure direct routing for interoperability with third-party PBXs, analog devices, and other third-party telephony equipment supported by the SBC.
This option requires an uninterrupted connection to Azure Communication Services.
-### SIP Interface
+### Azure direct routing
-With this option, you can connect legacy on-premises telephony and your carrier of choice to Azure Communication services. It provides PSTN calling capabilities to your ACS applications even if Azure Cloud Calling is not available in your country/region.
-![SIP Interface diagram.](../media/telephony-concept/sip-interface-diagram.png)
+With this option, you can connect legacy on-premises telephony and your carrier of choice to Azure Communication services. It provides PSTN calling capabilities to your ACS applications even if Voice Calling (PSTN) is not available in your country/region.
-If you answer ΓÇÿyesΓÇÖ to any of the following questions, then SIP Interface is the right solution for you:
+![Azure direct routing diagram.](../media/telephony-concept/sip-interface-diagram.png)
+
+If you answer ΓÇÿyesΓÇÖ to any of the following questions, then Azure direct routing is the right solution for you:
- You want to use ACS with PSTN calling capabilities. - You need to retain your current PSTN carrier.-- You want to mix routing, with some calls going through Azure Cloud Calling, some through your carrier.
+- You want to mix routing, with some calls going through Voice Calling (PSTN), some through your carrier.
- You need to interoperate with third-party PBXs and/or equipment such as overhead pagers, analog devices, and so on. With this option:
This option requires the following:
### Conceptual documentation - [Phone number types in Azure Communication Services](./plan-solution.md)-- [Plan for SIP Interface](./sip-interface-infrastructure.md)
+- [Plan for Azure direct routing](./sip-interface-infrastructure.md)
- [Pricing](../pricing.md) ### Quickstarts
communication-services Overview https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/communication-services/overview.md
After creating a Communication Services resource you can start building client s
| | | |**[Create your first user access token](./quickstarts/access-tokens.md)**|User access tokens are used to authenticate clients against your Azure Communication Services resource. These tokens are provisioned and reissued using the Communication Services SDK.| |**[Get started with voice and video calling](./quickstarts/voice-video-calling/getting-started-with-calling.md)**| Azure Communication Services allows you to add voice and video calling to your browser or native apps using the Calling SDK. |
+|**[Add telephony calling to your app](./quickstarts/voice-video-calling/pstn-call.md)**|With Azure Communication Services you can add telephony calling capabilities to your application.|
|**[Join your calling app to a Teams meeting](./quickstarts/voice-video-calling/get-started-teams-interop.md)**|Azure Communication Services can be used to build custom meeting experiences that interact with Microsoft Teams. Users of your Communication Services solution(s) can interact with Teams participants over voice, video, chat, and screen sharing.| |**[Get started with chat](./quickstarts/chat/get-started.md)**|The Azure Communication Services Chat SDK is used to add rich real-time text chat into your applications.|
The following samples demonstrate end-to-end usage of the Azure Communication Se
| | | |**[The Group Calling Hero Sample](./samples/calling-hero-sample.md)**| Download a designed application sample for group calling for browsers, iOS, and Android devices. | |**[The Group Chat Hero Sample](./samples/chat-hero-sample.md)**| Download a designed application sample for group text chat for browsers. |
+|**[The Web Calling Sample](./samples/web-calling-sample.md)**| Download a designed web application sample for audio, video, and PSTN calling. |
## Platforms and SDK libraries
connectors Built In https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/connectors/built-in.md
Logic Apps provides built-in actions for working with data outputs and their for
## Next steps > [!div class="nextstepaction"]
-> [Create custom APIs you can call from Logic Apps](/logic-apps/logic-apps-create-api-app)
+> [Create custom APIs you can call from Logic Apps](../logic-apps/logic-apps-create-api-app.md)
<!-- Built-ins icons --> [azure-api-management-icon]: ./media/apis-list/azure-api-management.png
connectors Managed https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/connectors/managed.md
For more information, see these topics:
## Next steps > [!div class="nextstepaction"]
-> [Create custom APIs you can call from Logic Apps](/logic-apps/logic-apps-create-api-app)
+> [Create custom APIs you can call from Logic Apps](../logic-apps/logic-apps-create-api-app.md)
<!--Managed connector icons--> [appfigures-icon]: ./media/apis-list/appfigures.png
cosmos-db Partners Migration Cosmosdb https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cosmos-db/partners-migration-cosmosdb.md
From NoSQL migration to application development, you can choose from a variety o
| [Lambda3 Informatics](https://www.lambda3.com.br/) | Real-time personalization, Retail inventory, App development | Brazil| |[Neal Analytics](https://www.nealanalytics.com/) | Personalization, Retail (inventory), Operational Analytics (Spark), App development | USA | |[Pragmatic Works Software Inc](https://www.pragmaticworks.com/) | NoSQL migration | USA |
-| [Ricoh Digital Services](https://www.ricoh.com/) | IoT, Real-time personalization, Retail inventory, NoSQL migration | UK |
+| [Ricoh Digital Experience](https://www.ricoh-europe.com/contact-us) | IoT, Real-time personalization, Retail inventory, NoSQL migration | UK, Europe |
|[SNP Technologies](https://www.snp.com/) | NoSQL migration| USA | | [Solidsoft Reply](https://www.reply.com/solidsoft-reply/) | NoSQL migration | Croatia, Sweden, Denmark, Ireland, Bulgaria, Slovenia, Cyprus, Malta, Lithuania, the Czech Republic, Iceland, and Switzerland and Liechtenstein| | [Spanish Point Technologies](https://www.spanishpoint.ie/) | NoSQL migration| Ireland|
cost-management-billing Mca Request Billing Ownership https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cost-management-billing/manage/mca-request-billing-ownership.md
If you have an Azure support plan and you transfer all of your Azure subscriptio
You must use your account administrator credentials for your old account if the credentials differ from those used to access your new Microsoft Customer Agreement account.
-1. Sign in to the Azure portal at https://azure.portal.com.
+1. Sign in to the Azure portal at https://portal.azure.com.
1. Navigate to **Cost Management + Billing**. 1. Select **Billing Scopes** in the left pane. 1. Select the billing account associated with your Microsoft support plan.
cost-management-billing Microsoft Customer Agreement Get Started https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cost-management-billing/microsoft-customer-agreement/microsoft-customer-agreement-get-started.md
tags: billing
Previously updated : 04/06/2021 Last updated : 04/29/2021
If you're a new customer, Azure automatically creates a default subscription for
After your subscriptions are moved, access to the subscriptions is unchanged for your users. All consumption against the subscriptions route invoices under your new contract.
-When you start consuming Azure services, your new invoice under the Microsoft Customer Agreement is generated on the fifth day of every month ΓÇô ensure you [update your PO number in your billing profile](../manage/change-azure-account-profile.md). Your default payment method is wire transfer. To learn how to set up your payment method to avoid delays, see [How to pay for your subscription](../understand/pay-bill.md#wire-bank-details). The article explains how to get the required bank payment information.
+When you start consuming Azure services, your new invoice under the Microsoft Customer Agreement is generated on the fifth day of every month. Your default payment method is wire transfer. To learn how to set up your payment method to avoid delays, see [How to pay for your subscription](../understand/pay-bill.md#wire-bank-details). The article explains how to get the required bank payment information.
## Confirm payment details
When you move from a pay-as-you-go or an enterprise agreement to a Microsoft Cus
Make sure that you complete any outstanding payments for your older [pay-as-you-go](../understand/download-azure-invoice.md) or [EA](../manage/ea-portal-enrollment-invoices.md) contract subscription invoices. For more information, see [Understand your Microsoft Customer Agreement Invoice in Azure](../understand/mca-understand-your-invoice.md#billing-period).
+## Update a PO number
+
+By default, an invoice for billing profile doesn't have an associated PO number. After you add a PO number for a billing profile, it appears on invoices for the billing profile.
+
+To add or change the PO number for a billing profile, use the following steps.
+
+1. Sign in to the Azure portal.
+1. Search for **Cost Management + Billing** and then select **Billing scopes**.
+1. Select your billing scope.
+1. In the left menu under **Billing**, select **Billing profiles**.
+1. Select the appropriate billing profile.
+1. In the left menu under **Settings**, select **Properties**.
+1. Select **Update PO number**.
+1. Enter a PO number and then select **Update**.
++ ## Update your tax ID Ensure you update your tax ID after moving your subscriptions. The tax ID is used for tax exemption calculations and appears on your invoice.
data-factory Frequently Asked Questions https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/data-factory/frequently-asked-questions.md
Previously updated : 02/10/2020 Last updated : 04/29/2021 # Azure Data Factory FAQ
Self-hosted IR is an ADF pipeline construct that you can use with the Copy Activ
Clusters are never shared. We guarantee isolation for each job run in production runs. In case of debug scenario one person gets one cluster, and all debugs will go to that cluster which are initiated by that user.
+### Is there a way to write attributes in cosmos db in the same order as specified in the sink in ADF data flow?
+
+For cosmos DB, the underlying format of each document is a JSON object which is an unordered set of name/value pairs, so the order cannot be reserved. Data flow spins up a cluster even on integration runtime with 15 min TTL configuration dataflow advisory about TTL and costs This troubleshoot document [Data flow performance.](https://docs.microsoft.com/azure/data-factory/concepts-data-flow-performance#time-to-live)
++
+### Why an user is unable to use data preview in the data flows?
+
+You should check permissions for custom role. There are multiple actions involved in the dataflow data preview. You start by checking network traffic while debugging on your browser. Please follow all of the actions, for details, please refer to [Resource provider.](https://docs.microsoft.com/azure/role-based-access-control/resource-provider-operations#microsoftdatafactory)
+
+### Does the data flow compute engine serve multiple tenants?
+
+This troubleshooting document may help to resolve your issue:
+[Multiple tenants.](https://docs.microsoft.com/azure/data-factory/frequently-asked-questions#does-the-data-flow-compute-engine-serve-multiple-tenants)
++
+### In ADF, can I calculate value for a new column from existing column from mapping?
+
+You can use derive transformation in mapping data flow to create a new column on the logic you want. When creating a derived column, you can either generate a new column or update an existing one. In the Column textbox, enter in the column you are creating. To override an existing column in your schema, you can use the column dropdown. To build the derived column's expression, click on the Enter expression textbox. You can either start typing your expression or open up the expression builder to construct your logic.
+
+### Why mapping data flow preview failing with Gateway timeout?
+
+Please try to use larger cluster and leverage the row limits in debug settings to a smaller value to reduce the size of debug output.
+
+### How to parameterize column name in dataflow?
+
+Column name can be parameterized similar to other properties. Like in derived column customer can use **$ColumnNameParam = toString(byName($myColumnNameParamInData)).** These parameters can be passed from pipeline execution down to Data flows.
+++
+## Wrangling data flow (Data flow power query)
+
+### What are the supported regions for wrangling data flow?
+
+Data factory is available in following [regions.](https://azure.microsoft.com/global-infrastructure/services/?products=data-factory)
+Power query feature is being rolled out to all regions. If the feature is not available in your region, please check with support.
+
+### What are the limitations and constraints with wrangling data flow ?
+
+Dataset names can only contain alpha-numeric characters. The following data stores are supported:
+
+* DelimitedText dataset in Azure Blob Storage using account key authentication
+* DelimitedText dataset in Azure Data Lake Storage gen2 using account key or service principal authentication
+* DelimitedText dataset in Azure Data Lake Storage gen1 using service principal authentication
+* Azure SQL Database and Data Warehouse using sql authentication. See supported SQL types below. There is no PolyBase or staging support for data warehouse.
+
+At this time, linked service Key Vault integration is not supported in wrangling data flows.
+
+### What is the difference between mapping and wrangling data flows?
+
+Mapping data flows provide a way to transform data at scale without any coding required. You can design a data transformation job in the data flow canvas by constructing a series of transformations. Start with any number of source transformations followed by data transformation steps. Complete your data flow with a sink to land your results in a destination. Mapping data flow is great at mapping and transforming data with both known and unknown schemas in the sinks and sources.
+
+Wrangling data flows allow you to do agile data preparation and exploration using the Power Query Online mashup editor at scale via spark execution. With the rise of data lakes sometimes you just need to explore a data set or create a dataset in the lake. You aren't mapping to a known target. Wrangling data flows are used for less formal and model-based analytics scenarios.
+
+### What is the difference between Power Platform Dataflows and wrangling data flows?
+
+Power Platform Dataflows allow users to import and transform data from a wide range of data sources into the Common Data Service and Azure Data Lake to build PowerApps applications, Power BI reports or Flow automations. Power Platform Dataflows use the established Power Query data preparation experiences, similar to Power BI and Excel. Power Platform Dataflows also enable easy reuse within an organization and automatically handle orchestration (e.g. automatically refreshing dataflows that depend on another dataflow when the former one is refreshed).
+
+Azure Data Factory (ADF) is a managed data integration service that allows data engineers and citizen data integrator to create complex hybrid extract-transform-load (ETL) and extract-load-transform (ELT) workflows. Wrangling data flow in ADF empowers users with a code-free, serverless environment that simplifies data preparation in the cloud and scales to any data size with no infrastructure management required. It uses the Power Query data preparation technology (also used in Power Platform dataflows, Excel, Power BI) to prepare and shape the data. Built to handle all the complexities and scale challenges of big data integration, wrangling data flows allow users to quickly prepare data at scale via spark execution. Users can build resilient data pipelines in an accessible visual environment with our browser-based interface and let ADF handle the complexities of Spark execution. Build schedules for your pipelines and monitor your data flow executions from the ADF monitoring portal. Easily manage data availability SLAs with ADF's rich availability monitoring and alerts and leverage built-in continuous integration and deployment capabilities to save and manage your flows in a managed environment. Establish alerts and view execution plans to validate that your logic is performing as planned as you tune your data flows.
+
+### Supported SQL Types
+
+Wrangling data flow supports the following data types in SQL. You will get a validation error for using a data type that isn't supported.
+
+* short
+* double
+* real
+* float
+* char
+* nchar
+* varchar
+* nvarchar
+* integer
+* int
+* bit
+* boolean
+* smallint
+* tinyint
+* bigint
+* long
+* text
+* date
+* datetime
+* datetime2
+* smalldatetime
+* timestamp
+* uniqueidentifier
+* xml
++ ## Next steps For step-by-step instructions to create a data factory, see the following tutorials:
dns Dns Import Export https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/dns/dns-import-export.md
Title: Import and export a domain zone file - Azure CLI
-description: Learn how to import and export a DNS zone file to Azure DNS by using Azure CLI
+description: Learn how to import and export a DNS (Domain Name System) zone file to Azure DNS by using Azure CLI
Previously updated : 7/30/2020 Last updated : 04/29/2021 # Import and export a DNS zone file using the Azure CLI
-This article walks you through how to import and export DNS zone files for Azure DNS using the Azure CLI.
+In this article, you'll learn how to import and export a DNS zone file in Azure DNS using Azure CLI.
## Introduction to DNS zone migration
-A DNS zone file is a text file that contains details of every Domain Name System (DNS) record in the zone. It follows a standard format, making it suitable for transferring DNS records between DNS systems. Using a zone file is a quick, reliable, and convenient way to transfer a DNS zone into or out of Azure DNS.
+A DNS zone file is a text file containing information about every Domain Name System (DNS) record in the zone. It follows a standard format, making it suitable for transferring DNS records between DNS systems. Using a zone file is a fast and convenient way to import DNS zones into Azure DNS. You can also export a zone file from Azure DNS to use with other DNS systems.
-Azure DNS supports importing and exporting zone files by using the Azure command-line interface (CLI). Zone file import is **not** currently supported via Azure PowerShell or the Azure portal.
+Azure DNS supports importing and exporting zone files by using the Azure command-line interface (CLI). Zone file import is currently **not** supported with Azure PowerShell or the Azure portal.
-The Azure CLI is a cross-platform command-line tool used for managing Azure services. It is available for the Windows, Mac, and Linux platforms from the [Azure downloads page](https://azure.microsoft.com/downloads/). Cross-platform support is important for importing and exporting zone files, because the most common name server software, [BIND](https://www.isc.org/downloads/bind/), typically runs on Linux.
+Azure CLI is a cross-platform command-line tool used for managing Azure services. It's available for Windows, Mac, and Linux from the [Azure downloads page](https://azure.microsoft.com/downloads/).
## Obtain your existing DNS zone file Before you import a DNS zone file into Azure DNS, you need to obtain a copy of the zone file. The source of this file depends on where the DNS zone is currently hosted.
-* If your DNS zone is hosted by a partner service (such as a domain registrar, dedicated DNS hosting provider, or alternative cloud provider), that service should provide the ability to download the DNS zone file.
-* If your DNS zone is hosted on Windows DNS, the default folder for the zone files is **%systemroot%\system32\dns**. The full path to each zone file also shows on the **General** tab of the DNS console.
-* If your DNS zone is hosted by using BIND, the location of the zone file for each zone is specified in the BIND configuration file **named.conf**.
+* If your DNS zone is currently hosted by a partner service, they'll have a way for you to download the DNS zone file. Partner services include domain registrar, dedicated DNS hosting provider, or an alternative cloud provider.
+* If your DNS zone is hosted on Windows DNS, the default folder for the zone files is **%systemroot%\system32\dns**. The full path to each zone file is also shown on the **General** tab of the DNS console.
+* If your DNS zone is hosted using BIND, the location of the zone file for each zone gets specified in the BIND configuration file **named.conf**.
## Import a DNS zone file into Azure DNS
-Importing a zone file creates a new zone in Azure DNS if one does not already exist. If the zone already exists, the record sets in the zone file must be merged with the existing record sets.
+Importing a zone file creates a new zone in Azure DNS if the zone doesn't already exist. If the zone exist, then the record sets in the zone file will be merged with the existing record sets.
### Merge behavior
-* By default, existing and new record sets are merged. Identical records within a merged record set are de-duplicated.
-* When record sets are merged, the time to live (TTL) of preexisting record sets is used.
-* Start of Authority (SOA) parameters (except `host`) are always taken from the imported zone file. Similarly, for the name server record set at the zone apex, the TTL is always taken from the imported zone file.
-* An imported CNAME record does not replace an existing CNAME record with the same name.
-* When a conflict arises between a CNAME record and another record of the same name but different type (regardless of which is existing or new), the existing record is retained.
+* By default, the new record sets get merged with the existing record sets. Identical records within a merged record set aren't duplicated.
+* When record sets are merged, the time to live (TTL) of pre-existing record sets is used.
+* Start of Authority (SOA) parameters, except `host` are always taken from the imported zone file. The name server record set at the zone apex will also always use the TTL taken from the imported zone file.
+* An imported CNAME record doesn't replace an existing CNAME record with the same name.
+* When a conflict happens between a CNAME record and another record with the same name of different type, the existing record gets used.
### Additional information about importing
-The following notes provide additional technical details about the zone import process.
+The following notes provide more technical details about the zone import process.
-* The `$TTL` directive is optional, and it is supported. When no `$TTL` directive is given, records without an explicit TTL are imported set to a default TTL of 3600 seconds. When two records in the same record set specify different TTLs, the lower value is used.
-* The `$ORIGIN` directive is optional, and it is supported. When no `$ORIGIN` is set, the default value used is the zone name as specified on the command line (plus the terminating ".").
-* The `$INCLUDE` and `$GENERATE` directives are not supported.
+* The `$TTL` directive is optional, and is supported. When no `$TTL` directive is given, records without an explicit TTL are imported set to a default TTL of 3600 seconds. When two records in the same record set specify different TTLs, the lower value is used.
+* The `$ORIGIN` directive is optional, and is supported. When no `$ORIGIN` is set, the default value used is the zone name as specified on the command line including the ending ".".
+* The `$INCLUDE` and `$GENERATE` directives aren't supported.
* These record types are supported: A, AAAA, CAA, CNAME, MX, NS, SOA, SRV, and TXT.
-* The SOA record is created automatically by Azure DNS when a zone is created. When you import a zone file, all SOA parameters are taken from the zone file *except* the `host` parameter. This parameter uses the value provided by Azure DNS. This is because this parameter must refer to the primary name server provided by Azure DNS.
+* The SOA record is created automatically by Azure DNS when a zone is created. When you import a zone file, all SOA parameters are taken from the zone file *except* the `host` parameter. This parameter uses the value provided by Azure DNS because it needs to refer to the primary name server provided by Azure DNS.
* The name server record set at the zone apex is also created automatically by Azure DNS when the zone is created. Only the TTL of this record set is imported. These records contain the name server names provided by Azure DNS. The record data is not overwritten by the values contained in the imported zone file.
-* During Public Preview, Azure DNS supports only single-string TXT records. Multistring TXT records are be concatenated and truncated to 255 characters.
+* During Public Preview, Azure DNS supports only single-string TXT records. Multistring TXT records are to be concatenated and truncated to 255 characters.
### CLI format and values The format of the Azure CLI command to import a DNS zone is:
-```azurecli
+```azurecli-interactive-interactive
az network dns zone import -g <resource group> -n <zone name> -f <zone file name> ```
Values:
* `<zone name>` is the name of the zone. * `<zone file name>` is the path/name of the zone file to be imported.
-If a zone with this name does not exist in the resource group, it is created for you. If the zone already exists, the imported record sets are merged with existing record sets.
+If a zone with this name doesn't already exist in the resource group, one will be created for you. For an existing zone, the imported record sets will get merged with existing record sets.
-### Step 1. Import a zone file
+### Import a zone file
To import a zone file for the zone **contoso.com**.
-1. If you don't have one already, you need to create a Resource Manager resource group.
+1. Create a resource group if you don't have one.
- ```azurecli
+ ```azurecli-interactive
az group create --resource-group myresourcegroup -l westeurope ```
-2. To import the zone **contoso.com** from the file **contoso.com.txt** into a new DNS zone in the resource group **myresourcegroup**, you will run the command `az network dns zone import`.<BR>This command loads the zone file and parses it. The command executes a series of commands on the Azure DNS service to create the zone and all the record sets in the zone. The command reports progress in the console window, along with any errors or warnings. Because record sets are created in series, it may take a few minutes to import a large zone file.
+1. To import the zone **contoso.com** from the file **contoso.com.txt** into a new DNS zone in the resource group **myresourcegroup**, you'll run the command `az network dns zone import`.
- ```azurecli
+ This command loads the zone file and parses it. The command executes a series of operations on the Azure DNS service to create the zone and all the record sets in the zone. The command will report the progress in the console window along with any errors or warnings. Since record sets are created in series, it may take a few minutes to import a large zone file.
+
+ ```azurecli-interactive
az network dns zone import -g myresourcegroup -n contoso.com -f contoso.com.txt ```
-### Step 2. Verify the zone
+### Verify the zone
-To verify the DNS zone after you import the file, you can use any one of the following methods:
+You can use any one of the following methods to verify the DNS zone after you've imported the file:
-* You can list the records by using the following Azure CLI command:
+* To list the records, use the following Azure CLI command:
- ```azurecli
+ ```azurecli-interactive
az network dns record-set list -g myresourcegroup -z contoso.com ```
-* You can list the records by using the Azure CLI command `az network dns record-set ns list`.
-* You can use `nslookup` to verify name resolution for the records. Because the zone isn't delegated yet, you need to specify the correct Azure DNS name servers explicitly. The following sample shows how to retrieve the name server names assigned to the zone. This also shows how to query the "www" record by using `nslookup`.
+* You can also list the records by using the Azure CLI command `az network dns record-set ns list`.
+* Use `nslookup` to verify name resolution for the records. If the zone hasn't been delegated yet, you need to specify the correct Azure DNS name servers explicitly. The following sample shows how to retrieve the name server names assigned to the zone.
- ```azurecli
+ ```azurecli-interactive
az network dns record-set ns list -g myresourcegroup -z contoso.com --output json ```
To verify the DNS zone after you import the file, you can use any one of the fol
] ```
+ Use Windows Command Prompt to query the "www" record with the `nslookup` command.
+ ```cmd nslookup www.contoso.com ns1-03.azure-dns.com
To verify the DNS zone after you import the file, you can use any one of the fol
134.170.188.221 ```
-### Step 3. Update DNS delegation
+### Update DNS delegation
-After you have verified that the zone has been imported correctly, you need to update the DNS delegation to point to the Azure DNS name servers. For more information, see the article [Update the DNS delegation](dns-domain-delegation.md).
+After you've verified that the zone has been imported correctly, you then need to update the DNS delegation to point to the Azure DNS name servers. For more information, see [Update the DNS delegation](dns-domain-delegation.md).
## Export a DNS zone file from Azure DNS
-The format of the Azure CLI command to export a DNS zone is:
+To export a DNS zone, use the following Azure CLI command:
-```azurecli
+```azurecli-interactive
az network dns zone export -g <resource group> -n <zone name> -f <zone file name> ```
As with the zone import, you first need to sign in, choose your subscription, an
To export the existing Azure DNS zone **contoso.com** in resource group **myresourcegroup** to the file **contoso.com.txt** (in the current folder), run `azure network dns zone export`. This command calls the Azure DNS service to enumerate record sets in the zone and export the results to a BIND-compatible zone file.
-```azurecli
+```azurecli-interactive
az network dns zone export -g myresourcegroup -n contoso.com -f contoso.com.txt ```
az network dns zone export -g myresourcegroup -n contoso.com -f contoso.com.txt
* Learn how to [manage record sets and records](./dns-getstarted-cli.md) in your DNS zone.
-* Learn how to [delegate your domain to Azure DNS](dns-domain-delegation.md).
+* Learn how to [delegate your domain to Azure DNS](dns-domain-delegation.md).
dns Dns Reverse Dns For Azure Services https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/dns/dns-reverse-dns-for-azure-services.md
ms.devlang: na
na Previously updated : 05/29/2017 Last updated : 04/29/2021
This article explains how to configure reverse DNS lookups for services hosted in Azure.
-Services in Azure use IP addresses assigned by Azure and owned by Microsoft. These reverse DNS records (PTR records) must be created in the corresponding Microsoft-owned reverse DNS lookup zones. This article explains how to do this.
+Services in Azure use IP addresses assigned by Azure and owned by Microsoft. These reverse DNS records (PTR records) must be created in the corresponding Microsoft-owned reverse DNS lookup zones.
-This scenario should not be confused with the ability to [host the reverse DNS lookup zones for your assigned IP ranges in Azure DNS](dns-reverse-dns-hosting.md). In this case, the IP ranges represented by the reverse lookup zone must be assigned to your organization, typically by your ISP.
+This scenario differs from the ability to [host the reverse DNS lookup zones](dns-reverse-dns-hosting.md) for your assigned IP ranges in Azure DNS. In this case, the IP ranges represented by the reverse lookup zone must be assigned to your organization, typically by your ISP.
-Before reading this article, you should be familiar with this [Overview of reverse DNS and support in Azure](dns-reverse-dns-overview.md).
+Before reading this article, you should familiarize yourself with [reverse DNS in Azure DNS](dns-reverse-dns-overview.md).
-In Azure DNS, compute resources (such as virtual machines, virtual machine scale sets, or Service Fabric clusters) are exposed via a PublicIpAddress resource. Reverse DNS lookups are configured using the 'ReverseFqdn' property of the PublicIpAddress.
+In Azure DNS, compute resources such as virtual machines, virtual machine scale sets, and Service Fabric clusters have Public IP addresses. Reverse DNS lookups are configured using the 'ReverseFqdn' property of the Public IP address.
-
-Reverse DNS is not currently supported for the Azure App Service and Application Gateway.
+Reverse DNS is currently not supported for the Azure App Service and Application Gateway.
## Validation of reverse DNS records
-A third party should not be able to create reverse DNS records for their Azure service mapping to your DNS domains. To prevent this, Azure only allows the creation of a reverse DNS record where domain name specified in the reverse DNS record is the same as, or resolves to, the DNS name or IP address of a PublicIpAddress or Cloud Service in the same Azure subscription.
+A third party shouldn't have access to create reverse DNS records for Azure service mapping to your DNS domains. That's why Azure only allows you to create a reverse DNS record if the domain name is the same or resolves to a Public IP address in the same subscription. This restriction also applies to Cloud Service.
-This validation is only performed when the reverse DNS record is set or modified. Periodic re-validation is not performed.
+This validation is only done when the reverse DNS record is set or modified. Periodic revalidation isn't done.
-For example: suppose the PublicIpAddress resource has the DNS name contosoapp1.northus.cloudapp.azure.com and IP address 23.96.52.53. The ReverseFqdn for the PublicIpAddress can be specified as:
-* The DNS name for the PublicIpAddress, contosoapp1.northus.cloudapp.azure.com
-* The DNS name for a different PublicIpAddress in the same subscription, such as contosoapp2.westus.cloudapp.azure.com
-* A vanity DNS name, such as app1.contoso.com, so long as this name is *first* configured as a CNAME to contosoapp1.northus.cloudapp.azure.com, or to a different PublicIpAddress in the same subscription.
-* A vanity DNS name, such as app1.contoso.com, so long as this name is *first* configured as an A record to the IP address 23.96.52.53, or to the IP address of a different PublicIpAddress in the same subscription.
+For example, suppose the Public Ip address resource has the DNS name `contosoapp1.northus.cloudapp.azure.com` and IP address `23.96.52.53`. The reverse FQDN for the Public IP address can be specified as:
-The same constraints apply to reverse DNS for Cloud Services.
+* The DNS name for the Public IP address: `contosoapp1.northus.cloudapp.azure.com`.
+* The DNS name for a different PublicIpAddress in the same subscription, such as: `contosoapp2.westus.cloudapp.azure.com`.
+* A vanity DNS name, such as: `app1.contoso.com`. As long as the name is *first* configured as a CNAME pointing to `contosoapp1.northus.cloudapp.azure.com`. The name can also be pointed to a different Public IP address in the same subscription.
+* A vanity DNS name, such as: `app1.contoso.com`. As long as this name is *first* configured as an A record pointing to the IP address 23.96.52.53. The name can also be pointed to another IP address in the same subscription.
+The same constraints apply to reverse DNS for Cloud Services.
-## Reverse DNS for PublicIpAddress resources
+## Reverse DNS for Public IP address resources
-This section provides detailed instructions for how to configure reverse DNS for PublicIpAddress resources in the Resource Manager deployment model, using either Azure PowerShell, Azure classic CLI, or Azure CLI. Configuring reverse DNS for PublicIpAddress resources is not currently supported via the Azure portal.
+This section provides detailed instructions for how to configure reverse DNS for Public IP address resources in the Resource Manager deployment model. You can use either Azure PowerShell, Azure classic CLI, or Azure CLI to accomplish this task. Configuring reverse DNS for a Public IP address resource is currently not supported in the Azure portal.
-Azure currently supports reverse DNS only for IPv4 PublicIpAddress resources. It is not supported for IPv6.
+Azure currently supports reverse DNS only for Public IPv4 address resources.
### Add reverse DNS to an existing PublicIpAddresses
-#### PowerShell
+#### Azure PowerShell
To update reverse DNS to an existing PublicIpAddress:
-```powershell
+```azurepowershell-interactive
$pip = Get-AzPublicIpAddress -Name "PublicIp" -ResourceGroupName "MyResourceGroup" $pip.DnsSettings.ReverseFqdn = "contosoapp1.westus.cloudapp.azure.com." Set-AzPublicIpAddress -PublicIpAddress $pip
Set-AzPublicIpAddress -PublicIpAddress $pip
To add reverse DNS to an existing PublicIpAddress that doesn't already have a DNS name, you must also specify a DNS name:
-```powershell
+```azurepowershell-interactive
$pip = Get-AzPublicIpAddress -Name "PublicIp" -ResourceGroupName "MyResourceGroup" $pip.DnsSettings = New-Object -TypeName "Microsoft.Azure.Commands.Network.Models.PSPublicIpAddressDnsSettings" $pip.DnsSettings.DomainNameLabel = "contosoapp1"
$pip.DnsSettings.ReverseFqdn = "contosoapp1.westus.cloudapp.azure.com."
Set-AzPublicIpAddress -PublicIpAddress $pip ```
-#### Azure classic CLI
+#### Azure Classic CLI
To add reverse DNS to an existing PublicIpAddress:
azure network public-ip set -n PublicIp -g MyResourceGroup -f contosoapp1.westus
To add reverse DNS to an existing PublicIpAddress that doesn't already have a DNS name, you must also specify a DNS name:
-```azurecli
+```azurecli-interactive
azure network public-ip set -n PublicIp -g MyResourceGroup -d contosoapp1 -f contosoapp1.westus.cloudapp.azure.com. ```
azure network public-ip set -n PublicIp -g MyResourceGroup -d contosoapp1 -f con
To add reverse DNS to an existing PublicIpAddress:
-```azurecli
+```azurecli-interacgive
az network public-ip update --resource-group MyResourceGroup --name PublicIp --reverse-fqdn contosoapp1.westus.cloudapp.azure.com. ``` To add reverse DNS to an existing PublicIpAddress that doesn't already have a DNS name, you must also specify a DNS name:
-```azurecli
+```azurecli-interactive
az network public-ip update --resource-group MyResourceGroup --name PublicIp --reverse-fqdn contosoapp1.westus.cloudapp.azure.com --dns-name contosoapp1 ```
az network public-ip update --resource-group MyResourceGroup --name PublicIp --r
To create a new PublicIpAddress with the reverse DNS property already specified:
-#### PowerShell
+#### Azure PowerShell
-```powershell
+```azurepowershell-interactive
New-AzPublicIpAddress -Name "PublicIp" -ResourceGroupName "MyResourceGroup" -Location "WestUS" -AllocationMethod Dynamic -DomainNameLabel "contosoapp2" -ReverseFqdn "contosoapp2.westus.cloudapp.azure.com." ```
-#### Azure classic CLI
+#### Azure Classic CLI
```azurecli azure network public-ip create -n PublicIp -g MyResourceGroup -l westus -d contosoapp3 -f contosoapp3.westus.cloudapp.azure.com.
azure network public-ip create -n PublicIp -g MyResourceGroup -l westus -d conto
#### Azure CLI
-```azurecli
+```azurecli-interactive
az network public-ip create --name PublicIp --resource-group MyResourceGroup --location westcentralus --dns-name contosoapp1 --reverse-fqdn contosoapp1.westcentralus.cloudapp.azure.com ```
az network public-ip create --name PublicIp --resource-group MyResourceGroup --l
To view the configured value for an existing PublicIpAddress:
-#### PowerShell
+#### Azure PowerShell
-```powershell
+```azurepowershell-interactive
Get-AzPublicIpAddress -Name "PublicIp" -ResourceGroupName "MyResourceGroup" ```
-#### Azure classic CLI
+#### Azure Classic CLI
```azurecli azure network public-ip show -n PublicIp -g MyResourceGroup
azure network public-ip show -n PublicIp -g MyResourceGroup
#### Azure CLI
-```azurecli
+```azurecli-interactive
az network public-ip show --name PublicIp --resource-group MyResourceGroup ```
az network public-ip show --name PublicIp --resource-group MyResourceGroup
To remove a reverse DNS property from an existing PublicIpAddress:
-#### PowerShell
+#### Azure PowerShell
-```powershell
+```azurepowershell-interactive
$pip = Get-AzPublicIpAddress -Name "PublicIp" -ResourceGroupName "MyResourceGroup" $pip.DnsSettings.ReverseFqdn = "" Set-AzPublicIpAddress -PublicIpAddress $pip ```
-#### Azure classic CLI
+#### Azure Classic CLI
```azurecli azure network public-ip set -n PublicIp -g MyResourceGroup ΓÇôf ""
azure network public-ip set -n PublicIp -g MyResourceGroup ΓÇôf ""
#### Azure CLI
-```azurecli
+```azurecli-interactive
az network public-ip update --resource-group MyResourceGroup --name PublicIp --reverse-fqdn "" ``` - ## Configure reverse DNS for Cloud Services
-This section provides detailed instructions for how to configure reverse DNS for Cloud Services in the Classic deployment model, using Azure PowerShell. Configuring reverse DNS for Cloud Services is not supported via the Azure portal, Azure classic CLI, or Azure CLI.
+This section provides detailed instructions for how to configure reverse DNS for Cloud Services in the Classic deployment model, using Azure PowerShell. Configuring reverse DNS for Cloud Services isn't supported via the Azure portal, Azure classic CLI, or Azure CLI.
### Add reverse DNS to existing Cloud Services
Set-AzureService ΓÇôServiceName "contosoapp1" ΓÇôDescription "App1 with Reverse
### How much do reverse DNS records cost?
-They're free! There is no additional cost for reverse DNS records or queries.
+They're free! There's no extra cost for reverse DNS records or queries.
### Will my reverse DNS records resolve from the internet?
-Yes. Once you set the reverse DNS property for your Azure service, Azure manages all the DNS delegations and DNS zones required to ensure that reverse DNS record resolves for all Internet users.
+Yes. Once you set the reverse DNS property for your Azure service, Azure manages all the DNS delegations and DNS zones needed to ensure it resolves for all internet users.
### Are default reverse DNS records created for my Azure services? No. Reverse DNS is an opt-in feature. No default reverse DNS records are created if you choose not to configure them.
-### What is the format for the fully-qualified domain name (FQDN)?
+### What is the format for the fully qualified domain name (FQDN)?
FQDNs are specified in forward order, and must be terminated by a dot (for example, "app1.contoso.com.").
Where the reverse DNS validation check fails, the operation to configure the rev
### Can I configure reverse DNS for Azure App Service?
-No. Reverse DNS is not supported for the Azure App Service.
+No. Reverse DNS isn't supported for the Azure App Service.
### Can I configure multiple reverse DNS records for my Azure service?
No. Azure currently supports reverse DNS only for IPv4 PublicIpAddress resources
### Can I send emails to external domains from my Azure Compute services?
-The technical ability to send email directly from an Azure deployment depends on the subscription type. Regardless of subscription type, Microsoft recommends using trusted mail relay services to send outgoing mail. For further details, see [Enhanced Azure Security for sending Emails ΓÇô November 2017 Update](../virtual-network/troubleshoot-outbound-smtp-connectivity.md).
+The technical ability to send email directly from an Azure deployment depends on the subscription type. No matter the subscription type, Microsoft recommends using trusted mail relay services to send outgoing mail. For more information, see [Enhanced Azure Security for sending Emails ΓÇô November 2017 Update](../virtual-network/troubleshoot-outbound-smtp-connectivity.md).
## Next steps
-For more information on reverse DNS, see [reverse DNS lookup on Wikipedia](https://en.wikipedia.org/wiki/Reverse_DNS_lookup).
-<br>
-Learn how to [host the reverse lookup zone for your ISP-assigned IP range in Azure DNS](dns-reverse-dns-for-azure-services.md).
+* For more information on reverse DNS, see [reverse DNS lookup on Wikipedia](https://en.wikipedia.org/wiki/Reverse_DNS_lookup).
+* Learn how to [host the reverse lookup zone for your ISP-assigned IP range in Azure DNS](dns-reverse-dns-for-azure-services.md).
dns Dns Reverse Dns Hosting https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/dns/dns-reverse-dns-hosting.md
Title: Host reverse DNS lookup zones in Azure DNS description: Learn how to use Azure DNS to host the reverse DNS lookup zones for your IP ranges - Previously updated : 05/29/2017 Last updated : 04/29/2021
[!INCLUDE [updated-for-az](../../includes/updated-for-az.md)]
-This article explains how to host the reverse DNS lookup zones for your assigned IP ranges in Azure DNS. The IP ranges represented by the reverse lookup zones must be assigned to your organization, typically by your ISP.
+This article explains how to host reverse DNS lookup zones for your assigned IP ranges with Azure DNS. The IP ranges represented by the reverse lookup zones must be assigned to your organization, typically by your ISP.
-To configure reverse DNS for an Azure-owned IP address that's assigned to your Azure service, see [Configure reverse DNS for services hosted in Azure](dns-reverse-dns-for-azure-services.md).
+To configure reverse DNS for an Azure-owned IP address assigned to your Azure service, see [Configure reverse DNS for services hosted in Azure](dns-reverse-dns-for-azure-services.md).
-Before you read this article, you should be familiar with the [overview of reverse DNS and support in Azure](dns-reverse-dns-overview.md).
+Before reading this article, you should familiarize yourself with the [overview of reverse DNS](dns-reverse-dns-overview.md) and it's supported in Azure.
-This article walks you through the steps to create your first reverse lookup DNS zone and record by using the Azure portal, Azure PowerShell, Azure classic CLI, or Azure CLI.
+In this article, you'll learn how to create your first reverse lookup DNS zone and record by using the Azure portal, Azure PowerShell, Azure classic CLI, and Azure CLI.
## Create a reverse lookup DNS zone 1. Sign in to the [Azure portal](https://portal.azure.com).
-1. On the **Hub** menu, select **New** > **Networking**, and then select **DNS zone**.
- !["DNS zone" selection](./media/dns-reverse-dns-hosting/figure1.png)
+1. On the top left-hand side of the screen, select **Create a resource** and search for **DNS zone**. Then select **Create**.
+
+ :::image type="content" source="./media/dns-operations-dnszones-portal/search-dns-zone.png" alt-text="Screenshot of create a resource search for reverse DNS zone.":::
+
+1. On the **Create DNS zone** page, select, or enter the following settings:
+
+ | Setting | Details |
+ | | |
+ | **Subscription** | Select a subscription to create the DNS zone in.|
+ | **Resource group** | Select or create a new resource group. To learn more about resource groups, read the [Resource Manager](../azure-resource-manager/management/overview.md?toc=%2fazure%2fdns%2ftoc.json#resource-groups) overview article.|
+ | **Name** | Enter a name for the DNS zone. The name of the zone is crafted differently for IPv4 and IPv6 prefixes. Use the instructions for [IPv4](#ipv4) or [IPv6](#ipv6) to name your zone. |
+ | **Location** | Select the location for the resource group. The location will already be selected if you're using a previously created resource group. |
-1. In the **Create DNS zone** pane, name your DNS zone. The name of the zone is crafted differently for IPv4 and IPv6 prefixes. Use the instructions for [IPv4](#ipv4) or [IPv6](#ipv6) to name your zone. When you're finished, select **Create** to create the zone.
+1. Select **Review + create**, and then select **Create** once validation has passed.
### IPv4
-The name of an IPv4 reverse lookup zone is based on the IP range that it represents. It should be in the following format: `<IPv4 network prefix in reverse order>.in-addr.arpa`. For examples, see [Overview of reverse DNS and support in Azure](dns-reverse-dns-overview.md#ipv4).
+The name of an IPv4 reverse lookup zone is based on the IP range that it represents. It should be in the following format: `<IPv4 network prefix in reverse order>.in-addr.arpa`. For examples, see [Overview of reverse DNS](dns-reverse-dns-overview.md#ipv4) for IPv4.
> [!NOTE]
-> When you're creating classless reverse DNS lookup zones in Azure DNS, you must use a hyphen (`-`) rather than a forward slash (`/`) in the zone name.
+> When you're creating classless reverse DNS lookup zones in Azure DNS, you must use a hyphen (`-`) instead of a forward slash (`/`) in the zone name.
>
-> For example, for the IP range 192.0.2.128/26, you must use `128-26.2.0.192.in-addr.arpa` as the zone name instead of `128/26.2.0.192.in-addr.arpa`.
+> For example, for the IP range of 192.0.2.128/26, you'll use `128-26.2.0.192.in-addr.arpa` as the zone name instead of `128/26.2.0.192.in-addr.arpa`.
> > Although the DNS standards support both methods, Azure DNS doesn't support DNS zone names that contain the forward slash (`/`) character. The following example shows how to create a Class C reverse DNS zone named `2.0.192.in-addr.arpa` in Azure DNS via the Azure portal:
- ![Screenshot that shows how to create a Class C reverse DNS zone named 2.0.192.in-addr.arpa in Azure DNS via the Azure portal.](./media/dns-reverse-dns-hosting/figure2.png)
-**Resource group location** defines the location for the resource group. It has no impact on the DNS zone. The DNS zone location is always "global," and is not shown.
-
-The following examples show how to complete this task by using Azure PowerShell and Azure CLI.
+The following examples show how to complete this task using Azure PowerShell and Azure CLI.
#### PowerShell
-```powershell
-New-AzDnsZone -Name 2.0.192.in-addr.arpa -ResourceGroupName MyResourceGroup
+```azurepowershell-interactive
+New-AzDnsZone -Name 2.0.192.in-addr.arpa -ResourceGroupName mydnsresourcegroup
``` #### Azure classic CLI ```azurecli
-azure network dns zone create MyResourceGroup 2.0.192.in-addr.arpa
+azure network dns zone create mydnsresourcegroup 2.0.192.in-addr.arpa
``` #### Azure CLI
-```azurecli
-az network dns zone create -g MyResourceGroup -n 2.0.192.in-addr.arpa
+```azurecli-interactive
+az network dns zone create -g mydnsresourcegroup -n 2.0.192.in-addr.arpa
``` ### IPv6 The name of an IPv6 reverse lookup zone should be in the following form:
-`<IPv6 network prefix in reverse order>.ip6.arpa`. For examples, see [Overview of reverse DNS and support in Azure](dns-reverse-dns-overview.md#ipv6).
+`<IPv6 network prefix in reverse order>.ip6.arpa`. For examples, see [Overview of reverse DNS](dns-reverse-dns-overview.md#ipv6) for IPv6.
The following example shows how to create an IPv6 reverse DNS lookup zone named `0.0.0.0.d.c.b.a.8.b.d.0.1.0.0.2.ip6.arpa` in Azure DNS via the Azure portal:
- !["Create DNS zone" pane, with boxes filled in](./media/dns-reverse-dns-hosting/figure3.png)
-
-**Resource group location** defines the location for the resource group. It has no impact on the DNS zone. The DNS zone location is always "global," and is not shown.
-The following examples show how to complete this task by using Azure PowerShell and Azure CLI.
+The following examples show how to complete this task using Azure PowerShell and Azure CLI.
#### PowerShell ```powershell
-New-AzDnsZone -Name 0.0.0.0.d.c.b.a.8.b.d.0.1.0.0.2.ip6.arpa -ResourceGroupName MyResourceGroup
+New-AzDnsZone -Name 0.0.0.0.d.c.b.a.8.b.d.0.1.0.0.2.ip6.arpa -ResourceGroupName mydnsresourcegroup
``` #### Azure classic CLI ```azurecli
-azure network dns zone create MyResourceGroup 0.0.0.0.d.c.b.a.8.b.d.0.1.0.0.2.ip6.arpa
+azure network dns zone create mydnsresourcegroup 0.0.0.0.d.c.b.a.8.b.d.0.1.0.0.2.ip6.arpa
``` #### Azure CLI ```azurecli
-az network dns zone create -g MyResourceGroup -n 0.0.0.0.d.c.b.a.8.b.d.0.1.0.0.2.ip6.arpa
+az network dns zone create -g mydnsresourcegroup -n 0.0.0.0.d.c.b.a.8.b.d.0.1.0.0.2.ip6.arpa
``` ## Delegate a reverse DNS lookup zone
-Now that you've created your reverse DNS lookup zone, you must ensure that the zone is delegated from the parent zone. DNS delegation enables the DNS name resolution process to find the name servers that host your reverse DNS lookup zone. Those name servers can then answer DNS reverse queries for the IP addresses in your address range.
+Once the reverse DNS lookup zone gets created, you then need to make sure the zone gets delegated from the parent zone. DNS delegation enables the DNS name resolution process to find the name servers that host your reverse DNS lookup zone. Those name servers can then answer DNS reverse queries for the IP addresses in your address range.
-For forward lookup zones, the process of delegating a DNS zone is described in [Delegate your domain to Azure DNS](dns-delegate-domain-azure-dns.md). Delegation for reverse lookup zones works the same way. The only difference is that you need to configure the name servers with the ISP that provided your IP range, rather than your domain name registrar.
+For forward lookup zones, the process of delegating a DNS zone is described in [Delegate your domain to Azure DNS](dns-delegate-domain-azure-dns.md). Delegation for reverse lookup zones works the same way. The only difference is that you'll need to configure the name servers with the ISP. The ISP manages your IP range, that's why they need to update the name servers instead of domain name registrar.
## Create a DNS PTR record ### IPv4
-The following example walks you through the process of creating a PTR record in a reverse DNS zone in Azure DNS. For other record types and to modify existing records, see [Manage DNS records and record sets by using the Azure portal](dns-operations-recordsets-portal.md).
+The following example explains the process of creating a PTR record for a reverse DNS zone in Azure DNS. To learn more about record types or how to modify existing records, see [Manage DNS records and record sets](dns-operations-recordsets-portal.md).
-1. At the top of the **DNS zone** pane, select **+ Record set** to open the **Add record set** pane.
+1. At the top of the *DNS zone* overview page, select **+ Record set** to open the *Add record set* pane.
- ![Screenshot of the DNS zone pane with an arrow pointing at the + Record set button.](./media/dns-reverse-dns-hosting/figure4.png)
+ :::image type="content" source="./media/dns-reverse-dns-hosting/create-record-set-ipv4.png" alt-text="Screenshot of create IPv4 pointer record set.":::
-1. The name of the record set for a PTR record needs to be the rest of the IPv4 address in reverse order.
+1. The name of the record set for a PTR record will be the rest of the IPv4 address in reverse order.
- In this example, the first three octets are already populated as part of the zone name (.2.0.192). Therefore, only the last octet is supplied in the **Name** box. For example, you might name your record set **15** for a resource whose IP address is 192.0.2.15.
-1. For **Type**, select **PTR**.
-1. For **DOMAIN NAME**, enter the fully qualified domain name (FQDN) of the resource that uses the IP.
-1. Select **OK** at the bottom of the pane to create the DNS record.
+ In this example, the first three octets are already populated as part of the zone name `.2.0.192`. That's why only the last octet is needed in the **Name** box. For example, you'll give your record set the name of **15** for a resource whose IP address is `192.0.2.15`.
- !["Add record set" pane, with boxes filled in](./media/dns-reverse-dns-hosting/figure5.png)
+ :::image type="content" source="./media/dns-reverse-dns-hosting/create-ipv4-ptr.png" alt-text="Screenshot of create IPv4 pointer record.":::
-The following examples show how to complete this task by using PowerShell or Azure CLI.
+1. For *Type*, select **PTR**.
+
+1. For *DOMAIN NAME*, enter the fully qualified domain name (FQDN) of the resource that uses the IP.
+
+1. Select **OK** to create the DNS record.
+
+The following examples show how to complete this task by using Azure PowerShell and Azure CLI.
#### PowerShell
-```powershell
-New-AzDnsRecordSet -Name 15 -RecordType PTR -ZoneName 2.0.192.in-addr.arpa -ResourceGroupName MyResourceGroup -Ttl 3600 -DnsRecords (New-AzDnsRecordConfig -Ptrdname "dc1.contoso.com")
+```azurepowershell-interactive
+New-AzDnsRecordSet -Name 15 -RecordType PTR -ZoneName 2.0.192.in-addr.arpa -ResourceGroupName mydnsresourcegroup -Ttl 3600 -DnsRecords (New-AzDnsRecordConfig -Ptrdname "dc1.contoso.com")
``` #### Azure classic CLI ```azurecli
-azure network dns record-set add-record MyResourceGroup 2.0.192.in-addr.arpa 15 PTR --ptrdname dc1.contoso.com
+azure network dns record-set add-record mydnsresourcegroup 2.0.192.in-addr.arpa 15 PTR --ptrdname dc1.contoso.com
``` #### Azure CLI
-```azurecli
-az network dns record-set ptr add-record -g MyResourceGroup -z 2.0.192.in-addr.arpa -n 15 --ptrdname dc1.contoso.com
+```azurecli-interactive
+az network dns record-set ptr add-record -g mydnsresourcegroup -z 2.0.192.in-addr.arpa -n 15 --ptrdname dc1.contoso.com
``` ### IPv6
-The following example walks you through the process of creating new PTR record. For other record types and to modify existing records, see [Manage DNS records and record sets by using the Azure portal](dns-operations-recordsets-portal.md).
+The following example explains the process of creating new PTR record for IPv6. To learn more about record types or how to modify existing records, see [Manage DNS records and record sets](dns-operations-recordsets-portal.md).
+
+1. At the top of the *DNS zone* pane, select **+ Record set** to open the *Add record set* pane.
+
+ :::image type="content" source="./media/dns-reverse-dns-hosting/create-record-set-ipv6.png" alt-text="Screenshot of create IPv6 pointer record set.":::
-1. At the top of the **DNS zone** pane, select **+ Record set** to open the **Add record set** pane.
+1. The name of the record set for a PTR record will be the rest of the IPv6 address in reverse order. It must not include any zero compression.
- ![Button for creating a record set](./media/dns-reverse-dns-hosting/figure6.png)
+ In this example, the first 64 bits of the IPv6 gets populated as part of the zone name (0.0.0.0.c.d.b.a.8.b.d.0.1.0.0.2.ip6.arpa). That's why only the last 64 bits are supplied in the **Name** box. The last 64 bits of the IP address gets entered in reverse order, with a period as the delimiter between each hexadecimal number. You'll name your record set **e.5.0.4.9.f.a.1.c.b.0.1.4.2.5.f** if you have a resource whose IP address is 2001:0db8:abdc:0000:f524:10bc:1af9:405e.
-2. The name of the record set for a PTR record needs to be the rest of the IPv6 address in reverse order. It must not include any zero compression.
+ :::image type="content" source="./media/dns-reverse-dns-hosting/create-ipv6-ptr.png" alt-text="Screenshot of create IPv6 pointer record.":::
- In this example, the first 64 bits of the IPv6 are already populated as part of the zone name (0.0.0.0.c.d.b.a.8.b.d.0.1.0.0.2.ip6.arpa). Therefore, only the last 64 bits are supplied in the **Name** box. The last 64 bits of the IP address are entered in reverse order, with a period as the delimiter between each hexadecimal number. For example, you might name your record set **e.5.0.4.9.f.a.1.c.b.0.1.4.2.5.f** for a resource whose IP address is 2001:0db8:abdc:0000:f524:10bc:1af9:405e.
-3. For **Type**, select **PTR**.
-4. For **DOMAIN NAME**, enter the FQDN of the resource that uses the IP.
-5. Select **OK** at the bottom of the pane to create the DNS record.
+1. For *Type*, select **PTR**.
-![Screenshot that shows the "Add record set" pane with with an arrow pointing at the value in the Type field.](./media/dns-reverse-dns-hosting/figure7.png)
+1. For *DOMAIN NAME*, enter the FQDN of the resource that uses the IP.
+
+1. Select **OK** to create the DNS record.
The following examples show how to complete this task by using PowerShell or Azure CLI. #### PowerShell
-```powershell
-New-AzDnsRecordSet -Name "e.5.0.4.9.f.a.1.c.b.0.1.4.2.5.f" -RecordType PTR -ZoneName 0.0.0.0.c.d.b.a.8.b.d.0.1.0.0.2.ip6.arpa -ResourceGroupName MyResourceGroup -Ttl 3600 -DnsRecords (New-AzDnsRecordConfig -Ptrdname "dc2.contoso.com")
+```azurepowershell-interactive
+New-AzDnsRecordSet -Name "e.5.0.4.9.f.a.1.c.b.0.1.4.2.5.f" -RecordType PTR -ZoneName 0.0.0.0.c.d.b.a.8.b.d.0.1.0.0.2.ip6.arpa -ResourceGroupName mydnsresourcegroup -Ttl 3600 -DnsRecords (New-AzDnsRecordConfig -Ptrdname "dc2.contoso.com")
``` #### Azure classic CLI ```azurecli
-azure network dns record-set add-record MyResourceGroup 0.0.0.0.c.d.b.a.8.b.d.0.1.0.0.2.ip6.arpa e.5.0.4.9.f.a.1.c.b.0.1.4.2.5.f PTR --ptrdname dc2.contoso.com
+azure network dns record-set add-record mydnsresourcegroup 0.0.0.0.c.d.b.a.8.b.d.0.1.0.0.2.ip6.arpa e.5.0.4.9.f.a.1.c.b.0.1.4.2.5.f PTR --ptrdname dc2.contoso.com
``` #### Azure CLI
-```azurecli
-az network dns record-set ptr add-record -g MyResourceGroup -z 0.0.0.0.c.d.b.a.8.b.d.0.1.0.0.2.ip6.arpa -n e.5.0.4.9.f.a.1.c.b.0.1.4.2.5.f --ptrdname dc2.contoso.com
+```azurecli-interactive
+az network dns record-set ptr add-record -g mydnsresourcegroup -z 0.0.0.0.c.d.b.a.8.b.d.0.1.0.0.2.ip6.arpa -n e.5.0.4.9.f.a.1.c.b.0.1.4.2.5.f --ptrdname dc2.contoso.com
``` ## View records
To view the records that you created, browse to your DNS zone in the Azure porta
### IPv4
-The **DNS zone** pane shows the IPv4 PTR records:
+The **DNS zone** page will show the IPv4 PTR record:
-!["DNS zone" pane with IPv4 records](./media/dns-reverse-dns-hosting/figure8.png)
-The following examples show how to view the PTR records by using PowerShell or Azure CLI.
+The following examples show how to view the PTR records by using Azure PowerShell and Azure CLI.
#### PowerShell
-```powershell
-Get-AzDnsRecordSet -ZoneName 2.0.192.in-addr.arpa -ResourceGroupName MyResourceGroup
+```azurepowershell-interactive
+Get-AzDnsRecordSet -ZoneName 2.0.192.in-addr.arpa -ResourceGroupName mydnsresourcegroup
``` #### Azure classic CLI ```azurecli
-azure network dns record-set list MyResourceGroup 2.0.192.in-addr.arpa
+azure network dns record-set list mydnsresourcegroup 2.0.192.in-addr.arpa
``` #### Azure CLI
-```azurecli
-az network dns record-set list -g MyResourceGroup -z 2.0.192.in-addr.arpa
+```azurecli-interactive
+az network dns record-set list -g mydnsresourcegroup -z 2.0.192.in-addr.arpa
``` ### IPv6
-The **DNS zone** pane shows the IPv6 PTR records:
+The **DNS zone** page shows the IPv6 PTR record:
-!["DNS zone" pane with IPv6 records](./media/dns-reverse-dns-hosting/figure9.png)
The following examples show how to view the records by using PowerShell or Azure CLI. #### PowerShell ```powershell
-Get-AzDnsRecordSet -ZoneName 0.0.0.0.c.d.b.a.8.b.d.0.1.0.0.2.ip6.arpa -ResourceGroupName MyResourceGroup
+Get-AzDnsRecordSet -ZoneName 0.0.0.0.c.d.b.a.8.b.d.0.1.0.0.2.ip6.arpa -ResourceGroupName mydnsresourcegroup
``` #### Azure classic CLI ```azurecli
-azure network dns record-set list MyResourceGroup 0.0.0.0.c.d.b.a.8.b.d.0.1.0.0.2.ip6.arpa
+azure network dns record-set list mydnsresourcegroup 0.0.0.0.c.d.b.a.8.b.d.0.1.0.0.2.ip6.arpa
``` #### Azure CLI ```azurecli
-az network dns record-set list -g MyResourceGroup -z 0.0.0.0.c.d.b.a.8.b.d.0.1.0.0.2.ip6.arpa
+az network dns record-set list -g mydnsresourcegroup -z 0.0.0.0.c.d.b.a.8.b.d.0.1.0.0.2.ip6.arpa
``` ## FAQ
az network dns record-set list -g MyResourceGroup -z 0.0.0.0.c.d.b.a.8.b.d.0.1.0
Yes. Hosting the reverse lookup (ARPA) zones for your own IP ranges in Azure DNS is fully supported.
-Create the reverse lookup zone in Azure DNS as explained in this article, and then work with your ISP to [delegate the zone](dns-domain-delegation.md). You can then manage the PTR records for each reverse lookup in the same way as other record types.
+Create the reverse lookup zone in Azure DNS as explained in this article. Then work with your ISP to [delegate the zone](dns-domain-delegation.md). You can then manage the PTR records for each reverse lookup in the same way as other record types.
### How much does hosting my reverse DNS lookup zone cost?
Yes. This article explains how to create both IPv4 and IPv6 reverse DNS lookup z
Yes. You can use Azure CLI to import existing DNS zones into Azure DNS. This method works for both forward lookup zones and reverse lookup zones.
-For more information, see [Import and export a DNS zone file using Azure CLI](dns-import-export.md).
+For more information, see [import and export a DNS zone file](dns-import-export.md) using Azure CLI.
## Next steps
-For more information on reverse DNS, see [reverse DNS lookup on Wikipedia](https://en.wikipedia.org/wiki/Reverse_DNS_lookup).
-<br>
-Learn how to [manage reverse DNS records for your Azure services](dns-reverse-dns-for-azure-services.md).
+* For more information on reverse DNS, see [reverse DNS lookup on Wikipedia](https://en.wikipedia.org/wiki/Reverse_DNS_lookup).
+
+* Learn how to [manage reverse DNS records for your Azure services](dns-reverse-dns-for-azure-services.md).
event-grid Diagnostic Logs https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/event-grid/diagnostic-logs.md
Diagnostic settings allow Event Grid users to capture and view **publish and del
} ```
+The possible values of `Outcome` are `Aborted`, `TimedOut`, `GenericError`, and `Busy`. Event Grid logs any information it receives from the event handler in the `message`. For example, for `GenericError`, it logs the HTTP status code, error code, and the error message.
+ ## Next steps To learn how to enable diagnostic logs for topics or domains, see [Enable diagnostic logs](enable-diagnostic-logs-topic.md).
expressroute Expressroute Locations https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/expressroute/expressroute-locations.md
The following table shows locations by service provider. If you want to view ava
| **[CoreSite](https://www.coresite.com/solutions/cloud-services/public-cloud-providers/microsoft-azure-expressroute)** |Supported |Supported |Chicago, Denver, Los Angeles, New York, Silicon Valley, Silicon Valley2, Washington DC, Washington DC2 | | **[DE-CIX](https://www.de-cix.net/en/de-cix-service-world/cloud-exchange/find-a-cloud-service/detail/microsoft-azure)** | Supported |Supported |Amsterdam2, Dubai2, Frankfurt, Marseille, Mumbai, Munich, New York | | **[Devoli](https://devoli.com/expressroute)** | Supported |Supported | Auckland, Melbourne, Sydney |
+| **[Deutsche Telekom AG IntraSelect]()** | Supported |Supported |Frankfurt |
+| **[Deutsche Telekom AG]()** | Supported |Supported |Frankfurt2 |
| **du datamena** |Supported |Supported | Dubai2 | | **eir** |Supported |Supported |Dublin| | **[Epsilon Global Communications](https://www.epsilontel.com/solutions/direct-cloud-connect)** |Supported |Supported |Singapore, Singapore2 |
expressroute Using Expressroute For Microsoft365 https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/expressroute/using-expressroute-for-microsoft365.md
+
+ Title: 'Using ExpressRoute for Microsoft 365 Services | Microsoft Docs'
+description: This document discusses objectively on using ExpressRoute circuit for Microsoft 365 SaaS services.
+documentationcenter: na
+++++++ Last updated : 4/29/2021++++
+# Using ExpressRoute for routing Microsoft 365 traffic
+
+An ExpressRoute circuit provides private connectivity to Microsoft backbone network.
+* It offers *Private peering* to connect to private endpoints of your IaaS deployment in Azure regions
+* Also, it offers *Microsoft peering* to connect to public endpoints of IaaS, PaaS, and SaaS services in Microsoft network.
+
+For more information about ExpressRoute, see the [Introduction to ExpressRoute][ExR-Intro] article.
++
+Often there's a confusion whether ExpressRoute can be used or not for routing Microsoft 365 SaaS traffic.
+
+* One side argument: ExpressRoute does offer Microsoft peering, using which you can reach most of the public endpoints in Microsoft network.
+In fact, using a *Route Filter* you can select Microsoft 365 service prefixes that need to be advertised via Microsoft peering to your on-premises network.
+These routes advertisement enables routing Microsoft 365 service traffic over the ExpressRoute circuit.
+* The counter argument: Microsoft 365 is a distributed service. It is designed to enable customers all over the world to connect to the service using the Internet.
+So, it's recommended not to use ExpressRoute for Microsoft 365.
+
+The goals of this article are:
+* to provide technical reasoning for the arguments, and
+* objectively discuss when to use ExpressRoute for routing Microsoft 365 traffic and when not to use it.
+
+## Network requirements of Microsoft 365 traffic
+Microsoft 365 service often includes real-time traffic such as voice & video calls, online meetings, and real-time collaboration. This real-time traffic has stringent network performance requirements in terms of latency and jitter. Within certain limits of network latency, jitter can be effectively handled using buffer at the client device. Network latency is a function of physical distance traffic need to travel, link bandwidth, and network processing latency.
+
+## Network optimization features of Microsoft 365
+
+Microsoft strives to optimize network performance of all the cloud applications both in terms of architecture and features. To begin with, Microsoft owns one of the largest global networks, which is optimized to achieve the core objective of offering best network performance. Microsoft network is software defined, and it's a "Cold Potato" network. "Cold Potato" network in the sense, it attracts and egress traffic as close as possible to client-device/customer-network. Besides, Microsoft network is highly redundant and highly available. For more information about architecture optimization, see [How Microsoft builds its fast and reliable global network][MGN].
+
+To address the stringent network latency requirements, Microsoft 365 shortens route length by:
+* dynamically routing the end-user connection to the nearest Microsoft 365 entry point, and
+* from the entry point efficiently routing them within the Microsoft global network to the nearest (and authorized) Microsoft 365 data center.
+
+The Microsoft 365 entry points are serviced by Azure Front Door (AFD). AFD is a widely distributed service present at Microsoft global edge network and it helps to create fast, secure, and highly scalable SaaS applications. To further understand how AFD accelerates web application performance, see [What is Azure Front Door?][AFD]. While choosing the nearest Microsoft 365 data center, Microsoft does take into consideration data sovereignty regulations within the geo-political region.
+
+## What is geo-pinning connections?
+
+Between a client-server when you force the traffic to flow through certain network device(s) located in a geographical location, then it's referred to as geo-pinning the network connections. Traditional network architecture, with the underlying design principle that the clients-servers are statically located, commonly geo-pins the connections.
+For example, when you force your enterprise Internet connections traverse through your corporate network, and egress from a central location (typically via a set of proxy-servers or firewalls), you're geo-pinning the Internet connections.
+
+Similarly, in SaaS application architecture if you force route the traffic through an intermediate datacenter (for example, cloud security) in a region or via one or more intermediate network devices (for example, ExpressRoute) in a specific location then you're geo-pinning the SaaS connections.
+
+## When not to use ExpressRoute for Microsoft 365?
+
+Because of its ability to dynamically shorten the route length and dynamically choose the closest server datacenter depending on the location of the clients, Microsoft 365 is said to be designed for the Internet.
+Besides, certain Microsoft 365 traffic is routed only through the Internet.
+When you have your SaaS clients widely distributed across a region or globally, and if you geo-pin the connections to a particular location then you are forcing the clients further away from the geo-pined location to experience higher network latency.
+Higher network latency results in suboptimal network performance and poor application performance.
+
+Therefore, in scenarios where you have widely distributed SaaS clients or clients that are highly mobile, you don't want to geo-pin connections by any means including forcing the traffic through an ExpressRoute circuit in a specific peering location.
++
+## When to use ExpressRoute for Microsoft 365?
+
+The following are some of the reasons why you may want to use ExpressRoute for routing Microsoft 365 traffic:
+* Your SaaS clients are concentrated in a geo-location and the most optimal way to connect to Microsoft global network is via ExpressRoute circuits
+* Your SaaS clients are concentrated in multiple global locations and each location has its own ExpressRoute circuits that provide optimal connectivity to Microsoft global network
+* You're required by law to route cloud-bound traffic via private connections
+* You're required to route all the SaaS traffic to a geo-pinned centralized location (be it a private or a public datacenter) and the optimal way to connect the centralized location to the Microsoft global network is via ExpressRoute
+* For some of your static SaaS clients only ExpressRoute provides optimal connectivity, while for the other clients you use Internet
+
+While you use ExpressRoute, you can apply the route filter associated with Microsoft peering of ExpressRoute to route only a subset of Microsoft 365 services and/or Azure PaaS services over the ExpressRoute circuit. For more information, see [Tutorial: Configure route filters for Microsoft peering][ExRRF].
+
+## Next steps
+
+* To understand how Microsoft Teams calls flow and how to optimize the network connectivity in different scenarios including while using Express Route for best results, see [Microsoft Teams call flows][Teams].
+* If you want to test to understand Microsoft 365 connectivity issues for individual office locations, see [Microsoft 365 network connectivity test][Microsoft 365-Test].
+* To establish baseline and performance history to help detect emerging issues of Microsoft 365 performance, see [Office 365 performance tuning using baselines and performance history][Microsoft 365perf].
+
+<!--Link References-->
+[ExR-Intro]: https://docs.microsoft.com/azure/expressroute/expressroute-introduction
+[CreatePeering]: https://docs.microsoft.com/azure/expressroute/expressroute-howto-routing-portal-resource-manager
+[MGN]: https://azure.microsoft.com/blog/how-microsoft-builds-its-fast-and-reliable-global-network/
+[AFD]: https://docs.microsoft.com/azure/frontdoor/front-door-overview
+[ExRRF]: https://docs.microsoft.com/azure/expressroute/how-to-routefilter-portal
+[Teams]: https://docs.microsoft.com/microsoftteams/microsoft-teams-online-call-flows
+[Microsoft 365-Test]: https://connectivity.office.com/
+[Microsoft 365perf]: https://docs.microsoft.com/microsoft-365/enterprise/performance-tuning-using-baselines-and-history?view=o365-worldwide
++
firewall Dns Settings https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/firewall/dns-settings.md
Previously updated : 02/16/2021 Last updated : 04/30/2021
$azFw | Set-AzFirewall
## DNS proxy
-You can configure Azure Firewall to act as a DNS proxy. A DNS proxy is an intermediary for DNS requests from client virtual machines to a DNS server. If you configure a custom DNS server, then enable DNS proxy to avoid a DNS resolution mismatch, and enable FQDN (fully qualified domain name) filtering in the network rules.
+You can configure Azure Firewall to act as a DNS proxy. A DNS proxy is an intermediary for DNS requests from client virtual machines to a DNS server. If you want to enable FQDN (fully qualified domain name) filtering in network rules, enable DNS proxy and update the virtual machine configuration to use the firewall as a DNS proxy.
:::image type="content" source="media/dns-settings/dns-proxy-2.png" alt-text="D N S proxy configuration using a custom D N S server.":::
+If you enable FQDN filtering in network rules, and you don't configure client virtual machines to use the firewall as a DNS proxy, then DNS requests from these clients might travel to a DNS server at a different time or return a different response compared to that of the firewall. DNS proxy puts Azure Firewall in the path of the client requests to avoid inconsistency.
-If you don't enable DNS proxy, then DNS requests from the client might travel to a DNS server at a different time or return a different response compared to that of the firewall. DNS proxy puts Azure Firewall in the path of the client requests to avoid inconsistency.
When Azure Firewall is a DNS proxy, two caching function types are possible:
governance Azure Management https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/governance/azure-management.md
Title: Azure Management Overview - Azure Governance description: Overview of the areas of management for Azure applications and resources with links to content on Azure management tools. Previously updated : 02/05/2021 Last updated : 05/01/2021 # What are the Azure Management areas?
governance Deployment Stages https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/governance/blueprints/concepts/deployment-stages.md
Title: Stages of a blueprint deployment description: Learn the security and artifact-related steps the Azure Blueprints services goes through while creating a blueprint assignment. Previously updated : 01/27/2021 Last updated : 05/01/2021 # Stages of a blueprint deployment
governance Lifecycle https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/governance/blueprints/concepts/lifecycle.md
Title: Understand the lifecycle of a blueprint description: Learn about the lifecycle that a blueprint definition goes through and details about each stage, including updating and removing blueprint assignments. Previously updated : 01/27/2021 Last updated : 05/01/2021 # Understand the lifecycle of an Azure Blueprint
governance Parameters https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/governance/blueprints/concepts/parameters.md
Title: Use parameters to creating dynamic blueprints description: Learn about static and dynamic parameters and how to use them to create secure and dynamic blueprints. Previously updated : 01/27/2021 Last updated : 05/01/2021 # Creating dynamic blueprints through parameters
governance Sequencing Order https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/governance/blueprints/concepts/sequencing-order.md
Title: Understand the deployment sequence order description: Learn about the default order that blueprint artifacts are deployed in during a blueprint assignment and how to customize the deployment order. Previously updated : 01/27/2021 Last updated : 05/01/2021 # Understand the deployment sequence in Azure Blueprints
governance Create Blueprint Azurecli https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/governance/blueprints/create-blueprint-azurecli.md
Title: "Quickstart: Create a blueprint with Azure CLI" description: In this quickstart, you use Azure Blueprints to create, define, and deploy artifacts using the Azure CLI. Previously updated : 01/27/2021 Last updated : 05/01/2021 # Quickstart: Define and Assign an Azure Blueprint with Azure CLI
governance Create Blueprint Portal https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/governance/blueprints/create-blueprint-portal.md
Title: 'Quickstart: Create a blueprint in the portal' description: In this quickstart, you use Azure Blueprints to create, define, and deploy artifacts through the Azure portal. Previously updated : 01/27/2021 Last updated : 05/01/2021 - mode-portal
governance Create Blueprint Powershell https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/governance/blueprints/create-blueprint-powershell.md
Title: 'Quickstart: Create a blueprint with PowerShell' description: In this quickstart, you use Azure Blueprints to create, define, and deploy artifacts using the PowerShell. Previously updated : 01/27/2021 Last updated : 05/01/2021 - mode-api
governance Create Blueprint Rest Api https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/governance/blueprints/create-blueprint-rest-api.md
Title: "Quickstart: Create a blueprint with REST API" description: In this quickstart, you use Azure Blueprints to create, define, and deploy artifacts using the REST API. Previously updated : 01/27/2021 Last updated : 05/01/2021 # Quickstart: Define and Assign an Azure Blueprint with REST API
governance Configure For Blueprint Operator https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/governance/blueprints/how-to/configure-for-blueprint-operator.md
Title: Set up your environment for Blueprint Operator description: Learn how to configure your Azure environment for use with the Blueprint Operator Azure built-in role. Previously updated : 02/05/2021 Last updated : 05/01/2021 # Configure your environment for a Blueprint Operator
governance Import Export Ps https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/governance/blueprints/how-to/import-export-ps.md
Title: Import and export blueprints with PowerShell description: Learn how to work with your blueprint definitions as code. Share, source control, and manage them using the export and import commands. Previously updated : 01/27/2021 Last updated : 05/01/2021 # Import and export blueprint definitions with PowerShell
governance Manage Assignments Ps https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/governance/blueprints/how-to/manage-assignments-ps.md
Title: How to manage assignments with PowerShell description: Learn how to manage blueprint assignments with the official Azure Blueprints PowerShell module, Az.Blueprint. Previously updated : 01/27/2021 Last updated : 05/01/2021 # How to manage assignments with PowerShell
governance Update Existing Assignments https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/governance/blueprints/how-to/update-existing-assignments.md
Title: Update an existing assignment from the portal description: Learn about the mechanism for updating an existing blueprint assignment from the portal in Azure Blueprints. Previously updated : 01/27/2021 Last updated : 05/01/2021 # How to update an existing blueprint assignment
governance Overview https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/governance/blueprints/overview.md
Title: Overview of Azure Blueprints description: Understand how the Azure Blueprints service enables you to create, define, and deploy artifacts in your Azure environment. Previously updated : 01/27/2021 Last updated : 05/01/2021 # What is Azure Blueprints?
governance Blueprint Functions https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/governance/blueprints/reference/blueprint-functions.md
Title: Azure Blueprints functions description: Describes the functions available for use with blueprint artifacts in Azure Blueprints definitions and assignments. Previously updated : 01/27/2021 Last updated : 05/01/2021 # Functions for use with Azure Blueprints
governance Iso 27001 2013 https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/governance/blueprints/samples/iso-27001-2013.md
Title: ISO 27001 blueprint sample overview description: Overview of the ISO 27001 blueprint sample. This blueprint sample helps customers assess specific ISO 27001 controls. Previously updated : 02/01/2021 Last updated : 05/01/2021 # ISO 27001 blueprint sample
governance General https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/governance/blueprints/troubleshoot/general.md
Title: Troubleshoot common errors description: Learn how to troubleshoot issues creating, assigning, and removing blueprints such as policy violations and blueprint parameter functions. Previously updated : 01/27/2021 Last updated : 05/01/2021 # Troubleshoot errors using Azure Blueprints
The template deployment failed because of policy violation.
#### Cause
-A policy may conflict with the deployment for a number of reasons:
+A policy may conflict with the deployment for the following reasons:
- The resource being created is restricted by policy (commonly SKU or location restrictions) - The deployment is setting fields that are configured by policy (common with tags)
governance Create From Sample https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/governance/blueprints/tutorials/create-from-sample.md
Title: "Tutorial: Blueprint sample to new environment" description: In this tutorial, you use a blueprint sample to create a blueprint definition that sets up two resource groups and configures a role assignment for each. Previously updated : 01/27/2021 Last updated : 05/01/2021 # Tutorial: Create an environment from a blueprint sample
governance Create Management Group Azure Cli https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/governance/management-groups/create-management-group-azure-cli.md
Title: "Quickstart: Create a management group with the Azure CLI" description: In this quickstart, you use the Azure CLI to create a management group to organize your resources into a resource hierarchy. Previously updated : 02/05/2021 Last updated : 05/01/2021
governance Create Management Group Dotnet https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/governance/management-groups/create-management-group-dotnet.md
Title: "Quickstart: Create a management group with .NET Core" description: In this quickstart, you use .NET Core to create a management group to organize your resources into a resource hierarchy. Previously updated : 02/05/2021 Last updated : 05/01/2021
governance Create Management Group Javascript https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/governance/management-groups/create-management-group-javascript.md
Title: 'Quickstart: Create a management group with JavaScript' description: In this quickstart, you use JavaScript to create a management group to organize your resources into a resource hierarchy. Previously updated : 02/05/2021 Last updated : 05/01/2021 - devx-track-js
governance Create Management Group Portal https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/governance/management-groups/create-management-group-portal.md
Title: 'Quickstart: Create a management group with portal' description: In this quickstart, you use Azure portal to create a management group to organize your resources into a resource hierarchy. Previously updated : 02/05/2021 Last updated : 05/01/2021 - mode-portal
governance Create Management Group Powershell https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/governance/management-groups/create-management-group-powershell.md
Title: 'Quickstart: Create a management group with Azure PowerShell' description: In this quickstart, you use Azure PowerShell to create a management group to organize your resources into a resource hierarchy. Previously updated : 02/05/2021 Last updated : 05/01/2021 - devx-track-azurepowershell
governance Create Management Group Python https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/governance/management-groups/create-management-group-python.md
Title: 'Quickstart: Create a management group with Python' description: In this quickstart, you use Python to create a management group to organize your resources into a resource hierarchy. Previously updated : 01/29/2021 Last updated : 05/01/2021 - devx-track-python
governance Create Management Group Rest Api https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/governance/management-groups/create-management-group-rest-api.md
Title: "Quickstart: Create a management group with REST API" description: In this quickstart, you use REST API to create a management group to organize your resources into a resource hierarchy. Previously updated : 02/05/2021 Last updated : 05/01/2021 # Quickstart: Create a management group with REST API
governance Manage https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/governance/management-groups/manage.md
Title: How to work with your management groups - Azure Governance description: Learn how to view, maintain, update, and delete your management group hierarchy. Previously updated : 01/15/2021 Last updated : 05/01/2021 # Manage your resources with management groups
governance Assign Policy Portal https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/governance/policy/assign-policy-portal.md
Title: "Quickstart: New policy assignment with portal" description: In this quickstart, you use Azure portal to create an Azure Policy assignment to identify non-compliant resources. Previously updated : 01/29/2021 Last updated : 05/01/2021 # Quickstart: Create a policy assignment to identify non-compliant resources
governance Assign Policy Rest Api https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/governance/policy/assign-policy-rest-api.md
Title: "Quickstart: New policy assignment with REST API" description: In this quickstart, you use REST API to create an Azure Policy assignment to identify non-compliant resources. Previously updated : 01/29/2021 Last updated : 05/01/2021 # Quickstart: Create a policy assignment to identify non-compliant resources with REST API
governance Definition Structure https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/governance/policy/concepts/definition-structure.md
Title: Details of the policy definition structure description: Describes how policy definitions are used to establish conventions for Azure resources in your organization. Previously updated : 04/29/2021 Last updated : 05/01/2021 # Azure Policy definition structure
governance Guest Configuration https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/governance/policy/concepts/guest-configuration.md
Title: Learn to audit the contents of virtual machines description: Learn how Azure Policy uses the Guest Configuration client to audit settings inside virtual machines. Previously updated : 01/14/2021 Last updated : 05/01/2021 # Understand Azure Policy's Guest Configuration
are met on the machine. The requirements are described in section
> [!IMPORTANT] > In a prior release of Guest Configuration, an initiative was required to combine
-> **DeployIfNoteExists** and **AuditIfNotExists** definitions. **DeployIfNotExists** definitions are
+> **DeployIfNotExists** and **AuditIfNotExists** definitions. **DeployIfNotExists** definitions are
> no longer required. The definitions and initiatives are labeled `[Deprecated]` but existing > assignments will continue to function. For information see the blog post: > [Important change released for Guest Configuration audit policies](https://techcommunity.microsoft.com/t5/azure-governance-and-management/important-change-released-for-guest-configuration-audit-policies/ba-p/1655316)
governance Recommended Policies https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/governance/policy/concepts/recommended-policies.md
Title: Recommended policies for Azure services
description: Describes how to find and apply recommended policies for Azure services such as Azure Virtual Machines. Last updated 03/31/2021
-ms.customer: generated
+ # Recommended policies for Azure services
governance Remediate Resources https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/governance/policy/how-to/remediate-resources.md
Title: Remediate non-compliant resources description: This guide walks you through the remediation of resources that are non-compliant to policies in Azure Policy. Previously updated : 02/17/2021 Last updated : 05/01/2021 # Remediate non-compliant resources with Azure Policy
governance Overview https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/governance/policy/overview.md
Title: Overview of Azure Policy description: Azure Policy is a service in Azure, that you use to create, assign and, manage policy definitions in your Azure environment. Previously updated : 01/14/2021 Last updated : 05/01/2021 # What is Azure Policy?
networking resources. You could exclude a resource group in that subscription th
networking infrastructure. You then grant access to this networking resource group to users that you trust with creating networking resources.
-In another example, you might want to assign a resource type allow list definition at the management
+In another example, you might want to assign a resource type allowlist definition at the management
group level. Then you assign a more permissive policy (allowing more resource types) on a child management group or even directly on subscriptions. However, this example wouldn't work because Azure Policy is an explicit deny system. Instead, you need to exclude the child management group or
governance Index https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/governance/policy/samples/index.md
Title: Index of policy samples description: Index of built-ins for Azure Policy. Categories Tags, Regulatory Compliance, Key Vault, Kubernetes, Guest Configuration, and more. Previously updated : 01/29/2021 Last updated : 05/01/2021 # Azure Policy Samples
governance Create And Manage https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/governance/policy/tutorials/create-and-manage.md
Title: "Tutorial: Build policies to enforce compliance" description: In this tutorial, you use policies to enforce standards, control costs, maintain security, and impose enterprise wide design principles. Previously updated : 01/29/2021 Last updated : 05/01/2021 # Tutorial: Create and manage policies to enforce compliance
overview](../overview.md).
1. Select **Next** at the bottom of the page or the **Policy parameters** tab at the top of the wizard.
-1. Policy definition added to the initiative that have parameters are displayed in a grid. The
+1. Policy definitions added to the initiative that have parameters are displayed in a grid. The
_value type_ can be 'Default value', 'Set value', or 'Use Initiative Parameter'. If 'Set value' is selected, the related value is entered under _Value(s)_. If the parameter on the policy definition has a list of allowed values, the entry box is a drop-down selector. If 'Use
different location is denied. In this section, you walk through resolving a deni
a resource by creating an exclusion on a single resource group. The exclusion prevents enforcement of the policy (or initiative) on that resource group. In the following example, any location is allowed in the excluded resource group. An exclusion can apply to a subscription, a resource group,
-or an individual resources.
+or an individual resource.
> [!NOTE] > A [policy exemption](../concepts/exemption-structure.md) can also be used skip the evaluation of a
-> resource. For additional information, see [Scope in Azure Policy](../concepts/scope.md).
+> resource. For more information, see [Scope in Azure Policy](../concepts/scope.md).
Deployments prevented by an assigned policy or initiative can be viewed on the resource group targeted by the deployment: Select **Deployments** in the left side of the page, then select the
related policy objects.
:::image type="content" source="../media/create-and-manage/rg-deployment-denied.png" alt-text="Screenshot of a failed deployment that was denied by a policy assignment." border="false"::: On the Azure Policy page: Select **Compliance** in the left side of the page and select the **Get
-Secure** policy initiative. On this page, there is an increase in the **Deny** count for blocked
+Secure** policy initiative. On this page, there's an increase in the **Deny** count for blocked
resources. Under the **Events** tab are details about who tried to create or deploy the resource that was denied by the policy definition.
governance Explore Resources https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/governance/resource-graph/concepts/explore-resources.md
Title: Explore your Azure resources description: Learn to use the Resource Graph query language to explore your resources and discover how they're connected. Previously updated : 01/27/2021 Last updated : 05/01/2021 # Explore your Azure resources with Resource Graph
governance Work With Data https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/governance/resource-graph/concepts/work-with-data.md
Title: Work with large data sets description: Understand how to get, format, page, and skip records in large data sets while working with Azure Resource Graph. Previously updated : 01/27/2021 Last updated : 05/01/2021
governance First Query Azurecli https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/governance/resource-graph/first-query-azurecli.md
Title: "Quickstart: Your first Azure CLI query" description: In this quickstart, you follow the steps to enable the Resource Graph extension for Azure CLI and run your first query. Previously updated : 01/27/2021 Last updated : 05/01/2021
governance First Query Dotnet https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/governance/resource-graph/first-query-dotnet.md
Title: "Quickstart: Your first .NET Core query" description: In this quickstart, you follow the steps to enable the Resource Graph NuGet packages for .NET Core and run your first query. Previously updated : 01/27/2021 Last updated : 05/01/2021
governance First Query Go https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/governance/resource-graph/first-query-go.md
Title: "Quickstart: Your first Go query" description: In this quickstart, you follow the steps to enable the Resource Graph package for Go and run your first query. Previously updated : 01/27/2021 Last updated : 05/01/2021 # Quickstart: Run your first Resource Graph query using Go
governance First Query Javascript https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/governance/resource-graph/first-query-javascript.md
Title: 'Quickstart: Your first JavaScript query' description: In this quickstart, you follow the steps to enable the Resource Graph library for JavaScript and run your first query. Previously updated : 01/27/2021 Last updated : 05/01/2021 - devx-track-js
governance First Query Portal https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/governance/resource-graph/first-query-portal.md
Title: 'Quickstart: Your first portal query' description: In this quickstart, you follow the steps to run your first query from Azure portal using Azure Resource Graph Explorer. Previously updated : 01/27/2021 Last updated : 05/01/2021 - mode-portal
governance First Query Powershell https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/governance/resource-graph/first-query-powershell.md
Title: 'Quickstart: Your first PowerShell query' description: In this quickstart, you follow the steps to enable the Resource Graph module for Azure PowerShell and run your first query. Previously updated : 01/27/2021 Last updated : 05/01/2021 - mode-api
governance First Query Python https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/governance/resource-graph/first-query-python.md
Title: 'Quickstart: Your first Python query' description: In this quickstart, you follow the steps to enable the Resource Graph library for Python and run your first query. Previously updated : 01/27/2021 Last updated : 05/01/2021 - devx-track-python
governance First Query Rest Api https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/governance/resource-graph/first-query-rest-api.md
Title: "Quickstart: Your first REST API query" description: In this quickstart, you follow the steps to call the Resource Graph endpoint for REST API and run your first query. Previously updated : 01/27/2021 Last updated : 05/01/2021 # Quickstart: Run your first Resource Graph query using REST API
governance First Query Ruby https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/governance/resource-graph/first-query-ruby.md
Title: "Quickstart: Your first Ruby query" description: In this quickstart, you follow the steps to enable the Resource Graph gem for Ruby and run your first query. Previously updated : 01/27/2021 Last updated : 05/01/2021 # Quickstart: Run your first Resource Graph query using Ruby
governance Overview https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/governance/resource-graph/overview.md
Title: Overview of Azure Resource Graph description: Understand how the Azure Resource Graph service enables complex querying of resources at scale across subscriptions and tenants. Previously updated : 01/27/2021 Last updated : 05/01/2021 # What is Azure Resource Graph?
governance Keyboard Shortcuts https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/governance/resource-graph/reference/keyboard-shortcuts.md
Title: Keyboard shortcuts in the Azure portal for Azure Resource Graph Explorer description: Azure Resource Graph Explorer in the Azure portal supports keyboard shortcuts to help you perform actions and navigate. Previously updated : 01/27/2021 Last updated : 05/01/2021
governance Starter https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/governance/resource-graph/samples/starter.md
Title: Starter query samples description: Use Azure Resource Graph to run some starter queries, including counting resources, ordering resources, or by a specific tag. Previously updated : 02/04/2021 Last updated : 05/01/2021 # Starter Resource Graph query samples
governance Shared Query Azure Cli https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/governance/resource-graph/shared-query-azure-cli.md
Title: "Quickstart: Create a shared query with Azure CLI" description: In this quickstart, you follow the steps to enable the Resource Graph extension for Azure CLI and create a shared query. Previously updated : 02/05/2021 Last updated : 05/01/2021 # Quickstart: Create a Resource Graph shared query using Azure CLI
governance Shared Query Azure Powershell https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/governance/resource-graph/shared-query-azure-powershell.md
Title: 'Quickstart: Create a shared query with Azure PowerShell' description: In this quickstart, you follow the steps to create a Resource Graph shared query using Azure PowerShell. Previously updated : 01/11/2021 Last updated : 05/01/2021 - devx-track-azurepowershell
governance Shared Query Template https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/governance/resource-graph/shared-query-template.md
Title: 'Quickstart: Create a shared query with templates' description: In this quickstart, you use an Azure Resource Manager template (ARM template) to create a Resource Graph shared query that counts virtual machines by OS. Previously updated : 02/05/2021 Last updated : 05/01/2021 - subject-armqs
governance General https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/governance/resource-graph/troubleshoot/general.md
Title: Troubleshoot common errors description: Learn how to troubleshoot issues with the various SDKs while querying Azure resources with Azure Resource Graph. Previously updated : 01/27/2021 Last updated : 05/01/2021 # Troubleshoot errors using Azure Resource Graph
governance Create Share Query https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/governance/resource-graph/tutorials/create-share-query.md
Title: "Tutorial: Manage queries in Azure portal" description: In this tutorial, you create a Resource Graph Query and share the new query with others in the Azure portal. Previously updated : 01/27/2021 Last updated : 05/01/2021 # Tutorial: Create and share an Azure Resource Graph query in the Azure portal
healthcare-apis Fhir Faq https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/healthcare-apis/fhir/fhir-faq.md
Some examples of this are below:
### What is the default sort when searching for resources in Azure API for FHIR?
-We support sorting by the date last updated: _sort=_lastUpdated. For more information about other supported search parameters, check out our [supported features page](fhir-features-supported.md#search).
+We support sorting by the date last updated: _sort=_lastUpdated. For more information about other supported search parameters, see [Overview of FHIR Search](overview-of-search.md).
### Does the Azure API for FHIR support $everything?
healthcare-apis Fhir Features Supported https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/healthcare-apis/fhir/fhir-features-supported.md
Previous versions also currently supported include: `3.0.2`
| history | Yes | Yes | Yes | | | create | Yes | Yes | Yes | Support both POST/PUT | | create (conditional) | Yes | Yes | Yes | Issue [#1382](https://github.com/microsoft/fhir-server/issues/1382) |
-| search | Partial | Partial | Partial | See Search section below. |
+| search | Partial | Partial | Partial | See [Overview of FHIR Search](overview-of-search.md). |
| chained search | Partial | Yes | Partial | See Note 2 below. | | reverse chained search | Partial | Yes | Partial | See Note 2 below. | | capabilities | Yes | Yes | Yes | |
Previous versions also currently supported include: `3.0.2`
In the Azure API for FHIR and the open-source FHIR server backed by Cosmos, the chained search and reverse chained search is an MVP implementation. To accomplish chained search on Cosmos DB, the implementation walks down the search expression and issues sub-queries to resolve the matched resources. This is done for each level of the expression. If any query returns more than 100 results, an error will be thrown. By default, chained search is behind a feature flag. To use the chained searching on Cosmos DB, use the header `x-ms-enable-chained-search: true`. For more details, see [PR 1695](https://github.com/microsoft/fhir-server/pull/1695).
-## Search
-
-All search parameter types are supported.
-
-| Search parameter type | Supported - PaaS | Supported - OSS (SQL) | Supported - OSS (Cosmos DB) | Comment |
-|--|--|--|--||
-| Number | Yes | Yes | Yes | |
-| Date/DateTime | Yes | Yes | Yes | |
-| String | Yes | Yes | Yes | |
-| Token | Yes | Yes | Yes | |
-| Reference | Yes | Yes | Yes | |
-| Composite | Yes | Yes | Yes | |
-| Quantity | Yes | Yes | Yes | |
-| URI | Yes | Yes | Yes | |
-| Special | No | No | No | |
--
-| Modifiers | Supported - PaaS | Supported - OSS (SQL) | Supported - OSS (Cosmos DB) | Comment |
-|--|--|--|--||
-|`:missing` | Yes | Yes | Yes | |
-|`:exact` | Yes | Yes | Yes | |
-|`:contains` | Yes | Yes | Yes | |
-|`:text` | Yes | Yes | Yes | |
-|`:[type]` (reference) | Yes | Yes | Yes | |
-|`:not` | Yes | Yes | Yes | |
-|`:below` (uri) | Yes | Yes | Yes | |
-|`:above` (uri) | No | No | No | Issue [#158](https://github.com/Microsoft/fhir-server/issues/158) |
-|`:in` (token) | No | No | No | |
-|`:below` (token) | No | No | No | |
-|`:above` (token) | No | No | No | |
-|`:not-in` (token) | No | No | No | |
-
-| Common search parameter | Supported - PaaS | Supported - OSS (SQL) | Supported - OSS (Cosmos DB) | Comment |
-|-| -| -| -||
-| `_id` | Yes | Yes | Yes | |
-| `_lastUpdated` | Yes | Yes | Yes | |
-| `_tag` | Yes | Yes | Yes | |
-| `_list` | Yes | Yes | Yes | |
-| `_type` | Yes | Yes | Yes | Issue [#1562](https://github.com/microsoft/fhir-server/issues/1562) |
-| `_security` | Yes | Yes | Yes | |
-| `_profile` | Partial | Partial | Partial | Supported in STU3. If you created your database **after** February 20th, 2021, you will have support in R4 as well. We are working to enable _profile on databases created prior to February 20th, 2021. |
-| `_text` | No | No | No | |
-| `_content` | No | No | No | |
-| `_has` | No | No | No | |
-| `_query` | No | No | No | |
-| `_filter` | No | No | No | |
-
-| Search result parameters | Supported - PaaS | Supported - OSS (SQL) | Supported - OSS (Cosmos DB) | Comment |
-|-|--|--|--||
-| `_elements` | Yes | Yes | Yes | Issue [#1256](https://github.com/microsoft/fhir-server/issues/1256) |
-| `_count` | Yes | Yes | Yes | `_count` is limited to 1000 characters. If set to higher than 1000, only 1000 will be returned and a warning will be returned in the bundle. |
-| `_include` | Yes | Yes | Yes |Included items are limited to 100. Include on PaaS and OSS on Cosmos DB does not include :iterate support.|
-| `_revinclude` | Yes | Yes | Yes | Included items are limited to 100. Include on PaaS and OSS on Cosmos DB does [not include :iterate support](https://github.com/microsoft/fhir-server/issues/1313). Issue [#1319](https://github.com/microsoft/fhir-server/issues/1319)|
-| `_summary` | Partial | Partial | Partial | `_summary=count` is supported |
-| `_total` | Partial | Partial | Partial | `_total=none` and `_total=accurate` |
-| `_sort` | Partial | Partial | Partial | `_sort=_lastUpdated` is supported |
-| `_contained` | No | No | No | |
-| `containedType` | No | No | No | |
-| `_score` | No | No | No | |
- ## Extended Operations All the operations that are supported that extend the RESTful API.
healthcare-apis How To Do Custom Search https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/healthcare-apis/fhir/how-to-do-custom-search.md
+
+ Title: How to do custom search in Azure API for FHIR
+description: This article describes how you can define your own custom search parameters to be used in the database.
++++ Last updated : 4/23/2021++
+# Defining custom search parameters
+
+The FHIR specification defines a set of search parameters for all resources and search parameters that are specific to a resource(s). However, there are scenarios where you might want to search against a field in a resource that isnΓÇÖt defined by the specification as a standard search parameter. This article describes how you can define your own [search parameters](https://www.hl7.org/fhir/searchparameter.html) to be used in the FHIR server.
+
+> [!NOTE]
+> Each time you create, update, or delete a search parameter youΓÇÖll need to run a [reindex job](how-to-run-a-reindex.md) to enable the change in your database.
+
+> [!Warning]
+> If you update or delete a search parameter ensure that you immediately run a [reindex job](how-to-run-a-reindex.md). There is the potential for your database to be in a abnormal state with updated or delete search parameters that still appear active due to needing to be indexed for the changes.
+
+## Create new search parameter
+
+To create a new search parameter, you `POST` a new search parameter to the database. The code example below shows how to add the [US Core Race search parameter](http://hl7.org/fhir/us/core/STU3.1.1/SearchParameter-us-core-race.html) to the Patient resource.
+
+```json
+POST {fhirurl}/SearchParameter
+{
+ "resourceType" : "SearchParameter",
+ "id" : "us-core-race",
+ "url" : "http://hl7.org/fhir/us/core/SearchParameter/us-core-race",
+ "version" : "3.1.1",
+ "name" : "USCoreRace",
+ "status" : "active",
+ "date" : "2019-05-21",
+ "publisher" : "US Realm Steering Committee",
+ "contact" : [
+ {
+ "telecom" : [
+ {
+ "system" : "other",
+ "value" : "http://www.healthit.gov/"
+ }
+ ]
+ }
+ ],
+ "description" : "Returns patients with a race extension matching the specified code.",
+ "jurisdiction" : [
+ {
+ "coding" : [
+ {
+ "system" : "urn:iso:std:iso:3166",
+ "code" : "US",
+ "display" : "United States of America"
+ }
+ ]
+ }
+ ],
+ "code" : "race",
+ "base" : [
+ "Patient"
+ ],
+ "type" : "token",
+ "expression" : "Patient.extension.where(url = 'http://hl7.org/fhir/us/core/StructureDefinition/us-core-race').extension.value.code"
+}
+
+```
+
+> [!NOTE]
+> The new search parameter will appear in your capability statement after you POST it to the FHIR server and reindex your database. It wonΓÇÖt be useable until you run a [reindex job](how-to-run-a-reindex.md). This is the only way right now to tell if a search parameter is supported or not within your database. If you can find the search parameter by searching for the search parameter but cannot see it in the capability statement, run a reindex job. You are able to POST multiple search parameters before triggering a reindex operation.
+
+Important field descriptions:
+
+* **url**: This is a unique key to describe the search parameter. Many organizations, such as HL7, use a standard format for the URLs that they define, as shown above in the US Core race search parameter.
+
+* **code**: The value here is what youΓÇÖll use when searching. For the example above, you would search with `GET {FHIR URL}/Patient?race=2028-9` to get all Asian patients. This value must be unique for the resource(s) it applies to.
+
+* **base**: This describes which resource(s) the search parameter applies to. If it applies to all resources, you can just use Resource; otherwise, you can list all the relevant resources.
+
+* **type**: Describes the data type for the search parameter.
+
+* **expression**: When describing a search parameter, you must include the expression, even though it is technically not required by the specification. This is because you need either the expression or the xpath syntax and the Azure API for FHIR ignores the xpath syntax right now. This describes how to find the value for the search.
+
+> [!NOTE]
+> ΓÇ£TypeΓÇ¥ is limited by the support for the Azure API for FHIR. This means that you cannot define a search parameter of type Special or define a [composite search parameter](overview-of-search.md) unless it is of a type that we support.
+
+Once youΓÇÖve added your search parameters, run or schedule your reindex job so the search parameters can be used in the FHIR server.
+
+## Update a search parameter
+
+To update a search parameter, use `PUT` to create a new version of the search parameter.
+
+`PUT {fhirurl}/SearchParameter/{SearchParameter ID}`
+
+You must include the `SearchParameter ID` in the ID field of the body of the `PUT` request and in the `PUT` call.
+
+> [!NOTE]
+> If you don't know the ID for your search parameter, you can search for it. Using `GET {fhirurl}/SearchParameter` will return all custom search parameters, and you can scroll through the search parameter to find the search parameter you need. You could also limit the search by name. With the example below, you could search for name using `USCoreRace: GET {fhirurl}/SearchParameter?name=USCoreRace`.
+
+```json
+{
+ "resourceType" : "SearchParameter",
+ "id" : "SearchParameter ID",
+ "url" : "http://hl7.org/fhir/us/core/SearchParameter/us-core-race",
+ "version" : "3.1.1",
+ "name" : "USCoreRace",
+ "status" : "active",
+ "date" : "2019-05-21",
+ "publisher" : "US Realm Steering Committee",
+ "contact" : [
+ {
+ "telecom" : [
+ {
+ "system" : "other",
+ "value" : "http://www.healthit.gov/"
+ }
+ ]
+ }
+ ],
+ "description" : "New Description!",
+ "jurisdiction" : [
+ {
+ "coding" : [
+ {
+ "system" : "urn:iso:std:iso:3166",
+ "code" : "US",
+ "display" : "United States of America"
+ }
+ ]
+ }
+ ],
+ "code" : "race",
+ "base" : [
+ "Patient"
+ ],
+ "type" : "token",
+ "expression" : "Patient.extension.where(url = 'http://hl7.org/fhir/us/core/StructureDefinition/us-core-race').extension.value.code"
+}
+
+```
+
+The result will be an updated `SearchParameter` and the version will increment.
+
+ > [!Warning]
+> Be careful when updating SearchParameters that have already been indexed in your database. Changing an existing SearchParameterΓÇÖs behavior could have impacts on the expected behavior.
+
+## Delete a search parameter
+
+If you need to delete a search parameter, use the following:
+
+`Delete {fhirurl}/SearchParameter/{SearchParameter ID}`
+
+> [!Warning]
+> Be careful when deleting SearchParameters that have already been indexed in your database. Changing an existing SearchParameterΓÇÖs behavior could have impacts on the expected behavior.
+
+## Next steps
+
+In this article, youΓÇÖve learned how to create a search parameter. To learn how to how to reindex a job, see
+
+>[!div class="nextstepaction"]
+>[How to run a reindex job](how-to-run-a-reindex.md)
healthcare-apis How To Run A Reindex https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/healthcare-apis/fhir/how-to-run-a-reindex.md
+
+ Title: How to run a reindex job in Azure API for FHIR
+description: This article describes how to run a reindex job to index any search or sort parameters that have not yet been indexed in your database.
++++ Last updated : 4/23/2021++
+# Running a reindex job
+
+There are scenarios where you may have search or sort parameters in the Azure API for FHIR that haven't yet been indexed. This is particularly relevant when you define your own search parameters. Until the search parameter is indexed, it can't be used in search. This article covers an overview of how to run a reindex job to index any search or sort parameters that have not yet been indexed in your database.
+
+> [!Warning]
+> It's important that you read this entire article before getting started. A reindex job can be very performance intensive. This article includes options for how to throttle and control the reindex job.
+
+## How to run a reindex job
+
+To start a reindex job, use the following code example:
+
+```json
+POST {{FHIR URL}}/$reindex
+
+{
+
+ΓÇ£resourceTypeΓÇ¥: ΓÇ£ParametersΓÇ¥,
+
+ΓÇ£parameterΓÇ¥: []
+
+}
+ ```
+
+If the request is successful, a status of **201 Created** gets returned. The result of this message will look like:
+
+```json
+HTTP/1.1 201 Created
+Content-Location: https://cv-cosmos1.azurewebsites.net/_operations/reindex/560c7c61-2c70-4c54-b86d-c53a9d29495e
+
+{
+ "resourceType": "Parameters",
+ "id": "560c7c61-2c70-4c54-b86d-c53a9d29495e",
+ "meta": {
+ "versionId": "\"4c0049cd-0000-0100-0000-607dc5a90000\""
+ },
+ "parameter": [
+ {
+ "name": "id",
+ "valueString": "560c7c61-2c70-4c54-b86d-c53a9d29495e"
+ },
+ {
+ "name": "queuedTime",
+ "valueDateTime": "2021-04-19T18:02:17.0118558+00:00"
+ },
+ {
+ "name": "totalResourcesToReindex",
+ "valueDecimal": 0.0
+ },
+ {
+ "name": "resourcesSuccessfullyReindexed",
+ "valueDecimal": 0.0
+ },
+ {
+ "name": "progress",
+ "valueDecimal": 0.0
+ },
+ {
+ "name": "status",
+ "valueString": "Queued"
+ },
+ {
+ "name": "maximumConcurrency",
+ "valueDecimal": 1.0
+ },
+ {
+ "name": "resources",
+ "valueString": ""
+ },
+ {
+ "name": "searchParams",
+ "valueString": ""
+ }
+ ]
+}
+```
+
+> [!NOTE]
+> To check the status of or to cancel a reindex job, youΓÇÖll need the reindex ID. This is the ID of the resulting Parameters resource (shown above) and can also be found as the GUID at the end of the Content-Location string:
+
+`https://{{FHIR URL}}/_operations/reindex/560c7c61-2c70-4c54-b86d-c53a9d29495e`
+
+ ## How to check the status of a reindex job
+
+Once youΓÇÖve started a reindex job, you can check the status of the job using the following:
+
+`GET {{FHIR URL}}/_operations/reindex/{{reindexJobId}`
+
+The status of the reindex job result is shown below:
+
+```json
+{
+
+ "resourceType": "Parameters",
+ "id": "b65fd841-1c62-47c6-898f-c9016ced8f77",
+ "meta": {
+
+ "versionId": "\"1800f05f-0000-0100-0000-607a1a7c0000\""
+ },
+ "parameter": [
+
+ {
+
+ "name": "id",
+ "valueString": "b65fd841-1c62-47c6-898f-c9016ced8f77"
+ },
+ {
+
+ "name": "startTime",
+ "valueDateTime": "2021-04-16T23:11:35.4223217+00:00"
+ },
+ {
+
+ "name": "queuedTime",
+ "valueDateTime": "2021-04-16T23:11:29.0288163+00:00"
+ },
+ {
+
+ "name": "totalResourcesToReindex",
+ "valueDecimal": 262544.0
+ },
+ {
+
+ "name": "resourcesSuccessfullyReindexed",
+ "valueDecimal": 5754.0
+ },
+ {
+
+ "name": "progress",
+ "valueDecimal": 2.0
+ },
+ {
+
+ "name": "status",
+ "valueString": "Running"
+ },
+ {
+
+ "name": "maximumConcurrency",
+ "valueDecimal": 1.0
+ },
+ {
+
+ "name": "resources",
+ "valueString":
+ "{LIST OF IMPACTED RESOURCES}"
+ },
+ {
+```
+
+The following information is shown in the reindex job result:
+
+* **totalResourcesToReindex**: Includes the total number of resources that are being reindexed as part of the job.
+
+* **resourcesSuccessfullyReindexed**: The total that have already been successfully reindexed.
+
+* **progress**: Reindex job percent complete. Equals resourcesSuccessfullyReindexed/totalResourcesToReindex x 100.
+
+* **status**: This will state if the reindex job is queued, running, complete, failed, or canceled.
+
+* **resources**: This lists all the resource types impacted by the reindex job.
+
+## Delete a reindex job
+
+If you need to cancel a reindex job, use a delete call and specify the reindex job ID:
+
+`Delete {{FHIR URL}}/_operations/reindex/{{reindexJobId}`
+
+## Performance considerations
+
+A reindex job can be quite performance intensive. WeΓÇÖve implemented some throttling controls to help you manage how a reindex job will run on your database.
+
+> [!NOTE]
+> It is not uncommon on large datasets for a reindex job to run for days. For a database with 30,000,000 million resources, we noticed that it took 4-5 days at 100K RUs to reindex the entire database.
+
+Below is a table outlining the available parameters, defaults, and recommended ranges. You can use these parameters to either speed up the process (use more compute) or slow down the process (use less compute). For example, you could run the reindex job on a low traffic time and increase your compute to get it done quicker. Instead, you could use the settings to ensure a very low usage of compute and have it run for days in the background.
+
+| **Parameter** | **Description** | **Default** | **Recommended Range** |
+| | - | | - |
+| QueryDelayIntervalInMilliseconds | This is the delay between each batch of resources being kicked off during the reindex job. | 500 MS (.5 seconds) | 50 to 5000: 50 will speed up the reindex job and 5000 will slow it down from the default. |
+| MaximumResourcesPerQuery | This is the maximum number of resources included in the batch of resources to be reindexed. | 100 | 1-500 |
+| MaximumConcurreny | This is the number of batches done at a time. | 1 | 1-5 |
+| targetDataStoreUsagePercentrage | This allows you to specify what percent of your data store to use for the reindex job. For example, you could specify 50% and that would ensure that at most the reindex job would use 50% of available RUs on Cosmos DB. | No present, which means that up to 100% can be used. | 1-100 |
+
+If you want to use any of the parameters above, you can pass them into the Parameters resource when you start the reindex job.
+
+```json
+{
+ "resourceType": "Parameters",
+ "parameter": [
+ {
+ "name": "maximumConcurrency",
+ "valueInteger": "3"
+ },
+ {
+ "name": "targetDataStoreUsagePercentage",
+ "valueInteger": "20"
+ },
+ {
+ "name": "queryDelayIntervalInMilliseconds",
+ "valueInteger": "1000"
+ },
+ {
+ "name": "maximumNumberOfResourcesPerQuery",
+ "valueInteger": "1"
+ }
+ ]
+}
+```
+
+## Next steps
+
+In this article, youΓÇÖve learned how to start a reindex job. To learn how to define new search parameters that require the reindex job, see
+
+>[!div class="nextstepaction"]
+>[Defining custom search parameters](how-to-do-custom-search.md)
+
+
+
healthcare-apis Overview Of Search https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/healthcare-apis/fhir/overview-of-search.md
+
+ Title: Overview of search in Azure API for FHIR
+description: This article describes an overview of FHIR search that is implemented in Azure API for FHIR
++++ Last updated : 4/21/2021++
+# Overview of FHIR search
+
+The FHIR specification defines the fundamentals of search for FHIR resources. This article will guide you through some key aspects to searching resources in FHIR. For complete details about searching FHIR resources, refer to [Search](https://www.hl7.org/fhir/search.html) in the HL7 FHIR Specification.
+
+FHIR searches can be against a specific resource type, a specified [compartment](https://www.hl7.org/fhir/compartmentdefinition.html), or all resources. The simplest way to execute a search in FHIR is to use a `GET` request. For example, if you want to pull all patients in the database, you could use the following request:
+
+`GET {{FHIR URL}}/Patient`
+
+You can also search using `POST`, which is useful if the query string is too long. To search using `POST`, the search parameters can be submitted as a form body. This allows for longer, more complex series of query parameters that might be difficult to see and understand in a query string.
+
+If the search request is successful, youΓÇÖll receive a FHIR bundle response with the type `searchset`. If the search fails, youΓÇÖll find these details in the `OperationOutcome` to help you understand why the search failed.
+
+In the following sections, weΓÇÖll cover the various aspects involved in searching. Once youΓÇÖve reviewed these details, refer to our **Samples page** that has examples of searches that you can make in the Azure API for FHIR.
+
+## Search parameters
+
+When you do a search, consider searching based on various attributes of the resource. These attributes are called search parameters. Each resource has a set of defined search parameters. The search parameter must be defined and indexed in the database for you to successfully search against it.
+
+Each search parameter has a defined data type. The Azure API for FHIR supports all [data types](https://www.hl7.org/fhir/search.html#ptypes) except the type **special**:
++
+| **Search parameter type** | **Supported - PaaS** | **Supported - OSS (SQL)** | **Supported - OSS (Cosmos DB)** |
+| - | -- | - | - |
+| number | Yes | Yes | Yes |
+| date | Yes | Yes | Yes |
+| string | Yes | Yes | Yes |
+| token | Yes | Yes | Yes |
+| reference | Yes | Yes | Yes |
+| composite | Yes | Yes | Yes |
+| quantity | Yes | Yes | Yes |
+| uri | Yes | Yes | Yes |
+| special | No | No | No |
+
+### Common search parameters
+
+There are [common search parameters](https://www.hl7.org/fhir/search.html#all) that apply to all resources. These are listed below, along with their support within the Azure API for FHIR:
+
+| **Common search parameter** | **Supported - PaaS** | **Supported - OSS (SQL)** | **Supported - OSS (Cosmos DB)** | **Comment** |
+| -- | -- | - | - | |
+| _id | Yes | Yes | Yes | |
+| _lastUpdated | Yes | Yes | Yes | |
+| _tag | Yes | Yes | Yes | |
+| _type | Yes | Yes | Yes | |
+| _security | Yes | Yes | Yes | |
+| _profile | Yes | Yes | Yes | **Note**: If you created your R4 database before February 20, 2021, youΓÇÖll need to run a reindexing job to enable **_profile**. |
+| _text | No | No | No | |
+| _content | No | No | No | |
+| _has | Partial | Partial | Yes | |
+| _query | No | No | No | |
+| _filter | No | No | No | |
+| _list | No | No | No | |
+
+### Resource specific parameters
+
+With the Azure API for FHIR, we support almost all resource specific search parameters defined by the FHIR specification. The only search parameters we donΓÇÖt support are available in the links below:
+
+* [STU3 Unsupported Search Parameters](https://github.com/microsoft/fhir-server/blob/main/src/Microsoft.Health.Fhir.Core/Data/Stu3/unsupported-search-parameters.json)
+
+* [R4 Unsupported Search Parameters](https://github.com/microsoft/fhir-server/blob/main/src/Microsoft.Health.Fhir.Core/Data/R4/unsupported-search-parameters.json)
+
+You can also see the current support for search parameters in the [FHIR Capability Statement](https://www.hl7.org/fhir/capabilitystatement.html) with the following request:
+
+`GET {{FHIR URL}}/metadata`
+
+To see the search parameters in the capability statement, navigate to `CapabilityStatement.rest.resource.searchParam` to see the search parameters for each resource and `CapabilityStatement.rest.searchParam` to find the search parameters for all resources.
+
+> [!NOTE]
+> The Azure API for FHIR does not automatically create or index any support search parameters that are not defined by the FHIR specification. However, we do provide support for you to to define your own search parameters.
+
+### Composite search parameters
+
+With the Azure API for FHIR, we support the following search parameter type pairings:
+
+* Reference, Token
+* Token, Date
+* Token, Number, Number
+* Token, Quantity
+* Token, String
+* Token, Token
+
+For more information, see the HL7 [Composite Search Parameters](https://www.hl7.org/fhir/search.html#composite).
+
+> [!NOTE]
+> Composite search parameters do not support modifiers per the FHIR specification.
+
+ ### Modifiers & prefixes
+
+[Modifiers](https://www.hl7.org/fhir/search.html#modifiers) allow you to modify the search parameter. Below is an overview of all the FHIR modifiers and the support in the Azure API for FHIR.
+
+| **Modifiers** | **Supported - PaaS** | **Supported - OSS (SQL)** | **Supported - OSS (Cosmos DB)** |
+| - | -- | - | - |
+| :missing | Yes | Yes | Yes |
+| :exact | Yes | Yes | Yes |
+| :contains | Yes | Yes | Yes |
+| :text | Yes | Yes | Yes |
+| :type (reference) | Yes | Yes | Yes |
+| :not | Yes | Yes | Yes |
+| :below (uri) | Yes | Yes | Yes |
+| :above (uri) | No | NO | No |
+| :in (token) | No | NO | No |
+| :below (token) | No | NO | No |
+| :above (token) | No | NO | No |
+| :not-in (token) | No | NO | No |
+
+For search parameters that have a specific order (numbers, dates, and quantities), you can use a [prefix](https://www.hl7.org/fhir/search.html#prefix) on the parameter to help with finding matches. The Azure API for FHIR supports all prefixes.
+
+ ### Search result parameters
+++
+To help manage the returned resources, there are other search result parameters that you can use in your search. For details on how to use each of the search result parameters, refer to the [HL7](https://www.hl7.org/fhir/search.html#return) website.
+
+| **Search result parameters** | **Supported - PaaS** | **Supported - OSS (SQL)** | **Supported - OSS (Cosmos DB)** | **Comments** |
+| - | -- | - | - | --|
+| _elements | Yes | Yes | Yes | Issue [1256](https://github.com/microsoft/fhir-server/issues/1256) |
+| _count | Yes | Yes | Yes | _count is limited to 1000 resources. If it's set higher than 1000, only 1000 will be returned and a warning will be returned in the bundle. |
+| _include | Yes | Yes | Yes | Included items are limited to 100. _include on PaaS and OSS on Cosmos DB does not include :iterate support [(#1313)](https://github.com/microsoft/fhir-server/issues/1313). |
+| _revinclude | Yes | Yes | Yes | Included items are limited to 100. _revinclude on PaaS and OSS on Cosmos DB does not include :iterate support [(#1313)](https://github.com/microsoft/fhir-server/issues/1313). Issue [#1319](https://github.com/microsoft/fhir-server/issues/1319) |
+| _summary | Yes | Yes | Yes | |
+| _total | Partial | Partial | Partial | _total=none and _total=accurate |
+| _sort | Partial | Partial | Partial | sort=_lastUpdated is supported |
+| _contained | No | No | No | |
+| _containedType | No | No | No | |
+| _score | No | No | No | |
+
+By default, the Azure API for FHIR is set to lenient handling. This means that the server will ignore any unknown or unsupported parameters. If you want to use strict handling, you can use the **Prefer** header and set `handling=strict`.
++
+ ## Chained & reverse chained searching
+
+A [chained search](https://www.hl7.org/fhir/search.html#chaining) allows you to search using a search parameter on a resource referenced by another resource. For example, if you want to find encounters where the patientΓÇÖs name is Jane, use:
+
+`GET {{FHIR URL}}/Encounter?subject:Patient.name=Jane`
+
+Similarly, you can do a reverse chained search. This allows you to get resources where you specify criteria on other resources that refer to them. For more examples of chained and reverse chaining, refer to the [FHIR search examples](search-samples.md) page.
+
+**Note**: In the Azure API for FHIR and the open source backed by Cosmos DB, there's a limitation where each subquery required for the chained and reverse chained searches will only return 100 items. If there are more than 100 items found, youΓÇÖll receive the following error message:
+
+ΓÇ£Subqueries in a chained expression can't return more than 100 results, please use a more selective criteria.ΓÇ¥
+
+To get a successful query, youΓÇÖll need to be more specific in what you are looking for.
+
+## Pagination
+
+As mentioned above, the results from a search will be a paged bundle. By default, the search will return 10 results per page, but this can be increased (or decreased) by specifying `_count`. Within the bundle, there will be a self link that contains the current result of the search. If there are additional matches, the bundle will contain a next link. You can continue to use the next link to get the subsequent pages of results.
+
+Currently, the Azure API for FHIR only supports the next link in bundles, and it doesnΓÇÖt support first, last, or previous links.
+
+## Next steps
+
+Now that you've learned about the basics of search, see the search samples page for details about how to search using different search parameters, modifiers, and other FHIR search tools.
+
+>[!div class="nextstepaction"]
+>[FHIR search examples](search-samples.md)
healthcare-apis Search Samples https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/healthcare-apis/fhir/search-samples.md
+
+ Title: Search examples for Azure API for FHIR
+description: How to search using different search parameters, modifiers, and other FHIR search tools
++++ Last updated : 04/20/2021+++
+# FHIR search examples
+
+Below are some examples of using FHIR search operations, including search parameters and modifiers, chain and reverse chain search, composite search, viewing the next entry set for search results, and searching with a POST request. For more information about search, see [Overview of FHIR Search](overview-of-search.md).
+
+## Search result parameters
+
+### _include
+
+> [!NOTE]
+> **_include** and **_revinclude** is limited to 100 items.
+
+`_include` searches across resources for the ones that include the specified parameter of the resource. For example, you can search across `MedicationRequest` resources to find only the ones that include information about the prescriptions for a specific patient, which is the `reference` parameter `patient`:
+
+```rest
+ GET [your-fhir-server]/MedicationRequest?_include=MedicationRequest:patient
+
+```
+
+### _revinclude
+
+`_revinclude` is an additional search on top of `_include`, searching across the resources that reference the search results from `_include`. For example, you can search `MedicationRequest` resources. For each resource returned, search for `DetectedIssue` resources that show the clinical issues with the `patient`:
+
+```rest
+GET [your-fhir-server]/MedicationRequest?_revinclude=DetectedIssue:patient
+
+```
+### _elements
+
+`_elements` narrows down the search result to a subset of fields to reduce the response size by omitting unnecessary data. The parameter accepts a comma-separated list of base elements:
+
+```rest
+GET [your-fhir-server]/Patient?_elements=identifier,active
+
+```
+
+In this request, you'll get back a bundle of patients, but each resource will only include the identifier(s) and the patient's active status. Resources in this returned response will contain a `meta.tag` value of `SUBSETTED` to indicate that they're an incomplete set of results.
+
+## Search modifiers
+
+### :not
+
+`:not` allows you to find resources where an attribute is not true. For example, you could search for patients where the gender is not female:
+
+```rest
+GET [your-fhir-server]/Patient?gender:not=female
+
+```
+
+As a return value, you would get all patient entries where the gender is not female, including empty values (entries specified without gender). This is different than searching for Patients where gender is male, since that would not include the entries without a specific gender.
+
+### :missing
+
+`:missing` returns all resources that don't have a value for the specified element when the value is `true`, and returns all the resources that contain the specified element when the value is `false`. For simple data type elements, `:missing=true` will match on all resources where the element is present with extensions but has an empty value. For example, if you want to find all `Patient` resources that are missing information on birth date, you can do:
+
+```rest
+GET [your-fhir-server]/Patient?birthDate:missing=true
+
+```
+
+### :exact
+`:exact` is used for `string` parameters, and returns results that match the parameter precisely, such as in casing and character concatenating.
+
+```rest
+GET [your-fhir-server]/Patient?name:exact=Jon
+
+```
+
+This request returns `Patient` resources that have the name exactly the same as `Jon`. If the resource had Patients with names such as `Jonathan` or `joN`, the search would ignore and skip the resource as it does not exactly match the specified value.
+
+### :contains
+`:contains` is used for `string` parameters and searches for resources with partial matches of the specified value anywhere in the string within the field being searched. `contains` is case insensitive and allows character concatenating. For example:
+
+```rest
+GET [your-fhir-server]/Patient?address:contains=Meadow
+
+```
+
+This request would return you all `Patient` resources with `address` fields that have values that contain the string "Meadow". This means you could have addresses that include values such as "Meadowers" or "59 Meadow ST" returned as search results.
+
+## Chained search
+
+To perform a series of search operations that cover multiple reference parameters, you can "chain" the series of reference parameters by appending them to the server request one by one using a period `.`. For example, if you want to view all `DiagnosticReport` resources with a `subject` reference to a `Patient` resource that includes a particular `name`:
+
+```rest
+ GET [your-fhir-server]/DiagnosticReport?subject:Patient.name=Sarah
+
+```
+
+This request would return all the resources with the patient subject named "Sarah". The period `.` after the field `Patient` performs the chained search on the reference parameter of the `subject` parameter.
+
+Another common use of chained search is finding all encounters for a specific patient. `Patient`s will often have one or more `Encounter`s with a subject. To search for all `Encounter` resources for a `Patient` with the provided `id`:
+
+```rest
+GET [your-fhir-server]/Encounter?subject=Patient/78a14cbe-8968-49fd-a231-d43e6619399f
+
+```
+
+Using chained search, you can find all the `Encounter` resources that matches a particular piece of `Patient` information, such as the `birthdate`:
+
+```rest
+GET [your-fhir-server]/Encounter?subject:Patient.birthDate=1987-02-20
+
+```
+
+This would allow not just searching `Encounter` resources for a single patient, but across all patients that have the specified birth date value.
+
+In addition, chained search can be done more than once in one request by using the symbol `&`, which allows you to search for multiple conditions in one request. In such cases, chained search "independently" searches for each parameter, instead of searching for conditions that only satisfy all the conditions at once. It's an OR operation, not an AND operation. For instance, if you want to get all patients who had a practitioner with a certain name or from a particular state:
+
+```rest
+GET [your-fhir-server]/Patient?general-practitioner.name=Sarah&general-practitioner.address-state=WA
+
+```
+
+This would return all `Patient` resources that have "Sarah" as the `generalPractitioner`, and all `Patient` resources that have `generalPractitioner` that have the address with the state WA. In other words, you can have Sarah from the state NY and Bill from the state WA both as the returned results. Chained search doesn't require meeting all conditions and is evaluated individually per the parameter.
+
+For scenarios in which the search has to be an AND operation that covers all conditions as a group, refer to the **composite search** example below.
+
+## Reverse chain search
+
+Chain search lets you search for resources based on the properties of resources they refer to. Using reverse chain search, allows you do it the other way around. You can search for resources based on the properties of resources that refer to them, using `_has` parameter. For example, `Observation` resource has a search parameter `patient` referring to a Patient resource. To find all Patient resources that are referenced by `Observation` with a specific `code`:
+
+```rest
+GET [base]/Patient?_has:Observation:patient:code=527
+
+```
+
+This request returns Patient resources that are referred by `Observation` with the code `527`.
+
+In addition, reverse chain search can have a recursive structure. For example, if you want to search for all patients that have `Observation` where the observation has an audit event from a specific user `janedoe`, you could do:
+
+```rest
+GET [base]/Patient?_has:Observation:patient:_has:AuditEvent:entity:user=janedoe
+
+```
+
+> [!NOTE]
+> In the Azure API for FHIR and the open-source FHIR server backed by Cosmos, the chained search and reverse chained search is an MVP implementation. To accomplish chained search on Cosmos DB, the implementation walks down the search expression and issues sub-queries to resolve the matched resources. This is done for each level of the expression. If any query returns more than 100 results, an error will be thrown. By default, chained search is behind a feature flag. To use the chained searching on Cosmos DB, use the header x-ms-enable-chained-search: true.
+
+## Composite search
+
+To search for resources that meet multiple conditions at once, use composite search that joins a sequence of single parameter values with a symbol `$`. The returned result would be the intersection of the resources that match all of the conditions specified by the joined search parameters. Such search parameters are called composite search parameters, and they define a new parameter that combines the multiple parameters in a nested structure. For example, if you want to find all `DiagnosticReport` resources that contain `Observation` with a potassium value less than or equal to 9.2:
+
+```rest
+GET [your-fhir-server]/DiagnosticReport?result.code-value-quantity=2823-3$lt9.2
+
+```
+
+This request specifies the component containing a code of `2823-3`, which in this case would be potassium. Following the `$` symbol, it specifies the range of the value for the component using `lt` for "less than or equal to" and `9.2` for the potassium value range.
+
+## Search the next entry set
+
+The maximum number of entries that can be returned per a single search query is 1000. However, you might have more than 1000 entries that match the search query, and you might want to see the next set of entries after the first 1000 entries that were returned. In such case, you would use the continuation token `url` value in `searchset` as in the `Bundle` result below:
+
+```json
+ "resourceType": "Bundle",
+ "id": "98731cb7-3a39-46f3-8a72-afe945741bd9",
+ "meta": {
+ "lastUpdated": "2021-04-22T09:58:16.7823171+00:00"
+ },
+ "type": "searchset",
+ "link": [
+ {
+ "relation": "next",
+ "url": "[your-fhir-server]/Patient?_sort=_lastUpdated&ct=WzUxMDAxNzc1NzgzODc5MjAwODBd"
+ },
+ {
+ "relation": "self",
+ "url": "[your-fhir-server]/Patient?_sort=_lastUpdated"
+ }
+ ],
+
+```
+
+And you would do a GET request for the provided URL under the field `relation: next`:
+
+```rest
+GET [your-fhir-server]/Patient?_sort=_lastUpdated&ct=WzUxMDAxNzc1NzgzODc5MjAwODBd
+
+```
+
+This will return the next set of entries for your search result. The `searchset` is the complete set of search result entries, and the continuation token `url` is the link provided by the server for you to retrieve the entries that don't show up on the first set because the restriction on the maximum number of entries returned for a search query.
+
+## Search using POST
+
+All of the search examples mentioned above have used `GET` requests. You can also do search operations using `POST` requests using `_search`:
+
+```rest
+POST [your-fhir-server]/Patient/_search?_id=45
+
+```
+
+This request would return all `Patient` resources with the `id` value of 45. Just as in GET requests, the server determines which of the set of resources meets the condition(s), and returns a bundle resource in the HTTP response.
+
+Another example of searching using POST where the query parameters are submitted as a form body is:
+
+```rest
+POST [your-fhir-server]/Patient/_search
+content-type: application/x-www-form-urlencoded
+
+name=John
+
+```
+## Next steps
+
+>[!div class="nextstepaction"]
+>[Overview of FHIR Search](overview-of-search.md)
hpc-cache Hpc Cache Netapp https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/hpc-cache/hpc-cache-netapp.md
description: How to use Azure HPC Cache to improve access to data stored with Az
Previously updated : 10/30/2019 Last updated : 04/26/2021
Use the minimum size for the delegated subnet when creating an Azure NetApp File
The minimum size, which is specified with the netmask /28, provides 16 IP addresses. In practice, Azure NetApp Files uses only three of those available IP addresses for volume access. This means that you only need to create three storage targets in your Azure HPC Cache to cover all of the volumes.
-If the delegated subnet is too large, it's possible for the Azure NetApp Files volumes to use more IP addresses than a single Azure HPC Cache instance can handle. A single cache can have at most 10 storage targets.
+If the delegated subnet is too large, it's possible for the Azure NetApp Files volumes to use more IP addresses than a single Azure HPC Cache instance can handle. A single cache has a limit of 10 storage targets for most cache throughput sizes, or 20 storage targets for the largest configurations.
The quickstart example in Azure NetApp Files documentation uses 10.7.0.0/16 for the delegated subnet, which gives a subnet that's too large. ### Capacity pool service level
-When choosing the service level for your capacity pool, consider your workflow. If you frequently write data back to the Azure NetApp Files volume, the cache's performance can be restricted if the writeback time is slow. Choose a high service level for volumes that will have frequent writes.
+When choosing the [service level](../azure-netapp-files/azure-netapp-files-service-levels.md) for your capacity pool, consider your workflow. If you frequently write data back to the Azure NetApp Files volume, the cache's performance can be restricted if the writeback time is slow. Choose a high service level for volumes that will have frequent writes.
Volumes with low service levels also might show some lag at the start of a task while the cache pre-fills content. After the cache is up and running with a good working set of files, the delay should become unnoticeable.
iot-central Howto Monitor Devices Azure Cli https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/iot-central/core/howto-monitor-devices-azure-cli.md
Use the Azure CLI IoT extension to see messages your devices are sending to IoT
## Prerequisites
-+ Azure CLI installed and is version 2.7.0 or higher. Check the version of your Azure CLI by running `az --version`. Learn how to install and update from the [Azure CLI docs](/cli/azure/install-azure-cli)
-+ A work or school account in Azure, added as a user in an IoT Central application.
+A work or school account in Azure, added as a user in an IoT Central application.
+ ## Install the IoT Central extension
iot-central Tutorial Define Gateway Device Type https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/iot-central/core/tutorial-define-gateway-device-type.md
This tutorial uses device templates for an **S1 Sensor** device and an **RS40 Oc
To create a device template for an **S1 Sensor** device:
-1. In the left pane, select **Device Templates**. Then select **+** to start adding the template.
+1. In the left pane, select **Device Templates**. Then select **+ New** to start adding the template.
-1. Scroll down until you can see the tile for the **S1 Sensor** device. Select the tile and then select **Next: Customize**.
+1. Scroll down until you can see the tile for the **Minew S1** device. Select the tile and then select **Next: Customize**.
1. On the **Review** page, select **Create** to add the device template to your application.
-To create a device template for an ***RS40 Occupancy Sensor** device:
+To create a device template for an **RS40 Occupancy Sensor** device:
-1. In the left pane, select **Device Templates**. Then select **+** to start adding the template.
+1. In the left pane, select **Device Templates**. Then select **+ New** to start adding the template.
1. Scroll down until you can see the tile for the ***RS40 Occupancy Sensor** device. Select the tile and then select **Next: Customize**.
In this tutorial you create a device template for a gateway device from scratch.
To add a new gateway device template to your application:
-1. In the left pane, select **Device Templates**. Then select **+** to start adding the template.
+1. In the left pane, select **Device Templates**. Then select **+ New** to start adding the template.
1. On the **Select template type** page, select the **IoT Device** tile, and then select **Next: Customize**.
-1. On the **Customize device** page, select the **Gateway device** checkbox.
+1. On the **Customize device** page, select **This is a gateway device** checkbox.
+
+1. Enter **Smart Building gateway device** as the template name and then select **Next: Review**.
1. On the **Review** page, select **Create**.
-1. Enter **Smart Building gateway device** as the template name.
-1. On the **Create a capability model** page, select the **Custom** tile.
-1. Select **+** to add an interface. Choose the **Device Information** standard interface.
+1. On the **Create a model** page, select the **Custom model** tile.
+
+1. Select **+ Add capability** to add a capability.
+
+1. Enter **Send Data** as the display name, and then select **Property** as the capability type.
+
+1. Select **+ Add capability** to add another capability. Enter **Boolean Telemetry** as the display name, select **Telemetry** as the capability type, and then select **Boolean** as schema.
+
+1. Select **Save**.
+ ### Add relationships
To create a simulated gateway device:
1. On the **Devices** page, select **Smart Building gateway device** in the list of device templates.
-1. Select **+** to start adding a new device.
+1. Select **+ New** to start adding a new device.
1. Keep the generated **Device ID** and **Device name**. Make sure that the **Simulated** switch is **On**. Select **Create**.
To create a simulated downstream devices:
1. On the **Devices** page, select **RS40 Occupancy Sensor** in the list of device templates.
-1. Select **+** to start adding a new device.
+1. Select **+ New** to start adding a new device.
1. Keep the generated **Device ID** and **Device name**. Make sure that the **Simulated** switch is **On**. Select **Create**. 1. On the **Devices** page, select **S1 Sensor** in the list of device templates.
-1. Select **+** to start adding a new device.
+1. Select **+ New** to start adding a new device.
1. Keep the generated **Device ID** and **Device name**. Make sure that the **Simulated** switch is **On**. Select **Create**.
Now that you have the simulated devices in your application, you can create the
1. On the **Devices** page, select **S1 Sensor** in the list of device templates, and then select your simulated **S1 Sensor** device.
-1. Select **Connect to gateway**.
+1. Select **Attach to gateway**.
-1. On the **Connect to a gateway** dialog, select the **Smart Building gateway device** template, and then select the simulated instance you created previously.
+1. On the **Attach to a gateway** dialog, select the **Smart Building gateway device** template, and then select the simulated instance you created previously.
-1. Select **Join**.
+1. Select **Attach**.
1. On the **Devices** page, select **RS40 Occupancy Sensor** in the list of device templates, and then select your simulated **RS40 Occupancy Sensor** device.
Now that you have the simulated devices in your application, you can create the
1. On the **Connect to a gateway** dialog, select the **Smart Building gateway device** template, and then select the simulated instance you created previously.
-1. Select **Join**.
+1. Select **Attach**.
Both your simulated downstream devices are now connected to your simulated gateway device. If you navigate to the **Downstream Devices** view for your gateway device, you can see the related downstream devices: ![Downstream devices view](./media/tutorial-define-gateway-device-type/downstream-device-view.png)
-Select a gateway device template and gateway device instance, and select **Join**.
## Clean up resources
iot-central Tutorial Use Device Groups https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/iot-central/core/tutorial-use-device-groups.md
Before you create a device group, add at least five simulated devices based on t
:::image type="content" source="media/tutorial-use-device-groups/simulated-devices.png" alt-text="Screenshot showing five simulated sensor controller devices":::
-For four of the simulated sensor devices, use the **Manage device** view to set the customer name to *Contoso*:
+For four of the simulated sensor devices, use the **Manage device** view to set the customer name to *Contoso* and select **Save**.
:::image type="content" source="media/tutorial-use-device-groups/customer-name.png" alt-text="Screenshot that shows how to set the Customer Name cloud property"::: ## Create a device group
-To create a device group:
-
-1. Choose **Device groups** on the left pane.
+1. Select **Device groups** on the left pane to navigate to device groups page.
1. Select **+ New**.
iot-hub-device-update Device Update Azure Real Time Operating System https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/iot-hub-device-update/device-update-azure-real-time-operating-system.md
If you donΓÇÖt have an Azure subscription, create a [free account](https://azure
## Prerequisites * Access to an IoT Hub. It is recommended that you use a S1 (Standard) tier or above.
-* A Device Update instance and account linked to your IoT Hub. Follow the guide to [create and link](create-device-update-account.md) a device update account if you have not done so previously.
+* A Device Update instance and account linked to your IoT Hub. Follow the guide to [create and link](/azure/iot-hub-device-update/create-device-update-account) a device update account if you have not done so previously.
## Get started
iot-pnp Concepts Convention https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/iot-pnp/concepts-convention.md
Sample desired property payload:
"desired" : { "targetTemperature" : 21.3,
- "targetHumidity" : 80
-},
-"$version" : 3
+ "targetHumidity" : 80,
+ "$version" : 3
+}
``` Sample reported property first payload:
Sample desired property payload:
"thermostat1": { "__t": "c", "targetTemperature": 21.3,
- "targetHumidity": 80
+ "targetHumidity": 80,
+ "$version" : 3
}
-},
-"$version" : 3
+}
``` Sample reported property first payload:
Now that you've learned about IoT Plug and Play conventions, here are some addit
- [Digital Twins Definition Language (DTDL)](https://github.com/Azure/opendigitaltwins-dtdl) - [C device SDK](/azure/iot-hub/iot-c-sdk-ref/) - [IoT REST API](/rest/api/iothub/device)-- [IoT Plug and Play modeling guide](concepts-modeling-guide.md)
+- [IoT Plug and Play modeling guide](concepts-modeling-guide.md)
iot-pnp Set Up Environment https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/iot-pnp/set-up-environment.md
Before you can complete any of the IoT Plug and Play quickstarts and tutorials,
If you don't have an Azure subscription, create a [free account](https://azure.microsoft.com/free/?WT.mc_id=A261C142F) before you begin.
-To avoid the requirement to install the Azure CLI locally, you can use the Azure Cloud Shell to set up the cloud services.
- ## Create the resources
iot-pnp Tutorial Configure Tsi https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/iot-pnp/tutorial-configure-tsi.md
At this point, you have:
* A Device Provisioning Service (DPS) instance linked to your IoT hub. The DPS instance should have an individual device enrollment for your IoT Plug and Play device. * A connection to your IoT hub from either a single-component device or a multiple-component device that streams simulated data.
-To avoid the requirement to install the Azure CLI locally, you can use Azure Cloud Shell to set up the cloud services.
-- ## Prepare your event source The IoT hub you created previously will be your Time Series Insights environment's [event source](../time-series-insights/concepts-streaming-ingestion-event-sources.md).
logic-apps Support Non Unicode Character Encoding https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/logic-apps/support-non-unicode-character-encoding.md
+
+ Title: Support non-Unicode character encoding in Logic Apps
+description: Work with non-Unicode text in Logic Apps. Convert text payloads to UTF-8 using base64 encoding and Azure Functions.
Last updated : 04/29/2021++++
+# Support non-Unicode character encoding in Logic Apps
+
+When you work with text payloads, Azure Logic Apps infers the text is encoded in a Unicode format, such as UTF-8. You might have problems receiving, sending, or processing characters with different encodings in your workflow. For example, you might get corrupted characters in flat files when working with legacy systems that don't support Unicode.
+
+To work with text that has other character encoding, apply base64 encoding to the non-Unicode payload. This step prevents Logic Apps from assuming the text is in UTF-8 format. You can then convert any .NET-supported encoding to UTF-8 using Azure Functions.
+
+This solution works with both *multi-tenant* and *single-tenant* workflows. You can also [use this solution with the AS2 connector](#convert-payloads-for-as2).
+
+## Convert payload encoding
+
+First, check that your trigger can correctly identify the content type. This step ensures that Logic Apps no longer assumes the text is UTF-8.
+
+For triggers with the setting **Infer Content Type**, choose **No**. If your trigger doesn't have this option, the content type is set by the incoming message.
+
+If you're using the HTTP request trigger for `text/plain` content, you must set the `charset` parameter in the `Content-Type` header of the call. Characters might become corrupted if you don't set the `charset` parameter, or the parameter doesn't match the payload's encoding format. For more information, see [how to handle the `text/plain` content type](logic-apps-content-type.md#text-plain).
+
+For example, the HTTP trigger converts the incoming content to UTF-8 when the `Content-Type` header is set with the correct `charset` parameter:
+
+```json
+{
+ "headers": {
+ <...>
+ "Content-Type": "text/plain; charset=windows-1250"
+ },
+ "body": "non UTF-8 text content"
+}
+```
+
+If you set the `Content-Type` header to `application/octet-stream`, you also might receive characters that aren't UTF-8. For more information, see [how to handle the `application/octet-stream` content type](logic-apps-content-type.md#applicationxml-and-applicationoctet-stream).
+
+## Base64 encode content
+
+Before you [base64 encode](workflow-definition-language-functions-reference.md#base64) content, make sure you've [converted the text to UTF-8](#convert-payload-encoding). If you base64 decode the content to a string before converting the text to UTF-8, characters might return corrupted.
+
+Next, convert any .NET-supported encoding to another .NET-supported encoding. Review the [Azure Functions code example](#azure-functions-version) or the [.NET code example](#net-version):
+
+> [!TIP]
+> For *single-tenant* logic apps, you can improve performance and decrease latency by locally running the conversion function.
+
+### Azure Functions version
+
+The following example is for Azure Functions version 2:
+
+```csharp
+using System;
+using System.IO;
+using System.Text;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.Azure.WebJobs;
+using Microsoft.Azure.WebJobs.Extensions.Http;
+using Microsoft.AspNetCore.Http;
+using Microsoft.Azure.WebJobs.Host;
+using Newtonsoft.Json;
+
+public static class ConversionFunctionv2 {
+ [FunctionName("ConversionFunctionv2")]
+ public static IActionResult Run([HttpTrigger(AuthorizationLevel.Anonymous, "get", "post", Route = null)] HttpRequest req, TraceWriter log) {
+ log.Info("C# HTTP trigger function processing a request.");
+
+ Encoding inputEncoding = null;
+
+ string requestBody = new StreamReader(req.Body).ReadToEnd();
+ dynamic data = JsonConvert.DeserializeObject(requestBody);
+
+ if (data == null || data.text == null || data.encodingInput == null || data.encodingOutput == null) {
+ return new BadRequestObjectResult("Please pass text/encodingOutput properties in the input JSON object.");
+ }
+
+ Encoding.RegisterProvider(CodePagesEncodingProvider.Instance);
+
+ try {
+ string encodingInput = data.encodingInput.Value;
+ inputEncoding = Encoding.GetEncoding(name: encodingInput);
+ } catch (ArgumentException) {
+ return new BadRequestObjectResult($"Input character set value '{data.encodingInput.Value}' is not supported. Supported values are listed at https://msdn.microsoft.com/en-us/library/system.text.encoding(v=vs.110).aspx.");
+ }
+
+ Encoding encodingOutput = null;
+ try {
+ string outputEncoding = data.encodingOutput.Value;
+ encodingOutput = Encoding.GetEncoding(outputEncoding);
+ } catch (ArgumentException) {
+ return new BadRequestObjectResult($"Output character set value '{data.encodingOutput.Value}' is not supported. Supported values are listed at https://msdn.microsoft.com/en-us/library/system.text.encoding(v=vs.110).aspx.");
+ }
+
+ return (ActionResult) new JsonResult(
+ value: new {
+ text = Convert.ToBase64String(
+ Encoding.Convert(
+ srcEncoding: inputEncoding,
+ dstEncoding: encodingOutput,
+ bytes: Convert.FromBase64String((string) data.text)))
+ });
+ }
+}
+```
+
+### .NET version
+
+The following example is for use with **.NET standard** and Azure Functions **version 2**:
+
+```csharp
+ using System;
+ using System.IO;
+ using System.Text;
+ using Microsoft.AspNetCore.Mvc;
+ using Microsoft.Azure.WebJobs;
+ using Microsoft.Azure.WebJobs.Extensions.Http;
+ using Microsoft.AspNetCore.Http;
+ using Microsoft.Azure.WebJobs.Host;
+ using Newtonsoft.Json;
+
+ public static class ConversionFunctionNET
+ {
+ [FunctionName("ConversionFunctionNET")]
+ public static IActionResult Run([HttpTrigger(AuthorizationLevel.Anonymous, "get", "post", Route = null)]HttpRequest req, TraceWriter log)
+ {
+ log.Info("C# HTTP trigger function processing a request.");
+
+ Encoding inputEncoding = null;
+
+ string requestBody = new StreamReader(req.Body).ReadToEnd();
+ dynamic data = JsonConvert.DeserializeObject(requestBody);
+
+ if (data == null || data.text == null || data.encodingInput == null || data.encodingOutput == null)
+ {
+ return new BadRequestObjectResult("Please pass text/encodingOutput properties in the input JSON object.");
+ }
+
+ Encoding.RegisterProvider(CodePagesEncodingProvider.Instance);
+
+ try
+ {
+ string encodingInput = data.encodingInput.Value;
+ inputEncoding = Encoding.GetEncoding(name: encodingInput);
+ }
+ catch (ArgumentException)
+ {
+ return new BadRequestObjectResult($"Input character set value '{data.encodingInput.Value}' is not supported. Supported values are listed at https://msdn.microsoft.com/en-us/library/system.text.encoding(v=vs.110).aspx.");
+ }
+
+ Encoding encodingOutput = null;
+ try
+ {
+ string outputEncoding = data.encodingOutput.Value;
+ encodingOutput = Encoding.GetEncoding(outputEncoding);
+ }
+ catch (ArgumentException)
+ {
+ return new BadRequestObjectResult($"Output character set value '{data.encodingOutput.Value}' is not supported. Supported values are listed at https://msdn.microsoft.com/en-us/library/system.text.encoding(v=vs.110).aspx.");
+ }
+
+ return (ActionResult)new JsonResult(
+ value: new
+ {
+ text = Convert.ToBase64String(
+ Encoding.Convert(
+ srcEncoding: inputEncoding,
+ dstEncoding: encodingOutput,
+ bytes: Convert.FromBase64String((string)data.text)))
+ });
+ }
+ }
+```
+
+Using these same concepts, you can also [send a non-Unicode payload from your workflow](#send-non-unicode-payload).
+
+## Sample payload conversions
+
+In this example, the base64-encoded sample input string is a personal name, *H&eacute;lo&iuml;se*, that contains accented characters.
+
+Example input:
+
+```json
+{ 
+    "text": "SMOpbG/Dr3Nl",
+    "encodingInput": "utf-8",
+    "encodingOutput": "windows-1252"
+}
+```
+
+Example output:
+
+```json
+{
+    "text": "U01PcGJHL0RyM05s"
+}
+```
+
+## Send non-Unicode payload
+
+If you need to send a non-Unicode payload from your workflow, do the steps for [converting the payload to UTF-8](#convert-payload-encoding) in reverse. Keep the text in UTF-8 as long as possible within your system. Next, use the same function to convert the base64-encoded UTF-8 characters to the required encoding. Then, apply base64 decoding to the text, and send your payload.
+
+## Convert payloads for AS2
+
+You can also use this solution with non-Unicode payloads in the [AS2 v2 connector](logic-apps-enterprise-integration-as2.md). If you don't convert payloads that you pass to AS2 to UTF-8, you might experience problems with the payload interpretation. These problems might result in a mismatch with the MIC hash between the partners because of misinterpreted characters.
+
+## Next steps
+
+> [!div class="nextstepaction"]
+> [Encode and decode flat files in Azure Logic Apps by using the Enterprise Integration Pack](logic-apps-enterprise-integration-flatfile.md)
machine-learning Export Data https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/machine-learning/algorithm-module-reference/export-data.md
Before exporting your data, you need to first register a datastore in your Azure
1. Submit the pipeline.
+## Limitations
+
+Due to datstore access limitation, if your inference pipeline contains **Export Data** module, it will be auto-removed when deploy to real-time endpoint.
+ ## Next steps See the [set of modules available](module-reference.md) to Azure Machine Learning.
machine-learning Import Data https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/machine-learning/algorithm-module-reference/import-data.md
After importing the data, it might need some additional preparations for modelin
- Use [Partition and Sample](./partition-and-sample.md) to divide the dataset, perform sampling, or get the top n rows.
+## Limitations
+
+Due to datstore access limitation, if your inference pipeline contains **Import Data** module, it will be auto-removed when deploy to real-time endpoint.
+ ## Next steps See the [set of modules available](module-reference.md) to Azure Machine Learning.
machine-learning Concept Compute Instance https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/machine-learning/concept-compute-instance.md
You can also clone the latest Azure Machine Learning samples to your folder unde
Writing small files can be slower on network drives than writing to the compute instance local disk itself. If you are writing many small files, try using a directory directly on the compute instance, such as a `/tmp` directory. Note these files will not be accessible from other compute instances.
-You can use the `/tmp` directory on the compute instance for your temporary data. However, do not write very large files of data on the OS disk of the compute instance. OS disk on compute instance has 128 GB capacity. Use [datastores and datasets](concept-azure-machine-learning-architecture.md#datasets-and-datastores) instead. Do not store training data on notebooks file share. If you have installed JupyterLab git extension, it can also lead to slow down in compute instance performance.
+You can use the `/tmp` directory on the compute instance for your temporary data. However, do not write very large files of data on the OS disk of the compute instance. OS disk on compute instance has 128 GB capacity. Also, do not store a large training data on the notebooks file share. Use [datastores and datasets](concept-azure-machine-learning-architecture.md#datasets-and-datastores) instead.
## Managing a compute instance
A compute instance:
You can use compute instance as a local inferencing deployment target for test/debug scenarios. > [!TIP]
-> The compute instance has 120GB OS disk. If you run out of disk space and get into an unusable state, please clear at least 5 GB disk space on OS disk (/dev/sda1/ filesystem mounted on /) through the JupyterLab terminal by removing files/folders and then do sudo reboot. To access the JupyterLab terminal go to https://ComputeInstanceName.AzureRegion.instances.azureml.ms/lab replacing the name of compute instance and Azure region, and then click File->New->Terminal. Please clear at least 5 GB before you [stop or restart](how-to-create-manage-compute-instance.md#manage) the compute instance. You can check available disk space by running df -h on the terminal.
+> The compute instance has 120GB OS disk. If you run out of disk space and get into an unusable state, please clear at least 5 GB disk space on OS disk (/dev/sda1/ filesystem mounted on /) through the JupyterLab terminal by removing files/folders and then do sudo reboot. To access the JupyterLab terminal go to https://ComputeInstanceName.AzureRegion.instances.azureml.ms/lab replacing the name of compute instance and Azure region, and then click File->New->Terminal. Clear at least 5 GB before you [stop or restart](how-to-create-manage-compute-instance.md#manage) the compute instance. You can check available disk space by running df -h on the terminal.
## Next steps
machine-learning Tutorial Designer Automobile Price Deploy https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/machine-learning/tutorial-designer-automobile-price-deploy.md
For more information on consuming your web service, see [Consume a model deploye
## Limitations
+### Update inference pipeline
+ If you make some modifications in your training pipeline, you should resubmit the training pipeline, **Update** the inference pipeline and run the inference pipeline again. Note that only trained models will be updated in the inference pipeline, while data transformation will not be updated.
Then manually replace the **TD-** module in inference pipeline with the register
Then you can submit the inference pipeline with the updated model and transformation, and deploy.
+### Deploy real-time endpoint
+
+Due to datstore access limitation, if your inference pipeline contains **Import Data** or **Export Data** module, they will be auto-removed when deploy to real-time endpoint.
+ ## Clean up resources [!INCLUDE [aml-ui-cleanup](../../includes/aml-ui-cleanup.md)]
marketplace Dynamics 365 Customer Engage Availability https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/marketplace/dynamics-365-customer-engage-availability.md
This page lets you define where and how to make your offer available, including
To specify the markets in which your offer should be available, select **Edit markets**.
-On the **Market selection** popup window, select at least one market. Choose **Select all** to make your offer available in every possible market, or select only the specific markets you want. When you're finished, select **Save**.
+On the **Market selection** popup window, select at least one market. Choose **Select all** to make your offer available in every possible market or select only the specific markets you want. When you're finished, select **Save**.
Your selections here apply only to new acquisitions; if someone already has your app in a certain market, and you later remove that market, the people who already have the offer in that market can continue to use it, but no new customers in that market will be able to get your offer.
Before you publish your offer live to the broader marketplace offer, you'll firs
Then, when you're ready to make your offer available and remove the preview restriction, you'll need to remove the **Hide key** and publish again.
-Select **Save draft** before continuing to the next tab in the left-nav menu, **Technical configuration**.
+Select **Save draft** before continuing to the next tab in the left-nav menu.
## Next steps -- [Set offer technical configuration](dynamics-365-customer-engage-technical-configuration.md)
+Do one of the following:
+
+- If you chose to enable app license management through Microsoft, then go to [Create Dynamics 365 for Customer Engagement & Power Apps plans](dynamics-365-customer-engage-plans.md).
+- Otherwise, go to [Set offer technical configuration](dynamics-365-customer-engage-technical-configuration.md).
marketplace Dynamics 365 Customer Engage Offer Setup https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/marketplace/dynamics-365-customer-engage-offer-setup.md
Previously updated : 04/20/2021 Last updated : 04/30/2021 # How to create a Dynamics 365 for Customer Engagement & PowerApps offer This article describes how to create a Dynamics 365 for Customer Engagement & PowerApps offer. All offers for Dynamics 365 go through our certification process. The trial experience allows users to deploy your solution to a live Dynamics 365 environment.
-Before you start, create a commercial marketplace account in [Partner Center](./create-account.md) and ensure it is enrolled in the commercial marketplace program.
+Before you start, create a commercial marketplace account in [Partner Center](partner-center-portal/create-account.md) and ensure it is enrolled in the commercial marketplace program.
## Before you begin
Review [Plan a Dynamics 365 offer](marketplace-dynamics-365.md). It will explain
1. Sign in to [Partner Center](https://partner.microsoft.com/dashboard/home). 2. In the left-nav menu, select **Commercial Marketplace** > **Overview**.
-3. On the Overview page, select **+ New offer** > **Dynamics 365 for Customer Engagement & PowerApps**.
+3. On the Overview page, select **+ New offer** > **Dynamics 365 for Customer Engagement & Power Apps**.
:::image type="content" source="media/dynamics-365/new-offer-dynamics-365-customer-engagement.png" alt-text="Shows the left pane menu options and the 'New offer' button with Customer Engagement select.":::
Enter a descriptive name that we'll use to refer to this offer solely within Par
## Setup details
-For **How do you want potential customers to interact with this listing offer?**, select the option you'd like to use for this offer.
+For **How do you want potential customers to interact with this listing offer?**, select the option you want to use for this offer:
+
+- **Enable app license management through Microsoft** ΓÇô Manage your app licenses through Microsoft. To let customers run your appΓÇÖs base functionality without a license and run premium features after theyΓÇÖve purchased a license, select the **Allow customers to install my app even if licenses are not assigned box**. If you select this second box, you need to configure your solution package to not require a license.
+
+ > [!NOTE]
+ > You cannot change this setting after you publish your offer. To learn more about this setting, see [Third-party app license management through Microsoft](third-party-license.md).
- **Get it now (free)** ΓÇô List your offer to customers for free. - **Free trial (listing)** ΓÇô List your offer to customers with a link to a free trial. Offer listing free trials are created, managed, and configured by your service and do not have subscriptions managed by Microsoft.
marketplace Dynamics 365 Customer Engage Plans https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/marketplace/dynamics-365-customer-engage-plans.md
+
+ Title: Create Dynamics 365 for Customer Engagement & Power Apps plans on Microsoft AppSource (Azure Marketplace).
+description: Configure Dynamics 365 for Customer Engagement & PowerApps offer plans if you chose to enable your offer for third-party app management.
+++++ Last updated : 04/30/2021++
+# Create Dynamics 365 for Customer Engagement & Power Apps plans
+
+If you enabled app license management for your offer, the **Plans** tab appears as shown in the following screenshot. Otherwise, go to [Set up Dynamics 365 for Customer Engagement & Power Apps offer technical configuration](dynamics-365-customer-engage-technical-configuration.md).
++
+You need to define at least one plan, if your offer has app license management enabled. You can create a variety of plans with different options for the same offer. These plans (sometimes referred to as SKUs) can differ in terms of monetization or tiers of service. Later, you will map the Service IDs of these plans in your solution package to enable a runtime license check by the Dynamics platform against these plans. You will map the Service ID of each plan in your solution package. This enables the Dynamics platform to run a license check against these plans.
+
+## Create a plan
+
+1. Near the top of the **Plan overview** page, select **+ Create new plan**.
+1. In the dialog box that appears, in the **Plan ID** box, enter a unique plan ID. Use up to 50 lowercase alphanumeric characters, dashes, or underscores. You cannot modify the plan ID after you select **Create**.
+1. In the **Plan name** box, enter a unique name for this plan. Use a maximum of 50 characters.
+1. Select **Create**.
+
+## Define the plan listing
+
+On the **Plan listing** tab, you can define the plan name and description as you want them to appear in the commercial marketplace. This information will be shown on the Microsoft AppSource listing page.
+
+1. In the **Plan name** box, the name you provided earlier for this plan appears here. You can change it at any time. This name will appear in the commercial marketplace as the title of your offer's software plan.
+1. In the **Plan description** box, explain what makes this software plan unique and any differences from other plans within your offer. This description may contain up to 500 characters.
+1. Select **Save draft**, and then in the top-left, select **Plan overview**.
+
+ :::image type="content" source="./media/third-party-license/bronze-plan.png" alt-text="Screenshot shows the Plan overview link on the Plan listing page of an offer in Partner Center.":::
+
+1. To create another plan for this offer, at the top of the **Plan overview** page, select **+ Create new plan**. Then repeat the steps in the [Create a plan](#create-a-plan) section. Otherwise, if you're done creating plans, go to the next section: Copy the Service IDs.
+
+## Copy the Service IDs
+
+You need to copy the Service ID of each plan you created so you can map them to your solution package in the next step.
+
+- For each plan you created, copy the Service ID to a safe place. YouΓÇÖll add them to your solution package in the next step. The service ID is listed on the **Plan overview** page in the form of `ISV name.offer name.plan ID`. For example, Fabrikam.F365.bronze.
+
+ :::image type="content" source="./media/third-party-license/service-id.png" alt-text="Screenshot of the Plan overview page. The service ID for the plan is highlighted.":::
+
+## Add Service IDs to your solution package
+
+1. Add the Service IDs you copied in the previous step to your solution package. To learn how, see [Adding license metadata to your solution](https://go.microsoft.com/fwlink/?linkid=2162161&clcid=0x409) and [Create an AppSource package for your app](/powerapps/developer/data-platform/create-package-app-appsource).
+1. After you create the CRM package .zip file, upload it to Azure Blob Storage. You will need to provide the SAS URL of the Azure Blob Storage account that contains the uploaded CRM package .zip file.
+
+## Next steps
+
+- Go to [Set up Dynamics 365 for Customer Engagement & Power Apps offer technical configuration](dynamics-365-customer-engage-technical-configuration.md) to upload the solution package to your offer.
marketplace Dynamics 365 Customer Engage Review Publish https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/marketplace/dynamics-365-customer-engage-review-publish.md
Previously updated : 04/20/2021 Last updated : 04/30/2021 # Review and publish a Dynamics 365 CE&PA offer
After all pages are complete and you have entered applicable testing notes, sele
1. Select **Review and publish**. 1. Select **Go live** to make your offer publicly available.
+After you select **Review and publish**, we will perform certification and other verification processes before your offer is published to AppSource. We will notify you when your offer is available in preview so you can go live. If there is an issue, we will notify you with the details and provide guidance on how to fix it.
+ ## Next steps
+- If you enabled _Third-party app license management through Microsoft_ for your offer, after you sell your offer, youΓÇÖll need to register the deal in Partner Center. To learn more, see [Managing licensing in marketplace offers](/partner-center/csp-commercial-marketplace-licensing).
- [Update an existing offer in the Commercial Marketplace](partner-center-portal/update-existing-offer.md)
marketplace Dynamics 365 Customer Engage Technical Configuration https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/marketplace/dynamics-365-customer-engage-technical-configuration.md
Title: Set up Dynamics 365 for Customer Engagement & PowerApps offer technical configuration on Microsoft AppSource (Azure Marketplace)
-description: Set up Dynamics 365 for Customer Engagement & PowerApps offer technical configuration on Microsoft AppSource (Azure Marketplace).
+ Title: Set up Dynamics 365 for Customer Engagement & PowerApps offer technical configuration on Microsoft AppSource - Azure Marketplace
+description: Set up Dynamics 365 for Customer Engagement & PowerApps offer technical configuration on Microsoft AppSource (Azure Marketplace.
Previously updated : 04/20/2021 Last updated : 04/29/2021 # Set up Dynamics 365 for Customer Engagement & Power Apps offer technical configuration
-This page defines the technical details used to connect to your offer. This connection lets us provision your offer for the end customer if they choose to acquire it.
+This page defines the technical details used to connect to your offer. This connection lets us provision your offer for the customers who choose to acquire it.
## Offer information
-**Base license model** determines how customers are assigned your application in the CRM Admin Center. Select **Resource** for instance-based licensing or **User** if licenses are assigned one per tenant.
+**Base license model** determines how customers are assigned your application in the CRM Admin Center. Do one of the following:
+
+- Select **Resource** for instance-based licensing
+- Select **User** if licenses are assigned one per tenant or if you chose to manage your app licenses through Microsoft.
The **Requires S2S outbound and CRM Secure Store Access** check box enables configuration of CRM Secure Store or Server-to-Server (S2S) outbound access. This feature requires specialized consideration from the Dynamics 365 Team during the certification phase. Microsoft will contact you to complete additional steps to support this feature.
Leave **Application configuration URL** blank; it is for future use.
## CRM package
-For **URL of your package location**, enter the URL of an Azure Blob Storage account that contains the uploaded CRM package .zip file. Include a read-only SAS key in the URL so Microsoft can pick up your package for verification.
+In the **URL of your package location** box, enter the URL of the Azure Blob Storage account that contains the uploaded CRM package .zip file. Include a read-only SAS key in the URL so Microsoft can pick up your package for verification.
> [!IMPORTANT] > To avoid a publishing block, make sure that the expiration date in the URL of your Blob storage hasnΓÇÖt expired. You can revise the date by accessing your policy. We recommend the **Expiry time** be at least one month in the future.
Select **+ Add region** to specify the geographic regions in which your CRM pack
By default, the **Application configuration URL** you entered above will be used for each region. If you prefer, you can enter a separate Application Configuration URL for one or more specific regions.
-Select **Save draft** before continuing to the next tab in the left-nav menu, **Co-sell with Microsoft**. For information on setting up co-sell with Microsoft (optional), see [Co-sell partner engagement](./co-sell-overview.md). If you're not setting up co-sell or you've finished, continue with **Next steps** below.
+Select **Save draft** before continuing to the next tab in the left-nav menu, **Co-sell with Microsoft**. For information on setting up co-sell with Microsoft (optional), see [Co-sell with Microsoft sales teams and partners overview](marketplace-co-sell.md). If you're not setting up co-sell or you've finished, continue with **Next steps** below.
## Next steps -- [Configure supplemental content](dynamics-365-customer-engage-supplemental-content.md)
+- [Configure supplemental content](dynamics-365-customer-engage-supplemental-content.md)
marketplace Marketplace Dynamics 365 https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/marketplace/marketplace-dynamics-365.md
Title: Plan Dynamics 365 offers for Microsoft AppSource
+ Title: Plan Dynamics 365 offers for Microsoft AppSource - Azure
description: Plan Dynamics 365 offers for Microsoft AppSource Previously updated : 04/16/2021 Last updated : 04/30/2021 # Plan a Microsoft Dynamics 365 offer
-This article explains the different options and features of a Dynamics 365 offer in Microsoft AppSource in the commercial marketplace. AppSource includes offers that build on or extend Microsoft 365, Dynamics 365, PowerApps, and Power BI. AppSource allows paid (*Get It Now*), list (*Contact Me*), and trial (*Try It Now*) offers.
+This article explains the different options and features of a Dynamics 365 offer in Microsoft AppSource in the commercial marketplace. AppSource includes offers that build on or extend Microsoft 365, Dynamics 365, PowerApps, and Power BI.
-Before you start, create a commercial marketplace account in [Partner Center](./create-account.md) and ensure it is enrolled in the commercial marketplace program. Also, review the [publishing process and guidelines](/office/dev/store/submit-to-appsource-via-partner-center).
+Before you start, create a commercial marketplace account in [Partner Center](./partner-center-portal/create-account.md) and ensure it is enrolled in the commercial marketplace program. Also, review the [publishing process and guidelines](/office/dev/store/submit-to-appsource-via-partner-center).
## Licensing options
These are the available licensing options for Dynamics 365 offers:
| Licensing option | Transaction process | | | |
-| Get it now (free) | List your offer to customers for free. |
-| Free trial (listing) | Offer your customers a one-, three- or six-month free trial. Offer listing free trials are created, managed, and configured by your service and do not have subscriptions managed by Microsoft. |
| Contact me | Collect customer contact information by connecting your Customer Relationship Management (CRM) system. The customer will be asked for permission to share their information. These customer details, along with the offer name, ID, and marketplace source where they found your offer, will be sent to the CRM system that you've configured. For more information about configuring your CRM, see the **Customer leads** section of your offer type's **Offer setup** page. |
-|
+| Free trial (listing) | Offer your customers a one-, three- or six-month free trial. Offer listing free trials are created, managed, and configured by your service and do not have subscriptions managed by Microsoft. |
+| Get it now (free) | List your offer to customers for free. |
+| Get it now | Enables you to manage your third-party licenses in Partner Center.<br>Currently available to the following offer type only:<ul><li>Dynamics 365 for Customer Engagement & Power Apps</li></ul><br>For more information about this option, see [Third-party app license management through Microsoft](third-party-license.md). |
+|||
## Test drive
To help create your offer more easily, prepare these items ahead of time. All ar
## Additional sales opportunities
-You can choose to opt into Microsoft-supported marketing and sales channels. When creating your offer in Partner Center, you will see two a tab toward the end of the process for **Co-sell with Microsoft**. This option lets Microsoft sales teams consider your IP co-sell eligible solution when evaluating their customersΓÇÖ needs. See [Co-sell option in Partner Center](./co-sell-configure.md) for detailed information on how to prepare your offer for evaluation.
+You can choose to opt into Microsoft-supported marketing and sales channels. When creating your offer in Partner Center, you will see two a tab toward the end of the process for **Co-sell with Microsoft**. This option lets Microsoft sales teams consider your IP co-sell eligible solution when evaluating their customersΓÇÖ needs. See [Co-sell option in Partner Center](commercial-marketplace-co-sell.md) for detailed information on how to prepare your offer for evaluation.
## Next steps
After you've considered the planning items described above, select one of the fo
| [Dynamics 365 for Business Central](partner-center-portal/create-new-business-central-offer.md) | | | [Dynamics 365 for Customer Engagement & Power Apps](dynamics-365-customer-engage-offer-setup.md) | First review these additional [publishing processes and guidelines](/dynamics365/customer-engagement/developer/publish-app-appsource). | | [Power BI](/partner-center-portal/create-power-bi-app-offer.md) | First review these additional [publishing processes and guidelines](/power-bi/developer/office-store). |
-|
+|||
marketplace Analytics https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/marketplace/partner-center-portal/analytics.md
To access the Partner Center analytics tools, open the **[Analyze](https://partn
## Next steps -- For graphs, trends, and values of aggregate data that summarize marketplace activity for your offer, see [Summary Dashboard in commercial marketplace analytics](../summary-dashboard.md).-- For information about your orders in a graphical and downloadable format, see [Orders Dashboard in commercial marketplace analytics](../orders-dashboard.md).-- For Virtual Machine (VM) offers usage and metered billing metrics, see [Usage Dashboard in commercial marketplace analytics](../usage-dashboard.md).-- For detailed information about your customers, including growth trends, see [Customer Dashboard in commercial marketplace analytics](../customer-dashboard.md).-- For a list of your download requests over the last 30 days, see [Downloads Dashboard in commercial marketplace analytics](./downloads-dashboard.md).
+- For graphs, trends, and values of aggregate data that summarize marketplace activity for your offer, see [Summary dashboard in commercial marketplace analytics](../summary-dashboard.md).
+- For information about your orders in a graphical and downloadable format, see [Orders dashboard in commercial marketplace analytics](../orders-dashboard.md).
+- For Virtual Machine (VM) offers usage and metered billing metrics, see [Usage dashboard in commercial marketplace analytics](../usage-dashboard.md).
+- For detailed information about your customers, including growth trends, see [Customer dashboard in commercial marketplace analytics](../customer-dashboard.md).
+- For a list of your download requests over the last 30 days, see [Downloads dashboard in commercial marketplace analytics](./downloads-dashboard.md).
- To see a consolidated view of customer feedback for offers on Azure Marketplace and AppSource, see [Ratings and reviews dashboard in commercial marketplace analytics](./ratings-reviews.md).-- For frequently asked questions about commercial marketplace analytics and for a comprehensive dictionary of data terms, see [Frequently asked questions and terminology for commercial marketplace analytics](../analytics-faq.md).
+- For frequently asked questions about commercial marketplace analytics and for a comprehensive dictionary of data terms, see [Frequently asked questions and terminology for commercial marketplace analytics](../analytics-faq.md).
marketplace Third Party License https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/marketplace/third-party-license.md
+
+ Title: Third-party app license management through Microsoft - Azure
+description: Learn about managing third-party app licenses through Microsoft.
++++++ Last updated : 04/30/2021++
+# Third-party app license management through Microsoft
+
+> [!IMPORTANT]
+> This capability is currently in Public Preview.
+
+Applies to the following offer type:
+
+- Dynamics 365 for Customer Engagement & Power Apps
+
+_Third-party app license management through Microsoft_ enables independent software vendors (ISVs) who build solutions using Dynamics 365 suite of products to manage and enforce licenses for their solutions using systems provided by Microsoft. By adopting this approach you can:
+
+- Enable your customers to assign and unassign your solutionΓÇÖs licenses using familiar tools such as Microsoft 365 Admin Center, which they use to manage Office and Dynamics licenses.
+- Have the Power Platform enforce your licenses at runtime to ensure that only licensed users can access your solution.
+- Save yourself the effort of building and maintaining your own license management and enforcement system.
++
+> [!NOTE]
+> Third-party app license management through Microsoft is only available to ISVs participating in the ISV Connect program. Microsoft is not involved in the sale of licenses.
+
+## Prerequisites
+
+To manage your app licenses through Microsoft, you need to comply with the following pre-requisites.
+
+1. Have a valid [Microsoft Partner Network account](/partner-center/mpn-create-a-partner-center-account).
+1. Be signed up for commercial marketplace program. For more information, see [Create a commercial marketplace account in Partner Center](create-account.md).
+1. Be signed up for the [ISV Connect program](https://partner.microsoft.com/solutions/business-applications/isv-overview). For more information, see [Microsoft Business Applications Independent Software Vendor (ISV) Connect Program onboarding guide](business-applications-isv-program.md).
+1. Your developer team has the development environments and tools required to create Dataverse solutions. Your Dataverse solution must include model-driven applications (currently these are the only type of solution components that are supported through the license management feature).
+
+## High-level process
+
+This table illustrates the high-level process to manage third-party apps through Microsoft:
+
+| Step | Details |
+| | - |
+| Step 1: Create offer | The ISV creates an offer in Partner Center and chooses to manage licenses for this offer through Microsoft. This includes defining one or more licensing plans for the offer. |
+| Step 2: Update package | The ISV creates a solution package for the offer that includes license plan information as metadata, and uploads it to Partner Center for publication to Microsoft AppSource. To learn more, see [Adding license metadata to your solution](https://go.microsoft.com/fwlink/?linkid=2162161&clcid=0x409). |
+| Step 3: Purchase licenses | Customers discover the ISVΓÇÖs offer in AppSource or directly on the ISVΓÇÖs website. Customers purchase licenses for the plans they want directly from the ISV (these offers are cannot purchasable through AppSource at this time). |
+| Step 4: Register deal | The ISV registers the purchase with Microsoft in Partner Center. As part of [deal registration](/partner-center/csp-commercial-marketplace-licensing), the ISV will specify the type and quantity of each licensing plan purchased by the customer. |
+| Step 5: Manage licenses | The license plans will appear in Microsoft 365 Admin Center for the customer to assign to users or groups in their organization. The customer can also install the application in their tenant via the Power Platform Admin Center. |
+| Step 6: Perform license check | When a user within the customerΓÇÖs organization tries to run an application, Microsoft checks to ensure that user has a license before permitting them to run it. If they donΓÇÖt have a license, the user sees a message explaining that they need to contact an administrator for a license. |
+| Step 7: Report | ISVs can view information on provisioned and assigned licenses over a period of time and by geography. |
+|||
+
+## Enabling app license management through Microsoft
+
+When creating an offer, there are two check boxes on the Offer setup tab used to enable app license management on an offer.
+
+### Enable app license management through Microsoft check box
+
+HereΓÇÖs how it works:
+
+- After you select the **Enable app license management through Microsoft** box, you can define licensing plans for your offer.
+- Customers will see a **Get it now** button on the offer listing page in AppSource. Customers can select this button to contact you to purchase licenses for the app.
+
+### Allow customers to install my app even if licenses are not assigned check box
+
+After you select the first box, the **Allow customers to install my app even if licenses are not assigned** box appears. Selecting this box enables customers to use the base features of the app without a license. If you choose this option, you need to configure your solution package to not require a license.
+
+HereΓÇÖs how it works:
+
+- All AppSource users see the **Get it now** button on the offer listing page along with the **Contact me** button and will be permitted to download and install your offer.
+- If you do not select this option, then AppSource checks that the userΓÇÖs tenant has at least one license for your solution before showing the **Get it now** button. If there is no license in the userΓÇÖs tenant then only the **Contact Me** button is shown.
+
+This option is useful if you are employing a ΓÇ£freemiumΓÇ¥ licensing strategy whereby you want to offer some basic features of your solution for free to all users and charge for premium features. Conversely, if you want to ensure that only tenants who currently own licenses for your product can download it from AppSource, then donΓÇÖt select this option.
+
+For details about configuring an offer, see [How to create a Dynamics 365 for Customer Engagement & Power App offer](dynamics-365-customer-engage-offer-setup.md).
+
+## Offer listing page on AppSource
+
+After your offer is published, the options you chose will drive which buttons appear to a user. This screenshot shows an offer listing page on AppSource with the **Get it now** and **Contact me** buttons.
++
+***Figure 1: Offer listing page on Microsoft AppSource***
+
+## Next steps
+
+- [Plan a Dynamics 365 offer](marketplace-dynamics-365.md)
+- [How to create a Dynamics 365 for Customer Engagement & Power App offer](dynamics-365-customer-engage-offer-setup.md)
marketplace What Is New https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/marketplace/what-is-new.md
+
+ Title: What's new in the Microsoft commercial marketplace
+description: Learn about important updates in the commercial marketplace program of Partner Center.
++++ Last updated : 04/30/2021++
+# What's new in the Microsoft commercial marketplace
+
+Learn about important updates in the commercial marketplace program of Partner Center. This page is updated frequently, so be sure to check back often!
+
+## New features
+
+| Category | Description | Date |
+| | - | - |
+| Analytics | Developers can use new report APIs to programmatically access commercial marketplace analytics data. You can schedule custom reports and download your marketplace data into your internal analytics systems. To learn more, see [Get started with programmatic access to analytics data](analytics-get-started.md). | 2021-03-08 |
+| Grow your business | Publishers can more easily mitigate the risk of their customers receiving an incorrect bill for metered billing usage. To learn more, see [Manage metered billing anomalies in Partner Center](anomaly-detection.md). | 2021-02-18 |
+||||
+
+## Documentation updates
+
+| Category | Description | Date |
+| | - | - |
+| Policy | The [Microsoft Publisher Agreement](/legal/marketplace/msft-publisher-agreement) has been updated and simplified. To see whatΓÇÖs changed, see [Change history for Microsoft Publisher Agreement](/legal/marketplace/mpa-change-history). | 2021-04-19 |
+| Offers | Microsoft 365 independent software vendors (ISVs) can now link their software as a service (SaaS) offer to their related Teams apps, Office add-ins (WXPO), and SharePoint SPFx solutions in Partner Center. SaaS ISVs can also declare if their SaaS offer is integrated with Microsoft Graph API. To learn more, see [Test and deploy Microsoft 365 Apps by partners in the Integrated apps portal](/microsoft-365/admin/manage/test-and-deploy-microsoft-365-apps). | 2021-04-08 |
+| Capabilities | Updated and reorganized the account management documentation to make it easier for independent software vendors (ISVs) to manage their commercial marketplace users and accounts. To learn more, see the following:<ul><li>[Create a new commercial marketplace account](create-account.md)</li><li>[Add new publishers](add-publishers.md)</li><li>[Manage your account](manage-account.md)</li><li>[Switch accounts](switch-accounts.md)</li><li>[Manage tenants](manage-tenants.md)</li><li>[Add and manage users](add-manage-users.md)</li><li>[Assign user roles](user-roles.md)</li><li>[Manage groups](manage-groups.md)</li><li>[Add and manage Azure AD applications](manage-aad-apps.md)</li></ul> | 2021-04-06 |
+| Capabilities | Reorganized and clarified the [Commercial marketplace transact capabilities](marketplace-commercial-transaction-capabilities-and-considerations.md) documentation to help independent software vendors (ISVs) understand the difference between the various transactable and non-transactable options. | 2021-04-06 |
+| Policies | WeΓÇÖve updated the [Commercial marketplace certification policies](/legal/marketplace/certification-policies). | 2021-04-02 |
+| Offers | New guidance for publishers to test their software as a service (SaaS) offers by creating separate development and production offers. To learn more, see [Create a test offer (SaaS)](create-saas-dev-test-offer.md). | 2021-03-25 |
+| Offers | Publishers now have a simpler and faster way to prepare and publish their Azure Virtual Machine-based offers in Partner Center. To learn more, see [How to create a virtual machine using an approved base](azure-vm-create-using-approved-base.md). | 2021-03-22 |
+| Co-sell | Improved documentation to help partners use the commercial marketplace to collaboratively sell (co-sell) their offers with Microsoft sales teams. To learn more, see the following topics:<ul><li>[Co-sell with Microsoft sales teams and partners overview](co-sell-overview.md)</li><li>[Co-sell requirements](co-sell-requirements.md)</li><li>[Configure co-sell for a commercial marketplace offer](co-sell-configure.md)</li><li>[Verify co-sell status of a commercial marketplace offer](co-sell-status.md)</li></ul> | 2021-03-17 |
+||||
migrate Replicate Using Expressroute https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/migrate/replicate-using-expressroute.md
Title: Replicate data over ExpressRoute with Azure Migrate Server Migration
-description: How to use Azure ExpressRoute for replication with Azure Migrate Server Migration
+description: Use Azure ExpressRoute for replication with Azure Migrate Server Migration.
ms.
Last updated 02/22/2021
# Replicate data over ExpressRoute with Azure Migrate: Server Migration
-In this article you'll learn how to configure [Azure Migrate: Server Migration](./migrate-services-overview.md#azure-migrate-server-migration-tool) to replicate data over an ExpressRoute circuit while migrating servers to Azure.
+In this article, you'll learn how to configure the [Azure Migrate: Server Migration](./migrate-services-overview.md#azure-migrate-server-migration-tool) tool to replicate data over an Azure ExpressRoute circuit while you migrate servers to Azure.
## Understand Azure ExpressRoute circuits
-An ExpressRoute (ER) circuit connects your on-premises infrastructure to Microsoft through a connectivity provider. ExpressRoute circuits can be configured to use private peering, Microsoft peering, or both. Review the article on [ExpressRoute circuits and peering](../expressroute/expressroute-circuit-peerings.md#peeringcompare) to learn more about the various peering options available with ExpressRoute.
-Azure Migrate's server migration tool helps you migrate on-premises servers and servers from other clouds to Azure virtual machines. The tool works by setting up an ongoing replication stream to replicate data from the servers to be migrated to managed disks in your Azure subscription. When you are ready to migrate the servers, the replicated data in Azure is used to migrate the servers.
+An ExpressRoute circuit connects your on-premises infrastructure to Microsoft through a connectivity provider. You can configure ExpressRoute circuits to use private peering, Microsoft peering, or both. To learn more about the peering options with ExpressRoute, see [ExpressRoute circuits and peering](../expressroute/expressroute-circuit-peerings.md#peeringcompare).
-Data replicated from your on-premises servers can be configured to be sent to your Azure subscription over the internet (using a secure encrypted connection), or over an ExpressRoute connection. When you have a large number of servers to migrate, using ExpressRoute for replication can help you migrate servers more efficiently by using the provisioned bandwidth available with your ExpressRoute circuit.
+The Azure Migrate: Server Migration tool helps you migrate on-premises servers and servers from other clouds to Azure Virtual Machines. The tool sets up an ongoing replication stream to replicate data from the servers to be migrated to managed disks in your Azure subscription. When you're ready to migrate the servers, the replicated data in Azure is used to migrate the servers.
-In this article, you'll learn
+You can configure the data replicated from your on-premises servers to be sent to your Azure subscription over the internet or an ExpressRoute connection. Data sent over the internet uses a secure encrypted connection. If you have many servers to migrate, using ExpressRoute for replication can help you migrate more efficiently by using the provisioned bandwidth available with your ExpressRoute circuit.
+
+In this article, you'll learn how to replicate data by using:
> [!div class="checklist"] >
-> * How to replicate data using an ExpressRoute circuit with private peering.
-> * How to replicate data using an ExpressRoute circuit with Microsoft peering.
+> * An ExpressRoute circuit with private peering.
+> * An ExpressRoute circuit with Microsoft peering.
-## Replicate data using an ExpressRoute circuit with private peering
+## Replicate data by using an ExpressRoute circuit with private peering
> [!Note]
-> This article illustrates how to replicate over a private peering circuit for [**agentless migration of VMware virtual machines to Azure**](./tutorial-migrate-vmware.md). To use private endpoint support for [**other replication methods**](./migrate-services-overview.md#azure-migrate-server-migration-tool), review [**this article**](./how-to-use-azure-migrate-with-private-endpoints.md).
+> This article shows how to replicate over a private peering circuit for [agentless migration of VMware virtual machines to Azure](./tutorial-migrate-vmware.md). To use private endpoint support for [other replication methods](./migrate-services-overview.md#azure-migrate-server-migration-tool), see [Using Azure Migrate with private endpoints](./how-to-use-azure-migrate-with-private-endpoints.md).
+In the agentless method for migrating VMware virtual machines to Azure, the Azure Migrate appliance first uploads replication data to a storage account (cache storage account) in your subscription. Azure Migrate then moves the replicated data from the cache storage account to replica-managed disks in your subscription.
-In the agentless method of migrating VMware virtual machines to Azure, the Azure Migrate appliance first uploads replication data to a storage account (cache storage account) in your subscription. Replicated data from the cache storage account is then moved to replica-managed disks in your subscription by the Azure Migrate service. To use a private peering circuit for replication, you'll create and attach a private endpoint to the cache storage account use. Private endpoints use one or more private IP addresses from your virtual network (VNet), effectively bringing the storage account into your Azure VNet. The private endpoint allows the Azure Migrate appliance to connect to the cache storage account using ExpressRoute private peering and transfer data directly on the private IP address. <br/>
+To use a private peering circuit for replication, you'll create and attach a private endpoint to the cache storage account. Private endpoints use one or more private IP addresses from your virtual network, which effectively brings the storage account into your Azure virtual network. The private endpoint allows the Azure Migrate appliance to connect to the cache storage account by using ExpressRoute private peering. Data can then be transferred directly on the private IP address. <br/>
-![Replication process](./media/replicate-using-expressroute/replication-process.png)
+![Screenshot that shows the replication process.](./media/replicate-using-expressroute/replication-process.png)
> [!Important]
->
-> - In addition to replication data, the Azure Migrate appliance communicates with the Azure Migrate service for its control plane activities including orchestrating replication. Control plane communication between the Azure Migrate appliance and the Azure Migrate service continues to happen over the internet on Azure Migrate service's public endpoint.
-> - The private endpoint of the storage account should be accessible from the network the Azure Migrate appliance is deployed on.
+> - In addition to replication data, the Azure Migrate appliance communicates with the Azure Migrate service for its control plane activities. These activities include orchestrating replication. Control plane communication between the Azure Migrate appliance and the Azure Migrate service continues to happen over the internet on the Azure Migrate service's public endpoint.
+> - The private endpoint of the storage account should be accessible from the network where the Azure Migrate appliance is deployed.
> - DNS must be configured to resolve DNS queries by the Azure Migrate appliance for the cache storage account's blob service endpoint to the private IP address of the private endpoint attached to the cache storage account.
-> - The cache storage account must be accessible on its public endpoint. (The Azure Migrate service uses the cache storage account's public endpoint to move data from the storage account to replica managed disks.)
-
+> - The cache storage account must be accessible on its public endpoint. Azure Migrate uses the cache storage account's public endpoint to move data from the storage account to replica-managed disks.
-### 1. Pre-requisites
+### Prerequisites
-The Azure user creating the private endpoint should have the following permissions on the resource group and virtual network that the private endpoint will be created in.
+You need the following permissions on the resource group and virtual network where the private endpoint will be created.
-**Use case** | **Permissions**
+Use case | Permissions
|
- Create and manage private endpoints. | Microsoft.Network/privateEndpoint/write/action<br/>Microsoft.Network/privateEndpoint/read/action
-|Attach a private endpoint to a VNet/subnet.<br/>This is required on the virtual network where the private endpoint will be created.| Microsoft.Network/virtualNetworks/subnet/join/action Microsoft.Network/virtualNetworks/join/action
+ Create and manage private endpoints. | Microsoft.Network/privateEndpoint/write/action<br/>Microsoft.Network/privateEndpoint/read/action
+|Attach a private endpoint to a virtual network or subnet.<br/>This permission is required on the virtual network where the private endpoint will be created.| Microsoft.Network/virtualNetworks/subnet/join/action <br/> Microsoft.Network/virtualNetworks/join/action
|Link the private endpoint to a storage account. <br/>| Microsoft.Microsoft.Storage/storageAccounts/privateEndpointConnectionApproval/action <br/> Microsoft.Microsoft.Storage/storageAccounts/privateEndpointConnections/read |Create a network interface and join it to a network security group. | Microsoft.Network/networkInterfaces/read <br/> Microsoft.Network/networkInterfaces/subnets/write <br/> Microsoft.Network/networkInterfaces/subnets/read<br/> Microsoft.Network/networkSecurityGroups/join/action (optional)
-Create and manage private DNS zones.| Private DNS Zone Contributor role <br/> _Or_ <br/> Microsoft.Network/privateDnsZones/A/* <br/> Microsoft.Network/privateDnsZones/write Microsoft.Network/privateDnsZones/read <br/> Microsoft.Network/privateEndpoints/privateDnsZoneGroups/write <br/> Microsoft.Network/privateEndpoints/privateDnsZoneGroups/read <br/> Microsoft.Network/privateDnsZones/virtualNetworkLinks/write <br/> Microsoft.Network/privateDnsZones/virtualNetworkLinks/read <br/> Microsoft.Network/virtualNetworks/join/action
+Create and manage private DNS zones.| Private DNS Zone Contributor role <br/> _Or_ <br/> Microsoft.Network/privateDnsZones/A/* <br/> Microsoft.Network/privateDnsZones/write Microsoft.Network/privateDnsZones/read <br/> Microsoft.Network/privateEndpoints/privateDnsZoneGroups/write <br/> Microsoft.Network/privateEndpoints/privateDnsZoneGroups/read <br/> Microsoft.Network/privateDnsZones/virtualNetworkLinks/write <br/> Microsoft.Network/privateDnsZones/virtualNetworkLinks/read <br/> Microsoft.Network/virtualNetworks/join/action
-### 2. Identify the cache storage account
-
-Azure Migrate automatically creates a cache storage account when you configure replication (using the Azure portal experience) for a virtual machine for the first time in an Azure Migrate project. The storage account is created in the same subscription and resource group that you created the Azure Migrate project in.
+### Identify the cache storage account
+
+ Azure Migrate automatically creates a cache storage account when you configure replication (using the Azure portal experience) for a virtual machine for the first time in an Azure Migrate project. The storage account is created in the same subscription and resource group where you created the Azure Migrate project.
To create and locate the storage account:
-1. Use the Azure portal experience for Azure Migrate to replicate one or more virtual machines in the project.
-2. Navigate to the resource group of the Azure Migrate project.
-3. Locate the cache storage account by identifying the prefix **ΓÇ£lsaΓÇ¥** in the storage account name.
+1. Use the Azure portal to replicate one or more virtual machines in the Azure Migrate project.
+1. Go to the resource group of the Azure Migrate project.
+1. Locate the cache storage account by identifying the prefix **lsa** in the storage account name.
-![Resource group view](./media/replicate-using-expressroute/storage-account-name.png)
+ ![Screenshot that shows a resource group view.](./media/replicate-using-expressroute/storage-account-name.png)
> [!Tip]
->
-> If you have more than one storage account with the prefix **"lsa"** in your resource group, you can verify the storage account by navigating to the replication settings and target configuration menu for any of the replicating VMs in the project. <br/>
-> ![Replication settings overview](./media/replicate-using-expressroute/storage-account.png)
+> If you have more than one storage account with the prefix **lsa** in your resource group, you can verify the storage account by navigating to the replication settings and target configuration menu for any of the replicating VMs in the project.
+>
+> ![Screenshot that shows a Replication settings overview.](./media/replicate-using-expressroute/storage-account.png)
-### 3. Upgrade cache storage account to General Purpose v2
+### Upgrade the cache storage account to general-purpose v2
-You can create private endpoints only on a General Purpose v2 (GPv2) storage account. If the cache storage account is not a GPv2 storage account, upgrade it to GPv2 using the following steps:
+You can create private endpoints only on a general-purpose v2 storage account. If the cache storage account isn't a general-purpose v2 storage account, upgrade it.
-1. Navigate to your storage account.
-2. Select **Configuration**.
-3. Under **Account kind**, select **Upgrade**.
-4. Under **Confirm upgrade**, type in the name of your account.
-5. Select **Upgrade** at the bottom of the page.
+1. Go to your storage account.
+1. Select **Configuration**.
+1. Under **Account kind**, select **Upgrade**.
+1. Under **Confirm upgrade**, enter the name of your account.
+1. Select **Upgrade** at the bottom of the page.
-![Upgrade storage account](./media/replicate-using-expressroute/upgrade-storage-account.png)
+ ![Screenshot that shows how to upgrade a storage account.](./media/replicate-using-expressroute/upgrade-storage-account.png)
-### 4. Create a private endpoint for the storage account
+### Create a private endpoint for the storage account
-1. Go to your storage account, select **Networking** from the left menu, and select the **Private endpoint connections** tab.
-2. Select **+ Private endpoint**.
+1. Go to your storage account, select **Networking** from the left menu, and select the **Private endpoint connections** tab.
+1. Select **+ Private endpoint**.
- a. In the **Create a private endpoint** window ΓÇô select the **subscription** and **resource group**. Provide a name for your private endpoint and select the storage account region.
- ![PE configuration window](./media/replicate-using-expressroute/storage-account-private-endpoint-creation.png)
+ 1. In the **Create a private endpoint** window, select the **Subscription** and **Resource group**. Enter a name for your private endpoint, and select the storage account region.
+
+ ![Screenshot that shows a private endpoint configuration window.](./media/replicate-using-expressroute/storage-account-private-endpoint-creation.png)
- b. In the **Resource** tab, provide the **Subscription name** that the storage account is in. Choose **Microsoft.Storage/storageAccounts** as the **Resource type**. In **Resource**, provide the name of the GPv2 type replication storage account. Select **Blob** as the **Target sub-resource**.
- ![storageaccountpesettings](./media/replicate-using-expressroute/storage-account-private-endpoint-settings.png)
+ 1. On the **Resource** tab, enter the **Subscription name** that the storage account is in. Select **Microsoft.Storage/storageAccounts** as the **Resource type**. In **Resource**, enter the name of the general-purpose v2 type replication storage account. Select **blob** as the **Target sub-resource**.
+
+ ![Screenshot that shows storage account private endpoint settings.](./media/replicate-using-expressroute/storage-account-private-endpoint-settings.png)
- c. In the **Configuration** tab, select the **Virtual network** and **Subnet** for the storage accountΓÇÖs private endpoint.
+ 1. On the **Configuration** tab, select the **Virtual network** and **Subnet** for the storage account's private endpoint.
- > [!Note]
- > The virtual network must contain the ExpressRoute gateway endpoint or must be connected to the virtual network with the ExpressRoute gateway.
+ > [!Note]
+ > The virtual network must contain the ExpressRoute gateway endpoint or be connected to the virtual network with the ExpressRoute gateway.
- In the **Private DNS Integration** section, select **Yes** and integrate with a private DNS zone. Selecting **Yes** automatically links the DNS zone to the selected virtual network and adds the DNS records that are required for DNS resolution of new IPs and fully qualified domain names created for the private endpoint. Learn more about [private DNS zones.](../dns/private-dns-overview.md)
+ In the **Private DNS integration** section, select **Yes** and integrate with a private DNS zone. Selecting **Yes** automatically links the DNS zone to the selected virtual network. It also adds the DNS records that are required for DNS resolution of new IPs and fully qualified domain names (FQDNs) created for the private endpoint. Learn more about [private DNS zones](../dns/private-dns-overview.md).
- ![privatednszone](./media/replicate-using-expressroute/private-dns-zone.png)
+ ![Screenshot that shows private DNS zones.](./media/replicate-using-expressroute/private-dns-zone.png)
- d. You can also add **Tags** for your private endpoint.
+ 1. You can also add **Tags** for your private endpoint.
- e. Continue to **Review + create** once done entering details. When the validation completes, select **Create** to create the private endpoint.
+ 1. After you're finished entering details, select the **Review + create** tab. After the validation completes, select **Create** to create the private endpoint.
- > [!Note]
- > If the user creating the private endpoint is also the owner of the storage account, the private endpoint will be auto-approved. Otherwise, the owner must approve the private endpoint for usage.
+> [!Note]
+> If the user who created the private endpoint is also the owner of the storage account, the private endpoint will be autoapproved. Otherwise, the owner must approve the private endpoint for use.
-#### Create private DNS zones and add DNS records manually (Optional)
+#### Create private DNS zones and add DNS records manually (optional)
-If you did not select the option to integrate with a private DNS zone at the time of the private endpoint creation, follow the steps in this section to manually create a private DNS zone.
+If you didn't select the option to integrate with a private DNS zone at the time of the private endpoint creation, you need to manually create a private DNS zone.
> [!Note]
-> If you selected **Yes** to integrate with a private DNS zone, you can skip this section.
+> If you selected **Yes** to integrate with a private DNS zone, you can skip this section.
-1. Create a private DNS zone.
+To manually create a private DNS zone:
- ![createprivatedns](./media/replicate-using-expressroute/create-private-dns.png)
+1. Select **Private DNS zones**.
- a. On the **Private DNS zones** page, select the **+Add** button to start creating a new zone.
- b. On the **Create private DNS zone** page, fill in the required details. Enter the name of the private DNS zone as _privatelink_.blob.core.windows.net.
- c. Continue to the **Review + create** tab to review and create the DNS zone.
+ ![Screenshot that shows creating a private DNS zone.](./media/replicate-using-expressroute/create-private-dns.png)
-2. Link the private DNS zone to your virtual network.
+ 1. On the **Private DNS zones** page, select **+ Add** to create a new zone.
+ 1. On the **Create private DNS zone** page, fill in the required details. Enter the name of the private DNS zone as **_privatelink_.blob.core.windows.net**.
+ 1. On the **Review + create** tab, review and create the DNS zone.
- The private DNS zone created above must be linked to the virtual network that the private endpoint is attached to.
+1. Link the private DNS zone to your virtual network.
- a. Go to the private DNS zone created in the previous step and navigate to virtual network links on the left side of the page. Select the **+Add** button.
- b. Fill in the required details. The **Subscription** and **Virtual network** fields must be filled with the corresponding details of the virtual network where your private endpoint is attached. The other fields can be left as is.
+ The private DNS zone you created must be linked to the virtual network that the private endpoint is attached to.
-3. The next step is to add DNS records to the DNS zone. Add an entry for the storage account's fully qualified domain name into your private DNS zone.
+ 1. Go to the private DNS zone created in the previous step, and go to virtual network links on the left side of the page. Select **+ Add**.
+ 1. Fill in the required details. The **Subscription** and **Virtual network** fields must be filled with the corresponding details of the virtual network where your private endpoint is attached. The other fields can be left as is.
- a. Go to your private DNS zone and navigate to the **Overview** section on the left side of the page. Select **+Record** set to start adding records.
+1. The next step is to add DNS records to the DNS zone. Add an entry for the storage account's FQDN in your private DNS zone.
- b. In the **Add record set** page, add an entry for the fully qualified domain name and private IP as an A type record.
+ 1. Go to your private DNS zone, and go to the **Overview** section on the left side of the page. Select **+ Record** to start adding records.
+ 1. On the **Add record set** page, add an entry for the FQDN and private IP as an A type record.
> [!Important]
-> You may require additional DNS settings to resolve the private IP address of the storage account's private endpoint from the source environment. [Review this article](../private-link/private-endpoint-dns.md#on-premises-workloads-using-a-dns-forwarder) to understand the DNS configuration needed.
+> You might require additional DNS settings to resolve the private IP address of the storage account's private endpoint from the source environment. To understand the DNS configuration needed, see [Azure private endpoint DNS configuration](../private-link/private-endpoint-dns.md#on-premises-workloads-using-a-dns-forwarder).
+
+## Replicate data by using an ExpressRoute circuit with Microsoft peering
-## Replicate data using an ExpressRoute circuit with Microsoft peering
+You can use Microsoft peering or an existing public peering domain (deprecated for new ExpressRoute connections) to route your replication traffic through an ExpressRoute circuit.
-You can use Microsoft peering or an existing public peering domain (deprecated for new ExpressRoute connections) to route your replication traffic through an ExpressRoute circuit as illustrated in the diagram below.
-![replicationwithmicrosoftpeering](./media/replicate-using-expressroute/replication-with-microsoft-peering.png)
+![Diagram that shows replication with Microsoft peering.](./media/replicate-using-expressroute/replication-with-microsoft-peering.png)
-Even with replication data going over the Microsoft peered circuit, you'll still need internet connectivity from the on-premises site for other communication (control plane) with the Azure Migrate service. There are some additional URLs, that are not reachable over ExpressRoute, that the replication appliance / Hyper-V host needs access to orchestrate the replication process. You can review the URL requirements based on the migration scenario, [VMware agentless migrations](./migrate-appliance.md#public-cloud-urls) or [agent-based migrations](./migrate-replication-appliance.md).
+Even with replication data going over the Microsoft peered circuit, you still need internet connectivity from the on-premises site for other communication (control plane) with Azure Migrate. Some other URLs aren't reachable over ExpressRoute. The replication appliance or Hyper-V host needs access to the URLs to orchestrate the replication process. Review the URL requirements based on the migration scenario, either [VMware agentless migrations](./migrate-appliance.md#public-cloud-urls) or [agent-based migrations](./migrate-replication-appliance.md).
-In case you use a proxy at your on-premises site and wish to use ExpressRoute for the replication traffic, you need to configure a proxy bypass for relevant URLs on the on-premises appliance.
+If you use a proxy at your on-premises site and want to use ExpressRoute for the replication traffic, configure a proxy bypass for relevant URLs on the on-premises appliance.
### Configure proxy bypass rules on the Azure Migrate appliance (for VMware agentless migrations)
-1. Login (Remote desktop) to the Azure Migrate appliance.
-2. Open the file C:/ProgramData/MicrosoftAzure/Config/appliance.json using notepad.
-3. In the file, change the line that says ΓÇ£EnableProxyBypassListΓÇ¥: ΓÇ£falseΓÇ¥, to ΓÇ£EnableProxyBypassListΓÇ¥: ΓÇ£trueΓÇ¥. Save the changes and restart the appliance.
-4. After restarting, when you open the appliance configuration manager, youΓÇÖll be able to see the proxy bypass option in the web app UI. Add the URLs below to the proxy bypass list.
+1. Sign in via Remote Desktop to the Azure Migrate appliance.
+1. Open the file *C:/ProgramData/MicrosoftAzure/Config/appliance.json* by using Notepad.
+1. In the file, change the line that says `"EnableProxyBypassList": "false"` to `"EnableProxyBypassList": "true"`. Save the changes, and restart the appliance.
+1. After you restart, when you open the appliance configuration manager, you'll see the proxy bypass option in the web app UI. Add the following URLs to the proxy bypass list:
+ - .*.vault.azure.net - .*.servicebus.windows.net - .*.discoverysrv.windowsazure.com
In case you use a proxy at your on-premises site and wish to use ExpressRoute fo
### Configure proxy bypass rules on the replication appliance (for agent-based migrations)
-Follow the steps below to configure the Proxy bypass list on the Configuration server and Process servers:
+To configure the proxy bypass list on the configuration server and process servers:
-1. [Download PsExec tool](/sysinternals/downloads/psexec) to access system user context.
-2. Open Internet Explorer in system user context by running the following command line psexec -s -i "%programfiles%\Internet Explorer\iexplore.exe"
-3. Add proxy settings in IE.
-4. In the bypass list, add the Azure storage URL.*.blob.core.windows.net.
+1. Download the [PsExec tool](/sysinternals/downloads/psexec) to access system user context.
+1. Open Internet Explorer in system user context by running the following command line: `psexec -s -i "%programfiles%\Internet Explorer\iexplore.exe"`.
+1. Add proxy settings in Internet Explorer.
+1. In the bypass list, add the Azure Storage URL: *.blob.core.windows.net.
-The above bypass rules will ensure that the replication traffic can flow through ExpressRoute while the management communication can go through the proxy for the Internet.
+The preceding bypass rules ensure that the replication traffic can flow through ExpressRoute while the management communication can go through the proxy for the internet.
-Additionally, you must advertise routes in the Route Filter for the following BGP communities to make your Azure Migrate replication traffic traverse an ExpressRoute circuit instead of the internet.
+You also must advertise routes in the route filter for the following BGP communities to make your Azure Migrate replication traffic traverse an ExpressRoute circuit instead of the internet:
- Regional BGP community for the source Azure region (Azure Migrate Project region) - Regional BGP community for the target Azure region (region for migration) - BGP community for Azure Active Directory (12076:5060)
-Learn more about [Route Filters](../expressroute/how-to-routefilter-portal.md) and the list of [BGP communities for ExpressRoute](../expressroute/expressroute-routing.md#bgp).
+Learn more about [route filters](../expressroute/how-to-routefilter-portal.md) and the list of [BGP communities for ExpressRoute](../expressroute/expressroute-routing.md#bgp).
## Next steps -- Learn more about [ExpressRoute circuits](../expressroute/expressroute-circuit-peerings.md).-- Learn more about [ExpressRoute routing domains](../expressroute/expressroute-circuit-peerings.md#peeringcompare).-- Learn more about [private endpoints](../private-link/private-endpoint-overview.md).
+See the following articles to learn more about:
+
+- [ExpressRoute circuits](../expressroute/expressroute-circuit-peerings.md)
+- [ExpressRoute routing domains](../expressroute/expressroute-circuit-peerings.md#peeringcompare)
+- [Private endpoints](../private-link/private-endpoint-overview.md)
migrate Troubleshoot Changed Block Tracking Replication https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/migrate/troubleshoot-changed-block-tracking-replication.md
This error can be resolved in the following two ways:
- If you had opted for "Automatically repair replication" by selecting "Yes" when you triggered replication of VM, the tool will try to repair it for you. Right click on the VM, and select "Repair Replication." - If you did not opt for "Automatically repair replication" or the above step did not work for you, then stop replication for the virtual machine, [reset changed block tracking](https://go.microsoft.com/fwlink/?linkid=2139203) on the virtual machine, and then reconfigure replication.
-One such known issue that may cause a CBT reset of virtual machine on VMware vSphere 5.5 is described in [VMware KB 2048201: Changed Block Tracking](https://go.microsoft.com/fwlink/?linkid=2138888) is reset after a storage vMotion operation in vSphere 5.x . If you are on VMware vSphere 5.5 ensure that you apply the updates described in this KB.
+One such known issue that may cause a CBT reset of virtual machine on VMware vSphere 5.5 is described in [VMware KB 1020128: Changed Block Tracking](https://kb.vmware.com/s/article/1020128) is reset after a storage vMotion operation in vSphere 5.x . If you are on VMware vSphere 5.5 ensure that you apply the updates described in this KB.
Alternatively, you can reset VMware changed block tracking on a virtual machine using VMware PowerCLI.
openshift Responsibility Matrix https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/openshift/responsibility-matrix.md
The customer is responsible for the applications, workloads, and data that they
<li>If a customer adds Red Hat, community, third party, their own, or other services to the cluster by using Operators or external images, the customer is responsible for these services and for working with the appropriate provider (including Red Hat) to troubleshoot any issues.
-<li>Use the provided tools and features to <a href="https://docs.openshift.com/aro/4/architecture/understanding-development.html#application-types">configure and deploy</a>; <a href="https://docs.openshift.com/aro/4/applications/deployments/deployment-strategies.html">keep up-to-date</a>; <a href="https://docs.openshift.com/aro/4/applications/working-with-quotas.html">set up resource requests and limits</a>; <a href="https://docs.openshift.com/aro/4/getting_started/scaling-your-cluster.html">size the cluster to have enough resources to run apps</a>; <a href="https://docs.openshift.com/aro/4/administering_a_cluster/">set up permissions</a>; integrate with other services; <a href="https://docs.openshift.com/aro/4/openshift_images/images-understand.html">manage any image streams or templates that the customer deploys</a>; <a href="https://docs.openshift.com/aro/4/cloud_infrastructure_access">externally serve</a>; save, back up, and restore data; and otherwise manage their highly available and resilient workloads.
+<li>Use the provided tools and features to <a href="https://docs.openshift.com/aro/4/architecture/understanding-development.html#application-types">configure and deploy</a>; <a href="https://docs.openshift.com/aro/4/applications/deployments/deployment-strategies.html">keep up-to-date</a>; <a href="https://docs.openshift.com/dedicated/4/applications/working-with-quotas.html">set up resource requests and limits</a>; <a href="https://docs.openshift.com/dedicated/4/getting_started/scaling-your-cluster.html">size the cluster to have enough resources to run apps</a>; <a href="https://docs.openshift.com/dedicated/4/administering_a_cluster/cluster-admin-role.html">set up permissions</a>; integrate with other services; <a href="https://docs.openshift.com/aro/4/openshift_images/images-understand.html">manage any image streams or templates that the customer deploys</a>; <a href="https://docs.openshift.com/dedicated/4/cloud_infrastructure_access/dedicated-understanding-aws.html">externally serve</a>; save, back up, and restore data; and otherwise manage their highly available and resilient workloads.
<li>Maintain responsibility for monitoring the applications run on Azure Red Hat OpenShift; including installing and operating software to gather metrics and create alerts. </li>
postgresql Concepts Audit https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/postgresql/concepts-audit.md
To learn how to set up logging to Azure Storage, Event Hubs, or Azure Monitor lo
## Installing pgAudit
-To install pgAudit, you need to include it in the server's shared preload libraries. A change to Postgres's `shared_preload_libraries` parameter requires a server restart to take effect. You can change parameters using the [Azure portal](howto-configure-server-parameters-using-portal.md), [Azure CLI](howto-configure-server-parameters-using-cli.md), or [REST API](/rest/api/postgresql/configurations/createorupdate).
+To install pgAudit, you need to include it in the server's shared preload libraries. A change to Postgres's `shared_preload_libraries` parameter requires a server restart to take effect. You can change parameters using the [Azure portal](howto-configure-server-parameters-using-portal.md), [Azure CLI](howto-configure-server-parameters-using-cli.md), or [REST API](/rest/api/postgresql/singleserver/configurations/createorupdate).
Using the [Azure portal](https://portal.azure.com):
AzureDiagnostics
## Next steps - [Learn about logging in Azure Database for PostgreSQL](concepts-server-logs.md)-- Learn how to set parameters using the [Azure portal](howto-configure-server-parameters-using-portal.md), [Azure CLI](howto-configure-server-parameters-using-cli.md), or [REST API](/rest/api/postgresql/configurations/createorupdate).
+- Learn how to set parameters using the [Azure portal](howto-configure-server-parameters-using-portal.md), [Azure CLI](howto-configure-server-parameters-using-cli.md), or [REST API](/rest/api/postgresql/singleserver/configurations/createorupdate).
postgresql Concepts Hyperscale Audit https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/postgresql/concepts-hyperscale-audit.md
description: Concepts for pgAudit audit logging in Azure Database for PostgreSQL
+ Last updated 01/29/2021
postgresql Concepts Hyperscale Configuration Options https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/postgresql/concepts-hyperscale-configuration-options.md
Previously updated : 04/07/2021 Last updated : 04/29/2021 # Azure Database for PostgreSQL ΓÇô Hyperscale (Citus) configuration options
Hyperscale (Citus) server groups are available in the following Azure regions:
* Europe: * France Central * North Europe
+ * Switzerland North
* UK South * West Europe
postgresql Concepts Hyperscale Maintenance https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/postgresql/concepts-hyperscale-maintenance.md
description: This article describes the scheduled maintenance feature in Azure D
+ Last updated 04/07/2021
postgresql Concepts Hyperscale Read Replicas https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/postgresql/concepts-hyperscale-read-replicas.md
description: This article describes the read replica feature in Azure Database f
+ Last updated 04/07/2021
postgresql Howto Hyperscale Maintenance https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/postgresql/howto-hyperscale-maintenance.md
description: Learn how to configure scheduled maintenance settings for an Azure
+ Last updated 04/07/2021
postgresql Howto Hyperscale Read Replicas Portal https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/postgresql/howto-hyperscale-read-replicas-portal.md
description: Learn how to manage read replicas Azure Database for PostgreSQL - H
+ Last updated 04/07/2021
postgresql Howto Read Replicas Cli https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/postgresql/howto-read-replicas-cli.md
You can create and manage read replicas using the [Azure REST API](/rest/api/azu
} ```
-2. [Restart the server](/rest/api/postgresql/servers/restart) to apply the change.
+2. [Restart the server](/rest/api/postgresql/singleserver/servers/restart) to apply the change.
```http POST https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.DBforPostgreSQL/servers/{masterServerName}/restart?api-version=2017-12-01 ``` ### Create a read replica
-You can create a read replica by using the [create API](/rest/api/postgresql/servers/create):
+You can create a read replica by using the [create API](/rest/api/postgresql/singleserver/servers/create):
```http PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.DBforPostgreSQL/servers/{replicaName}?api-version=2017-12-01
A replica is created by using the same compute and storage settings as the maste
> Before a primary server setting is updated to a new value, update the replica setting to an equal or greater value. This action helps the replica keep up with any changes made to the master. ### List replicas
-You can view the list of replicas of a primary server using the [replica list API](/rest/api/postgresql/replicas/listbyserver):
+You can view the list of replicas of a primary server using the [replica list API](/rest/api/postgresql/singleserver/replicas/listbyserver):
```http GET https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.DBforPostgreSQL/servers/{masterServerName}/Replicas?api-version=2017-12-01 ``` ### Stop replication to a replica server
-You can stop replication between a primary server and a read replica by using the [update API](/rest/api/postgresql/servers/update).
+You can stop replication between a primary server and a read replica by using the [update API](/rest/api/postgresql/singleserver/servers/update).
After you stop replication to a primary server and a read replica, it can't be undone. The read replica becomes a standalone server that supports both reads and writes. The standalone server can't be made into a replica again.
PATCH https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups
``` ### Delete a primary or replica server
-To delete a primary or replica server, you use the [delete API](/rest/api/postgresql/servers/delete):
+To delete a primary or replica server, you use the [delete API](/rest/api/postgresql/singleserver/servers/delete):
When you delete a primary server, replication to all read replicas is stopped. The read replicas become standalone servers that now support both reads and writes.
DELETE https://management.azure.com/subscriptions/{subscriptionId}/resourceGroup
## Next steps * Learn more about [read replicas in Azure Database for PostgreSQL](concepts-read-replicas.md).
-* Learn how to [create and manage read replicas in the Azure portal](howto-read-replicas-portal.md).
+* Learn how to [create and manage read replicas in the Azure portal](howto-read-replicas-portal.md).
remote-rendering Tutorial Landing https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/remote-rendering/tutorials/unity/tutorial-landing.md
Welcome to the Azure Remote Rendering tutorials. In addition to learning key concepts of Azure Remote Rendering, these interactive lessons will walk you through viewing, manipulating, and customizing remotely rendered models and highlight considerations for building a secure, commercial-ready application.
+> [!TIP]
+> These lessons are detailed and build up an example app over several steps. If you prefer to see a more compact example that can be deployed to a HoloLens 2 quickly, have a look at our [Unity Quickstart](../../quickstarts/render-model.md).
+ ### Azure Remote Rendering Tutorials We recommend that you complete the tutorials below in order as each tutorial builds on the previous one.
remote-rendering View Remote Models https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/remote-rendering/tutorials/unity/view-remote-models/view-remote-models.md
Perform the following steps to validate that the project settings are correct.
![Unity editor project validation](./media/remote-render-unity-validation.png)
+> [!NOTE]
+> If you use MRTK in your project and you enable the camera subsystem, MRTK will override manual changes that you apply to the camera. This includes fixes from the ValidateProject tool.
+ ## Create a script to coordinate Azure Remote Rendering connection and state There are four basic stages to show remotely rendered models, outlined in the flowchart below. Each stage must be performed in order. The next step is to create a script which will manage the application state and proceed through each required stage.
security Encryption Models https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/security/fundamentals/encryption-models.md
When Server-side encryption with service-managed keys is used, the key creation,
For scenarios where the requirement is to encrypt the data at rest and control the encryption keys customers can use server-side encryption using customer-managed Keys in Key Vault. Some services may store only the root Key Encryption Key in Azure Key Vault and store the encrypted Data Encryption Key in an internal location closer to the data. In that scenario customers can bring their own keys to Key Vault (BYOK ΓÇô Bring Your Own Key), or generate new ones, and use them to encrypt the desired resources. While the Resource Provider performs the encryption and decryption operations, it uses the configured key encryption key as the root key for all encryption operations.
-Loss of key encryption keys means loss of data. For this reason, keys should not be deleted. Keys should be backed up whenever created or rotated. [Soft-Delete](../../key-vault/general/soft-delete-overview.md) should be enabled on any vault storing key encryption keys. Instead of deleting a key, set enabled to false or set the expiry date.
+Loss of key encryption keys means loss of data. For this reason, keys should not be deleted. Keys should be backed up whenever created or rotated. [Soft-Delete and purge protection](../../key-vault/general/soft-delete-overview.md) must be enabled on any vault storing key encryption keys to protect against accidental or malicious cryptographic erasure. Instead of deleting a key, it is recommended to set enabled to false on the key encryption key.
### Key Access
site-recovery Site Recovery Ipconfig Cmdlet Parameter Deprecation https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/site-recovery/site-recovery-ipconfig-cmdlet-parameter-deprecation.md
+
+ Title: Deprecation of IPConfig parameters for the cmdlet New-AzRecoveryServicesAsrVMNicConfig | Microsoft Docs
+description: Details about deprecation of IPConfig parameters of the cmdlet New-AzRecoveryServicesAsrVMNicConfig and information about the use of new cmdlet New-AzRecoveryServicesAsrVMNicIPConfig
+++++ Last updated : 04/30/2021+++
+# Deprecation of IP Config parameters for the cmdlet New-AzRecoveryServicesAsrVMNicConfig
+
+This article describes the deprecation, the corresponding implications, and the alternative options available for the customers for the following scenario:
+
+Configuring Primary IP Config settings for Failover or Test Failover. This cmdlet impacts all the customers of Azure to Azure DR scenario using the cmdlet New-AzRecoveryServicesAsrVMNicConfig.
+
+> [!IMPORTANT]
+> Customers are advised to take the remediation steps at the earliest to avoid any disruption to their environment.
+
+## What changes should you expect?
+
+The New-AzRecoveryServicesAsrVMNicConfig uses the following parameters to configure the IP Config values for FO/TFO:
+- RecoveryVMSubnetName
+- RecoveryNicStaticIPAddress
+- RecoveryPublicIPAddressId
+- RecoveryLBBackendAddressPoolId
+- TfoVMSubnetName
+- TfoNicStaticIPAddress
+- TfoPublicIPAddressId
+- TfoLBBackendAddressPoolId
+
+These parameters will no longer be accepted by the cmdlet.
+
+- Starting 4 May 2021, you will receive Azure portal notifications & email communications with the deprecation of IP Config params in the cmdlet New-AzRecoveryServicesAsrVMNicConfig.
+
+- If you have an existing script using it, it will no longer be supported.
+
+## Alternatives
+
+As an alternative, a new cmdlet [New-AzRecoveryServicesAsrVMNicIPConfig](https://docs.microsoft.com/powershell/module/az.recoveryservices/new-azrecoveryservicesasrvmnicipconfig) is introduced for configuring IP Config FO/TFO settings.
++
+## Remediation steps
+
+You are expected to modify your scripts to remove these params. Instead, start using the new cmdlet **New-AzRecoveryServicesAsrVMNicIPConfig** to create an IP Config object. Here is an illustration:
+
+Your **existing scripts** would have been written like this:
+```azurepowershell
+# Fetching the Protected Item Object (for the Protected VM)
+$protectedItemObject = Get-AsrReplicationProtectedItem -ProtectionContainer $primaryContainerObject | where { $_.FriendlyName -eq $VMName };$protectedItemObject
+
+# ID of the NIC whose settings are to be updated.
+$nicId = $protectedItemObject.NicDetailsList[0].NicId
+
+$nic1 = New-AzRecoveryServicesAsrVMNicConfig -NicId $nicId -ReplicationProtectedItem $protectedItemObject -RecoveryVMNetworkId <networkArmId> -TfoVMNetworkId <networkArmId> -RecoveryVMSubnetName "default" -TfoVMSubnetName "default" -RecoveryNicStaticIPAddress "10.1.40.223" -TfoNicStaticIPAddress "10.33.0.223"
+
+$nics = @($nic1)
+Set-AzRecoveryServicesAsrReplicationProtectedItem -InputObject $protectedItemObject -ASRVMNicConfiguration $nics
+```
+
+Modify your scripts **as below**:
+```azurepowershell
+# Fetching the Protected Item Object (for the Protected VM)
+$protectedItemObject = Get-AsrReplicationProtectedItem -ProtectionContainer $primaryContainerObject | where { $_.FriendlyName -eq $VMName };$protectedItemObject
+
+# Create the config object for Primary IP Config
+$ipConfig = New-AzRecoveryServicesAsrVMNicIPConfig -IpConfigName <ipConfigName> -RecoverySubnetName "default" -TfoSubnetName "default" -RecoveryStaticIPAddress "10.1.40.223" -TfoStaticIPAddress "10.33.0.223"
+
+$ipConfigs = @($ipConfig)
+
+# ID of the NIC whose settings are to be updated.
+$nicId = $protectedItemObject.NicDetailsList[0].NicId
+
+$nic1 = New-AzRecoveryServicesAsrVMNicConfig -NicId $nicId -ReplicationProtectedItem $protectedItemObject -RecoveryVMNetworkId <networkArmId> -TfoVMNetworkId <networkArmId> -IPConfig $ipConfigs
+
+$nics = @($nic1)
+Set-AzRecoveryServicesAsrReplicationProtectedItem -InputObject $protectedItemObject -ASRVMNicConfiguration $nics
+```
+
+## Next steps
+Modify your scripts as illustrated above. In case you have any queries about this, contact Microsoft Support
spring-cloud How To Application Insights https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/spring-cloud/how-to-application-insights.md
az spring-cloud app-insights update --disable –name "assignedName" â€
```
+## Java Agent Update/Upgrade
+
+The Java agent will be updated/upgraded regularly with the JDK, which may impact the following scenarios.
+
+> [!Note]
+> The JDK version will be updated/upgraded quarterly per year.
+
+* Existing applications that use the Java agent before updating/upgrading will not be affected.
+* Applications created after updating/upgrading will leverage the new version of the Java agent.
+* Existing applications that did not previsously use the Java agent will require restart or redeployment to leverage the new version of the Java agent.
+
+## Java Agent Configuration Hot-Loading
+
+Azure Spring Cloud has enabled a hot-loading mechanism to adjust the settings of agent configuration without restart of applications.
+
+> [!Note]
+> The hot-loading mechanism has delay in minutes.
+
+* When the Java agent has been previously enabled, changes to the Application Insights instance and/or SamplingRate do NOT require applications to be restarted.
+* If you enable the Java agent, then you must restart applications.
+* When you disable the Java agent, applications will stop to send all monitoring data after a delay in minutes. You can restart applications to remove the agent from the Java runtime environment.
+ ## See also * [Use distributed tracing with Azure Spring Cloud](./how-to-distributed-tracing.md) * [Analyze logs and metrics](diagnostic-services.md)
spring-cloud Quickstart Logs Metrics Tracing https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/spring-cloud/quickstart-logs-metrics-tracing.md
Complete previous steps:
There are two ways to see logs on Azure Spring Cloud: **Log Streaming** of real-time logs per app instance or **Log Analytics** for aggregated logs with advanced query capability.
-## Log streaming
+### Log streaming
#### [CLI](#tab/Azure-CLI)
To get the logs using Azure Toolkit for IntelliJ:
-## Log Analytics
+### Log Analytics
1. Go to the **service | Overview** page and select **Logs** in the **Monitoring** section. Click **Run** on one of the sample queries for Azure Spring Cloud.
To explore more monitoring capabilities of Azure Spring Cloud, see:
> > [Distributed tracing](./how-to-distributed-tracing.md) >
-> [Stream logs in real time](./how-to-log-streaming.md)
+> [Stream logs in real time](./how-to-log-streaming.md)
storage Anonymous Read Access Configure https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/storage/blobs/anonymous-read-access-configure.md
Previously updated : 11/03/2020 Last updated : 04/29/2021
You cannot change the public access level for an individual blob. Public access
To update the public access level for one or more existing containers in the Azure portal, follow these steps: 1. Navigate to your storage account overview in the Azure portal.
-1. Under **Blob service** on the menu blade, select **Containers**.
+1. Under **Data storage** on the menu blade, select **Blob containers**.
1. Select the containers for which you want to set the public access level. 1. Use the **Change access level** button to display the public access settings. 1. Select the desired public access level from the **Public access level** dropdown and click the OK button to apply the change to the selected containers.
- ![Screenshot showing how to set public access level in the portal](./media/anonymous-read-access-configure/configure-public-access-container.png)
-
+ :::image type="content" source="media/anonymous-read-access-configure/configure-public-access-container.png" alt-text="Screenshot showing how to set public access level in the portal." lightbox="media/anonymous-read-access-configure/configure-public-access-container.png":::
+
When public access is disallowed for the storage account, a container's public access level cannot be set. If you attempt to set the container's public access level, you'll see that the setting is disabled because public access is disallowed for the account. :::image type="content" source="media/anonymous-read-access-configure/container-public-access-blocked.png" alt-text="Screenshot showing that setting container public access level is blocked when public access disallowed":::
storage Storage Quickstart Blobs Portal https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/storage/blobs/storage-quickstart-blobs-portal.md
Previously updated : 10/19/2020 Last updated : 04/29/2021
In this quickstart, you learn how to use the [Azure portal](https://portal.azure
To create a container in the Azure portal, follow these steps: 1. Navigate to your new storage account in the Azure portal.
-2. In the left menu for the storage account, scroll to the **Blob service** section, then select **Containers**.
-3. Select the **+ Container** button.
-4. Type a name for your new container. The container name must be lowercase, must start with a letter or number, and can include only letters, numbers, and the dash (-) character. For more information about container and blob names, see [Naming and referencing containers, blobs, and metadata](/rest/api/storageservices/naming-and-referencing-containers--blobs--and-metadata).
-5. Set the level of public access to the container. The default level is **Private (no anonymous access)**.
-6. Select **OK** to create the container.
+1. In the left menu for the storage account, scroll to the **Data storage** section, then select **Blob containers**.
+1. Select the **+ Container** button.
+1. Type a name for your new container. The container name must be lowercase, must start with a letter or number, and can include only letters, numbers, and the dash (-) character. For more information about container and blob names, see [Naming and referencing containers, blobs, and metadata](/rest/api/storageservices/naming-and-referencing-containers--blobs--and-metadata).
+1. Set the level of public access to the container. The default level is **Private (no anonymous access)**.
+1. Select **OK** to create the container.
- :::image type="content" source="media/storage-quickstart-blobs-portal/create-container.png" alt-text="Screenshot showing how to create a container in the Azure portal":::
+ :::image type="content" source="media/storage-quickstart-blobs-portal/create-container.png" alt-text="Screenshot showing how to create a container in the Azure portal" lightbox="media/storage-quickstart-blobs-portal/create-container.png":::
## Upload a block blob
storage Redundancy Migration https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/storage/common/redundancy-migration.md
Previously updated : 03/30/2021 Last updated : 04/29/2021
Changing how your storage account is replicated does not result in down time for
To change the redundancy option for your storage account in the Azure portal, follow these steps: 1. Navigate to your storage account in the Azure portal.
-1. Select the **Configuration** setting.
+1. Under **Settings** select **Configuration**.
1. Update the **Replication** setting.
-![Screenshot showing how to change replication option in portal](media/redundancy-migration/change-replication-option.png)
+ :::image type="content" source="media/redundancy-migration/change-replication-option.png" alt-text="Screenshot showing how to change replication option in portal." lightbox="media/redundancy-migration/change-replication-option.png":::
# [PowerShell](#tab/powershell)
storage Storage Account Upgrade https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/storage/common/storage-account-upgrade.md
Previously updated : 03/30/2021 Last updated : 04/29/2021
To upgrade a general-purpose v1 or Blob storage account to a general-purpose v2
1. Sign in to the [Azure portal](https://portal.azure.com). 2. Navigate to your storage account.
-3. In the **Settings** section, click **Configuration**.
-4. Under **Account kind**, click on **Upgrade**.
-5. Under **Confirm upgrade**, type in the name of your account.
-6. Click **Upgrade** at the bottom of the blade.
+3. In the **Settings** section, select **Configuration**.
+4. Under **Account kind**, select on **Upgrade**.
+5. Under **Confirm upgrade**, enter the name of your account.
+6. Select **Upgrade** at the bottom of the blade.
- ![Upgrade Account Kind](../blobs/media/storage-blob-account-upgrade/upgrade-to-gpv2-account.png)
+ :::image type="content" source="../blobs/media/storage-blob-account-upgrade/upgrade-to-gpv2-account.png" alt-text="Screenshot of configuration blade, upgrade account kind highlighted." lightbox="../blobs/media/storage-blob-account-upgrade/upgrade-to-gpv2-account.png":::
# [PowerShell](#tab/azure-powershell)
storage Transport Layer Security Configure Minimum Version https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/storage/common/transport-layer-security-configure-minimum-version.md
Previously updated : 12/11/2020 Last updated : 04/29/2021
When you create a storage account with the Azure portal, the minimum TLS version
To configure the minimum TLS version for an existing storage account with the Azure portal, follow these steps: 1. Navigate to your storage account in the Azure portal.
-1. Select the **Configuration** setting.
-1. Under **Minimum TLS version**, use the drop-down to select the minimum version of TLS required to access data in this storage account, as shown in the following image.
+1. Under **Settings** select the **Configuration**.
+1. Under **Minimum TLS version**, use the drop-down to select the minimum version of TLS required to access data in this storage account.
- :::image type="content" source="media/transport-layer-security-configure-minimum-version/configure-minimum-version-portal.png" alt-text="Screenshot showing how to configure minimum version of TLS in the Azure portal":::
+ :::image type="content" source="media/transport-layer-security-configure-minimum-version/configure-minimum-version-portal.png" alt-text="Screenshot showing how to configure minimum version of TLS in the Azure portal." lightbox="media/transport-layer-security-configure-minimum-version/configure-minimum-version-portal.png":::
# [PowerShell](#tab/powershell)
storage Storage Troubleshooting Files Nfs https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/storage/files/storage-troubleshooting-files-nfs.md
If the package is not installed, install the package on your distribution.
``` sudo apt update
-sudo apt install-nfscommon
+sudo apt install nfs-common
``` ##### Fedora, Red Hat Enterprise Linux 8+, CentOS 8+
-Use the dnf package
+Use the dnf package
Older versions of Red Hat Enterprise Linux and CentOS use the yum package
synapse-analytics Vscode Tool Synapse https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/synapse-analytics/spark/vscode-tool-synapse.md
Follow these steps to connect to Azure:
4. [Connect](#connect-to-your-spark-pools) to your Azure account if you haven't yet done so.
-5. Select a Spark pool as the default Spark pool for the current script file. The tools automatically update the **.VSCode\settings.json** configuration file:
+5. Select a Spark pool as the default Spark pool for the current script file.
+
+6. Use **Synapse: PySpark Interactive** to submit this file. And the tools automatically update the **.VSCode\settings.json** configuration file:
![Set default cluster configuration](./media/vscode-tool-synapse/set-default-cluster-configuration.png)
virtual-desktop App Attach Glossary https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/virtual-desktop/app-attach-glossary.md
Destaging notifies the OS that an MSIX package or application that currently isn
.CIM is a new file extension associated with Composite Image Files System (CimFS). Mounting and unmounting CIM files is faster that VHD files. CIM also consumes less CPU and memory than VHD.
-A CIM file is a file with a .CIM extension that contains metadata and at least six additional files that contain actual data. The files within the CIM file don't have extensions. The following table is a list of example files you'd find inside a CIM:
+A CIM file is a file with a .CIM extension that contains metadata and at least two additional files that contain actual data. The files within the CIM file don't have extensions. The following table is a list of example files you'd find inside a CIM:
| File name | Extension | Size | |--|--||
virtual-desktop Language Packs https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/virtual-desktop/language-packs.md
You need the following things to customize your Windows 10 Enterprise multi-sess
- [Windows 10, version 2004 or 20H2 **11C** LXP ISO](https://software-download.microsoft.com/download/pr/LanguageExperiencePack.2011C.iso) - [Windows 10, version 2004 or 20H2 **1C** LXP ISO](https://software-download.microsoft.com/download/pr/LanguageExperiencePack.2101C.iso) - [Windows 10, version 2004 or 20H2 **2C** LXP ISO](https://software-download.microsoft.com/download/pr/LanguageExperiencePack.2102C.iso)
+ - [Windows 10, version 2004 or 20H2 **4B** LXP ISO](https://software-download.microsoft.com/download/sg/LanguageExperiencePack.2104B.iso)
- An Azure Files Share or a file share on a Windows File Server Virtual Machine
virtual-machines Diagnostics Linux https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/virtual-machines/extensions/diagnostics-linux.md
Last updated 02/05/2021
This document describes the latest versions of the Linux diagnostic extension (LAD). > [!IMPORTANT]
-> For information about version 3.x, see [Use the Linux diagnostic extension 3.0 to monitor metrics and logs](./diagnostics-linux-v3.md).
+> For information about version 3.x, see [Use the Linux diagnostic extension 3.0 to monitor metrics and logs](./diagnostics-linux-v3.md).
> For information about version 2.3 and earlier, see [Monitor the performance and diagnostic data of a Linux VM](/previous-versions/azure/virtual-machines/linux/classic/diagnostic-extension-v2). ## Introduction
-the Linux diagnostic extension helps a user monitor the health of a Linux VM running on Microsoft Azure. It has the following capabilities:
+the Linux diagnostic extension helps a user monitor the health of a Linux VM running on Microsoft Azure. It has the following collection and capabilities:
-* Collects system performance metrics from the VM and stores them in a specific table in a designated storage account.
-* Retrieves log events from syslog and stores them in a specific table in the designated storage account.
-* Enables users to customize the data metrics that are collected and uploaded.
-* Enables users to customize the syslog facilities and severity levels of events that are collected and uploaded.
-* Enables users to upload specified log files to a designated storage table.
-* Supports sending metrics and log events to arbitrary EventHub endpoints and JSON-formatted blobs in the designated storage account.
+| Data source | Customization options | Required destinations | Optional destinations |
+| -- | | -- | |
+| Metrics | [Counter, Aggregation, Sample Rate, Specifiers](#performancecounters) | Azure Table Storage | EventHub, Azure Blob Storage (JSON format), Azure Monitor<sup>1</sup> |
+| Syslog | [Facility, Severity Level](#syslogevents) | Azure Table Storage | EventHub, Azure Blob Storage (JSON Format)
+| Files | [Log Path, Destination Table](#filelogs) | Azure Table Storage | EventHub, Azure Blob Storage (JSON Format)
-This extension works with both Azure deployment models.
+<sup>1</sup> New in LAD 4.0
-## Install the extension on a VM
+This extension works with both Azure deployment models (Azure Resource Manager and classic).
-You can enable this extension by using the Azure PowerShell cmdlets, Azure CLI scripts, Azure Resource Manager templates (ARM templates), or the Azure portal. For more information, see [Extensions and features](features-linux.md).
+## Install the extension
+
+You can enable this extension for your VM and virtual machine scale set by using the Azure PowerShell cmdlets, Azure CLI scripts, Azure Resource Manager templates (ARM templates), or the Azure portal. For more information, see [Extensions and features](features-linux.md).
>[!NOTE]
->Some components of the Linux Diagnostic VM extension are also shipped in the [Log Analytics VM extension](./oms-linux.md). Because of this architecture, conflicts can arise if both extensions are instantiated in the same ARM template.
+>Some components of the Linux Diagnostic VM extension are also shipped in the [Log Analytics VM extension](./oms-linux.md). Because of this architecture, conflicts can arise if both extensions are instantiated in the same ARM template.
> >To avoid install-time conflicts, use the [`dependsOn` directive](../../azure-resource-manager/templates/define-resource-dependency.md#dependson) to install the extensions sequentially. The extensions can be installed in either order.
Use the installation instructions and a [downloadable sample configuration](http
* Capture the default syslog collection enabled by LAD 2.3. * Enable the Azure portal experience for charting and alerting on VM metrics.
-The downloadable configuration is just an example. Modify it to suit your needs.
+The downloadable configuration is just an example. Please modify it to suit your needs.
### Supported Linux distributions
Supported distributions and versions:
### Python requirement
-The Linux diagnostic extension requires Python 2. If your virtual machine uses a distribution that doesn't include Python 2 by default, install it.
+The Linux diagnostic extension requires Python 2. If your virtual machine uses a distribution that doesn't include Python 2 by default, install it.
-The following sample commands install Python 2 on various distributions:
+The following sample commands install Python 2 on various distributions:
- Red Hat, CentOS, Oracle: `yum install -y python2` - Ubuntu, Debian: `apt-get install -y python2` - SUSE: `zypper install -y python2`
-The `python2` executable file must be aliased to *python*. Here's one way to set this alias:
+The `python2` executable file must be aliased to *python*. Here's one way to achieve this:
1. Run the following command to remove any existing aliases.
-
+ ``` sudo update-alternatives --remove-all python ```
-2. Run the following command to create the alias.
+2. Run the following command to create the new alias.
``` sudo update-alternatives --install /usr/bin/python python /usr/bin/python2 1 ```
+### Installation
+
+You can install and configure LAD 4.0 in the Azure CLI or in PowerShell.
+
+# [Azure CLI](#tab/azcli)
+
+If your protected settings are in the file *ProtectedSettings.json* and your public configuration information is in *PublicSettings.json*, run this command:
+
+```azurecli
+az vm extension set --publisher Microsoft.Azure.Diagnostics --name LinuxDiagnostic --version 4.0 --resource-group <resource_group_name> --vm-name <vm_name> --protected-settings ProtectedSettings.json --settings PublicSettings.json
+```
+
+The command assumes you're using the Azure Resource Management mode of the Azure CLI. To configure LAD for classic deployment model VMs, switch to Service Management mode (`azure config mode asm`) and omit the resource group name in the command.
+
+For more information, see the [cross-platform CLI documentation](/cli/azure/authenticate-azure-cli).
+
+# [PowerShell](#tab/powershell)
+
+If your protected settings are in the `$protectedSettings` variable and your public configuration information is in the `$publicSettings` variable, run this command:
+
+```powershell
+Set-AzVMExtension -ResourceGroupName <resource_group_name> -VMName <vm_name> -Location <vm_location> -ExtensionType LinuxDiagnostic -Publisher Microsoft.Azure.Diagnostics -Name LinuxDiagnostic -SettingString $publicSettings -ProtectedSettingString $protectedSettings -TypeHandlerVersion 4.0
+```
+++ ### Sample installation > [!NOTE]
-> For the following samples, fill in the correct values for the variables in the first section before you run the code.
+> For the following samples, fill in the appropriate values for the variables in the first section before you run the code.
-In these examples, the sample configuration collects a set of standard data and sends it to table storage. The URL for the sample configuration and its contents can change.
+In these examples, the sample configuration collects a set of standard data and sends it to table storage. The URL for the sample configuration and its contents can change.
In most cases, you should download a copy of the portal settings JSON file and customize it for your needs. Then use templates or your own automation to use a customized version of the configuration file rather than downloading from the URL each time. > [!NOTE]
-> When you enable the new Azure Monitor sink, the VMs need to have system-assigned identity enabled to generate Managed Service Identity (MSI) authentication tokens. You can add these settings during or after VM creation.
+> When you enable the new Azure Monitor sink, the VMs need to have system-assigned identity enabled to generate Managed Service Identity (MSI) authentication tokens. You can add these settings during or after VM creation.
>
-> For instructions for the Azure portal, the Azure CLI, PowerShell, and Azure Resource Manager, see [Configure managed identities](../../active-directory/managed-identities-azure-resources/qs-configure-portal-windows-vm.md).
+> For instructions for the Azure portal, the Azure CLI, PowerShell, and Azure Resource Manager, see [Configure managed identities](../../active-directory/managed-identities-azure-resources/qs-configure-portal-windows-vm.md).
+# [Azure CLI](#tab/azcli)
-
-#### Azure CLI sample
+#### Installation Sample - Azure CLI
```azurecli # Set your Azure VM diagnostic variables.
my_lad_protected_settings="{'storageAccountName': '$my_diagnostic_storage_accoun
# Finally, tell Azure to install and enable the extension. az vm extension set --publisher Microsoft.Azure.Diagnostics --name LinuxDiagnostic --version 4.0 --resource-group $my_resource_group --vm-name $my_linux_vm --protected-settings "${my_lad_protected_settings}" --settings portal_public_settings.json ```
-#### Azure CLI sample for installing LAD 4.0 on a virtual machine scale set instance
-
-```azurecli
-# Set your Azure virtual machine scale set diagnostic variables.
-$my_resource_group=<your_azure_resource_group_name_containing_your_azure_linux_vm>
-$my_linux_vmss=<your_azure_linux_vmss_name>
-$my_diagnostic_storage_account=<your_azure_storage_account_for_storing_vm_diagnostic_data>
-
-# Login to Azure before you do anything else.
-az login
-# Select the subscription that contains the storage account.
-az account set --subscription <your_azure_subscription_id>
+# [PowerShell](#tab/powershell)
-# Enable system-assigned identity on the existing virtual machine scale set.
-az vmss identity assign -g $my_resource_group -n $my_linux_vmss
-
-# Download the sample public settings. (You could also use curl or any web browser.)
-wget https://raw.githubusercontent.com/Azure/azure-linux-extensions/master/Diagnostic/tests/lad_2_3_compatible_portal_pub_settings.json -O portal_public_settings.json
-
-# Build the virtual machine scale set resource ID. Replace the storage account name and resource ID in the public settings.
-$my_vmss_resource_id=$(az vmss show -g $my_resource_group -n $my_linux_vmss --query "id" -o tsv)
-sed -i "s#__DIAGNOSTIC_STORAGE_ACCOUNT__#$my_diagnostic_storage_account#g" portal_public_settings.json
-sed -i "s#__VM_RESOURCE_ID__#$my_vmss_resource_id#g" portal_public_settings.json
-
-# Build the protected settings (storage account SAS token).
-$my_diagnostic_storage_account_sastoken=$(az storage account generate-sas --account-name $my_diagnostic_storage_account --expiry 2037-12-31T23:59:00Z --permissions wlacu --resource-types co --services bt -o tsv)
-$my_lad_protected_settings="{'storageAccountName': '$my_diagnostic_storage_account', 'storageAccountSasToken': '$my_diagnostic_storage_account_sastoken'}"
-
-# Finally, tell Azure to install and enable the extension.
-az vmss extension set --publisher Microsoft.Azure.Diagnostics --name LinuxDiagnostic --version 4.0 --resource-group $my_resource_group --vmss-name $my_linux_vmss --protected-settings "${my_lad_protected_settings}" --settings portal_public_settings.json
-```
-
-#### PowerShell sample
+#### Installation Sample - PowerShell
```powershell $storageAccountName = "yourStorageAccountName"
$sasToken = New-AzStorageAccountSASToken -Service Blob,Table -ResourceType Servi
$protectedSettings="{'storageAccountName': '$storageAccountName', 'storageAccountSasToken': '$sasToken'}" # Finally, install the extension with the settings you built
-Set-AzVMExtension -ResourceGroupName $VMresourceGroup -VMName $vmName -Location $vm.Location -ExtensionType LinuxDiagnostic -Publisher Microsoft.Azure.Diagnostics -Name LinuxDiagnostic -SettingString $publicSettings -ProtectedSettingString $protectedSettings -TypeHandlerVersion 4.0
+Set-AzVMExtension -ResourceGroupName $VMresourceGroup -VMName $vmName -Location $vm.Location -ExtensionType LinuxDiagnostic -Publisher Microsoft.Azure.Diagnostics -Name LinuxDiagnostic -SettingString $publicSettings -ProtectedSettingString $protectedSettings -TypeHandlerVersion 4.0
+```
+++
+#### Installation Sample for virtual machine scale sets - Azure CLI
+
+```azurecli
+# Set your Azure virtual machine scale set diagnostic variables.
+$my_resource_group=<your_azure_resource_group_name_containing_your_azure_linux_vm>
+$my_linux_vmss=<your_azure_linux_vmss_name>
+$my_diagnostic_storage_account=<your_azure_storage_account_for_storing_vm_diagnostic_data>
+
+# Login to Azure before you do anything else.
+az login
+
+# Select the subscription that contains the storage account.
+az account set --subscription <your_azure_subscription_id>
+
+# Enable system-assigned identity on the existing virtual machine scale set.
+az vmss identity assign -g $my_resource_group -n $my_linux_vmss
+
+# Download the sample public settings. (You could also use curl or any web browser.)
+wget https://raw.githubusercontent.com/Azure/azure-linux-extensions/master/Diagnostic/tests/lad_2_3_compatible_portal_pub_settings.json -O portal_public_settings.json
+
+# Build the virtual machine scale set resource ID. Replace the storage account name and resource ID in the public settings.
+$my_vmss_resource_id=$(az vmss show -g $my_resource_group -n $my_linux_vmss --query "id" -o tsv)
+sed -i "s#__DIAGNOSTIC_STORAGE_ACCOUNT__#$my_diagnostic_storage_account#g" portal_public_settings.json
+sed -i "s#__VM_RESOURCE_ID__#$my_vmss_resource_id#g" portal_public_settings.json
+
+# Build the protected settings (storage account SAS token).
+$my_diagnostic_storage_account_sastoken=$(az storage account generate-sas --account-name $my_diagnostic_storage_account --expiry 2037-12-31T23:59:00Z --permissions wlacu --resource-types co --services bt -o tsv)
+$my_lad_protected_settings="{'storageAccountName': '$my_diagnostic_storage_account', 'storageAccountSasToken': '$my_diagnostic_storage_account_sastoken'}"
+
+# Finally, tell Azure to install and enable the extension.
+az vmss extension set --publisher Microsoft.Azure.Diagnostics --name LinuxDiagnostic --version 4.0 --resource-group $my_resource_group --vmss-name $my_linux_vmss --protected-settings "${my_lad_protected_settings}" --settings portal_public_settings.json
``` ### Update the extension settings
After you change your protected or public settings, deploy them to the VM by run
### Migrate from previous versions of the extension
-The latest version of the extension is *4.0, which is currently in public preview*. Older versions of 3.x are still supported. But 2.x versions have been deprecated since July 31, 2018.
+The latest version of the extension is 4.0, *which is currently in public preview*. Older versions of 3.x are still supported. But 2.x versions have been deprecated since July 31, 2018.
> [!IMPORTANT] > To migrate from 3.x to the newest version of the extension, uninstall the old extension. Then install version 4, which includes the updated configuration for system-assigned identity and sinks for sending metrics to the Azure Monitor sink. When you install the new extension, enable automatic minor version upgrades:
-* On classic deployment model VMs, specify version `4.*` if you're installing the extension through the Azure Xplat CLI or PowerShell.
* On Azure Resource Manager deployment model VMs, include `"autoUpgradeMinorVersion": true` in the VM deployment template.
+* On classic deployment model VMs, specify version `4.*` if you're installing the extension through the Azure CLI or PowerShell.
-You can use the same storage account you used for LAD 3.x.
+You can use the same storage account you used for LAD 3.x.
## Protected settings
Copy the generated SAS into the `storageAccountSasToken` field. Remove the leadi
### sinksConfig
+> [!NOTE]
+> Both public and protected settings have an optional `sinksConfig` section. The `sinksConfig` section in the *protected* settings only holds `EventHub` and `JsonBlob` sink configurations, due to the inclusion of secrets like `sasURL`s. `AzMonSink` sink configurations **cannot** be included in your protected settings.
+ ```json "sinksConfig": { "sink": [
Copy the generated SAS into the `storageAccountSasToken` field. Remove the leadi
}, ```
-The `sinksConfig` optional section defines more destinations to which the extension sends collected information. The `"sink"` array contains an object for each additional data sink. The `"type"` attribute determines the other attributes in the object.
+The `sinksConfig` optional section defines more destinations to which the extension will send collected information. The `"sink"` array contains an object for each additional data sink. The `"type"` attribute determines the other attributes in the object.
Element | Value - | -- name | A string used to refer to this sink elsewhere in the extension configuration. type | The type of sink being defined. Determines the other values (if any) in instances of this type.
-The Linux diagnostic extension 4.0 supports two sink types: `EventHub` and `JsonBlob`.
+The Linux diagnostic extension 4.0 supports two protected sink types: `EventHub` and `JsonBlob`.
#### EventHub sink
For more information about generating and retrieving information on SAS tokens f
] ```
-Data directed to a `JsonBlob` sink is stored in blobs in Azure Storage. Each instance of LAD creates a blob every hour for each sink name. Each blob always contains a syntactically valid JSON array of objects. New entries are atomically added to the array.
+Data directed to a `JsonBlob` sink is stored in blobs in Azure Storage. Each instance of LAD creates a blob every hour for each sink name. Each blob always contains a syntactically valid JSON array of objects. New entries are atomically added to the array.
Blobs are stored in a container that has the same name as the sink. The Azure Storage rules for blob container names apply to the names of `JsonBlob` sinks. That is, names must have between 3 and 63 lowercase alphanumeric ASCII characters or dashes.
The following sections provide details about the remaining elements.
The `ladCfg` structure controls the gathering of metrics and logs for delivery to the Azure Monitor Metrics service and to other data sinks. Specify either `performanceCounters` or `syslogEvents` or both. Also specify the `metrics` structure.
-If you don't want to enable syslog or metrics collection, specify an empty structure for the `ladCfg` element, like in this example:
+If you don't want to enable syslog or metrics collection, specify an empty structure for the `ladCfg` element, like so:
```json "ladCfg": { "diagnosticMonitorConfiguration": {}
- }
+}
``` Element | Value
The `performanceCounters` optional section controls the collection of metrics. R
Element | Value - | --
-sinks | (Optional) A comma-separated list of names of sinks to which LAD sends aggregated metric results. All aggregated metrics are published to each listed sink. Example: `"EHsink1, myjsonsink"`. For more information, see [`sinksConfig`](#sinksconfig).
+sinks | (Optional) A comma-separated list of names of sinks to which LAD sends aggregated metric results. All aggregated metrics are published to each listed sink. Example: `"MyEventHubSink, MyJsonSink, MyAzMonSink"`. For more information, see [`sinksConfig` (protected settings)](#sinksconfig) and [`sinksConfig` (public settings)](#sinksconfig-1).
type | Identifies the actual provider of the metric. class | Together with `"counter"`, identifies the specific metric within the provider's namespace.
-counter | Together with `"class"`, identifies the specific metric within the provider's namespace.
+counter | Together with `"class"`, identifies the specific metric within the provider's namespace. See a list of available counters [below](#metrics-supported-by-the-builtin-provider).
counterSpecifier | Identifies the specific metric within the Azure Monitor Metrics namespace.
-condition | (Optional) Selects an instance of the object to which the metric applies. Or selects the aggregation across all instances of that object.
+condition | (Optional) Selects an instance of the object to which the metric applies. Or selects the aggregation across all instances of that object.
sampleRate | The IS 8601 interval that sets the rate at which raw samples for this metric are collected. If the value isn't set, the collection interval is set by the value of [`sampleRateInSeconds`](#ladcfg). The shortest supported sample rate is 15 seconds (PT15S). unit | Defines the unit for the metric. Should be one of these strings: `"Count"`, `"Bytes"`, `"Seconds"`, `"Percent"`, `"CountPerSecond"`, `"BytesPerSecond"`, `"Millisecond"`. Consumers of the collected data expect the collected data values to match this unit. LAD ignores this field.
-displayName | The label to be attached to the data in Azure Monitor Metrics. This label is in the language specified by the associated locale setting. LAD ignores this field.
+displayName | The label to be attached to the data in Azure Monitor Metrics when viewing in the `Guest (classic)` metrics namespace. This label is in the language specified by the associated locale setting. LAD ignores this field.<br/>**Note**: if viewing the same metric in the `azure.vm.linux.guestmetrics` Metrics Namespace (available if `AzMonSink` is configured) the display name depends entirely on the counter. See the [tables below](#metrics-supported-by-the-builtin-provider) to find the mapping between counters and names.
-The `counterSpecifier` is an arbitrary identifier. Consumers of metrics, like the Azure portal charting and alerting feature, use `counterSpecifier` as the "key" that identifies a metric or an instance of a metric.
+The `counterSpecifier` is an arbitrary identifier. Consumers of metrics, like the Azure portal charting and alerting feature, use `counterSpecifier` as the "key" that identifies a metric or an instance of a metric.
For `builtin` metrics, we recommend `counterSpecifier` values that begin with `/builtin/`. If you're collecting a specific instance of a metric, attach the identifier of the instance to the `counterSpecifier` value. Here are some examples:
For `builtin` metrics, we recommend `counterSpecifier` values that begin with `/
LAD and the Azure portal don't expect the `counterSpecifier` value to match any pattern. Be consistent in how you construct `counterSpecifier` values.
-When you specify `performanceCounters`, LAD always writes data to a table in Azure Storage. The same data can be written to JSON blobs or Event Hubs or both. But you can't disable storing data to a table.
+When you specify `performanceCounters`, LAD always writes data to a table in Azure Storage. The same data can be written to JSON blobs or Event Hubs or both. But you can't disable storing data to a table.
-All instances of LAD that use the same storage account name and endpoint add their metrics and logs to the same table. If too many VMs write to the same table partition, Azure can throttle writes to that partition.
+All instances of LAD that use the same storage account name and endpoint add their metrics and logs to the same table. If too many VMs write to the same table partition, Azure can throttle writes to that partition.
-The `eventVolume` setting causes entries to be spread across 1 (small), 10 (medium), or 100 (large) partitions. Usually, medium partitions are sufficient to avoid traffic throttling.
+The `eventVolume` setting causes entries to be spread across 1 (small), 10 (medium), or 100 (large) partitions. Usually, medium partitions are sufficient to avoid traffic throttling.
The Azure Monitor Metrics feature of the Azure portal uses the data in this table to produce graphs or to trigger alerts. The table name is the concatenation of these strings:
sinks | A comma-separated list of names of sinks to which individual log events
facilityName | A syslog facility name, such as `"LOG\_USER"` or `"LOG\_LOCAL0"`. For more information, see the "facility" section of the [syslog man page](http://man7.org/linux/man-pages/man3/syslog.3.html). minSeverity | A syslog severity level, such as `"LOG\_ERR"` or `"LOG\_INFO"`. For more information, see the "level" section of the [syslog man page](http://man7.org/linux/man-pages/man3/syslog.3.html). The extension captures events sent to the facility at or above the specified level.
-When you specify `syslogEvents`, LAD always writes data to a table in Azure Storage. The same data can be written to JSON blobs or Event Hubs or both. But you can't disable storing data to a table.
+When you specify `syslogEvents`, LAD always writes data to a table in Azure Storage. The same data can be written to JSON blobs or Event Hubs or both. But you can't disable storing data to a table.
The partitioning behavior for this table is the same as described for `performanceCounters`. The table name is the concatenation of these strings:
Examples include `LinuxSyslog20170410` and `LinuxSyslog20170609`.
### sinksConfig
-The `sinksConfig` optional section enables sending metrics to the Azure Monitor sink in addition to the Storage account and the default Guest Metrics blade.
+The optional public `sinksConfig` section enables sending metrics to the Azure Monitor sink in addition to the Storage account and the default Guest Metrics blade.
> [!NOTE]
-> The `sinksConfig` section requires system-assigned identity to be enabled on the VMs or virtual machine scale set.
-> You can enable system-assigned identity through the Azure portal, CLI, PowerShell, or Azure Resource Manager. Follow the [detailed instructions](../../active-directory/managed-identities-azure-resources/qs-configure-portal-windows-vm.md) or see the previous installations samples in this article.
+> Both public and protected settings have an optional `sinksConfig` section. The `sinksConfig` section in the *public* settings only holds the `AzMonSink` sink configuration. `EventHub` and `JsonBlob` sink configurations **cannot** be included in your public settings.
+
+> [!NOTE]
+> The `sinksConfig` section requires system-assigned identity to be enabled on the VMs or virtual machine scale set.
+> You can enable system-assigned identity through the Azure portal, CLI, PowerShell, or Azure Resource Manager. Follow the [detailed instructions](../../active-directory/managed-identities-azure-resources/qs-configure-portal-windows-vm.md) or see the previous installations samples in this article.
```json "sinksConfig": {
The `sinksConfig` optional section enables sending metrics to the Azure Monitor
}, ``` - ### fileLogs The `fileLogs` section controls the capture of log files. LAD captures new text lines as they're written to the file. It writes them to table rows and/or any specified sinks, such as `JsonBlob` and `EventHub`.
The `fileLogs` section controls the capture of log files. LAD captures new text
Element | Value - | -- file | The full path name of the log file to be watched and captured. The path name is for a single file. It can't name a directory or contain wildcard characters. The `omsagent` user account must have read access to the file path.
-table | (Optional) The Azure Storage table into which new lines from the "tail" of the file are written. The table must be in the designated storage account, as specified in the protected configuration.
+table | (Optional) The Azure Storage table into which new lines from the "tail" of the file are written. The table must be in the designated storage account, as specified in the protected configuration.
sinks | (Optional) A comma-separated list of names of more sinks to which log lines are sent. Either `"table"` or `"sinks"` or both must be specified.
Either `"table"` or `"sinks"` or both must be specified.
> [!NOTE] > The default metrics that LAD supports are aggregated across all file systems, disks, or names. For nonaggregated metrics, refer to the newer Azure Monitor sink metrics support.
+> [!NOTE]
+> The display names for each metric will differ depending on the metrics namespace to which it belongs:
+> * `Guest (classic)` (populated from your storage account): the specified `displayName` in the `performanceCounters` section, or the default display name as seen in Azure Portal (VM > Diagnostic settings > Metrics > Custom).
+> * `azure.vm.linux.guestmetrics` (populated from `AzMonSink` if configured): the "`azure.vm.linux.guestmetrics` Display Name" specified in the tables below.
+>
+> Due to implementation details, the metric values between `Guest (classic)` and `azure.vm.linux.guestmetrics` versions will differ. While the classic metrics had certain aggregations applied in the agent, the new metrics are unaggregated counters, giving customers the flexibility to aggregate as desired at viewing/alerting time.
+ The `builtin` metric provider is a source of metrics that are the most interesting to a broad set of users. These metrics fall into five broad classes: * Processor
The `builtin` metric provider is a source of metrics that are the most interesti
### builtin metrics for the Processor class
-The Processor class of metrics provides information about processor usage in the VM. When percentages are aggregated, the result is the average across all CPUs.
+The Processor class of metrics provides information about processor usage in the VM. When percentages are aggregated, the result is the average across all CPUs.
In a two-vCPU VM, if one vCPU is 100 percent busy and the other is 100 percent idle, the reported `PercentIdleTime` is 50. If each vCPU is 50 percent busy for the same period, the reported result is also 50. In a four-vCPU VM, when one vCPU is 100 percent busy and the others are idle, the reported `PercentIdleTime` is 75.
-Counter | Meaning
-- | -
-PercentIdleTime | Percentage of time during the aggregation window that processors ran the kernel idle loop
-PercentProcessorTime | Percentage of time running a non-idle thread
-PercentIOWaitTime | Percentage of time waiting for IO operations to finish
-PercentInterruptTime | Percentage of time running hardware or software interrupts and DPCs (deferred procedure calls)
-PercentUserTime | Of non-idle time during the aggregation window, the percentage of time spent in user mode at normal priority
-PercentNiceTime | Of non-idle time, the percentage spent at lowered (nice) priority
-PercentPrivilegedTime | Of non-idle time, the percentage spent in privileged (kernel) mode
+Counter | `azure.vm.linux.guestmetrics` Display Name | Meaning
+ | - | -
+`PercentIdleTime` | `cpu/usage_idle` | Percentage of time during the aggregation window that processors ran the kernel idle loop
+`PercentProcessorTime` | `cpu/usage_active` | Percentage of time running a non-idle thread
+`PercentIOWaitTime` | `cpu/usage_iowait` | Percentage of time waiting for IO operations to finish
+`PercentInterruptTime` | `cpu/usage_irq` | Percentage of time running hardware or software interrupts and DPCs (deferred procedure calls)
+`PercentUserTime` | `cpu/usage_user` | Of non-idle time during the aggregation window, the percentage of time spent in user mode at normal priority
+`PercentNiceTime` | `cpu/usage_nice` | Of non-idle time, the percentage spent at lowered (nice) priority
+`PercentPrivilegedTime` | `cpu/usage_system` | Of non-idle time, the percentage spent in privileged (kernel) mode
The first four counters should sum to 100 percent. The last three counters also sum to 100 percent. These three counters subdivide the sum of `PercentProcessorTime`, `PercentIOWaitTime`, and `PercentInterruptTime`.
The first four counters should sum to 100 percent. The last three counters also
The Memory class of metrics provides information about memory use, paging, and swapping.
-counter | Meaning
-- | -
-AvailableMemory | Available physical memory in MiB
-PercentAvailableMemory | Available physical memory as a percentage of total memory
-UsedMemory | In-use physical memory (MiB)
-PercentUsedMemory | In-use physical memory as a percentage of total memory
-PagesPerSec | Total paging (read/write)
-PagesReadPerSec | Pages read from the backing store, such as swap file, program file, and mapped file
-PagesWrittenPerSec | Pages written to the backing store, such as swap file and mapped file
-AvailableSwap | Unused swap space (MiB)
-PercentAvailableSwap | Unused swap space as a percentage of the total swap
-UsedSwap | In-use swap space (MiB)
-PercentUsedSwap | In-use swap space as a percentage of the total swap
+Counter | `azure.vm.linux.guestmetrics` Display Name | Meaning
+ | - | -
+`AvailableMemory` | `mem/available` | Available physical memory in MiB
+`PercentAvailableMemory` | `mem/available_percent` | Available physical memory as a percentage of total memory
+`UsedMemory` | `mem/used` | In-use physical memory (MiB)
+`PercentUsedMemory` | `mem/used_percent` | In-use physical memory as a percentage of total memory
+`PagesPerSec` | `kernel_vmstat/total_pages` | Total paging (read/write)
+`PagesReadPerSec` | `kernel_vmstat/pgpgin` | Pages read from the backing store, such as swap file, program file, and mapped file
+`PagesWrittenPerSec` | `kernel_vmstat/pgpgout` | Pages written to the backing store, such as swap file and mapped file
+`AvailableSwap` | `swap/free` | Unused swap space (MiB)
+`PercentAvailableSwap` | `swap/free_percent` | Unused swap space as a percentage of the total swap
+`UsedSwap` | `swap/used` | In-use swap space (MiB)
+`PercentUsedSwap` | `swap/used_percent` | In-use swap space as a percentage of the total swap
This class of metrics has only one instance. The `"condition"` attribute has no useful settings and should be omitted. ### builtin metrics for the Network class
-The Network class of metrics provides information about network activity on an individual network interface since the startup.
+The Network class of metrics provides information about network activity on an individual network interface since the startup.
LAD doesn't expose bandwidth metrics. You can get these metrics from host metrics.
-Counter | Meaning
-- | -
-BytesTransmitted | Total bytes sent since startup
-BytesReceived | Total bytes received since startup
-BytesTotal | Total bytes sent or received since startup
-PacketsTransmitted | Total packets sent since startup
-PacketsReceived | Total packets received since startup
-TotalRxErrors | Number of receive errors since startup
-TotalTxErrors | Number of transmit errors since startup
-TotalCollisions | Number of collisions reported by the network ports since startup
+Counter | `azure.vm.linux.guestmetrics` Display Name | Meaning
+ | - | -
+`BytesTransmitted` | `net/bytes_sent` | Total bytes sent since startup
+`BytesReceived` | `net/bytes_recv` | Total bytes received since startup
+`BytesTotal` | `net/bytes_total` | Total bytes sent or received since startup
+`PacketsTransmitted` | `net/packets_sent` | Total packets sent since startup
+`PacketsReceived` | `net/packets_recv` | Total packets received since startup
+`TotalRxErrors` | `net/err_in` | Number of receive errors since startup
+`TotalTxErrors` | `net/err_out` | Number of transmit errors since startup
+`TotalCollisions` | `net/drop_total` | Number of collisions reported by the network ports since startup
### builtin metrics for the File system class The File system class of metrics provides information about file system usage. Absolute and percentage values are reported as they would be displayed to an ordinary user (not root).
-Counter | Meaning
-- | -
-FreeSpace | Available disk space in bytes
-UsedSpace | Used disk space in bytes
-PercentFreeSpace | Percentage of free space
-PercentUsedSpace | Percentage of used space
-PercentFreeInodes | Percentage of unused index nodes (inodes)
-PercentUsedInodes | Percentage of allocated (in use) inodes summed across all file systems
-BytesReadPerSecond | Bytes read per second
-BytesWrittenPerSecond | Bytes written per second
-BytesPerSecond | Bytes read or written per second
-ReadsPerSecond | Read operations per second
-WritesPerSecond | Write operations per second
-TransfersPerSecond | Read or write operations per second
+Counter | `azure.vm.linux.guestmetrics` Display Name | Meaning
+ | - | -
+`FreeSpace` | `disk/free` | Available disk space in bytes
+`UsedSpace` | `disk/used` | Used disk space in bytes
+`PercentFreeSpace` | `disk/free_percent` | Percentage of free space
+`PercentUsedSpace` | `disk/used_percent` | Percentage of used space
+`PercentFreeInodes` | `disk/inodes_free_percent` | Percentage of unused index nodes (inodes)
+`PercentUsedInodes` | `disk/inodes_used_percent` | Percentage of allocated (in use) inodes summed across all file systems
+`BytesReadPerSecond` | `diskio/read_bytes_filesystem` | Bytes read per second
+`BytesWrittenPerSecond` | `diskio/write_bytes_filesystem` | Bytes written per second
+`BytesPerSecond` | `diskio/total_bytes_filesystem` | Bytes read or written per second
+`ReadsPerSecond` | `diskio/reads_filesystem` | Read operations per second
+`WritesPerSecond` | `diskio/writes_filesystem` | Write operations per second
+`TransfersPerSecond` | `diskio/total_transfers_filesystem` | Read or write operations per second
### builtin metrics for the Disk class
-The Disk class of metrics provides information about disk device usage. These statistics apply to the entire drive.
+The Disk class of metrics provides information about disk device usage. These statistics apply to the entire drive.
When a device has multiple file systems, the counters for that device are, effectively, aggregated across all file systems.
-Counter | Meaning
-- | -
-ReadsPerSecond | Read operations per second
-WritesPerSecond | Write operations per second
-TransfersPerSecond | Total operations per second
-AverageReadTime | Average seconds per read operation
-AverageWriteTime | Average seconds per write operation
-AverageTransferTime | Average seconds per operation
-AverageDiskQueueLength | Average number of queued disk operations
-ReadBytesPerSecond | Number of bytes read per second
-WriteBytesPerSecond | Number of bytes written per second
-BytesPerSecond | Number of bytes read or written per second
-
-## Install and configure LAD 4.0
-
-You can install and configure LAD 4.0 in the Azure CLI or in PowerShell.
-
-### Azure CLI
-
-If your protected settings are in the file *ProtectedSettings.json* and your public configuration information is in *PublicSettings.json*, run this command:
-
-```azurecli
-az vm extension set --publisher Microsoft.Azure.Diagnostics --name LinuxDiagnostic --version 4.0 --resource-group <resource_group_name> --vm-name <vm_name> --protected-settings ProtectedSettings.json --settings PublicSettings.json
-```
-
-The command assumes you're using the Azure Resource Management mode of the Azure CLI. To configure LAD for classic deployment model VMs, switch to "asm" mode (`azure config mode asm`) and omit the resource group name in the command.
-
-For more information, see the [cross-platform CLI documentation](/cli/azure/authenticate-azure-cli).
-
-### PowerShell
-
-If your protected settings are in the `$protectedSettings` variable and your public configuration information is in the `$publicSettings` variable, run this command:
-
-```powershell
-Set-AzVMExtension -ResourceGroupName <resource_group_name> -VMName <vm_name> -Location <vm_location> -ExtensionType LinuxDiagnostic -Publisher Microsoft.Azure.Diagnostics -Name LinuxDiagnostic -SettingString $publicSettings -ProtectedSettingString $protectedSettings -TypeHandlerVersion 4.0
-```
+Counter | `azure.vm.linux.guestmetrics` Display Name | Meaning
+ | - | -
+`ReadsPerSecond` | `diskio/reads` | Read operations per second
+`WritesPerSecond` | `diskio/writes` | Write operations per second
+`TransfersPerSecond` | `diskio/total_transfers` | Total operations per second
+`AverageReadTime` | `diskio/read_time` | Average seconds per read operation
+`AverageWriteTime` | `diskio/write_time` | Average seconds per write operation
+`AverageTransferTime` | `diskio/io_time` | Average seconds per operation
+`AverageDiskQueueLength` | `diskio/iops_in_progress` | Average number of queued disk operations
+`ReadBytesPerSecond` | `diskio/read_bytes` | Number of bytes read per second
+`WriteBytesPerSecond` | `diskio/write_bytes` | Number of bytes written per second
+`BytesPerSecond` | `diskio/total_bytes` | Number of bytes read or written per second
## Example LAD 4.0 configuration Based on the preceding definitions, this section provides a sample LAD 4.0 extension configuration and some explanation. To apply this sample to your case, use your own storage account name, account SAS token, and Event Hubs SAS tokens. > [!NOTE]
-> Depending on whether you use the Azure CLI or PowerShell to install LAD, the method for providing public and protected settings differs:
+> Depending on whether you use the Azure CLI or PowerShell to install LAD, the method for providing public and protected settings differs:
>
-> * If you're using the Azure CLI, save the following settings to *ProtectedSettings.json* and *PublicSettings.json* to use the preceding sample command.
+> * If you're using the Azure CLI, save the following settings to *ProtectedSettings.json* and *PublicSettings.json* to use the preceding sample command.
> * If you're using PowerShell, save the following settings to `$protectedSettings` and `$publicSettings` by running `$protectedSettings = '{ ... }'`. ### Protected settings
The public settings cause LAD to:
In each case, data is also uploaded to: * Azure Blob Storage. The container name is as defined in the `JsonBlob` sink.
-* An Event Hubs endpoint, as specified in the `EventHubs` sink.
+* An Event Hubs endpoint, as specified in the `EventHub` sink.
```json {
For more information about how to consume messages published to an Event Hubs en
* In [Azure Monitor](../../azure-monitor/alerts/alerts-classic-portal.md), create alerts for the metrics you collect. * [Create monitoring charts](../../azure-monitor/data-platform.md) for your metrics.
-* [Create a virtual machine scale set](../linux/tutorial-create-vmss.md) by using your metrics to control autoscaling.
+* [Create a virtual machine scale set](../linux/tutorial-create-vmss.md) by using your metrics to control autoscaling.
virtual-machines Ssh From Windows https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/virtual-machines/linux/ssh-from-windows.md
If you do a lot of deployments using the portal, you might want to upload your p
With the public key deployed on your Azure VM, and the private key on your local system, SSH to your VM using the IP address or DNS name of your VM. Replace *azureuser* and *10.111.12.123* in the following command with the administrator user name, the IP address (or fully qualified domain name), and the path to your private key: ```bash
-ssh -i ~/.ssh/id_rsa.pub azureuser@10.111.12.123
+ssh -i ~/.ssh/id_rsa azureuser@10.111.12.123
``` If you configured a passphrase when you created your key pair, enter the passphrase when prompted.
virtual-machines Winrm https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/virtual-machines/windows/winrm.md
$fileContentBytes = Get-Content $fileName -Encoding Byte
$fileContentEncoded = [System.Convert]::ToBase64String($fileContentBytes) [System.Collections.HashTable]$TableForJSON = @{
- "data" = $filecontentencoded;
+ "data" = $fileContentEncoded;
"dataType" = "pfx"; "password" = "<password>"; }
-[System.String]$JSONObject = $TableForJSON | ConvertTo-Json
+[System.String]$jsonObject = $TableForJSON | ConvertTo-Json
+$jsonEncoded = [System.Convert]::ToBase64String($jsonObject)
$secret = ConvertTo-SecureString -String $jsonEncoded -AsPlainText ΓÇôForce Set-AzKeyVaultSecret -VaultName "<vault name>" -Name "<secret name>" -SecretValue $secret
vpn-gateway Create Routebased Vpn Gateway Cli https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/vpn-gateway/create-routebased-vpn-gateway-cli.md
Title: 'Create a route-based Azure VPN Gateway: CLI'
-description: Learn how to create a route-based Azure VPN gateway for a VPN connection to an on-premises network, or to connect virtual networks.
+ Title: 'Create a route-based virtual network gateway: CLI'
+
+description: Learn how to create a route-based virtual network gateway for a VPN connection to an on-premises network, or to connect virtual networks.
vpn-gateway Create Routebased Vpn Gateway Powershell https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/vpn-gateway/create-routebased-vpn-gateway-powershell.md
 Title: 'Create route-based gateway: PowerShell'
+ Title: 'Create a route-based virtual network gateway: PowerShell'
-description: Learn how to create a route-based Azure VPN gateway for a VPN connection to your on-premises network, or to connect virtual networks.
+description: Learn how to create a route-based virtual network gateway for a VPN connection to your on-premises network, or to connect virtual networks.