- * If needed, follow the instructions to [install the Azure PowerShell module and connect to your Azure subscription](/powershell/azure/install-az-ps).

- * If needed, follow the instructions to [install the Azure PowerShell module and connect to your Azure subscription](/powershell/azure/install-az-ps).

-If needed, [install and configure Azure PowerShell](/powershell/azure/install-az-ps). Make sure that you sign in to your Azure subscription using the [Connect-AzAccount][Connect-AzAccount] cmdlet.

-# Enable security audits for Azure Active Directory Domain Services

-Azure Active Directory Domain Services (Azure AD DS) security audits lets Azure stream security events to targeted resources. These resources include Azure Storage, Azure Log Analytics workspaces, or Azure Event Hub. After you enable security audit events, Azure AD DS sends all the audited events for the selected category to the targeted resource.

-> [!IMPORTANT]

-> Azure AD DS security audits are only available for Azure Resource Manager-based managed domains. For information on how to migrate, see [Migrate Azure AD DS from the Classic virtual network model to Resource Manager][migrate-azure-adds].

-1. Sign in to the Azure portal at https://portal.azure.com.

- Check the box for the security audit destination you want. You can choose from an Azure Storage account, an Azure event hub, or a Log Analytics workspace. These destination resources must already exist in your Azure subscription. You can't create the destination resources in this wizard.

- 

- * Select the **Subscription** and the **Storage account** you want to use to archive security audit events.

- * **Azure Log Analytic workspaces**

- * Select **Send to Log Analytics**, then choose the **Subscription** and **Log Analytics Workspace** you want to use to store security audit events.

- You can select different log categories for each targeted resource within a single configuration. This ability lets you choose which logs categories you want to keep for Log Analytics and which logs categories your want to archive, for example.

-1. When done, select **Save** to commit your changes. The target resources start to receive Azure AD DS security audit events soon after the configuration is saved.

-## Enable security audit events using Azure PowerShell

-To enable Azure AD DS security audit events using Azure PowerShell, complete the following steps. If needed, first [install the Azure PowerShell module and connect to your Azure subscription](/powershell/azure/install-az-ps).

-> Azure AD DS security audits aren't retroactive. You can't retrieve or replay events from the past. Azure AD DS can only send events that occur after security audits are enabled.

-1. Create the target resource for the security audit events.

- * **Azure Log Analytic workspaces** - [Create a Log Analytics workspace with Azure PowerShell](../azure-monitor/logs/powershell-workspace-configuration.md).

-1. Configure the Azure Diagnostic settings using the [Set-AzDiagnosticSetting](/powershell/module/Az.Monitor/Set-AzDiagnosticSetting) cmdlet to use the target resource for Azure AD Domain Services security audit events. In the following examples, the variable *$aadds.ResourceId* is used from the previous step.

-## Query and view security audit events using Azure Monitor

-Log Analytic workspaces let you view and analyze the security audit events using Azure Monitor and the Kusto query language. This query language is designed for read-only use that boasts power analytic capabilities with an easy-to-read syntax. For more information to get started with Kusto query languages, see the following articles:

-The following sample queries can be used to start analyzing security audit events from Azure AD DS.

-## Audit event categories

-Azure AD DS security audits align with traditional auditing for traditional AD DS domain controllers. In hybrid environments, you can reuse existing audit patterns so the same logic may be used when analyzing the events. Depending on the scenario you need to troubleshoot or analyze, the different audit event categories need to be targeted.

-| Account Logon|Audits attempts to authenticate account data on a domain controller or on a local Security Accounts Manager (SAM).</p>Logon and Logoff policy settings and events track attempts to access a particular computer. Settings and events in this category focus on the account database that is used. This category includes the following subcategories:<ul><li>[Audit Credential Validation](/windows/security/threat-protection/auditing/audit-credential-validation)</li><li>[Audit Kerberos Authentication Service](/windows/security/threat-protection/auditing/audit-kerberos-authentication-service)</li><li>[Audit Kerberos Service Ticket Operations](/windows/security/threat-protection/auditing/audit-kerberos-service-ticket-operations)</li><li>[Audit Other Logon/Logoff Events](/windows/security/threat-protection/auditing/audit-other-logonlogoff-events)</li></ul>|

-| Account Management|Audits changes to user and computer accounts and groups. This category includes the following subcategories:<ul><li>[Audit Application Group Management](/windows/security/threat-protection/auditing/audit-application-group-management)</li><li>[Audit Computer Account Management](/windows/security/threat-protection/auditing/audit-computer-account-management)</li><li>[Audit Distribution Group Management](/windows/security/threat-protection/auditing/audit-distribution-group-management)</li><li>[Audit Other Account Management](/windows/security/threat-protection/auditing/audit-other-account-management-events)</li><li>[Audit Security Group Management](/windows/security/threat-protection/auditing/audit-security-group-management)</li><li>[Audit User Account Management](/windows/security/threat-protection/auditing/audit-user-account-management)</li></ul>|

-| Detail Tracking|Audits activities of individual applications and users on that computer, and to understand how a computer is being used. This category includes the following subcategories:<ul><li>[Audit DPAPI Activity](/windows/security/threat-protection/auditing/audit-dpapi-activity)</li><li>[Audit PNP activity](/windows/security/threat-protection/auditing/audit-pnp-activity)</li><li>[Audit Process Creation](/windows/security/threat-protection/auditing/audit-process-creation)</li><li>[Audit Process Termination](/windows/security/threat-protection/auditing/audit-process-termination)</li><li>[Audit RPC Events](/windows/security/threat-protection/auditing/audit-rpc-events)</li></ul>|

-| Directory Services Access|Audits attempts to access and modify objects in Active Directory Domain Services (AD DS). These audit events are logged only on domain controllers. This category includes the following subcategories:<ul><li>[Audit Detailed Directory Service Replication](/windows/security/threat-protection/auditing/audit-detailed-directory-service-replication)</li><li>[Audit Directory Service Access](/windows/security/threat-protection/auditing/audit-directory-service-access)</li><li>[Audit Directory Service Changes](/windows/security/threat-protection/auditing/audit-directory-service-changes)</li><li>[Audit Directory Service Replication](/windows/security/threat-protection/auditing/audit-directory-service-replication)</li></ul>|

-| Logon-Logoff|Audits attempts to log on to a computer interactively or over a network. These events are useful for tracking user activity and identifying potential attacks on network resources. This category includes the following subcategories:<ul><li>[Audit Account Lockout](/windows/security/threat-protection/auditing/audit-account-lockout)</li><li>[Audit User/Device Claims](/windows/security/threat-protection/auditing/audit-user-device-claims)</li><li>[Audit IPsec Extended Mode](/windows/security/threat-protection/auditing/audit-ipsec-extended-mode)</li><li>[Audit Group Membership](/windows/security/threat-protection/auditing/audit-group-membership)</li><li>[Audit IPsec Main Mode](/windows/security/threat-protection/auditing/audit-ipsec-main-mode)</li><li>[Audit IPsec Quick Mode](/windows/security/threat-protection/auditing/audit-ipsec-quick-mode)</li><li>[Audit Logoff](/windows/security/threat-protection/auditing/audit-logoff)</li><li>[Audit Logon](/windows/security/threat-protection/auditing/audit-logon)</li><li>[Audit Network Policy Server](/windows/security/threat-protection/auditing/audit-network-policy-server)</li><li>[Audit Other Logon/Logoff Events](/windows/security/threat-protection/auditing/audit-other-logonlogoff-events)</li><li>[Audit Special Logon](/windows/security/threat-protection/auditing/audit-special-logon)</li></ul>|

-|Object Access| Audits attempts to access specific objects or types of objects on a network or computer. This category includes the following subcategories:<ul><li>[Audit Application Generated](/windows/security/threat-protection/auditing/audit-application-generated)</li><li>[Audit Certification Services](/windows/security/threat-protection/auditing/audit-certification-services)</li><li>[Audit Detailed File Share](/windows/security/threat-protection/auditing/audit-detailed-file-share)</li><li>[Audit File Share](/windows/security/threat-protection/auditing/audit-file-share)</li><li>[Audit File System](/windows/security/threat-protection/auditing/audit-file-system)</li><li>[Audit Filtering Platform Connection](/windows/security/threat-protection/auditing/audit-filtering-platform-connection)</li><li>[Audit Filtering Platform Packet Drop](/windows/security/threat-protection/auditing/audit-filtering-platform-packet-drop)</li><li>[Audit Handle Manipulation](/windows/security/threat-protection/auditing/audit-handle-manipulation)</li><li>[Audit Kernel Object](/windows/security/threat-protection/auditing/audit-kernel-object)</li><li>[Audit Other Object Access Events](/windows/security/threat-protection/auditing/audit-other-object-access-events)</li><li>[Audit Registry](/windows/security/threat-protection/auditing/audit-registry)</li><li>[Audit Removable Storage](/windows/security/threat-protection/auditing/audit-removable-storage)</li><li>[Audit SAM](/windows/security/threat-protection/auditing/audit-sam)</li><li>[Audit Central Access Policy Staging](/windows/security/threat-protection/auditing/audit-central-access-policy-staging)</li></ul>|

-|Policy Change|Audits changes to important security policies on a local system or network. Policies are typically established by administrators to help secure network resources. Monitoring changes or attempts to change these policies can be an important aspect of security management for a network. This category includes the following subcategories:<ul><li>[Audit Audit Policy Change](/windows/security/threat-protection/auditing/audit-audit-policy-change)</li><li>[Audit Authentication Policy Change](/windows/security/threat-protection/auditing/audit-authentication-policy-change)</li><li>[Audit Authorization Policy Change](/windows/security/threat-protection/auditing/audit-authorization-policy-change)</li><li>[Audit Filtering Platform Policy Change](/windows/security/threat-protection/auditing/audit-filtering-platform-policy-change)</li><li>[Audit MPSSVC Rule-Level Policy Change](/windows/security/threat-protection/auditing/audit-mpssvc-rule-level-policy-change)</li><li>[Audit Other Policy Change](/windows/security/threat-protection/auditing/audit-other-policy-change-events)</li></ul>|

-|Privilege Use| Audits the use of certain permissions on one or more systems. This category includes the following subcategories:<ul><li>[Audit Non-Sensitive Privilege Use](/windows/security/threat-protection/auditing/audit-non-sensitive-privilege-use)</li><li>[Audit Sensitive Privilege Use](/windows/security/threat-protection/auditing/audit-sensitive-privilege-use)</li><li>[Audit Other Privilege Use Events](/windows/security/threat-protection/auditing/audit-other-privilege-use-events)</li></ul>|

-|System| Audits system-level changes to a computer not included in other categories and that have potential security implications. This category includes the following subcategories:<ul><li>[Audit IPsec Driver](/windows/security/threat-protection/auditing/audit-ipsec-driver)</li><li>[Audit Other System Events](/windows/security/threat-protection/auditing/audit-other-system-events)</li><li>[Audit Security State Change](/windows/security/threat-protection/auditing/audit-security-state-change)</li><li>[Audit Security System Extension](/windows/security/threat-protection/auditing/audit-security-system-extension)</li><li>[Audit System Integrity](/windows/security/threat-protection/auditing/audit-system-integrity)</li></ul>|

- Azure AD DS security audits record the following event IDs when the specific action triggers an auditable event:

- * If needed, follow the instructions to [install the Azure PowerShell module and connect to your Azure subscription](/powershell/azure/install-az-ps).

-To manage the Authentication methods policy, click **Security** > **Authentication methods** > **Policies**.

-> In September 2022, Microsoft announced deprecation of Azure Multi-Factor Authentication Server. Beginning September 30, 2024, Azure Multi-Factor Authentication Server deployments will no longer service multifactor authentication (MFA) requests, which could cause authentications to fail for your organization. To ensure uninterrupted authentication services and to remain in a supported state, organizations should [migrate their usersΓÇÖ authentication data](how-to-migrate-mfa-server-to-azure-mfa-user-authentication.md) to the cloud-based Azure MFA service by using the latest Migration Utility included in the most recent [Azure MFA Server update](https://www.microsoft.com/download/details.aspx?id=55849). For more information, see [Azure MFA Server Migration](how-to-migrate-mfa-server-to-azure-mfa.md).

-### Does number matching only apply if Authenticator is set as the default authentication method?

-If the user has a different default authentication method, there's no change to their default sign-in. If the default method is Authenticator, they get number matching.

-

-

-If you can, move both your multifactor authentication and your user authentication to Azure. For step-by-step guidance, see [Moving to Azure AD Multi-Factor Authentication and Azure AD user authentication](how-to-migrate-mfa-server-to-azure-mfa-user-authentication.md).

-If you can't move your SSPR service, or you leverage MFA Server to invoke MFA requests for Privileged Access Management (PAM) scenarios, we recommend you update to an [alternate 3rd party MFA option](https://learn.microsoft.com/microsoft-identity-manager/working-with-custommfaserver-for-mim).

-> In September 2022, Microsoft announced deprecation of Azure Multi-Factor Authentication Server. Beginning September 30, 2024, Azure Multi-Factor Authentication Server deployments will no longer service multifactor authentication (MFA) requests, which could cause authentications to fail for your organization. To ensure uninterrupted authentication services and to remain in a supported state, organizations should [migrate their usersΓÇÖ authentication data](how-to-migrate-mfa-server-to-azure-mfa-user-authentication.md) to the cloud-based Azure MFA service by using the latest Migration Utility included in the most recent [Azure MFA Server update](https://www.microsoft.com/download/details.aspx?id=55849). For more information, see [Azure MFA Server Migration](how-to-migrate-mfa-server-to-azure-mfa.md).

-The [Usage tab ](https://portal.azure.com/)shows the sign-ins by authentication method.

-2. **NPS Server** connects to Active Directory Domain Services (AD DS) to perform the primary authentication for the RADIUS requests and, upon success, passes the request to any installed extensions.

-3. **NPS Extension** triggers a request to Azure AD Multi-Factor Authentication for the secondary authentication. Once the extension receives the response, and if the MFA challenge succeeds, it completes the authentication request by providing the NPS server with security tokens that include an MFA claim, issued by Azure STS.

- >Users must have access to their default authentication method to complete the MFA requirement. They cannot choose an alternative method. Their default authentication method will be used even if it's been disabled in the tenant authentication methods and MFA policies.

-> In September 2022, Microsoft announced deprecation of Azure Multi-Factor Authentication Server. Beginning September 30, 2024, Azure Multi-Factor Authentication Server deployments will no longer service multifactor authentication (MFA) requests, which could cause authentications to fail for your organization. To ensure uninterrupted authentication services and to remain in a supported state, organizations should [migrate their usersΓÇÖ authentication data](how-to-migrate-mfa-server-to-azure-mfa-user-authentication.md) to the cloud-based Azure MFA service by using the latest Migration Utility included in the most recent [Azure MFA Server update](https://www.microsoft.com/download/details.aspx?id=55849). For more information, see [Azure MFA Server Migration](how-to-migrate-mfa-server-to-azure-mfa.md).

-> In September 2022, Microsoft announced deprecation of Azure Multi-Factor Authentication Server. Beginning September 30, 2024, Azure Multi-Factor Authentication Server deployments will no longer service multifactor authentication (MFA) requests, which could cause authentications to fail for your organization. To ensure uninterrupted authentication services and to remain in a supported state, organizations should [migrate their usersΓÇÖ authentication data](how-to-migrate-mfa-server-to-azure-mfa-user-authentication.md) to the cloud-based Azure MFA service by using the latest Migration Utility included in the most recent [Azure MFA Server update](https://www.microsoft.com/download/details.aspx?id=55849). For more information, see [Azure MFA Server Migration](how-to-migrate-mfa-server-to-azure-mfa.md).

-> In September 2022, Microsoft announced deprecation of Azure Multi-Factor Authentication Server. Beginning September 30, 2024, Azure Multi-Factor Authentication Server deployments will no longer service multifactor authentication (MFA) requests, which could cause authentications to fail for your organization. To ensure uninterrupted authentication services and to remain in a supported state, organizations should [migrate their usersΓÇÖ authentication data](how-to-migrate-mfa-server-to-azure-mfa-user-authentication.md) to the cloud-based Azure MFA service by using the latest Migration Utility included in the most recent [Azure MFA Server update](https://www.microsoft.com/download/details.aspx?id=55849). For more information, see [Azure MFA Server Migration](how-to-migrate-mfa-server-to-azure-mfa.md).

-> In September 2022, Microsoft announced deprecation of Azure Multi-Factor Authentication Server. Beginning September 30, 2024, Azure Multi-Factor Authentication Server deployments will no longer service multifactor authentication (MFA) requests, which could cause authentications to fail for your organization. To ensure uninterrupted authentication services and to remain in a supported state, organizations should [migrate their usersΓÇÖ authentication data](how-to-migrate-mfa-server-to-azure-mfa-user-authentication.md) to the cloud-based Azure MFA service by using the latest Migration Utility included in the most recent [Azure MFA Server update](https://www.microsoft.com/download/details.aspx?id=55849). For more information, see [Azure MFA Server Migration](how-to-migrate-mfa-server-to-azure-mfa.md).

-> In September 2022, Microsoft announced deprecation of Azure AD Multi-Factor Authentication Server. Beginning September 30, 2024, Azure AD Multi-Factor Authentication Server deployments will no longer service multifactor authentication (MFA) requests, which could cause authentications to fail for your organization. To ensure uninterrupted authentication services and to remain in a supported state, organizations should [migrate their usersΓÇÖ authentication data](how-to-migrate-mfa-server-to-azure-mfa-user-authentication.md) to the cloud-based Azure MFA service by using the latest Migration Utility included in the most recent [Azure MFA Server update](https://www.microsoft.com/download/details.aspx?id=55849). For more information, see [Azure MFA Server Migration](how-to-migrate-mfa-server-to-azure-mfa.md).

-> In September 2022, Microsoft announced deprecation of Azure AD Multi-Factor Authentication Server. Beginning September 30, 2024, Azure AD Multi-Factor Authentication Server deployments will no longer service multifactor authentication (MFA) requests, which could cause authentications to fail for your organization. To ensure uninterrupted authentication services and to remain in a supported state, organizations should [migrate their usersΓÇÖ authentication data](how-to-migrate-mfa-server-to-azure-mfa-user-authentication.md) to the cloud-based Azure MFA service by using the latest Migration Utility included in the most recent [Azure MFA Server update](https://www.microsoft.com/download/details.aspx?id=55849). For more information, see [Azure MFA Server Migration](how-to-migrate-mfa-server-to-azure-mfa.md).

-> In September 2022, Microsoft announced deprecation of Azure AD Multi-Factor Authentication Server. Beginning September 30, 2024, Azure AD Multi-Factor Authentication Server deployments will no longer service multifactor authentication (MFA) requests, which could cause authentications to fail for your organization. To ensure uninterrupted authentication services and to remain in a supported state, organizations should [migrate their usersΓÇÖ authentication data](how-to-migrate-mfa-server-to-azure-mfa-user-authentication.md) to the cloud-based Azure MFA service by using the latest Migration Utility included in the most recent [Azure MFA Server update](https://www.microsoft.com/download/details.aspx?id=55849). For more information, see [Azure MFA Server Migration](how-to-migrate-mfa-server-to-azure-mfa.md).

-> In September 2022, Microsoft announced deprecation of Azure AD Multi-Factor Authentication Server. Beginning September 30, 2024, Azure AD Multi-Factor Authentication Server deployments will no longer service multifactor authentication (MFA) requests, which could cause authentications to fail for your organization. To ensure uninterrupted authentication services and to remain in a supported state, organizations should [migrate their usersΓÇÖ authentication data](how-to-migrate-mfa-server-to-azure-mfa-user-authentication.md) to the cloud-based Azure MFA service by using the latest Migration Utility included in the most recent [Azure MFA Server update](https://www.microsoft.com/download/details.aspx?id=55849). For more information, see [Azure MFA Server Migration](how-to-migrate-mfa-server-to-azure-mfa.md).

-> In September 2022, Microsoft announced deprecation of Azure Multi-Factor Authentication Server. Beginning September 30, 2024, Azure Multi-Factor Authentication Server deployments will no longer service multifactor authentication (MFA) requests, which could cause authentications to fail for your organization. To ensure uninterrupted authentication services and to remain in a supported state, organizations should [migrate their usersΓÇÖ authentication data](how-to-migrate-mfa-server-to-azure-mfa-user-authentication.md) to the cloud-based Azure MFA service by using the latest Migration Utility included in the most recent [Azure MFA Server update](https://www.microsoft.com/download/details.aspx?id=55849). For more information, see [Azure MFA Server Migration](how-to-migrate-mfa-server-to-azure-mfa.md).

-> In September 2022, Microsoft announced deprecation of Azure Multi-Factor Authentication Server. Beginning September 30, 2024, Azure Multi-Factor Authentication Server deployments will no longer service multifactor authentication (MFA) requests, which could cause authentications to fail for your organization. To ensure uninterrupted authentication services and to remain in a supported state, organizations should [migrate their usersΓÇÖ authentication data](how-to-migrate-mfa-server-to-azure-mfa-user-authentication.md) to the cloud-based Azure MFA service by using the latest Migration Utility included in the most recent [Azure MFA Server update](https://www.microsoft.com/download/details.aspx?id=55849). For more information, see [Azure MFA Server Migration](how-to-migrate-mfa-server-to-azure-mfa.md).

-> In September 2022, Microsoft announced deprecation of Azure Multi-Factor Authentication Server. Beginning September 30, 2024, Azure Multi-Factor Authentication Server deployments will no longer service multifactor authentication (MFA) requests, which could cause authentications to fail for your organization. To ensure uninterrupted authentication services and to remain in a supported state, organizations should [migrate their usersΓÇÖ authentication data](how-to-migrate-mfa-server-to-azure-mfa-user-authentication.md) to the cloud-based Azure MFA service by using the latest Migration Utility included in the most recent [Azure MFA Server update](https://www.microsoft.com/download/details.aspx?id=55849). For more information, see [Azure MFA Server Migration](how-to-migrate-mfa-server-to-azure-mfa.md).

-> In September 2022, Microsoft announced deprecation of Azure Multi-Factor Authentication Server. Beginning September 30, 2024, Azure Multi-Factor Authentication Server deployments will no longer service multifactor authentication (MFA) requests, which could cause authentications to fail for your organization. To ensure uninterrupted authentication services and to remain in a supported state, organizations should [migrate their usersΓÇÖ authentication data](how-to-migrate-mfa-server-to-azure-mfa-user-authentication.md) to the cloud-based Azure Multi-Factor Authentication service by using the latest Migration Utility included in the most recent [Azure Multi-Factor Authentication Server update](https://www.microsoft.com/download/details.aspx?id=55849). For more information, see [Azure Multi-Factor Authentication Server Migration](how-to-migrate-mfa-server-to-azure-mfa.md).

-> In September 2022, Microsoft announced deprecation of Azure Multi-Factor Authentication Server. Beginning September 30, 2024, Azure Multi-Factor Authentication Server deployments will no longer service multifactor authentication (MFA) requests, which could cause authentications to fail for your organization. To ensure uninterrupted authentication services and to remain in a supported state, organizations should [migrate their usersΓÇÖ authentication data](how-to-migrate-mfa-server-to-azure-mfa-user-authentication.md) to the cloud-based Azure MFA service by using the latest Migration Utility included in the most recent [Azure MFA Server update](https://www.microsoft.com/download/details.aspx?id=55849). For more information, see [Azure MFA Server Migration](how-to-migrate-mfa-server-to-azure-mfa.md).

-> In September 2022, Microsoft announced deprecation of Azure Multi-Factor Authentication Server. Beginning September 30, 2024, Azure Multi-Factor Authentication Server deployments will no longer service multifactor authentication (MFA) requests, which could cause authentications to fail for your organization. To ensure uninterrupted authentication services and to remain in a supported state, organizations should [migrate their usersΓÇÖ authentication data](how-to-migrate-mfa-server-to-azure-mfa-user-authentication.md) to the cloud-based Azure Multi-Factor Authentication service by using the latest Migration Utility included in the most recent [Azure Multi-Factor Authentication Server update](https://www.microsoft.com/download/details.aspx?id=55849). For more information, see [Azure Multi-Factor Authentication Server Migration](how-to-migrate-mfa-server-to-azure-mfa.md).

-> In September 2022, Microsoft announced deprecation of Azure Multi-Factor Authentication Server. Beginning September 30, 2024, Azure Multi-Factor Authentication Server deployments will no longer service multifactor authentication (MFA) requests, which could cause authentications to fail for your organization. To ensure uninterrupted authentication services and to remain in a supported state, organizations should [migrate their usersΓÇÖ authentication data](how-to-migrate-mfa-server-to-azure-mfa-user-authentication.md) to the cloud-based Azure MFA service by using the latest Migration Utility included in the most recent [Azure MFA Server update](https://www.microsoft.com/download/details.aspx?id=55849). For more information, see [Azure MFA Server Migration](how-to-migrate-mfa-server-to-azure-mfa.md).

-This article will show you how to configure your Microsoft authentication library app for iOS and macOS (MSAL) for different authorities such as Azure Active Directory (Azure AD), Business-to-Consumer (B2C), sovereign clouds, and guest users. Throughout this article, you can generally think of an authority as an identity provider.

-`MSALPublicClientApplication` is configured with a default authority URL of `https://login.microsoftonline.com/common`, which is suitable for most Azure Active Directory (AAD) scenarios. Unless you're implementing advanced scenarios like national clouds, or working with B2C, you won't need to change it.

-If your app runs in a sovereign cloud, you may need to change the authority URL in the `MSALPublicClientApplication`. The following example sets the authority URL to work with the German AAD cloud:

-`MSALAADAuthority` represents an AAD authority. The authority URL should be in the following format, where `<port>` is optional: `https://<host>:<port>/<tenant>`

-You must have the [latest version](/powershell/azure/install-az-ps) of PowerShell for this article.

-## Recovering local administrator password

-To view the local administrator password for a Windows device joined to Azure AD, you must be granted the *deviceLocalCredentials.Read.All* permission, and you must be assigned one of the following roles:

->This information last updated on May 4th, 2023.<br/>You can also download a CSV version of this table [here](https://download.microsoft.com/download/e/3/e/e3e9faf2-f28b-490a-9ada-c6089a1fc5b0/Product%20names%20and%20service%20plan%20identifiers%20for%20licensing.csv).

-1. Set **Security defaults** to **Enabled **.

-Self Service Password Reset (SSPR) can now PIM eligible users, and evaluate group-based memberships, along with direct memberships when checking if a user is in a particular administrator role. This capability provides more accurate SSPR policy enforcement by validating if users are in scope for the default SSPR admin policy or your organizations SSPR user policy.

-|[LDAP](../../active-directory/app-provisioning/on-premises-ldap-connector-configure.md)| OpenLDAP<br>Microsoft Active Directory Lightweight Directory Services<br>389 Directory Server<br>Apache Directory Server<br>IBM Tivoli DS<br>Isode Directory<br>NetIQ eDirectory<br>Novell eDirectory<br>Open DJ<br>Open DS<br>Oracle (previously Sun ONE) Directory Server Enterprise Edition<br>RadiantOne Virtual Directory Server (VDS) |

-| [SQL](../../active-directory/app-provisioning/tutorial-ecma-sql-connector.md)| Microsoft SQL Server and Azure SQL<br>IBM DB2 10.x<br>IBM DB2 9.x<br>Oracle 10g and 11g<br>Oracle 12c and 18c<br>MySQL 5.x|

-| Cloud platform|[SAP Cloud Identity Platform - Provisioning](../../active-directory/saas-apps/sap-cloud-platform-identity-authentication-provisioning-tutorial.md) |

-## Entra Identity Governance Integrations

-| IBM Tivoli Directory Server ([SQL connector](../../active-directory/app-provisioning/tutorial-ecma-sql-connector.md) ) | ΓùÅ | |

-| Net IQ eDirectory ([LDAP connector](../../active-directory/app-provisioning/on-premises-ldap-connector-configure.md) ) | ΓùÅ | |

-| [Open LDAP](../../active-directory/app-provisioning/on-premises-ldap-connector-configure.md) | ΓùÅ | |

-| Oracle Database | ΓùÅ | |

-| Oracle SunOne | ΓùÅ | |

-| [SAP Cloud Platform Identity Authentication](../../active-directory/saas-apps/sap-cloud-platform-identity-authentication-provisioning-tutorial.md) | ΓùÅ | ΓùÅ |

-There is also a healthy partner ecosystem, further expanding the breadth and depth of integrations available with Entra Identity Governance. Explore the [partner integrations](../../active-directory/app-provisioning/partner-driven-integrations.md) available, including:

-Once you have the appropriate role assignment, launch PowerShell, and [install the Azure PowerShell module](/powershell/azure/install-az-ps) (if you haven't already), by typing:

- >To re-enable strict management mode and deploye a configuration overwrites settings outside the Guided Configuration UI. Therefore, we recommend the advanced configuration method for production services.

-1. Install [the latest version of Azure PowerShell](/powershell/azure/install-az-ps) if you haven't already.

- - Run scripts locally by installing the latest version of [the Az PowerShell module](/powershell/azure/install-az-ps). You can also use the [Microsoft Graph PowerShell SDK](/powershell/microsoftgraph/get-started).

-If you plan to use the Azure PowerShell or Azure CLI examples in this article, be sure to install the latest version of [Azure PowerShell](/powershell/azure/install-az-ps) or [Azure CLI](/cli/azure/install-azure-cli).

-If you plan to use the Azure PowerShell examples in this article, be sure to install the latest version of [Azure PowerShell](/powershell/azure/install-az-ps).

- - Run scripts locally by installing the latest version of [Azure PowerShell](/powershell/azure/install-az-ps), then sign in to Azure using `Connect-AzAccount`.

- - Run scripts locally by installing the latest version of [Azure PowerShell](/powershell/azure/install-az-ps), then sign in to Azure using `Connect-AzAccount`.

- - Run scripts locally by installing the latest version of [Azure PowerShell](/powershell/azure/install-az-ps), then sign in to Azure using `Connect-AzAccount`.

- - Run scripts locally by installing the latest version of [Azure PowerShell](/powershell/azure/install-az-ps), then sign in to Azure using `Connect-AzAccount`.

-2. Enter in your **Username** and **Password** for which you added when you created the Windows VM.

-1. Install [the latest version of Azure PowerShell](/powershell/azure/install-az-ps) if you haven't already.

-1. Configure the LinkedIn company page with your organization DID (decentralized identity) and URL of the custom Webapp. You cannot self-service the LinkedIn company page. Today, you need to fill in [this form](https://www.linkedin.com/help/linkedin/answer/a1359065) and we can enable your organization.

-1. Install [the latest version of Azure PowerShell](/powershell/azure/install-az-ps) if you haven't already.

-1. Install [the latest version of Azure PowerShell](/powershell/azure/install-az-ps) if you haven't already.

-## Encrypt your AKS cluster data disk(optional)

-OS disk encryption key is used to encrypt the data disk if the key isn't provided for data disk from AKS version 1.17.2. You can also encrypt AKS data disks with your other keys.

-```azurecli-interactive

-# Retrieve your Azure Subscription Id from id property as shown below

-az account list

-```

-The following example resembles output from the command:

-```output

-someuser@Azure:~$ az account list

-[

- {

- "cloudName": "AzureCloud",

- "id": "666e66d8-1e43-4136-be25-f25bb5de5893",

- "isDefault": true,

- "name": "MyAzureSubscription",

- "state": "Enabled",

- "tenantId": "3ebbdf90-2069-4529-a1ab-7bdcb24df7cd",

- "user": {

- "cloudShellID": true,

- "name": "someuser@azure.com",

- "type": "user"

- }

- }

-]

-```

-description: Learn how to customize CoreDNS to add subdomains or extend custom DNS endpoints using Azure Kubernetes Service (AKS)

-#Customer intent: As a cluster operator or developer, I want to learn how to customize the CoreDNS configuration to add sub domains or extend to custom DNS endpoints within my network

-# Deploy a Kubernetes application from Azure Marketplace (preview)

- ```azurecli-interactive

- az k8s-extension list --cluster-name <clusterName> --resource-group <resourceGroupName> --cluster-type managedClusters

- ```

-description: Learn how to define a custom egress route in Azure Kubernetes Service (AKS) with a routing table.

-#Customer intent: As a cluster operator, I want to define my own egress paths with user-defined routes. Since I define this up front I do not want AKS provided load balancer configurations.

-# Customize cluster egress with a user-defined routing table

-Egress from an AKS cluster can be customized to fit specific scenarios. By default, AKS will provision a Standard SKU Load Balancer to be set up and used for egress. However, the default setup may not meet the requirements of all scenarios if public IPs are disallowed or additional hops are required for egress.

-This article walks through how to customize a cluster's egress route to support custom network scenarios, such as those which disallows public IPs and requires the cluster to sit behind a network virtual appliance (NVA).

-* Azure CLI version 2.0.81 or greater

-* API version of `2020-01-01` or greater

-## Limitations

-* Setting `outboundType` requires AKS clusters with a `vm-set-type` of `VirtualMachineScaleSets` and `load-balancer-sku` of `Standard`.

-## Overview

-> [!NOTE]

-> Using outbound type is an advanced networking scenario and requires proper network configuration.

-If `userDefinedRouting` is set, AKS won't automatically configure egress paths. The egress setup must be done by you.

-The AKS cluster must be deployed into an existing virtual network with a subnet that has been previously configured because when not using standard load balancer (SLB) architecture, you must establish explicit egress. As such, this architecture requires explicitly sending egress traffic to an appliance like a firewall, gateway, proxy or to allow the Network Address Translation (NAT) to be done by a public IP assigned to the standard load balancer or appliance.

-#### Load balancer creation with userDefinedRouting

-AKS clusters with an outbound type of UDR receive a standard load balancer (SLB) only when the first Kubernetes service of type 'loadBalancer' is deployed. The load balancer is configured with a public IP address for *inbound* requests and a backend pool for *inbound* requests. Inbound rules are configured by the Azure cloud provider, but **no outbound public IP address or outbound rules** are configured as a result of having an outbound type of UDR. Your UDR will still be the only source for egress traffic.

-Azure load balancers [don't incur a charge until a rule is placed](https://azure.microsoft.com/pricing/details/load-balancer/).

-To illustrate the application of a cluster with outbound type using a user-defined route, a cluster can be configured on a virtual network with an Azure Firewall on its own subnet. See this example on the [restrict egress traffic with Azure firewall example](limit-egress-traffic.md).

-> Outbound type of UDR requires there is a route for 0.0.0.0/0 and next hop destination of NVA (Network Virtual Appliance) in the route table.

-> The route table already has a default 0.0.0.0/0 to Internet, without a Public IP to SNAT just adding this route will not provide you egress. AKS will validate that you don't create a 0.0.0.0/0 route pointing to the Internet but instead to NVA or gateway, etc.

-> When using an outbound type of UDR, a load balancer public IP address for **inbound requests** is not created unless a service of type *loadbalancer* is configured. A public IP address for **outbound requests** is never created by AKS if an outbound type of UDR is set.

-See [Azure networking UDR overview](../virtual-network/virtual-networks-udr-overview.md).

-See [how to create, change, or delete a route table](../virtual-network/manage-route-table.md).

-<!-- LINKS - internal -->

-[az-aks-get-credentials]: /cli/azure/aks#az_aks_get_credentials

-[byo-route-table]: configure-kubenet.md#bring-your-own-subnet-and-route-table-with-kubenet

-## Deploy an AKS cluster with a UPR outbound type to the existing network

-* You need `kubectl` with a minimum version of [1.18.1](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.18.md#v1181) or [`kubelogin`](https://github.com/Azure/kubelogin). The difference between the minor versions of Kubernetes and `kubectl` shouldn't be more than *one* version. You'll experience authentication issues if you don't use the correct version.

-* This article requires you have an Azure AD group for your cluster. This group will be registered as an admin group on the cluster to grant admin permissions. If you don't have an existing Azure AD group, you can create one using the [`az ad group create`](/cli/azure/ad/group#az_ad_group_create) command.

-* Enable AKS-managed Azure AD integration on your existing Kubernetes RBAC enabled cluster using the [`az aks update`][az-aks-update] command. Make sure to set your admin group to keep access on your cluster.

- ```azurecli-interactive

- az aks update -g MyResourceGroup -n myManagedCluster --enable-aad --aad-admin-group-object-ids <id-1>,<id-2> [--aad-tenant-id <id>]

- ```

- A successful activation of an AKS-managed Azure AD cluster has the following section in the response body:

- ```output

- "AADProfile": {

- "adminGroupObjectIds": [

- "5d24****-****-****-****-****afa27aed"

- ],

- "clientAppId": null,

- "managed": true,

- "serverAppId": null,

- "serverAppSecret": null,

- "tenantId": "72f9****-****-****-****-****d011db47"

- }

- ```

-* If your cluster uses legacy Azure AD integration, you can upgrade to AKS-managed Azure AD integration with no downtime using the [`az aks update`][az-aks-update] command.

- ```azurecli-interactive

- az aks update -g myResourceGroup -n myManagedCluster --enable-aad --aad-admin-group-object-ids <id> [--aad-tenant-id <id>]

- ```

- A successful migration of an AKS-managed Azure AD cluster has the following section in the response body:

- ```output

- "AADProfile": {

- "adminGroupObjectIds": [

- "5d24****-****-****-****-****afa27aed"

- ],

- "clientAppId": null,

- "managed": true,

- "serverAppId": null,

- "serverAppSecret": null,

- "tenantId": "72f9****-****-****-****-****d011db47"

- }

- ```

-There are some non-interactive scenarios, such as continuous integration pipelines, that aren't currently available with `kubectl`. You can use [`kubelogin`](https://github.com/Azure/kubelogin) to connect to the cluster with a non-interactive service principal credential. Starting with Kubernetes version 1.24, the default format of the clusterUser credential for Azure AD clusters is `exec`, which requires [`kubelogin`](https://github.com/Azure/kubelogin) binary in the execution PATH.

-* When getting the clusterUser credential, you can use the `format` query parameter to overwrite the default behavior change. You can set the value to `azure` to use the original kubeconfig format:

-* Azure AD integrated clusters using a Kubernetes version newer than 1.24 automatically use the `kubelogin` format.

-

-> If you meet the `error: The azure auth plugin has been removed.`, you need to run `kubelogin convert-kubeconfig` to convert the kubeconfig format manually.

- az keyvault certificate import --vault-name <KeyVaultName> -n <KeyVaultCertificateName> -f aks-ingress-tls.pfx

-Before using PowerShell, [install or update the latest Azure PowerShell module](/powershell/azure/install-az-ps).

-* The latest version of Azure PowerShell, if you plan to use Azure PowerShell cmdlets. If you haven't already, [install Azure PowerShell](/powershell/azure/install-az-ps).

-* The latest version of Azure PowerShell. If you haven't already, [install Azure PowerShell](/powershell/azure/install-az-ps).

-1. If needed, install Azure PowerShell by using the instructions in the [Azure PowerShell guide](/powershell/azure/install-az-ps). Then run `Connect-AzAccount` to create a connection with Azure.

-1. If needed, install the Azure PowerShell by using the instructions in the [Azure PowerShell guide](/powershell/azure/install-az-ps). Then run `Connect-AzAccount` to create a connection with Azure.

-1. For this example, select **API Management service `<service name>`**.

-1. For this example, select **API Management service `<service name>`**.

-* Learn more about GitHub's [REST API](https://docs.github.com/en/rest?apiVersion=2022-11-28)

-* **Azure PowerShell** - Run `Get-Module -ListAvailable -Name Az` to check your version. If you're running version 8.1.0 or later, no action is required. Use `Update-Module -Name Az -Repository PSGallery` to update the module if necessary. For more information, see [Install the Azure Az PowerShell module](/powershell/azure/install-az-ps).

-* [Azure PowerShell](/powershell/azure/install-az-ps)

-Trigger migration of a network-injected API Management instance to the `stv2` platform by updating the existing network configuration (see the following section). You can also cause migrate to the `stv2` platform by enabling [zone redundancy](../reliability/migrate-api-mgt.md).

-* For instances deployed in a VNet, see the [Virtual network configuration reference](virtual-network-reference.md).

- If you choose to install and use the PowerShell locally, this quickstart requires the Azure PowerShell module version 1.0 or later. Run `Get-Module -ListAvailable Az` to find the version. If you need to upgrade, see [Install Azure PowerShell module](/powershell/azure/install-Az-ps). If you're running PowerShell locally, you also need to run `Connect-AzAccount` to create a connection with Azure.

-If you choose to install and use the PowerShell locally, this tutorial requires the Azure PowerShell module version 1.0 or later. Run `Get-Module -ListAvailable Az` to find the version. If you need to upgrade, see [Install Azure PowerShell module](/powershell/azure/install-Az-ps). If you are running PowerShell locally, you also need to run `Connect-AzAccount` to create a connection with Azure.

-If you choose to install and use the PowerShell locally, this tutorial requires the Azure PowerShell module version 1.0 or later. Run `Get-Module -ListAvailable Az` to find the version. If you need to upgrade, see [Install Azure PowerShell module](/powershell/azure/install-Az-ps). If you are running PowerShell locally, you also need to run `Connect-AzAccount` to create a connection with Azure.

-If you choose to install and use the PowerShell locally, this tutorial requires the Azure PowerShell module version 1.0 or later. Run `Get-Module -ListAvailable Az` to find the version. If you need to upgrade, see [Install Azure PowerShell module](/powershell/azure/install-Az-ps). If you are running PowerShell locally, you also need to run `Connect-AzAccount` to create a connection with Azure.

-If you choose to install and use the PowerShell locally, this tutorial requires the Azure PowerShell module version 1.0 or later. Run `Get-Module -ListAvailable Az` to find the version. If you need to upgrade, see [Install Azure PowerShell module](/powershell/azure/install-Az-ps). If you are running PowerShell locally, you also need to run `Connect-AzAccount` to create a connection with Azure.

-If you choose to install and use the PowerShell locally, this tutorial requires the Azure PowerShell module version 1.0 or later. Run `Get-Module -ListAvailable Az` to find the version. If you need to upgrade, see [Install Azure PowerShell module](/powershell/azure/install-Az-ps). If you are running PowerShell locally, you also need to run `Connect-AzAccount` to create a connection with Azure.

-If you choose to install and use the PowerShell locally, this tutorial requires the Azure PowerShell module version 1.0 or later. Run `Get-Module -ListAvailable Az` to find the version. If you need to upgrade, see [Install Azure PowerShell module](/powershell/azure/install-Az-ps). If you are running PowerShell locally, you also need to run `Connect-AzAccount` to create a connection with Azure.

-If you choose to install and use the PowerShell locally, this tutorial requires the Azure PowerShell module version 1.0 or later. Run `Get-Module -ListAvailable Az` to find the version. If you need to upgrade, see [Install Azure PowerShell module](/powershell/azure/install-Az-ps). If you are running PowerShell locally, you also need to run `Connect-AzAccount` to create a connection with Azure.

-If you choose to install and use the PowerShell locally, this tutorial requires the Azure PowerShell module version 1.0 or later. Run `Get-Module -ListAvailable Az` to find the version. If you need to upgrade, see [Install Azure PowerShell module](/powershell/azure/install-Az-ps). If you are running PowerShell locally, you also need to run `Connect-AzAccount` to create a connection with Azure.

-az network vnet subnet update --resource-group $VNET_RG -name <subnet-name> --vnet-name <vnet-name> --delegations Microsoft.Web/hostingEnvironments

-az lock delete --resource-group jordan-rg --name <lock-name> --resource <vnet-name> --resource-type Microsoft.Network/virtualNetworks

-> Docker Compose on Azure App Services currently has a limit of 4,000 characters at this time.

-To use this file, replace the placeholders _\<unique-frontend-app-name>_ and _\<unique-frontend-app-name>_ (app name is used to form a unique DNS name worldwide).

-1. The Azure Identity client library that you'll use later can use tokens from Azure PowerShell. To enable command-line based development, [install Azure PowerShell](/powershell/azure/install-az-ps) on your local machine.

-1. The Azure Identity client library that you'll use later can use tokens from Azure PowerShell. To enable command-line based development, [install Azure PowerShell](/powershell/azure/install-az-ps) on your local machine.

-1. Install the latest version of the Azure PowerShell module by following the [install instructions](/powershell/azure/install-az-ps).

-You may use the built-in roles, such as [Network contributor](../role-based-access-control/built-in-roles.md#network-contributor), which already support this permission. If a built-in role doesn't provide the right permission, you can [create and assign a custom role](../role-based-access-control/custom-roles-portal.md). Learn more about [managing subnet permissions](../virtual-network/virtual-network-manage-subnet.md#permissions). You may have to allow sufficient time for [Azure Resource Manager cache refresh](../role-based-access-control/troubleshooting.md?tabs=bicep#symptomrole-assignment-changes-are-not-being-detected) after role assignment changes.

-This article requires Azure PowerShell module version 1.0.0 or later. To find the version, run `Get-Module -ListAvailable Az`. If you need to upgrade, see [Install Azure PowerShell module](/powershell/azure/install-az-ps). To run the commands in this article, you also need to create a connection with Azure by running `Connect-AzAccount`.

-This article requires the Azure PowerShell module version 1.0.0 or later. Run `Get-Module -ListAvailable Az` to find the version. If you need to upgrade, see [Install Azure PowerShell module](/powershell/azure/install-az-ps). If you're running PowerShell locally, you also need to run `Login-AzAccount` to create a connection with Azure.

-If you choose to install and use the PowerShell locally, this tutorial requires the Azure PowerShell module version 1.0.0 or later. To find the version, run `Get-Module -ListAvailable Az` . If you need to upgrade, see [Install Azure PowerShell module](/powershell/azure/install-az-ps). If you're running PowerShell locally, you also need to run `Login-AzAccount` to create a connection with Azure.

-This tutorial requires the Azure PowerShell module version 1.0.0 or later to create a certificate and install IIS. Run `Get-Module -ListAvailable Az` to find the version. If you need to upgrade, see [Install Azure PowerShell module](/powershell/azure/install-az-ps). To run the commands in this tutorial, you also need to run `Login-AzAccount` to create a connection with Azure.

-This tutorial requires the Azure PowerShell module version 1.0.0 or later. Run `Get-Module -ListAvailable Az` to find the version. If you need to upgrade, see [Install Azure PowerShell module](/powershell/azure/install-az-ps). To run the commands in this tutorial, you also need to run `Login-AzAccount` to create a connection with Azure.

-If you choose to install and use the PowerShell locally, this article requires the Azure PowerShell module version 1.0.0 or later. To find the version, run `Get-Module -ListAvailable Az` . If you need to upgrade, see [Install Azure PowerShell module](/powershell/azure/install-az-ps). If you're running PowerShell locally, you also need to run `Login-AzAccount` to create a connection with Azure.

-1. To find the version, run `Get-Module -ListAvailable Az`. If you need to upgrade, see [Install Azure PowerShell module](/powershell/azure/install-az-ps).

-This tutorial requires that you run an administrative Azure PowerShell session locally. You must have Azure PowerShell module version 1.0.0 or later installed. Run `Get-Module -ListAvailable Az` to find the version. If you need to upgrade, see [Install Azure PowerShell module](/powershell/azure/install-az-ps). After you verify the PowerShell version, run `Connect-AzAccount` to create a connection with Azure.

-This article requires that you run Azure PowerShell locally. You must have Az module version 1.0.0 or later installed. Run `Import-Module Az` and then`Get-Module Az` to find the version. If you need to upgrade, see [Install Azure PowerShell module](/powershell/azure/install-az-ps). After you verify the PowerShell version, run `Login-AzAccount` to create a connection with Azure.

-If you choose to install and use PowerShell locally, this article requires the Azure PowerShell module version 1.0.0 or later. To find the version, run `Get-Module -ListAvailable Az`. If you need to upgrade, see [Install Azure PowerShell module](/powershell/azure/install-az-ps). If you're running PowerShell locally, you also need to run `Login-AzAccount` to create a connection with Azure.

-If you choose to install and use the PowerShell locally, this article requires the Azure PowerShell module version 1.0.0 or later. To find the version, run `Get-Module -ListAvailable Az` . If you need to upgrade, see [Install Azure PowerShell module](/powershell/azure/install-az-ps). If you're running PowerShell locally, you also need to run `Login-AzAccount` to create a connection with Azure.

-This article requires the Azure PowerShell module version 1.0.0 or later. Run `Get-Module -ListAvailable Az` to find the version. If you need to upgrade, see [Install Azure PowerShell module](/powershell/azure/install-az-ps). If you're running PowerShell locally, you also need to run `Login-AzAccount` to create a connection with Azure.

-If you choose to install and use the PowerShell locally, this procedure requires the Azure PowerShell module version 1.0.0 or later. To find the version, run `Get-Module -ListAvailable Az` . If you need to upgrade, see [Install Azure PowerShell module](/powershell/azure/install-az-ps). If you're running PowerShell locally, you also need to run `Connect-AzAccount` to create a connection with Azure.

-If you choose to install and use the PowerShell locally, this article requires the Azure PowerShell module version 1.0.0 or later. To find the version, run `Get-Module -ListAvailable Az` . If you need to upgrade, see [Install Azure PowerShell module](/powershell/azure/install-az-ps). If you're running PowerShell locally, you also need to run `Login-AzAccount` to create a connection with Azure.

-* **Read** and **Layout** models are supported by Form Recognizer v3.0 containers.

-##### Read and Layout containers

-| `Read` | `8` cores, 16-GB memory | `8` cores, 24-GB memory|

-### Read

-The following code sample is a self-contained `docker compose` example to run the Form Recognizer Layout container. With `docker compose`, you use a YAML file to configure your application's services. Then, with the `docker-compose up` command, you create and start all the services from your configuration. Enter {FORM_RECOGNIZER_ENDPOINT_URI} and {{FORM_RECOGNIZER_KEY} values for your Layout container instance.

-### Layout

-The following code sample is a self-contained `docker compose` example to run the Form Recognizer Layout container. With `docker compose`, you use a YAML file to configure your application's services. Then, with `docker-compose up` command, you create and start all the services from your configuration. Enter {FORM_RECOGNIZER_ENDPOINT_URI} and {{FORM_RECOGNIZER_KEY} values for your Layout container instance.

-### [Business Card](#tab/business-card)

-The following code sample is a self-contained `docker compose` example to run Form Recognizer Business Card and Read containers together. With `docker compose`, you use a YAML file to configure your application's services. Then, with `docker-compose up` command, you create and start all the services from your configuration. Enter {FORM_RECOGNIZER_ENDPOINT_URI} and {FORM_RECOGNIZER_KEY} values for your Business Card container instance. Enter {COMPUTER_VISION_ENDPOINT_URI} and {COMPUTER_VISION_KEY} for your Computer Vision Read container.

- azure-cognitive-service-businesscard:

- container_name: azure-cognitive-service-businesscard

- image: mcr.microsoft.com/azure-cognitive-services/form-recognizer/businesscard

- - AzureCognitiveServiceReadHost=http://azure-cognitive-service-read:5000

- azure-cognitive-service-read:

- container_name: azure-cognitive-service-read

- image: mcr.microsoft.com/azure-cognitive-services/vision/read:3.2-model-2021-04-12

- - billing={COMPUTER_VISION_ENDPOINT_URI}

- - apiKey={COMPUTER_VISION_KEY}

-### [ID Document](#tab/id-document)

-The following code sample is a self-contained `docker compose` example to run Form Recognizer ID Document and Read containers together. With `docker compose`, you use a YAML file to configure your application's services. Then, with `docker-compose up` command, you create and start all the services from your configuration. Enter {FORM_RECOGNIZER_ENDPOINT_URI} and {FORM_RECOGNIZER_KEY} values for your ID document container. Enter {COMPUTER_VISION_ENDPOINT_URI} and {COMPUTER_VISION_KEY} values for your Computer Vision Read container.

- azure-cognitive-service-id:

- container_name: azure-cognitive-service-id

- image: mcr.microsoft.com/azure-cognitive-services/form-recognizer/id-document

-### [Invoice](#tab/invoice)

-The following code sample is a self-contained `docker compose` example to run Form Recognizer Invoice and Layout containers together. With `docker compose`, you use a YAML file to configure your application's services. Then, with `docker-compose up` command, you create and start all the services from your configuration. Enter {FORM_RECOGNIZER_ENDPOINT_URI} and {FORM_RECOGNIZER_KEY} values for your Invoice and Layout containers.

- azure-cognitive-service-invoice:

- container_name: azure-cognitive-service-invoice

- image: mcr.microsoft.com/azure-cognitive-services/form-recognizer/invoice

- - AzureCognitiveServiceLayoutHost=http://azure-cognitive-service-layout:5000

- azure-cognitive-service-layout:

- container_name: azure-cognitive-service-layout

- image: mcr.microsoft.com/azure-cognitive-services/form-recognizer/layout

- - billing={FORM_RECOGNIZER_ENDPOINT_URI}

- - apiKey={FORM_RECOGNIZER_KEY}

-### [Receipt](#tab/receipt)

-The following code sample is a self-contained `docker compose` example to run Form Recognizer Receipt and Read containers together. With `docker compose`, you use a YAML file to configure your application's services. Then, with `docker-compose up` command, you create and start all the services from your configuration. Enter {FORM_RECOGNIZER_ENDPOINT_URI} and {FORM_RECOGNIZER_KEY} values for your Receipt container. Enter {COMPUTER_VISION_ENDPOINT_URI} and {COMPUTER_VISION_KEY} values for your Computer Vision Read container.

- azure-cognitive-service-receipt:

- container_name: azure-cognitive-service-receipt

- image: mcr.microsoft.com/azure-cognitive-services/form-recognizer/receipt

-Use the parameter `api-version=2022-06-30-preview` when using the REST API or the corresponding SDK to support these languages in your applications.

-| **Custom neural model train** | 10 per month | 10 per month |

-> ³ Open a support request to increase the monthly training limit.

-> [!IMPORTANT]

-> Hotpatch is currently in Public Preview. An opt-in procedure is needed to use the hotpatch capability described below. This preview is provided without a service level agreement, and is not recommended for production workloads. Certain features might not be supported or might have constrained capabilities. For more information, see [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/).

-> [!NOTE]

-> Hotpatch is supported on _Windows Server 2022 Datacenter: Azure Edition_.

-> [!IMPORTANT]

-> Hotpatch is currently in Public Preview. An opt-in procedure is needed to use the Hotpatch capability described below. This preview is provided without a service level agreement, and is not recommended for production workloads. Certain features might not be supported or might have constrained capabilities. For more information, see [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/).

-* The [Azure Az PowerShell module](/powershell/azure/new-azureps-module-az) installed on your machine. To install or upgrade, see [How to install the Azure Az PowerShell module](/powershell/azure/install-az-ps).

-* Azure PowerShell installed on a local machine. See [Install the Azure PowerShell Module](/powershell/azure/install-az-ps) for information about how to get Azure PowerShell. You'll also need module [Az.ManagedServiceIdentity](/powershell/module/az.managedserviceidentity). `Az.ManagedServiceIdentity` is a preview module and not installed as part of the Az module. To install it, run `Install-Module -Name Az.ManagedServiceIdentity`

-* The [Azure Az PowerShell module](/powershell/azure/new-azureps-module-az) installed on your machine. To install or upgrade, see [How to install the Azure Az PowerShell module](/powershell/azure/install-az-ps).

-* The [Azure Az PowerShell module](/powershell/azure/new-azureps-module-az) installed on your machine. To install or upgrade, see [How to install the Azure Az PowerShell module](/powershell/azure/install-az-ps).

-* The [Azure Az PowerShell module](/powershell/azure/new-azureps-module-az) installed on your machine. To install or upgrade, see [How to install the Azure Az PowerShell module](/powershell/azure/install-az-ps). `Az.ManagedServiceIdentity` is a preview module and not installed as part of the Az module. To install it, run `Install-Module -Name Az.ManagedServiceIdentity`.

-If you connected your cluster by using Azure PowerShell, make sure you are [running the latest version](/powershell/azure/install-az-ps).

-* [Azure PowerShell version 6.6.0 or later](/powershell/azure/install-az-ps)

-1. Download and unzip the folder **ArcEnabledServersGroupPolicy_v1.0.1** from [https://github.com/Azure/ArcEnabledServersGroupPolicy/releases/download/1.0.2/ArcEnabledServersGroupPolicy_v1.0.2.zip](https://github.com/Azure/ArcEnabledServersGroupPolicy/releases/download/1.0.2/ArcEnabledServersGroupPolicy_v1.0.2.zip). This folder contains the ArcGPO project structure with the scripts `EnableAzureArc.ps1`, `DeployGPO.ps1`, and `AzureArcDeployment.psm1`. These assets will be used for onboarding the machine to Azure Arc-enabled servers.

-You can use [Azure PowerShell](/powershell/azure/install-az-ps) to create a service principal with the [New-AzADServicePrincipal](/powershell/module/Az.Resources/New-AzADServicePrincipal) cmdlet.

-To connect hybrid machines to Azure, you install the [Azure Connected Machine agent](agent-overview.md) on each machine. This agent does not replace the Azure [Log Analytics agent](../../azure-monitor/agents/log-analytics-agent.md) / [Azure Monitor Agent](../../azure-monitor/agents/azure-monitor-agent-overview.md). The Log Analytics agent or Azure Monitor Agent for Windows and Linux is required in order to:

-In most cases, the location you select when you create the installation script should be the Azure region geographically closest to your machine's location. Data at rest is stored within the Azure geography containing the region you specify, which may also affect your choice of region if you have data residency requirements. If the Azure region your machine connects to is affected by an outage, the connected machine is not affected, but management operations using Azure may be unable to complete. If there is a regional outage, and if you have multiple locations that support a geographically redundant service, it is best to connect the machines in each location to a different Azure region.

-* Computer fully qualified domain name (FQDN)

-If a machine remains disconnected for 45 days, its status may change to **Expired**. An expired machine can no longer connect to Azure and requires a server administrator to disconnect and then reconnect it to Azure to continue managing it with Azure Arc. The exact date upon which a machine will expire is determined by the expiration date of the managed identity's credential, which is valid up to 90 days and renewed every 45 days.

-There is no limit to how many Arc-enabled servers and VM extensions you can deploy in a resource group or subscription. The standard 800 resource limit per resource group applies to the Azure Arc Private Link Scope resource type.

-This quickstart requires that you're running the latest version of Azure PowerShell. If you need to install or upgrade, see [Install and configure Azure PowerShell](/powershell/azure/install-Az-ps).

- + The Azure [Az PowerShell module](/powershell/azure/install-az-ps) version 5.9.0 or later.

- + The Azure [Az PowerShell module](/powershell/azure/install-az-ps) version 5.9.0 or later.

- + The Azure [Az PowerShell module](/powershell/azure/install-az-ps) version 9.4.0 or later.

- + The Azure [Az PowerShell module](/powershell/azure/install-az-ps) version 5.9.0 or later.

- + The Azure [Az PowerShell module](/powershell/azure/install-az-ps) version 5.9.0 or later.

-The following PowerShell commands create a resource group and deploy a Bicep file/ARM template that creates a function app with its required resources. To run locally, you must have [Azure PowerShell](/powershell/azure/install-az-ps) installed. Run [`Connect-AzAccount`](/powershell/module/az.accounts/connect-azaccount) to sign in.

-**[Publish](#publish)**: Core Tools currently depends on either the [Azure CLI](/cli/azure/install-azure-cli) or [Azure PowerShell](/powershell/azure/install-az-ps) for authenticating with your Azure account. This means that you must install one of these tools to be able to [publish to Azure](#publish) from Azure Functions Core Tools.

->You must have the [Azure CLI](/cli/azure/install-azure-cli) or [Azure PowerShell](/powershell/azure/install-az-ps) installed locally to be able to publish to Azure from Core Tools.

-> This article has been updated to use the new Azure PowerShell Az module. You can still use the AzureRM module, which will continue to receive bug fixes until at least December 2020. To learn more about the new Az module and AzureRM compatibility, see [**Introducing the new Azure PowerShell Az module**](/powershell/azure/new-azureps-module-az). For Az module installation instructions, see [**Install the Azure Az PowerShell module**](/powershell/azure/install-az-ps).

-Install PowerShell on your local machine. For more information, including how to check your PowerShell version, see [Install the Azure Az PowerShell module](/powershell/azure/install-az-ps).

-| Elevation service ([deprecated](https://azure.microsoft.com/updates/azure-maps-elevation-apis-and-render-v2-dem-tiles-will-be-retired-on-5-may-2023)) | 50 | 50 | Not Available |

-| Render service - Contour tiles, Digital Elevation Model (DEM) tiles ([deprecated](https://azure.microsoft.com/updates/azure-maps-elevation-apis-and-render-v2-dem-tiles-will-be-retired-on-5-may-2023)) and Customer tiles | 50 | 50 | Not Available |

-<dependency> 

-  <groupId>com.azure</groupId> 

-  <artifactId>azure-maps-elevation</artifactId> 

-  <version>1.0.0-beta.1</version> 

-</dependency> 

-| [Elevation][java elevation readme] ([deprecated](https://azure.microsoft.com/updates/azure-maps-elevation-apis-and-render-v2-dem-tiles-will-be-retired-on-5-may-2023))| [azure-maps-elevation][java elevation package] | [elevation samples][java elevation sample] |

-[java elevation package]: https://repo1.maven.org/maven2/com/azure/azure-maps-elevation

-[java elevation readme]: https://github.com/Azure/azure-sdk-for-jav

-[java elevation sample]: https://github.com/Azure/azure-sdk-for-java/tree/main/sdk/maps/azure-maps-elevation/src/samples/java/com/azure/maps/elevation/samples

-description: Learn how to request elevation data using the Azure Maps Elevation service.

-# Request elevation data using the Azure Maps Elevation service

-> [!IMPORTANT]

-> The Azure Maps Elevation services and Render V2 DEM tiles have been retired and will no longer be available or supported after May 5, 2023. No other Azure Maps API, services or tilesets are affected. For more information, see [Elevation Services Retirement](https://azure.microsoft.com/updates/azure-maps-elevation-apis-and-render-v2-dem-tiles-will-be-retired-on-5-may-2023).

-The Azure Maps [Elevation service](/rest/api/maps/elevation) provides APIs to query elevation data anywhere on the earth's surface. You can request sampled elevation data along paths, within a defined bounding box, or at specific coordinates. Also, you can use the [Render V2 - Get Map Tile API](/rest/api/maps/renderv2) to retrieve elevation data in tile format. The tiles are delivered in GeoTIFF raster format. This article describes how to use Azure Maps Elevation service and the Get Map Tile API to request elevation data. The elevation data can be requested in both GeoJSON and GeoTiff formats.

-## Prerequisites

-* An [Azure Maps account]

-* A [subscription key]

-For more information about authentication in Azure Maps, see [Manage Authentication in Azure Maps](how-to-manage-authentication.md).

-This article uses the [Postman](https://www.postman.com/) application, but you can use a different API development environment.

-## Request elevation data in raster tile format

-To request elevation data in raster tile format, use the [Render V2-Get Map Tile API](/rest/api/maps/renderv2). If the tile can be found, the API returns the tile as a GeoTIFF. Otherwise, the API returns 0. All raster DEM tiles use the geoid (sea level) Earth mode. In this example, we'll request elevation data for Mt. Everest.

->[!TIP]

->To retrieve a tile at a specific area on the world map, find the correct tile at the appropriate zoom level. Also note that WorldDEM covers the entire global landmass but it doesn't cover oceans. For more information, see [Zoom levels and tile grid](zoom-levels-and-tile-grid.md).

-To request elevation data in raster tile format using the Postman app:

-1. In the Postman app, select **New**.

-2. In the **Create New** window, select **HTTP Request**.

-3. Enter a **Request name** for the request.

-4. On the **Builder** tab, select the **GET** HTTP method and then enter the following URL to request the raster tile.

- ```http

- https://atlas.microsoft.com/map/tile?subscription-key={Your-Azure-Maps-Subscription-key}&api-version=2.0&tilesetId=microsoft.dem&zoom=13&x=6074&y=3432

- ```

- >[!Important]

- >For this request, and other requests mentioned in this article, replace `{Your-Azure-Maps-Subscription-key}` with your Azure Maps subscription key.

-5. Select the **Send** button.

- You should receive the raster tile that contains the elevation data in GeoTIFF format. Each pixel within the raster tile raw data is of type `float`. The value of each pixel represents the elevation height in meters.

-## Request elevation data in GeoJSON format

-To request elevation data in GeoJSON format, use the Elevation service APIs. This section describes each of these APIs:

-* [Get Data for Points](/rest/api/maps/elevation/getdataforpoints)

-* [Post Data for Points](/rest/api/maps/elevation/postdataforpoints)

-* [Get Data for Polyline](/rest/api/maps/elevation/getdataforpolyline)

-* [Post Data for Polyline](/rest/api/maps/elevation/postdataforpolyline)

-* [Get Data for Bounding Box](/rest/api/maps/elevation/getdataforboundingbox)

->[!IMPORTANT]

-> When no data can be returned, all APIs return **0**.

-### Request elevation data for points

-In this example, we'll use the [Get Data for Points API](/rest/api/maps/elevation/getdataforpoints) to request elevation data at Mt. Everest and Chamlang mountains. Then, we'll use the [Post Data for Points API](/rest/api/maps/elevation/postdataforpoints) to request elevation data using the same two points. Latitudes and longitudes in the URL are expected to be in WGS84 (World Geodetic System) decimal degree.

- >[!IMPORTANT]

- >The URL character length limit is 2048, so it's not possible to pass more than 100 coordinates as a pipeline-delimited string in a URL GET request. If you intend to pass more than 100 coordinates as a pipeline delimited string, use the Post Data for Points API.

-To create the request:

-1. In the Postman app, select **New** again.

-2. In the **Create New** window, select **HTTP Request**.

-3. Enter a **Request name** for the request.

-4. On the **Builder** tab, select the **GET** HTTP method, and then enter the following URL (replace `{Your-Azure-Maps-Subscription-key}` with your Azure Maps subscription key):

- ```http

- https://atlas.microsoft.com/elevation/point/json?subscription-key={Your-Azure-Maps-Subscription-key}&api-version=1.0&points=-73.998672,40.714728|150.644,-34.397

- ```

-5. Select the **Send** button. You'll receive the following JSON response:

- ```json

- {

- "data": [

- {

- "coordinate": {

- "latitude": 40.714728,

- "longitude": -73.998672

- },

- "elevationInMeter": 12.142355447638208

- },

- {

- "coordinate": {

- "latitude": -34.397,

- "longitude": 150.644

- },

- "elevationInMeter": 384.47041445517846

- }

- ]

- }

- ```

-6. Now, we'll call the [Post Data for Points API](/rest/api/maps/elevation/postdataforpoints) to get elevation data for the same two points. On the **Builder** tab, select the **POST** HTTP method and then enter the following URL (replace `{Your-Azure-Maps-Subscription-key}` with your Azure Maps subscription key):

- ```http

- https://atlas.microsoft.com/elevation/point/json?subscription-key={Your-Azure-Maps-Subscription-key}&api-version=1.0

- ```

-7. In the **Headers** field of the **POST** request, set `Content-Type` to `application/json`.

-8. In the **Body** field, provide the following coordinate point information:

- ```json

- [

- {

- "lon": -73.998672,

- "lat": 40.714728

- },

- {

- "lon": 150.644,

- "lat": -34.397

- }

- ]

- ```

-9. Select **Send**.

-### Request elevation data samples along a Polyline

-In this example, we'll use the [Get Data for Polyline API](/rest/api/maps/elevation/getdataforpolyline) to request five equally spaced samples of elevation data along a straight line between coordinates at Mt. Everest and Chamlang mountains. Both coordinates must be defined in longitude/latitude format. If you don't specify a value for the `samples` parameter, the number of samples defaults to 10. The maximum number of samples is 2,000.

-Then, we'll use the Get Data for Polyline API to request three equally spaced samples of elevation data along a path. We'll define the precise location for the samples by passing in three longitude/latitude coordinate pairs.

-Finally, we'll use the [Post Data For Polyline API](/rest/api/maps/elevation/postdataforpolyline) to request elevation data at the same three equally spaced samples.

-Latitudes and longitudes in the URL are expected to be in WGS84 (World Geodetic System) decimal degree.

- >[!IMPORTANT]

- >The URL character length limit is 2048, so it's not possible to pass more than 100 coordinates as a pipeline-delimited string in a URL GET request. If you intend to pass more than 100 coordinates as a pipeline delimited string, use the Post Data For Points API.

-To create the request:

-1. In the Postman app, select **New**.

-2. In the **Create New** window, select **HTTP Request**.

-3. Enter a **Request name**.

-4. On the **Builder** tab, select the **GET** HTTP method, and then enter the following URL (replace `{Your-Azure-Maps-Subscription-key}` with your Azure Maps subscription key):

- ```http

- https://atlas.microsoft.com/elevation/line/json?api-version=1.0&subscription-key={Your-Azure-Maps-Subscription-key}&lines=-73.998672,40.714728|150.644,-34.397&samples=5

- ```

-5. Select the **Send** button. You'll receive the following JSON response:

- ```JSON

- {

- "data": [

- {

- "coordinate": {

- "latitude": 40.714728,

- "longitude": -73.998672

- },

- "elevationInMeter": 12.14236

- },

- {

- "coordinate": {

- "latitude": 21.936796000000001,

- "longitude": -17.838003999999998

- },

- "elevationInMeter": 0.0

- },

- {

- "coordinate": {

- "latitude": 3.1588640000000012,

- "longitude": 38.322664000000003

- },

- "elevationInMeter": 598.66943

- },

- {

- "coordinate": {

- "latitude": -15.619067999999999,

- "longitude": 94.483332000000019

- },

- "elevationInMeter": 0.0

- },

- {

- "coordinate": {

- "latitude": -34.397,

- "longitude": 150.644

- },

- "elevationInMeter": 384.47041

- }

- ]

- }

- ```

-6. Now, we'll request three samples of elevation data along a path between coordinates at Mount Everest, Chamlang, and Jannu mountains. In the **Params** field, enter the following coordinate array for the value of the `lines` query key.

- ```html

- 86.9797222, 27.775|86.9252778, 27.9880556 | 88.0444444, 27.6822222

- ```

-7. Change the `samples` query key value to `3`. The image below shows the new values.

- :::image type="content" source="./media/how-to-request-elevation-data/get-elevation-samples.png" alt-text="Retrieve three elevation data samples.":::

-8. Select **Send**. You'll receive the following JSON response:

- ```json

- {

- "data": [

- {

- "coordinate": {

- "latitude": 27.775,

- "longitude": 86.9797222

- },

- "elevationInMeter": 7116.0348851572589

- },

- {

- "coordinate": {

- "latitude": 27.737403546316028,

- "longitude": 87.411180791156454

- },

- "elevationInMeter": 1798.6945512521534

- },

- {

- "coordinate": {

- "latitude": 27.682222199999998,

- "longitude": 88.0444444

- },

- "elevationInMeter": 7016.9372013588072

- }

- ]

- }

- ```

-9. Now, we'll call the [Post Data For Polyline API](/rest/api/maps/elevation/postdataforpolyline) to get elevation data for the same three points. On the **Builder** tab, select the **POST** HTTP method, and then enter the following URL (replace `{Your-Azure-Maps-Subscription-key}` with your Azure Maps subscription key):

- ```http

- https://atlas.microsoft.com/elevation/line/json?api-version=1.0&subscription-key={Your-Azure-Maps-Subscription-key}&samples=5

- ```

-10. In the **Headers** field of the **POST** request, set `Content-Type` to `application/json`.

-11. In the **Body** field, provide the following coordinate point information.

- ```json

- [

- {

- "lon": 86.9797222,

- "lat": 27.775

- },

- {

- "lon": 86.9252778,

- "lat": 27.9880556

- },

- {

- "lon": 88.0444444,

- "lat": 27.6822222

- }

- ]

- ```

-12. Select **Send**.

-### Request elevation data by Bounding Box

-Now we'll use the [Get Data for Bounding Box](/rest/api/maps/elevation/getdataforboundingbox) to request elevation data near Mt. Rainier in Washington state. The elevation data will be returned at equally spaced locations within a bounding box. The bounding area is defined by two sets of latitude/longitude coordinates (south latitude, west longitude | north latitude, east longitude) and is divided into rows and columns. The edges of the bounding box account for two of the rows and two of the columns. Elevations are returned for the grid vertices created at row and column intersections. Up to 2000 elevations can be returned in a single request.

-In this example, we'll specify rows=3 and columns=6. The response returns 18 elevation values. In the following diagram, the elevation values are ordered starting with the southwest corner, and then continue west to east and south to north. The elevation points are numbered in the order that they're returned.

-To create the request:

-1. In the Postman app, select **New**.

-2. In the **Create New** window, select **HTTP Request**.

-3. Enter a **Request name**.

-4. On the **Builder** tab, select the **GET** HTTP method, and then enter the following URL (replace `{Your-Azure-Maps-Subscription-key}` with your Azure Maps subscription key):

- ```http

- https://atlas.microsoft.com/elevation/lattice/json?subscription-key={Your-Azure-Maps-Subscription-key}&api-version=1.0&bounds=-121.66853362143818, 46.84646479863713,-121.65853362143818, 46.85646479863713&rows=2&columns=3

- ```

-5. Select **Send**. The response returns 18 elevation data samples, one for each vertex of the grid.

- ```json

- {

- "data": [

- {

- "coordinate": {

- "latitude": 46.846464798637129,

- "longitude": -121.66853362143819

- },

- "elevationInMeter": 2298.6581875651746

- },

- {

- "coordinate": {

- "latitude": 46.846464798637129,

- "longitude": -121.66653362143819

- },

- "elevationInMeter": 2306.3980756609963

- },

- {

- "coordinate": {

- "latitude": 46.846464798637129,

- "longitude": -121.66453362143818

- },

- "elevationInMeter": 2279.3385479564113

- },

- {

- "coordinate": {

- "latitude": 46.846464798637129,

- "longitude": -121.66253362143819

- },

- "elevationInMeter": 2233.1549264690366

- },

- {

- "coordinate": {

- "latitude": 46.846464798637129,

- "longitude": -121.66053362143818

- },

- "elevationInMeter": 2196.4485923541492

- },

- {

- "coordinate": {

- "latitude": 46.846464798637129,

- "longitude": -121.65853362143818

- },

- "elevationInMeter": 2133.1756767157253

- },

- {

- "coordinate": {

- "latitude": 46.849798131970459,

- "longitude": -121.66853362143819

- },

- "elevationInMeter": 2345.3227848228803

- },

- {

- "coordinate": {

- "latitude": 46.849798131970459,

- "longitude": -121.66653362143819

- },

- "elevationInMeter": 2292.2449195443587

- },

- {

- "coordinate": {

- "latitude": 46.849798131970459,

- "longitude": -121.66453362143818

- },

- "elevationInMeter": 2270.5867788258074

- },

- {

- "coordinate": {

- "latitude": 46.849798131970459,

- "longitude": -121.66253362143819

- },

- "elevationInMeter": 2296.8311427390604

- },

- {

- "coordinate": {

- "latitude": 46.849798131970459,

- "longitude": -121.66053362143818

- },

- "elevationInMeter": 2266.0729430891065

- },

- {

- "coordinate": {

- "latitude": 46.849798131970459,

- "longitude": -121.65853362143818

- },

- "elevationInMeter": 2242.216346631234

- },

- {

- "coordinate": {

- "latitude": 46.8531314653038,

- "longitude": -121.66853362143819

- },

- "elevationInMeter": 2378.460838833359

- },

- {

- "coordinate": {

- "latitude": 46.8531314653038,

- "longitude": -121.66653362143819

- },

- "elevationInMeter": 2327.6761137260387

- },

- {

- "coordinate": {

- "latitude": 46.8531314653038,

- "longitude": -121.66453362143818

- },

- "elevationInMeter": 2208.3782743402949

- },

- {

- "coordinate": {

- "latitude": 46.8531314653038,

- "longitude": -121.66253362143819

- },

- "elevationInMeter": 2106.9526472760981

- },

- {

- "coordinate": {

- "latitude": 46.8531314653038,

- "longitude": -121.66053362143818

- },

- "elevationInMeter": 2054.3270174034078

- },

- {

- "coordinate": {

- "latitude": 46.8531314653038,

- "longitude": -121.65853362143818

- },

- "elevationInMeter": 2030.6438331110671

- },

- {

- "coordinate": {

- "latitude": 46.856464798637127,

- "longitude": -121.66853362143819

- },

- "elevationInMeter": 2318.753153399402

- },

- {

- "coordinate": {

- "latitude": 46.856464798637127,

- "longitude": -121.66653362143819

- },

- "elevationInMeter": 2253.88875188271

- },

- {

- "coordinate": {

- "latitude": 46.856464798637127,

- "longitude": -121.66453362143818

- },

- "elevationInMeter": 2136.6145845357587

- },

- {

- "coordinate": {

- "latitude": 46.856464798637127,

- "longitude": -121.66253362143819

- },

- "elevationInMeter": 2073.6734467948486

- },

- {

- "coordinate": {

- "latitude": 46.856464798637127,

- "longitude": -121.66053362143818

- },

- "elevationInMeter": 2042.994055784251

- },

- {

- "coordinate": {

- "latitude": 46.856464798637127,

- "longitude": -121.65853362143818

- },

- "elevationInMeter": 1988.3631481900356

- }

- ]

- }

- ```

-## Samples: Use Elevation service APIs in Azure Maps Control

-### Get elevation data by coordinate position

-The following sample webpage describes how to use the map control to display elevation data at a coordinate point. When the user drags the marker, the map displays the elevation data in a pop-up window.

-<br/>

-<iframe height="500" scrolling="no" title="Get elevation at position" src="https://codepen.io/azuremaps/embed/c840b510e113ba7cb32809591d5f96a2?height=500&theme-id=default&default-tab=js,result&editable=true" frameborder="no" loading="lazy" allowtransparency="true" allowfullscreen="true">

- See the Pen <a href='https://codepen.io/azuremaps/pen/c840b510e113ba7cb32809591d5f96a2'>Get elevation at position</a> by Azure Maps

- (<a href='https://codepen.io/azuremaps'>@azuremaps</a>) on <a href='https://codepen.io'>CodePen</a>.

-</iframe>

-### Get elevation data by bounding box

-The following sample webpage describes how to use the map control to display elevation data contained within a bounding box. The user defines the bounding box by selecting the `square` icon in the upper-left corner, and then drawing the square anywhere on the map. The map control then renders the elevation data in accordance with the colors that are specified in the key that's located in the upper-right corner.

-<br/>

-<iframe height="500" scrolling="no" title="Elevations by bounding box" src="https://codepen.io/azuremaps/embed/619c888c70089c3350a3e95d499f3e48?height=500&theme-id=default&default-tab=js,result" frameborder="no" loading="lazy" allowtransparency="true" allowfullscreen="true">

- See the Pen <a href='https://codepen.io/azuremaps/pen/619c888c70089c3350a3e95d499f3e48'>Elevations by bounding box</a> by Azure Maps

- (<a href='https://codepen.io/azuremaps'>@azuremaps</a>) on <a href='https://codepen.io'>CodePen</a>.

-</iframe>

-### Get elevation data by Polyline path

-The following sample webpage describes how to use the map control to display elevation data along a path. The user defines the path by selecting the `Polyline` icon in the upper-left corner, and then drawing the Polyline on the map. The map control then renders the elevation data in colors that are specified in the key located in the upper-right corner.

-<br/>

-<iframe height="500" scrolling="no" title="Elevation path gradient" src="https://codepen.io/azuremaps/embed/7bee08e5cb13d05cb0a11636b60f14ca?height=500&theme-id=default&default-tab=js,result&editable=true" frameborder="no" loading="lazy" allowtransparency="true" allowfullscreen="true">

- See the Pen <a href='https://codepen.io/azuremaps/pen/7bee08e5cb13d05cb0a11636b60f14ca'>Elevation path gradient</a> by Azure Maps

- (<a href='https://codepen.io/azuremaps'>@azuremaps</a>) on <a href='https://codepen.io'>CodePen</a>.

-</iframe>

-## Next steps

-To further explore the Azure Maps ElevationAPIs, see:

-> [!div class="nextstepaction"]

-> [Elevation - Get Data for Lat Long Coordinates](/rest/api/maps/elevation/getdataforpoints)

-> [!div class="nextstepaction"]

-> [Elevation - Get Data for Bounding Box](/rest/api/maps/elevation/getdataforboundingbox)

-> [!div class="nextstepaction"]

-> [Elevation - Get Data for Polyline](/rest/api/maps/elevation/getdataforpolyline)

-> [!div class="nextstepaction"]

-> [Render V2 ΓÇô Get Map Tile](/rest/api/maps/renderv2)

-For a complete list of Azure Maps REST APIs, see:

-> [!div class="nextstepaction"]

-> [Azure Maps REST APIs](/rest/api/maps/)

-[Azure Maps account]: quick-demo-map-app.md#create-an-azure-maps-account

-[subscription key]: quick-demo-map-app.md#get-the-subscription-key-for-your-account

-| Red Hat Enterprise Linux Server 8.6 | X³ | X | |

-| Red Hat Enterprise Linux Server 8+ | X | X | |

-1. Use [built-in policies](../agents/azure-monitor-agent-manage.md#built-in-policies) to deploy extensions and DCR associations at scale small-scale testing. Using policy also ensures automatic deployment of extensions and DCR associations for new machines.³

-### Test an action group in the Azure portal (preview)

- For example, you could use these values in the **custom properties** to utilize data from the payload.

- |Custom properties name |Custom properties value |Result |

- ||||

- |AdditionalDetails|Evaluation windowStartTime: ${data.alertContext.condition.windowStartTime}. windowEndTime: ${data.alertContext.condition.windowEndTime}|AdditionalDetails": "Evaluation windowStartTime: 2023-04-04T14:39:24.492Z. windowEndTime: 2023-04-04T14:44:24.492Z" |

- |Alert ${data.essentials.monitorCondition} reason |ΓÇ£${data.alertContext.condition.allOf[0].metricName} ${data.alertContext.condition.allOf[0].operator}${data.alertContext.condition.allOf[0].threshold} ${data.essentials.monitorCondition}. The value is ${data.alertContext.condition.allOf[0].metricValue}" |Examples of the results could be: <br> - Alert Resolved reason": "Percentage CPU GreaterThan5 Resolved. The value is 3.585 <br>Percentage CPU GreaterThan5 Fired. The value is 10.585 |

-PowerShell Az Module. Follow instructions at [Install the Azure PowerShell module](/powershell/azure/install-az-ps)

-| [Monitoring Contributor](../../role-based-access-control/built-in-roles.md#monitoring-contributor) | <ul><li>Subscription and/or</li><li>Resource group and/or </li><li>An existing DCR</li></ul> | Create or edit DCRs. |

-| [Virtual Machine Contributor](../../role-based-access-control/built-in-roles.md#virtual-machine-contributor)<br>[Azure Connected Machine Resource Administrator](../../role-based-access-control/built-in-roles.md#azure-connected-machine-resource-administrator)</li></ul> | <ul><li>Virtual machines, virtual machine scale sets</li><li>Azure Arc-enabled servers</li></ul> | Deploy associations (for example, to assign rules to the machine). |

-1. Ensure that you have [Azure PowerShell](/powershell/azure/install-az-ps) installed.

- | Custom tables | All custom tables created with or migrated to the [data collection rule (DCR)-based logs ingestion API.](logs-ingestion-api-overview.md) |

-| RequestClientApp | Resolved name of the application used to start the query. |

-There is no cost for Azure Diagnostic Extension, but you may incur charges for the data ingested. Check [Azure Monitor pricing](https://azure.microsoft.com/pricing/details/monitor/) for the destination where you're collecting data.

- To install Azure PowerShell, see the [Azure PowerShell documentation](/powershell/azure/install-az-ps).

-1. The **Environment** parameter will be a dropdown list with the three values.

-If your query result/JSON contains a `group` field, the dropdown list will display groups of values. Follow the preceding sample, but use the following JSON instead:

-1. The **RequestName** parameter will be a dropdown list with the names of all requests in the app.

-The KQL referencing the parameter will need to change to work with the format of the result. The most common way to enable it is via the `in` operator.

-Verify that you're using Azure PowerShell module Az version 1.0.0 or later with `Enable-AzureRM` compatibility aliases enabled. Run `Get-Module -ListAvailable Az` to find the version. If you need to upgrade, see [Install Azure PowerShell module](/powershell/azure/install-az-ps). If you're running PowerShell locally, you also need to run `Connect-AzAccount` to create a connection with Azure.

-This how-to article requires the Azure PowerShell module Az version 2.6.0 or later. Run `Get-Module -ListAvailable Az` to find your current version. If you need to install or upgrade, see [Install Azure PowerShell module](/powershell/azure/install-Az-ps). If you prefer, you can use Cloud Shell console in a PowerShell session instead.

-* MSI Automatic certificate renewal isn't currently supported.

-When exploring the upper limits of performance, it's important to recognize and reduce any constraints that could falsely skew results. For example, if the intent is to prove performance capabilities of a storage system, the client should ideally be configured so that CPU does not become a mitigating factor before storage performance limits are reached. To that end, testing started with the E104ids_v5 instance type as this VM comes equipped not just with a 100 GBps network interface, but with an equally large (100 GBps) egress limit.

-The first topic of interest is chipset selection. Make sure that whatever VM SKU you select is built on a single chipset for consistency reasons. The Intel variant of E_v5 VMs runs on a third Generation Intel Xeon Platinum 8370C (Ice Lake) configuration. All VMs in this family come equipped with a single 100 GBps network interface. In contrast, the E_v3 series, mentioned by way of example, is built on four separate chipsets, with various physical network bandwidths. The four chipsets used in the E_v3 family (Broadwell, Skylake, Cascade Lake, Haswell) have different processor speeds, which affect the performance characteristics of the machine.

-As Azure NetApp Files volumes are network attached, the egress limit can be understood as being applied against writes specifically whereas ingress is defined as reads and read-like workloads. While the egress limit of most machines is greater than the network bandwidth of the NIC, the same cannot be said for the E104_v5 used in testing for this article. The E104_v5 has a 100 GBps NIC with the egress limit set at 100 GBps as well. By comparison, the E96_v5, with its 100 GBps NIC has an egress limit of 35 GBps with ingress unfettered at 100 GBps. As VMs decrease in size, egress limits decrease but ingress remains unfettered by logically imposed limits.

-For more information about installing modules, see [Install Azure PowerShell](/powershell/azure/install-az-ps).

- azPowerShellVersion: '8.3' // or azCliVersion: '2.40.0'

-AzPowerShellVersion : 8.3

-StartTime : 6/18/2022 7:46:45 PM

-EndTime : 6/18/2022 7:49:45 PM

-ExpirationDate : 6/19/2022 7:49:45 PM

- "azPowerShellVersion": "8.3",

- "endTime": "2022-06-25T03:00:16.796923+00:00",

- "expirationTime": "2022-06-26T03:00:16.796923+00:00",

- "startTime": "2022-06-25T02:59:07.595140+00:00",

- "createdAt": "2022-06-25T02:59:04.750195+00:00",

- "lastModifiedAt": "2022-06-25T02:59:04.750195+00:00",

- "createdAt": "2022-06-25T02:59:04.7501955Z",

- "lastModifiedAt": "2022-06-25T02:59:04.7501955Z"

- "azPowerShellVersion": "8.3",

- "startTime": "2022-06-25T02:59:07.5951401Z",

- "endTime": "2022-06-25T03:00:16.7969234Z",

- "expirationTime": "2022-06-26T03:00:16.7969234Z"

-You must have Azure PowerShell version **5.6.0 or later** installed. To update or install, see [Install Azure PowerShell](/powershell/azure/install-az-ps).

-To work with module registries, you must have [Bicep CLI](./install.md) version **0.4.1008** or later. To use with [Azure CLI](/cli/azure/install-azure-cli), you must also have Azure CLI version **2.31.0** or later; to use with [Azure PowerShell](/powershell/azure/install-az-ps), you must also have Azure PowerShell version **7.0.0** or later.

-> To use template specs in Bicep with Azure PowerShell, you must install [version 6.3.0 or later](/powershell/azure/install-az-ps). To use it with Azure CLI, use [version 2.27.0 or later](/cli/azure/install-azure-cli).

-[Install Azure PowerShell](/powershell/azure/install-az-ps). If you choose to use Cloud Shell, see

-* Azure PowerShell. For more information, see [Install the Azure Az PowerShell module](/powershell/azure/install-az-ps).

-Azure PowerShell offers two commands to apply tags: [New-AzTag](/powershell/module/az.resources/new-aztag) and [Update-AzTag](/powershell/module/az.resources/update-aztag). You need to have the `Az.Resources` module 1.12.0 version or later. You can check your version with `Get-InstalledModule -Name Az.Resources`. You can install that module or [install Azure PowerShell](/powershell/azure/install-az-ps) version 3.6.1 or later.

-For more information about installing modules, see [Install Azure PowerShell](/powershell/azure/install-az-ps).

- "azPowerShellVersion": "8.3", // or "azCliVersion": "2.40.0",

-AzPowerShellVersion : 8.3

-StartTime : 6/18/2022 7:46:45 PM

-EndTime : 6/18/2022 7:49:45 PM

-ExpirationDate : 6/19/2022 7:49:45 PM

- "azPowerShellVersion": "8.3",

- "forceUpdateTag": "20220625T025902Z",

- "endTime": "2022-06-25T03:00:16.796923+00:00",

- "expirationTime": "2022-06-26T03:00:16.796923+00:00",

- "startTime": "2022-06-25T02:59:07.595140+00:00",

- "createdAt": "2022-06-25T02:59:04.750195+00:00",

- "lastModifiedAt": "2022-06-25T02:59:04.750195+00:00",

- "createdAt": "2022-06-25T02:59:04.7501955Z",

- "lastModifiedAt": "2022-06-25T02:59:04.7501955Z"

- "azPowerShellVersion": "8.3",

- "startTime": "2022-06-25T02:59:07.5951401Z",

- "endTime": "2022-06-25T03:00:16.7969234Z",

- "expirationTime": "2022-06-26T03:00:16.7969234Z"

-> To use template spec with Azure PowerShell, you must install [version 5.0.0 or later](/powershell/azure/install-az-ps). To use it with Azure CLI, use [version 2.14.2 or later](/cli/azure/install-azure-cli).

-> To use template specs with Azure PowerShell, you must install [version 5.0.0 or later](/powershell/azure/install-az-ps). To use it with Azure CLI, use [version 2.14.2 or later](/cli/azure/install-azure-cli).

-For Azure PowerShell, use [version 6.0.0 or later](/powershell/azure/install-az-ps). For Azure CLI, use [version 2.24.0 or later](/cli/azure/install-azure-cli).

-> To use template spec with Azure PowerShell, you must install [version 5.0.0 or later](/powershell/azure/install-az-ps). To use it with Azure CLI, use [version 2.14.2 or later](/cli/azure/install-azure-cli).

-> To use template spec with Azure PowerShell, you must install [version 5.0.0 or later](/powershell/azure/install-az-ps). To use it with Azure CLI, use [version 2.14.2 or later](/cli/azure/install-azure-cli).

-1. [Install Az module](/powershell/azure/install-az-ps)

-* If you want to run the code locally, [Azure PowerShell](/powershell/azure/install-az-ps).

-Azure Video Indexer does give you the choice to upload videos from URL or directly by sending the file as a byte array, the latter comes with some constraints. For more information, see [uploading considerations and limitations)](upload-index-videos.md#uploading-considerations-and-limitations)

-To see an example of how to upload videos using URL, check out [this example](upload-index-videos.md#code-sample). Or, you can use [AzCopy](../storage/common/storage-use-azcopy-v10.md) for a fast and reliable way to get your content to a storage account from which you can submit it to Azure Video Indexer using [SAS URL](../storage/common/storage-sas-overview.md). Azure Video Indexer recommends using *readonly* SAS URLs.

-We recommend that instead of polling the status of your request constantly from the second you sent the upload request, you can add a [callback URL](upload-index-videos.md#callbackurl), and wait for Azure Video Indexer to update you. As soon as there is any status change in your upload request, you get a POST notification to the URL you specified.

-Before uploading and indexing your video read this short [documentation](upload-index-videos.md), check the [indexingPreset](upload-index-videos.md#indexingpreset) and [streamingPreset](upload-index-videos.md#streamingpreset) to get a better idea of what your options are.

-description: Learn two methods for uploading and indexing videos by using Azure Video Indexer.

-# Upload and index your videos

-This article shows how to upload and index videos by using the Azure Video Indexer website (see [get started with the website](video-indexer-get-started.md)) and the Upload Video API (see [get started with API](video-indexer-use-apis.md)).

-After you upload and index a video, you can use [Azure Video Indexer website](video-indexer-view-edit.md) or [Azure Video Indexer API developer portal](video-indexer-use-apis.md) to see the insights of the video (see [Examine the Azure Video Indexer output](video-indexer-output-json-v2.md).

-## Supported file formats

-For a list of file formats that you can use with Azure Video Indexer, see [Standard Encoder formats and codecs](/azure/media-services/latest/encode-media-encoder-standard-formats-reference).

-## Storage of video files

-When you use Azure Video Indexer, video files are stored in Azure Storage through Media Services. The limits are 30 GB in size and 4 hours in length.

-You can always delete your video and audio files, along with any metadata and insights that Azure Video Indexer has extracted from them. After you delete a file from Azure Video Indexer, the file and its metadata and insights are permanently removed from Azure Video Indexer. However, if you've implemented your own backup solution in Azure Storage, the file remains in Azure Storage.

-The persistence of a video is identical whether you upload by using the Azure Video Indexer website or by using the Upload Video API.

-## Upload and index a video by using the website

-Sign in on the [Azure Video Indexer](https://www.videoindexer.ai/) website, and then select **Upload**.

-> :::image type="content" source="./media/video-indexer-get-started/video-indexer-upload.png" alt-text="Screenshot that shows the Upload button.":::

-After your video is uploaded, Azure Video Indexer starts indexing and analyzing the video.

-> [!div class="mx-imgBorder"]

-> :::image type="content" source="./media/video-indexer-get-started/progress.png" alt-text="Screenshot that shows the progress of an upload.":::

-After Azure Video Indexer is done analyzing, you get an email with a link to your video. The email also includes a short description of what was found in your video (for example: people, topics, optical character recognition).

-## Upload and index a video by using the API

-You can use the [Upload Video](https://api-portal.videoindexer.ai/api-details#api=Operations&operation=Upload-Video) API to upload and index your videos based on a URL. The code sample that follows includes the commented-out code that shows how to upload the byte array.

-You can also view the following video.

-> [!VIDEO https://www.microsoft.com/videoplayer/embed/RW10CsK]

-> [!NOTE]

-> Before you proceed, make sure to review [API recommendations](video-indexer-use-apis.md#recommendations).

-### Configurations and parameters

-This section describes some of the optional parameters and when to set them. For the most up-to-date info about parameters, see the [Azure Video Indexer API developer portal](https://api-portal.videoindexer.ai/api-details#api=Operations&operation=Upload-Video).

-#### externalID

-Use this parameter to specify an ID that will be associated with the video. The ID can be applied to integration into an external video content management (VCM) system. The videos that are in the Azure Video Indexer website can be searched via the specified external ID.

-#### callbackUrl

-Use this parameter to specify a callback URL.

-Azure Video Indexer returns any existing parameters provided in the original URL. The URL must be encoded.

-#### indexingPreset

-Use this parameter to define an AI bundle that you want to apply on your audio or video file. This parameter is used to configure the indexing process. You can specify the following values:

- The `DefaultWithNoiseReduction` value is now mapped to a default preset (deprecated).

-> [!NOTE]

-> The preceding advanced presets include models that are in public preview. When these models reach general availability, there might be implications for the price.

-Azure Video Indexer covers up to two tracks of audio. If the file has more audio tracks, they're treated as one track. If you want to index the tracks separately, you need to extract the relevant audio file and index it as `AudioOnly`.

-Price depends on the selected indexing option. For more information, see [Media Services pricing](https://azure.microsoft.com/pricing/details/media-services/).

-#### priority

-Azure Video Indexer indexes videos according to their priority. Use the `priority` parameter to specify the index priority. The following values are valid: `Low`, `Normal` (default), and `High`.

-This parameter is supported only for paid accounts.

-#### streamingPreset

-After your video is uploaded, Azure Video Indexer optionally encodes the video. It then proceeds to indexing and analyzing the video. When Azure Video Indexer is done analyzing, you get a notification with the video ID.

-When you're using the [Upload Video](https://api-portal.videoindexer.ai/api-details#api=Operations&operation=Upload-Video) or [Re-Index Video](https://api-portal.videoindexer.ai/api-details#api=Operations&operation=Re-Index-Video) API, one of the optional parameters is `streamingPreset`. If you set `streamingPreset` to `Default`, `SingleBitrate`, or `AdaptiveBitrate`, the encoding process is triggered.

-After the indexing and encoding jobs are done, the video is published so you can also stream your video. The streaming endpoint from which you want to stream the video must be in the **Running** state.

-For `SingleBitrate`, the standard encoder cost will apply for the output. If the video height is greater than or equal to 720, Azure Video Indexer encodes it as 1280 x 720. Otherwise, it's encoded as 640 x 468.

-The default setting is [content-aware encoding](/azure/media-services/latest/encode-content-aware-concept).

-If you only want to index your video and not encode it, set `streamingPreset` to `NoStreaming`.

-#### videoUrl

-This parameter specifies the URL of the video or audio file to be indexed. If the `videoUrl` parameter is not specified, Azure Video Indexer expects you to pass the file as multipart/form body content.

-### Code sample

-The following C# code snippets demonstrate the usage of all the Azure Video Indexer APIs together.

-### [Azure Resource Manager account](#tab/with-arm-account-account/)

-After you copy this C# project into your development platform, you need to take the following steps:

-1. Go to Program.cs and populate:

- - ```SubscriptionId``` with your subscription ID.

- - ```ResourceGroup``` with your resource group.

- - ```AccountName``` with your account name.

- - ```VideoUrl``` with your video URL.

-1. Make sure that .NET 6.0 is installed. If it isn't, [install it](https://dotnet.microsoft.com/download/dotnet/6.0).

-1. Make sure that the Azure CLI is installed. If it isn't, [install it](/cli/azure/install-azure-cli).

-1. Open your terminal and go to the *VideoIndexerArm* folder.

-1. Log in to Azure: ```az login --use-device```.

-1. Build the project: ```dotnet build```.

-1. Run the project: ```dotnet run```.

-```csharp

-<Project Sdk="Microsoft.NET.Sdk">

- <PropertyGroup>

- <OutputType>Exe</OutputType>

- <TargetFramework>net5.0</TargetFramework>

- </PropertyGroup>

- <ItemGroup>

- <PackageReference Include="Azure.Identity" Version="1.4.1" />

- <PackageReference Include="Microsoft.Identity.Client" Version="4.36.2" />

- </ItemGroup>

-</Project>

-```

-```csharp

-using System;

-using System.Collections.Generic;

-using System.Net.Http;

-using System.Net.Http.Headers;

-using System.Text.Json;

-using System.Text.Json.Serialization;

-using System.Threading.Tasks;

-using System.Web;

-using Azure.Core;

-using Azure.Identity;

-namespace VideoIndexerArm

-{

- public class Program

- {

- private const string AzureResourceManager = "https://management.azure.com";

- private const string SubscriptionId = ""; // Your Azure subscription

- private const string ResourceGroup = ""; // Your resource group

- private const string AccountName = ""; // Your account name

- private const string VideoUrl = ""; // The video URL you want to index

- public static async Task Main(string[] args)

- {

- // Build Azure Video Indexer resource provider client that has access token through Azure Resource Manager

- var videoIndexerResourceProviderClient = await VideoIndexerResourceProviderClient.BuildVideoIndexerResourceProviderClient();

- // Get account details

- var account = await videoIndexerResourceProviderClient.GetAccount();

- var accountId = account.Properties.Id;

- var accountLocation = account.Location;

- Console.WriteLine($"account id: {accountId}");

- Console.WriteLine($"account location: {accountLocation}");

- // Get account-level access token for Azure Video Indexer

- var accessTokenRequest = new AccessTokenRequest

- {

- PermissionType = AccessTokenPermission.Contributor,

- Scope = ArmAccessTokenScope.Account

- };

- var accessToken = await videoIndexerResourceProviderClient.GetAccessToken(accessTokenRequest);

- var apiUrl = "https://api.videoindexer.ai";

- System.Net.ServicePointManager.SecurityProtocol = System.Net.ServicePointManager.SecurityProtocol | System.Net.SecurityProtocolType.Tls12;

- // Create the HTTP client

- var handler = new HttpClientHandler();

- handler.AllowAutoRedirect = false;

- var client = new HttpClient(handler);

- // Upload a video

- MultipartFormDataContent content = null;

- Console.WriteLine("Uploading...");

- // As an alternative to specifying video URL, you can upload a file.

- // Remove the videoUrl parameter from the query parameters below and add the following lines:

- //content = new MultipartFormDataContent();

- //FileStream video = File.OpenRead(@"c:\videos\democratic3.mp4");

- //byte[] buffer = new byte[video.Length];

- //video.Read(buffer, 0, buffer.Length);

- //content.Add(new ByteArrayContent(buffer), "MyVideo", "MyVideo");

- var queryParams = CreateQueryString(

- new Dictionary<string, string>()

- {

- {"accessToken", accessToken},

- {"name", "video sample"},

- {"description", "video_description"},

- {"privacy", "private"},

- {"partition", "partition"},

- {"videoUrl", VideoUrl},

- });

- var uploadRequestResult = await client.PostAsync($"{apiUrl}/{accountLocation}/Accounts/{accountId}/Videos?{queryParams}", content);

- var uploadResult = await uploadRequestResult.Content.ReadAsStringAsync();

- // Get the video ID from the upload result

- string videoId = JsonSerializer.Deserialize<Video>(uploadResult).Id;

- Console.WriteLine("Uploaded");

- Console.WriteLine("Video ID:");

- Console.WriteLine(videoId);

- // Wait for the video index to finish

- while (true)

- {

- await Task.Delay(10000);

- queryParams = CreateQueryString(

- new Dictionary<string, string>()

- {

- {"accessToken", accessToken},

- {"language", "English"},

- });

- var videoGetIndexRequestResult = await client.GetAsync($"{apiUrl}/{accountLocation}/Accounts/{accountId}/Videos/{videoId}/Index?{queryParams}");

- var videoGetIndexResult = await videoGetIndexRequestResult.Content.ReadAsStringAsync();

- string processingState = JsonSerializer.Deserialize<Video>(videoGetIndexResult).State;

- Console.WriteLine("");

- Console.WriteLine("State:");

- Console.WriteLine(processingState);

- // Job is finished

- if (processingState != "Uploaded" && processingState != "Processing")

- {

- Console.WriteLine("");

- Console.WriteLine("Full JSON:");

- Console.WriteLine(videoGetIndexResult);

- break;

- }

- }

- // Search for the video

- queryParams = CreateQueryString(

- new Dictionary<string, string>()

- {

- {"accessToken", accessToken},

- {"id", videoId},

- });

- var searchRequestResult = await client.GetAsync($"{apiUrl}/{accountLocation}/Accounts/{accountId}/Videos/Search?{queryParams}");

- var searchResult = await searchRequestResult.Content.ReadAsStringAsync();

- Console.WriteLine("");

- Console.WriteLine("Search:");

- Console.WriteLine(searchResult);

- // Get insights widget URL

- queryParams = CreateQueryString(

- new Dictionary<string, string>()

- {

- {"accessToken", accessToken},

- {"widgetType", "Keywords"},

- {"allowEdit", "true"},

- });

- var insightsWidgetRequestResult = await client.GetAsync($"{apiUrl}/{accountLocation}/Accounts/{accountId}/Videos/{videoId}/InsightsWidget?{queryParams}");

- var insightsWidgetLink = insightsWidgetRequestResult.Headers.Location;

- Console.WriteLine("Insights Widget url:");

- Console.WriteLine(insightsWidgetLink);

- // Get player widget URL

- queryParams = CreateQueryString(

- new Dictionary<string, string>()

- {

- {"accessToken", accessToken},

- });

- var playerWidgetRequestResult = await client.GetAsync($"{apiUrl}/{accountLocation}/Accounts/{accountId}/Videos/{videoId}/PlayerWidget?{queryParams}");

- var playerWidgetLink = playerWidgetRequestResult.Headers.Location;

- Console.WriteLine("");

- Console.WriteLine("Player Widget url:");

- Console.WriteLine(playerWidgetLink);

- Console.WriteLine("\nPress Enter to exit...");

- String line = Console.ReadLine();

- if (line == "enter")

- {

- System.Environment.Exit(0);

- }

- }

- static string CreateQueryString(IDictionary<string, string> parameters)

- {

- var queryParameters = HttpUtility.ParseQueryString(string.Empty);

- foreach (var parameter in parameters)

- {

- queryParameters[parameter.Key] = parameter.Value;

- }

- return queryParameters.ToString();

- }

- public class VideoIndexerResourceProviderClient

- {

- private readonly string armAaccessToken;

- async public static Task<VideoIndexerResourceProviderClient> BuildVideoIndexerResourceProviderClient()

- {

- var tokenRequestContext = new TokenRequestContext(new[] { $"{AzureResourceManager}/.default" });

- var tokenRequestResult = await new DefaultAzureCredential().GetTokenAsync(tokenRequestContext);

- return new VideoIndexerResourceProviderClient(tokenRequestResult.Token);

- }

- public VideoIndexerResourceProviderClient(string armAaccessToken)

- {

- this.armAaccessToken = armAaccessToken;

- }

- public async Task<string> GetAccessToken(AccessTokenRequest accessTokenRequest)

- {

- Console.WriteLine($"Getting access token. {JsonSerializer.Serialize(accessTokenRequest)}");

- // Set the generateAccessToken (from video indexer) HTTP request content

- var jsonRequestBody = JsonSerializer.Serialize(accessTokenRequest);

- var httpContent = new StringContent(jsonRequestBody, System.Text.Encoding.UTF8, "application/json");

- // Set request URI

- var requestUri = $"{AzureResourceManager}/subscriptions/{SubscriptionId}/resourcegroups/{ResourceGroup}/providers/Microsoft.VideoIndexer/accounts/{AccountName}/generateAccessToken?api-version=2021-08-16-preview";

- // Generate access token from video indexer

- var client = new HttpClient(new HttpClientHandler());

- client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", armAaccessToken);

- var result = await client.PostAsync(requestUri, httpContent);

- var jsonResponseBody = await result.Content.ReadAsStringAsync();

- return JsonSerializer.Deserialize<GenerateAccessTokenResponse>(jsonResponseBody).AccessToken;

- }

- public async Task<Account> GetAccount()

- {

- Console.WriteLine($"Getting account.");

- // Set request URI

- var requestUri = $"{AzureResourceManager}/subscriptions/{SubscriptionId}/resourcegroups/{ResourceGroup}/providers/Microsoft.VideoIndexer/accounts/{AccountName}/?api-version=2021-08-16-preview";

- // Get account

- var client = new HttpClient(new HttpClientHandler());

- client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", armAaccessToken);

- var result = await client.GetAsync(requestUri);

- var jsonResponseBody = await result.Content.ReadAsStringAsync();

- return JsonSerializer.Deserialize<Account>(jsonResponseBody);

- }

- }

- public class AccessTokenRequest

- {

- [JsonPropertyName("permissionType")]

- public AccessTokenPermission PermissionType { get; set; }

- [JsonPropertyName("scope")]

- public ArmAccessTokenScope Scope { get; set; }

- [JsonPropertyName("projectId")]

- public string ProjectId { get; set; }

- [JsonPropertyName("videoId")]

- public string VideoId { get; set; }

- }

- [JsonConverter(typeof(JsonStringEnumConverter))]

- public enum AccessTokenPermission

- {

- Reader,

- Contributor,

- MyAccessAdministrator,

- Owner,

- }

- [JsonConverter(typeof(JsonStringEnumConverter))]

- public enum ArmAccessTokenScope

- {

- Account,

- Project,

- Video

- }

- public class GenerateAccessTokenResponse

- {

- [JsonPropertyName("accessToken")]

- public string AccessToken { get; set; }

- }

- public class AccountProperties

- {

- [JsonPropertyName("accountId")]

- public string Id { get; set; }

- }

- public class Account

- {

- [JsonPropertyName("properties")]

- public AccountProperties Properties { get; set; }

- [JsonPropertyName("location")]

- public string Location { get; set; }

- }

- public class Video

- {

- [JsonPropertyName("id")]

- public string Id { get; set; }

- [JsonPropertyName("state")]

- public string State { get; set; }

- }

- }

-}

-```

-### [Classic account](#tab/With-classic-account/)

-After you copy the following code into your development platform, you'll need to provide two parameters:

-* API key (`apiKey`): Your personal API management subscription key. It allows you to get an access token in order to perform operations on your Azure Video Indexer account.

- To get your API key:

- 1. Go to the [Azure Video Indexer API developer portal](https://api-portal.videoindexer.ai/).

- 1. Sign in.

- 1. Go to **Products** > **Authorization** > **Authorization subscription**.

- 1. Copy the **Primary key** value.

-* Video URL (`videoUrl`): A URL of the video or audio file to be indexed. Here are the requirements:

- - The URL must point at a media file. (HTML pages are not supported.)

- - The file can be protected by an access token that's provided as part of the URI. The endpoint that serves the file must be secured with TLS 1.2 or later.

- - The URL must be encoded.

-The result of successfully running the code sample includes an insight widget URL and a player widget URL. They allow you to examine the insights and the uploaded video, respectively.

-```csharp

-public async Task Sample()

-{

- var apiUrl = "https://api.videoindexer.ai";

- var apiKey = "..."; // Replace with API key taken from https://aka.ms/viapi

- System.Net.ServicePointManager.SecurityProtocol =

- System.Net.ServicePointManager.SecurityProtocol | System.Net.SecurityProtocolType.Tls12;

- // Create the HTTP client

- var handler = new HttpClientHandler();

- handler.AllowAutoRedirect = false;

- var client = new HttpClient(handler);

- client.DefaultRequestHeaders.Add("Ocp-Apim-Subscription-Key", apiKey);

- // Obtain account information and access token

- string queryParams = CreateQueryString(

- new Dictionary<string, string>()

- {

- {"generateAccessTokens", "true"},

- {"allowEdit", "true"},

- });

- HttpResponseMessage result = await client.GetAsync($"{apiUrl}/auth/trial/Accounts?{queryParams}");

- var json = await result.Content.ReadAsStringAsync();

- var accounts = JsonConvert.DeserializeObject<AccountContractSlim[]>(json);

- // Take the relevant account. Here we simply take the first.

- // You can also get the account via accounts.First(account => account.Id == <GUID>);

- var accountInfo = accounts.First();

- // We'll use the access token from here on, so there's no need for the APIM key

- client.DefaultRequestHeaders.Remove("Ocp-Apim-Subscription-Key");

- // Upload a video

- MultipartFormDataContent content = null;

- Console.WriteLine("Uploading...");

- // Get the video from URL

- var videoUrl = "VIDEO_URL"; // Replace with the video URL

- // As an alternative to specifying video URL, you can upload a file.

- // Remove the videoUrl parameter from the query parameters below and add the following lines:

- //content = new MultipartFormDataContent();

- //FileStream video = File.OpenRead(@"c:\videos\democratic3.mp4");

- //byte[] buffer = new byte[video.Length];

- //video.Read(buffer, 0, buffer.Length);

- //content.Add(new ByteArrayContent(buffer), "MyVideo", "MyVideo");

- queryParams = CreateQueryString(

- new Dictionary<string, string>()

- {

- {"accessToken", accountInfo.AccessToken},

- {"name", "video_name"},

- {"description", "video_description"},

- {"privacy", "private"},

- {"partition", "partition"},

- {"videoUrl", videoUrl},

- });

- var uploadRequestResult = await client.PostAsync($"{apiUrl}/{accountInfo.Location}/Accounts/{accountInfo.Id}/Videos?{queryParams}", content);

- var uploadResult = await uploadRequestResult.Content.ReadAsStringAsync();

- // Get the video ID from the upload result

- string videoId = JsonConvert.DeserializeObject<dynamic>(uploadResult)["id"];

- Console.WriteLine("Uploaded");

- Console.WriteLine("Video ID:");

- Console.WriteLine(videoId);

- // Wait for the video index to finish

- while (true)

- {

- await Task.Delay(10000);

- queryParams = CreateQueryString(

- new Dictionary<string, string>()

- {

- {"accessToken", accountInfo.AccessToken},

- {"language", "English"},

- });

- var videoGetIndexRequestResult = await client.GetAsync($"{apiUrl}/{accountInfo.Location}/Accounts/{accountInfo.Id}/Videos/{videoId}/Index?{queryParams}");

- var videoGetIndexResult = await videoGetIndexRequestResult.Content.ReadAsStringAsync();

- string processingState = JsonConvert.DeserializeObject<dynamic>(videoGetIndexResult)["state"];

- Console.WriteLine("");

- Console.WriteLine("State:");

- Console.WriteLine(processingState);

- // Job is finished

- if (processingState != "Uploaded" && processingState != "Processing")

- {

- Console.WriteLine("");

- Console.WriteLine("Full JSON:");

- Console.WriteLine(videoGetIndexResult);

- break;

- }

- }

- // Search for the video

- queryParams = CreateQueryString(

- new Dictionary<string, string>()

- {

- {"accessToken", accountInfo.AccessToken},

- {"id", videoId},

- });

- var searchRequestResult = await client.GetAsync($"{apiUrl}/{accountInfo.Location}/Accounts/{accountInfo.Id}/Videos/Search?{queryParams}");

- var searchResult = await searchRequestResult.Content.ReadAsStringAsync();

- Console.WriteLine("");

- Console.WriteLine("Search:");

- Console.WriteLine(searchResult);

- // Generate video access token (used for get widget calls)

- client.DefaultRequestHeaders.Add("Ocp-Apim-Subscription-Key", apiKey);

- var videoTokenRequestResult = await client.GetAsync($"{apiUrl}/auth/{accountInfo.Location}/Accounts/{accountInfo.Id}/Videos/{videoId}/AccessToken?allowEdit=true");

- var videoAccessToken = (await videoTokenRequestResult.Content.ReadAsStringAsync()).Replace("\"", "");

- client.DefaultRequestHeaders.Remove("Ocp-Apim-Subscription-Key");

- // Get insights widget URL

- queryParams = CreateQueryString(

- new Dictionary<string, string>()

- {

- {"accessToken", videoAccessToken},

- {"widgetType", "Keywords"},

- {"allowEdit", "true"},

- });

- var insightsWidgetRequestResult = await client.GetAsync($"{apiUrl}/{accountInfo.Location}/Accounts/{accountInfo.Id}/Videos/{videoId}/InsightsWidget?{queryParams}");

- var insightsWidgetLink = insightsWidgetRequestResult.Headers.Location;

- Console.WriteLine("Insights Widget url:");

- Console.WriteLine(insightsWidgetLink);

- // Get player widget URL

- queryParams = CreateQueryString(

- new Dictionary<string, string>()

- {

- {"accessToken", videoAccessToken},

- });

- var playerWidgetRequestResult = await client.GetAsync($"{apiUrl}/{accountInfo.Location}/Accounts/{accountInfo.Id}/Videos/{videoId}/PlayerWidget?{queryParams}");

- var playerWidgetLink = playerWidgetRequestResult.Headers.Location;

- Console.WriteLine("");

- Console.WriteLine("Player Widget url:");

- Console.WriteLine(playerWidgetLink);

- Console.WriteLine("\nPress Enter to exit...");

- String line = Console.ReadLine();

- if (line == "enter")

- {

- System.Environment.Exit(0);

- }

-}

-private string CreateQueryString(IDictionary<string, string> parameters)

-{

- var queryParameters = HttpUtility.ParseQueryString(string.Empty);

- foreach (var parameter in parameters)

- {

- queryParameters[parameter.Key] = parameter.Value;

- }

- return queryParameters.ToString();

-}

-public class AccountContractSlim

-{

- public Guid Id { get; set; }

- public string Name { get; set; }

- public string Location { get; set; }

- public string AccountType { get; set; }

- public string Url { get; set; }

- public string AccessToken { get; set; }

-}

-```

-### Common errors

-The upload operation might return the following status codes:

-|Status code|ErrorType (in response body)|Description|

-||||

-|409|VIDEO_INDEXING_IN_PROGRESS|The same video is already being processed in this account.|

-|400|VIDEO_ALREADY_FAILED|The same video failed to process in this account less than 2 hours ago. API clients should wait at least 2 hours before reuploading a video.|

-|429||Trial accounts are allowed 5 uploads per minute. Paid accounts are allowed 50 uploads per minute.|

-## Uploading considerations and limitations

- If it's a private URL, the access token must be provided in the request.

-> [!Tip]

-> We recommend that you use .NET Framework version 4.6.2. or later, because older .NET Framework versions don't default to TLS 1.2.

->

-> If you must use an older .NET Framework version, add one line to your code before making the REST API call:

->

-> `System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12;`

-## Firewall

-For information about a storage account that's behind a firewall, see the [FAQ](faq.yml#can-a-storage-account-connected-to-the-media-services-account-be-behind-a-firewall).

-[Examine the Azure Video Indexer output produced by an API](video-indexer-output-json-v2.md)

-1. [Download the latest version of Azure PowerShell](/powershell/azure/install-az-ps).

-1. [Download the latest version of Az PowerShell](/powershell/azure/install-az-ps). The minimum version required is 1.5.0.

-1. [Download the latest version of PowerShell](/powershell/azure/install-az-ps)

-To get started, [install the latest PowerShell release](/powershell/azure/install-az-ps).

-To begin, [download the latest Azure PowerShell](/powershell/azure/install-az-ps).

-This quickstart requires the Azure PowerShell AZ module version 1.0.0 or later. Run `Get-Module -ListAvailable Az` to find the version. If you need to install or upgrade, see [Install Azure PowerShell module](/powershell/azure/install-az-ps).

-1. Install the latest Azure PowerShell Az modules from [this link](/powershell/azure/install-az-ps) before running the script.

-# Create a shareable link for Bastion - preview

-1. If needed, install [Azure PowerShell](/powershell/azure/install-az-ps) on your local machine.

-description: Audio Content Creation is an online tool that allows you to run text-to-speech synthesis without writing any code.

-You can use the [Audio Content Creation](https://speech.microsoft.com/portal/audiocontentcreation) tool in Speech Studio for text-to-speech synthesis without writing any code. You can use the output audio as-is, or as a starting point for further customization.

-Build highly natural audio content for a variety of scenarios, such as audiobooks, news broadcasts, video narrations, and chat bots. With Audio Content Creation, you can efficiently fine-tune text-to-speech voices and design customized audio experiences.

-The tool is based on [Speech Synthesis Markup Language (SSML)](speech-synthesis-markup.md). It allows you to adjust text-to-speech output attributes in real-time or batch synthesis, such as voice characters, voice styles, speaking speed, pronunciation, and prosody.

-The following diagram displays the process for fine-tuning the text-to-speech outputs.

- If nothing appears, or if that version of the Azure PowerShell module is earlier than 5.1.0, follow the instructions at [Install the Azure PowerShell module](/powershell/azure/install-Az-ps) to upgrade.

-1. Install the [Azure PowerShell](/powershell/azure/install-az-ps) and [sign in](/powershell/azure/authenticate-azureps), or select **Try it**.

-1. Install the [Azure PowerShell](/powershell/azure/install-az-ps) and [sign in](/powershell/azure/authenticate-azureps), or select **Try it**.

-1. Install the [Azure PowerShell](/powershell/azure/install-az-ps) and [sign in](/powershell/azure/authenticate-azureps), or select **Try it**.

-1. Install the [Azure PowerShell](/powershell/azure/install-az-ps) and [sign in](/powershell/azure/authenticate-azureps), or select **Try it**.

- export user=$(az account show | jq -r .user.name)

- export resourceId=$(az group show -g $myResourceGroupName | jq -r .id)

- > Role assignment change will take ~5 mins to become effective. Therefore, I did this step ahead of time. Skip this if you have already done this previously.

- export accessToken=$(az account get-access-token --resource https://cognitiveservices.azure.com | jq -r .accessToken)

-* [Azure CLI](/cli/azure/install-azure-cli) or [Azure PowerShell](/powershell/azure/install-az-ps)

-* [Azure CLI](/cli/azure/install-azure-cli) or [Azure PowerShell](/powershell/azure/install-az-ps)

-* [Azure CLI](/cli/azure/install-azure-cli) or [Azure PowerShell](/powershell/azure/install-az-ps)

->[!IMPORTANT]

->During Public Preview only: if you plan to use a wildcard certificate for the domain that is not registered in Teams, please raise a support ticket, and our team will add it as a trusted domain.

-SBC pairing works on the Communication Services resource level. It means you can pair many SBCs to a single Communication Services resource. Still, you cannot pair a single SBC to more than one Communication Services resource. Unique SBC FQDNs are required for pairing to different resources.

- - will be fixed in GA release

- - will be fixed in GA release

- - will be fixed in GA release

-## 3. Provide additional information to your onboarding team

-## 4. Test your Operator Connect portal access

-## 5. Add the application ID for Azure Communications Gateway to Operator Connect

-You must enable the Azure Communications Gateway application within the Operator Connect or Teams Phone Mobile environment. Enabling the application allows Azure Communications Gateway to use the roles that you set up in [Prepare to deploy Azure Communications Gateway](prepare-to-deploy.md#10-set-up-application-roles-for-azure-communications-gateway).

-To enable the Azure Communications Gateway application, add the application ID of the service principal representing Azure Communications Gateway to your Operator Connect or Teams Phone Mobile environment:

-1. Optionally, check the application ID of the service principal to confirm that you're adding the right application.

- 1. Search for `AzureCommunicationsGateway` with the search bar: it's under the **Azure Active Directory** subheading.

- 1. On the overview page, check that the value of **Application ID** is `8502a0ec-c76d-412f-836c-398018e2312b`.

-1. Add a new **Application Id**, pasting in the following value. This value is the application ID for Azure Communications Gateway.

- ```

- 8502a0ec-c76d-412f-836c-398018e2312b

- ```

- Architecture diagram showing Azure Communications Gateway connecting to the Microsoft Phone System, a softswitch in a fixed line deployment and a mobile IMS core. The mobile network also contains an application server for anchoring calls in the Microsoft Phone System.

-Azure Communications Gateway supports the SIP and RTP requirements for Teams Certified SBCs. It can transform call flows to suit your network with minimal disruption to existing infrastructure. Its voice features include:

-1. Configure your network devices to send and receive traffic from Azure Communications Gateway. You might need to configure SBCs, softswitches and access control lists (ACLs).

-1. Run the following cmdlet, replacing *`<AADTenantID>`* with the tenant ID you noted down in step 4.

- |Whether an on-premises Mobile Control Point is in use.|**Instance details: Enable on-premises MCP functionality**|

-## 9. Register the Microsoft Voice Services resource provider

-If the **Microsoft.VoiceServices** resource provider isn't already registered in your subscription, register this provider.

-1. Sign in to the [Azure portal](https://portal.azure.com/) and go to your Azure subscription.

-1. Select **Resource providers** under the **Settings** tab.

-1. Search for the **Microsoft.VoiceServices** resource provider.

-1. Check if the resource provider is already marked as registered. If it isn't, choose the resource provider and select **Register**.

-## 10. Set up application roles for Azure Communications Gateway

-Azure Communications Gateway contains services that need to access the Operator Connect API on your behalf. To enable this access, you must grant specific application roles to an AzureCommunicationsGateway service principal under the Project Synergy Enterprise Application. You created the Project Synergy application in [1. Add the Project Synergy application to your Azure tenancy](#1-add-the-project-synergy-application-to-your-azure-tenancy). We created the Azure Communications Gateway service principal for you when you followed [9. Register the Microsoft Voice Services resource provider](#9-register-the-microsoft-voice-services-resource-provider).

-> [!IMPORTANT]

-> Granting permissions has two parts: configuring the service principal with the appropriate roles (this step) and adding the ID of the service principal to the Operator Connect or Teams Phone Mobile environment. You'll add the service principal to the Operator Connect or Teams Phone Mobile environment later, as part of [deploying Azure Communications Gateway](deploy.md).

-Do the following steps in the tenant that contains your Project Synergy application.

-1. Check whether the Azure Active Directory (`AzureAD`) module is installed in PowerShell. Install it if necessary.

- 1. Open PowerShell.

- 1. Run the following command and check whether `AzureAD` appears in the output.

- ```azurepowershell

- Get-Module -ListAvailable

- ```

- 1. If `AzureAD` doesn't appear in the output, install the module:

- 1. Close your current PowerShell window.

- 1. Open PowerShell as an admin.

- 1. Run the following command.

- ```azurepowershell

- Install-Module AzureAD

- ```

- 1. Close your PowerShell admin window.

-1. Sign in to the [Azure portal](https://ms.portal.azure.com/) as an Azure Active Directory Global Admin.

-1. Select **Azure Active Directory**.

-1. Select **Properties**.

-1. Scroll down to the Tenant ID field. Your tenant ID is in the box. Make a note of your tenant ID.

-1. Open PowerShell.

-1. Run the following cmdlet, replacing *`<AADTenantID>`* with the tenant ID you noted down in step 4.

- ```azurepowershell

- Connect-AzureAD -TenantId "<AADTenantID>"

- ```

-1. Run the following PowerShell commands. These commands add the following roles for Azure Communications Gateway: `TrunkManagement.Read`, `NumberManagement.Read`, `NumberManagement.Write`, `Data.Read`, `Data.Write`, `TrunkManagement.Write`, `PartnerSettings.Read`.

- ```azurepowershell

- # Get the Service Principal ID for Azure Communications Gateway

- $commGwayApplicationId = "8502a0ec-c76d-412f-836c-398018e2312b"

- $commGwayEnterpriseApplication = Get-AzureADServicePrincipal -Filter "AppId eq '$commGwayApplicationId'"

- $commGwayObjectId = $commGwayEnterpriseApplication.ObjectId

-

- # Get the Service Principal ID for Project Synergy (Operator Connect)

- $projectSynergyApplicationId = "eb63d611-525e-4a31-abd7-0cb33f679599"

- $projectSynergyEnterpriseApplication = Get-AzureADServicePrincipal -Filter "AppId eq '$projectSynergyApplicationId'"

- $projectSynergyObjectId = $projectSynergyEnterpriseApplication.ObjectId

-

- # Required Operator Connect - Project Synergy Roles

- $trunkManagementRead = "72129ccd-8886-42db-a63c-2647b61635c1"

- $trunkManagementWrite = "e907ba07-8ad0-40be-8d72-c18a0b3c156b"

-

- $partnerSettingsRead = "d6b0de4a-aab5-4261-be1b-0e1800746fb2"

-

- $numberManagementRead = "130ecbe2-d1e6-4bbd-9a8d-9a7a909b876e"

- $numberManagementWrite = "752b4e79-4b85-4e33-a6ef-5949f0d7d553"

-

- $dataRead = "eb63d611-525e-4a31-abd7-0cb33f679599"

- $dataWrite = "98d32f93-eaa7-4657-b443-090c23e69f27"

-

- $requiredRoles = $trunkManagementRead, $numberManagementRead, $numberManagementWrite, $dataRead, $dataWrite, $trunkManagementWrite, $partnerSettingsRead

-

- foreach ($role in $requiredRoles) {

- # Assign the relevant Role to the Azure Communications Gateway Service Principal

- New-AzureADServiceAppRoleAssignment -ObjectId $commGwayObjectId -PrincipalId $commGwayObjectId -ResourceId $projectSynergyObjectId -Id $role

- }

- ```

- Diagram showing two operator sites and the Azure regions for Azure Communications Gateway. Azure Communications Gateway has two service regions and one management region. The service regions connect to the management region and to the operator sites. The management region can be co-located with a service region.

-Service regions contain the voice and API infrastructure used for handling traffic between Microsoft Teams Phone System and your network. Each instance of Azure Communications Gateway consists of two service regions that are deployed in an active-active mode. This geo-redundancy is mandated by the Operator Connect and Teams Phone Mobile programs. Fast failover between the service regions is provided at the infrastructure/IP level and at the application (SIP/RTP/HTTP) level.

-Each Azure Communications Gateway service region provides an SRV record containing all SIP peers within the region.

-> - Send traffic to its local Azure Communications Gateway service region by default.

-> - Locate Azure Communications Gateway peers within a region using DNS-SRV, as outlined in RFC 3263.

-> - Use SIP OPTIONS (or a combination of OPTIONS and SIP traffic) to monitor the availability of the Azure Communications Gateway peers.

-Your network must not retry calls that receive error responses other than 408, 503 and 504.

-The details of this routing behavior will be specific to your network. You must agree them with your onboarding team during your integration project.

-During a zone-wide outage, calls handled by the affected zone are terminated, with a brief loss of capacity within the region until the service's self-healing rebalances underlying resources to healthy zones. This self-healing isn't dependent on zone restoration; it's expected that the Microsoft-managed service self-healing state will compensate for a lost zone, using capacity from other zones. Traffic carrying resources are deployed in a zone-redundant manner but at the lowest scale traffic might be handled by a single resource. In this case, the failover mechanisms described in this article rebalance all traffic to the other service region while the resources that carry traffic are redeployed in a healthy zone.

-During a region-wide outage, the failover mechanisms described in this article (OPTIONS polling and SIP retry on failure) will rebalance all traffic to the other service region, maintaining availability. Microsoft will start restoring regional redundancy. Restoring regional redundancy during extended downtime might require using other Azure regions. If we need to migrate a failed region to another region, we'll consult you before starting any migrations.

-Monitoring services might be temporarily unavailable until service has been restored. If the management region experiences extended downtime, Microsoft will migrate the impacted resources to another available region.

-Management regions can be co-located with service regions. We recommend choosing the management region nearest to your service regions.

-## March 2023: Simpler authentication for Operator Connect APIs

-Azure Communications Gateway contains services that need to access the Operator Connect API on your behalf. Azure Communications Gateway therefore needs to authenticate with your Operator Connect or Teams Phone Mobile environment.

-From March 2023, Azure Communications Gateway automatically provides a service principal for this authentication. You must set up specific permissions for this service principal and then add the service principal to your Operator Connect or Teams Phone Mobile environment. For more information, see [Prepare to deploy Azure Communications Gateway](prepare-to-deploy.md).

- Connect-AzureAD -Tenant "your tenant ID"

- New-AzureADServicePrincipal -AppId bf7b6499-ff71-4aa2-97a4-f372087be7f0 -DisplayName "Confidential VM Orchestrator"

-In this quickstart, you create a confidential ledger with [Azure PowerShell](/powershell/azure/). If you choose to install and use PowerShell locally, this tutorial requires Azure PowerShell module version 1.0.0 or later. Type `$PSVersionTable.PSVersion` to find the version. If you need to upgrade, see [Install Azure PowerShell module](/powershell/azure/install-az-ps). If you are running PowerShell locally, you also need to run `Login-AzAccount` to create a connection with Azure.

-| Azure PowerShell | If using PowerShell, [install the Azure PowerShell](/powershell/azure/install-az-ps) on your local machine. Ensure that the latest version of the Az.App module is installed by running the command `Install-Module -Name Az.App`. |

-If you choose to install and use the PowerShell locally, this tutorial requires the Azure PowerShell module. Run `Get-Module -ListAvailable Az` to find the version. If you need to upgrade, see [Install Azure PowerShell module](/powershell/azure/install-Az-ps). If you are running PowerShell locally, you also need to run `Connect-AzAccount` to create a connection with Azure.

-This quickstart requires Azure PowerShell module. Run `Get-Module -ListAvailable Az` to determine your installed version. If you need to install or upgrade, see [Install Azure PowerShell module](/powershell/azure/install-az-ps).

-> [!IMPORTANT]

-> Please note that if the "Start from beginning" option is selected, the initial load includes a full snapshot of container data in the first run, and changed or incremental data is captured in subsequent runs. Similarly, when the "Start from timestamp" option is selected, the initial load processes the data from the given timestamp, and incremental or changed data is captured in subsequent runs. The `Capture intermediate updates`, `Capture Deletes` and `Capture Transactional store TTLs`, which are found under the [source options](get-started-change-data-capture.md) tab, determine if intermediate updates and deletes are captured in sinks.

-### Capturing deletes and intermediate updates

-The change data capture feature for the analytical store captures deleted records and the intermediate updates. The captured deletes and updates can be applied on Sinks that support delete and update operations. The {_rid} value uniquely identifies the records and so by specifying {_rid} as key column on the Sink side, the update and delete operations would be reflected on the Sink.

-> [!NOTE]

-> If you would like to enable source-query based change data capture on Azure Data Factory data flows during preview, please email [cosmosdbsynapselink@microsoft.com](mailto:cosmosdbsynapselink@microsoft.com) and share your **subscription Id** and **region**. This is not necessary to enable source-query based change data capture on an Azure Synapse data flow.

-The following table includes links to commonly used Azure PowerShell scripts for Azure Cosmos DB. Use the links on the right to navigate to API specific samples. Common samples are the same across all APIs. Reference pages for all Azure Cosmos DB PowerShell cmdlets are available in the [Azure PowerShell Reference](/powershell/module/az.cosmosdb). The `Az.CosmosDB` module is now part of the `Az` module. [Download and install](/powershell/azure/install-az-ps) the latest version of Az module to get the Azure Cosmos DB cmdlets. You can also get the latest version from the [PowerShell Gallery](https://www.powershellgallery.com/packages/Az/5.4.0). You can also fork these PowerShell samples for Azure Cosmos DB from our GitHub repository, [Azure Cosmos DB PowerShell Samples on GitHub](https://github.com/Azure/azure-docs-powershell-samples/tree/master/cosmosdb).

-The following table includes links to commonly used Azure PowerShell scripts for Azure Cosmos DB. Use the links on the right to navigate to API specific samples. Common samples are the same across all APIs. Reference pages for all Azure Cosmos DB PowerShell cmdlets are available in the [Azure PowerShell Reference](/powershell/module/az.cosmosdb). The `Az.CosmosDB` module is now part of the `Az` module. [Download and install](/powershell/azure/install-az-ps) the latest version of Az module to get the Azure Cosmos DB cmdlets. You can also get the latest version from the [PowerShell Gallery](https://www.powershellgallery.com/packages/Az/5.4.0). You can also fork these PowerShell samples for Azure Cosmos DB from our GitHub repository, [Azure Cosmos DB PowerShell Samples on GitHub](https://github.com/Azure/azure-docs-powershell-samples/tree/master/cosmosdb).

-|KPI|Single-region writes without availability zones|Single-region writes with availability zones|Multiple-region, single-region writes without availability zones|Multiple-region, single-region writes with availability zones|Multiple-region, single-region writes with or without availability zones|

-1. Install [Azure PowerShell](/powershell/azure/install-Az-ps) and [sign in](/powershell/azure/authenticate-azureps).

-> When merge is enabled on an account, only requests from .NET SDK version >= 3.27.0 or Java SDK >= 4.42.0 or Azure Cosmos DB Spark connector >= 4.18.0 will be allowed on the account, regardless of whether merges are ongoing or not. Requests from other SDKs (older .NET SDK, older Java SDK, any JavaScript SDK, any Python SDK, any Go SDK) or unsupported connectors (Azure Data Factory, Azure Search, Azure Functions, Azure Stream Analytics, and others) will be blocked and fail. Ensure you have upgraded to a supported SDK version before enabling the feature. After the feature is enabled or disabled, it may take 15-20 minutes to fully propagate to the account. If you plan to disable the feature after you've completed using it, it may take 15-20 minutes before requests from SDKs and connectors that are not supported for merge are allowed.

-Condition 1 often occurs when you've previously scaled up the RU/s (often for a data ingestion) and now want to scale down in steady state.

- - Azure Functions < 4.0.0

-1. Install the [latest version of Azure PowerShell](/powershell/azure/install-az-ps) or any version higher than 6.2.0.

-The following table includes links to commonly used Azure PowerShell scripts for Azure Cosmos DB. Use the links on the right to navigate to API specific samples. Common samples are the same across all APIs. Reference pages for all Azure Cosmos DB PowerShell cmdlets are available in the [Azure PowerShell Reference](/powershell/module/az.cosmosdb). The `Az.CosmosDB` module is now part of the `Az` module. [Download and install](/powershell/azure/install-az-ps) the latest version of Az module to get the Azure Cosmos DB cmdlets. You can also get the latest version from the [PowerShell Gallery](https://www.powershellgallery.com/packages/Az/5.4.0). You can also fork these PowerShell samples for Azure Cosmos DB from our GitHub repository, [Azure Cosmos DB PowerShell Samples on GitHub](https://github.com/Azure/azure-docs-powershell-samples/tree/master/cosmosdb).

-* Install the [latest version](/powershell/azure/install-az-ps) of Azure PowerShell.

-The following table includes links to commonly used Azure PowerShell scripts for Azure Cosmos DB. Use the links on the right to navigate to API specific samples. Common samples are the same across all APIs. Reference pages for all Azure Cosmos DB PowerShell cmdlets are available in the [Azure PowerShell Reference](/powershell/module/az.cosmosdb). The `Az.CosmosDB` module is now part of the `Az` module. [Download and install](/powershell/azure/install-az-ps) the latest version of Az module to get the Azure Cosmos DB cmdlets. You can also get the latest version from the [PowerShell Gallery](https://www.powershellgallery.com/packages/Az/5.4.0). You can also fork these PowerShell samples for Azure Cosmos DB from our GitHub repository, [Azure Cosmos DB PowerShell Samples on GitHub](https://github.com/Azure/azure-docs-powershell-samples/tree/master/cosmosdb).

- * Before provisioning the account, install any version of Azure PowerShell higher than 6.2.0. For more information about the latest version of Azure PowerShell, see [latest version of Azure PowerShell](/powershell/azure/install-az-ps).

-Before restoring the account, install the [latest version of Azure PowerShell](/powershell/azure/install-az-ps) or version higher than 9.6.0. Next connect to your Azure account and select the required subscription with the following commands:

-If you need to install, see [Install Azure PowerShell module](/powershell/azure/install-az-ps).

-If you need to install, see [Install Azure PowerShell module](/powershell/azure/install-az-ps).

-If you need to install, see [Install Azure PowerShell module](/powershell/azure/install-az-ps).

-If you need to install, see [Install Azure PowerShell module](/powershell/azure/install-az-ps).

-If you need to install, see [Install Azure PowerShell module](/powershell/azure/install-az-ps).

-If you need to install, see [Install Azure PowerShell module](/powershell/azure/install-az-ps).

-If you need to install, see [Install Azure PowerShell module](/powershell/azure/install-az-ps).

-If you need to install, see [Install Azure PowerShell module](/powershell/azure/install-az-ps).

-If you need to install, see [Install Azure PowerShell module](/powershell/azure/install-az-ps).

-If you need to install, see [Install Azure PowerShell module](/powershell/azure/install-az-ps).

-If you need to install, see [Install Azure PowerShell module](/powershell/azure/install-az-ps).

-If you need to install, see [Install Azure PowerShell module](/powershell/azure/install-az-ps).

-If you need to install, see [Install Azure PowerShell module](/powershell/azure/install-az-ps).

-If you need to install, see [Install Azure PowerShell module](/powershell/azure/install-az-ps).

-If you need to install, see [Install Azure PowerShell module](/powershell/azure/install-az-ps).

-If you need to install, see [Install Azure PowerShell module](/powershell/azure/install-az-ps).

-If you need to install, see [Install Azure PowerShell module](/powershell/azure/install-az-ps).

-If you need to install, see [Install Azure PowerShell module](/powershell/azure/install-az-ps).

-If you need to install, see [Install Azure PowerShell module](/powershell/azure/install-az-ps).

-If you need to install, see [Install Azure PowerShell module](/powershell/azure/install-az-ps).

-If you need to install, see [Install Azure PowerShell module](/powershell/azure/install-az-ps).

-If you need to install, see [Install Azure PowerShell module](/powershell/azure/install-az-ps).

-If you need to install, see [Install Azure PowerShell module](/powershell/azure/install-az-ps).

-If you need to install, see [Install Azure PowerShell module](/powershell/azure/install-az-ps).

-If you need to install, see [Install Azure PowerShell module](/powershell/azure/install-az-ps).

-If you need to install, see [Install Azure PowerShell module](/powershell/azure/install-az-ps).

-If you need to install, see [Install Azure PowerShell module](/powershell/azure/install-az-ps).

-If you need to install, see [Install Azure PowerShell module](/powershell/azure/install-az-ps).

-If you need to install, see [Install Azure PowerShell module](/powershell/azure/install-az-ps).

-If you need to install, see [Install Azure PowerShell module](/powershell/azure/install-az-ps).

-The following table includes links to commonly used Azure PowerShell scripts for Azure Cosmos DB. Use the links on the right to navigate to API specific samples. Common samples are the same across all APIs. Reference pages for all Azure Cosmos DB PowerShell cmdlets are available in the [Azure PowerShell Reference](/powershell/module/az.cosmosdb). The `Az.CosmosDB` module is now part of the `Az` module. [Download and install](/powershell/azure/install-az-ps) the latest version of Az module to get the Azure Cosmos DB cmdlets. You can also get the latest version from the [PowerShell Gallery](https://www.powershellgallery.com/packages/Az/5.4.0). You can also fork these PowerShell samples for Azure Cosmos DB from our GitHub repository, [Azure Cosmos DB PowerShell Samples on GitHub](https://github.com/Azure/azure-docs-powershell-samples/tree/master/cosmosdb).

-Azure PowerShell commands can be run in the [Azure Cloud Shell](https://shell.azure.com) or on a workstation with [Azure PowerShell installed](/powershell/azure/install-az-ps).

-Azure PowerShell commands can be run in the [Azure Cloud Shell](https://shell.azure.com) or on a workstation with [Azure PowerShell installed](/powershell/azure/install-az-ps).

-Azure PowerShell commands can be run in the [Azure Cloud Shell](https://shell.azure.com) or on a workstation with [Azure PowerShell installed](/powershell/azure/install-az-ps).

-To use the Cost Details API, you need read only permissions for supported features and scopes. For more information, see:

-> Management groups aren't currently supported in Cost Management features for Microsoft Customer Agreement subscriptions.