Updates from: 05/15/2021 03:06:27
Service Microsoft Docs article Related commit history on GitHub Change details
active-directory-b2c Conditional Access Identity Protection Overview https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory-b2c/conditional-access-identity-protection-overview.md
Previously updated : 03/03/2021 Last updated : 05/13/2021
# Identity Protection and Conditional Access for Azure AD B2C - Enhance the security of Azure Active Directory B2C (Azure AD B2C) with Azure AD Identity Protection and Conditional Access. The Identity Protection risk-detection features, including risky users and risky sign-ins, are automatically detected and displayed in your Azure AD B2C tenant. You can create Conditional Access policies that use these risk detections to determine actions and enforce organizational policies. Together, these capabilities give Azure AD B2C application owners greater control over risky authentications and access policies. If you're already familiar with [Identity Protection](../active-directory/identity-protection/overview-identity-protection.md) and [Conditional Access](../active-directory/conditional-access/overview.md) in Azure AD, using these capabilities with Azure AD B2C will be a familiar experience, with the minor differences discussed in this article.
active-directory-b2c Conditional Access Technical Profile https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory-b2c/conditional-access-technical-profile.md
Previously updated : 04/19/2021 Last updated : 05/13/2021
Azure Active Directory (Azure AD) Conditional Access is the tool used by Azure AD B2C to bring signals together, make decisions, and enforce organizational policies. Automating risk assessment with policy conditions means risky sign-ins are at once identified and remediated or blocked. - ## Protocol The **Name** attribute of the **Protocol** element needs to be set to `Proprietary`. The **handler** attribute must contain the fully qualified name of the protocol handler assembly that is used by Azure AD B2C:
active-directory-b2c Conditional Access User Flow https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory-b2c/conditional-access-user-flow.md
Previously updated : 05/06/2021 Last updated : 05/13/2021
Conditional Access can be added to your Azure Active Directory B2C (Azure AD B2C
Automating risk assessment with policy conditions means risky sign-ins are identified immediately and then either remediated or blocked. - ## Service overview Azure AD B2C evaluates each sign-in event and ensures that all policy requirements are met before granting the user access. During this **Evaluation** phase, the Conditional Access service evaluates the signals collected by Identity Protection risk detections during sign-in events. The outcome of this evaluation process is a set of claims that indicates whether the sign-in should be granted or blocked. The Azure AD B2C policy uses these claims to take an action within the user flow, such as blocking access or challenging the user with a specific remediation like multi-factor authentication (MFA). ΓÇ£Block accessΓÇ¥ overrides all other settings.
In the *Remediation* phase that follows, the user is challenged with MFA. Once c
The remediation may also happen through other channels. For example, when the account's password is reset, either by the administrator or by the user. You can check the the user *Risk state* in the [risky users report](identity-protection-investigate-risk.md#navigating-the-risky-users-report). + > [!IMPORTANT] > To remediate the risk successfully within the journey, make sure the *Remediation* technical profile is called after the *Evaluation* technical profile is executed. If *Evaluation* is invoked without *Remediation*, the risk state will be *At risk*. When the *Evaluation* technical profile recommendation returns `Block`, the call to the *Evaluation* technical profile is not required. The risk state is set to *At risk*. - The following example shows a Conditional Access technical profile used to remediate the identified threat: ```XML
A Conditional Access policy is an if-then statement of assignments and access co
To add a Conditional Access policy: 1. In the Azure portal, search for and select **Azure AD B2C**.
-1. Under **Security**, select **Conditional Access (Preview)**. The **Conditional Access Policies** page opens.
+1. Under **Security**, select **Conditional Access**. The **Conditional Access Policies** page opens.
1. Select **+ New policy**. 1. Enter a name for the policy, such as *Block risky sign-in*. 1. Under **Assignments**, choose **Users and groups**, and then select the one of the following supported configurations:
Multiple Conditional Access policies may apply to an individual user at any time
## Enable multi-factor authentication (optional)
-When adding Conditional Access to a user flow, consider the use of **Multi-factor authentication (MFA)**. Users can use a one-time code via SMS or voice, or a one-time password via email for multi-factor authentication. MFA settings are independent from Conditional Access settings. You can choose from these MFA options:
+When adding Conditional Access to a user flow, consider using **Multi-factor authentication (MFA)**. Users can use a one-time code via SMS or voice, or a one-time password via email for multi-factor authentication. MFA settings are configured separately from Conditional Access settings. You can choose from these MFA options:
+
+- **Off** - MFA is never enforced during sign-in, and users are not prompted to enroll in MFA during sign-up or sign-in.
+- **Always on** - MFA is always required, regardless of your Conditional Access setup. During sign-up, users are prompted to enroll in MFA. During sign-in, if users aren't already enrolled in MFA, they're prompted to enroll.
+- **Conditional** - During sign-up and sign-in, users are prompted to enroll in MFA (both new users and existing users who aren't enrolled in MFA). During sign-in, MFA is enforced only when an active Conditional Access policy evaluation requires it:
+
+ - If the result is an MFA challenge with no risk, MFA is enforced. If the user isn't already enrolled in MFA, they're prompted to enroll.
+ - If the result is an MFA challenge due to risk *and* the user is not enrolled in MFA, sign-in is blocked.
- - **Off** - MFA is never enforced during sign-in, and users are not prompted to enroll in MFA during sign-up or sign-in.
- - **Always on** - MFA is always required regardless of your Conditional Access setup. If users aren't already enrolled in MFA, they're prompted to enroll during sign-in. During sign-up, users are prompted to enroll in MFA.
- - **Conditional (Preview)** - MFA is required only when an active Conditional Access Policy requires it. If the result of the Conditional Access evaluation is an MFA challenge with no risk, MFA is enforced during sign-in. If the result is an MFA challenge due to risk *and* the user is not enrolled in MFA, sign-in is blocked. During sign-up, users aren't prompted to enroll in MFA.
+ > [!NOTE]
+ > With general availability of Conditional Access in Azure AD B2C, users are now prompted to enroll in an MFA method during sign-up. Any sign-up user flows you created prior to general availability won't automatically reflect this new behavior, but you can include the behavior by creating new user flows.
::: zone pivot="b2c-user-flow"
To enable Conditional Access for a user flow, make sure the version supports Con
![Configure MFA and Conditional Access in Properties](media/conditional-access-user-flow/add-conditional-access.png)
-1. In the **Multifactor authentication** section, select the desired **Type of method**, and then under **MFA enforcement**, select **Conditional (Preview)**.
+1. In the **Multifactor authentication** section, select the desired **Type of method**, and then under **MFA enforcement**, select **Conditional**.
-1. In the **Conditional access (Preview)** section, select the **Enforce conditional access policies** check box.
+1. In the **Conditional access** section, select the **Enforce conditional access policies** check box.
1. Select **Save**.
active-directory-b2c Faq https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory-b2c/faq.md
Previously updated : 03/08/2021 Last updated : 05/14/2021
You can use the Microsoft Graph API to write your migration tool. See the [User
The Azure AD B2C password user flow for local accounts is based on the policy for Azure AD. Azure AD B2C's sign-up, sign-up or sign-in and password reset user flows use the "strong" password strength and don't expire any passwords. For more details, see [Password policies and restrictions in Azure Active Directory](../active-directory/authentication/concept-sspr-policy.md).
-For information about account lockouts and passwords, see [Manages threats to resources and data in Azure Active Directory B2C](threat-management.md).
+For information about account lockouts and passwords, see [Mitigate credential attacks in Azure AD B2C](threat-management.md).
### Can I use Azure AD Connect to migrate consumer identities that are stored on my on-premises Active Directory to Azure AD B2C?
active-directory-b2c Identity Protection Investigate Risk https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory-b2c/identity-protection-investigate-risk.md
Previously updated : 03/03/2021 Last updated : 05/13/2021
zone_pivot_groups: b2c-policy-type
# Investigate risk with Identity Protection in Azure AD B2C - Identity Protection provides ongoing risk detection for your Azure AD B2C tenant. It allows organizations to discover, investigate, and remediate identity-based risks. Identity Protection comes with risk reports that can be used to investigate identity risks in Azure AD B2C tenants. In this article, you learn how to investigate and mitigate risks. ## Overview
An administrator can choose to dismiss a user's risk in the Azure portal or prog
1. Under **Azure services**, select **Azure AD B2C**. Or use the search box to find and select **Azure AD B2C**.
-1. Under **Security**, select **Risky users (Preview)**.
+1. Under **Security**, select **Risky users**.
![Risky users](media/identity-protection-investigate-risk/risky-users.png)
Administrators can then choose to return to the user's risk or sign-ins report t
### Navigating the risk detections report 1. In the Azure portal, search for and select **Azure AD B2C**.
-1. Under **Security**, select **Risk detections (Preview)**.
+1. Under **Security**, select **Risk detections**.
![Risk detections](media/identity-protection-investigate-risk/risk-detections.png)
active-directory-b2c Multi Factor Authentication https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory-b2c/multi-factor-authentication.md
Previously updated : 04/22/2021 Last updated : 05/13/2021
This feature helps applications handle scenarios such as:
1. In the **Multifactor authentication** section, select the desired **Type of method**. Then under **MFA enforcement** select an option: - **Off** - MFA is never enforced during sign-in, and users are not prompted to enroll in MFA during sign-up or sign-in.
- - **Always on** - MFA is always required (regardless of any Conditional Access setup). If users aren't already enrolled in MFA, they're prompted to enroll during sign-in. During sign-up, users are prompted to enroll in MFA.
- - **Conditional (Preview)** - MFA is enforced only when a Conditional Access policy requires it. The policy and sign-in risk determine how MFA is presented to the user:
- - If no risk is detected, an MFA challenge is presented to the user during sign-in. If the user isn't already enrolled in MFA, they're prompted to enroll during sign-in.
- - If risk is detected and the user isn't already enrolled in MFA, the sign-in is blocked. During sign-up, users aren't prompted to enroll in MFA.
+ - **Always on** - MFA is always required, regardless of your Conditional Access setup. During sign-up, users are prompted to enroll in MFA. During sign-in, if users aren't already enrolled in MFA, they're prompted to enroll.
+ - **Conditional** - During sign-up and sign-in, users are prompted to enroll in MFA (both new users and existing users who aren't enrolled in MFA). During sign-in, MFA is enforced only when an active Conditional Access policy evaluation requires it:
+
+ - If the result is an MFA challenge with no risk, MFA is enforced. If the user isn't already enrolled in MFA, they're prompted to enroll.
+ - If the result is an MFA challenge due to risk *and* the user is not enrolled in MFA, sign-in is blocked.
> [!NOTE] >
- > - If you select **Conditional (Preview)**, you'll also need to [add Conditional Access to user flows](conditional-access-user-flow.md), and specify the apps you want the policy to apply to.
+ > - With general availability of Conditional Access in Azure AD B2C, users are now prompted to enroll in an MFA method during sign-up. Any sign-up user flows you created prior to general availability won't automatically reflect this new behavior, but you can include the behavior by creating new user flows.
+ > - If you select **Conditional**, you'll also need to [add Conditional Access to user flows](conditional-access-user-flow.md), and specify the apps you want the policy to apply to.
> - Multi-factor authentication (MFA) is disabled by default for sign-up user flows. You can enable MFA in user flows with phone sign-up, but because a phone number is used as the primary identifier, email one-time passcode is the only option available for the second authentication factor. 1. Select **Save**. MFA is now enabled for this user flow.
active-directory-b2c Partner Dynamics 365 Fraud Protection https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory-b2c/partner-dynamics-365-fraud-protection.md
Following is an example:
## Deploy the UI templates
-1. Deploy the provided [Azure AD B2C UI templates](https://github.com/azure-ad-b2c/partner-integrations/blob/adstoffe/remove-middle-layer-api/samples/Dynamics-Fraud-Protection/ui-templates) to a public facing internet hosting service such as Azure Blob Storage.
+1. Deploy the provided [Azure AD B2C UI templates](https://github.com/azure-ad-b2c/partner-integrations/tree/master/samples/Dynamics-Fraud-Protection/ui-templates) to a public facing internet hosting service such as Azure Blob Storage.
2. Replace the value `https://<YOUR-UI-BASE-URL>/` with the root URL for your deployment location.
See [UI customization documentation](https://docs.microsoft.com/azure/active-dir
### Replace the configuration values
-In the provided [custom policies](https://github.com/azure-ad-b2c/partner-integrations/tree/master/samples/Dynamics-Fraud-Protection/Policies), find the following placeholders and replace them with the corresponding values from your instance.
+In the provided [custom policies](https://github.com/azure-ad-b2c/partner-integrations/tree/master/samples/Dynamics-Fraud-Protection/policies), find the following placeholders and replace them with the corresponding values from your instance.
| Placeholder | Replace with | Notes | | :-- | :| :--|
In the provided [custom policies](https://github.com/azure-ad-b2c/partner-integr
## Configure the Azure AD B2C policy
-1. Go to the [Azure AD B2C policy](https://github.com/azure-ad-b2c/partner-integrations/tree/adstoffe/remove-middle-layer-api/samples/Dynamics-Fraud-Protection/policies) in the Policies folder.
+1. Go to the [Azure AD B2C policy](https://github.com/azure-ad-b2c/partner-integrations/tree/master/samples/Dynamics-Fraud-Protection/policies) in the Policies folder.
2. Follow this [document](./tutorial-create-user-flows.md?pivots=b2c-custom-policy?tabs=applications#custom-policy-starter-pack) to download [LocalAccounts starter pack](https://github.com/Azure-Samples/active-directory-b2c-custom-policy-starterpack/tree/master/LocalAccounts)
active-directory-b2c Technical Overview https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory-b2c/technical-overview.md
Previously updated : 04/27/2021 Last updated : 05/14/2021
You can add a REST API call at any step in the user journey defined by a custom
To see how to use custom policies for RESTful API integration in Azure AD B2C, see [Integrate REST API claims exchanges in your Azure AD B2C custom policy](api-connectors-overview.md).
-## Protect customer identities
+## Protect resources and customer identities
Azure AD B2C complies with the security, privacy, and other commitments described in the [Microsoft Azure Trust Center](https://www.microsoft.com/trustcenter/cloudservices/azure).
Your users may or may not be challenged for MFA based on configuration decisions
See how to enable MFA in user flows in [Enable multi-factor authentication in Azure Active Directory B2C](multi-factor-authentication.md).
+### Identity Protection and Conditional Access
+
+Azure AD Identity Protection risk-detection features, including risky users and risky sign-ins, are automatically detected and displayed in your Azure AD B2C tenant. You can create Conditional Access policies that use these risk detections to determine remediation actions and enforce organizational policies. See [Identity Protection and Conditional Access](conditional-access-identity-protection-overview.md).
+ ### Smart account lockout To prevent brute-force password guessing attempts, Azure AD B2C uses a sophisticated strategy to lock accounts based on the IP of the request, the passwords entered, and several other factors. The duration of the lockout is automatically increased based on risk and the number of attempts. ![Account smart lockout](media/technical-overview/smart-lockout1.png)
-For more information about managing password protection settings, see [Manage threats to resources and data in Azure Active Directory B2C](threat-management.md).
+For more information about managing password protection settings, see [Mitigate credential attacks in Azure AD B2C](threat-management.md).
### Password complexity
active-directory-b2c Threat Management https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory-b2c/threat-management.md
Title: Manage threats to resources and data
+ Title: Mitigate credential attacks - Azure AD B2C
-description: Learn about detection and mitigation techniques for denial-of-service attacks and password attacks in Azure Active Directory B2C.
+description: Learn about detection and mitigation techniques for credential attacks (password attacks) in Azure Active Directory B2C, including smart account lockout features.
Previously updated : 09/26/2019 Last updated : 05/14/2021
-# Manage threats to resources and data in Azure Active Directory B2C
-Azure Active Directory B2C (Azure AD B2C) has built-in features that can help you protect against threats to your resources and data. These threats include denial-of-service attacks and password attacks. Denial-of-service attacks might make resources unavailable to intended users. Password attacks lead to unauthorized access to resources.
+# Mitigate credential attacks in Azure AD B2C
-## Denial-of-service attacks
-
-Azure AD B2C defends against SYN flood attacks using a SYN cookie. Azure AD B2C also protects against denial-of-service attacks by using limits for rates and connections.
-
-## Password attacks
-
-Passwords that are set by users are required to be reasonably complex. Azure AD B2C has mitigation techniques in place for password attacks. Mitigation includes detection of brute-force password attacks and dictionary password attacks. By using various signals, Azure AD B2C analyzes the integrity of requests. Azure AD B2C is designed to intelligently differentiate intended users from hackers and botnets.
+Credential attacks lead to unauthorized access to resources. Passwords that are set by users are required to be reasonably complex. Azure AD B2C has mitigation techniques in place for credential attacks. Mitigation includes detection of brute-force credential attacks and dictionary credential attacks. By using various signals, Azure Active Directory B2C (Azure AD B2C) analyzes the integrity of requests. Azure AD B2C is designed to intelligently differentiate intended users from hackers and botnets.
Azure AD B2C uses a sophisticated strategy to lock accounts. The accounts are locked based on the IP of the request and the passwords entered. The duration of the lockout also increases based on the likelihood that it's an attack. After a password is tried 10 times unsuccessfully (the default attempt threshold), a one-minute lockout occurs. The next time a login is unsuccessful after the account is unlocked (that is, after the account has been automatically unlocked by the service once the lockout period expires), another one-minute lockout occurs and continues for each unsuccessful login. Entering the same password repeatedly doesn't count as multiple unsuccessful logins.
+> [!NOTE]
+> This feature is supported by [user flows, custom policies](user-flow-overview.md), and [ROPC](add-ropc-policy.md) flows. ItΓÇÖs activated by default so you donΓÇÖt need to configure it in your user flows or custom policies.
+ The first 10 lockout periods are one minute long. The next 10 lockout periods are slightly longer and increase in duration after every 10 lockout periods. The lockout counter resets to zero after a successful login when the account isnΓÇÖt locked. Lockout periods can last up to five hours.
-## Manage password protection settings
+### Manage password protection settings
To manage password protection settings, including the lockout threshold:
To manage password protection settings, including the lockout threshold:
1. Use the **Directory + subscription** filter in the top menu to select the directory that contains your Azure AD B2C tenant. 1. In the left menu, select **Azure AD B2C**. Or, select **All services** and search for and select **Azure AD B2C**. 1. Under **Security**, select **Authentication methods (Preview)**, then select **Password protection**.
-1. Enter your desired password protection settings, then select **Save**.
+1. Under **Custom smart lockout**, enter your desired password protection settings:
+
+ - **Lockout threshold**: The number of failed sign-in tries that are allowed before the account is first locked out. If the first sign-in after a lockout also fails, the account locks again.
+ - **Lockout duration in seconds**: The minimum duration of each lockout in seconds. If an account locks repeatedly, this duration increases.
- ![Azure portal Password protection page in Azure AD settings](./media/threat-management/portal-02-password-protection.png)
+ ![Azure portal Password protection page in Azure AD settings](./media/threat-management/portal-02-password-protection.png)
<br />*Setting the lockout threshold to 5 in **Password protection** settings*.
-## View locked-out accounts
+1. Select **Save**.
+### Testing the password protection settings
+
+The smart lockout feature uses many factors to determine when an account should be locked, but the primary factor is the password pattern. The smart lockout feature considers slight variations of a password as a set, and theyΓÇÖre counted as a single try. For example:
+
+- Passwords such as 12456! and 1234567! (or newAccount1234 and newaccount1234) are so similar that the algorithm interprets them as human error and counts them as a single try.
+- Larger variations in pattern, such as 12456! and ABCD2!, are counted as separate tries.
+
+When testing the smart lockout feature, use a distinctive pattern for each password you enter. Consider using password generation web apps, such as [https://passwordsgenerator.net/](https://passwordsgenerator.net/).
+
+When the smart lockout threshold is reached, you'll see the following message while the account is locked:
+
+ **Your account is temporarily locked to prevent unauthorized use. Try again later, and if you still have trouble, contact your admin.**
+
+### Viewing locked-out accounts
To obtain information about locked-out accounts, you can check the Active Directory [sign-in activity report](../active-directory/reports-monitoring/concept-sign-ins.md). Under **Status**, select **Failure**. Failed sign-in attempts with a **Sign-in error code** of `50053` indicate a locked account:
active-directory-domain-services Policy Reference https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory-domain-services/policy-reference.md
Title: Built-in policy definitions for Azure Active Directory Domain Services description: Lists Azure Policy built-in policy definitions for Azure Active Directory Domain Services. These built-in policy definitions provide common approaches to managing your Azure resources. Previously updated : 05/04/2021 Last updated : 05/14/2021
active-directory Concept Authentication Passwordless https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/authentication/concept-authentication-passwordless.md
The following providers offer FIDO2 security keys of different form factors that
| Token2 Switzerland | [https://www.token2.swiss/shop/product/token2-t2f2-alu-fido2-u2f-and-totp-security-key](https://www.token2.swiss/shop/product/token2-t2f2-alu-fido2-u2f-and-totp-security-key) | | GoTrustID Inc. | [https://www.gotrustid.com/idem-key](https://www.gotrustid.com/idem-key) | | Kensington | [https://www.kensington.com/solutions/product-category/why-biometrics/](https://www.kensington.com/solutions/product-category/why-biometrics/) |
+| Nymi | [https://www.nymi.com/product](https://www.nymi.com/product) |
> [!NOTE] > If you purchase and plan to use NFC-based security keys, you need a supported NFC reader for the security key. The NFC reader isn't an Azure requirement or limitation. Check with the vendor for your NFC-based security key for a list of supported NFC readers.
active-directory Howto Password Smart Lockout https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/authentication/howto-password-smart-lockout.md
Smart lockout helps lock out bad actors that try to guess your users' passwords
## How smart lockout works
-By default, smart lockout locks the account from sign-in attempts for one minute after 10 failed attempts. The account locks again after each subsequent failed sign-in attempt, for one minute at first and longer in subsequent attempts. To minimize the ways an attacker could work around this behavior, we don't disclose the rate at which the lockout period grows over additional unsuccessful sign-in attempts.
+By default, smart lockout locks the account from sign-in attempts for one minute after 10 failed attempts for Azure Public tenants and 3 for Azure US Government tenants. The account locks again after each subsequent failed sign-in attempt, for one minute at first and longer in subsequent attempts. To minimize the ways an attacker could work around this behavior, we don't disclose the rate at which the lockout period grows over additional unsuccessful sign-in attempts.
Smart lockout tracks the last three bad password hashes to avoid incrementing the lockout counter for the same password. If someone enters the same bad password multiple times, this behavior won't cause the account to lock out.
To check or modify the smart lockout values for your organization, complete the
1. Search for and select *Azure Active Directory*, then select **Security** > **Authentication methods** > **Password protection**. 1. Set the **Lockout threshold**, based on how many failed sign-ins are allowed on an account before its first lockout.
- The default is 10.
+ The default is 10 for Azure Public tenants and 3 for Azure US Government tenants.
1. Set the **Lockout duration in seconds**, to the length in seconds of each lockout.
active-directory Whats New Archive https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/fundamentals/whats-new-archive.md
We fixed a bug where changes to the [HomeRealmDiscovery policy](../manage-apps/c
In March 2020, we've added these 51 new apps with Federation support to the app gallery:
-[Cisco AnyConnect](../saas-apps/cisco-anyconnect.md), [Zoho One China](../saas-apps/zoho-one-china-tutorial.md), [PlusPlus](https://test.plusplus.app/auth/login/azuread-outlook/), [Profit.co SAML App](../saas-apps/profitco-saml-app-tutorial.md), [iPoint Service Provider](../saas-apps/ipoint-service-provider-tutorial.md), [contexxt.ai SPHERE](https://contexxt-sphere.com/login), [Wisdom By Invictus](../saas-apps/wisdom-by-invictus-tutorial.md), [Flare Digital Signage](https://spark-dev.pixelnebula.com/login), [Logz.io - Cloud Observability for Engineers](../saas-apps/logzio-cloud-observability-for-engineers-tutorial.md), [SpectrumU](../saas-apps/spectrumu-tutorial.md), [BizzContact](https://www.bizzcontact.app/), [Elqano SSO](../saas-apps/elqano-sso-tutorial.md), [MarketSignShare](http://www.signshare.com/), [CrossKnowledge Learning Suite](../saas-apps/crossknowledge-learning-suite-tutorial.md), [Netvision Compas](../saas-apps/netvision-compas-tutorial.md), [FCM HUB](../saas-apps/fcm-hub-tutorial.md), [RIB )
+[Cisco AnyConnect](../saas-apps/cisco-anyconnect.md), [Zoho One China](../saas-apps/zoho-one-china-tutorial.md), [PlusPlus](https://test.plusplus.app/auth/login/azuread-outlook/), [Profit.co SAML App](../saas-apps/profitco-saml-app-tutorial.md), [iPoint Service Provider](../saas-apps/ipoint-service-provider-tutorial.md), [contexxt.ai SPHERE](https://contexxt-sphere.com/login), [Wisdom By Invictus](../saas-apps/wisdom-by-invictus-tutorial.md), [Flare Digital Signage](https://pixelnebula.com/), [Logz.io - Cloud Observability for Engineers](../saas-apps/logzio-cloud-observability-for-engineers-tutorial.md), [SpectrumU](../saas-apps/spectrumu-tutorial.md), [BizzContact](https://www.bizzcontact.app/), [Elqano SSO](../saas-apps/elqano-sso-tutorial.md), [MarketSignShare](http://www.signshare.com/), [CrossKnowledge Learning Suite](../saas-apps/crossknowledge-learning-suite-tutorial.md), [Netvision Compas](../saas-apps/netvision-compas-tutorial.md), [FCM HUB](../saas-apps/fcm-hub-tutorial.md), [RIB )
For more information about the apps, see [SaaS application integration with Azure Active Directory](../saas-apps/tutorial-list.md). For more information about listing your application in the Azure AD app gallery, see [List your application in the Azure Active Directory application gallery](../develop/v2-howto-app-gallery-listing.md).
active-directory 360Online Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/360online-tutorial.md
Previously updated : 01/17/2019 Last updated : 05/13/2021 # Tutorial: Azure Active Directory integration with 360 Online
-In this tutorial, you learn how to integrate 360 Online with Azure Active Directory (Azure AD).
-Integrating 360 Online with Azure AD provides you with the following benefits:
+In this tutorial, you'll learn how to integrate 360 Online with Azure Active Directory (Azure AD). When you integrate 360 Online with Azure AD, you can:
-* You can control in Azure AD who has access to 360 Online.
-* You can enable your users to be automatically signed-in to 360 Online (Single Sign-On) with their Azure AD accounts.
-* You can manage your accounts in one central location - the Azure portal.
-
-If you want to know more details about SaaS app integration with Azure AD, see [What is application access and single sign-on with Azure Active Directory](../manage-apps/what-is-single-sign-on.md).
-If you don't have an Azure subscription, [create a free account](https://azure.microsoft.com/free/) before you begin.
+* Control in Azure AD who has access to 360 Online.
+* Enable your users to be automatically signed-in to 360 Online with their Azure AD accounts.
+* Manage your accounts in one central location - the Azure portal.
## Prerequisites
-To configure Azure AD integration with 360 Online, you need the following items:
+To get started, you need the following items:
-* An Azure AD subscription. If you don't have an Azure AD environment, you can get one-month trial [here](https://azure.microsoft.com/pricing/free-trial/)
-* 360 Online single sign-on enabled subscription
+* An Azure AD subscription. If you don't have a subscription, you can get a [free account](https://azure.microsoft.com/free/).
+* 360 Online single sign-on (SSO) enabled subscription.
## Scenario description In this tutorial, you configure and test Azure AD single sign-on in a test environment.
-* 360 Online supports **SP** initiated SSO
-
-## Adding 360 Online from the gallery
-
-To configure the integration of 360 Online into Azure AD, you need to add 360 Online from the gallery to your list of managed SaaS apps.
-
-**To add 360 Online from the gallery, perform the following steps:**
-
-1. In the **[Azure portal](https://portal.azure.com)**, on the left navigation panel, click **Azure Active Directory** icon.
-
- ![The Azure Active Directory button](common/select-azuread.png)
-
-2. Navigate to **Enterprise Applications** and then select the **All Applications** option.
-
- ![The Enterprise applications blade](common/enterprise-applications.png)
-
-3. To add new application, click **New application** button on the top of dialog.
+* 360 Online supports **SP** initiated SSO.
- ![The New application button](common/add-new-app.png)
+> [!NOTE]
+> Identifier of this application is a fixed string value so only one instance can be configured in one tenant.
-4. In the search box, type **360 Online**, select **360 Online** from result panel then click **Add** button to add the application.
+## Add 360 Online from the gallery
- ![360 Online in the results list](common/search-new-app.png)
-
-## Configure and test Azure AD single sign-on
-
-In this section, you configure and test Azure AD single sign-on with 360 Online based on a test user called **Britta Simon**.
-For single sign-on to work, a link relationship between an Azure AD user and the related user in 360 Online needs to be established.
-
-To configure and test Azure AD single sign-on with 360 Online, you need to complete the following building blocks:
-
-1. **[Configure Azure AD Single Sign-On](#configure-azure-ad-single-sign-on)** - to enable your users to use this feature.
-2. **[Configure 360 Online Single Sign-On](#configure-360-online-single-sign-on)** - to configure the Single Sign-On settings on application side.
-3. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with Britta Simon.
-4. **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable Britta Simon to use Azure AD single sign-on.
-5. **[Create 360 Online test user](#create-360-online-test-user)** - to have a counterpart of Britta Simon in 360 Online that is linked to the Azure AD representation of user.
-6. **[Test single sign-on](#test-single-sign-on)** - to verify whether the configuration works.
-
-### Configure Azure AD single sign-on
+To configure the integration of 360 Online into Azure AD, you need to add 360 Online from the gallery to your list of managed SaaS apps.
-In this section, you enable Azure AD single sign-on in the Azure portal.
+1. Sign in to the Azure portal using either a work or school account, or a personal Microsoft account.
+1. On the left navigation pane, select the **Azure Active Directory** service.
+1. Navigate to **Enterprise Applications** and then select **All Applications**.
+1. To add new application, select **New application**.
+1. In the **Add from the gallery** section, type **360 Online** in the search box.
+1. Select **360 Online** from results panel and then add the app. Wait a few seconds while the app is added to your tenant.
-To configure Azure AD single sign-on with 360 Online, perform the following steps:
+## Configure and test Azure AD SSO for 360 Online
-1. In the [Azure portal](https://portal.azure.com/), on the **360 Online** application integration page, select **Single sign-on**.
+Configure and test Azure AD SSO with 360 Online using a test user called **B.Simon**. For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in 360 Online.
- ![Configure single sign-on link](common/select-sso.png)
+To configure and test Azure AD SSO with 360 Online, perform the following steps:
-2. On the **Select a Single sign-on method** dialog, select **SAML/WS-Fed** mode to enable single sign-on.
+1. **[Configure Azure AD SSO](#configure-azure-ad-sso)** - to enable your users to use this feature.
+ 1. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon.
+ 1. **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable B.Simon to use Azure AD single sign-on.
+1. **[Configure 360 Online SSO](#configure-360-online-sso)** - to configure the single sign-on settings on application side.
+ 1. **[Create 360 Online test user](#create-360-online-test-user)** - to have a counterpart of B.Simon in 360 Online that is linked to the Azure AD representation of user.
+1. **[Test SSO](#test-sso)** - to verify whether the configuration works.
- ![Single sign-on select mode](common/select-saml-option.png)
+## Configure Azure AD SSO
-3. On the **Set up Single Sign-On with SAML** page, click **Edit** icon to open **Basic SAML Configuration** dialog.
+Follow these steps to enable Azure AD SSO in the Azure portal.
- ![Edit Basic SAML Configuration](common/edit-urls.png)
+1. In the Azure portal, on the **360 Online** application integration page, find the **Manage** section and select **single sign-on**.
+1. On the **Select a single sign-on method** page, select **SAML**.
+1. On the **Set up single sign-on with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.
-4. On the **Basic SAML Configuration** section, perform the following steps:
+ ![Edit Basic SAML Configuration](common/edit-urls.png)
- ![360 Online Domain and URLs single sign-on information](common/sp-signonurl.png)
+4. On the **Basic SAML Configuration** section, perform the following step:
In the **Sign-on URL** text box, type a URL using the following pattern: `https://<company name>.public360online.com`
To configure Azure AD single sign-on with 360 Online, perform the following step
![Copy configuration URLs](common/copy-configuration-urls.png)
- a. Login URL
-
- b. Azure Ad Identifier
-
- c. Logout URL
-
-### Configure 360 Online Single Sign-On
-
-To configure single sign-on on **360 Online** side, you need to send the downloaded **Metadata XML** and appropriate copied URLs from Azure portal to [360 Online support team](mailto:360online@software-innovation.com). They set this setting to have the SAML SSO connection set properly on both sides.
- ### Create an Azure AD test user
-The objective of this section is to create a test user in the Azure portal called Britta Simon.
-
-1. In the Azure portal, in the left pane, select **Azure Active Directory**, select **Users**, and then select **All users**.
-
- ![The "Users and groups" and "All users" links](common/users.png)
-
-2. Select **New user** at the top of the screen.
-
- ![New user Button](common/new-user.png)
-
-3. In the User properties, perform the following steps.
-
- ![The User dialog box](common/user-properties.png)
-
- a. In the **Name** field enter **BrittaSimon**.
-
- b. In the **User name** field type **brittasimon\@yourcompanydomain.extension**
- For example, BrittaSimon@contoso.com
+In this section, you'll create a test user in the Azure portal called B.Simon.
- c. Select **Show password** check box, and then write down the value that's displayed in the Password box.
-
- d. Click **Create**.
+1. From the left pane in the Azure portal, select **Azure Active Directory**, select **Users**, and then select **All users**.
+1. Select **New user** at the top of the screen.
+1. In the **User** properties, follow these steps:
+ 1. In the **Name** field, enter `B.Simon`.
+ 1. In the **User name** field, enter the username@companydomain.extension. For example, `B.Simon@contoso.com`.
+ 1. Select the **Show password** check box, and then write down the value that's displayed in the **Password** box.
+ 1. Click **Create**.
### Assign the Azure AD test user
-In this section, you enable Britta Simon to use Azure single sign-on by granting access to 360 Online.
-
-1. In the Azure portal, select **Enterprise Applications**, select **All applications**, then select **360 Online**.
-
- ![Enterprise applications blade](common/enterprise-applications.png)
-
-2. In the applications list, select **360 Online**.
-
- ![The 360 Online link in the Applications list](common/all-applications.png)
+In this section, you'll enable B.Simon to use Azure single sign-on by granting access to 360 Online.
-3. In the menu on the left, select **Users and groups**.
+1. In the Azure portal, select **Enterprise Applications**, and then select **All applications**.
+1. In the applications list, select **360 Online**.
+1. In the app's overview page, find the **Manage** section and select **Users and groups**.
+1. Select **Add user**, then select **Users and groups** in the **Add Assignment** dialog.
+1. In the **Users and groups** dialog, select **B.Simon** from the Users list, then click the **Select** button at the bottom of the screen.
+1. If you are expecting a role to be assigned to the users, you can select it from the **Select a role** dropdown. If no role has been set up for this app, you see "Default Access" role selected.
+1. In the **Add Assignment** dialog, click the **Assign** button.
- ![The "Users and groups" link](common/users-groups-blade.png)
+## Configure 360 Online SSO
-4. Click the **Add user** button, then select **Users and groups** in the **Add Assignment** dialog.
-
- ![The Add Assignment pane](common/add-assign-user.png)
-
-5. In the **Users and groups** dialog select **Britta Simon** in the Users list, then click the **Select** button at the bottom of the screen.
-
-6. If you are expecting any role value in the SAML assertion then in the **Select Role** dialog select the appropriate role for the user from the list, then click the **Select** button at the bottom of the screen.
-
-7. In the **Add Assignment** dialog click the **Assign** button.
+To configure single sign-on on **360 Online** side, you need to send the downloaded **Metadata XML** and appropriate copied URLs from Azure portal to [360 Online support team](mailto:360online@software-innovation.com). They set this setting to have the SAML SSO connection set properly on both sides.
### Create 360 Online test user In this section, you create a user called Britta Simon in 360 Online. Work with [360 Online support team](mailto:360online@software-innovation.com) to add the users in the 360 Online platform. Users must be created and activated before you use single sign-on.
-### Test single sign-on
+## Test SSO
-In this section, you test your Azure AD single sign-on configuration using the Access Panel.
+In this section, you test your Azure AD single sign-on configuration with following options.
-When you click the 360 Online tile in the Access Panel, you should be automatically signed in to the 360 Online for which you set up SSO. For more information about the Access Panel, see [Introduction to the Access Panel](../user-help/my-apps-portal-end-user-access.md).
+* Click on **Test this application** in Azure portal. This will redirect to 360 Online Sign-on URL where you can initiate the login flow.
-## Additional Resources
+* Go to 360 Online Sign-on URL directly and initiate the login flow from there.
-- [List of Tutorials on How to Integrate SaaS Apps with Azure Active Directory](./tutorial-list.md)
+* You can use Microsoft My Apps. When you click the 360 Online tile in the My Apps, this will redirect to 360 Online Sign-on URL. For more information about the My Apps, see [Introduction to the My Apps](../user-help/my-apps-portal-end-user-access.md).
-- [What is application access and single sign-on with Azure Active Directory?](../manage-apps/what-is-single-sign-on.md)
+## Next steps
-- [What is Conditional Access in Azure Active Directory?](../conditional-access/overview.md)
+Once you configure 360 Online you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-aad).
active-directory Alertmedia Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/alertmedia-tutorial.md
Previously updated : 04/17/2020 Last updated : 05/13/2021
In this tutorial, you'll learn how to integrate AlertMedia with Azure Active Dir
* Enable your users to be automatically signed-in to AlertMedia with their Azure AD accounts. * Manage your accounts in one central location - the Azure portal.
-To learn more about SaaS app integration with Azure AD, see [What is application access and single sign-on with Azure Active Directory](../manage-apps/what-is-single-sign-on.md).
- ## Prerequisites To get started, you need the following items:
To get started, you need the following items:
In this tutorial, you configure and test Azure AD SSO in a test environment.
-* AlertMedia supports **IDP** initiated SSO
-* AlertMedia supports **Just In Time** user provisioning
-* Once you configure AlertMedia you can enforce session control, which protect exfiltration and infiltration of your organizationΓÇÖs sensitive data in real-time. Session control extend from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-any-app).
+* AlertMedia supports **IDP** initiated SSO.
+* AlertMedia supports **Just In Time** user provisioning.
-## Adding AlertMedia from the gallery
+## Add AlertMedia from the gallery
To configure the integration of AlertMedia into Azure AD, you need to add AlertMedia from the gallery to your list of managed SaaS apps.
-1. Sign in to the [Azure portal](https://portal.azure.com) using either a work or school account, or a personal Microsoft account.
+1. Sign in to the Azure portal using either a work or school account, or a personal Microsoft account.
1. On the left navigation pane, select the **Azure Active Directory** service. 1. Navigate to **Enterprise Applications** and then select **All Applications**. 1. To add new application, select **New application**. 1. In the **Add from the gallery** section, type **AlertMedia** in the search box. 1. Select **AlertMedia** from results panel and then add the app. Wait a few seconds while the app is added to your tenant. -
-## Configure and test Azure AD single sign-on for AlertMedia
+## Configure and test Azure AD SSO for AlertMedia
Configure and test Azure AD SSO with AlertMedia using a test user called **B.Simon**. For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in AlertMedia.
-To configure and test Azure AD SSO with AlertMedia, complete the following building blocks:
+To configure and test Azure AD SSO with AlertMedia, perform the following steps:
1. **[Configure Azure AD SSO](#configure-azure-ad-sso)** - to enable your users to use this feature. 1. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon.
To configure and test Azure AD SSO with AlertMedia, complete the following build
Follow these steps to enable Azure AD SSO in the Azure portal.
-1. In the [Azure portal](https://portal.azure.com/), on the **AlertMedia** application integration page, find the **Manage** section and select **single sign-on**.
+1. In the Azure portal, on the **AlertMedia** application integration page, find the **Manage** section and select **single sign-on**.
1. On the **Select a single sign-on method** page, select **SAML**.
-1. On the **Set up single sign-on with SAML** page, click the edit/pen icon for **Basic SAML Configuration** to edit the settings.
+1. On the **Set up single sign-on with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.
![Edit Basic SAML Configuration](common/edit-urls.png)
-1. On the **Set up single sign-on with SAML** page, enter the values for the following fields:
+1. On the **Set up single sign-on with SAML** page, perform the following steps:
a. In the **Identifier** text box, type a URL using the following pattern: `https://<SUBDOMAIN>.alertmedia.com`
In this section, you'll enable B.Simon to use Azure single sign-on by granting a
1. In the Azure portal, select **Enterprise Applications**, and then select **All applications**. 1. In the applications list, select **AlertMedia**. 1. In the app's overview page, find the **Manage** section and select **Users and groups**.-
- ![The "Users and groups" link](common/users-groups-blade.png)
- 1. Select **Add user**, then select **Users and groups** in the **Add Assignment** dialog.-
- ![The Add User link](common/add-assign-user.png)
- 1. In the **Users and groups** dialog, select **B.Simon** from the Users list, then click the **Select** button at the bottom of the screen.
-1. If you're expecting any role value in the SAML assertion, in the **Select Role** dialog, select the appropriate role for the user from the list and then click the **Select** button at the bottom of the screen.
+1. If you are expecting a role to be assigned to the users, you can select it from the **Select a role** dropdown. If no role has been set up for this app, you see "Default Access" role selected.
1. In the **Add Assignment** dialog, click the **Assign** button. ## Configure AlertMedia SSO
In this section, you'll enable B.Simon to use Azure single sign-on by granting a
1. In a new web browser window, sign in to your AlertMedia company site as an administrator. 1. Navigate to **Company** and select **Single Sign-On**.
- ![The Account button](./media/alertmedia-tutorial/Configure1.png)
-1. In the **Authentication Method**, select **Remote SAML Metadata**
-1. Toggle ON the **Sign Request**
-1. Toggle ON the **Allow Passive Requests**
+ ![The Account button](./media/alertmedia-tutorial/account.png)
+
+1. In the **Authentication Method**, select **Remote SAML Metadata**.
+1. Toggle ON the **Sign Request**.
+1. Toggle ON the **Allow Passive Requests**.
1. In the **MetaData URL** textbox, paste the **App Federation Metadata Url** value, which you have copied fro the Azure portal.
-1. Select **Requested Authentication Context Comparison** as **exact**
+1. Select **Requested Authentication Context Comparison** as **exact**.
1. In **IDP Login URL** textbox, paste the **Login URL** value, which you have copied from the Azure portal.
-1. Click **Save**
+1. Click **Save**.
### Create AlertMedia test user
In this section, a user called Britta Simon is created in AlertMedia. AlertMedia
## Test SSO
-In this section, you test your Azure AD single sign-on configuration using the Access Panel.
-
-When you click the AlertMedia tile in the Access Panel, you should be automatically signed in to the AlertMedia for which you set up SSO. For more information about the Access Panel, see [Introduction to the Access Panel](../user-help/my-apps-portal-end-user-access.md).
-
-## Additional resources
--- [ List of Tutorials on How to Integrate SaaS Apps with Azure Active Directory ](./tutorial-list.md)--- [What is application access and single sign-on with Azure Active Directory? ](../manage-apps/what-is-single-sign-on.md)
+In this section, you test your Azure AD single sign-on configuration with following options.
-- [What is conditional access in Azure Active Directory?](../conditional-access/overview.md)
+* Click on Test this application in Azure portal and you should be automatically signed in to the AlertMedia for which you set up the SSO.
-- [Try AlertMedia with Azure AD](https://aad.portal.azure.com/)
+* You can use Microsoft My Apps. When you click the AlertMedia tile in the My Apps, you should be automatically signed in to the AlertMedia for which you set up the SSO. For more information about the My Apps, see [Introduction to the My Apps](../user-help/my-apps-portal-end-user-access.md).
-- [What is session control in Microsoft Cloud App Security?](/cloud-app-security/proxy-intro-aad)
+## Next steps
-- [How to protect AlertMedia with advanced visibility and controls](/cloud-app-security/proxy-intro-aad)
+Once you configure AlertMedia you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-aad).
active-directory Ally Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/ally-tutorial.md
Previously updated : 05/05/2021 Last updated : 05/03/2021
In this tutorial, you'll learn how to integrate Ally.io with Azure Active Direct
* Enable your users to be automatically signed-in to Ally.io with their Azure AD accounts. * Manage your accounts in one central location - the Azure portal.
-To learn more about SaaS app integration with Azure AD, see [What is application access and single sign-on with Azure Active Directory](../manage-apps/what-is-single-sign-on.md).
- ## Prerequisites To get started, you need the following items:
To get started, you need the following items:
In this tutorial, you configure and test Azure AD SSO in a test environment.
-* Ally.io supports **SP and IDP** initiated SSO
-* Ally.io supports **Just In Time** user provisioning
-* Once you configure Ally.io, you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-any-app).
+* Ally.io supports **SP and IDP** initiated SSO.
+* Ally.io supports **Just In Time** user provisioning.
-## Adding Ally.io from the gallery
+## Add Ally.io from the gallery
To configure the integration of Ally.io into Azure AD, you need to add Ally.io from the gallery to your list of managed SaaS apps.
-1. Sign in to the [Azure portal](https://portal.azure.com) using either a work or school account, or a personal Microsoft account.
+1. Sign in to the Azure portal using either a work or school account, or a personal Microsoft account.
1. On the left navigation pane, select the **Azure Active Directory** service. 1. Go to **Enterprise Applications** and then select **All Applications**. 1. To add new application, select **New application**. 1. In the **Add from the gallery** section, type **Ally.io** in the search box. 1. Select **Ally.io** from results panel and then add the app. Wait a few seconds while the app is added to your tenant.
-## Configure and test Azure AD single sign-on for Ally.io
+## Configure and test Azure AD SSO for Ally.io
Configure and test Azure AD SSO with Ally.io using a test user called **B.Simon**. For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in Ally.io.
-To configure and test Azure AD SSO with Ally.io, complete the following building blocks:
+To configure and test Azure AD SSO with Ally.io, perform the following steps:
1. **[Configure Azure AD SSO](#configure-azure-ad-sso)** - to enable your users to use this feature. 1. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon.
To configure and test Azure AD SSO with Ally.io, complete the following building
Follow these steps to enable Azure AD SSO in the Azure portal.
-1. In the [Azure portal](https://portal.azure.com/), on the **Ally.io** application integration page, find the **Manage** section and select **single sign-on**.
+1. In the Azure portal, on the **Ally.io** application integration page, find the **Manage** section and select **single sign-on**.
1. On the **Select a single sign-on method** page, select **SAML**.
-1. On the **Set up single sign-on with SAML** page, click the edit/pen icon for **Basic SAML Configuration** to edit the settings.
+1. On the **Set up single sign-on with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.
![Edit Basic SAML Configuration](common/edit-urls.png)
Follow these steps to enable Azure AD SSO in the Azure portal.
1. Click **Set additional URLs** and perform the following step if you wish to configure the application in **SP** initiated mode:
- In the **Sign-on URL** text box, type a URL:
+ In the **Sign-on URL** text box, type the URL:
`https://app.ally.io/` > [!NOTE]
In this section, you'll enable B.Simon to use Azure single sign-on by granting a
1. In the Azure portal, select **Enterprise Applications**, and then select **All applications**. 1. In the applications list, select **Ally.io**. 1. In the app's overview page, find the **Manage** section and select **Users and groups**.-
- ![The "Users and groups" link](common/users-groups-blade.png)
- 1. Select **Add user**, then select **Users and groups** in the **Add Assignment** dialog.-
- ![The Add User link](common/add-assign-user.png)
- 1. In the **Users and groups** dialog, select **B.Simon** from the Users list, then click the **Select** button at the bottom of the screen.
-1. If you're expecting any role value in the SAML assertion, in the **Select Role** dialog, select the appropriate role for the user from the list and then click the **Select** button at the bottom of the screen.
+1. If you are expecting a role to be assigned to the users, you can select it from the **Select a role** dropdown. If no role has been set up for this app, you see "Default Access" role selected.
1. In the **Add Assignment** dialog, click the **Assign** button. ## Configure Ally.io SSO
To configure single sign-on on Ally.io side, you need to copy the Certificate (B
## Test SSO
-In this section, you test your Azure AD single sign-on configuration using the Access Panel.
-
-When you click the Ally.io tile in the Access Panel, you should be automatically signed in to the Ally.io for which you set up SSO. For more information about the Access Panel, see [Introduction to the Access Panel](../user-help/my-apps-portal-end-user-access.md).
+In this section, you test your Azure AD single sign-on configuration with following options.
-A user called B.Simon is created in Ally.io. Ally.io supports just-in-time provisioning, which is enabled by default. There is no action item for you in this section. If a user doesn't already exist in Ally.io, a new one is created when you attempt to access Ally.io.
+#### SP initiated:
-## Additional resources
+* Click on **Test this application** in Azure portal. This will redirect to Ally.io Sign on URL where you can initiate the login flow.
-- [List of Tutorials on How to Integrate SaaS Apps with Azure Active Directory](./tutorial-list.md)
+* Go to Ally.io Sign-on URL directly and initiate the login flow from there.
-- [What is application access and single sign-on with Azure Active Directory?](../manage-apps/what-is-single-sign-on.md)
+#### IDP initiated:
-- [What is conditional access in Azure Active Directory?](../conditional-access/overview.md)
+* Click on **Test this application** in Azure portal and you should be automatically signed in to the Ally.io for which you set up the SSO.
-- [Try Ally.io with Azure AD](https://aad.portal.azure.com/)
+You can also use Microsoft My Apps to test the application in any mode. When you click the Ally.io tile in the My Apps, if configured in SP mode you would be redirected to the application sign on page for initiating the login flow and if configured in IDP mode, you should be automatically signed in to the Ally.io for which you set up the SSO. For more information about the My Apps, see [Introduction to the My Apps](../user-help/my-apps-portal-end-user-access.md).
-- [What is session control in Microsoft Cloud App Security?](/cloud-app-security/proxy-intro-aad)
+## Next steps
-- [How to protect Ally.io with advanced visibility and controls](/cloud-app-security/proxy-intro-aad)
+Once you configure Ally.io you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-aad).
active-directory Apexportal Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/apexportal-tutorial.md
Previously updated : 01/03/2020 Last updated : 05/11/2021
In this tutorial, you'll learn how to integrate Apex Portal with Azure Active Di
* Enable your users to be automatically signed-in to Apex Portal with their Azure AD accounts. * Manage your accounts in one central location - the Azure portal.
-To learn more about SaaS app integration with Azure AD, see [What is application access and single sign-on with Azure Active Directory](../manage-apps/what-is-single-sign-on.md).
- ## Prerequisites To get started, you need the following items:
To get started, you need the following items:
In this tutorial, you configure and test Azure AD SSO in a test environment.
-* Apex Portal supports **IDP** initiated SSO
-* Apex Portal supports **Just In Time** user provisioning
+* Apex Portal supports **IDP** initiated SSO.
+* Apex Portal supports **Just In Time** user provisioning.
-## Adding Apex Portal from the gallery
+## Add Apex Portal from the gallery
To configure the integration of Apex Portal into Azure AD, you need to add Apex Portal from the gallery to your list of managed SaaS apps.
-1. Sign in to the [Azure portal](https://portal.azure.com) using either a work or school account, or a personal Microsoft account.
+1. Sign in to the Azure portal using either a work or school account, or a personal Microsoft account.
1. On the left navigation pane, select the **Azure Active Directory** service. 1. Navigate to **Enterprise Applications** and then select **All Applications**. 1. To add new application, select **New application**. 1. In the **Add from the gallery** section, type **Apex Portal** in the search box. 1. Select **Apex Portal** from results panel and then add the app. Wait a few seconds while the app is added to your tenant.
-## Configure and test Azure AD single sign-on for Apex Portal
+## Configure and test Azure AD SSO for Apex Portal
Configure and test Azure AD SSO with Apex Portal using a test user called **B.Simon**. For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in Apex Portal.
-To configure and test Azure AD SSO with Apex Portal, complete the following building blocks:
+To configure and test Azure AD SSO with Apex Portal, perform the following steps:
1. **[Configure Azure AD SSO](#configure-azure-ad-sso)** - to enable your users to use this feature.
- * **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon.
- * **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable B.Simon to use Azure AD single sign-on.
+ 1. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon.
+ 1. **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable B.Simon to use Azure AD single sign-on.
1. **[Configure Apex Portal SSO](#configure-apex-portal-sso)** - to configure the single sign-on settings on application side.
- * **[Create Apex Portal test user](#create-apex-portal-test-user)** - to have a counterpart of B.Simon in Apex Portal that is linked to the Azure AD representation of user.
+ 1. **[Create Apex Portal test user](#create-apex-portal-test-user)** - to have a counterpart of B.Simon in Apex Portal that is linked to the Azure AD representation of user.
1. **[Test SSO](#test-sso)** - to verify whether the configuration works. ## Configure Azure AD SSO Follow these steps to enable Azure AD SSO in the Azure portal.
-1. In the [Azure portal](https://portal.azure.com/), on the **Apex Portal** application integration page, find the **Manage** section and select **single sign-on**.
+1. In the Azure portal, on the **Apex Portal** application integration page, find the **Manage** section and select **single sign-on**.
1. On the **Select a single sign-on method** page, select **SAML**.
-1. On the **Set up single sign-on with SAML** page, click the edit/pen icon for **Basic SAML Configuration** to edit the settings.
+1. On the **Set up single sign-on with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.
![Edit Basic SAML Configuration](common/edit-urls.png)
In this section, you'll enable B.Simon to use Azure single sign-on by granting a
1. In the Azure portal, select **Enterprise Applications**, and then select **All applications**. 1. In the applications list, select **Apex Portal**. 1. In the app's overview page, find the **Manage** section and select **Users and groups**.-
- ![The "Users and groups" link](common/users-groups-blade.png)
- 1. Select **Add user**, then select **Users and groups** in the **Add Assignment** dialog.-
- ![The Add User link](common/add-assign-user.png)
- 1. In the **Users and groups** dialog, select **B.Simon** from the Users list, then click the **Select** button at the bottom of the screen.
-1. If you're expecting any role value in the SAML assertion, in the **Select Role** dialog, select the appropriate role for the user from the list and then click the **Select** button at the bottom of the screen.
+1. If you are expecting a role to be assigned to the users, you can select it from the **Select a role** dropdown. If no role has been set up for this app, you see "Default Access" role selected.
1. In the **Add Assignment** dialog, click the **Assign** button. ## Configure Apex Portal SSO
In this section, a user called Britta Simon is created in Apex Portal. Apex Port
## Test SSO
-In this section, you test your Azure AD single sign-on configuration using the Access Panel.
-
-When you click the Apex Portal tile in the Access Panel, you should be automatically signed in to the Apex Portal for which you set up SSO. For more information about the Access Panel, see [Introduction to the Access Panel](../user-help/my-apps-portal-end-user-access.md).
-
-## Additional resources
+In this section, you test your Azure AD single sign-on configuration with following options.
-- [ List of Tutorials on How to Integrate SaaS Apps with Azure Active Directory ](./tutorial-list.md)
+* Click on Test this application in Azure portal and you should be automatically signed in to the Apex Portal for which you set up the SSO.
-- [What is application access and single sign-on with Azure Active Directory? ](../manage-apps/what-is-single-sign-on.md)
+* You can use Microsoft My Apps. When you click the Apex Portal tile in the My Apps, you should be automatically signed in to the Apex Portal for which you set up the SSO. For more information about the My Apps, see [Introduction to the My Apps](../user-help/my-apps-portal-end-user-access.md).
-- [What is conditional access in Azure Active Directory?](../conditional-access/overview.md)
+## Next steps
-- [Try Apex Portal with Azure AD](https://aad.portal.azure.com/)
+Once you configure Apex Portal you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-aad).
active-directory Auditboard Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/auditboard-tutorial.md
Previously updated : 04/03/2019 Last updated : 05/10/2021 # Tutorial: Azure Active Directory integration with AuditBoard
-In this tutorial, you learn how to integrate AuditBoard with Azure Active Directory (Azure AD).
-Integrating AuditBoard with Azure AD provides you with the following benefits:
+In this tutorial, you'll learn how to integrate AuditBoard with Azure Active Directory (Azure AD). When you integrate AuditBoard with Azure AD, you can:
-* You can control in Azure AD who has access to AuditBoard.
-* You can enable your users to be automatically signed-in to AuditBoard (Single Sign-On) with their Azure AD accounts.
-* You can manage your accounts in one central location - the Azure portal.
-
-If you want to know more details about SaaS app integration with Azure AD, see [What is application access and single sign-on with Azure Active Directory](../manage-apps/what-is-single-sign-on.md).
-If you don't have an Azure subscription, [create a free account](https://azure.microsoft.com/free/) before you begin.
+* Control in Azure AD who has access to AuditBoard.
+* Enable your users to be automatically signed-in to AuditBoard with their Azure AD accounts.
+* Manage your accounts in one central location - the Azure portal.
## Prerequisites To configure Azure AD integration with AuditBoard, you need the following items:
-* An Azure AD subscription. If you don't have an Azure AD environment, you can get a [free account](https://azure.microsoft.com/free/)
-* AuditBoard single sign-on enabled subscription
+* An Azure AD subscription. If you don't have an Azure AD environment, you can get a [free account](https://azure.microsoft.com/free/).
+* AuditBoard single sign-on enabled subscription.
## Scenario description In this tutorial, you configure and test Azure AD single sign-on in a test environment.
-* AuditBoard supports **SP and IDP** initiated SSO
+* AuditBoard supports **SP and IDP** initiated SSO.
-## Adding AuditBoard from the gallery
+## Add AuditBoard from the gallery
To configure the integration of AuditBoard into Azure AD, you need to add AuditBoard from the gallery to your list of managed SaaS apps.
-**To add AuditBoard from the gallery, perform the following steps:**
-
-1. In the **[Azure portal](https://portal.azure.com)**, on the left navigation panel, click **Azure Active Directory** icon.
-
- ![The Azure Active Directory button](common/select-azuread.png)
-
-2. Navigate to **Enterprise Applications** and then select the **All Applications** option.
-
- ![The Enterprise applications blade](common/enterprise-applications.png)
-
-3. To add new application, click **New application** button on the top of dialog.
-
- ![The New application button](common/add-new-app.png)
-
-4. In the search box, type **AuditBoard**, select **AuditBoard** from result panel then click **Add** button to add the application.
-
- ![AuditBoard in the results list](common/search-new-app.png)
-
-## Configure and test Azure AD single sign-on
+1. Sign in to the Azure portal using either a work or school account, or a personal Microsoft account.
+1. On the left navigation pane, select the **Azure Active Directory** service.
+1. Navigate to **Enterprise Applications** and then select **All Applications**.
+1. To add new application, select **New application**.
+1. In the **Add from the gallery** section, type **AuditBoard** in the search box.
+1. Select **AuditBoard** from results panel and then add the app. Wait a few seconds while the app is added to your tenant.
-In this section, you configure and test Azure AD single sign-on with AuditBoard based on a test user called **Britta Simon**.
-For single sign-on to work, a link relationship between an Azure AD user and the related user in AuditBoard needs to be established.
+## Configure and test Azure AD SSO for AuditBoard
-To configure and test Azure AD single sign-on with AuditBoard, you need to complete the following building blocks:
+Configure and test Azure AD SSO with AuditBoard using a test user called **B.Simon**. For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in AuditBoard.
-1. **[Configure Azure AD Single Sign-On](#configure-azure-ad-single-sign-on)** - to enable your users to use this feature.
-2. **[Configure AuditBoard Single Sign-On](#configure-auditboard-single-sign-on)** - to configure the Single Sign-On settings on application side.
-3. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with Britta Simon.
-4. **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable Britta Simon to use Azure AD single sign-on.
-5. **[Create AuditBoard test user](#create-auditboard-test-user)** - to have a counterpart of Britta Simon in AuditBoard that is linked to the Azure AD representation of user.
-6. **[Test single sign-on](#test-single-sign-on)** - to verify whether the configuration works.
+To configure and test Azure AD SSO with AuditBoard, perform the following steps:
-### Configure Azure AD single sign-on
+1. **[Configure Azure AD SSO](#configure-azure-ad-sso)** - to enable your users to use this feature.
+ 1. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon.
+ 1. **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable B.Simon to use Azure AD single sign-on.
+1. **[Configure AuditBoard SSO](#configure-auditboard-sso)** - to configure the single sign-on settings on application side.
+ 1. **[Create AuditBoard test user](#create-auditboard-test-user)** - to have a counterpart of B.Simon in AuditBoard that is linked to the Azure AD representation of user.
+1. **[Test SSO](#test-sso)** - to verify whether the configuration works.
-In this section, you enable Azure AD single sign-on in the Azure portal.
+## Configure Azure AD SSO
-To configure Azure AD single sign-on with AuditBoard, perform the following steps:
+Follow these steps to enable Azure AD SSO in the Azure portal.
-1. In the [Azure portal](https://portal.azure.com/), on the **AuditBoard** application integration page, select **Single sign-on**.
+1. In the Azure portal, on the **AuditBoard** application integration page, find the **Manage** section and select **single sign-on**.
+1. On the **Select a single sign-on method** page, select **SAML**.
+1. On the **Set up single sign-on with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.
- ![Configure single sign-on link](common/select-sso.png)
-
-2. On the **Select a Single sign-on method** dialog, select **SAML/WS-Fed** mode to enable single sign-on.
-
- ![Single sign-on select mode](common/select-saml-option.png)
-
-3. On the **Set up Single Sign-On with SAML** page, click **Edit** icon to open **Basic SAML Configuration** dialog.
-
- ![Edit Basic SAML Configuration](common/edit-urls.png)
+ ![Edit Basic SAML Configuration](common/edit-urls.png)
4. On the **Basic SAML Configuration** section, if you wish to configure the application in **IDP initiated** mode perform the following steps:
- ![Screenshot shows the Basic SAML Configuration, where you can enter Identifier, Reply U R L, and select Save.](common/idp-intiated.png)
- a. In the **Identifier** text box, type a URL using the following pattern: `https://<SUBDOMAIN>.auditboardapp.com/api/v1/sso/saml/metadata.xml`
To configure Azure AD single sign-on with AuditBoard, perform the following step
d. In the **Sign-on URL** text box, type a URL using the following pattern: `https://<SUBDOMAIN>.auditboardapp.com/`
- ![Screenshot shows Set additional U R Ls where you can enter a Sign on U R L.](common/metadata-upload-additional-signon.png)
- > [!NOTE] > These values are not real. Update these values with the actual Identifier, Reply URL and Sign-on URL. Contact [AuditBoard Client support team](mailto:support@auditboard.com) to get these values. You can also refer to the patterns shown in the **Basic SAML Configuration** section in the Azure portal.
To configure Azure AD single sign-on with AuditBoard, perform the following step
![The Certificate download link](common/copy-metadataurl.png)
-### Configure AuditBoard Single Sign-On
-
-To configure single sign-on on **AuditBoard** side, you need to send the **App Federation Metadata Url** to [AuditBoard support team](mailto:support@auditboard.com). They set this setting to have the SAML SSO connection set properly on both sides.
- ### Create an Azure AD test user
-The objective of this section is to create a test user in the Azure portal called Britta Simon.
+In this section, you'll create a test user in the Azure portal called B.Simon.
-1. In the Azure portal, in the left pane, select **Azure Active Directory**, select **Users**, and then select **All users**.
-
- ![The "Users and groups" and "All users" links](common/users.png)
-
-2. Select **New user** at the top of the screen.
-
- ![New user Button](common/new-user.png)
-
-3. In the User properties, perform the following steps.
-
- ![The User dialog box](common/user-properties.png)
-
- a. In the **Name** field enter **BrittaSimon**.
-
- b. In the **User name** field type `brittasimon@yourcompanydomain.extension`. For example, BrittaSimon@contoso.com
-
- c. Select **Show password** check box, and then write down the value that's displayed in the Password box.
-
- d. Click **Create**.
+1. From the left pane in the Azure portal, select **Azure Active Directory**, select **Users**, and then select **All users**.
+1. Select **New user** at the top of the screen.
+1. In the **User** properties, follow these steps:
+ 1. In the **Name** field, enter `B.Simon`.
+ 1. In the **User name** field, enter the username@companydomain.extension. For example, `B.Simon@contoso.com`.
+ 1. Select the **Show password** check box, and then write down the value that's displayed in the **Password** box.
+ 1. Click **Create**.
### Assign the Azure AD test user
-In this section, you enable Britta Simon to use Azure single sign-on by granting access to AuditBoard.
-
-1. In the Azure portal, select **Enterprise Applications**, select **All applications**, then select **AuditBoard**.
+In this section, you'll enable B.Simon to use Azure single sign-on by granting access to AuditBoard.
- ![Enterprise applications blade](common/enterprise-applications.png)
+1. In the Azure portal, select **Enterprise Applications**, and then select **All applications**.
+1. In the applications list, select **AuditBoard**.
+1. In the app's overview page, find the **Manage** section and select **Users and groups**.
+1. Select **Add user**, then select **Users and groups** in the **Add Assignment** dialog.
+1. In the **Users and groups** dialog, select **B.Simon** from the Users list, then click the **Select** button at the bottom of the screen.
+1. If you are expecting a role to be assigned to the users, you can select it from the **Select a role** dropdown. If no role has been set up for this app, you see "Default Access" role selected.
+1. In the **Add Assignment** dialog, click the **Assign** button.
-2. In the applications list, select **AuditBoard**.
+## Configure AuditBoard SSO
- ![The AuditBoard link in the Applications list](common/all-applications.png)
-
-3. In the menu on the left, select **Users and groups**.
-
- ![The "Users and groups" link](common/users-groups-blade.png)
-
-4. Click the **Add user** button, then select **Users and groups** in the **Add Assignment** dialog.
-
- ![The Add Assignment pane](common/add-assign-user.png)
+To configure single sign-on on **AuditBoard** side, you need to send the **App Federation Metadata Url** to [AuditBoard support team](mailto:support@auditboard.com). They set this setting to have the SAML SSO connection set properly on both sides.
-5. In the **Users and groups** dialog select **Britta Simon** in the Users list, then click the **Select** button at the bottom of the screen.
+### Create AuditBoard test user
-6. If you are expecting any role value in the SAML assertion then in the **Select Role** dialog select the appropriate role for the user from the list, then click the **Select** button at the bottom of the screen.
+In this section, you create a user called Britta Simon in AuditBoard. Work with [AuditBoard support team](mailto:support@auditboard.com) to add the users in the AuditBoard platform. Users must be created and activated before you use single sign-on.
-7. In the **Add Assignment** dialog click the **Assign** button.
+## Test SSO
-### Create AuditBoard test user
+In this section, you test your Azure AD single sign-on configuration with following options.
-In this section, you create a user called Britta Simon in AuditBoard. Work with [AuditBoard support team](mailto:support@auditboard.com) to add the users in the AuditBoard platform. Users must be created and activated before you use single sign-on.
+#### SP initiated:
-### Test single sign-on
+* Click on **Test this application** in Azure portal. This will redirect to AuditBoard Sign on URL where you can initiate the login flow.
-In this section, you test your Azure AD single sign-on configuration using the Access Panel.
+* Go to AuditBoard Sign-on URL directly and initiate the login flow from there.
-When you click the AuditBoard tile in the Access Panel, you should be automatically signed in to the AuditBoard for which you set up SSO. For more information about the Access Panel, see [Introduction to the Access Panel](../user-help/my-apps-portal-end-user-access.md).
+#### IDP initiated:
-## Additional Resources
+* Click on **Test this application** in Azure portal and you should be automatically signed in to the AuditBoard for which you set up the SSO.
-- [List of Tutorials on How to Integrate SaaS Apps with Azure Active Directory](./tutorial-list.md)
+You can also use Microsoft My Apps to test the application in any mode. When you click the AuditBoard tile in the My Apps, if configured in SP mode you would be redirected to the application sign on page for initiating the login flow and if configured in IDP mode, you should be automatically signed in to the AuditBoard for which you set up the SSO. For more information about the My Apps, see [Introduction to the My Apps](../user-help/my-apps-portal-end-user-access.md).
-- [What is application access and single sign-on with Azure Active Directory?](../manage-apps/what-is-single-sign-on.md)
+## Next steps
-- [What is Conditional Access in Azure Active Directory?](../conditional-access/overview.md)
+Once you configure AuditBoard you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-aad).
active-directory Bluejeans Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/bluejeans-tutorial.md
Previously updated : 06/09/2020 Last updated : 05/03/2021
In this tutorial, you'll learn how to integrate BlueJeans for Azure AD with Azur
* Enable your users to be automatically signed-in to BlueJeans for Azure AD with their Azure AD accounts. * Manage your accounts in one central location - the Azure portal.
-To learn more about SaaS app integration with Azure AD, see [What is application access and single sign-on with Azure Active Directory](../manage-apps/what-is-single-sign-on.md).
- ## Prerequisites To get started, you need the following items:
To get started, you need the following items:
In this tutorial, you configure and test Azure AD SSO in a test environment.
-* BlueJeans for Azure AD supports **SP** initiated SSO
+* BlueJeans for Azure AD supports **SP** initiated SSO.
-* BlueJeans for Azure AD supports [**Automated** user provisioning](bluejeans-provisioning-tutorial.md)
+* BlueJeans for Azure AD supports [**Automated** user provisioning](bluejeans-provisioning-tutorial.md).
> [!NOTE] > Identifier of this application is a fixed string value so only one instance can be configured in one tenant.
-## Adding BlueJeans for Azure AD from the gallery
+## Add BlueJeans for Azure AD from the gallery
To configure the integration of BlueJeans for Azure AD into Azure AD, you need to add BlueJeans for Azure AD from the gallery to your list of managed SaaS apps.
-1. Sign in to the [Azure portal](https://portal.azure.com) using either a work or school account, or a personal Microsoft account.
+1. Sign in to the Azure portal using either a work or school account, or a personal Microsoft account.
1. On the left navigation pane, select the **Azure Active Directory** service. 1. Navigate to **Enterprise Applications** and then select **All Applications**. 1. To add new application, select **New application**. 1. In the **Add from the gallery** section, type **BlueJeans for Azure AD** in the search box. 1. Select **BlueJeans for Azure AD** from results panel and then add the app. Wait a few seconds while the app is added to your tenant. -
-## Configure and test Azure AD single sign-on for BlueJeans for Azure AD
+## Configure and test Azure AD SSO for BlueJeans for Azure AD
Configure and test Azure AD SSO with BlueJeans for Azure AD using a test user called **B.Simon**. For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in BlueJeans for Azure AD.
-To configure and test Azure AD SSO with BlueJeans for Azure AD, complete the following building blocks:
+To configure and test Azure AD SSO with BlueJeans for Azure AD, perform the following steps:
1. **[Configure Azure AD SSO](#configure-azure-ad-sso)** - to enable your users to use this feature. 1. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon.
To configure and test Azure AD SSO with BlueJeans for Azure AD, complete the fol
Follow these steps to enable Azure AD SSO in the Azure portal.
-1. In the [Azure portal](https://portal.azure.com/), on the **BlueJeans for Azure AD** application integration page, find the **Manage** section and select **single sign-on**.
+1. In the Azure portal, on the **BlueJeans for Azure AD** application integration page, find the **Manage** section and select **single sign-on**.
1. On the **Select a single sign-on method** page, select **SAML**.
-1. On the **Set up single sign-on with SAML** page, click the edit/pen icon for **Basic SAML Configuration** to edit the settings.
+1. On the **Set up single sign-on with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.
![Edit Basic SAML Configuration](common/edit-urls.png)
Follow these steps to enable Azure AD SSO in the Azure portal.
a. In the **Sign-on URL** text box, type a URL using the following pattern: `https://<companyname>.bluejeans.com`
- a. In the **Identifier (Entity ID)** text box, type a URL:
+ a. In the **Identifier (Entity ID)** text box, type the URL:
`http://samlsp.bluejeans.com`
- a. In the **Reply URL** text box, type a URL:
+ a. In the **Reply URL** text box, type the URL:
`https://bluejeans.com/sso/saml2/` > [!NOTE]
In this section, you'll enable B.Simon to use Azure single sign-on by granting a
1. In the Azure portal, select **Enterprise Applications**, and then select **All applications**. 1. In the applications list, select **BlueJeans for Azure AD**. 1. In the app's overview page, find the **Manage** section and select **Users and groups**.-
- ![The "Users and groups" link](common/users-groups-blade.png)
- 1. Select **Add user**, then select **Users and groups** in the **Add Assignment** dialog.-
- ![The Add User link](common/add-assign-user.png)
- 1. In the **Users and groups** dialog, select **B.Simon** from the Users list, then click the **Select** button at the bottom of the screen.
-1. If you're expecting any role value in the SAML assertion, in the **Select Role** dialog, select the appropriate role for the user from the list and then click the **Select** button at the bottom of the screen.
+1. If you are expecting a role to be assigned to the users, you can select it from the **Select a role** dropdown. If no role has been set up for this app, you see "Default Access" role selected.
1. In the **Add Assignment** dialog, click the **Assign** button. ## Configure BlueJeans for Azure AD SSO
In this section, you'll enable B.Simon to use Azure single sign-on by granting a
2. Go to **ADMIN \> GROUP SETTINGS \> SECURITY**.
- ![Screenshot shows part of a browser window with the Admin tab selected, with Group Setting and Security selected.](./media/bluejeans-tutorial/ic785868.png "Admin")
+ ![Screenshot shows part of a browser window with the Admin tab selected, with Group Setting and Security selected.](./media/bluejeans-tutorial/admin.png "Admin")
3. In the **SECURITY** section, perform the following steps:
- ![SAML Single Sign On](./media/bluejeans-tutorial/ic785869.png "SAML Single Sign On")
+ ![SAML Single Sign On](./media/bluejeans-tutorial/security.png "SAML Single Sign On")
a. Select **SAML Single Sign On**.
In this section, you'll enable B.Simon to use Azure single sign-on by granting a
4. Move on with the following steps:
- ![Certificate Path](./media/bluejeans-tutorial/ic785870.png "Certificate Path")
+ ![Certificate Path](./media/bluejeans-tutorial/certificate.png "Certificate Path")
a. Click **Choose File**, to upload the base-64 encoded certificate that you have downloaded from the Azure portal.
In this section, you'll enable B.Simon to use Azure single sign-on by granting a
5. Move on with the following steps:
- ![Save Changes](./media/bluejeans-tutorial/ic785874.png "Save Changes")
+ ![Save Changes](./media/bluejeans-tutorial/changes.png "Save Changes")
a. In the **User Id** textbox, type `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name`.
The objective of this section is to create a user called B.Simon in BlueJeans fo
2. Go to **ADMIN \> MANAGE USERS \> ADD USER**.
- ![Screenshot shows part of a browser window with the Admin tab selected, with Manage Users and Add Users selected.](./media/bluejeans-tutorial/ic785877.png "Admin")
+ ![Screenshot shows part of a browser window with the Admin tab selected, with Manage Users and Add Users selected.](./media/bluejeans-tutorial/add-user.png "Admin")
> [!IMPORTANT] > The **ADD USER** tab is only available if, in the **SECUTIRY tab**, **Enable automatic provisioning** is unchecked. 3. In the **ADD USER** section, perform the following steps:
- ![Screenshot shows the Add user section where you enter the information described in this step.](./media/bluejeans-tutorial/ic785886.png "Add User")
+ ![Screenshot shows the Add user section where you enter the information described in this step.](./media/bluejeans-tutorial/new-user.png "Add User")
a. In **First Name** text box, enter the first name of user like **B**.
The objective of this section is to create a user called B.Simon in BlueJeans fo
i. Click **CONTINUE**.
- ![Screenshot shows the Add user section where you can view settings and features, with the Add User button selected.](./media/bluejeans-tutorial/ic785887.png "Add User")
+ ![Screenshot shows the Add user section where you can view settings and features, with the Add User button selected.](./media/bluejeans-tutorial/settings.png "Add User")
J. Click **ADD USER**.
The objective of this section is to create a user called B.Simon in BlueJeans fo
## Test SSO
-In this section, you test your Azure AD single sign-on configuration using the Access Panel.
-
-When you click the BlueJeans for Azure AD tile in the Access Panel, you should be automatically signed in to the BlueJeans for Azure AD for which you set up SSO. For more information about the Access Panel, see [Introduction to the Access Panel](../user-help/my-apps-portal-end-user-access.md).
+In this section, you test your Azure AD single sign-on configuration with following options.
-## Additional resources
+* Click on **Test this application** in Azure portal. This will redirect to BlueJeans for Azure AD Sign-on URL where you can initiate the login flow.
-- [ List of Tutorials on How to Integrate SaaS Apps with Azure Active Directory ](./tutorial-list.md)
+* Go to BlueJeans for Azure AD Sign-on URL directly and initiate the login flow from there.
-- [What is application access and single sign-on with Azure Active Directory? ](../manage-apps/what-is-single-sign-on.md)
+* You can use Microsoft My Apps. When you click the BlueJeans for Azure AD tile in the My Apps, this will redirect to BlueJeans for Azure AD Sign-on URL. For more information about the My Apps, see [Introduction to the My Apps](../user-help/my-apps-portal-end-user-access.md).
-- [What is conditional access in Azure Active Directory?](../conditional-access/overview.md)
+## Next steps
-- [Try BlueJeans for Azure AD with Azure AD](https://aad.portal.azure.com/)
+Once you configure BlueJeans for Azure AD you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-aad).
active-directory Bpmonline Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/bpmonline-tutorial.md
Previously updated : 04/16/2020 Last updated : 05/11/2021
In this tutorial, you'll learn how to integrate Creatio with Azure Active Direct
* Enable your users to be automatically signed-in to Creatio with their Azure AD accounts. * Manage your accounts in one central location - the Azure portal.
-To learn more about SaaS app integration with Azure AD, see [What is application access and single sign-on with Azure Active Directory](../manage-apps/what-is-single-sign-on.md).
- ## Prerequisites To get started, you need the following items:
To get started, you need the following items:
In this tutorial, you configure and test Azure AD SSO in a test environment.
-* Creatio supports **SP and IDP** initiated SSO
-
-* Once you configure the Creatio you can enforce session controls, which protect exfiltration and infiltration of your organizationΓÇÖs sensitive data in real-time. Session controls extend from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-any-app).
+* Creatio supports **SP and IDP** initiated SSO.
-## Adding Creatio from the gallery
+## Add Creatio from the gallery
To configure the integration of Creatio into Azure AD, you need to add Creatio from the gallery to your list of managed SaaS apps.
-1. Sign in to the [Azure portal](https://portal.azure.com) using either a work or school account, or a personal Microsoft account.
+1. Sign in to the Azure portal using either a work or school account, or a personal Microsoft account.
1. On the left navigation pane, select the **Azure Active Directory** service. 1. Navigate to **Enterprise Applications** and then select **All Applications**. 1. To add new application, select **New application**. 1. In the **Add from the gallery** section, type **Creatio** in the search box. 1. Select **Creatio** from results panel and then add the app. Wait a few seconds while the app is added to your tenant. -
-## Configure and test Azure AD single sign-on for Creatio
+## Configure and test Azure AD SSO for Creatio
Configure and test Azure AD SSO with Creatio using a test user called **B.Simon**. For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in Creatio.
-To configure and test Azure AD SSO with Creatio, complete the following building blocks:
+To configure and test Azure AD SSO with Creatio, perform the following steps:
1. **[Configure Azure AD SSO](#configure-azure-ad-sso)** - to enable your users to use this feature.
- * **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon.
- * **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable B.Simon to use Azure AD single sign-on.
+ 1. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon.
+ 1. **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable B.Simon to use Azure AD single sign-on.
1. **[Configure Creatio SSO](#configure-creatio-sso)** - to configure the single sign-on settings on application side.
- * **[Create Creatio test user](#create-creatio-test-user)** - to have a counterpart of B.Simon in Creatio that is linked to the Azure AD representation of user.
+ 1. **[Create Creatio test user](#create-creatio-test-user)** - to have a counterpart of B.Simon in Creatio that is linked to the Azure AD representation of user.
1. **[Test SSO](#test-sso)** - to verify whether the configuration works. ## Configure Azure AD SSO Follow these steps to enable Azure AD SSO in the Azure portal.
-1. In the [Azure portal](https://portal.azure.com/), on the **Creatio** application integration page, find the **Manage** section and select **single sign-on**.
+1. In the Azure portal, on the **Creatio** application integration page, find the **Manage** section and select **single sign-on**.
1. On the **Select a single sign-on method** page, select **SAML**.
-1. On the **Set up single sign-on with SAML** page, click the edit/pen icon for **Basic SAML Configuration** to edit the settings.
+1. On the **Set up single sign-on with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.
![Edit Basic SAML Configuration](common/edit-urls.png) 1. On the **Basic SAML Configuration** section, if you wish to configure the application in **IDP** initiated mode, perform the following steps:
- a. In the **Identifier** text box, type a URL using the following pattern:
- `https://<client site name>.bpmonline.com/`
+ a. In the **Identifier** text box, type a URL using one of the following patterns:
- b. In the **Reply URL** text box, type a URL using the following pattern:
- `https://<client site name>.bpmonline.com/ServiceModel/AuthService.svc/SsoLogin`
+ | Identifier |
+ |-|
+ | `https://<SUBDOMAIN>.creatio.com/` |
+ | `https://<SUBDOMAIN>.terrasoft.ru/` |
+ | `https://<SUBDOMAIN>.terrasoft.ua/` |
+ |
+
+ b. In the **Reply URL** text box, type a URL using one of the following patterns:
+
+ | Reply URL |
+ |-|
+ | `https://<SUBDOMAIN>.creatio.com/ServiceModel/AuthService.svc/SsoLogin` |
+ | `https://<SUBDOMAIN>.terrasoft.ru/ServiceModel/AuthService.svc/SsoLogin` |
+ | `https://<SUBDOMAIN>.terrasoft.ua/ServiceModel/AuthService.svc/SsoLogin` |
+ |
1. Click **Set additional URLs** and perform the following step if you wish to configure the application in **SP** initiated mode:
- In the **Sign-on URL** text box, type a URL using the following pattern:
- `https://<client site name>.bpmonline.com/`
+ In the **Sign-on URL** text box, type a URL using one of the following patterns:
+
+ | Sign-on URL |
+ |-|
+ | `https://<SUBDOMAIN>.creatio.com/` |
+ | `https://<SUBDOMAIN>.terrasoft.ru/` |
+ | `https://<SUBDOMAIN>.terrasoft.ua/` |
+ |
> [!NOTE] > These values are not real. Update these values with the actual Identifier, Reply URL and Sign-on URL. Contact [Creatio Client support team](mailto:support@creatio.com) to get these values. You can also refer to the patterns shown in the **Basic SAML Configuration** section in the Azure portal.
In this section, you'll enable B.Simon to use Azure single sign-on by granting a
1. In the Azure portal, select **Enterprise Applications**, and then select **All applications**. 1. In the applications list, select **Creatio**. 1. In the app's overview page, find the **Manage** section and select **Users and groups**.-
- ![The "Users and groups" link](common/users-groups-blade.png)
- 1. Select **Add user**, then select **Users and groups** in the **Add Assignment** dialog.-
- ![The Add User link](common/add-assign-user.png)
- 1. In the **Users and groups** dialog, select **B.Simon** from the Users list, then click the **Select** button at the bottom of the screen.
-1. If you're expecting any role value in the SAML assertion, in the **Select Role** dialog, select the appropriate role for the user from the list and then click the **Select** button at the bottom of the screen.
+1. If you are expecting a role to be assigned to the users, you can select it from the **Select a role** dropdown. If no role has been set up for this app, you see "Default Access" role selected.
1. In the **Add Assignment** dialog, click the **Assign** button. ## Configure Creatio SSO
In this section, you create a user called Britta Simon in Creatio. Work with [Cr
## Test SSO
-In this section, you test your Azure AD single sign-on configuration using the Access Panel.
+In this section, you test your Azure AD single sign-on configuration with following options.
+
+#### SP initiated:
-When you click the Creatio tile in the Access Panel, you should be automatically signed in to the Creatio for which you set up SSO. For more information about the Access Panel, see [Introduction to the Access Panel](../user-help/my-apps-portal-end-user-access.md).
+* Click on **Test this application** in Azure portal. This will redirect to Creatio Sign on URL where you can initiate the login flow.
-## Additional resources
+* Go to Creatio Sign-on URL directly and initiate the login flow from there.
-- [ List of Tutorials on How to Integrate SaaS Apps with Azure Active Directory ](./tutorial-list.md)
+#### IDP initiated:
-- [What is application access and single sign-on with Azure Active Directory? ](../manage-apps/what-is-single-sign-on.md)
+* Click on **Test this application** in Azure portal and you should be automatically signed in to the Creatio for which you set up the SSO.
-- [What is conditional access in Azure Active Directory?](../conditional-access/overview.md)
+You can also use Microsoft My Apps to test the application in any mode. When you click the Creatio tile in the My Apps, if configured in SP mode you would be redirected to the application sign on page for initiating the login flow and if configured in IDP mode, you should be automatically signed in to the Creatio for which you set up the SSO. For more information about the My Apps, see [Introduction to the My Apps](../user-help/my-apps-portal-end-user-access.md).
-- [Try Creatio with Azure AD](https://aad.portal.azure.com/)
+## Next steps
-- [What is session control in Microsoft Cloud App Security?](/cloud-app-security/proxy-intro-aad)
+Once you configure Creatio you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-aad).
active-directory Bridge Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/bridge-tutorial.md
Previously updated : 02/08/2019 Last updated : 05/13/2021 # Tutorial: Azure Active Directory integration with Bridge
-In this tutorial, you learn how to integrate Bridge with Azure Active Directory (Azure AD).
-Integrating Bridge with Azure AD provides you with the following benefits:
+In this tutorial, you'll learn how to integrate Bridge with Azure Active Directory (Azure AD). When you integrate Bridge with Azure AD, you can:
-* You can control in Azure AD who has access to Bridge.
-* You can enable your users to be automatically signed-in to Bridge (Single Sign-On) with their Azure AD accounts.
-* You can manage your accounts in one central location - the Azure portal.
-
-If you want to know more details about SaaS app integration with Azure AD, see [What is application access and single sign-on with Azure Active Directory](../manage-apps/what-is-single-sign-on.md).
-If you don't have an Azure subscription, [create a free account](https://azure.microsoft.com/free/) before you begin.
+* Control in Azure AD who has access to Bridge.
+* Enable your users to be automatically signed-in to Bridge with their Azure AD accounts.
+* Manage your accounts in one central location - the Azure portal.
## Prerequisites
-To configure Azure AD integration with Bridge, you need the following items:
+To get started, you need the following items:
-* An Azure AD subscription. If you don't have an Azure AD environment, you can get one-month trial [here](https://azure.microsoft.com/pricing/free-trial/)
-* Bridge single sign-on enabled subscription
+* An Azure AD subscription. If you don't have a subscription, you can get a [free account](https://azure.microsoft.com/free/).
+* Bridge single sign-on (SSO) enabled subscription.
## Scenario description In this tutorial, you configure and test Azure AD single sign-on in a test environment.
-* Bridge supports **SP** initiated SSO
+* Bridge supports **SP** initiated SSO.
-## Adding Bridge from the gallery
+## Add Bridge from the gallery
To configure the integration of Bridge into Azure AD, you need to add Bridge from the gallery to your list of managed SaaS apps.
-**To add Bridge from the gallery, perform the following steps:**
-
-1. In the **[Azure portal](https://portal.azure.com)**, on the left navigation panel, click **Azure Active Directory** icon.
-
- ![The Azure Active Directory button](common/select-azuread.png)
-
-2. Navigate to **Enterprise Applications** and then select the **All Applications** option.
-
- ![The Enterprise applications blade](common/enterprise-applications.png)
-
-3. To add new application, click **New application** button on the top of dialog.
-
- ![The New application button](common/add-new-app.png)
-
-4. In the search box, type **Bridge**, select **Bridge** from result panel then click **Add** button to add the application.
-
- ![Bridge in the results list](common/search-new-app.png)
-
-## Configure and test Azure AD single sign-on
+1. Sign in to the Azure portal using either a work or school account, or a personal Microsoft account.
+1. On the left navigation pane, select the **Azure Active Directory** service.
+1. Navigate to **Enterprise Applications** and then select **All Applications**.
+1. To add new application, select **New application**.
+1. In the **Add from the gallery** section, type **Bridge** in the search box.
+1. Select **Bridge** from results panel and then add the app. Wait a few seconds while the app is added to your tenant.
-In this section, you configure and test Azure AD single sign-on with Bridge based on a test user called **Britta Simon**.
-For single sign-on to work, a link relationship between an Azure AD user and the related user in Bridge needs to be established.
+## Configure and test Azure AD SSO for Bridge
-To configure and test Azure AD single sign-on with Bridge, you need to complete the following building blocks:
+Configure and test Azure AD SSO with Bridge using a test user called **B.Simon**. For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in Bridge.
-1. **[Configure Azure AD Single Sign-On](#configure-azure-ad-single-sign-on)** - to enable your users to use this feature.
-2. **[Configure Bridge Single Sign-On](#configure-bridge-single-sign-on)** - to configure the Single Sign-On settings on application side.
-3. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with Britta Simon.
-4. **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable Britta Simon to use Azure AD single sign-on.
-5. **[Create Bridge test user](#create-bridge-test-user)** - to have a counterpart of Britta Simon in Bridge that is linked to the Azure AD representation of user.
-6. **[Test single sign-on](#test-single-sign-on)** - to verify whether the configuration works.
+To configure and test Azure AD SSO with Bridge, perform the following steps:
-### Configure Azure AD single sign-on
+1. **[Configure Azure AD SSO](#configure-azure-ad-sso)** - to enable your users to use this feature.
+ 1. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon.
+ 1. **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable B.Simon to use Azure AD single sign-on.
+1. **[Configure Bridge SSO](#configure-bridge-sso)** - to configure the single sign-on settings on application side.
+ 1. **[Create Bridge test user](#create-bridge-test-user)** - to have a counterpart of B.Simon in Bridge that is linked to the Azure AD representation of user.
+1. **[Test SSO](#test-sso)** - to verify whether the configuration works.
-In this section, you enable Azure AD single sign-on in the Azure portal.
+## Configure Azure AD SSO
-To configure Azure AD single sign-on with Bridge, perform the following steps:
+Follow these steps to enable Azure AD SSO in the Azure portal.
-1. In the [Azure portal](https://portal.azure.com/), on the **Bridge** application integration page, select **Single sign-on**.
+1. In the Azure portal, on the **Bridge** application integration page, find the **Manage** section and select **single sign-on**.
+1. On the **Select a single sign-on method** page, select **SAML**.
+1. On the **Set up single sign-on with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.
- ![Configure single sign-on link](common/select-sso.png)
-
-2. On the **Select a Single sign-on method** dialog, select **SAML/WS-Fed** mode to enable single sign-on.
-
- ![Single sign-on select mode](common/select-saml-option.png)
-
-3. On the **Set up Single Sign-On with SAML** page, click **Edit** icon to open **Basic SAML Configuration** dialog.
-
- ![Edit Basic SAML Configuration](common/edit-urls.png)
+ ![Edit Basic SAML Configuration](common/edit-urls.png)
4. On the **Basic SAML Configuration** section, perform the following steps:
- ![Bridge Domain and URLs single sign-on information](common/sp-identifier.png)
- a. In the **Sign on URL** text box, type a URL using the following pattern: `https://<company name>.bridgeapp.com`
To configure Azure AD single sign-on with Bridge, perform the following steps:
![Copy configuration URLs](common/copy-configuration-urls.png)
- a. Login URL
-
- b. Azure Ad Identifier
-
- c. Logout URL
-
-### Configure Bridge Single Sign-On
-
-To configure single sign-on on **Bridge** side, you need to send the downloaded **Certificate (Raw)** and appropriate copied URLs from Azure portal to [Bridge support team](https://community.bridgeapp.com/hc/en-us/community/topics). They set this setting to have the SAML SSO connection set properly on both sides.
- ### Create an Azure AD test user
-The objective of this section is to create a test user in the Azure portal called Britta Simon.
-
-1. In the Azure portal, in the left pane, select **Azure Active Directory**, select **Users**, and then select **All users**.
-
- ![The "Users and groups" and "All users" links](common/users.png)
-
-2. Select **New user** at the top of the screen.
-
- ![New user Button](common/new-user.png)
-
-3. In the User properties, perform the following steps.
-
- ![The User dialog box](common/user-properties.png)
-
- a. In the **Name** field enter **BrittaSimon**.
-
- b. In the **User name** field type **brittasimon\@yourcompanydomain.extension**
- For example, BrittaSimon@contoso.com
-
- c. Select **Show password** check box, and then write down the value that's displayed in the Password box.
+In this section, you'll create a test user in the Azure portal called B.Simon.
- d. Click **Create**.
+1. From the left pane in the Azure portal, select **Azure Active Directory**, select **Users**, and then select **All users**.
+1. Select **New user** at the top of the screen.
+1. In the **User** properties, follow these steps:
+ 1. In the **Name** field, enter `B.Simon`.
+ 1. In the **User name** field, enter the username@companydomain.extension. For example, `B.Simon@contoso.com`.
+ 1. Select the **Show password** check box, and then write down the value that's displayed in the **Password** box.
+ 1. Click **Create**.
### Assign the Azure AD test user
-In this section, you enable Britta Simon to use Azure single sign-on by granting access to Bridge.
+In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Bridge.
-1. In the Azure portal, select **Enterprise Applications**, select **All applications**, then select **Bridge**.
+1. In the Azure portal, select **Enterprise Applications**, and then select **All applications**.
+1. In the applications list, select **Bridge**.
+1. In the app's overview page, find the **Manage** section and select **Users and groups**.
+1. Select **Add user**, then select **Users and groups** in the **Add Assignment** dialog.
+1. In the **Users and groups** dialog, select **B.Simon** from the Users list, then click the **Select** button at the bottom of the screen.
+1. If you are expecting a role to be assigned to the users, you can select it from the **Select a role** dropdown. If no role has been set up for this app, you see "Default Access" role selected.
+1. In the **Add Assignment** dialog, click the **Assign** button.
- ![Enterprise applications blade](common/enterprise-applications.png)
+## Configure Bridge SSO
-2. In the applications list, select **Bridge**.
-
- ![The Bridge link in the Applications list](common/all-applications.png)
-
-3. In the menu on the left, select **Users and groups**.
-
- ![The "Users and groups" link](common/users-groups-blade.png)
-
-4. Click the **Add user** button, then select **Users and groups** in the **Add Assignment** dialog.
-
- ![The Add Assignment pane](common/add-assign-user.png)
-
-5. In the **Users and groups** dialog select **Britta Simon** in the Users list, then click the **Select** button at the bottom of the screen.
-
-6. If you are expecting any role value in the SAML assertion then in the **Select Role** dialog select the appropriate role for the user from the list, then click the **Select** button at the bottom of the screen.
-
-7. In the **Add Assignment** dialog click the **Assign** button.
+To configure single sign-on on **Bridge** side, you need to send the downloaded **Certificate (Raw)** and appropriate copied URLs from Azure portal to [Bridge support team](https://community.bridgeapp.com/hc/en-us/community/topics). They set this setting to have the SAML SSO connection set properly on both sides.
### Create Bridge test user In this section, you create a user called Britta Simon in Bridge. Work with [Bridge support team](https://community.bridgeapp.com/hc/en-us/community/topics) to add the users in the Bridge platform. Users must be created and activated before you use single sign-on.
-### Test single sign-on
+## Test SSO
-In this section, you test your Azure AD single sign-on configuration using the Access Panel.
+In this section, you test your Azure AD single sign-on configuration with following options.
-When you click the Bridge tile in the Access Panel, you should be automatically signed in to the Bridge for which you set up SSO. For more information about the Access Panel, see [Introduction to the Access Panel](../user-help/my-apps-portal-end-user-access.md).
+* Click on **Test this application** in Azure portal. This will redirect to Bridge Sign-on URL where you can initiate the login flow.
-## Additional Resources
+* Go to Bridge Sign-on URL directly and initiate the login flow from there.
-- [List of Tutorials on How to Integrate SaaS Apps with Azure Active Directory](./tutorial-list.md)
+* You can use Microsoft My Apps. When you click the Bridge tile in the My Apps, this will redirect to Bridge Sign-on URL. For more information about the My Apps, see [Introduction to the My Apps](../user-help/my-apps-portal-end-user-access.md).
-- [What is application access and single sign-on with Azure Active Directory?](../manage-apps/what-is-single-sign-on.md)
+## Next steps
-- [What is Conditional Access in Azure Active Directory?](../conditional-access/overview.md)
+Once you configure Bridge you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-aad).
active-directory Cezannehrsoftware Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/cezannehrsoftware-tutorial.md
Previously updated : 02/12/2019 Last updated : 05/11/2021 # Tutorial: Azure Active Directory integration with Cezanne HR Software
-In this tutorial, you learn how to integrate Cezanne HR Software with Azure Active Directory (Azure AD).
-Integrating Cezanne HR Software with Azure AD provides you with the following benefits:
+In this tutorial, you'll learn how to integrate Cezanne HR Software with Azure Active Directory (Azure AD). When you integrate Cezanne HR Software with Azure AD, you can:
-* You can control in Azure AD who has access to Cezanne HR Software.
-* You can enable your users to be automatically signed-in to Cezanne HR Software (Single Sign-On) with their Azure AD accounts.
-* You can manage your accounts in one central location - the Azure portal.
-
-If you want to know more details about SaaS app integration with Azure AD, see [What is application access and single sign-on with Azure Active Directory](../manage-apps/what-is-single-sign-on.md).
-If you don't have an Azure subscription, [create a free account](https://azure.microsoft.com/free/) before you begin.
+* Control in Azure AD who has access to Cezanne HR Software.
+* Enable your users to be automatically signed-in to Cezanne HR Software with their Azure AD accounts.
+* Manage your accounts in one central location - the Azure portal.
## Prerequisites
-To configure Azure AD integration with Cezanne HR Software, you need the following items:
+To get started, you need the following items:
-* An Azure AD subscription. If you don't have an Azure AD environment, you can get one-month trial [here](https://azure.microsoft.com/pricing/free-trial/)
-* Cezanne HR Software single sign-on enabled subscription
+* An Azure AD subscription. If you don't have a subscription, you can get a [free account](https://azure.microsoft.com/free/).
+* Cezanne HR Software single sign-on (SSO) enabled subscription.
## Scenario description In this tutorial, you configure and test Azure AD single sign-on in a test environment.
-* Cezanne HR Software supports **SP** initiated SSO
-
-## Adding Cezanne HR Software from the gallery
-
-To configure the integration of Cezanne HR Software into Azure AD, you need to add Cezanne HR Software from the gallery to your list of managed SaaS apps.
-
-**To add Cezanne HR Software from the gallery, perform the following steps:**
-
-1. In the **[Azure portal](https://portal.azure.com)**, on the left navigation panel, click **Azure Active Directory** icon.
-
- ![The Azure Active Directory button](common/select-azuread.png)
-
-2. Navigate to **Enterprise Applications** and then select the **All Applications** option.
-
- ![The Enterprise applications blade](common/enterprise-applications.png)
-
-3. To add new application, click **New application** button on the top of dialog.
-
- ![The New application button](common/add-new-app.png)
-
-4. In the search box, type **Cezanne HR Software**, select **Cezanne HR Software** from result panel then click **Add** button to add the application.
+* Cezanne HR Software supports **SP** initiated SSO.
- ![Cezanne HR Software in the results list](common/search-new-app.png)
+> [!NOTE]
+> Identifier of this application is a fixed string value so only one instance can be configured in one tenant.
-## Configure and test Azure AD single sign-on
+## Add Cezanne HR Software from the gallery
-In this section, you configure and test Azure AD single sign-on with Cezanne HR Software based on a test user called **Britta Simon**.
-For single sign-on to work, a link relationship between an Azure AD user and the related user in Cezanne HR Software needs to be established.
-
-To configure and test Azure AD single sign-on with Cezanne HR Software, you need to complete the following building blocks:
-
-1. **[Configure Azure AD Single Sign-On](#configure-azure-ad-single-sign-on)** - to enable your users to use this feature.
-2. **[Configure Cezanne HR Software Single Sign-On](#configure-cezanne-hr-software-single-sign-on)** - to configure the Single Sign-On settings on application side.
-3. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with Britta Simon.
-4. **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable Britta Simon to use Azure AD single sign-on.
-5. **[Create Cezanne HR Software test user](#create-cezanne-hr-software-test-user)** - to have a counterpart of Britta Simon in Cezanne HR Software that is linked to the Azure AD representation of user.
-6. **[Test single sign-on](#test-single-sign-on)** - to verify whether the configuration works.
+To configure the integration of Cezanne HR Software into Azure AD, you need to add Cezanne HR Software from the gallery to your list of managed SaaS apps.
-### Configure Azure AD single sign-on
+1. Sign in to the Azure portal using either a work or school account, or a personal Microsoft account.
+1. On the left navigation pane, select the **Azure Active Directory** service.
+1. Navigate to **Enterprise Applications** and then select **All Applications**.
+1. To add new application, select **New application**.
+1. In the **Add from the gallery** section, type **Cezanne HR Software** in the search box.
+1. Select **Cezanne HR Software** from results panel and then add the app. Wait a few seconds while the app is added to your tenant.
-In this section, you enable Azure AD single sign-on in the Azure portal.
+## Configure and test Azure AD SSO for Cezanne HR Software
-To configure Azure AD single sign-on with Cezanne HR Software, perform the following steps:
+Configure and test Azure AD SSO with Cezanne HR Software using a test user called **B.Simon**. For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in Cezanne HR Software.
-1. In the [Azure portal](https://portal.azure.com/), on the **Cezanne HR Software** application integration page, select **Single sign-on**.
+To configure and test Azure AD SSO with Cezanne HR Software, perform the following steps:
- ![Configure single sign-on link](common/select-sso.png)
+1. **[Configure Azure AD SSO](#configure-azure-ad-sso)** - to enable your users to use this feature.
+ 1. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon.
+ 1. **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable B.Simon to use Azure AD single sign-on.
+1. **[Configure Cezanne HR Software SSO](#configure-cezanne-hr-software-sso)** - to configure the single sign-on settings on application side.
+ 1. **[Create Cezanne HR Software test user](#create-cezanne-hr-software-test-user)** - to have a counterpart of B.Simon in Cezanne HR Software that is linked to the Azure AD representation of user.
+1. **[Test SSO](#test-sso)** - to verify whether the configuration works.
-2. On the **Select a Single sign-on method** dialog, select **SAML/WS-Fed** mode to enable single sign-on.
+## Configure Azure AD SSO
- ![Single sign-on select mode](common/select-saml-option.png)
+Follow these steps to enable Azure AD SSO in the Azure portal.
-3. On the **Set up Single Sign-On with SAML** page, click **Edit** icon to open **Basic SAML Configuration** dialog.
+1. In the Azure portal, on the **Cezanne HR Software** application integration page, find the **Manage** section and select **single sign-on**.
+1. On the **Select a single sign-on method** page, select **SAML**.
+1. On the **Set up single sign-on with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.
- ![Edit Basic SAML Configuration](common/edit-urls.png)
+ ![Edit Basic SAML Configuration](common/edit-urls.png)
4. On the **Basic SAML Configuration** section, perform the following steps:
- ![Cezanne HR Software Domain and URLs single sign-on information](common/sp-identifier-reply.png)
- a. In the **Sign on URL** text box, type a URL using the following pattern: `https://w3.cezanneondemand.com/CezanneOnDemand/-/<tenantidentifier>`
To configure Azure AD single sign-on with Cezanne HR Software, perform the follo
![Copy configuration URLs](common/copy-configuration-urls.png)
- a. Login URL
+### Create an Azure AD test user
+
+In this section, you'll create a test user in the Azure portal called B.Simon.
- b. Azure Ad Identifier
+1. From the left pane in the Azure portal, select **Azure Active Directory**, select **Users**, and then select **All users**.
+1. Select **New user** at the top of the screen.
+1. In the **User** properties, follow these steps:
+ 1. In the **Name** field, enter `B.Simon`.
+ 1. In the **User name** field, enter the username@companydomain.extension. For example, `B.Simon@contoso.com`.
+ 1. Select the **Show password** check box, and then write down the value that's displayed in the **Password** box.
+ 1. Click **Create**.
- c. Logout URL
+### Assign the Azure AD test user
+
+In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Cezanne HR Software.
+
+1. In the Azure portal, select **Enterprise Applications**, and then select **All applications**.
+1. In the applications list, select **Cezanne HR Software**.
+1. In the app's overview page, find the **Manage** section and select **Users and groups**.
+1. Select **Add user**, then select **Users and groups** in the **Add Assignment** dialog.
+1. In the **Users and groups** dialog, select **B.Simon** from the Users list, then click the **Select** button at the bottom of the screen.
+1. If you are expecting a role to be assigned to the users, you can select it from the **Select a role** dropdown. If no role has been set up for this app, you see "Default Access" role selected.
+1. In the **Add Assignment** dialog, click the **Assign** button.
-### Configure Cezanne HR Software Single Sign-On
+## Configure Cezanne HR Software SSO
1. In a different web browser window, sign-on to your Cezanne HR Software tenant as an administrator. 2. On the side menu, click **Administration**. Then navigate to **Security Settings** and click on **Single Sign-On**.
- ![Screenshot shows the Cezanne H R Software tenant with Security Settings and Single Sign-On Configuration selected.](https://user-images.githubusercontent.com/80324891/115692888-4c266900-a357-11eb-867d-7408b0ef16aa.png)
+ ![Screenshot shows the Cezanne H R Software tenant with Security Settings and Single Sign-On Configuration selected.](./media/cezannehrsoftware-tutorial/settings.png)
3. In the **Allow users to log in using the following Single Sign-On (SSO) Service** panel, check the **SAML 2.0** box and select the **Advanced Configuration** option.
- ![Screenshot shows the Allow users pane with SAML 2.0 and Advanced Configuration selected.](https://user-images.githubusercontent.com/80324891/115693054-72e49f80-a357-11eb-93c7-9986770ac17e.png)
+ ![Screenshot shows the Allow users pane with SAML 2.0 and Advanced Configuration selected.](./media/cezannehrsoftware-tutorial/configuration.png)
4. Click **Add New** button.
- ![Screenshot shows the Add New button.](./media/cezannehrsoftware-tutorial/tutorial_cezannehrsoftware_002.png)
+ ![Screenshot shows the Add New button.](./media/cezannehrsoftware-tutorial/new-button.png)
5. Enter the following fields on **SAML 2.0 IDENTITY PROVIDERS** section and click **OK**.
- ![Screenshot shows a pane where you can enter the values described in this step.](./media/cezannehrsoftware-tutorial/tutorial_cezannehrsoftware_003.png)
+ ![Screenshot shows a pane where you can enter the values described in this step.](./media/cezannehrsoftware-tutorial/identity-provider.png)
a. **Display Name** - Enter the name of your Identity Provider as the Display Name..
To configure Azure AD single sign-on with Cezanne HR Software, perform the follo
d. **Security Token Service Endpoint** - In the Security Token Service Endpoint textbox, paste the value of Login URL which you have copied from the Azure portal.
- e. **User ID Attribute Name** - In the User ID Attribute Name textbox, enter http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress.
+ e. **User ID Attribute Name** - In the User ID Attribute Name textbox, enter 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress'.
f. **Public Key Certificate** - Click Upload icon to upload the downloaded certificate from Azure portal.
To configure Azure AD single sign-on with Cezanne HR Software, perform the follo
7. Click Save button. -
-### Create an Azure AD test user
-
-The objective of this section is to create a test user in the Azure portal called Britta Simon.
-
-1. In the Azure portal, in the left pane, select **Azure Active Directory**, select **Users**, and then select **All users**.
-
- ![The "Users and groups" and "All users" links](common/users.png)
-
-2. Select **New user** at the top of the screen.
-
- ![New user Button](common/new-user.png)
-
-3. In the User properties, perform the following steps.
-
- ![The User dialog box](common/user-properties.png)
-
- a. In the **Name** field enter **BrittaSimon**.
-
- b. In the **User name** field type **brittasimon\@yourcompanydomain.extension**
- For example, BrittaSimon@contoso.com
-
- c. Select **Show password** check box, and then write down the value that's displayed in the Password box.
-
- d. Click **Create**.
-
-### Assign the Azure AD test user
-
-In this section, you enable Britta Simon to use Azure single sign-on by granting access to Cezanne HR Software.
-
-1. In the Azure portal, select **Enterprise Applications**, select **All applications**, then select **Cezanne HR Software**.
-
- ![Enterprise applications blade](common/enterprise-applications.png)
-
-2. In the applications list, select **Cezanne HR Software**.
-
- ![The Cezanne HR Software link in the Applications list](common/all-applications.png)
-
-3. In the menu on the left, select **Users and groups**.
-
- ![The "Users and groups" link](common/users-groups-blade.png)
-
-4. Click the **Add user** button, then select **Users and groups** in the **Add Assignment** dialog.
-
- ![The Add Assignment pane](common/add-assign-user.png)
-
-5. In the **Users and groups** dialog select **Britta Simon** in the Users list, then click the **Select** button at the bottom of the screen.
-
-6. If you are expecting any role value in the SAML assertion then in the **Select Role** dialog select the appropriate role for the user from the list, then click the **Select** button at the bottom of the screen.
-
-7. In the **Add Assignment** dialog click the **Assign** button.
+ ![Screenshot shows the Save button for Single Sign-on Configuration.](./media/cezannehrsoftware-tutorial/save-button.png)
### Create Cezanne HR Software test user
In order to enable Azure AD users to log into Cezanne HR Software, they must be
2. On the side menu, click **Administration**. Then navigate to **Users** and click **Add New User**
- ![Screenshot shows the Cezanne H R Software tenant with Manage Users and Add New User selected.](https://user-images.githubusercontent.com/80324891/115694050-6ad92f80-a358-11eb-81be-148de665e185.png)
+ ![Screenshot shows the Cezanne H R Software tenant with Manage Users and Add New User selected.](./media/cezannehrsoftware-tutorial/manage-users.png "New User")
3. On **PERSON DETAILS** section, perform below steps:
- ![Screenshot shows the PERSON DETAILS section where you can enter the values described in this step.](https://user-images.githubusercontent.com/80324891/115694321-a70c9000-a358-11eb-8325-de2582d135ec.png)
+ ![Screenshot shows the PERSON DETAILS section where you can enter the values described in this step.](./media/cezannehrsoftware-tutorial/details.png "New User")
a. Set **Internal User** as OFF.
In order to enable Azure AD users to log into Cezanne HR Software, they must be
4. On **Account Information** section, perform below steps:
- ![Screenshot shows ACCOUNT INFORMATION where you can enter the values described in this step.](https://user-images.githubusercontent.com/80324891/115694501-d3c0a780-a358-11eb-8873-0fc778b43775.png)
+ ![Screenshot shows ACCOUNT INFORMATION where you can enter the values described in this step.](./media/cezannehrsoftware-tutorial/account.png "New User")
a. In the **Username** textbox, type the email of user like Brittasimon@contoso.com.
In order to enable Azure AD users to log into Cezanne HR Software, they must be
5. Navigate to **Single Sign-On** tab and select **Add New** in the **SAML 2.0 Identifiers** area.
- ![Screenshot shows the Single Sign-On tab where you can select Add New.](https://user-images.githubusercontent.com/80324891/115694716-0b2f5400-a359-11eb-9192-d31f6c9d3e3e.png)
+ ![Screenshot shows the Single Sign-On tab where you can select Add New.](./media/cezannehrsoftware-tutorial/single-sign-on.png "User")
6. Choose your Identity Provider for the **Identity Provider** and in the text box of **User Identifier**, enter the user email address.
- ![Screenshot shows the SAML 2.0 Identifiers where you can select your Identity Provider and User Identifier.](https://user-images.githubusercontent.com/80324891/115694865-28fcb900-a359-11eb-9cd3-496a93124cc4.png)
+ ![Screenshot shows the SAML 2.0 Identifiers where you can select your Identity Provider and User Identifier.](./media/cezannehrsoftware-tutorial/user-identifier.png "User")
7. Click **Save** button.
- ![Screenshot shows the Save button for User Settings.](https://user-images.githubusercontent.com/80324891/115694880-3023c700-a359-11eb-85d4-83d057660cfb.png)
+ ![Screenshot shows the Save button for User Settings.](./media/cezannehrsoftware-tutorial/save.png "User")
-### Test single sign-on
+## Test SSO
-In this section, you test your Azure AD single sign-on configuration using the Access Panel.
+In this section, you test your Azure AD single sign-on configuration with following options.
-When you click the Cezanne HR Software tile in the Access Panel, you should be automatically signed in to the Cezanne HR Software for which you set up SSO. For more information about the Access Panel, see [Introduction to the Access Panel](../user-help/my-apps-portal-end-user-access.md).
+* Click on **Test this application** in Azure portal. This will redirect to Cezanne HR Software Sign-on URL where you can initiate the login flow.
-## Additional Resources
+* Go to Cezanne HR Software Sign-on URL directly and initiate the login flow from there.
-- [List of Tutorials on How to Integrate SaaS Apps with Azure Active Directory](./tutorial-list.md)
+* You can use Microsoft My Apps. When you click the Cezanne HR Software tile in the My Apps, this will redirect to Cezanne HR Software Sign-on URL. For more information about the My Apps, see [Introduction to the My Apps](../user-help/my-apps-portal-end-user-access.md).
-- [What is application access and single sign-on with Azure Active Directory?](../manage-apps/what-is-single-sign-on.md)
+## Next steps
-- [What is Conditional Access in Azure Active Directory?](../conditional-access/overview.md)
+Once you configure Cezanne HR Software you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-aad).
active-directory Confluencemicrosoft Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/confluencemicrosoft-tutorial.md
As of now, following versions of Confluence are supported:
- Confluence: 5.0 to 5.10 - Confluence: 6.0.1 to 6.15.9-- Confluence: 7.0.1 to 7.9.3
+- Confluence: 7.0.1 to 7.12.0
> [!NOTE] > Please note that our Confluence Plugin also works on Ubuntu Version 16.04
In this section, you test your Azure AD single sign-on configuration with follow
## Next steps
-Once you configure Confluence SAML SSO by Microsoft you can enforce Session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-aad)
+Once you configure Confluence SAML SSO by Microsoft you can enforce Session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-aad)
active-directory Contentful Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/contentful-tutorial.md
Previously updated : 04/20/2020 Last updated : 05/13/2021
In this tutorial, you'll learn how to integrate Contentful with Azure Active Dir
* Enable your users to be automatically signed-in to Contentful with their Azure AD accounts. * Manage your accounts in one central location - the Azure portal.
-To learn more about SaaS app integration with Azure AD, see [What is application access and single sign-on with Azure Active Directory](../manage-apps/what-is-single-sign-on.md).
- ## Prerequisites To get started, you need the following items:
To get started, you need the following items:
In this tutorial, you configure and test Azure AD SSO in a test environment.
-* Contentful supports **SP and IDP** initiated SSO
-* Contentful supports **Just In Time** user provisioning
-* Once you configure Contentful you can enforce session control, which protect exfiltration and infiltration of your organizationΓÇÖs sensitive data in real-time. Session control extend from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-any-app).
+* Contentful supports **SP and IDP** initiated SSO.
+* Contentful supports **Just In Time** user provisioning.
> [!NOTE]
-> The identifier of this application is a fixed string value. Only one instance can be configured in one tenant.
+> The identifier of this application is a fixed string value so only one instance can be configured in one tenant.
-## Adding Contentful from the gallery
+## Add Contentful from the gallery
To configure the integration of Contentful into Azure AD, you need to add Contentful from the gallery to your list of managed SaaS apps.
-1. Sign in to the [Azure portal](https://portal.azure.com) using either a work or school account, or a personal Microsoft account.
+1. Sign in to the Azure portal using either a work or school account, or a personal Microsoft account.
1. In the left navigation pane, select the **Azure Active Directory** service. 1. Navigate to **Enterprise Applications** and then select **All Applications**. 1. To add a new application, select **New application**. 1. In the **Add from the gallery** section, type **Contentful** in the search box. 1. Select **Contentful** in the results, and then add the app. Wait a few seconds while the app is added to your tenant.
-## Configure and test Azure AD single sign-on for Contentful
+## Configure and test Azure AD SSO for Contentful
Configure and test Azure AD SSO with Contentful using a test user called **B.Simon**. For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in Contentful.
-To configure and test Azure AD SSO with Contentful, complete the following building blocks:
+To configure and test Azure AD SSO with Contentful, perform the following steps:
1. **[Configure Azure AD SSO](#configure-azure-ad-sso)** - to enable your users to use this feature.
- * **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon.
- * **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable B.Simon to use Azure AD single sign-on.
+ 1. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon.
+ 1. **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable B.Simon to use Azure AD single sign-on.
1. **[Configure Contentful SSO](#configure-contentful-sso)** - to configure the single sign-on settings on application side.
- * **[Create Contentful test user](#create-contentful-test-user)** - to have a counterpart of B.Simon in Contentful that is linked to the Azure AD representation of user.
+ 1. **[Create Contentful test user](#create-contentful-test-user)** - to have a counterpart of B.Simon in Contentful that is linked to the Azure AD representation of user.
1. **[Test SSO](#test-sso)** - to verify whether the configuration works. ## Configure Azure AD SSO Follow these steps to enable Azure AD SSO in the Azure portal.
-1. In the [Azure portal](https://portal.azure.com/), on the **Contentful** application integration page, find the **Manage** section and select **single sign-on**.
+1. In the Azure portal, on the **Contentful** application integration page, find the **Manage** section and select **single sign-on**.
1. On the **Select a single sign-on method** page, select **SAML**.
-1. On the **Set up single sign-on with SAML** page, click the edit/pen icon for **Basic SAML Configuration** to edit the settings.
+1. On the **Set up single sign-on with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.
![Edit Basic SAML Configuration](common/edit-urls.png)
-1. In the **Basic SAML Configuration** section, if you want to configure the application in **IDP** initiated mode, enter the values for the following fields:
+1. In the **Basic SAML Configuration** section, if you want to configure the application in **IDP** initiated mode, perform the following step:
- - In the **Reply URL** text box, copy the ACS (Assertion Consumer Service) URL from the SSO setup page in Contentful. It will look like this:
- `https://be.contentful.com/sso/<organization_id>/consume`
+ a. In the **Reply URL** text box, copy the ACS (Assertion Consumer Service) URL from the SSO setup page in Contentful. It will look like this:
+ `https://be.contentful.com/sso/<organization_id>/consume`.
1. Click **Set additional URLs** and perform the following step if you want to configure the application in **SP** initiated mode:
- - In the **Sign-on URL** text box, copy the same ACS (Assertion Consumer Service) URL. It will look like this:
- `https://be.contentful.com/sso/<organization_id>/login`
+ a. In the **Sign-on URL** text box, copy the same ACS (Assertion Consumer Service) URL. It will look like this:
+ `https://be.contentful.com/sso/<organization_id>/login`.
> [!NOTE] > These values are not real. Update these values with the actual Reply URL and Sign-On URL by copying the ACS (Assertion Consumer Service) URL from the SSO setup page in Contentful.
In this section, you'll enable B.Simon to use Azure single sign-on by granting a
1. In the Azure portal, select **Enterprise Applications**, and then select **All applications**. 1. In the applications list, select **Contentful**.
-1. On the app's overview page, find the **Manage** section and select **Users and groups**.
-
- ![The "Users and groups" link](common/users-groups-blade.png)
-
-1. Select **Add user**, then select **Users and groups** in the **Add Assignment** dialog box.
-
- ![The Add User link](common/add-assign-user.png)
-
-1. In the **Users and groups** dialog box, select **B.Simon** from the Users list, then click the **Select** button at the bottom of the page.
-1. If you're expecting any role value in the SAML assertion, in the **Select Role** dialog box, select the appropriate role for the user from the list and then click the **Select** button at the bottom of the page.
-1. In the **Add Assignment** dialog box, click the **Assign** button.
+1. In the app's overview page, find the **Manage** section and select **Users and groups**.
+1. Select **Add user**, then select **Users and groups** in the **Add Assignment** dialog.
+1. In the **Users and groups** dialog, select **B.Simon** from the Users list, then click the **Select** button at the bottom of the screen.
+1. If you are expecting a role to be assigned to the users, you can select it from the **Select a role** dropdown. If no role has been set up for this app, you see "Default Access" role selected.
+1. In the **Add Assignment** dialog, click the **Assign** button.
## Configure Contentful SSO
In this section, a user called B.Simon is created in Contentful. Contentful supp
## Test SSO
-In this section, you test your Azure AD single sign-on configuration using the Access Panel.
+In this section, you test your Azure AD single sign-on configuration with following options.
+
+#### SP initiated:
+
+* Click on **Test this application** in Azure portal. This will redirect to Contentful Sign on URL where you can initiate the login flow.
-When you click the Contentful tile in the Access Panel, you should be automatically signed in to the Contentful for which you set up SSO. For more information about the Access Panel, see [Introduction to the Access Panel](../user-help/my-apps-portal-end-user-access.md).
+* Go to Contentful Sign-on URL directly and initiate the login flow from there.
-## Additional resources
+#### IDP initiated:
-- [List of Tutorials on How to Integrate SaaS Apps with Azure Active Directory](./tutorial-list.md)
+* Click on **Test this application** in Azure portal and you should be automatically signed in to the Contentful for which you set up the SSO.
-- [What is application access and single sign-on with Azure Active Directory?](../manage-apps/what-is-single-sign-on.md)
+You can also use Microsoft My Apps to test the application in any mode. When you click the Contentful tile in the My Apps, if configured in SP mode you would be redirected to the application sign on page for initiating the login flow and if configured in IDP mode, you should be automatically signed in to the Contentful for which you set up the SSO. For more information about the My Apps, see [Introduction to the My Apps](../user-help/my-apps-portal-end-user-access.md).
-- [What is conditional access in Azure Active Directory?](../conditional-access/overview.md)
+## Next steps
-- [Try Contentful with Azure AD](https://aad.portal.azure.com/)
+Once you configure Contentful you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-aad).
active-directory Contractworks Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/contractworks-tutorial.md
Previously updated : 09/05/2019 Last updated : 05/11/2021
In this tutorial, you'll learn how to integrate ContractWorks with Azure Active
* Enable your users to be automatically signed-in to ContractWorks with their Azure AD accounts. * Manage your accounts in one central location - the Azure portal.
-To learn more about SaaS app integration with Azure AD, see [What is application access and single sign-on with Azure Active Directory](../manage-apps/what-is-single-sign-on.md).
- ## Prerequisites To get started, you need the following items:
To get started, you need the following items:
In this tutorial, you configure and test Azure AD SSO in a test environment.
-* ContractWorks supports **SP** and **IDP** initiated SSO
+* ContractWorks supports **SP** and **IDP** initiated SSO.
+
+> [!NOTE]
+> Identifier of this application is a fixed string value so only one instance can be configured in one tenant.
-## Adding ContractWorks from the gallery
+## Add ContractWorks from the gallery
To configure the integration of ContractWorks into Azure AD, you need to add ContractWorks from the gallery to your list of managed SaaS apps.
-1. Sign in to the [Azure portal](https://portal.azure.com) using either a work or school account, or a personal Microsoft account.
+1. Sign in to the Azure portal using either a work or school account, or a personal Microsoft account.
1. On the left navigation pane, select the **Azure Active Directory** service. 1. Navigate to **Enterprise Applications** and then select **All Applications**. 1. To add new application, select **New application**. 1. In the **Add from the gallery** section, type **ContractWorks** in the search box. 1. Select **ContractWorks** from results panel and then add the app. Wait a few seconds while the app is added to your tenant.
-## Configure and test Azure AD single sign-on for ContractWorks
+## Configure and test Azure AD SSO for ContractWorks
Configure and test Azure AD SSO with ContractWorks using a test user called **B.Simon**. For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in ContractWorks.
-To configure and test Azure AD SSO with ContractWorks, complete the following building blocks:
+To configure and test Azure AD SSO with ContractWorks, perform the following steps:
1. **[Configure Azure AD SSO](#configure-azure-ad-sso)** - to enable your users to use this feature. 1. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon.
To configure and test Azure AD SSO with ContractWorks, complete the following bu
Follow these steps to enable Azure AD SSO in the Azure portal.
-1. In the [Azure portal](https://portal.azure.com/), on the **ContractWorks** application integration page, find the **Manage** section and select **single sign-on**.
+1. In the Azure portal, on the **ContractWorks** application integration page, find the **Manage** section and select **single sign-on**.
1. On the **Select a single sign-on method** page, select **SAML**.
-1. On the **Set up single sign-on with SAML** page, click the edit/pen icon for **Basic SAML Configuration** to edit the settings.
+1. On the **Set up single sign-on with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.
![Edit Basic SAML Configuration](common/edit-urls.png) 1. On the **Set up single sign-on with SAML** page, enter the values for the following fields:
- In the **Identifier** text box, type a URL:
+ In the **Identifier** text box, type the URL:
`https://login.securedocs.com/saml/metadata` 1. On the **Set up single sign-on with SAML** page, In the **SAML Signing Certificate** section, click copy button to copy **App Federation Metadata Url** and save it on your computer.
In this section, you'll enable B.Simon to use Azure single sign-on by granting a
1. In the Azure portal, select **Enterprise Applications**, and then select **All applications**. 1. In the applications list, select **ContractWorks**. 1. In the app's overview page, find the **Manage** section and select **Users and groups**.-
- ![The "Users and groups" link](common/users-groups-blade.png)
- 1. Select **Add user**, then select **Users and groups** in the **Add Assignment** dialog.-
- ![The Add User link](common/add-assign-user.png)
- 1. In the **Users and groups** dialog, select **B.Simon** from the Users list, then click the **Select** button at the bottom of the screen.
-1. If you're expecting any role value in the SAML assertion, in the **Select Role** dialog, select the appropriate role for the user from the list and then click the **Select** button at the bottom of the screen.
+1. If you are expecting a role to be assigned to the users, you can select it from the **Select a role** dropdown. If no role has been set up for this app, you see "Default Access" role selected.
1. In the **Add Assignment** dialog, click the **Assign** button. ## Configure ContractWorks SSO
In this section, you create a user called B.Simon in ContractWorks. Work with [
## Test SSO
-In this section, you test your Azure AD single sign-on configuration using the Access Panel.
+In this section, you test your Azure AD single sign-on configuration with following options.
+
+#### SP initiated:
+
+* Click on **Test this application** in Azure portal. This will redirect to ContractWorks Sign on URL where you can initiate the login flow.
-When you click the ContractWorks tile in the Access Panel, you should be automatically signed in to the ContractWorks for which you set up SSO. For more information about the Access Panel, see [Introduction to the Access Panel](../user-help/my-apps-portal-end-user-access.md).
+* Go to ContractWorks Sign-on URL directly and initiate the login flow from there.
-## Additional resources
+#### IDP initiated:
-- [ List of Tutorials on How to Integrate SaaS Apps with Azure Active Directory ](./tutorial-list.md)
+* Click on **Test this application** in Azure portal and you should be automatically signed in to the ContractWorks for which you set up the SSO.
-- [What is application access and single sign-on with Azure Active Directory? ](../manage-apps/what-is-single-sign-on.md)
+You can also use Microsoft My Apps to test the application in any mode. When you click the ContractWorks tile in the My Apps, if configured in SP mode you would be redirected to the application sign on page for initiating the login flow and if configured in IDP mode, you should be automatically signed in to the ContractWorks for which you set up the SSO. For more information about the My Apps, see [Introduction to the My Apps](../user-help/my-apps-portal-end-user-access.md).
-- [What is conditional access in Azure Active Directory?](../conditional-access/overview.md)
+## Next steps
-- [Try ContractWorks with Azure AD](https://aad.portal.azure.com/)
+Once you configure ContractWorks you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-aad).
active-directory Deputy Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/deputy-tutorial.md
Previously updated : 01/25/2019 Last updated : 05/11/2021 # Tutorial: Azure Active Directory integration with Deputy
-In this tutorial, you learn how to integrate Deputy with Azure Active Directory (Azure AD).
-Integrating Deputy with Azure AD provides you with the following benefits:
+In this tutorial, you'll learn how to integrate Deputy with Azure Active Directory (Azure AD). When you integrate Deputy with Azure AD, you can:
-* You can control in Azure AD who has access to Deputy.
-* You can enable your users to be automatically signed-in to Deputy (Single Sign-On) with their Azure AD accounts.
-* You can manage your accounts in one central location - the Azure portal.
-
-If you want to know more details about SaaS app integration with Azure AD, see [What is application access and single sign-on with Azure Active Directory](../manage-apps/what-is-single-sign-on.md).
-If you don't have an Azure subscription, [create a free account](https://azure.microsoft.com/free/) before you begin.
+* Control in Azure AD who has access to Deputy.
+* Enable your users to be automatically signed-in to Deputy with their Azure AD accounts.
+* Manage your accounts in one central location - the Azure portal.
## Prerequisites
-To configure Azure AD integration with Deputy, you need the following items:
+To get started, you need the following items:
-* An Azure AD subscription. If you don't have an Azure AD environment, you can get one-month trial [here](https://azure.microsoft.com/pricing/free-trial/)
-* Deputy single sign-on enabled subscription
+* An Azure AD subscription. If you don't have a subscription, you can get a [free account](https://azure.microsoft.com/free/).
+* Deputy single sign-on (SSO) enabled subscription.
## Scenario description
-In this tutorial, you configure and test Azure AD single sign-on in a test environment.
+In this tutorial, you configure and test Azure AD SSO in a test environment.
-* Deputy supports **SP** and **IDP** initiated SSO
+* Deputy supports **SP and IDP** initiated SSO.
+* Deputy supports **Just In Time** user provisioning.
-## Adding Deputy from the gallery
+## Add Deputy from the gallery
To configure the integration of Deputy into Azure AD, you need to add Deputy from the gallery to your list of managed SaaS apps.
-**To add Deputy from the gallery, perform the following steps:**
-
-1. In the **[Azure portal](https://portal.azure.com)**, on the left navigation panel, click **Azure Active Directory** icon.
-
- ![The Azure Active Directory button](common/select-azuread.png)
-
-2. Navigate to **Enterprise Applications** and then select the **All Applications** option.
-
- ![The Enterprise applications blade](common/enterprise-applications.png)
-
-3. To add new application, click **New application** button on the top of dialog.
-
- ![The New application button](common/add-new-app.png)
-
-4. In the search box, type **Deputy**, select **Deputy** from result panel then click **Add** button to add the application.
-
- ![Deputy in the results list](common/search-new-app.png)
-
-## Configure and test Azure AD single sign-on
-
-In this section, you configure and test Azure AD single sign-on with Deputy based on a test user called **Britta Simon**.
-For single sign-on to work, a link relationship between an Azure AD user and the related user in Deputy needs to be established.
-
-To configure and test Azure AD single sign-on with Deputy, you need to complete the following building blocks:
-
-1. **[Configure Azure AD Single Sign-On](#configure-azure-ad-single-sign-on)** - to enable your users to use this feature.
-2. **[Configure Deputy Single Sign-On](#configure-deputy-single-sign-on)** - to configure the Single Sign-On settings on application side.
-3. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with Britta Simon.
-4. **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable Britta Simon to use Azure AD single sign-on.
-5. **[Create Deputy test user](#create-deputy-test-user)** - to have a counterpart of Britta Simon in Deputy that is linked to the Azure AD representation of user.
-6. **[Test single sign-on](#test-single-sign-on)** - to verify whether the configuration works.
+1. Sign in to the Azure portal using either a work or school account, or a personal Microsoft account.
+1. On the left navigation pane, select the **Azure Active Directory** service.
+1. Navigate to **Enterprise Applications** and then select **All Applications**.
+1. To add new application, select **New application**.
+1. In the **Add from the gallery** section, type **Deputy** in the search box.
+1. Select **Deputy** from results panel and then add the app. Wait a few seconds while the app is added to your tenant.
-### Configure Azure AD single sign-on
+## Configure and test Azure AD SSO for Deputy
-In this section, you enable Azure AD single sign-on in the Azure portal.
+Configure and test Azure AD SSO with Deputy using a test user called **B.Simon**. For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in Deputy.
-To configure Azure AD single sign-on with Deputy, perform the following steps:
+To configure and test Azure AD SSO with Deputy, perform the following steps:
-1. In the [Azure portal](https://portal.azure.com/), on the **Deputy** application integration page, select **Single sign-on**.
+1. **[Configure Azure AD SSO](#configure-azure-ad-sso)** - to enable your users to use this feature.
+ 1. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon.
+ 1. **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable B.Simon to use Azure AD single sign-on.
+1. **[Configure Deputy SSO](#configure-deputy-sso)** - to configure the single sign-on settings on application side.
+ 1. **[Create Deputy test user](#create-deputy-test-user)** - to have a counterpart of B.Simon in Deputy that is linked to the Azure AD representation of user.
+1. **[Test SSO](#test-sso)** - to verify whether the configuration works.
- ![Configure single sign-on link](common/select-sso.png)
+## Configure Azure AD SSO
-2. On the **Select a Single sign-on method** dialog, select **SAML/WS-Fed** mode to enable single sign-on.
+Follow these steps to enable Azure AD SSO in the Azure portal.
- ![Single sign-on select mode](common/select-saml-option.png)
+1. In the Azure portal, on the **Deputy** application integration page, find the **Manage** section and select **single sign-on**.
+1. On the **Select a single sign-on method** page, select **SAML**.
+1. On the **Set up single sign-on with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.
-3. On the **Set up Single Sign-On with SAML** page, click **Edit** icon to open **Basic SAML Configuration** dialog.
-
- ![Edit Basic SAML Configuration](common/edit-urls.png)
+ ![Edit Basic SAML Configuration](common/edit-urls.png)
4. On the **Basic SAML Configuration** section, If you wish to configure the application in **IDP** initiated mode, perform the following steps:
- ![Screenshot that shows the "Basic S A M L Configuration" section with the "Identifier", "Reply URL", and "Save" button highlighted.](common/idp-intiated.png)
-
- a. In the **Identifier** text box, type a URL using the following pattern:
+ a. In the **Identifier** text box, type a URL using one of the following patterns:
```http https://<subdomain>.<region>.au.deputy.com
To configure Azure AD single sign-on with Deputy, perform the following steps:
https://<subdomain>.<region>.deputy.com ```
- b. In the **Reply URL** text box, type a URL using the following pattern:
+ b. In the **Reply URL** text box, type a URL using one of the following patterns:
```http https://<subdomain>.<region>.au.deputy.com/exec/devapp/samlacs
To configure Azure AD single sign-on with Deputy, perform the following steps:
5. Click **Set additional URLs** and perform the following step if you wish to configure the application in **SP** initiated mode:
- ![Deputy Domain and URLs single sign-on information](common/metadata-upload-additional-signon.png)
- In the **Sign-on URL** text box, type a URL using the following pattern: `https://<your-subdomain>.<region>.deputy.com`
To configure Azure AD single sign-on with Deputy, perform the following steps:
> [!NOTE] > These values are not real. Update these values with the actual Identifier, Reply URL and Sign-on URL. Contact [Deputy Client support team](https://www.deputy.com/call-centers-customer-support-scheduling-software) to get these values. You can also refer to the patterns shown in the **Basic SAML Configuration** section in the Azure portal.
-6. On the **Set up Single Sign-On with SAML** page, in the **SAML Signing Certificate** section, click **Download** to download the **Certificate (Base64)** from the given options as per your requirement and save it on your computer.
-
- ![The Certificate download link](common/certificatebase64.png)
-
-7. On the **Set up Deputy** section, copy the appropriate URL(s) as per your requirement.
-
- ![Copy configuration URLs](common/copy-configuration-urls.png)
-
- a. Login URL
-
- b. Azure Ad Identifier
+1. Deputy application expects the SAML assertions in a specific format, which requires you to add custom attribute mappings to your SAML token attributes configuration. The following screenshot shows the list of default attributes.
- c. Logout URL
+ ![image](common/default-attributes.png)
-### Configure Deputy Single Sign-On
-
-1. Navigate to the following URL:`https://(your-subdomain).deputy.com/exec/config/system_config`. Go to **Security Settings** and click **Edit**.
-
- ![Screenshot that shows the "System Config" page with the "Security Settings - Edit" button selected.](./media/deputy-tutorial/tutorial_deputy_004.png)
-
-2. On this **Security Settings** page, perform below steps.
-
- ![Configure Single Sign-On](./media/deputy-tutorial/tutorial_deputy_005.png)
+1. In addition to above, Deputy application expects few more attributes to be passed back in SAML response, which are shown below. These attributes are also pre populated but you can review them as per your requirements.
- a. Enable **Social Login**.
-
- b. Open your Base64 encoded certificate downloaded from Azure portal in notepad, copy the content of it into your clipboard, and then paste it to the **OpenSSL Certificate** textbox.
-
- c. In the SAML SSO URL textbox, type `https://<your subdomain>.deputy.com/exec/devapp/samlacs?dpLoginTo=<saml sso url>`
-
- d. In the SAML SSO URL textbox, replace `<your subdomain>` with your subdomain.
-
- e. In the SAML SSO URL textbox, replace `<saml sso url>` with the **Login URL** you have copied from the Azure portal.
-
- f. Click **Save Settings**.
-
-### Create an Azure AD test user
+ | Name | Source Attribute|
+ | -- | |
+ | First name | user.givenname|
+ | Last name | user.surname |
-The objective of this section is to create a test user in the Azure portal called Britta Simon.
-
-1. In the Azure portal, in the left pane, select **Azure Active Directory**, select **Users**, and then select **All users**.
+6. On the **Set up Single Sign-On with SAML** page, in the **SAML Signing Certificate** section, click **Download** to download the **Certificate (Base64)** from the given options as per your requirement and save it on your computer.
- ![The "Users and groups" and "All users" links](common/users.png)
+ ![The Certificate download link](common/certificatebase64.png)
-2. Select **New user** at the top of the screen.
+7. On the **Set up Deputy** section, copy the appropriate URL(s) as per your requirement.
- ![New user Button](common/new-user.png)
+ ![Copy configuration URLs](common/copy-configuration-urls.png)
-3. In the User properties, perform the following steps.
+### Create an Azure AD test user
- ![The User dialog box](common/user-properties.png)
+In this section, you'll create a test user in the Azure portal called B.Simon.
- a. In the **Name** field enter **BrittaSimon**.
-
- b. In the **User name** field type **brittasimon\@yourcompanydomain.extension**
- For example, BrittaSimon@contoso.com
+1. From the left pane in the Azure portal, select **Azure Active Directory**, select **Users**, and then select **All users**.
+1. Select **New user** at the top of the screen.
+1. In the **User** properties, follow these steps:
+ 1. In the **Name** field, enter `B.Simon`.
+ 1. In the **User name** field, enter the username@companydomain.extension. For example, `B.Simon@contoso.com`.
+ 1. Select the **Show password** check box, and then write down the value that's displayed in the **Password** box.
+ 1. Click **Create**.
- c. Select **Show password** check box, and then write down the value that's displayed in the Password box.
+### Assign the Azure AD test user
- d. Click **Create**.
+In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Deputy.
-### Assign the Azure AD test user
+1. In the Azure portal, select **Enterprise Applications**, and then select **All applications**.
+1. In the applications list, select **Deputy**.
+1. In the app's overview page, find the **Manage** section and select **Users and groups**.
+1. Select **Add user**, then select **Users and groups** in the **Add Assignment** dialog.
+1. In the **Users and groups** dialog, select **B.Simon** from the Users list, then click the **Select** button at the bottom of the screen.
+1. If you are expecting a role to be assigned to the users, you can select it from the **Select a role** dropdown. If no role has been set up for this app, you see "Default Access" role selected.
+1. In the **Add Assignment** dialog, click the **Assign** button.
-In this section, you enable Britta Simon to use Azure single sign-on by granting access to Deputy.
+## Configure Deputy SSO
-1. In the Azure portal, select **Enterprise Applications**, select **All applications**, then select **Deputy**.
+1. Login to your Deputy account as an administrator.
- ![Enterprise applications blade](common/enterprise-applications.png)
+1. In the upper right corner, click on your account, select **Business settings**.
-2. In the applications list, select **Deputy**.
+ ![Screenshot for Business settings](./media/deputy-tutorial/business-settings.png)
- ![The Deputy link in the Applications list](common/all-applications.png)
+1. Then under the **General** tab, click **Single Sign-On settings**.
-3. In the menu on the left, select **Users and groups**.
+ ![Screenshot for Single Sign-On settings](./media/deputy-tutorial/general.png)
- ![The "Users and groups" link](common/users-groups-blade.png)
+2. On this **Single Sign-On settings** page, perform the below steps.
-4. Click the **Add user** button, then select **Users and groups** in the **Add Assignment** dialog.
+ ![Configure Single Sign-On](./media/deputy-tutorial/configuration.png)
+
+ a. Click **Enable single sign-on**.
+
+ b. In the **Identity provider login URL** textbox, paste the **Login URL** which you have copied from the Azure portal.
- ![The Add Assignment pane](common/add-assign-user.png)
+ c. In the **Identity provider issuer** textbox, paste the **Identifier(Entity ID)** which you have copied from the Azure portal.
-5. In the **Users and groups** dialog select **Britta Simon** in the Users list, then click the **Select** button at the bottom of the screen.
+ d. Open the downloaded **Certificate (Base64)** from the Azure portal into Notepad and paste the content into the **X.509 certificate** textbox.
-6. If you are expecting any role value in the SAML assertion then in the **Select Role** dialog select the appropriate role for the user from the list, then click the **Select** button at the bottom of the screen.
+ e. Enable the **Single sign-on login required**, if you want to login with SSO.
+
+ f. Enable the **Just-in-time provisioning** and in the **First name** and **Last name** fields, give the names of the attributes you have set up in **User Attributes & Claims** section, like `First name` and `Last name`.
-7. In the **Add Assignment** dialog click the **Assign** button.
+ g. Click **Apply changes**.
### Create Deputy test user
-To enable Azure AD users to log in to Deputy, they must be provisioned into Deputy. In case of Deputy, provisioning is a manual task.
+In this section, a user called Britta Simon is created in Deputy. Deputy supports just-in-time user provisioning, which is enabled by default. There is no action item for you in this section. If a user doesn't already exist in Deputy, a new one is created after authentication.
-#### To provision a user account, perform the following steps:
+#### To add the user manually, perform the following steps:
1. Log in to your Deputy company site as an administrator. 2. On the top navigation pane, click **People**.
-
- ![People](./media/deputy-tutorial/tutorial_deputy_001.png "People")
-3. Click the **Add People** button and click **Add a single person**.
+3. Click the **Add People** button and click **Add Single Person**.
- ![Add People](./media/deputy-tutorial/tutorial_deputy_002.png "Add People")
+ ![Add People](./media/deputy-tutorial/create-user-1.png "Add People")
-4. Perform the following steps and click **Save & Invite**.
+4. Perform the following steps in the **General** tab to add a user.
- ![New User](./media/deputy-tutorial/tutorial_deputy_003.png "New User")
+ ![New User](./media/deputy-tutorial/create-user-2.png "New User")
- a. In the **Name** textbox, type name of the user like **BrittaSimon**.
-
- b. In the **Email** textbox, type the email address of an Azure AD account you want to provision.
+ a. In the **First name** and **Last name** textboxes, fill the fields like **Britta** and **Simon**.
- c. In the **Work at** textbox, type the business name.
+ b. In the **Work at** textbox, type the business name.
- d. Click **Save & Invite** button.
+ c. Click **Save** button.
+
+## Test SSO
+
+In this section, you test your Azure AD single sign-on configuration with following options.
+
+#### SP initiated:
-5. The Azure AD account holder receives an email and follows a link to confirm their account before it becomes active. You can use any other Deputy user account creation tools or APIs provided by Deputy to provision Azure AD user accounts.
+* Click on **Test this application** in Azure portal. This will redirect to TeamzSkill Sign on URL where you can initiate the login flow.
-### Test single sign-on
+* Go to TeamzSkill Sign-on URL directly and initiate the login flow from there.
-In this section, you test your Azure AD single sign-on configuration using the Access Panel.
+#### IDP initiated:
-When you click the Deputy tile in the Access Panel, you should be automatically signed in to the Deputy for which you set up SSO. For more information about the Access Panel, see [Introduction to the Access Panel](../user-help/my-apps-portal-end-user-access.md).
+* Click on **Test this application** in Azure portal and you should be automatically signed in to the TeamzSkill for which you set up the SSO
-## Additional Resources
+You can also use Microsoft My Apps to test the application in any mode. When you click the TeamzSkill tile in the My Apps, if configured in SP mode you would be redirected to the application sign on page for initiating the login flow and if configured in IDP mode, you should be automatically signed in to the TeamzSkill for which you set up the SSO. For more information about the My Apps, see [Introduction to the My Apps](../user-help/my-apps-portal-end-user-access.md).
-- [List of Tutorials on How to Integrate SaaS Apps with Azure Active Directory](./tutorial-list.md) -- [What is application access and single sign-on with Azure Active Directory?](../manage-apps/what-is-single-sign-on.md)
+## Next steps
-- [What is Conditional Access in Azure Active Directory?](../conditional-access/overview.md)
+Once you configure Deputy you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-any-app).
active-directory Domo Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/domo-tutorial.md
Previously updated : 08/26/2019 Last updated : 05/03/2021
In this tutorial, you'll learn how to integrate Domo with Azure Active Directory
* Enable your users to be automatically signed-in to Domo with their Azure AD accounts. * Manage your accounts in one central location - the Azure portal.
-To learn more about SaaS app integration with Azure AD, see [What is application access and single sign-on with Azure Active Directory](../manage-apps/what-is-single-sign-on.md).
- ## Prerequisites To get started, you need the following items:
To get started, you need the following items:
In this tutorial, you configure and test Azure AD SSO in a test environment.
-* Domo supports **SP** initiated SSO
-* Domo supports **Just In Time** user provisioning
+* Domo supports **SP** initiated SSO.
+* Domo supports **Just In Time** user provisioning.
-## Adding Domo from the gallery
+## Add Domo from the gallery
To configure the integration of Domo into Azure AD, you need to add Domo from the gallery to your list of managed SaaS apps.
-1. Sign in to the [Azure portal](https://portal.azure.com) using either a work or school account, or a personal Microsoft account.
+1. Sign in to the Azure portal using either a work or school account, or a personal Microsoft account.
1. On the left navigation pane, select the **Azure Active Directory** service. 1. Navigate to **Enterprise Applications** and then select **All Applications**. 1. To add new application, select **New application**. 1. In the **Add from the gallery** section, type **Domo** in the search box. 1. Select **Domo** from results panel and then add the app. Wait a few seconds while the app is added to your tenant.
-## Configure and test Azure AD single sign-on for Domo
+## Configure and test Azure AD SSO for Domo
Configure and test Azure AD SSO with Domo using a test user called **B.Simon**. For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in Domo.
-To configure and test Azure AD SSO with Domo, complete the following building blocks:
+To configure and test Azure AD SSO with Domo, perform the following steps:
1. **[Configure Azure AD SSO](#configure-azure-ad-sso)** - to enable your users to use this feature. 1. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon.
To configure and test Azure AD SSO with Domo, complete the following building bl
Follow these steps to enable Azure AD SSO in the Azure portal.
-1. In the [Azure portal](https://portal.azure.com/), on the **Domo** application integration page, find the **Manage** section and select **single sign-on**.
+1. In the Azure portal, on the **Domo** application integration page, find the **Manage** section and select **single sign-on**.
1. On the **Select a single sign-on method** page, select **SAML**.
-1. On the **Set up single sign-on with SAML** page, click the edit/pen icon for **Basic SAML Configuration** to edit the settings.
+1. On the **Set up single sign-on with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.
![Edit Basic SAML Configuration](common/edit-urls.png)-
+
1. On the **Basic SAML Configuration** section, enter the values for the following fields: a. In the **Sign on URL** text box, type a URL using the following pattern: `https://<companyname>.domo.com`
- b. In the **Identifier (Entity ID)** text box, type a URL using the following pattern:
+ b. In the **Identifier (Entity ID)** text box, type a URL using one of the following patterns:
```http https://<companyname>.domo.com
In this section, you'll enable B.Simon to use Azure single sign-on by granting a
1. In the Azure portal, select **Enterprise Applications**, and then select **All applications**. 1. In the applications list, select **Domo**. 1. In the app's overview page, find the **Manage** section and select **Users and groups**.-
- ![The "Users and groups" link](common/users-groups-blade.png)
- 1. Select **Add user**, then select **Users and groups** in the **Add Assignment** dialog.-
- ![The Add User link](common/add-assign-user.png)
- 1. In the **Users and groups** dialog, select **B.Simon** from the Users list, then click the **Select** button at the bottom of the screen.
-1. If you're expecting any role value in the SAML assertion, in the **Select Role** dialog, select the appropriate role for the user from the list and then click the **Select** button at the bottom of the screen.
+1. If you are expecting a role to be assigned to the users, you can select it from the **Select a role** dropdown. If no role has been set up for this app, you see "Default Access" role selected.
1. In the **Add Assignment** dialog, click the **Assign** button. ## Configure Domo SSO
In this section, a user called B.Simon is created in Domo. Domo supports just-in
## Test SSO
-In this section, you test your Azure AD single sign-on configuration using the Access Panel.
-
-When you click the Domo tile in the Access Panel, you should be automatically signed in to the Domo for which you set up SSO. For more information about the Access Panel, see [Introduction to the Access Panel](../user-help/my-apps-portal-end-user-access.md).
+In this section, you test your Azure AD single sign-on configuration with following options.
-## Additional resources
+* Click on **Test this application** in Azure portal. This will redirect to Domo Sign-on URL where you can initiate the login flow.
-- [ List of Tutorials on How to Integrate SaaS Apps with Azure Active Directory ](./tutorial-list.md)
+* Go to Domo Sign-on URL directly and initiate the login flow from there.
-- [What is application access and single sign-on with Azure Active Directory? ](../manage-apps/what-is-single-sign-on.md)
+* You can use Microsoft My Apps. When you click the Domo tile in the My Apps, this will redirect to Domo Sign-on URL. For more information about the My Apps, see [Introduction to the My Apps](../user-help/my-apps-portal-end-user-access.md).
-- [What is conditional access in Azure Active Directory?](../conditional-access/overview.md)
+## Next steps
-- [Try Domo with Azure AD](https://aad.portal.azure.com/)
+Once you configure Domo you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-aad).
active-directory Drift Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/drift-tutorial.md
Previously updated : 10/17/2019 Last updated : 05/11/2021
In this tutorial, you'll learn how to integrate Drift with Azure Active Director
* Enable your users to be automatically signed-in to Drift with their Azure AD accounts. * Manage your accounts in one central location - the Azure portal.
-To learn more about SaaS app integration with Azure AD, see [What is application access and single sign-on with Azure Active Directory](../manage-apps/what-is-single-sign-on.md).
- ## Prerequisites To get started, you need the following items:
To get started, you need the following items:
In this tutorial, you configure and test Azure AD SSO in a test environment.
-* Drift supports **SP and IDP** initiated SSO
-* Drift supports **Just In Time** user provisioning
+* Drift supports **SP and IDP** initiated SSO.
+* Drift supports **Just In Time** user provisioning.
> [!NOTE] > Identifier of this application is a fixed string value so only one instance can be configured in one tenant.
-## Adding Drift from the gallery
+## Add Drift from the gallery
To configure the integration of Drift into Azure AD, you need to add Drift from the gallery to your list of managed SaaS apps.
-1. Sign in to the [Azure portal](https://portal.azure.com) using either a work or school account, or a personal Microsoft account.
+1. Sign in to the Azure portal using either a work or school account, or a personal Microsoft account.
1. On the left navigation pane, select the **Azure Active Directory** service. 1. Navigate to **Enterprise Applications** and then select **All Applications**. 1. To add new application, select **New application**. 1. In the **Add from the gallery** section, type **Drift** in the search box. 1. Select **Drift** from results panel and then add the app. Wait a few seconds while the app is added to your tenant.
-## Configure and test Azure AD single sign-on for Drift
+## Configure and test Azure AD SSO for Drift
Configure and test Azure AD SSO with Drift using a test user called **B.Simon**. For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in Drift.
-To configure and test Azure AD SSO with Drift, complete the following building blocks:
+To configure and test Azure AD SSO with Drift, perform the following steps:
1. **[Configure Azure AD SSO](#configure-azure-ad-sso)** - to enable your users to use this feature. 1. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon.
To configure and test Azure AD SSO with Drift, complete the following building b
Follow these steps to enable Azure AD SSO in the Azure portal.
-1. In the [Azure portal](https://portal.azure.com/), on the **Drift** application integration page, find the **Manage** section and select **single sign-on**.
+1. In the Azure portal, on the **Drift** application integration page, find the **Manage** section and select **single sign-on**.
1. On the **Select a single sign-on method** page, select **SAML**.
-1. On the **Set up single sign-on with SAML** page, click the edit/pen icon for **Basic SAML Configuration** to edit the settings.
+1. On the **Set up single sign-on with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.
![Edit Basic SAML Configuration](common/edit-urls.png)
Follow these steps to enable Azure AD SSO in the Azure portal.
a. Click **Set additional URLs**.
- b. In the **Relay State** text box, type a URL:
+ b. In the **Relay State** text box, type the URL:
`https://app.drift.com`
- c. If you wish to configure the application in **SP** initiated mode perform the following step:
+1. Perform the following step if you wish to configure the application in SP initiated mode, click Set additional URLs :
- d. In the **Sign-on URL** text box, type a URL:
+ a. In the **Sign-on URL** text box, type the URL:
`https://start.drift.com` 6. Your Drift application expects the SAML assertions in a specific format, which requires you to add custom attribute mappings to your SAML token attributes configuration. The following screenshot shows the list of default attributes.
In this section, you'll enable B.Simon to use Azure single sign-on by granting a
1. In the Azure portal, select **Enterprise Applications**, and then select **All applications**. 1. In the applications list, select **Drift**. 1. In the app's overview page, find the **Manage** section and select **Users and groups**.-
- ![The "Users and groups" link](common/users-groups-blade.png)
- 1. Select **Add user**, then select **Users and groups** in the **Add Assignment** dialog.-
- ![The Add User link](common/add-assign-user.png)
- 1. In the **Users and groups** dialog, select **B.Simon** from the Users list, then click the **Select** button at the bottom of the screen.
-1. If you're expecting any role value in the SAML assertion, in the **Select Role** dialog, select the appropriate role for the user from the list and then click the **Select** button at the bottom of the screen.
+1. If you are expecting a role to be assigned to the users, you can select it from the **Select a role** dropdown. If no role has been set up for this app, you see "Default Access" role selected.
1. In the **Add Assignment** dialog, click the **Assign** button. ## Configure Drift SSO
In this section, you'll enable B.Simon to use Azure single sign-on by granting a
4. From the left side of menu bar, click on **Settings icon** > **App Settings** > **Authentication** and perform the following steps:
- ![The Admin link](./media/drift-tutorial/tutorial_drift_admin.png)
+ ![The Admin link](./media/drift-tutorial/admin.png)
a. Upload the **Federation Metadata XML** that you have downloaded from the Azure portal, into the **Upload Identity Provider metadata file** text box.
In this section, a user called Britta Simon is created in Drift. Drift supports
## Test SSO
-In this section, you test your Azure AD single sign-on configuration using the Access Panel.
+In this section, you test your Azure AD single sign-on configuration with following options.
+
+#### SP initiated:
+
+* Click on **Test this application** in Azure portal. This will redirect to Drift Sign on URL where you can initiate the login flow.
-When you click the Drift tile in the Access Panel, you should be automatically signed in to the Drift for which you set up SSO. For more information about the Access Panel, see [Introduction to the Access Panel](../user-help/my-apps-portal-end-user-access.md).
+* Go to Drift Sign-on URL directly and initiate the login flow from there.
-## Additional resources
+#### IDP initiated:
-- [ List of Tutorials on How to Integrate SaaS Apps with Azure Active Directory ](./tutorial-list.md)
+* Click on **Test this application** in Azure portal and you should be automatically signed in to the Drift for which you set up the SSO.
-- [What is application access and single sign-on with Azure Active Directory? ](../manage-apps/what-is-single-sign-on.md)
+You can also use Microsoft My Apps to test the application in any mode. When you click the Drift tile in the My Apps, if configured in SP mode you would be redirected to the application sign on page for initiating the login flow and if configured in IDP mode, you should be automatically signed in to the Drift for which you set up the SSO. For more information about the My Apps, see [Introduction to the My Apps](../user-help/my-apps-portal-end-user-access.md).
-- [What is conditional access in Azure Active Directory?](../conditional-access/overview.md)
+## Next steps
-- [Try Drift with Azure AD](https://aad.portal.azure.com/)
+Once you configure Drift you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-aad).
active-directory Easysso For Jira Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/easysso-for-jira-tutorial.md
Previously updated : 05/28/2020 Last updated : 05/13/2021
In this tutorial, you'll learn how to integrate EasySSO for Jira with Azure Acti
* Enable your users to be automatically signed-in to Jira with their Azure AD accounts. * Manage your accounts in one central location - the Azure portal.
-To learn more about SaaS app integration with Azure AD, see [What is application access and single sign-on with Azure Active Directory](../manage-apps/what-is-single-sign-on.md).
- ## Prerequisites To get started, you need the following items:
To get started, you need the following items:
In this tutorial, you configure and test Azure AD SSO in a test environment.
-* EasySSO for Jira supports **SP and IDP** initiated SSO
-* EasySSO for Jira supports **Just In Time** user provisioning
-* Once you configure EasySSO for Jira you can enforce session control, which protect exfiltration and infiltration of your organizationΓÇÖs sensitive data in real-time. Session control extend from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-any-app).
+* EasySSO for Jira supports **SP and IDP** initiated SSO.
+* EasySSO for Jira supports **Just In Time** user provisioning.
-## Adding EasySSO for Jira from the gallery
+## Add EasySSO for Jira from the gallery
To configure the integration of EasySSO for Jira into Azure AD, you need to add EasySSO for Jira from the gallery to your list of managed SaaS apps.
-1. Sign in to the [Azure portal](https://portal.azure.com) using either a work or school account, or a personal Microsoft account.
+1. Sign in to the Azure portal using either a work or school account, or a personal Microsoft account.
1. On the left navigation pane, select the **Azure Active Directory** service. 1. Navigate to **Enterprise Applications** and then select **All Applications**. 1. To add new application, select **New application**. 1. In the **Add from the gallery** section, type **EasySSO for Jira** in the search box. 1. Select **EasySSO for Jira** from results panel and then add the app. Wait a few seconds while the app is added to your tenant. -
-## Configure and test Azure AD single sign-on for EasySSO for Jira
+## Configure and test Azure AD SSO for EasySSO for Jira
Configure and test Azure AD SSO with EasySSO for Jira using a test user called **B.Simon**. For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in EasySSO for Jira.
-To configure and test Azure AD SSO with EasySSO for Jira, complete the following building blocks:
+To configure and test Azure AD SSO with EasySSO for Jira, perform the following steps:
1. **[Configure Azure AD SSO](#configure-azure-ad-sso)** - to enable your users to use this feature. 1. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon.
To configure and test Azure AD SSO with EasySSO for Jira, complete the following
Follow these steps to enable Azure AD SSO in the Azure portal.
-1. In the [Azure portal](https://portal.azure.com/), on the **EasySSO for Jira** application integration page, find the **Manage** section and select **single sign-on**.
+1. In the Azure portal, on the **EasySSO for Jira** application integration page, find the **Manage** section and select **single sign-on**.
1. On the **Select a single sign-on method** page, select **SAML**.
-1. On the **Set up single sign-on with SAML** page, click the edit/pen icon for **Basic SAML Configuration** to edit the settings.
+1. On the **Set up single sign-on with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.
![Edit Basic SAML Configuration](common/edit-urls.png)
-1. On the **Basic SAML Configuration** section, if you wish to configure the application in **IDP** initiated mode, enter the values for the following fields:
+1. On the **Basic SAML Configuration** section, if you wish to configure the application in **IDP** initiated mode, perform the following steps:
a. In the **Identifier** text box, type a URL using the following pattern: `https://<server-base-url>/plugins/servlet/easysso/saml`
In this section, you'll enable B.Simon to use Azure single sign-on by granting a
1. In the Azure portal, select **Enterprise Applications**, and then select **All applications**. 1. In the applications list, select **EasySSO for Jira**. 1. In the app's overview page, find the **Manage** section and select **Users and groups**.-
- ![The "Users and groups" link](common/users-groups-blade.png)
- 1. Select **Add user**, then select **Users and groups** in the **Add Assignment** dialog.-
- ![The Add User link](common/add-assign-user.png)
- 1. In the **Users and groups** dialog, select **B.Simon** from the Users list, then click the **Select** button at the bottom of the screen.
-1. If you're expecting any role value in the SAML assertion, in the **Select Role** dialog, select the appropriate role for the user from the list and then click the **Select** button at the bottom of the screen.
+1. If you are expecting a role to be assigned to the users, you can select it from the **Select a role** dropdown. If no role has been set up for this app, you see "Default Access" role selected.
1. In the **Add Assignment** dialog, click the **Assign** button. ## Configure EasySSO for Jira SSO
However, if you do not wish to enable automatic user provisioning on the user fi
### IdP-initiated workflow
-In this section, you test your Azure AD single sign-on configuration using the Access Panel.
+In this section, you test your Azure AD single sign-on configuration with following options.
-When you click the EasySSO for Jira tile in the Access Panel, you should be automatically signed in to the Jira instance for which you set up SSO. For more information about the Access Panel, see [Introduction to the Access Panel](../user-help/my-apps-portal-end-user-access.md).
+* Click on **Test this application** in Azure portal and you should be automatically signed in to the EasySSO for Jira for which you set up the SSO.
+
+You can also use Microsoft My Apps to test the application in any mode. When you click the EasySSO for Jira tile in the My Apps, if configured in SP mode you would be redirected to the application sign on page for initiating the login flow and if configured in IDP mode, you should be automatically signed in to the EasySSO for Jira for which you set up the SSO. For more information about the My Apps, see [Introduction to the My Apps](../user-help/my-apps-portal-end-user-access.md).
### SP-initiated workflow
In this section, you test your Azure AD single sign-on configuration using Jira
This scenario presumes you have enabled **SAML Login Button** in **Look & Feel** tab in your Jira EasySSO configuration page (see above). Open your Jira login URL in browser incognito mode to avoid any interference with your existing sessions. Click **SAML Login** button and you will get redirected to Azure AD user authentication flow. Once successfully completed you will be redirected back to your Jira instance as authenticated user via SAML.
-There's a possibility you may encounter the following screen after getting redirected back from Azure AD
+There's a possibility you may encounter the following screen after getting redirected back from Azure AD.
![EasySSO failure screen](media/easysso-for-jira-tutorial/jira-admin-8.png)
In this case you have to follow the [instructions on this page]( https://techtim
Should you have any issues digesting the log messages, please contact [EasySSO support team](mailto:support@techtime.co.nz).
-## Additional resources
--- [ List of Tutorials on How to Integrate SaaS Apps with Azure Active Directory ](./tutorial-list.md)--- [What is application access and single sign-on with Azure Active Directory? ](../manage-apps/what-is-single-sign-on.md)--- [What is conditional access in Azure Active Directory?](../conditional-access/overview.md)--- [Try EasySSO for Jira with Azure AD](https://aad.portal.azure.com/)--- [What is session control in Microsoft Cloud App Security?](/cloud-app-security/proxy-intro-aad)
+## Next steps
-- [How to protect EasySSO for Jira with advanced visibility and controls](/cloud-app-security/proxy-intro-aad)
+Once you configure EasySSO for Jira you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-aad).
active-directory Hightail Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/hightail-tutorial.md
Previously updated : 11/06/2020 Last updated : 05/13/2021
To get started, you need the following items:
In this tutorial, you configure and test Azure AD SSO in a test environment.
-* Hightail supports **SP and IDP** initiated SSO
-* Hightail supports **Just In Time** user provisioning
+* Hightail supports **SP and IDP** initiated SSO.
+* Hightail supports **Just In Time** user provisioning.
-## Adding Hightail from the gallery
+> [!NOTE]
+> Identifier of this application is a fixed string value so only one instance can be configured in one tenant.
+
+## Add Hightail from the gallery
To configure the integration of Hightail into Azure AD, you need to add Hightail from the gallery to your list of managed SaaS apps.
To configure the integration of Hightail into Azure AD, you need to add Hightail
1. In the **Add from the gallery** section, type **Hightail** in the search box. 1. Select **Hightail** from results panel and then add the app. Wait a few seconds while the app is added to your tenant.
-## Configure and test Azure AD single sign-on for Hightail
+## Configure and test Azure AD SSO for Hightail
Configure and test Azure AD SSO with Hightail using a test user called **B.Simon**. For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in Hightail. To configure and test Azure AD SSO with Hightail, perform the following steps: 1. **[Configure Azure AD SSO](#configure-azure-ad-sso)** - to enable your users to use this feature.
- * **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon.
- * **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable B.Simon to use Azure AD single sign-on.
+ 1. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon.
+ 1. **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable B.Simon to use Azure AD single sign-on.
1. **[Configure Hightail SSO](#configure-hightail-sso)** - to configure the single sign-on settings on application side.
- * **[Create Hightail test user](#create-hightail-test-user)** - to have a counterpart of B.Simon in Hightail that is linked to the Azure AD representation of user.
+ 1. **[Create Hightail test user](#create-hightail-test-user)** - to have a counterpart of B.Simon in Hightail that is linked to the Azure AD representation of user.
1. **[Test SSO](#test-sso)** - to verify whether the configuration works. ## Configure Azure AD SSO
Follow these steps to enable Azure AD SSO in the Azure portal.
1. In the Azure portal, on the **Hightail** application integration page, find the **Manage** section and select **single sign-on**. 1. On the **Select a single sign-on method** page, select **SAML**.
-1. On the **Set up single sign-on with SAML** page, click the edit/pen icon for **Basic SAML Configuration** to edit the settings.
+1. On the **Set up single sign-on with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.
![Edit Basic SAML Configuration](common/edit-urls.png)
-1. On the **Basic SAML Configuration** section, if you wish to configure the application in **IDP** initiated mode, enter the values for the following fields:
+1. On the **Basic SAML Configuration** section, if you wish to configure the application in **IDP** initiated mode, perform the following steps:
a. In the **Identifier (Entity ID)** text box, type the URL: `https://api.spaces.hightail.com/api/v1/saml/consumer`
In this section, you'll enable B.Simon to use Azure single sign-on by granting a
1. Click on **User icon** from the top right corner of the page.
- ![Screenshot shows the User icon.](./media/hightail-tutorial/configure1.png)
+ ![Screenshot shows the User icon.](./media/hightail-tutorial/user.png)
1. Click **View Admin Console** tab.
- ![Screenshot shows the View Admin Console button for the User.](./media/hightail-tutorial/configure2.png)
+ ![Screenshot shows the View Admin Console button for the User.](./media/hightail-tutorial/admin.png)
1. In the menu on the top, click the **SAML** tab and perform the following steps:
- ![Screenshot shows the SAML tab where you can enter the Login U R L and SAML Certificate.](./media/hightail-tutorial/configure3.png)
+ ![Screenshot shows the SAML tab where you can enter the Login U R L and SAML Certificate.](./media/hightail-tutorial/configuration.png)
a. In the **Login URL** textbox, paste the value of **Login URL** copied from Azure portal.
In this section, you'll enable B.Simon to use Azure single sign-on by granting a
In this section, a user called Britta Simon is created in Hightail. Hightail supports just-in-time user provisioning, which is enabled by default. There is no action item for you in this section. If a user doesn't already exist in Hightail, a new one is created after authentication.
-> [!NOTE]
-> If you need to create a user manually, you need to contact the [Hightail support team](mailto:support@hightail.com).
- ## Test SSO In this section, you test your Azure AD single sign-on configuration with following options.
In this section, you test your Azure AD single sign-on configuration with follow
#### IDP initiated:
-* Click on **Test this application** in Azure portal and you should be automatically signed in to the Hightail for which you set up the SSO
-
-You can also use Microsoft Access Panel to test the application in any mode. When you click the Hightail tile in the Access Panel, if configured in SP mode you would be redirected to the application sign on page for initiating the login flow and if configured in IDP mode, you should be automatically signed in to the Hightail for which you set up the SSO. For more information about the Access Panel, see [Introduction to the Access Panel](../user-help/my-apps-portal-end-user-access.md).
+* Click on **Test this application** in Azure portal and you should be automatically signed in to the Hightail for which you set up the SSO.
+You can also use Microsoft My Apps to test the application in any mode. When you click the Hightail tile in the My Apps, if configured in SP mode you would be redirected to the application sign on page for initiating the login flow and if configured in IDP mode, you should be automatically signed in to the Hightail for which you set up the SSO. For more information about the My Apps, see [Introduction to the My Apps](../user-help/my-apps-portal-end-user-access.md).
## Next steps
-Once you configure Hightail you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-any-app).
+Once you configure Hightail you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-aad).
active-directory Jiramicrosoft Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/jiramicrosoft-tutorial.md
Use your Microsoft Azure Active Directory account with Atlassian JIRA server to
To configure Azure AD integration with JIRA SAML SSO by Microsoft, you need the following items: - An Azure AD subscription. If you don't have a subscription, you can get a [free account](https://azure.microsoft.com/free/).-- JIRA Core and Software 6.4 to 8.14.0 or JIRA Service Desk 3.0 to 4.11.1 should installed and configured on Windows 64-bit version
+- JIRA Core and Software 6.4 to 8.16.1 or JIRA Service Desk 3.0 to 4.16.1 should installed and configured on Windows 64-bit version
- JIRA server is HTTPS enabled - Note the supported versions for JIRA Plugin are mentioned in below section. - JIRA server is reachable on the Internet particularly to the Azure AD login page for authentication and should able to receive the token from Azure AD
To get started, you need the following items:
## Supported versions of JIRA
-* JIRA Core and Software: 6.4 to 8.14.0
-* JIRA Service Desk 3.0.0 to 4.11.1
+* JIRA Core and Software: 6.4 to 8.16.1
+* JIRA Service Desk 3.0 to 4.16.1
* JIRA also supports 5.2. For more details, click [Microsoft Azure Active Directory single sign-on for JIRA 5.2](jira52microsoft-tutorial.md) > [!NOTE]
In this section, you test your Azure AD single sign-on configuration with follow
## Next steps
-Once you configure JIRA SAML SSO by Microsoft you can enforce Session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-aad)
+Once you configure JIRA SAML SSO by Microsoft you can enforce Session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-aad)
active-directory Justlogin Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/justlogin-tutorial.md
+
+ Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with JustLogin | Microsoft Docs'
+description: Learn how to configure single sign-on between Azure Active Directory and JustLogin.
++++++++ Last updated : 05/11/2021++++
+# Tutorial: Azure Active Directory single sign-on (SSO) integration with JustLogin
+
+In this tutorial, you'll learn how to integrate JustLogin with Azure Active Directory (Azure AD). When you integrate JustLogin with Azure AD, you can:
+
+* Control in Azure AD who has access to JustLogin.
+* Enable your users to be automatically signed-in to JustLogin with their Azure AD accounts.
+* Manage your accounts in one central location - the Azure portal.
+
+## Prerequisites
+
+To get started, you need the following items:
+
+* An Azure AD subscription. If you don't have a subscription, you can get a [free account](https://azure.microsoft.com/free/).
+* JustLogin single sign-on (SSO) enabled subscription.
+
+## Scenario description
+
+In this tutorial, you configure and test Azure AD SSO in a test environment.
+
+* JustLogin supports **SP and IDP** initiated SSO.
++
+## Adding JustLogin from the gallery
+
+To configure the integration of JustLogin into Azure AD, you need to add JustLogin from the gallery to your list of managed SaaS apps.
+
+1. Sign in to the Azure portal using either a work or school account, or a personal Microsoft account.
+1. On the left navigation pane, select the **Azure Active Directory** service.
+1. Navigate to **Enterprise Applications** and then select **All Applications**.
+1. To add new application, select **New application**.
+1. In the **Add from the gallery** section, type **JustLogin** in the search box.
+1. Select **JustLogin** from results panel and then add the app. Wait a few seconds while the app is added to your tenant.
++
+## Configure and test Azure AD SSO for JustLogin
+
+Configure and test Azure AD SSO with JustLogin using a test user called **B.Simon**. For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in JustLogin.
+
+To configure and test Azure AD SSO with JustLogin, perform the following steps:
+
+1. **[Configure Azure AD SSO](#configure-azure-ad-sso)** - to enable your users to use this feature.
+ 1. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon.
+ 1. **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable B.Simon to use Azure AD single sign-on.
+1. **[Configure JustLogin SSO](#configure-justlogin-sso)** - to configure the single sign-on settings on application side.
+ 1. **[Create JustLogin test user](#create-justlogin-test-user)** - to have a counterpart of B.Simon in JustLogin that is linked to the Azure AD representation of user.
+1. **[Test SSO](#test-sso)** - to verify whether the configuration works.
+
+## Configure Azure AD SSO
+
+Follow these steps to enable Azure AD SSO in the Azure portal.
+
+1. In the Azure portal, on the **JustLogin** application integration page, find the **Manage** section and select **single sign-on**.
+1. On the **Select a single sign-on method** page, select **SAML**.
+1. On the **Set up single sign-on with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.
+
+ ![Edit Basic SAML Configuration](common/edit-urls.png)
+
+1. On the **Basic SAML Configuration** section, if you wish to configure the application in **IDP** initiated mode, enter the values for the following fields:
+
+ a. In the **Identifier** text box, type a URL using the following pattern:
+ `JustLoginSAML/<CompanyID>`
+
+ b. In the **Reply URL** text box, type a URL using the following pattern:
+ `https://apis.justlogin.com/v1/auth/saml/AssertionConsumerService/<CompanyID>`
+
+1. Click **Set additional URLs** and perform the following step if you wish to configure the application in **SP** initiated mode:
+
+ In the **Sign-on URL** text box, type a URL using the following pattern:
+ `https://apis.justlogin.com/v1/auth/saml/Login/<CompanyID>`
+
+ > [!NOTE]
+ > These values are not real. Update these values with the actual Identifier, Reply URL and Sign-on URL. Contact [JustLogin Client support team](mailto:support@justlogin.com) to get these values. You can also refer to the patterns shown in the **Basic SAML Configuration** section in the Azure portal.
+
+1. On the **Set up single sign-on with SAML** page, in the **SAML Signing Certificate** section, find **Certificate (Base64)** and select **Download** to download the certificate and save it on your computer.
+
+ ![The Certificate download link](common/certificatebase64.png)
+
+1. On the **Set up JustLogin** section, copy the appropriate URL(s) based on your requirement.
+
+ ![Copy configuration URLs](common/copy-configuration-urls.png)
+
+### Create an Azure AD test user
+
+In this section, you'll create a test user in the Azure portal called B.Simon.
+
+1. From the left pane in the Azure portal, select **Azure Active Directory**, select **Users**, and then select **All users**.
+1. Select **New user** at the top of the screen.
+1. In the **User** properties, follow these steps:
+ 1. In the **Name** field, enter `B.Simon`.
+ 1. In the **User name** field, enter the username@companydomain.extension. For example, `B.Simon@contoso.com`.
+ 1. Select the **Show password** check box, and then write down the value that's displayed in the **Password** box.
+ 1. Click **Create**.
+
+### Assign the Azure AD test user
+
+In this section, you'll enable B.Simon to use Azure single sign-on by granting access to JustLogin.
+
+1. In the Azure portal, select **Enterprise Applications**, and then select **All applications**.
+1. In the applications list, select **JustLogin**.
+1. In the app's overview page, find the **Manage** section and select **Users and groups**.
+1. Select **Add user**, then select **Users and groups** in the **Add Assignment** dialog.
+1. In the **Users and groups** dialog, select **B.Simon** from the Users list, then click the **Select** button at the bottom of the screen.
+1. If you are expecting a role to be assigned to the users, you can select it from the **Select a role** dropdown. If no role has been set up for this app, you see "Default Access" role selected.
+1. In the **Add Assignment** dialog, click the **Assign** button.
+
+## Configure JustLogin SSO
+
+To configure single sign-on on **JustLogin** side, you need to send the downloaded **Certificate (Base64)** and appropriate copied URLs from Azure portal to [JustLogin support team](mailto:support@justlogin.com). They set this setting to have the SAML SSO connection set properly on both sides.
+
+### Create JustLogin test user
+
+In this section, you create a user called Britta Simon in JustLogin. Work with [JustLogin support team](mailto:support@justlogin.com) to add the users in the JustLogin platform. Users must be created and activated before you use single sign-on.
+
+## Test SSO
+
+In this section, you test your Azure AD single sign-on configuration with following options.
+
+#### SP initiated:
+
+* Click on **Test this application** in Azure portal. This will redirect to JustLogin Sign on URL where you can initiate the login flow.
+
+* Go to JustLogin Sign-on URL directly and initiate the login flow from there.
+
+#### IDP initiated:
+
+* Click on **Test this application** in Azure portal and you should be automatically signed in to the JustLogin for which you set up the SSO
+
+You can also use Microsoft My Apps to test the application in any mode. When you click the JustLogin tile in the My Apps, if configured in SP mode you would be redirected to the application sign on page for initiating the login flow and if configured in IDP mode, you should be automatically signed in to the JustLogin for which you set up the SSO. For more information about the My Apps, see [Introduction to the My Apps](../user-help/my-apps-portal-end-user-access.md).
++
+## Next steps
+
+Once you configure JustLogin you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-any-app).
++
active-directory Learnupon Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/learnupon-tutorial.md
Previously updated : 04/14/2019 Last updated : 05/03/2021 # Tutorial: Azure Active Directory integration with LearnUpon
-In this tutorial, you learn how to integrate LearnUpon with Azure Active Directory (Azure AD).
-Integrating LearnUpon with Azure AD provides you with the following benefits:
+In this tutorial, you'll learn how to integrate LearnUpon with Azure Active Directory (Azure AD). When you integrate LearnUpon with Azure AD, you can:
-* You can control in Azure AD who has access to LearnUpon.
-* You can enable your users to be automatically signed-in to LearnUpon (Single Sign-On) with their Azure AD accounts.
-* You can manage your accounts in one central location - the Azure portal.
-
-If you want to know more details about SaaS app integration with Azure AD, see [What is application access and single sign-on with Azure Active Directory](../manage-apps/what-is-single-sign-on.md).
-If you don't have an Azure subscription, [create a free account](https://azure.microsoft.com/free/) before you begin.
+* Control in Azure AD who has access to LearnUpon.
+* Enable your users to be automatically signed-in to LearnUpon with their Azure AD accounts.
+* Manage your accounts in one central location - the Azure portal.
## Prerequisites To configure Azure AD integration with LearnUpon, you need the following items:
-* An Azure AD subscription. If you don't have an Azure AD environment, you can get a [free account](https://azure.microsoft.com/free/)
-* LearnUpon single sign-on enabled subscription
+* An Azure AD subscription. If you don't have an Azure AD environment, you can get a [free account](https://azure.microsoft.com/free/).
+* LearnUpon single sign-on enabled subscription.
## Scenario description In this tutorial, you configure and test Azure AD single sign-on in a test environment.
+* LearnUpon supports **IDP** initiated SSO.
-* LearnUpon supports **IDP** initiated SSO
-
-* LearnUpon supports **Just In Time** user provisioning
+* LearnUpon supports **Just In Time** user provisioning.
+> [!NOTE]
+> Identifier of this application is a fixed string value so only one instance can be configured in one tenant.
-## Adding LearnUpon from the gallery
+## Add LearnUpon from the gallery
To configure the integration of LearnUpon into Azure AD, you need to add LearnUpon from the gallery to your list of managed SaaS apps.
-**To add LearnUpon from the gallery, perform the following steps:**
-
-1. In the **[Azure portal](https://portal.azure.com)**, on the left navigation panel, click **Azure Active Directory** icon.
-
- ![The Azure Active Directory button](common/select-azuread.png)
-
-2. Navigate to **Enterprise Applications** and then select the **All Applications** option.
-
- ![The Enterprise applications blade](common/enterprise-applications.png)
-
-3. To add new application, click **New application** button on the top of dialog.
-
- ![The New application button](common/add-new-app.png)
-
-4. In the search box, type **LearnUpon**, select **LearnUpon** from result panel then click **Add** button to add the application.
-
- ![LearnUpon in the results list](common/search-new-app.png)
-
-## Configure and test Azure AD single sign-on
-
-In this section, you configure and test Azure AD single sign-on with LearnUpon based on a test user called **Britta Simon**.
-For single sign-on to work, a link relationship between an Azure AD user and the related user in LearnUpon needs to be established.
-
-To configure and test Azure AD single sign-on with LearnUpon, you need to complete the following building blocks:
+1. Sign in to the Azure portal using either a work or school account, or a personal Microsoft account.
+1. On the left navigation pane, select the **Azure Active Directory** service.
+1. Navigate to **Enterprise Applications** and then select **All Applications**.
+1. To add new application, select **New application**.
+1. In the **Add from the gallery** section, type **LearnUpon** in the search box.
+1. Select **LearnUpon** from results panel and then add the app. Wait a few seconds while the app is added to your tenant.
-1. **[Configure Azure AD Single Sign-On](#configure-azure-ad-single-sign-on)** - to enable your users to use this feature.
-2. **[Configure LearnUpon Single Sign-On](#configure-learnupon-single-sign-on)** - to configure the Single Sign-On settings on application side.
-3. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with Britta Simon.
-4. **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable Britta Simon to use Azure AD single sign-on.
-5. **[Create LearnUpon test user](#create-learnupon-test-user)** - to have a counterpart of Britta Simon in LearnUpon that is linked to the Azure AD representation of user.
-6. **[Test single sign-on](#test-single-sign-on)** - to verify whether the configuration works.
+## Configure and test Azure AD SSO for LearnUpon
-### Configure Azure AD single sign-on
+Configure and test Azure AD SSO with LearnUpon using a test user called **B.Simon**. For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in LearnUpon.
-In this section, you enable Azure AD single sign-on in the Azure portal.
+To configure and test Azure AD SSO with LearnUpon, perform the following steps:
-To configure Azure AD single sign-on with LearnUpon, perform the following steps:
+1. **[Configure Azure AD SSO](#configure-azure-ad-sso)** - to enable your users to use this feature.
+ 1. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon.
+ 1. **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable B.Simon to use Azure AD single sign-on.
+1. **[Configure LearnUpon SSO](#configure-learnupon-sso)** - to configure the single sign-on settings on application side.
+ 1. **[Create LearnUpon test user](#create-learnupon-test-user)** - to have a counterpart of B.Simon in LearnUpon that is linked to the Azure AD representation of user.
+1. **[Test SSO](#test-sso)** - to verify whether the configuration works.
-1. In the [Azure portal](https://portal.azure.com/), on the **LearnUpon** application integration page, select **Single sign-on**.
+## Configure Azure AD SSO
- ![Configure single sign-on link](common/select-sso.png)
+Follow these steps to enable Azure AD SSO in the Azure portal.
-2. On the **Select a Single sign-on method** dialog, select **SAML/WS-Fed** mode to enable single sign-on.
+1. In the Azure portal, on the **LearnUpon** application integration page, find the **Manage** section and select **single sign-on**.
+1. On the **Select a single sign-on method** page, select **SAML**.
+1. On the **Set up single sign-on with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.
- ![Single sign-on select mode](common/select-saml-option.png)
-
-3. On the **Set up Single Sign-On with SAML** page, click **Edit** icon to open **Basic SAML Configuration** dialog.
-
- ![Edit Basic SAML Configuration](common/edit-urls.png)
+ ![Edit Basic SAML Configuration](common/edit-urls.png)
4. On the **Basic SAML Configuration** section, perform the following steps:
- ![LearnUpon Domain and URLs single sign-on information](common/idp-reply.png)
- In the **Reply URL** text box, type a URL using the following pattern: `https://<companyname>.learnupon.com/saml/consumer`
To configure Azure AD single sign-on with LearnUpon, perform the following steps
![Copy configuration URLs](common/copy-configuration-urls.png)
- a. Login URL
+### Create an Azure AD test user
+
+In this section, you'll create a test user in the Azure portal called B.Simon.
+
+1. From the left pane in the Azure portal, select **Azure Active Directory**, select **Users**, and then select **All users**.
+1. Select **New user** at the top of the screen.
+1. In the **User** properties, follow these steps:
+ 1. In the **Name** field, enter `B.Simon`.
+ 1. In the **User name** field, enter the username@companydomain.extension. For example, `B.Simon@contoso.com`.
+ 1. Select the **Show password** check box, and then write down the value that's displayed in the **Password** box.
+ 1. Click **Create**.
- b. Azure AD Identifier
+### Assign the Azure AD test user
+
+In this section, you'll enable B.Simon to use Azure single sign-on by granting access to LearnUpon.
- c. Logout URL
+1. In the Azure portal, select **Enterprise Applications**, and then select **All applications**.
+1. In the applications list, select **LearnUpon**.
+1. In the app's overview page, find the **Manage** section and select **Users and groups**.
+1. Select **Add user**, then select **Users and groups** in the **Add Assignment** dialog.
+1. In the **Users and groups** dialog, select **B.Simon** from the Users list, then click the **Select** button at the bottom of the screen.
+1. If you are expecting a role to be assigned to the users, you can select it from the **Select a role** dropdown. If no role has been set up for this app, you see "Default Access" role selected.
+1. In the **Add Assignment** dialog, click the **Assign** button.
-### Configure LearnUpon Single Sign-On
+## Configure LearnUpon SSO
1. Open another browser instance and sign in into LearnUpon with an administrator account. 1. Click the **settings** tab.
- ![Screenshot shows the settings tab.](./media/learnupon-tutorial/tutorial_learnupon_06.png)
+ ![Screenshot shows the settings tab.](./media/learnupon-tutorial/settings.png)
1. Click **Single Sign On - SAML**, and then click **General Settings** to configure SAML settings.
- ![Screenshot shows Single Sign On - SAML selected with General Settings selected.](./media/learnupon-tutorial/tutorial_learnupon_07.png)
+ ![Screenshot shows Single Sign On - SAML selected with General Settings selected.](./media/learnupon-tutorial/general-settings.png)
1. In the **General Settings** section, perform the following steps:
- ![Screenshot shows the General Settings section where you can enter the values described.](./media/learnupon-tutorial/tutorial_learnupon_08.png)
+ ![Screenshot shows the General Settings section where you can enter the values described.](./media/learnupon-tutorial/values.png)
a. Select **Enabled**.
To configure Azure AD single sign-on with LearnUpon, perform the following steps
1. Click **User Settings**, and then perform the following steps:
- ![Screenshot shows the User Settings section where you can enter the values described.](./media/learnupon-tutorial/tutorial_learnupon_11.png)
+ ![Screenshot shows the User Settings section where you can enter the values described.](./media/learnupon-tutorial/user-settings.png)
a. In the **First Name Identifier Format** textbox, type the value that tells us where in your SAML Assertion the users firstname resides - for example: `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname`. b. In the **Last Name Identifier Format** textbox, type the value that tells us where in your SAML Assertion the users lastname resides - for example: `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname`.
-### Create an Azure AD test user
-
-The objective of this section is to create a test user in the Azure portal called Britta Simon.
-
-1. In the Azure portal, in the left pane, select **Azure Active Directory**, select **Users**, and then select **All users**.
-
- ![The "Users and groups" and "All users" links](common/users.png)
-
-2. Select **New user** at the top of the screen.
-
- ![New user Button](common/new-user.png)
-
-3. In the User properties, perform the following steps.
-
- ![The User dialog box](common/user-properties.png)
-
- a. In the **Name** field enter **BrittaSimon**.
-
- b. In the **User name** field type `brittasimon@yourcompanydomain.extension`. For example, BrittaSimon@contoso.com
-
- c. Select **Show password** check box, and then write down the value that's displayed in the Password box.
-
- d. Click **Create**.
-
-### Assign the Azure AD test user
-
-In this section, you enable Britta Simon to use Azure single sign-on by granting access to LearnUpon.
-
-1. In the Azure portal, select **Enterprise Applications**, select **All applications**, then select **LearnUpon**.
-
- ![Enterprise applications blade](common/enterprise-applications.png)
-
-2. In the applications list, select **LearnUpon**.
-
- ![The LearnUpon link in the Applications list](common/all-applications.png)
-
-3. In the menu on the left, select **Users and groups**.
-
- ![The "Users and groups" link](common/users-groups-blade.png)
-
-4. Click the **Add user** button, then select **Users and groups** in the **Add Assignment** dialog.
-
- ![The Add Assignment pane](common/add-assign-user.png)
-
-5. In the **Users and groups** dialog select **Britta Simon** in the Users list, then click the **Select** button at the bottom of the screen.
-
-6. If you are expecting any role value in the SAML assertion then in the **Select Role** dialog select the appropriate role for the user from the list, then click the **Select** button at the bottom of the screen.
-
-7. In the **Add Assignment** dialog click the **Assign** button.
- ### Create LearnUpon test user In this section, a user called Britta Simon is created in LearnUpon. LearnUpon supports just-in-time user provisioning, which is enabled by default. There is no action item for you in this section. If a user doesn't already exist in LearnUpon, a new one is created after authentication. If you need to create an user manually, you need to contact [LearnUpon support team](https://www.learnupon.com/features/support/).
-### Test single sign-on
-
-In this section, you test your Azure AD single sign-on configuration using the Access Panel.
+## Test SSO
-When you click the LearnUpon tile in the Access Panel, you should be automatically signed in to the LearnUpon for which you set up SSO. For more information about the Access Panel, see [Introduction to the Access Panel](../user-help/my-apps-portal-end-user-access.md).
+In this section, you test your Azure AD single sign-on configuration with following options.
-## Additional Resources
+* Click on Test this application in Azure portal and you should be automatically signed in to the LearnUpon for which you set up the SSO.
-- [List of Tutorials on How to Integrate SaaS Apps with Azure Active Directory](./tutorial-list.md)
+* You can use Microsoft My Apps. When you click the LearnUpon tile in the My Apps, you should be automatically signed in to the LearnUpon for which you set up the SSO. For more information about the My Apps, see [Introduction to the My Apps](../user-help/my-apps-portal-end-user-access.md).
-- [What is application access and single sign-on with Azure Active Directory?](../manage-apps/what-is-single-sign-on.md)
+## Next steps
-- [What is Conditional Access in Azure Active Directory?](../conditional-access/overview.md)
+Once you configure LearnUpon you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-aad).
active-directory Lifesize Cloud Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/lifesize-cloud-tutorial.md
To configure Azure AD single sign-on with Lifesize Cloud, perform the following
`https://webapp.lifesizecloud.com/?ent=<identifier>` > [!NOTE]
- > These values are not real. Update these values with the actual Sign-on URL, Identifier and Relay State. Contact [Lifesize Cloud Client support team](https://www.lifesize.com/en/support) to get Sign-On URL, and Identifier values and you can get Relay State value from SSO Configuration that is explained later in the tutorial. You can also refer to the patterns shown in the **Basic SAML Configuration** section in the Azure portal.
+ > These values are not real. Update these values with the actual Sign-on URL, Identifier and Relay State. Contact [Lifesize Cloud Client support team](https://legacy.lifesize.com/en/support) to get Sign-On URL, and Identifier values and you can get Relay State value from SSO Configuration that is explained later in the tutorial. You can also refer to the patterns shown in the **Basic SAML Configuration** section in the Azure portal.
5. On the **Set up Single Sign-On with SAML** page, in the **SAML Signing Certificate** section, click **Download** to download the **Certificate (Base64)** from the given options as per your requirement and save it on your computer.
For more information about the Access Panel, see [Introduction to the Access Pan
- [What is application access and single sign-on with Azure Active Directory?](../manage-apps/what-is-single-sign-on.md) -- [What is Conditional Access in Azure Active Directory?](../conditional-access/overview.md)
+- [What is Conditional Access in Azure Active Directory?](../conditional-access/overview.md)
active-directory Orgchartnow Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/orgchartnow-tutorial.md
Previously updated : 03/14/2019 Last updated : 05/11/2021 # Tutorial: Azure Active Directory integration with OrgChart Now
-In this tutorial, you learn how to integrate OrgChart Now with Azure Active Directory (Azure AD).
-Integrating OrgChart Now with Azure AD provides you with the following benefits:
+In this tutorial, you'll learn how to integrate OrgChart Now with Azure Active Directory (Azure AD). When you integrate OrgChart Now with Azure AD, you can:
-* You can control in Azure AD who has access to OrgChart Now.
-* You can enable your users to be automatically signed-in to OrgChart Now (Single Sign-On) with their Azure AD accounts.
-* You can manage your accounts in one central location - the Azure portal.
-
-If you want to know more details about SaaS app integration with Azure AD, see [What is application access and single sign-on with Azure Active Directory](../manage-apps/what-is-single-sign-on.md).
-If you don't have an Azure subscription, [create a free account](https://azure.microsoft.com/free/) before you begin.
+* Control in Azure AD who has access to OrgChart Now.
+* Enable your users to be automatically signed-in to OrgChart Now with their Azure AD accounts.
+* Manage your accounts in one central location - the Azure portal.
## Prerequisites
-To configure Azure AD integration with OrgChart Now, you need the following items:
+To get started, you need the following items:
-* An Azure AD subscription. If you don't have an Azure AD environment, you can get one-month trial [here](https://azure.microsoft.com/pricing/free-trial/)
-* OrgChart Now single sign-on enabled subscription
+* An Azure AD subscription. If you don't have a subscription, you can get a [free account](https://azure.microsoft.com/free/).
+* OrgChart Now single sign-on (SSO) enabled subscription.
## Scenario description In this tutorial, you configure and test Azure AD single sign-on in a test environment.
-* OrgChart Now supports **SP** and **IDP** initiated SSO
-
-## Adding OrgChart Now from the gallery
-
-To configure the integration of OrgChart Now into Azure AD, you need to add OrgChart Now from the gallery to your list of managed SaaS apps.
-
-**To add OrgChart Now from the gallery, perform the following steps:**
-
-1. In the **[Azure portal](https://portal.azure.com)**, on the left navigation panel, click **Azure Active Directory** icon.
-
- ![The Azure Active Directory button](common/select-azuread.png)
-
-2. Navigate to **Enterprise Applications** and then select the **All Applications** option.
-
- ![The Enterprise applications blade](common/enterprise-applications.png)
-
-3. To add new application, click **New application** button on the top of dialog.
-
- ![The New application button](common/add-new-app.png)
+* OrgChart Now supports **SP** and **IDP** initiated SSO.
-4. In the search box, type **OrgChart Now**, select **OrgChart Now** from result panel then click **Add** button to add the application.
+> [!NOTE]
+> Identifier of this application is a fixed string value so only one instance can be configured in one tenant.
- ![OrgChart Now in the results list](common/search-new-app.png)
+## Add OrgChart Now from the gallery
-## Configure and test Azure AD single sign-on
-
-In this section, you configure and test Azure AD single sign-on with OrgChart Now based on a test user called **Britta Simon**.
-For single sign-on to work, a link relationship between an Azure AD user and the related user in OrgChart Now needs to be established.
-
-To configure and test Azure AD single sign-on with OrgChart Now, you need to complete the following building blocks:
-
-1. **[Configure Azure AD Single Sign-On](#configure-azure-ad-single-sign-on)** - to enable your users to use this feature.
-2. **[Configure OrgChart Now Single Sign-On](#configure-orgchart-now-single-sign-on)** - to configure the Single Sign-On settings on application side.
-3. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with Britta Simon.
-4. **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable Britta Simon to use Azure AD single sign-on.
-5. **[Create OrgChart Now test user](#create-orgchart-now-test-user)** - to have a counterpart of Britta Simon in OrgChart Now that is linked to the Azure AD representation of user.
-6. **[Test single sign-on](#test-single-sign-on)** - to verify whether the configuration works.
+To configure the integration of OrgChart Now into Azure AD, you need to add OrgChart Now from the gallery to your list of managed SaaS apps.
-### Configure Azure AD single sign-on
+1. Sign in to the Azure portal using either a work or school account, or a personal Microsoft account.
+1. On the left navigation pane, select the **Azure Active Directory** service.
+1. Navigate to **Enterprise Applications** and then select **All Applications**.
+1. To add new application, select **New application**.
+1. In the **Add from the gallery** section, type **OrgChart Now** in the search box.
+1. Select **OrgChart Now** from results panel and then add the app. Wait a few seconds while the app is added to your tenant.
-In this section, you enable Azure AD single sign-on in the Azure portal.
+## Configure and test Azure AD SSO for OrgChart Now
-To configure Azure AD single sign-on with OrgChart Now, perform the following steps:
+Configure and test Azure AD SSO with OrgChart Now using a test user called **B.Simon**. For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in OrgChart Now.
-1. In the [Azure portal](https://portal.azure.com/), on the **OrgChart Now** application integration page, select **Single sign-on**.
+To configure and test Azure AD SSO with OrgChart Now, perform the following steps:
- ![Configure single sign-on link](common/select-sso.png)
+1. **[Configure Azure AD SSO](#configure-azure-ad-sso)** - to enable your users to use this feature.
+ 1. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon.
+ 1. **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable B.Simon to use Azure AD single sign-on.
+1. **[Configure OrgChart Now SSO](#configure-orgchart-now-sso)** - to configure the single sign-on settings on application side.
+ 1. **[Create OrgChart Now test user](#create-orgchart-now-test-user)** - to have a counterpart of B.Simon in OrgChart Now that is linked to the Azure AD representation of user.
+1. **[Test SSO](#test-sso)** - to verify whether the configuration works.
-2. On the **Select a Single sign-on method** dialog, select **SAML/WS-Fed** mode to enable single sign-on.
+## Configure Azure AD SSO
- ![Single sign-on select mode](common/select-saml-option.png)
+Follow these steps to enable Azure AD SSO in the Azure portal.
-3. On the **Set up Single Sign-On with SAML** page, click **Edit** icon to open **Basic SAML Configuration** dialog.
+1. In the Azure portal, on the **OrgChart Now** application integration page, find the **Manage** section and select **single sign-on**.
+1. On the **Select a single sign-on method** page, select **SAML**.
+1. On the **Set up single sign-on with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.
- ![Edit Basic SAML Configuration](common/edit-urls.png)
+ ![Edit Basic SAML Configuration](common/edit-urls.png)
4. On the **Basic SAML Configuration** section, If you wish to configure the application in **IDP** initiated mode, perform the following step:
- ![OrgChart Now Domain and URLs single sign-on information](common/idp-identifier.png)
-
- In the **Identifier** text box, type a URL:
+ In the **Identifier** text box, type the URL:
`https://sso2.orgchartnow.com` 5. Click **Set additional URLs** and perform the following step if you wish to configure the application in **SP** initiated mode:
- ![image](common/both-preintegrated-signon.png)
- In the **Sign-on URL** text box, type a URL using the following pattern: `https://sso2.orgchartnow.com/Shibboleth.sso/Login?entityID=<YourEntityID>&target=https://sso2.orgchartnow.com`
To configure Azure AD single sign-on with OrgChart Now, perform the following st
![Copy configuration URLs](common/copy-configuration-urls.png)
- a. Login URL
-
- b. Azure AD Identifier
-
- c. Logout URL
-
-### Configure OrgChart Now Single Sign-On
-
-To configure single sign-on on **OrgChart Now** side, you need to send the downloaded **Federation Metadata XML** and appropriate copied URLs from Azure portal to [OrgChart Now support team](mailto:ocnsupport@officeworksoftware.com). They set this setting to have the SAML SSO connection set properly on both sides.
- ### Create an Azure AD test user
-The objective of this section is to create a test user in the Azure portal called Britta Simon.
-
-1. In the Azure portal, in the left pane, select **Azure Active Directory**, select **Users**, and then select **All users**.
-
- ![The "Users and groups" and "All users" links](common/users.png)
-
-2. Select **New user** at the top of the screen.
-
- ![New user Button](common/new-user.png)
-
-3. In the User properties, perform the following steps.
+In this section, you'll create a test user in the Azure portal called B.Simon.
- ![The User dialog box](common/user-properties.png)
-
- a. In the **Name** field enter **BrittaSimon**.
-
- b. In the **User name** field type **brittasimon@yourcompanydomain.extension**
- For example, BrittaSimon@contoso.com
-
- c. Select **Show password** check box, and then write down the value that's displayed in the Password box.
-
- d. Click **Create**.
+1. From the left pane in the Azure portal, select **Azure Active Directory**, select **Users**, and then select **All users**.
+1. Select **New user** at the top of the screen.
+1. In the **User** properties, follow these steps:
+ 1. In the **Name** field, enter `B.Simon`.
+ 1. In the **User name** field, enter the username@companydomain.extension. For example, `B.Simon@contoso.com`.
+ 1. Select the **Show password** check box, and then write down the value that's displayed in the **Password** box.
+ 1. Click **Create**.
### Assign the Azure AD test user
-In this section, you enable Britta Simon to use Azure single sign-on by granting access to OrgChart Now.
-
-1. In the Azure portal, select **Enterprise Applications**, select **All applications**, then select **OrgChart Now**.
-
- ![Enterprise applications blade](common/enterprise-applications.png)
+In this section, you'll enable B.Simon to use Azure single sign-on by granting access to OrgChart Now.
-2. In the applications list, select **OrgChart Now**.
+1. In the Azure portal, select **Enterprise Applications**, and then select **All applications**.
+1. In the applications list, select **OrgChart Now**.
+1. In the app's overview page, find the **Manage** section and select **Users and groups**.
+1. Select **Add user**, then select **Users and groups** in the **Add Assignment** dialog.
+1. In the **Users and groups** dialog, select **B.Simon** from the Users list, then click the **Select** button at the bottom of the screen.
+1. If you are expecting a role to be assigned to the users, you can select it from the **Select a role** dropdown. If no role has been set up for this app, you see "Default Access" role selected.
+1. In the **Add Assignment** dialog, click the **Assign** button.
- ![The OrgChart Now link in the Applications list](common/all-applications.png)
+## Configure OrgChart Now SSO
-3. In the menu on the left, select **Users and groups**.
-
- ![The "Users and groups" link](common/users-groups-blade.png)
-
-4. Click the **Add user** button, then select **Users and groups** in the **Add Assignment** dialog.
-
- ![The Add Assignment pane](common/add-assign-user.png)
-
-5. In the **Users and groups** dialog select **Britta Simon** in the Users list, then click the **Select** button at the bottom of the screen.
-
-6. If you are expecting any role value in the SAML assertion then in the **Select Role** dialog select the appropriate role for the user from the list, then click the **Select** button at the bottom of the screen.
-
-7. In the **Add Assignment** dialog click the **Assign** button.
+To configure single sign-on on **OrgChart Now** side, you need to send the downloaded **Federation Metadata XML** and appropriate copied URLs from Azure portal to [OrgChart Now support team](mailto:ocnsupport@officeworksoftware.com). They set this setting to have the SAML SSO connection set properly on both sides.
### Create OrgChart Now test user
To enable Azure AD users to log in to OrgChart Now, they must be provisioned int
a. Go to the **Manage Groups** option after clicking the **gear** in the top right corner of the UI.
- ![OrgChart Now groups](./media/orgchartnow-tutorial/tutorial_orgchartnow_manage.png)
+ ![OrgChart Now groups](./media/orgchartnow-tutorial/groups.png)
b. Select the **Add** icon and name the group **General** then click **OK**.
- ![OrgChart Now add](./media/orgchartnow-tutorial/tutorial_orgchartnow_add.png)
+ ![OrgChart Now add](./media/orgchartnow-tutorial/general.png)
c. Select the folder(s) you wish the general or read-only users to be able to access:-
- ![OrgChart Now folders](./media/orgchartnow-tutorial/tutorial_orgchartnow_chart.png)
+
+ ![OrgChart Now folders](./media/orgchartnow-tutorial/folders.png)
d. **Lock** the folders so that only Admin users can modify them. Then press **OK**.
- ![OrgChart Now lock](./media/orgchartnow-tutorial/tutorial_orgchartnow_lock.png)
+ ![OrgChart Now lock](./media/orgchartnow-tutorial/lock.png)
2. To create **Admin** users and **read/write** users, you must manually create a user in order to get access to their privilege level via SSO. To provision a user account, perform the following steps: a. Log in to OrgChart Now as a Security Administrator.
- b. Click on **Settings** on the top right corner and then navigate to **Manage Users**.
+ b. Click on **Settings** on the top right corner and then navigate to **Manage Users**.
- ![OrgChart Now settings](./media/orgchartnow-tutorial/tutorial_orgchartnow_settings.png)
+ ![OrgChart Now settings](./media/orgchartnow-tutorial/settings.png)
c. Click on **Add** and perform the following steps:
- ![OrgChart Now manage](./media/orgchartnow-tutorial/tutorial_orgchartnow_manageusers.png)
+ ![OrgChart Now manage](./media/orgchartnow-tutorial/manage-users.png)
+
+ 1. In the **User ID** textbox, enter the User ID like **brittasimon\@contoso.com**.
+
+ 1. In **Email Address** text box, enter the email of user like **brittasimon\@contoso.com**.
+
+ 1. Click **Add**.
- * In the **User ID** textbox, enter the User ID like **brittasimon\@contoso.com**.
+## Test SSO
- * In **Email Address** text box, enter the email of user like **brittasimon\@contoso.com**.
+In this section, you test your Azure AD single sign-on configuration with following options.
- * Click **Add**.
+#### SP initiated:
-### Test single sign-on
+* Click on **Test this application** in Azure portal. This will redirect to OrgChart Now Sign on URL where you can initiate the login flow.
-In this section, you test your Azure AD single sign-on configuration using the Access Panel.
+* Go to OrgChart Now Sign-on URL directly and initiate the login flow from there.
-When you click the OrgChart Now tile in the Access Panel, you should be automatically signed in to the OrgChart Now for which you set up SSO. For more information about the Access Panel, see [Introduction to the Access Panel](../user-help/my-apps-portal-end-user-access.md).
+#### IDP initiated:
-## Additional Resources
+* Click on **Test this application** in Azure portal and you should be automatically signed in to the OrgChart Now for which you set up the SSO.
-- [List of Tutorials on How to Integrate SaaS Apps with Azure Active Directory](./tutorial-list.md)
+You can also use Microsoft My Apps to test the application in any mode. When you click the OrgChart Now tile in the My Apps, if configured in SP mode you would be redirected to the application sign on page for initiating the login flow and if configured in IDP mode, you should be automatically signed in to the OrgChart Now for which you set up the SSO. For more information about the My Apps, see [Introduction to the My Apps](../user-help/my-apps-portal-end-user-access.md).
-- [What is application access and single sign-on with Azure Active Directory?](../manage-apps/what-is-single-sign-on.md)
+## Next steps
-- [What is Conditional Access in Azure Active Directory?](../conditional-access/overview.md)
+Once you configure OrgChart Now you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-aad).
active-directory Replicon Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/replicon-tutorial.md
Previously updated : 06/10/2019 Last updated : 05/13/2021
In this tutorial, you'll learn how to integrate Replicon with Azure Active Direc
* Enable your users to be automatically signed-in to Replicon with their Azure AD accounts. * Manage your accounts in one central location - the Azure portal.
-To learn more about SaaS app integration with Azure AD, see [What is application access and single sign-on with Azure Active Directory](../manage-apps/what-is-single-sign-on.md).
- ## Prerequisites To get started, you need the following items:
-* An Azure AD subscription. If you don't have a subscription, you can get one-month free trial [here](https://azure.microsoft.com/pricing/free-trial/).
+* An Azure AD subscription. If you don't have a subscription, you can get a [free account](https://azure.microsoft.com/free/).
* Replicon single sign-on (SSO) enabled subscription. > [!NOTE]
To get started, you need the following items:
## Scenario description
-In this tutorial, you configure and test Azure AD SSO in a test environment. Replicon supports **SP** initiated SSO.
+In this tutorial, you configure and test Azure AD SSO in a test environment.
+
+* Replicon supports **SP** initiated SSO.
-## Adding Replicon from the gallery
+## Add Replicon from the gallery
To configure the integration of Replicon into Azure AD, you need to add Replicon from the gallery to your list of managed SaaS apps.
-1. Sign in to the [Azure portal](https://portal.azure.com) using either a work or school account, or a personal Microsoft account.
+1. Sign in to the Azure portal using either a work or school account, or a personal Microsoft account.
1. On the left navigation pane, select the **Azure Active Directory** service. 1. Navigate to **Enterprise Applications** and then select **All Applications**. 1. To add new application, select **New application**. 1. In the **Add from the gallery** section, type **Replicon** in the search box. 1. Select **Replicon** from results panel and then add the app. Wait a few seconds while the app is added to your tenant.
-## Configure and test Azure AD single sign-on
+## Configure and test Azure AD SSO for Replicon
Configure and test Azure AD SSO with Replicon using a test user called **B.Simon**. For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in Replicon.
-To configure and test Azure AD SSO with Replicon, complete the following building blocks:
+To configure and test Azure AD SSO with Replicon, perform the following steps:
1. **[Configure Azure AD SSO](#configure-azure-ad-sso)** - to enable your users to use this feature.
-2. **[Configure Replicon SSO](#configure-replicon-sso)** - to configure the Single Sign-On settings on application side.
-3. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon.
-4. **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable B.Simon to use Azure AD single sign-on.
-5. **[Create Replicon test user](#create-replicon-test-user)** - to have a counterpart of B.Simon in Replicon that is linked to the Azure AD representation of user.
-6. **[Test SSO](#test-sso)** - to verify whether the configuration works.
+ 1. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon.
+ 1. **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable B.Simon to use Azure AD single sign-on.
+1. **[Configure Replicon SSO](#configure-replicon-sso)** - to configure the single sign-on settings on application side.
+ 1. **[Create Replicon test user](#create-replicon-test-user)** - to have a counterpart of B.Simon in Replicon that is linked to the Azure AD representation of user.
+1. **[Test SSO](#test-sso)** - to verify whether the configuration works.
-### Configure Azure AD SSO
+## Configure Azure AD SSO
Follow these steps to enable Azure AD SSO in the Azure portal.
-1. In the [Azure portal](https://portal.azure.com/), on the **Replicon** application integration page, find the **Manage** section and select **Single sign-on**.
+1. In the Azure portal, on the **Replicon** application integration page, find the **Manage** section and select **Single sign-on**.
1. On the **Select a Single sign-on method** page, select **SAML**.
-1. On the **Set up Single Sign-On with SAML** page, click the edit/pen icon for **Basic SAML Configuration** to edit the settings.
+1. On the **Set up Single Sign-On with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.
![Edit Basic SAML Configuration](common/edit-urls.png)
-1. On the **Basic SAML Configuration** page, enter the values for the following fields:
+1. On the **Basic SAML Configuration** page, perform the following steps:
- 1. In the **Sign-on URL** text box, type a URL using the following pattern:
+ a. In the **Sign-on URL** text box, type a URL using the following pattern:
`https://global.replicon.com/!/saml2/<client name>/sp-sso/post`
- 1. In the **Identifier** box, type a URL using the following pattern:
+ b. In the **Identifier** box, type a URL using the following pattern:
`https://global.replicon.com/!/saml2/<client name>`
- 1. In the **Reply URL** text box, type a URL using the following pattern:
+ c. In the **Reply URL** text box, type a URL using the following pattern:
`https://global.replicon.com/!/saml2/<client name>/sso/post` > [!NOTE] > These values are not real. Update these values with the actual Sign-On URL, Identifier and Reply URL. Contact [Replicon Client support team](https://www.replicon.com/customerzone/contact-support) to get these values. You can also refer to the patterns shown in the **Basic SAML Configuration** section in the Azure portal.
-1. Click the edit/pen icon for **SAML Signing Certificate** to edit the settings.
+1. Click the pencil icon for **SAML Signing Certificate** to edit the settings.
![Signing Algorithm](common/signing-algorithm.png)
Follow these steps to enable Azure AD SSO in the Azure portal.
![The Certificate download link](common/metadataxml.png)
-### Configure Replicon SSO
-
-1. In a different web browser window, sign into your Replicon company site as an administrator.
-
-2. To configure SAML 2.0, perform the following steps:
-
- ![Enable SAML authentication](./media/replicon-tutorial/ic777805.png "Enable SAML authentication")
-
- a. To display the **EnableSAML Authentication2** dialog, append the following to your URL, after your company key: `/services/SecurityService1.svc/help/test/EnableSAMLAuthentication2`
-
- * The following shows the schema of the complete URL:
- `https://na2.replicon.com/<YourCompanyKey>/services/SecurityService1.svc/help/test/EnableSAMLAuthentication2`
-
- b. Click the **+** to expand the **v20Configuration** section.
-
- c. Click the **+** to expand the **metaDataConfiguration** section.
-
- d. Select **SHA256** for xmlSignatureAlgorithm
-
- e. Click **Choose File**, to select your identity provider metadata XML file, and click **Submit**.
- ### Create an Azure AD test user In this section, you'll create a test user in the Azure portal called B.Simon.
In this section, you'll enable B.Simon to use Azure single sign-on by granting a
1. In the Azure portal, select **Enterprise Applications**, and then select **All applications**. 1. In the applications list, select **Replicon**. 1. In the app's overview page, find the **Manage** section and select **Users and groups**.
+1. Select **Add user**, then select **Users and groups** in the **Add Assignment** dialog.
+1. In the **Users and groups** dialog, select **B.Simon** from the Users list, then click the **Select** button at the bottom of the screen.
+1. If you are expecting a role to be assigned to the users, you can select it from the **Select a role** dropdown. If no role has been set up for this app, you see "Default Access" role selected.
+1. In the **Add Assignment** dialog, click the **Assign** button.
- ![The "Users and groups" link](common/users-groups-blade.png)
+## Configure Replicon SSO
-1. Select **Add user**, then select **Users and groups** in the **Add Assignment** dialog.
+1. In a different web browser window, sign into your Replicon company site as an administrator.
+
+2. To configure SAML 2.0, perform the following steps:
- ![The Add User link](common/add-assign-user.png)
+ ![Enable SAML authentication](./media/replicon-tutorial/authentication.png "Enable SAML authentication")
-1. In the **Users and groups** dialog, select **B.Simon** from the Users list, then click the **Select** button at the bottom of the screen.
-1. If you're expecting any role value in the SAML assertion, in the **Select Role** dialog, select the appropriate role for the user from the list and then click the **Select** button at the bottom of the screen.
-1. In the **Add Assignment** dialog, click the **Assign** button.
+ a. To display the **EnableSAML Authentication2** dialog, append the following to your URL, after your company key: `/services/SecurityService1.svc/help/test/EnableSAMLAuthentication2`
+
+ 1. The following shows the schema of the complete URL:
+ `https://na2.replicon.com/<YourCompanyKey>/services/SecurityService1.svc/help/test/EnableSAMLAuthentication2`
+
+ b. Click the **+** to expand the **v20Configuration** section.
+
+ c. Click the **+** to expand the **metaDataConfiguration** section.
+
+ d. Select **SHA256** for xmlSignatureAlgorithm
+
+ e. Click **Choose File**, to select your identity provider metadata XML file, and click **Submit**.
### Create Replicon test user
The objective of this section is to create a user called B.Simon in Replicon.
2. Go to **Administration \> Users**.
- ![Users](./media/replicon-tutorial/ic777806.png "Users")
+ ![Users](./media/replicon-tutorial/administration.png "Users")
3. Click **+Add User**.
- ![Add User](./media/replicon-tutorial/ic777807.png "Add User")
+ ![Add User](./media/replicon-tutorial/user.png "Add User")
4. In the **User Profile** section, perform the following steps:
- ![User profile](./media/replicon-tutorial/ic777808.png "User profile")
+ ![User profile](./media/replicon-tutorial/profile.png "User profile")
a. In the **Login Name** textbox, type the Azure AD email address of the Azure AD user you want to provision like `B.Simon@contoso.com`.
The objective of this section is to create a user called B.Simon in Replicon.
> [!NOTE] > You can use any other Replicon user account creation tools or APIs provided by Replicon to provision Azure AD user accounts.
-### Test SSO
+## Test SSO
+
+In this section, you test your Azure AD single sign-on configuration with following options.
-When you select the Replicon tile in the Access Panel, you should be automatically signed in to the Replicon for which you set up SSO. For more information about the Access Panel, see [Introduction to the Access Panel](../user-help/my-apps-portal-end-user-access.md).
+* Click on **Test this application** in Azure portal. This will redirect to Replicon Sign-on URL where you can initiate the login flow.
-## Additional Resources
+* Go to Replicon Sign-on URL directly and initiate the login flow from there.
-- [List of Tutorials on How to Integrate SaaS Apps with Azure Active Directory](./tutorial-list.md)
+* You can use Microsoft My Apps. When you click the Replicon tile in the My Apps, this will redirect to Replicon Sign-on URL. For more information about the My Apps, see [Introduction to the My Apps](../user-help/my-apps-portal-end-user-access.md).
-- [What is application access and single sign-on with Azure Active Directory?](../manage-apps/what-is-single-sign-on.md)
+## Next steps
-- [What is Conditional Access in Azure Active Directory?](../conditional-access/overview.md)
+Once you configure Replicon you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-aad).
active-directory Samanage Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/samanage-tutorial.md
Previously updated : 02/11/2021 Last updated : 05/13/2021 # Tutorial: Azure Active Directory integration with SolarWinds Service Desk (previously Samanage)
In this section, you'll enable B.Simon to use Azure single sign-on by granting a
a. Click **Enable Single Sign-On with SAML**.
- b. In the **Identity Provider URL** textbox, paste the value of **Azure Ad Identifier** which you have copied from Azure portal.
+ b. In the **Identity Provider URL** textbox, enter the value like `https://YourAccountName.samanage.com`.
c. Confirm the **Login URL** matches the **Sign On URL** of **Basic SAML Configuration** section in Azure portal.
In this section, you test your Azure AD single sign-on configuration with follow
## Next steps
-Once you configure SolarWinds you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-any-app).
+Once you configure SolarWinds you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-any-app).
active-directory Sharepoint On Premises Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/sharepoint-on-premises-tutorial.md
$realm = "urn:sharepoint:federation"
$loginUrl = "https://login.microsoftonline.com/dc38a67a-f981-4e24-ba16-4443ada44484/wsfed" # Define the claim types used for the authorization
-$userIdentifier = New-SPClaimTypeMapping -IncomingClaimType "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" -IncomingClaimTypeDisplayName "name" -LocalClaimType "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn"
+$userIdentifier = New-SPClaimTypeMapping -IncomingClaimType `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name` -IncomingClaimTypeDisplayName "name" -LocalClaimType "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn"
$role = New-SPClaimTypeMapping "http://schemas.microsoft.com/ws/2008/06/identity/claims/role" -IncomingClaimTypeDisplayName "Role" -SameAsIncoming # Let SharePoint trust the Azure AD signing certificate
As a conclusion, to ensure that guest accounts are all identified with the same
1. Select **Unique User Identifier (Name ID)**, change its **Source Attribute** property to **user.localuserprincipalname**, and click **Save**.
- 1. Select **http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name**, change its **Source Attribute** property to **user.localuserprincipalname**, and click **Save**.
+ 1. Select `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name`, change its **Source Attribute** property to **user.localuserprincipalname**, and click **Save**.
1. The **User Attributes & Claims** should look like this:
active-directory Workshop Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/workshop-tutorial.md
+
+ Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Workshop | Microsoft Docs'
+description: Learn how to configure single sign-on between Azure Active Directory and Workshop.
++++++++ Last updated : 05/14/2021++++
+# Tutorial: Azure Active Directory single sign-on (SSO) integration with Workshop
+
+In this tutorial, you'll learn how to integrate Workshop with Azure Active Directory (Azure AD). When you integrate Workshop with Azure AD, you can:
+
+* Control in Azure AD who has access to Workshop.
+* Enable your users to be automatically signed-in to Workshop with their Azure AD accounts.
+* Manage your accounts in one central location - the Azure portal.
+
+## Prerequisites
+
+To get started, you need the following items:
+
+* An Azure AD subscription. If you don't have a subscription, you can get a [free account](https://azure.microsoft.com/free/).
+* Workshop single sign-on (SSO) enabled subscription.
+
+## Scenario description
+
+In this tutorial, you configure and test Azure AD SSO in a test environment.
+
+* Workshop supports **SP and IDP** initiated SSO.
+* Workshop supports **Just In Time** user provisioning.
++
+## Adding Workshop from the gallery
+
+To configure the integration of Workshop into Azure AD, you need to add Workshop from the gallery to your list of managed SaaS apps.
+
+1. Sign in to the Azure portal using either a work or school account, or a personal Microsoft account.
+1. On the left navigation pane, select the **Azure Active Directory** service.
+1. Navigate to **Enterprise Applications** and then select **All Applications**.
+1. To add new application, select **New application**.
+1. In the **Add from the gallery** section, type **Workshop** in the search box.
+1. Select **Workshop** from results panel and then add the app. Wait a few seconds while the app is added to your tenant.
++
+## Configure and test Azure AD SSO for Workshop
+
+Configure and test Azure AD SSO with Workshop using a test user called **B.Simon**. For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in Workshop.
+
+To configure and test Azure AD SSO with Workshop, perform the following steps:
+
+1. **[Configure Azure AD SSO](#configure-azure-ad-sso)** - to enable your users to use this feature.
+ 1. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon.
+ 1. **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable B.Simon to use Azure AD single sign-on.
+1. **[Configure Workshop SSO](#configure-workshop-sso)** - to configure the single sign-on settings on application side.
+ 1. **[Create Workshop test user](#create-workshop-test-user)** - to have a counterpart of B.Simon in Workshop that is linked to the Azure AD representation of user.
+1. **[Test SSO](#test-sso)** - to verify whether the configuration works.
+
+## Configure Azure AD SSO
+
+Follow these steps to enable Azure AD SSO in the Azure portal.
+
+1. In the Azure portal, on the **Workshop** application integration page, find the **Manage** section and select **single sign-on**.
+1. On the **Select a single sign-on method** page, select **SAML**.
+1. On the **Set up single sign-on with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.
+
+ ![Edit Basic SAML Configuration](common/edit-urls.png)
+
+1. On the **Basic SAML Configuration** section, if you wish to configure the application in **IDP** initiated mode, enter the values for the following fields:
+
+ a. In the **Identifier** text box, type a URL using the following pattern:
+ `https://<Your Subdomain>.useworkshop.com/auth/auth/saml/metadata`
+
+ b. In the **Reply URL** text box, type a URL using the following pattern:
+ `https://<Your Subdomain>.useworkshop.com/auth/auth/saml/callback`
+
+1. Click **Set additional URLs** and perform the following step if you wish to configure the application in **SP** initiated mode:
+
+ In the **Sign-on URL** text box, type a URL using the following pattern:
+ `https://<Your Subdomain>.useworkshop.com/auth/auth/saml`
+
+ > [!NOTE]
+ > These values are not real. Update these values with the actual Identifier, Reply URL and Sign-on URL. Contact [Workshop Client support team](mailto:help@useworkshop.com) to get these values. You can also refer to the patterns shown in the **Basic SAML Configuration** section in the Azure portal.
+
+1. Workshop application expects the SAML assertions in a specific format, which requires you to add custom attribute mappings to your SAML token attributes configuration. The following screenshot shows the list of default attributes.
+
+ ![image](common/default-attributes.png)
+
+1. In addition to above, Workshop application expects few more attributes to be passed back in SAML response, which are shown below. These attributes are also pre populated but you can review them as per your requirements.
+
+ | Name | Source Attribute|
+ | -- | |
+ | first_name | user.givenname |
+ | last_name | user.surname |
+ | email | user.mail |
+ | title | user.title |
+
+1. On the **Set up single sign-on with SAML** page, In the **SAML Signing Certificate** section, click copy button to copy **App Federation Metadata Url** and save it on your computer.
+
+ ![The Certificate download link](common/copy-metadataurl.png)
+
+### Create an Azure AD test user
+
+In this section, you'll create a test user in the Azure portal called B.Simon.
+
+1. From the left pane in the Azure portal, select **Azure Active Directory**, select **Users**, and then select **All users**.
+1. Select **New user** at the top of the screen.
+1. In the **User** properties, follow these steps:
+ 1. In the **Name** field, enter `B.Simon`.
+ 1. In the **User name** field, enter the username@companydomain.extension. For example, `B.Simon@contoso.com`.
+ 1. Select the **Show password** check box, and then write down the value that's displayed in the **Password** box.
+ 1. Click **Create**.
+
+### Assign the Azure AD test user
+
+In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Workshop.
+
+1. In the Azure portal, select **Enterprise Applications**, and then select **All applications**.
+1. In the applications list, select **Workshop**.
+1. In the app's overview page, find the **Manage** section and select **Users and groups**.
+1. Select **Add user**, then select **Users and groups** in the **Add Assignment** dialog.
+1. In the **Users and groups** dialog, select **B.Simon** from the Users list, then click the **Select** button at the bottom of the screen.
+1. If you are expecting a role to be assigned to the users, you can select it from the **Select a role** dropdown. If no role has been set up for this app, you see "Default Access" role selected.
+1. In the **Add Assignment** dialog, click the **Assign** button.
+
+## Configure Workshop SSO
+
+1. In a different browser window log in to your Workshop as an administrator.
+
+1. Click the profile icon at the top right corner and select **Settings** from the list.
+
+1. In the **Settings**, go to the **SSO** tab and click **Add SAML**.
+
+ ![Configuring the workshop sso](./media/workshop-tutorial/configuration.png)
+
+1. In the **Idp metadata url** textbox, paste the **App Federation Metadata Url** value which you have copied from the Azure portal.
+
+ ![screenshot for Metadata Url](./media/workshop-tutorial/metadata-url.png)
+
+1. Click **Create Sso**.
+
+### Create Workshop test user
+
+In this section, a user called Britta Simon is created in Workshop. Workshop supports just-in-time user provisioning, which is enabled by default. There is no action item for you in this section. If a user doesn't already exist in Workshop, a new one is created after authentication.
+
+## Test SSO
+
+In this section, you test your Azure AD single sign-on configuration with following options.
+
+#### SP initiated:
+
+* Click on **Test this application** in Azure portal. This will redirect to Workshop Sign on URL where you can initiate the login flow.
+
+* Go to Workshop Sign-on URL directly and initiate the login flow from there.
+
+#### IDP initiated:
+
+* Click on **Test this application** in Azure portal and you should be automatically signed in to the Workshop for which you set up the SSO
+
+You can also use Microsoft My Apps to test the application in any mode. When you click the Workshop tile in the My Apps, if configured in SP mode you would be redirected to the application sign on page for initiating the login flow and if configured in IDP mode, you should be automatically signed in to the Workshop for which you set up the SSO. For more information about the My Apps, see [Introduction to the My Apps](../user-help/my-apps-portal-end-user-access.md).
++
+## Next steps
+
+Once you configure Workshop you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-any-app).
++
active-directory Zscaler One Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/zscaler-one-tutorial.md
Previously updated : 12/18/2020 Last updated : 05/13/2021 # Tutorial: Azure Active Directory integration with Zscaler One
-In this tutorial, you learn how to integrate Zscaler One with Azure Active Directory (Azure AD).
-Integrating Zscaler One with Azure AD provides you with the following benefits:
+In this tutorial, you'll learn how to integrate Zscaler One with Azure Active Directory (Azure AD). When you integrate Zscaler One with Azure AD, you can:
-- You can control in Azure AD who has access to Zscaler One.-- You can enable your users to be automatically signed-in to Zscaler One (Single Sign-On) with their Azure AD accounts.-- You can manage your accounts in one central location - the Azure portal.
+* Control in Azure AD who has access to Zscaler One.
+* Enable your users to be automatically signed-in to Zscaler One with their Azure AD accounts.
+* Manage your accounts in one central location - the Azure portal.
## Prerequisites
-To configure Azure AD integration with Zscaler One, you need the following items:
+To get started, you need the following items:
-- An Azure AD subscription. If you don't have an Azure AD environment, you can get a [free account](https://azure.microsoft.com/free/)-- Zscaler One single sign-on enabled subscription
+* An Azure AD subscription. If you don't have a subscription, you can get a [free account](https://azure.microsoft.com/free/).
+* Zscaler One single sign-on (SSO) enabled subscription.
## Scenario description In this tutorial, you configure and test Azure AD single sign-on in a test environment. -- Zscaler One supports **SP** initiated SSO
+* Zscaler One supports **SP** initiated SSO.
-- Zscaler One supports **Just In Time** user provisioning
+* Zscaler One supports **Just In Time** user provisioning.
-## Adding Zscaler One from the gallery
+> [!NOTE]
+> Identifier of this application is a fixed string value so only one instance can be configured in one tenant.
+
+## Add Zscaler One from the gallery
To configure the integration of Zscaler One into Azure AD, you need to add Zscaler One from the gallery to your list of managed SaaS apps.
Follow these steps to enable Azure AD SSO in the Azure portal.
![Edit Basic SAML Configuration](common/edit-urls.png)
-1. On the **Basic SAML Configuration** section, perform the following steps:
+1. On the **Basic SAML Configuration** section, perform the following step:
- In the **Sign-on URL** textbox, type the URL used by your users to sign-on to your Zscaler One application.
+ a. In the **Sign-on URL** textbox, type the URL used by your users to sign-on to your Zscaler One application.
> [!NOTE] > You update the value with the actual Sign-On URL. Contact [Zscaler One Client support team](https://www.zscaler.com/company/contact) to get the value. You can also refer to the patterns shown in the **Basic SAML Configuration** section in the Azure portal.
In this section, you'll enable B.Simon to use Azure single sign-on by granting a
4. Go to **Administration > Authentication > Authentication Settings** and perform the following steps:
- ![Screenshot shows the Zscaler One site with steps as described.](./media/zscaler-one-tutorial/ic800206.png "Administration")
+ ![Screenshot shows the Zscaler One site with steps as described.](./media/zscaler-one-tutorial/settings.png "Administration")
a. Under Authentication Type, choose **SAML**.
In this section, you'll enable B.Simon to use Azure single sign-on by granting a
5. On the **Edit SAML** window, perform the following steps: and click Save.
- ![Manage Users & Authentication](./media/zscaler-one-tutorial/ic800208.png "Manage Users & Authentication")
+ ![Manage Users & Authentication](./media/zscaler-one-tutorial/users.png "Manage Users & Authentication")
a. In the **SAML Portal URL** textbox, Paste the **Login URL** which you have copied from Azure portal.
In this section, you'll enable B.Simon to use Azure single sign-on by granting a
6. On the **Configure User Authentication** dialog page, perform the following steps:
- ![Screenshot shows the Configure User Authentication dialog box with Activate selected.](./media/zscaler-one-tutorial/ic800207.png)
+ ![Screenshot shows the Configure User Authentication dialog box with Activate selected.](./media/zscaler-one-tutorial/authentication.png)
- a. Hover over the **Activation** menu near the bottom left.
+ a. However over the **Activation** menu near the bottom left.
b. Click **Activate**.
In this section, you'll enable B.Simon to use Azure single sign-on by granting a
2. Select **Internet options** from the **Tools** menu for open the **Internet Options** dialog.
- ![Internet Options](./media/zscaler-one-tutorial/ic769492.png "Internet Options")
+ ![Internet Options](./media/zscaler-one-tutorial/connection.png "Internet Options")
3. Click the **Connections** tab.
- ![Connections](./media/zscaler-one-tutorial/ic769493.png "Connections")
+ ![Connections](./media/zscaler-one-tutorial/configuration.png "Connections")
4. Click **LAN settings** to open the **LAN Settings** dialog. 5. In the Proxy server section, perform the following steps:
- ![Proxy server](./media/zscaler-one-tutorial/ic769494.png "Proxy server")
+ ![Proxy server](./media/zscaler-one-tutorial/server.png "Proxy server")
a. Select **Use a proxy server for your LAN**.
In this section, a user called Britta Simon is created in Zscaler One. Zscaler O
> [!Note] > If you need to create a user manually, contact [Zscaler One support team](https://www.zscaler.com/company/contact).
-### Test SSO
+## Test SSO
-In this section, you test your Azure AD single sign-on configuration with following options.
+In this section, you test your Azure AD single sign-on configuration with following options.
-- Click on **Test this application** in Azure portal. This will redirect to Zscaler One Sign-on URL where you can initiate the login flow.
+* Click on **Test this application** in Azure portal. This will redirect to Zscaler One Sign-on URL where you can initiate the login flow.
-- Go to Zscaler One Sign-on URL directly and initiate the login flow from there.
+* Go to Zscaler One Sign-on URL directly and initiate the login flow from there.
-- You can use Microsoft My Apps. When you click the Zscaler One tile in the My Apps, this will redirect to Zscaler One Sign-on URL. For more information about the My Apps, see [Introduction to the My Apps](../user-help/my-apps-portal-end-user-access.md).
+* You can use Microsoft My Apps. When you click the Zscaler One tile in the My Apps, this will redirect to Zscaler One Sign-on URL. For more information about the My Apps, see [Introduction to the My Apps](../user-help/my-apps-portal-end-user-access.md).
## Next steps
-Once you configure Zscaler One you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-any-app).
+Once you configure Zscaler One you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-aad).
active-directory Zscaler Three Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/zscaler-three-tutorial.md
Previously updated : 12/18/2020 Last updated : 05/11/2021
In this tutorial, you'll learn how to integrate Zscaler Three with Azure Active Directory (Azure AD). When you integrate Zscaler Three with Azure AD, you can: -- Control in Azure AD who has access to Zscaler Three.-- Enable your users to be automatically signed-in to Zscaler Three with their Azure AD accounts.-- Manage your accounts in one central location - the Azure portal.
+* Control in Azure AD who has access to Zscaler Three.
+* Enable your users to be automatically signed-in to Zscaler Three with their Azure AD accounts.
+* Manage your accounts in one central location - the Azure portal.
## Prerequisites To get started, you need the following items: -- An Azure AD subscription. If you don't have a subscription, you can get a [free account](https://azure.microsoft.com/free/).-- Zscaler Three single sign-on (SSO) enabled subscription.
+* An Azure AD subscription. If you don't have a subscription, you can get a [free account](https://azure.microsoft.com/free/).
+* Zscaler Three single sign-on (SSO) enabled subscription.
## Scenario description In this tutorial, you configure and test Azure AD SSO in a test environment. -- Zscaler Three supports **SP** initiated SSO
+* Zscaler Three supports **SP** initiated SSO.
-- Zscaler Three supports **Just In Time** user provisioning
+* Zscaler Three supports **Just In Time** user provisioning.
> [!NOTE] > Identifier of this application is a fixed string value so only one instance can be configured in one tenant.
-## Adding Zscaler Three from the gallery
+## Add Zscaler Three from the gallery
To configure the integration of Zscaler Three into Azure AD, you need to add Zscaler Three from the gallery to your list of managed SaaS apps.
Follow these steps to enable Azure AD SSO in the Azure portal.
1. On the **Basic SAML Configuration** section, enter the values for the following fields:
- In the **Sign-on URL** text box, type a URL:
+ In the **Sign-on URL** text box, type the URL:
`https://login.zscalerthree.net/sfc_sso` 1. Your Zscaler Three application expects the SAML assertions in a specific format, which requires you to add custom attribute mappings to your SAML token attributes configuration. The following screenshot shows the list of default attributes.
In this section, you'll enable B.Simon to use Azure single sign-on by granting a
1. In the Azure portal, select **Enterprise Applications**, and then select **All applications**. 1. In the applications list, select **Zscaler Three**.
-1. In the **Users and groups** dialog, select the user like **Britta Simon** from the list, then click the **Select** button at the bottom of the screen.
-
- ![Screenshot shows the Users and groups dialog box where you can select a user.](./media/zscaler-three-tutorial/tutorial_zscalerthree_users.png)
-
-1. From the **Select Role** dialog choose the appropriate user role in the list, then click the **Select** button at the bottom of the screen.
-
- ![Screenshot shows the Select Role dialog box where you can choose a user role.](./media/zscaler-three-tutorial/tutorial_zscalerthree_roles.png)
-
-1. In the **Add Assignment** dialog select the **Assign** button.
-
- ![Screenshot shows the Add Assignment dialog box where you can select Assign.](./media/zscaler-three-tutorial/tutorial_zscalerthree_assign.png)
+1. In the app's overview page, find the **Manage** section and select **Users and groups**.
+1. Select **Add user**, then select **Users and groups** in the **Add Assignment** dialog.
+1. In the **Users and groups** dialog, select **B.Simon** from the Users list, then click the **Select** button at the bottom of the screen.
+1. If you are expecting a role to be assigned to the users, you can select it from the **Select a role** dropdown. If no role has been set up for this app, you see "Default Access" role selected.
+1. In the **Add Assignment** dialog, click the **Assign** button.
## Configure Zscaler Three SSO
In this section, you'll enable B.Simon to use Azure single sign-on by granting a
4. Go to **Administration > Authentication > Authentication Settings** and perform the following steps:
- ![Screenshot shows the Zscaler One site with steps as described.](./media/zscaler-three-tutorial/ic800206.png "Administration")
+ ![Screenshot shows the Zscaler One site with steps as described.](./media/zscaler-three-tutorial/settings.png "Administration")
a. Under Authentication Type, choose **SAML**.
In this section, you'll enable B.Simon to use Azure single sign-on by granting a
5. On the **Edit SAML** window, perform the following steps: and click Save.
- ![Manage Users & Authentication](./media/zscaler-three-tutorial/ic800208.png "Manage Users & Authentication")
+ ![Manage Users & Authentication](./media/zscaler-three-tutorial/authentication.png "Manage Users & Authentication")
a. In the **SAML Portal URL** textbox, Paste the **Login URL** which you have copied from Azure portal.
In this section, you'll enable B.Simon to use Azure single sign-on by granting a
6. On the **Configure User Authentication** dialog page, perform the following steps:
- ![Screenshot shows the Configure User Authentication dialog box with Activate selected.](./media/zscaler-three-tutorial/ic800207.png)
+ ![Screenshot shows the Configure User Authentication dialog box with Activate selected.](./media/zscaler-three-tutorial/user.png)
- a. Hover over the **Activation** menu near the bottom left.
+ a. However over the **Activation** menu near the bottom left.
b. Click **Activate**.
In this section, you'll enable B.Simon to use Azure single sign-on by granting a
2. Select **Internet options** from the **Tools** menu for open the **Internet Options** dialog.
- ![Internet Options](./media/zscaler-three-tutorial/ic769492.png "Internet Options")
+ ![Internet Options](./media/zscaler-three-tutorial/tools.png "Internet Options")
3. Click the **Connections** tab.
- ![Connections](./media/zscaler-three-tutorial/ic769493.png "Connections")
+ ![Connections](./media/zscaler-three-tutorial/setup.png "Connections")
4. Click **LAN settings** to open the **LAN Settings** dialog. 5. In the Proxy server section, perform the following steps:
- ![Proxy server](./media/zscaler-three-tutorial/ic769494.png "Proxy server")
+ ![Proxy server](./media/zscaler-three-tutorial/server.png "Proxy server")
a. Select **Use a proxy server for your LAN**.
In this section, a user called B.Simon is created in Zscaler Three. Zscaler Thre
## Test SSO
-In this section, you test your Azure AD single sign-on configuration with following options.
+In this section, you test your Azure AD single sign-on configuration with following options.
-- Click on **Test this application** in Azure portal. This will redirect to Zscaler Three Sign-on URL where you can initiate the login flow.
+* Click on **Test this application** in Azure portal. This will redirect to Zscaler Three Sign-on URL where you can initiate the login flow.
-- Go to Zscaler Three Sign-on URL directly and initiate the login flow from there.
+* Go to Zscaler Three Sign-on URL directly and initiate the login flow from there.
-- You can use Microsoft My Apps. When you click the Zscaler Three tile in the My Apps, this will redirect to Zscaler Three Sign-on URL. For more information about the My Apps, see [Introduction to the My Apps](../user-help/my-apps-portal-end-user-access.md).
+* You can use Microsoft My Apps. When you click the Zscaler Three tile in the My Apps, this will redirect to Zscaler Three Sign-on URL. For more information about the My Apps, see [Introduction to the My Apps](../user-help/my-apps-portal-end-user-access.md).
## Next steps
active-directory Nist Authenticator Assurance Level 3 https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/standards/nist-authenticator-assurance-level-3.md
Microsoft offers authentication methods that enable you to meet required NIST au
| FIDO2 security key **OR**<br> Smartcard (AD FS) **OR**<br>Windows Hello for Business w/ hardware TPM| Multi-factor cryptographic hardware | | **Additional methods**| | | Password **AND**<br>(Hybrid Azure AD Joined w/ hardware TPM **OR** <br> Azure AD joined w/ hardware TPM)| Memorized secret **+** Single-factor crypto hardware |
-| Password **AND**<br>Single-factor one-time-password hardware (from OTP manufacturers) **OR**<br>Hybrid Azure AD Joined w/ software TPM **OR** <br> Azure AD joined w/ software TPM **OR**<br> Compliant managed device| Memorized secret **AND**<br>Single-factor one-time password hardware **AND**<br>Single-factor crypto software |
+| Password **AND**<br>(Single-factor one-time-password hardware (from OTP manufacturers) **OR**<br>Hybrid Azure AD Joined w/ software TPM **OR** <br> Azure AD joined w/ software TPM **OR**<br> Compliant managed device)| Memorized secret **AND**<br>Single-factor one-time password hardware **AND**<br>Single-factor crypto software |
### Our recommendations
aks Aks Migration https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/aks/aks-migration.md
kubectl get deployment -o=yaml --export > deployments.yaml
You may want to move your AKS cluster to a [different region supported by AKS][region-availability]. We recommend that you create a new cluster in the other region, then deploy your resources and applications to your new cluster.
-In addition, if you have any services such as [Azure Dev Spaces][azure-dev-spaces] running on your AKS cluster, you will need to install and configure those services on your cluster in the new region.
+In addition, if you have any services running on your AKS cluster, you will need to install and configure those services on your cluster in the new region.
In this article, we summarized migration details for:
In this article, we summarized migration details for:
> * Deployment of your cluster configuration
-[region-availability]: https://azure.microsoft.com/global-infrastructure/services/?products=kubernetes-service
-[azure-dev-spaces]: ../dev-spaces/index.yml
+[region-availability]: https://azure.microsoft.com/global-infrastructure/services/?products=kubernetes-service
aks Api Server Authorized Ip Ranges https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/aks/api-server-authorized-ip-ranges.md
az aks create \
> You should add these ranges to an allow list: > - The firewall public IP address > - Any range that represents networks that you'll administer the cluster from
-> - If you are using Azure Dev Spaces on your AKS cluster, you have to allow [additional ranges based on your region][dev-spaces-ranges].
> > The upper limit for the number of IP ranges you can specify is 200. >
aks Certificate Rotation https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/aks/certificate-rotation.md
kubectl get no
``` > [!NOTE]
-> If you have any services that run on top of AKS, such as [Azure Dev Spaces][dev-spaces], you may need to [update certificates related to those services][dev-spaces-rotate] as well.
+> If you have any services that run on top of AKS, you may need to update certificates related to those services as well.
## Next steps
This article showed you how to automatically rotate your cluster's certificates,
[az-extension-add]: /cli/azure/extension#az_extension_add [az-extension-update]: /cli/azure/extension#az_extension_update [aks-best-practices-security-upgrades]: operator-best-practices-cluster-security.md
-[dev-spaces]: ../dev-spaces/index.yml
-[dev-spaces-rotate]: ../dev-spaces/troubleshooting.md#error-using-dev-spaces-after-rotating-aks-certificates
aks Intro Kubernetes https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/aks/intro-kubernetes.md
To get started with ingress traffic, see [HTTP application routing][aks-http-rou
## Development tooling integration
-Kubernetes has a rich ecosystem of development and management tools that work seamlessly with AKS. These tools include Helm and the Kubernetes extension for Visual Studio Code.
+Kubernetes has a rich ecosystem of development and management tools that work seamlessly with AKS. These tools include Helm and the Kubernetes extension for Visual Studio Code.
-Azure provides several tools that help streamline Kubernetes, such as Azure Dev Spaces and DevOps Starter.
-
-### Azure Dev Spaces
-
-Azure Dev Spaces provides a rapid, iterative Kubernetes development experience for teams. With minimal configuration, you can run and debug containers directly in AKS. To get started, see [Azure Dev Spaces][azure-dev-spaces].
+Azure provides several tools that help streamline Kubernetes, such as DevOps Starter.
### DevOps Starter
aks Limit Egress Traffic https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/aks/limit-egress-traffic.md
The following FQDN / application rules are required for AKS clusters that have t
| *.oms.opinsights.azure.com | **`HTTPS:443`** | This endpoint is used by omsagent, which is used to authenticate the log analytics service. | | *.monitoring.azure.com | **`HTTPS:443`** | This endpoint is used to send metrics data to Azure Monitor. |
-### Azure Dev Spaces
-
-Update your firewall or security configuration to allow network traffic to and from the all of the below FQDNs and [Azure Dev Spaces infrastructure services][dev-spaces-service-tags].
-
-#### Required network rules
-
-| Destination Endpoint | Protocol | Port | Use |
-|-|-|||
-| [ServiceTag](../virtual-network/service-tags-overview.md#available-service-tags) - **`AzureDevSpaces`** | TCP | 443 | This endpoint is used to send metrics data and logs to Azure Monitor and Log Analytics. |
-
-#### Required FQDN / application rules
-
-The following FQDN / application rules are required for AKS clusters that have the Azure Dev Spaces enabled:
-
-| FQDN | Port | Use |
-|--|--|-|
-| `cloudflare.docker.com` | **`HTTPS:443`** | This address is used to pull linux alpine and other Azure Dev Spaces images |
-| `gcr.io` | **`HTTPS:443`** | This address is used to pull helm/tiller images |
-| `storage.googleapis.com` | **`HTTPS:443`** | This address is used to pull helm/tiller images |
- ### Azure Policy #### Required FQDN / application rules
If you want to restrict how pods communicate between themselves and East-West tr
[aks-upgrade]: upgrade-cluster.md [aks-support-policies]: support-policies.md [aks-faq]: faq.md
-[dev-spaces-service-tags]: ../dev-spaces/configure-networking.md#virtual-network-or-subnet-configurations
aks Manage Azure Rbac https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/aks/manage-azure-rbac.md
where `<AAD-ENTITY-ID>` could be a username (for example, user@contoso.com) or e
You can also create role assignments scoped to a specific **namespace** within the cluster: ```azurecli-interactive
-az role assignment create --role "Azure Kubernetes Service RBAC Viewer" --assignee <AAD-ENTITY-ID> --scope $AKS_ID/namespaces/<namespace-name>
+az role assignment create --role "Azure Kubernetes Service RBAC Reader" --assignee <AAD-ENTITY-ID> --scope $AKS_ID/namespaces/<namespace-name>
``` Today, role assignments scoped to namespaces need to be configured via Azure CLI.
Copy the below json into a file called `deploy-view.json`.
```json {
- "Name": "AKS Deployment Viewer",
+ "Name": "AKS Deployment Reader",
"Description": "Lets you view all deployments in cluster/namespace.", "Actions": [], "NotActions": [],
az role definition create --role-definition @deploy-view.json
Now that you have your role definition, you can assign it to a user or other identity by running: ```azurecli-interactive
-az role assignment create --role "AKS Deployment Viewer" --assignee <AAD-ENTITY-ID> --scope $AKS_ID
+az role assignment create --role "AKS Deployment Reader" --assignee <AAD-ENTITY-ID> --scope $AKS_ID
``` ## Use Azure RBAC for Kubernetes Authorization with `kubectl`
az role assignment delete --ids <LIST OF ASSIGNMENT IDS>
### Clean up role definition ```azurecli-interactive
-az role definition delete -n "AKS Deployment Viewer"
+az role definition delete -n "AKS Deployment Reader"
``` ### Delete cluster and resource group
aks Node Auto Repair https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/aks/node-auto-repair.md
Alternative remediations are investigated by AKS engineers if auto-repair is uns
If AKS finds multiple unhealthy nodes during a health check, each node is repaired individually before another repair begins. +
+## Limitations
+
+In many cases, AKS can determine if a node is unhealthy and attempt to repair the issue, but there are cases where AKS either can't repair the issue or can't detect that there is an issue. For example, AKS can't detect issues if a node status is not being reported due to error in network configuration.
+ ## Next steps Use [Availability Zones][availability-zones] to increase high availability with your AKS cluster workloads.
aks Policy Reference https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/aks/policy-reference.md
Title: Built-in policy definitions for Azure Kubernetes Service description: Lists Azure Policy built-in policy definitions for Azure Kubernetes Service. These built-in policy definitions provide common approaches to managing your Azure resources. Previously updated : 05/04/2021 Last updated : 05/14/2021
aks Quickstart Helm https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/aks/quickstart-helm.md
To connect a Kubernetes cluster locally, use the Kubernetes command-line client,
## Download the sample application
-This quickstart uses [an example Node.js application from the Azure Dev Spaces sample repository][example-nodejs]. Clone the application from GitHub and navigate to the `dev-spaces/samples/nodejs/getting-started/webfrontend` directory.
+This quickstart uses [an example Node.js application][example-nodejs]. Clone the application from GitHub and navigate to the `dev-spaces/samples/nodejs/getting-started/webfrontend` directory.
```console git clone https://github.com/Azure/dev-spaces
aks Security Controls Policy https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/aks/security-controls-policy.md
Title: Azure Policy Regulatory Compliance controls for Azure Kubernetes Service (AKS) description: Lists Azure Policy Regulatory Compliance controls available for Azure Kubernetes Service (AKS). These built-in policy definitions provide common approaches to managing the compliance of your Azure resources. Previously updated : 05/04/2021 Last updated : 05/14/2021
aks Windows Faq https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/aks/windows-faq.md
Kubenet is currently not supported with Windows nodes.
Yes, an ingress-controller that supports Windows Server containers can run on Windows nodes in AKS.
-## Can I use Azure Dev Spaces with Windows nodes?
-
-Azure Dev Spaces is currently only available for Linux-based node pools.
- ## Can my Windows Server containers use gMSA? Group managed service accounts (gMSA) support is not currently available in AKS.
analysis-services Analysis Services Addservprinc Admins https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/analysis-services/analysis-services-addservprinc-admins.md
description: Learn how to add an automation service principal to the Azure Analy
Previously updated : 07/07/2020 Last updated : 05/14/2021
A managed identity can also be added to the Analysis Services Admins list. For e
In most parts of the Azure portal and APIs, managed identities are identified using their service principal object ID. However, Analysis Services requires that they be identified using their client ID. To obtain the client ID for a service principal, you can use the Azure CLI:
-```bash
+```azurecli
az ad sp show --id <ManagedIdentityServicePrincipalObjectId> --query appId -o tsv ```
You can then use this client ID in conjunction with the tenant ID to add the man
## Related information * [Download SQL Server PowerShell Module](/sql/ssms/download-sql-server-ps-module)
-* [Download SSMS](/sql/ssms/download-sql-server-management-studio-ssms)
+* [Download SSMS](/sql/ssms/download-sql-server-management-studio-ssms)
api-management Policy Reference https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/api-management/policy-reference.md
Title: Built-in policy definitions for Azure API Management description: Lists Azure Policy built-in policy definitions for Azure API Management. These built-in policy definitions provide approaches to managing your Azure resources. Previously updated : 05/04/2021 Last updated : 05/14/2021
api-management Security Controls Policy https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/api-management/security-controls-policy.md
Title: Azure Policy Regulatory Compliance controls for Azure API Management description: Lists Azure Policy Regulatory Compliance controls available for Azure API Management. These built-in policy definitions provide common approaches to managing the compliance of your Azure resources. Previously updated : 05/04/2021 Last updated : 05/14/2021
app-service Configure Language Java https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/app-service/configure-language-java.md
Azure Blob Storage logging for Linux based App Services can only be configured u
::: zone-end
-If your application uses [Logback](https://logback.qos.ch/) or [Log4j](https://logging.apache.org/log4j) for tracing, you can forward these traces for review into Azure Application Insights using the logging framework configuration instructions in [Explore Java trace logs in Application Insights](../azure-monitor/app/java-trace-logs.md).
+If your application uses [Logback](https://logback.qos.ch/) or [Log4j](https://logging.apache.org/log4j) for tracing, you can forward these traces for review into Azure Application Insights using the logging framework configuration instructions in [Explore Java trace logs in Application Insights](../azure-monitor/app/java-2x-trace-logs.md).
## Customization and tuning
app-service Policy Reference https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/app-service/policy-reference.md
Title: Built-in policy definitions for Azure App Service description: Lists Azure Policy built-in policy definitions for Azure App Service. These built-in policy definitions provide common approaches to managing your Azure resources. Previously updated : 05/04/2021 Last updated : 05/14/2021
app-service Security Controls Policy https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/app-service/security-controls-policy.md
Title: Azure Policy Regulatory Compliance controls for Azure App Service description: Lists Azure Policy Regulatory Compliance controls available for Azure App Service. These built-in policy definitions provide common approaches to managing the compliance of your Azure resources. Previously updated : 05/04/2021 Last updated : 05/14/2021
attestation Policy Reference https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/attestation/policy-reference.md
Title: Built-in policy definitions for Azure Attestation description: Lists Azure Policy built-in policy definitions for Azure Attestation. These built-in policy definitions provide common approaches to managing your Azure resources. Previously updated : 05/04/2021 Last updated : 05/14/2021
automation Policy Reference https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/automation/policy-reference.md
Title: Built-in policy definitions for Azure Automation description: Lists Azure Policy built-in policy definitions for Azure Automation. These built-in policy definitions provide common approaches to managing your Azure resources. Previously updated : 05/04/2021 Last updated : 05/14/2021
automation Security Controls Policy https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/automation/security-controls-policy.md
Title: Azure Policy Regulatory Compliance controls for Azure Automation description: Lists Azure Policy Regulatory Compliance controls available for Azure Automation. These built-in policy definitions provide common approaches to managing the compliance of your Azure resources. Previously updated : 05/04/2021 Last updated : 05/14/2021
azure-app-configuration Howto Best Practices https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-app-configuration/howto-best-practices.md
App Configuration offers the option to bulk [import](./howto-import-export-data.
App Configuration is regional service. For applications with different configurations per region, storing these configurations in one instance can create a single point of failure. Deploying one App Configuration instances per region across multiple regions may be a better option. It can help with regional disaster recovery, performance, and security siloing. Configuring by region also improves latency and uses separated throttling quotas, since throttling is per instance. To apply disaster recovery mitigation, you can use [multiple configuration stores](./concept-disaster-recovery.md).
-## Client Applications in App Configuration
+## Client applications in App Configuration
-Excessive requests to App Configuration can result in throttling or overage charges. Applications take advantage of the caching and intelligent refreshing currently available to optimize the number of requests they send. This process can be mirrored in high volume client applications by avoiding direct connections to the configuration store. Instead, client applications connect to a custom service, and this service communicates with the configuration store. This proxy solution can ensure the client applications do not approach the throttling limit on the configuration store. For more information on throttling, see [the FAQ](./faq.yml#are-there-any-limits-on-the-number-of-requests-made-to-app-configuration).
+When you use App Configuration in client applications, ensure that you consider two major factors. First, if you're using the connection string in a client application, you risk exposing the access key of your App Configuration store to the public. Second, the typical scale of a client application might cause excessive requests to your App Configuration store, which can result in overage charges or throttling. For more information about throttling, see the [FAQ](./faq.yml#are-there-any-limits-on-the-number-of-requests-made-to-app-configuration).
+
+To address these concerns, we recommend that you use a proxy service between your client applications and your App Configuration store. The proxy service can securely authenticate with your App Configuration store without a security issue of leaking authentication information. You can build a proxy service by using one of the App Configuration provider libraries, so you can take advantage of built-in caching and refresh capabilities for optimizing the volume of requests sent to App Configuration. For more information about using App Configuration providers, see articles in Quickstarts and Tutorials. The proxy service serves the configuration from its cache to your client applications, and you avoid the two potential issues that are discussed in this section.
## Next steps
-* [Keys and values](./concept-key-value.md)
+* [Keys and values](./concept-key-value.md)
azure-app-configuration Policy Reference https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-app-configuration/policy-reference.md
Title: Built-in policy definitions for Azure App Configuration description: Lists Azure Policy built-in policy definitions for Azure App Configuration. These built-in policy definitions provide common approaches to managing your Azure resources. Previously updated : 05/04/2021 Last updated : 05/14/2021
azure-app-configuration Security Controls Policy https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-app-configuration/security-controls-policy.md
Title: Azure Policy Regulatory Compliance controls for Azure App Configuration description: Lists Azure Policy Regulatory Compliance controls available for Azure App Configuration. These built-in policy definitions provide common approaches to managing the compliance of your Azure resources. Previously updated : 05/04/2021 Last updated : 05/14/2021
azure-arc Policy Reference https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-arc/kubernetes/policy-reference.md
Title: Built-in policy definitions for Azure Arc enabled Kubernetes description: Lists Azure Policy built-in policy definitions for Azure Arc enabled Kubernetes. These built-in policy definitions provide common approaches to managing your Azure resources. Previously updated : 05/04/2021 Last updated : 05/14/2021 #
azure-arc Policy Reference https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-arc/servers/policy-reference.md
Title: Built-in policy definitions for Azure Arc enabled servers description: Lists Azure Policy built-in policy definitions for Azure Arc enabled servers (preview). These built-in policy definitions provide common approaches to managing your Azure resources. Previously updated : 05/04/2021 Last updated : 05/14/2021
azure-arc Security Controls Policy https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-arc/servers/security-controls-policy.md
Title: Azure Policy Regulatory Compliance controls for Azure Arc enabled servers (preview) description: Lists Azure Policy Regulatory Compliance controls available for Azure Arc enabled servers (preview). These built-in policy definitions provide common approaches to managing the compliance of your Azure resources. Previously updated : 05/04/2021 Last updated : 05/14/2021
azure-cache-for-redis Cache Administration https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-cache-for-redis/cache-administration.md
The default, and minimum, maintenance window for updates is five hours. This val
## Schedule updates FAQ * [When do updates occur if I don't use the schedule updates feature?](#when-do-updates-occur-if-i-dont-use-the-schedule-updates-feature) * [What type of updates are made during the scheduled maintenance window?](#what-type-of-updates-are-made-during-the-scheduled-maintenance-window)
-* [Can I manage scheduled updates using PowerShell, CLI, or other management tools?](#can-i-managed-scheduled-updates-using-powershell-cli-or-other-management-tools)
+* [Can I manage scheduled updates using PowerShell, CLI, or other management tools?](#can-i-manage-scheduled-updates-using-powershell-cli-or-other-management-tools)
+* [Can an update that is covered and managed by the "Scheduled Updates" feature happen outside of the "Scheduled Updates" window?](#can-an-update-that-is-covered-and-managed-by-the-scheduled-updates-feature-happen-outside-the-scheduled-updates-window)
### When do updates occur if I don't use the schedule updates feature? If you don't specify a maintenance window, updates can be made at any time.
If you don't specify a maintenance window, updates can be made at any time.
### What type of updates are made during the scheduled maintenance window? Only Redis server updates are made during the scheduled maintenance window. The maintenance window does not apply to Azure updates or updates to the VM operating system.
-### Can I managed scheduled updates using PowerShell, CLI, or other management tools?
+### Can I manage scheduled updates using PowerShell, CLI, or other management tools?
Yes, you can manage your scheduled updates using the following PowerShell cmdlets: * [Get-AzRedisCachePatchSchedule](/powershell/module/az.rediscache/get-azrediscachepatchschedule)
Yes, you can manage your scheduled updates using the following PowerShell cmdlet
* [New-AzRedisCacheScheduleEntry](/powershell/module/az.rediscache/new-azrediscachescheduleentry) * [Remove-AzRedisCachePatchSchedule](/powershell/module/az.rediscache/remove-azrediscachepatchschedule)
+### Can an update that is covered and managed by the Scheduled Updates feature happen outside the Scheduled Updates window?
+Yes. Although in general, updates aren't applied outside the configured Scheduled Updates window, rare critical security updates can be applied outside the patching schedule as part of our security policy.
+ ## Next steps Learn more about Azure Cache for Redis features.
azure-cache-for-redis Cache How To Premium Persistence https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-cache-for-redis/cache-how-to-premium-persistence.md
Last updated 02/08/2021
# Configure data persistence for a Premium Azure Cache for Redis instance
-[Redis persistence](https://redis.io/topics/persistence) allows you to persist data stored in Redis. You can also take snapshots and back up the data, which you can load in case of a hardware failure. This is a huge advantage over Basic or Standard tier where all the data is stored in memory and there can be potential data loss in case of a failure where Cache nodes are down.
+[Redis persistence](https://redis.io/topics/persistence) allows you to persist data stored in Redis. You can also take snapshots and back up the data. If there's a hardware failure, you load the data. The ability to persist data is a huge advantage over the Basic or Standard tiers where all the data is stored in memory. Data loss is possible if a failure occurs where Cache nodes are down.
-Azure Cache for Redis offers Redis persistence using the following models:
+Azure Cache for Redis offers Redis persistence using the Redis database (RDB) and Append only File (AOF):
-* **RDB persistence** - When RDB (Redis database) persistence is configured, Azure Cache for Redis persists a snapshot of the Azure Cache for Redis in a Redis binary format to disk (in an Azure Storage account) based on a configurable backup frequency. If a catastrophic event occurs that disables both the primary and replica cache, the cache is reconstructed using the most recent snapshot. Learn more about the [advantages](https://redis.io/topics/persistence#rdb-advantages) and [disadvantages](https://redis.io/topics/persistence#rdb-disadvantages) of RDB persistence.
-* **AOF persistence** - When AOF (Append only file) persistence is configured, Azure Cache for Redis saves every write operation to a log that is saved at least once per second into an Azure Storage account. If a catastrophic event occurs that disables both the primary and replica cache, the cache is reconstructed using the stored write operations. Learn more about the [advantages](https://redis.io/topics/persistence#aof-advantages) and [disadvantages](https://redis.io/topics/persistence#aof-disadvantages) of AOF persistence.
+* **RDB persistence** - When you use RDB persistence, Azure Cache for Redis persists a snapshot of the Azure Cache for Redis in a Redis to disk in binary format. The snapshot is saved in an Azure Storage account. The configurable backup frequency determines how often to persist the snapshot. If a catastrophic event occurs that disables both the primary and replica cache, the cache is reconstructed using the most recent snapshot. Learn more about the [advantages](https://redis.io/topics/persistence#rdb-advantages) and [disadvantages](https://redis.io/topics/persistence#rdb-disadvantages) of RDB persistence.
+* **AOF persistence** - When you use AOF persistence, Azure Cache for Redis saves every write operation to a log. The log is saved at least once per second into an Azure Storage account. If a catastrophic event occurs that disables both the primary and replica cache, the cache is reconstructed using the stored write operations. Learn more about the [advantages](https://redis.io/topics/persistence#aof-advantages) and [disadvantages](https://redis.io/topics/persistence#aof-disadvantages) of AOF persistence.
-Persistence writes Redis data into an Azure Storage account that you own and manage. You can configure from the **New Azure Cache for Redis** blade during cache creation and on the **Resource menu** for existing premium caches.
+Persistence writes Redis data into an Azure Storage account that you own and manage. You configure the **New Azure Cache for Redis** on the left during cache creation. For existing premium caches, use the **Resource menu**.
> [!NOTE]
->
+>
> Azure Storage automatically encrypts data when it is persisted. You can use your own keys for the encryption. For more information, see [Customer-managed keys with Azure Key Vault](../storage/common/storage-service-encryption.md).
->
->
+>
+>
## Set up data persistence
-1. To create a premium cache, sign in to the [Azure portal](https://portal.azure.com) and select **Create a resource**. In addition to creating caches in the Azure portal, you can also create them using Resource Manager templates, PowerShell, or Azure CLI. For more information about creating an Azure Cache for Redis, see [Create a cache](cache-dotnet-how-to-use-azure-redis-cache.md#create-a-cache).
+1. To create a premium cache, sign in to the [Azure portal](https://portal.azure.com) and select **Create a resource**. You can create caches in the Azure portal. Y You can also create them using Resource Manager templates, PowerShell, or Azure CLI. For more information about creating an Azure Cache for Redis, see [Create a cache](cache-dotnet-how-to-use-azure-redis-cache.md#create-a-cache).
:::image type="content" source="media/cache-private-link/1-create-resource.png" alt-text="Create resource.":::
-
+
2. On the **New** page, select **Databases** and then select **Azure Cache for Redis**. :::image type="content" source="media/cache-private-link/2-select-cache.png" alt-text="Select Azure Cache for Redis."::: 3. On the **New Redis Cache** page, configure the settings for your new premium cache.
-
+
| Setting | Suggested value | Description | | | - | -- |
- | **DNS name** | Enter a globally unique name. | The cache name must be a string between 1 and 63 characters that contain only numbers, letters, or hyphens. The name must start and end with a number or letter, and can't contain consecutive hyphens. Your cache instance's *host name* will be *\<DNS name>.redis.cache.windows.net*. |
- | **Subscription** | Drop-down and select your subscription. | The subscription under which to create this new Azure Cache for Redis instance. |
- | **Resource group** | Drop-down and select a resource group, or select **Create new** and enter a new resource group name. | Name for the resource group in which to create your cache and other resources. By putting all your app resources in one resource group, you can easily manage or delete them together. |
+ | **DNS name** | Enter a globally unique name. | The cache name must be a string between 1 and 63 characters that contain only numbers, letters, or hyphens. The name must start and end with a number or letter, and can't contain consecutive hyphens. Your cache instance's *host name* will be *\<DNS name>.redis.cache.windows.net*. |
+ | **Subscription** | Drop-down and select your subscription. | The subscription under which to create this new Azure Cache for Redis instance. |
+ | **Resource group** | Drop-down and select a resource group, or select **Create new** and enter a new resource group name. | Name for the resource group in which to create your cache and other resources. By putting all your app resources in one resource group, you can easily manage or delete them together. |
| **Location** | Drop-down and select a location. | Select a [region](https://azure.microsoft.com/regions/) near other services that will use your cache. | | **Cache type** | Drop-down and select a premium cache to configure premium features. For details, see [Azure Cache for Redis pricing](https://azure.microsoft.com/pricing/details/cache/). | The pricing tier determines the size, performance, and features that are available for the cache. For more information, see [Azure Cache for Redis Overview](cache-overview.md). |
-4. Select the **Networking** tab or click the **Networking** button at the bottom of the page.
+4. Select the **Networking** tab or select the **Networking** button at the bottom of the page.
-5. In the **Networking** tab, select your connectivity method. For premium cache instances, you can connect either publicly, via Public IP addresses or service endpoints, or privately, using a private endpoint.
+5. In the **Networking** tab, select your connectivity method. For premium cache instances, you connect either publicly, via Public IP addresses or service endpoints. You connect privately using a private endpoint.
-6. Select the **Next: Advanced** tab or click the **Next: Advanced** button on the bottom of the page.
+6. Select the **Next: Advanced** tab or select the **Next: Advanced** button on the bottom of the page.
-7. In the **Advanced** tab for a premium cache instance, configure the settings for non-TLS port, clustering, and data persistence. For data persistence, you can choose either **RDB** or **AOF** persistence.
+7. In the **Advanced** tab for a premium cache instance, configure the settings for non-TLS port, clustering, and data persistence. For data persistence, you can choose either **RDB** or **AOF** persistence.
-8. To enable RDB persistence, click **RDB** and configure the settings.
-
+8. To enable RDB persistence, select **RDB** and configure the settings.
+
| Setting | Suggested value | Description | | | - | -- |
- | **Backup Frequency** | Drop-down and select a backup interval, choices include **15 Minutes**, **30 minutes**, **60 minutes**, **6 hours**, **12 hours**, and **24 hours**. | This interval starts counting down after the previous backup operation successfully completes and when it elapses a new backup is initiated. |
- | **Storage Account** | Drop-down and select your storage account. | You must choose a storage account in the same region and subscription as the cache, and a **Premium Storage** account is recommended because premium storage has higher throughput. |
- | **Storage Key** | Drop-down and choose either the **Primary key** or **Secondary key** to use. | If the storage key for your persistence account is regenerated, you must reconfigure the desired key from the **Storage Key** drop-down. |
+ | **Backup Frequency** | Drop-down and select a backup interval. Choices include **15 Minutes**, **30 minutes**, **60 minutes**, **6 hours**, **12 hours**, and **24 hours**. | This interval starts counting down after the previous backup operation successfully completes and when it elapses a new backup starts. |
+ | **Storage Account** | Drop-down and select your storage account. | Choose a storage account in the same region and subscription as the cache, and a **Premium Storage** account is recommended because premium storage has higher throughput. |
+ | **Storage Key** | Drop-down and choose either the **Primary key** or **Secondary key** to use. | If the storage key for your persistence account is regenerated, you must reconfigure the key from the **Storage Key** drop-down. |
- The first backup is initiated once the backup frequency interval elapses.
-
+ The first backup starts once the backup frequency interval elapses.
+
> [!NOTE] > When RDB files are backed up to storage, they are stored in the form of page blobs.
+
+9. To enable AOF persistence, select **AOF** and configure the settings.
-9. To enable AOF persistence, click **AOF** and configure the settings.
-
| Setting | Suggested value | Description | | | - | -- |
- | **First Storage Account** | Drop-down and select your storage account. | This storage account must be in the same region and subscription as the cache, and a **Premium Storage** account is recommended because premium storage has higher throughput. |
- | **First Storage Key** | Drop-down and choose either the **Primary key** or **Secondary key** to use. | If the storage key for your persistence account is regenerated, you must reconfigure the desired key from the **Storage Key** drop-down. |
- | **Second Storage Account** | (Optional) Drop-down and select your secondary storage account. | You can optionally configure an additional storage account. If a second storage account is configured, the writes to the replica cache are written to this second storage account. |
- | **Second Storage Key** | (Optional) Drop-down and choose either the **Primary key** or **Secondary key** to use. | If the storage key for your persistence account is regenerated, you must reconfigure the desired key from the **Storage Key** drop-down. |
+ | **First Storage Account** | Drop-down and select your storage account. | This storage account must be in the same region and subscription as the cache, and a **Premium Storage** account is recommended because of the higher throughput of premium storage. |
+ | **First Storage Key** | Drop-down and choose either the **Primary key** or **Secondary key** to use. | If the storage key for your persistence account is regenerated, you must reconfigure the key from the **Storage Key** drop-down. |
+ | **Second Storage Account** | (Optional) Drop-down and select your secondary storage account. | You can optionally configure another storage account. If a second storage account is configured, the writes to the replica cache are written to this second storage account. |
+ | **Second Storage Key** | (Optional) Drop-down and choose either the **Primary key** or **Secondary key** to use. | If the storage key for your persistence account is regenerated, you must reconfigure the key from the **Storage Key** drop-down. |
- When AOF persistence is enabled, write operations to the cache are saved to the designated storage account (or accounts if you have configured a second storage account). In the event of a catastrophic failure that takes down both the primary and replica cache, the stored AOF log is used to rebuild the cache.
+ With AOF persistence enabled, write operations to the cache are saved to the named storage account (or accounts if you've configured a second storage account). If there's a catastrophic failure that takes down both the primary and replica cache, the stored AOF log is used to rebuild the cache.
-10. Select the **Next: Tags** tab or click the **Next: Tags** button at the bottom of the page.
+10. Select the **Next: Tags** tab or select the **Next: Tags** button at the bottom of the page.
-11. Optionally, in the **Tags** tab, enter the name and value if you wish to categorize the resource.
+11. Optionally, in the **Tags** tab, enter the name and value if you wish to categorize the resource.
12. Select **Review + create**. You're taken to the Review + create tab where Azure validates your configuration. 13. After the green Validation passed message appears, select **Create**.
-It takes a while for the cache to create. You can monitor progress on the Azure Cache for Redis **Overview** page. When **Status** shows as **Running**, the cache is ready to use.
+It takes a while for the cache to create. You can monitor progress on the Azure Cache for Redis **Overview** page. When **Status** shows as **Running**, the cache is ready to use.
## Persistence FAQ+ The following list contains answers to commonly asked questions about Azure Cache for Redis persistence. * [Can I enable persistence on a previously created cache?](#can-i-enable-persistence-on-a-previously-created-cache) * [Can I enable AOF and RDB persistence at the same time?](#can-i-enable-aof-and-rdb-persistence-at-the-same-time) * [Which persistence model should I choose?](#which-persistence-model-should-i-choose)
-* [What happens if I have scaled to a different size and a backup is restored that was made before the scaling operation?](#what-happens-if-i-have-scaled-to-a-different-size-and-a-backup-is-restored-that-was-made-before-the-scaling-operation)
+* [What happens if I've scaled to a different size and a backup is restored that was made before the scaling operation?](#what-happens-if-ive-scaled-to-a-different-size-and-a-backup-is-restored-that-was-made-before-the-scaling-operation)
* [Can I use the same storage account for persistence across two different caches?](#can-i-use-the-same-storage-account-for-persistence-across-two-different-caches) * [Will I be charged for the storage being used in Data Persistence](#will-i-be-charged-for-the-storage-being-used-in-data-persistence) ### RDB persistence+ * [Can I change the RDB backup frequency after I create the cache?](#can-i-change-the-rdb-backup-frequency-after-i-create-the-cache)
-* [Why if I have an RDB backup frequency of 60 minutes there is more than 60 minutes between backups?](#why-if-i-have-an-rdb-backup-frequency-of-60-minutes-there-is-more-than-60-minutes-between-backups)
+* [Why is there more than 60 minutes between backups when I have an RDB backup frequency of 60 minutes?](#why-is-there-more-than-60-minutes-between-backups-when-i-have-an-rdb-backup-frequency-of-60-minutes)
* [What happens to the old RDB backups when a new backup is made?](#what-happens-to-the-old-rdb-backups-when-a-new-backup-is-made) ### AOF persistence+ * [When should I use a second storage account?](#when-should-i-use-a-second-storage-account) * [Does AOF persistence affect throughout, latency, or performance of my cache?](#does-aof-persistence-affect-throughout-latency-or-performance-of-my-cache) * [How can I remove the second storage account?](#how-can-i-remove-the-second-storage-account)
The following list contains answers to commonly asked questions about Azure Cach
* [What should I expect when scaling a cache with AOF enabled?](#what-should-i-expect-when-scaling-a-cache-with-aof-enabled) * [How is my AOF data organized in storage?](#how-is-my-aof-data-organized-in-storage) - ### Can I enable persistence on a previously created cache?+ Yes, Redis persistence can be configured both at cache creation and on existing premium caches. ### Can I enable AOF and RDB persistence at the same time?
-No, you can enable only RDB or AOF, but not both at the same time.
+No, you can enable RDB or AOF, but not both at the same time.
### Which persistence model should I choose?
-AOF persistence saves every write to a log, which has some impact on throughput, compared with RDB persistence which saves backups based on the configured backup interval, with minimal impact on performance. Choose AOF persistence if your primary goal is to minimize data loss, and you can handle a decrease in throughput for your cache. Choose RDB persistence if you wish to maintain optimal throughput on your cache, but still want a mechanism for data recovery.
+AOF persistence saves every write to a log, which has a significant effect on throughput. Compared AOF with RDB persistence, which saves backups based on the configured backup interval with minimal effect to performance. Choose AOF persistence if your primary goal is to minimize data loss, and you can handle a lower throughput for your cache. Choose RDB persistence if you wish to maintain optimal throughput on your cache, but still want a mechanism for data recovery.
* Learn more about the [advantages](https://redis.io/topics/persistence#rdb-advantages) and [disadvantages](https://redis.io/topics/persistence#rdb-disadvantages) of RDB persistence. * Learn more about the [advantages](https://redis.io/topics/persistence#aof-advantages) and [disadvantages](https://redis.io/topics/persistence#aof-disadvantages) of AOF persistence. For more information on performance when using AOF persistence, see [Does AOF persistence affect throughout, latency, or performance of my cache?](#does-aof-persistence-affect-throughout-latency-or-performance-of-my-cache)
-### What happens if I have scaled to a different size and a backup is restored that was made before the scaling operation?
+### What happens if I've scaled to a different size and a backup is restored that was made before the scaling operation?
For both RDB and AOF persistence:
-* If you have scaled to a larger size, there is no impact.
-* If you have scaled to a smaller size, and you have a custom [databases](cache-configure.md#databases) setting that is greater than the [databases limit](cache-configure.md#databases) for your new size, data in those databases isn't restored. For more information, see [Is my custom databases setting affected during scaling?](cache-how-to-scale.md#is-my-custom-databases-setting-affected-during-scaling)
-* If you have scaled to a smaller size, and there isn't enough room in the smaller size to hold all of the data from the last backup, keys will be evicted during the restore process, typically using the [allkeys-lru](https://redis.io/topics/lru-cache) eviction policy.
+* If you've scaled to a larger size, there's no effect.
+* If you've scaled to a smaller size, and you have a custom [databases](cache-configure.md#databases) setting that is greater than the [databases limit](cache-configure.md#databases) for your new size, data in those databases isn't restored. For more information, see [Is my custom databases setting affected during scaling?](cache-how-to-scale.md#is-my-custom-databases-setting-affected-during-scaling)
+* If you've scaled to a smaller size, and there isn't enough room in the smaller size to hold all of the data from the last backup, keys are evicted during the restore process. Typically, keys are evicted using the [allkeys-lru](https://redis.io/topics/lru-cache) eviction policy.
### Can I use the same storage account for persistence across two different caches?+ Yes, you can use the same storage account for persistence across two different caches ### Can I change the RDB backup frequency after I create the cache?
-Yes, you can change the backup frequency for RDB persistence on the **Data persistence** blade. For instructions, see Configure Redis persistence.
-### Why if I have an RDB backup frequency of 60 minutes there is more than 60 minutes between backups?
-The RDB persistence backup frequency interval does not start until the previous backup process has completed successfully. If the backup frequency is 60 minutes and it takes a backup process 15 minutes to successfully complete, the next backup won't start until 75 minutes after the start time of the previous backup.
+Yes, you can change the backup frequency for RDB persistence on the **Data persistence** on the left. For instructions, see Configure Redis persistence.
+
+### Why is there more than 60 minutes between backups when I have an RDB backup frequency of 60 minutes?
+
+The RDB persistence backup frequency interval doesn't start until the previous backup process has completed successfully. If the backup frequency is 60 minutes and it takes a backup process 15 minutes to complete, the next backup won't start until 75 minutes after the start time of the previous backup.
### What happens to the old RDB backups when a new backup is made?
-All RDB persistence backups except for the most recent one are automatically deleted. This deletion may not happen immediately but older backups are not persisted indefinitely.
+All RDB persistence backups, except for the most recent one, are automatically deleted. This deletion might not happen immediately, but older backups aren't persisted indefinitely.
### When should I use a second storage account?
-You should use a second storage account for AOF persistence when you believe you have higher than expected set operations on the cache. Setting up the secondary storage account helps ensure your cache doesn't reach storage bandwidth limits.
+Use a second storage account for AOF persistence when you believe you have higher than expected set operations on the cache. Setting up the secondary storage account helps ensure your cache doesn't reach storage bandwidth limits.
### Does AOF persistence affect throughout, latency, or performance of my cache?
-AOF persistence affects throughput by about 15% ΓÇô 20% when the cache is below maximum load (CPU and Server Load both under 90%). There should not be latency issues when the cache is within these limits. However, the cache will reach these limits sooner with AOF enabled.
+AOF persistence affects throughput by about 15% ΓÇô 20% when the cache is below maximum load (CPU and Server Load both under 90%). There shouldn't be latency issues when the cache is within these limits. However, the cache will reach these limits sooner with AOF enabled.
### How can I remove the second storage account?
-You can remove the AOF persistence secondary storage account by setting the second storage account to be the same as the first storage account. For existing caches, the **Data persistence** blade is accessed from the **Resource menu** for your cache. To disable AOF persistence, click **Disabled**.
+You can remove the AOF persistence secondary storage account by setting the second storage account to be the same as the first storage account. For existing caches, the **Data persistence** on the left is accessed from the **Resource menu** for your cache. To disable AOF persistence, select **Disabled**.
### What is a rewrite and how does it affect my cache?
-When the AOF file becomes large enough, a rewrite is automatically queued on the cache. The rewrite resizes the AOF file with the minimal set of operations needed to create the current data set. During rewrites, expect to reach performance limits sooner especially when dealing with large datasets. Rewrites occur less often as the AOF file becomes larger, but will take a significant amount of time when it happens.
+When the AOF file becomes large enough, a rewrite is automatically queued on the cache. The rewrite resizes the AOF file with the minimal set of operations needed to create the current data set. During rewrites, you can expect to reach performance limits sooner, especially when dealing with large datasets. Rewrites occur less often as the AOF file becomes larger, but will take a significant amount of time when it happens.
### What should I expect when scaling a cache with AOF enabled?
-If the AOF file at the time of scaling is significantly large, then expect the scale operation to take longer than expected since it will be reloading the file after scaling has finished.
+If the AOF file at the time of scaling is significantly large, then expect the scale operation to take longer than expected because it will be reloading the file after scaling has finished.
-For more information on scaling, see [What happens if I have scaled to a different size and a backup is restored that was made before the scaling operation?](#what-happens-if-i-have-scaled-to-a-different-size-and-a-backup-is-restored-that-was-made-before-the-scaling-operation)
+For more information on scaling, see [What happens if I've scaled to a different size and a backup is restored that was made before the scaling operation?](#what-happens-if-ive-scaled-to-a-different-size-and-a-backup-is-restored-that-was-made-before-the-scaling-operation)
### How is my AOF data organized in storage?
Data stored in AOF files is divided into multiple page blobs per node to increas
| P3 | 16 per shard | | P4 | 20 per shard |
-When clustering is enabled, each shard in the cache has its own set of page blobs, as indicated in the previous table. For example, a P2 cache with three shards distributes its AOF file across 24 page blobs (8 blobs per shard, with 3 shards).
+When clustering is enabled, each shard in the cache has its own set of page blobs, as indicated in the previous table. For example, a P2 cache with three shards distributes its AOF file across 24 page blobs (eight blobs per shard, with three shards).
-After a rewrite, two sets of AOF files exist in storage. Rewrites occur in the background and append to the first set of files, while set operations that are sent to the cache during the rewrite append to the second set. A backup is temporarily stored during rewrites in case of failure, but is promptly deleted after a rewrite finishes.
+After a rewrite, two sets of AOF files exist in storage. Rewrites occur in the background and append to the first set of files. Set operations, sent to the cache during the rewrite, append to the second set. A backup is temporarily stored during rewrites if there's a failure. The backup is promptly deleted after a rewrite finishes.
### Will I be charged for the storage being used in Data Persistence?
-Yes, you will be charged for the storage being used as per the pricing model of the storage account being used.
-
+Yes, you'll be charged for the storage being used as per the pricing model of the storage account being used.
## Next steps+ Learn more about Azure Cache for Redis features. * [Azure Cache for Redis Premium service tiers](cache-overview.md#service-tiers)
azure-cache-for-redis Policy Reference https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-cache-for-redis/policy-reference.md
Title: Built-in policy definitions for Azure Cache for Redis description: Lists Azure Policy built-in policy definitions for Azure Cache for Redis. These built-in policy definitions provide common approaches to managing your Azure resources. Previously updated : 05/04/2021 Last updated : 05/14/2021
azure-cache-for-redis Security Controls Policy https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-cache-for-redis/security-controls-policy.md
Title: Azure Policy Regulatory Compliance controls for Azure Cache for Redis description: Lists Azure Policy Regulatory Compliance controls available for Azure Cache for Redis. These built-in policy definitions provide common approaches to managing the compliance of your Azure resources. Previously updated : 05/04/2021 Last updated : 05/14/2021
azure-functions Deploy https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-functions/start-stop-vms/deploy.md
Title: Deploy Start/Stop VMs v2 (preview) description: This article tells how to deploy the Start/Stop VMs v2 (preview) feature for your Azure VMs in your Azure subscription. -+ Last updated 03/29/2021
azure-functions Manage https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-functions/start-stop-vms/manage.md
Title: Manage Start/Stop VMs v2 (preview) description: This article tells how to monitor status of your Azure VMs managed by the Start/Stop VMs v2 (preview) feature and perform other management tasks. -+ Last updated 03/16/2021
azure-functions Overview https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-functions/start-stop-vms/overview.md
Title: Start/Stop VMs v2 (preview) overview
description: This article describes version two of the Start/Stop VMs (preview) feature, which starts or stops Azure Resource Manager and classic VMs on a schedule. -+ Last updated 03/29/2021
azure-functions Remove https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-functions/start-stop-vms/remove.md
Title: Remove Start/Stop VMs v2 (preview) overview description: This article describes how to remove the Start/Stop VMs v2 (preview) feature. -+ Last updated 03/30/2021
azure-functions Troubleshoot https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-functions/start-stop-vms/troubleshoot.md
Title: Troubleshoot Start/Stop VMs (preview) description: This article tells how to troubleshoot issues encountered with the Start/Stop VMs (preview) feature for your Azure VMs. -+ Last updated 03/31/2021
azure-government Azure Services In Fedramp Auditscope https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-government/compliance/azure-services-in-fedramp-auditscope.md
Title: Azure Services in FedRAMP and DoD SRG Audit Scope
description: This article contains tables for Azure Public and Azure Government that illustrate what FedRAMP (Moderate vs. High) and DoD SRG (Impact level 2, 4, 5 or 6) audit scope a given service has reached. Previously updated : 04/01/2021 Last updated : 05/13/2021
This article provides a detailed list of in-scope cloud services across Azure Pu
* Planned 2021 = indicates the service will be reviewed by 3PAO and JAB in 2021. Once the service is authorized, status will be updated ## Azure public services by audit scope
-| _Last Updated: April 2021_ |
+| _Last Updated: May 2021_ |
| Azure Service| DoD CC SRG IL 2 | FedRAMP Moderate | FedRAMP High | Planned 2021 | | |::|:-:|::|::|
This article provides a detailed list of in-scope cloud services across Azure Pu
**&ast;&ast;** FedRAMP High certification for Azure Databricks is applicable for limited regions in Azure Commercial. To configure Azure Databricks for FedRAMP High use, please reach out to your Microsoft or Databricks Representative. ## Azure Government services by audit scope
-| _Last Updated: April 2021_ |
+| _Last Updated: May 2021_ |
| Azure Service | DoD CC SRG IL 2 | DoD CC SRG IL 4 | DoD CC SRG IL 5 (Azure Gov)**&ast;** | DoD CC SRG IL 5 (Azure DoD) **&ast;&ast;** | FedRAMP High | DoD CC SRG IL 6 | - |::|::|::|::|::|::
This article provides a detailed list of in-scope cloud services across Azure Pu
| [Microsoft Azure portal](https://azure.microsoft.com/features/azure-portal/) | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark:| :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | | [Microsoft Cloud App Security](/cloud-app-security/what-is-cloud-app-security)| :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | | :heavy_check_mark: | | [Microsoft Defender for Endpoint](/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection) | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
+| [Microsoft 365 Defender](https://docs.microsoft.com/microsoft-365/security/defender/microsoft-365-defender?view=o365-worldwide) | :heavy_check_mark: | | | | :heavy_check_mark: |
| [Microsoft Graph](/graph/overview) | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | | [Microsoft PowerApps](/powerapps/powerapps-overview) | :heavy_check_mark: | :heavy_check_mark: | | :heavy_check_mark: | :heavy_check_mark: | | [Microsoft PowerApps Portal](https://powerapps.microsoft.com/portals/) | :heavy_check_mark: | :heavy_check_mark: | | :heavy_check_mark: | :heavy_check_mark: |
This article provides a detailed list of in-scope cloud services across Azure Pu
| [Notification Hubs](https://azure.microsoft.com/services/notification-hubs/) | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | | :heavy_check_mark: | | [Power BI](https://powerbi.microsoft.com/) | :heavy_check_mark: | :heavy_check_mark: | | :heavy_check_mark: | :heavy_check_mark: | | [Power BI Embedded](https://azure.microsoft.com/services/power-bi-embedded/) | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
+| [Power Virtual Agents](/power-virtual-agents/fundamentals-what-is-power-virtual-agents) | :heavy_check_mark: | | | | :heavy_check_mark: |
| [Redis Cache](https://azure.microsoft.com/services/cache/) | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | | [Scheduler](../../scheduler/scheduler-intro.md) | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | | [Service Bus](https://azure.microsoft.com/services/service-bus/) | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
azure-government Documentation Government Csp List https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-government/documentation-government-csp-list.md
Below you can find a list of all the authorized Cloud Solution Providers, AOS-G
|[Alliance Enterprises, Inc.](https://www.allianceenterprises.com)| |[Alvarez Technology Group](https://www.alvareztg.com/)| |[Amalgama Technologies Inc](http://amalgamatetech.com/)|
-|[Ambonare](https://www.redriver.com/ambonare)|
+|[Ambonare](https://redriver.com/press-release/austinacquisition)|
|[American Technology Services](https://networkats.com/)| |[Anautics](https://anautics.com)| |[APEX TECHNOLOGY MANAGEMENT INC](https://www.apex.com)|
azure-monitor Api Custom Events Metrics https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/app/api-custom-events-metrics.md
If you don't have a reference on Application Insights SDK yet:
* [ASP.NET project](./asp-net.md) * [ASP.NET Core project](./asp-net-core.md)
- * [Java project](./java-get-started.md)
+ * [Java project](./java-in-process-agent.md)
* [Node.js project](./nodejs.md) * [JavaScript in each webpage](./javascript.md) * In your device or web server code, include:
Get an instance of `TelemetryClient` (except in JavaScript in webpages):
For [ASP.NET Core](asp-net-core.md#how-can-i-track-telemetry-thats-not-automatically-collected) apps and [Non HTTP/Worker for .NET/.NET Core](worker-service.md#how-can-i-track-telemetry-thats-not-automatically-collected) apps, it is recommended to get an instance of `TelemetryClient` from the dependency injection container as explained in their respective documentation.
-If you use AzureFunctions v2+ or Azure WebJobs v3+ - follow this document: https://docs.microsoft.com/azure/azure-functions/functions-monitoring#version-2x-and-higher
+If you use AzureFunctions v2+ or Azure WebJobs v3+ - follow [this document](../../azure-functions/functions-monitoring.md).
*C#*
catch (ex)
The SDKs catch many exceptions automatically, so you don't always have to call TrackException explicitly. * ASP.NET: [Write code to catch exceptions](./asp-net-exceptions.md).
-* Java EE: [Exceptions are caught automatically](./java-get-started.md#exceptions-and-request-failures).
+* Java EE: [Exceptions are caught automatically](./java-in-process-agent.md).
* JavaScript: Exceptions are caught automatically. If you want to disable automatic collection, add a line to the code snippet that you insert in your webpages: ```javascript
Use TrackTrace to help diagnose problems by sending a "breadcrumb trail" to Appl
In .NET [Log adapters](./asp-net-trace-logs.md) use this API to send third-party logs to the portal.
-In Java for [Standard loggers like Log4J, Logback](./java-trace-logs.md) use Application Insights Log4j or Logback Appenders to send third-party logs to the portal.
+In Java, the [Application Insights Java agent](java-in-process-agent.md) auto-collects and sends logs to the portal.
*C#*
finally
Remember that the server SDKs include a [dependency module](./asp-net-dependencies.md) that discovers and tracks certain dependency calls automatically--for example, to databases and REST APIs. You have to install an agent on your server to make the module work.
-In Java, certain dependency calls can be automatically tracked using [Java Agent](./java-agent.md).
+In Java, many dependency calls can be automatically tracked using the
+[Application Insights Java agent](java-in-process-agent.md).
-You use this call if you want to track calls that the automated tracking doesn't catch, or if you don't want to install the agent.
+You use this call if you want to track calls that the automated tracking doesn't catch.
-To turn off the standard dependency-tracking module in C#, edit [ApplicationInsights.config](./configuration-with-applicationinsights-config.md) and delete the reference to `DependencyCollector.DependencyTrackingTelemetryModule`. In Java, please do not install java agent if you do not want to collect standard dependencies automatically.
+To turn off the standard dependency-tracking module in C#, edit [ApplicationInsights.config](./configuration-with-applicationinsights-config.md) and delete the reference to `DependencyCollector.DependencyTrackingTelemetryModule`. For Java, see
+[suppressing specific auto-collected telemetry](./java-standalone-config.md#suppressing-specific-auto-collected-telemetry).
### Dependencies in Analytics
azure-monitor App Insights Overview https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/app/app-insights-overview.md
There are several ways to get started. Begin with whichever works best for you.
* [ASP.NET Applications](./asp-net.md) * [ASP.NET Core Applications](./asp-net-core.md) * [.NET Console Applications](./console.md)
- * [Java](./java-get-started.md)
+ * [Java](./java-in-process-agent.md)
* [Node.js](./nodejs.md) * [Python](./opencensus-python.md) * [Other platforms](./platforms.md)
Get started at development time with:
* [ASP.NET](./asp-net.md) * [ASP.NET Core](./asp-net-core.md)
-* [Java](./java-get-started.md)
+* [Java](./java-in-process-agent.md)
* [Node.js](./nodejs.md) * [Python](./opencensus-python.md) * [JavaScript](./javascript.md)
Get started at development time with:
[desktop]: ./windows-desktop.md [greenbrown]: ./asp-net.md [ios]: ../app/mobile-center-quickstart.md
-[java]: ./java-get-started.md
+[java]: ./java-in-process-agent.md
[knowUsers]: app-insights-web-track-usage.md [platforms]: ./platforms.md [portal]: https://portal.azure.com/
azure-monitor Asp Net Trace Logs https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/app/asp-net-trace-logs.md
You can, for example:
### How do I do this for Java? In Java codeless instrumentation (recommended) the logs are collected out of the box, use [Java 3.0 agent](./java-in-process-agent.md).
-If you are using the Java SDK, use the [Java log adapters](./java-trace-logs.md).
+If you are using the Java SDK, use the [Java log adapters](java-2x-trace-logs.md).
### There's no Application Insights option on the project context menu * Make sure that Developer Analytics Tools is installed on the development machine. At Visual Studio **Tools** > **Extensions and Updates**, look for **Developer Analytics Tools**. If it isn't on the **Installed** tab, open the **Online** tab and install it.
azure-monitor Asp Net Troubleshoot No Data https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/app/asp-net-troubleshoot-no-data.md
The data comes from scripts in the web pages.
See [dependency telemetry](./asp-net-dependencies.md) and [exception telemetry](asp-net-exceptions.md). ## No performance data
-Performance data (CPU, IO rate, and so on) is available for [Java web services](./java-collectd.md), [Windows desktop apps](./windows-desktop.md), [IIS web apps and services if you install status monitor](./monitor-performance-live-website-now.md), and [Azure Cloud Services](./app-insights-overview.md). you'll find it under Settings, Servers.
+Performance data (CPU, IO rate, and so on) is available for [Java web services](java-2x-collectd.md), [Windows desktop apps](./windows-desktop.md), [IIS web apps and services if you install status monitor](./monitor-performance-live-website-now.md), and [Azure Cloud Services](./app-insights-overview.md). you'll find it under Settings, Servers.
## No (server) data since I published the app to my server * Check that you actually copied all the Microsoft. ApplicationInsights DLLs to the server, together with Microsoft.Diagnostics.Instrumentation.Extensions.Intercept.dll
azure-monitor Auto Collect Dependencies https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/app/auto-collect-dependencies.md
Below is the currently supported list of dependency calls that are automatically
> [!NOTE] > *Except reactive programing support.
-> <br>ΓÇáRequires installation of [JVM Agent](./java-agent.md#install-the-application-insights-agent-for-java).
+> <br>ΓÇáRequires installation of [JVM Agent](java-2x-agent.md#install-the-application-insights-agent-for-java).
## Node.js
Below is the currently supported list of dependency calls that are automatically
## Next steps - Set up custom dependency tracking for [.NET](./asp-net-dependencies.md).-- Set up custom dependency tracking for [Java](./java-agent.md).
+- Set up custom dependency tracking for [Java](java-2x-agent.md).
- Set up custom dependency tracking for [OpenCensus Python](./opencensus-python-dependency.md). - [Write custom dependency telemetry](./api-custom-events-metrics.md#trackdependency) - See [data model](./data-model.md) for Application Insights types and data model.
azure-monitor Availability Private Test https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/app/availability-private-test.md
+
+ Title: Private availability testing - Azure Monitor Application Insights
+description: Learn how to use availability tests on internal servers that run behind a firewall with private testing.
+ Last updated : 05/14/2021+++
+# Private testing
+
+If you want to use availability tests on internal servers that run behind a firewall, there are two possible solutions: public ping test enablement and disconnected/no ingress scenarios.
+
+## Public ping test enablement
+
+> [!NOTE]
+> If you donΓÇÖt want to allow any ingress to your environment, then use the method in the [Disconnected or no ingress scenarios](#disconnected-or-no-ingress-scenarios) section.
+
+ Ensure you have a public DNS record for your internal website. The test will fail if the DNS cannot be resolved. [Create a custom domain name for internal application.](../../cloud-services/cloud-services-custom-domain-name-portal.md#add-an-a-record-for-your-custom-domain)
+
+Configure your firewall to permit incoming requests from our service.
+
+- [Service tags](../../virtual-network/service-tags-overview.md) are a simple way to enable Azure services without having to authorize individual IPs or maintain an up-to-date list. Service tags can be used across Azure Firewall and Network Security Groups to allow our service access. **ApplicationInsightsAvailability** is the Service tag dedicated to our ping testing service.
+ 1. If you are using [Azure Network Security Groups](../../virtual-network/network-security-groups-overview.md), go to your Network Security group resource and select **inbound security rules** under *Settings* then select **Add**.
+
+ :::image type="content" source="media/availability-private-test/add.png" alt-text="Screenshot of the inbound security rules tab in the network security group resource.":::
+
+ 1. Next, select *Service Tag* as the source and *ApplicationInsightsAvailability* as the source service tag. Use open ports 80 (http) and 443 (https) for incoming traffic from the service tag.
+
+ :::image type="content" source="media/availability-private-test/service-tag.png" alt-text="Screenshot of the Add inbound security rules tab with a source of service tag.":::
+
+- If your endpoints are hosted outside of Azure or Service Tags aren't available for your scenario, then you'll need to individually allowlist the [IP addresses of our web test agents](ip-addresses.md). You can query the IP ranges directly from PowerShell, Azure CLI, or a REST call using the [Service tag API](../../virtual-network/service-tags-overview.md#use-the-service-tag-discovery-api-public-preview) You can also download a [JSON file](../../virtual-network/service-tags-overview.md#discover-service-tags-by-using-downloadable-json-files) to get a list of current service tags with IP addresses details.
+ 1. In your Network Security group resource and select **inbound security rules** under *Settings*, then select **Add**.
+ 1. Next, select *IP Addresses* as your source then add your IP addresses in a comma delimited list in source IP address/CIRD ranges.
+
+ :::image type="content" source="media/availability-private-test/ip-addresses.png" alt-text="Screenshot of the Add inbound security rules tab with a source of IP addresses.":::
+
+## Disconnected or no ingress scenarios
+
+Your test server will need to have outgoing access to the Application Insights ingestion endpoint, which is a significantly lower security risk than the alternative of permitting incoming requests. The results will appear in the availability web tests tab with a simplified experience from what is available for test created via the Azure portal. Custom availability test will also appear as availability results in Analytics, Search, and Metrics.
+
+1. Connect your Application Insights resource and disconnected environment using [Azure Private Link](../logs/private-link-security.md)
+1. Write custom code to periodically test your internal server or endpoints. You can run the code using [Azure Functions](availability-azure-functions.md) or a background process on a test server behind your firewall. Your test process can send its results to Application Insights by using the `TrackAvailability()` API in the core SDK package.
+
+## Troubleshooting
+
+Dedicated [troubleshooting article](troubleshoot-availability.md).
+
+## Next steps
+
+* [Azure Private Link](../logs/private-link-security.md)
+* [Availability Alerts](availability-alerts.md)
+* [URL tests](monitor-web-app-availability.md)
+* [Create and run custom availability tests using Azure Functions](availability-azure-functions.md)
azure-monitor Code Sample Export Sql Stream Analytics https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/app/code-sample-export-sql-stream-analytics.md
To get started:
1. [Set up Application Insights for your web pages](./javascript.md).
- (In this example, we'll focus on processing page view data from the client browsers, but you could also set up Application Insights for the server side of your [Java](./java-get-started.md) or [ASP.NET](./asp-net.md) app and process request, dependency and other server telemetry.)
+ (In this example, we'll focus on processing page view data from the client browsers, but you could also set up Application Insights for the server side of your [Java](./java-in-process-agent.md) or [ASP.NET](./asp-net.md) app and process request, dependency and other server telemetry.)
2. Publish your app, and watch telemetry data appearing in your Application Insights resource. ## Create storage in Azure
azure-monitor Correlation https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/app/correlation.md
The Application Insights .NET SDK uses `DiagnosticSource` and `Activity` to coll
<a name="java-correlation"></a> ## Telemetry correlation in Java
-[Java agent](./java-in-process-agent.md) as well as [Java SDK](../../azure-monitor/app/java-get-started.md) version 2.0.0 or later supports automatic correlation of telemetry. It automatically populates `operation_id` for all telemetry (like traces, exceptions, and custom events) issued within the scope of a request. It also propagates the correlation headers (described earlier) for service-to-service calls via HTTP, if the [Java SDK agent](../../azure-monitor/app/java-agent.md) is configured.
+[Java agent](./java-in-process-agent.md) supports automatic correlation of telemetry. It automatically populates `operation_id` for all telemetry (like traces, exceptions, and custom events) issued within the scope of a request. It also propagates the correlation headers (described earlier) for service-to-service calls via HTTP, if the [Java SDK agent](java-2x-agent.md) is configured.
> [!NOTE] > Application Insights Java agent auto-collects requests and dependencies for JMS, Kafka, Netty/Webflux, and more. For Java SDK only calls made via Apache HttpClient are supported for the correlation feature. Automatic context propagation across messaging technologies (like Kafka, RabbitMQ, and Azure Service Bus) isn't supported in the SDK.
azure-monitor Create Workspace Resource https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/app/create-workspace-resource.md
For code-based application monitoring, you would just install the appropriate Ap
For detailed documentation on setting up an Application Insights SDK for code-based monitoring consult the language/framework specific documentation: - [ASP.NET](./asp-net.md)-- [ASP.NET Core ](./asp-net-core.md)
+- [ASP.NET Core](./asp-net-core.md)
- [Background tasks & modern console applications (.NET/.NET Core)](./worker-service.md) - [Classic console applications (.NET)](./console.md) -- [Java ](./java-get-started.md?tabs=maven)
+- [Java](./java-in-process-agent.md)
- [JavaScript](./javascript.md) - [Node.js](./nodejs.md) - [Python](./opencensus-python.md)
azure-monitor Data Model Dependency Telemetry https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/app/data-model-dependency-telemetry.md
Indication of successful or unsuccessful call.
## Next steps - Set up dependency tracking for [.NET](./asp-net-dependencies.md).-- Set up dependency tracking for [Java](./java-agent.md).
+- Set up dependency tracking for [Java](java-2x-agent.md).
- [Write custom dependency telemetry](./api-custom-events-metrics.md#trackdependency) - See [data model](data-model.md) for Application Insights types and data model. - Check out [platforms](./platforms.md) supported by Application Insights.
azure-monitor Data Model Trace Telemetry https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/app/data-model-trace-telemetry.md
Trace severity level. Value can be `Verbose`, `Information`, `Warning`, `Error`,
## Next steps - [Explore .NET trace logs in Application Insights](./asp-net-trace-logs.md).-- [Explore Java trace logs in Application Insights](./java-trace-logs.md).
+- [Explore Java trace logs in Application Insights](java-2x-trace-logs.md).
- See [data model](data-model.md) for Application Insights types and data model. - [Write custom trace telemetry](./api-custom-events-metrics.md#tracktrace) - Check out [platforms](./platforms.md) supported by Application Insights.
azure-monitor Data Retention Privacy https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/app/data-retention-privacy.md
There are three sources of data:
* Each SDK has a number of [modules](./configuration-with-applicationinsights-config.md), which use different techniques to collect different types of telemetry. * If you install the SDK in development, you can use its API to send your own telemetry, in addition to the standard modules. This custom telemetry can include any data you want to send.
-* In some web servers, there are also agents that run alongside the app and send telemetry about CPU, memory, and network occupancy. For example, Azure VMs, Docker hosts, and [Java EE servers](./java-agent.md) can have such agents.
+* In some web servers, there are also agents that run alongside the app and send telemetry about CPU, memory, and network occupancy. For example, Azure VMs, Docker hosts, and [Java EE servers](java-2x-agent.md) can have such agents.
* [Availability tests](./monitor-web-app-availability.md) are processes run by Microsoft that send requests to your web app at regular intervals. The results are sent to the Application Insights service. ### What kinds of data are collected?
This product includes GeoLite2 data created by MaxMind, available from [https://
[client]: ./javascript.md [config]: ./configuration-with-applicationinsights-config.md [greenbrown]: ./asp-net.md
-[java]: ./java-get-started.md
+[java]: ./java-in-process-agent.md
[platforms]: ./platforms.md [pricing]: https://azure.microsoft.com/pricing/details/application-insights/ [redfield]: ./monitor-performance-live-website-now.md
azure-monitor Devops https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/app/devops.md
When an alert is raised, Application Insights can automatically create a work it
Getting started with Application Insights is easy. The main options are: * [IIS servers](./monitor-performance-live-website-now.md), and also for [Azure App Service](./app-insights-overview.md).
-* Instrument your project during development. You can do this for [ASP.NET](./asp-net.md) or [Java](./java-get-started.md) apps, as well as [Node.js](./nodejs.md) and a host of [other types](./platforms.md).
+* Instrument your project during development. You can do this for [ASP.NET](./asp-net.md) or [Java](./java-in-process-agent.md) apps, as well as [Node.js](./nodejs.md) and a host of [other types](./platforms.md).
* Instrument [any web page](./javascript.md) by adding a short code snippet.
azure-monitor Diagnostic Search https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/app/diagnostic-search.md
The first time you do this, you are asked to configure a link to your Azure DevO
In addition to the out-of-the-box telemetry sent by Application Insights SDK, you can:
-* Capture log traces from your favorite logging framework in [.NET](./asp-net-trace-logs.md) or [Java](./java-trace-logs.md). This means you can search through your log traces and correlate them with page views, exceptions, and other events.
+* Capture log traces from your favorite logging framework in [.NET](./asp-net-trace-logs.md) or [Java](java-2x-trace-logs.md). This means you can search through your log traces and correlate them with page views, exceptions, and other events.
* [Write code](./api-custom-events-metrics.md) to send custom events, page views, and exceptions. [Learn how to send logs and custom telemetry to Application Insights](./asp-net-trace-logs.md).
azure-monitor Get Metric https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/app/get-metric.md
Throttling is of particular concern in that like sampling, throttling can lead t
In summary `GetMetric()` is the recommended approach since it does pre-aggregation, it accumulates values from all the Track() calls and sends a summary/aggregate once every minute. This can significantly reduce the cost and performance overhead by sending fewer data points, while still collecting all relevant information. > [!NOTE]
-> Only the .NET and .NET Core SDKs have a GetMetric() method. If you are using Java you can use [Micrometer metrics](./micrometer-java.md) or `TrackMetric()`. For JavaScript and Node.js you would still use `TrackMetric()`, but keep in mind the caveats that were outlined in the previous section. For Python you can use [OpenCensus.stats](./opencensus-python.md#metrics) to send custom metrics but the metrics implementation is different.
+> Only the .NET and .NET Core SDKs have a GetMetric() method. If you are using Java, see [sending custom metrics using micrometer](./java-in-process-agent.md#send-custom-metrics-using-micrometer). For JavaScript and Node.js you would still use `TrackMetric()`, but keep in mind the caveats that were outlined in the previous section. For Python you can use [OpenCensus.stats](./opencensus-python.md#metrics) to send custom metrics but the metrics implementation is different.
## Getting started with GetMetric
azure-monitor How Do I https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/app/how-do-i.md
Among the metrics you can show in metrics explorer are a set of system performan
### If you see no performance counter data * **IIS server** on your own machine or on a VM. [Install Status Monitor](./monitor-performance-live-website-now.md). * **Azure web site** - we don't support performance counters yet. There are several metrics you can get as a standard part of the Azure web site control panel.
-* **Unix server** - [Install collectd](./java-collectd.md)
+* **Unix server** - [Install collectd](java-2x-collectd.md)
### To display more performance counters * First, [add a new chart](../essentials/metrics-charts.md) and see if the counter is in the basic set that we offer.
azure-monitor Java 2X Agent https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/app/java-2x-agent.md
+
+ Title: Java web apps performance monitoring - Azure Application Insights
+description: Extended performance and usage monitoring of your Java website with Application Insights.
+ Last updated : 01/10/2019+++++
+# Monitor dependencies, caught exceptions, and method execution times in Java web apps
+
+> [!CAUTION]
+> The approach described in this document is no longer recommended.
+>
+> The recommended approach to monitor Java applications is to use the auto-instrumentation without changing the code. Please follow the guidelines for [Application Insights Java 3.0 agent](./java-in-process-agent.md).
+
+If you have [instrumented your Java web app with Application Insights SDK][java], you can use the Java Agent to get deeper insights, without any code changes:
+
+* **Dependencies:** Data about calls that your application makes to other components, including:
+ * **Outgoing HTTP calls** made via Apache HttpClient, OkHttp, and `java.net.HttpURLConnection` are captured.
+ * **Redis calls** made via the Jedis client are captured.
+ * **JDBC queries** - For MySQL and PostgreSQL, if the call takes longer than 10 seconds, the agent reports the query plan.
+
+* **Application logging:** Capture and correlate your application logs with HTTP requests and other telemetry
+ * **Log4j 1.2**
+ * **Log4j2**
+ * **Logback**
+
+* **Better operation naming:** (used for aggregation of requests in the portal)
+ * **Spring** - based on `@RequestMapping`.
+ * **JAX-RS** - based on `@Path`.
+
+To use the Java agent, you install it on your server. Your web apps must be instrumented with the [Application Insights Java SDK][java].
+
+## Install the Application Insights agent for Java
+1. On the machine running your Java server, [download the 2.x agent](https://github.com/microsoft/ApplicationInsights-Java/releases/tag/2.6.2). Please make sure the version of the 2.x Java Agent that you use matches the version of the 2.x Application Insights Java SDK that you use.
+2. Edit the application server startup script, and add the following JVM argument:
+
+ `-javaagent:<full path to the agent JAR file>`
+
+ For example, in Tomcat on a Linux machine:
+
+ `export JAVA_OPTS="$JAVA_OPTS -javaagent:<full path to agent JAR file>"`
+3. Restart your application server.
+
+## Configure the agent
+Create a file named `AI-Agent.xml` and place it in the same folder as the agent JAR file.
+
+Set the content of the xml file. Edit the following example to include or omit the features you want.
+
+```XML
+<?xml version="1.0" encoding="utf-8"?>
+<ApplicationInsightsAgent>
+ <Instrumentation>
+ <BuiltIn enabled="true">
+
+ <!-- capture logging via Log4j 1.2, Log4j2, and Logback, default is true -->
+ <Logging enabled="true" />
+
+ <!-- capture outgoing HTTP calls performed through Apache HttpClient, OkHttp,
+ and java.net.HttpURLConnection, default is true -->
+ <HTTP enabled="true" />
+
+ <!-- capture JDBC queries, default is true -->
+ <JDBC enabled="true" />
+
+ <!-- capture Redis calls, default is true -->
+ <Jedis enabled="true" />
+
+ <!-- capture query plans for JDBC queries that exceed this value (MySQL, PostgreSQL),
+ default is 10000 milliseconds -->
+ <MaxStatementQueryLimitInMS>1000</MaxStatementQueryLimitInMS>
+
+ </BuiltIn>
+ </Instrumentation>
+</ApplicationInsightsAgent>
+```
+
+## Additional config (Spring Boot)
+
+`java -javaagent:/path/to/agent.jar -jar path/to/TestApp.jar`
+
+For Azure App Services, do the following:
+
+* Select Settings > Application Settings
+* Under App Settings, add a new key value pair:
+
+Key: `JAVA_OPTS`
+Value: `-javaagent:D:/home/site/wwwroot/applicationinsights-agent-2.6.2.jar`
+
+The agent must be packaged as a resource in your project such that it ends up in the D:/home/site/wwwroot/ directory. You can confirm that your agent is in the correct App Service directory by going to **Development Tools** > **Advanced Tools** > **Debug Console** and examining the contents of the site directory.
+
+* Save the settings and Restart your app. (These steps only apply to App Services running on Windows.)
+
+> [!NOTE]
+> AI-Agent.xml and the agent jar file should be in the same folder. They are often placed together in the `/resources` folder of the project.
+
+#### Enable W3C distributed tracing
+
+Add the following to AI-Agent.xml:
+
+```xml
+<Instrumentation>
+ <BuiltIn enabled="true">
+ <HTTP enabled="true" W3C="true" enableW3CBackCompat="true"/>
+ </BuiltIn>
+</Instrumentation>
+```
+
+> [!NOTE]
+> Backward compatibility mode is enabled by default and the enableW3CBackCompat parameter is optional and should be used only when you want to turn it off.
+
+Ideally this would be the case when all your services have been updated to newer version of SDKs supporting W3C protocol. It is highly recommended to move to newer version of SDKs with W3C support as soon as possible.
+
+Make sure that **both [incoming](correlation.md#enable-w3c-distributed-tracing-support-for-java-apps) and outgoing (agent) configurations** are exactly same.
+
+## View the data
+In the Application Insights resource, aggregated remote dependency and method execution times appear [under the Performance tile][metrics].
+
+To search for individual instances of dependency, exception, and method reports, open [Search][diagnostic].
+
+[Diagnosing dependency issues - learn more](./asp-net-dependencies.md#diagnosis).
+
+## Questions? Problems?
+* No data? [Set firewall exceptions](./ip-addresses.md)
+* [Troubleshooting Java](java-2x-troubleshoot.md)
+
+<!--Link references-->
+
+[api]: ./api-custom-events-metrics.md
+[apiexceptions]: ./api-custom-events-metrics.md#track-exception
+[availability]: ./monitor-web-app-availability.md
+[diagnostic]: ./diagnostic-search.md
+[eclipse]: app-insights-java-eclipse.md
+[java]: java-in-process-agent.md
+[javalogs]: java-2x-trace-logs.md
+[metrics]: ../essentials/metrics-charts.md
+
azure-monitor Java 2X Collectd https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/app/java-2x-collectd.md
+
+ Title: Monitor Java web app performance on Linux - Azure | Microsoft Docs
+description: Extended application performance monitoring of your Java website with the CollectD plug-in for Application Insights.
+ Last updated : 03/14/2019++++++
+# collectd: Linux performance metrics in Application Insights [Deprecated]
+
+> [!IMPORTANT]
+> The **recommended approach** to monitor Java applications is to use the auto-instrumentation without changing the code. Please follow the guidelines for **[Application Insights Java 3.0 agent](./java-in-process-agent.md)**.
+
+To explore Linux system performance metrics in [Application Insights](./app-insights-overview.md), install [collectd](https://collectd.org/), together with its Application Insights plug-in. This open-source solution gathers various system and network statistics.
+
+Typically you'll use collectd if you have already [instrumented your Java web service with Application Insights][java]. It gives you more data to help you to enhance your app's performance or diagnose problems.
+
+## Get your instrumentation key
+In the [Microsoft Azure portal](https://portal.azure.com), open the [Application Insights](./app-insights-overview.md) resource where you want the data to appear. (Or [create a new resource](./create-new-resource.md).)
+
+Take a copy of the instrumentation key, which identifies the resource.
+
+![Browse all, open your resource, and then in the Essentials drop-down, select, and copy the Instrumentation Key](./media/java-collectd/instrumentation-key-001.png)
+
+## Install collectd and the plug-in
+On your Linux server machines:
+
+1. Install [collectd](https://collectd.org/) version 5.4.0 or later.
+2. Download the [Application Insights collectd writer plugin](https://github.com/microsoft/ApplicationInsights-Java/tree/master/core/src/main/java/com/microsoft/applicationinsights/internal). Note the version number.
+3. Copy the plugin JAR into `/usr/share/collectd/java`.
+4. Edit `/etc/collectd/collectd.conf`:
+ * Ensure that [the Java plugin](https://collectd.org/wiki/index.php/Plugin:Java) is enabled.
+ * Update the JVMArg for the java.class.path to include the following JAR. Update the version number to match the one you downloaded:
+ * `/usr/share/collectd/java/applicationinsights-collectd-1.0.5.jar`
+ * Add this snippet, using the Instrumentation Key from your resource:
+
+```XML
+
+ LoadPlugin "com.microsoft.applicationinsights.collectd.ApplicationInsightsWriter"
+ <Plugin ApplicationInsightsWriter>
+ InstrumentationKey "Your key"
+ </Plugin>
+```
+
+Here's part of a sample configuration file:
+
+```XML
+
+ ...
+ # collectd plugins
+ LoadPlugin cpu
+ LoadPlugin disk
+ LoadPlugin load
+ ...
+
+ # Enable Java Plugin
+ LoadPlugin "java"
+
+ # Configure Java Plugin
+ <Plugin "java">
+ JVMArg "-verbose:jni"
+ JVMArg "-Djava.class.path=/usr/share/collectd/java/applicationinsights-collectd-1.0.5.jar:/usr/share/collectd/java/collectd-api.jar"
+
+ # Enabling Application Insights plugin
+ LoadPlugin "com.microsoft.applicationinsights.collectd.ApplicationInsightsWriter"
+
+ # Configuring Application Insights plugin
+ <Plugin ApplicationInsightsWriter>
+ InstrumentationKey "12345678-1234-1234-1234-123456781234"
+ </Plugin>
+
+ # Other plugin configurations ...
+ ...
+ </Plugin>
+ ...
+```
+
+Configure other [collectd plugins](https://collectd.org/wiki/index.php/Table_of_Plugins), which can collect various data from different sources.
+
+Restart collectd according to its [manual](https://collectd.org/wiki/index.php/First_steps).
+
+## View the data in Application Insights
+In your Application Insights resource, open [Metrics and add charts][metrics], selecting the metrics you want to see from the Custom category.
+
+By default, the metrics are aggregated across all host machines from which the metrics were collected. To view the metrics per host, in the Chart details blade, turn on Grouping and then choose to group by CollectD-Host.
+
+## To exclude upload of specific statistics
+By default, the Application Insights plugin sends all the data collected by all the enabled collectd 'read' plugins.
+
+To exclude data from specific plugins or data sources:
+
+* Edit the configuration file.
+* In `<Plugin ApplicationInsightsWriter>`, add directive lines like this:
+
+| Directive | Effect |
+| | |
+| `Exclude disk` |Exclude all data collected by the `disk` plugin |
+| `Exclude disk:read,write` |Exclude the sources named `read` and `write` from the `disk` plugin. |
+
+Separate directives with a newline.
+
+## Problems?
+*I don't see data in the portal*
+
+* Open [Search][diagnostic] to see if the raw events have arrived. Sometimes they take longer to appear in metrics explorer.
+* You might need to [set firewall exceptions for outgoing data](./ip-addresses.md)
+* Enable tracing in the Application Insights plugin. Add this line within `<Plugin ApplicationInsightsWriter>`:
+ * `SDKLogger true`
+* Open a terminal and start collectd in verbose mode, to see any issues it is reporting:
+ * `sudo collectd -f`
+
+## Known issue
+
+The Application Insights Write plugin is incompatible with certain Read plugins. Some plugins sometimes send "NaN" where the Application Insights plugin expects a floating-point number.
+
+Symptom: The collectd log shows errors that include "AI: ... SyntaxError: Unexpected token N".
+
+Workaround: Exclude data collected by the problem Write plugins.
+
+<!--Link references-->
+
+[api]: ./api-custom-events-metrics.md
+[apiexceptions]: ./api-custom-events-metrics.md#track-exception
+[availability]: ./monitor-web-app-availability.md
+[diagnostic]: ./diagnostic-search.md
+[eclipse]: app-insights-java-eclipse.md
+[java]: java-2x-get-started.md
+[javalogs]: java-2x-trace-logs.md
+[metrics]: ../essentials/metrics-charts.md
+
azure-monitor Java 2X Filter Telemetry https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/app/java-2x-filter-telemetry.md
+
+ Title: Filter Azure Application Insights telemetry in your Java web app
+description: Reduce telemetry traffic by filtering out the events you don't need to monitor.
+ Last updated : 3/14/2019+++++
+# Filter telemetry in your Java web app
+
+> [!CAUTION]
+> This document applies to Application Insights Java 2.x which is no longer recommended.
+>
+> Documentation for the latest version can be found at [Application Insights Java 3.0](./java-in-process-agent.md).
+
+Filters provide a way to select the telemetry that your [Java web app sends to Application Insights](java-2x-get-started.md). There are some out-of-the-box filters that you can use, and you can also write your own custom filters.
+
+The out-of-the-box filters include:
+
+* Trace severity level
+* Specific URLs, keywords or response codes
+* Fast responses - that is, requests to which your app responded to quickly
+* Specific event names
+
+> [!NOTE]
+> Filters skew the metrics of your app. For example, you might decide that, in order to diagnose slow responses, you will set a filter to discard fast response times. But you must be aware that the average response times reported by Application Insights will then be slower than the true speed, and the count of requests will be smaller than the real count.
+> If this is a concern, use [Sampling](./sampling.md) instead.
+
+## Setting filters
+
+In ApplicationInsights.xml, add a `TelemetryProcessors` section like this example:
++
+```XML
+
+ <ApplicationInsights>
+ <TelemetryProcessors>
+
+ <BuiltInProcessors>
+ <Processor type="TraceTelemetryFilter">
+ <Add name="FromSeverityLevel" value="ERROR"/>
+ </Processor>
+
+ <Processor type="RequestTelemetryFilter">
+ <Add name="MinimumDurationInMS" value="100"/>
+ <Add name="NotNeededResponseCodes" value="200-400"/>
+ </Processor>
+
+ <Processor type="PageViewTelemetryFilter">
+ <Add name="DurationThresholdInMS" value="100"/>
+ <Add name="NotNeededNames" value="home,index"/>
+ <Add name="NotNeededUrls" value=".jpg,.css"/>
+ </Processor>
+
+ <Processor type="TelemetryEventFilter">
+ <!-- Names of events we don't want to see -->
+ <Add name="NotNeededNames" value="Start,Stop,Pause"/>
+ </Processor>
+
+ <!-- Exclude telemetry from availability tests and bots -->
+ <Processor type="SyntheticSourceFilter">
+ <!-- Optional: specify which synthetic sources,
+ comma-separated
+ - default is all synthetics -->
+ <Add name="NotNeededSources" value="Application Insights Availability Monitoring,BingPreview"
+ </Processor>
+
+ </BuiltInProcessors>
+
+ <CustomProcessors>
+ <Processor type="com.fabrikam.MyFilter">
+ <Add name="Successful" value="false"/>
+ </Processor>
+ </CustomProcessors>
+
+ </TelemetryProcessors>
+ </ApplicationInsights>
+
+```
+
+[Inspect the full set of built-in processors](https://github.com/microsoft/ApplicationInsights-Java/tree/master/core/src/main/java/com/microsoft/applicationinsights/internal).
+
+## Built-in filters
+
+### Metric Telemetry filter
+
+```XML
+
+ <Processor type="MetricTelemetryFilter">
+ <Add name="NotNeeded" value="metric1,metric2"/>
+ </Processor>
+```
+
+* `NotNeeded` - Comma-separated list of custom metric names.
++
+### Page View Telemetry filter
+
+```XML
+
+ <Processor type="PageViewTelemetryFilter">
+ <Add name="DurationThresholdInMS" value="500"/>
+ <Add name="NotNeededNames" value="page1,page2"/>
+ <Add name="NotNeededUrls" value="url1,url2"/>
+ </Processor>
+```
+
+* `DurationThresholdInMS` - Duration refers to the time taken to load the page. If this is set, pages that loaded faster than this time are not reported.
+* `NotNeededNames` - Comma-separated list of page names.
+* `NotNeededUrls` - Comma-separated list of URL fragments. For example, `"home"` filters out all pages that have "home" in the URL.
++
+### Request Telemetry Filter
++
+```XML
+
+ <Processor type="RequestTelemetryFilter">
+ <Add name="MinimumDurationInMS" value="500"/>
+ <Add name="NotNeededResponseCodes" value="page1,page2"/>
+ <Add name="NotNeededUrls" value="url1,url2"/>
+ </Processor>
+```
+++
+### Synthetic Source filter
+
+Filters out all telemetry that have values in the SyntheticSource property. These include requests from bots, spiders and availability tests.
+
+Filter out telemetry for all synthetic requests:
++
+```XML
+
+ <Processor type="SyntheticSourceFilter" />
+```
+
+Filter out telemetry for specific synthetic sources:
++
+```XML
+
+ <Processor type="SyntheticSourceFilter" >
+ <Add name="NotNeeded" value="source1,source2"/>
+ </Processor>
+```
+
+* `NotNeeded` - Comma-separated list of synthetic source names.
+
+### Telemetry Event filter
+
+Filters custom events (logged using [TrackEvent()](./api-custom-events-metrics.md#trackevent)).
++
+```XML
+
+ <Processor type="TelemetryEventFilter" >
+ <Add name="NotNeededNames" value="event1, event2"/>
+ </Processor>
+```
++
+* `NotNeededNames` - Comma-separated list of event names.
++
+### Trace Telemetry filter
+
+Filters log traces (logged using [TrackTrace()](./api-custom-events-metrics.md#tracktrace) or a [logging framework collector](java-2x-trace-logs.md)).
+
+```XML
+
+ <Processor type="TraceTelemetryFilter">
+ <Add name="FromSeverityLevel" value="ERROR"/>
+ </Processor>
+```
+
+* `FromSeverityLevel` valid values are:
+ * OFF - Filter out ALL traces
+ * TRACE - No filtering. equals to Trace level
+ * INFO - Filter out TRACE level
+ * WARN - Filter out TRACE and INFO
+ * ERROR - Filter out WARN, INFO, TRACE
+ * CRITICAL - filter out all but CRITICAL
++
+## Custom filters
+
+### 1. Code your filter
+
+In your code, create a class that implements `TelemetryProcessor`:
+
+```Java
+
+ package com.fabrikam.MyFilter;
+ import com.microsoft.applicationinsights.extensibility.TelemetryProcessor;
+ import com.microsoft.applicationinsights.telemetry.Telemetry;
+
+ public class SuccessFilter implements TelemetryProcessor {
+
+ /* Any parameters that are required to support the filter.*/
+ private final String successful;
+
+ /* Initializers for the parameters, named "setParameterName" */
+ public void setNotNeeded(String successful)
+ {
+ this.successful = successful;
+ }
+
+ /* This method is called for each item of telemetry to be sent.
+ Return false to discard it.
+ Return true to allow other processors to inspect it. */
+ @Override
+ public boolean process(Telemetry telemetry) {
+ if (telemetry == null) { return true; }
+ if (telemetry instanceof RequestTelemetry)
+ {
+ RequestTelemetry requestTelemetry = (RequestTelemetry) telemetry;
+ return request.getSuccess() == successful;
+ }
+ return true;
+ }
+ }
+
+```
+
+### 2. Invoke your filter in the configuration file
+
+In ApplicationInsights.xml:
+
+```XML
++
+ <ApplicationInsights>
+ <TelemetryProcessors>
+ <CustomProcessors>
+ <Processor type="com.fabrikam.SuccessFilter">
+ <Add name="Successful" value="false"/>
+ </Processor>
+ </CustomProcessors>
+ </TelemetryProcessors>
+ </ApplicationInsights>
+
+```
+
+### 3. Invoke your filter (Java Spring)
+
+For applications based on the Spring framework, custom telemetry processors must be registered in your main application class as a bean. They will then be autowired when the application starts.
+
+```Java
+@Bean
+public TelemetryProcessor successFilter() {
+ return new SuccessFilter();
+}
+```
+
+You will need to create your own filter parameters in `application.properties` and leverage Spring Boot's externalized configuration framework to pass those parameters into your custom filter.
++
+## Troubleshooting
+
+*My filter isn't working.*
+
+* Check that you have provided valid parameter values. For example, durations should be integers. Invalid values will cause the filter to be ignored. If your custom filter throws an exception from a constructor or set method, it will be ignored.
+
+## Next steps
+
+* [Sampling](./sampling.md) - Consider sampling as an alternative that does not skew your metrics.
+
azure-monitor Java 2X Get Started https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/app/java-2x-get-started.md
+
+ Title: 'Quickstart: Java web app analytics with Azure Application Insights'
+description: 'Application Performance Monitoring for Java web apps with Application Insights. '
+ Last updated : 11/22/2020+++++
+# Quickstart: Get started with Application Insights in a Java web project
+
+> [!CAUTION]
+> This document applies to Application Insights Java 2.x which is no longer recommended.
+>
+> Documentation for the latest version can be found at [Application Insights Java 3.0](./java-in-process-agent.md).
+
+In this quickstart, you use Application Insights SDK to instrument request, track dependencies, and collect performance counters, diagnose performance issues and exceptions, and write code to track what users do with your app.
+
+Application Insights is an extensible analytics service for web developers that helps you understand the performance and usage of your live application. Application Insights supports Java apps running on Linux, Unix, or Windows.
+
+## Prerequisites
+
+* An Azure account with an active subscription. [Create an account for free](https://azure.microsoft.com/free/?ref=microsoft.com&utm_source=microsoft.com&utm_medium=docs&utm_campaign=visualstudio).
+* A functioning Java application.
+
+## Get an Application Insights instrumentation key
+
+> [!IMPORTANT]
+> New Azure regions **require** the use of connection strings instead of instrumentation keys. [Connection string](./sdk-connection-string.md?tabs=java) identifies the resource that you want to associate your telemetry data with. It also allows you to modify the endpoints your resource will use as a destination for your telemetry. You will need to copy the connection string and add it to your application's code or to an environment variable.
+1. Sign in to the [Azure portal](https://portal.azure.com/).
+2. In the Azure portal, create an Application Insights resource. Set the application type to Java web application.
+
+3. Find the instrumentation key of the new resource. You'll need to paste this key into your code project shortly.
+
+ ![In the new resource overview, click Properties and copy the Instrumentation Key](./media/java-get-started/instrumentation-key-001.png)
+
+## Add the Application Insights SDK for Java to your project
+
+*Choose your project type.*
+
+# [Maven](#tab/maven)
+
+If your project is already set up to use Maven for build, merge the following code to your *pom.xml* file.
+
+Then, refresh the project dependencies to get the binaries downloaded.
+
+```XML
+ <dependencies>
+ <dependency>
+ <groupId>com.microsoft.azure</groupId>
+ <artifactId>applicationinsights-web-auto</artifactId>
+ <!-- or applicationinsights-web for manual web filter registration -->
+ <!-- or applicationinsights-core for bare API -->
+ <version>2.6.2</version>
+ </dependency>
+ </dependencies>
+```
+
+# [Gradle](#tab/gradle)
+
+If your project is already set up to use Gradle for build, merge the following code to your *build.gradle* file.
+
+Then refresh the project dependencies to get the binaries downloaded.
+
+```gradle
+ dependencies {
+ compile group: 'com.microsoft.azure', name: 'applicationinsights-web-auto', version: '2.6.2'
+ // or applicationinsights-web for manual web filter registration
+ // or applicationinsights-core for bare API
+ }
+```
+++
+### Questions
+* *What's the relationship between the `-web-auto`, `-web` and `-core` components?*
+ * `applicationinsights-web-auto` gives you metrics that track HTTP servlet request counts and response times,
+ by automatically registering the Application Insights servlet filter at runtime.
+ * `applicationinsights-web` also gives you metrics that track HTTP servlet request counts and response times,
+ but requires manual registration of the Application Insights servlet filter in your application.
+ * `applicationinsights-core` gives you just the bare API, for example, if your application isn't servlet-based.
+
+* *How should I update the SDK to the latest version?*
+ * As of November 2020, for monitoring Java applications we recommend auto-instrumentation using the Azure Monitor Application Insights Java 3.0 agent. For more information on how to get started, see [Application Insights Java 3.0 agent](./java-in-process-agent.md).
+
+## Add an *ApplicationInsights.xml* file
+Add *ApplicationInsights.xml* to the resources folder in your project, or make sure it's added to your project's deployment class path. Copy the following XML into it.
+
+Replace the instrumentation key with the one that you got from the Azure portal.
+
+```XML
+<?xml version="1.0" encoding="utf-8"?>
+<ApplicationInsights xmlns="http://schemas.microsoft.com/ApplicationInsights/2013/Settings" schemaVersion="2014-05-30">
+
+ <!-- The key from the portal: -->
+ <InstrumentationKey>** Your instrumentation key **</InstrumentationKey>
+
+ <!-- HTTP request component (not required for bare API) -->
+ <TelemetryModules>
+ <Add type="com.microsoft.applicationinsights.web.extensibility.modules.WebRequestTrackingTelemetryModule"/>
+ <Add type="com.microsoft.applicationinsights.web.extensibility.modules.WebSessionTrackingTelemetryModule"/>
+ <Add type="com.microsoft.applicationinsights.web.extensibility.modules.WebUserTrackingTelemetryModule"/>
+ </TelemetryModules>
+
+ <!-- Events correlation (not required for bare API) -->
+ <!-- These initializers add context data to each event -->
+ <TelemetryInitializers>
+ <Add type="com.microsoft.applicationinsights.web.extensibility.initializers.WebOperationIdTelemetryInitializer"/>
+ <Add type="com.microsoft.applicationinsights.web.extensibility.initializers.WebOperationNameTelemetryInitializer"/>
+ <Add type="com.microsoft.applicationinsights.web.extensibility.initializers.WebSessionTelemetryInitializer"/>
+ <Add type="com.microsoft.applicationinsights.web.extensibility.initializers.WebUserTelemetryInitializer"/>
+ <Add type="com.microsoft.applicationinsights.web.extensibility.initializers.WebUserAgentTelemetryInitializer"/>
+ </TelemetryInitializers>
+
+</ApplicationInsights>
+```
+
+Optionally, the configuration file can be in any location accessible to your application. The system property `-Dapplicationinsights.configurationDirectory` specifies the directory that contains *ApplicationInsights.xml*. For example, a configuration file located at `E:\myconfigs\appinsights\ApplicationInsights.xml` would be configured with the property `-Dapplicationinsights.configurationDirectory="E:\myconfigs\appinsights"`.
+
+* The instrumentation key is sent along with every item of telemetry and tells Application Insights to display it in your resource.
+* The HTTP Request component is optional. It automatically sends telemetry about requests and response times to the portal.
+* Event correlation is an addition to the HTTP request component. It assigns an identifier to each request received by the server. It then adds this identifier as a property to every item of telemetry as the property 'Operation.Id'. It allows you to correlate the telemetry associated with each request by setting a filter in [diagnostic search][diagnostic].
+
+### Alternative ways to set the instrumentation key
+Application Insights SDK looks for the key in this order:
+
+1. System property: -DAPPINSIGHTS_INSTRUMENTATIONKEY=your_ikey
+2. Environment variable: APPINSIGHTS_INSTRUMENTATIONKEY
+3. Configuration file: *ApplicationInsights.xml*
+
+You can also [set it in code](./api-custom-events-metrics.md#ikey):
+
+```java
+ String instrumentationKey = "00000000-0000-0000-0000-000000000000";
+
+ if (instrumentationKey != null)
+ {
+ TelemetryConfiguration.getActive().setInstrumentationKey(instrumentationKey);
+ }
+```
+
+## Add agent
+
+[Install the Java Agent](java-2x-agent.md) to capture outgoing HTTP calls, JDBC queries, application logging,
+and better operation naming.
+
+## Run your application
+Either run it in debug mode on your development machine, or publish to your server.
+
+## View your telemetry in Application Insights
+Return to your Application Insights resource in [Microsoft Azure portal](https://portal.azure.com).
+
+HTTP requests data appears on the overview blade. (If it isn't there, wait a few seconds and then click Refresh.)
+
+![Screenshot of overview sample data](./media/java-get-started/overview-graphs.png)
+
+[Learn more about metrics.][metrics]
+
+Click through any chart to see more detailed aggregated metrics.
+
+![Application Insights failures pane with charts](./media/java-get-started/006-barcharts.png)
+
+### Instance data
+Click through a specific request type to see individual instances.
+
+![Drill into a specific sample view](./media/java-get-started/007-instance.png)
+
+### Analytics: Powerful query language
+As you accumulate more data, you can run queries both to aggregate data and to find individual instances. [Analytics](../logs/log-query-overview.md) is a powerful tool for both for understanding performance and usage, and for diagnostic purposes.
+
+![Example of Analytics](./media/java-get-started/0025.png)
+
+## Install your app on the server
+Now publish your app to the server, let people use it, and watch the telemetry show up on the portal.
+
+* Make sure your firewall allows your application to send telemetry to these ports:
+
+ * dc.services.visualstudio.com:443
+ * f5.services.visualstudio.com:443
+
+* If outgoing traffic must be routed through a firewall, define system properties `http.proxyHost` and `http.proxyPort`.
+
+* On Windows servers, install:
+
+ * [Microsoft Visual C++ Redistributable](https://www.microsoft.com/download/details.aspx?id=40784)
+
+ (This component enables performance counters.)
+
+## Azure App Service, AKS, VMs config
+
+The best and easiest approach to monitor your applications running on any of Azure resource providers is to use Application Insights auto-instrumentation via [Java 3.0 agent](./java-in-process-agent.md).
++
+## Exceptions and request failures
+Unhandled exceptions and request failures are automatically collected by the Application Insights web filter.
+
+To collect data on other exceptions, you can [insert calls to trackException() in your code][apiexceptions].
+
+## Monitor method calls and external dependencies
+[Install the Java Agent](java-2x-agent.md) to log specified internal methods and calls made through JDBC, with timing data.
+
+And for automatic operation naming.
+
+## W3C distributed tracing
+
+The Application Insights Java SDK now supports [W3C distributed tracing](https://w3c.github.io/trace-context/).
+
+The incoming SDK configuration is explained further in our article on [correlation](correlation.md).
+
+Outgoing SDK configuration is defined in the [AI-Agent.xml](java-2x-agent.md) file.
+
+## Performance counters
+Open **Investigate**, **Metrics**, to see a range of performance counters.
+
+![Screenshot of metrics pane with process private bytes selected](./media/java-get-started/011-perf-counters.png)
+
+### Customize performance counter collection
+To disable collection of the standard set of performance counters, add the following code under the root node of the *ApplicationInsights.xml* file:
+
+```XML
+ <PerformanceCounters>
+ <UseBuiltIn>False</UseBuiltIn>
+ </PerformanceCounters>
+```
+
+### Collect additional performance counters
+You can specify additional performance counters to be collected.
+
+#### JMX counters (exposed by the Java Virtual Machine)
+
+```XML
+ <PerformanceCounters>
+ <Jmx>
+ <Add objectName="java.lang:type=ClassLoading" attribute="TotalLoadedClassCount" displayName="Loaded Class Count"/>
+ <Add objectName="java.lang:type=Memory" attribute="HeapMemoryUsage.used" displayName="Heap Memory Usage-used" type="composite"/>
+ </Jmx>
+ </PerformanceCounters>
+```
+
+* `displayName` ΓÇô The name displayed in the Application Insights portal.
+* `objectName` ΓÇô The JMX object name.
+* `attribute` ΓÇô The attribute of the JMX object name to fetch
+* `type` (optional) - The type of JMX object's attribute:
+ * Default: a simple type such as int or long.
+ * `composite`: the perf counter data is in the format of 'Attribute.Data'
+ * `tabular`: the perf counter data is in the format of a table row
+
+#### Windows performance counters
+Each [Windows performance counter](/windows/win32/perfctrs/performance-counters-portal) is a member of a category (in the same way that a field is a member of a class). Categories can either be global, or can have numbered or named instances.
+
+```XML
+ <PerformanceCounters>
+ <Windows>
+ <Add displayName="Process User Time" categoryName="Process" counterName="%User Time" instanceName="__SELF__" />
+ <Add displayName="Bytes Printed per Second" categoryName="Print Queue" counterName="Bytes Printed/sec" instanceName="Fax" />
+ </Windows>
+ </PerformanceCounters>
+```
+
+* displayName ΓÇô The name displayed in the Application Insights portal.
+* categoryName ΓÇô The performance counter category (performance object) with which this performance counter is associated.
+* counterName ΓÇô The name of the performance counter.
+* instanceName ΓÇô The name of the performance counter category instance, or an empty string (""), if the category contains a single instance. If the categoryName is Process, and the performance counter you'd like to collect is from the current JVM process on which your app is running, specify `"__SELF__"`.
+
+### Unix performance counters
+* [Install collectd with the Application Insights plugin](java-2x-collectd.md) to get a wide variety of system and network data.
+
+## Get user and session data
+OK, you're sending telemetry from your web server. Now to get the full 360-degree view of your application, you can add more monitoring:
+
+* [Add telemetry to your web pages][usage] to monitor page views and user metrics.
+* [Set up web tests][availability] to make sure your application stays live and responsive.
+
+## Send your own telemetry
+Now that you've installed the SDK, you can use the API to send your own telemetry.
+
+* [Track custom events and metrics][api] to learn what users are doing with your application.
+* [Search events and logs][diagnostic] to help diagnose problems.
+
+## Availability web tests
+Application Insights can test your website at regular intervals to check that it's up and responding well.
+
+[Learn more about how to set up availability web tests.][availability]
+
+## Questions? Problems?
+[Troubleshooting Java](java-2x-troubleshoot.md)
+
+## Next steps
+* [Monitor dependency calls](java-2x-agent.md)
+* [Monitor Unix performance counters](java-2x-collectd.md)
+* Add [monitoring to your web pages](javascript.md) to monitor page load times, AJAX calls, browser exceptions.
+* Write [custom telemetry](./api-custom-events-metrics.md) to track usage in the browser or at the server.
+* Use [Analytics](../logs/log-query-overview.md) for powerful queries over telemetry from your app
+* For more information, visit [Azure for Java developers](/java/azure).
+
+<!--Link references-->
+
+[api]: ./api-custom-events-metrics.md
+[apiexceptions]: ./api-custom-events-metrics.md#trackexception
+[availability]: ./monitor-web-app-availability.md
+[diagnostic]: ./diagnostic-search.md
+[javalogs]: java-2x-trace-logs.md
+[metrics]: ../essentials/metrics-charts.md
+[usage]: javascript.md
azure-monitor Java 2X Micrometer https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/app/java-2x-micrometer.md
+
+ Title: How to use Micrometer with Azure Application Insights Java SDK
+description: A step by step guide on using Micrometer with your Application Insights Spring Boot and non-Spring Boot applications.
++++ Last updated : 11/01/2018+++
+# How to use Micrometer with Azure Application Insights Java SDK (not recommended)
+
+> [!CAUTION]
+> This document applies to Application Insights Java 2.x which is no longer recommended.
+>
+> Documentation for the latest version can be found at [Application Insights Java 3.0](./java-in-process-agent.md).
+
+Micrometer application monitoring measures metrics for JVM-based application code and lets you export the data to your favorite monitoring systems. This article will teach you how to use Micrometer with Application Insights for both Spring Boot and non-Spring Boot applications.
+
+## Using Spring Boot 1.5x
+Add the following dependencies to your pom.xml or build.gradle file:
+* [Application Insights spring-boot-starter](https://github.com/Azure/azure-sdk-for-java/tree/master/sdk/spring/azure-spring-boot-starter)
+ 2.5.0 or later
+* Micrometer Azure Registry 1.1.0 or above
+* [Micrometer Spring Legacy](https://micrometer.io/docs/ref/spring/1.5) 1.1.0 or above (this backports the autoconfig code in the Spring framework).
+* [ApplicationInsights Resource](./create-new-resource.md)
+
+Steps
+
+1. Update the pom.xml file of your Spring Boot application and add the following dependencies in it:
+
+ ```XML
+ <dependency>
+ <groupId>com.microsoft.azure</groupId>
+ <artifactId>applicationinsights-spring-boot-starter</artifactId>
+ <version>2.5.0</version>
+ </dependency>
+
+ <dependency>
+ <groupId>io.micrometer</groupId>
+ <artifactId>micrometer-spring-legacy</artifactId>
+ <version>1.1.0</version>
+ </dependency>
+
+ <dependency>
+ <groupId>io.micrometer</groupId>
+ <artifactId>micrometer-registry-azure-monitor</artifactId>
+ <version>1.1.0</version>
+ </dependency>
+
+ ```
+2. Update the application.properties or yml file with the Application Insights Instrumentation key using the following property:
+
+ `azure.application-insights.instrumentation-key=<your-instrumentation-key-here>`
+1. Build your application and run
+2. The above should get you up and running with pre-aggregated metrics auto collected to Azure Monitor. For details on how to fine-tune Application Insights Spring Boot starter refer to the [readme on GitHub](https://github.com/Azure/azure-sdk-for-jav).
+
+## Using Spring 2.x
+
+Add the following dependencies to your pom.xml or build.gradle file:
+
+* Application Insights Spring-boot-starter 2.1.2 or above
+* Azure-spring-boot-metrics-starters 2.0.7 or later
+* [Application Insights Resource](./create-new-resource.md)
+
+Steps:
+
+1. Update the pom.xml file of your Spring Boot application and add the following dependency in it:
+
+ ```XML
+ <dependency>
+ <groupId>com.microsoft.azure</groupId>
+ <artifactId>azure-spring-boot-metrics-starter</artifactId>
+ <version>2.0.7</version>
+ </dependency>
+ ```
+1. Update the application.properties or yml file with the Application Insights Instrumentation key using the following property:
+
+ `azure.application-insights.instrumentation-key=<your-instrumentation-key-here>`
+3. Build your application and run
+4. The above should get you running with pre-aggregated metrics auto collected to Azure Monitor. For details on how to fine-tune Application Insights Spring Boot starter refer to the [readme on GitHub](https://github.com/Microsoft/azure-spring-boot/releases/latest).
+
+Default Metrics:
+
+* Automatically configured metrics for Tomcat, JVM, Logback Metrics, Log4J metrics, Uptime Metrics, Processor Metrics, FileDescriptorMetrics.
+* For example, if Netflix Hystrix is present on class path we get those metrics as well.
+* The following metrics can be available by adding respective beans.
+ - CacheMetrics (CaffeineCache, EhCache2, GuavaCache, HazelcastCache, JCache)
+ - DataBaseTableMetrics
+ - HibernateMetrics
+ - JettyMetrics
+ - OkHttp3 metrics
+ - Kafka Metrics
+++
+How to turn off automatic metrics collection:
+
+- JVM Metrics:
+ - management.metrics.binders.jvm.enabled=false
+- Logback Metrics:
+ - management.metrics.binders.logback.enabled=false
+- Uptime Metrics:
+ - management.metrics.binders.uptime.enabled=false
+- Processor Metrics:
+ - management.metrics.binders.processor.enabled=false
+- FileDescriptorMetrics:
+ - management.metrics.binders.files.enabled=false
+- Hystrix Metrics if library on classpath:
+ - management.metrics.binders.hystrix.enabled=false
+- AspectJ Metrics if library on classpath:
+ - spring.aop.enabled=false
+
+> [!NOTE]
+> Specify the properties above in the application.properties or application.yml file of your Spring Boot application
+
+## Use Micrometer with non-Spring Boot web applications
+
+Add the following dependencies to your pom.xml or build.gradle file:
+
+* Application Insights Web Auto 2.5.0 or later
+* Micrometer Azure Registry 1.1.0 or above
+* [Application Insights Resource](./create-new-resource.md)
+
+Steps:
+
+1. Add the following dependencies in your pom.xml or build.gradle file:
+
+ ```XML
+ <dependency>
+ <groupId>io.micrometer</groupId>
+ <artifactId>micrometer-registry-azure-monitor</artifactId>
+ <version>1.1.0</version>
+ </dependency>
+
+ <dependency>
+ <groupId>com.microsoft.azure</groupId>
+ <artifactId>applicationinsights-web-auto</artifactId>
+ <version>2.5.0</version>
+ </dependency>
+ ```
+
+2. Put `ApplicationInsights.xml` file in the resources folder:
+
+ ```XML
+ <?xml version="1.0" encoding="utf-8"?>
+ <ApplicationInsights xmlns="http://schemas.microsoft.com/ApplicationInsights/2013/Settings" schemaVersion="2014-05-30">
+
+ <!-- The key from the portal: -->
+ <InstrumentationKey>** Your instrumentation key **</InstrumentationKey>
+
+ <!-- HTTP request component (not required for bare API) -->
+ <TelemetryModules>
+ <Add type="com.microsoft.applicationinsights.web.extensibility.modules.WebRequestTrackingTelemetryModule"/>
+ <Add type="com.microsoft.applicationinsights.web.extensibility.modules.WebSessionTrackingTelemetryModule"/>
+ <Add type="com.microsoft.applicationinsights.web.extensibility.modules.WebUserTrackingTelemetryModule"/>
+ </TelemetryModules>
+
+ <!-- Events correlation (not required for bare API) -->
+ <!-- These initializers add context data to each event -->
+ <TelemetryInitializers>
+ <Add type="com.microsoft.applicationinsights.web.extensibility.initializers.WebOperationIdTelemetryInitializer"/>
+ <Add type="com.microsoft.applicationinsights.web.extensibility.initializers.WebOperationNameTelemetryInitializer"/>
+ <Add type="com.microsoft.applicationinsights.web.extensibility.initializers.WebSessionTelemetryInitializer"/>
+ <Add type="com.microsoft.applicationinsights.web.extensibility.initializers.WebUserTelemetryInitializer"/>
+ <Add type="com.microsoft.applicationinsights.web.extensibility.initializers.WebUserAgentTelemetryInitializer"/>
+ </TelemetryInitializers>
+
+ </ApplicationInsights>
+ ```
+
+3. Sample Servlet class (emits a timer metric):
+
+ ```Java
+ @WebServlet("/hello")
+ public class TimedDemo extends HttpServlet {
+
+ private static final long serialVersionUID = -4751096228274971485L;
+
+ @Override
+ @Timed(value = "hello.world")
+ protected void doGet(HttpServletRequest request, HttpServletResponse response)
+ throws ServletException, IOException {
+
+ response.getWriter().println("Hello World!");
+ MeterRegistry registry = (MeterRegistry) getServletContext().getAttribute("AzureMonitorMeterRegistry");
+
+ //create new Timer metric
+ Timer sampleTimer = registry.timer("timer");
+ Stream<Integer> infiniteStream = Stream.iterate(0, i -> i+1);
+ infiniteStream.limit(10).forEach(integer -> {
+ try {
+ Thread.sleep(1000);
+ sampleTimer.record(integer, TimeUnit.MILLISECONDS);
+ } catch (Exception e) {}
+ });
+ }
+ @Override
+ public void init() throws ServletException {
+ System.out.println("Servlet " + this.getServletName() + " has started");
+ }
+ @Override
+ public void destroy() {
+ System.out.println("Servlet " + this.getServletName() + " has stopped");
+ }
+
+ }
+
+ ```
+
+4. Sample configuration class:
+
+ ```Java
+ @WebListener
+ public class MeterRegistryConfiguration implements ServletContextListener {
+
+ @Override
+ public void contextInitialized(ServletContextEvent servletContextEvent) {
+
+ // Create AzureMonitorMeterRegistry
+ private final AzureMonitorConfig config = new AzureMonitorConfig() {
+ @Override
+ public String get(String key) {
+ return null;
+ }
+ @Override
+ public Duration step() {
+ return Duration.ofSeconds(60);}
+
+ @Override
+ public boolean enabled() {
+ return false;
+ }
+ };
+
+ MeterRegistry azureMeterRegistry = AzureMonitorMeterRegistry.builder(config);
+
+ //set the config to be used elsewhere
+ servletContextEvent.getServletContext().setAttribute("AzureMonitorMeterRegistry", azureMeterRegistry);
+
+ }
+
+ @Override
+ public void contextDestroyed(ServletContextEvent servletContextEvent) {
+
+ }
+ }
+ ```
+
+To learn more about metrics, refer to the [Micrometer documentation](https://micrometer.io/docs/).
+
+Other sample code on how to create different types of metrics can be found in[the official Micrometer GitHub repo](https://github.com/micrometer-metrics/micrometer/tree/master/samples/micrometer-samples-core/src/main/java/io/micrometer/core/samples).
+
+## How to bind additional metrics collection
+
+### SpringBoot/Spring
+
+Create a bean of the respective metric category. For example, say we need Guava cache Metrics:
+
+```Java
+ @Bean
+ GuavaCacheMetrics guavaCacheMetrics() {
+ Return new GuavaCacheMetrics();
+ }
+```
+There are several metrics that are not enabled by default but can be bound in the above fashion. For a complete list, refer to [the official Micrometer GitHub repo](https://github.com/micrometer-metrics/micrometer/tree/master/micrometer-core/src/main/java/io/micrometer/core/instrument/binder ).
+
+### Non-Spring apps
+Add the following binding code to the configuration file:
+```Java
+ New GuavaCacheMetrics().bind(registry);
+```
+
+## Next steps
+
+* To learn more about Micrometer, see the official [Micrometer documentation](https://micrometer.io/docs).
+* To learn about Spring on Azure, see the official [Spring on Azure documentation](/java/azure/spring-framework/).
azure-monitor Java 2X Trace Logs https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/app/java-2x-trace-logs.md
+
+ Title: Explore Java trace logs in Azure Application Insights
+description: Search Log4J or Logback traces in Application Insights
+ Last updated : 05/18/2019+++++
+# Explore Java trace logs in Application Insights
+
+> [!CAUTION]
+> This document applies to Application Insights Java 2.x which is no longer recommended.
+>
+> Documentation for the latest version can be found at [Application Insights Java 3.0](./java-in-process-agent.md).
+
+If you're using Logback or Log4J (v1.2 or v2.0) for tracing, you can have your trace logs sent automatically to Application Insights where you can explore and search on them.
+
+> [!TIP]
+> You only need to set your Application Insights Instrumentation Key once for your application. If you are using a framework like Java Spring, you may have already registered the key elsewhere in your app's configuration.
+
+## Using the Application Insights Java agent
+
+By default, the Application Insights Java agent automatically captures logging performed at `WARN` level and above.
+
+You can change the threshold of logging that is captured using the `AI-Agent.xml` file:
+
+```xml
+<?xml version="1.0" encoding="utf-8"?>
+<ApplicationInsightsAgent>
+ <Instrumentation>
+ <BuiltIn>
+ <Logging threshold="info"/>
+ </BuiltIn>
+ </Instrumentation>
+</ApplicationInsightsAgent>
+```
+
+You can disable the Java agent's logging capture using the `AI-Agent.xml` file:
+
+```xml
+<?xml version="1.0" encoding="utf-8"?>
+<ApplicationInsightsAgent>
+ <Instrumentation>
+ <BuiltIn>
+ <Logging enabled="false"/>
+ </BuiltIn>
+ </Instrumentation>
+</ApplicationInsightsAgent>
+```
+
+## Alternatively (as opposed to using the Java agent), you can follow the instructions below
+
+### Install the Java SDK
+
+Follow the instructions to install [Application Insights SDK for Java][java], if you haven't already done that.
+
+### Add logging libraries to your project
+*Choose the appropriate way for your project.*
+
+#### If you're using Maven...
+If your project is already set up to use Maven for build, merge one of the following snippets of code into your pom.xml file.
+
+Then refresh the project dependencies, to get the binaries downloaded.
+
+*Logback*
+
+```XML
+
+ <dependencies>
+ <dependency>
+ <groupId>com.microsoft.azure</groupId>
+ <artifactId>applicationinsights-logging-logback</artifactId>
+ <version>[2.0,)</version>
+ </dependency>
+ </dependencies>
+```
+
+*Log4J v2.0*
+
+```XML
+
+ <dependencies>
+ <dependency>
+ <groupId>com.microsoft.azure</groupId>
+ <artifactId>applicationinsights-logging-log4j2</artifactId>
+ <version>[2.0,)</version>
+ </dependency>
+ </dependencies>
+```
+
+*Log4J v1.2*
+
+```XML
+
+ <dependencies>
+ <dependency>
+ <groupId>com.microsoft.azure</groupId>
+ <artifactId>applicationinsights-logging-log4j1_2</artifactId>
+ <version>[2.0,)</version>
+ </dependency>
+ </dependencies>
+```
+
+#### If you're using Gradle...
+If your project is already set up to use Gradle for build, add one of the following lines to the `dependencies` group in your build.gradle file:
+
+Then refresh the project dependencies, to get the binaries downloaded.
+
+**Logback**
+
+```
+
+ compile group: 'com.microsoft.azure', name: 'applicationinsights-logging-logback', version: '2.0.+'
+```
+
+**Log4J v2.0**
+
+```
+ compile group: 'com.microsoft.azure', name: 'applicationinsights-logging-log4j2', version: '2.0.+'
+```
+
+**Log4J v1.2**
+
+```
+ compile group: 'com.microsoft.azure', name: 'applicationinsights-logging-log4j1_2', version: '2.0.+'
+```
+
+#### Otherwise ...
+Follow the guidelines to manually install Application Insights Java SDK, download the jar (After arriving at Maven Central Page click on 'jar' link in download section) for appropriate appender and add the downloaded appender jar to the project.
+
+| Logger | Download | Library |
+| | | |
+| Logback |[Logback appender Jar](https://search.maven.org/#search%7Cga%7C1%7Ca%3A%22applicationinsights-logging-logback%22) |applicationinsights-logging-logback |
+| Log4J v2.0 |[Log4J v2 appender Jar](https://search.maven.org/#search%7Cga%7C1%7Ca%3A%22applicationinsights-logging-log4j2%22) |applicationinsights-logging-log4j2 |
+| Log4j v1.2 |[Log4J v1.2 appender Jar](https://search.maven.org/#search%7Cga%7C1%7Ca%3A%22applicationinsights-logging-log4j1_2%22) |applicationinsights-logging-log4j1_2 |
++
+### Add the appender to your logging framework
+To start getting traces, merge the relevant snippet of code to the Log4J or Logback configuration file:
+
+*Logback*
+
+```XML
+
+ <appender name="aiAppender"
+ class="com.microsoft.applicationinsights.logback.ApplicationInsightsAppender">
+ <instrumentationKey>[APPLICATION_INSIGHTS_KEY]</instrumentationKey>
+ </appender>
+ <root level="trace">
+ <appender-ref ref="aiAppender" />
+ </root>
+```
+
+*Log4J v2.0*
+
+```XML
+
+ <Configuration packages="com.microsoft.applicationinsights.log4j.v2">
+ <Appenders>
+ <ApplicationInsightsAppender name="aiAppender" instrumentationKey="[APPLICATION_INSIGHTS_KEY]" />
+ </Appenders>
+ <Loggers>
+ <Root level="trace">
+ <AppenderRef ref="aiAppender"/>
+ </Root>
+ </Loggers>
+ </Configuration>
+```
+
+*Log4J v1.2*
+
+```XML
+
+ <appender name="aiAppender"
+ class="com.microsoft.applicationinsights.log4j.v1_2.ApplicationInsightsAppender">
+ <param name="instrumentationKey" value="[APPLICATION_INSIGHTS_KEY]" />
+ </appender>
+ <root>
+ <priority value ="trace" />
+ <appender-ref ref="aiAppender" />
+ </root>
+```
+
+The Application Insights appenders can be referenced by any configured logger, and not necessarily by the root logger (as shown in the code samples above).
+
+## Explore your traces in the Application Insights portal
+Now that you've configured your project to send traces to Application Insights, you can view and search these traces in the Application Insights portal, in the [Search][diagnostic] blade.
+
+Exceptions submitted via loggers will be displayed on the portal as Exception Telemetry.
+
+![In the Application Insights portal, open Search](./media/java-trace-logs/01-diagnostics.png)
+
+## Next steps
+[Diagnostic search][diagnostic]
+
+<!--Link references-->
+
+[diagnostic]: ./diagnostic-search.md
+[java]: java-2x-get-started.md
+
azure-monitor Java 2X Troubleshoot https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/app/java-2x-troubleshoot.md
+
+ Title: Troubleshoot Application Insights in a Java web project
+description: Troubleshooting guide - monitoring live Java apps with Application Insights.
+ Last updated : 03/14/2019+++++
+# Troubleshooting and Q and A for Application Insights for Java SDK
+
+> [!IMPORTANT]
+> The recommended approach to monitor Java applications is to use the auto-instrumentation without changing the code. Please follow the guidelines for [Application Insights Java 3.0 agent](./java-in-process-agent.md).
+
+Questions or problems with [Azure Application Insights in Java][java]? Here are some tips.
+
+## Build errors
+**In Eclipse or Intellij Idea, when adding the Application Insights SDK via Maven or Gradle, I get build or checksum validation errors.**
+
+* If the dependency `<version>` element is using a pattern with wildcard characters (e.g. (Maven) `<version>[2.0,)</version>` or (Gradle) `version:'2.+'`), try specifying a specific version instead like `2.6.2`.
+
+## No data
+**I added Application Insights successfully and ran my app, but I've never seen data in the portal.**
+
+* Wait a minute and click Refresh. The charts refresh themselves periodically, but you can also refresh manually. The refresh interval depends on the time range of the chart.
+* Check that you have an instrumentation key defined in the ApplicationInsights.xml file (in the resources folder in your project) or configured as Environment variable.
+* Verify that there is no `<DisableTelemetry>true</DisableTelemetry>` node in the xml file.
+* In your firewall, you might have to open TCP ports 80 and 443 for outgoing traffic to dc.services.visualstudio.com. See the [full list of firewall exceptions](./ip-addresses.md)
+* In the Microsoft Azure start board, look at the service status map. If there are some alert indications, wait until they have returned to OK and then close and re-open your Application Insights application blade.
+* [Turn on logging](#debug-data-from-the-sdk) by adding an `<SDKLogger />` element under the root node in the ApplicationInsights.xml file (in the resources folder in your project), and check for entries prefaced with AI: INFO/WARN/ERROR for any suspicious logs.
+* Make sure that the correct ApplicationInsights.xml file has been successfully loaded by the Java SDK, by looking at the console's output messages for a "Configuration file has been successfully found" statement.
+* If the config file is not found, check the output messages to see where the config file is being searched for, and make sure that the ApplicationInsights.xml is located in one of those search locations. As a rule of thumb, you can place the config file near the Application Insights SDK JARs. For example: in Tomcat, this would mean the WEB-INF/classes folder. During development you can place ApplicationInsights.xml in resources folder of your web project.
+* Please also look at [GitHub issues page](https://github.com/microsoft/ApplicationInsights-Java/issues) for known issues with the SDK.
+* Please ensure to use same version of Application Insights core, web, agent and logging appenders to avoid any version conflict issues.
+
+#### I used to see data, but it has stopped
+* Have you hit your monthly quota of data points? Open Settings/Quota and Pricing to find out. If so, you can upgrade your plan, or pay for additional capacity. See the [pricing scheme](https://azure.microsoft.com/pricing/details/application-insights/).
+* Have you recently upgraded your SDK? Please ensure that only Unique SDK jars are present inside the project directory. There should not be two different versions of SDK present.
+* Are you looking at the correct AI resource? Please match the iKey of your application to the resource where you are expecting telemetry. They should be the same.
+
+#### I don't see all the data I'm expecting
+* Open the Usage and estimated cost page and check whether [sampling](./sampling.md) is in operation. (100% transmission means that sampling isn't in operation.) The Application Insights service can be set to accept only a fraction of the telemetry that arrives from your app. This helps you keep within your monthly quota of telemetry.
+* Do you have SDK Sampling turned on? If yes, data would be sampled at the rate specified for all the applicable types.
+* Are you running an older version of Java SDK? Starting with version 2.0.1, we have introduced fault tolerance mechanism to handle intermittent network and backend failures as well as data persistence on local drives.
+* Are you getting throttled due to excessive telemetry? If you turn on INFO logging, you will see a log message "App is throttled". Our current limit is 32k telemetry items/second.
+
+### Java Agent cannot capture dependency data
+* Have you configured Java agent by following [Configure Java Agent](java-2x-agent.md) ?
+* Make sure both the java agent jar and the AI-Agent.xml file are placed in the same folder.
+* Make sure that the dependency you are trying to auto-collect is supported for auto collection. Currently we only support MySQL, MsSQL, Oracle DB and Azure Cache for Redis dependency collection.
+
+## No usage data
+**I see data about requests and response times, but no page view, browser, or user data.**
+
+You successfully set up your app to send telemetry from the server. Now your next step is to [set up your web pages to send telemetry from the web browser][usage].
+
+Alternatively, if your client is an app in a [phone or other device][platforms], you can send telemetry from there.
+
+Use the same instrumentation key to set up both your client and server telemetry. The data will appear in the same Application Insights resource, and you'll be able to correlate events from client and server.
+
+## Disabling telemetry
+**How can I disable telemetry collection?**
+
+In code:
+
+```Java
+
+ TelemetryConfiguration config = TelemetryConfiguration.getActive();
+ config.setTrackingIsDisabled(true);
+```
+
+**Or**
+
+Update ApplicationInsights.xml (in the resources folder in your project). Add the following under the root node:
+
+```XML
+
+ <DisableTelemetry>true</DisableTelemetry>
+```
+
+Using the XML method, you have to restart the application when you change the value.
+
+## Changing the target
+**How can I change which Azure resource my project sends data to?**
+
+* [Get the instrumentation key of the new resource.][java]
+* If you added Application Insights to your project using the Azure Toolkit for Eclipse, right click your web project, select **Azure**, **Configure Application Insights**, and change the key.
+* If you had configured the Instrumentation Key as environment variable please update the value of the environment variable with new iKey.
+* Otherwise, update the key in ApplicationInsights.xml in the resources folder in your project.
+
+## Debug data from the SDK
+
+**How can I find out what the SDK is doing?**
+
+To get more information about what's happening in the API, add `<SDKLogger/>` under the root node of the ApplicationInsights.xml configuration file.
+
+### ApplicationInsights.xml
+
+You can also instruct the logger to output to a file:
+
+```XML
+ <SDKLogger type="FILE"><!-- or "CONSOLE" to print to stderr -->
+ <Level>TRACE</Level>
+ <UniquePrefix>AI</UniquePrefix>
+ <BaseFolderPath>C:/agent/AISDK</BaseFolderPath>
+</SDKLogger>
+```
+
+### Spring Boot Starter
+
+To enable SDK logging with Spring Boot Apps using the Application Insights Spring Boot Starter, add the following to the `application.properties` file:
+
+```yaml
+azure.application-insights.logger.type=file
+azure.application-insights.logger.base-folder-path=C:/agent/AISDK
+azure.application-insights.logger.level=trace
+```
+
+or to print to standard error:
+
+```yaml
+azure.application-insights.logger.type=console
+azure.application-insights.logger.level=trace
+```
+
+### Java Agent
+
+To enable JVM Agent Logging update the [AI-Agent.xml file](java-2x-agent.md):
+
+```xml
+<AgentLogger type="FILE"><!-- or "CONSOLE" to print to stderr -->
+ <Level>TRACE</Level>
+ <UniquePrefix>AI</UniquePrefix>
+ <BaseFolderPath>C:/agent/AIAGENT</BaseFolderPath>
+</AgentLogger>
+```
+
+### Java Command Line Properties
+_Since version 2.4.0_
+
+To enable logging using command line options, without changing configuration files:
+
+```
+java -Dapplicationinsights.logger.file.level=trace -Dapplicationinsights.logger.file.uniquePrefix=AI -Dapplicationinsights.logger.baseFolderPath="C:/my/log/dir" -jar MyApp.jar
+```
+
+or to print to standard error:
+
+```
+java -Dapplicationinsights.logger.console.level=trace -jar MyApp.jar
+```
+
+## The Azure start screen
+**I'm looking at [the Azure portal](https://portal.azure.com). Does the map tell me something about my app?**
+
+No, it shows the health of Azure servers around the world.
+
+*From the Azure start board (home screen), how do I find data about my app?*
+
+Assuming you [set up your app for Application Insights][java], click Browse, select Application Insights, and select the app resource you created for your app. To get there faster in future, you can pin your app to the start board.
+
+## Intranet servers
+**Can I monitor a server on my intranet?**
+
+Yes, provided your server can send telemetry to the Application Insights portal through the public internet.
+
+You may need to [open some outgoing ports in your server's firewall](./ip-addresses.md#outgoing-ports)
+to allow the SDK to send data to the portal.
+
+## Data retention
+**How long is data retained in the portal? Is it secure?**
+
+See [Data retention and privacy][data].
+
+## Debug logging
+Application Insights uses `org.apache.http`. This is relocated within Application Insights core jars under the namespace `com.microsoft.applicationinsights.core.dependencies.http`. This enables Application Insights to handle scenarios where different versions of the same `org.apache.http` exist in one code base.
+
+>[!NOTE]
+>If you enable DEBUG level logging for all namespaces in the app, it will be honored by all executing modules including `org.apache.http` renamed as `com.microsoft.applicationinsights.core.dependencies.http`. Application Insights will not be able to apply filtering for these calls because the log call is being made by the Apache library. DEBUG level logging produce a considerable amount of log data and is not recommended for live production instances.
+
+## Next steps
+**I set up Application Insights for my Java server app. What else can I do?**
+
+* [Monitor availability of your web pages][availability]
+* [Monitor web page usage][usage]
+* [Track usage and diagnose issues in your device apps][platforms]
+* [Write code to track usage of your app][track]
+* [Capture diagnostic logs][javalogs]
+
+## Get help
+* [Stack Overflow](https://stackoverflow.com/questions/tagged/ms-application-insights)
+* [File an issue on GitHub](https://github.com/microsoft/ApplicationInsights-Java/issues)
+
+<!--Link references-->
+
+[availability]: ./monitor-web-app-availability.md
+[data]: ./data-retention-privacy.md
+[java]: java-2x-get-started.md
+[javalogs]: java-2x-trace-logs.md
+[platforms]: ./platforms.md
+[track]: ./api-custom-events-metrics.md
+[usage]: javascript.md
+
azure-monitor Java In Process Agent https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/app/java-in-process-agent.md
# Java codeless application monitoring Azure Monitor Application Insights
+> [!NOTE]
+> If you are looking for the old 2.x docs, go [here](./java-2x-get-started.md).
+ Java codeless application monitoring is all about simplicity - there are no code changes, the Java agent can be enabled through just a couple of configuration changes. The Java agent works in any environment, and allows you to monitor all of your Java applications. In other words, whether you are running your Java apps on VMs, on-premises, in AKS, on Windows, Linux - you name it, the Java 3.0 agent will monitor your app.
azure-monitor Javascript https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/app/javascript.md
Find out about the performance and usage of your web page or app. If you add [Application Insights](app-insights-overview.md) to your page script, you get timings of page loads and AJAX calls, counts, and details of browser exceptions and AJAX failures, as well as users and session counts. All these can be segmented by page, client OS and browser version, geo location, and other dimensions. You can set alerts on failure counts or slow page loading. And by inserting trace calls in your JavaScript code, you can track how the different features of your web page application are used.
-Application Insights can be used with any web pages - you just add a short piece of JavaScript. If your web service is [Java](java-get-started.md) or [ASP.NET](asp-net.md), you can use the server-side SDKs in conjunction with the client-side JavaScript SDK to get an end-to-end understanding of your app's performance.
+Application Insights can be used with any web pages - you just add a short piece of JavaScript. If your web service is [Java](java-in-process-agent.md) or [ASP.NET](asp-net.md), you can use the server-side SDKs in conjunction with the client-side JavaScript SDK to get an end-to-end understanding of your app's performance.
## Adding the JavaScript SDK
azure-monitor Platforms https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/app/platforms.md
# Supported languages * [C#|VB (.NET)](./asp-net.md)
-* [Java](./java-get-started.md)
+* [Java](./java-in-process-agent.md)
* [JavaScript](./javascript.md) * [Node.JS](./nodejs.md) * [Python](./opencensus-python.md)
* [ASP.NET Core](./asp-net-core.md) * [Android](../app/mobile-center-quickstart.md) (App Center) * [iOS](../app/mobile-center-quickstart.md) (App Center)
-* [Java EE](./java-get-started.md)
+* [Java EE](./java-in-process-agent.md)
* [Node.JS](https://www.npmjs.com/package/applicationinsights) * [Python](./opencensus-python.md) * [Universal Windows app](../app/mobile-center-quickstart.md) (App Center)
## Logging frameworks * [ILogger](./ilogger.md) * [Log4Net, NLog, or System.Diagnostics.Trace](./asp-net-trace-logs.md)
-* [Java, Log4J, or Logback](./java-trace-logs.md)
+* [Java, Log4J, or Logback](java-2x-trace-logs.md)
* [LogStash plugin](https://github.com/Azure/azure-diagnostics-tools/tree/master/Logstash/logstash-output-applicationinsights) * [Azure Monitor](/archive/blogs/msoms/application-insights-connector-in-oms)
azure-monitor Proactive Trace Severity https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/app/proactive-trace-severity.md
Last updated 11/27/2017
Traces are widely used in applications, as they help tell the story of what happens behind the scenes. When things go wrong, traces provide crucial visibility into the sequence of events leading to the undesired state. While traces are generally unstructured, there is one thing that can concretely be learned from them ΓÇô their severity level. In an applicationΓÇÖs steady state, we would expect the ratio between ΓÇ£goodΓÇ¥ traces (*Info* and *Verbose*) and ΓÇ£badΓÇ¥ traces (*Warning*, *Error*, and *Critical*) to remain stable. The assumption is that ΓÇ£badΓÇ¥ traces may happen on a regular basis to a certain extent due to any number of reasons (transient network issues for instance). But when a real problem begins growing, it usually manifests as an increase in the relative proportion of ΓÇ£badΓÇ¥ traces vs ΓÇ£goodΓÇ¥ traces. Application Insights Smart Detection automatically analyzes the traces logged by your application, and can warn you about unusual patterns in the severity of your trace telemetry.
-This feature requires no special setup, other than configuring trace logging for your app (see how to configure a trace log listener for [.NET](./asp-net-trace-logs.md) or [Java](./java-trace-logs.md)). It is active when your app generates enough exception telemetry.
+This feature requires no special setup, other than configuring trace logging for your app (see how to configure a trace log listener for [.NET](./asp-net-trace-logs.md) or [Java](java-2x-trace-logs.md)). It is active when your app generates enough exception telemetry.
## When would I get this type of smart detection notification? You might get this type of notification if the ratio between ΓÇ£goodΓÇ¥ traces (traces logged with a level of *Info* or *Verbose*) and ΓÇ£badΓÇ¥ traces (traces logged with a level of *Warning*, *Error*, or *Fatal*) is degrading in a specific day, compared to a baseline calculated over the previous seven days.
azure-monitor Release Notes https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/app/release-notes.md
Get started with code-based monitoring:
* [ASP.NET](./asp-net.md) * [ASP.NET Core](./asp-net-core.md)
-* [Java](./java-get-started.md)
+* [Java](./java-in-process-agent.md)
* [Node.js](./nodejs.md) * [Python](./opencensus-python.md)
azure-monitor Sampling https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/app/sampling.md
By default no sampling is enabled in the Java agent and SDK. Currently it only s
} ```
-#### Configuring Java SDK
+#### Configuring Java 2.x SDK
-1. Download and configure your web application with the latest [Application Insights Java SDK](./java-get-started.md).
+1. Download and configure your web application with the latest [Application Insights Java SDK](./java-2x-get-started.md).
2. **Enable the fixed-rate sampling module** by adding the following snippet to `ApplicationInsights.xml` file:
azure-monitor Sdk Connection String https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/app/sdk-connection-string.md
Here's a list of valid suffixes
- applicationinsights.us
-See also: https://docs.microsoft.com/azure/azure-monitor/app/custom-endpoints#regions-that-require-endpoint-modification
+See also: [Regions that require endpoint modification](./custom-endpoints.md#regions-that-require-endpoint-modification)
##### Valid prefixes
Get started at development time with:
* [ASP.NET](./asp-net.md) * [ASP.NET Core](./asp-net-core.md)
-* [Java](./java-get-started.md)
+* [Java](./java-in-process-agent.md)
* [Node.js](./nodejs.md) * [Python](./opencensus-python.md)
azure-monitor Usage Overview https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/app/usage-overview.md
Which features of your web or mobile app are most popular? Do your users achieve
The best experience is obtained by installing Application Insights both in your app server code, and in your web pages. The client and server components of your app send telemetry back to the Azure portal for analysis.
-1. **Server code:** Install the appropriate module for your [ASP.NET](./asp-net.md), [Azure](./app-insights-overview.md), [Java](./java-get-started.md), [Node.js](./nodejs.md), or [other](./platforms.md) app.
+1. **Server code:** Install the appropriate module for your [ASP.NET](./asp-net.md), [Azure](./app-insights-overview.md), [Java](./java-in-process-agent.md), [Node.js](./nodejs.md), or [other](./platforms.md) app.
* *Don't want to install server code? Just [create an Azure Application Insights resource](./create-new-resource.md).*
azure-monitor Continuous Monitoring https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/continuous-monitoring.md
In order to gain observability across your entire environment, you need to enabl
- [Azure DevOps Projects](../devops-project/overview.md) give you a simplified experience with your existing code and Git repository, or choose from one of the sample applications to create a Continuous Integration (CI) and Continuous Delivery (CD) pipeline to Azure. - [Continuous monitoring in your DevOps release pipeline](./app/continuous-monitoring.md) allows you to gate or rollback your deployment based on monitoring data. - [Status Monitor](./app/monitor-performance-live-website-now.md) allows you to instrument a live .NET app on Windows with Azure Application Insights, without having to modify or redeploy your code.-- If you have access to the code for your application, then enable full monitoring with [Application Insights](./app/app-insights-overview.md) by installing the Azure Monitor Application Insights SDK for [.NET](./app/asp-net.md), [.NET Core](./app/asp-net-core.md), [Java](./app/java-get-started.md), [Node.js](./app/nodejs-quick-start.md), or [any other programming languages](./app/platforms.md). This allows you to specify custom events, metrics, or page views that are relevant to your application and your business.
+- If you have access to the code for your application, then enable full monitoring with [Application Insights](./app/app-insights-overview.md) by installing the Azure Monitor Application Insights SDK for [.NET](./app/asp-net.md), [.NET Core](./app/asp-net-core.md), [Java](./app/java-in-process-agent.md), [Node.js](./app/nodejs-quick-start.md), or [any other programming languages](./app/platforms.md). This allows you to specify custom events, metrics, or page views that are relevant to your application and your business.
azure-monitor Deploy https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/deploy.md
To enable monitoring for an application, you must decide whether you will use co
- [ASP.NET Applications](app/asp-net.md) - [ASP.NET Core Applications](app/asp-net-core.md) - [.NET Console Applications](app/console.md)-- [Java](app/java-get-started.md)
+- [Java](app/java-in-process-agent.md)
- [Node.js](app/nodejs.md) - [Python](app/opencensus-python.md) - [Other platforms](app/platforms.md)
azure-monitor Faq https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/faq.md
Specify an existing or new [Action Group](alerts/action-groups.md) so that when
See [Network firewall requirements](agents/log-analytics-agent.md#network-requirements)for details on firewall requirements. +
+## Azure Monitor Agent (preview)
+
+### What is the upgrade path from Log Analytics agents to Azure Monitor Agent? How do we migrate?
+ThereΓÇÖs currently no ΓÇ£auto-updateΓÇ¥ path since this involves complete uninstallation of existing agents on your machines and installing the new agent. As such we expect customers to plan for migration at the most suitable time based on feature parity.
+The more important reason is that with the new agent, data collection setup is much simpler, centralized, and configurable for subsets of machines connected to same or multiple destinations **using the power of Data Collection Rules, which overcomes a lot of limitations of existing Log Analytics agent setup**.
+
+**As such, we recommend looking at your data collection needs holistically, and creating the right DCRs first, and then performing the agent update to go along with this new setup**. To do so, you can follow the guidance on how to deploy at scale.
++
+### WhatΓÇÖs the upgrade path from Log Analytics Agent (MMA) to Azure Monitor Agent (AMA) for monitoring SCOM? Can we use AMA for SCOM scenarios?
+Here's how AMA impacts the two SCOM related monitor scenarios:
+- **Scenario 1**: For monitoring the Windows operating system of SCOM, the upgrade path is same as any other machine, wherein you can migrate from MMA (versions 2016, 2019) to AMA as soon as your required parity features are available on AMA.
+- **Scenario 2**: For onboarding/connecting SCOM to Log Analytics workspaces, since this is enabled via a SCOM connector for Log Analytics/Azure Monitor, neither MMA nor AMA is required to be installed on the SCOM management server. As such there is no impact to this use case from AMA perspective.
+
+> [!NOTE]
+> You can run both scenarios above with MMA and AMA side-by-side without any impact*
++
+### Will the new Azure Monitor agent support data collection for the various Log Analytics solutions?
+What youΓÇÖre familiar as solutions or management packs, now become VM extensions that use the Azure Monitor Agent extension to send data to Azure Monitor. When you enable a solution on AMA, you hence see an additional VM extension installed, when applicable.
+Over time, AMA will be the only agent that uploads data to Azure Monitor (or additional supported destinations).
+The solution specific VM extensions exist to collect scenario specific data or perform transformation/processing as required, and then use AMA to route the final data to Azure Monitor.
+
+HereΓÇÖs a diagram explaining the **new extensibility architecture**:
+
+![Extensions architecture](agents/media/azure-monitor-agent/extensibility-arch-diag.png)
++
+### Which Log Analytics solutions are supported on the new Azure Monitor Agent?
+Log Analytics solutions can be enabled using the new Azure Monitor Agent either as natively supported or by installing the additional VM extension for the solution.
+
+| **Solution (VM extension)** | **Availability on Azure Monitor Agent (AMA)** |
+|:|:|
+| **Azure Security Center** | Private preview on AMA |
+| **Sentinel** | Private preview on AMA |
+| **Change Tracking** | Supported as File Integrity Monitoring (FIM) in ASC private preview on AMA |
+| **Update Management** | You can use the Update Management v2 (private preview) that doesnΓÇÖt need any agent |
+| **VM Insights with metrics support** | Private preview on AMA |
+| **VM Insights guest health (new)** | Public preview: [VM insights guest health (preview)](vm/vminsights-health-overview.md) |
+| **SQL Monitoring (new)** | Public preview exclusively on AMA: [SQL insights (preview)](insights/sql-insights-overview.md) |
++
+### Can the new Azure Monitor Agent and Log Analytics Agent co-exist side-by-side?
+Yes they can, but with certain considerations. Read more [here](agents/azure-monitor-agent-overview.md#coexistence-with-other-agents).
+
+### Is the new Azure Monitor Agent at parity with existing agents?
+It does not have full parity yet with existing agents. Here are some high-level gaps:
+
+- **Comparison with Log Analytics Agents (MMA/OMS)**
+ - Not all Log Analytics Solutions are supported today. See table above
+ - No support for Private Links
+ - No support for proxy servers or Log Analytics (OMS) gateway
+ - No support for collecting custom logs or IIS logs
+ - No support for Hybrid Runbook workers
+
+- **Comparison with Azure Diagnostic Extensions (WAD/LAD)**
+ - No support for Event Hubs and Storage accounts as destinations
++
+### Does the new Azure Monitor Agent support non-Azure environments (other clouds, on-premises)?
+Both on-premises machines and machines connected to other clouds are supported for servers today, once you have the Azure ARC agent installed. For purposes of running AMA and DCR, the ARC requirement comes at **no additional cost or resource consumption**, since the ARC agent is only used an installation mechanism and isnΓÇÖt performing any operations unless you enable them
++
+### What types of machines does the new Azure Monitor Agent support?
+You can directly install them on Virtual Machines, Virtual Machines Scale Sets, and ARC enabled Servers only.
++
+### Can we filter events using event ID, i.e. more granular event filtering using the new Azure Monitor Agent?
+Yes. You can use **Xpath queries** for filtering events on Windows machines. [Learn more](agents/data-collection-rule-azure-monitor-agent.md#limit-data-collection-with-custom-xpath-queries)
+For performance counters, you can specify specific counters you wish to collect, and exclude ones you donΓÇÖt need.
+For syslog on Linux, you can choose Facilities and log level for each facility to collect.
++
+### Does the new Azure Monitor agent support sending data to EventHubs and Azure Storage Accounts?
+Not yet, but the new agent along with Data Collection Rules will support sending data to both Event Hubs as well as Azure Storage accounts in the future. Watch out for announcements in Azure Updates or join the [Teams channel](https://teams.microsoft.com/l/team/19%3af3f168b782f64561b52abe75e59e83bc%40thread.tacv2/conversations?groupId=770d6aa5-c2f7-4794-98a0-84fd6ae7f193&tenantId=72f988bf-86f1-41af-91ab-2d7cd011db47) for frequent updates, support, news and more!
++++ ## Visualizations ### Why can't I see View Designer?
View Designer is only available for users assigned with Contributor permissions
* [.NET app](app/asp-net-troubleshoot-no-data.md) * [Monitoring an already-running app](app/monitor-performance-live-website-now.md#troubleshoot) * [Azure diagnostics](agents/diagnostics-extension-to-application-insights.md)
-* [Java web app](app/java-troubleshoot.md)
+* [Java web app](app/java-2x-troubleshoot.md)
*I get no data from my server:* * [Set firewall exceptions](app/ip-addresses.md) * [Set up an ASP.NET server](app/monitor-performance-live-website-now.md)
-* [Set up a Java server](app/java-agent.md)
+* [Set up a Java server](app/java-2x-agent.md)
*How many Application Insights resources should I deploy:*
View Designer is only available for users assigned with Contributor permissions
* [Web apps on an IIS server in Azure VM or Azure virtual machine scale set](app/azure-vm-vmss-apps.md) * [Web apps on an IIS server - on-premises or in a VM](app/asp-net.md)
-* [Java web apps](app/java-get-started.md)
+* [Java web apps](app/java-in-process-agent.md)
* [Node.js apps](app/nodejs.md) * [Web apps on Azure](app/azure-web-apps.md) * [Cloud Services on Azure](app/cloudservices.md)
From server web apps:
* HTTP requests * [Dependencies](app/asp-net-dependencies.md). Calls to: SQL Databases; HTTP calls to external services; Azure Cosmos DB, table, blob storage, and queue. * [Exceptions](app/asp-net-exceptions.md) and stack traces.
-* [Performance Counters](app/performance-counters.md) - If you use [Status Monitor](app/monitor-performance-live-website-now.md), [Azure monitoring for App Services](app/azure-web-apps.md), [Azure monitoring for VM or virtual machine scale set](app/azure-vm-vmss-apps.md), or the [Application Insights collectd writer](app/java-collectd.md).
+* [Performance Counters](app/performance-counters.md) - If you use [Status Monitor](app/monitor-performance-live-website-now.md), [Azure monitoring for App Services](app/azure-web-apps.md), [Azure monitoring for VM or virtual machine scale set](app/azure-vm-vmss-apps.md), or the [Application Insights collectd writer](app/java-2x-collectd.md).
* [Custom events and metrics](app/api-custom-events-metrics.md) that you code. * [Trace logs](app/asp-net-trace-logs.md) if you configure the appropriate collector.
Yes, in the server you can write:
* Telemetry Processor to filter or add properties to selected telemetry items before they are sent from your app. * Telemetry Initializer to add properties to all items of telemetry.
-Learn more for [ASP.NET](app/api-filtering-sampling.md) or [Java](app/java-filter-telemetry.md).
+Learn more for [ASP.NET](app/api-filtering-sampling.md) or [Java](app/java-2x-filter-telemetry.md).
### How are city, country/region, and other geo location data calculated?
azure-monitor Policy Reference https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/policy-reference.md
Title: Built-in policy definitions for Azure Monitor description: Lists Azure Policy built-in policy definitions for Azure Monitor. These built-in policy definitions provide common approaches to managing your Azure resources. Previously updated : 05/04/2021 Last updated : 05/14/2021
azure-monitor Security Controls Policy https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/security-controls-policy.md
Title: Azure Policy Regulatory Compliance controls for Azure Monitor description: Lists Azure Policy Regulatory Compliance controls available for Azure Monitor. These built-in policy definitions provide common approaches to managing the compliance of your Azure resources. Previously updated : 05/04/2021 Last updated : 05/14/2021
azure-percept Azure Percept Audio Datasheet https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-percept/azure-percept-audio-datasheet.md
Last updated 02/16/2021
|Sensors, Visual Indicators, and Components |4x MEM Sensing Microsystems Microphones (MSM261D3526Z1CM) <br> 2x Buttons <br> USB Hub <br> DAC <br> 3x LEDs <br> LED Driver | |Security Crypto-Controller |ST-Microelectronics STM32L462CE | |Ports |1x USB 2.0 Type Micro B <br> 3.5 mm Audio Out |
-|Certification |FCC <br> IC <br> RoHS <br> REACH <br> UL <br> CE <br> ACMA <br> FCC <br> IC <br> VCCI <br> NRTL <br> CB |
+|Certification |CE <br> ACMA <br> FCC <br> IC <br> VCCI <br> NRTL <br> CB |
|Operating Temperature |0 degrees to 35 degrees C | |Non-Operating Temperature |-40 degrees to 85 degrees C | |Relative Humidity |10% to 95% |
azure-percept Azure Percept Dk Datasheet https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-percept/azure-percept-dk-datasheet.md
Last updated 02/16/2021
|Operating Temperature |0 degrees to 35 degrees C | |Non-Operating Temperature |-40 degrees to 85 degrees C | |Relative Humidity |10% to 95% |
-|Certification  |FCC <br> IC <br> RoHS <br> REACH <br> UL <br> CE <br> ACMA <br> FCC <br> IC <br> NCC <br> VCCI + MIC <br> NRTL <br> CB |
+|Certification  |CE <br> ACMA <br> FCC <br> IC <br> NCC <br> VCCI + MIC <br> NRTL <br> CB |
|Power Supply |19 VDC at 3.42A (65 W) |
azure-percept Azure Percept Vision Datasheet https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-percept/azure-percept-vision-datasheet.md
Specifications listed below are for the Azure Percept Vision device, included in
|Power   |3.5 W | |Ports |1x USB 3.0 Type C <br> 2x MIPI 4 Lane (up to 1.5 Gbps per lane) | |Control Interfaces |2x I2C <br> 2x SPI <br> 6x PWM (GPIOs: 2x clock, 2x frame sync, 2x unused) <br> 2x spare GPIO |
-|Certification |FCC <br> IC <br> RoHS <br> REACH <br> UL <br> CE <br> ACMA <br> FCC <br> IC <br> NCC <br> VCCI + MIC <br> NRTL <br> CB |
+|Certification |CE <br> ACMA <br> FCC <br> IC <br> VCCI <br> NRTL <br> CB |
|Operating Temperature    |0 degrees to 27 degrees C (Azure Percept Vision SoM assembly with housing) <br> -10 degrees to 70 degrees C (Vision SoM chip) | |Touch Temperature |<= 48 degrees C | |Relative Humidity   |8% to 90% |
azure-portal Policy Reference https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-portal/policy-reference.md
Title: Built-in policy definitions for Azure portal description: Lists Azure Policy built-in policy definitions for Azure portal. These built-in policy definitions provide common approaches to managing your Azure resources. Previously updated : 05/04/2021 Last updated : 05/14/2021
azure-resource-manager Policy Reference https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-resource-manager/custom-providers/policy-reference.md
Title: Built-in policy definitions for Azure Custom Resource Providers description: Lists Azure Policy built-in policy definitions for Azure Custom Resource Providers. These built-in policy definitions provide common approaches to managing your Azure resources. Previously updated : 05/04/2021 Last updated : 05/14/2021
azure-resource-manager Policy Reference https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-resource-manager/managed-applications/policy-reference.md
Title: Built-in policy definitions for Azure Managed Applications description: Lists Azure Policy built-in policy definitions for Azure Managed Applications. These built-in policy definitions provide common approaches to managing your Azure resources. Previously updated : 05/04/2021 Last updated : 05/14/2021
azure-resource-manager Policy Reference https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-resource-manager/management/policy-reference.md
Title: Built-in policy definitions for Azure Resource Manager description: Lists Azure Policy built-in policy definitions for Azure Resource Manager. These built-in policy definitions provide common approaches to managing your Azure resources. Previously updated : 05/04/2021 Last updated : 05/14/2021
azure-resource-manager Security Controls Policy https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-resource-manager/management/security-controls-policy.md
Title: Azure Policy Regulatory Compliance controls for Azure Resource Manager description: Lists Azure Policy Regulatory Compliance controls available for Azure Resource Manager. These built-in policy definitions provide common approaches to managing the compliance of your Azure resources. Previously updated : 05/04/2021 Last updated : 05/14/2021
azure-signalr Policy Reference https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-signalr/policy-reference.md
Title: Built-in policy definitions for Azure SignalR description: Lists Azure Policy built-in policy definitions for Azure SignalR. These built-in policy definitions provide common approaches to managing your Azure resources. Previously updated : 05/04/2021 Last updated : 05/14/2021
azure-signalr Security Controls Policy https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-signalr/security-controls-policy.md
Title: Azure Policy Regulatory Compliance controls for Azure SignalR description: Lists Azure Policy Regulatory Compliance controls available for Azure SignalR. These built-in policy definitions provide common approaches to managing the compliance of your Azure resources. Previously updated : 05/04/2021 Last updated : 05/14/2021
azure-sql Authentication Aad Configure https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-sql/database/authentication-aad-configure.md
For more information on Azure AD hybrid identities, setup, and synchronization,
Create an Azure AD instance and populate it with users and groups. Azure AD can be the initial Azure AD managed domain. Azure AD can also be an on-premises Active Directory Domain Services that is federated with the Azure AD.
-For more information, see [Integrating your on-premises identities with Azure Active Directory](../../active-directory/hybrid/whatis-hybrid-identity.md), [Add your own domain name to Azure AD](../../active-directory/fundamentals/add-custom-domain.md), [Microsoft Azure now supports federation with Windows Server Active Directory](https://azure.microsoft.com/blog/20../../windows-azure-now-supports-federation-with-windows-server-active-directory/), [Administering your Azure AD directory](../../active-directory/fundamentals/active-directory-whatis.md), [Manage Azure AD using Windows PowerShell](/powershell/azure/), and [Hybrid Identity Required Ports and Protocols](../../active-directory/hybrid/reference-connect-ports.md).
+For more information, see:
+- [Integrating your on-premises identities with Azure Active Directory](../../active-directory/hybrid/whatis-hybrid-identity.md)
+- [Add your own domain name to Azure AD](../../active-directory/active-directory-domains-add-azure-portal.md)
+- [Microsoft Azure now supports federation with Windows Server Active Directory](https://azure.microsoft.com/blog/windows-azure-now-supports-federation-with-windows-server-active-directory/)
+- [What is Azure Active Directory?](../../active-directory/fundamentals/active-directory-whatis.md)
+- [Manage Azure AD using Windows PowerShell](/powershell/module/azuread)
+- [Hybrid Identity Required Ports and Protocols](../../active-directory/hybrid/reference-connect-ports.md).
## Associate or add an Azure subscription to Azure Active Directory
azure-sql Policy Reference https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-sql/database/policy-reference.md
Title: Built-in policy definitions for Azure SQL Database description: Lists Azure Policy built-in policy definitions for Azure SQL Database and SQL Managed Instance. These built-in policy definitions provide common approaches to managing your Azure resources. Previously updated : 05/04/2021 Last updated : 05/14/2021
azure-sql Security Controls Policy https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-sql/database/security-controls-policy.md
Title: Azure Policy Regulatory Compliance controls for Azure SQL Database description: Lists Azure Policy Regulatory Compliance controls available for Azure SQL Database and SQL Managed Instance. These built-in policy definitions provide common approaches to managing the compliance of your Azure resources. Previously updated : 05/04/2021 Last updated : 05/14/2021
azure-sql Sql Agent Extension Automatic Registration All Vms https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-sql/virtual-machines/windows/sql-agent-extension-automatic-registration-all-vms.md
You can enable the automatic registration feature for multiple Azure subscriptio
To do so, follow these steps:
-1. Save [this script](https://github.com/microsoft/tigertoolbox/blob/master/AzureSQLVM/RegisterSubscriptionsToSqlVmAutomaticRegistration.ps1) to a `.ps1` file, such as `EnableBySubscription.ps1`.
+1. Save [this script](https://github.com/microsoft/tigertoolbox/blob/master/AzureSQLVM/AutoRegTools.psm1).
1. Navigate to where you saved the script by using an administrative Command Prompt or PowerShell window. 1. Connect to Azure (`az login`). 1. Execute the script, passing in SubscriptionIds as parameters such as
azure-vmware Configure Dhcp L2 Stretched Vmware Hcx Networks https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-vmware/configure-dhcp-l2-stretched-vmware-hcx-networks.md
+
+ Title: Configure on-premises DHCP to use on HCX networks
+description: Learn how to create and manage DHCP for your Azure VMware Solution private cloud.
++ Last updated : 05/14/2021++
+# Configure on-premises DHCP to use on HCX networks
+
+Applications and workloads running in a private cloud environment require DHCP services for IP address assignments. This article shows you how to create and manage DHCP in Azure VMware Solution in two ways:
+
+- If you're using NSX-T to host your DHCP server, you'll need to [create a DHCP server](#create-a-dhcp-server) and [relay to that server](#create-dhcp-relay-service). When you create the DHCP server, you'll also add a network segment and specify the DHCP IP address range.
+
+- If you're using a third-party external DHCP server in your network, you'll need to [create DHCP relay service](#create-dhcp-relay-service). When you create a relay to a DHCP server, whether using NSX-T or a third-party to host your DHCP server, you'll need to specify the DHCP IP address range.
+
+>[!IMPORTANT]
+>DHCP does not work for virtual machines (VMs) on the VMware HCX L2 stretch network when the DHCP server is in the on-premises datacenter. NSX, by default, blocks all DHCP requests from traversing the L2 stretch. For the solution, see the [Send DHCP requests to a non-NSX-T based DHCP server](#send-dhcp-requests-to-a-non-nsx-t-based-dhcp-server) procedure.
++
+## Create a DHCP server
+
+If you want to use NSX-T to host your DHCP server, you'll create a DHCP server. Then you'll add a network segment and specify the DHCP IP address range.
+
+1. In NSX-T Manager, select **Networking** > **DHCP**, and then select **Add Server**.
+
+1. Select **DHCP** for the **Server Type**, provide the server name and IP address, and then select **Save**.
+
+ :::image type="content" source="./media/manage-dhcp/dhcp-server-settings.png" alt-text="add DHCP server" border="true":::
+
+1. Select **Tier 1 Gateways**, select the vertical ellipsis on the Tier-1 gateway, and then select **Edit**.
+
+ :::image type="content" source="./media/manage-dhcp/edit-tier-1-gateway.png" alt-text="select the gateway to use" border="true":::
+
+1. Select **No IP Allocation Set** to add a subnet.
+
+ :::image type="content" source="./media/manage-dhcp/add-subnet.png" alt-text="add a subnet" border="true":::
+
+1. For **Type**, select **DHCP Local Server**.
+
+1. For the **DHCP Server**, select **Default DHCP**, and then select **Save**.
+
+1. Select **Save** again and then select **Close Editing**.
+
+### Add a network segment
+++
+## Create DHCP relay service
+
+If you want to use a third-party external DHCP server, you'll need to create a DHCP relay service. You'll also specify the DHCP IP address range in NSX-T Manager.
+
+1. In NSX-T Manager, select **Networking** > **DHCP**, and then select **Add Server**.
+
+1. Select **DHCP Relay** for the **Server Type**, provide the server name and IP address, and then select **Save**.
+
+ :::image type="content" source="./media/manage-dhcp/create-dhcp-relay.png" alt-text="create dhcp relay service" border="true":::
+
+1. Select **Tier 1 Gateways**, select the vertical ellipsis on the Tier-1 gateway, and then select **Edit**.
+
+ :::image type="content" source="./media/manage-dhcp/edit-tier-1-gateway-relay.png" alt-text="edit tier 1 gateway" border="true":::
+
+1. Select **No IP Allocation Set** to define the IP address allocation.
+
+ :::image type="content" source="./media/manage-dhcp/edit-ip-address-allocation.png" alt-text="edit ip address allocation" border="true":::
+
+1. For **Type**, select **DHCP Server**.
+
+1. For the **DHCP Server**, select **DHCP Relay**, and then select **Save**.
+
+1. Select **Save** again and then select **Close Editing**.
++
+## Specify the DHCP IP address range
+
+1. In NSX-T Manager, select **Networking** > **Segments**.
+
+1. Select the vertical ellipsis on the segment name and select **Edit**.
+
+1. Select **Set Subnets** to specify the DHCP IP address for the subnet.
+
+ :::image type="content" source="./media/manage-dhcp/network-segments.png" alt-text="network segments" border="true":::
+
+1. Modify the gateway IP address if needed, and enter the DHCP range IP.
+
+ :::image type="content" source="./media/manage-dhcp/edit-subnet.png" alt-text="edit subnets" border="true":::
+
+1. Select **Apply**, and then **Save**. The segment is assigned a DHCP server pool.
+
+ :::image type="content" source="./media/manage-dhcp/assigned-to-segment.png" alt-text="DHCP server pool assigned to segment" border="true":::
+
+## Send DHCP requests to a non-NSX-T based DHCP server
+If you want to send DHCP requests from your Azure VMware Solution VMs to a non-NSX-T DHCP server, you'll create a new security segment profile.
+
+>[!IMPORTANT]
+>VMs on the same L2 segment that runs as DHCP servers are blocked from serving client requests. Because of this, it's important to follow the steps in this section.
+
+1. (Optional) If you need to locate the segment name of the L2 extension:
+
+ 1. Sign in to your on-premises vCenter, and under **Home**, select **HCX**.
+
+ 1. Select **Network Extension** under **Services**.
+
+ 1. Select the network extension you want to support DHCP requests from Azure VMware Solution to on-premises.
+
+ 1. Take note of the destination network name.
+
+ :::image type="content" source="media/manage-dhcp/hcx-find-destination-network.png" alt-text="Screenshot of a network extension in VMware vSphere Client" lightbox="media/manage-dhcp/hcx-find-destination-network.png":::
+
+1. In the Azure VMware Solution NSX-T Manager, select **Networking** > **Segments** > **Segment Profiles**.
+
+1. Select **Add Segment Profile** and then **Segment Security**.
+
+ :::image type="content" source="media/manage-dhcp/add-segment-profile.png" alt-text="Screenshot of how to add a segment profile in NSX-T" lightbox="media/manage-dhcp/add-segment-profile.png":::
+1. Provide a name and a tag, and then set the **BPDU Filter** toggle to ON and all the DHCP toggles to OFF.
+
+ :::image type="content" source="media/manage-dhcp/add-segment-profile-bpdu-filter-dhcp-options.png" alt-text="Screenshot showing the BPDU Filter toggled on and the DHCP toggles off" lightbox="media/manage-dhcp/add-segment-profile-bpdu-filter-dhcp-options.png":::
+
+ :::image type="content" source="media/manage-dhcp/edit-segment-security.png" alt-text="Screenshot of the Segment Security field" lightbox="media/manage-dhcp/edit-segment-security.png":::
++
+## Next steps
+Learn more about [Host maintenance and lifecycle management](concepts-private-clouds-clusters.md#host-maintenance-and-lifecycle-management).
azure-vmware Deploy Vm Content Library https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-vmware/deploy-vm-content-library.md
In this article, we'll walk through the procedure for creating a content library
## Prerequisites
-An NSX-T segment (logical switch) and a managed DHCP service are required to complete this tutorial. For more information, see the [How to manage DHCP in Azure VMware Solution](manage-dhcp.md) article.
+An NSX-T segment (logical switch) and a managed DHCP service are required to complete this tutorial. For more information, see the [How to manage DHCP in Azure VMware Solution](configure-dhcp-l2-stretched-vmware-hcx-networks.md) article.
## Create a content library
azure-vmware Reserved Instance https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-vmware/reserved-instance.md
CSPs can cancel, exchange, or refund reservations, with certain limitations, pur
Now that you've covered reserved instance of Azure VMware Solution, you may want to learn about: - [Creating an Azure VMware Solution assessment](../migrate/how-to-create-azure-vmware-solution-assessment.md).-- [Managing DHCP for Azure VMware Solution](manage-dhcp.md).
+- [Managing DHCP for Azure VMware Solution](configure-dhcp-l2-stretched-vmware-hcx-networks.md).
- [Monitor and manage Azure VMware Solution VMs](lifecycle-management-of-azure-vmware-solution-vms.md).
azure-vmware Tutorial Expressroute Global Reach Private Cloud https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-vmware/tutorial-expressroute-global-reach-private-cloud.md
Title: Peer on-premises environments to Azure VMware Solution
description: Learn how to create ExpressRoute Global Reach peering to a private cloud in Azure VMware Solution. Previously updated : 04/27/2021 Last updated : 05/14/2021 # Peer on-premises environments to Azure VMware Solution
Before you enable connectivity between two ExpressRoute circuits using ExpressRo
- Ensure that all gateways, including the ExpressRoute provider's service, supports 4-byte Autonomous System Number (ASN). Azure VMware Solution uses 4-byte public ASNs for advertising routes.
-## Create an ExpressRoute authorization key in the on-premises ExpressRoute circuit.
+## Create an ExpressRoute auth key in the on-premises ExpressRoute circuit
1. From the **ExpressRoute circuits** blade, under Settings, select **Authorizations**.
azure-vmware Tutorial Nsx T Network Segment https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-vmware/tutorial-nsx-t-network-segment.md
In this tutorial, you created a NSX-T network segment to use for VMs in vCenter.
You can now: -- [Create and manage DHCP for Azure VMware Solution](manage-dhcp.md)
+- [Create and manage DHCP for Azure VMware Solution](configure-dhcp-l2-stretched-vmware-hcx-networks.md)
- [Create a content Library to deploy VMs in Azure VMware Solution](deploy-vm-content-library.md) - [Peer on-premises environments to a private cloud](tutorial-expressroute-global-reach-private-cloud.md)
azure-web-pubsub Howto Develop Create Instance https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-web-pubsub/howto-develop-create-instance.md
The [Azure portal](https://docs.microsoft.com/azure/azure-portal/) is a web-base
| **Subscription** | The Azure subscription under which this new Web PubSub service instance is created. | | **[Resource Group](../azure-resource-manager/management/overview.md)** | Name for the new or existing resource group in which to create your Web PubSub service instance. | | **Location** | Choose a [region](https://azure.microsoft.com/regions/) near you. |
- | **Pricing tier** | Learn more details about [Azure Web PubSub service pricing tiers](https://azure.microsoft.com/pricing/details/web-[pubsub]). |
+ | **Pricing tier** | Learn more details about [Azure Web PubSub service pricing tiers](https://azure.microsoft.com/pricing/details/web-pubsub/). |
| **Unit count** | Unit count specifies how many connections your Web PubSub service instance can accept. Each unit supports 1,000 concurrent connections at most. It is only configurable in the Standard tier. | 1. Select **Create** to start deploying the Web PubSub service instance.
backup Backup Azure Database Postgresql https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/backup/backup-azure-database-postgresql.md
Follow this step-by-step guide to trigger a restore:
## Prerequisite permissions for configure backup and restore
-Azure Backup follows strict security guidelines. Even though it’s a native Azure service, permissions on the resource aren't assumed, and need to be explicitly given by the user. Similarly, credentials to connect to the database aren't stored. This is important to safeguard your data. Instead, we use Azure Active Directory authentication.
+Azure Backup follows strict security guidelines. Even though it's a native Azure service, permissions on the resource aren't assumed, and need to be explicitly given by the user. Similarly, credentials to connect to the database aren't stored. This is important to safeguard your data. Instead, we use Azure Active Directory authentication.
[Download this document](https://download.microsoft.com/download/7/4/d/74d689aa-909d-4d3e-9b18-f8e465a7ebf5/OSSbkpprep_automated.docx) to get an automated script and related instructions. It will grant an appropriate set of permissions to an Azure PostgreSQL server, for backup and restore.
backup Policy Reference https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/backup/policy-reference.md
Title: Built-in policy definitions for Azure Backup description: Lists Azure Policy built-in policy definitions for Azure Backup. These built-in policy definitions provide common approaches to managing your Azure resources. Previously updated : 05/04/2021 Last updated : 05/14/2021
backup Security Controls Policy https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/backup/security-controls-policy.md
Title: Azure Policy Regulatory Compliance controls for Azure Backup description: Lists Azure Policy Regulatory Compliance controls available for Azure Backup. These built-in policy definitions provide common approaches to managing the compliance of your Azure resources. Previously updated : 05/04/2021 Last updated : 05/14/2021
batch Managed Identity Pools https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/batch/managed-identity-pools.md
This topic explains how to enable user-assigned managed identities on Batch pools and how to use managed identities within the nodes. > [!IMPORTANT]
-> Support for Azure Batch pools with user-assigned managed identities is currently in public preview for the following regions: West US 2, South Central US, East US, US Gov Arizona and US Gov Virginia.
+> Support for Azure Batch pools with user-assigned managed identities is currently in public preview.
> This preview version is provided without a service level agreement, and it's not recommended for production workloads. Certain features might not be supported or might have constrained capabilities. > For more information, see [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/).
batch Policy Reference https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/batch/policy-reference.md
Title: Built-in policy definitions for Azure Batch description: Lists Azure Policy built-in policy definitions for Azure Batch. These built-in policy definitions provide common approaches to managing your Azure resources. Previously updated : 05/04/2021 Last updated : 05/14/2021
batch Security Controls Policy https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/batch/security-controls-policy.md
Title: Azure Policy Regulatory Compliance controls for Azure Batch description: Lists Azure Policy Regulatory Compliance controls available for Azure Batch. These built-in policy definitions provide common approaches to managing the compliance of your Azure resources. Previously updated : 05/04/2021 Last updated : 05/14/2021
cognitive-services Spatial Analysis Operations https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/Computer-vision/spatial-analysis-operations.md
This is an example of the DETECTOR_NODE_CONFIG parameters for all Spatial Analys
| `calibration_quality_check_one_round_sample_collect_num` | int | Minimum number of new data samples to collect per round of sample collection. Default is `10`. Only used when `enable_recalibration=True`.| | `calibration_quality_check_queue_max_size` | int | Maximum number of data samples to store when camera model is calibrated. Default is `1000`. Only used when `enable_recalibration=True`.| | `enable_breakpad`| bool | Indicates whether you want to enable breakpad, which is used to generate crash dump for debug use. It is `false` by default. If you set it to `true`, you also need to add `"CapAdd": ["SYS_PTRACE"]` in the `HostConfig` part of container `createOptions`. By default, the crash dump is uploaded to the [RealTimePersonTracking](https://appcenter.ms/orgs/Microsoft-Organization/apps/RealTimePersonTracking/crashes/errors?version=&appBuild=&period=last90Days&status=&errorType=all&sortCol=lastError&sortDir=desc) AppCenter app, if you want the crash dumps to be uploaded to your own AppCenter app, you can override the environment variable `RTPT_APPCENTER_APP_SECRET` with your app's app secret.
+| `enable_orientation` | bool | Indicates whether you want to compute the orientation for the detected people or not. `enable_orientation` is set by default to False. |
## Spatial Analysis operations configuration and output ### Zone configuration for cognitiveservices.vision.spatialanalysis-personcount
This is an example of a JSON input for the SPACEANALYTICS_CONFIG parameter that
| `zones` | list| List of zones. | | `name` | string| Friendly name for this zone.| | `polygon` | list| Each value pair represents the x,y for vertices of polygon. The polygon represents the areas in which people are tracked or counted. The float values represent the position of the vertex relative to the top,left corner. To calculate the absolute x, y values, you multiply these values with the frame size.
+| `target_side` | int| Specifies a side of the zone defined by `polygon` to measure how long people face that side while in the zone. 'dwellTimeForTargetSide' will output that estimated time. Each side is a numbered edge between the two vertices of the polygon that represents your zone. For example, the edge between the first two vertices of the polygon represent first side, 'side'=1. The value of `target_side` is between `[0,N-1]` where `N` is the number of sides of the `polygon`. This is an optional field. |
| `threshold` | float| Events are egressed when the person is greater than this number of pixels inside the zone. The default value is 48 when type is zonecrossing and 16 when time is DwellTime. These are the recommended values to achieve maximum accuracy. | | `type` | string| For **cognitiveservices.vision.spatialanalysis-personcrossingpolygon** this should be `zonecrossing` or `zonedwelltime`.| | `trigger`|string|The type of trigger for sending an event<br>Supported Values: "event": fire when someone enters or exits the zone.|
Sample JSON for detections output by this operation.
| `properties` | collection| Collection of values| | `trackinId` | string| Unique identifier of the person detected| | `status` | string| Direction of line crossings, either 'CrossLeft' or 'CrossRight'. Direction is based on imagining standing at the "start" facing the "end" of the line. CrossRight is crossing from left to right. CrossLeft is crossing from right to left.|
+| `orientationDirection` | string| The orientation direction of the detected person after crossing the line. The value can be 'Left', 'Right, or 'Straight'. This value is output if `enable_orientation` is set to `True` in `DETECTOR_NODE_CONFIG` |
| `zone` | string | The "name" field of the line that was crossed| | Detections Field Name | Type| Description|
Sample JSON for detections output by this operation.
| `region` | collection| Collection of values| | `type` | string| Type of region| | `points` | collection| Top left and bottom right points when the region type is RECTANGLE |
+| `groundOrientationAngle` | float| The clockwise radian angle of the person's orientation on the inferred ground plane |
+| `mappedImageOrientation` | float| The projected clockwise radian angle of the person's orientation on the 2D image space |
+| `speed` | float| The estimated speed of the detected person. The unit is `foot per second (ft/s)`|
| `confidence` | float| Algorithm confidence| | `face_mask` | float | The attribute confidence value with range (0-1) indicates the detected person is wearing a face mask | | `face_nomask` | float | The attribute confidence value with range (0-1) indicates the detected person is **not** wearing a face mask |
Sample JSON for detections output by this operation with `zonedwelltime` type SP
"trackingId": "afcc2e2a32a6480288e24381f9c5d00e", "status": "Exit", "side": "1",
- "durationMs": 7132.0
+ "dwellTime": 7132.0,
+ "dwellFrames": 20
}, "zone": "queuecamera" }
Sample JSON for detections output by this operation with `zonedwelltime` type SP
] }, "confidence": 0.6267998814582825,
- "metadataType": ""
+ "metadataType": "",
+ "metadata": {
+ "groundOrientationAngle": 1.2,
+ "mappedImageOrientation": 0.3,
+ "speed": 1.2
+ },
} ], "schemaVersion": "1.0"
Sample JSON for detections output by this operation with `zonedwelltime` type SP
| `trackinId` | string| Unique identifier of the person detected| | `status` | string| Direction of polygon crossings, either 'Enter' or 'Exit'| | `side` | int| The number of the side of the polygon that the person crossed. Each side is a numbered edge between the two vertices of the polygon that represents your zone. The edge between the first two vertices of the polygon represent first side. 'Side' is empty when the event isn't associated with a specific side due to occlusion. For example, an exit occurred when a person disappears but wasn't seen crossing a side of the zone or an enter occurred when a person appeared in the zone but wasn't seen crossing a side.|
-| `durationMs` | float | The number of milliseconds that represent the time the person spent in the zone. This field is provided when the event type is _personZoneDwellTimeEvent_|
+| `dwellTime` | float | The number of milliseconds that represent the time the person spent in the zone. This field is provided when the event type is personZoneDwellTimeEvent|
+| `dwellFrames` | int | The number of frames that the person spent in the zone. This field is provided when the event type is personZoneDwellTimeEvent|
+| `dwellTimeForTargetSide` | float | The number of milliseconds that represent the time the person spent in the zone and were facing to the `target_side`. This field is provided when `enable_orientation` is `True` in `DETECTOR_NODE_CONFIG ` and the value of `target_side` is set in `SPACEANALYTICS_CONFIG`|
+| `avgSpeed` | float| The average speed of the person in the zone. The unit is `foot per second (ft/s)`|
+| `minSpeed` | float| The minimum speed of the person in the zone. The unit is `foot per second (ft/s)`|
| `zone` | string | The "name" field of the polygon that represents the zone that was crossed| | Detections Field Name | Type| Description|
Sample JSON for detections output by this operation with `zonedwelltime` type SP
| `region` | collection| Collection of values| | `type` | string| Type of region| | `points` | collection| Top left and bottom right points when the region type is RECTANGLE |
+| `groundOrientationAngle` | float| The clockwise radian angle of the person's orientation on the inferred ground plane |
+| `mappedImageOrientation` | float| The projected clockwise radian angle of the person's orientation on the 2D image space |
+| `speed` | float| The estimated speed of the detected person. The unit is `foot per second (ft/s)`|
| `confidence` | float| Algorithm confidence| | `face_mask` | float | The attribute confidence value with range (0-1) indicates the detected person is wearing a face mask | | `face_nomask` | float | The attribute confidence value with range (0-1) indicates the detected person is **not** wearing a face mask |
cognitive-services Speech Container Howto https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/Speech-Service/speech-container-howto.md
Speech containers enable customers to build a speech application architecture th
| Container | Features | Latest | |--|--|--|
-| Speech-to-text | Analyzes sentiment and transcribes continuous real-time speech or batch audio recordings with intermediate results. | 2.11.0 |
-| Custom Speech-to-text | Using a custom model from the [Custom Speech portal](https://speech.microsoft.com/customspeech), transcribes continuous real-time speech or batch audio recordings into text with intermediate results. | 2.11.0 |
-| Text-to-speech | Converts text to natural-sounding speech with plain text input or Speech Synthesis Markup Language (SSML). | 1.13.0 |
+| Speech-to-text | Analyzes sentiment and transcribes continuous real-time speech or batch audio recordings with intermediate results. | 2.12.0 |
+| Custom Speech-to-text | Using a custom model from the [Custom Speech portal](https://speech.microsoft.com/customspeech), transcribes continuous real-time speech or batch audio recordings into text with intermediate results. | 2.12.0 |
+| Text-to-speech | Converts text to natural-sounding speech with plain text input or Speech Synthesis Markup Language (SSML). | 1.14.0 |
| Speech Language Detection | Detect the language spoken in audio files. | 1.0 |
-| Neural Text-to-speech | Converts text to natural-sounding speech using deep neural network technology, allowing for more natural synthesized speech. | 1.5.0 |
+| Neural Text-to-speech | Converts text to natural-sounding speech using deep neural network technology, allowing for more natural synthesized speech. | 1.6.0 |
If you don't have an Azure subscription, create a [free account](https://azure.microsoft.com/free/cognitive-services/) before you begin.
cognitive-services Container Image Tags https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/containers/container-image-tags.md
The [Custom Speech-to-text][sp-cstt] container image can be found on the `mcr.mi
# [Latest version](#tab/current)
-Release note for `2.11.0-amd64`:
+Release note for `2.12.0-amd64`:
-**Fixes**
-* Keep user's inputs case-sensitive.
+Regular monthly release
Note that due to the phrase lists feature, the size of this container image has increased. | Image Tags | Notes | Digest | |-|:|:-|
-| `latest` | | `sha256:bbf23ded55bf61421f673bffa7d97aca5724f782328a80efe43020c9979cd069`|
-| `2.11.0-amd64` | | `sha256:bbf23ded55bf61421f673bffa7d97aca5724f782328a80efe43020c9979cd069`|
+| `latest` | | `sha256:22284b8e38f83a735fc59f466fb5ba138d5c56b9e8f446dc05cbb5ac63a9a31f`|
+| `2.12.0-amd64` | | `sha256:22284b8e38f83a735fc59f466fb5ba138d5c56b9e8f446dc05cbb5ac63a9a31f`|
# [Previous version](#tab/previous)
+Release note for `2.11.0-amd64`:
+
+**Fixes**
+* Keep user's inputs case-sensitive.
+ Release note for `2.10.0-amd64`: Regular monthly release
Release note for `2.5.0-amd64`:
| Image Tags | Notes | |-|:--|
+| `2.11.0-amd64` | |
| `2.10.0-amd64` | | | `2.9.0-amd64` | | | `2.7.0-amd64` | |
The [Custom Text-to-speech][sp-ctts] container image can be found on the `mcr.mi
# [Latest version](#tab/current)
-Release note for `1.13.0-amd64`:
+Release note for `1.14.0-amd64`:
-**Fixes**
-* Keep user's inputs case-sensitive.
+Regular monthly release
-| Image Tags | Notes | Digest |
-|-|:|:-|
-| `latest` | | `sha256:390ff9e4981c798058058e7825cd1e6d173d9d54d66d8fdc450d157cf393aaec` |
-| `1.13.0-amd64` | | `sha256:390ff9e4981c798058058e7825cd1e6d173d9d54d66d8fdc450d157cf393aaec` |
+| Image Tags | Notes | Digest |
+|-|:|:--|
+| `latest` | | `sha256:1c5c56b76de5dd5ae56ad32aa094c5335b82bd4b78ad805767bf3cef68da674b` |
+| `1.14.0-amd64` | | `sha256:1c5c56b76de5dd5ae56ad32aa094c5335b82bd4b78ad805767bf3cef68da674b` |
# [Previous version](#tab/previous)
+Release note for `1.13.0-amd64`:
+
+**Fixes**
+* Keep user's inputs case-sensitive.
+ Release note for `1.12.0-amd64`: Regular monthly release
Release note for `1.7.0-amd64`:
| Image Tags | Notes | |-|:--|
+| `1.13.0-amd64` | |
| `1.12.0-amd64` | | | `1.11.0-amd64` | | | `1.9.0-amd64` | |
Since Speech-to-text v2.5.0, images are supported in the *US Government Virginia
# [Latest version](#tab/current)
-Release note for `2.11.0-amd64-<locale>`:
+Release note for `2.12.0-amd64-<locale>`:
**Feature** * Upgrade to latest models.
-**Fixes**
-* Keep user's inputs case-sensitive.
- Note that due to the phrase lists feature, the size of this container image has increased. | Image Tags | Notes | |-|:--| | `latest` | Container image with the `en-US` locale. |
-| `2.11.0-amd64-<locale>` | Replace `<locale>` with one of the available locales, listed below. For example `2.11.0-amd64-en-us`.|
+| `2.12.0-amd64-<locale>` | Replace `<locale>` with one of the available locales, listed below. For example `2.12.0-amd64-en-us`.|
+
+This container has the following locales available.
+
+| Locale for v2.12.0 | Notes | Digest |
+|--|:--|:--|
+| `ar-ae` | Container image with the `ar-AE` locale. | `sha256:064aac5ddd8344081961be631d8f21787ca031bfb7b80e539393464d7bb45778` |
+| `ar-bh` | Container image with the `ar-BH` locale. | `sha256:e85734b5563b909851f91ee0e6736c1dee90289f97018d594a026a1f29e0ed3e` |
+| `ar-eg` | Container image with the `ar-EG` locale. | `sha256:f4a1047fe225a16d515ab0818393114073979c9eff862ca01c1a8fec6cc5db06` |
+| `ar-iq` | Container image with the `ar-IQ` locale. | `sha256:422f18155a43817448b9db0dfdf87972ede8ffdd75c154251e00df20812da233` |
+| `ar-jo` | Container image with the `ar-JO` locale. | `sha256:6521a7ad179aed7c8305968613d8688afbc20224e9e12e88a90352a36d59f860` |
+| `ar-kw` | Container image with the `ar-KW` locale. | `sha256:064aac5ddd8344081961be631d8f21787ca031bfb7b80e539393464d7bb45778` |
+| `ar-lb` | Container image with the `ar-LB` locale. | `sha256:5aba99800db4709451f9d3cfdbfae38f4f9d33eb1ad582f3734db29adb1a9312` |
+| `ar-om` | Container image with the `ar-OM` locale. | `sha256:96493991234739d6af47b27e00da14b3b380936422d6b91c3c89fcd56252b54d` |
+| `ar-qa` | Container image with the `ar-QA` locale. | `sha256:064aac5ddd8344081961be631d8f21787ca031bfb7b80e539393464d7bb45778` |
+| `ar-sa` | Container image with the `ar-SA` locale. | `sha256:064aac5ddd8344081961be631d8f21787ca031bfb7b80e539393464d7bb45778` |
+| `ar-sy` | Container image with the `ar-SY` locale. | `sha256:5ca200a4f178c222833c425635e5e0bc6c1afe1fd8ed36d79c5057eddb2a896b` |
+| `bg-bg` | Container image with the `bg-BG` locale. | `sha256:20349f5cfdf5b494b7b99fd21919fb1293506af45cfa4deeebe86c685fe148fd` |
+| `ca-es` | Container image with the `ca-ES` locale. | `sha256:2c8157e92e43ef2da62cf0cbdc03789d9212af50e631dcb2f05b15da166ca98c` |
+| `cs-cz` | Container image with the `cs-CZ` locale. | `sha256:b7d7165585c42b71a10a59f56d697c976507d43dd7194497511e9454e30fab5e` |
+| `da-dk` | Container image with the `da-DK` locale. | `sha256:7dce8b535f20be8c950cf03ffa36d2a0596d82cb894d336933ff8e9fdff9a971` |
+| `de-de` | Container image with the `de-DE` locale. | `sha256:a129a9b671f79055d14a94150d47ed466c18c5d0a6309df7a2d3a805683a9cc3` |
+| `el-gr` | Container image with the `el-GR` locale. | `sha256:84d0fa507571051d6879e06882135ab3382b35ea6a28e175e665400047910086` |
+| `en-au` | Container image with the `en-AU` locale. | `sha256:c7901ee73bf87040f2b2f8d811007b6282070a72793214e7473b934b460004c9` |
+| `en-ca` | Container image with the `en-CA` locale. | `sha256:a26b8e87a5d9b0a6ef954770ce1ae6fc0d6bbbf97875274a5610be38e161f80b` |
+| `en-gb` | Container image with the `en-GB` locale. | `sha256:6ad9c80ba0e1f48ecce5112c685b576a4214671a39fd12749eb26c62c49f8e67` |
+| `en-hk` | Container image with the `en-HK` locale. | `sha256:82f8abb2396aede6ab16e67f1c705ef58bd71b269e832ce0c43f1769aad74469` |
+| `en-ie` | Container image with the `en-IE` locale. | `sha256:1daad42be533a5d284e4e7bf75e87b1a09943052e2bbe58e2f085b952c069882` |
+| `en-in` | Container image with the `en-IN` locale. | `sha256:a29eb8e6c72962096d8d281e6f329daacbd92200a2f9a970e522234a5b08ba54` |
+| `en-nz` | Container image with the `en-NZ` locale. | `sha256:9b1273d7610f585cbb1475d83837b671c43c05625b0c73828176dc93fd9982c1` |
+| `en-ph` | Container image with the `en-PH` locale. | `sha256:aacf6d9111493a6fee960b3fe5f87955a1eef04e56e2908e91a7b2ade5a17638` |
+| `en-sg` | Container image with the `en-SG` locale. | `sha256:d47f1fc3235734a4642875442ebef3d73e139d5699c42bee2c252c9534c0cd72` |
+| `en-us` | Container image with the `en-US` locale. | `sha256:3ad65ef9e0a0e496eb80eab187aa2d770c725d84d45689ad570511f5bbac0f2a` |
+| `en-za` | Container image with the `en-ZA` locale. | `sha256:8caba9bea8d794a77b6d674bad1e478d1cc925089bb4cc64f80f7b2a15f8a035` |
+| `es-ar` | Container image with the `es-AR` locale. | `sha256:145b10dddf8600b0ab8c6edc4e262ee0843b3c794ca6fc4fe943d5096597c506` |
+| `es-bo` | Container image with the `es-BO` locale. | `sha256:77475a986862bacbe78f86558771ae04e5a2bd4f2d49cab30151e5a8ba6965fb` |
+| `es-cl` | Container image with the `es-CL` locale. | `sha256:72ecd5fbed1138a433a8d4a4021209b3f481cba2c86e5c9b97bf25595cb52bc7` |
+| `es-co` | Container image with the `es-CO` locale. | `sha256:26d20e889edf08bf54ba2e7434793da41f8830c7a2e238f4e21f398f5a4ba054` |
+| `es-cr` | Container image with the `es-CR` locale. | `sha256:37ec3204a2527659c9bbd9c016eb06ce676f9703a579b4e428b49b3f34917157` |
+| `es-cu` | Container image with the `es-CU` locale. | `sha256:6880436e0d674942dcc38cba4a5fa63e05718959a5f51dcb7e529ecb25b66602` |
+| `es-do` | Container image with the `es-DO` locale. | `sha256:3adab6788008209afd34ccfee95a71cbc85f48ab976ae596dad51c5f8f954936` |
+| `es-ec` | Container image with the `es-EC` locale. | `sha256:50b89dbee77960eb9020bd38194c893cc54ab94edb4f93a0d4c8c9998ad731e2` |
+| `es-es` | Container image with the `es-ES` locale. | `sha256:a2d3f2e3d1c205f87b3ebf0c10d09f74529b658c01362b20889a2a0988c19936` |
+| `es-gt` | Container image with the `es-GT` locale. | `sha256:3c4d7495781eab151843a945a81086163b5db35338017eb232c99893bc14450a` |
+| `es-hn` | Container image with the `es-HN` locale. | `sha256:3289ebe6a3447cec9e66eaf508f2d10fcebba324164a96d85ed02f9bff5585b4` |
+| `es-mx` | Container image with the `es-MX` locale. | `sha256:5c8ac33806a34238e291b5ec55862429415a60883aaaea84a8bf9e3e67ff7963` |
+| `es-ni` | Container image with the `es-NI` locale. | `sha256:5e13ec7acf7160889035041d3237a1b2814749428516a2b3a1843f8d511eb30c` |
+| `es-pa` | Container image with the `es-PA` locale. | `sha256:9c34f23de138039354dc1e7d654bfef6d1290846b6da0136519cd1c77d8671c2` |
+| `es-pe` | Container image with the `es-PE` locale. | `sha256:d726750e523222f12908e7836ef9aa289873eb91026ed4ae08f138f2af279d88` |
+| `es-pr` | Container image with the `es-PR` locale. | `sha256:04b5ecd38ec30d21a55320dc0193c436484a5203a4b2dcf4ac3b75a2ff266eaf` |
+| `es-py` | Container image with the `es-PY` locale. | `sha256:23468dfddb63b20ba394e07841176c4d26d31626ee4e7d453a6ec9a2652f439e` |
+| `es-sv` | Container image with the `es-SV` locale. | `sha256:5a21ffe2d29f1e767634bb28035c44ef8284dd7320fdf22adf638603d6500b6d` |
+| `es-us` | Container image with the `es-US` locale. | `sha256:0c0904e6794e7d84e259923ca8ebe57cfaef7fb195f29e01f322701bb226afaf` |
+| `es-uy` | Container image with the `es-UY` locale. | `sha256:b08612341054b28621d0b462f340aeff03c7064328bbbc3f2dea9c07276bcb10` |
+| `es-ve` | Container image with the `es-VE` locale. | `sha256:96984115e3380c44929bf8cce4b295f9c05d0bf92c1b1d31a87e1a7aaf7eee38` |
+| `et-ee` | Container image with the `et-EE` locale. | `sha256:36f02ef75ce7f09b4ffbf06e5c61a59e9066a503017a7f845f0636bc139d2ac9` |
+| `fi-fi` | Container image with the `fi-FI` locale. | `sha256:05c16cd1d888c707e985d59f187621491c77a4cd5997ac71c49beaa6c86f39f8` |
+| `fr-ca` | Container image with the `fr-CA` locale. | `sha256:2e181fc9260f4c85b5dee67379b22bc8031a24d902a810367f4c13cb5282c9f9` |
+| `fr-fr` | Container image with the `fr-FR` locale. | `sha256:2a580f39f788e4459e0a3c544bca6724bc3f7b6e9aa64e9ddaf53675d211de7c` |
+| `ga-ie` | Container image with the `ga-IE` locale. | `sha256:70e820e105ce6897c22260af841ec4049afa83bae5ef1299cbf7b5f7bb820c3c` |
+| `gu-in` | Container image with the `gu-IN` locale. | `sha256:c7c2cfd2090c0658eba6e6da6bf1b4b2649873893c6efa5d0985b7ba6923353a` |
+| `hi-in` | Container image with the `hi-IN` locale. | `sha256:4cace269d6116cc2ca726239150651d2602ae33d95f91b5f76d75c8e9dcacce3` |
+| `hr-hr` | Container image with the `hr-HR` locale. | `sha256:aaf72098d1fa79438f79472470ea3399c29c32b948091a4689e13361c560a913` |
+| `hu-hu` | Container image with the `hu-HU` locale. | `sha256:122f2123913e5869801458cd1c89605c2caba15e02b8c66b61b48d47969c86bc` |
+| `it-it` | Container image with the `it-IT` locale. | `sha256:847c1b0b521c2382b1ca1fd2c50b12ba92e1336f8fb99627ef8e015b32865bac` |
+| `ja-jp` | Container image with the `ja-JP` locale. | `sha256:1b8c5e699197b7327dc027e2358ff04c97dbd3570d1523c8d64f3db18599c6ba` |
+| `ko-kr` | Container image with the `ko-KR` locale. | `sha256:38b722e2e4f6479f560af3da727dd29010e8d0d05d3f368cf2f55eb939b3155c` |
+| `lt-lt` | Container image with the `lt-LT` locale. | `sha256:5064a002072625b6277b479e3681ee305f567bffd16437ad631b60ba5646d494` |
+| `lv-lv` | Container image with the `lv-LV` locale. | `sha256:feed8608f89a233d01f1611144aa4619651ae34e7667938aebf91488f9f7c95d` |
+| `mr-in` | Container image with the `mr-IN` locale. | `sha256:51ccd73028e6fe0ea87e3fb16a1380079cc35e89817897ce05b4c3609d92cd1b` |
+| `mt-mt` | Container image with the `mt-MT` locale. | `sha256:ce8a8c0edf2a69f6f3cc1e97d55ca9780ddc693c23e4fddda07e15bdf5ae0325` |
+| `nb-no` | Container image with the `nb-NO` locale. | `sha256:48020e478248404af4353e6a1bcfd587362d347f82a26235b6074f24fa7bda94` |
+| `nl-nl` | Container image with the `nl-NL` locale. | `sha256:d6e95e09b39acff519e5a9cbacc4428b63099f09233e3ec4da4df0b2542691e0` |
+| `pl-pl` | Container image with the `pl-PL` locale. | `sha256:37f2514d5a6e92edc5b4e617a29f35081b19b007a5608b8ebfeb8cd73f396c46` |
+| `pt-br` | Container image with the `pt-BR` locale. | `sha256:99a610bf2011fba1a6019122bbe1e12a4f62fa83134d27bfbb8b29ebcafdf548` |
+| `pt-pt` | Container image with the `pt-PT` locale. | `sha256:14dff7b99958456911addc6cdbb2d949815d2f7f46379603cfbdb7b8a0fbb91b` |
+| `ro-ro` | Container image with the `ro-RO` locale. | `sha256:47bc1aa59c06d86dd23c1fc23522860ec36e598f8438e8212a1a1d2617918415` |
+| `ru-ru` | Container image with the `ru-RU` locale. | `sha256:4e414bcfef5014e280eb59a0f5b71c921fe3c555be73d94e4023682844178b52` |
+| `sk-sk` | Container image with the `sk-SK` locale. | `sha256:65dcb88c8cbaa9fdf2a0d7daf33e479db924448334f7cd0f17c542f9e8462313` |
+| `sl-si` | Container image with the `sl-SI` locale. | `sha256:8066547ed0a2571ba2d26b34b72691ad9c5cb66cf0fbe4464af971199abd9bf7` |
+| `sv-se` | Container image with the `sv-SE` locale. | `sha256:a9bb856066653abe1458ac7dae12c968a40834fb75d8047ad74d9c15f7df62ed` |
+| `ta-in` | Container image with the `ta-IN` locale. | `sha256:60339700f76a17d77753659c2895f9fe5c40574641d5530cb482ed4575c59ff1` |
+| `te-in` | Container image with the `te-IN` locale. | `sha256:8d05d03fb0fe03eb9ff499d81c1bbf8932848de6d723b66b32eb6ed970225ce6` |
+| `th-th` | Container image with the `th-TH` locale. | `sha256:5d02087aa366829162098d21efb084724d3a5b8d72a8815c45de5e2017f9368c` |
+| `tr-tr` | Container image with the `tr-TR` locale. | `sha256:0d7198cde7eba3500caa153e869d14ce0ad07568416dfd69108dc5793106e3ec` |
+| `zh-cn` | Container image with the `zh-CN` locale. | `sha256:27ad0c04c41eadb445bab067cb14f84ede08a09ac9ba44bca163f2af89b8a5c2` |
+| `zh-hk` | Container image with the `zh-HK` locale. | `sha256:7b816c7e753684e5f886de43ca7630c0b52f47e704e2c7e50581ff2bca138703` |
+| `zh-tw` | Container image with the `zh-TW` locale. | `sha256:fb3d06558c1a479377324ed689f13519f5df4a6283b2933401aec3e2a2b0b25a` |
++
+# [Previous version](#tab/previous)
+
+Release note for `2.11.0-amd64-<locale>`:
+
+**Feature**
+* Upgrade to latest models.
+
+**Fixes**
+* Keep user's inputs case-sensitive.
+
+Release note for `2.10.0-amd64-<locale>`:
+
+**Feature**
+* Upgrade to latest models.
+
+Release note for `2.9.0-amd64-<locale>`:
+
+**Feature**
+* More error details for issues when fetching custom models by ID.
+* Hypothesis is supported in conversation results by default.
+
+Release note for `2.7.0-amd64-<locale>`:
+
+**Features**
+* Support for the following new locales:
+ * ar-bh, ar-iq, ar-jo, ar-lb, ar-om, ar-sy
+ * bg-bg
+ * el-gr
+ * en-hk, en-ie, en-ph, en-sg, en-za
+ * es-ar, es-bo, es-cl, es-co, es-cr, es-cu, es-do, es-ec, es-gt, es-pa, es-pe, es-pr, es-py, es-sv, es-us, es-uy, es-ve
+ * et-ee
+ * ga-ie
+ * hr-hr
+ * hu-hu
+ * lt-lt
+ * lv-lv
+ * mt-mt
+ * ro-ro
+ * sk-sk
+ * sl-sl
+* Punctuation is enabled by default.
+
+Note that due to the included phrase lists, the size of this container image has increased.
+
+Release note for `2.6.0-amd64-<locale>`:
+
+**Features**
+* Upgraded to latest models and fully migrated to .NET 3.1
+* Support for phraselist v2
+* Phrase lists are supported in the following locales:
+ * en-au
+ * en-ca
+ * en-gb
+ * en-in
+ * en-us
+ * zh-cn
+* Support for new locale `cs-CZ`
+ * Capitalization and punctuation are currently not supported.
+
+**Fixes**
+* Fixes an issue where confidence scores were always 1 in Diarization mode
+* Migrated use the TextAnalytics 3.0 API
+
+Note that due to the included phrase lists, the size of this container image has increased.
+
+Release note for `2.5.0-amd64-<locale>`:
+
+**Features**
+* Support for Azure US Government Cloud
+
+**Fixes**
+* Fixes an issue with running as a non-root user in Diarization mode
+
+| Image Tags | Notes |
+|--|:--|
+| `2.11.0-amd64-<locale>` | Replace `<locale>` with one of the available locales, listed below. For example `2.11.0-amd64-en-us`.|
+| `2.10.0-amd64-<locale>` | Replace `<locale>` with one of the available locales, listed below. For example `2.10.0-amd64-en-us`.|
+| `2.9.0-amd64-<locale>` | Replace `<locale>` with one of the available locales, listed below. For example `2.9.0-amd64-en-us`. |
+| `2.7.0-amd64-<locale>` | Replace `<locale>` with one of the available locales, listed below. For example `2.7.0-amd64-en-us`. |
+| `2.6.0-amd64-<locale>` | Replace `<locale>` with one of the available locales, listed below. For example `2.6.0-amd64-en-us`. |
+| `2.5.0-amd64-<locale>` | Replace `<locale>` with one of the available locales, listed below. For example `2.5.0-amd64-en-us`. |
+ This container has the following locales available.
This container has the following locales available.
| `zh-hk` | Container image with the `zh-HK` locale. | `sha256:41bc980abe79cd69034a8ade2be203478b531a00f5e74b1f7b8f9c5267700261` | | `zh-tw` | Container image with the `zh-TW` locale. | `sha256:51a50a7fcd5a9db6422235a2df0e8fba360efcd3cefee9abe44ab2cdce62088f` | -
-# [Previous version](#tab/previous)
-
-Release note for `2.10.0-amd64-<locale>`:
-
-**Feature**
-* Upgrade to latest models.
-
-Release note for `2.9.0-amd64-<locale>`:
-
-**Feature**
-* More error details for issues when fetching custom models by ID.
-* Hypothesis is supported in conversation results by default.
-
-Release note for `2.7.0-amd64-<locale>`:
-
-**Features**
-* Support for the following new locales:
- * ar-bh, ar-iq, ar-jo, ar-lb, ar-om, ar-sy
- * bg-bg
- * el-gr
- * en-hk, en-ie, en-ph, en-sg, en-za
- * es-ar, es-bo, es-cl, es-co, es-cr, es-cu, es-do, es-ec, es-gt, es-pa, es-pe, es-pr, es-py, es-sv, es-us, es-uy, es-ve
- * et-ee
- * ga-ie
- * hr-hr
- * hu-hu
- * lt-lt
- * lv-lv
- * mt-mt
- * ro-ro
- * sk-sk
- * sl-sl
-* Punctuation is enabled by default.
-
-Note that due to the included phrase lists, the size of this container image has increased.
-
-Release note for `2.6.0-amd64-<locale>`:
-
-**Features**
-* Upgraded to latest models and fully migrated to .NET 3.1
-* Support for phraselist v2
-* Phrase lists are supported in the following locales:
- * en-au
- * en-ca
- * en-gb
- * en-in
- * en-us
- * zh-cn
-* Support for new locale `cs-CZ`
- * Capitalization and punctuation are currently not supported.
-
-**Fixes**
-* Fixes an issue where confidence scores were always 1 in Diarization mode
-* Migrated use the TextAnalytics 3.0 API
-
-Note that due to the included phrase lists, the size of this container image has increased.
-
-Release note for `2.5.0-amd64-<locale>`:
-
-**Features**
-* Support for Azure US Government Cloud
-
-**Fixes**
-* Fixes an issue with running as a non-root user in Diarization mode
-
-| Image Tags | Notes |
-|--|:--|
-| `2.10.0-amd64-<locale>` | Replace `<locale>` with one of the available locales, listed below. For example `2.10.0-amd64-en-us`.|
-| `2.9.0-amd64-<locale>` | Replace `<locale>` with one of the available locales, listed below. For example `2.9.0-amd64-en-us`. |
-| `2.7.0-amd64-<locale>` | Replace `<locale>` with one of the available locales, listed below. For example `2.7.0-amd64-en-us`. |
-| `2.6.0-amd64-<locale>` | Replace `<locale>` with one of the available locales, listed below. For example `2.6.0-amd64-en-us`. |
-| `2.5.0-amd64-<locale>` | Replace `<locale>` with one of the available locales, listed below. For example `2.5.0-amd64-en-us`. |
--
-This container has the following locales available.
- | Locale for v2.10.0 | Notes | Digest | |--|:--|:--| | `ar-ae` | Container image with the `ar-AE` locale. | `sha256:f81f6c53e8ca9c3ae10c335ad45054cea571eca2f4ab32e44e13445936ce3f17` |
This container image has the following tags available. You can also find a full
# [Latest version](#tab/current)
-Release note for `1.13.0-amd64-<locale-and-voice>`:
+Release note for `1.14.0-amd64-<locale-and-voice>`:
**Feature** * Upgrade to latest models.
Release note for `1.13.0-amd64-<locale-and-voice>`:
| Image Tags | Notes | ||:--| | `latest` | Container image with the `en-US` locale and `en-US-AriaRUS` voice. |
+| `1.14.0-amd64-<locale-and-voice>` | Replace `<locale>` with one of the available locales, listed below. For example `1.14.0-amd64-en-us-ariarus`. |
+
+| Locales for v1.14.0 | Notes | Digest |
+||:|:-|
+| `ar-eg-hoda` | Container image with the `ar-EG` locale and `ar-EG-Hoda` voice. | `sha256:51042fcb326406ae8fc436ad1b33727767c6240f441bd9e0d92b3fe8cb9a0f71` |
+| `ar-sa-naayf` | Container image with the `ar-SA` locale and `ar-SA-Naayf` voice. | `sha256:568eabb3cb2de77a44945837d04c065d8b6401e703ce9280d956dcced9df6651` |
+| `bg-bg-ivan` | Container image with the `bg-BG` locale and `bg-BG-Ivan` voice. | `sha256:4c093284e6df02d7738e5c009f36ab13655c680bff4c00b3a4a2bd99bfa39a8b` |
+| `ca-es-herenarus` | Container image with the `ca-ES` locale and `ca-ES-HerenaRUS` voice. | `sha256:168f1431f162465bc4ece78bbe7f3a3687d9dba7f008a809cc3b5823c8d002c8` |
+| `cs-cz-jakub` | Container image with the `cs-CZ` locale and `cs-CZ-Jakub` voice. | `sha256:ee8d7392a81a0ba98537816ba5ceee0c6db2017ea49b33d7eace62a92967a6e8` |
+| `da-dk-hellerus` | Container image with the `da-DK` locale and `da-DK-HelleRUS` voice. | `sha256:36e90323b657d8e525d3b9c047522dc9837d582adf09b4761de9f191680f9a96` |
+| `de-at-michael` | Container image with the `de-AT` locale and `de-AT-Michael` voice. | `sha256:0b5a63f842ddfe0f67c9abc22caa749c6710b978d854bec605e1c0591160645b` |
+| `de-ch-karsten` | Container image with the `de-CH` locale and `de-CH-Karsten` voice. | `sha256:9a95dfc74a5f5f05ba12cb148ad31b7c02ea858faeb4a776fd65b5cc51643a9f` |
+| `de-de-heddarus` | Container image with the `de-DE` locale and `de-DE-Hedda` voice. | `sha256:6302ea75b945fe1772b096dbd2b29d3ec1cd98b13365031f2064b7b6ab43fe6e` |
+| `de-de-hedda` | Container image with the `de-DE` locale and `de-DE-Hedda` voice. | `sha256:6302ea75b945fe1772b096dbd2b29d3ec1cd98b13365031f2064b7b6ab43fe6e` |
+| `de-de-stefan-apollo` | Container image with the `de-DE` locale and `de-DE-Stefan-Apollo` voice. | `sha256:dea531d183eb4e6b6fdf7c09afe1b83f6af39f612f543975358b273b9a725297` |
+| `el-gr-stefanos` | Container image with the `el-GR` locale and `el-GR-Stefanos` voice. | `sha256:fe132ffc0c3688c9602d5d75038ce31a87fd3f98efe18dc05f55f16cbbaebc4a` |
+| `en-au-catherine` | Container image with the `en-AU` locale and `en-AU-Catherine` voice. | `sha256:47149b26fbdb4dabd6e605302ddbcb6682576d25e4f0d6cd35d55f264c22d8e9` |
+| `en-au-hayleyrus` | Container image with the `en-AU` locale and `en-AU-HayleyRUS` voice. | `sha256:0b817be772baba1cedcfa77a75d38c5eff6c846868f85eb0fe7504e4bd6cde92` |
+| `en-ca-heatherrus` | Container image with the `en-CA` locale and `en-CA-HeatherRUS` voice. | `sha256:d59bb06fed865ca7850c419612a4485379a59a1f8631284047654b763e1678b7` |
+| `en-ca-linda` | Container image with the `en-CA` locale and `en-CA-Linda` voice. | `sha256:bf2e142ab852622562e77135a5ef3b52ed0b5a23a62f8104d6f299a4f741b3f7` |
+| `en-gb-george-apollo` | Container image with the `en-GB` locale and `en-GB-George-Apollo` voice. | `sha256:1e66a01f064f860879296173e69f9390c9d4e3a85ee303990df4b6fd9d3874ba` |
+| `en-gb-hazelrus` | Container image with the `en-GB` locale and `en-GB-HazelRUS` voice. | `sha256:19e76f8b8b85262ad4dc5892a03cb973f48ed9914324e68985b66201726bb400` |
+| `en-gb-susan-apollo` | Container image with the `en-GB` locale and `en-GB-Susan-Apollo` voice. | `sha256:4c4e2e5faf74cc0f55b7081f68c24d88206eb989e0ca4c416d0d9c6b24bbd1bc` |
+| `en-ie-sean` | Container image with the `en-IE` locale and `en-IE-Sean` voice. | `sha256:d771436bd543bd5500a94205cd047e084cb43081829fcc22ee67c285b0ac06f0` |
+| `en-in-heera-apollo` | Container image with the `en-IN` locale and `en-IN-Heera-Apollo` voice. | `sha256:bdbb8fedfb129cb5822f1442f9b6c3ccc1054660d33aba29caf464a2b8174423` |
+| `en-in-priyarus` | Container image with the `en-IN` locale and `en-IN-PriyaRUS` voice. | `sha256:b16a0f8e7af04af2f6c849cbcd8f7de75b105fce9d68c98e3038c9d93ab07767` |
+| `en-in-ravi-apollo` | Container image with the `en-IN` locale and `en-IN-Ravi-Apollo` voice. | `sha256:72a6cd4dee54518a1fdb02998861ca5b6c3cda74ceffce0929d911de98fa054b` |
+| `en-us-aria24krus` | Container image with the `en-US` locale and `en-US-Aria24kRUS` voice. | `sha256:21be092ed49a687b86dec15349201b9cfab323a68879cfee4a70d063368c06d9` |
+| `en-us-ariarus` | Container image with the `en-US` locale and `en-US-AriaRUS` voice. | `sha256:21be092ed49a687b86dec15349201b9cfab323a68879cfee4a70d063368c06d9` |
+| `en-us-benjaminrus` | Container image with the `en-US` locale and `en-US-BenjaminRUS` voice. | `sha256:64aa702fdb963721dfbef0b425d400f2e10159b8e261048f7a81c962ed80acdc` |
+| `en-us-guy24krus` | Container image with the `en-US` locale and `en-US-Guy24kRUS` voice. | `sha256:fefd0b03bc10493e99c2bd4a65b50aed0b585714fa3169dfe6ecfd63e2f41605` |
+| `en-us-zirarus` | Container image with the `en-US` locale and `en-US-ZiraRUS` voice. | `sha256:65d8cc26d1b514a04adaf17d603edfa81fead9b456a6f5bef3cec80f09bef2f4` |
+| `es-es-helenarus` | Container image with the `es-ES` locale and `es-ES-HelenaRUS` voice. | `sha256:5e894da2609c367d97782c2e3cf0248dc83758bcebf2114106ba2465638e1beb` |
+| `es-es-laura-apollo` | Container image with the `es-ES` locale and `es-ES-Laura-Apollo` voice. | `sha256:6224461121515e5fa5668a93601b790a784c9ea049feae56c6ce4241a6ba9f5e` |
+| `es-es-pablo-apollo` | Container image with the `es-ES` locale and `es-ES-Pablo-Apollo` voice. | `sha256:1a15fac1dfcbca48381882e9b77c0728d080f48ca05eb441c92efb22f1b539e0` |
+| `es-mx-hildarus` | Container image with the `es-MX` locale and `es-MX-HildaRUS` voice. | `sha256:857d8d3c3f2117f7088b232413eecd188feb6d61cabfc068573c884de0c36cc4` |
+| `es-mx-raul-apollo` | Container image with the `es-MX` locale and `es-MX-Raul-Apollo` voice. | `sha256:4aabd28e70e24fe40c3957b62b8f303f29d9e314c2dab8e622b7488ff74965ee` |
+| `fi-fi-heidirus` | Container image with the `fi-FI` locale and `fi-FI-HeidiRUS` voice. | `sha256:191f7e12c71b6080d9e8bbd556cda66d2c41ac1f6cd795607e04d4f562978345` |
+| `fr-ca-caroline` | Container image with the `fr-CA` locale and `fr-CA-Caroline` voice. | `sha256:76203efca3906dc2a1e11382446b4f043ff522c43914fc45b67bb47266d924a0` |
+| `fr-ca-harmonierus` | Container image with the `fr-CA` locale and `fr-CA-HarmonieRUS` voice. | `sha256:6755c93fd4a71417884561089e8e3d1a0ea5162ff2b07cbe66c588040e6dd5bd` |
+| `fr-ch-guillaume` | Container image with the `fr-CH` locale and `fr-CH-Guillaume` voice. | `sha256:8fb69cd140aa39a93d0fd80dc714f00864b04be3179d5b48012bec5484465f11` |
+| `fr-fr-hortenserus` | Container image with the `fr-FR` locale and `fr-FR-HortenseRUS` voice. | `sha256:37117f9c814bb4f1cb4e112bed9fbf9f1146e94043e51576fa0b05aa15601573` |
+| `fr-fr-julie-apollo` | Container image with the `fr-FR` locale and `fr-FR-Julie-Apollo` voice. | `sha256:75978e6959445e02127505ec7972cc54aa504234326888a1bbff48d12e7672cb` |
+| `fr-fr-paul-apollo` | Container image with the `fr-FR` locale and `fr-FR-Paul-Apollo` voice. | `sha256:e003ac4732053ee049c1429b149591499dcd4716d3aad23e2732355beb5a3058` |
+| `he-il-asaf` | Container image with the `he-IL` locale and `he-IL-Asaf` voice. | `sha256:8eb007717e34e47f812569893333d5a3e97a7fad53498432d4979a0e3824c1c3` |
+| `hi-in-hemant` | Container image with the `hi-IN` locale and `hi-IN-Hemant` voice. | `sha256:533b3d9a9f15419d906e78b92c9e6e2ec442c12e8e3d012e0801422d04b63709` |
+| `hi-in-kalpana-apollo` | Container image with the `hi-IN` locale and `hi-IN-Kalpana-Apollo` voice. | `sha256:2287a4963f0db435e7f4a0f85bc68ac17d8923bb6acd568153bb4e3181aa155a` |
+| `hi-in-kalpana` | Container image with the `hi-IN` locale and `hi-IN-Kalpana` voice. | `sha256:2287a4963f0db435e7f4a0f85bc68ac17d8923bb6acd568153bb4e3181aa155a` |
+| `hr-hr-matej` | Container image with the `hr-HR` locale and `hr-HR-Matej` voice. | `sha256:6ad69e9f8de0d76b7c899ed0524129aaa66c6227a8b4eb3fe1d2a42ce4e10515` |
+| `hu-hu-szabolcs` | Container image with the `hu-HU` locale and `hu-HU-Szabolcs` voice. | `sha256:a60f64d59b54fc1070db76ceaf583fa914cbc5a2806ba98f6d4fb2055c5a11b4` |
+| `id-id-andika` | Container image with the `id-ID` locale and `id-ID-Andika` voice. | `sha256:4ceb3fdb5ae32845b5d8d512b5042c54e83c00ab3eec0a605668c0dc03cadcd5` |
+| `it-it-cosimo-apollo` | Container image with the `it-IT` locale and `it-IT-Cosimo-Apollo` voice. | `sha256:7498b4a7b5eb2cd1a626e4adece8469b8eefc6b5f1efc43e7cd4f207938fca1f` |
+| `it-it-luciarus` | Container image with the `it-IT` locale and `it-IT-LuciaRUS` voice. | `sha256:8b4143c9d639aab14e000271cba0d1be87a0fb7f19b4c6cdcb37104d329f59c6` |
+| `ja-jp-ayumi-apollo` | Container image with the `ja-JP` locale and `ja-JP-Ayumi-Apollo` voice. | `sha256:aa3d365e1e5f4cdb52002589599d3e88b3298db8652b6cd9e63c7095838460ae` |
+| `ja-jp-harukarus` | Container image with the `ja-JP` locale and `ja-JP-HarukaRUS` voice. | `sha256:8c5f06028f97934a2022af3b30a8691038d3ad9173a5cb2298bb461b46c8a58a` |
+| `ja-jp-ichiro-apollo` | Container image with the `ja-JP` locale and `ja-JP-Ichiro-Apollo` voice. | `sha256:a1d84e27829a5e9f22c244ec181f6eda39db1ffeec0d78e5bcb128a012c0ab54` |
+| `ko-kr-heamirus` | Container image with the `ko-KR` locale and `ko-KR-HeamiRUS` voice. | `sha256:0ab1b70a226517a2d5547912a9d34865914b1271e9c7489e32aec5cf3d46489d` |
+| `ms-my-rizwan` | Container image with the `ms-MY` locale and `ms-MY-Rizwan` voice. | `sha256:95cea6795eb02919f742f09f591e5c670852ea4175e108f3c6c3b33cb2742694` |
+| `nb-no-huldarus` | Container image with the `nb-NO` locale and `nb-NO-HuldaRUS` voice. | `sha256:a179563ef1d0c562323e22cd9bdfcb932728f418beecc05207b0df2b8e95bad6` |
+| `nl-nl-hannarus` | Container image with the `nl-NL` locale and `nl-NL-HannaRUS` voice. | `sha256:d8932c474fd8b78a0c87a9827ae50eff2329c155e2dd33f52dfba582292ba1d2` |
+| `pl-pl-paulinarus` | Container image with the `pl-PL` locale and `pl-PL-PaulinaRUS` voice. | `sha256:5035ac81ee98cf5df695dbde623d5d7957d64cfaba9d0f3acd77204ef4b441ab` |
+| `pt-br-daniel-apollo` | Container image with the `pt-BR` locale and `pt-BR-Daniel-Apollo` voice. | `sha256:762463e1d6e51624558ca663702a92126f6d7faf2091b4af12ad0d3bbf703044` |
+| `pt-br-heloisarus` | Container image with the `pt-BR` locale and `pt-BR-HeloisaRUS` voice. | `sha256:c34ef2b1d489d9c695073884bfb59ae1e7c54944bfc1fb9b3a05476b9ca9f60a` |
+| `pt-pt-heliarus` | Container image with the `pt-PT` locale and `pt-PT-HeliaRUS` voice. | `sha256:88fb5d5c2f90bb07fe49dfa7779f4b559e5a738fe9819728ed4b01e03f029bd1` |
+| `ro-ro-andrei` | Container image with the `ro-RO` locale and `ro-RO-Andrei` voice. | `sha256:d24def1774d8cd5f2faaa223ce35e005c5ba664636b2cc7699e8ad490b3316b7` |
+| `ru-ru-ekaterinarus` | Container image with the `ru-RU` locale and `ru-RU-EkaterinaRUS` voice. | `sha256:d177af9d804bc956d2b7a9de707330cecb7895f5a32ade4d201e48477a479936` |
+| `ru-ru-irina-apollo` | Container image with the `ru-RU` locale and `ru-RU-Irina-Apollo` voice. | `sha256:12fe246c090bfc789b4622613a5835edc9e1c06b48c248252b0da4dbf996e864` |
+| `ru-ru-pavel-apollo` | Container image with the `ru-RU` locale and `ru-RU-Pavel-Apollo` voice. | `sha256:35418d54084bbd25101e1a7f0a6f4280b6d4aa2e8c1ba562b9a3c0a6acfa0410` |
+| `sk-sk-filip` | Container image with the `sk-SK` locale and `sk-SK-Filip` voice. | `sha256:256a25e505bda3c2f392471b3996a5f2d3cf2eb9d14421322c56223095bffd91` |
+| `sl-si-lado` | Container image with the `sl-SI` locale and `sl-SI-Lado` voice. | `sha256:8085a021a30be2e30d51a76b18e0f31be083deb0fb19883f7668ce56a5bcddb1` |
+| `sv-se-hedvigrus` | Container image with the `sv-SE` locale and `sv-SE-HedvigRUS` voice. | `sha256:1db0e26b958662ca2db3cc8129130d55f1ad289ab9a10d41ffac3ababc3bd7b4` |
+| `ta-in-valluvar` | Container image with the `ta-IN` locale and `ta-IN-Valluvar` voice. | `sha256:d1ed46e3db9888aad0a3399404ecba46738c4583d76b3522406e4f36d9065615` |
+| `te-in-chitra` | Container image with the `te-IN` locale and `te-IN-Chitra` voice. | `sha256:d927aed4c64e093f913471352df0d036c30eb7f72f743df75d7293e9eba88bef` |
+| `th-th-pattara` | Container image with the `th-TH` locale and `th-TH-Pattara` voice. | `sha256:2d830fe71c4f00642e62245b84849bda947d6702ddbab45e69c8f94c985e0c92` |
+| `tr-tr-sedarus` | Container image with the `tr-TR` locale and `tr-TR-SedaRUS` voice. | `sha256:6aa7fd59cff4b43ddaa8437d319f3e56ba8a8c24f9363c783aa6a7454d382a68` |
+| `vi-vn-an` | Container image with the `vi-VN` locale and `vi-VN-An` voice. | `sha256:612963bbe3fb81907c6eac34ead489430a07d5c6389f30be5fc5c59143e228dd` |
+| `zh-cn-huihuirus` | Container image with the `zh-CN` locale and `zh-CN-HuihuiRUS` voice. | `sha256:54a32e8ef08d57f841be6ee4c700a448bf80033e9931a6c7560e4f3fdb0ab6d0` |
+| `zh-cn-kangkang-apollo` | Container image with the `zh-CN` locale and `zh-CN-Kangkang-Apollo` voice. | `sha256:e9d8f52eae02bedbd0cbfdf2da02cf8dc63d4cf04bfea7d76c15fffe40d120a7` |
+| `zh-cn-yaoyao-apollo` | Container image with the `zh-CN` locale and `zh-CN-Yaoyao-Apollo` voice. | `sha256:2c4a86a91913edd06eaf01d4b1145eeb429616ccb7496b0b4197d5a8f0b3793a` |
+| `zh-hk-danny-apollo` | Container image with the `zh-HK` locale and `zh-HK-Danny-Apollo` voice. | `sha256:140d2cc1a4ffe7b1911254c39870727916c1544776bb7c406a7b6d8d9fed0ad6` |
+| `zh-hk-tracy-apollo` | Container image with the `zh-HK` locale and `zh-HK-Tracy-Apollo` voice. | `sha256:98025d5a58b1b7c367d7be4c285b4b602eb2819a203b090f48a6869aa7367ce4` |
+| `zh-hk-tracyrus` | Container image with the `zh-HK` locale and `zh-HK-TracyRUS` voice. | `sha256:98025d5a58b1b7c367d7be4c285b4b602eb2819a203b090f48a6869aa7367ce4` |
+| `zh-tw-hanhanrus` | Container image with the `zh-TW` locale and `zh-TW-HanHanRUS` voice. | `sha256:fc3ff023277fdc04cc879ba66e3daf9fdc4affcfdb79503597893e8227105c1a` |
+| `zh-tw-yating-apollo` | Container image with the `zh-TW` locale and `zh-TW-Yating-Apollo` voice. | `sha256:365693135e6fcc62f68d7bfc92e1dca1662dce31901e5833f7062f517b8bd2b9` |
+| `zh-tw-zhiwei-apollo` | Container image with the `zh-TW` locale and `zh-TW-Zhiwei-Apollo` voice. | `sha256:1a01b3470bd1298a6c323a121f4776de07e3747e6fe8e42af4be4845ab0a9b10` |
++
+# [Previous version](#tab/previous)
+
+Release note for `1.13.0-amd64-<locale-and-voice>`:
+
+**Feature**
+* Upgrade to latest models.
+
+Release note for `1.12.0-amd64-<locale-and-voice>`:
+
+**Feature**
+* Upgrade to latest models.
+
+Release note for `1.11.0-amd64-<locale-and-voice>`:
+
+**Feature**
+* More error details for issues when fetching custom models by ID.
+
+Release note for `1.9.0-amd64-<locale-and-voice>`:
+
+* Regular monthly release
+
+Release note for `1.8.0-amd64-<locale-and-voice>`:
+
+**Feature**
+
+* Fully migrated to .NET 3.1
+
+Release note for `1.7.0-amd64-<locale-and-voice>`:
+
+**Feature**
+
+* Upgraded components to .NET 3.1
+
+| Image Tags | Notes |
+||:--|
| `1.13.0-amd64-<locale-and-voice>` | Replace `<locale>` with one of the available locales, listed below. For example `1.13.0-amd64-en-us-ariarus`. |
+| `1.12.0-amd64-<locale-and-voice>` | Replace `<locale>` with one of the available locales, listed below. For example `1.12.0-amd64-en-us-ariarus`. |
+| `1.11.0-amd64-<locale-and-voice>` | Replace `<locale>` with one of the available locales, listed below. For example `1.11.0-amd64-en-us-ariarus`. |
+| `1.9.0-amd64-<locale-and-voice>` | Replace `<locale>` with one of the available locales, listed below. For example `1.9.0-amd64-en-us-ariarus`. |
+| `1.8.0-amd64-<locale-and-voice>` | Replace `<locale>` with one of the available locales, listed below. For example `1.8.0-amd64-en-us-ariarus`. |
+| `1.7.0-amd64-<locale-and-voice>` | 1st GA version. Replace `<locale>` with one of the available locales, listed below. For example `1.7.0-amd64-en-us-ariarus`. |
| Locales for v1.13.0 | Notes | Digest | ||:|:-|
Release note for `1.13.0-amd64-<locale-and-voice>`:
| `zh-tw-yating-apollo` | Container image with the `zh-TW` locale and `zh-TW-Yating-Apollo` voice. | `sha256:bb0696685f3a90fe6898ff1487cb0c5957e02f3c63cdb7d02394b5c061339bf3` | | `zh-tw-zhiwei-apollo` | Container image with the `zh-TW` locale and `zh-TW-Zhiwei-Apollo` voice. | `sha256:1772b3bc8b166f429356b00d07ca438202c75d578b6d1655351b9c1e06ae1424` | -
-# [Previous version](#tab/previous)
-
-Release note for `1.12.0-amd64-<locale-and-voice>`:
-
-**Feature**
-* Upgrade to latest models.
-
-Release note for `1.11.0-amd64-<locale-and-voice>`:
-
-**Feature**
-* More error details for issues when fetching custom models by ID.
-
-Release note for `1.9.0-amd64-<locale-and-voice>`:
-
-* Regular monthly release
-
-Release note for `1.8.0-amd64-<locale-and-voice>`:
-
-**Feature**
-
-* Fully migrated to .NET 3.1
-
-Release note for `1.7.0-amd64-<locale-and-voice>`:
-
-**Feature**
-
-* Upgraded components to .NET 3.1
-
-| Image Tags | Notes |
-||:--|
-| `1.12.0-amd64-<locale-and-voice>` | Replace `<locale>` with one of the available locales, listed below. For example `1.12.0-amd64-en-us-ariarus`. |
-| `1.11.0-amd64-<locale-and-voice>` | Replace `<locale>` with one of the available locales, listed below. For example `1.11.0-amd64-en-us-ariarus`. |
-| `1.9.0-amd64-<locale-and-voice>` | Replace `<locale>` with one of the available locales, listed below. For example `1.9.0-amd64-en-us-ariarus`. |
-| `1.8.0-amd64-<locale-and-voice>` | Replace `<locale>` with one of the available locales, listed below. For example `1.8.0-amd64-en-us-ariarus`. |
-| `1.7.0-amd64-<locale-and-voice>` | 1st GA version. Replace `<locale>` with one of the available locales, listed below. For example `1.7.0-amd64-en-us-ariarus`. |
- | Locales for v1.12.0 | Notes | Digest | ||:|:-| | `ar-eg-hoda` | Container image with the `ar-EG` locale and `ar-EG-Hoda` voice. | `sha256:987e6b3e9e13570eb29117e87829a4905b35c712a0f36429dd6404793af31627` |
This container image has the following tags available. You can also find a full
# [Latest version](#tab/current)
-Release notes for `v1.5.0`:
+Release notes for `v1.6.0`:
* Upgrade to latest models with quality improvements and bug fixes
-* Support up to 38 neural voices
| Image Tags | Notes | ||:| | `latest` | Container image with the `en-US` locale and `en-US-AriaNeural` voice. |
-| `1.5.0-amd64-<locale-and-voice>` | Replace `<locale>` with one of the available locales, listed below. For example `1.5.0-amd64-en-us-arianeural`. |
-
+| `1.6.0-amd64-<locale-and-voice>` | Replace `<locale>` with one of the available locales, listed below. For example `1.6.0-amd64-en-us-arianeural`. |
| v1.5.0 Locales and voices | Notes | |-|:|
Release notes for `v1.5.0`:
# [Previous version](#tab/previous)
+Release notes for `v1.5.0`:
+* Upgrade to latest models with quality improvements and bug fixes
+* Support up to 38 neural voices
+ Release notes for `v1.4.0`: * Upgrade to latest models. * The CPU cost and latency was reduced.
Release notes for `v1.3.0`:
| Image Tags | Notes | ||:|
+| `1.5.0-amd64-<locale-and-voice>` | Replace `<locale>` with one of the available locales, listed below. For example `1.5.0-amd64-en-us-arianeural`. |
| `1.4.0-amd64-<locale-and-voice>` | Replace `<locale>` with one of the available locales, listed below. For example `1.4.0-amd64-en-us-arianeural`. | | `1.3.0-amd64-<locale-and-voice>-preview` | Replace `<locale>` with one of the available locales, listed below. For example `1.3.0-amd64-en-us-arianeural-preview`. | | `1.2.0-amd64-<locale-and-voice>-preview` | Replace `<locale>` with one of the available locales, listed below. For example `1.2.0-amd64-en-us-arianeural-preview`. |
+| v1.5.0 Locales and voices | Notes |
+|-|:|
+| `de-de-conradneural` | Container image with the `de-DE` locale and `de-DE-ConradNeural` voice. |
+| `de-de-katjaneural` | Container image with the `de-DE` locale and `de-DE-KatjaNeural` voice. |
+| `en-au-natashaneural` | Container image with the `en-AU` locale and `en-AU-NatashaNeural` voice. |
+| `en-au-williamneural` | Container image with the `en-AU` locale and `en-AU-WilliamNeural` voice. |
+| `en-ca-claraneural` | Container image with the `en-CA` locale and `en-CA-ClaraNeural` voice. |
+| `en-ca-liamneural` | Container image with the `en-CA` locale and `en-CA-LiamNeural` voice. |
+| `en-gb-libbyneural` | Container image with the `en-GB` locale and `en-GB-LibbyNeural` voice. |
+| `en-gb-mianeural` | Container image with the `en-GB` locale and `en-GB-MiaNeural` voice. |
+| `en-gb-ryanneural` | Container image with the `en-GB` locale and `en-GB-RyanNeural` voice. |
+| `en-us-arianeural` | Container image with the `en-US` locale and `en-US-AriaNeural` voice. |
+| `en-us-guyneural` | Container image with the `en-US` locale and `en-US-GuyNeural` voice. |
+| `en-us-jennyneural` | Container image with the `en-US` locale and `en-US-JennyNeural` voice. |
+| `es-es-alvaroneural` | Container image with the `es-ES` locale and `es-ES-AlvaroNeural` voice. |
+| `es-es-elviraneural` | Container image with the `es-ES` locale and `es-ES-ElviraNeural` voice. |
+| `es-mx-dalianeural` | Container image with the `es-MX` locale and `es-MX-DaliaNeural` voice. |
+| `es-mx-jorgeneural` | Container image with the `es-MX` locale and `es-MX-JorgeNeural` voice. |
+| `fr-ca-antoineneural` | Container image with the `fr-CA` locale and `fr-CA-AntoineNeural` voice. |
+| `fr-ca-jeanneural` | Container image with the `fr-CA` locale and `fr-CA-JeanNeural` voice. |
+| `fr-ca-sylvieneural` | Container image with the `fr-CA` locale and `fr-CA-SylvieNeural` voice. |
+| `fr-fr-deniseneural` | Container image with the `fr-FR` locale and `fr-FR-DeniseNeural` voice. |
+| `fr-fr-henrineural` | Container image with the `fr-FR` locale and `fr-FR-HenriNeural` voice. |
+| `hi-in-madhurneural` | Container image with the `hi-IN` locale and `hi-IN-MadhurNeural` voice. |
+| `hi-in-swaraneural` | Container image with the `hi-IN` locale and `hi-IN-Swaraneural` voice. |
+| `it-it-diegoneural` | Container image with the `it-IT` locale and `it-IT-DiegoNeural` voice. |
+| `it-it-elsaneural` | Container image with the `it-IT` locale and `it-IT-ElsaNeural` voice. |
+| `it-it-isabellaneural` | Container image with the `it-IT` locale and `it-IT-IsabellaNeural` voice. |
+| `ja-jp-keitaneural` | Container image with the `ja-JP` locale and `ja-JP-KeitaNeural` voice. |
+| `ja-jp-nanamineural` | Container image with the `ja-JP` locale and `ja-JP-NanamiNeural` voice. |
+| `ko-kr-injoonneural` | Container image with the `ko-KR` locale and `ko-KR-InJoonNeural` voice. |
+| `ko-kr-sunhineural` | Container image with the `ko-KR` locale and `ko-KR-SunHiNeural` voice. |
+| `pt-br-antonioneural` | Container image with the `pt-BR` locale and `pt-BR-AntonioNeural` voice. |
+| `pt-br-franciscaneural` | Container image with the `pt-BR` locale and `pt-BR-FranciscaNeural` voice. |
+| `tr-tr-ahmetneural` | Container image with the `tr-TR` locale and `tr-TR-AhmetNeural` voice. |
+| `tr-tr-emelneural` | Container image with the `tr-TR` locale and `tr-TR-EmelNeural` voice. |
+| `zh-cn-xiaoxiaoneural` | Container image with the `zh-CN` locale and `zh-CN-XiaoxiaoNeural` voice. |
+| `zh-cn-xiaoyouneural` | Container image with the `zh-CN` locale and `zh-CN-XiaoYouNeural` voice. |
+| `zh-cn-yunyangneural` | Container image with the `zh-CN` locale and `zh-CN-YunYangNeural` voice. |
+| `zh-cn-yunyeneural` | Container image with the `zh-CN` locale and `zh-CN-YunYeNeural` voice. |
+ | v1.4.0 Locales and voices | Notes | |-|:| | `de-de-katjaneural` | Container image with the `de-DE` locale and `de-DE-KatjaNeural` voice. |
cognitive-services Policy Reference https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/policy-reference.md
Title: Built-in policy definitions for Azure Cognitive Services description: Lists Azure Policy built-in policy definitions for Azure Cognitive Services. These built-in policy definitions provide common approaches to managing your Azure resources. Previously updated : 05/04/2021 Last updated : 05/14/2021
cognitive-services Security Controls Policy https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/security-controls-policy.md
Title: Azure Policy Regulatory Compliance controls for Azure Cognitive Services description: Lists Azure Policy Regulatory Compliance controls available for Azure Cognitive Services. These built-in policy definitions provide common approaches to managing the compliance of your Azure resources. Previously updated : 05/04/2021 Last updated : 05/14/2021
communication-services Calling Client Samples https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/communication-services/quickstarts/voice-video-calling/calling-client-samples.md
Get started with Azure Communication Services by using the Communication Service
::: zone-end ::: zone pivot="platform-windows" ::: zone-end ## Clean up resources
communication-services Get Started With Video Calling https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/communication-services/quickstarts/voice-video-calling/get-started-with-video-calling.md
Last updated 03/10/2021
-zone_pivot_groups: acs-plat-web-ios-android
+zone_pivot_groups: acs-plat-web-ios-android-windows
# QuickStart: Add 1:1 video calling to your app
zone_pivot_groups: acs-plat-web-ios-android
[!INCLUDE [Video calling with iOS](./includes/video-calling-ios.md)] ::: zone-end + ## Clean up resources If you want to clean up and remove a Communication Services subscription, you can delete the resource or resource group. Deleting the resource group also deletes any other resources associated with it. Learn more about [cleaning up resources](../create-communication-resource.md?pivots=platform-azp&tabs=windows#clean-up-resources).
For more information, see the following articles:
- Check out our [web calling sample](../../samples/web-calling-sample.md) - Learn about [Calling SDK capabilities](./calling-client-samples.md?pivots=platform-web)-- Learn more about [how calling works](../../concepts/voice-video-calling/about-call-types.md)
+- Learn more about [how calling works](../../concepts/voice-video-calling/about-call-types.md)
container-instances Policy Reference https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/container-instances/policy-reference.md
Title: Built-in policy definitions for Azure Container Instances description: Lists Azure Policy built-in policy definitions for Azure Container Instances. These built-in policy definitions provide common approaches to managing your Azure resources. Previously updated : 05/04/2021 Last updated : 05/14/2021
container-registry Policy Reference https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/container-registry/policy-reference.md
Title: Built-in policy definitions for Azure Container Registry description: Lists Azure Policy built-in policy definitions for Azure Container Registry. These built-in policy definitions provide common approaches to managing your Azure resources. Previously updated : 05/04/2021 Last updated : 05/14/2021
container-registry Security Controls Policy https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/container-registry/security-controls-policy.md
Title: Azure Policy Regulatory Compliance controls for Azure Container Registry description: Lists Azure Policy Regulatory Compliance controls available for Azure Container Registry. These built-in policy definitions provide common approaches to managing the compliance of your Azure resources. Previously updated : 05/04/2021 Last updated : 05/14/2021
cosmos-db Create Cosmosdb Resources Portal https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cosmos-db/create-cosmosdb-resources-portal.md
ms.devlang: dotnet Previously updated : 11/10/2020 Last updated : 05/13/2021 # Quickstart: Create an Azure Cosmos account, database, container, and items from the Azure portal [!INCLUDE[appliesto-sql-api](includes/appliesto-sql-api.md)]
Go to the [Azure portal](https://portal.azure.com/) to create an Azure Cosmos DB
<a id="create-container-database"></a> ## Add a database and a container
-You can use the Data Explorer in the Azure portal to create a database and container.
+You can use the Data Explorer in the Azure portal to create a database and container.
+
+1. Select **Data Explorer** from the left navigation on your Azure Cosmos DB account page, and then select **New Container**.
-1. Select **Data Explorer** from the left navigation on your Azure Cosmos DB account page, and then select **New Container**.
-
You may need to scroll right to see the **Add Container** window.
-
- :::image type="content" source="./media/create-sql-api-dotnet/azure-cosmosdb-data-explorer-dotnet.png" alt-text="The Azure portal Data Explorer, Add Container pane":::
-
-1. In the **Add container** pane, enter the settings for the new container.
-
+
+ :::image type="content" source="./media/create-cosmosdb-resources-portal/add-database-container.png" alt-text="The Azure portal Data Explorer, Add Container pane":::
+
+1. In the **Add container** pane, enter the settings for the new container.
+ |Setting|Suggested value|Description ||||
- |**Database ID**|ToDoList|Enter *ToDoList* as the name for the new database. Database names must contain from 1 through 255 characters, and they cannot contain `/, \\, #, ?`, or a trailing space. Check the **Provision database throughput** option, it allows you to share the throughput provisioned to the database across all the containers within the database. This option also helps with cost savings. |
- |**Throughput**|400|Leave the throughput at 400 request units per second (RU/s). If you want to reduce latency, you can scale up the throughput later.<br><br>**Note**: This setting is not available when creating a new container in a serverless account.|
+ |**Database ID**|ToDoList|Enter *ToDoList* as the name for the new database. Database names must contain from 1 through 255 characters, and they cannot contain `/, \\, #, ?`, or a trailing space. Check the **Share throughput across containers** option, it allows you to share the throughput provisioned on the database across all the containers within the database. This option also helps with cost savings. |
+ | **Database throughput**| You can provision **Autoscale** or **Manual** throughput. Manual throughput allows you to scale RU/s yourself whereas autoscale throughput allows the system to scale RU/s based on usage. Select **Manual** for this example. <br><br> Leave the throughput at 400 request units per second (RU/s). If you want to reduce latency, you can scale up the throughput later by estimating the required RU/s with the [capacity calculator](estimate-ru-with-capacity-planner.md).<br><br>**Note**: This setting is not available when creating a new container in a serverless account. |
|**Container ID**|Items|Enter *Items* as the name for your new container. Container IDs have the same character requirements as database names.| |**Partition key**| /category| The sample described in this article uses */category* as the partition key.|
-
- Don't add **Unique keys** for this example. Unique keys let you add a layer of data integrity to the database by ensuring the uniqueness of one or more values per partition key. For more information, see [Unique keys in Azure Cosmos DB](unique-keys.md).
-
-1. Select **OK**. The Data Explorer displays the new database and the container that you created.
+ Don't add **Unique keys** or turn on **Analytical store** for this example. Unique keys let you add a layer of data integrity to the database by ensuring the uniqueness of one or more values per partition key. For more information, see [Unique keys in Azure Cosmos DB.](unique-keys.md) [Analytical store](analytical-store-introduction.md) is used to enable large-scale analytics against operational data without any impact to your transactional workloads.
+
+1. Select **OK**. The Data Explorer displays the new database and the container that you created.
## Add data to your database
cosmos-db Create Sql Api Nodejs https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cosmos-db/create-sql-api-nodejs.md
The "try Azure Cosmos DB for free" option doesn't require an Azure subscription
## Add a container
-You can now use the Data Explorer tool in the Azure portal to create a database and container.
-
-1. Select **Data Explorer** > **New Container**.
-
- The **Add Container** area is displayed on the far right, you may need to scroll right to see it.
-
- :::image type="content" source="./media/create-sql-api-nodejs/azure-cosmosdb-data-explorer.png" alt-text="The Azure portal Data Explorer, Add Container pane":::
-
-2. In the **Add container** page, enter the settings for the new container.
-
- | Setting | Suggested value | Description |
- | -- | | - |
- | **Database ID** | Tasks | Enter _Tasks_ as the name for the new database. Database names must contain from 1 through 255 characters, and they cannot contain `/, \\, #, ?`, or a trailing space. Check the **Provision database throughput** option, it allows you to share the throughput provisioned to the database across all the containers within the database. This option also helps with cost savings. |
- | **Throughput** | 400 | Leave the throughput at 400 request units per second (RU/s). If you want to reduce latency, you can scale up the throughput later. |
- | **Container ID** | Items | Enter _Items_ as the name for your new container. Container IDs have the same character requirements as database names. |
- | **Partition key** | /category | The sample described in this article uses _/category_ as the partition key. |
-
- In addition to the preceding settings, you can optionally add **Unique keys** for the container. Let's leave the field empty in this example. Unique keys provide developers with the ability to add a layer of data integrity to the database. By creating a unique key policy while creating a container, you ensure the uniqueness of one or more values per partition key. To learn more, refer to the [Unique keys in Azure Cosmos DB](unique-keys.md) article.
-
- Select **OK**. The Data Explorer displays the new database and container.
## Add sample data
cosmos-db Create Sql Api Python https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cosmos-db/create-sql-api-python.md
In this quickstart, you create and manage an Azure Cosmos DB SQL API account fro
## Add a container
-You can now use the Data Explorer tool in the Azure portal to create a database and container.
-
-1. Select **Data Explorer** > **New Container**.
-
- The **Add Container** area is displayed on the far right, you may need to scroll right to see it.
-
- :::image type="content" source="./media/create-sql-api-python/azure-cosmosdb-data-explorer.png" alt-text="The Azure portal Data Explorer, Add Container pane":::
-
-2. In the **Add container** page, enter the settings for the new container.
-
- |Setting|Suggested value|Description
- ||||
- |**Database ID**|Tasks|Enter *Tasks* as the name for the new database. Database names must contain from 1 through 255 characters, and they cannot contain `/, \\, #, ?`, or a trailing space. Check the **Provision database throughput** option, it allows you to share the throughput provisioned to the database across all the containers within the database. This option also helps with cost savings. |
- |**Throughput**|400|Leave the throughput at 400 request units per second (RU/s). If you want to reduce latency, you can scale up the throughput later.|
- |**Container ID**|Items|Enter *Items* as the name for your new container. Container IDs have the same character requirements as database names.|
- |**Partition key**| /category| The sample described in this article uses */category* as the partition key.|
-
- In addition to the preceding settings, you can optionally add **Unique keys** for the container. Let's leave the field empty in this example. Unique keys provide developers with the ability to add a layer of data integrity to the database. By creating a unique key policy while creating a container, you ensure the uniqueness of one or more values per partition key. To learn more, refer to the [Unique keys in Azure Cosmos DB](unique-keys.md) article.
-
- Select **OK**. The Data Explorer displays the new database and container.
## Add sample data
cosmos-db Create Sql Api Spring Data https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cosmos-db/create-sql-api-spring-data.md
In this quickstart, you create and manage an Azure Cosmos DB SQL API account fro
> See these articles for information about Spring Data on other Azure Cosmos DB APIs: > * [Spring Data for Apache Cassandra with Azure Cosmos DB](/azure/developer/java/spring-framework/configure-spring-data-apache-cassandra-with-cosmos-db) > * [Spring Data MongoDB with Azure Cosmos DB](/azure/developer/java/spring-framework/configure-spring-data-mongodb-with-cosmos-db)
-> * [Spring Data Gremlin with Azure Cosmos DB](/azure/developer/java/spring-framework/configure-spring-data-gremlin-java-app-with-cosmos-db)
> ## Prerequisites
cosmos-db Plan Manage Costs https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cosmos-db/plan-manage-costs.md
If you plan to use Azure Cosmos DB in provisioned throughput mode, use the [Azur
The following screenshot shows the throughput and cost estimation by using the capacity calculator: ### <a id="estimating-serverless-costs"></a> Estimate serverless costs
cosmos-db Policy Reference https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cosmos-db/policy-reference.md
Title: Built-in policy definitions for Azure Cosmos DB description: Lists Azure Policy built-in policy definitions for Azure Cosmos DB. These built-in policy definitions provide common approaches to managing your Azure resources. Previously updated : 05/04/2021 Last updated : 05/14/2021
cosmos-db Security Controls Policy https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cosmos-db/security-controls-policy.md
Title: Azure Policy Regulatory Compliance controls for Azure Cosmos DB description: Lists Azure Policy Regulatory Compliance controls available for Azure Cosmos DB. These built-in policy definitions provide common approaches to managing the compliance of your Azure resources. Previously updated : 05/04/2021 Last updated : 05/14/2021
cosmos-db Sql Api Sdk Java Spring V2 https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cosmos-db/sql-api-sdk-java-spring-v2.md
You can use Spring Data Azure Cosmos DB in your [Azure Spring Cloud](https://azu
> See the following articles for information about Spring Data on other Azure Cosmos DB APIs: > * [Spring Data for Apache Cassandra with Azure Cosmos DB](/azure/developer/java/spring-framework/configure-spring-data-apache-cassandra-with-cosmos-db) > * [Spring Data MongoDB with Azure Cosmos DB](/azure/developer/java/spring-framework/configure-spring-data-mongodb-with-cosmos-db)
-> * [Spring Data Gremlin with Azure Cosmos DB](/azure/developer/java/spring-framework/configure-spring-data-gremlin-java-app-with-cosmos-db)
> > Want to get going fast? > 1. Install the [minimum supported Java runtime, JDK 8](/java/azure/jdk/), so you can use the SDK.
cosmos-db Sql Api Sdk Java Spring V3 https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cosmos-db/sql-api-sdk-java-spring-v3.md
You can use Spring Data Azure Cosmos DB in your [Azure Spring Cloud](https://azu
> See these articles for information about Spring Data on other Azure Cosmos DB APIs: > * [Spring Data for Apache Cassandra with Azure Cosmos DB](/azure/developer/java/spring-framework/configure-spring-data-apache-cassandra-with-cosmos-db) > * [Spring Data MongoDB with Azure Cosmos DB](/azure/developer/java/spring-framework/configure-spring-data-mongodb-with-cosmos-db)
-> * [Spring Data Gremlin with Azure Cosmos DB](/azure/developer/java/spring-framework/configure-spring-data-gremlin-java-app-with-cosmos-db)
> ## Get started fast
cosmos-db Sql Api Spring Data Sdk Samples https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cosmos-db/sql-api-spring-data-sdk-samples.md
> See these articles for information about Spring Data on other Azure Cosmos DB APIs: > * [Spring Data for Apache Cassandra with Azure Cosmos DB](/azure/developer/java/spring-framework/configure-spring-data-apache-cassandra-with-cosmos-db) > * [Spring Data MongoDB with Azure Cosmos DB](/azure/developer/java/spring-framework/configure-spring-data-mongodb-with-cosmos-db)
-> * [Spring Data Gremlin with Azure Cosmos DB](/azure/developer/java/spring-framework/configure-spring-data-gremlin-java-app-with-cosmos-db)
> > [!IMPORTANT]
cost-management-billing Mca Request Billing Ownership https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cost-management-billing/manage/mca-request-billing-ownership.md
You may want to access your invoices for your old Microsoft Online Subscription
You must use your account administrator credentials for your old account if the credentials differ from those used to access your new Microsoft Customer Agreement account.
-1. Sign in to the Azure portal at https://azure.portal.com.
+1. Sign in to the Azure portal at https://portal.azure.com/.
1. Navigate to **Cost Management + Billing**. 1. Select **Billing Scopes** in the left pane. 1. Select the billing account associated with your Microsoft Online Subscription Agreement account.
data-factory Author Global Parameters https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/data-factory/author-global-parameters.md
For general use cases, it is recommended to include global parameters in the ARM
> The **Include in ARM template** configuration is only available in "Git mode". Currently it is disabled in "live mode" or "Data Factory" mode. In case of automatic publishing or Purview connection, do not use Include global parameters method; use PowerShell script method. > [!WARNING]
->You can not use ΓÇÿ-ΓÇÿ in the parameter name. You will receive an errorcode "{"code":"BadRequest","message":"ErrorCode=InvalidTemplate,ErrorMessage=The expression >'pipeline().globalParameters.myparam-dbtest-url' is not valid: .....}". But, you can use the ΓÇÿ_ΓÇÖ in the parameter name.
+>You cannot use ΓÇÿ-ΓÇÿ in the parameter name. You will receive an errorcode "{"code":"BadRequest","message":"ErrorCode=InvalidTemplate,ErrorMessage=The expression >'pipeline().globalParameters.myparam-dbtest-url' is not valid: .....}". But, you can use the ΓÇÿ_ΓÇÖ in the parameter name.
Adding global parameters to the ARM template adds a factory-level setting that will override other factory-level settings such as a customer-managed key or git configuration in other environments. If you have these settings enabled in an elevated environment such as UAT or PROD, it's better to deploy global parameters via a PowerShell script in the steps highlighted below.
data-factory Ci Cd Github Troubleshoot Guide https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/data-factory/ci-cd-github-troubleshoot-guide.md
Following section is not valid because package.json folder is not valid.
``` It should have DataFactory included in customCommand like *'run build validate $(Build.Repository.LocalPath)/DataFactory/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/testResourceGroup/providers/Microsoft.DataFactory/factories/yourFactoryName'*. Make sure the generated YAML file for higher stage should have required JSON artifacts.
+#### Git Repository or Purview Connection Disconnected
+
+#### Issue
+When deploying your Data Factory, your git repository or purview connection is disconnected.
+
+#### Cause
+If you have **Include in ARM template** selected for deploying global parameters, your factory is included in the ARM template. As a result, other factory properties will be removed upon deployment.
+
+#### Resolution
+Unselect **Include in ARM template** and deploy global parameters with PowerShell as described in Global parameters in CI/CD.
## Next steps
data-factory Connector Amazon S3 Compatible Storage https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/data-factory/connector-amazon-s3-compatible-storage.md
+
+ Title: Copy data from Amazon Simple Storage Service (S3) Compatible Storage
+description: Learn about how to copy data from Amazon S3 Compatible Storage to supported sink data stores by using Azure Data Factory.
+++++ Last updated : 05/11/2021++
+# Copy data from Amazon S3 Compatible Storage by using Azure Data Factory
+++
+This article outlines how to copy data from Amazon Simple Storage Service (Amazon S3) Compatible Storage. To learn about Azure Data Factory, read the [introductory article](introduction.md).
+++
+## Supported capabilities
+
+This Amazon S3 Compatible Storage connector is supported for the following activities:
+
+- [Copy activity](copy-activity-overview.md) with [supported source/sink matrix](copy-activity-overview.md)
+- [Lookup activity](control-flow-lookup-activity.md)
+- [GetMetadata activity](control-flow-get-metadata-activity.md)
+- [Delete activity](delete-activity.md)
+
+Specifically, this Amazon S3 Compatible Storage connector supports copying files as is or parsing files with the [supported file formats and compression codecs](supported-file-formats-and-compression-codecs.md). The connector uses [AWS Signature Version 4](https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html) to authenticate requests to S3. You can use this Amazon S3 Compatible Storage connector to copy data from any S3-compatible storage provider. Specify the corresponding service URL in the linked service configuration.
+++
+## Required permissions
+
+To copy data from Amazon S3 Compatible Storage, make sure you've been granted the following permissions for Amazon S3 object operations: `s3:GetObject` and `s3:GetObjectVersion`.
+
+If you use Data Factory UI to author, additional `s3:ListAllMyBuckets` and `s3:ListBucket`/`s3:GetBucketLocation` permissions are required for operations like testing connection to linked service and browsing from root. If you don't want to grant these permissions, you can choose "Test connection to file path" or "Browse from specified path" options from the UI.
+
+For the full list of Amazon S3 permissions, see [Specifying Permissions in a Policy](https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html) on the AWS site.
+
+## Getting started
++
+The following sections provide details about properties that are used to define Data Factory entities specific to Amazon S3 Compatible Storage.
+
+## Linked service properties
+
+The following properties are supported for an Amazon S3 Compatible linked service:
+
+| Property | Description | Required |
+|: |: |: |
+| type | The **type** property must be set to **AmazonS3Compatible**. | Yes |
+| accessKeyId | ID of the secret access key. |Yes |
+| secretAccessKey | The secret access key itself. Mark this field as a **SecureString** to store it securely in Data Factory, or [reference a secret stored in Azure Key Vault](store-credentials-in-key-vault.md). |Yes |
+| serviceUrl | Specify the custom S3 endpoint `https://<service url>`. | No |
+| forcePathStyle | Indicates whether to use S3 [path-style access](https://docs.aws.amazon.com/AmazonS3/latest/dev/VirtualHosting.html#path-style-access) instead of virtual hosted-style access. Allowed values are: **false** (default), **true**.<br> Check each data storeΓÇÖs documentation on if path-style access is needed or not. |No |
+| connectVia | The [integration runtime](concepts-integration-runtime.md) to be used to connect to the data store. You can use the Azure integration runtime or the self-hosted integration runtime (if your data store is in a private network). If this property isn't specified, the service uses the default Azure integration runtime. |No |
+++
+**Example:**
+
+```json
+{
+ "name": "AmazonS3CompatibleLinkedService",
+ "properties": {
+ "type": "AmazonS3Compatible",
+ "typeProperties": {
+ "accessKeyId": "<access key id>",
+ "secretAccessKey": {
+ "type": "SecureString",
+ "value": "<secret access key>"
+ }
+ },
+ "connectVia": {
+ "referenceName": "<name of Integration Runtime>",
+ "type": "IntegrationRuntimeReference"
+ }
+ }
+}
+```
+++
+## Dataset properties
+
+For a full list of sections and properties available for defining datasets, see the [Datasets](concepts-datasets-linked-services.md) article.
++
+The following properties are supported for Amazon S3 Compatible under `location` settings in a format-based dataset:
+
+| Property | Description | Required |
+| - | | -- |
+| type | The **type** property under `location` in a dataset must be set to **AmazonS3CompatibleLocation**. | Yes |
+| bucketName | The S3 Compatible Storage bucket name. | Yes |
+| folderPath | The path to the folder under the given bucket. If you want to use a wildcard to filter the folder, skip this setting and specify that in the activity source settings. | No |
+| fileName | The file name under the given bucket and folder path. If you want to use a wildcard to filter files, skip this setting and specify that in the activity source settings. | No |
+| version | The version of the S3 Compatible Storage object, if S3 Compatible Storage versioning is enabled. If it's not specified, the latest version will be fetched. |No |
+
+**Example:**
+
+```json
+{
+ "name": "DelimitedTextDataset",
+ "properties": {
+ "type": "DelimitedText",
+ "linkedServiceName": {
+ "referenceName": "<Amazon S3 Compatible Storage linked service name>",
+ "type": "LinkedServiceReference"
+ },
+ "schema": [ < physical schema, optional, auto retrieved during authoring > ],
+ "typeProperties": {
+ "location": {
+ "type": "AmazonS3CompatibleLocation",
+ "bucketName": "bucketname",
+ "folderPath": "folder/subfolder"
+ },
+ "columnDelimiter": ",",
+ "quoteChar": "\"",
+ "firstRowAsHeader": true,
+ "compressionCodec": "gzip"
+ }
+ }
+}
+```
+
+## Copy activity properties
+
+For a full list of sections and properties available for defining activities, see the [Pipelines](concepts-pipelines-activities.md) article. This section provides a list of properties that the Amazon S3 Compatible Storage source supports.
+
+### Amazon S3 Compatible Storage as a source type
++
+The following properties are supported for Amazon S3 Compatible Storage under `storeSettings` settings in a format-based copy source:
+
+| Property | Description | Required |
+| | | -- |
+| type | The **type** property under `storeSettings` must be set to **AmazonS3CompatibleReadSettings**. | Yes |
+| ***Locate the files to copy:*** | | |
+| OPTION 1: static path<br> | Copy from the given bucket or folder/file path specified in the dataset. If you want to copy all files from a bucket or folder, additionally specify `wildcardFileName` as `*`. | |
+| OPTION 2: S3 Compatible Storage prefix<br>- prefix | Prefix for the S3 Compatible Storage key name under the given bucket configured in a dataset to filter source S3 Compatible Storage files. S3 Compatible Storage keys whose names start with `bucket_in_dataset/this_prefix` are selected. It utilizes S3 Compatible Storage's service-side filter, which provides better performance than a wildcard filter.<br/><br/>When you use prefix and choose to copy to file-based sink with preserving hierarchy, note the sub-path after the last "/" in prefix will be preserved. For example, you have source `bucket/folder/subfolder/file.txt`, and configure prefix as `folder/sub`, then the preserved file path is `subfolder/file.txt`. | No |
+| OPTION 3: wildcard<br>- wildcardFolderPath | The folder path with wildcard characters under the given bucket configured in a dataset to filter source folders. <br>Allowed wildcards are: `*` (matches zero or more characters) and `?` (matches zero or single character). Use `^` to escape if your folder name has a wildcard or this escape character inside. <br>See more examples in [Folder and file filter examples](#folder-and-file-filter-examples). | No |
+| OPTION 3: wildcard<br>- wildcardFileName | The file name with wildcard characters under the given bucket and folder path (or wildcard folder path) to filter source files. <br>Allowed wildcards are: `*` (matches zero or more characters) and `?` (matches zero or single character). Use `^` to escape if your file name has a wildcard or this escape character inside. See more examples in [Folder and file filter examples](#folder-and-file-filter-examples). | Yes |
+| OPTION 4: a list of files<br>- fileListPath | Indicates to copy a given file set. Point to a text file that includes a list of files you want to copy, one file per line, which is the relative path to the path configured in the dataset.<br/>When you're using this option, do not specify a file name in the dataset. See more examples in [File list examples](#file-list-examples). |No |
+| ***Additional settings:*** | | |
+| recursive | Indicates whether the data is read recursively from the subfolders or only from the specified folder. Note that when **recursive** is set to **true** and the sink is a file-based store, an empty folder or subfolder isn't copied or created at the sink. <br>Allowed values are **true** (default) and **false**.<br>This property doesn't apply when you configure `fileListPath`. |No |
+| deleteFilesAfterCompletion | Indicates whether the binary files will be deleted from source store after successfully moving to the destination store. The file deletion is per file, so when copy activity fails, you will see some files have already been copied to the destination and deleted from source, while others are still remaining on source store. <br/>This property is only valid in binary files copy scenario. The default value: false. |No |
+| modifiedDatetimeStart | Files are filtered based on the attribute: last modified. <br>The files will be selected if their last modified time is within the time range between `modifiedDatetimeStart` and `modifiedDatetimeEnd`. The time is applied to a UTC time zone in the format of "2018-12-01T05:00:00Z". <br> The properties can be **NULL**, which means no file attribute filter will be applied to the dataset. When `modifiedDatetimeStart` has a datetime value but `modifiedDatetimeEnd` is **NULL**, the files whose last modified attribute is greater than or equal to the datetime value will be selected. When `modifiedDatetimeEnd` has a datetime value but `modifiedDatetimeStart` is **NULL**, the files whose last modified attribute is less than the datetime value will be selected.<br/>This property doesn't apply when you configure `fileListPath`. | No |
+| modifiedDatetimeEnd | Same as above. | No |
+| enablePartitionDiscovery | For files that are partitioned, specify whether to parse the partitions from the file path and add them as additional source columns.<br/>Allowed values are **false** (default) and **true**. | No |
+| partitionRootPath | When partition discovery is enabled, specify the absolute root path in order to read partitioned folders as data columns.<br/><br/>If it is not specified, by default,<br/>- When you use file path in dataset or list of files on source, partition root path is the path configured in dataset.<br/>- When you use wildcard folder filter, partition root path is the sub-path before the first wildcard.<br/>- When you use prefix, partition root path is sub-path before the last "/". <br/><br/>For example, assuming you configure the path in dataset as "root/folder/year=2020/month=08/day=27":<br/>- If you specify partition root path as "root/folder/year=2020", copy activity will generate two more columns `month` and `day` with value "08" and "27" respectively, in addition to the columns inside the files.<br/>- If partition root path is not specified, no extra column will be generated. | No |
+| maxConcurrentConnections |The upper limit of concurrent connections established to the data store during the activity run. Specify a value only when you want to limit concurrent connections.| No |
+
+**Example:**
+
+```json
+"activities":[
+ {
+ "name": "CopyFromAmazonS3CompatibleStorage",
+ "type": "Copy",
+ "inputs": [
+ {
+ "referenceName": "<Delimited text input dataset name>",
+ "type": "DatasetReference"
+ }
+ ],
+ "outputs": [
+ {
+ "referenceName": "<output dataset name>",
+ "type": "DatasetReference"
+ }
+ ],
+ "typeProperties": {
+ "source": {
+ "type": "DelimitedTextSource",
+ "formatSettings":{
+ "type": "DelimitedTextReadSettings",
+ "skipLineCount": 10
+ },
+ "storeSettings":{
+ "type": "AmazonS3CompatibleReadSettings",
+ "recursive": true,
+ "wildcardFolderPath": "myfolder*A",
+ "wildcardFileName": "*.csv"
+ }
+ },
+ "sink": {
+ "type": "<sink type>"
+ }
+ }
+ }
+]
+```
+
+### Folder and file filter examples
+
+This section describes the resulting behavior of the folder path and file name with wildcard filters.
+
+| bucket | key | recursive | Source folder structure and filter result (files in bold are retrieved)|
+|: |: |: |: |
+| bucket | `Folder*/*` | false | bucket<br/>&nbsp;&nbsp;&nbsp;&nbsp;FolderA<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;**File1.csv**<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;**File2.json**<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Subfolder1<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;File3.csv<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;File4.json<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;File5.csv<br/>&nbsp;&nbsp;&nbsp;&nbsp;AnotherFolderB<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;File6.csv |
+| bucket | `Folder*/*` | true | bucket<br/>&nbsp;&nbsp;&nbsp;&nbsp;FolderA<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;**File1.csv**<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;**File2.json**<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Subfolder1<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;**File3.csv**<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;**File4.json**<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;**File5.csv**<br/>&nbsp;&nbsp;&nbsp;&nbsp;AnotherFolderB<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;File6.csv |
+| bucket | `Folder*/*.csv` | false | bucket<br/>&nbsp;&nbsp;&nbsp;&nbsp;FolderA<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;**File1.csv**<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;File2.json<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Subfolder1<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;File3.csv<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;File4.json<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;File5.csv<br/>&nbsp;&nbsp;&nbsp;&nbsp;AnotherFolderB<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;File6.csv |
+| bucket | `Folder*/*.csv` | true | bucket<br/>&nbsp;&nbsp;&nbsp;&nbsp;FolderA<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;**File1.csv**<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;File2.json<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Subfolder1<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;**File3.csv**<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;File4.json<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;**File5.csv**<br/>&nbsp;&nbsp;&nbsp;&nbsp;AnotherFolderB<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;File6.csv |
+
+### File list examples
+
+This section describes the resulting behavior of using a file list path in a Copy activity source.
+
+Assume that you have the following source folder structure and want to copy the files in bold:
+
+| Sample source structure | Content in FileListToCopy.txt | Data Factory configuration |
+| | | |
+| bucket<br/>&nbsp;&nbsp;&nbsp;&nbsp;FolderA<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;**File1.csv**<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;File2.json<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Subfolder1<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;**File3.csv**<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;File4.json<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;**File5.csv**<br/>&nbsp;&nbsp;&nbsp;&nbsp;Metadata<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;FileListToCopy.txt | File1.csv<br>Subfolder1/File3.csv<br>Subfolder1/File5.csv | **In dataset:**<br>- Bucket: `bucket`<br>- Folder path: `FolderA`<br><br>**In Copy activity source:**<br>- File list path: `bucket/Metadata/FileListToCopy.txt` <br><br>The file list path points to a text file in the same data store that includes a list of files you want to copy, one file per line, with the relative path to the path configured in the dataset. |
++
+## Lookup activity properties
+
+To learn details about the properties, check [Lookup activity](control-flow-lookup-activity.md).
+
+## GetMetadata activity properties
+
+To learn details about the properties, check [GetMetadata activity](control-flow-get-metadata-activity.md).
+
+## Delete activity properties
+
+To learn details about the properties, check [Delete activity](delete-activity.md).
++
+## Next steps
+For a list of data stores that the Copy activity in Azure Data Factory supports as sources and sinks, see [Supported data stores](copy-activity-overview.md#supported-data-stores-and-formats).
data-factory Connector Amazon Simple Storage Service https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/data-factory/connector-amazon-simple-storage-service.md
This Amazon S3 connector is supported for the following activities:
Specifically, this Amazon S3 connector supports copying files as is or parsing files with the [supported file formats and compression codecs](supported-file-formats-and-compression-codecs.md). You can also choose to [preserve file metadata during copy](#preserve-metadata-during-copy). The connector uses [AWS Signature Version 4](https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html) to authenticate requests to S3. >[!TIP]
->You can use this Amazon S3 connector to copy data from *any S3-compatible storage provider*, such as [Google Cloud Storage](connector-google-cloud-storage.md). Specify the corresponding service URL in the linked service configuration.
+>If you want to copy data from *any S3-compatible storage provider*, see [Amazon S3 Compatible Storage](connector-amazon-s3-compatible-storage.md).
## Required permissions
The following properties are supported for an Amazon S3 linked service:
| accessKeyId | ID of the secret access key. |Yes | | secretAccessKey | The secret access key itself. Mark this field as a **SecureString** to store it securely in Data Factory, or [reference a secret stored in Azure Key Vault](store-credentials-in-key-vault.md). |Yes | | sessionToken | Applicable when using [temporary security credentials](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html) authentication. Learn how to [request temporary security credentials](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getsessiontoken) from AWS.<br>Note AWS temporary credential expires between 15 minutes to 36 hours based on settings. Make sure your credential is valid when activity executes, especially for operationalized workload - for example, you can refresh it periodically and store it in Azure Key Vault.<br>Mark this field as a **SecureString** to store it securely in Data Factory, or [reference a secret stored in Azure Key Vault](store-credentials-in-key-vault.md). |No |
-| serviceUrl | Specify the custom S3 endpoint if you're copying data from an S3-compatible storage provider other than the official Amazon S3 service. For example, to copy data from Google Cloud Storage, specify `https://storage.googleapis.com`. | No |
-| forcePathStyle | Indicates whether to use S3 [path-style access](https://docs.aws.amazon.com/AmazonS3/latest/dev/VirtualHosting.html#path-style-access) instead of virtual hosted-style access. Allowed values are: **false** (default), **true**.<br>If you're connecting to S3-compatible storage provider other than the official Amazon S3 service, and that data store requires path-style access (for example, [Oracle Cloud Storage](https://docs.oracle.com/iaas/Content/Object/Tasks/s3compatibleapi.htm)), set this property to true. Check each data storeΓÇÖs documentation on if path-style access is needed or not. |No |
+| serviceUrl | Specify the custom S3 endpoint `https://<service url>`. | No |
| connectVia | The [integration runtime](concepts-integration-runtime.md) to be used to connect to the data store. You can use the Azure integration runtime or the self-hosted integration runtime (if your data store is in a private network). If this property isn't specified, the service uses the default Azure integration runtime. |No |
->[!TIP]
->Specify the custom S3 service URL if you're copying data from an S3-compatible storage other than the official Amazon S3 service.
**Example: using access key authentication**
data-factory Connector Azure Cosmos Db Mongodb Api https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/data-factory/connector-azure-cosmos-db-mongodb-api.md
Last updated 11/20/2019
This article outlines how to use Copy Activity in Azure Data Factory to copy data from and to Azure Cosmos DB's API for MongoDB. The article builds on [Copy Activity in Azure Data Factory](copy-activity-overview.md), which presents a general overview of Copy Activity. >[!NOTE]
->This connector only support copy data to/from Azure Cosmos DB's API for MongoDB. For SQL API, refer to [Cosmos DB SQL API connector](connector-azure-cosmos-db.md). Other API types are not supported now.
+>This connector only supports copy data to/from Azure Cosmos DB's API for MongoDB. For SQL API, refer to [Cosmos DB SQL API connector](connector-azure-cosmos-db.md). Other API types are not supported now.
## Supported capabilities
After copy activity execution, below BSON ObjectId is generated in sink:
## Next steps
-For a list of data stores that Copy Activity supports as sources and sinks in Azure Data Factory, see [supported data stores](copy-activity-overview.md#supported-data-stores-and-formats).
+For a list of data stores that Copy Activity supports as sources and sinks in Azure Data Factory, see [supported data stores](copy-activity-overview.md#supported-data-stores-and-formats).
data-factory Connector Dynamics Crm Office 365 https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/data-factory/connector-dynamics-crm-office-365.md
To copy data to Dynamics, the copy activity **sink** section supports the follow
| alternateKeyName | The alternate key name defined on your entity to do an upsert. | No. | | writeBatchSize | The row count of data written to Dynamics in each batch. | No. The default value is 10. | | ignoreNullValues | Whether to ignore null values from input data other than key fields during a write operation.<br/><br/>Valid values are **TRUE** and **FALSE**:<ul><li>**TRUE**: Leave the data in the destination object unchanged when you do an upsert or update operation. Insert a defined default value when you do an insert operation.</li><li>**FALSE**: Update the data in the destination object to a null value when you do an upsert or update operation. Insert a null value when you do an insert operation.</li></ul> | No. The default value is **FALSE**. |
-| maxConcurrentConnections |The upper limit of concurrent connections established to the data store during the activity run. Specify a value only when you want to limit concurrent connections.| No |
+| maxConcurrentConnections |The upper limit of concurrent connections established to the data store during the activity run. Specify a value only when you want to limit concurrent connections.| No |
>[!NOTE] >The default value for both the sink **writeBatchSize** and the copy activity **[parallelCopies](copy-activity-performance-features.md#parallel-copy)** for the Dynamics sink is 10. Therefore, 100 records are concurrently submitted by default to Dynamics.
data-factory Connector Oracle Cloud Storage https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/data-factory/connector-oracle-cloud-storage.md
+
+ Title: Copy data from Oracle Cloud Storage by using Azure Data Factory
+description: Learn about how to copy data from Oracle Cloud Storage to supported sink data stores by using Azure Data Factory.
+++ Last updated : 05/11/2021+++
+# Copy data from Oracle Cloud Storage by using Azure Data Factory
++
+This article outlines how to copy data from Oracle Cloud Storage. To learn about Azure Data Factory, read the [introductory article](introduction.md).
+
+## Supported capabilities
+
+This Oracle Cloud Storage connector is supported for the following activities:
+
+- [Copy activity](copy-activity-overview.md) with [supported source/sink matrix](copy-activity-overview.md)
+- [Lookup activity](control-flow-lookup-activity.md)
+- [GetMetadata activity](control-flow-get-metadata-activity.md)
+- [Delete activity](delete-activity.md)
+
+Specifically, this Oracle Cloud Storage connector supports copying files as is or parsing files with the [supported file formats and compression codecs](supported-file-formats-and-compression-codecs.md). It takes advantage of Oracle Cloud Storage's S3-compatible interoperability.
+
+## Prerequisites
+
+To copy data from Oracle Cloud Storage, please refer [here](https://docs.oracle.com/en-us/iaas/Content/Object/Tasks/s3compatibleapi.htm) for the prerequisites and required permission.
++
+## Getting started
++
+The following sections provide details about properties that are used to define Data Factory entities specific to Oracle Cloud Storage.
+
+## Linked service properties
+
+The following properties are supported for Oracle Cloud Storage linked
+
+| Property | Description | Required |
+|: |: |: |
+| type | The **type** property must be set to **OracleCloudStorage**. | Yes |
+| accessKeyId | ID of the secret access key. To find the access key and secret, see [Prerequisites](#prerequisites). |Yes |
+| secretAccessKey | The secret access key itself. Mark this field as **SecureString** to store it securely in Data Factory, or [reference a secret stored in Azure Key Vault](store-credentials-in-key-vault.md). |Yes |
+| serviceUrl | Specify the custom endpoint as `https://<namespace>.compat.objectstorage.<region identifier>.oraclecloud.com`. Refer [here](https://docs.oracle.com/en-us/iaas/Content/Object/Tasks/s3compatibleapi.htm) for more details | Yes |
+| connectVia | The [integration runtime](concepts-integration-runtime.md) to be used to connect to the data store. You can use the Azure integration runtime or the self-hosted integration runtime (if your data store is in a private network). If this property isn't specified, the service uses the default Azure integration runtime. |No |
+
+Here's an example:
+
+```json
+{
+ "name": "OracleCloudStorageLinkedService",
+ "properties": {
+ "type": "OracleCloudStorage",
+ "typeProperties": {
+ "accessKeyId": "<access key id>",
+ "secretAccessKey": {
+ "type": "SecureString",
+ "value": "<secret access key>"
+ },
+ "serviceUrl": "https://<namespace>.compat.objectstorage.<region identifier>.oraclecloud.com"
+ },
+ "connectVia": {
+ "referenceName": "<name of Integration Runtime>",
+ "type": "IntegrationRuntimeReference"
+ }
+ }
+}
+```
+
+## Dataset properties
++
+The following properties are supported for Oracle Cloud Storage under `location` settings in a format-based dataset:
+
+| Property | Description | Required |
+| - | | -- |
+| type | The **type** property under `location` in the dataset must be set to **OracleCloudStorageLocation**. | Yes |
+| bucketName | The Oracle Cloud Storage bucket name. | Yes |
+| folderPath | The path to folder under the given bucket. If you want to use a wildcard to filter the folder, skip this setting and specify that in activity source settings. | No |
+| fileName | The file name under the given bucket and folder path. If you want to use a wildcard to filter the files, skip this setting and specify that in activity source settings. | No |
+
+**Example:**
+
+```json
+{
+ "name": "DelimitedTextDataset",
+ "properties": {
+ "type": "DelimitedText",
+ "linkedServiceName": {
+ "referenceName": "<Oracle Cloud Storage linked service name>",
+ "type": "LinkedServiceReference"
+ },
+ "schema": [ < physical schema, optional, auto retrieved during authoring > ],
+ "typeProperties": {
+ "location": {
+ "type": "OracleCloudStorageLocation",
+ "bucketName": "bucketname",
+ "folderPath": "folder/subfolder"
+ },
+ "columnDelimiter": ",",
+ "quoteChar": "\"",
+ "firstRowAsHeader": true,
+ "compressionCodec": "gzip"
+ }
+ }
+}
+```
+
+## Copy activity properties
+
+For a full list of sections and properties available for defining activities, see the [Pipelines](concepts-pipelines-activities.md) article. This section provides a list of properties that the Oracle Cloud Storage source supports.
+
+### Oracle Cloud Storage as a source type
++
+The following properties are supported for Oracle Cloud Storage under `storeSettings` settings in a format-based copy source:
+
+| Property | Description | Required |
+| | | -- |
+| type | The **type** property under `storeSettings` must be set to **OracleCloudStorageReadSettings**. | Yes |
+| ***Locate the files to copy:*** | | |
+| OPTION 1: static path<br> | Copy from the given bucket or folder/file path specified in the dataset. If you want to copy all files from a bucket or folder, additionally specify `wildcardFileName` as `*`. | |
+| OPTION 2: Oracle Cloud Storage prefix<br>- prefix | Prefix for the Oracle Cloud Storage key name under the given bucket configured in the dataset to filter source Oracle Cloud Storage files. Oracle Cloud Storage keys whose names start with `bucket_in_dataset/this_prefix` are selected. It utilizes Oracle Cloud Storage's service-side filter, which provides better performance than a wildcard filter. | No |
+| OPTION 3: wildcard<br>- wildcardFolderPath | The folder path with wildcard characters under the given bucket configured in a dataset to filter source folders. <br>Allowed wildcards are: `*` (matches zero or more characters) and `?` (matches zero or single character). Use `^` to escape if your folder name has a wildcard or this escape character inside. <br>See more examples in [Folder and file filter examples](#folder-and-file-filter-examples). | No |
+| OPTION 3: wildcard<br>- wildcardFileName | The file name with wildcard characters under the given bucket and folder path (or wildcard folder path) to filter source files. <br>Allowed wildcards are: `*` (matches zero or more characters) and `?` (matches zero or single character). Use `^` to escape if your file name has a wildcard or this escape character inside. See more examples in [Folder and file filter examples](#folder-and-file-filter-examples). | Yes |
+| OPTION 3: a list of files<br>- fileListPath | Indicates to copy a given file set. Point to a text file that includes a list of files you want to copy, one file per line, which is the relative path to the path configured in the dataset.<br/>When you're using this option, do not specify the file name in the dataset. See more examples in [File list examples](#file-list-examples). |No |
+| ***Additional settings:*** | | |
+| recursive | Indicates whether the data is read recursively from the subfolders or only from the specified folder. Note that when **recursive** is set to **true** and the sink is a file-based store, an empty folder or subfolder isn't copied or created at the sink. <br>Allowed values are **true** (default) and **false**.<br>This property doesn't apply when you configure `fileListPath`. |No |
+| deleteFilesAfterCompletion | Indicates whether the binary files will be deleted from source store after successfully moving to the destination store. The file deletion is per file, so when copy activity fails, you will see some files have already been copied to the destination and deleted from source, while others are still remaining on source store. <br/>This property is only valid in binary files copy scenario. The default value: false. |No |
+| modifiedDatetimeStart | Files are filtered based on the attribute: last modified. <br>The files will be selected if their last modified time is within the time range between `modifiedDatetimeStart` and `modifiedDatetimeEnd`. The time is applied to the UTC time zone in the format of "2018-12-01T05:00:00Z". <br> The properties can be **NULL**, which means no file attribute filter will be applied to the dataset. When `modifiedDatetimeStart` has a datetime value but `modifiedDatetimeEnd` is **NULL**, the files whose last modified attribute is greater than or equal to the datetime value will be selected. When `modifiedDatetimeEnd` has a datetime value but `modifiedDatetimeStart` is **NULL**, the files whose last modified attribute is less than the datetime value will be selected.<br/>This property doesn't apply when you configure `fileListPath`. | No |
+| modifiedDatetimeEnd | Same as above. | No |
+| enablePartitionDiscovery | For files that are partitioned, specify whether to parse the partitions from the file path and add them as additional source columns.<br/>Allowed values are **false** (default) and **true**. | No |
+| partitionRootPath | When partition discovery is enabled, specify the absolute root path in order to read partitioned folders as data columns.<br/><br/>If it is not specified, by default,<br/>- When you use file path in dataset or list of files on source, partition root path is the path configured in dataset.<br/>- When you use wildcard folder filter, partition root path is the sub-path before the first wildcard.<br/><br/>For example, assuming you configure the path in dataset as "root/folder/year=2020/month=08/day=27":<br/>- If you specify partition root path as "root/folder/year=2020", copy activity will generate two more columns `month` and `day` with value "08" and "27" respectively, in addition to the columns inside the files.<br/>- If partition root path is not specified, no extra column will be generated. | No |
+| maxConcurrentConnections |The upper limit of concurrent connections established to the data store during the activity run. Specify a value only when you want to limit concurrent connections.| No |
+
+**Example:**
+
+```json
+"activities":[
+ {
+ "name": "CopyFromOracleCloudStorage",
+ "type": "Copy",
+ "inputs": [
+ {
+ "referenceName": "<Delimited text input dataset name>",
+ "type": "DatasetReference"
+ }
+ ],
+ "outputs": [
+ {
+ "referenceName": "<output dataset name>",
+ "type": "DatasetReference"
+ }
+ ],
+ "typeProperties": {
+ "source": {
+ "type": "DelimitedTextSource",
+ "formatSettings":{
+ "type": "DelimitedTextReadSettings",
+ "skipLineCount": 10
+ },
+ "storeSettings":{
+ "type": "OracleCloudStorageReadSettings",
+ "recursive": true,
+ "wildcardFolderPath": "myfolder*A",
+ "wildcardFileName": "*.csv"
+ }
+ },
+ "sink": {
+ "type": "<sink type>"
+ }
+ }
+ }
+]
+```
+
+### Folder and file filter examples
+
+This section describes the resulting behavior of the folder path and file name with wildcard filters.
+
+| bucket | key | recursive | Source folder structure and filter result (files in bold are retrieved)|
+|: |: |: |: |
+| bucket | `Folder*/*` | false | bucket<br/>&nbsp;&nbsp;&nbsp;&nbsp;FolderA<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;**File1.csv**<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;**File2.json**<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Subfolder1<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;File3.csv<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;File4.json<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;File5.csv<br/>&nbsp;&nbsp;&nbsp;&nbsp;AnotherFolderB<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;File6.csv |
+| bucket | `Folder*/*` | true | bucket<br/>&nbsp;&nbsp;&nbsp;&nbsp;FolderA<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;**File1.csv**<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;**File2.json**<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Subfolder1<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;**File3.csv**<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;**File4.json**<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;**File5.csv**<br/>&nbsp;&nbsp;&nbsp;&nbsp;AnotherFolderB<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;File6.csv |
+| bucket | `Folder*/*.csv` | false | bucket<br/>&nbsp;&nbsp;&nbsp;&nbsp;FolderA<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;**File1.csv**<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;File2.json<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Subfolder1<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;File3.csv<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;File4.json<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;File5.csv<br/>&nbsp;&nbsp;&nbsp;&nbsp;AnotherFolderB<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;File6.csv |
+| bucket | `Folder*/*.csv` | true | bucket<br/>&nbsp;&nbsp;&nbsp;&nbsp;FolderA<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;**File1.csv**<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;File2.json<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Subfolder1<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;**File3.csv**<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;File4.json<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;**File5.csv**<br/>&nbsp;&nbsp;&nbsp;&nbsp;AnotherFolderB<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;File6.csv |
+
+### File list examples
+
+This section describes the resulting behavior of using a file list path in the Copy activity source.
+
+Assume that you have the following source folder structure and want to copy the files in bold:
+
+| Sample source structure | Content in FileListToCopy.txt | Data Factory configuration |
+| | | |
+| bucket<br/>&nbsp;&nbsp;&nbsp;&nbsp;FolderA<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;**File1.csv**<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;File2.json<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Subfolder1<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;**File3.csv**<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;File4.json<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;**File5.csv**<br/>&nbsp;&nbsp;&nbsp;&nbsp;Metadata<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;FileListToCopy.txt | File1.csv<br>Subfolder1/File3.csv<br>Subfolder1/File5.csv | **In dataset:**<br>- Bucket: `bucket`<br>- Folder path: `FolderA`<br><br>**In copy activity source:**<br>- File list path: `bucket/Metadata/FileListToCopy.txt` <br><br>The file list path points to a text file in the same data store that includes a list of files you want to copy, one file per line, with the relative path to the path configured in the dataset. |
+
+## Lookup activity properties
+
+To learn details about the properties, check [Lookup activity](control-flow-lookup-activity.md).
+
+## GetMetadata activity properties
+
+To learn details about the properties, check [GetMetadata activity](control-flow-get-metadata-activity.md).
+
+## Delete activity properties
+
+To learn details about the properties, check [Delete activity](delete-activity.md).
++
+## Next steps
+For a list of data stores that the Copy activity in Azure Data Factory supports as sources and sinks, see [Supported data stores](copy-activity-overview.md#supported-data-stores-and-formats).
data-factory Control Flow Get Metadata Activity https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/data-factory/control-flow-get-metadata-activity.md
The Get Metadata activity takes a dataset as an input and returns metadata infor
| Connector/Metadata | itemName<br>(file/folder) | itemType<br>(file/folder) | size<br>(file) | created<br>(file/folder) | lastModified<sup>1</sup><br>(file/folder) |childItems<br>(folder) |contentMD5<br>(file) | structure<sup>2</sup><br/>(file) | columnCount<sup>2</sup><br>(file) | exists<sup>3</sup><br>(file/folder) | |: |: |: |: |: |: |: |: |: |: |: | | [Amazon S3](connector-amazon-simple-storage-service.md) | √/√ | √/√ | √ | x/x | √/√ | √ | x | √ | √ | √/√ |
+| [Amazon S3 Compatible Storage](connector-amazon-s3-compatible-storage.md) | √/√ | √/√ | √ | x/x | √/√ | √ | x | √ | √ | √/√ |
| [Google Cloud Storage](connector-google-cloud-storage.md) | √/√ | √/√ | √ | x/x | √/√ | √ | x | √ | √ | √/√ |
+| [Oracle Cloud Storage](connector-oracle-cloud-storage.md) | √/√ | √/√ | √ | x/x | √/√ | √ | x | √ | √ | √/√ |
| [Azure Blob storage](connector-azure-blob-storage.md) | √/√ | √/√ | √ | x/x | √/√ | √ | √ | √ | √ | √/√ | | [Azure Data Lake Storage Gen1](connector-azure-data-lake-store.md) | √/√ | √/√ | √ | x/x | √/√ | √ | x | √ | √ | √/√ | | [Azure Data Lake Storage Gen2](connector-azure-data-lake-storage.md) | √/√ | √/√ | √ | x/x | √/√ | √ | √ | √ | √ | √/√ |
The Get Metadata activity takes a dataset as an input and returns metadata infor
| [FTP](connector-ftp.md) | √/√ | √/√ | √ | x/x | x/x | √ | x | √ | √ | √/√ | <sup>1</sup> Metadata `lastModified`:-- For Amazon S3 and Google Cloud Storage, `lastModified` applies to the bucket and the key but not to the virtual folder, and `exists` applies to the bucket and the key but not to the prefix or virtual folder.
+- For Amazon S3, Amazon S3 Compatible Storage, Google Cloud Storage and Oracle Cloud Storage, `lastModified` applies to the bucket and the key but not to the virtual folder, and `exists` applies to the bucket and the key but not to the prefix or virtual folder.
- For Azure Blob storage, `lastModified` applies to the container and the blob but not to the virtual folder. <sup>2</sup> Metadata `structure` and `columnCount` are not supported when getting metadata from Binary, JSON, or XML files.
-<sup>3</sup> Metadata `exists`: For Amazon S3 and Google Cloud Storage, `exists` applies to the bucket and the key but not to the prefix or virtual folder.
+<sup>3</sup> Metadata `exists`: For Amazon S3, Amazon S3 Compatible Storage, Google Cloud Storage and Oracle Cloud Storage, `exists` applies to the bucket and the key but not to the prefix or virtual folder.
Note the following:
data-factory Copy Activity Overview https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/data-factory/copy-activity-overview.md
The [copy activity monitoring](copy-activity-monitoring.md) experience shows you
## Resume from last failed run
-Copy activity supports resume from last failed run when you copy large size of files as-is with binary format between file-based stores and choose to preserve the folder/file hierarchy from source to sink, e.g. to migrate data from Amazon S3 to Azure Data Lake Storage Gen2. It applies to the following file-based connectors: [Amazon S3](connector-amazon-simple-storage-service.md), [Azure Blob](connector-azure-blob-storage.md), [Azure Data Lake Storage Gen1](connector-azure-data-lake-store.md), [Azure Data Lake Storage Gen2](connector-azure-data-lake-storage.md), [Azure File Storage](connector-azure-file-storage.md), [File System](connector-file-system.md), [FTP](connector-ftp.md), [Google Cloud Storage](connector-google-cloud-storage.md), [HDFS](connector-hdfs.md), and [SFTP](connector-sftp.md).
+Copy activity supports resume from last failed run when you copy large size of files as-is with binary format between file-based stores and choose to preserve the folder/file hierarchy from source to sink, e.g. to migrate data from Amazon S3 to Azure Data Lake Storage Gen2. It applies to the following file-based connectors: [Amazon S3](connector-amazon-simple-storage-service.md), [Amazon S3 Compatible Storage](connector-amazon-s3-compatible-storage.md) [Azure Blob](connector-azure-blob-storage.md), [Azure Data Lake Storage Gen1](connector-azure-data-lake-store.md), [Azure Data Lake Storage Gen2](connector-azure-data-lake-storage.md), [Azure File Storage](connector-azure-file-storage.md), [File System](connector-file-system.md), [FTP](connector-ftp.md), [Google Cloud Storage](connector-google-cloud-storage.md), [HDFS](connector-hdfs.md), [Oracle Cloud Storage](connector-oracle-cloud-storage.md) and [SFTP](connector-sftp.md).
You can leverage the copy activity resume in the following two ways:
data-factory Delete Activity https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/data-factory/delete-activity.md
Here are some recommendations for using the Delete activity:
- [FTP](connector-ftp.md) - [SFTP](connector-sftp.md) - [Amazon S3](connector-amazon-simple-storage-service.md)
+- [Amazon S3 Compatible Storage](connector-amazon-s3-compatible-storage.md)
- [Google Cloud Storage](connector-google-cloud-storage.md)
+- [Oracle Cloud Storage](connector-oracle-cloud-storage.md)
- [HDFS](connector-hdfs.md) ## Syntax
data-factory Format Avro https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/data-factory/format-avro.md
Follow this article when you want to **parse the Avro files or write the data into Avro format**.
-Avro format is supported for the following connectors: [Amazon S3](connector-amazon-simple-storage-service.md), [Azure Blob](connector-azure-blob-storage.md), [Azure Data Lake Storage Gen1](connector-azure-data-lake-store.md), [Azure Data Lake Storage Gen2](connector-azure-data-lake-storage.md), [Azure File Storage](connector-azure-file-storage.md), [File System](connector-file-system.md), [FTP](connector-ftp.md), [Google Cloud Storage](connector-google-cloud-storage.md), [HDFS](connector-hdfs.md), [HTTP](connector-http.md), and [SFTP](connector-sftp.md).
+Avro format is supported for the following connectors: [Amazon S3](connector-amazon-simple-storage-service.md), [Amazon S3 Compatible Storage](connector-amazon-s3-compatible-storage.md), [Azure Blob](connector-azure-blob-storage.md), [Azure Data Lake Storage Gen1](connector-azure-data-lake-store.md), [Azure Data Lake Storage Gen2](connector-azure-data-lake-storage.md), [Azure File Storage](connector-azure-file-storage.md), [File System](connector-file-system.md), [FTP](connector-ftp.md), [Google Cloud Storage](connector-google-cloud-storage.md), [HDFS](connector-hdfs.md), [HTTP](connector-http.md), [Oracle Cloud Storage](connector-oracle-cloud-storage.md) and [SFTP](connector-sftp.md).
## Dataset properties
data-factory Format Binary https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/data-factory/format-binary.md
[!INCLUDE[appliesto-adf-asa-md](includes/appliesto-adf-asa-md.md)]
-Binary format is supported for the following connectors: [Amazon S3](connector-amazon-simple-storage-service.md), [Azure Blob](connector-azure-blob-storage.md), [Azure Data Lake Storage Gen1](connector-azure-data-lake-store.md), [Azure Data Lake Storage Gen2](connector-azure-data-lake-storage.md), [Azure File Storage](connector-azure-file-storage.md), [File System](connector-file-system.md), [FTP](connector-ftp.md), [Google Cloud Storage](connector-google-cloud-storage.md), [HDFS](connector-hdfs.md), [HTTP](connector-http.md), and [SFTP](connector-sftp.md).
+Binary format is supported for the following connectors: [Amazon S3](connector-amazon-simple-storage-service.md), [Amazon S3 Compatible Storage](connector-amazon-s3-compatible-storage.md), [Azure Blob](connector-azure-blob-storage.md), [Azure Data Lake Storage Gen1](connector-azure-data-lake-store.md), [Azure Data Lake Storage Gen2](connector-azure-data-lake-storage.md), [Azure File Storage](connector-azure-file-storage.md), [File System](connector-file-system.md), [FTP](connector-ftp.md), [Google Cloud Storage](connector-google-cloud-storage.md), [HDFS](connector-hdfs.md), [HTTP](connector-http.md), [Oracle Cloud Storage](connector-oracle-cloud-storage.md) and [SFTP](connector-sftp.md).
You can use Binary dataset in [Copy activity](copy-activity-overview.md), [GetMetadata activity](control-flow-get-metadata-activity.md), or [Delete activity](delete-activity.md). When using Binary dataset, ADF does not parse file content but treat it as-is.
data-factory Format Delimited Text https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/data-factory/format-delimited-text.md
Follow this article when you want to **parse the delimited text files or write the data into delimited text format**.
-Delimited text format is supported for the following connectors: [Amazon S3](connector-amazon-simple-storage-service.md), [Azure Blob](connector-azure-blob-storage.md), [Azure Data Lake Storage Gen1](connector-azure-data-lake-store.md), [Azure Data Lake Storage Gen2](connector-azure-data-lake-storage.md), [Azure File Storage](connector-azure-file-storage.md), [File System](connector-file-system.md), [FTP](connector-ftp.md), [Google Cloud Storage](connector-google-cloud-storage.md), [HDFS](connector-hdfs.md), [HTTP](connector-http.md), and [SFTP](connector-sftp.md).
+Delimited text format is supported for the following connectors: [Amazon S3](connector-amazon-simple-storage-service.md), [Amazon S3 Compatible Storage](connector-amazon-s3-compatible-storage.md), [Azure Blob](connector-azure-blob-storage.md), [Azure Data Lake Storage Gen1](connector-azure-data-lake-store.md), [Azure Data Lake Storage Gen2](connector-azure-data-lake-storage.md), [Azure File Storage](connector-azure-file-storage.md), [File System](connector-file-system.md), [FTP](connector-ftp.md), [Google Cloud Storage](connector-google-cloud-storage.md), [HDFS](connector-hdfs.md), [HTTP](connector-http.md), [Oracle Cloud Storage](connector-oracle-cloud-storage.md) and [SFTP](connector-sftp.md).
## Dataset properties
data-factory Format Excel https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/data-factory/format-excel.md
Follow this article when you want to **parse the Excel files**. Azure Data Factory supports both ".xls" and ".xlsx".
-Excel format is supported for the following connectors: [Amazon S3](connector-amazon-simple-storage-service.md), [Azure Blob](connector-azure-blob-storage.md), [Azure Data Lake Storage Gen1](connector-azure-data-lake-store.md), [Azure Data Lake Storage Gen2](connector-azure-data-lake-storage.md), [Azure File Storage](connector-azure-file-storage.md), [File System](connector-file-system.md), [FTP](connector-ftp.md), [Google Cloud Storage](connector-google-cloud-storage.md), [HDFS](connector-hdfs.md), [HTTP](connector-http.md), and [SFTP](connector-sftp.md). It is supported as source but not sink.
+Excel format is supported for the following connectors: [Amazon S3](connector-amazon-simple-storage-service.md), [Amazon S3 Compatible Storage](connector-amazon-s3-compatible-storage.md), [Azure Blob](connector-azure-blob-storage.md), [Azure Data Lake Storage Gen1](connector-azure-data-lake-store.md), [Azure Data Lake Storage Gen2](connector-azure-data-lake-storage.md), [Azure File Storage](connector-azure-file-storage.md), [File System](connector-file-system.md), [FTP](connector-ftp.md), [Google Cloud Storage](connector-google-cloud-storage.md), [HDFS](connector-hdfs.md), [HTTP](connector-http.md), [Oracle Cloud Storage](connector-oracle-cloud-storage.md) and [SFTP](connector-sftp.md). It is supported as source but not sink.
>[!NOTE] >".xls" format is not supported while using [HTTP](connector-http.md).
data-factory Format Json https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/data-factory/format-json.md
Follow this article when you want to **parse the JSON files or write the data into JSON format**.
-JSON format is supported for the following connectors: [Amazon S3](connector-amazon-simple-storage-service.md), [Azure Blob](connector-azure-blob-storage.md), [Azure Data Lake Storage Gen1](connector-azure-data-lake-store.md), [Azure Data Lake Storage Gen2](connector-azure-data-lake-storage.md), [Azure File Storage](connector-azure-file-storage.md), [File System](connector-file-system.md), [FTP](connector-ftp.md), [Google Cloud Storage](connector-google-cloud-storage.md), [HDFS](connector-hdfs.md), [HTTP](connector-http.md), and [SFTP](connector-sftp.md).
+JSON format is supported for the following connectors: [Amazon S3](connector-amazon-simple-storage-service.md), [Amazon S3 Compatible Storage](connector-amazon-s3-compatible-storage.md), [Azure Blob](connector-azure-blob-storage.md), [Azure Data Lake Storage Gen1](connector-azure-data-lake-store.md), [Azure Data Lake Storage Gen2](connector-azure-data-lake-storage.md), [Azure File Storage](connector-azure-file-storage.md), [File System](connector-file-system.md), [FTP](connector-ftp.md), [Google Cloud Storage](connector-google-cloud-storage.md), [HDFS](connector-hdfs.md), [HTTP](connector-http.md), [Oracle Cloud Storage](connector-oracle-cloud-storage.md) and [SFTP](connector-sftp.md).
## Dataset properties
data-factory Format Orc https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/data-factory/format-orc.md
Follow this article when you want to **parse the ORC files or write the data into ORC format**.
-ORC format is supported for the following connectors: [Amazon S3](connector-amazon-simple-storage-service.md), [Azure Blob](connector-azure-blob-storage.md), [Azure Data Lake Storage Gen1](connector-azure-data-lake-store.md), [Azure Data Lake Storage Gen2](connector-azure-data-lake-storage.md), [Azure File Storage](connector-azure-file-storage.md), [File System](connector-file-system.md), [FTP](connector-ftp.md), [Google Cloud Storage](connector-google-cloud-storage.md), [HDFS](connector-hdfs.md), [HTTP](connector-http.md), and [SFTP](connector-sftp.md).
+ORC format is supported for the following connectors: [Amazon S3](connector-amazon-simple-storage-service.md), [Amazon S3 Compatible Storage](connector-amazon-s3-compatible-storage.md), [Azure Blob](connector-azure-blob-storage.md), [Azure Data Lake Storage Gen1](connector-azure-data-lake-store.md), [Azure Data Lake Storage Gen2](connector-azure-data-lake-storage.md), [Azure File Storage](connector-azure-file-storage.md), [File System](connector-file-system.md), [FTP](connector-ftp.md), [Google Cloud Storage](connector-google-cloud-storage.md), [HDFS](connector-hdfs.md), [HTTP](connector-http.md), [Oracle Cloud Storage](connector-oracle-cloud-storage.md) and [SFTP](connector-sftp.md).
## Dataset properties
data-factory Format Parquet https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/data-factory/format-parquet.md
Follow this article when you want to **parse the Parquet files or write the data into Parquet format**.
-Parquet format is supported for the following connectors: [Amazon S3](connector-amazon-simple-storage-service.md), [Azure Blob](connector-azure-blob-storage.md), [Azure Data Lake Storage Gen1](connector-azure-data-lake-store.md), [Azure Data Lake Storage Gen2](connector-azure-data-lake-storage.md), [Azure File Storage](connector-azure-file-storage.md), [File System](connector-file-system.md), [FTP](connector-ftp.md), [Google Cloud Storage](connector-google-cloud-storage.md), [HDFS](connector-hdfs.md), [HTTP](connector-http.md), and [SFTP](connector-sftp.md).
+Parquet format is supported for the following connectors: [Amazon S3](connector-amazon-simple-storage-service.md), [Amazon S3 Compatible Storage](connector-amazon-s3-compatible-storage.md), [Azure Blob](connector-azure-blob-storage.md), [Azure Data Lake Storage Gen1](connector-azure-data-lake-store.md), [Azure Data Lake Storage Gen2](connector-azure-data-lake-storage.md), [Azure File Storage](connector-azure-file-storage.md), [File System](connector-file-system.md), [FTP](connector-ftp.md), [Google Cloud Storage](connector-google-cloud-storage.md), [HDFS](connector-hdfs.md), [HTTP](connector-http.md), [Oracle Cloud Storage](connector-oracle-cloud-storage.md) and [SFTP](connector-sftp.md).
## Dataset properties
data-factory Format Xml https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/data-factory/format-xml.md
Follow this article when you want to **parse the XML files**.
-XML format is supported for the following connectors: [Amazon S3](connector-amazon-simple-storage-service.md), [Azure Blob](connector-azure-blob-storage.md), [Azure Data Lake Storage Gen1](connector-azure-data-lake-store.md), [Azure Data Lake Storage Gen2](connector-azure-data-lake-storage.md), [Azure File Storage](connector-azure-file-storage.md), [File System](connector-file-system.md), [FTP](connector-ftp.md), [Google Cloud Storage](connector-google-cloud-storage.md), [HDFS](connector-hdfs.md), [HTTP](connector-http.md), and [SFTP](connector-sftp.md). It is supported as source but not sink.
+XML format is supported for the following connectors: [Amazon S3](connector-amazon-simple-storage-service.md), [Amazon S3 Compatible Storage](connector-amazon-s3-compatible-storage.md), [Azure Blob](connector-azure-blob-storage.md), [Azure Data Lake Storage Gen1](connector-azure-data-lake-store.md), [Azure Data Lake Storage Gen2](connector-azure-data-lake-storage.md), [Azure File Storage](connector-azure-file-storage.md), [File System](connector-file-system.md), [FTP](connector-ftp.md), [Google Cloud Storage](connector-google-cloud-storage.md), [HDFS](connector-hdfs.md), [HTTP](connector-http.md), [Oracle Cloud Storage](connector-oracle-cloud-storage.md) and [SFTP](connector-sftp.md). It is supported as source but not sink.
## Dataset properties
data-factory Parameterize Linked Services https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/data-factory/parameterize-linked-services.md
When authoring linked service on UI, Data Factory provides built-in parameteriz
- Amazon Redshift - Amazon S3
+- Amazon S3 Compatible Storage
- Azure Blob Storage - Azure Cosmos DB (SQL API) - Azure Data Lake Storage Gen2
When authoring linked service on UI, Data Factory provides built-in parameteriz
- Generic REST - MySQL - Oracle
+- Oracle Cloud Storage
- SQL Server For other linked service types that are not in above list, you can parameterize the linked service by editing the JSON on UI:
data-factory Policy Reference https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/data-factory/policy-reference.md
Previously updated : 05/04/2021 Last updated : 05/14/2021 # Azure Policy built-in definitions for Data Factory (Preview)
data-factory Supported File Formats And Compression Codecs https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/data-factory/supported-file-formats-and-compression-codecs.md
# Supported file formats and compression codecs by copy activity in Azure Data Factory [!INCLUDE[appliesto-adf-asa-md](includes/appliesto-adf-asa-md.md)]
-*This article applies to the following connectors: [Amazon S3](connector-amazon-simple-storage-service.md), [Azure Blob](connector-azure-blob-storage.md), [Azure Data Lake Storage Gen1](connector-azure-data-lake-store.md), [Azure Data Lake Storage Gen2](connector-azure-data-lake-storage.md), [Azure File Storage](connector-azure-file-storage.md), [File System](connector-file-system.md), [FTP](connector-ftp.md), [Google Cloud Storage](connector-google-cloud-storage.md), [HDFS](connector-hdfs.md), [HTTP](connector-http.md), and [SFTP](connector-sftp.md).*
+*This article applies to the following connectors: [Amazon S3](connector-amazon-simple-storage-service.md), [Amazon S3 Compatible Storage](connector-amazon-s3-compatible-storage.md), [Azure Blob](connector-azure-blob-storage.md), [Azure Data Lake Storage Gen1](connector-azure-data-lake-store.md), [Azure Data Lake Storage Gen2](connector-azure-data-lake-storage.md), [Azure File Storage](connector-azure-file-storage.md), [File System](connector-file-system.md), [FTP](connector-ftp.md), [Google Cloud Storage](connector-google-cloud-storage.md), [HDFS](connector-hdfs.md), [HTTP](connector-http.md), [Oracle Cloud Storage](connector-oracle-cloud-storage.md) and [SFTP](connector-sftp.md).*
[!INCLUDE [data-factory-v2-file-formats](includes/data-factory-v2-file-formats.md)]
data-lake-analytics Policy Reference https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/data-lake-analytics/policy-reference.md
Title: Built-in policy definitions for Azure Data Lake Analytics description: Lists Azure Policy built-in policy definitions for Azure Data Lake Analytics. These built-in policy definitions provide common approaches to managing your Azure resources. Previously updated : 05/04/2021 Last updated : 05/14/2021
data-lake-analytics Security Controls Policy https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/data-lake-analytics/security-controls-policy.md
Title: Azure Policy Regulatory Compliance controls for Azure Data Lake Analytics description: Lists Azure Policy Regulatory Compliance controls available for Azure Data Lake Analytics. These built-in policy definitions provide common approaches to managing the compliance of your Azure resources. Previously updated : 05/04/2021 Last updated : 05/14/2021
data-lake-store Policy Reference https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/data-lake-store/policy-reference.md
Title: Built-in policy definitions for Azure Data Lake Storage Gen1 description: Lists Azure Policy built-in policy definitions for Azure Data Lake Storage Gen1. These built-in policy definitions provide common approaches to managing your Azure resources. Previously updated : 05/04/2021 Last updated : 05/14/2021
data-lake-store Security Controls Policy https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/data-lake-store/security-controls-policy.md
Title: Azure Policy Regulatory Compliance controls for Azure Data Lake Storage Gen1 description: Lists Azure Policy Regulatory Compliance controls available for Azure Data Lake Storage Gen1. These built-in policy definitions provide common approaches to managing the compliance of your Azure resources. Previously updated : 05/04/2021 Last updated : 05/14/2021
databox-online Azure Stack Edge Gpu 2105 Release Notes https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/databox-online/azure-stack-edge-gpu-2105-release-notes.md
The following release notes identify the critical open issues and the resolved i
The release notes are continuously updated, and as critical issues requiring a workaround are discovered, they are added. Before you deploy your device, carefully review the information contained in the release notes.
-This article applies to the **Azure Stack Edge 2105** release, which maps to software version number **2.2.1592.3244**. This software can be applied to your device if you are running at least Azure Stack Edge 2010 (2.1.1377.2170) software.
+This article applies to the **Azure Stack Edge 2105** release, which maps to software version number **2.2.1593.3244**. This software can be applied to your device if you are running at least Azure Stack Edge 2010 (2.1.1377.2170) software.
## What's new
The following new features are available in the Azure Stack Edge 2105 release.
- IP forwarding also lets VMs send network traffic with a different source IP address than the one assigned to the IP configurations for the VM's network interface. For more information, see [Enable or disable IP forwarding](../virtual-network/virtual-network-network-interface.md#enable-or-disable-ip-forwarding).
+- **Kubernetes improvements** - In this release, several enhancements related to Kubernetes have been made.
+ - The following Kubernetes version updates are available:
+
+ - Kubernetes server version: v1.20.2
+ - IoT Edge version: 0.1.0-beta14
+ - Azure Arc enabled Kubernetes version: 1.1
+ - Azure Arc enabled Kubernetes now has support for various clouds, logging is improved and the cmdlet experience via the PowerShell interface has changed.
+ - Diagnostics and telemetry fixes have been made.
+ - Proactive log collection is enhanced for compute logs.
+ - **Support for Az cmdlets** - Starting this release, the Az cmdlets are available (in preview) when connecting to the local Azure Resource Manager of the device or when deploying VM workloads. For more information, see [Az cmdlets](/powershell/azure/new-azureps-module-az?view=azps-5.9.0&preserve-view=true). - **Enable remote PowerShell session over HTTP** - Starting this release, you can enable a remote PowerShell session into a device over *http* via the local UI. For more information, see how to [Enable Remote PowerShell over http](azure-stack-edge-gpu-manage-access-power-connectivity-mode.md#enable-device-access-via-remote-powershell-over-http) for your device.
databox-online Azure Stack Edge Gpu Deploy Virtual Machine Portal https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/databox-online/azure-stack-edge-gpu-deploy-virtual-machine-portal.md
Title: Deploy VMs on your Azure Stack Edge Pro via the Azure portal
-description: Learn how to create and manage VMs on your Azure Stack Edge Pro via the Azure portal.
+ Title: Deploy VMs on your Azure Stack Edge Pro GPU via the Azure portal
+description: Learn how to create and manage VMs on your Azure Stack Edge Pro GPU via the Azure portal.
Previously updated : 03/30/2021 Last updated : 05/14/2021
-# Customer intent: As an IT admin, I need to understand how to configure compute on an Azure Stack Edge Pro device so that I can use it to transform data before I send it to Azure.
+# Customer intent: As an IT admin, I need to understand how to configure compute on an Azure Stack Edge Pro GPU device so that I can use it to transform data before I send it to Azure.
# Deploy VMs on your Azure Stack Edge Pro GPU device via the Azure portal [!INCLUDE [applies-to-GPU-and-pro-r-and-mini-r-skus](../../includes/azure-stack-edge-applies-to-gpu-pro-r-mini-r-sku.md)]
-You can create and manage virtual machines (VMs) on an Azure Stack Edge device by using the Azure portal, templates, and Azure PowerShell cmdlets, and via the Azure CLI or Python scripts. This article describes how to create and manage a VM on your Azure Stack Edge device by using the Azure portal.
+You can create and manage virtual machines (VMs) on an Azure Stack Edge Pro GPU device by using the Azure portal, templates, and Azure PowerShell cmdlets, and via the Azure CLI or Python scripts. This article describes how to create and manage a VM on your Azure Stack Edge Pro GPU device by using the Azure portal.
> [!IMPORTANT] > We recommend that you enable multifactor authentication for the user who manages VMs that are deployed on your device from the cloud.
The high-level summary of the deployment workflow is as follows:
Before you begin to create and manage VMs on your device via the Azure portal, make sure that:
-1. You've completed the network settings on your Azure Stack Edge Pro device as described in [Step 1: Configure an Azure Stack Edge Pro device](./azure-stack-edge-gpu-connect-resource-manager.md#step-1-configure-azure-stack-edge-pro-device).
+1. You've completed the network settings on your Azure Stack Edge Pro GPU device as described in [Step 1: Configure an Azure Stack Edge Pro GPU device](./azure-stack-edge-gpu-connect-resource-manager.md#step-1-configure-azure-stack-edge-pro-device).
1. You've enabled a network interface for compute. This network interface IP is used to create a virtual switch for the VM deployment. In the local UI of your device, go to **Compute**. Select the network interface that you'll use to create a virtual switch. > [!IMPORTANT] > You can configure only one port for compute.
- 1. Enable compute on the network interface. Azure Stack Edge Pro creates and manages a virtual switch corresponding to that network interface.
+ 1. Enable compute on the network interface. Azure Stack Edge Pro GPU creates and manages a virtual switch corresponding to that network interface.
1. You have access to a Windows or Linux VHD that you'll use to create the VM image for the VM you intend to create. ## Deploy a VM
-Follow these steps to create a VM on your Azure Stack Edge device.
+Follow these steps to create a VM on your Azure Stack Edge Pro GPU device.
### Add a VM image
-1. Upload a VHD to an Azure Storage account. Follow the steps in [Upload a VHD by using Azure Storage Explorer](../devtest-labs/devtest-lab-upload-vhd-using-storage-explorer.md).
+1. Upload a VHD to an Azure Storage account. Follow the steps in [Use Storage Explorer for upload](azure-stack-edge-gpu-deploy-virtual-machine-templates.md#use-storage-explorer-for-upload).
-1. In the Azure portal, go to the Azure Stack Edge resource for your Azure Stack Edge device. Go to **Edge compute** > **Virtual machines**.
+ For information about preparing the VHD, see [Prepare a generalized image from a Windows VHD](azure-stack-edge-gpu-prepare-windows-vhd-generalized-image.md).
- ![Screenshot that shows Edge compute and Virtual machines.](media/azure-stack-edge-gpu-deploy-virtual-machine-portal/add-virtual-machine-image-1.png)
+1. In the Azure portal, go to the Azure Stack Edge resource for your device. Go to **Edge Services** > **Virtual machines**.
+
+ ![Screenshot that shows Edge Services and Virtual machines.](media/azure-stack-edge-gpu-deploy-virtual-machine-portal/add-virtual-machine-image-1.png)
1. Select **Virtual Machines** to go to the **Overview** page. Select **Enable** to enable virtual machine cloud management.
Follow these steps to create a VM after you've created a VM image.
![Screenshot that shows selecting the new VM.](media/azure-stack-edge-gpu-deploy-virtual-machine-portal/add-virtual-machine-page-1.png)
- Select the VM to see the details.
+ Select the VM to see the details.
![Screenshot that shows the VM details.](media/azure-stack-edge-gpu-deploy-virtual-machine-portal/add-virtual-machine-details-1.png)
+ You'll use the IP address for the network interface to connect to the VM.
+ ## Connect to a VM Depending on whether you created a Linux or Windows VM, the steps to connect can be different. You can't connect to the VMs deployed on your device via the Azure portal. Follow the steps to connect to your Linux or Windows VM.
Follow these steps to connect to a Windows VM.
## Next steps
-To learn how to administer your Azure Stack Edge Pro device, see [Use local web UI to administer an Azure Stack Edge Pro](azure-stack-edge-manage-access-power-connectivity-mode.md).
+To learn how to administer your Azure Stack Edge Pro GPU device, see [Use local web UI to administer an Azure Stack Edge Pro GPU](azure-stack-edge-manage-access-power-connectivity-mode.md).
databox-online Azure Stack Edge Gpu Deploy Virtual Machine Powershell https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/databox-online/azure-stack-edge-gpu-deploy-virtual-machine-powershell.md
Previously updated : 02/22/2021 Last updated : 05/13/2021 #Customer intent: As an IT admin, I need to understand how to create and manage virtual machines (VMs) on my Azure Stack Edge Pro device. I want to use APIs so that I can efficiently manage my VMs.
To connect to a Linux VM, do the following:
[!INCLUDE [azure-stack-edge-gateway-connect-vm](../../includes/azure-stack-edge-gateway-connect-virtual-machine-linux.md)]
+ If you used a public IP address during the VM creation, you can use that IP to connect to the VM. To get the public IP, run the following command:
+
+ ```powershell
+ $publicIp = Get-AzureRmPublicIpAddress -Name <Public IP> -ResourceGroupName <Resource group name>
+ ```
+ In this instance, the public IP is the same as the private IP that you passed during the creation of the virtual network interface.
+ ### Connect to a Windows VM To connect to a Windows VM, do the following:
databox-online Azure Stack Edge Gpu Install Update https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/databox-online/azure-stack-edge-gpu-install-update.md
The procedure described in this article was performed using a different version
> [!IMPORTANT] > - Update **2105** is the current update and corresponds to:
-> - Device software version - **2.2.1592.3244**
+> - Device software version - **2.2.1593.3244**
> - Kubernetes server version - **v1.20.2** > - IoT Edge version: **0.1.0-beta14** > - GPU driver version: **460.32.03**
databox-online Policy Reference https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/databox-online/policy-reference.md
Title: Built-in policy definitions for Azure Stack Edge description: Lists Azure Policy built-in policy definitions for Azure Stack Edge. These built-in policy definitions provide common approaches to managing your Azure resources. Previously updated : 05/04/2021 Last updated : 05/14/2021
databox Policy Reference https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/databox/policy-reference.md
Title: Built-in policy definitions for Azure Data Box description: Lists Azure Policy built-in policy definitions for Azure Data Box. These built-in policy definitions provide common approaches to managing your Azure resources. Previously updated : 05/04/2021 Last updated : 05/14/2021
databox Security Controls Policy https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/databox/security-controls-policy.md
Title: Azure Policy Regulatory Compliance controls for Azure Data Box description: Lists Azure Policy Regulatory Compliance controls available for Azure Data Box. These built-in policy definitions provide common approaches to managing the compliance of your Azure resources. Previously updated : 05/04/2021 Last updated : 05/14/2021
ddos-protection Diagnostic Logging https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/ddos-protection/diagnostic-logging.md
The following table lists the field names and descriptions:
## Enable diagnostic logging on all public IPs
-This [template](https://aka.ms/ddosdiaglogs) creates an Azure Policy definition to automatically enable diagnostic logging on all public IP logs in a defined scope.
-
-[![Deploy to Azure](../media/template-deployments/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Network-Security%2Fmaster%2FAzure%20DDoS%20Protection%2FPolicy%20-%20DDOS%20Enable%20Diagnostic%20Logging%2FAzure%20Policy%2FDDoSLogs.json)
+This [built-in policy](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F752154a7-1e0f-45c6-a880-ac75a7e4f648) automatically enables diagnostic logging on all public IP logs in a defined scope. See [Azure Policy built-in definitions for Azure DDoS Protection Standard](policy-reference.md) for full list of built-in policies.
## View log data in workbooks
ddos-protection Manage Ddos Protection https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/ddos-protection/manage-ddos-protection.md
You cannot move a virtual network to another resource group or subscription when
### Enable DDoS protection for all virtual networks
-This [policy](https://aka.ms/ddosvnetpolicy) will detect any virtual networks in a defined scope that do not have DDoS Protection Standard enabled, then optionally create a remediation task that will create the association to protect the VNet. For detailed step-by-step instructions on how to deploy this policy, see https://aka.ms/ddosvnetpolicy-techcommunity.
+This [built-in policy](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F94de2ad3-e0c1-4caf-ad78-5d47bbc83d3d) will detect any virtual networks in a defined scope that do not have DDoS Protection Standard enabled, then optionally create a remediation task that will create the association to protect the VNet. See [Azure Policy built-in definitions for Azure DDoS Protection Standard](policy-reference.md) for full list of built-in policies.
## Validate and test
ddos-protection Policy Reference https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/ddos-protection/policy-reference.md
ms.devlang: na na Previously updated : 05/04/2021 Last updated : 05/14/2021
dev-spaces Migrate To Bridge To Kubernetes https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/dev-spaces/migrate-to-bridge-to-kubernetes.md
keywords: "Azure Dev Spaces, Dev Spaces, Docker, Kubernetes, Azure, AKS, Azure K
# Migrating to Bridge to Kubernetes > [!IMPORTANT]
-> Azure Dev Spaces will be retired on October 31, 2023. Customers should move to using Bridge to Kubernetes, a client developer tool.
+> Azure Dev Spaces is retired as of May 15, 2021. Customers should use Bridge to Kubernetes, a client developer tool.
> > The purpose of Azure Dev Spaces was about easing users into developing on Kubernetes. A significant tradeoff in the approach of Azure Dev Spaces was putting extra burden on users to understand Docker and Kubernetes configurations as well as Kubernetes deployment concepts. Over time, it also became clear that the approach of Azure Dev Spaces did not effectively decrease the speed of inner loop development on Kubernetes. Bridge to Kubernetes effectively decreases the speed of inner loop development and avoids unnecessary burden on users. >
digital-twins Concepts Apis Sdks https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/digital-twins/concepts-apis-sdks.md
The most current control plane API version is _**2020-12-01**_.
To use the control plane APIs: * You can call the APIs directly by referencing the latest Swagger folder in the [control plane Swagger repo](https://github.com/Azure/azure-rest-api-specs/tree/master/specification/digitaltwins/resource-manager/Microsoft.DigitalTwins/stable). This folder also includes a folder of examples that show the usage. * You can currently access SDKs for control APIs in...
- - [.NET (C#)](https://www.nuget.org/packages/Microsoft.Azure.Management.DigitalTwins/) ([reference [auto-generated]](/dotnet/api/overview/azure/digitaltwins/management)) ([source](https://github.com/Azure/azure-sdk-for-net/tree/master/sdk/digitaltwins/Microsoft.Azure.Management.DigitalTwins))
- - [Java](https://search.maven.org/search?q=a:azure-mgmt-digitaltwins) ([reference [auto-generated]](/java/api/overview/azure/digitaltwins)) ([source](https://github.com/Azure/azure-sdk-for-java/tree/master/sdk/digitaltwins))
+ - [.NET (C#)](https://www.nuget.org/packages/Microsoft.Azure.Management.DigitalTwins/) ([reference [auto-generated]](/dotnet/api/overview/azure/digitaltwins/management?view=azure-dotnet&preserve-view=true)) ([source](https://github.com/Azure/azure-sdk-for-net/tree/master/sdk/digitaltwins/Microsoft.Azure.Management.DigitalTwins))
+ - [Java](https://search.maven.org/search?q=a:azure-mgmt-digitaltwins) ([reference [auto-generated]](/java/api/overview/azure/digitaltwins?view=azure-java-stable&preserve-view=true)) ([source](https://github.com/Azure/azure-sdk-for-java/tree/master/sdk/digitaltwins))
- [JavaScript](https://www.npmjs.com/package/@azure/arm-digitaltwins) ([source](https://github.com/Azure/azure-sdk-for-js/tree/master/sdk/digitaltwins/arm-digitaltwins)) - [Python](https://pypi.org/project/azure-mgmt-digitaltwins/) ([source](https://github.com/Azure/azure-sdk-for-python/tree/release/v3/sdk/digitaltwins/azure-mgmt-digitaltwins)) - [Go](https://pkg.go.dev/github.com/Azure/azure-sdk-for-go/services/digitaltwins/mgmt) ([source](https://github.com/Azure/azure-sdk-for-go/tree/master/services/digitaltwins/mgmt))
To use the data plane APIs:
- viewing the [API reference documentation](/rest/api/azure-digitaltwins/). * You can use the **.NET (C#) SDK**. To use the .NET SDK... - you can view and add the package from NuGet: [Azure.DigitalTwins.Core](https://www.nuget.org/packages/Azure.DigitalTwins.Core).
- - you can view the [SDK reference documentation](/dotnet/api/overview/azure/digitaltwins/client).
+ - you can view the [SDK reference documentation](/dotnet/api/overview/azure/digitaltwins/client?view=azure-dotnet&preserve-view=true).
- you can find the SDK source, including a folder of samples, in GitHub: [Azure IoT Digital Twins client library for .NET](https://github.com/Azure/azure-sdk-for-net/tree/master/sdk/digitaltwins/Azure.DigitalTwins.Core). - you can see detailed information and usage examples by continuing to the [.NET (C#) SDK (data plane)](#net-c-sdk-data-plane) section of this article. * You can use the **Java SDK**. To use the Java SDK... - you can view and install the package from Maven: [`com.azure:azure-digitaltwins-core`](https://search.maven.org/artifact/com.azure/azure-digitaltwins-core/1.0.0/jar)
- - you can view the [SDK reference documentation](/java/api/overview/azure/digitaltwins/client)
+ - you can view the [SDK reference documentation](/java/api/overview/azure/digitaltwins/client?view=azure-java-stable&preserve-view=true)
- you can find the SDK source in GitHub: [Azure IoT Digital Twins client library for Java](https://github.com/Azure/azure-sdk-for-java/tree/master/sdk/digitaltwins/azure-digitaltwins-core) * You can use the **JavaScript SDK**. To use the JavaScript SDK... - you can view and install the package from npm: [Azure Azure Digital Twins Core client library for JavaScript](https://www.npmjs.com/package/@azure/digital-twins-core).
- - you can view the [SDK reference documentation](/javascript/api/@azure/digital-twins-core/).
+ - you can view the [SDK reference documentation](/javascript/api/@azure/digital-twins-core/?view=azure-node-latest&preserve-view=true).
- you can find the SDK source in GitHub: [Azure Azure Digital Twins Core client library for JavaScript](https://github.com/Azure/azure-sdk-for-js/tree/master/sdk/digitaltwins/digital-twins-core) * You can use the **Python SDK**. To use the Python SDK... - you can view and install the package from PyPi: [Azure Azure Digital Twins Core client library for Python](https://pypi.org/project/azure-digitaltwins-core/).
- - you can view the [SDK reference documentation](/python/api/azure-digitaltwins-core/azure.digitaltwins.core).
+ - you can view the [SDK reference documentation](/python/api/azure-digitaltwins-core/azure.digitaltwins.core?view=azure-python&preserve-view=true).
- you can find the SDK source in GitHub: [Azure Azure Digital Twins Core client library for Python](https://github.com/Azure/azure-sdk-for-python/tree/master/sdk/digitaltwins/azure-digitaltwins-core) You can also exercise date plane APIs by interacting with Azure Digital Twins through the [CLI](concepts-cli.md).
The Azure Digital Twins .NET (C#) SDK is part of the Azure SDK for .NET. It is o
> For more information on SDK design, see the general [design principles for Azure SDKs](https://azure.github.io/azure-sdk/general_introduction.html) and the specific [.NET design guidelines](https://azure.github.io/azure-sdk/dotnet_introduction.html). To use the SDK, include the NuGet package **Azure.DigitalTwins.Core** with your project. You will also need the latest version of the **Azure.Identity** package. In Visual Studio, you can add these packages using the NuGet Package Manager (accessed through *Tools > NuGet Package Manager > Manage NuGet Packages for Solution*). Alternatively, you can use the .NET command line tool with the commands found in the NuGet package links below to add these to your project:
-* [Azure.DigitalTwins.Core](https://www.nuget.org/packages/Azure.DigitalTwins.Core). This is the package for the [Azure Digital Twins SDK for .NET](/dotnet/api/overview/azure/digitaltwins/client).
+* [Azure.DigitalTwins.Core](https://www.nuget.org/packages/Azure.DigitalTwins.Core). This is the package for the [Azure Digital Twins SDK for .NET](/dotnet/api/overview/azure/digitaltwins/client?view=azure-dotnet&preserve-view=true).
* [Azure.Identity](https://www.nuget.org/packages/Azure.Identity). This library provides tools to help with authentication against Azure. For a detailed walk-through of using the APIs in practice, see the [Tutorial: Code a client app](tutorial-code.md).
Update calls for twins and relationships use [JSON Patch](http://jsonpatch.com/)
The following list provides additional detail and general guidelines for using the APIs and SDKs. * You can use an HTTP REST-testing tool like Postman to make direct calls to the Azure Digital Twins APIs. For more information about this process, see [How-to: Make requests with Postman](how-to-use-postman.md).
-* To use the SDK, instantiate the `DigitalTwinsClient` class. The constructor requires credentials that can be obtained with a variety of authentication methods in the `Azure.Identity` package. For more on `Azure.Identity`, see its [namespace documentation](/dotnet/api/azure.identity).
-* You may find the `InteractiveBrowserCredential` useful while getting started, but there are several other options, including credentials for [managed identity](/dotnet/api/azure.identity.interactivebrowsercredential), which you will likely use to authenticate [Azure functions set up with MSI](../app-service/overview-managed-identity.md?tabs=dotnet) against Azure Digital Twins. For more about `InteractiveBrowserCredential`, see its [class documentation](/dotnet/api/azure.identity.interactivebrowsercredential).
+* To use the SDK, instantiate the `DigitalTwinsClient` class. The constructor requires credentials that can be obtained with a variety of authentication methods in the `Azure.Identity` package. For more on `Azure.Identity`, see its [namespace documentation](/dotnet/api/azure.identity?view=azure-dotnet&preserve-view=true).
+* You may find the `InteractiveBrowserCredential` useful while getting started, but there are several other options, including credentials for [managed identity](/dotnet/api/azure.identity.interactivebrowsercredential?view=azure-dotnet&preserve-view=true), which you will likely use to authenticate [Azure functions set up with MSI](../app-service/overview-managed-identity.md?tabs=dotnet) against Azure Digital Twins. For more about `InteractiveBrowserCredential`, see its [class documentation](/dotnet/api/azure.identity.interactivebrowsercredential?view=azure-dotnet&preserve-view=true).
* Requests to the Azure Digital Twins APIs require a user or service principal that is a part of the same [Azure Active Directory](../active-directory/fundamentals/active-directory-whatis.md) (Azure AD) tenant where the Azure Digital Twins instance resides. To prevent malicious scanning of Azure Digital Twins endpoints, requests with access tokens from outside the originating tenant will be returned a "404 Sub-Domain not found" error message. This error will be returned *even if* the user or service principal was given an Azure Digital Twins Data Owner or Azure Digital Twins Data Reader role through [Azure AD B2B](../active-directory/external-identities/what-is-b2b.md) collaboration. For information on how to achieve access across multiple tenants, see [How-to: Write app authentication code](how-to-authenticate-client.md#authenticate-across-tenants). * All service API calls are exposed as member functions on the `DigitalTwinsClient` class. * All service functions exist in synchronous and asynchronous versions.
-* All service functions throw an exception for any return status of 400 or above. Make sure you wrap calls into a `try` section, and catch at least `RequestFailedExceptions`. For more about this type of exception, see [here](/dotnet/api/azure.requestfailedexception).
-* Most service methods return `Response<T>` or (`Task<Response<T>>` for the asynchronous calls), where `T` is the class of return object for the service call. The [`Response`](/dotnet/api/azure.response-1) class encapsulates the service return and presents return values in its `Value` field.
-* Service methods with paged results return `Pageable<T>` or `AsyncPageable<T>` as results. For more about the `Pageable<T>` class, see [here](/dotnet/api/azure.pageable-1); for more about `AsyncPageable<T>`, see [here](/dotnet/api/azure.asyncpageable-1).
-* You can iterate over paged results using an `await foreach` loop. For more about this process, see [here](/archive/msdn-magazine/2019/november/csharp-iterating-with-async-enumerables-in-csharp-8).
-* The underlying SDK is `Azure.Core`. See the [Azure namespace documentation](/dotnet/api/azure) for reference on the SDK infrastructure and types.
+* All service functions throw an exception for any return status of 400 or above. Make sure you wrap calls into a `try` section, and catch at least `RequestFailedExceptions`. For more about this type of exception, see its [reference documentation](/dotnet/api/azure.requestfailedexception?view=azure-dotnet&preserve-view=true).
+* Most service methods return `Response<T>` or (`Task<Response<T>>` for the asynchronous calls), where `T` is the class of return object for the service call. The [Response](/dotnet/api/azure.response-1?view=azure-dotnet&preserve-view=true) class encapsulates the service return and presents return values in its `Value` field.
+* Service methods with paged results return `Pageable<T>` or `AsyncPageable<T>` as results. For more about the `Pageable<T>` class, see its [reference documentation](/dotnet/api/azure.pageable-1?view=azure-dotnet&preserve-view=true); for more about `AsyncPageable<T>`, see its [reference documentation](/dotnet/api/azure.asyncpageable-1?view=azure-dotnet&preserve-view=true).
+* You can iterate over paged results using an `await foreach` loop. For more about this process, see the [relevant documentation](/archive/msdn-magazine/2019/november/csharp-iterating-with-async-enumerables-in-csharp-8).
+* The underlying SDK is `Azure.Core`. See the [Azure namespace documentation](/dotnet/api/azure?view=azure-dotnet&preserve-view=true) for reference on the SDK infrastructure and types.
Service methods return strongly-typed objects wherever possible. However, because Azure Digital Twins is based on models custom-configured by the user at runtime (via DTDL models uploaded to the service), many service APIs take and return twin data in JSON format.
digital-twins Concepts Cli https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/digital-twins/concepts-cli.md
In addition to managing your Azure Digital Twins instance in the Azure portal, A
* Managing [routes](concepts-route-events.md) * Configuring [security](concepts-security.md) via Azure role-based access control (Azure RBAC)
-The command set is called **az dt**, and is part of the [Azure IoT extension for Azure CLI](https://github.com/Azure/azure-iot-cli-extension). You can view the full list of commands and their usage as part of the reference documentation for the `az iot` command set: [az dt command reference](/cli/azure/dt).
+The command set is called **az dt**, and is part of the [Azure IoT extension for Azure CLI](https://github.com/Azure/azure-iot-cli-extension). You can view the full list of commands and their usage as part of the reference documentation for the `az iot` command set: [az dt command reference](/cli/azure/dt?view=azure-cli-latest&preserve-view=true).
## Uses (deploy and validate)
az extension add --upgrade --name azure-iot
## Next steps Explore the CLI and its full set of commands through the reference docs:
-* [az dt command reference](/cli/azure/dt)
+* [az dt command reference](/cli/azure/dt?view=azure-cli-latest&preserve-view=true)
digital-twins Concepts Route Events https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/digital-twins/concepts-route-events.md
The endpoint APIs that are available in control plane are:
To create an event route, you can use the Azure Digital Twins [REST APIs, CLI commands](how-to-manage-routes-apis-cli.md#create-an-event-route), or the [Azure portal](how-to-manage-routes-portal.md#create-an-event-route).
-Here is an example of creating an event route within a client application, using the `CreateOrReplaceEventRouteAsync` [.NET (C#) SDK](/dotnet/api/overview/azure/digitaltwins/client) call:
+Here is an example of creating an event route within a client application, using the `CreateOrReplaceEventRouteAsync` [.NET (C#) SDK](/dotnet/api/overview/azure/digitaltwins/client?view=azure-dotnet&preserve-view=true) call:
:::code language="csharp" source="~/digital-twins-docs-samples/sdks/csharp/eventRoute_operations.cs" id="CreateEventRoute":::
digital-twins How To Authenticate Client https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/digital-twins/how-to-authenticate-client.md
After you [set up an Azure Digital Twins instance and authentication](how-to-set
Azure Digital Twins performs authentication using [Azure AD Security Tokens based on OAUTH 2.0](../active-directory/develop/security-tokens.md#json-web-tokens-and-claims). To authenticate your SDK, you'll need to get a bearer token with the right permissions to Azure Digital Twins, and pass it along with your API calls.
-This article describes how to obtain credentials using the `Azure.Identity` client library. While this article shows code examples in C#, such as what you'd write for the [.NET (C#) SDK](/dotnet/api/overview/azure/digitaltwins/client), you can use a version of `Azure.Identity` regardless of what SDK you're using (for more on the SDKs available for Azure Digital Twins, see [Concepts: Azure Digital Twins APIs and SDKs](concepts-apis-sdks.md)).
+This article describes how to obtain credentials using the `Azure.Identity` client library. While this article shows code examples in C#, such as what you'd write for the [.NET (C#) SDK](/dotnet/api/overview/azure/digitaltwins/client?view=azure-dotnet&preserve-view=true), you can use a version of `Azure.Identity` regardless of what SDK you're using (for more on the SDKs available for Azure Digital Twins, see [Concepts: Azure Digital Twins APIs and SDKs](concepts-apis-sdks.md)).
## Prerequisites
To proceed, you will need a client app project in which you write your code. If
`Azure.Identity` is a client library that provides several credential-obtaining methods that you can use to get a bearer token and authenticate with your SDK. Although this article gives examples in C#, you can view `Azure.Identity` for several languages, including...
-* [.NET (C#)](/dotnet/api/azure.identity)
-* [Java](/java/api/overview/azure/identity-readme)
-* [JavaScript](/javascript/api/overview/azure/identity-readme)
-* [Python](/python/api/overview/azure/identity-readme)
+* [.NET (C#)](/dotnet/api/azure.identity?view=azure-dotnet&preserve-view=true)
+* [Java](/java/api/overview/azure/identity-readme?view=azure-java-stable&preserve-view=true)
+* [JavaScript](/javascript/api/overview/azure/identity-readme?view=azure-node-latest&preserve-view=true)
+* [Python](/python/api/overview/azure/identity-readme?view=azure-python&preserve-view=true)
Three common credential-obtaining methods in `Azure.Identity` are:
-* [DefaultAzureCredential](/dotnet/api/azure.identity.defaultazurecredential) provides a default `TokenCredential` authentication flow for applications that will be deployed to Azure, and is **the recommended choice for local development**. It also can be enabled to try the other two methods recommended in this article; it wraps `ManagedIdentityCredential` and can access `InteractiveBrowserCredential` with a configuration variable.
-* [ManagedIdentityCredential](/dotnet/api/azure.identity.managedidentitycredential) works great in cases where you need [managed identities (MSI)](../active-directory/managed-identities-azure-resources/overview.md), and is a good candidate for working with Azure Functions and deploying to Azure services.
-* [InteractiveBrowserCredential](/dotnet/api/azure.identity.interactivebrowsercredential) is intended for interactive applications, and can be used to create an authenticated SDK client
+* [DefaultAzureCredential](/dotnet/api/azure.identity.defaultazurecredential?view=azure-dotnet&preserve-view=true) provides a default `TokenCredential` authentication flow for applications that will be deployed to Azure, and is **the recommended choice for local development**. It also can be enabled to try the other two methods recommended in this article; it wraps `ManagedIdentityCredential` and can access `InteractiveBrowserCredential` with a configuration variable.
+* [ManagedIdentityCredential](/dotnet/api/azure.identity.managedidentitycredential?view=azure-dotnet&preserve-view=true) works great in cases where you need [managed identities (MSI)](../active-directory/managed-identities-azure-resources/overview.md), and is a good candidate for working with Azure Functions and deploying to Azure services.
+* [InteractiveBrowserCredential](/dotnet/api/azure.identity.interactivebrowsercredential?view=azure-dotnet&preserve-view=true) is intended for interactive applications, and can be used to create an authenticated SDK client
The following example shows how to use each of these with the .NET (C#) SDK.
Then, add code to obtain credentials using one of the methods in `Azure.Identity
### DefaultAzureCredential method
-[DefaultAzureCredential](/dotnet/api/azure.identity.defaultazurecredential) provides a default `TokenCredential` authentication flow for applications that will be deployed to Azure, and is **the recommended choice for local development**.
+[DefaultAzureCredential](/dotnet/api/azure.identity.defaultazurecredential?view=azure-dotnet&preserve-view=true) provides a default `TokenCredential` authentication flow for applications that will be deployed to Azure, and is **the recommended choice for local development**.
To use the default Azure credentials, you'll need the Azure Digital Twins instance's URL ([instructions to find](how-to-set-up-instance-portal.md#verify-success-and-collect-important-values)).
Here is a code sample to add a `DefaultAzureCredential` to your project:
### ManagedIdentityCredential method
-The [ManagedIdentityCredential](/dotnet/api/azure.identity.managedidentitycredential) method works great in cases where you need [managed identities (MSI)](../active-directory/managed-identities-azure-resources/overview.md)ΓÇöfor example, when working with Azure Functions.
+The [ManagedIdentityCredential](/dotnet/api/azure.identity.managedidentitycredential?view=azure-dotnet&preserve-view=true) method works great in cases where you need [managed identities (MSI)](../active-directory/managed-identities-azure-resources/overview.md)ΓÇöfor example, when working with Azure Functions.
This means that you may use `ManagedIdentityCredential` in the same project as `DefaultAzureCredential` or `InteractiveBrowserCredential`, to authenticate a different part of the project.
In an Azure function, you can use the managed identity credentials like this:
### InteractiveBrowserCredential method
-The [InteractiveBrowserCredential](/dotnet/api/azure.identity.interactivebrowsercredential) method is intended for interactive applications and will bring up a web browser for authentication. You can use this instead of `DefaultAzureCredential` in cases where you require interactive authentication.
+The [InteractiveBrowserCredential](/dotnet/api/azure.identity.interactivebrowsercredential?view=azure-dotnet&preserve-view=true) method is intended for interactive applications and will bring up a web browser for authentication. You can use this instead of `DefaultAzureCredential` in cases where you require interactive authentication.
To use the interactive browser credentials, you will need an **app registration** that has permissions to the Azure Digital Twins APIs. For steps on how to set up this app registration, see [How-to: Create an app registration](how-to-create-app-registration.md). Once the app registration is set up, you'll need... * the app registration's *Application (client) ID* ([instructions to find](how-to-create-app-registration.md#collect-client-id-and-tenant-id))
digital-twins How To Create Azure Function https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/digital-twins/how-to-create-azure-function.md
After your function app is created, Visual Studio generates a code sample in a *
## Write a function that has an Event Grid trigger
-You can write a function by adding an SDK to your function app. The function app interacts with Azure Digital Twins by using the [Azure Digital Twins SDK for .NET (C#)](/dotnet/api/overview/azure/digitaltwins/client).
+You can write a function by adding an SDK to your function app. The function app interacts with Azure Digital Twins by using the [Azure Digital Twins SDK for .NET (C#)](/dotnet/api/overview/azure/digitaltwins/client?view=azure-dotnet&preserve-view=true).
To use the SDK, you'll need to include the following packages in your project. Install the packages by using the Visual Studio NuGet package manager. Or add the packages by using `dotnet` in a command-line tool.
digital-twins How To Enable Managed Identities Cli https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/digital-twins/how-to-enable-managed-identities-cli.md
az dt create --dt-name {instance_name} --resource-group {resource_group} --assig
For more examples of role assignments with this command, see the [az dt create reference documentation](/cli/azure/dt#az_dt_create).
-Alternatively, you can also use the [az role assignment](/cli/azure/role/assignment) command group to create and manage roles. This can be used to support additional scenarios where you don't want to group role assignment with the create command.
+Alternatively, you can also use the [az role assignment](/cli/azure/role/assignment?view=azure-cli-latest&preserve-view=true) command group to create and manage roles. This can be used to support additional scenarios where you don't want to group role assignment with the create command.
## Create an endpoint with identity-based authentication
After setting up a system-managed identity for your Azure Digital Twins instance
>[!NOTE] > You cannot edit an endpoint that has already been created with key-based identity to change to identity-based authentication. You must choose the authentication type when the endpoint is first created.
-This is done by adding a `--auth-type` parameter to the `az dt endpoint create` command that's used to create the endpoint. (For more information about this command, see its [reference documentation](/cli/azure/dt/endpoint/create) or the [general instructions for setting up an Azure Digital Twins endpoint](how-to-manage-routes-apis-cli.md#create-the-endpoint)).
+This is done by adding a `--auth-type` parameter to the `az dt endpoint create` command that's used to create the endpoint. (For more information about this command, see its [reference documentation](/cli/azure/dt/endpoint/create?view=azure-cli-latest&preserve-view=true) or the [general instructions for setting up an Azure Digital Twins endpoint](how-to-manage-routes-apis-cli.md#create-the-endpoint)).
To create an endpoint that uses identity-based authentication, specify the `IdentityBased` authentication type with the `--auth-type` parameter. The example below illustrates this for an Event Hubs endpoint.
digital-twins How To Enable Private Link Cli https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/digital-twins/how-to-enable-private-link-cli.md
When using the [Azure CLI](/cli/azure/what-is-azure-cli), you can set up private
### Add a private endpoint to an existing instance
-To create a private endpoint and link it to an Azure Digital Twins instance, use the [az network private-endpoint create](/cli/azure/network/private-endpoint#az_network_private_endpoint_create) command. Identify the Azure Digital Twins instance by using its fully qualified ID in the `--private-connection-resource-id` parameter.
+To create a private endpoint and link it to an Azure Digital Twins instance, use the [az network private-endpoint create](/cli/azure/network/private-endpoint?view=azure-cli-latest&preserve-view=true#az_network_private_endpoint_create) command. Identify the Azure Digital Twins instance by using its fully qualified ID in the `--private-connection-resource-id` parameter.
Here is an example that uses the command to create a private endpoint, with only the required parameters.
Here is an example that uses the command to create a private endpoint, with only
az network private-endpoint create --connection-name {private_link_service_connection} --name {name_for_private_endpoint} --resource-group {resource_group} --subnet {subnet_ID} --private-connection-resource-id "/subscriptions/{subscription_ID}/resourceGroups/{resource_group}/providers/Microsoft.DigitalTwins/digitalTwinsInstances/{Azure_Digital_Twins_instance_name}" ```
-For a full list of required and optional parameters, as well as more private endpoint creation examples, see the [az network private-endpoint create reference documentation](/cli/azure/network/private-endpoint#az_network_private_endpoint_create).
+For a full list of required and optional parameters, as well as more private endpoint creation examples, see the [az network private-endpoint create reference documentation](/cli/azure/network/private-endpoint?view=azure-cli-latest&preserve-view=true#az_network_private_endpoint_create).
### Manage private endpoint connections on the instance
-Once a private endpoint has been created for your Azure Digital Twins instance, you can use the [az dt network private-endpoint connection](/cli/azure/dt/network/private-endpoint/connection) commands to continue managing private endpoint **connections** with respect to the instance. Operations include:
+Once a private endpoint has been created for your Azure Digital Twins instance, you can use the [az dt network private-endpoint connection](/cli/azure/dt/network/private-endpoint/connection?view=azure-cli-latest&preserve-view=true) commands to continue managing private endpoint **connections** with respect to the instance. Operations include:
* Show a private endpoint connection * Set the state of the private-endpoint connection * Delete the private-endpoint connection * List all the private-endpoint connections for an instance
-For more information and examples, see the [az dt network private-endpoint reference documentation](/cli/azure/dt/network/private-endpoint).
+For more information and examples, see the [az dt network private-endpoint reference documentation](/cli/azure/dt/network/private-endpoint?view=azure-cli-latest&preserve-view=true).
### Manage other Private Link information on an Azure Digital Twins instance
-You can get additional information about the Private Link status of your instance with the [az dt network private-link](/cli/azure/dt/network/private-link) commands. Operations include:
+You can get additional information about the Private Link status of your instance with the [az dt network private-link](/cli/azure/dt/network/private-link?view=azure-cli-latest&preserve-view=true) commands. Operations include:
* List private links associated with an Azure Digital Twins instance * Show a private link associated with the instance
-For more information and examples, see the [az dt network private-link reference documentation](/cli/azure/dt/network/private-link).
+For more information and examples, see the [az dt network private-link reference documentation](/cli/azure/dt/network/private-link?view=azure-cli-latest&preserve-view=true).
## Disable / enable public network access flags
This article shows how to update the value of the network flag using either the
### Use the Azure CLI
-In the Azure CLI, you can disable or enable public network access by adding a `--public-network-access` parameter to the `az dt create` command. While this command can also be used to create a new instance, you can use it to edit the properties of an existing instance by providing it the name of an instance that already exists. (For more information about this command, see its [reference documentation](/cli/azure/dt#az_dt_create) or the [general instructions for setting up an Azure Digital Twins instance](how-to-set-up-instance-cli.md#create-the-azure-digital-twins-instance)).
+In the Azure CLI, you can disable or enable public network access by adding a `--public-network-access` parameter to the `az dt create` command. While this command can also be used to create a new instance, you can use it to edit the properties of an existing instance by providing it the name of an instance that already exists. (For more information about this command, see its [reference documentation](/cli/azure/dt?view=azure-cli-latest&preserve-view=true#az_dt_create) or the [general instructions for setting up an Azure Digital Twins instance](how-to-set-up-instance-cli.md#create-the-azure-digital-twins-instance)).
To **disable** public network access for an Azure Digital Twins instance, use the `--public-network-access` parameter like this:
digital-twins How To Integrate Azure Signalr https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/digital-twins/how-to-integrate-azure-signalr.md
This will open a browser window running the sample app, which displays a visual
If you no longer need the resources created in this article, follow these steps to delete them.
-Using the Azure Cloud Shell or local Azure CLI, you can delete all Azure resources in a resource group with the [az group delete](/cli/azure/group#az_group_delete) command. Removing the resource group will also remove...
+Using the Azure Cloud Shell or local Azure CLI, you can delete all Azure resources in a resource group with the [az group delete](/cli/azure/group?view=azure-cli-latest&preserve-view=true#az_group_delete) command. Removing the resource group will also remove...
* the Azure Digital Twins instance (from the end-to-end tutorial) * the IoT hub and the hub device registration (from the end-to-end tutorial) * the event grid topic and associated subscriptions
digital-twins How To Integrate Logic Apps https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/digital-twins/how-to-integrate-logic-apps.md
You also need to complete the following items as part of prerequisite setup. The
This article uses Logic Apps to update a twin in your Azure Digital Twins instance. To proceed, you should add at least one twin in your instance.
-You can add twins using the [DigitalTwins APIs](/rest/api/digital-twins/dataplane/twins), the [.NET (C#) SDK](/dotnet/api/overview/azure/digitaltwins/client), or the [Azure Digital Twins CLI](concepts-cli.md). For detailed steps on how to create twins using these methods, see [How-to: Manage digital twins](how-to-manage-twin.md).
+You can add twins using the [DigitalTwins APIs](/rest/api/digital-twins/dataplane/twins), the [.NET (C#) SDK](/dotnet/api/overview/azure/digitaltwins/client?view=azure-dotnet&preserve-view=true), or the [Azure Digital Twins CLI](concepts-cli.md). For detailed steps on how to create twins using these methods, see [How-to: Manage digital twins](how-to-manage-twin.md).
You will need the **_Twin ID_** of a twin in your instance that you've created.
digital-twins How To Integrate Time Series Insights https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/digital-twins/how-to-integrate-time-series-insights.md
az eventhubs eventhub create --name <name-for-your-twins-hub> --resource-group <
### Create twins hub authorization rule
-Create an [authorization rule](/cli/azure/eventhubs/eventhub/authorization-rule#az_eventhubs_eventhub_authorization_rule_create) with send and receive permissions. Specify a name for the rule.
+Create an [authorization rule](/cli/azure/eventhubs/eventhub/authorization-rule?view=azure-cli-latest&preserve-view=true#az_eventhubs_eventhub_authorization_rule_create) with send and receive permissions. Specify a name for the rule.
```azurecli-interactive az eventhubs eventhub authorization-rule create --rights Listen Send --name <name-for-your-twins-hub-auth-rule> --resource-group <your-resource-group> --namespace-name <your-event-hubs-namespace-from-earlier> --eventhub-name <your-twins-hub-from-above>
Create the **time series hub** using the following command. Specify a name for t
### Create time series hub authorization rule
-Create an [authorization rule](/cli/azure/eventhubs/eventhub/authorization-rule#az_eventhubs_eventhub_authorization_rule_create) with send and receive permissions. Specify a name for the time series hub auth rule.
+Create an [authorization rule](/cli/azure/eventhubs/eventhub/authorization-rule?view=azure-cli-latest&preserve-view=true#az_eventhubs_eventhub_authorization_rule_create) with send and receive permissions. Specify a name for the time series hub auth rule.
```azurecli-interactive az eventhubs eventhub authorization-rule create --rights Listen Send --name <name-for-your-time-series-hub-auth-rule> --resource-group <your-resource-group> --namespace-name <your-event-hub-namespace-from-earlier> --eventhub-name <your-time-series-hub-name-from-above>
digital-twins How To Manage Graph https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/digital-twins/how-to-manage-graph.md
You can use the retrieved relationships to navigate to other twins in your graph
Azure Digital Twins also has an API to find all **incoming** relationships to a given twin. This is often useful for reverse navigation, or when deleting a twin. >[!NOTE]
-> `IncomingRelationship` calls don't return the full body of the relationship. For more information on the `IncomingRelationship` class, see its [reference documentation](/dotnet/api/azure.digitaltwins.core.incomingrelationship).
+> `IncomingRelationship` calls don't return the full body of the relationship. For more information on the `IncomingRelationship` class, see its [reference documentation](/dotnet/api/azure.digitaltwins.core.incomingrelationship?view=azure-dotnet&preserve-view=true).
The code sample in the previous section focused on finding outgoing relationships from a twin. The following example is structured similarly, but finds *incoming* relationships to the twin instead. This example also uses the SDK call (highlighted) inside a custom method that might appear in the context of a larger program.
Then, **copy the following code** of the runnable sample into your project:
Next, complete the following steps to configure your project code: 1. Add the **Room.json** and **Floor.json** files you downloaded earlier to your project, and replace the `<path-to>` placeholders in the code to tell your program where to find them. 1. Replace the placeholder `<your-instance-hostname>` with your Azure Digital Twins instance's host name.
-1. Add two dependencies to your project that will be needed to work with Azure Digital Twins. The first is the package for the [Azure Digital Twins SDK for .NET](/dotnet/api/overview/azure/digitaltwins/client), and the second provides tools to help with authentication against Azure.
+1. Add two dependencies to your project that will be needed to work with Azure Digital Twins. The first is the package for the [Azure Digital Twins SDK for .NET](/dotnet/api/overview/azure/digitaltwins/client?view=azure-dotnet&preserve-view=true), and the second provides tools to help with authentication against Azure.
```cmd/sh dotnet add package Azure.DigitalTwins.Core
digital-twins How To Manage Routes Apis Cli https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/digital-twins/how-to-manage-routes-apis-cli.md
In Azure Digital Twins, you can route [event notifications](concepts-event-notifications.md) to downstream services or connected compute resources. This is done by first setting up **endpoints** that can receive the events. You can then create [event routes](concepts-route-events.md) that specify which events generated by Azure Digital Twins are delivered to which endpoints.
-This article walks you through the process of creating endpoints and routes with the [REST APIs](/rest/api/azure-digitaltwins/), the [.NET (C#) SDK](/dotnet/api/overview/azure/digitaltwins/client), and the [Azure Digital Twins CLI](concepts-cli.md).
+This article walks you through the process of creating endpoints and routes with the [REST APIs](/rest/api/azure-digitaltwins/), the [.NET (C#) SDK](/dotnet/api/overview/azure/digitaltwins/client?view=azure-dotnet&preserve-view=true), and the [Azure Digital Twins CLI](concepts-cli.md).
Alternatively, you can also manage endpoints and routes with the [Azure portal](https://portal.azure.com). For a version of this article that uses the portal instead, see [How-to: Manage endpoints and routes (portal)](how-to-manage-routes-portal.md). ## Prerequisites -- You'll need an **Azure account** (you can set one up for free [here](https://azure.microsoft.com/free/?WT.mc_id=A261C142F))
+- You'll need an **Azure account**, which you can [set up for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F))
- You'll need an **Azure Digital Twins instance** in your Azure subscription. If you don't have an instance already, you can create one using the steps in [How-to: Set up an instance and authentication](how-to-set-up-instance-cli.md). Have the following values from setup handy to use later in this article: - Instance name - Resource group
This section explains how to create these endpoints using the Azure CLI. You can
### Create the endpoint
-Once you have created the endpoint resources, you can use them for an Azure Digital Twins endpoint. The following examples show how to create endpoints using the [az dt endpoint create](/cli/azure/dt/endpoint/create) command for the [Azure Digital Twins CLI](concepts-cli.md). Replace the placeholders in the commands with the details of your own resources.
+Once you have created the endpoint resources, you can use them for an Azure Digital Twins endpoint. The following examples show how to create endpoints using the [az dt endpoint create](/cli/azure/dt/endpoint/create?view=azure-cli-latest&preserve-view=true) command for the [Azure Digital Twins CLI](concepts-cli.md). Replace the placeholders in the commands with the details of your own resources.
To create an Event Grid endpoint:
Follow the steps below to set up these storage resources in your Azure account,
#### Create the dead-letter endpoint
-To create an endpoint that has dead-lettering enabled, add the following dead letter parameter to the [az dt endpoint create](/cli/azure/dt/endpoint/create) command for the [Azure Digital Twins CLI](concepts-cli.md).
+To create an endpoint that has dead-lettering enabled, add the following dead letter parameter to the [az dt endpoint create](/cli/azure/dt/endpoint/create?view=azure-cli-latest&preserve-view=true) command for the [Azure Digital Twins CLI](concepts-cli.md).
The value for the parameter is the **dead letter SAS URI** made up of the storage account name, container name, and SAS token that you gathered in the [previous section](#set-up-storage-resources). This parameter creates the endpoint with key-based authentication.
If there is a route name and a different filter is added, messages will be filte
One route should allow multiple notifications and event types to be selected.
-Event routes can be created with the Azure Digital Twins [EventRoutes data plane APIs](/rest/api/digital-twins/dataplane/eventroutes) or [az dt route CLI commands](/cli/azure/dt/route). The rest of this section walks through the creation process.
+Event routes can be created with the Azure Digital Twins [EventRoutes data plane APIs](/rest/api/digital-twins/dataplane/eventroutes) or [az dt route CLI commands](/cli/azure/dt/route?view=azure-cli-latest&preserve-view=true). The rest of this section walks through the creation process.
### Create routes with the APIs and C# SDK
-One way to define event routes is with the [data plane APIs](concepts-apis-sdks.md#overview-data-plane-apis). The samples in this section use the [.NET (C#) SDK](/dotnet/api/overview/azure/digitaltwins/client).
+One way to define event routes is with the [data plane APIs](concepts-apis-sdks.md#overview-data-plane-apis). The samples in this section use the [.NET (C#) SDK](/dotnet/api/overview/azure/digitaltwins/client?view=azure-dotnet&preserve-view=true).
`CreateOrReplaceEventRouteAsync` is the SDK call that is used to add an event route. Here is an example of its usage:
The following sample method shows how to create, list, and delete an event route
### Create routes with the CLI
-Routes can also be managed using the [az dt route](/cli/azure/dt/route) commands for the Azure Digital Twins CLI.
+Routes can also be managed using the [az dt route](/cli/azure/dt/route?view=azure-cli-latest&preserve-view=true) commands for the Azure Digital Twins CLI.
For more information about using the CLI and what commands are available, see [Concepts: Azure Digital Twins CLI command set](concepts-cli.md).
digital-twins How To Manage Twin https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/digital-twins/how-to-manage-twin.md
Here is an example of JSON Patch code. This document replaces the *mass* and *ra
:::code language="json" source="~/digital-twins-docs-samples/models/patch.json":::
-You can create patches using the Azure .NET SDK's [JsonPatchDocument](/dotnet/api/azure.jsonpatchdocument). Here is an example.
+You can create patches using the Azure .NET SDK's [JsonPatchDocument](/dotnet/api/azure.jsonpatchdocument?view=azure-dotnet&preserve-view=true). Here is an example.
:::code language="csharp" source="~/digital-twins-docs-samples/sdks/csharp/twin_operations_other.cs" id="UpdateTwin":::
Then, **copy the following code** of the runnable sample into your project:
Next, complete the following steps to configure your project code: 1. Add the **Room.json** file you downloaded earlier to your project, and replace the `<path-to>` placeholder in the code to tell your program where to find it. 2. Replace the placeholder `<your-instance-hostname>` with your Azure Digital Twins instance's host name.
-3. Add two dependencies to your project that will be needed to work with Azure Digital Twins. The first is the package for the [Azure Digital Twins SDK for .NET](/dotnet/api/overview/azure/digitaltwins/client), and the second provides tools to help with authentication against Azure.
+3. Add two dependencies to your project that will be needed to work with Azure Digital Twins. The first is the package for the [Azure Digital Twins SDK for .NET](/dotnet/api/overview/azure/digitaltwins/client?view=azure-dotnet&preserve-view=true), and the second provides tools to help with authentication against Azure.
```cmd/sh dotnet add package Azure.DigitalTwins.Core
digital-twins How To Provision Using Device Provisioning Service https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/digital-twins/how-to-provision-using-device-provisioning-service.md
You should see that the twin of the device cannot be found in the Azure Digital
If you no longer need the resources created in this article, follow these steps to delete them.
-Using the Azure Cloud Shell or local Azure CLI, you can delete all Azure resources in a resource group with the [az group delete](/cli/azure/group#az_group_delete) command. This removes the resource group; the Azure Digital Twins instance; the IoT hub and the hub device registration; the event grid topic and associated subscriptions; the event hubs namespace and both Azure Functions apps, including associated resources like storage.
+Using the Azure Cloud Shell or local Azure CLI, you can delete all Azure resources in a resource group with the [az group delete](/cli/azure/group?view=azure-cli-latest&preserve-view=true#az_group_delete) command. This removes the resource group; the Azure Digital Twins instance; the IoT hub and the hub device registration; the event grid topic and associated subscriptions; the event hubs namespace and both Azure Functions apps, including associated resources like storage.
> [!IMPORTANT] > Deleting a resource group is irreversible. The resource group and all the resources contained in it are permanently deleted. Make sure that you do not accidentally delete the wrong resource group or resources.
digital-twins How To Query Graph https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/digital-twins/how-to-query-graph.md
Once you have decided on a query string, you execute it by making a call to the
You can call the API directly, or use one of the [SDKs](concepts-apis-sdks.md#overview-data-plane-apis) available for Azure Digital Twins.
-The following code snippet illustrates the [.NET (C#) SDK](/dotnet/api/overview/azure/digitaltwins/client) call from a client app:
+The following code snippet illustrates the [.NET (C#) SDK](/dotnet/api/overview/azure/digitaltwins/client?view=azure-dotnet&preserve-view=true) call from a client app:
:::code language="csharp" source="~/digital-twins-docs-samples/sdks/csharp/queries.cs" id="RunQuery":::
-The query used in this call returns a list of digital twins, which the above example represents with [BasicDigitalTwin](/dotnet/api/azure.digitaltwins.core.basicdigitaltwin) objects. The return type of your data for each query will depend on what terms you specify with the `SELECT` statement:
+The query used in this call returns a list of digital twins, which the above example represents with [BasicDigitalTwin](/dotnet/api/azure.digitaltwins.core.basicdigitaltwin?view=azure-dotnet&preserve-view=true) objects. The return type of your data for each query will depend on what terms you specify with the `SELECT` statement:
* Queries that begin with `SELECT * FROM ...` will return a list of digital twins (which can be serialized as `BasicDigitalTwin` objects, or other custom digital twin types that you may have created). * Queries that begin in the format `SELECT <A>, <B>, <C> FROM ...` will return a dictionary with keys `<A>`, `<B>`, and `<C>`. * Other formats of `SELECT` statements can be crafted to return custom data. You might consider creating your own classes to handle very customized result sets.
digital-twins How To Set Up Instance Cli https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/digital-twins/how-to-set-up-instance-cli.md
You now have an Azure Digital Twins instance ready to go, and have assigned perm
## Next steps Test out individual REST API calls on your instance using the Azure Digital Twins CLI commands:
-* [az dt reference](/cli/azure/dt)
+* [az dt reference](/cli/azure/dt?view=azure-cli-latest&preserve-view=true)
* [Concepts: Azure Digital Twins CLI command set](concepts-cli.md) Or, see how to connect a client application to your instance with authentication code:
digital-twins How To Set Up Instance Portal https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/digital-twins/how-to-set-up-instance-portal.md
You now have an Azure Digital Twins instance ready to go, and have assigned perm
## Next steps Test out individual REST API calls on your instance using the Azure Digital Twins CLI commands:
-* [az dt reference](/cli/azure/dt)
+* [az dt reference](/cli/azure/dt?view=azure-cli-latest&preserve-view=true)
* [Concepts: Azure Digital Twins CLI command set](concepts-cli.md) Or, see how to connect a client application to your instance with authentication code:
digital-twins How To Set Up Instance Scripted https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/digital-twins/how-to-set-up-instance-scripted.md
If verification was unsuccessful, you can also redo your own role assignment usi
## Next steps Test out individual REST API calls on your instance using the Azure Digital Twins CLI commands:
-* [az dt reference](/cli/azure/dt)
+* [az dt reference](/cli/azure/dt?view=azure-cli-latest&preserve-view=true)
* [Concepts: Azure Digital Twins CLI command set](concepts-cli.md) Or, see how to connect a client application to your instance with authentication code:
digital-twins How To Use Postman https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/digital-twins/how-to-use-postman.md
Otherwise, you can open an [Azure Cloud Shell](https://shell.azure.com) window i
az login ```
-2. Next, use the [az account get-access-token](/cli/azure/account#az_account_get_access_token) command to get a bearer token with access to the Azure Digital Twins service. In this command, you'll pass in the resource ID for the Azure Digital Twins service endpoint, in order to get an access token that can access Azure Digital Twins resources.
+2. Next, use the [az account get-access-token](/cli/azure/account?view=azure-cli-latest&preserve-view=true#az_account_get_access_token) command to get a bearer token with access to the Azure Digital Twins service. In this command, you'll pass in the resource ID for the Azure Digital Twins service endpoint, in order to get an access token that can access Azure Digital Twins resources.
The required context for the token depends on which set of APIs you're using, so use the tabs below to select between [data plane](concepts-apis-sdks.md#overview-data-plane-apis) and [control plane](concepts-apis-sdks.md#overview-control-plane-apis) APIs.
digital-twins How To Use Tags https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/digital-twins/how-to-use-tags.md
Here is an example that populates the marker `tags` for three twins:
:::code language="csharp" source="~/digital-twins-docs-samples/sdks/csharp/twin_operations_other.cs" id="TagPropertiesMarker":::
-Here is a code example on how to set the marker `tags` for a twin using the [.NET SDK](/dotnet/api/overview/azure/digitaltwins/client):
+Here is a code example on how to set the marker `tags` for a twin using the [.NET SDK](/dotnet/api/overview/azure/digitaltwins/client?view=azure-dotnet&preserve-view=true):
:::code language="csharp" source="~/digital-twins-docs-samples/sdks/csharp/twin_operations_other.cs" id="TagPropertiesCsharp":::
digital-twins Quickstart Azure Digital Twins Explorer https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/digital-twins/quickstart-azure-digital-twins-explorer.md
The rest of this section walks you through these steps.
### Set up local Azure credentials
-The Azure Digital Twins Explorer application uses [DefaultAzureCredential](/dotnet/api/azure.identity.defaultazurecredential) (part of the `Azure.Identity` library) to authenticate users with the Azure Digital Twins instance when you run it on your local machine. For more information on different ways a client app can authenticate with Azure Digital Twins, see [Write app authentication code](how-to-authenticate-client.md).
+The Azure Digital Twins Explorer application uses [DefaultAzureCredential](/dotnet/api/azure.identity.defaultazurecredential?view=azure-dotnet&preserve-view=true) (part of the `Azure.Identity` library) to authenticate users with the Azure Digital Twins instance when you run it on your local machine. For more information on different ways a client app can authenticate with Azure Digital Twins, see [Write app authentication code](how-to-authenticate-client.md).
With this type of authentication, Azure Digital Twins Explorer will search for credentials within your local environment, such as an Azure sign-in in a local [Azure CLI](/cli/azure/install-azure-cli) or in Visual Studio or Visual Studio Code. For this reason, you should **sign in to Azure locally** through one of these mechanisms to set up credentials for the Azure Digital Twins Explorer app.
digital-twins Troubleshoot Error Azure Digital Twins Explorer Authentication https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/digital-twins/troubleshoot-error-azure-digital-twins-explorer-authentication.md
When setting up and running the Azure Digital Twins Explorer application, attemp
### Cause #1
-The Azure Digital Twins Explorer application uses [DefaultAzureCredential](/dotnet/api/azure.identity.defaultazurecredential) (part of the `Azure.Identity` library), which will search for credentials within your local environment.
+The Azure Digital Twins Explorer application uses [DefaultAzureCredential](/dotnet/api/azure.identity.defaultazurecredential?view=azure-dotnet&preserve-view=true) (part of the `Azure.Identity` library), which will search for credentials within your local environment.
As the error text states, this error may occur if you have not provided local credentials for `DefaultAzureCredential` to pick up.
digital-twins Troubleshoot Known Issues https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/digital-twins/troubleshoot-known-issues.md
This article provides information about known issues associated with Azure Digit
## Issue with interactive browser authentication on Azure.Identity 1.2.0
-**Issue description:** When writing authentication code in your Azure Digital Twins applications using version **1.2.0** of the [Azure.Identity](/dotnet/api/azure.identity) library, you may experience issues with the [InteractiveBrowserCredential](/dotnet/api/azure.identity.interactivebrowsercredential) method. This presents as an error response of "Azure.Identity.AuthenticationFailedException" when trying to authenticate in a browser window. The browser window may fail to start up completely, or appear to authenticate the user successfully, while the client application still fails with the error.
+**Issue description:** When writing authentication code in your Azure Digital Twins applications using version **1.2.0** of the [Azure.Identity](/dotnet/api/azure.identity?view=azure-dotnet&preserve-view=true) library, you may experience issues with the [InteractiveBrowserCredential](/dotnet/api/azure.identity.interactivebrowsercredential?view=azure-dotnet&preserve-view=true) method. This presents as an error response of "Azure.Identity.AuthenticationFailedException" when trying to authenticate in a browser window. The browser window may fail to start up completely, or appear to authenticate the user successfully, while the client application still fails with the error.
| Does this affect me? | Cause | Resolution | | | | |
This article provides information about known issues associated with Azure Digit
## Issue with default Azure credential authentication on Azure.Identity 1.3.0
-**Issue description:** When writing authentication code using version **1.3.0** of the [Azure.Identity](/dotnet/api/azure.identity) library, some users have experienced issues with the [DefaultAzureCredential](/dotnet/api/azure.identity.defaultazurecredential) method used in many samples throughout these Azure Digital Twins docs. This presents as an error response of "Azure.Identity.AuthenticationFailedException: SharedTokenCacheCredential authentication failed" when the code tries to authenticate.
+**Issue description:** When writing authentication code using version **1.3.0** of the [Azure.Identity](/dotnet/api/azure.identity?view=azure-dotnet&preserve-view=true) library, some users have experienced issues with the [DefaultAzureCredential](/dotnet/api/azure.identity.defaultazurecredential?view=azure-dotnet&preserve-view=true) method used in many samples throughout these Azure Digital Twins docs. This presents as an error response of "Azure.Identity.AuthenticationFailedException: SharedTokenCacheCredential authentication failed" when the code tries to authenticate.
| Does this affect me? | Cause | Resolution | | | | |
digital-twins Troubleshoot Metrics https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/digital-twins/troubleshoot-metrics.md
Metrics having to do with billing:
| | | | | | | | BillingApiOperations | Billing API Operations | Count | Total | Billing metric for the count of all API requests made against the Azure Digital Twins service. | Meter ID | | BillingMessagesProcessed | Billing Messages Processed | Count | Total | Billing metric for the number of messages sent out from Azure Digital Twins to external endpoints.<br><br>To be considered a single message for billing purposes, a payload must be no larger than 1 KB. Payloads larger than this will be counted as additional messages in 1 KB increments (so a message between 1 and 2 KB will be counted as 2 messages, between 2 and 3 KB will be 3 messages, and so on).<br>This restriction also applies to responsesΓÇöso a call that returns 1.5KB in the response body, for example, will be billed as 2 operations. | Meter ID |
-| BillingQueryUnits | Billing Query Units | Count | Total | The number of Query Units, an internally computed measure of service resource usage, consumed to execute queries. There is also a helper API available for measuring Query Units: [QueryChargeHelper Class](/dotnet/api/azure.digitaltwins.core.querychargehelper) | Meter ID |
+| BillingQueryUnits | Billing Query Units | Count | Total | The number of Query Units, an internally computed measure of service resource usage, consumed to execute queries. There is also a helper API available for measuring Query Units: [QueryChargeHelper Class](/dotnet/api/azure.digitaltwins.core.querychargehelper?view=azure-dotnet&preserve-view=true) | Meter ID |
For more details on the way Azure Digital Twins is billed, see [Azure Digital Twins pricing](https://azure.microsoft.com/pricing/details/digital-twins/).
digital-twins Troubleshoot Performance https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/digital-twins/troubleshoot-performance.md
+
+# Mandatory fields.
+ Title: Troubleshoot performance
+
+description: Tips for troubleshooting performance of an Azure Digital Twins instance.
++ Last updated : 5/11/2021+++
+# Optional fields. Don't forget to remove # if you need a field.
+#
+#
+#
++
+# Troubleshooting Azure Digital Twins: Performance
+
+If you are experiencing delays or other performance issues when working with Azure Digital Twins, use the tips in this article to help you troubleshoot.
+
+## Isolate the source of the delay
+
+Determine whether the delay is coming from Azure Digital Twins or another service in your solution. To investigate this, you can use the **API Latency** metric in [Azure Monitor](../azure-monitor/essentials/quick-monitor-azure-resource.md) through the Azure portal. For instructions on how to view Azure Monitor metrics for an Azure Digital Twins instance, see [Troubleshooting: View metrics with Azure Monitor](troubleshoot-metrics.md).
+
+## Check regions
+
+If your solution uses Azure Digital Twins in combination with other Azure services (like Azure Functions), check the region for the deployment of each service. If services are deployed in different regions, this may add delays across your solution. Unless you're intentionally creating a distributed solution, consider deploying all service instances within the same region to avoid accidentally introducing delays.
+
+## Leverage logs
+
+Azure Digital Twins can collect logs for your service instance to help monitor its performance, among other data. Logs can be sent to [Log Analytics](../azure-monitor/logs/log-analytics-overview.md) or your custom storage mechanism. To enable logging in your instance, use the instructions in [Troubleshooting: Set up diagnostics](troubleshoot-diagnostics.md). You can analyze the timestamps on the logs to measure latencies, evaluate if they are consistent, and understand their source.
+
+## Check API frequency
+
+Another factor that might affect performance is time taken to re-authorize API calls. Consider the frequency of your API calls. If there is a gap of more than 15 minutes between calls, the system may be re-authorizing with each call, taking up additional time to do so. You can prevent this by adding a timer or something similar in your code to ensure that you call into Azure Digital Twins at least once every 15 minutes.
+
+## Contact support
+
+If you're still experiencing performance issues after troubleshooting with the steps above, you can create a support request from Azure Help + Support for additional troubleshooting assistance.
+
+Follow these steps:
+
+1. Gather [metrics](troubleshoot-metrics.md) and [logs](troubleshoot-diagnostics.md) for your instance.
+2. Navigate to [Azure Help + support](https://ms.portal.azure.com/#blade/Microsoft_Azure_Support/HelpAndSupportBlade/newsupportrequest) in the Azure portal. Use the prompts to provide details of your issue, see recommended solutions, share your metrics/log files, and submit any other information that the support team can use to help investigate your issue. For more information on creating support requests, see [Create an Azure support request](../azure-portal/supportability/how-to-create-azure-support-request.md).
+
+## Next steps
+
+Read about other ways to troubleshoot your Azure Digital Twins instance in the following articles:
+* [Troubleshooting: View metrics with Azure Monitor](troubleshoot-metrics.md)
+* [Troubleshooting: Set up diagnostics](troubleshoot-diagnostics.md).
+* [Troubleshooting: Set up alerts](troubleshoot-alerts.md)
+* [Troubleshooting: Understand your resource health](troubleshoot-resource-health.md)
digital-twins Tutorial Code https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/digital-twins/tutorial-code.md
# Tutorial: Coding with the Azure Digital Twins APIs
-It is common for developers working with Azure Digital Twins to write a client application for interacting with their instance of the Azure Digital Twins service. This developer-focused tutorial provides an introduction to programming against the Azure Digital Twins service, using the [Azure Digital Twins SDK for .NET (C#)](/dotnet/api/overview/azure/digitaltwins/client). It walks you through writing a C# console client app step by step, starting from scratch.
+It is common for developers working with Azure Digital Twins to write a client application for interacting with their instance of the Azure Digital Twins service. This developer-focused tutorial provides an introduction to programming against the Azure Digital Twins service, using the [Azure Digital Twins SDK for .NET (C#)](/dotnet/api/overview/azure/digitaltwins/client?view=azure-dotnet&preserve-view=true). It walks you through writing a C# console client app step by step, starting from scratch.
> [!div class="checklist"] > * Set up project
This will create several files inside your directory, including one called *Prog
Keep the command window open, as you'll continue to use it throughout the tutorial.
-Next, **add two dependencies to your project** that will be needed to work with Azure Digital Twins. The first is the package for the [Azure Digital Twins SDK for .NET](/dotnet/api/overview/azure/digitaltwins/client), the second provides tools to help with authentication against Azure.
+Next, **add two dependencies to your project** that will be needed to work with Azure Digital Twins. The first is the package for the [Azure Digital Twins SDK for .NET](/dotnet/api/overview/azure/digitaltwins/client?view=azure-dotnet&preserve-view=true), the second provides tools to help with authentication against Azure.
```cmd/sh dotnet add package Azure.DigitalTwins.Core
digital-twins Tutorial Command Line Cli https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/digital-twins/tutorial-command-line-cli.md
In this tutorial, you'll build a graph in Azure Digital Twins using models, twins, and relationships. The tool for this tutorial is the [Azure Digital Twins command set for the Azure CLI](concepts-cli.md).
-You can use the CLI commands to perform essential Azure Digital Twins actions such as uploading models, creating and modifying twins, and creating relationships. You can also look at the [reference documentation for az dt command set](/cli/azure/dt) to see the full set of CLI commands.
+You can use the CLI commands to perform essential Azure Digital Twins actions such as uploading models, creating and modifying twins, and creating relationships. You can also look at the [reference documentation for az dt command set](/cli/azure/dt?view=azure-cli-latest&preserve-view=true) to see the full set of CLI commands.
In this tutorial, you will... > [!div class="checklist"]
After designing models, you need to upload them to your Azure Digital Twins inst
Navigate to the *Room.json* file on your machine and select "Open." Then, repeat this step for *Floor.json*.
-1. Next, use the [az dt model create](/cli/azure/dt/model#az_dt_model_create) command as shown below to upload your updated Room model to your Azure Digital Twins instance. The second command uploads another model, Floor, which you'll also use in the next section to create different types of twins.
+1. Next, use the [az dt model create](/cli/azure/dt/model?view=azure-cli-latest&preserve-view=true#az_dt_model_create) command as shown below to upload your updated Room model to your Azure Digital Twins instance. The second command uploads another model, Floor, which you'll also use in the next section to create different types of twins.
```azurecli-interactive az dt model create --dt-name <ADT_instance_name> --models Room.json
After designing models, you need to upload them to your Azure Digital Twins inst
The output from each command will show information about the successfully uploaded model. >[!TIP]
- >You can also upload all models within a directory at the same time, by using the `--from-directory` option for the model create command. For more information, see [Optional parameters for az dt model create](/cli/azure/dt/model#az_dt_model_create-optional-parameters).
+ >You can also upload all models within a directory at the same time, by using the `--from-directory` option for the model create command. For more information, see [Optional parameters for az dt model create](/cli/azure/dt/model?view=azure-cli-latest&preserve-view=true#az_dt_model_create-optional-parameters).
-1. Verify the models were created with the [az dt model list](/cli/azure/dt/model#az_dt_model_list) command as shown below. This will print a list of all models that have been uploaded to the Azure Digital Twins instance with their full information.
+1. Verify the models were created with the [az dt model list](/cli/azure/dt/model?view=azure-cli-latest&preserve-view=true#az_dt_model_list) command as shown below. This will print a list of all models that have been uploaded to the Azure Digital Twins instance with their full information.
```azurecli-interactive az dt model list --dt-name <ADT_instance_name> --definition
As models cannot be overwritten, this will now return an error code of `ModelIdA
Now that some models have been uploaded to your Azure Digital Twins instance, you can create [digital twins](concepts-twins-graph.md) based on the model definitions. Digital twins represent the entities within your business environmentΓÇöthings like sensors on a farm, rooms in a building, or lights in a car.
-To create a digital twin, you use the [az dt twin create](/cli/azure/dt/twin#az_dt_twin_create) command. You must reference the model that the twin is based on, and can optionally define initial values for any properties in the model. You do not have to pass any relationship information at this stage.
+To create a digital twin, you use the [az dt twin create](/cli/azure/dt/twin?view=azure-cli-latest&preserve-view=true#az_dt_twin_create) command. You must reference the model that the twin is based on, and can optionally define initial values for any properties in the model. You do not have to pass any relationship information at this stage.
1. Run this code in the Cloud Shell to create several twins, based on the Room model you updated earlier and another model, Floor. Recall that Room has three properties, so you can provide arguments with the initial values for these. (Initializing property values is optional in general, but they're needed for this tutorial.)
To create a digital twin, you use the [az dt twin create](/cli/azure/dt/twin#az_
The output from each command will show information about the successfully created twin (including properties for the room twins that were initialized with them).
-1. You can verify that the twins were created with the [az dt twin query](/cli/azure/dt/twin#az_dt_twin_query) command as shown below. The query shown finds all the digital twins in your Azure Digital Twins instance.
+1. You can verify that the twins were created with the [az dt twin query](/cli/azure/dt/twin?view=azure-cli-latest&preserve-view=true#az_dt_twin_query) command as shown below. The query shown finds all the digital twins in your Azure Digital Twins instance.
```azurecli-interactive az dt twin query --dt-name <ADT_instance_name> --query-command "SELECT * FROM DIGITALTWINS"
To create a digital twin, you use the [az dt twin create](/cli/azure/dt/twin#az_
You can also modify the properties of a twin you've created.
-1. Run this [az dt twin update](/cli/azure/dt/twin#az_dt_twin_update) command to change *room0*'s RoomName from *Room0* to *PresidentialSuite*:
+1. Run this [az dt twin update](/cli/azure/dt/twin?view=azure-cli-latest&preserve-view=true#az_dt_twin_update) command to change *room0*'s RoomName from *Room0* to *PresidentialSuite*:
```azurecli-interactive az dt twin update --dt-name <ADT_instance_name> --twin-id room0 --json-patch '{"op":"add", "path":"/RoomName", "value": "PresidentialSuite"}'
You can also modify the properties of a twin you've created.
:::image type="content" source="media/tutorial-command-line/cli/output-update-twin.png" alt-text="Screenshot of Cloud Shell showing result of the update command, which includes a RoomName of PresidentialSuite." lightbox="media/tutorial-command-line/cli/output-update-twin.png":::
-1. You can verify the update succeeded by running the [az dt twin show](/cli/azure/dt/twin#az_dt_twin_show) command to see room0's information:
+1. You can verify the update succeeded by running the [az dt twin show](/cli/azure/dt/twin?view=azure-cli-latest&preserve-view=true#az_dt_twin_show) command to see room0's information:
```azurecli-interactive az dt twin show --dt-name <ADT_instance_name> --twin-id room0
Next, you can create some **relationships** between these twins, to connect them
The types of relationships that you can create from one twin to another are defined within the [models](#model-a-physical-environment-with-dtdl) that you uploaded earlier. The [model definition for Floor](https://github.com/azure-Samples/digital-twins-samples/blob/master/AdtSampleApp/SampleClientApp/Models/Floor.json) specifies that floors can have a type of relationship called *contains*. This makes it possible to create a *contains*-type relationship from each Floor twin to the corresponding room that it contains.
-To add a relationship, use the [az dt twin relationship create](/cli/azure/dt/twin/relationship#az_dt_twin_relationship_create) command. Specify the twin that the relationship is coming from, the type of relationship, and the twin that the relationship is connecting to. Lastly, give the relationship a unique ID. If a relationship was defined to have properties, you can initialize the relationship properties in this command as well.
+To add a relationship, use the [az dt twin relationship create](/cli/azure/dt/twin/relationship?view=azure-cli-latest&preserve-view=true#az_dt_twin_relationship_create) command. Specify the twin that the relationship is coming from, the type of relationship, and the twin that the relationship is connecting to. Lastly, give the relationship a unique ID. If a relationship was defined to have properties, you can initialize the relationship properties in this command as well.
1. Run the following code to add a *contains*-type relationship from each of the Floor twins you created earlier to the corresponding Room twin. The relationships are named relationship0 and relationship1.
The twins and relationships you have set up in this tutorial form the following
## Query the twin graph to answer environment questions
-A main feature of Azure Digital Twins is the ability to [query](concepts-query-language.md) your twin graph easily and efficiently to answer questions about your environment. In the Azure CLI, this is done with the [az dt twin query](/cli/azure/dt/twin#az_dt_twin_query) command.
+A main feature of Azure Digital Twins is the ability to [query](concepts-query-language.md) your twin graph easily and efficiently to answer questions about your environment. In the Azure CLI, this is done with the [az dt twin query](/cli/azure/dt/twin?view=azure-cli-latest&preserve-view=true#az_dt_twin_query) command.
Run the following queries in the Cloud Shell to answer some questions about the sample environment.
After completing this tutorial, you can choose which resources you want to remov
* **If you plan to continue to the next tutorial**, you can keep the resources you set up here and reuse the Azure Digital Twins instance without clearing anything in between.
-* **If you want to continue using the Azure Digital Twins instance, but clear out all of its models, twins, and relationships**, you can use the [az dt twin relationship delete](/cli/azure/dt/twin/relationship#az_dt_twin_relationship_delete), [az dt twin delete](/cli/azure/dt/twin#az_dt_twin_delete), and [az dt model delete](/cli/azure/dt/model#az_dt_model_delete) commands to clear the relationships, twins, and models in your instance, respectively.
+* **If you want to continue using the Azure Digital Twins instance, but clear out all of its models, twins, and relationships**, you can use the [az dt twin relationship delete](/cli/azure/dt/twin/relationship?view=azure-cli-latest&preserve-view=true#az_dt_twin_relationship_delete), [az dt twin delete](/cli/azure/dt/twin?view=azure-cli-latest&preserve-view=true#az_dt_twin_delete), and [az dt model delete](/cli/azure/dt/model?view=azure-cli-latest&preserve-view=true#az_dt_model_delete) commands to clear the relationships, twins, and models in your instance, respectively.
[!INCLUDE [digital-twins-cleanup-basic.md](../../includes/digital-twins-cleanup-basic.md)]
digital-twins Tutorial End To End https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/digital-twins/tutorial-end-to-end.md
To work through the scenario, you will interact with components of the pre-writt
Here are the components implemented by the building scenario *AdtSampleApp* sample app: * Device authentication
-* [.NET (C#) SDK](/dotnet/api/overview/azure/digitaltwins/client) usage examples (found in *CommandLoop.cs*)
+* [.NET (C#) SDK](/dotnet/api/overview/azure/digitaltwins/client?view=azure-dotnet&preserve-view=true) usage examples (found in *CommandLoop.cs*)
* Console interface to call the Azure Digital Twins API * *SampleClientApp* - A sample Azure Digital Twins solution * *SampleFunctionsApp* - An Azure Functions app that updates your Azure Digital Twins graph as a result of telemetry from IoT Hub and Azure Digital Twins events
After completing this tutorial, you can choose which resources you want to remov
[!INCLUDE [digital-twins-cleanup-basic.md](../../includes/digital-twins-cleanup-basic.md)]
-* **If you want to continue using the Azure Digital Twins instance you set up in this article, but clear out some or all of its models, twins, and relationships**, you can use the [az dt](/cli/azure/dt) CLI commands in an [Azure Cloud Shell](https://shell.azure.com) window to delete the elements you want to remove.
+* **If you want to continue using the Azure Digital Twins instance you set up in this article, but clear out some or all of its models, twins, and relationships**, you can use the [az dt](/cli/azure/dt?view=azure-cli-latest&preserve-view=true) CLI commands in an [Azure Cloud Shell](https://shell.azure.com) window to delete the elements you want to remove.
- This option will not remove any of the other Azure resources created in this tutorial (IoT Hub, Azure Functions app, etc.). You can delete these individually using the [dt commands](/cli/azure/reference-index) appropriate for each resource type.
+ This option will not remove any of the other Azure resources created in this tutorial (IoT Hub, Azure Functions app, etc.). You can delete these individually using the [dt commands](/cli/azure/reference-index?view=azure-cli-latest&preserve-view=true) appropriate for each resource type.
You may also want to delete the project folder from your local machine.
event-grid Handler Service Bus https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/event-grid/handler-service-bus.md
An event handler is the place where the event is sent. The handler takes some fu
You can use a Service queue or topic as a handler for events from Event Grid. ## Service Bus queues+
+> [!NOTE]
+> Session enabled queues are not supported as event handlers for Azure Event Grid events
+
You can route events in Event Grid directly to Service Bus queues for use in buffering or command & control scenarios in enterprise applications. In the Azure portal, while creating an event subscription, select **Service Bus Queue** as endpoint type and then click **select an endpoint** to choose a Service Bus queue.
event-grid Policy Reference https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/event-grid/policy-reference.md
Title: Built-in policy definitions for Azure Event Grid description: Lists Azure Policy built-in policy definitions for Azure Event Grid. These built-in policy definitions provide common approaches to managing your Azure resources. Previously updated : 05/04/2021 Last updated : 05/14/2021
event-grid Security Controls Policy https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/event-grid/security-controls-policy.md
Title: Azure Policy Regulatory Compliance controls for Azure Event Grid description: Lists Azure Policy Regulatory Compliance controls available for Azure Event Grid. These built-in policy definitions provide common approaches to managing the compliance of your Azure resources. Previously updated : 05/04/2021 Last updated : 05/14/2021
event-hubs Policy Reference https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/event-hubs/policy-reference.md
Title: Built-in policy definitions for Azure Event Hubs description: Lists Azure Policy built-in policy definitions for Azure Event Hubs. These built-in policy definitions provide common approaches to managing your Azure resources. Previously updated : 05/04/2021 Last updated : 05/14/2021
event-hubs Security Controls Policy https://github.com/MicrosoftDocs/azure-docs/commits/master/artic