-If your federated domain(s) have the [federatedIdpMfaBehavior](/graph/api/resources/federatedIdpMfaBehavior?view=graph-rest-beta) set to `enforceMfaByFederatedIdp` or **SupportsMfa** flag set to `$True` (the **federatedIdpMfaBehavior** overrides **SupportsMfa** when both are set), you are likely enforcing MFA on AD FS using claims rules.

-

-

-

-In this quickstart, you download and run a code sample that demonstrates how an Android application can sign in users and get an access token to call the Microsoft Graph API.

-See [How the sample works](#how-the-sample-works) for an illustration.

-Applications must be represented by an app object in Azure Active Directory so that the Microsoft identity platform can provide tokens to your application.

-## Prerequisites

-* An Azure account with an active subscription. [Create an account for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F).

-* Android Studio

-* Android 16+

-### Step 1: Configure your application in the Azure portal

-For the code sample in this quickstart to work, add a **Redirect URI** compatible with the Auth broker.

-> [!div id="makechanges" class="nextstepaction" class="configure-app-button"]

-> <button>Make this change for me</button>

-> [!div id="appconfigured" class="alert alert-info"]

->  Your application is configured with these attributes

-### Step 2: Download the project

-Run the project using Android Studio.

-> [!div class="nextstepaction"]

-> [Download the code sample](https://github.com/Azure-Samples/ms-identity-android-java/archive/master.zip)

-### Step 3: Your app is configured and ready to run

-We have configured your project with values of your app's properties and it's ready to run.

-The sample app starts on the **Single Account Mode** screen. A default scope, **user.read**, is provided by default, which is used when reading your own profile data during the Microsoft Graph API call. The URL for the Microsoft Graph API call is provided by default. You can change both of these if you wish.

-

-Use the app menu to change between single and multiple account modes.

-In single account mode, sign in using a work or home account:

-1. Select **Get graph data interactively** to prompt the user for their credentials. You'll see the output from the call to the Microsoft Graph API in the bottom of the screen.

-2. Once signed in, select **Get graph data silently** to make a call to the Microsoft Graph API without prompting the user for credentials again. You'll see the output from the call to the Microsoft Graph API in the bottom of the screen.

-In multiple account mode, you can repeat the same steps. Additionally, you can remove the signed-in account, which also removes the cached tokens for that account.

-> [!div class="sxs-lookup"]

-> > [!NOTE]

-> > `Enter_the_Supported_Account_Info_Here`

-## How the sample works

-

-The code is organized into fragments that show how to write a single and multiple accounts MSAL app. The code files are organized as follows:

-| File | Demonstrates |

-|||

-| MainActivity | Manages the UI |

-| MSGraphRequestWrapper | Calls the Microsoft Graph API using the token provided by MSAL |

-| MultipleAccountModeFragment | Initializes a multi-account application, loads a user account, and gets a token to call the Microsoft Graph API |

-| SingleAccountModeFragment | Initializes a single-account application, loads a user account, and gets a token to call the Microsoft Graph API |

-| res/auth_config_multiple_account.json | The multiple account configuration file |

-| res/auth_config_single_account.json | The single account configuration file |

-| Gradle Scripts/build.grade (Module:app) | The MSAL library dependencies are added here |

-We'll now look at these files in more detail and call out the MSAL-specific code in each.

-### Adding MSAL to the app

-MSAL ([com.microsoft.identity.client](https://javadoc.io/doc/com.microsoft.identity.client/msal)) is the library used to sign in users and request tokens used to access an API protected by Microsoft identity platform. Gradle 3.0+ installs the library when you add the following to **Gradle Scripts** > **build.gradle (Module: app)** under **Dependencies**:

-```java

-dependencies {

- ...

- implementation 'com.microsoft.identity.client:msal:2.+'

- ...

-}

-```

-This instructs Gradle to download and build MSAL from maven central.

-You must also add references to maven to the **allprojects** > **repositories** portion of the **build.gradle (Module: app)** like so:

-```java

-allprojects {

- repositories {

- mavenCentral()

- google()

- mavenLocal()

- maven {

- url 'https://pkgs.dev.azure.com/MicrosoftDeviceSDK/DuoSDK-Public/_packaging/Duo-SDK-Feed/maven/v1'

- }

- maven {

- name "vsts-maven-adal-android"

- url "https://identitydivision.pkgs.visualstudio.com/_packaging/AndroidADAL/maven/v1"

- credentials {

- username System.getenv("ENV_VSTS_MVN_ANDROIDADAL_USERNAME") != null ? System.getenv("ENV_VSTS_MVN_ANDROIDADAL_USERNAME") : project.findProperty("vstsUsername")

- password System.getenv("ENV_VSTS_MVN_ANDROIDADAL_ACCESSTOKEN") != null ? System.getenv("ENV_VSTS_MVN_ANDROIDADAL_ACCESSTOKEN") : project.findProperty("vstsMavenAccessToken")

- }

- }

- jcenter()

- }

-}

-```

-### MSAL imports

-The imports that are relevant to the MSAL library are `com.microsoft.identity.client.*`. For example, you'll see `import com.microsoft.identity.client.PublicClientApplication;` which is the namespace for the `PublicClientApplication` class, which represents your public client application.

-### SingleAccountModeFragment.java

-This file demonstrates how to create a single account MSAL app and call a Microsoft Graph API.

-Single account apps are only used by a single user. For example, you might just have one account that you sign into your mapping app with.

-#### Single account MSAL initialization

-In `auth_config_single_account.json`, in `onCreateView()`, a single account `PublicClientApplication` is created using the config information stored in the `auth_config_single_account.json` file. This is how you initialize the MSAL library for use in a single-account MSAL app:

-```java

-...

-// Creates a PublicClientApplication object with res/raw/auth_config_single_account.json

-PublicClientApplication.createSingleAccountPublicClientApplication(getContext(),

- R.raw.auth_config_single_account,

- new IPublicClientApplication.ISingleAccountApplicationCreatedListener() {

- @Override

- public void onCreated(ISingleAccountPublicClientApplication application) {

- /**

- * This test app assumes that the app is only going to support one account.

- * This requires "account_mode" : "SINGLE" in the config json file.

- **/

- mSingleAccountApp = application;

- loadAccount();

- }

- @Override

- public void onError(MsalException exception) {

- displayError(exception);

- }

- });

-```

-#### Sign in a user

-In `SingleAccountModeFragment.java`, the code to sign in a user is in `initializeUI()`, in the `signInButton` click handler.

-Call `signIn()` before trying to acquire tokens. `signIn()` behaves as though `acquireToken()` is called, resulting in an interactive prompt for the user to sign in.

-Signing in a user is an asynchronous operation. A callback is passed that calls the Microsoft Graph API and update the UI once the user signs in:

-```java

-mSingleAccountApp.signIn(getActivity(), null, getScopes(), getAuthInteractiveCallback());

-```

-#### Sign out a user

-In `SingleAccountModeFragment.java`, the code to sign out a user is in `initializeUI()`, in the `signOutButton` click handler. Signing a user out is an asynchronous operation. Signing the user out also clears the token cache for that account. A callback is created to update the UI once the user account is signed out:

-```java

-mSingleAccountApp.signOut(new ISingleAccountPublicClientApplication.SignOutCallback() {

- @Override

- public void onSignOut() {

- updateUI(null);

- performOperationOnSignOut();

- }

- @Override

- public void onError(@NonNull MsalException exception) {

- displayError(exception);

- }

-});

-```

-#### Get a token interactively or silently

-To present the fewest number of prompts to the user, you'll typically get a token silently. Then, if there's an error, attempt to get to token interactively. The first time the app calls `signIn()`, it effectively acts as a call to `acquireToken()`, which will prompt the user for credentials.

-Some situations when the user may be prompted to select their account, enter their credentials, or consent to the permissions your app has requested are:

-* The first time the user signs in to the application

-* If a user resets their password, they'll need to enter their credentials

-* If consent is revoked

-* If your app explicitly requires consent

-* When your application is requesting access to a resource for the first time

-* When MFA or other Conditional Access policies are required

-The code to get a token interactively, that is with UI that will involve the user, is in `SingleAccountModeFragment.java`, in `initializeUI()`, in the `callGraphApiInteractiveButton` click handler:

-```java

-/**

- * If acquireTokenSilent() returns an error that requires an interaction (MsalUiRequiredException),

- * invoke acquireToken() to have the user resolve the interrupt interactively.

- *

- * Some example scenarios are

- * - password change

- * - the resource you're acquiring a token for has a stricter set of requirement than your Single Sign-On refresh token.

- * - you're introducing a new scope which the user has never consented for.

- **/

-mSingleAccountApp.acquireToken(getActivity(), getScopes(), getAuthInteractiveCallback());

-```

-If the user has already signed in, `acquireTokenSilentAsync()` allows apps to request tokens silently as shown in `initializeUI()`, in the `callGraphApiSilentButton` click handler:

-```java

-/**

- * Once you've signed the user in,

- * you can perform acquireTokenSilent to obtain resources without interrupting the user.

- **/

- mSingleAccountApp.acquireTokenSilentAsync(getScopes(), AUTHORITY, getAuthSilentCallback());

-```

-#### Load an account

-The code to load an account is in `SingleAccountModeFragment.java` in `loadAccount()`. Loading the user's account is an asynchronous operation, so callbacks to handle when the account loads, changes, or an error occurs is passed to MSAL. The following code also handles `onAccountChanged()`, which occurs when an account is removed, the user changes to another account, and so on.

-```java

-private void loadAccount() {

- ...

- mSingleAccountApp.getCurrentAccountAsync(new ISingleAccountPublicClientApplication.CurrentAccountCallback() {

- @Override

- public void onAccountLoaded(@Nullable IAccount activeAccount) {

- // You can use the account data to update your UI or your app database.

- updateUI(activeAccount);

- }

- @Override

- public void onAccountChanged(@Nullable IAccount priorAccount, @Nullable IAccount currentAccount) {

- if (currentAccount == null) {

- // Perform a cleanup task as the signed-in account changed.

- performOperationOnSignOut();

- }

- }

- @Override

- public void onError(@NonNull MsalException exception) {

- displayError(exception);

- }

- });

-```

-#### Call Microsoft Graph

-When a user is signed in, the call to Microsoft Graph is made via an HTTP request by `callGraphAPI()` that is defined in `SingleAccountModeFragment.java`. This function is a wrapper that simplifies the sample by doing some tasks such as getting the access token from the `authenticationResult` and packaging the call to the MSGraphRequestWrapper, and displaying the results of the call.

-```java

-private void callGraphAPI(final IAuthenticationResult authenticationResult) {

- MSGraphRequestWrapper.callGraphAPIUsingVolley(

- getContext(),

- graphResourceTextView.getText().toString(),

- authenticationResult.getAccessToken(),

- new Response.Listener<JSONObject>() {

- @Override

- public void onResponse(JSONObject response) {

- /* Successfully called graph, process data and send to UI */

- ...

- }

- },

- new Response.ErrorListener() {

- @Override

- public void onErrorResponse(VolleyError error) {

- ...

- }

- });

-}

-```

-### auth_config_single_account.json

-This is the configuration file for an MSAL app that uses a single account.

-See [Understand the Android MSAL configuration file ](msal-configuration.md) for an explanation of these fields.

-Note the presence of `"account_mode" : "SINGLE"`, which configures this app to use a single account.

-`"client_id"` is preconfigured to use an app object registration that Microsoft maintains.

-`"redirect_uri"`is preconfigured to use the signing key provided with the code sample.

-```json

-{

- "client_id" : "0984a7b6-bc13-4141-8b0d-8f767e136bb7",

- "authorization_user_agent" : "DEFAULT",

- "redirect_uri" : "msauth://com.azuresamples.msalandroidapp/1wIqXSqBj7w%2Bh11ZifsnqwgyKrY%3D",

- "account_mode" : "SINGLE",

- "broker_redirect_uri_registered": true,

- "authorities" : [

- {

- "type": "AAD",

- "audience": {

- "type": "AzureADandPersonalMicrosoftAccount",

- "tenant_id": "common"

- }

- }

- ]

-}

-```

-### MultipleAccountModeFragment.java

-This file demonstrates how to create a multiple account MSAL app and call a Microsoft Graph API.

-An example of a multiple account app is a mail app that allows you to work with multiple user accounts such as a work account and a personal account.

-#### Multiple account MSAL initialization

-In the `MultipleAccountModeFragment.java` file, in `onCreateView()`, a multiple account app object (`IMultipleAccountPublicClientApplication`) is created using the config information stored in the `auth_config_multiple_account.json file`:

-```java

-// Creates a PublicClientApplication object with res/raw/auth_config_multiple_account.json

-PublicClientApplication.createMultipleAccountPublicClientApplication(getContext(),

- R.raw.auth_config_multiple_account,

- new IPublicClientApplication.IMultipleAccountApplicationCreatedListener() {

- @Override

- public void onCreated(IMultipleAccountPublicClientApplication application) {

- mMultipleAccountApp = application;

- loadAccounts();

- }

- @Override

- public void onError(MsalException exception) {

- ...

- }

- });

-```

-The created `MultipleAccountPublicClientApplication` object is stored in a class member variable so that it can be used to interact with the MSAL library to acquire tokens and load and remove the user account.

-#### Load an account

-Multiple account apps usually call `getAccounts()` to select the account to use for MSAL operations. The code to load an account is in the `MultipleAccountModeFragment.java` file, in `loadAccounts()`. Loading the user's account is an asynchronous operation. So a callback handles the situations when the account is loaded, changes, or an error occurs.

-```java

-/**

- * Load currently signed-in accounts, if there's any.

- **/

-private void loadAccounts() {

- if (mMultipleAccountApp == null) {

- return;

- }

- mMultipleAccountApp.getAccounts(new IPublicClientApplication.LoadAccountsCallback() {

- @Override

- public void onTaskCompleted(final List<IAccount> result) {

- // You can use the account data to update your UI or your app database.

- accountList = result;

- updateUI(accountList);

- }

- @Override

- public void onError(MsalException exception) {

- displayError(exception);

- }

- });

-}

-```

-#### Get a token interactively or silently

-Some situations when the user may be prompted to select their account, enter their credentials, or consent to the permissions your app has requested are:

-* The first time users sign in to the application

-* If a user resets their password, they'll need to enter their credentials

-* If consent is revoked

-* If your app explicitly requires consent

-* When your application is requesting access to a resource for the first time

-* When MFA or other Conditional Access policies are required

-Multiple account apps should typically acquire tokens interactively, that is with UI that involves the user, with a call to `acquireToken()`. The code to get a token interactively is in the `MultipleAccountModeFragment.java` file in `initializeUI()`, in the `callGraphApiInteractiveButton` click handler:

-```java

-/**

- * Acquire token interactively. It will also create an account object for the silent call as a result (to be obtained by getAccount()).

- *

- * If acquireTokenSilent() returns an error that requires an interaction,

- * invoke acquireToken() to have the user resolve the interrupt interactively.

- *

- * Some example scenarios are

- * - password change

- * - the resource you're acquiring a token for has a stricter set of requirement than your SSO refresh token.

- * - you're introducing a new scope which the user has never consented for.

- **/

-mMultipleAccountApp.acquireToken(getActivity(), getScopes(), getAuthInteractiveCallback());

-```

-Apps shouldn't require the user to sign in every time they request a token. If the user has already signed in, `acquireTokenSilentAsync()` allows apps to request tokens without prompting the user, as shown in the `MultipleAccountModeFragment.java` file, in`initializeUI()` in the `callGraphApiSilentButton` click handler:

-```java

-/**

- * Performs acquireToken without interrupting the user.

- *

- * This requires an account object of the account you're obtaining a token for.

- * (can be obtained via getAccount()).

- */

-mMultipleAccountApp.acquireTokenSilentAsync(getScopes(),

- accountList.get(accountListSpinner.getSelectedItemPosition()),

- AUTHORITY,

- getAuthSilentCallback());

-```

-#### Remove an account

-The code to remove an account, and any cached tokens for the account, is in the `MultipleAccountModeFragment.java` file in `initializeUI()` in the handler for the remove account button. Before you can remove an account, you need an account object, which you obtain from MSAL methods like `getAccounts()` and `acquireToken()`. Because removing an account is an asynchronous operation, the `onRemoved` callback is supplied to update the UI.

-```java

-/**

- * Removes the selected account and cached tokens from this app (or device, if the device is in shared mode).

- **/

-mMultipleAccountApp.removeAccount(accountList.get(accountListSpinner.getSelectedItemPosition()),

- new IMultipleAccountPublicClientApplication.RemoveAccountCallback() {

- @Override

- public void onRemoved() {

- ...

- /* Reload account asynchronously to get the up-to-date list. */

- loadAccounts();

- }

- @Override

- public void onError(@NonNull MsalException exception) {

- displayError(exception);

- }

- });

-```

-### auth_config_multiple_account.json

-This is the configuration file for a MSAL app that uses multiple accounts.

-See [Understand the Android MSAL configuration file ](msal-configuration.md) for an explanation of the various fields.

-Unlike the [auth_config_single_account.json](#auth_config_single_accountjson) configuration file, this config file has `"account_mode" : "MULTIPLE"` instead of `"account_mode" : "SINGLE"` because this is a multiple account app.

-`"client_id"` is preconfigured to use an app object registration that Microsoft maintains.

-`"redirect_uri"`is preconfigured to use the signing key provided with the code sample.

-```json

-{

- "client_id" : "0984a7b6-bc13-4141-8b0d-8f767e136bb7",

- "authorization_user_agent" : "DEFAULT",

- "redirect_uri" : "msauth://com.azuresamples.msalandroidapp/1wIqXSqBj7w%2Bh11ZifsnqwgyKrY%3D",

- "account_mode" : "MULTIPLE",

- "broker_redirect_uri_registered": true,

- "authorities" : [

- {

- "type": "AAD",

- "audience": {

- "type": "AzureADandPersonalMicrosoftAccount",

- "tenant_id": "common"

- }

- }

- ]

-}

-```

-## Next steps

-Move on to the Android tutorial in which you build an Android app that gets an access token from the Microsoft identity platform and uses it to call the Microsoft Graph API.

-> [!div class="nextstepaction"]

-> [Tutorial: Sign in users and call the Microsoft Graph from an Android application](tutorial-v2-android.md)

-In this quickstart, you download and run a code sample that demonstrates how a native iOS or macOS application can sign in users and get an access token to call the Microsoft Graph API.

-The quickstart applies to both iOS and macOS apps. Some steps are needed only for iOS apps and will be indicated as such.

-## Prerequisites

-* An Azure account with an active subscription. [Create an account for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F).

-* XCode 10+

-* iOS 10+

-* macOS 10.12+

-## How the sample works

-

-#### Step 1: Configure your application

-For the code sample in this quickstart to work, add a **Redirect URI** compatible with the Auth broker.

-> [!div id="makechanges" class="nextstepaction" class="configure-app-button"]

-> <button>Make this change for me</button>

-> [!div id="appconfigured" class="alert alert-info"]

->  Your application is configured with these attributes

-#### Step 2: Download the sample project

-> [!div class="nextstepaction"]

-> [Download the code sample for iOS]()

-> [!div class="nextstepaction"]

-> [Download the code sample for macOS]()

-#### Step 3: Install dependencies

-1. Extract the zip file.

-2. In a terminal window, navigate to the folder with the downloaded code sample and run `pod install` to install the latest MSAL library.

-#### Step 4: Your app is configured and ready to run

-We have configured your project with values of your app's properties and it's ready to run.

-> [!NOTE]

-> `Enter_the_Supported_Account_Info_Here`

-1. If you're building an app for [Azure AD national clouds](/graph/deployments#app-registration-and-token-service-root-endpoints), replace the line starting with 'let kGraphEndpoint' and 'let kAuthority' with correct endpoints. For global access, use default values:

- ```swift

- let kGraphEndpoint = "https://graph.microsoft.com/"

- let kAuthority = "https://login.microsoftonline.com/common"

- ```

-1. Other endpoints are documented [here](/graph/deployments#app-registration-and-token-service-root-endpoints). For example, to run the quickstart with Azure AD Germany, use following:

- ```swift

- let kGraphEndpoint = "https://graph.microsoft.de/"

- let kAuthority = "https://login.microsoftonline.de/common"

- ```

-3. Open the project settings. In the **Identity** section, enter the **Bundle Identifier** that you entered into the portal.

-4. Right-click **Info.plist** and select **Open As** > **Source Code**.

-5. Under the dict root node, replace `Enter_the_bundle_Id_Here` with the ***Bundle Id*** that you used in the portal. Notice the `msauth.` prefix in the string.

- ```xml

- <key>CFBundleURLTypes</key>

- <array>

- <dict>

- <key>CFBundleURLSchemes</key>

- <array>

- <string>msauth.Enter_the_Bundle_Id_Here</string>

- </array>

- </dict>

- </array>

- ```

-6. Build and run the app!

-## More Information

-Read these sections to learn more about this quickstart.

-### Get MSAL

-MSAL ([MSAL.framework](https://github.com/AzureAD/microsoft-authentication-library-for-objc)) is the library used to sign in users and request tokens used to access an API protected by Microsoft identity platform. You can add MSAL to your application using the following process:

-```

-$ vi Podfile

-```

-Add the following to this podfile (with your project's target):

-```

-use_frameworks!

-target 'MSALiOS' do

- pod 'MSAL'

-end

-```

-Run CocoaPods installation command:

-`pod install`

-### Initialize MSAL

-You can add the reference for MSAL by adding the following code:

-```swift

-import MSAL

-```

-Then, initialize MSAL using the following code:

-```swift

-let authority = try MSALAADAuthority(url: URL(string: kAuthority)!)

-let msalConfiguration = MSALPublicClientApplicationConfig(clientId: kClientID, redirectUri: nil, authority: authority)

-self.applicationContext = try MSALPublicClientApplication(configuration: msalConfiguration)

-```

-> |Where: | Description |

-> |||

-> | `clientId` | The Application ID from the application registered in *portal.azure.com* |

-> | `authority` | The Microsoft identity platform. In most of cases this will be `https://login.microsoftonline.com/common` |

-> | `redirectUri` | The redirect URI of the application. You can pass 'nil' to use the default value, or your custom redirect URI. |

-### For iOS only, additional app requirements

-Your app must also have the following in your `AppDelegate`. This lets MSAL SDK handle token response from the Auth broker app when you do authentication.

-```swift

-func application(_ app: UIApplication, open url: URL, options: [UIApplication.OpenURLOptionsKey : Any] = [:]) -> Bool {

- return MSALPublicClientApplication.handleMSALResponse(url, sourceApplication: options[UIApplication.OpenURLOptionsKey.sourceApplication] as? String)

-}

-```

-> [!NOTE]

-> On iOS 13+, if you adopt `UISceneDelegate` instead of `UIApplicationDelegate`, place this code into the `scene:openURLContexts:` callback instead (See [Apple's documentation](https://developer.apple.com/documentation/uikit/uiscenedelegate/3238059-scene?language=objc)).

-> If you support both UISceneDelegate and UIApplicationDelegate for compatibility with older iOS, MSAL callback needs to be placed into both places.

-```swift

-func scene(_ scene: UIScene, openURLContexts URLContexts: Set<UIOpenURLContext>) {

- guard let urlContext = URLContexts.first else {

- return

- }

- let url = urlContext.url

- let sourceApp = urlContext.options.sourceApplication

- MSALPublicClientApplication.handleMSALResponse(url, sourceApplication: sourceApp)

-}

-```

-Finally, your app must have an `LSApplicationQueriesSchemes` entry in your ***Info.plist*** alongside the `CFBundleURLTypes`. The sample comes with this included.

- ```xml

- <key>LSApplicationQueriesSchemes</key>

- <array>

- <string>msauthv2</string>

- <string>msauthv3</string>

- </array>

- ```

-### Sign in users & request tokens

-MSAL has two methods used to acquire tokens: `acquireToken` and `acquireTokenSilent`.

-#### acquireToken: Get a token interactively

-Some situations require users to interact with Microsoft identity platform. In these cases, the end user may be required to select their account, enter their credentials, or consent to your app's permissions. For example,

-* The first time users sign in to the application

-* If a user resets their password, they'll need to enter their credentials

-* When your application is requesting access to a resource for the first time

-* When MFA or other Conditional Access policies are required

-```swift

-let parameters = MSALInteractiveTokenParameters(scopes: kScopes, webviewParameters: self.webViewParamaters!)

-self.applicationContext!.acquireToken(with: parameters) { (result, error) in /* Add your handling logic */}

-```

-> |Where:| Description |

-> |||

-> | `scopes` | Contains the scopes being requested (that is, `[ "user.read" ]` for Microsoft Graph or `[ "<Application ID URL>/scope" ]` for custom web APIs (`api://<Application ID>/access_as_user`) |

-#### acquireTokenSilent: Get an access token silently

-Apps shouldn't require their users to sign in every time they request a token. If the user has already signed in, this method allows apps to request tokens silently.

-```swift

-self.applicationContext!.getCurrentAccount(with: nil) { (currentAccount, previousAccount, error) in

- guard let account = currentAccount else {

- return

- }

- let silentParams = MSALSilentTokenParameters(scopes: self.kScopes, account: account)

- self.applicationContext!.acquireTokenSilent(with: silentParams) { (result, error) in /* Add your handling logic */}

-}

-```

-> |Where: | Description |

-> |||

-> | `scopes` | Contains the scopes being requested (that is, `[ "user.read" ]` for Microsoft Graph or `[ "<Application ID URL>/scope" ]` for custom web APIs (`api://<Application ID>/access_as_user`) |

-> | `account` | The account a token is being requested for. This quickstart is about a single account application. If you want to build a multi-account app you'll need to define logic to identify which account to use for token requests using `accountsFromDeviceForParameters:completionBlock:` and passing correct `accountIdentifier` |

-## Next steps

-Move on to the step-by-step tutorial in which you build an iOS or macOS app that gets an access token from the Microsoft identity platform and uses it to call the Microsoft Graph API.

-> [!div class="nextstepaction"]

-> [Tutorial: Sign in users and call Microsoft Graph from an iOS or macOS app](tutorial-v2-ios.md)

-Verify any settings that might have been customized for your federation design and deployment documentation. Specifically, look for customizations in **PreferredAuthenticationProtocol**, [federatedIdpMfaBehavior](/graph/api/resources/federatedIdpMfaBehavior?view=graph-rest-beta&preserve-view=true), **SupportsMfa** (if **federatedIdpMfaBehavior** is not set), and **PromptLoginBehavior**.

-The following table explains the behavior for each option. For more information, see [federatedIdpMfaBehavior](/graph/api/resources/federatedIdpMfaBehavior?view=graph-rest-beta&preserve-view=true).

-* [Azure AD on Microsoft Q&A](/answers/topics/azure-active-directory.html)

-Now that single sign-on is working to your application, you could [Automate user provisioning and de-provisioning to SaaS applications](../app-provisioning/user-provisioning.md) or [get started with Conditional Access](../conditional-access/app-based-conditional-access.md).

-* [Integrating Azure Active Directory with applications getting started guide](plan-an-application-integration.md)

-* Try a step-wise code sample:[AD FS to Azure AD application migration playbook for developers](https://aka.ms/adfsplaybook).

-reviewer: napuri

-| IA-02(12)| **Accept and verify personal identity verification (PIV) credentials. This control isn't applicable if the customer doesn't deploy PIV credentials.**<p>Configure federated authentication by using Active Directory Federation Services (AD FS) to accept PIV (certificate authentication) as both primary and multifactor authentication methods and issue the multifactor authentication (MultipleAuthN) claim when PIV is used. Configure the federated domain in Azure AD with setting [federatedIdpMfaBehavior](/graph/api/resources/federatedIdpMfaBehavior?view=graph-rest-beta&preserve-view=true) to `enforceMfaByFederatedIdp` (recommended) or SupportsMfa to `$True` to direct multifactor authentication requests originating at Azure AD to AD FS. Alternatively, you can use PIV for sign-in on Windows devices and later use integrated Windows authentication along with seamless single sign-on. Windows Server and client verify certificates by default when used for authentication. <p>Resources<br><li>[What is federation with Azure AD?](../hybrid/whatis-fed.md)<br> <li>[Configure AD FS support for user certificate authentication](/windows-server/identity/ad-fs/operations/configure-user-certificate-authentication)<br> <li>[Configure authentication policies](/windows-server/identity/ad-fs/operations/configure-authentication-policies)<br> <li>[Secure resources with Azure AD multifactor authentication and AD FS](../authentication/howto-mfa-adfs.md)<br><li>[Set-MsolDomainFederationSettings](/powershell/module/msonline/set-msoldomainfederationsettings)<br> <li>[Azure AD Connect: Seamless single sign-on](../hybrid/how-to-connect-sso.md) |

-[Azure Monitor](../../../azure-monitor/overview.md) can collect data directly from your hybrid machines into a Log Analytics workspace for detailed analysis and correlation. Typically this would entail installing the [Log Analytics agent](../../../azure-monitor/agents/agents-overview.md#log-analytics-agent) on the machine using a script, manually, or automated method following your configuration management standards. Azure Arc-enabled servers recently introduced support to install the Log Analytics and Dependency agent [VM extensions](../manage-vm-extensions.md) for Windows and Linux, enabling [VM insights](../../../azure-monitor/vm/vminsights-overview.md) to collect data from your non-Azure VMs.

-This tutorial shows you how to configure and collect data from your Linux or Windows machines by enabling VM insights following a simplified set of steps, which streamlines the experience and takes a shorter amount of time.

-## Sign in to Azure portal

-Sign in to the [Azure portal](https://portal.azure.com).

-1. Launch the Azure Arc service in the Azure portal by clicking **All services**, then searching for and selecting **Machines - Azure Arc**.

- :::image type="content" source="./media/quick-enable-hybrid-vm/search-machines.png" alt-text="Search for Azure Arc-enabled servers in All Services" border="false":::

-1. On the **Machines - Azure Arc** page, select the connected machine you created in the [quickstart](quick-enable-hybrid-vm.md) article.

- :::image type="content" source="./media/tutorial-enable-vm-insights/insights-option.png" alt-text="Select Insights option from left-hand menu" border="false":::

-1. On the Azure Monitor **Insights Onboarding** page, you are prompted to create a workspace. For this tutorial, we don't recommend you select an existing Log Analytics workspace if you have one already. Select the default, which is a workspace with a unique name in the same region as your registered connected machine. This workspace is created and configured for you.

- :::image type="content" source="./media/tutorial-enable-vm-insights/enable-vm-insights.png" alt-text="Enable VM insights page" border="false":::

-1. You receive status messages while the configuration is performed. This process takes a few minutes as extensions are installed on your connected machine.

- :::image type="content" source="./media/tutorial-enable-vm-insights/onboard-vminsights-vm-portal-status.png" alt-text="Enable VM insights progress status message" border="false":::

- When it's complete, you get a message that the machine has been successfully onboarded and the insight has been successfully deployed.

-After the deployment and configuration is completed, select **Insights**, and then select the **Performance** tab. On the Performance tab, it shows a select group of performance counters collected from the guest operating system of your machine. Scroll down to view more counters, and move the mouse over a graph to view average and percentiles taken starting from the time when the Log Analytics VM extension was installed on the machine.

-Select **Map** to open the maps feature, which shows the processes running on the machine and their dependencies. Select **Properties** to open the property pane if it isn't already open.

-Expand the processes for your machine. Select one of the processes to view its details and to highlight its dependencies.

-Select your machine again and then select **Log Events**. You see a list of tables that are stored in the Log Analytics workspace for the machine. This list will be different depending whether you're using a Windows or Linux machine. Select the **Event** table. The **Event** table includes all events from the Windows event log. Log Analytics opens with a simple query to retrieve collected event log entries.

-To learn more about Azure Monitor, look at the following article:

- Get-AzureEnvironment -Name AzureUSGovernment

-The following map is displays [2016 census tracts for Colorado](https://github.com/Azure-Samples/AzureMapsCodeSamples/tree/master/AzureMapsCodeSamples/Common/data/geojson), colored by population.

-* Full source code for the [Simple Store Locator](https://github.com/Azure-Samples/AzureMapsCodeSamples/tree/master/AzureMapsCodeSamples/Tutorials/Simple%20Store%20Locator) on GitHub.

-* [Store location data](https://github.com/Azure-Samples/AzureMapsCodeSamples/tree/master/AzureMapsCodeSamples/Tutorials/Simple%20Store%20Locator/data) that you'll import into the store locator dataset.

-* The [Map images](https://github.com/Azure-Samples/AzureMapsCodeSamples/tree/master/AzureMapsCodeSamples/Tutorials/Simple%20Store%20Locator/images).

-The excel file containing the full dataset for the Contoso Coffee locator sample application can be downloaded from the [data](https://github.com/Azure-Samples/AzureMapsCodeSamples/tree/master/AzureMapsCodeSamples/Tutorials/Simple%20Store%20Locator/data) folder of the _Azure Maps code samples_ repository in GitHub.

-1. Download the Excel workbook [ContosoCoffee.xlsx](https://github.com/Azure-Samples/AzureMapsCodeSamples/tree/master/AzureMapsCodeSamples/Tutorials/Simple%20Store%20Locator/data) and Open it in Excel.

-9. If you haven't already, download the 10 [Map images](https://github.com/Azure-Samples/AzureMapsCodeSamples/tree/master/AzureMapsCodeSamples/Tutorials/Simple%20Store%20Locator/images) from the images directory in the GitHub Repository and add them to the *images* folder.

-After you finish, *https://docsupdatetracker.net/index.html* should look like [this example https://docsupdatetracker.net/index.html file](https://github.com/Azure-Samples/AzureMapsCodeSamples/blob/master/AzureMapsCodeSamples/Tutorials/Simple%20Store%20Locator/https://docsupdatetracker.net/index.html).

-* For the completed code used in this tutorial, see [Simple Store Locator](https://github.com/Azure-Samples/AzureMapsCodeSamples/tree/master/AzureMapsCodeSamples/Tutorials/Simple%20Store%20Locator) on GitHub.

-2. Download the [Sample Points of Interest](https://raw.githubusercontent.com/Azure-Samples/AzureMapsCodeSamples/master/AzureMapsCodeSamples/Common/data/geojson/SamplePoiDataSet.json) GeoJSON file.

-3. Drag and drop the [Sample Points of Interest](https://raw.githubusercontent.com/Azure-Samples/AzureMapsCodeSamples/master/AzureMapsCodeSamples/Common/data/geojson/SamplePoiDataSet.json) GeoJSON file into the assets folder.

-* For the completed code used in this tutorial, see [truckRoute.html](https://github.com/Azure-Samples/AzureMapsCodeSamples/blob/master/AzureMapsCodeSamples/Tutorials/truckRoute.html) on GitHub.

-You can obtain the full source code for the sample [here](https://github.com/Azure-Samples/AzureMapsCodeSamples/blob/master/AzureMapsCodeSamples/Tutorials/route.html). A live sample can be found [here](https://azuremapscodesamples.azurewebsites.net/?sample=Route%20to%20a%20destination).

-* For the completed code used in this tutorial, see [route.html](https://github.com/Azure-Samples/AzureMapsCodeSamples/blob/master/AzureMapsCodeSamples/Tutorials/route.html) on GitHub.

-* For the completed code used in this tutorial, see [search.html](https://github.com/Azure-Samples/AzureMapsCodeSamples/blob/master/AzureMapsCodeSamples/Tutorials/search.html) on GitHub.

-See [Query Basic Logs in Azure Monitor (Preview)](/logs/basic-logs-query.md) for details on query limitations and [Configure Basic Logs in Azure Monitor (Preview)](logs/basic-logs-configure.md) for more details about them.

-> Azure tables here refers to tables that are created and maintained by Microsoft and documented in the [Azure Monitor Reference](/azure/azure-monitor-reference). Custom tables are created by custom applications and have a suffix of *_CL* ion their name.

-1. Add the Container Monitoring solution to your Log Analytics workspace from [Azure Marketplace](https://azuremarketplace.microsoft.com/marketplace/apps/Microsoft.ContainersOMS?tab=Overview) or by using the process described in [Add monitoring solutions from the Solutions Gallery](../insights/solutions.md).

-You can have up to two active clusters per subscription per region. If the cluster is deleted, it is still reserved for 14 days. You can have up to four reserved clusters per subscription per region (active or recently deleted).

-| Microsoft.AppPlatform/Spring | [listTestKeys](/rest/api/azurespringcloud/services/listtestkeys) |

-description: Shows how to use access secrets in Azure Key Vault when deploying Managed Applications

-1. In the portal, select your Key Vault.

-1. Select **Access policies**.

- 

-1. Select **Click to show advanced access policies**.

- 

-1. Select **Enable access to Azure Resource Manager for template deployment**. Then, select **Save**.

- 

- "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",

- "description": "The name of the keyvault that contains the secret."

- "description": "The name of the resource group that contains the keyvault."

- "description": "The name of the subscription that contains the keyvault."

- "apiVersion": "2018-05-01",

- "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",

- "apiVersion": "2018-06-01-preview",

-* For information about passing a value from a Key Vault as a template parameter, see [Use Azure Key Vault to pass secure parameter value during deployment](../templates/key-vault-parameter.md).

-* For managed application examples, see [Sample projects for Azure managed applications](sample-projects.md).

-* To learn how to create a UI definition file for a managed application, see [Get started with CreateUiDefinition](create-uidefinition-overview.md).

-| Microsoft.AppPlatform/Spring | [listTestKeys](/rest/api/azurespringcloud/services/listtestkeys) |

-1. In the Azure portal, select **Create a resource** on the upper left. The **New** pane appears.

-1. Search for **Storage account** and select **Storage account - blob, file, table, queue** from the drop-down list. Then select **Create**:

-

- 

- | Setting | Value |

- | Project details > Resource group | Select **Create new** and use the name *CDNQuickstart-rg*. You can also use an existing resource group if you prefer. |

- | Instance details > Storage account name | Enter a name for the account using 3-24 lowercase letters and numbers only. The name must be unique across Azure, and becomes the host name in the URL that's used to address blob, queue, or table resources for the subscription. To address a container resource in Blob storage, use a URI in the following format: http://*&lt;storageaccountname&gt;*.blob.core.windows.net/*&lt;container-name&gt;*.

- | Instance details > Location | Select an Azure region near you from the drop-down list. |

- 

- | **Pricing tier** | Select one of the **Standard** options, such as **Standard Microsoft**. |

-From this page, you can enable additional CDN features for your delivery, such as [compression](cdn-improve-performance.md), [query string caching](cdn-query-string.md), and [geo filtering](cdn-restrict-access-by-country-region.md).

-> [Tutorial: Use CDN to serve static content from a web app](cdn-add-to-web-app.md)

->[!NOTE]

->The April Guest OS is currently being rolled out to Cloud Service VMs that are configured for automatic updates. When the rollout is complete, this version will be made available for manual updates through the Azure portal and configuration files. The following patches are included in the April Guest OS. This list is subject to change.

-| Rel 22-04 | [5012647] | Latest Cumulative Update(LCU) | 6.43 | Apr 12, 2022 |

-| Rel 22-04 | [5011486] | IE Cumulative Updates | 2.122, 3.109, 4.102 | Apr 12, 2022 |

-| Rel 22-04 | [5012604] | Latest Cumulative Update(LCU) | 7.11 | Apr 12, 2022 |

-| Rel 22-04 | [5012596] | Latest Cumulative Update(LCU) | 5.67 | Apr 12, 2022 |

-| Rel 22-04 | [5012138] | .NET Framework 3.5 Security and Quality Rollup | 2.122 | Apr 12, 2022 |

-| Rel 22-04 | [5012141] | .NET Framework 4.5.2 Security and Quality Rollup | 2.122 | Apr 12, 2022 |

-| Rel 22-04 | [5012139] | .NET Framework 3.5 Security and Quality Rollup | 4.102 | Apr 12, 2022 |

-| Rel 22-04 | [5012142] | .NET Framework 4.5.2 Security and Quality Rollup | 4.102 | Apr 12, 2022 |

-| Rel 22-04 | [5012136] | .NET Framework 3.5 Security and Quality Rollup | 3.109 | Apr 12, 2022 |

-| Rel 22-04 | [5012140] | . NET Framework 4.5.2 Security and Quality Rollup | 3.109 | Apr 12, 2022 |

-| Rel 22-04 | [5012128] | . NET Framework 3.5 and 4.7.2 Cumulative Update | 6.43 | Apr 12, 2022 |

-| Rel 22-04 | [5012123] | .NET Framework 4.8 Security and Quality Rollup | 7.11 | Apr 12, 2022 |

-| Rel 22-04 | [5012626] | Monthly Rollup | 2.122 | Apr 12, 2022 |

-| Rel 22-04 | [5012650] | Monthly Rollup | 3.109 | Apr 12, 2022 |

-| Rel 22-04 | [5012670] | Monthly Rollup | 4.102 | Apr 12, 2022 |

-| Rel 22-04 | [5013270] | Servicing Stack update | 3.109 | Apr 12, 2022 |

-| Rel 22-04 | [5012672] | Servicing Stack update | 4.102 | Apr 12, 2022 |

-| Rel 22-04 | [4578013] | Standalone Security Update | 4.102 | Aug 19, 2020 |

-| Rel 22-04 | [5011570] | Servicing Stack update | 5.67 | Mar 8, 2021 |

-| Rel 22-04 | [5011649] | Servicing Stack update | 2.122 | Mar 8, 2022 |

-| Rel 22-04 | [4494175] | Microcode | 5.67 | Sep 1, 2020 |

-| Rel 22-04 | [4494174] | Microcode | 6.43 | Sep 1, 2020 |

-| WA-GUEST-OS-7.9_202202-01 | March 2, 2022 | Post 7.11 |

-| WA-GUEST-OS-6.41_202202-01 | March 2, 2022 | Post 6.43 |

-| WA-GUEST-OS-5.65_202202-01 | March 2, 2022 | Post 5.67 |

-| WA-GUEST-OS-4.100_202202-01 | March 2, 2022 | Post 4.102 |

-| WA-GUEST-OS-3.107_202202-01 | March 2, 2022 | Post 3.109 |

-| WA-GUEST-OS-2.120_202202-01 | March 2, 2022 | Post 2.122 |

-* Use [codec-compressed audio formats](how-to-use-codec-compressed-audio-input-streams.md).

-* See the [quickstart samples](https://github.com/Azure-Samples/cognitive-services-speech-sdk/tree/master/quickstart) on GitHub.

-See more examples of standalone language identification on [GitHub](https://github.com/Azure-Samples/cognitive-services-speech-sdk/blob/master/samples/csharp/sharedcontent/console/standalone_language_detection_samples.cs).

-See more examples of standalone language identification on [GitHub](https://github.com/Azure-Samples/cognitive-services-speech-sdk/blob/master/samples/cpp/windows/console/samples/standalone_language_detection_samples.cpp).

-See more examples of standalone language identification on [GitHub](https://github.com/Azure-Samples/cognitive-services-speech-sdk/blob/master/samples/python/console/speech_language_detection_sample.py).

-See more examples of speech-to-text recognition with language identification on [GitHub](https://github.com/Azure-Samples/cognitive-services-speech-sdk/blob/master/samples/csharp/sharedcontent/console/translation_samples.cs).

-See more examples of speech-to-text recognition with language identification on [GitHub](https://github.com/Azure-Samples/cognitive-services-speech-sdk/blob/master/samples/cpp/windows/console/samples/speech_recognition_samples.cpp).

-See more examples of speech-to-text recognition with language identification on [GitHub](https://github.com/Azure-Samples/cognitive-services-speech-sdk/blob/master/samples/java/jre/console/src/com/microsoft/cognitiveservices/speech/samples/console/SpeechRecognitionSamples.java).

-See more examples of speech-to-text recognition with language identification on [GitHub](https://github.com/Azure-Samples/cognitive-services-speech-sdk/blob/master/samples/python/console/speech_sample.py).

-See more examples of speech translation with language identification on [GitHub](https://github.com/Azure-Samples/cognitive-services-speech-sdk/blob/master/samples/csharp/sharedcontent/console/translation_samples.cs).

-See more examples of speech translation with language identification on [GitHub](https://github.com/Azure-Samples/cognitive-services-speech-sdk/blob/master/samples/cpp/windows/console/samples/translation_samples.cpp).

-See more examples of speech translation with language identification on [GitHub](https://github.com/Azure-Samples/cognitive-services-speech-sdk/blob/master/samples/python/console/translation_sample.py).

-Azure Cosmos DB provides you the list of all the point in time restores for continuous mode that were performed on a Cosmos DB account using [Activity Logs](/azure-monitor/essentials/activity-log). Activity logs can be viewed for any Cosmos DB account from the **Activity Logs** page in the Azure portal. The Activity Log shows all the operations that were triggered on the specific account. When a point in time restore is triggered, it shows up as `Restore Database Account` operation on the source account as well as the target account. The Activity Log for the source account can be used to audit restore events, and the activity logs on the target account can be used to get the updates about the progress of the restore.

-The activity logs can also be accessed using Azure CLI or Azure PowerShell. For more information on activity logs, review [Azure Activity log - Azure Monitor](/azure-monitor/essentials/activity-log).

-> Your Azure Key Vault instance must be accessible through public network access. An instance that is only accessible through [private endpoints](../key-vault/general/private-link-service.md) cannot be used to host your customer-managed keys.

-

-description: Learn how to create a container in Azure Cosmos DB API for MongoDB by using Azure portal, .NET, Java, Node.js, and other SDKs.

-# Create a container in Azure Cosmos DB API for MongoDB

-This article explains the different ways to create a container in Azure Cosmos DB API for MongoDB. It shows how to create a container using Azure portal, Azure CLI, PowerShell, or supported SDKs. This article demonstrates how to create a container, specify the partition key, and provision throughput.

-This article explains the different ways to create a container in Azure Cosmos DB API for MongoDB. If you are using a different API, see [SQL API](../how-to-create-container.md), [Cassandra API](../cassandr) articles to create the container.

-> When creating containers, make sure you donΓÇÖt create two containers with the same name but different casing. ThatΓÇÖs because some parts of the Azure platform are not case-sensitive, and this can result in confusion/collision of telemetry and actions on containers with such names.

-## Create a container using Azure Resource Manager templates

- * If you know typical request rates for your current database workload, read about [estimating request units using Azure Cosmos DB capacity planner](estimate-ru-capacity-planner.md)

- Returns a Boolean value indicating if the type of the specified expression is a number.

- Is any expression.

- Returns a Boolean expression.

- The following example checks objects of JSON Boolean, number, string, null, object, array, and undefined types using the `IS_NUMBER` function.

- IS_NUMBER(true) AS isNum1,

- IS_NUMBER(1) AS isNum2,

- IS_NUMBER("value") AS isNum3,

- IS_NUMBER(null) AS isNum4,

- IS_NUMBER({prop: "value"}) AS isNum5,

- IS_NUMBER([1, 2, 3]) AS isNum6,

- IS_NUMBER({prop: "value"}.prop2) AS isNum7

-

- Here is the result set.

-[{"isNum1":false,"isNum2":true,"isNum3":false,"isNum4":false,"isNum5":false,"isNum6":false,"isNum7":false}]

- > For Sovereign clouds, you must use the appropriate cloud-specific constants. Please refer to [Connect to all regions using Azure libraries for Python Multi-cloud | Microsoft Docs for instructions to connect with Python in Sovereign clouds.](/azure/developer/python/azure-sdk-sovereign-domain)

- `sudo mkdir /<backup_folder_name_on_server>`

- `sudo chmod 777 /<backup_folder_name_on_server>/`

- `sudo nano /etc/fstab`

- `add - //<server_IP>/<folder_path> /<backup_folder_name_on_cyberx_server> cifs rw,credentials=/etc/samba/user,vers=3.0,uid=cyberx,gid=cyberx,file_mode=0777,dir_mode=0777 0 0`

- `sudo nano /etc/samba/user`

- `username=<user name>`

- `password=<password>`

- `sudo mount -a`

- `sudo nano /var/cyberx/properties/backup.properties`

-* Private Link: If you connect to a [private endpoint](../private-link/private-link-overview.md) in your virtual network from your on-premises network, the connection will go through the virtual network gateway.

-**Private Link** - Private Link traffic sent over ExpressRoute FastPath will bypass the ExpressRoute virtual network gateway in the data path.

-### FastPath and Private Link

-With FastPath and Private Link, Private Link traffic sent over ExpressRoute bypassess the ExpressRoute virtual network gateway in the data path.

-Learn about the [Workflow Definition Language](../logic-apps/logic-apps-workflow-definition-language.md)

-* Built-in support for Azure Monitor and Azure Data Explorer

-Here are good resources to deepen your knowledge.

-* See a more detailed [illustration](tutorial-shard.md) of distributed query

- execution.

-* Scale your server group by [adding

- nodes](howto-scale-grow.md#add-worker-nodes) and [rebalancing

- shards](howto-scale-rebalance.md).

-This guide shows you how to use blobfuse, and mount a Blob storage container on Linux and access data. To learn more about blobfuse, read the details in [the blobfuse repository](https://github.com/Azure/azure-storage-fuse).

->

-```

-```bash

-The following example creates a ramdisk of 16 GB and a directory for blobfuse. Choose the size based on your needs. This ramdisk allows blobfuse to open files up to 16 GB in size.

-### Configure your storage account credentials

-Blobfuse requires your credentials to be stored in a text file in the following format:

-```

-The `accountName` is the prefix for your storage account - not the full URL.

-```

-touch ~/fuse_connection.cfg

-chmod 600 ~/fuse_connection.cfg

-> If you have created the configuration file on Windows, make sure to run `dos2unix` to sanitize and convert the file to Unix format.

->

-sudo blobfuse ~/mycontainer --tmp-path=/mnt/resource/blobfusetmp --config-file=/path/to/fuse_connection.cfg -o attr_timeout=240 -o entry_timeout=240 -o negative_timeout=120

-| |**Cirrus Data**<br>Cirrus Data Solutions is a block storage data migration solution for both on-premises and cloud environments. An end-to-end approach allows you to migrate your data from on-premises to the cloud, between storage tiers within the cloud, and seamlessly migrate between public clouds. |[Partner Page](https://www.cirrusdata.com/cloud-migration/)<br>[Azure Marketplace](https://azuremarketplace.microsoft.com/marketplace/apps/cirrusdatasolutionsinc1618222951068.cirrusdata?tab=Overview)|

- | **Users** | You can control access to the subnet by using built-in roles or your own custom roles. To learn more about assigning roles and users to access the subnet, see [Assign Azure roles](../role-based-access-control/role-assignments-portal.md?toc=%2fazure%2fvirtual-network%2ftoc.json). |

-This article helps you upgrade a virtual WAN that was created using the Basic SKU, to the Standard SKU. When you have a **Basic** virtual WAN type, all hubs within the virtual WAN are configured as Basic SKU hubs. In a Basic SKU hub, you're limited to site-to-site VPN functionality only.

-When you upgrade to a **Standard** virtual WAN SKU type, it updates all the hubs within the virtual WAN to Standard SKU hubs. When you use Standard hubs, you can enable ExpressRoute, point-to-site (User VPN), a full mesh hub, and VNet-to-VNet transit through the Azure hubs.

-## <a name = "upgrade"></a>To upgrade the SKU type

-1. Once the change has been saved, your virtual WAN and the hubs within it are updated to the Standard SKU type.