-| Custom policy deployment | Azure AD B2C relies on caching to deliver performance to your end users. When you deploy a custom policy using whatever method, expect a delay of up to **30 minutes** for your users to see the changes. As a result of this behavior, consider the following practices when you deploy your custom policies: <br> - If you're deploying to a development environment, set the `DeploymentMode` attribute to `Development` in your custom policy file's `<TrustFrameworkPolicy>` element. <br> - Deploy your updated policy files to a production environment when traffic in your app is low. <br> - When you deploy to a production environment to update existing policy files, upload the updated files with new name(s), and then update your app reference to the new name(s). You can then remove the old policy files afterwards.<br> - You can set the `DeploymentMode` to `Development` in a production environment to bypass the caching behavior. However, we don't recommend this practice. If you [Collect Azure AD B2C logs with Application Insights](troubleshoot-with-application-insights.md), all claims sent to and from identity providers are collected, which is a security and performance risk. |

-|duration|Represents a time interval in years, months, days, hours, minutes, and seconds. The format of is `PnYnMnDTnHnMnS`, where `P` indicates positive, or `N` for negative value. `nY` is the number of years followed by a literal `Y`. `nMo` is the number of months followed by a literal `Mo`. `nD` is the number of days followed by a literal `D`. Examples: `P21Y` represents 21 years. `P1Y2Mo` represents one year, and two months. `P1Y2Mo5D` represents one year, two months, and five days. `P1Y2M5DT8H5M620S` represents one year, two months, five days, eight hours, five minutes, and twenty seconds. |

-|TextBox |`boolean`, `int`, `string` |Single-line text box. |

-1. For **Public access level**, select **Blob**.

- authority: b2cPolicies.authorities.signUpSignIn,

- <LocalizedString ElementType="UxElement" StringId="email_pattern">^[a-zA-Z0-9.!#$%&amp;'^_`{}~-]+@[a-zA-Z0-9-]+(?:\.[a-zA-Z0-9-]+)*$</LocalizedString>

-| `email_pattern` | ```^[a-zA-Z0-9.!#$%&''\*+/=?^\_\`{\|}~-]+@[a-zA-Z0-9-]+(?:\\.[a-zA-Z0-9-]+)\*$``` | `< 2.0.0` |

-1. If it doesn't already exist, add a `<UserJourneyBehaviors>` child node to the `<RelyingParty>` node. It must be located after `<DefaultUserJourney ReferenceId="UserJourney Id" from your extensions policy, or equivalent (for example:SignUpOrSigninWithAAD" />`.

-Multifactor authentication (MFA) is important to securing your infrastructure and assets from bad actors. Azure AD Multi-Factor Authentication Server (MFA Server) isnΓÇÖt available for new deployments and will be deprecated. Customers who are using MFA Server should move to using cloud-based Azure Active Directory (Azure AD) Multi-Factor Authentication.

-|MFA provider | Change MFA provider from MFA Server to Azure AD Multi-Factor Authentication. | Change MFA provider from MFA Server to Azure AD Multi-Factor Authentication. | Change MFA provider from MFA Server to Azure AD Multi-Factor Authentication. |

-If you canΓÇÖt move your user authentication, see the step-by-step guidance for [Moving to Azure AD Multi-Factor Authentication with federation](how-to-migrate-mfa-server-to-azure-mfa-with-federation.md).

-MicrosoftΓÇÖs MFA server can be integrated with many systems, and you must evaluate how these systems are using MFA Server to understand the best ways to integrate with Azure AD Multi-Factor Authentication.

-A preview of **Report Suspicious Activity**, the updated MFA **Fraud Alert** feature, is now available. When an unknown and suspicious MFA prompt is received, users can report the fraud attempt by using Microsoft Authenticator or through their phone. These alerts are integrated with [Identity Protection](../identity-protection/overview-identity-protection.md) for more comprehensive coverage and capability.

-To enable **Report Suspicious Activity** from the Authentication Methods Settings:

-1. Set **Report Suspicious Activity** to **Enabled**.

-**Report Suspicious Activity** and the legacy **Fraud Alert** implementation can operate in parallel. You can keep your tenant-wide **Fraud Alert** functionality in place while you start to use **Report Suspicious Activity** with a targeted test group.

-If **Fraud Alert** is enabled with Automatic Blocking, and **Report Suspicious Activity** is enabled, the user will be added to the blocklist and set as high-risk and in-scope for any other policies configured. These users will need to be removed from the blocklist and have their risk remediated to enable them to sign in with MFA.

-Azure Active Directory (Azure AD) supports the SAML 2.0 web browser single sign-out profile. For single sign-out to work correctly, the **LogoutURL** for the application must be explicitly registered with Azure AD during application registration. If the app is [added to the Azure App Gallery](../manage-apps/v2-howto-app-gallery-listing.md) then this value can be set by default. Otherwise, the value must be determined and set by the person adding the app to their Azure AD tenant. Azure AD uses the LogoutURL to redirect users after they're signed out.

-Azure AD supports redirect binding (HTTP GET), and not HTTP POST binding.

-> During SAML logout request, the `NameID` value is not considered by Azure Active Directory.

-> If a single user session is active, Azure Active Directory will automatically select that session and the SAML logout will proceed.

-> If multiple user sessions are active, Azure Active Directory will enumerate the active sessions for user selection. After user selection, the SAML logout will proceed.

- <Issuer xmlns="urn:oasis:names:tc:SAML:2.0:assertion">https://sts.windows.net/82869000-6ad1-48f0-8171-272ed18796e9/</Issuer>

-Azure AD sets this value to `https://login.microsoftonline.com/<TenantIdGUID>/` where \<TenantIdGUID> is the tenant ID of the Azure AD tenant.

-To evaluate the value of the `Issuer` element, use the value of the **App ID URI** provided during application registration.

-| `response_type` | Required | Must include `code` for OpenID Connect sign-in. |

-With the Azure Active Directory (Azure AD) **Usage and insights** reports, you can get an application-centric view of your sign-in data. Usage & insights also includes a report on authentication methods activity. You can find answers to the following questions:

-* What are the top used applications in my organization?

-* What applications have the most failed sign-ins?

-* What are the top sign-in errors for each application?

-This article provides an overview of three reports that look sign-in data.

-## Access Usage & insights

-Accessing the data from Usage and insights requires:

-* A user in the Global Administrator, Security Administrator, Security Reader, or Reports Reader roles.

-To access Usage & insights:

-The **Usage & insights** report is also available from the **Enterprise applications** area of Azure AD. All users can access their own sign-ins at the [My Sign-Ins portal](https://mysignins.microsoft.com/security-info).

-## View the Usage & insights reports

-There are currently three reports available in Azure AD Usage & insights. All three reports use sign-in data to provide helpful information an application usage and authentication methods.

-### Azure AD application activity (preview)

-Select the **View sign in activity** link for an application to view more details. The sign-in graph per application counts interactive user sign-ins. The details of any sign-in failures appears below the table.

-Select a day in the application usage graph to see a detailed list of the sign-in activities for the application. This detailed list is actually the sign-in log with the filter set to the selected application and date.

-### AD FS application activity

-### Authentication methods activity

-## Microsoft does not provide technical support for the following examples

-If your migration included a custom domain suffix, for App Service Environment v3, the custom domain will no longer be shown in the **Essentials** section of the **Overview** page of the portal as it is for App Service Environment v1/v2. Instead, for App Service Environment v3, go to the **Custom domain suffix** page where you can confirm your custom domain suffix is configured correctly. You can also remove the configuration if you no longer need it or configure one if you didn't have one previously.

-Application Gateway v1 is built on some legacy components and customers have deployed the gateways in many different ways which makes the one click seamless migration a near impossible goal to achieve. Hence customer involvement is required for migration.

-1. Join the Partner Network - ItΓÇÖs a requirement for publishing but easy to sign up. Instructions are located here: [Ensure you have a MPN ID and Partner Center Account](../../marketplace/create-account.md#create-a-partner-center-account-and-enroll-in-the-commercial-marketplace).

- * Are you a partner and want to join our program? Fill out the [form](https://aka.ms/partnerazcl).

- * Learn more about [Azure Blueprints](../../governance/blueprints/overview.md) and review [samples](../../governance/blueprints/samples/index.md).

- * To learn how Azure Blueprints help you when using Azure Policy review the [blog post](https://azure.microsoft.com/blog/new-azure-blueprint-simplifies-compliance-with-nist-sp-800-53/).

-Review the documentation above. If you are still facing issues reach out to [Azure Government Partner Inquiries](mailto:azgovpartinf@microsoft.com).

-Once you have onboarded and are ready to create your first customer, make sure to review [Resources for building your Government CSP practice](https://devblogs.microsoft.com/azuregov/resources-for-building-your-government-csp-practice/). If you have any more questions, contact the [Azure Government CSP program](mailto:azgovcsp@microsoft.com).

-The following code shows how the events in the Drawing Tools module work. Draw shapes on the map and watch as the events fire.

-<br/>

-<br/>

-<br/>

-<br/>

-<br/>

->From April 14, 2023, System Center Operations Manager versions lower than [2019 UR3](/system-center/scom/release-build-versions?view=sc-om-2019#agents&preserve-view=true) will stop sending data to Log Analytics workspaces. Ensure that your agents are on System Center Operations Manager Agent version 10.19.10177.0 ([2019 UR3](/system-center/scom/release-build-versions?view=sc-om-2019#agents&preserve-view=true) or later) or 10.22.10056.0 ([2022 RTM](/system-center/scom/release-build-versions?view=sc-om-2022#agents&preserve-view=true)) and that the System Center Operations Manager Management Group version is the System Center Operations Manager 2022 and 2019 UR3 or later version.

-1. (Optional) If you've configured action groups for this alert rule, you can add custom properties in key:value pairs to add more information to the alert notification payload in the <a name="custom-props">**Custom properties**</a> section. Add the property **Name** and **Value** for the custom property you want included in the payload.

- The format for extracting values from the [common schema](alerts-common-schema.md), use a "$", and then the path of the common schema field inside curly brackets. For example: `${data.essentials.monitorCondition}`.

- This example creates an "Additional Details" tag with data about the "evaluation window start time" and "evaluation window end time".

- This example adds data about the reason the alert was fired or resolved.

-app('Contoso-app1').requests,

-app('Contoso-app2').requests,

-workspace('Contoso-workspace1').Perf

-> [Cross-resource queries](../logs/cross-workspace-query.md) are supported in the new [scheduledQueryRules API](/rest/api/monitor/scheduledqueryrule-2021-08-01/scheduled-query-rules). If you still use the [legacy Log Analytics Alert API](./api-alerts.md) for creating log alerts, see [Upgrade legacy rules management to the current Azure Monitor Log Alerts API](/previous-versions/azure/azure-monitor/alerts/alerts-log-api-switch) to learn about switching.

-The proxy can be deployed with custom templates using release image or as helm chart. Both deployments contain the same customizable parameters. These parameters are described in the [Parameters](#parameters) table.

- image: mcr.microsoft.com/azuremonitor/auth-proxy/prod/aad-auth-proxy/images/aad-auth-proxy:aad-auth-proxy-0.1.0-main-04-11-2023-623473b0

- --version 0.1.0 \

- - url: "http://azuremonitor-ingestion.observability.svc.cluster.local/dataCollectionRules/dcr-abc123d987e654f3210abc1def234567/streams/ Microsoft-PrometheusMetrics/api/v1/write?api-version=2021-11-01-preview"

-* The number of Application Insights resources and Log Analytics workspaces that you can include in a single query is limited to 100.

-* Cross-resource queries in log alerts are only supported in the current [scheduledQueryRules API](/rest/api/monitor/scheduledqueryrule-2018-04-16/scheduled-query-rules). If you're using the legacy Log Analytics Alerts API, you'll need to [switch to the current API](/previous-versions/azure/azure-monitor/alerts/alerts-log-api-switch).

-You can identify a workspace in one of several ways:

-* **Azure Resource ID**: This ID is the Azure-defined unique identity of the workspace. You use the Resource ID when the resource name is ambiguous. For workspaces, the format is */subscriptions/subscriptionId/resourcegroups/resourceGroup/providers/microsoft.OperationalInsights/workspaces/workspaceName*.

-You can identify an application in Application Insights with the `app(Identifier)` expression. The `Identifier` argument specifies the app by using one of the following IDs:

-* **Azure Resource ID**: This ID is the Azure-defined unique identity of the app. You use the resource ID when the resource name is ambiguous. The format is */subscriptions/subscriptionId/resourcegroups/resourceGroup/providers/microsoft.OperationalInsights/components/componentName*.

-Example for a query across two workspaces:

- workspace("").Update, workspace("00000000-0000-0000-0000-000000000000").Update

-When you use cross-resource queries to correlate data from multiple Log Analytics workspaces and Application Insights resources, the query can become complex and difficult to maintain. You should make use of [functions in Azure Monitor log queries](./functions.md) to separate the query logic from the scoping of the query resources. This method simplifies the query structure. The following example demonstrates how you can monitor multiple Application Insights resources and visualize the count of failed requests by application name.

-Create a query like the following example that references the scope of Application Insights resources. The `withsource= SourceApp` command adds a column that designates the application name that sent the log. [Save the query as a function](./functions.md#create-a-function) with the alias `applicationsScoping`.

-// crossResource function that scopes my Application Insights resources

-When a Log Analytics workspace is linked to a dedicated cluster, new data ingested to the workspace, is routed to the cluster while existing data remains in the existing Log Analytics cluster. If the dedicated cluster is configured with customer-managed keys (CMK), new ingested data is encrypted with your key. The system abstracts the data location, you can query data as usual while the system performs cross-cluster queries in the background.

-You can unlink a workspace from a cluster at any time. The workspace pricing tier is changed to per-GB, data ingested to cluster before the unlink operation remains in the cluster, and new data to workspace get ingested to Log Analytics.

- ``

-* `Silence` event type will not be added to the closed captions

-* Maximum duration to show an event I 5 seconds

-* Minimum timer duration to show an event is 700 milliseconds

-Once the relevant permissions are set to the vault and the disk, and the vault and policy are configured, we can prepare the request to configure backup. The following is the request body to configure backup for an Azure Disk. The Azure Resource Manager ID (ARM ID) of the Azure Disk and its details are mentioned in the _datasourceinfo_ section and the policy information is present in the _policyinfo_ section where the snapshot resource group is provided as one of the policy parameters.

-#### Example request body

-It returns two responses: 202 (Accepted) when another operation is created and then 200 (OK) when that operation completes.

-##### Example responses for validate backup request

-###### Error response

-###### Tracking response

-It returns two responses: 202 (Accepted) when another operation is created, and then 200 (OK) when that operation completes.

-* [Real-time speech to text](https://aka.ms/speechstudio/speechtotexttool): Quickly test speech to text by dragging audio files here without having to use any code. This is a demo tool for seeing how speech to text works on your audio samples. To explore the full functionality, see [What is speech to text?](speech-to-text.md).

-zone_pivot_groups: acs-plat-ios-android

-zone_pivot_groups: acs-web-ios-android

-[Call recording](../../concepts/voice-video-calling/call-recording.md), lets your users record their calls made with Azure Communication Services. Here we'll learn how to manage recording on the client side. Before this can work you will need to setup [server side](../../quickstarts/voice-video-calling/call-recording-sample.md) recording.

-1. Install notation v1.0.0-rc.5 on a Linux environment. You can also download the package for other environments by following the [Notation installation guide](https://notaryproject.dev/docs/installation/cli/).

- curl -Lo notation.tar.gz https://github.com/notaryproject/notation/releases/download/v1.0.0-rc.5/notation_1.0.0-rc.5_linux_amd64.tar.gz

-2. Install the notation Azure Key Vault plugin for remote signing and verification.

- https://github.com/Azure/notation-azure-kv/releases/download/v0.6.0/notation-azure-kv_0.6.0_Linux_amd64.tar.gz

-You can filter the output either by using a regular SQL `WHERE` clause, or by using the `prefix` parameter of the `blob_list` UDF. The latter will filter the returned rows on the Azure Blob Storage side.

-The `COPY` command is convenient, but limited in flexibility. Internally COPY uses the `blob_get` function, which you can use directly to manipulate data in much more complex scenarios.

-Learn how to create a [real-time dashboard](tutorial-design-database-realtime.md) with Azure Cosmos DB for PostgreSQL.

-### Red Hat Enterprise Linux

-Azure portal marketplace names:

-[Check Red Hat Enterprise Linux meters that the plan applies to](https://phoenixnap.com/kb/how-to-check-redhat-version)

-1. Billing administrators can take ownership of a reservation by selecting one or multiple reservations, selecting **Grant access** and selecting **Grant access** in the window that appears.

-## Container registry vulnerability assessment

-| Required roles & permissions | Subscription Owner / Contributor |

-When you enable the Servers plan on the subscription level, Defender for Cloud will enable the Servers plan on your default workspaces automatically. Connect to the default workspace by selecting **Connect Azure VMs to the default workspace(s) created by Defender for Cloud** option and selecting **Apply**.

-However, if you're using a custom workspace in place of the default workspace, you'll need to enable the Servers plan on all of your custom workspaces that don't have it enabled.

-If you're using a custom workspace and enable the plan on the subscription level only, the `Microsoft Defender for servers should be enabled on workspaces` recommendation will appear on the Recommendations page. This recommendation will give you the option to enable the servers plan on the workspace level with the Fix button. You're charged for all VMs in the subscription even if the Servers plan isn't enabled for the workspace. The VMs won't benefit from features that depend on the Log Analytics workspace, such as Microsoft Defender for Endpoint, VA solution (MDVM/Qualys), and Just-in-Time VM access.

-You'll get 500-MB free data ingestion per day, for every VM connected to the workspace. Specifically for the [security data types](#what-data-types-are-included-in-the-500-mb-data-daily-allowance) that are directly collected by Defender for Cloud.

-This data is a daily rate averaged across all nodes. Your total daily free limit is equal to **[number of machines] x 500 MB**. So even if some machines send 100 MB and others send 800 MB, if the total doesn't exceed your total daily free limit, you won't be charged extra.

-1. Sign in to the [Azure portal](https://portal.azure.com).

-1. Sign in to the [Azure portal](https://portal.azure.com).

->

-> | UsNat | EXE | usnateast |

-> | UsNat | EXW | usnatwest |

-> | UsGov | FF | usgovvirginia |

-> | China | MC | ChinaEast2 |

-> | UsGov | PHX | usgovarizona |

-> | UsSec | RXE | usseceast |

-> | UsSec | RXW | ussecwest |

-# Tutorial: Protect your resources with Microsoft Defender for Cloud

-For additional information on supported operating systems, or to request access to the source code so you can incorporate it as a part of the device's firmware, contact your account manager, or send an email to <defender_micro_agent@microsoft.com>.

-> Versions 22.2.x of the sensor are incompatible with Hyper-V. Until the issue has been resolved, we recommend using either version 22.3.x or 22.1.7.

-> [!NOTE]

-> There is no need to pre-install an operating system on the VM, the sensor installation includes the operating system image.

-| **Bogota** | [Equinix BG1](https://www.equinix.com/locations/americas-colocation/colombia-colocation/bogota-data-centers/bg1/) | 4 | n/a | Supported | CenturyLink Cloud Connect, Equinix |

-| **Busan** | [LG CNS](https://www.lgcns.com/en/business/cloud/datacenter/) | 2 | Korea South | n/a | LG CNS |

-| **Berlin** | [NTT GDC](https://www.e-shelter.de/en/location/berlin-1-data-center) | 1 | Germany North | Supported | Colt, Equinix, NTT Global DataCenters EMEA|

-| **Bogota** | [Equinix BG1](https://www.equinix.com/locations/americas-colocation/colombia-colocation/bogota-data-centers/bg1/) | 4 | n/a | Supported | Cirion Technologies, Equinix |

-| **Dublin2** | [Interxion DUB2](https://www.interxion.com/locations/europe/dublin) | 1 | North Europe | Supported | Interxion |

-| **Frankfurt** | [Interxion FRA11](https://www.digitalrealty.com/data-centers/emea/frankfurt) | 1 | Germany West Central | Supported | AT&T NetBond, British Telecom, CenturyLink Cloud Connect, China Unicom Global, Colt, DE-CIX, Equinix, euNetworks, GBI, GEANT, InterCloud, Interxion, Megaport, NTT Global DataCenters EMEA, Orange, Telia Carrier, T-Systems |

-| **Frankfurt** | [Interxion FRA11](https://www.interxion.com/Locations/frankfurt/) | 1 | Germany West Central | Supported | AT&T NetBond, British Telecom, CenturyLink Cloud Connect, China Unicom Global, Colt, DE-CIX, Equinix, euNetworks, GBI, GEANT, InterCloud, Interxion, Megaport, NTT Global DataCenters EMEA, Orange, Telia Carrier, T-Systems, Verizon, Zayo |

-| **Montreal** | Cologix| Airgate Technologies, Inc. Aptum Technologies, Rogers, Zirro |

-| **[Oncore Cloud Service Inc](https://www.oncore.cloud/services/ue-for-expressroute)**| Equinix | Toronto |

-# Choosing the right Azure Firewall SKU to meet your needs

-To deploy a Basic Firewall, see [Deploy and configure Azure Firewall Basic and policy using the Azure portal](deploy-firewall-basic-portal-policy.md).

-* Internal load balancers

-Jobs are initiated by the solution back end and maintained by IoT Hub. You can initiate a job through a service-facing URI (`PUT https://<iot hub>/jobs/v2/<jobID>?api-version=2021-04-12`) and query for progress on an executing job through a service-facing URI (`GET https://<iot hub>/jobs/v2/<jobID?api-version=2021-04-12`). To refresh the status of running jobs once a job is initiated, run a job query.

-\* NAT rules are associated with a specific virtual-machine instance behind the load balancer. The network traffic that arrives on port 3389 is sent to the specific virtual machine and port that's associated with the NAT rule. You must specify a protocol (UDP or TCP) for a NAT rule. You cannot assign both protocols to the same port.

-In this scenario you will create the following Azure resources:

- For this example, we are going to use the TCP probes.

- Explain best model | Select to enable or disable, in order to show explanations for the recommended best model. <br> This functionality is not currently available for [certain forecasting algorithms](../how-to-machine-learning-interpretability-automl.md#interpretability-during-training-for-the-best-model).

-* [Azure Machine Learning Algorithm Cheat Sheet](../algorithm-cheat-sheet.md)

-Currently **Train Model** component supports [using interpretability package to explain ML models](../how-to-machine-learning-interpretability-aml.md#generate-feature-importance-values-via-remote-runs). Following built-in algorithms are supported:

-To learn more about using model explanations in Azure Machine Learning, refer to the how-to article about [Interpret ML models](../how-to-machine-learning-interpretability-aml.md#generate-feature-importance-values-via-remote-runs).

-For guidance on choosing algorithms for your solutions, see the [Machine Learning Algorithm Cheat Sheet](./algorithm-cheat-sheet.md?WT.mc_id=docs-article-lazzeri).

-

-> * When you enable DNN for experiments created with the SDK, [best model explanations](how-to-machine-learning-interpretability-automl.md) are disabled.

-* Learn about [Interpretability: model explanations in automated machine learning (preview)](how-to-machine-learning-interpretability-automl.md).

-|`"mode": 'auto'`| Indicates that as part of preprocessing, [data guardrails and featurization steps](how-to-configure-auto-features.md#featurization) are performed automatically. **Default setting**.|

-* To get a featurization summary and understand what features were added to a particular model, see [Featurization transparency](how-to-configure-auto-features.md#featurization-transparency).

-> For information on logging metrics in Azure Machine Learning designer, see [How to log metrics in the designer](how-to-track-designer-experiments.md).

-When you're using machine learning models in ways that affect peopleΓÇÖs lives, it's critically important to understand what influences the behavior of models. Interpretability helps answer questions in scenarios such as:

-* Human-AI collaboration: How can I understand and trust the modelΓÇÖs decisions?

-The interpretability component of the [Responsible AI dashboard](concept-responsible-ai-dashboard.md) contributes to the ΓÇ£diagnoseΓÇ¥ stage of the model lifecycle workflow by generating human-understandable descriptions of the predictions of a machine learning model. It provides multiple views into a modelΓÇÖs behavior:

-* Local explanations: For example, why was a customerΓÇÖs loan application approved or rejected?

-* Determine how trustworthy your AI systemΓÇÖs predictions are by understanding what features are most important for the predictions.

-* Build user trust in your modelΓÇÖs decisions by generating local explanations to illustrate their outcomes.

-| D-RISE | D-RISE is a model agnostic method for creating visual explanations for the predictions of object detection models. By accounting for both the localization and categorization aspects of object detection, D-RISE can produce saliency maps that highlight parts of an image that most contribute to the prediction of the detector. Unlike gradient-based methods, D-RISE is more general and doesn't need access to the inner workings of the object detector; it only requires access to the inputs and outputs of the model. The method can be applied to one-stage detectors (for example, YOLOv3), two-stage detectors (for example, Faster-RCNN), and Vision Transformers (for example, DETR, OWL-ViT). <br> D-Rise provides the saliency map by creating random masks of the input image and will send it to the object detector with the random masks of the input image. By assessing the change of the object detectorΓÇÖs score, it aggregates all the detections with each mask and produce a final saliency map. | Model Agnostic | Object Detection |

-* Learn how to enable [interpretability for automated machine learning models](how-to-machine-learning-interpretability-automl.md).

-If you accidentally deleted your workspace, are still able to retrieve your notebooks. For more information, see the [workspace deletion](./how-to-high-availability-machine-learning.md#workspace-deletion) section of the disaster recovery article.

-If you accidentally deleted your workspace, you may still be able to retrieve your notebooks. For details, see [Failover for business continuity and disaster recovery](./how-to-high-availability-machine-learning.md#workspace-deletion).

-The data asset created in the workspace can be shared to a registry. From the registry, it can be used in multiple workspaces. You can also change the name and version when sharing the data from workspace to registry. Sharing a data asset from a workspace to a registry uses the `--path` parameter to reference the data asset to be shared. Valid path formats are:

-* `azureml://subscriptions/<subscription-id>/resourcegroup/<resource-group-name>/data/<data-asset-name>/versions/<version-number>`

-* `azureml://resourcegroup/<resource-group-name>/data/<data-asset-name>/versions/<version-number>`

-* `azureml://data/<data-asset-name>/versions/<version-number>`

-The following example demonstrates using the `--path` parameter to share a data asset. Replace `<registry-name>` with the name of the registry that the data will be shared to. Replace `<resourceGroupName>` with the name of the resource group that contains the Azure Machine Learning workspace where the data asset is registered:

-az ml data create --registry-name <registry-name> --path azureml://resourcegroup/<resourceGroupName>/data/local-folder-example-titanic/versions/1

-```python

-# Fetch the data from the workspace

-data_in_workspace = ml_client_workspace.data.get(name="titanic-dataset", version="1")

-print("data from workspace:\n\n", data_in_workspace)

-# Change the format to one that the registry understands:

-# Note the asset ID when printing the `data_ready_to_copy` object.

-data_ready_to_copy = ml_client_workspace.data._prepare_to_copy(data_in_workspace)

-print("\n\ndata ready to copy:\n\n", data_ready_to_copy)

-# Copy the data from the workspace to the registry

-ml_client_registry.data.create_or_update(data_ready_to_copy).wait()

-For a code first experience, see how to set up [model explanations for automated ML experiments with the Azure Machine Learning Python SDK](how-to-machine-learning-interpretability-automl.md).

- Explain best model | Select to enable or disable, in order to show explanations for the recommended best model. <br> This functionality is not currently available for [certain forecasting algorithms](how-to-machine-learning-interpretability-automl.md#interpretability-during-training-for-the-best-model).

-The model explanations dashboard provides an overall analysis of the trained model along with its predictions and explanations. It also lets you drill into an individual data point and its individual feature importance. [Learn more about the explanation dashboard visualizations](how-to-machine-learning-interpretability-aml.md#visualizations).

-See how to [enable interpretability features](../how-to-machine-learning-interpretability-automl.md) specifically within automated ML experiments.

-For information on logging metrics in Azure Machine Learning designer, see [How to log metrics in the designer](../how-to-track-designer-experiments.md)

-For more information on the explanation dashboard visualizations and specific plots, please refer to the [how-to doc on interpretability](../how-to-machine-learning-interpretability-aml.md).

-If you accidentally deleted your workspace, are still able to retrieve your notebooks. For more information, see the [workspace deletion](../how-to-high-availability-machine-learning.md#workspace-deletion) section of the disaster recovery article.

-If you accidentally deleted your workspace, you may still be able to retrieve your notebooks. For details, see [Failover for business continuity and disaster recovery](../how-to-high-availability-machine-learning.md#workspace-deletion).

-| France South | 40.79.177.0 | | |

-This article answers common questions about assessments in Azure Migrate. If you've other questions, check these resources:

-You can discover up to 10,000 servers from VMware environment, up to 5,000 servers from Hyper-V environment, and up to 1000 physical servers by using a single appliance. If you've more servers, read about [scaling a Hyper-V assessment](scale-hyper-v-assessment.md), [scaling a VMware assessment](scale-vmware-assessment.md), or [scaling a physical server assessment](scale-physical-assessment.md).

-The assessment now considers processor parameters such as number of operational cores, sockets, etc. and calculating its optimal performance over a period in a simulated environment. This is done to benchmark all processor-based available processor information. Recalculate your assessments to see the updated recommendations.

-The processor benchmark numbers are now considered along with the resource utilization to ensure, we match the processor performance of your on-premises VMware environment and recommend the target Azure SKU sizes accordingly. This is a way to further improve the assessment recommendations to match your performance needs more closely.

-Due to this, the target Azure VM cost can differ from your earlier assessments of the same target. Also, the number of cores allocated in the target Azure SKU could also vary if the processor performance of target is a match for your on-premises VMware environment.

-If you've selected all available options for your ΓÇ£VM SeriesΓÇ¥ in your assessment settings, you will get the most optimized cost recommendation for your VMs. However, if you choose only some of the available options for the VM series, the recommendation might skip the most optimized option for you while assigning you an Azure VM SKU while matching your processor performance numbers.

-ms.

-ms.

-ms.

-ms.

-ms.

-description: Learn how to use built-in policies to audit network security groups and deploy Azure Network Watcher NSG flow logs.

-# Manage NSG flow logs by using Azure Policy

-## Audit network security groups by using a built-in policy

-To audit your flow logs by using the built-in policy:

- :::image type="content" source="./media/nsg-flow-logs-policy-portal/audit-policy-compliance-details.png" alt-text="Screenshot of the page for audit policy compliance in the Azure portal." lightbox="./media/nsg-flow-logs-policy-portal/audit-policy-compliance-details.png":::

-## Deploy and configure NSG flow logs by using a built-in policy

-1. Select the ellipsis (**...**) next to **Policy definition** to choose the built-in policy that you want to assign. Enter *flow log* in the search box, and the select the **Built-in** filter. From the search results, select **Deploy a flow log resource with target network security group**, and then select **Add**.

- | **System assigned identity location** | Select the region of your system-assigned identity. |

- :::image type="content" source="./media/nsg-flow-logs-policy-portal/deploy-policy-compliance-details.png" alt-text="Screenshot of the page for deployment policy compliance in the Azure portal." lightbox="./media/nsg-flow-logs-policy-portal/deploy-policy-compliance-details.png":::

-description: Learn how to use Azure built-in policies to manage the deployment of Azure Network Watcher traffic analytics.

-**Network Watcher flow logs should have traffic analytics enabled** policy audits all existing Azure Resource Manager objects of type `Microsoft.Network/networkWatchers/flowLogs` and checks if traffic analytics is enabled via the `networkWatcherFlowAnalyticsConfiguration.enabled` property of the flow logs resource. It flags the flow logs resource that has the property set to false.

-To assign policy and audit your flow logs, follow these steps:

- :::image type="content" source="./media/traffic-analytics-policy-portal/assign-audit-policy.png" alt-text="Screenshot of Basics tab to assign an audit policy in the Azure portal.":::

- :::image type="content" source="./media/traffic-analytics-policy-portal/audit-policy-compliance.png" alt-text="Screenshot of Compliance page showing the audit policy in the Azure portal." lightbox="./media/traffic-analytics-policy-portal/audit-policy-compliance.png":::

-1. Select **Assignments**, then select on **Assign Policy**.

-1. Select the ellipsis **...** next to **Scope** to choose your Azure subscription that has the flow logs that you want the policy to audit. You can also choose the resource group that has the flow logs. After you made your selections, select **Select** button.

-1. Select the ellipsis **...** next to **Policy definition** to choose the built-in policy that you want to assign. Enter *traffic analytics* in the search box, and select **Built-in** filter. From the search results, select **Configure network security groups to use specific workspace, storage account and flow log retention policy for traffic analytics** and then select **Add**.

-1. Select **Next** button twice or select **Parameters** tab. Enter or select the following values:

-1. **Resource compliance** lists all non-compliant flow logs.

-description: Learn about Azure CLI samples for networking that include connectivity between Azure resources and for load balancing and traffic direction.

-# Azure CLI Samples for networking

-The following table includes links to bash scripts built using the Azure CLI.

-| Script | Description |

-|-|-|

-|**Connectivity between Azure resources**||

-| [Create a virtual network for multi-tier applications](./scripts/virtual-network-cli-sample-multi-tier-application.md?toc=%2fazure%2fnetworking%2ftoc.json) | Creates a virtual network with front-end and back-end subnets. Traffic to the front-end subnet is limited to HTTP and SSH, while traffic to the back-end subnet is limited to MySQL, port 3306. |

-| [Peer two virtual networks](./scripts/virtual-network-cli-sample-peer-two-virtual-networks.md?toc=%2fazure%2fnetworking%2ftoc.json) | Creates and connects two virtual networks in the same region. |

-| [Route traffic through a network virtual appliance](./scripts/virtual-network-cli-sample-route-traffic-through-nva.md?toc=%2fazure%2fnetworking%2ftoc.json) | Creates a virtual network with front-end and back-end subnets and a VM that is able to route traffic between the two subnets. |

-| [Filter inbound and outbound VM network traffic](./scripts/virtual-network-filter-network-traffic.md?toc=%2fazure%2fnetworking%2ftoc.json) | Creates a virtual network with front-end and back-end subnets. Inbound network traffic to the front-end subnet is limited to HTTP, HTTPS and SSH. Outbound traffic to the Internet from the back-end subnet isn't permitted. |

-|**Load balancing and traffic direction**||

-| [Load balance multiple websites on VMs](./scripts/load-balancer-linux-cli-load-balance-multiple-websites-vm.md?toc=%2fazure%2fnetworking%2ftoc.json) | Creates two VMs with multiple IP configurations, joined to an Azure Availability Set, accessible through an Azure Load Balancer. |

-| [Direct traffic across multiple regions for high application availability](./scripts/traffic-manager-cli-websites-high-availability.md?toc=%2fazure%2fnetworking%2ftoc.json) | Creates two app service plans, two web apps, a traffic manager profile, and two traffic manager endpoints. |

-| | |

-description: Learn about Azure PowerShell samples for networking, including a sample for creating a virtual network for multi-tier applications.

-# Azure PowerShell Samples for networking

-The following table includes links to scripts for Azure PowerShell.

-| Script | Description |

-|-|-|

-|**Connectivity between Azure resources**||

-| [Create a virtual network for multi-tier applications](./scripts/virtual-network-powershell-sample-multi-tier-application.md?toc=%2fazure%2fnetworking%2ftoc.json) | Creates a virtual network with front-end and back-end subnets. Traffic to the front-end subnet is limited to HTTP, while traffic to the back-end subnet is limited to SQL, port 1433. |

-| [Peer two virtual networks](./scripts/virtual-network-powershell-sample-peer-two-virtual-networks.md?toc=%2fazure%2fnetworking%2ftoc.json) | Creates and connects two virtual networks in the same region. |

-| [Route traffic through a network virtual appliance](./scripts/virtual-network-powershell-sample-route-traffic-through-nva.md?toc=%2fazure%2fnetworking%2ftoc.json) | Creates a virtual network with front-end and back-end subnets and a VM that is able to route traffic between the two subnets. |

-| [Filter inbound and outbound VM network traffic](./scripts/virtual-network-powershell-filter-network-traffic.md?toc=%2fazure%2fnetworking%2ftoc.json) | Creates a virtual network with front-end and back-end subnets. Inbound network traffic to the front-end subnet is limited to HTTP and HTTPS. Outbound traffic to the Internet from the back-end subnet isn't permitted. |

-|**Load balancing and traffic direction**||

-| [Load balance traffic to VMs for high availability](./scripts/load-balancer-windows-powershell-sample-nlb.md?toc=%2fazure%2fnetworking%2ftoc.json) | Creates several virtual machines in a highly available and load balanced configuration. |

-| [Direct traffic across multiple regions for high application availability](./scripts/traffic-manager-powershell-websites-high-availability.md?toc=%2fazure%2fnetworking%2ftoc.json) | Creates two app service plans, two web apps, a traffic manager profile, and two traffic manager endpoints. |

-| | |

-description: Azure CLI script sample - Create a virtual network for multi-tier applications.

-# Use an Azure CLI script sample to create a network for multi-tier applications

-This script sample creates a virtual network with front-end and back-end subnets. Traffic to the front-end subnet is limited to HTTP and SSH, while traffic to the back-end subnet is limited to MySQL, port 3306. After running the script, you'll have two virtual machines, one in each subnet that you can deploy web server and MySQL software to.

-## Sample script

-[!code-azurecli-interactive[main](../../../cli_scripts/virtual-network/virtual-network-multi-tier-application/virtual-network-multi-tier-application.sh "Virtual network for multi-tier application")]

-## Clean up deployment

-Run the following command to remove the resource group, VM, and all related resources.

-```azurecli

-az group delete --name $resourceGroup --yes

-```

-## Script explanation

-This script uses the following commands to create a resource group, virtual network, and network security groups. Each command in the table links to command-specific documentation.

-| Command | Notes |

-|||

-| [az group create](/cli/azure/group) | Creates a resource group in which all resources are stored. |

-| [az network vnet create](/cli/azure/network/vnet) | Creates an Azure virtual network and front-end subnet. |

-| [az network subnet create](/cli/azure/network/vnet/subnet) | Creates a back-end subnet. |

-| [az network public-ip create](/cli/azure/network/public-ip) | Creates a public IP address to access the VM from the Internet. |

-| [az network nic create](/cli/azure/network/nic) | Creates virtual network interfaces and attaches them to the virtual network's front-end and back-end subnets. |

-| [az network nsg create](/cli/azure/network/nsg) | Creates network security groups (NSG) that are associated to the front-end and back-end subnets. |

-| [az network nsg rule create](/cli/azure/network/nsg/rule) |Creates NSG rules that allow or block specific ports to specific subnets. |

-| [az vm create](/cli/azure/vm) | Creates virtual machines and attaches a NIC to each VM. This command also specifies the virtual machine image to use and administrative credentials. |

-| [az group delete](/cli/azure/group) | Deletes a resource group and all resources it contains. |

-## Next steps

-For more information on the Azure CLI, see [Azure CLI documentation](/cli/azure).

-More networking CLI script samples can be found in the [Azure Networking Overview documentation](../cli-samples.md)

-description: Use an Azure CLI script sample to create and connect two virtual networks in the same region through the Azure network.

-# Use an Azure CLI sample script to connect two virtual networks

-This script creates and connects two virtual networks in the same region through the Azure network. After running the script, you'll create a peering between two virtual networks.

-## Sample script

-[!code-azurecli-interactive[main](../../../cli_scripts/virtual-network/peer-two-virtual-networks/peer-two-virtual-networks.sh "Peer two networks")]

-## Clean up deployment

-Run the following command to remove the resource group, VM, and all related resources.

-```azurecli

-az group delete --name $resourceGroup --yes

-```

-## Script explanation

-This script uses the following commands to create a resource group, virtual machine, and all related resources. Each command in the table links to command specific documentation.

-| Command | Notes |

-|||

-| [az group create](/cli/azure/group) | Creates a resource group in which all resources are stored. |

-| [az network vnet create](/cli/azure/network/vnet) | Creates an Azure virtual network and subnet. |

-| [az network vnet peering create](/cli/azure/network/vnet/peering) | Creates a peering between two virtual networks. |

-| [az group delete](/cli/azure/vm/extension) | Deletes a resource group including all nested resources. |

-## Next steps

-For more information on the Azure CLI, see [Azure CLI documentation](/cli/azure).

-More networking CLI script samples can be found in the [Azure Networking Overview documentation](../cli-samples.md).

-description: Azure CLI script sample - Route traffic through a firewall network virtual appliance.

-# Use an Azure CLI script to route traffic through a network virtual appliance

-This script sample creates a virtual network with front-end and back-end subnets. It also creates a VM with IP forwarding enabled to route traffic between the two subnets. After running the script you can deploy network software, such as a firewall application, to the VM.

-## Sample script

-[!code-azurecli-interactive[main](../../../cli_scripts/virtual-network/route-traffic-through-nva/route-traffic-through-nva.sh "Route traffic through a network virtual appliance")]

-## Clean up deployment

-Run the following command to remove the resource group, VM, and all related resources.

-```azurecli

-az group delete --name $resourceGroup --yes

-```

-## Script explanation

-This script uses the following commands to create a resource group, virtual network, and network security groups. Each command in the table links to command-specific documentation.

-| Command | Notes |

-|||

-| [az group create](/cli/azure/group) | Creates a resource group in which all resources are stored. |

-| [az network vnet create](/cli/azure/network/vnet) | Creates an Azure virtual network and front-end subnet. |

-| [az network subnet create](/cli/azure/network/vnet/subnet) | Creates back-end and DMZ subnets. |

-| [az network public-ip create](/cli/azure/network/public-ip) | Creates a public IP address to access the VM from the Internet. |

-| [az network nic create](/cli/azure/network/nic) | Creates a virtual network interface and enable IP forwarding for it. |

-| [az network nsg create](/cli/azure/network/nsg) | Creates a network security group (NSG). |

-| [az network nsg rule create](/cli/azure/network/nsg/rule) | Creates NSG rules that allow HTTP and HTTPS ports inbound to the VM. |

-| [az network vnet subnet update](/cli/azure/network/vnet/subnet)| Associates the NSGs and route tables to subnets. |

-| [az network route-table create](/cli/azure/network/route-table#az-network-route-table-create)| Creates a route table for all routes. |

-| [az network route-table route create](/cli/azure/network/route-table/route#az-network-route-table-route-create)| Creates routes to route traffic between subnets and the Internet through the VM. |

-| [az vm create](/cli/azure/vm) | Creates a virtual machine and attaches the NIC to it. This command also specifies the virtual machine image to use and administrative credentials. |

-| [az group delete](/cli/azure/group) | Deletes a resource group and all resources it contains. |

-## Next steps

-For more information on the Azure CLI, see [Azure CLI documentation](/cli/azure).

-More networking CLI script samples can be found in the [Azure Networking Overview documentation](../cli-samples.md)

-description: Use an Azure CLI script to filter inbound and outbound virtual machine (VM) network traffic with front-end and back-end subnets.

-# Use an Azure CLI script to filter inbound and outbound VM network traffic

-This script sample creates a virtual network with front-end and back-end subnets. Inbound network traffic to the front-end subnet is limited to HTTP, HTTPS and SSH, while outbound traffic to the Internet from the back-end subnet isn't permitted. After running the script, you'll have one virtual machine with two NICs. Each NIC is connected to a different subnet.

-## Sample script

-[!code-azurecli-interactive[main](../../../cli_scripts/virtual-network/filter-network-traffic/filter-network-traffic.sh "Filter VM network traffic")]

-## Clean up deployment

-Run the following command to remove the resource group, VM, and all related resources.

-```azurecli

-az group delete --name $resourceGroup --yes

-```

-## Script explanation

-This script uses the following commands to create a resource group, virtual network, and network security groups. Each command in the table links to command-specific documentation.

-| Command | Notes |

-|||

-| [az group create](/cli/azure/group) | Creates a resource group in which all resources are stored. |

-| [az network vnet create](/cli/azure/network/vnet) | Creates an Azure virtual network and front-end subnet. |

-| [az network subnet create](/cli/azure/network/vnet/subnet) | Creates a back-end subnet. |

-| [az network vnet subnet update](/cli/azure/network/vnet/subnet) | Associates NSGs to subnets. |

-| [az network public-ip create](/cli/azure/network/public-ip) | Creates a public IP address to access the VM from the Internet. |

-| [az network nic create](/cli/azure/network/nic) | Creates virtual network interfaces and attaches them to the virtual network's front-end and back-end subnets. |

-| [az network nsg create](/cli/azure/network/nsg) | Creates network security groups (NSG) that are associated to the front-end and back-end subnets. |

-| [az network nsg rule create](/cli/azure/network/nsg/rule) |Creates NSG rules that allow or block specific ports to specific subnets. |

-| [az vm create](/cli/azure/vm) | Creates virtual machines and attaches a NIC to each VM. This command also specifies the virtual machine image to use and administrative credentials. |

-| [az group delete](/cli/azure/group) | Deletes a resource group and all resources it contains. |

-## Next steps

-For more information on the Azure CLI, see [Azure CLI documentation](/cli/azure).

-More networking CLI script samples can be found in the [Azure Networking Overview documentation](../cli-samples.md)

-description: Azure PowerShell script sample - Filter inbound and outbound VM network traffic.

-# Filter inbound and outbound VM network traffic

-This script sample creates a virtual network with front-end and back-end subnets. Inbound network traffic to the front-end subnet is limited to HTTP, and HTTPS, while outbound traffic to the Internet from the back-end subnet isn't permitted. After running the script, you'll have one virtual machine with two NICs. Each NIC is connected to a different subnet.

-If needed, install the Azure PowerShell using the instruction found in the [Azure PowerShell guide](/powershell/azure/), and then run `Connect-AzAccount` to create a connection with Azure.

-## Sample script

-[!code-powershell[main](../../../powershell_scripts/virtual-network/filter-network-traffic/filter-network-traffic.ps1 "Filter VM network traffic")]

-## Clean up deployment

-Run the following command to remove the resource group, VM, and all related resources.

-```powershell

-Remove-AzResourceGroup -Name myResourceGroup

-```

-## Script explanation

-This script uses the following commands to create a resource group, virtual network, and network security groups. Each command in the table links to command-specific documentation.

-| Command | Notes |

-|||

-| [New-AzResourceGroup](/powershell/module/az.resources/new-azresourcegroup) | Creates a resource group in which all resources are stored. |

-| [New-AzVirtualNetworkSubnetConfig](/powershell/module/az.network/new-azvirtualnetworksubnetconfig) | Creates a subnet configuration object |

-| [New-AzVirtualNetwork](/powershell/module/az.network/new-azvirtualnetwork) | Creates an Azure virtual network and front-end subnet. |

-| [New-AzNetworkSecurityRuleConfig](/powershell/module/az.network/new-aznetworksecurityruleconfig) | Creates security rules to be assigned to a network security group. |

-| [New-AzNetworkSecurityGroup](/powershell/module/az.network/new-aznetworksecuritygroup) |Creates NSG rules that allow or block specific ports to specific subnets. |

-| [Set-AzVirtualNetworkSubnetConfig](/powershell/module/az.network/set-azvirtualnetworksubnetconfig) | Associates NSGs to subnets. |

-| [New-AzPublicIpAddress](/powershell/module/az.network/new-azpublicipaddress) | Creates a public IP address to access the VM from the Internet. |

-| [New-AzNetworkInterface](/powershell/module/az.network/new-aznetworkinterface) | Creates virtual network interfaces and attaches them to the virtual network's front-end and back-end subnets. |

-| [New-AzVMConfig](/powershell/module/az.compute/new-azvmconfig) | Creates a VM configuration. This configuration includes information such as VM name, operating system, and administrative credentials. The configuration is used during VM creation. |

-| [New-AzVM](/powershell/module/az.compute/new-azvm) | Create a virtual machine. |

-|[Remove-AzResourceGroup](/powershell/module/az.resources/remove-azresourcegroup) | Removes a resource group and all resources contained within. |

-## Next steps

-For more information on the Azure PowerShell, see [Azure PowerShell documentation](/powershell/azure/).

-More networking PowerShell script samples can be found in the [Azure Networking Overview documentation](../powershell-samples.md?toc=%2fazure%2fnetworking%2ftoc.json).

-description: Azure PowerShell script sample - Create a virtual network for multi-tier applications.

-# Create a network for multi-tier applications

-This script sample creates a virtual network with front-end and back-end subnets. Traffic to the front-end subnet is limited to HTTP and SSH, while traffic to the back-end subnet is limited to MySQL, port 3306. After running the script, you'll have two virtual machines, one in each subnet that you can deploy web server and MySQL software to.

-If needed, install the Azure PowerShell using the instruction found in the [Azure PowerShell guide](/powershell/azure/), and then run `Connect-AzAccount` to create a connection with Azure.

-## Sample script

-[!code-powershell[main](../../../powershell_scripts/virtual-network/virtual-network-multi-tier-application/virtual-network-multi-tier-application.ps1 "Virtual network for multi-tier application")]

-## Clean up deployment

-Run the following command to remove the resource group, VM, and all related resources.

-```powershell

-Remove-AzResourceGroup -Name $rgName

-```

-## Script explanation

-This script uses the following commands to create a resource group, virtual network, and network security groups. Each command in the table links to command-specific documentation.

-| Command | Notes |

-|||

-| [New-AzResourceGroup](/powershell/module/az.resources/new-azresourcegroup) | Creates a resource group in which all resources are stored. |

-| [New-AzVirtualNetwork](/powershell/module/az.network/new-azvirtualnetwork) | Creates an Azure virtual network and front-end subnet. |

-| [New-AzVirtualNetworkSubnetConfig](/powershell/module/az.network/new-azvirtualnetworksubnetconfig) | Creates a back-end subnet. |

-| [New-AzPublicIpAddress](/powershell/module/az.network/new-azpublicipaddress) | Creates a public IP address to access the VM from the Internet. |

-| [New-AzNetworkInterface](/powershell/module/az.network/new-aznetworkinterface) | Creates virtual network interfaces and attaches them to the virtual network's front-end and back-end subnets. |

-| [New-AzNetworkSecurityGroup](/powershell/module/az.network/new-aznetworksecuritygroup) | Creates network security groups (NSG) that are associated to the front-end and back-end subnets. |

-| [New-AzNetworkSecurityRuleConfig](/powershell/module/az.network/new-aznetworksecurityruleconfig) |Creates NSG rules that allow or block specific ports to specific subnets. |

-| [New-AzVM](/powershell/module/az.compute/new-azvm) | Creates virtual machines and attaches a NIC to each VM. This command also specifies the virtual machine image to use and administrative credentials. |

-| [Remove-AzResourceGroup](/powershell/module/az.resources/remove-azresourcegroup) | Deletes a resource group and all resources it contains. |

-## Next steps

-For more information on the Azure PowerShell, see [Azure PowerShell documentation](/powershell/azure/).

-More networking PowerShell script samples can be found in the [Azure Networking Overview documentation](../powershell-samples.md?toc=%2fazure%2fnetworking%2ftoc.json).

-description: Create and connect two virtual networks in the same region. Use the Azure script for two peer virtual networks to connect the networks through Azure.

-# Peer two virtual networks

-This script creates and connects two virtual networks in the same region through the Azure network. After running the script, you'll create a peering between two virtual networks.

-If needed, install the Azure PowerShell using the instruction found in the [Azure PowerShell guide](/powershell/azure/), and then run `Connect-AzAccount` to create a connection with Azure.

-## Sample script

-[!code-azurepowershell[main](../../../powershell_scripts/virtual-network/peer-two-virtual-networks/peer-two-virtual-networks.ps1 "Peer two networks")]

-## Clean up deployment

-Run the following command to remove the resource group, VM, and all related resources.

-```powershell

-Remove-AzResourceGroup -Name myResourceGroup

-```

-## Script explanation

-This script uses the following commands to create a resource group, virtual machine, and all related resources. Each command in the table links to command specific documentation.

-| Command | Notes |

-|||

-| [New-AzResourceGroup](/powershell/module/az.resources/new-azresourcegroup) | Creates a resource group in which all resources are stored. |

-| [New-AzVirtualNetwork](/powershell/module/az.network/new-azvirtualnetwork)| Creates an Azure virtual network and subnet. |

-| [Add-AzVirtualNetworkPeering](/powershell/module/az.network/add-azvirtualnetworkpeering) | Creates a peering between two virtual networks. |

-| [Remove-AzResourceGroup](/powershell/module/az.resources/remove-azresourcegroup) | Deletes a resource group including all nested resources. |

-## Next steps

-For more information on the Azure PowerShell, see [Azure PowerShell documentation](/powershell/azure/).

-More networking PowerShell script samples can be found in the [Azure Networking Overview documentation](../powershell-samples.md?toc=%2fazure%2fnetworking%2ftoc.json).

-description: Azure PowerShell script sample - Route traffic through a firewall network virtual appliance.

-# Route traffic through a network virtual appliance

-This script sample creates a virtual network with front-end and back-end subnets. It also creates a VM with IP forwarding enabled to route traffic between the two subnets. After running the script you can deploy network software, such as a firewall application, to the VM.

-If needed, install the Azure PowerShell using the instruction found in the [Azure PowerShell guide](/powershell/azure/), and then run `Connect-AzAccount` to create a connection with Azure.

-## Sample script

-[!code-powershell[main](../../../powershell_scripts/virtual-network/route-traffic-through-nva/route-traffic-through-nva.ps1 "Route traffic through a network virtual appliance")]

-## Clean up deployment

-Run the following command to remove the resource group, VM, and all related resources.

-```powershell

-Remove-AzResourceGroup -Name myResourceGroup

-```

-## Script explanation

-This script uses the following commands to create a resource group, virtual network, and network security groups. Each command in the table links to command-specific documentation.

-| Command | Notes |

-|||

-| [New-AzResourceGroup](/powershell/module/az.resources/new-azresourcegroup) | Creates a resource group in which all resources are stored. |

-| [New-AzVirtualNetwork](/powershell/module/az.network/new-azvirtualnetwork) | Creates an Azure virtual network and front-end subnet. |

-| [New-AzVirtualNetworkSubnetConfig](/powershell/module/az.network/new-azvirtualnetworksubnetconfig) | Creates back-end and DMZ subnets. |

-| [New-AzPublicIpAddress](/powershell/module/az.network/new-azpublicipaddress) | Creates a public IP address to access the VM from the Internet. |

-| [New-AzNetworkInterface](/powershell/module/az.network/new-aznetworkinterface) | Creates a virtual network interface and enable IP forwarding for it. |

-| [New-AzNetworkSecurityGroup](/powershell/module/az.network/new-aznetworksecuritygroup) | Creates a network security group (NSG). |

-| [New-AzNetworkSecurityRuleConfig](/powershell/module/az.network/new-aznetworksecurityruleconfig) | Creates NSG rules that allow HTTP and HTTPS ports inbound to the VM. |

-| [Set-AzVirtualNetworkSubnetConfig](/powershell/module/az.network/set-azvirtualnetworksubnetconfig)| Associates the NSGs and route tables to subnets. |

-| [New-AzRouteTable](/powershell/module/az.network/new-azroutetable)| Creates a route table for all routes. |

-| [New-AzRouteConfig](/powershell/module/az.network/new-azrouteconfig)| Creates routes to route traffic between subnets and the Internet through the VM. |

-| [New-AzVM](/powershell/module/az.compute/new-azvm) | Creates a virtual machine and attaches the NIC to it. This command also specifies the virtual machine image to use and administrative credentials. |

-| [Remove-AzResourceGroup](/powershell/module/az.resources/remove-azresourcegroup) | Deletes a resource group and all resources it contains. |

-## Next steps

-For more information on the Azure PowerShell, see [Azure PowerShell documentation](/powershell/azure/).

-More networking PowerShell script samples can be found in the [Azure Networking Overview documentation](../powershell-samples.md?toc=%2fazure%2fnetworking%2ftoc.json).

-$azureADAppSp = New-AzADServicePrincipal -DisplayName $displayName -Role Contributor

-$aadClientSecretDigest = ConvertTo-SecureString -String $azureADAppSp.PasswordCredentials.SecretText -AsPlainText -Force

- -TemplateParameterFile azuredeploy.json

-| Storage size | 32 GB to 16 TB | 32 GB to 16 TB | 32 GB to 16 TB |

-| SKU Name | vCores | Memory Size | Max Supported IOPS | Max Supported I/O bandwidth |

-|-|--|-|--|--|

-| **Burstable** | | | | |

-| B1ms | 1 | 2 GiB | 640 | 10 MiB/sec |

-| B2s | 2 | 4 GiB | 1280 | 15 MiB/sec |

-| B2ms | 2 | 4 GiB | 1700 | 22.5 MiB/sec |

-| B4ms | 4 | 8 GiB | 2400 | 35 MiB/sec |

-| B8ms | 8 | 16 GiB | 3100 | 50 MiB/sec |

-| B12ms | 12 | 24 GiB | 3800 | 50 MiB/sec |

-| B16ms | 16 | 32 GiB | 4300 | 50 MiB/sec |

-| B20ms | 20 | 40 GiB | 5000 | 50 MiB/sec |

-| **General Purpose** | | | | |

-| D32s_v3 / D32ds_v4 | 32 | 128 GiB | 18000 | 750 MiB/sec |

-| D48s_v3 / D48ds_v4 | 48 | 192 GiB | 18000 | 750 MiB/sec |

-| D64s_v3 / D64ds_v4 | 64 | 256 GiB | 18000 | 750 MiB/sec |

-| **Memory Optimized** | | | | |

-| E20ds_v4 | 20 | 160 GiB | 18000 | 480 MiB/sec |

-| E32s_v3 / E32ds_v4 | 32 | 256 GiB | 18000 | 750 MiB/sec |

-| E48s_v3 / E48ds_v4 | 48 | 384 GiB | 18000 | 750 MiB/sec |

-| E64s_v3 / E64ds_v4 | 64 | 432 GiB | 18000 | 750 MiB/sec |

-|SKU Name |Storage Size in GiB |32 |64 |128 |256 |512 |1,024|2,048|4,096|8,192 |16,384|

-| |Maximum IOPS |120|240|500 |1100|2300 |5000 |7500 |7500 |16000 |18000 |

-|**Burstable** | | | | | | | | | | | |

-|B1ms |640 IOPS |120|240|500 |640*|640* |640* |640* |640* |640* |640* |

-|B2s |1280 IOPS |120|240|500 |1100|1280*|1280*|1280*|1280*|1280* |1280* |

-|B2ms |1280 IOPS |120|240|500 |1100|1700*|1700*|1700*|1700*|1700* |1700* |

-|B4ms |1280 IOPS |120|240|500 |1100|2300 |2400*|2400*|2400*|2400* |2400* |

-|B8ms |1280 IOPS |120|240|500 |1100|2300 |3100*|3100*|3100*|3100* |3100* |

-|B12ms |1280 IOPS |120|240|500 |1100|2300 |3800*|3800*|3800*|3800* |3800* |

-|B16ms |1280 IOPS |120|240|500 |1100|2300 |4300*|4300*|4300*|4300* |4300* |

-|B20ms |1280 IOPS |120|240|500 |1100|2300 |5000 |5000*|5000*|5000* |5000* |

-|D2s_v3 / D2ds_v4 |3200 IOPS |120|240|500 |1100|2300 |3200*|3200*|3200*|3200* |3200* |

-|D4s_v3 / D4ds_v4 |6,400 IOPS |120|240|500 |1100|2300 |5000 |6400*|6400*|6400* |6400* |

-|D8s_v3 / D8ds_v4 |12,800 IOPS |120|240|500 |1100|2300 |5000 |7500 |7500 |12800*|12800*|

-|D16s_v3 / D16ds_v4 |18,000 IOPS |120|240|500 |1100|2300 |5000 |7500 |7500 |16000 |18000 |

-|D32s_v3 / D32ds_v4 |18,000 IOPS |120|240|500 |1100|2300 |5000 |7500 |7500 |16000 |18000 |

-|D48s_v3 / D48ds_v4 |18,000 IOPS |120|240|500 |1100|2300 |5000 |7500 |7500 |16000 |18000 |

-|D64s_v3 / D64ds_v4 |18,000 IOPS |120|240|500 |1100|2300 |5000 |7500 |7500 |16000 |18000 |

-|E2s_v3 / E2ds_v4 |3200 IOPS |120|240|500 |1100|2300 |3200*|3200*|3200*|3200* |3200* |

-|E4s_v3 / E4ds_v4 |6,400 IOPS |120|240|500 |1100|2300 |5000 |6400*|6400*|6400* |6400* |

-|E8s_v3 / E8ds_v4 |12,800 IOPS |120|240|500 |1100|2300 |5000 |7500 |7500 |12800*|12800*|

-|E16s_v3 / E16ds_v4 |18,000 IOPS |120|240|500 |1100|2300 |5000 |7500 |7500 |16000 |18000 |

-|E20ds_v4 |18,000 IOPS |120|240|500 |1100|2300 |5000 |7500 |7500 |16000 |18000 |

-|E32s_v3 / E32ds_v4 |18,000 IOPS |120|240|500 |1100|2300 |5000 |7500 |7500 |16000 |18000 |

-|E48s_v3 / E48ds_v4 |18,000 IOPS |120|240|500 |1100|2300 |5000 |7500 |7500 |16000 |18000 |

-|E64s_v3 / E64ds_v4 |18,000 IOPS |120|240|500 |1100|2300 |5000 |7500 |7500 |16000 |18000 |

-|SKU Name |Storage Size, GiB |32 |64 |128 |256 |512 |1,024 |2,048 |4,096 |8,192 |16,384|

-|--|-| | |- |- |-- |-- |-- |-- || |

-| |**Storage Bandwidth, MiB/sec** |25 |50 |100 |125 |150 |200 |250 |250 |500 |750 |

-|**Burstable** | | | | | | | | | | | |

-|B1ms |10 MiB/sec |10* |10* |10* |10* |10* |10* |10* |10* |10* |10* |

-|B2s |15 MiB/sec |15* |15* |15* |15* |15* |15* |15* |15* |15* |15* |

-|B2ms |22.5 MiB/sec |22.5* |22.5* |22.5* |22.5* |22.5* |22.5* |22.5* |22.5* |22.5* |22.5* |

-|B4ms |15 MiB/sec |32 |35* |35* |35* |35* |35* |35* |35* |35* |35* |

-|B8ms |15 MiB/sec |32 |50 |50* |50* |50* |50* |50* |50* |50* |50* |

-|B12ms |15 MiB/sec |32 |50 |50* |50* |50* |50* |50* |50* |50* |50* |

-|B16ms |15 MiB/sec |32 |50 |50* |50* |50* |50* |50* |50* |50* |50* |

-|B20ms |15 MiB/sec |32 |50 |50* |50* |50* |50* |50* |50* |50* |50* |

-|**General Purpose** | | | | | | | | | | | |

-|D2s_v3 / D2ds_v4 |48 MiB/sec |25 |48* |48* |48* |48* |48* |48* |48* |48* |48* |

-|D4s_v3 / D4ds_v4 |96 MiB/sec |25 |50 |96* |96* |96* |96* |96* |96* |96* |96* |

-|D8s_v3 / D8ds_v4 |192 MiB/sec |25 |50 |100 |125 |150 |192* |192* |192* |192* |192* |

-|D16s_v3 / D16ds_v4 |384 MiB/sec |25 |50 |100 |125 |150 |200 |250 |250 |384* |384* |

-|D32s_v3 / D32ds_v4 |750 MiB/sec |25 |50 |100 |125 |150 |200 |250 |250 |500 |750 |

-|D48s_v3 / D48ds_v4 |750 MiB/sec |25 |50 |100 |125 |150 |200 |250 |250 |500 |750 |

-|D64s_v3 / Dd64ds_v4 |750 MiB/sec |25 |50 |100 |125 |150 |200 |250 |250 |500 |750 |

-|**Memory Optimized**| | | | | | | | | | | |

-|E2s_v3 / E2ds_v4 |48 MiB/sec |25 |48* |48* |48* |48* |48* |48* |48* |48* |48* |

-|E4s_v3 / E4ds_v4 |96 MiB/sec |25 |50 |96* |96* |96* |96* |96* |96* |96* |96* |

-|E8s_v3 / E8ds_v4 |192 MiB/sec |25 |50 |100 |125 |150 |192* |192* |192* |192* |192* |

-|E16s_v3 / E16ds_v4 |384 MiB/sec |25 |50 |100 |125 |150 |200 |250 |250 |384* |384* |

-|E20ds_v4 |480 MiB/sec |25 |50 |100 |125 |150 |200 |250 |250 |480* |480* |

-|E32s_v3 / E32ds_v4 |750 MiB/sec |25 |50 |100 |125 |150 |200 |250 |250 |500 |750 |

-|E48s_v3 / E48ds_v4 |750 MiB/sec |25 |50 |100 |125 |150 |200 |250 |250 |500 |750 |

-|E64s_v3 / E64ds_v4 |750 MiB/sec |25 |50 |100 |125 |150 |200 |250 |250 |500 |750 |

-|**Database Is Alive** (Preview) |`is-db-alive` |Count |Indicates if the database is up or not |N/a |Yes |

-| Azure Monitor (Microsoft.Insights/privateLinkScopes) / azuremonitor | privatelink.monitor.azure.com<br/> privatelink.oms.opinsights.azure.com <br/> privatelink.ods.opinsights.azure.com <br/> privatelink.agentsvc.azure-automation.net <br/> privatelink.blob.core.windows.net <br/> privatelink.applicationinsights.azure.com| monitor.azure.com<br/> oms.opinsights.azure.com<br/> ods.opinsights.azure.com<br/> agentsvc.azure-automation.net <br/> blob.core.windows.net <br/> applicationinsights.azure.com |

-| [Microsoft RSA Root Certificate Authority 2017](https://www.microsoft.com/pkiops/certs/archived/Microsoft%20RSA%20Root%20Certificate%20Authority%202017.crt) | 0x1ed397095fd8b4b347701eaabe7f45b3<br>73A5E64A3BFF8316FF0EDCCC618A906E4EAE4D74 |

-You must have PowerShell and the AWS CLI on your machine.

- - [Installation instructions for PowerShell](/powershell/scripting/install/installing-powershell)

- - [Installation instructions for the AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2.html)

-1. Select **Amazon Web Services S3** from the data connectors gallery, and in the details pane, select **Open connector page**.

-1. In Microsoft Sentinel, select **Data connectors** and then select the **Amazon Web Services S3** line in the table and in the AWS pane to the right, select **Open connector page**.

-You must have write permission on the Microsoft Sentinel workspace.

-1. In Microsoft Sentinel, select **Data connectors** and then select the **Amazon Web Services** line in the table and in the AWS pane to the right, select **Open connector page**.

-> [!IMPORTANT]

-> As indicated below, some of the available log types are currently in **PREVIEW**. See the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for additional legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.

-Learn about [types of Microsoft Sentinel data connectors](data-connectors-reference.md) or learn about the [Microsoft Sentinel solutions catalog](sentinel-solutions-catalog.md).

-The Microsoft Sentinel **Data connectors** page shows the full list of connectors and their status in your workspace.

-Select the connector you want to connect, and then select **Open connector page**.

- :::image type="content" source="media/collect-data/opened-connector-page.png" alt-text="Screenshot showing how to configure data connectors." border="false":::

- :::image type="content" source="media/collect-data/data-insights.png" alt-text="Screenshot showing the data connecter Next steps tab." border="false":::

-## Background

-> [!NOTE]

-> - Microsoft Defender for Cloud was formerly known as Azure Security Center.

-> - Defender for Cloud's enhanced security features were formerly known collectively as Azure Defender.

-### Alert synchronization

-### Bi-directional alert synchronization

-1. From the Microsoft Sentinel navigation menu, select **Data connectors**. Select the connector for your product from the connectors gallery (or the **Common Event Format (CEF)** if your product isn't listed), and then the **Open connector page** button on the lower right.

-> [!IMPORTANT]

->

-> The Microsoft 365 Defender connector is now generally available!

-Operating system | Windows Server 2019, Windows Server 2016

-vCenter Server | Version 8.0 & subsequent updates in this version, Version 7.0, 6.7, 6.5, 6.0, or 5.5 | We recommend that you use a vCenter server in your disaster recovery deployment.

-vSphere hosts | Version 8.0 & subsequent updates in this version, Version 7.0, 6.7, 6.5, 6.0, or 5.5 | We recommend that vSphere hosts and vCenter servers are located in the same network as the process server. By default the process server runs on the configuration server. [Learn more](vmware-physical-azure-config-process-server-overview.md).

- npm init next-app@latest --typescript

-## Deploy your static website

-You can reduce costs by placing blob data into the most cost-efficient access tiers. Choose from three tiers that are designed to optimize your costs around data use. For example, the hot tier has a higher storage cost but lower read cost. Therefore, if you plan to access data frequently, the hot tier might be the most cost-efficient choice. If you plan to read data less frequently, the cool or archive tier might make the most sense because it raises the cost of reading data while reducing the cost of storing data.

-To model and analyze the cost of using cool versus archive storage, see [Archive versus cool](archive-cost-estimation.md#archive-versus-cool). You can apply similar modeling techniques to compare the cost of hot to cool or archive.

-The archive tier is an offline tier for storing data that is rarely accessed. The archive access tier has the lowest storage cost. However, this tier has higher data retrieval costs with a higher latency as compared to the hot and cool tiers.

-If you use the [Set Blob Tier](/rest/api/storageservices/set-blob-tier) operation to move a blob from the cool or hot tier to the archive tier, you're charged the price of an **archive** write operation.

-Blobs in the archive tier are offline and can't be read or modified. To read or modify data in an archived blob, you must first rehydrate the blob to an online tier (either the hot or cool tier).

-## Archive versus cool

-Archive storage is the lowest cost tier. However, it can take up to 15 hours to rehydrate 10 GiB files. To learn more, see [Blob rehydration from the Archive tier](archive-rehydrate-overview.md). The archive tier might not be the best fit if your workloads must read data quickly. The cool tier offers a near real-time read latency with a lower price than that the hot tier. Understanding your access requirements will help you to choose between the cool and archive tiers.

-The following table compares the cost of archive storage with the cost of cold storage by using the [Sample prices](#sample-prices) that appear in this article. This scenario assumes a monthly ingest of 200,000 files totaling 10,240 GB in size to archive. It also assumes 1 read each month about 10% of stored capacity (1024 GB), and 10% of total transactions (20,000).

-| Price factor | Archive | Cool |

-|-|-|--|

-| Price of write transactions (per 10,000) | $0.10 | $0.10 |

-| Price of a single write operation (cost / 10,000) | $0.00001 | $0.00001 |

-| Data prices (pay-as-you-go) | $0.00099 | $0.0152 |

-| Price of read transactions (per 10,000) | $5.00 | $0.01 |

-| Price of a single read operation (cost / 10,000) | $0.0005 | $0.000001 |

-| Price of high priority read transactions (per 10,000) | $50.00 | N/A |

-| Price of data retrieval (per GB) | $0.02 | $0.01 |

-| Price of high priority data retrieval (per GB) | $0.10 | N/A |

-There's not cost to configure object replication. This includes the task of enabling change feed, enabling versioning, as well as adding replication policies. However, object replication incurs costs on read and write transactions against the source and destination accounts, as well as egress charges for the replication of data from the source account to the destination account and read charges to process change feed.

-For related code samples using deprecated .NET version 11.x SDKs, see [Code samples using .NET version 11.x](../blobs/blob-v11-samples-dotnet.md#create-a-stored-access-policy).

-Azure Container Service is a separate service from AKS, so you'll need to grant permissions to allow Azure Container Storage to provision storage for your cluster. Specifically, you must assign the [Contributor](../../role-based-access-control/built-in-roles.md#contributor) Azure RBAC built-in role to the AKS managed identity. You'll need an [Owner](../../role-based-access-control/built-in-roles.md#owner) role for your Azure subscription in order to do this. If you don't have sufficient permissions, ask your admin to perform these steps.

-Run the following command to assign Contributor role to AKS managed identity. Remember to replace `<resource-group>` and `<cluster-name>` with your own values.

-

-description: Learn about migrations to Azure file shares and find your migration guide.

-This article covers the basic aspects of a migration to Azure file shares.

-This article contains migration basics and a table of migration guides. These guides help you move your files into Azure file shares. The guides are organized based on where your data is and what deployment model (cloud-only or hybrid) you're moving to.

-For related code samples using deprecated Java version 8 SDKs, see [Code samples using Java version 8](files-samples-java-v8.md).

-```

-```

-[Use StorSimple Data Manager UI to transform your data](storsimple-data-manager-ui.md).

-* [Connect to Blob storage and ADLS Gen2 in a VNet using Managed Identity authentication](./blob-output-managed-identity.md)

-When you deploy your model to Azure Kubernetes Service, you can [profile your model to determine resource utilization](../machine-learning/how-to-deploy-profile-model.md). You can also [enable App Insights for your deployments](../machine-learning/how-to-enable-app-insights.md) to understand request rates, response times, and failure rates.

-[stream.analytics.rest.api.reference]: /rest/api/streamanalytics/

-

-* [Azure Synapse Analytics](../index.yml)

-[NYC Yellow Taxi](https://azure.microsoft.com/services/open-datasets/catalog/nyc-taxi-limousine-commission-yellow-taxi-trip-records/) dataset is used in this sample. You can query Parquet files the same way you [read CSV files](query-parquet-files.md). The only difference is that the `FILEFORMAT` parameter should be set to `PARQUET`. Examples in this article show the specifics of reading Parquet files.

-The Performance traffic routing method allows you to direct traffic to the endpoint with the lowest latency from the client's network. Typically, the datacenter with the lowest latency is the closest in geographic distance. This traffic routing method cannot account for real-time changes in network configuration or load.

-## To configure performance routing method

-1. From a browser, sign in to the [Azure portal](https://portal.azure.com). If you donΓÇÖt already have an account, you can sign up for a [free one-month trial](https://azure.microsoft.com/free/).

-2. In the portalΓÇÖs search bar, search for the **Traffic Manager profiles** and then click the profile name that you want to configure the routing method for.

-3. In the **Traffic Manager profile** blade, verify that both the cloud services and websites that you want to include in your configuration are present.

-4. In the **Settings** section, click **Configuration**, and in the **Configuration** blade, complete as follows:

- 1. For **traffic routing method settings**, for **Routing method** select **Performance**.

- 2. Set the **Endpoint monitor settings** identical for all every endpoint within this profile as follows:

- 1. Select the appropriate **Protocol**, and specify the **Port** number.

- 2. For **Path** type a forward slash */*. To monitor endpoints, you must specify a path and filename. A forward slash "/" is a valid entry for the relative path and implies that the file is in the root directory (default).

- 3. At the top of the page, click **Save**.

-5. Test the changes in your configuration as follows:

- 1. In the portalΓÇÖs search bar, search for the Traffic Manager profile name and click the Traffic Manager profile in the results that the displayed.

- 2. In the **Traffic Manager** profile blade, click **Overview**.

- 3. The **Traffic Manager profile** blade displays the DNS name of your newly created Traffic Manager profile. This can be used by any clients (for example, by navigating to it using a web browser) to get routed to the right endpoint as determined by the routing type. In this case all requests are routed to the endpoint with the lowest latency from the client's network.

-6. Once your Traffic Manager profile is working, edit the DNS record on your authoritative DNS server to point your company domain name to the Traffic Manager domain name.

-![Configuring performance traffic routing method using Traffic Manager][1]

-<!--Image references-->

-[1]: ./media/traffic-manager-performance-routing-method/traffic-manager-performance-routing-method.png

-To verify if the Microsoft Azure Virtual Machine Agent (VM Agent) is running, has triggered appropriate actions on the machine, and the sequence number for the AutoPatching request, check the agent log for more details in `/var/log/waagent.log`. Every AutoPatching request has a unique sequence number associated with it on the machine. Look for a log similar to: `2021-01-20T16:57:00.607529Z INFO ExtHandler`.

-The package directory for the extension is `/var/lib/waagent/Microsoft.CPlat.Core.Edp.LinuxPatchExtension-<version>` and in the `/status` subfolder is a `<sequence number>.status` file, which includes a brief description of the actions performed during a single AutoPatching request, and the status. It also includes a short list of errors that occurred while applying updates.

-* `<Date and Time>_<Handler action>.ext.log`: There is a wrapper above the patch action, which is used to manage the extension and invoke specific patch operation. This log contains details about the wrapper. For AutoPatching, the `<Date and Time>_Enable.ext.log` has details on whether the specific patch operation was invoked.

-To verify if the Microsoft Azure Virtual Machine Agent (VM Agent) is running, has triggered appropriate actions on the machine, and the sequence number for the AutoPatching request, check the agent log for more details in `C:\WindowsAzure\Logs\AggregateStatus`. The package directory for the extension is `C:\Packages\Plugins\Microsoft.CPlat.Core.WindowsPatchExtension<version>`.

-* `CommandExecution.log`: There is a wrapper above the patch action, which is used to manage the extension and invoke specific patch operation. This log contains details about the wrapper. For AutoPatching, the log has details on whether the specific patch operation was invoked.

-* `cmd_execution_<numeric>_stdout.txt`: There is a wrapper above the patch action, which is used to manage the extension and invoke specific patch operation. This log contains details about the wrapper. For AutoPatching, the log has details on whether the specific patch operation was invoked.

-* Reboot status is **Required**, but a reboot was not attempted even when the reboot setting passed was `IfRequired` or `Always`.

-During an update deployment, it checks for maintenance window utilization at multiple steps. Ten minutes of the maintenance window is reserved for reboot at any point. Before getting a list of missing updates or downloading/installing any update (except Windows service pack updates), it checks to verify if there are 15 minutes + 10 minutes for reboot (that is, 25 mins left in the maintenance window).

-For Windows service pack updates, we check for 20 minutes + 10 minutes for reboot (that is, 30 minutes). If the deployment doesn't have the sufficient left, it skips the scan/download/install of updates. The deployment run then checks if a reboot is needed and if there is ten minutes left in the maintenance window. If there is, the deployment triggers a reboot, otherwise the reboot is skipped. In such cases, the status is updated to **Failed**, and the Maintenance window exceeded property is updated to ***true**. For cases where the time left is less than 25 minutes, updates are not scanned or attempted for installation.

-Find our recommended guidelines for configuring security for your Azure Virtual Desktop deployment at our [security best practices](./../security-guide.md).

-> [Learn about the different Orchestration Modes](virtual-machine-scale-sets-orchestration-modes.md)

-Azure virtual machines (VMs) can be created through the Azure portal. The Azure portal is a browser-based user interface to create Azure resources. This quickstart shows you how to use the Azure portal to deploy a Linux virtual machine (VM) running Ubuntu 18.04 LTS. To see your VM in action, you also SSH to the VM and install the NGINX web server.

-1. Under **Instance details**, enter *myVM* for the **Virtual machine name**, and choose *Ubuntu 18.04 LTS - Gen2* for your **Image**. Leave the other defaults. The default size and pricing is only shown as an example. Size availability and pricing are dependent on your region and subscription.

-description: Learn about various sample scripts you can use for completing tasks in the Azure CLI, including creating a virtual network for multi-tier applications.

-# Azure CLI samples for virtual network

-The following table includes links to bash scripts with Azure CLI commands:

-| Script | Description |

-|-|-|

-| [Create a virtual network for multi-tier applications](./scripts/virtual-network-cli-sample-multi-tier-application.md) | Creates a virtual network with front-end and back-end subnets. Traffic to the front-end subnet is limited to HTTP and SSH, while traffic to the back-end subnet is limited to MySQL, port 3306. |

-| [Peer two virtual networks](./scripts/virtual-network-cli-sample-peer-two-virtual-networks.md) | Creates and connects two virtual networks in the same region. |

-| [Route traffic through a network virtual appliance](./scripts/virtual-network-cli-sample-route-traffic-through-nva.md) | Creates a virtual network with front-end and back-end subnets and a VM that is able to route traffic between the two subnets. |

-| [Filter inbound and outbound VM network traffic](./scripts/virtual-network-cli-sample-filter-network-traffic.md) | Creates a virtual network with front-end and back-end subnets. Inbound network traffic to the front-end subnet is limited to HTTP, HTTPS, and SSH. Outbound traffic to the internet from the back-end subnet isn't permitted. |

-|[Configure IPv4 + IPv6 dual stack virtual network with Standard Load Balancer](./scripts/virtual-network-cli-sample-ipv6-dual-stack-standard-load-balancer.md)|Deploys dual-stack (IPv4+IPv6) virtual network with two VMs and an Azure Standard Load Balancer with IPv4 and IPv6 public IP addresses. |

-|[Quickstart: Create and test a NAT gateway - Azure CLI](../virtual-network/nat-gateway/quickstart-create-nat-gateway-cli.md)|Create and validate a NAT gateway using a virtual machine. |

-description: Learn about Azure PowerShell samples for managing virtual networks, including a sample for creating a virtual network for multi-tier applications.

-# Azure PowerShell samples for virtual network

-The following table includes links to Azure PowerShell scripts:

-| Script | Description |

-|-|-|

-| [Create a virtual network for multi-tier applications](./scripts/virtual-network-powershell-sample-multi-tier-application.md) | Creates a virtual network with front-end and back-end subnets. Traffic to the front-end subnet is limited to HTTP, while traffic to the back-end subnet is limited to SQL, port 1433. |

-| [Peer two virtual networks](./scripts/virtual-network-powershell-sample-peer-two-virtual-networks.md) | Creates and connects two virtual networks in the same region. |

-| [Route traffic through a network virtual appliance](./scripts/virtual-network-powershell-sample-route-traffic-through-nva.md) | Creates a virtual network with front-end and back-end subnets and a VM that is able to route traffic between the two subnets. |

-| [Filter inbound and outbound VM network traffic](./scripts/virtual-network-powershell-sample-filter-network-traffic.md) | Creates a virtual network with front-end and back-end subnets. Inbound network traffic to the front-end subnet is limited to HTTP and HTTPS. Outbound traffic to the internet from the back-end subnet isn't permitted. |

-| [Configure IPv4 + IPv6 dual stack virtual network with Standard Load Balancer](./scripts/virtual-network-powershell-sample-ipv6-dual-stack-standard-load-balancer.md)|Deploys dual-stack (IPv4+IPv6) virtual network with two VMs and an Azure Standard Load Balancer with IPv4 and IPv6 public IP addresses. |

-| [Quickstart: Create and test a NAT gateway - Azure PowerShell](../virtual-network/nat-gateway/quickstart-create-nat-gateway-powershell.md) | Create and validate a NAT gateway using a virtual machine. |

-description: Filter inbound and outbound virtual machine (VM) network traffic using an Azure CLI script sample.

-# Filter inbound and outbound VM network traffic using an Azure CLI script sample

-This script sample creates a virtual network with front-end and back-end subnets. Inbound network traffic to the front-end subnet is limited to HTTP, HTTPS, and SSH, while outbound traffic to the internet from the back-end subnet is not permitted. After running the script, you will have one virtual machine with two NICs. Each NIC is connected to a different subnet.

-## Sample script

-### Run the script

-## Clean up deployment

-```azurecli

-az group delete --name $resourceGroup

-```

-## Sample reference

-This script uses the following commands to create a resource group, virtual network, and network security groups. Each command in the following table links to command-specific documentation:

-| Command | Notes |

-|||

-| [az group create](/cli/azure/group) | Creates a resource group in which all resources are stored. |

-| [az network vnet create](/cli/azure/network/vnet) | Creates an Azure virtual network and front-end subnet. |

-| [az network subnet create](/cli/azure/network/vnet/subnet) | Creates a back-end subnet. |

-| [az network vnet subnet update](/cli/azure/network/vnet/subnet) | Associates NSGs to subnets. |

-| [az network public-ip create](/cli/azure/network/public-ip) | Creates a public IP address to access the VM from the internet. |

-| [az network nic create](/cli/azure/network/nic) | Creates virtual network interfaces and attaches them to the virtual network's front-end and back-end subnets. |

-| [az network nsg create](/cli/azure/network/nsg) | Creates network security groups (NSG) that are associated to the front-end and back-end subnets. |

-| [az network nsg rule create](/cli/azure/network/nsg/rule) |Creates NSG rules that allow or block specific ports to specific subnets. |

-| [az vm create](/cli/azure/vm) | Creates virtual machines and attaches a NIC to each VM. This command also specifies the virtual machine image to use and administrative credentials. |

-| [az group delete](/cli/azure/group) | Deletes a resource group and all resources it contains. |

-## Next steps

-For more information on the Azure CLI, see [Azure CLI documentation](/cli/azure).

-Additional virtual network CLI script samples can be found in [Virtual network CLI samples](../cli-samples.md).

-description: Learn how to configure IPv6 endpoints in a virtual network script sample using Standard Load Balancer.

-# Configure IPv6 endpoints in virtual network script sample using Standard Load Balancer(preview)

-This article shows you how to deploy a dual stack (IPv4 + IPv6) application in Azure that includes a dual stack virtual network with a dual stack subnet, a Standard Load Balancer with dual (IPv4 + IPv6) front-end configurations, VMs with NICs that have a dual IP configuration, dual network security group rules ,and dual public IPs.

-## Sample script

-### Run the script

-> [!TIP]

-> You can view the IPv6 dual stack virtual network in Azure portal on the virtual network page.

-> The dual stack virtual network shows the two NICs with both IPv4 and IPv6 configurations in the dual stack subnet.

-## Clean up deployment

-```azurecli

-az group delete --name $resourceGroup

-```

-## Sample reference

-This script uses the following commands to create a resource group, virtual machine, availability set, load balancer, and all related resources. Each command in the table links to command specific documentation.

-| Command | Notes |

-|||

-| [az group create](/cli/azure/group#az-group-create) | Creates a resource group in which all resources are stored. |

-| [az network vnet create](/cli/azure/network/vnet#az-network-vnet-create) | Creates an Azure virtual network and subnet. |

-| [az network public-ip create](/cli/azure/network/public-ip#az-network-public-ip-create) | Creates a public IP address with a static IP address and an associated DNS name. |

-| [az network lb create](/cli/azure/network/lb#az-network-lb-create) | Creates an Azure load balancer. |

-| [az network lb probe create](/cli/azure/network/lb/probe#az-network-lb-probe-create) | Creates a load balancer probe. A load balancer probe is used to monitor each VM in the load balancer set. If any VM becomes inaccessible, traffic is not routed to the VM. |

-| [az network lb rule create](/cli/azure/network/lb/rule#az-network-lb-rule-create) | Creates a load balancer rule. In this sample, a rule is created for port 80. As HTTP traffic arrives at the load balancer, it is routed to port 80 one of the VMs in the LB set. |

-| [az network lb inbound-nat-rule create](/cli/azure/network/lb/inbound-nat-rule#az-network-lb-inbound-nat-rule-create) | Creates load balancer Network Address Translation (NAT) rule. NAT rules map a port of the load balancer to a port on a VM. In this sample, a NAT rule is created for SSH traffic to each VM in the load balancer set. |

-| [az network nsg create](/cli/azure/network/nsg#az-network-nsg-create) | Creates a network security group (NSG), which is a security boundary between the internet and the virtual machine. |

-| [az network nsg rule create](/cli/azure/network/nsg/rule#az-network-nsg-rule-create) | Creates an NSG rule to allow inbound traffic. In this sample, port 22 is opened for SSH traffic. |

-| [az network nic create](/cli/azure/network/nic#az-network-nic-create) | Creates a virtual network card and attaches it to the virtual network, subnet, and NSG. |

-| [az vm availability-set create](/cli/azure/network/lb/rule#az-network-lb-rule-create) | Creates an availability set. Availability sets ensure application uptime by spreading the virtual machines across physical resources such that if failure occurs, the entire set isn't affected. |

-| [az vm create](/cli/azure/vm#az-vm-create) | Creates the virtual machine and connects it to the network card, virtual network, subnet, and NSG. This command also specifies the virtual machine image to be used and administrative credentials. |

-| [az group delete](/cli/azure/vm/extension#az-vm-extension-set) | Deletes a resource group including all nested resources. |

-## Next steps

-For more information on the Azure CLI, see [Azure CLI documentation](/cli/azure).

-Additional Azure Networking CLI script samples can be found in the [Azure Networking documentation](../cli-samples.md).

-description: Use an Azure CLI script sample to configure IPv6 endpoints and deploy a dual stack (IPv4 + IPv6) application in Azure.

-# Configure IPv6 endpoints in virtual network script sample

-This article shows you how to deploy a dual stack (IPv4 + IPv6) application in Azure that includes a dual stack virtual network with a dual stack subnet, a load balancer with dual (IPv4 + IPv6) front-end configurations, VMs with NICs that have a dual IP configuration, dual network security group rules ,and dual public IPs.

-## Sample script

-### Run the script

-> [!TIP]

-> You can view the IPv6 dual stack virtual network in Azure portal on the virtual network page.

-> The dual stack virtual network shows the two NICs with both IPv4 and IPv6 configurations in the dual stack subnet.

-## Clean up deployment

-```azurecli

-az group delete --name $resourceGroup

-```

-## Sample reference

-This script uses the following commands to create a resource group, virtual machine, availability set, load balancer, and all related resources. Each command in the table links to command specific documentation.

-| Command | Notes |

-|||

-| [az group create](/cli/azure/group#az-group-create) | Creates a resource group in which all resources are stored. |

-| [az network vnet create](/cli/azure/network/vnet#az-network-vnet-create) | Creates an Azure virtual network and subnet. |

-| [az network public-ip create](/cli/azure/network/public-ip#az-network-public-ip-create) | Creates a public IP address with a static IP address and an associated DNS name. |

-| [az network lb create](/cli/azure/network/lb#az-network-lb-create) | Creates an Azure load balancer. |

-| [az network lb probe create](/cli/azure/network/lb/probe#az-network-lb-probe-create) | Creates a load balancer probe. A load balancer probe is used to monitor each VM in the load balancer set. If any VM becomes inaccessible, traffic is not routed to the VM. |

-| [az network lb rule create](/cli/azure/network/lb/rule#az-network-lb-rule-create) | Creates a load balancer rule. In this sample, a rule is created for port 80. As HTTP traffic arrives at the load balancer, it is routed to port 80 one of the VMs in the LB set. |

-| [az network lb inbound-nat-rule create](/cli/azure/network/lb/inbound-nat-rule#az-network-lb-inbound-nat-rule-create) | Creates load balancer Network Address Translation (NAT) rule. NAT rules map a port of the load balancer to a port on a VM. In this sample, a NAT rule is created for SSH traffic to each VM in the load balancer set. |

-| [az network nsg create](/cli/azure/network/nsg#az-network-nsg-create) | Creates a network security group (NSG), which is a security boundary between the internet and the virtual machine. |

-| [az network nsg rule create](/cli/azure/network/nsg/rule#az-network-nsg-rule-create) | Creates an NSG rule to allow inbound traffic. In this sample, port 22 is opened for SSH traffic. |

-| [az network nic create](/cli/azure/network/nic#az-network-nic-create) | Creates a virtual network card and attaches it to the virtual network, subnet, and NSG. |

-| [az vm availability-set create](/cli/azure/network/lb/rule#az-network-lb-rule-create) | Creates an availability set. Availability sets ensure application uptime by spreading the virtual machines across physical resources such that if failure occurs, the entire set isn't affected. |

-| [az vm create](/cli/azure/vm#az-vm-create) | Creates the virtual machine and connects it to the network card, virtual network, subnet, and NSG. This command also specifies the virtual machine image to be used and administrative credentials. |

-| [az group delete](/cli/azure/vm/extension#az-vm-extension-set) | Deletes a resource group including all nested resources. |

-## Next steps

-For more information on the Azure CLI, see [Azure CLI documentation](/cli/azure).

-Additional Azure Networking CLI script samples can be found in the [Azure Networking documentation](../cli-samples.md).

-description: Create a virtual network for multi-tier applications - Azure CLI script sample.

-# Create a virtual network for multi-tier applications using an Azure CLI script sample

-This script sample creates a virtual network with front-end and back-end subnets. Traffic to the front-end subnet is limited to HTTP and SSH, while traffic to the back-end subnet is limited to MySQL, port 3306. After running the script, you have two virtual machines, one in each subnet, that you can deploy web server and MySQL software to.

-## Sample script

-### Run the script

-## Clean up deployment

-```azurecli

-az group delete --name $resourceGroup

-```

-## Sample reference

-This script uses the following commands to create a resource group, virtual network, and network security groups. Each command in the following table links to command-specific documentation:

-| Command | Notes |

-|||

-| [az group create](/cli/azure/group) | Creates a resource group in which all resources are stored. |

-| [az network vnet create](/cli/azure/network/vnet) | Creates an Azure virtual network and front-end subnet. |

-| [az network subnet create](/cli/azure/network/vnet/subnet) | Creates a back-end subnet. |

-| [az network public-ip create](/cli/azure/network/public-ip) | Creates a public IP address to access the VM from the internet. |

-| [az network nic create](/cli/azure/network/nic) | Creates virtual network interfaces and attaches them to the virtual network's front-end and back-end subnets. |

-| [az network nsg create](/cli/azure/network/nsg) | Creates network security groups (NSG) that are associated to the front-end and back-end subnets. |

-| [az network nsg rule create](/cli/azure/network/nsg/rule) |Creates NSG rules that allow or block specific ports to specific subnets. |

-| [az vm create](/cli/azure/vm) | Creates virtual machines and attaches a NIC to each VM. This command also specifies the virtual machine image to use and administrative credentials. |

-| [az group delete](/cli/azure/group) | Deletes a resource group and all resources it contains. |

-## Next steps

-For more information on the Azure CLI, see [Azure CLI documentation](/cli/azure).

-Additional virtual network CLI script samples can be found in [Virtual network CLI samples](../cli-samples.md).

-description: Route traffic through a firewall network virtual appliance - Azure CLI script sample.

-# Route traffic through a network virtual appliance - Azure CLI script sample

-This script sample creates a virtual network with front-end and back-end subnets. It also creates a VM with IP forwarding enabled to route traffic between the two subnets. After running the script you can deploy network software, such as a firewall application, to the VM.

-## Sample script

-### Run the script

-## Clean up deployment

-```azurecli

-az group delete --name $resourceGroup

-```

-## Sample reference

-This script uses the following commands to create a resource group, virtual network, and network security groups. Each command in the following table links to command-specific documentation:

-| Command | Notes |

-|||

-| [az group create](/cli/azure/group) | Creates a resource group in which all resources are stored. |

-| [az network vnet create](/cli/azure/network/vnet) | Creates an Azure virtual network and front-end subnet. |

-| [az network subnet create](/cli/azure/network/vnet/subnet) | Creates back-end and DMZ subnets. |

-| [az network public-ip create](/cli/azure/network/public-ip) | Creates a public IP address to access the VM from the internet. |

-| [az network nic create](/cli/azure/network/nic) | Creates a virtual network interface and enable IP forwarding for it. |

-| [az network nsg create](/cli/azure/network/nsg) | Creates a network security group (NSG). |

-| [az network nsg rule create](/cli/azure/network/nsg/rule) | Creates NSG rules that allow HTTP and HTTPS ports inbound to the VM. |

-| [az network vnet subnet update](/cli/azure/network/vnet/subnet)| Associates the NSGs and route tables to subnets. |

-| [az network route-table create](/cli/azure/network/route-table#az-network-route-table-create)| Creates a route table for all routes. |

-| [az network route-table route create](/cli/azure/network/route-table/route#az-network-route-table-route-create)| Creates routes to route traffic between subnets and the internet through the VM. |

-| [az vm create](/cli/azure/vm) | Creates a virtual machine and attaches the NIC to it. This command also specifies the virtual machine image to use and administrative credentials. |

-| [az group delete](/cli/azure/group) | Deletes a resource group and all resources it contains. |

-## Next steps

-For more information on the Azure CLI, see [Azure CLI documentation](/cli/azure).

-Additional virtual network CLI script samples can be found in [Virtual network CLI samples](../cli-samples.md).

-description: Filter inbound and outbound VM network traffic - Azure PowerShell script sample.

-# Filter inbound and outbound VM network traffic script sample

-This script sample creates a virtual network with front-end and back-end subnets. Inbound network traffic to the front-end subnet is limited to HTTP, and HTTPS, while outbound traffic to the internet from the back-end subnet isn't permitted. After running the script, you have one virtual machine with two NICs. Each NIC is connected to a different subnet.

-You can execute the script from the Azure [Cloud Shell](https://shell.azure.com/powershell), or from a local PowerShell installation. If you use PowerShell locally, this script requires the Azure PowerShell module version 1.0.0 or later. To find the installed version, run `Get-InstalledModule -Name Az`. If you need to upgrade, see [Install Azure PowerShell module](/powershell/azure/install-azure-powershell). If you're running PowerShell locally, you also need to run `Connect-AzAccount` to create a connection with Azure.

-## Sample script

-[!code-azurepowershell-interactive[main](../../../powershell_scripts/virtual-network/filter-network-traffic/filter-network-traffic.ps1 "Filter VM network traffic")]

-## Clean up deployment

-Run the following command to remove the resource group, VM, and all related resources:

-```powershell

-Remove-AzResourceGroup -Name myResourceGroup -Force

-```

-## Script explanation

-This script uses the following commands to create a resource group, virtual network, and network security groups. Each command in the following table links to command-specific documentation:

-| Command | Notes |

-|||

-| [New-AzResourceGroup](/powershell/module/az.resources/new-azresourcegroup) | Creates a resource group in which all resources are stored. |

-| [New-AzVirtualNetworkSubnetConfig](/powershell/module/az.network/new-azvirtualnetworksubnetconfig) | Creates a subnet configuration object |

-| [New-AzVirtualNetwork](/powershell/module/az.network/new-azvirtualnetwork) | Creates an Azure virtual network and front-end subnet. |

-| [New-AzNetworkSecurityRuleConfig](/powershell/module/az.network/new-aznetworksecurityruleconfig) | Creates security rules to be assigned to a network security group. |

-| [New-AzNetworkSecurityGroup](/powershell/module/az.network/new-aznetworksecuritygroup) |Creates NSG rules that allow or block specific ports to specific subnets. |

-| [Set-AzVirtualNetworkSubnetConfig](/powershell/module/az.network/set-azvirtualnetworksubnetconfig) | Associates NSGs to subnets. |

-| [New-AzPublicIpAddress](/powershell/module/az.network/new-azpublicipaddress) | Creates a public IP address to access the VM from the internet. |

-| [New-AzNetworkInterface](/powershell/module/az.network/new-aznetworkinterface) | Creates virtual network interfaces and attaches them to the virtual network's front-end and back-end subnets. |

-| [New-AzVMConfig](/powershell/module/az.compute/new-azvmconfig) | Creates a VM configuration. This configuration includes information such as VM name, operating system, and administrative credentials. The configuration is used during VM creation. |

-| [New-AzVM](/powershell/module/az.compute/new-azvm) | Create a virtual machine. |

-|[Remove-AzResourceGroup](/powershell/module/az.resources/remove-azresourcegroup) | Removes a resource group and all resources contained within. |

-## Next steps

-For more information on the Azure PowerShell, see [Azure PowerShell documentation](/powershell/azure/).

-More virtual network PowerShell script samples can be found in [Virtual network PowerShell samples](../powershell-samples.md).

-description: Learn about configuring an IPv6 frontend in a virtual network script sample with an Azure Standard Load Balancer.

-# Configure IPv6 frontend in virtual network script sample with an Azure Standard Load Balancer

-This article outlines the necessary steps to create a dual stack virtual network, load balancer with dual (IPv4 + IPv6) front-end configurations, VMs with NICs that have a dual IP configuration, dual network security group rules, and dual public IPs.

-## Prerequisites

-If you choose to install and use PowerShell locally, this article requires the Azure PowerShell module version 5.4.1 or later. Run `Get-Module -ListAvailable Az` to find the installed version. If you need to upgrade, see [Install Azure PowerShell module](/powershell/azure/install-azure-powershell). If you're running PowerShell locally, you also need to run `Connect-AzAccount` to create a connection with Azure.

-## Sample script

-```azurepowershell

-# Deploys Dual-stack (IPv4+IPv6) Azure virtual network with 2 VMs and Standard Load Balancer with IPv4 and IPv6 public IPs

-# Create resource group to contain the deployment

- $rg = New-AzResourceGroup `

- -ResourceGroupName "dsRG1" `

- -Location "east us"

-# Create the public IPs needed for the deployment

- $PublicIP_v4 = New-AzPublicIpAddress `

- -Name "dsPublicIP_v4" `

- -ResourceGroupName $rg.ResourceGroupName `

- -Location $rg.Location `

- -AllocationMethod Static `

- -IpAddressVersion IPv4 `

- -Sku Standard

-

-$PublicIP_v6 = New-AzPublicIpAddress `

- -Name "dsPublicIP_v6" `

- -ResourceGroupName $rg.ResourceGroupName `

- -Location $rg.Location `

- -AllocationMethod Static `

- -IpAddressVersion IPv6 `

- -Sku Standard

-$RdpPublicIP_1 = New-AzPublicIpAddress `

- -Name "RdpPublicIP_1" `

- -ResourceGroupName $rg.ResourceGroupName `

- -Location $rg.Location `

- -AllocationMethod Static `

- -Sku Standard `

- -IpAddressVersion IPv4

-

-$RdpPublicIP_2 = New-AzPublicIpAddress `

- -Name "RdpPublicIP_2" `

- -ResourceGroupName $rg.ResourceGroupName `

- -Location $rg.Location `

- -AllocationMethod Static `

- -Sku Standard `

- -IpAddressVersion IPv4

-# Create front-end IP address

-$frontendIPv4 = New-AzLoadBalancerFrontendIpConfig `

- -Name "dsLbFrontEnd_v4" `

- -PublicIpAddress $PublicIP_v4

-$frontendIPv6 = New-AzLoadBalancerFrontendIpConfig `

- -Name "dsLbFrontEnd_v6" `

- -PublicIpAddress $PublicIP_v6

-# Configure back-end address pool

-$backendPoolv4 = New-AzLoadBalancerBackendAddressPoolConfig `

-$backendPoolv6 = New-AzLoadBalancerBackendAddressPoolConfig `

-# Create load balancer rule

-$lbrule_v4 = New-AzLoadBalancerRuleConfig `

- -Name "dsLBrule_v4" `

- -FrontendIpConfiguration $frontendIPv4 `

- -BackendAddressPool $backendPoolv4 `

- -Protocol Tcp `

- -FrontendPort 80 `

- -BackendPort 80

-$lbrule_v6 = New-AzLoadBalancerRuleConfig `

- -Name "dsLBrule_v6" `

- -FrontendIpConfiguration $frontendIPv6 `

- -BackendAddressPool $backendPoolv6 `

- -Protocol Tcp `

- -FrontendPort 80 `

- -BackendPort 80

-

-# Create Standard Load Balancer

-$lb = New-AzLoadBalancer `

-# Create availability set

-$avset = New-AzAvailabilitySet `

- -ResourceGroupName $rg.ResourceGroupName `

- -Location $rg.Location `

- -Name "dsAVset" `

- -PlatformFaultDomainCount 2 `

- -PlatformUpdateDomainCount 2 `

- -Sku aligned

-

-# Create network security group and rules

-$rule1 = New-AzNetworkSecurityRuleConfig `

-$rule2 = New-AzNetworkSecurityRuleConfig `

- -Name 'myNetworkSecurityGroupRuleHTTP' `

- -Description 'Allow HTTP' `

- -Access Allow `

- -Protocol Tcp `

- -Direction Inbound `

- -Priority 200 `

- -SourceAddressPrefix * `

- -SourcePortRange 80 `

- -DestinationAddressPrefix * `

- -DestinationPortRange 80

-$nsg = New-AzNetworkSecurityGroup `

-#Create virtual network and subnet

-# Create dual stack subnet

-$subnet = New-AzVirtualNetworkSubnetConfig `

-# Create the virtual network

-$vnet = New-AzVirtualNetwork `

-

-#Create network interfaces (NICs)

-$Ip4Config=New-AzNetworkInterfaceIpConfig `

-

-$Ip6Config=New-AzNetworkInterfaceIpConfig `

-

-$NIC_1 = New-AzNetworkInterface `

-

-$Ip4Config=New-AzNetworkInterfaceIpConfig `

-$NIC_2 = New-AzNetworkInterface `

-# Create virtual machines

-$cred = get-credential -Message "DUAL STACK VNET SAMPLE: Please enter the Administrator credential to log into the VMs"

-$vmsize = "Standard_A2"

-$ImagePublisher = "MicrosoftWindowsServer"

-$imageOffer = "WindowsServer"

-$imageSKU = "2019-Datacenter"

-$vmName= "dsVM1"

-$VMconfig1 = New-AzVMConfig -VMName $vmName -VMSize $vmsize -AvailabilitySetId $avset.Id 3> $null | Set-AzVMOperatingSystem -Windows -ComputerName $vmName -Credential $cred -ProvisionVMAgent 3> $null | Set-AzVMSourceImage -PublisherName $ImagePublisher -Offer $imageOffer -Skus $imageSKU -Version "latest" 3> $null | Set-AzVMOSDisk -Name "$vmName.vhd" -CreateOption fromImage 3> $null | Add-AzVMNetworkInterface -Id $NIC_1.Id 3> $null

-$VM1 = New-AzVM -ResourceGroupName $rg.ResourceGroupName -Location $rg.Location -VM $VMconfig1

-$vmName= "dsVM2"

-$VMconfig2 = New-AzVMConfig -VMName $vmName -VMSize $vmsize -AvailabilitySetId $avset.Id 3> $null | Set-AzVMOperatingSystem -Windows -ComputerName $vmName -Credential $cred -ProvisionVMAgent 3> $null | Set-AzVMSourceImage -PublisherName $ImagePublisher -Offer $imageOffer -Skus $imageSKU -Version "latest" 3> $null | Set-AzVMOSDisk -Name "$vmName.vhd" -CreateOption fromImage 3> $null | Add-AzVMNetworkInterface -Id $NIC_2.Id 3> $null

-$VM2 = New-AzVM -ResourceGroupName $rg.ResourceGroupName -Location $rg.Location -VM $VMconfig2

-#End Of Script

-```

-## Clean up deployment

-Run the following command to remove the resource group, VM, and all related resources:

-```powershell

-Remove-AzResourceGroup -Name <resourcegroupname> -Force

-```

-## Script explanation

-This script uses the following commands to create a resource group, virtual machine, availability set, load balancer, and all related resources. Each command in the table links to command specific documentation.

-| Command | Notes |

-|||

-| [New-AzResourceGroup](/powershell/module/az.resources/new-azresourcegroup) | Creates a resource group in which all resources are stored. |

-| [New-AzVirtualNetworkSubnetConfig](/powershell/module/az.network/new-azvirtualnetworksubnetconfig) | Creates a subnet configuration. This configuration is used with the virtual network creation process. |

-| [New-AzVirtualNetwork](/powershell/module/az.network/new-azvirtualnetwork) | Creates an Azure virtual network and subnet. |

-| [New-AzPublicIpAddress](/powershell/module/az.network/new-azpublicipaddress) | Creates a public IP address with a static IP address and an associated DNS name. |

-| [New-AzLoadBalancer](/powershell/module/az.network/new-azloadbalancer) | Creates an Azure load balancer. |

-| [New-AzLoadBalancerProbeConfig](/powershell/module/az.network/new-azloadbalancerprobeconfig) | Creates a load balancer probe. A load balancer probe is used to monitor each VM in the load balancer set. If any VM becomes inaccessible, traffic isn't routed to the VM. |

-| [New-AzLoadBalancerRuleConfig](/powershell/module/az.network/new-azloadbalancerruleconfig) | Creates a load balancer rule. In this sample, a rule is created for port 80. As HTTP traffic arrives at the load balancer, it's routed to port 80 one of the VMs in the load balancer set. |

-| [New-AzNetworkSecurityGroup](/powershell/module/az.network/new-aznetworksecuritygroup) | Creates a network security group (NSG), which is a security boundary between the internet and the virtual machine. |

-| [New-AzNetworkSecurityRuleConfig](/powershell/module/az.network/new-aznetworksecurityruleconfig) | Creates an NSG rule to allow inbound traffic. In this sample, port 22 is opened for SSH traffic. |

-| [New-AzNetworkInterface](/powershell/module/az.network/new-aznetworkinterface) | Creates a virtual network card and attaches it to the virtual network, subnet, and NSG. |

-| [New-AzAvailabilitySet](/powershell/module/az.compute/new-azavailabilityset) | Creates an availability set. Availability sets ensure application uptime by spreading the virtual machines across physical resources such that if failure occurs, the entire set isn't affected. |

-| [New-AzVMConfig](/powershell/module/az.compute/new-azvmconfig) | Creates a VM configuration. This configuration includes information such as VM name, operating system, and administrative credentials. The configuration is used during VM creation. |

-| [New-AzVM](/powershell/module/az.compute/new-azvm) | Creates the virtual machine and connects it to the network card, virtual network, subnet, and NSG. This command also specifies the virtual machine image to be used and administrative credentials. |

-| [Remove-AzResourceGroup](/powershell/module/az.resources/remove-azresourcegroup) | Deletes a resource group including all nested resources. |

-## Next steps

-For more information on the Azure PowerShell, see [Azure PowerShell documentation](/powershell/azure/).

-More networking PowerShell script samples can be found in the [Azure Networking Overview documentation](../powershell-samples.md?toc=%2fazure%2fnetworking%2ftoc.json).

-description: Configure IPv6 endpoints in virtual network with an Azure PowerShell script and find links to command-specific documentation to help with the PowerShell sample.

-# Configure IPv6 endpoints in virtual network with Azure PowerShell script sample

-This article shows you how to deploy a dual stack (IPv4 + IPv6) application in Azure that includes a dual stack virtual network with a dual stack subnet. A load balancer with dual (IPv4 + IPv6) front-end configurations, VMs with NICs that have a dual IP configuration, dual network security group rules, and dual public IPs are also deployed.

-## Prerequisites

-If you choose to install and use PowerShell locally, this article requires the Azure PowerShell module version 5.4.1 or later. Run `Get-Module -ListAvailable Az` to find the installed version. If you need to upgrade, see [Install Azure PowerShell module](/powershell/azure/install-azure-powershell). If you're running PowerShell locally, you also need to run `Connect-AzAccount` to create a connection with Azure.

-## Sample script

-```azurepowershell

-# Dual-Stack VNET with 2 VMs.ps1

-# Deploys Dual-stack (IPv4+IPv6) Azure virtual network with 2 VMs and Basic Load Balancer with IPv4 and IPv6 public IPs

-# Create resource group to contain the deployment

- $rg = New-AzResourceGroup `

- -ResourceGroupName "dsRG1" `

- -Location "east us"

-# Create the public IPs needed for the deployment

- $PublicIP_v4 = New-AzPublicIpAddress `

- -Name "dsPublicIP_v4" `

- -ResourceGroupName $rg.ResourceGroupName `

- -Location $rg.Location `

- -AllocationMethod Dynamic `

- -IpAddressVersion IPv4

-

- $PublicIP_v6 = New-AzPublicIpAddress `

- -Name "dsPublicIP_v6" `

- -ResourceGroupName $rg.ResourceGroupName `

- -Location $rg.Location `

- -AllocationMethod Dynamic `

- -IpAddressVersion IPv6

- $RdpPublicIP_1 = New-AzPublicIpAddress `

- -Name "RdpPublicIP_1" `

- -ResourceGroupName $rg.ResourceGroupName `

- -Location $rg.Location `

- -AllocationMethod Dynamic `

- -IpAddressVersion IPv4

-

- $RdpPublicIP_2 = New-AzPublicIpAddress `

- -Name "RdpPublicIP_2" `

- -ResourceGroupName $rg.ResourceGroupName `

- -Location $rg.Location `

- -AllocationMethod Dynamic `

- -IpAddressVersion IPv4

-# Create Basic Load Balancer

-$frontendIPv4 = New-AzLoadBalancerFrontendIpConfig `

- -Name "dsLbFrontEnd_v4" `

- -PublicIpAddress $PublicIP_v4

-$frontendIPv6 = New-AzLoadBalancerFrontendIpConfig `

- -Name "dsLbFrontEnd_v6" `

- -PublicIpAddress $PublicIP_v6

-

-$backendPoolv4 = New-AzLoadBalancerBackendAddressPoolConfig `

- -Name "dsLbBackEndPool_v4"

-$backendPoolv6 = New-AzLoadBalancerBackendAddressPoolConfig `

- -Name "dsLbBackEndPool_v6"

-$lbrule_v4 = New-AzLoadBalancerRuleConfig `

- -Name "dsLBrule_v4" `

- -FrontendIpConfiguration $frontendIPv4 `

- -BackendAddressPool $backendPoolv4 `

- -Protocol Tcp `

- -FrontendPort 80 `

- -BackendPort 80

-$lbrule_v6 = New-AzLoadBalancerRuleConfig `

- -Name "dsLBrule_v6" `

- -FrontendIpConfiguration $frontendIPv6 `

- -BackendAddressPool $backendPoolv6 `

- -Protocol Tcp `

- -FrontendPort 80 `

- -BackendPort 80

-

-$lb = New-AzLoadBalancer `

-# Create availability set

-$avset = New-AzAvailabilitySet `

- -ResourceGroupName $rg.ResourceGroupName `

- -Location $rg.Location `

- -Name "dsAVset" `

- -PlatformFaultDomainCount 2 `

- -PlatformUpdateDomainCount 2 `

- -Sku aligned

-

-# Create network security group and rules

-$rule1 = New-AzNetworkSecurityRuleConfig `

-$rule2 = New-AzNetworkSecurityRuleConfig `

- -Name 'myNetworkSecurityGroupRuleHTTP' `

- -Description 'Allow HTTP' `

- -Access Allow `

- -Protocol Tcp `

- -Direction Inbound `

- -Priority 200 `

- -SourceAddressPrefix * `

- -SourcePortRange 80 `

- -DestinationAddressPrefix * `

- -DestinationPortRange 80

-$nsg = New-AzNetworkSecurityGroup `

-#Create virtual network and subnet

-# Create dual stack subnet config

-$subnet = New-AzVirtualNetworkSubnetConfig `

-# Create the virtual network

-$vnet = New-AzVirtualNetwork `

- -ResourceGroupName $rg.ResourceGroupName `

- -Location $rg.Location `

- -Name "dsVnet" `

- -AddressPrefix "10.0.0.0/16","fd00:db8:deca::/48" `

- -Subnet $subnet

-

- #Create network interfaces (NICs)

- $Ip4Config=New-AzNetworkInterfaceIpConfig `

- -Name dsIp4Config `

- -Subnet $vnet.subnets[0] `

- -PrivateIpAddressVersion IPv4 `

- -LoadBalancerBackendAddressPool $backendPoolv4 `

- -PublicIpAddress $RdpPublicIP_1

-

- $Ip6Config=New-AzNetworkInterfaceIpConfig `

- -Name dsIp6Config `

- -Subnet $vnet.subnets[0] `

- -PrivateIpAddressVersion IPv6 `

- -LoadBalancerBackendAddressPool $backendPoolv6

-

- $NIC_1 = New-AzNetworkInterface `

- -Name "dsNIC1" `

- -ResourceGroupName $rg.ResourceGroupName `

- -Location $rg.Location `

- -NetworkSecurityGroupId $nsg.Id `

- -IpConfiguration $Ip4Config,$Ip6Config

-

- $Ip4Config=New-AzNetworkInterfaceIpConfig `

- -Name dsIp4Config `

- -Subnet $vnet.subnets[0] `

- -PrivateIpAddressVersion IPv4 `

- -LoadBalancerBackendAddressPool $backendPoolv4 `

- -PublicIpAddress $RdpPublicIP_2

- $NIC_2 = New-AzNetworkInterface `

- -Name "dsNIC2" `

- -ResourceGroupName $rg.ResourceGroupName `

- -Location $rg.Location `

- -NetworkSecurityGroupId $nsg.Id `

- -IpConfiguration $Ip4Config,$Ip6Config

-# Create virtual machines

-$cred = get-credential -Message "DUAL STACK VNET SAMPLE: Please enter the Administrator credential to log into the VMs"

-$vmsize = "Standard_A2"

-$ImagePublisher = "MicrosoftWindowsServer"

-$imageOffer = "WindowsServer"

-$imageSKU = "2016-Datacenter"

-$vmName= "dsVM1"

-$VMconfig1 = New-AzVMConfig -VMName $vmName -VMSize $vmsize -AvailabilitySetId $avset.Id 3> $null | Set-AzVMOperatingSystem -Windows -ComputerName $vmName -Credential $cred -ProvisionVMAgent 3> $null | Set-AzVMSourceImage -PublisherName $ImagePublisher -Offer $imageOffer -Skus $imageSKU -Version "latest" 3> $null | Set-AzVMOSDisk -Name "$vmName.vhd" -CreateOption fromImage 3> $null | Add-AzVMNetworkInterface -Id $NIC_1.Id 3> $null

-$VM1 = New-AzVM -ResourceGroupName $rg.ResourceGroupName -Location $rg.Location -VM $VMconfig1

-$vmName= "dsVM2"

-$VMconfig2 = New-AzVMConfig -VMName $vmName -VMSize $vmsize -AvailabilitySetId $avset.Id 3> $null | Set-AzVMOperatingSystem -Windows -ComputerName $vmName -Credential $cred -ProvisionVMAgent 3> $null | Set-AzVMSourceImage -PublisherName $ImagePublisher -Offer $imageOffer -Skus $imageSKU -Version "latest" 3> $null | Set-AzVMOSDisk -Name "$vmName.vhd" -CreateOption fromImage 3> $null | Add-AzVMNetworkInterface -Id $NIC_2.Id 3> $null

-$VM2 = New-AzVM -ResourceGroupName $rg.ResourceGroupName -Location $rg.Location -VM $VMconfig2

-#End Of Script

-```

-## Clean up deployment

-Run the following command to remove the resource group, VM, and all related resources:

-```powershell

-Remove-AzResourceGroup -Name <resourcegroupname> -Force

-```

-## Script explanation

-This script uses the following commands to create a resource group, virtual machine, availability set, load balancer, and all related resources. Each command in the table links to command specific documentation.

-| Command | Notes |

-|||

-| [New-AzResourceGroup](/powershell/module/az.resources/new-azresourcegroup) | Creates a resource group in which all resources are stored. |

-| [New-AzVirtualNetworkSubnetConfig](/powershell/module/az.network/new-azvirtualnetworksubnetconfig) | Creates a subnet configuration. This configuration is used with the virtual network creation process. |

-| [New-AzVirtualNetwork](/powershell/module/az.network/new-azvirtualnetwork) | Creates an Azure virtual network and subnet. |

-| [New-AzPublicIpAddress](/powershell/module/az.network/new-azpublicipaddress) | Creates a public IP address with a static IP address and an associated DNS name. |

-| [New-AzLoadBalancer](/powershell/module/az.network/new-azloadbalancer) | Creates an Azure load balancer. |

-| [New-AzLoadBalancerProbeConfig](/powershell/module/az.network/new-azloadbalancerprobeconfig) | Creates a load balancer probe. A load balancer probe is used to monitor each VM in the load balancer set. If any VM becomes inaccessible, traffic isn't routed to the VM. |

-| [New-AzLoadBalancerRuleConfig](/powershell/module/az.network/new-azloadbalancerruleconfig) | Creates a load balancer rule. In this sample, a rule is created for port 80. As HTTP traffic arrives at the load balancer, it's routed to port 80 one of the VMs in the load balancer set. |

-| [New-AzNetworkSecurityGroup](/powershell/module/az.network/new-aznetworksecuritygroup) | Creates a network security group (NSG), which is a security boundary between the internet and the virtual machine. |

-| [New-AzNetworkSecurityRuleConfig](/powershell/module/az.network/new-aznetworksecurityruleconfig) | Creates an NSG rule to allow inbound traffic. In this sample, port 22 is opened for SSH traffic. |

-| [New-AzNetworkInterface](/powershell/module/az.network/new-aznetworkinterface) | Creates a virtual network card and attaches it to the virtual network, subnet, and NSG. |

-| [New-AzAvailabilitySet](/powershell/module/az.compute/new-azavailabilityset) | Creates an availability set. Availability sets ensure application uptime by spreading the virtual machines across physical resources such that if failure occurs, the entire set isn't affected. |

-| [New-AzVMConfig](/powershell/module/az.compute/new-azvmconfig) | Creates a VM configuration. This configuration includes information such as VM name, operating system, and administrative credentials. The configuration is used during VM creation. |

-| [New-AzVM](/powershell/module/az.compute/new-azvm) | Creates the virtual machine and connects it to the network card, virtual network, subnet, and NSG. This command also specifies the virtual machine image to be used and administrative credentials. |

-| [Remove-AzResourceGroup](/powershell/module/az.resources/remove-azresourcegroup) | Deletes a resource group including all nested resources. |

-## Next steps

-For more information on the Azure PowerShell, see [Azure PowerShell documentation](/powershell/azure/).

-More networking PowerShell script samples can be found in the [Azure Networking Overview documentation](../powershell-samples.md?toc=%2fazure%2fnetworking%2ftoc.json).

-description: Azure PowerShell script sample - Route traffic through a firewall NVA.

-# Route traffic through a network virtual appliance script sample

-This script sample creates a virtual network with front-end and back-end subnets. It also creates a VM with IP forwarding enabled to route traffic between the two subnets. After running the script you can deploy network software, such as a firewall application, to the VM.

-You can execute the script from the Azure [Cloud Shell](https://shell.azure.com/powershell), or from a local PowerShell installation. If you use PowerShell locally, this script requires the Az PowerShell module version 5.4.1 or later. To find the installed version, run `Get-Module -ListAvailable Az`. If you need to upgrade, see [Install Azure PowerShell module](/powershell/azure/install-azure-powershell). If you're running PowerShell locally, you also need to run `Connect-AzAccount` to create a connection with Azure.

-## Sample script

-[!code-azurepowershell-interactive[main](../../../powershell_scripts/virtual-network/route-traffic-through-nva/route-traffic-through-nva.ps1 "Route traffic through a network virtual appliance")]

-## Clean up deployment

-Run the following command to remove the resource group, VM, and all related resources:

-```powershell

-Remove-AzResourceGroup -Name myResourceGroup -Force

-```

-## Script explanation

-This script uses the following commands to create a resource group, virtual network, and network security groups. Each command in the following table links to command-specific documentation:

-| Command | Notes |

-|||

-| [New-AzResourceGroup](/powershell/module/az.resources/new-azresourcegroup) | Creates a resource group in which all resources are stored. |

-| [New-AzVirtualNetwork](/powershell/module/az.network/new-azvirtualnetwork) | Creates an Azure virtual network and front-end subnet. |

-| [New-AzVirtualNetworkSubnetConfig](/powershell/module/az.network/new-azvirtualnetworksubnetconfig) | Creates back-end and DMZ subnets. |

-| [New-AzPublicIpAddress](/powershell/module/az.network/new-azpublicipaddress) | Creates a public IP address to access the VM from the internet. |

-| [New-AzNetworkInterface](/powershell/module/az.network/new-aznetworkinterface) | Creates a virtual network interface and enable IP forwarding for it. |

-| [New-AzNetworkSecurityGroup](/powershell/module/az.network/new-aznetworksecuritygroup) | Creates a network security group (NSG). |

-| [New-AzNetworkSecurityRuleConfig](/powershell/module/az.network/new-aznetworksecurityruleconfig) | Creates NSG rules that allow HTTP and HTTPS ports inbound to the VM. |

-| [Set-AzVirtualNetworkSubnetConfig](/powershell/module/az.network/set-azvirtualnetworksubnetconfig)| Associates the NSGs and route tables to subnets. |

-| [New-AzRouteTable](/powershell/module/az.network/new-azroutetable)| Creates a route table for all routes. |

-| [New-AzRouteConfig](/powershell/module/az.network/new-azrouteconfig)| Creates routes to route traffic between subnets and the internet through the VM. |

-| [New-AzVM](/powershell/module/az.compute/new-azvm) | Creates a virtual machine and attaches the NIC to it. This command also specifies the virtual machine image to use and administrative credentials. |

-| [Remove-AzResourceGroup](/powershell/module/az.resources/remove-azresourcegroup) | Deletes a resource group and all resources it contains. |

-## Next steps

-For more information on the Azure PowerShell, see [Azure PowerShell documentation](/powershell/azure/).

-More virtual network PowerShell script samples can be found in [Virtual network PowerShell samples](../powershell-samples.md).

-# About user groups and IP address pools for P2S User VPNs - Preview

-# Configure user groups and IP address pools for P2S User VPNs - Preview

-# RADIUS - Configure NPS for vendor-specific attributes - P2S user groups - Preview

-|Managed preview|Configure user groups and IP address pools for P2S User VPNs| This feature allows you to configure P2S User VPNs to assign users IP addresses from specific address pools based on their identity or authentication credentials by creating **User Groups**.|| Known limitations are displayed here: [Configure User Groups and IP address pools for P2S User VPNs (preview)](user-groups-create.md).|