Updates from: 06/02/2022 01:20:01
Service Microsoft Docs article Related commit history on GitHub Change details
active-directory-b2c Partner Asignio https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/partner-asignio.md
Follow the steps mentioned in [this tutorial](tutorial-register-applications.md?
| Property | Value | |:--|:-| |Name | Login with Asignio *(or a name of your choice)*
- |Metadata URL | https://authorization.asignio.com/.well-known/openid-configuration|
+ |Metadata URL | `https://authorization.asignio.com/.well-known/openid-configuration`|
| Client ID | enter the client ID that you previously generated in [step 1](#step-1-configure-an-application-with-asignio)| |Client Secret | enter the Client secret that you previously generated in [step 1](#step-1-configure-an-application-with-asignio)| | Scope | openid email profile |
active-directory Howto Mfa Userstates https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/howto-mfa-userstates.md
Previously updated : 07/22/2021 Last updated : 06/01/2022
All users start out *Disabled*. When you enroll users in per-user Azure AD Multi
To view and manage user states, complete the following steps to access the Azure portal page: 1. Sign in to the [Azure portal](https://portal.azure.com) as a Global administrator.
-1. Search for and select *Azure Active Directory*, then select **Users** > **All users**.
-1. Select **Per-user MFA**. You may need to scroll to the right to see this menu option. Select the example screenshot below to see the full Azure portal window and menu location:
- [![Select Multi-Factor Authentication from the Users window in Azure AD.](media/howto-mfa-userstates/selectmfa-cropped.png)](media/howto-mfa-userstates/selectmfa.png#lightbox)
+1. Search for and select **Azure Active Directory**, then select **Users** > **All users**.
+1. Select **Per-user MFA**.
+ :::image type="content" border="true" source="media/howto-mfa-userstates/selectmfa-cropped.png" alt-text="Screenshot of select Multi-Factor Authentication from the Users window in Azure AD.":::
1. A new page opens that displays the user state, as shown in the following example. ![Screenshot that shows example user state information for Azure AD Multi-Factor Authentication](./media/howto-mfa-userstates/userstate1.png)
active-directory Block Legacy Authentication https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/conditional-access/block-legacy-authentication.md
-# How to: Block legacy authentication to Azure AD with Conditional Access
+# How to: Block legacy authentication access to Azure AD with Conditional Access
To give your users easy access to your cloud apps, Azure Active Directory (Azure AD) supports a broad variety of authentication protocols including legacy authentication. However, legacy authentication doesn't support multifactor authentication (MFA). MFA is in many environments a common requirement to address identity theft.
active-directory Concept Condition Filters For Devices https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/conditional-access/concept-condition-filters-for-devices.md
The filter for devices condition in Conditional Access evaluates policy based on
## Next steps
+- [Back to school ΓÇô Using Boolean algebra correctly in complex filters](https://techcommunity.microsoft.com/t5/intune-customer-success/back-to-school-using-boolean-algebra-correctly-in-complex/ba-p/3422765)
- [Update device Graph API](/graph/api/device-update?tabs=http) - [Conditional Access: Conditions](concept-conditional-access-conditions.md) - [Common Conditional Access policies](concept-conditional-access-policy-common.md)-- [Securing devices as part of the privileged access story](/security/compass/privileged-access-devices)
+- [Securing devices as part of the privileged access story](/security/compass/privileged-access-devices)
active-directory Concept Conditional Access Users Groups https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/conditional-access/concept-conditional-access-users-groups.md
Previously updated : 03/17/2021 Last updated : 06/01/2022
The following options are available to include when creating a Conditional Acces
- All guest and external users - This selection includes any B2B guests and external users including any user with the `user type` attribute set to `guest`. This selection also applies to any external user signed-in from a different organization like a Cloud Solution Provider (CSP). - Directory roles
- - Allows administrators to select specific built-in Azure AD directory roles used to determine policy assignment. For example, organizations may create a more restrictive policy on users assigned the global administrator role. Other role types are not supported, including administrative unit-scoped roles and custom roles.
+ - Allows administrators to select specific built-in Azure AD directory roles used to determine policy assignment. For example, organizations may create a more restrictive policy on users assigned the global administrator role. Other role types aren't supported, including administrative unit-scoped roles and custom roles.
- Users and groups - Allows targeting of specific sets of users. For example, organizations can select a group that contains all members of the HR department when an HR app is selected as the cloud app. A group can be any type of user group in Azure AD, including dynamic or assigned security and distribution groups. Policy will be applied to nested users and groups.
The following options are available to include when creating a Conditional Acces
## Exclude users
-When organizations both include and exclude a user or group the user or group is excluded from the policy, as an exclude action overrides an include in policy. Exclusions are commonly used for emergency access or break-glass accounts. More information about emergency access accounts and why they are important can be found in the following articles:
+When organizations both include and exclude a user or group the user or group is excluded from the policy, as an exclude action overrides an include in policy. Exclusions are commonly used for emergency access or break-glass accounts. More information about emergency access accounts and why they're important can be found in the following articles:
* [Manage emergency access accounts in Azure AD](../roles/security-emergency-access.md) * [Create a resilient access control management strategy with Azure Active Directory](../authentication/concept-resilient-controls.md)
The following options are available to exclude when creating a Conditional Acces
### Preventing administrator lockout
-To prevent an administrator from locking themselves out of their directory when creating a policy applied to **All users** and **All apps**, they will see the following warning.
+To prevent an administrator from locking themselves out of their directory when creating a policy applied to **All users** and **All apps**, they'll see the following warning.
> Don't lock yourself out! We recommend applying a policy to a small set of users first to verify it behaves as expected. We also recommend excluding at least one administrator from this policy. This ensures that you still have access and can update a policy if a change is required. Please review the affected users and apps.
By default the policy will provide an option to exclude the current user from th
![Warning, don't lock yourself out!](./media/concept-conditional-access-users-groups/conditional-access-users-and-groups-lockout-warning.png)
-If you do find yourself locked out, see [What to do if you are locked out of the Azure portal?](troubleshoot-conditional-access.md#what-to-do-if-youre-locked-out-of-the-azure-portal)
+If you do find yourself locked out, see [What to do if you're locked out of the Azure portal?](troubleshoot-conditional-access.md#what-to-do-if-youre-locked-out-of-the-azure-portal)
+
+### External partner access
+
+Conditional Access policies that target external users may interfere with service provider access, for example granular delegated admin privileges [Introduction to granular delegated admin privileges (GDAP)](/partner-center/gdap-introduction).
## Next steps
active-directory Access Tokens https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/access-tokens.md
Title: Microsoft identity platform access tokens | Azure-
+ Title: Microsoft identity platform access tokens
description: Learn about access tokens emitted by the Azure AD v1.0 and Microsoft identity platform (v2.0) endpoints.
active-directory Accounts Overview https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/accounts-overview.md
Title: Microsoft identity platform accounts & tenant profiles on Android | Azure
+ Title: Microsoft identity platform accounts & tenant profiles on Android
description: An overview of the Microsoft identity platform accounts for Android
active-directory Active Directory Certificate Credentials https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/active-directory-certificate-credentials.md
Title: Microsoft identity platform certificate credentials- description: This article discusses the registration and use of certificate credentials for application authentication.
active-directory Active Directory Claims Mapping https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/active-directory-claims-mapping.md
Title: Customize Azure AD tenant app claims (PowerShell)- description: Learn how to customize claims emitted in tokens for an application in a specific Azure Active Directory tenant.
active-directory Active Directory Configurable Token Lifetimes https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/active-directory-configurable-token-lifetimes.md
Title: Configurable token lifetimes- description: Learn how to set lifetimes for access, SAML, and ID tokens issued by the Microsoft identity platform.
active-directory Active Directory Enterprise App Role Management https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/active-directory-enterprise-app-role-management.md
Title: Configure role claim for enterprise Azure AD apps | Azure-
+ Title: Configure role claim for enterprise Azure AD apps
description: Learn how to configure the role claim issued in the SAML token for enterprise applications in Azure Active Directory
active-directory Active Directory How Applications Are Added https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/active-directory-how-applications-are-added.md
Title: How and why apps are added to Azure AD- description: What does it mean for an application to be added to Azure AD and how do they get there?
active-directory Active Directory How To Integrate https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/active-directory-how-to-integrate.md
Title: How to integrate with the Microsoft identity platform | Azure-
+ Title: How to integrate with the Microsoft identity platform
description: Learn the benefits of integrating your application with the Microsoft identity platform, and get resources for features like simplified sign-in, identity management, multi-factor authentication, and access control.
active-directory Active Directory Optional Claims https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/active-directory-optional-claims.md
Title: Provide optional claims to Azure AD apps- description: How to add custom or additional claims to the SAML 2.0 and JSON Web Tokens (JWT) tokens issued by Microsoft identity platform.
active-directory Active Directory Saml Claims Customization https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/active-directory-saml-claims-customization.md
Title: Customize app SAML token claims- description: Learn how to customize the claims issued by Microsoft identity platform in the SAML token for enterprise applications.
active-directory Active Directory Schema Extensions https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/active-directory-schema-extensions.md
Title: Use Azure AD schema extension attributes in claims- description: Describes how to use directory schema extension attributes for sending user data to applications in token claims.
active-directory Active Directory V2 Protocols https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/active-directory-v2-protocols.md
Title: OAuth 2.0 and OpenID Connect protocols on the Microsoft identity platform | Azure-
+ Title: OAuth 2.0 and OpenID Connect protocols on the Microsoft identity platform
description: A guide to OAuth 2.0 and OpenID Connect protocols as supported by the Microsoft identity platform.
active-directory Api Find An Api How To https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/api-find-an-api-how-to.md
Title: Find an API for a custom-developed app | Azure
+ Title: Find an API for a custom-developed app
description: How to configure the permissions you need to access a particular API in your custom developed Azure AD application
active-directory App Objects And Service Principals https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/app-objects-and-service-principals.md
Title: Apps & service principals in Azure AD- description: Learn about the relationship between application and service principal objects in Azure Active Directory.
active-directory App Resilience Continuous Access Evaluation https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/app-resilience-continuous-access-evaluation.md
Title: "How to use Continuous Access Evaluation enabled APIs in your applications | Azure"-
+ Title: "How to use Continuous Access Evaluation enabled APIs in your applications"
description: How to increase app security and resilience by adding support for Continuous Access Evaluation, enabling long-lived access tokens that can be revoked based on critical events and policy evaluation.
active-directory App Sign In Flow https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/app-sign-in-flow.md
Title: App sign-in flow with the Microsoft identity platform | Azure-
+ Title: App sign-in flow with the Microsoft identity platform
description: Learn about the sign-in flow of web, desktop, and mobile apps in Microsoft identity platform.
active-directory Apple Sso Plugin https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/apple-sso-plugin.md
Title: Microsoft Enterprise SSO plug-in for Apple devices- description: Learn about the Azure Active Directory SSO plug-in for iOS, iPadOS, and macOS devices.
active-directory Application Consent Experience https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/application-consent-experience.md
Title: Azure AD app consent experiences- description: Learn more about the Azure AD consent experiences to see how you can use it when managing and developing applications on Azure AD
active-directory Application Model https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/application-model.md
Title: Application model | Azure-
+ Title: Application model
description: Learn about the process of registering your application so it can integrate with the Microsoft identity platform.
active-directory Authentication Flows App Scenarios https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/authentication-flows-app-scenarios.md
Title: Microsoft identity platform authentication flows & app scenarios | Azure
+ Title: Microsoft identity platform authentication flows & app scenarios
description: Learn about application scenarios for the Microsoft identity platform, including authenticating identities, acquiring tokens, and calling protected APIs.
active-directory Authentication National Cloud https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/authentication-national-cloud.md
Title: Azure AD authentication & national clouds | Azure-
+ Title: Azure AD authentication & national clouds
description: Learn about app registration and authentication endpoints for national clouds.
active-directory Authentication Vs Authorization https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/authentication-vs-authorization.md
Title: Authentication vs. authorization | Azure-
+ Title: Authentication vs. authorization
description: Learn about the basics of authentication and authorization in the Microsoft identity platform.
active-directory Authorization Basics https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/authorization-basics.md
Title: Authorization basics | Azure-
+ Title: Authorization basics
description: Learn about the basics of authorization in the Microsoft identity platform.
active-directory Claims Challenge https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/claims-challenge.md
Title: Claims challenges, claims requests, and client capabilities- description: Explanation of claims challenges, claims requests, and client capabilities in the Microsoft identity platform.
active-directory Config Authority https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/config-authority.md
Title: Configure identity providers (MSAL iOS/macOS) | Azure-
+ Title: Configure identity providers (MSAL iOS/macOS)
description: Learn how to use different authorities such as B2C, sovereign clouds, and guest users, with MSAL for iOS and macOS.
active-directory Configure Token Lifetimes https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/configure-token-lifetimes.md
Title: Set lifetimes for tokens- description: Learn how to set lifetimes for tokens issued by Microsoft identity platform. Learn how to learn how to manage an organization's default policy, create a policy for web sign-in, create a policy for a native app that calls a web API, and manage an advanced policy.
active-directory Consent Framework https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/consent-framework.md
Title: Microsoft identity platform consent framework- description: Learn about the consent framework in the Microsoft identity platform and how it applies to multi-tenant applications.
active-directory Console App Quickstart https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/console-app-quickstart.md
Title: "Quickstart: Call Microsoft Graph from a console application | Azure"-
+ Title: "Quickstart: Call Microsoft Graph from a console application"
description: In this quickstart, you learn how a console application can get an access token and call an API protected by Microsoft identity platform, using the app's own identity
active-directory Customize Webviews https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/customize-webviews.md
Title: Customize browsers & WebViews (MSAL iOS/macOS) | Azure-
+ Title: Customize browsers & WebViews (MSAL iOS/macOS)
description: Learn how to customize the MSAL iOS/macOS browser experience to sign in users.
active-directory Delegated And App Perms https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/delegated-and-app-perms.md
Title: Differences between delegated and app permissions | Azure
+ Title: Differences between delegated and app permissions
description: Learn about delegated and application permissions, how they are used by clients and exposed by resources for applications you are developing with Azure AD
active-directory Desktop App Quickstart https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/desktop-app-quickstart.md
Title: "Quickstart: Sign in users and call Microsoft Graph in a desktop app | Azure"-
+ Title: "Quickstart: Sign in users and call Microsoft Graph in a desktop app"
description: In this quickstart, learn how a desktop application can get an access token and call an API protected by the Microsoft identity platform.
active-directory Developer Support Help Options https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/developer-support-help-options.md
Title: Support and help options for Microsoft identity platform developers | Azure
+ Title: Support and help options for Microsoft identity platform developers
description: Learn where to get help and find answers to your questions as you build identity and access management (IAM) solutions that integrate with Azure Active Directory (Azure AD) and other components of the Microsoft identity platform.
active-directory Howto Add App Roles In Azure Ad Apps https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/howto-add-app-roles-in-azure-ad-apps.md
Title: Add app roles and get them from a token | Azure-
+ Title: Add app roles and get them from a token
description: Learn how to add app roles to an application registered in Azure Active Directory, assign users and groups to these roles, and receive them in the 'roles' claim in the token.
active-directory Howto Add Branding In Azure Ad Apps https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/howto-add-branding-in-azure-ad-apps.md
Title: Sign in with Microsoft branding guidelines | Azure AD- description: Learn about application branding guidelines for Microsoft identity platform.
active-directory Howto Add Terms Of Service Privacy Statement https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/howto-add-terms-of-service-privacy-statement.md
Title: Terms of Service and privacy statement for apps | Azure
+ Title: Terms of Service and privacy statement for apps
description: Learn how you can configure the terms of service and privacy statement for apps registered to use Azure AD.
active-directory Howto Authenticate Service Principal Powershell https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/howto-authenticate-service-principal-powershell.md
Title: Create an Azure app identity (PowerShell) | Azure-
+ Title: Create an Azure app identity (PowerShell)
description: Describes how to use Azure PowerShell to create an Azure Active Directory application and service principal, and grant it access to resources through role-based access control. It shows how to authenticate application with a certificate.
active-directory Howto Build Services Resilient To Metadata Refresh https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/howto-build-services-resilient-to-metadata-refresh.md
Title: "How to: Build services that are resilient to Azure AD's OpenID Connect metadata refresh | Azure"-
+ Title: "How to: Build services that are resilient to Azure AD's OpenID Connect metadata refresh"
description: Learn how to ensure that your web app or web api is resilient to Azure AD's OpenID Connect metadata refresh.
active-directory Howto Configure Publisher Domain https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/howto-configure-publisher-domain.md
Title: Configure an app's publisher domain | Azure-
+ Title: Configure an app's publisher domain
description: Learn how to configure an application's publisher domain to let users know where their information is being sent.
active-directory Howto Convert App To Be Multi Tenant https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/howto-convert-app-to-be-multi-tenant.md
Title: Build apps that sign in Azure AD users- description: Shows how to build a multi-tenant application that can sign in a user from any Azure Active Directory tenant.
active-directory Howto Create Self Signed Certificate https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/howto-create-self-signed-certificate.md
Title: Create a self-signed public certificate to authenticate your application | Azure-
+ Title: Create a self-signed public certificate to authenticate your application
description: Create a self-signed public certificate to authenticate your application.
active-directory Howto Create Service Principal Portal https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/howto-create-service-principal-portal.md
Title: Create an Azure AD app and service principal in the portal- description: Create a new Azure Active Directory app and service principal to manage access to resources with role-based access control in Azure Resource Manager.
active-directory Howto Get List Of All Active Directory Auth Library Apps https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/howto-get-list-of-all-active-directory-auth-library-apps.md
Title: "How to: Get a complete list of all apps using Active Directory Authentication Library (ADAL) in your tenant | Azure"-
+ Title: "How to: Get a complete list of all apps using Active Directory Authentication Library (ADAL) in your tenant"
description: In this how-to guide, you get a complete list of all apps that are using ADAL in your tenant.
active-directory Howto Handle Samesite Cookie Changes Chrome Browser https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/howto-handle-samesite-cookie-changes-chrome-browser.md
Title: How to handle SameSite cookie changes in Chrome browser | Azure-
+ Title: How to handle SameSite cookie changes in Chrome browser
description: Learn how to handle SameSite cookie changes in Chrome browser.
active-directory Howto Implement Rbac For Apps https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/howto-implement-rbac-for-apps.md
Title: Implement role-based access control in apps- description: Learn how to implement role-based access control in your applications.
active-directory Howto Modify Supported Accounts https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/howto-modify-supported-accounts.md
Title: "How to: Change the account types supported by an application | Azure"-
+ Title: "How to: Change the account types supported by an application"
description: In this how-to, you configure an application registered with the Microsoft identity platform to change who, or what accounts, can access the application.
active-directory Howto Remove App https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/howto-remove-app.md
Title: "How to: Remove a registered app from the Microsoft identity platform | Azure"-
+ Title: "How to: Remove a registered app from the Microsoft identity platform"
description: In this how-to, you learn how to remove an application registered with the Microsoft identity platform.
active-directory Howto Restore App https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/howto-restore-app.md
Title: "How to: Restore or remove a recently deleted application with the Microsoft identity platform | Azure"-
+ Title: "How to: Restore or remove a recently deleted application with the Microsoft identity platform"
description: In this how-to, you learn how to restore or permanently delete a recently deleted application registered with the Microsoft identity platform.
active-directory Howto Restrict Your App To A Set Of Users https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/howto-restrict-your-app-to-a-set-of-users.md
Title: Restrict Azure AD app to a set of users | Azure-
+ Title: Restrict Azure AD app to a set of users
description: Learn how to restrict access to your apps registered in Azure AD to a selected set of users.
active-directory Howto V2 Keychain Objc https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/howto-v2-keychain-objc.md
Title: Configure keychain - description: Learn how to configure keychain so that your app can cache tokens in the keychain.
active-directory Id Tokens https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/id-tokens.md
Title: Microsoft identity platform ID tokens | Azure-
+ Title: Microsoft identity platform ID tokens
description: Learn how to use id_tokens emitted by the Azure AD v1.0 and Microsoft identity platform (v2.0) endpoints.
active-directory Identity Platform Integration Checklist https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/identity-platform-integration-checklist.md
Title: Best practices for the Microsoft identity platform | Azure
+ Title: Best practices for the Microsoft identity platform
description: Learn about best practices, recommendations, and common oversights when integrating with the Microsoft identity platform.
active-directory Identity Videos https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/identity-videos.md
Title: Microsoft identity platform videos | Azure
+ Title: Microsoft identity platform videos
description: A list of videos about modern authentication and the Microsoft identity platform
active-directory Mark App As Publisher Verified https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/mark-app-as-publisher-verified.md
Title: Mark an app as publisher verified - Microsoft identity platform | Azure
+ Title: Mark an app as publisher verified
description: Describes how to mark an app as publisher verified. When an application is marked as publisher verified, it means that the publisher has verified their identity using a Microsoft Partner Network account that has completed the verification process and has associated this MPN account with their application registration.
active-directory Microsoft Identity Web https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/microsoft-identity-web.md
Title: Microsoft Identity Web authentication library overview- description: Learn about Microsoft Identity Web, an authentication and authorization library for ASP.NET Core applications that integrate with Azure Active Directory, Azure AD B2C, and Microsoft Graph and other web APIs.
active-directory Migrate Adal Msal Java https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/migrate-adal-msal-java.md
Title: ADAL to MSAL migration guide (MSAL4j) | Azure-
+ Title: ADAL to MSAL migration guide (MSAL4j)
description: Learn how to migrate your Azure Active Directory Authentication Library (ADAL) Java app to the Microsoft Authentication Library (MSAL).
active-directory Migrate Android Adal Msal https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/migrate-android-adal-msal.md
Title: ADAL to MSAL migration guide for Android | Azure-
+ Title: ADAL to MSAL migration guide for Android
description: Learn how to migrate your Azure Active Directory Authentication Library (ADAL) Android app to the Microsoft Authentication Library (MSAL).
active-directory Migrate Objc Adal Msal https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/migrate-objc-adal-msal.md
Title: ADAL to MSAL migration guide (MSAL iOS/macOS) | Azure-
+ Title: ADAL to MSAL migration guide (MSAL iOS/macOS)
description: Learn the differences between MSAL for iOS/macOS and the Azure AD Authentication Library for ObjectiveC (ADAL.ObjC) and how to migrate to MSAL for iOS/macOS.
active-directory Migrate Python Adal Msal https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/migrate-python-adal-msal.md
Title: Python ADAL to MSAL migration guide | Azure-
+ Title: Python ADAL to MSAL migration guide
description: Learn how to migrate your Azure Active Directory Authentication Library (ADAL) Python app to the Microsoft Authentication Library (MSAL) for Python.
active-directory Migrate Spa Implicit To Auth Code https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/migrate-spa-implicit-to-auth-code.md
Title: Migrate JavaScript single-page app from implicit grant to authorization code flow | Azure-
+ Title: Migrate JavaScript single-page app from implicit grant to authorization code flow
description: How to update a JavaScript SPA using MSAL.js 1.x and the implicit grant flow to MSAL.js 2.x and the authorization code flow with PKCE and CORS support.
active-directory Mobile App Quickstart Portal Android https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/mobile-app-quickstart-portal-android.md
Title: "Quickstart: Add sign in with Microsoft to an Android app | Azure"-
+ Title: "Quickstart: Add sign in with Microsoft to an Android app"
description: In this quickstart, learn how Android applications can call an API that requires access tokens issued by the Microsoft identity platform.
active-directory Mobile App Quickstart Portal Ios https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/mobile-app-quickstart-portal-ios.md
Title: "Quickstart: Add sign in with Microsoft to an iOS or macOS app | Azure"-
+ Title: "Quickstart: Add sign in with Microsoft to an iOS or macOS app"
description: In this quickstart, learn how an iOS or macOS app can sign in users, get an access token from the Microsoft identity platform, and call the Microsoft Graph API.
active-directory Mobile App Quickstart https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/mobile-app-quickstart.md
Title: "Quickstart: Add sign in with Microsoft to a mobile app | Azure"-
+ Title: "Quickstart: Add sign in with Microsoft to a mobile app"
description: In this quickstart, learn how a mobile app can sign in users, get an access token from the Microsoft identity platform, and call the Microsoft Graph API.
active-directory Mobile Sso Support Overview https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/mobile-sso-support-overview.md
Title: Support single sign-on and app protection policies in mobile apps you develop | Azure-
+ Title: Support single sign-on and app protection policies in mobile apps you develop
description: Explanation and overview of building mobile applications that support single sign-on and app protection policies using the Microsoft identity platform and integrating with Azure Active Directory.
active-directory Msal Acquire Cache Tokens https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/msal-acquire-cache-tokens.md
Title: Acquire and cache tokens with Microsoft Authentication Library (MSAL) | Azure-
+ Title: Acquire and cache tokens with Microsoft Authentication Library (MSAL)
description: Learn about acquiring and caching tokens using MSAL.
active-directory Msal Android B2c https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/msal-android-b2c.md
Title: Azure AD B2C (MSAL Android) | Azure-
+ Title: Azure AD B2C (MSAL Android)
description: Learn about specific considerations when using Azure AD B2C with the Microsoft Authentication Library for Android (MSAL.Android)
active-directory Msal Android Handling Exceptions https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/msal-android-handling-exceptions.md
Title: Errors and exceptions (MSAL Android) | Azure-
+ Title: Errors and exceptions (MSAL Android)
description: Learn how to handle errors and exceptions, Conditional Access, and claims challenges in MSAL Android applications.
active-directory Msal Android Shared Devices https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/msal-android-shared-devices.md
Title: Shared device mode for Android devices- description: Learn how to enable shared device mode to allow frontline workers to share an Android device
active-directory Msal Android Single Sign On https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/msal-android-single-sign-on.md
Title: How to enable cross-app SSO on Android using MSAL | Azure-
+ Title: How to enable cross-app SSO on Android using MSAL
description: How to use the Microsoft Authentication Library (MSAL) for Android to enable single sign-on across your applications.
active-directory Msal Authentication Flows https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/msal-authentication-flows.md
Title: Authentication flow support in the Microsoft Authentication Library (MSAL) | Azure-
+ Title: Authentication flow support in the Microsoft Authentication Library (MSAL)
description: Learn about the authorization grants and authentication flows supported by MSAL.
active-directory Msal B2c Overview https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/msal-b2c-overview.md
Title: Use MSAL.js with Azure AD B2C- description: The Microsoft Authentication Library for JavaScript (MSAL.js) enables applications to work with Azure AD B2C and acquire tokens to call secured web APIs. These web APIs can be Microsoft Graph, other Microsoft APIs, web APIs from others, or your own web API.
active-directory Msal Client Application Configuration https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/msal-client-application-configuration.md
Title: Client application configuration (MSAL) | Azure-
+ Title: Client application configuration (MSAL)
description: Learn about configuration options for public client and confidential client applications using the Microsoft Authentication Library (MSAL).
active-directory Msal Client Applications https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/msal-client-applications.md
Title: Public and confidential client apps (MSAL) | Azure-
+ Title: Public and confidential client apps (MSAL)
description: Learn about public client and confidential client applications in the Microsoft Authentication Library (MSAL).
active-directory Msal Compare Msal Js And Adal Js https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/msal-compare-msal-js-and-adal-js.md
Title: "Migrate your JavaScript application from ADAL.js to MSAL.js | Azure"-
+ Title: "Migrate your JavaScript application from ADAL.js to MSAL.js"
description: How to update your existing JavaScript application to use the Microsoft Authentication Library (MSAL) for authentication and authorization instead of the Active Directory Authentication Library (ADAL).
active-directory Msal Configuration https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/msal-configuration.md
Title: Android MSAL configuration file | Azure-
+ Title: Android MSAL configuration file
description: An overview of the Android Microsoft Authentication Library (MSAL) configuration file, which represents an application's configuration in Azure Active Directory.
active-directory Msal Differences Ios Macos https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/msal-differences-ios-macos.md
Title: MSAL for iOS & macOS differences | Azure-
+ Title: MSAL for iOS & macOS differences
description: Describes the Microsoft Authentication Library (MSAL) usage differences between iOS and macOS.
active-directory Msal Error Handling Dotnet https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/msal-error-handling-dotnet.md
Title: Handle errors and exceptions in MSAL.NET- description: Learn how to handle errors and exceptions, Conditional Access claims challenges, and retries in MSAL.NET.
active-directory Msal Error Handling Ios https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/msal-error-handling-ios.md
Title: Handle errors and exceptions in MSAL for iOS/macOS- description: Learn how to handle errors and exceptions, Conditional Access claims challenges, and retries in MSAL for iOS/macOS applications.
active-directory Msal Error Handling Java https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/msal-error-handling-java.md
Title: Handle errors and exceptions in MSAL4J- description: Learn how to handle errors and exceptions, Conditional Access claims challenges, and retries in MSAL4J applications.
active-directory Msal Error Handling Js https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/msal-error-handling-js.md
Title: Handle errors and exceptions in MSAL.js- description: Learn how to handle errors and exceptions, Conditional Access claims challenges, and retries in MSAL.js applications.
active-directory Msal Error Handling Python https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/msal-error-handling-python.md
Title: Handle errors and exceptions in MSAL for Python- description: Learn how to handle errors and exceptions, Conditional Access claims challenges, and retries in MSAL for Python applications.
active-directory Msal Ios Shared Devices https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/msal-ios-shared-devices.md
Title: Shared device mode for iOS devices- description: Learn how to enable shared device mode to allow frontline workers to share an iOS device
active-directory Msal Java Adfs Support https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/msal-java-adfs-support.md
Title: AD FS support (MSAL for Java)- description: Learn about Active Directory Federation Services (AD FS) support in the Microsoft Authentication Library for Java (MSAL4j).
active-directory Msal Java Get Remove Accounts Token Cache https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/msal-java-get-remove-accounts-token-cache.md
Title: Get & remove accounts from the token cache (MSAL4j) | Azure-
+ Title: Get & remove accounts from the token cache (MSAL4j)
description: Learn how to view and remove accounts from the token cache using the Microsoft Authentication Library for Java.
active-directory Msal Java Token Cache Serialization https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/msal-java-token-cache-serialization.md
Title: Custom token cache serialization (MSAL4j)- description: Learn how to serialize the token cache for MSAL for Java
active-directory Msal Js Avoid Page Reloads https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/msal-js-avoid-page-reloads.md
Title: Avoid page reloads (MSAL.js) | Azure-
+ Title: Avoid page reloads (MSAL.js)
description: Learn how to avoid page reloads when acquiring and renewing tokens silently using the Microsoft Authentication Library for JavaScript (MSAL.js).
active-directory Msal Js Initializing Client Applications https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/msal-js-initializing-client-applications.md
Title: Initialize MSAL.js client apps | Azure-
+ Title: Initialize MSAL.js client apps
description: Learn about initializing client applications using the Microsoft Authentication Library for JavaScript (MSAL.js).
active-directory Msal Js Known Issues Ie Edge Browsers https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/msal-js-known-issues-ie-edge-browsers.md
Title: Issues on Internet Explorer & Microsoft Edge (MSAL.js) | Azure-
+ Title: Issues on Internet Explorer & Microsoft Edge (MSAL.js)
description: Learn about know issues when using the Microsoft Authentication Library for JavaScript (MSAL.js) with Internet Explorer and Microsoft Edge browsers.
active-directory Msal Js Pass Custom State Authentication Request https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/msal-js-pass-custom-state-authentication-request.md
Title: Pass custom state in authentication requests (MSAL.js) | Azure-
+ Title: Pass custom state in authentication requests (MSAL.js)
description: Learn how to pass a custom state parameter value in authentication request using the Microsoft Authentication Library for JavaScript (MSAL.js).
active-directory Msal Js Prompt Behavior https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/msal-js-prompt-behavior.md
Title: Interactive request prompt behavior (MSAL.js) | Azure-
+ Title: Interactive request prompt behavior (MSAL.js)
description: Learn to customize prompt behavior in interactive calls using the Microsoft Authentication Library for JavaScript (MSAL.js).
active-directory Msal Js Sso https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/msal-js-sso.md
Title: Single sign-on (MSAL.js) | Azure-
+ Title: Single sign-on (MSAL.js)
description: Learn about building single sign-on experiences using the Microsoft Authentication Library for JavaScript (MSAL.js).
active-directory Msal Js Use Ie Browser https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/msal-js-use-ie-browser.md
Title: Issues on Internet Explorer (MSAL.js) | Azure-
+ Title: Issues on Internet Explorer (MSAL.js)
description: Use the Microsoft Authentication Library for JavaScript (MSAL.js) with Internet Explorer browser.
active-directory Msal Logging Android https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/msal-logging-android.md
Title: Logging errors and exceptions in MSAL for Android.- description: Learn how to log errors and exceptions in MSAL for Android.
active-directory Msal Logging Dotnet https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/msal-logging-dotnet.md
Title: Logging errors and exceptions in MSAL.NET- description: Learn how to log errors and exceptions in MSAL.NET
active-directory Msal Logging Ios https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/msal-logging-ios.md
Title: Logging errors and exceptions in MSAL for iOS/macOS- description: Learn how to log errors and exceptions in MSAL for iOS/macOS
active-directory Msal Logging Java https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/msal-logging-java.md
Title: Logging errors and exceptions in MSAL for Java- description: Learn how to log errors and exceptions in MSAL for Java
active-directory Msal Logging Js https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/msal-logging-js.md
Title: Logging errors and exceptions in MSAL.js- description: Learn how to log errors and exceptions in MSAL.js
active-directory Msal Logging Python https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/msal-logging-python.md
Title: Logging errors and exceptions in MSAL for Python- description: Learn how to log errors and exceptions in MSAL for Python
active-directory Msal Migration https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/msal-migration.md
Title: Migrate to the Microsoft Authentication Library (MSAL)- description: Learn about the differences between the Microsoft Authentication Library (MSAL) and Azure AD Authentication Library (ADAL) and how to migrate to MSAL.
active-directory Msal National Cloud https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/msal-national-cloud.md
Title: Use MSAL in a national cloud app | Azure-
+ Title: Use MSAL in a national cloud app
description: The Microsoft Authentication Library (MSAL) enables application developers to acquire tokens in order to call secured web APIs. These web APIs can be Microsoft Graph, other Microsoft APIs, partner web APIs, or your own web API. MSAL supports multiple application architectures and platforms.
active-directory Msal Net Aad B2c Considerations https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/msal-net-aad-b2c-considerations.md
Title: Azure AD B2C and MSAL.NET- description: Considerations when using Azure AD B2C with the Microsoft Authentication Library for .NET (MSAL.NET).
active-directory Msal Net Acquire Token Silently https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/msal-net-acquire-token-silently.md
Title: Acquire a token from the cache (MSAL.NET) - description: Learn how to acquire an access token silently (from the token cache) using the Microsoft Authentication Library for .NET (MSAL.NET).
active-directory Msal Net Adfs Support https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/msal-net-adfs-support.md
Title: AD FS support in MSAL.NET | Azure-
+ Title: AD FS support in MSAL.NET
description: Learn about Active Directory Federation Services (AD FS) support in the Microsoft Authentication Library for .NET (MSAL.NET).
active-directory Msal Net Clear Token Cache https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/msal-net-clear-token-cache.md
Title: Clear the token cache (MSAL.NET) | Azure-
+ Title: Clear the token cache (MSAL.NET)
description: Learn how to clear the token cache using the Microsoft Authentication Library for .NET (MSAL.NET).
active-directory Msal Net Client Assertions https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/msal-net-client-assertions.md
Title: Client assertions (MSAL.NET) | Azure-
+ Title: Client assertions (MSAL.NET)
description: Learn about signed client assertions support for confidential client applications in the Microsoft Authentication Library for .NET (MSAL.NET).
active-directory Msal Net Differences Adal Net https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/msal-net-differences-adal-net.md
Title: Differences between ADAL.NET and MSAL.NET apps | Azure-
+ Title: Differences between ADAL.NET and MSAL.NET apps
description: Learn about the differences between the Microsoft Authentication Library for .NET (MSAL.NET) and Azure AD Authentication Library for .NET (ADAL.NET).
active-directory Msal Net Initializing Client Applications https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/msal-net-initializing-client-applications.md
Title: Initialize MSAL.NET client applications | Azure-
+ Title: Initialize MSAL.NET client applications
description: Learn about initializing public client and confidential client applications using the Microsoft Authentication Library for .NET (MSAL.NET).
active-directory Msal Net Instantiate Confidential Client Config Options https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/msal-net-instantiate-confidential-client-config-options.md
Title: Instantiate a confidential client app (MSAL.NET) | Azure-
+ Title: Instantiate a confidential client app (MSAL.NET)
description: Learn how to instantiate a confidential client application with configuration options using the Microsoft Authentication Library for .NET (MSAL.NET).
active-directory Msal Net Instantiate Public Client Config Options https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/msal-net-instantiate-public-client-config-options.md
Title: Instantiate a public client app (MSAL.NET) | Azure-
+ Title: Instantiate a public client app (MSAL.NET)
description: Learn how to instantiate a public client application with configuration options using the Microsoft Authentication Library for .NET (MSAL.NET).
active-directory Msal Net Migration Android Broker https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/msal-net-migration-android-broker.md
Title: Migrate Xamarin Android apps using brokers to MSAL.NET- description: Learn how to migrate Xamarin Android apps that use the Microsoft Authenticator or Intune Company Portal from ADAL.NET to MSAL.NET.
active-directory Msal Net Migration Confidential Client https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/msal-net-migration-confidential-client.md
Title: Migrate confidential client applications to MSAL.NET- description: Learn how to migrate a confidential client application from Azure Active Directory Authentication Library for .NET to Microsoft Authentication Library for .NET.
active-directory Msal Net Migration Ios Broker https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/msal-net-migration-ios-broker.md
Title: Migrate Xamarin apps using brokers to MSAL.NET- description: Learn how to migrate Xamarin iOS apps that use Microsoft Authenticator from ADAL.NET to MSAL.NET.
active-directory Msal Net Migration Public Client https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/msal-net-migration-public-client.md
Title: Migrate public client applications to MSAL.NET- description: Learn how to migrate a public client application from Azure Active Directory Authentication Library for .NET to Microsoft Authentication Library for .NET.
active-directory Msal Net Migration https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/msal-net-migration.md
Title: Migrating to MSAL.NET and Microsoft.Identity.Web- description: Learn why and how to migrate from Azure AD Authentication Library for .NET (ADAL.NET) to Microsoft Authentication Library for .NET (MSAL.NET) or Microsoft.Identity.Web
active-directory Msal Net Provide Httpclient https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/msal-net-provide-httpclient.md
Title: Provide an HttpClient & proxy (MSAL.NET) | Azure-
+ Title: Provide an HttpClient & proxy (MSAL.NET)
description: Learn about providing your own HttpClient and proxy to connect to Azure AD using the Microsoft Authentication Library for .NET (MSAL.NET).
active-directory Msal Net System Browser Android Considerations https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/msal-net-system-browser-android-considerations.md
Title: Xamarin Android system browser considerations (MSAL.NET) | Azure-
+ Title: Xamarin Android system browser considerations (MSAL.NET)
description: Learn about considerations for using system browsers on Xamarin Android with the Microsoft Authentication Library for .NET (MSAL.NET).
active-directory Msal Net Token Cache Serialization https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/msal-net-token-cache-serialization.md
Title: Token cache serialization (MSAL.NET) | Azure-
+ Title: Token cache serialization (MSAL.NET)
description: Learn about serialization and custom serialization of the token cache using the Microsoft Authentication Library for .NET (MSAL.NET).
active-directory Msal Net Use Brokers With Xamarin Apps https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/msal-net-use-brokers-with-xamarin-apps.md
Title: Use brokers with Xamarin iOS & Android | Azure-
+ Title: Use brokers with Xamarin iOS & Android
description: Learn how to setup Xamarin iOS applications that can use the Microsoft Authenticator and the Microsoft Authentication Library for .NET (MSAL.NET). Also learn how to migrate from Azure AD Authentication Library for .NET (ADAL.NET) to the Microsoft Authentication Library for .NET (MSAL.NET).
active-directory Msal Net User Gets Consent For Multiple Resources https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/msal-net-user-gets-consent-for-multiple-resources.md
Title: Get consent for several resources (MSAL.NET) | Azure-
+ Title: Get consent for several resources (MSAL.NET)
description: Learn how a user can get pre-consent for several resources using the Microsoft Authentication Library for .NET (MSAL.NET).
active-directory Msal Net Uwp Considerations https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/msal-net-uwp-considerations.md
Title: UWP considerations (MSAL.NET) | Azure-
+ Title: UWP considerations (MSAL.NET)
description: Learn about considerations for using Universal Windows Platform (UWP) with the Microsoft Authentication Library for .NET (MSAL.NET).
active-directory Msal Net Web Browsers https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/msal-net-web-browsers.md
Title: Using web browsers (MSAL.NET) | Azure-
+ Title: Using web browsers (MSAL.NET)
description: Learn about specific considerations when using Xamarin Android with the Microsoft Authentication Library for .NET (MSAL.NET).
active-directory Msal Net Xamarin Android Considerations https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/msal-net-xamarin-android-considerations.md
Title: Xamarin Android code configuration and troubleshooting (MSAL.NET) | Azure-
+ Title: Xamarin Android code configuration and troubleshooting (MSAL.NET)
description: Learn about considerations for using Xamarin Android with the Microsoft Authentication Library for .NET (MSAL.NET).
active-directory Msal Net Xamarin Ios Considerations https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/msal-net-xamarin-ios-considerations.md
Title: Xamarin iOS considerations (MSAL.NET) | Azure-
+ Title: Xamarin iOS considerations (MSAL.NET)
description: Learn about considerations for using Xamarin iOS with the Microsoft Authentication Library for .NET (MSAL.NET).
active-directory Msal Node Extensions https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/msal-node-extensions.md
Title: "Learn about Microsoft Authentication Extensions for Node | Azure"-
+ Title: "Learn about Microsoft Authentication Extensions for Node"
description: The Microsoft Authentication Extensions for Node enables application developers to perform cross-platform token cache serialization and persistence. It gives extra support to the Microsoft Authentication Library for Node (MSAL Node).
active-directory Msal Node Migration https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/msal-node-migration.md
Title: "Migrate your Node.js application from ADAL to MSAL | Azure"-
+ Title: "Migrate your Node.js application from ADAL to MSAL"
description: How to update your existing Node.js application to use the Microsoft Authentication Library (MSAL) for authentication and authorization instead of the Active Directory Authentication Library (ADAL).
active-directory Msal Overview https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/msal-overview.md
Title: Learn about MSAL | Azure-
+ Title: Learn about MSAL
description: The Microsoft Authentication Library (MSAL) enables application developers to acquire tokens in order to call secured web APIs. These web APIs can be the Microsoft Graph, other Microsoft APIs, third-party web APIs, or your own web API. MSAL supports multiple application architectures and platforms.
active-directory Msal Python Adfs Support https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/msal-python-adfs-support.md
Title: Azure AD FS support (MSAL Python)- description: Learn about Active Directory Federation Services (AD FS) support in the Microsoft Authentication Library for Python
active-directory Msal Python Token Cache Serialization https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/msal-python-token-cache-serialization.md
Title: Custom token cache serialization (MSAL Python) | Azure-
+ Title: Custom token cache serialization (MSAL Python)
description: Learn how to serializing the token cache for MSAL for Python
active-directory Msal Shared Devices https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/msal-shared-devices.md
Title: Shared device mode overview- description: Learn about shared device mode to enable device sharing for your frontline workers.
active-directory Msal V1 App Scopes https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/msal-v1-app-scopes.md
Title: Scopes for v1.0 apps (MSAL) | Azure
+ Title: Scopes for v1.0 apps (MSAL)
description: Learn about the scopes for a v1.0 application using the Microsoft Authentication Library (MSAL).
active-directory Multi Service Web App Access Microsoft Graph As User https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/multi-service-web-app-access-microsoft-graph-as-user.md
Title: Tutorial - Web app accesses Microsoft Graph as the user | Azure
+ Title: Tutorial - Web app accesses Microsoft Graph as the user
description: In this tutorial, you learn how to access data in Microsoft Graph from a web app for a signed-in user.
active-directory Multi Service Web App Access Storage https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/multi-service-web-app-access-storage.md
Title: Tutorial - Web app accesses storage by using managed identities | Azure
+ Title: Tutorial - Web app accesses storage by using managed identities
description: In this tutorial, you learn how to access Azure Storage for an app by using managed identities.
active-directory Multi Service Web App Authentication App Service https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/multi-service-web-app-authentication-app-service.md
Title: Tutorial - Add authentication to a web app on Azure App Service | Azure
+ Title: Tutorial - Add authentication to a web app on Azure App Service
description: In this tutorial, you learn how to enable authentication and authorization for a web app running on Azure App Service. Limit access to the web app to users in your organizationΓÇï.
active-directory Multi Service Web App Clean Up Resources https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/multi-service-web-app-clean-up-resources.md
Title: Tutorial - Clean up resources | Azure
+ Title: Tutorial - Clean up resources
description: In this tutorial, you learn how to clean up the Azure resources allocated while creating the web app.
active-directory Multi Service Web App Overview https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/multi-service-web-app-overview.md
Title: Tutorial - Build a secure web app on Azure App Service | Azure
+ Title: Tutorial - Build a secure web app on Azure App Service
description: In this tutorial, you learn how to build a web app by using Azure App Service, sign in users to the web app, call Azure Storage, and call Microsoft Graph.
active-directory Publisher Verification Overview https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/publisher-verification-overview.md
Title: Publisher verification overview - Microsoft identity platform | Azure
+ Title: Publisher verification overview
description: Provides an overview of the publisher verification program for the Microsoft identity platform. Lists the benefits, program requirements, and frequently asked questions. When an application is marked as publisher verified, it means that the publisher has verified their identity using a Microsoft Partner Network account that has completed the verification process and has associated this MPN account with their application registration.
active-directory Quickstart Configure App Access Web Apis https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/quickstart-configure-app-access-web-apis.md
Title: "Quickstart: Configure an app to access a web API | Azure"-
+ Title: "Quickstart: Configure an app to access a web API"
description: In this quickstart, you configure an app registration representing a web API in the Microsoft identity platform to enable scoped resource access (permissions) to client applications.
active-directory Quickstart Configure App Expose Web Apis https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/quickstart-configure-app-expose-web-apis.md
Title: "Quickstart: Register and expose a web API | Azure"-
+ Title: "Quickstart: Register and expose a web API"
description: In this quickstart, your register a web API with the Microsoft identity platform and configure its scopes, exposing it to clients for permissions-based access to the API's resources.
active-directory Quickstart Create New Tenant https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/quickstart-create-new-tenant.md
Title: "Quickstart: Create an Azure Active Directory tenant"- description: In this quickstart, you learn how to create an Azure Active Directory tenant for use in developing applications that use the Microsoft identity platform for authentication and authorization.
active-directory Quickstart Register App https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/quickstart-register-app.md
Title: "Quickstart: Register an app in the Microsoft identity platform | Azure"
+ Title: "Quickstart: Register an app in the Microsoft identity platform"
description: In this quickstart, you learn how to register an application with the Microsoft identity platform.
active-directory Quickstart V2 Android https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/quickstart-v2-android.md
Title: "Quickstart: Add sign in with Microsoft to an Android app | Azure"-
+ Title: "Quickstart: Add sign in with Microsoft to an Android app"
description: In this quickstart, learn how Android applications can call an API that requires access tokens issued by the Microsoft identity platform.
active-directory Quickstart V2 Aspnet Core Web Api https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/quickstart-v2-aspnet-core-web-api.md
Title: "Quickstart: Protect an ASP.NET Core web API with the Microsoft identity platform | Azure"-
+ Title: "Quickstart: Protect an ASP.NET Core web API with the Microsoft identity platform"
description: In this quickstart, you download and modify a code sample that demonstrates how to protect an ASP.NET Core web API by using the Microsoft identity platform for authorization.
active-directory Quickstart V2 Aspnet Core Webapp Calls Graph https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/quickstart-v2-aspnet-core-webapp-calls-graph.md
Title: "Quickstart: ASP.NET Core web app that signs in users and calls Microsoft Graph | Azure"-
+ Title: "Quickstart: ASP.NET Core web app that signs in users and calls Microsoft Graph"
description: In this quickstart, you learn how an app uses Microsoft.Identity.Web to implement Microsoft sign-in in an ASP.NET Core web app using OpenID Connect and calls Microsoft Graph.
active-directory Quickstart V2 Aspnet Core Webapp https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/quickstart-v2-aspnet-core-webapp.md
Title: "Quickstart: Add sign-in with Microsoft Identity to an ASP.NET Core web app | Azure"-
+ Title: "Quickstart: Add sign-in with Microsoft Identity to an ASP.NET Core web app"
description: In this quickstart, you learn how an app implements Microsoft sign-in on an ASP.NET Core web app by using OpenID Connect
active-directory Quickstart V2 Aspnet Webapp https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/quickstart-v2-aspnet-webapp.md
Title: "Quickstart: ASP.NET web app that signs in users"- description: Download and run a code sample that shows how an ASP.NET web app can sign in Azure AD users.
active-directory Quickstart V2 Dotnet Native Aspnet https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/quickstart-v2-dotnet-native-aspnet.md
Title: "Quickstart: Call an ASP.NET web API that is protected by the Microsoft identity platform | Azure"-
+ Title: "Quickstart: Call an ASP.NET web API that is protected by the Microsoft identity platform"
description: In this quickstart, learn how to call an ASP.NET web API that's protected by the Microsoft identity platform from a Windows Desktop (WPF) application.
active-directory Quickstart V2 Ios https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/quickstart-v2-ios.md
Title: "Quickstart: Add sign in with Microsoft to an iOS or macOS app | Azure"-
+ Title: "Quickstart: Add sign in with Microsoft to an iOS or macOS app"
description: In this quickstart, learn how an iOS or macOS app can sign in users, get an access token from the Microsoft identity platform, and call the Microsoft Graph API.
active-directory Quickstart V2 Java Daemon https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/quickstart-v2-java-daemon.md
Title: "Quickstart: Call Microsoft Graph from a Java daemon | Azure"-
+ Title: "Quickstart: Call Microsoft Graph from a Java daemon"
description: In this quickstart, you learn how a Java app can get an access token and call an API protected by Microsoft identity platform endpoint, using the app's own identity
active-directory Quickstart V2 Java Webapp https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/quickstart-v2-java-webapp.md
Title: "Quickstart: Add sign-in with Microsoft to a Java web app | Azure"-
+ Title: "Quickstart: Add sign-in with Microsoft to a Java web app"
description: In this quickstart, you'll learn how to add sign-in with Microsoft to a Java web application by using OpenID Connect.
active-directory Quickstart V2 Javascript Auth Code Angular https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/quickstart-v2-javascript-auth-code-angular.md
Title: "Quickstart: Sign in users in JavaScript Angular single-page apps (SPA) with auth code and call Microsoft Graph | Azure"-
+ Title: "Quickstart: Sign in users in JavaScript Angular single-page apps (SPA) with auth code and call Microsoft Graph"
description: In this quickstart, learn how a JavaScript Angular single-page application (SPA) can sign in users of personal accounts, work accounts, and school accounts by using the authorization code flow and call Microsoft Graph.
active-directory Quickstart V2 Javascript Auth Code React https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/quickstart-v2-javascript-auth-code-react.md
Title: "Quickstart: Sign in users in JavaScript React single-page apps (SPA) with auth code and call Microsoft Graph | Azure"-
+ Title: "Quickstart: Sign in users in JavaScript React single-page apps (SPA) with auth code and call Microsoft Graph"
description: In this quickstart, learn how a JavaScript React single-page application (SPA) can sign in users of personal accounts, work accounts, and school accounts by using the authorization code flow and call Microsoft Graph.
active-directory Quickstart V2 Javascript Auth Code https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/quickstart-v2-javascript-auth-code.md
Title: "Quickstart: Sign in users in JavaScript single-page apps (SPA) with auth code | Azure"-
+ Title: "Quickstart: Sign in users in JavaScript single-page apps (SPA) with auth code"
description: In this quickstart, learn how a JavaScript single-page application (SPA) can sign in users of personal accounts, work accounts, and school accounts by using the authorization code flow.
active-directory Quickstart V2 Javascript https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/quickstart-v2-javascript.md
Title: "Quickstart: Sign in users in JavaScript single-page apps | Azure"-
+ Title: "Quickstart: Sign in users in JavaScript single-page apps"
description: In this quickstart, you learn how a JavaScript app can call an API that requires access tokens issued by the Microsoft identity platform.
active-directory Quickstart V2 Netcore Daemon https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/quickstart-v2-netcore-daemon.md
Title: "Quickstart: Get token & call Microsoft Graph in a console app | Azure"-
+ Title: "Quickstart: Get token & call Microsoft Graph in a console app"
description: In this quickstart, you learn how a .NET Core sample app can use the client credentials flow to get a token and call Microsoft Graph.
active-directory Quickstart V2 Nodejs Console https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/quickstart-v2-nodejs-console.md
Title: "Quickstart: Call Microsoft Graph from a Node.js console app | Azure"-
+ Title: "Quickstart: Call Microsoft Graph from a Node.js console app"
description: In this quickstart, you download and run a code sample that shows how a Node.js console application can get an access token and call an API protected by a Microsoft identity platform endpoint, using the app's own identity
active-directory Quickstart V2 Nodejs Desktop https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/quickstart-v2-nodejs-desktop.md
Title: "Quickstart: Call Microsoft Graph from a Node.js desktop app | Azure"-
+ Title: "Quickstart: Call Microsoft Graph from a Node.js desktop app"
description: In this quickstart, you learn how a Node.js Electron desktop application can sign-in users and get an access token to call an API protected by a Microsoft identity platform endpoint
active-directory Quickstart V2 Nodejs Webapp Msal https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/quickstart-v2-nodejs-webapp-msal.md
Title: "Quickstart: Add authentication to a Node.js web app with MSAL Node | Azure"-
+ Title: "Quickstart: Add authentication to a Node.js web app with MSAL Node"
description: In this quickstart, you learn how to implement authentication with a Node.js web app and the Microsoft Authentication Library (MSAL) for Node.js.
active-directory Quickstart V2 Nodejs Webapp https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/quickstart-v2-nodejs-webapp.md
Title: "Quickstart: Add user sign-in to a Node.js web app | Azure"-
+ Title: "Quickstart: Add user sign-in to a Node.js web app"
description: In this quickstart, you learn how to implement authentication in a Node.js web application using OpenID Connect.
active-directory Quickstart V2 Python Daemon https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/quickstart-v2-python-daemon.md
Title: "Quickstart: Call Microsoft Graph from a Python daemon | Azure"-
+ Title: "Quickstart: Call Microsoft Graph from a Python daemon"
description: In this quickstart, you learn how a Python process can get an access token and call an API protected by Microsoft identity platform, using the app's own identity
active-directory Quickstart V2 Python Webapp https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/quickstart-v2-python-webapp.md
Title: "Quickstart: Add sign-in with Microsoft to a Python web app | Azure"-
+ Title: "Quickstart: Add sign-in with Microsoft to a Python web app"
description: In this quickstart, learn how a Python web app can sign in users, get an access token from the Microsoft identity platform, and call the Microsoft Graph API.
active-directory Quickstart V2 Uwp https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/quickstart-v2-uwp.md
Title: "Quickstart: Sign in users and call Microsoft Graph in a Universal Windows Platform app | Azure"-
+ Title: "Quickstart: Sign in users and call Microsoft Graph in a Universal Windows Platform app"
description: In this quickstart, learn how a Universal Windows Platform (UWP) application can get an access token and call an API protected by Microsoft identity platform.
active-directory Quickstart V2 Windows Desktop https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/quickstart-v2-windows-desktop.md
Title: "Quickstart: Sign in users and call Microsoft Graph in a Windows desktop app | Azure"
+ Title: "Quickstart: Sign in users and call Microsoft Graph in a Windows desktop app"
description: In this quickstart, learn how a Windows Presentation Foundation (WPF) application can get an access token and call an API protected by the Microsoft identity platform.
active-directory Redirect Uris Ios https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/redirect-uris-ios.md
Title: Use redirect URIs with MSAL (iOS/macOS) | Azure-
+ Title: Use redirect URIs with MSAL (iOS/macOS)
description: Learn about the differences between the Microsoft Authentication Library for ObjectiveC (MSAL for iOS and macOS) and Azure AD Authentication Library for ObjectiveC (ADAL.ObjC) and how to migrate between them.
active-directory Reference App Manifest https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/reference-app-manifest.md
Title: Understanding the Azure Active Directory app manifest- description: Detailed coverage of the Azure Active Directory app manifest, which represents an application's identity configuration in an Azure AD tenant, and is used to facilitate OAuth authorization, consent experience, and more.
active-directory Reference Claims Mapping Policy Type https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/reference-claims-mapping-policy-type.md
Title: Claims mapping policy- description: Learn about the claims mapping policy type, which is used to modify the claims emitted in tokens issued for specific applications.
active-directory Reference Saml Tokens https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/reference-saml-tokens.md
Title: SAML 2.0 token claims reference | Azure-
+ Title: SAML 2.0 token claims reference
description: Claims reference with details on the claims included in SAML 2.0 tokens issued by the Microsoft identity platform, including their JWT equivalents.
active-directory Reference Third Party Cookies Spas https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/reference-third-party-cookies-spas.md
Title: How to handle Intelligent Tracking Protection (ITP) in Safari | Azure-
+ Title: How to handle Intelligent Tracking Protection (ITP) in Safari
description: Single-page app (SPA) authentication when third-party cookies are no longer allowed.
active-directory Reference V2 Libraries https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/reference-v2-libraries.md
Title: Microsoft identity platform authentication libraries | Azure
+ Title: Microsoft identity platform authentication libraries
description: List of client libraries and middleware compatible with the Microsoft identity platform. Use these libraries to add support for user sign-in (authentication) and protected web API access (authorization) to your applications.
active-directory Refresh Tokens https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/refresh-tokens.md
Title: Microsoft identity platform refresh tokens | Azure-
+ Title: Microsoft identity platform refresh tokens
description: Learn about refresh tokens emitted by the Azure AD.
active-directory Registration Config How To https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/registration-config-how-to.md
Title: Get the endpoints for an Azure AD app registration- description: How to find the authentication endpoints for a custom application you're developing or registering with Azure AD.
active-directory Reply Url https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/reply-url.md
Title: Redirect URI (reply URL) restrictions | Azure AD- description: A description of the restrictions and limitations on redirect URI (reply URL) format enforced by the Microsoft identity platform.
active-directory Request Custom Claims https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/request-custom-claims.md
Title: Request custom claims (MSAL iOS/macOS) | Azure - description: Learn how to request custom claims.
active-directory Scenario Daemon App Configuration https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/scenario-daemon-app-configuration.md
Title: Configure daemon apps that call web APIs - Microsoft identity platform | Azure
+ Title: Configure daemon apps that call web APIs
description: Learn how to configure the code for your daemon application that calls web APIs (app configuration)
active-directory Scenario Daemon App Registration https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/scenario-daemon-app-registration.md
Title: Register daemon apps that call web APIs - Microsoft identity platform | Azure
+ Title: Register daemon apps that call web APIs
description: Learn how to build a daemon app that calls web APIs - app registration
active-directory Scenario Daemon Call Api https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/scenario-daemon-call-api.md
Title: Call a web API from a daemon app | Azure
+ Title: Call a web API from a daemon app
description: Learn how to build a daemon app that calls a web API.
active-directory Scenario Daemon Overview https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/scenario-daemon-overview.md
Title: Build a daemon app that calls web APIs | Azure-
+ Title: Build a daemon app that calls web APIs
description: Learn how to build a daemon app that calls web APIs
active-directory Scenario Daemon Production https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/scenario-daemon-production.md
Title: Move a daemon app that calls web APIs to production | Azure
+ Title: Move a daemon app that calls web APIs to production
description: Learn how to move a daemon app that calls web APIs to production
active-directory Scenario Desktop Acquire Token Device Code Flow https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/scenario-desktop-acquire-token-device-code-flow.md
Title: Acquire a token to call a web API using device code flow (desktop app) | Azure-
+ Title: Acquire a token to call a web API using device code flow (desktop app)
description: Learn how to build a desktop app that calls web APIs to acquire a token for the app using device code flow
active-directory Scenario Desktop Acquire Token Integrated Windows Authentication https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/scenario-desktop-acquire-token-integrated-windows-authentication.md
Title: Acquire a token to call a web API using integrated Windows authentication (desktop app) | Azure-
+ Title: Acquire a token to call a web API using integrated Windows authentication (desktop app)
description: Learn how to build a desktop app that calls web APIs to acquire a token for the app using integrated Windows authentication
active-directory Scenario Desktop Acquire Token Interactive https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/scenario-desktop-acquire-token-interactive.md
Title: Acquire a token to call a web API interactively (desktop app) | Azure-
+ Title: Acquire a token to call a web API interactively (desktop app)
description: Learn how to build a desktop app that calls web APIs to acquire a token for the app interactively
active-directory Scenario Desktop Acquire Token Username Password https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/scenario-desktop-acquire-token-username-password.md
Title: Acquire a token to call a web API using username and password (desktop app) | Azure-
+ Title: Acquire a token to call a web API using username and password (desktop app)
description: Learn how to build a desktop app that calls web APIs to acquire a token for the app using username and password.
active-directory Scenario Desktop Acquire Token Wam https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/scenario-desktop-acquire-token-wam.md
Title: Acquire a token to call a web API using web account manager (desktop app) | Azure-
+ Title: Acquire a token to call a web API using web account manager (desktop app)
description: Learn how to build a desktop app that calls web APIs to acquire a token for the app using web account manager
active-directory Scenario Desktop Acquire Token https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/scenario-desktop-acquire-token.md
Title: Acquire a token to call a web API (desktop app) | Azure-
+ Title: Acquire a token to call a web API (desktop app)
description: Learn how to build a desktop app that calls web APIs to acquire a token for the app
active-directory Scenario Desktop App Configuration https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/scenario-desktop-app-configuration.md
Title: Configure desktop apps that call web APIs | Azure
+ Title: Configure desktop apps that call web APIs
description: Learn how to configure the code of a desktop app that calls web APIs
active-directory Scenario Desktop App Registration https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/scenario-desktop-app-registration.md
Title: Register desktop apps that call web APIs | Azure
+ Title: Register desktop apps that call web APIs
description: Learn how to build a desktop app that calls web APIs (app registration)
active-directory Scenario Desktop Call Api https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/scenario-desktop-call-api.md
Title: Call web APIs from a desktop app | Azure
+ Title: Call web APIs from a desktop app
description: Learn how to build a desktop app that calls web APIs
active-directory Scenario Desktop Overview https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/scenario-desktop-overview.md
Title: Build a desktop app that calls web APIs | Azure-
+ Title: Build a desktop app that calls web APIs
description: Learn how to build a desktop app that calls web APIs (overview)
active-directory Scenario Desktop Production https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/scenario-desktop-production.md
Title: Move desktop app calling web APIs to production | Azure
+ Title: Move desktop app calling web APIs to production
description: Learn how to move a desktop app that calls web APIs to production
active-directory Scenario Mobile Acquire Token https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/scenario-mobile-acquire-token.md
Title: Acquire a token to call a web API (mobile apps) | Azure-
+ Title: Acquire a token to call a web API (mobile apps)
description: Learn how to build a mobile app that calls web APIs. (Get a token for the app.)
active-directory Scenario Mobile App Configuration https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/scenario-mobile-app-configuration.md
Title: Configure mobile apps that call web APIs | Azure-
+ Title: Configure mobile apps that call web APIs
description: Learn how to configure your mobile app's code to call a web API
active-directory Scenario Mobile App Registration https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/scenario-mobile-app-registration.md
Title: Register mobile apps that call web APIs | Azure-
+ Title: Register mobile apps that call web APIs
description: Learn how to build a mobile app that calls web APIs (app's registration)
active-directory Scenario Mobile Call Api https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/scenario-mobile-call-api.md
Title: Call a web API from a mobile app | Azure-
+ Title: Call a web API from a mobile app
description: Learn how to build a mobile app that calls web APIs. (Call a web API.)
active-directory Scenario Mobile Overview https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/scenario-mobile-overview.md
Title: Build a mobile app that calls web APIs | Azure-
+ Title: Build a mobile app that calls web APIs
description: Learn how to build a mobile app that calls web APIs (overview)
active-directory Scenario Mobile Production https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/scenario-mobile-production.md
Title: Prepare mobile app-calling web APIs for production | Azure-
+ Title: Prepare mobile app-calling web APIs for production
description: Learn how to build a mobile app that calls web APIs. (Prepare apps for production.)
active-directory Scenario Protected Web Api App Registration https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/scenario-protected-web-api-app-registration.md
Title: Protected web API app registration | Azure-
+ Title: Protected web API app registration
description: Learn how to build a protected web API and the information you need to register the app.
active-directory Scenario Protected Web Api Overview https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/scenario-protected-web-api-overview.md
Title: Protected web API - overview- description: Learn how to build a protected web API (overview).
active-directory Scenario Protected Web Api Production https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/scenario-protected-web-api-production.md
Title: Move a protected web API to production | Azure-
+ Title: Move a protected web API to production
description: Learn how to build a protected web API (move to production).
active-directory Scenario Spa Acquire Token https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/scenario-spa-acquire-token.md
Title: Acquire a token to call a web API (single-page apps) | Azure-
+ Title: Acquire a token to call a web API (single-page apps)
description: Learn how to build a single-page application (acquire a token to call an API)
active-directory Scenario Spa App Configuration https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/scenario-spa-app-configuration.md
Title: Configure single-page app | Azure-
+ Title: Configure single-page app
description: Learn how to build a single-page application (app's code configuration)
active-directory Scenario Spa App Registration https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/scenario-spa-app-registration.md
Title: Register single-page applications (SPA) | Azure-
+ Title: Register single-page applications (SPA)
description: Learn how to build a single-page application (app registration)
active-directory Scenario Spa Call Api https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/scenario-spa-call-api.md
Title: Build single-page app calling a web API- description: Learn how to build a single-page application that calls a web API
active-directory Scenario Spa Overview https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/scenario-spa-overview.md
Title: JavaScript single-page app scenario- description: Learn how to build a single-page application (scenario overview) by using the Microsoft identity platform.
active-directory Scenario Spa Production https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/scenario-spa-production.md
Title: Move single-page app to production- description: Learn how to build a single-page application (move to production)
active-directory Scenario Spa Sign In https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/scenario-spa-sign-in.md
Title: Single-page app sign-in & sign-out- description: Learn how to build a single-page application (sign-in)
active-directory Scenario Web Api Call Api Acquire Token https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/scenario-web-api-call-api-acquire-token.md
Title: Get a token for a web API that calls web APIs | Azure-
+ Title: Get a token for a web API that calls web APIs
description: Learn how to build a web API that calls web APIs that require acquiring a token for the app.
active-directory Scenario Web Api Call Api App Configuration https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/scenario-web-api-call-api-app-configuration.md
Title: Configure a web API that calls web APIs | Azure-
+ Title: Configure a web API that calls web APIs
description: Learn how to build a web API that calls web APIs (app's code configuration)
active-directory Scenario Web Api Call Api App Registration https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/scenario-web-api-call-api-app-registration.md
Title: Register a web API that calls web APIs | Azure-
+ Title: Register a web API that calls web APIs
description: Learn how to build a web API that calls downstream web APIs (app registration).
active-directory Scenario Web Api Call Api Call Api https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/scenario-web-api-call-api-call-api.md
Title: Web API that calls web APIs | Azure-
+ Title: Web API that calls web APIs
description: Learn how to build a web API that calls web APIs.
active-directory Scenario Web Api Call Api Overview https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/scenario-web-api-call-api-overview.md
Title: Build a web API that calls web APIs | Azure-
+ Title: Build a web API that calls web APIs
description: Learn how to build a web API that calls downstream web APIs (overview).
active-directory Scenario Web Api Call Api Production https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/scenario-web-api-call-api-production.md
Title: Move web API calling web APIs to production | Azure-
+ Title: Move web API calling web APIs to production
description: Learn how to move a web API that calls web APIs to production.
active-directory Scenario Web App Call Api Acquire Token https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/scenario-web-app-call-api-acquire-token.md
Title: Get a token in a web app that calls web APIs | Azure-
+ Title: Get a token in a web app that calls web APIs
description: Learn how to acquire a token for a web app that calls web APIs
active-directory Scenario Web App Call Api App Configuration https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/scenario-web-app-call-api-app-configuration.md
Title: Configure a web app that calls web APIs | Azure-
+ Title: Configure a web app that calls web APIs
description: Learn how to configure the code of a web app that calls web APIs
active-directory Scenario Web App Call Api App Registration https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/scenario-web-app-call-api-app-registration.md
Title: Register a web app that calls web APIs | Azure-
+ Title: Register a web app that calls web APIs
description: Learn how to register a web app that calls web APIs
active-directory Scenario Web App Call Api Call Api https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/scenario-web-app-call-api-call-api.md
Title: Call a web api from a web app | Azure-
+ Title: Call a web api from a web app
description: Learn how to build a web app that calls web APIs (calling a protected web API)
active-directory Scenario Web App Call Api Overview https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/scenario-web-app-call-api-overview.md
Title: Build a web app that authenticates users and calls web APIs | Azure-
+ Title: Build a web app that authenticates users and calls web APIs
description: Learn how to build a web app that authenticates users and calls web APIs (overview)
active-directory Scenario Web App Call Api Production https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/scenario-web-app-call-api-production.md
Title: Move to production a web app that calls web APIs | Azure-
+ Title: Move to production a web app that calls web APIs
description: Learn how to move to production a web app that calls web APIs.
active-directory Scenario Web App Call Api Sign In https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/scenario-web-app-call-api-sign-in.md
Title: Remove accounts from the token cache on sign-out | Azure-
+ Title: Remove accounts from the token cache on sign-out
description: Learn how to remove an account from the token cache on sign-out
active-directory Scenario Web App Sign User App Configuration https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/scenario-web-app-sign-user-app-configuration.md
Title: Configure a web app that signs in users | Azure-
+ Title: Configure a web app that signs in users
description: Learn how to build a web app that signs in users (code configuration)
active-directory Scenario Web App Sign User App Registration https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/scenario-web-app-sign-user-app-registration.md
Title: Register a web app that signs in users | Azure-
+ Title: Register a web app that signs in users
description: Learn how to register a web app that signs in users
active-directory Scenario Web App Sign User Overview https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/scenario-web-app-sign-user-overview.md
Title: Sign in users from a Web app | Azure-
+ Title: Sign in users from a Web app
description: Learn how to build a web app that signs in users (overview)
active-directory Scenario Web App Sign User Production https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/scenario-web-app-sign-user-production.md
Title: Move web app that signs in users to production | Azure-
+ Title: Move web app that signs in users to production
description: Learn how to build a web app that signs in users (move to production)
active-directory Scenario Web App Sign User Sign In https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/scenario-web-app-sign-user-sign-in.md
Title: Write a web app that signs in/out users | Azure-
+ Title: Write a web app that signs in/out users
description: Learn how to build a web app that signs in/out users
active-directory Secure Group Access Control https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/secure-group-access-control.md
Title: Secure access control using groups in Azure AD - Microsoft identity platform
+ Title: Secure access control using groups in Azure AD
description: Learn about how groups are used to securely control access to resources in Azure AD.
active-directory Secure Least Privileged Access https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/secure-least-privileged-access.md
Title: "Increase app security with the principle of least privilege"- description: Learn how the principle of least privilege can help increase the security of your application, its data, and which features of the Microsoft identity platform you can use to implement least privileged access.
active-directory Security Best Practices For App Registration https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/security-best-practices-for-app-registration.md
Title: Best practices for Azure AD application registration configuration - Microsoft identity platform
+ Title: Best practices for Azure AD application registration configuration
description: Learn about a set of best practices and general guidance on Azure AD application registration configuration.
active-directory Security Tokens https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/security-tokens.md
Title: Security tokens | Azure-
+ Title: Security tokens
description: Learn about the basics of security tokens in the Microsoft identity platform.
active-directory Single And Multi Tenant Apps https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/single-and-multi-tenant-apps.md
Title: Single and multi-tenant apps in Azure AD- description: Learn about the features and differences between single-tenant and multi-tenant apps in Azure AD.
active-directory Single Multi Account https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/single-multi-account.md
Title: Single and multiple account public client apps | Azure
+ Title: Single and multiple account public client apps
description: An overview of single and multiple account public client apps.
active-directory Single Page App Quickstart https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/single-page-app-quickstart.md
Title: "Quickstart: Sign in users in single-page apps (SPA) with auth code | Azure"-
+ Title: "Quickstart: Sign in users in single-page apps (SPA) with auth code"
description: In this quickstart, learn how a JavaScript single-page application (SPA) can sign in users of personal accounts, work accounts, and school accounts by using the authorization code flow.
active-directory Single Sign On Macos Ios https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/single-sign-on-macos-ios.md
Title: Configure SSO on macOS and iOS - description: Learn how to configure single sign on (SSO) on macOS and iOS.
active-directory Single Sign On Saml Protocol https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/single-sign-on-saml-protocol.md
Title: Azure Single Sign On SAML Protocol- description: This article describes the Single Sign-On (SSO) SAML protocol in Azure Active Directory documentationcenter: .net
active-directory Ssl Issues https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/ssl-issues.md
Title: Troubleshoot TLS/SSL issues (MSAL iOS/macOS) | Azure-
+ Title: Troubleshoot TLS/SSL issues (MSAL iOS/macOS)
description: Learn what to do about various problems using TLS/SSL certificates with the MSAL.Objective-C library.
active-directory Sso Between Adal Msal Apps Macos Ios https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/sso-between-adal-msal-apps-macos-ios.md
Title: SSO between ADAL & MSAL apps (iOS/macOS) | Azure-
+ Title: SSO between ADAL & MSAL apps (iOS/macOS)
description: Learn how to share SSO between ADAL and MSAL apps
active-directory Support Fido2 Authentication https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/support-fido2-authentication.md
Title: Support passwordless authentication with FIDO2 keys in apps you develop | Azure-
+ Title: Support passwordless authentication with FIDO2 keys in apps you develop
description: This deployment guide explains how to support passwordless authentication with FIDO2 security keys in the applications you develop
active-directory Supported Accounts Validation https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/supported-accounts-validation.md
# required metadata Title: Validation differences by supported account types | Azure-
+ Title: Validation differences by supported account types
description: Learn about the validation differences of various properties for different supported account types when registering your app with the Microsoft identity platform.
active-directory Test Automate Integration Testing https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/test-automate-integration-testing.md
Title: Run automated integration tests- description: Learn how to run automated integration tests as a user against APIs protected by the Microsoft identity platform. Use the Resource Owner Password Credential Grant (ROPC) auth flow to sign in as a user instead of automating the interactive sign-in prompt UI.
active-directory Test Setup Environment https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/test-setup-environment.md
Title: Set up a test environment for your app- description: Learn how to set up an Azure Active Directory test environment so you can test your application integrated with Microsoft identity platform. Evaluate whether you need a separate tenant for testing or if you can use your production tenant.
active-directory Test Throttle Service Limits https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/test-throttle-service-limits.md
Title: Test environments, throttling, and service limits- description: Learn about the throttling and service limits to consider while deploying an Azure Active Directory test environment and testing an app integrated with the Microsoft identity platform.
active-directory Troubleshoot Publisher Verification https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/troubleshoot-publisher-verification.md
Title: Troubleshoot publisher verification | Azure-
+ Title: Troubleshoot publisher verification
description: Describes how to troubleshoot publisher verification for the Microsoft identity platform by calling Microsoft Graph APIs.
active-directory Tutorial Blazor Server https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/tutorial-blazor-server.md
Title: Tutorial - Create a Blazor Server app that uses the Microsoft identity platform for authentication | Azure-
+ Title: Tutorial - Create a Blazor Server app that uses the Microsoft identity platform for authentication
description: In this tutorial, you set up authentication using the Microsoft identity platform in a Blazor Server app.
active-directory Tutorial Blazor Webassembly https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/tutorial-blazor-webassembly.md
Title: Tutorial - Sign in users and call a protected API from a Blazor WebAssembly app - description: In this tutorial, sign in users and call a protected API using the Microsoft identity platform in a Blazor WebAssembly (WASM) app.
active-directory Tutorial V2 Android https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/tutorial-v2-android.md
Title: "Tutorial: Create an Android app that uses the Microsoft identity platform for authentication | Azure"-
+ Title: "Tutorial: Create an Android app that uses the Microsoft identity platform for authentication"
description: In this tutorial, you build an Android app that uses the Microsoft identity platform to sign in users and get an access token to call the Microsoft Graph API on their behalf.
active-directory Tutorial V2 Angular Auth Code https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/tutorial-v2-angular-auth-code.md
Title: "Tutorial: Create an Angular app that uses the Microsoft identity platform for authentication using auth code flow | Azure"-
+ Title: "Tutorial: Create an Angular app that uses the Microsoft identity platform for authentication using auth code flow"
description: In this tutorial, you build an Angular single-page app (SPA) using auth code flow that uses the Microsoft identity platform to sign in users and get an access token to call the Microsoft Graph API on their behalf.
active-directory Tutorial V2 Asp Webapp https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/tutorial-v2-asp-webapp.md
Title: "Tutorial: Create an ASP.NET web app that uses the Microsoft identity platform for authentication | Azure"-
+ Title: "Tutorial: Create an ASP.NET web app that uses the Microsoft identity platform for authentication"
description: In this tutorial, you build an ASP.NET web application that uses the Microsoft identity platform and OWIN middleware to enable user login.
active-directory Tutorial V2 Aspnet Daemon Web App https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/tutorial-v2-aspnet-daemon-web-app.md
Title: "Tutorial: Build a multi-tenant daemon that accesses Microsoft Graph business data | Azure"-
+ Title: "Tutorial: Build a multi-tenant daemon that accesses Microsoft Graph business data"
description: In this tutorial, learn how to call an ASP.NET web API protected by Azure Active Directory from a Windows desktop (WPF) application. The WPF client authenticates a user, requests an access token, and calls the web API.
active-directory Tutorial V2 Javascript Auth Code https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/tutorial-v2-javascript-auth-code.md
Title: "Tutorial: Create a JavaScript single-page app that uses auth code flow | Azure"-
+ Title: "Tutorial: Create a JavaScript single-page app that uses auth code flow"
description: In this tutorial, you create a JavaScript SPA that can sign in users and use the auth code flow to obtain an access token from the Microsoft identity platform and call the Microsoft Graph API.
active-directory Tutorial V2 Javascript Spa https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/tutorial-v2-javascript-spa.md
Title: "Tutorial: Create a JavaScript single-page app that uses the Microsoft identity platform for authentication | Azure"-
+ Title: "Tutorial: Create a JavaScript single-page app that uses the Microsoft identity platform for authentication"
description: In this tutorial, you build a JavaScript single-page app (SPA) that uses the Microsoft identity platform to sign in users and get an access token to call the Microsoft Graph API on their behalf.
active-directory Tutorial V2 Nodejs Console https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/tutorial-v2-nodejs-console.md
Title: "Tutorial: Call Microsoft Graph in a Node.js console app | Azure"-
+ Title: "Tutorial: Call Microsoft Graph in a Node.js console app"
description: In this tutorial, you build a console app for calling Microsoft Graph to a Node.js console app.
active-directory Tutorial V2 Nodejs Desktop https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/tutorial-v2-nodejs-desktop.md
Title: "Tutorial: Sign in users and call the Microsoft Graph API in an Electron desktop app | Azure"-
+ Title: "Tutorial: Sign in users and call the Microsoft Graph API in an Electron desktop app"
description: In this tutorial, you build an Electron desktop app that can sign in users and use the auth code flow to obtain an access token from the Microsoft identity platform and call the Microsoft Graph API.
active-directory Tutorial V2 Nodejs Webapp Msal https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/tutorial-v2-nodejs-webapp-msal.md
Title: "Tutorial: Sign in users in a Node.js & Express web app | Azure"-
+ Title: "Tutorial: Sign in users in a Node.js & Express web app"
description: In this tutorial, you add support for signing-in users in a web app.
active-directory Tutorial V2 React https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/tutorial-v2-react.md
Title: "Tutorial: Create a React single-page app that uses auth code flow | Azure"-
+ Title: "Tutorial: Create a React single-page app that uses auth code flow"
description: In this tutorial, you create a React SPA that can sign in users and use the auth code flow to obtain an access token from the Microsoft identity platform and call the Microsoft Graph API.
active-directory Tutorial V2 Shared Device Mode https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/tutorial-v2-shared-device-mode.md
Title: "Tutorial: Use shared-device mode with the Microsoft Authentication Library (MSAL) for Android | Azure"-
+ Title: "Tutorial: Use shared-device mode with the Microsoft Authentication Library (MSAL) for Android"
description: In this tutorial, you learn how to prepare an Android device to run in shared mode and run a first-line worker app.
active-directory Tutorial V2 Windows Desktop https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/tutorial-v2-windows-desktop.md
Title: "Tutorial: Create a Windows Presentation Foundation (WPF) app that uses the Microsoft identity platform for authentication | Azure"-
+ Title: "Tutorial: Create a Windows Presentation Foundation (WPF) app that uses the Microsoft identity platform for authentication"
description: In this tutorial, you build a WPF application that uses the Microsoft identity platform to sign in users and get an access token to call the Microsoft Graph API on their behalf.
active-directory Tutorial V2 Windows Uwp https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/tutorial-v2-windows-uwp.md
Title: "Tutorial: Create a Universal Windows Platform (UWP) app that uses the Microsoft identity platform for authentication | Azure"-
+ Title: "Tutorial: Create a Universal Windows Platform (UWP) app that uses the Microsoft identity platform for authentication"
description: In this tutorial, you build a UWP application that uses the Microsoft identity platform to sign in users and get an access token to call the Microsoft Graph API on their behalf.
active-directory Userinfo https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/userinfo.md
Title: Microsoft identity platform UserInfo endpoint | Azure-
+ Title: Microsoft identity platform UserInfo endpoint
description: Learn about the UserInfo endpoint on the Microsoft identity platform.
active-directory V2 App Types https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/v2-app-types.md
Title: Application types for the Microsoft identity platform | Azure
+ Title: Application types for the Microsoft identity platform
description: The types of apps and scenarios supported by the Microsoft identity platform.
active-directory V2 Conditional Access Dev Guide https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/v2-conditional-access-dev-guide.md
Title: Developer guidance for Azure Active Directory Conditional Access- description: Developer guidance and scenarios for Azure AD Conditional Access and Microsoft identity platform. keywords:
active-directory V2 Oauth Ropc https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/v2-oauth-ropc.md
Title: Sign in with resource owner password credentials grant | Azure-
+ Title: Sign in with resource owner password credentials grant
description: Support browser-less authentication flows using the resource owner password credential (ROPC) grant.
active-directory V2 Oauth2 Auth Code Flow https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/v2-oauth2-auth-code-flow.md
Title: Microsoft identity platform and OAuth 2.0 authorization code flow | Azure-
+ Title: Microsoft identity platform and OAuth 2.0 authorization code flow
description: Build web applications using the Microsoft identity platform implementation of the OAuth 2.0 authentication protocol.
active-directory V2 Oauth2 Client Creds Grant Flow https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/v2-oauth2-client-creds-grant-flow.md
Title: OAuth 2.0 client credentials flow on the Microsoft identity platform | Azure
+ Title: OAuth 2.0 client credentials flow on the Microsoft identity platform
description: Build web applications by using the Microsoft identity platform implementation of the OAuth 2.0 authentication protocol.
active-directory V2 Oauth2 Device Code https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/v2-oauth2-device-code.md
Title: OAuth 2.0 device code flow | Azure-
+ Title: OAuth 2.0 device code flow
description: Sign in users without a browser. Build embedded and browser-less authentication flows using the device authorization grant.
active-directory V2 Oauth2 Implicit Grant Flow https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/v2-oauth2-implicit-grant-flow.md
Title: OAuth 2.0 implicit grant flow - The Microsoft identity platform | Azure
+ Title: OAuth 2.0 implicit grant flow - The Microsoft identity platform
description: Secure single-page apps using Microsoft identity platform implicit flow.
active-directory V2 Oauth2 On Behalf Of Flow https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/v2-oauth2-on-behalf-of-flow.md
Title: Microsoft identity platform and OAuth2.0 On-Behalf-Of flow | Azure-
+ Title: Microsoft identity platform and OAuth2.0 On-Behalf-Of flow
description: This article describes how to use HTTP messages to implement service to service authentication using the OAuth2.0 On-Behalf-Of flow.
active-directory V2 Overview https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/v2-overview.md
Title: Microsoft identity platform overview - Azure- description: Learn about the components of the Microsoft identity platform and how they can help you build identity and access management (IAM) support into your applications.
active-directory V2 Protocols Oidc https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/v2-protocols-oidc.md
Title: Microsoft identity platform and OpenID Connect protocol | Azure-
+ Title: Microsoft identity platform and OpenID Connect protocol
description: Build web applications by using the Microsoft identity platform implementation of the OpenID Connect authentication protocol.
active-directory V2 Saml Bearer Assertion https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/v2-saml-bearer-assertion.md
Title: Exchange a SAML token issued by Active Directory Federation Services (AD FS) for a Microsoft Graph access token- description: Learn how to fetch data from Microsoft Graph without prompting an AD FS-federated user for credentials by using the SAML bearer assertion flow.
active-directory V2 Supported Account Types https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/v2-supported-account-types.md
Title: Supported account types | Azure
+ Title: Supported account types
description: Conceptual documentation about audiences and supported account types in applications
active-directory Web Api Quickstart https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/web-api-quickstart.md
Title: "Quickstart: Protect a web API with the Microsoft identity platform | Azure"-
+ Title: "Quickstart: Protect a web API with the Microsoft identity platform"
description: In this quickstart, you download and modify a code sample that demonstrates how to protect a web API by using the Microsoft identity platform for authorization.
active-directory Web App Quickstart https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/web-app-quickstart.md
Title: "Quickstart: Sign in users in web apps using the auth code flow"- description: In this quickstart, learn how a web app can sign in users of personal accounts, work accounts, and school accounts by using the authorization code flow.
active-directory Whats New Docs https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/whats-new-docs.md
Title: "What's new in the Microsoft identity platform docs"- description: "New and updated documentation for the Microsoft identity platform."
active-directory Workload Identities Overview https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/workload-identities-overview.md
Title: Workload identities - description: Understand the concepts and supported scenarios for using workload identity in Azure Active Directory.
active-directory Workload Identity Federation Create Trust Gcp https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/workload-identity-federation-create-trust-gcp.md
Title: Access Azure resources from Google Cloud without credentials- description: Access Azure AD protected resources from a service running in Google Cloud without using secrets or certificates. Use workload identity federation to set up a trust relationship between an app in Azure AD and an identity in Google Cloud. The workload running in Google Cloud can get an access token from Microsoft identity platform and access Azure AD protected resources.
active-directory Workload Identity Federation Create Trust Github https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/workload-identity-federation-create-trust-github.md
Title: Create a trust relationship between an app and GitHub- description: Set up a trust relationship between an app in Azure AD and a GitHub repo. This allows a GitHub Actions workflow to access Azure AD protected resources without using secrets or certificates.
active-directory Workload Identity Federation Create Trust https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/workload-identity-federation-create-trust.md
Title: Create a trust relationship between an app and an external identity provider- description: Set up a trust relationship between an app in Azure AD and an external identity provider. This allows a software workload outside of Azure to access Azure AD protected resources without using secrets or certificates.
active-directory Workload Identity Federation https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/workload-identity-federation.md
Title: Workload identity federation - description: Use workload identity federation to grant workloads running outside of Azure access to Azure AD protected resources without using secrets or certificates. This eliminates the need for developers to store and maintain long-lived secrets or certificates outside of Azure.
active-directory Zero Trust For Developers https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/zero-trust-for-developers.md
Title: "Increase app security by following Zero Trust principles"- description: Learn how following the Zero Trust principles can help increase the security of your application, its data, and which features of the Microsoft identity platform you can use to build Zero Trust-ready apps.
active-directory Azureadjoin Plan https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/devices/azureadjoin-plan.md
# How to: Plan your Azure AD join implementation
-Azure AD join allows you to join devices directly to Azure AD without the need to join to on-premises Active Directory while keeping your users productive and secure. Azure AD join is enterprise-ready for both at-scale and scoped deployments. SSO access to on-premises resources is also available to devices that are Azure AD joined. For more information, see [How SSO to on-premises resources works on Azure AD joined devices](azuread-join-sso.md).
+You can join devices directly to Azure Active Directory (Azure AD) without the need to join to on-premises Active Directory while keeping your users productive and secure. Azure AD join is enterprise-ready for both at-scale and scoped deployments. Single sign-on (SSO) access to on-premises resources is also available to devices that are Azure AD joined. For more information, see [How SSO to on-premises resources works on Azure AD joined devices](azuread-join-sso.md).
This article provides you with the information you need to plan your Azure AD join implementation.
To plan your Azure AD join implementation, you should familiarize yourself with:
## Review your scenarios
-While hybrid Azure AD join may be preferred for certain scenarios, Azure AD join enables you to transition towards a cloud-first model with Windows. If you're planning to modernize your devices management and reduce device-related IT costs, Azure AD join provides a great foundation towards achieving those goals.
+Azure AD join enables you to transition towards a cloud-first model with Windows. If you're planning to modernize your devices management and reduce device-related IT costs, Azure AD join provides a great foundation towards achieving those goals.
Consider Azure AD join if your goals align with the following criteria:
Consider Azure AD join if your goals align with the following criteria:
## Review your identity infrastructure
-Azure AD join works in managed and federated environments. We think most organizations will deploy hybrid Azure AD join with managed domains. Managed domain scenarios don't require configuring a federation server.
+Azure AD join works in managed and federated environments. We think most organizations will deploy with managed domains. Managed domain scenarios don't require configuring and managing a federation server like Active Directory Federation Services (AD FS).
### Managed environment
If your identity provider doesn't support these protocols, Azure AD join doesn't
> [!NOTE] > Currently, Azure AD join does not work with [AD FS 2019 configured with external authentication providers as the primary authentication method](/windows-server/identity/ad-fs/operations/additional-authentication-methods-ad-fs#enable-external-authentication-methods-as-primary). Azure AD join defaults to password authentication as the primary method, which results in authentication failures in this scenario
-### Smartcards and certificate-based authentication
-
-You can't use smartcards or certificate-based authentication to join devices to Azure AD. However, smartcards can be used to sign in to Azure AD joined devices if you have AD FS configured.
-
-**Recommendation:** Implement Windows Hello for Business for strong, password-less authentication to Windows 10 or newer.
- ### User configuration If you create users in your:
If you create users in your:
- **On-premises Active Directory**, you need to synchronize them to Azure AD using [Azure AD Connect](../hybrid/how-to-connect-sync-whatis.md). - **Azure AD**, no extra setup is required.
-On-premises UPNs that are different from Azure AD UPNs aren't supported on Azure AD joined devices. If your users use an on-premises UPN, you should plan to switch to using their primary UPN in Azure AD.
+On-premises user principal names (UPNs) that are different from Azure AD UPNs aren't supported on Azure AD joined devices. If your users use an on-premises UPN, you should plan to switch to using their primary UPN in Azure AD.
UPN changes are only supported starting Windows 10 2004 update. Users on devices with this update won't have any issues after changing their UPNs. For devices before the Windows 10 2004 update, users would have SSO and Conditional Access issues on their devices. They need to sign in to Windows through the "Other user" tile using their new UPN to resolve this issue.
Azure AD join:
### Management platform
-Device management for Azure AD joined devices is based on an MDM platform such as Intune, and MDM CSPs. Starting in Windows 10 there is a built-in MDM agent that works with all compatible MDM solutions.
+Device management for Azure AD joined devices is based on a mobile device management (MDM) platform such as Intune, and MDM CSPs. Starting in Windows 10 there's a built-in MDM agent that works with all compatible MDM solutions.
> [!NOTE] > Group policies are not supported in Azure AD joined devices as they are not connected to on-premises Active Directory. Management of Azure AD joined devices is only possible through MDM
Device management for Azure AD joined devices is based on an MDM platform such a
There are two approaches for managing Azure AD joined devices: - **MDM-only** - A device is exclusively managed by an MDM provider like Intune. All policies are delivered as part of the MDM enrollment process. For Azure AD Premium or EMS customers, MDM enrollment is an automated step that is part of an Azure AD join.-- **Co-management** - A device is managed by an MDM provider and SCCM. In this approach, the SCCM agent is installed on an MDM-managed device to administer certain aspects.
+- **Co-management** - A device is managed by an MDM provider and Microsoft Endpoint Configuration Manager. In this approach, the Microsoft Endpoint Configuration Manager agent is installed on an MDM-managed device to administer certain aspects.
If you're using Group Policies, evaluate your GPO and MDM policy parity by using [Group Policy analytics](/mem/intune/configuration/group-policy-analytics) in Microsoft Endpoint Manager.
Review supported and unsupported policies to determine whether you can use an MD
If your MDM solution isn't available through the Azure AD app gallery, you can add it following the process outlined in [Azure Active Directory integration with MDM](/windows/client-management/mdm/azure-active-directory-integration-with-mdm).
-Through co-management, you can use SCCM to manage certain aspects of your devices while policies are delivered through your MDM platform. Microsoft Intune enables co-management with SCCM. For more information on co-management for Windows 10 or newer devices, see [What is co-management?](/configmgr/core/clients/manage/co-management-overview). If you use an MDM product other than Intune, check with your MDM provider on applicable co-management scenarios.
+Through co-management, you can use Microsoft Endpoint Configuration Manager to manage certain aspects of your devices while policies are delivered through your MDM platform. Microsoft Intune enables co-management with Microsoft Endpoint Configuration Manager. For more information on co-management for Windows 10 or newer devices, see [What is co-management?](/configmgr/core/clients/manage/co-management-overview). If you use an MDM product other than Intune, check with your MDM provider on applicable co-management scenarios.
**Recommendation:** Consider MDM only management for Azure AD joined devices.
Before you can configure your mobility settings, you may have to add an MDM prov
**To add an MDM provider**:
-1. On the **Azure Active Directory page**, in the **Manage** section, click `Mobility (MDM and MAM)`.
-1. Click **Add application**.
+1. On the **Azure Active Directory page**, in the **Manage** section, select `Mobility (MDM and MAM)`.
+1. Select **Add application**.
1. Select your MDM provider from the list. :::image type="content" source="./media/azureadjoin-plan/04.png" alt-text="Screenshot of the Azure Active Directory Add an application page. Several M D M providers are listed." border="false":::
active-directory Device Management Azure Portal https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/devices/device-management-azure-portal.md
You must be assigned one of the following roles to view or manage device setting
- **Additional local administrators on Azure AD joined devices**: This setting allows you to select the users who are granted local administrator rights on a device. These users are added to the Device Administrators role in Azure AD. Global Administrators in Azure AD and device owners are granted local administrator rights by default. This option is a premium edition capability available through products like Azure AD Premium and Enterprise Mobility + Security. - **Users may register their devices with Azure AD**: You need to configure this setting to allow users to register Windows 10 or newer personal, iOS, Android, and macOS devices with Azure AD. If you select **None**, devices aren't allowed to register with Azure AD. Enrollment with Microsoft Intune or mobile device management for Microsoft 365 requires registration. If you've configured either of these services, **ALL** is selected and **NONE** is unavailable.-- **Require Multi-Factor Authentication to register or join devices with Azure AD**: This setting allows you to specify whether users are required to provide another authentication factor to join or register their devices to Azure AD. The default is **No**. We recommend that you require multifactor authentication when a device is registered or joined. Before you enable multifactor authentication for this service, you must ensure that multifactor authentication is configured for users that register their devices. For more information on Azure AD Multi-Factor Authentication services, see [getting started with Azure AD Multi-Factor Authentication](../authentication/concept-mfa-howitworks.md).
+- **Require Multi-Factor Authentication to register or join devices with Azure AD**: This setting allows you to specify whether users are required to provide another authentication factor to join or register their devices to Azure AD. The default is **No**. We recommend that you require multifactor authentication when a device is registered or joined. Before you enable multifactor authentication for this service, you must ensure that multifactor authentication is configured for users that register their devices. For more information on Azure AD Multi-Factor Authentication services, see [getting started with Azure AD Multi-Factor Authentication](../authentication/concept-mfa-howitworks.md). This setting may not work with third-party identity providers.
> [!NOTE] > The **Require Multi-Factor Authentication to register or join devices with Azure AD** setting applies to devices that are either Azure AD joined (with some exceptions) or Azure AD registered. This setting doesn't apply to hybrid Azure AD joined devices, [Azure AD joined VMs in Azure](./howto-vm-sign-in-azure-ad-windows.md#enabling-azure-ad-login-for-windows-vm-in-azure), or Azure AD joined devices that use [Windows Autopilot self-deployment mode](/mem/autopilot/self-deploying).
active-directory Howto Vm Sign In Azure Ad Windows https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/devices/howto-vm-sign-in-azure-ad-windows.md
If you've configured a Conditional Access policy that requires multi-factor auth
- Your credentials did not work.
-![Your credentials did not work](./media/howto-vm-sign-in-azure-ad-windows/your-credentials-did-not-work.png)
- > [!WARNING]
-> Per-user Enabled/Enforced Azure AD Multi-Factor Authentication is not supported for VM Sign-In. This setting causes Sign-in to fail with ΓÇ£Your credentials do not work.ΓÇ¥ error message.
+> Legacy per-user Enabled/Enforced Azure AD Multi-Factor Authentication is not supported for VM Sign-In. This setting causes Sign-in to fail with ΓÇ£Your credentials do not work.ΓÇ¥ error message.
+
+![Your credentials did not work](./media/howto-vm-sign-in-azure-ad-windows/your-credentials-did-not-work.png)
-You can resolve the above issue by removing the per user MFA setting, by following these steps:
+You can resolve the above issue by removing the per-user MFA setting, by following these steps:
```
active-directory Manage Stale Devices https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/devices/manage-stale-devices.md
Previously updated : 02/15/2022 Last updated : 06/01/2022
It isn't advisable to immediately delete a device that appears to be stale becau
### MDM-controlled devices
-If your device is under control of Intune or any other MDM solution, retire the device in the management system before disabling or deleting it.
+If your device is under control of Intune or any other MDM solution, retire the device in the management system before disabling or deleting it. For more information see the article [Remove devices by using wipe, retire, or manually unenrolling the device](/mem/intune/remote-actions/devices-wipe).
### System-managed devices
Any authentication where a device is being used to authenticate to Azure AD are
## Next steps
+Devices managed with Intune can be retired or wiped, for more information see the article [Remove devices by using wipe, retire, or manually unenrolling the device](/mem/intune/remote-actions/devices-wipe).
+ To get an overview of how to manage device in the Azure portal, see [managing devices using the Azure portal](device-management-azure-portal.md)
active-directory 7 Secure Access Conditional Access https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/fundamentals/7-secure-access-conditional-access.md
There may be times you want to block external users except a specific group. For
After confirming your settings using [report-only mode](../conditional-access/howto-conditional-access-insights-reporting.md), an administrator can move the **Enable policy** toggle from **Report-only** to **On**.
+### External partner access
+
+Conditional Access policies that target external users may interfere with service provider access, for example granular delegated admin privileges [Introduction to granular delegated admin privileges (GDAP)](/partner-center/gdap-introduction).
+ ## Implement Conditional Access Many common Conditional Access policies are documented. See the article [Common Conditional Access policies](../conditional-access/concept-conditional-access-policy-common.md) for other common policies you may want to adapt for external users.
active-directory Overview Identity Protection https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/identity-protection/overview-identity-protection.md
Previously updated : 06/15/2021 Last updated : 05/31/2022
The signals generated by and fed to Identity Protection, can be further fed into
## Why is automation important?
-In his [blog post in October of 2018](https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Eight-essentials-for-hybrid-identity-3-Securing-your-identity/ba-p/275843) Alex Weinert, who leads Microsoft's Identity Security and Protection team, explains why automation is so important when dealing with the volume of events:
+In the blog post *[Cyber Signals: Defending against cyber threats with the latest research, insights, and trends](https://www.microsoft.com/security/blog/2022/02/03/cyber-signals-defending-against-cyber-threats-with-the-latest-research-insights-and-trends/)* dated February 3, 2022 we shared a thread intelligence brief including the following statistics:
-> Each day, our machine learning and heuristic systems provide risk scores for 18 billion login attempts for over 800 million distinct accounts, 300 million of which are discernibly done by adversaries (entities like: criminal actors, hackers).
->
-> At Ignite last year, I spoke about the top 3 attacks on our identity systems. Here is the recent volume of these attacks
->
-> - **Breach replay**: 4.6BN attacks detected in May 2018
-> - **Password spray**: 350k in April 2018
-> - **Phishing**: This is hard to quantify exactly, but we saw 23M risk events in March 2018, many of which are phish related
+> * Analyzed ...24 trillion security signals combined with intelligence we track by monitoring more than 40 nation-state groups and over 140 threat groups...
+> * ...From January 2021 through December 2021, weΓÇÖve blocked more than 25.6 billion Azure AD brute force authentication attacks...
+This scale of signals and attacks requires some level of automation to be able to keep up.
## Risk detection and remediation Identity Protection identifies risks of many types, including:
Identity Protection identifies risks of many types, including:
- Password spray - and more...
-More detail on these and other risks including how or when they are calculated can be found in the article, [What is risk](concept-identity-protection-risks.md).
+More detail on these and other risks including how or when they're calculated can be found in the article, [What is risk](concept-identity-protection-risks.md).
The risk signals can trigger remediation efforts such as requiring users to: perform Azure AD Multi-Factor Authentication, reset their password using self-service password reset, or blocking until an administrator takes action.
More information can be found in the article, [How To: Investigate risk](howto-i
### Risk levels
-Identity Protection categorizes risk into three tiers: low, medium, and high.
+Identity Protection categorizes risk into tiers: low, medium, and high.
-While Microsoft does not provide specific details about how risk is calculated, we will say that each level brings higher confidence that the user or sign-in is compromised. For example, something like one instance of unfamiliar sign-in properties for a user might not be as threatening as leaked credentials for another user.
+While Microsoft doesn't provide specific details about how risk is calculated, we'll say that each level brings higher confidence that the user or sign-in is compromised. For example, something like one instance of unfamiliar sign-in properties for a user might not be as threatening as leaked credentials for another user.
## Exporting risk data
Data from Identity Protection can be exported to other tools for archive and fur
Information about integrating Identity Protection information with Microsoft Sentinel can be found in the article, [Connect data from Azure AD Identity Protection](../../sentinel/data-connectors-reference.md#azure-active-directory-identity-protection).
-Additionally, organizations can choose to store data for longer periods by changing diagnostic settings in Azure AD to send RiskyUsers and UserRiskEvents data to a Log Analytics workspace, archive data to a storage account, stream data to an Event Hub, or send data to a partner solution. Detailed information about how to do so can be found in the article, [How To: Export risk data](howto-export-risk-data.md).
+Additionally, organizations can choose to store data for longer periods by changing diagnostic settings in Azure AD to send RiskyUsers and UserRiskEvents data to a Log Analytics workspace, archive data to a storage account, stream data to Event Hubs, or send data to a partner solution. Detailed information about how to do so can be found in the article, [How To: Export risk data](howto-export-risk-data.md).
## Permissions
Identity Protection requires users be a Security Reader, Security Operator, Secu
| Security operator | View all Identity Protection reports and Overview blade <br><br> Dismiss user risk, confirm safe sign-in, confirm compromise | Configure or change policies <br><br> Reset password for a user <br><br> Configure alerts | | Security reader | View all Identity Protection reports and Overview blade | Configure or change policies <br><br> Reset password for a user <br><br> Configure alerts <br><br> Give feedback on detections |
-Currently, the security operator role cannot access the Risky sign-ins report.
+Currently, the security operator role can't access the Risky sign-ins report.
Conditional Access administrators can also create policies that factor in sign-in risk as a condition. Find more information in the article [Conditional Access: Conditions](../conditional-access/concept-conditional-access-conditions.md#sign-in-risk).
Conditional Access administrators can also create policies that factor in sign-i
[!INCLUDE [Active Directory P2 license](../../../includes/active-directory-p2-license.md)]
-| Capability | Details | Azure AD Free / Microsoft 365 Apps | Azure AD Premium P1|Azure AD Premium P2 |
+| Capability | Details | Azure AD Free / Microsoft 365 Apps | Azure AD Premium P1 | Azure AD Premium P2 |
| | | | | |
-| Risk policies | User risk policy (via Identity Protection) | No | No |Yes |
-| Risk policies | Sign-in risk policy (via Identity Protection or Conditional Access) | No | No |Yes |
-| Security reports | Overview | No | No |Yes |
-| Security reports | Risky users | Limited Information. Only users with medium and high risk are shown. No details drawer or risk history. | Limited Information. Only users with medium and high risk are shown. No details drawer or risk history. | Full access|
-| Security reports | Risky sign-ins | Limited Information. No risk detail or risk level is shown. | Limited Information. No risk detail or risk level is shown. | Full access|
-| Security reports | Risk detections | No | Limited Information. No details drawer.| Full access|
-| Notifications | Users at risk detected alerts | No | No |Yes |
-| Notifications | Weekly digest| No | No | Yes |
-| | MFA registration policy | No | No | Yes |
+| Risk policies | User risk policy (via Identity Protection) | No | No | Yes |
+| Risk policies | Sign-in risk policy (via Identity Protection or Conditional Access) | No | No | Yes |
+| Security reports | Overview | No | No | Yes |
+| Security reports | Risky users | Limited Information. Only users with medium and high risk are shown. No details drawer or risk history. | Limited Information. Only users with medium and high risk are shown. No details drawer or risk history. | Full access|
+| Security reports | Risky sign-ins | Limited Information. No risk detail or risk level is shown. | Limited Information. No risk detail or risk level is shown. | Full access |
+| Security reports | Risk detections | No | Limited Information. No details drawer.| Full access |
+| Notifications | Users at risk detected alerts | No | No | Yes |
+| Notifications | Weekly digest | No | No | Yes |
+| MFA registration policy | | No | No | Yes |
More information on these rich reports can be found in the article, [How To: Investigate risk](howto-identity-protection-investigate-risk.md#navigating-the-reports).
active-directory Access Panel Collections https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/manage-apps/access-panel-collections.md
Title: Create collections for My Apps portals-+ description: Use My Apps collections to Customize My Apps pages for a simpler My Apps experience for your users. Organize applications into groups with separate tabs.
active-directory Add Application Portal Assign Users https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/manage-apps/add-application-portal-assign-users.md
Title: 'Quickstart: Create and assign a user account'-+ description: Create a user account in your Azure Active Directory tenant and assign it to an application.
active-directory Add Application Portal Configure https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/manage-apps/add-application-portal-configure.md
Title: 'Configure enterprise application properties'-+ description: Configure the properties of an enterprise application in Azure Active Directory.
active-directory Add Application Portal Setup Oidc Sso https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/manage-apps/add-application-portal-setup-oidc-sso.md
Title: 'Add an OpenID Connect-based single sign-on application' description: Learn how to add OpenID Connect-based single sign-on application in Azure Active Directory.-+
active-directory Add Application Portal Setup Sso https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/manage-apps/add-application-portal-setup-sso.md
Title: 'Quickstart: Enable single sign-on for an enterprise application'-+ description: Enable single sign-on for an enterprise application in Azure Active Directory. -+ Last updated 09/21/2021-+ #Customer intent: As an administrator of an Azure AD tenant, I want to enable single sign-on for an enterprise application.
active-directory Add Application Portal https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/manage-apps/add-application-portal.md
Title: 'Quickstart: Add an enterprise application' description: Add an enterprise application in Azure Active Directory.-+
active-directory Admin Consent Workflow Faq https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/manage-apps/admin-consent-workflow-faq.md
Title: Frequently asked questions about the admin consent workflow-+ description: Find answers to frequently asked questions (FAQs) about the admin consent workflow.
active-directory Admin Consent Workflow Overview https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/manage-apps/admin-consent-workflow-overview.md
Title: Overview of admin consent workflow-+ description: Learn about the admin consent workflow in Azure Active Directory
active-directory App Management Powershell Samples https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/manage-apps/app-management-powershell-samples.md
Title: PowerShell samples in Application Management-+ description: These PowerShell samples are used for apps you manage in your Azure Active Directory tenant. You can use these sample scripts to find expiration information about secrets and certificates.
active-directory Application List https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/manage-apps/application-list.md
Title: Viewing apps using your tenant for identity management-+ description: Understand how to view all applications using your Azure Active Directory tenant for identity management.
active-directory Application Management Certs Faq https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/manage-apps/application-management-certs-faq.md
Title: Application Management certificates frequently asked questions-+ description: Learn answers to frequently asked questions (FAQ) about managing certificates for apps using Azure Active Directory as an Identity Provider (IdP).
active-directory Application Properties https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/manage-apps/application-properties.md
Title: 'Properties of an enterprise application'-+ description: Learn about the properties of an enterprise application in Azure Active Directory.
active-directory Application Sign In Other Problem Access Panel https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/manage-apps/application-sign-in-other-problem-access-panel.md
Title: Troubleshoot problems signing in to an application from My Apps portal-+ description: Troubleshoot problems signing in to an application from Azure AD My Apps
active-directory Application Sign In Problem Application Error https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/manage-apps/application-sign-in-problem-application-error.md
Title: Error message appears on app page after you sign in-+ description: How to resolve issues with Azure AD sign in when the app returns an error message.
active-directory Application Sign In Problem First Party Microsoft https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/manage-apps/application-sign-in-problem-first-party-microsoft.md
Title: Problems signing in to a Microsoft application-+ description: Troubleshoot common problems faced when signing in to first-party Microsoft Applications using Azure AD (like Microsoft 365).
active-directory Application Sign In Unexpected User Consent Error https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/manage-apps/application-sign-in-unexpected-user-consent-error.md
Title: Unexpected error when performing consent to an application-+ description: Discusses errors that can occur during the process of consenting to an application and what you can do about them
active-directory Application Sign In Unexpected User Consent Prompt https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/manage-apps/application-sign-in-unexpected-user-consent-prompt.md
Title: Unexpected consent prompt when signing in to an application-+ description: How to troubleshoot when a user sees a consent prompt for an application you have integrated with Azure AD that you did not expect
active-directory Assign App Owners https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/manage-apps/assign-app-owners.md
Title: Assign enterprise application owners-+ description: Learn how to assign owners to applications in Azure Active Directory documentationcenter: ''
active-directory Assign User Or Group Access Portal https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/manage-apps/assign-user-or-group-access-portal.md
Title: Assign users and groups-+ description: Learn how to assign and unassign users, and groups, for an app using Azure Active Directory for identity management.
active-directory Certificate Signing Options https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/manage-apps/certificate-signing-options.md
Title: Advanced certificate signing options in a SAML token-+ description: Learn how to use advanced certificate signing options in the SAML token for pre-integrated apps in Azure Active Directory
active-directory Cloud App Security https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/manage-apps/cloud-app-security.md
Title: App visibility and control with Microsoft Defender for Cloud Apps-+ description: Learn ways to identify app risk levels, stop breaches and leaks in real time, and use app connectors to take advantage of provider APIs for visibility and governance.
active-directory Configure Admin Consent Workflow https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/manage-apps/configure-admin-consent-workflow.md
Title: Configure the admin consent workflow-+ description: Learn how to configure a way for end users to request access to applications that require admin consent.
active-directory Configure Authentication For Federated Users Portal https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/manage-apps/configure-authentication-for-federated-users-portal.md
Title: Configure sign-in auto-acceleration using Home Realm Discovery-+ description: Learn how to force federated IdP acceleration for an application using Home Realm Discovery policy.
active-directory Configure Linked Sign On https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/manage-apps/configure-linked-sign-on.md
Title: Add linked single sign-on to an application description: Add linked single sign-on to an application in Azure Active Directory.-+
active-directory Configure Password Single Sign On Non Gallery Applications https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/manage-apps/configure-password-single-sign-on-non-gallery-applications.md
Title: Add password-based single sign-on to an application description: Add password-based single sign-on to an application in Azure Active Directory.-+
active-directory Configure Permission Classifications https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/manage-apps/configure-permission-classifications.md
Title: Configure permission classifications-+ description: Learn how to manage delegated permission classifications.
active-directory Configure Risk Based Step Up Consent https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/manage-apps/configure-risk-based-step-up-consent.md
Title: Configure risk-based step-up consent-+ description: Learn how to disable and enable risk-based step-up consent to reduce user exposure to malicious apps that make illicit consent requests.
active-directory Configure User Consent Groups https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/manage-apps/configure-user-consent-groups.md
Title: Configure group owner consent to apps accessing group data-+ description: Learn manage whether group and team owners can consent to applications that will have access to the group or team's data.
active-directory Configure User Consent https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/manage-apps/configure-user-consent.md
Title: Configure how users consent to applications-+ description: Learn how to manage how and when users can consent to applications that will have access to your organization's data.
active-directory Consent And Permissions Overview https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/manage-apps/consent-and-permissions-overview.md
Title: Overview of consent and permissions-+ description: Learn about the fundamental concepts of consents and permissions in Azure AD
active-directory Datawiza With Azure Ad https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/manage-apps/datawiza-with-azure-ad.md
Title: Secure hybrid access with Datawiza-+ description: Learn how to integrate Datawiza with Azure AD. See how to use Datawiza and Azure AD to authenticate users and give them access to on-premises and cloud apps.
active-directory Debug Saml Sso Issues https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/manage-apps/debug-saml-sso-issues.md
Title: Debug SAML-based single sign-on-+ description: Debug SAML-based single sign-on to applications in Azure Active Directory.
active-directory Delete Application Portal https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/manage-apps/delete-application-portal.md
Title: 'Quickstart: Delete an enterprise application' description: Delete an enterprise application in Azure Active Directory.-+
active-directory Disable User Sign In Portal https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/manage-apps/disable-user-sign-in-portal.md
Title: Disable how a how a user signs in-+ description: How to disable an enterprise application so that no users may sign in to it in Azure Active Directory
active-directory End User Experiences https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/manage-apps/end-user-experiences.md
Title: End-user experiences for applications-+ description: Azure Active Directory (Azure AD) provides several customizable ways to deploy applications to end users in your organization.
active-directory F5 Aad Integration https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/manage-apps/f5-aad-integration.md
Title: Secure hybrid access with F5-+ description: F5 BIG-IP Access Policy Manager and Azure Active Directory integration for Secure Hybrid Access
active-directory F5 Aad Password Less Vpn https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/manage-apps/f5-aad-password-less-vpn.md
Title: Configure F5 BIG-IP SSL-VPN solution in Azure AD-+ description: Tutorial to configure F5ΓÇÖs BIG-IP based Secure socket layer Virtual private network (SSL-VPN) solution with Azure Active Directory (AD) for Secure Hybrid Access (SHA)
active-directory F5 Bigip Deployment Guide https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/manage-apps/f5-bigip-deployment-guide.md
Title: Secure hybrid access with F5 deployment guide-+ description: Tutorial to deploy F5 BIG-IP Virtual Edition (VE) VM in Azure IaaS for Secure hybrid access
active-directory Grant Admin Consent https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/manage-apps/grant-admin-consent.md
Title: Grant tenant-wide admin consent to an application -+ description: Learn how to grant tenant-wide consent to an application so that end-users are not prompted for consent when signing in to an application.
active-directory Grant Consent Single User https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/manage-apps/grant-consent-single-user.md
Title: Grant consent on behalf of a single user description: Learn how to grant consent on behalf of a single user when user consent is disabled or restricted.-+
active-directory Hide Application From User Portal https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/manage-apps/hide-application-from-user-portal.md
Title: Hide an Enterprise application-+ description: How to hide an Enterprise application from user's experience in Azure Active Directory access portals or Microsoft 365 launchers.
active-directory Home Realm Discovery Policy https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/manage-apps/home-realm-discovery-policy.md
Title: Home Realm Discovery policy-+ description: Learn how to manage Home Realm Discovery policy for Azure Active Directory authentication for federated users, including auto-acceleration and domain hints.
active-directory Howto Saml Token Encryption https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/manage-apps/howto-saml-token-encryption.md
Title: SAML token encryption description: Learn how to configure Azure Active Directory SAML token encryption.-+
active-directory Manage App Consent Policies https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/manage-apps/manage-app-consent-policies.md
Title: Manage app consent policies description: Learn how to manage built-in and custom app consent policies to control when consent can be granted.-+
active-directory Manage Application Permissions https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/manage-apps/manage-application-permissions.md
Title: Review permissions granted to applications-+ description: Learn how to review and manage permissions for an application in Azure Active Directory.
active-directory Manage Consent Requests https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/manage-apps/manage-consent-requests.md
Title: Manage consent to applications and evaluate consent requests description: Learn how to manage consent requests when user consent is disabled or restricted, and how to evaluate a request for tenant-wide admin consent to an application in Azure Active Directory.-+
active-directory Manage Self Service Access https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/manage-apps/manage-self-service-access.md
Title: How to enable self-service application assignment-+ description: Enable self-service application access to allow users to find their own applications from their My Apps portal
active-directory Migrate Adfs Application Activity https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/manage-apps/migrate-adfs-application-activity.md
Title: Use the activity report to move AD FS apps to Azure Active Directory description: The Active Directory Federation Services (AD FS) application activity report lets you quickly migrate applications from AD FS to Azure Active Directory (Azure AD). This migration tool for AD FS identifies compatibility with Azure AD and gives migration guidance.-+
active-directory Migrate Adfs Apps To Azure https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/manage-apps/migrate-adfs-apps-to-azure.md
Title: Moving application authentication from AD FS to Azure Active Directory description: Learn how to use Azure Active Directory to replace Active Directory Federation Services (AD FS), giving users single sign-on to all their applications.-+
active-directory Migration Resources https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/manage-apps/migration-resources.md
Title: Resources for migrating apps to Azure Active Directory description: Resources to help you migrate application access and authentication to Azure Active Directory (Azure AD).-+
active-directory Myapps Overview https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/manage-apps/myapps-overview.md
Title: My Apps portal overview description: Learn about how to manage applications in the My Apps portal.-+
active-directory One Click Sso Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/manage-apps/one-click-sso-tutorial.md
Title: One-click, single sign-on (SSO) configuration of your Azure Marketplace application description: Steps for one-click configuration of SSO for your application from the Azure Marketplace.-+
active-directory Overview Application Gallery https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/manage-apps/overview-application-gallery.md
Title: Overview of the Azure Active Directory application gallery description: An overview of using the Azure Active Directory application gallery.-+
active-directory Overview Assign App Owners https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/manage-apps/overview-assign-app-owners.md
Title: Overview of enterprise application ownership-+ description: Learn about enterprise application ownership in Azure Active Directory
active-directory Plan An Application Integration https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/manage-apps/plan-an-application-integration.md
Title: Get started integrating Azure Active Directory with apps description: This article is a getting started guide for integrating Azure Active Directory (AD) with on-premises applications, and cloud applications.-+
active-directory Plan Sso Deployment https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/manage-apps/plan-sso-deployment.md
Title: Plan a single sign-on deployment description: Plan the deployment of single sign-on in Azure Active Directory.-+
active-directory Prevent Domain Hints With Home Realm Discovery https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/manage-apps/prevent-domain-hints-with-home-realm-discovery.md
Title: Prevent sign-in auto-acceleration using Home Realm Discovery policy-+ description: Learn how to prevent domain_hint auto-acceleration to federated IDPs.
active-directory Protect Against Consent Phishing https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/manage-apps/protect-against-consent-phishing.md
Title: Protecting against consent phishing-+ description: Learn ways of mitigating against app-based consent phishing attacks using Azure AD.
active-directory Review Admin Consent Requests https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/manage-apps/review-admin-consent-requests.md
Title: Review and take action on admin consent requests-+ description: Learn how to review and take action on admin consent requests that were created after you were designated as a reviewer.
active-directory Secure Hybrid Access Integrations https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/manage-apps/secure-hybrid-access-integrations.md
Title: Secure hybrid access with Azure AD partner integration description: Help customers discover and migrate SaaS applications into Azure AD and connect apps that use legacy authentication methods with Azure AD.-+
active-directory Secure Hybrid Access https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/manage-apps/secure-hybrid-access.md
Title: Secure hybrid access description: This article describes partner solutions for integrating your legacy on-premises, public cloud, or private cloud applications with Azure AD. -+
active-directory Silverfort Azure Ad Integration https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/manage-apps/silverfort-azure-ad-integration.md
Title: Secure hybrid access with Azure AD and Silverfort description: In this tutorial, learn how to integrate Silverfort with Azure AD for secure hybrid access -+
active-directory Tenant Restrictions https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/manage-apps/tenant-restrictions.md
Title: Use tenant restrictions to manage access to SaaS apps description: How to use tenant restrictions to manage which users can access apps based on their Azure AD tenant.-+
active-directory Troubleshoot App Publishing https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/manage-apps/troubleshoot-app-publishing.md
Title: Your sign-in was blocked description: Troubleshoot a blocked sign-in to the Microsoft Application Network portal. -+
active-directory Troubleshoot Password Based Sso https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/manage-apps/troubleshoot-password-based-sso.md
Title: Troubleshoot password-based single sign-on description: Troubleshoot issues with an Azure AD app that's configured for password-based single sign-on.-+
active-directory Troubleshoot Saml Based Sso https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/manage-apps/troubleshoot-saml-based-sso.md
Title: Troubleshoot SAML-based single sign-on description: Troubleshoot issues with an Azure AD app that's configured for SAML-based single sign-on.-+
active-directory Tutorial Govern Monitor https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/manage-apps/tutorial-govern-monitor.md
Title: "Tutorial: Govern and monitor applications"-+ description: In this tutorial, you learn how to govern and monitor an application in Azure Active Directory.
active-directory Tutorial Manage Access Security https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/manage-apps/tutorial-manage-access-security.md
Title: "Tutorial: Manage application access and security"-+ description: In this tutorial, you learn how to manage access to an application in Azure Active Directory and make sure it's secure.
active-directory Tutorial Manage Certificates For Federated Single Sign On https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/manage-apps/tutorial-manage-certificates-for-federated-single-sign-on.md
Title: "Tutorial: Manage federation certificates" description: In this tutorial, you'll learn how to customize the expiration date for your federation certificates, and how to renew certificates that will soon expire.-+
active-directory V2 Howto App Gallery Listing https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/manage-apps/v2-howto-app-gallery-listing.md
Title: Publish your application description: Learn how to publish your application in the Azure Active Directory application gallery. -+
active-directory View Applications Portal https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/manage-apps/view-applications-portal.md
Title: 'Quickstart: View enterprise applications' description: View the enterprise applications that are registered to use your Azure Active Directory tenant.-+
active-directory Ways Users Get Assigned To Applications https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/manage-apps/ways-users-get-assigned-to-applications.md
Title: Understand how users are assigned to apps description: Understand how users get assigned to an app that is using Azure Active Directory for identity management.-+
active-directory What Is Access Management https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/manage-apps/what-is-access-management.md
Title: Manage access to apps-+ description: Describes how Azure Active Directory enables organizations to specify the apps to which each user has access.
active-directory What Is Application Management https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/manage-apps/what-is-application-management.md
Title: What is application management? description: An overview of managing the lifecycle of an application in Azure Active Directory.-+
active-directory What Is Single Sign On https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/manage-apps/what-is-single-sign-on.md
Title: What is single sign-on? description: Learn about single sign-on for enterprise applications in Azure Active Directory.-+
aks Azure Disk Csi https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/aks/azure-disk-csi.md
Filesystem Size Used Avail Use% Mounted on
/dev/sdc 15G 46M 15G 1% /mnt/azuredisk ```
+## On-demand bursting
+
+On-demand disk bursting model allows disk bursts whenever its needs exceed its current capacity. This model incurs additional charges anytime the disk bursts. On-demand bursting is only available for premium SSDs larger than 512 GiB. For more information on premium SSDs provisioned IOPS and throughput per disk, see [Premium SSD size][az-premium-ssd]. Alternatively, credit-based bursting is where the disk will burst only if it has burst credits accumulated in its credit bucket. Credit-based bursting does not incur additional charges when the disk bursts. Credit-based bursting is only available for premium SSDs 512 GiB and smaller, and standard SSDs 1024 GiB and smaller. For more details on on-demand bursting, see [On-demand bursting][az-on-demand-bursting].
+
+> [!IMPORTANT]
+> The default `managed-csi-premium` storage class has on-demand bursting disabled and uses credit-based bursting. Any premium SSD dynamically created by a persistent volume claim based on the default `managed-csi-premium` storage class also has on-demand bursting disabled.
+
+To create a premium SSD persistent volume with [on-demand bursting][az-on-demand-bursting] enabled you can create a new storage class with the [enableBursting][csi-driver-parameters] parameter set to `true` as shown in the following YAML template. For more details on enabling on-demand bursting, see [On-demand bursting][az-on-demand-bursting]. For more details on building your own storage class with on-demand bursting enabled, see [Create a Burstable Managed CSI Premium Storage Class][create-burstable-storage-class].
+
+```yaml
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+ name: burstable-managed-csi-premium
+provisioner: disk.csi.azure.com
+parameters:
+ skuname: Premium_LRS
+ enableBursting: "true"
+reclaimPolicy: Delete
+volumeBindingMode: WaitForFirstConsumer
+allowVolumeExpansion: true
+```
+ ## Windows containers The Azure disk CSI driver supports Windows nodes and containers. If you want to use Windows containers, follow the [Windows containers quickstart][aks-quickstart-cli] to add a Windows node pool.
$ kubectl exec -it busybox-azuredisk-0 -- cat c:\mnt\azuredisk\data.txt # on Win
[kubernetes-storage-classes]: https://kubernetes.io/docs/concepts/storage/storage-classes/ [kubernetes-volumes]: https://kubernetes.io/docs/concepts/storage/persistent-volumes/ [managed-disk-pricing-performance]: https://azure.microsoft.com/pricing/details/managed-disks/
+[csi-driver-parameters]: https://github.com/kubernetes-sigs/azuredisk-csi-driver/blob/master/docs/driver-parameters.md
+[create-burstable-storage-class]: https://github.com/Azure-Samples/burstable-managed-csi-premium
<!-- LINKS - internal --> [azure-disk-volume]: azure-disk-volume.md
$ kubectl exec -it busybox-azuredisk-0 -- cat c:\mnt\azuredisk\data.txt # on Win
[az-feature-register]: /cli/azure/feature#az_feature_register [az-feature-list]: /cli/azure/feature#az_feature_list [az-provider-register]: /cli/azure/provider#az_provider_register
+[az-on-demand-bursting]: ../virtual-machines/disk-bursting.md#on-demand-bursting
+[enable-on-demand-bursting]: ../virtual-machines/disks-enable-bursting.md?tabs=azure-cli
+[az-premium-ssd]: ../virtual-machines/disks-types.md#premium-ssds
aks Control Kubeconfig Access https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/aks/control-kubeconfig-access.md
For enhanced security on access to AKS clusters, [integrate Azure Active Directo
<!-- LINKS - internal --> [aks-quickstart-cli]: ./learn/quick-kubernetes-deploy-cli.md [aks-quickstart-portal]: ./learn/quick-kubernetes-deploy-portal.md
-[aks-quickstart-powershell]: /learn/quick-kubernetes-deploy-powershell.md
+[aks-quickstart-powershell]: /azure/aks/learn/quick-kubernetes-deploy-powershell
[azure-cli-install]: /cli/azure/install-azure-cli [az-aks-get-credentials]: /cli/azure/aks#az_aks_get_credentials [azure-rbac]: ../role-based-access-control/overview.md
aks Open Service Mesh Troubleshoot https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/aks/open-service-mesh-troubleshoot.md
aks-osm-webhook-osm 1 102m
### Check for the service and the CA bundle of the Validating webhook ```azurecli-interactive
-kubectl get ValidatingWebhookConfiguration aks-osm-webhook-osm -o json | jq '.webhooks[0].clientConfig.service'
+kubectl get ValidatingWebhookConfiguration aks-osm-validator-mesh-osm -o json | jq '.webhooks[0].clientConfig.service'
``` A well configured Validating Webhook Configuration would look exactly like this:
aks Start Stop Cluster https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/aks/start-stop-cluster.md
If the `ProvisioningState` shows `Starting` that means your cluster hasn't fully
<!-- LINKS - internal --> [aks-quickstart-cli]: ./learn/quick-kubernetes-deploy-cli.md [aks-quickstart-portal]: ./learn/quick-kubernetes-deploy-portal.md
-[aks-quickstart-powershell]: /learn/quick-kubernetes-deploy-powershell.md
+[aks-quickstart-powershell]: /azure/aks/learn/quick-kubernetes-deploy-powershell
[install-azure-cli]: /cli/azure/install-azure-cli [az-extension-add]: /cli/azure/extension#az_extension_add [az-extension-update]: /cli/azure/extension#az_extension_update
api-management Api Management Howto Cache External https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/api-management/api-management-howto-cache-external.md
Title: Use an external cache in Azure API Management | Microsoft Docs
-description: Learn how to configure and use an external cache in Azure API Management. Using an external cache lets you overcome some limitations of the built-in cache.
+description: Learn how to configure and use an external Redis-compatible cache in Azure API Management. Using an external cache gives you more control and flexibility than the built-in cache.
documentationcenter: '' - - Previously updated : 04/26/2020+ Last updated : 05/19/2022 # Use an external Redis-compatible cache in Azure API Management
-In addition to utilizing the built-in cache, Azure API Management allows for caching responses in an external Redis-compatible cache, e.g. Azure Cache for Redis.
+In addition to utilizing the built-in cache, Azure API Management allows for caching responses in an external Redis-compatible cache, such as Azure Cache for Redis.
Using an external cache allows you to overcome a few limitations of the built-in cache: * Avoid having your cache periodically cleared during API Management updates * Have more control over your cache configuration
-* Cache more data than your API Management tier allows to
+* Cache more data than your API Management tier allows
* Use caching with the Consumption tier of API Management
-* Enable caching in the [API Management self-hosted gateways](self-hosted-gateway-overview.md)
+* Enable caching in the [API Management self-hosted gateway](self-hosted-gateway-overview.md)
For more detailed information about caching, see [API Management caching policies](api-management-caching-policies.md) and [Custom caching in Azure API Management](api-management-sample-cache-by-key.md).
To complete this tutorial, you need to:
## <a name="create-cache"> </a> Create Azure Cache for Redis
-This section explains how to create an Azure Cache for Redis in Azure. If you already have an Azure Cache for Redis, within or outside of Azure, you can <a href="#add-external-cache">skip</a> to the next section.
+This section explains how to create an Azure Cache for Redis in Azure. If you already have an Azure Cache for Redis, or another Redis-compatible cache within or outside of Azure, you can <a href="#add-external-cache">skip</a> to the next section.
[!INCLUDE [redis-cache-create](../azure-cache-for-redis/includes/redis-cache-create.md)] ## <a name="create-cache"> </a> Deploy Redis cache to Kubernetes
-For caching, self-hosted gateways rely exclusively on external caches. For caching to be effective self-hosted gateways and the cache they rely on must be located close to each other to minimize lookup and store latencies. Deploying a Redis cache into the same Kubernetes cluster or in a separate cluster nearby are the best options. Follow this [link](https://github.com/kubernetes/examples/tree/master/guestbook) to learn how to deploy Redis cache to a Kubernetes cluster.
+For a self-hosted gateway, caching requires an external cache. For caching to be effective, a self-hosted gateway and the cache it relies on must be located close to each other to minimize lookup and store latencies. Deploying a Redis cache into the same Kubernetes cluster or in a separate cluster nearby are the best options. Learn how to [deploy Redis cache to a Kubernetes cluster](https://github.com/kubernetes/examples/tree/master/guestbook).
## <a name="add-external-cache"> </a>Add an external cache
-Follow the steps below to add an external Azure Cache for Redis in Azure API Management.
+Follow the steps below to add an external Redis-compatible cache in Azure API Management. You can limit the cache to a specific gateway in your API Management instance.
![Screenshot that shows how to add an external Azure Cache for Redis in Azure API Management.](media/api-management-howto-cache-external/add-external-cache.png)
+### Use from setting
+
+The **Use from** setting in the configuration specifies the location of your API Management instance that will use the cache. Select one of the following:
+
+* The Azure region where the API Management instance is hosted (or one of the configured locations, if you have a [multi-region](api-management-howto-deploy-multi-region.md) deployment)
+
+* A self-hosted gateway location
+
+* **Default**, to configure the cache as the default for all gateway locations in the API Management instance
+
+ A cache used for **Default** will be overridden by a cache used for a specific matching region or location.
+
+ For example, consider an API Management instance that's hosted in the East US, Southeast Asia, and West Europe regions. There are two caches configured, one for **Default** and one for **Southeast Asia**. In this example, API Management in **Southeast Asia** will use its own cache, while the other two regions will use the **Default** cache entry.
+ > [!NOTE]
-> The **Use from** setting specifies an Azure region or a self-hosted gateway location that will use the configured cache. The caches configured as **Default** will be overridden by caches with a specific matching region or location value.
->
-> For example, if API Management is hosted in the East US, Southeast Asia and West Europe regions and there are two caches configured, one for **Default** and one for **Southeast Asia**, API Management in **Southeast Asia** will use its own cache, while the other two regions will use the **Default** cache entry.
+> You can configure the same external cache for more than one API Management instance. The API Management instances can be in the same or different regions. When sharing the cache for more than one instance, you must select **Default** in the **Use from** setting.
### Add an Azure Cache for Redis from the same subscription 1. Browse to your API Management instance in the Azure portal. 2. Select the **External cache** tab from the menu on the left.
-3. Click the **+ Add** button.
+3. Select the **+ Add** button.
4. Select your cache in the **Cache instance** dropdown field.
-5. Select **Default** or specify the desired region in the **Use from** dropdown field.
-6. Click **Save**.
+5. Select **Default** or specify the desired region in the [**Use from**](#use-from-setting) dropdown field.
+6. Select **Save**.
-### Add an Azure Cache for Redis hosted outside of the current Azure subscription or Azure in general
+### Add a Redis-compatible cache hosted outside of the current Azure subscription or Azure in general
1. Browse to your API Management instance in the Azure portal. 2. Select the **External cache** tab from the menu on the left.
-3. Click the **+ Add** button.
+3. Select the **+ Add** button.
4. Select **Custom** in the **Cache instance** dropdown field.
-5. Select **Default** or specify the desired region in the **Use from** dropdown field.
-6. Provide your Azure Cache for Redis connection string in the **Connection string** field.
-7. Click **Save**.
+5. Select **Default** or specify the desired region in the [**Use from**](#use-from-setting) dropdown field.
+6. Provide your Azure Cache for Redis (or Redis-compatible cache) connection string in the **Connection string** field.
+7. Select **Save**.
### Add a Redis cache to a self-hosted gateway 1. Browse to your API Management instance in the Azure portal. 2. Select the **External cache** tab from the menu on the left.
-3. Click the **+ Add** button.
+3. Select the **+ Add** button.
4. Select **Custom** in the **Cache instance** dropdown field.
-5. Specify the desired self-hosted gateway location or **Default** in the **Use from** dropdown field.
+5. Specify the desired self-hosted gateway location or **Default** in the [**Use from**](#use-from-setting) dropdown field.
6. Provide your Redis cache connection string in the **Connection string** field.
-7. Click **Save**.
+7. Select **Save**.
## Use the external cache
-Once the external cache is configured in Azure API Management, it can be used through caching policies. See [Add caching to improve performance in Azure API Management](api-management-howto-cache.md) for detailed steps.
+After adding a Redis-compatible cache, configure [caching policies](api-management-caching-policies.md) to enable response caching, or caching of values by key, in the external cache.
+
+For a detailed example, see [Add caching to improve performance in Azure API Management](api-management-howto-cache.md).
## <a name="next-steps"> </a>Next steps * For more information about caching policies, see [Caching policies][Caching policies] in the [API Management policy reference][API Management policy reference].
-* For information on caching items by key using policy expressions, see [Custom caching in Azure API Management](api-management-sample-cache-by-key.md).
+* To cache items by key using policy expressions, see [Custom caching in Azure API Management](api-management-sample-cache-by-key.md).
[API Management policy reference]: ./api-management-policies.md [Caching policies]: ./api-management-caching-policies.md
api-management Api Management Sample Cache By Key https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/api-management/api-management-sample-cache-by-key.md
description: Learn how to cache items by key in Azure API Management. You can mo
documentationcenter: '' - editor: ''-+ -- Previously updated : 12/15/2016 Last updated : 05/19/2022 # Custom caching in Azure API Management
-Azure API Management service has built-in support for [HTTP response caching](api-management-howto-cache.md) using the resource URL as the key. The key can be modified by request headers using the `vary-by` properties. This is useful for caching entire HTTP responses (also known as representations), but sometimes it is useful to just cache a portion of a representation. The new [cache-lookup-value](./api-management-caching-policies.md#GetFromCacheByKey) and [cache-store-value](./api-management-caching-policies.md#StoreToCacheByKey) policies provide the ability to store and retrieve arbitrary pieces of data from within policy definitions. This ability also adds value to the previously introduced [send-request](./api-management-advanced-policies.md#SendRequest) policy because you can now cache responses from external services.
+Azure API Management service has built-in support for [HTTP response caching](api-management-howto-cache.md) using the resource URL as the key. The key can be modified by request headers using the `vary-by` properties. This is useful for caching entire HTTP responses (also known as representations), but sometimes it's useful to just cache a portion of a representation. The [cache-lookup-value](./api-management-caching-policies.md#GetFromCacheByKey) and [cache-store-value](./api-management-caching-policies.md#StoreToCacheByKey) policies provide the ability to store and retrieve arbitrary pieces of data from within policy definitions. This ability also adds value to the [send-request](./api-management-advanced-policies.md#SendRequest) policy because you can cache responses from external services.
## Architecture
-API Management service uses a shared per-tenant data cache so that, as you scale up to multiple units you still get access to the same cached data. However, when working with a multi-region deployment there are independent caches within each of the regions. It is important to not treat the cache as a data store, where it is the only source of some piece of information. If you did, and later decided to take advantage of the multi-region deployment, then customers with users that travel may lose access to that cached data.
+API Management service uses a shared per-tenant internal data cache so that, as you scale up to multiple units, you still get access to the same cached data. However, when working with a multi-region deployment there are independent caches within each of the regions. It's important to not treat the cache as a data store, where it's the only source of some piece of information. If you did, and later decided to take advantage of the multi-region deployment, then customers with users that travel may lose access to that cached data.
+
+> [!NOTE]
+> The internal cache is not available in the **Consumption** tier of Azure API Management. You can [use an external Azure Cache for Redis](api-management-howto-cache-external.md) instead. An external cache allows for greater cache control and flexibility for API Management instances in all tiers.
## Fragment caching
-There are certain cases where responses being returned contain some portion of data that is expensive to determine and yet remains fresh for a reasonable amount of time. As an example, consider a service built by an airline that provides information relating flight reservations, flight status, etc. If the user is a member of the airlines points program, they would also have information relating to their current status and accumulated mileage. This user-related information might be stored in a different system, but it may be desirable to include it in responses returned about flight status and reservations. This can be done using a process called fragment caching. The primary representation can be returned from the origin server using some kind of token to indicate where the user-related information is to be inserted.
+There are certain cases where responses being returned contain some portion of data that is expensive to determine and yet remains fresh for a reasonable amount of time. As an example, consider a service built by an airline that provides information relating flight reservations, flight status, and so on. If the user is a member of the airlines points program, they would also have information relating to their current status and accumulated mileage. This user-related information might be stored in a different system, but it may be desirable to include it in responses returned about flight status and reservations. This can be done using a process called fragment caching. The primary representation can be returned from the origin server using some kind of token to indicate where the user-related information is to be inserted.
Consider the following JSON response from a backend API.
And secondary resource at `/userprofile/{userid}` that looks like,
{ "username" : "Bob Smith", "Status" : "Gold" } ```
-To determine the appropriate user information to include, API Management needs to identify who the end user is. This mechanism is implementation-dependent. As an example, I am using the `Subject` claim of a `JWT` token.
+To determine the appropriate user information to include, API Management needs to identify who the end user is. This mechanism is implementation-dependent. The following example uses the `Subject` claim of a `JWT` token.
```xml <set-variable
To avoid API Management from making this HTTP request again, when the same user
value="@((string)context.Variables["userprofile"])" duration="100000" /> ```
-API Management stores the value in the cache using the exact same key that API Management originally attempted to retrieve it with. The duration that API Management chooses to store the value should be based on how often the information changes and how tolerant users are to out-of-date information.
+API Management stores the value in the cache using the same key that API Management originally attempted to retrieve it with. The duration that API Management chooses to store the value should be based on how often the information changes and how tolerant users are to out-of-date information.
-It is important to realize that retrieving from the cache is still an out-of-process, network request and potentially can still add tens of milliseconds to the request. The benefits come when determining the user profile information takes longer than that due to needing to do database queries or aggregate information from multiple back-ends.
+It is important to realize that retrieving from the cache is still an out-of-process network request and potentially can add tens of milliseconds to the request. The benefits come when determining the user profile information takes longer than that due to needing to do database queries or aggregate information from multiple back-ends.
The final step in the process is to update the returned response with the user profile information.
The final step in the process is to update the returned response with the user p
to="@((string)context.Variables["userprofile"])" /> ```
-You can chose to include the quotation marks as part of the token so that even when the replace doesnΓÇÖt occur, the response is still a valid JSON.
+You can choose to include the quotation marks as part of the token so that even when the replacement doesnΓÇÖt occur, the response is still a valid JSON.
-Once you combine all these steps together, the end result is a policy that looks like the following one.
+Once you combine these steps, the end result is a policy that looks like the following one.
```xml <policies>
Once you combine all these steps together, the end result is a policy that looks
</policies> ```
-This caching approach is primarily used in web sites where HTML is composed on the server side so that it can be rendered as a single page. It can also be useful in APIs where clients cannot do client-side HTTP caching or it is desirable not to put that responsibility on the client.
+This caching approach is primarily used in websites where HTML is composed on the server side so that it can be rendered as a single page. It can also be useful in APIs where clients can't do client-side HTTP caching or it's desirable not to put that responsibility on the client.
This same kind of fragment caching can also be done on the backend web servers using a Redis caching server, however, using the API Management service to perform this work is useful when the cached fragments are coming from different back-ends than the primary responses. ## Transparent versioning
-It is common practice for multiple different implementation versions of an API to be supported at any one time. For example, to support different environments (dev, test, production, etc.) or to support older versions of the API to give time for API consumers to migrate to newer versions.
+It's common practice for multiple different implementation versions of an API to be supported at any one time. For example, to support different environments (dev, test, production, etc.) or to support older versions of the API to give time for API consumers to migrate to newer versions.
-One approach to handling this, instead of requiring client developers to change the URLs from `/v1/customers` to `/v2/customers` is to store in the consumerΓÇÖs profile data which version of the API they currently wish to use and call the appropriate backend URL. To determine the correct backend URL to call for a particular client, it is necessary to query some configuration data. By caching this configuration data, API Management can minimize the performance penalty of doing this lookup.
+One approach to handling this, instead of requiring client developers to change the URLs from `/v1/customers` to `/v2/customers` is to store in the consumerΓÇÖs profile data which version of the API they currently wish to use and call the appropriate backend URL. To determine the correct backend URL to call for a particular client, it's necessary to query some configuration data. By caching this configuration data, API Management can minimize the performance penalty of doing this lookup.
The first step is to determine the identifier used to configure the desired version. In this example, I chose to associate the version to the product subscription key.
key="@("clientversion-" + context.Variables["clientid"])"
variable-name="clientversion" /> ```
-Then, API Management checks to see if it did not find it in the cache.
+Then, API Management checks to see if it didn't find it in the cache.
```xml <choose>
api-management Graphql Api https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/api-management/graphql-api.md
If you want to import a GraphQL schema and set up field resolvers using REST or
|-|-| | **Display name** | The name by which your GraphQL API will be displayed. | | **Name** | Raw name of the GraphQL API. Automatically populates as you type the display name. |
- | **GraphQL API endpoint** | The base URL with your GraphQL API endpoint name. <br /> For example: *`https://example.com/your-GraphQL-name`*. You can also use a common ["Star Wars" GraphQL endpoint](https://swapi-graphql.azure-api.net/graphql) as a demo. |
+ | **GraphQL API endpoint** | The base URL with your GraphQL API endpoint name. <br /> For example: *`https://example.com/your-GraphQL-name`*. You can also use a common "Star Wars" GraphQL endpoint such as `https://swapi-graphql.azure-api.net/graphql` as a demo. |
| **Upload schema** | Optionally select to browse and upload your schema file to replace the schema retrieved from the GraphQL endpoint (if available). | | **Description** | Add a description of your API. | | **URL scheme** | Select **HTTP**, **HTTPS**, or **Both**. Default selection: *Both*. |
app-service Tutorial Connect Msi Sql Database https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/app-service/tutorial-connect-msi-sql-database.md
The steps you follow for your project depends on whether you're using [Entity Fr
1. In Visual Studio, open the Package Manager Console and add the NuGet package [Azure.Identity](https://www.nuget.org/packages/Azure.Identity) and update Entity Framework: ```powershell
- Install-Package Azure.Identity -Version 1.5.0
+ Install-Package Azure.Identity
Update-Package EntityFramework ```- 1. In your DbContext object (in *Models/MyDbContext.cs*), add the following code to the default constructor. ```csharp
app-service Webjobs Dotnet Deploy Vs https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/app-service/webjobs-dotnet-deploy-vs.md
Deploy a project as a WebJob by itself, or link it to a web project so that it a
### Prerequisites
-Install Visual Studio 2017 or Visual Studio 2019 with the [Azure development workload](/visualstudio/install/install-visual-studio#step-4choose-workloads).
+Install Visual Studio 2022 with the [Azure development workload](/visualstudio/install/install-visual-studio#step-4choose-workloads).
### <a id="convert"></a> Enable WebJobs deployment for an existing console app project
If you enable **Always on** in Azure, you can use Visual Studio to change the We
1. In **Solution Explorer**, right-click the project and select **Publish**.
-1. In the **Publish** tab, choose **Edit**.
+1. In the **Settings** section, choose **Show all settings**.
1. In the **Profile settings** dialog box, choose **Continuous** for **WebJob Type**, and then choose **Save**.
app-service Webjobs Sdk Get Started https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/app-service/webjobs-sdk-get-started.md
Get started with the Azure WebJobs SDK for Azure App Service to enable your web apps to run background tasks, scheduled tasks, and respond to events.
-Use Visual Studio 2019 to create a .NET core console app that uses the WebJobs SDK to respond to Azure Storage Queue messages, run the project locally, and finally deploy it to Azure.
+Use Visual Studio 2022 to create a .NET Core console app that uses the WebJobs SDK to respond to Azure Storage Queue messages, run the project locally, and finally deploy it to Azure.
In this tutorial, you will learn how to:
In this tutorial, you will learn how to:
## Prerequisites
-* Visual Studio 2019 with the **Azure development** workload. [Install Visual Studio 2019](/visualstudio/install/).
+* Visual Studio 2022 with the **Azure development** workload. [Install Visual Studio 2022](/visualstudio/install/).
* An Azure account with an active subscription. [Create an account for free](https://azure.microsoft.com/free/dotnet). ## Create a console app
-In this section, you start by creating a project in Visual Studio 2019. Next, you'll add tools for Azure development, code publishing, and functions that listen for triggers and call functions. Last, you'll set up console logging that disables a legacy monitoring tool and enables a console provider with default filtering.
+In this section, you start by creating a project in Visual Studio 2022. Next, you'll add tools for Azure development, code publishing, and functions that listen for triggers and call functions. Last, you'll set up console logging that disables a legacy monitoring tool and enables a console provider with default filtering.
>[!NOTE]
->The procedures in this article are verified for creating a .NET Core console app that runs on .NET Core 3.1.
+>The procedures in this article are verified for creating a .NET Core console app that runs on .NET 6.0.
### Create a project
In this section, you start by creating a project in Visual Studio 2019. Next, yo
1. Under **Configure your new project**, name the project *WebJobsSDKSample*, and then select **Next**.
-1. Choose your **Target framework** and select **Create**. This tutorial has been verified using .NET Core 3.1.
+1. Choose your **Target framework** and select **Create**. This tutorial has been verified using .NET 6.0.
### Install WebJobs NuGet packages Install the latest WebJobs NuGet package. This package includes Microsoft.Azure.WebJobs (WebJobs SDK), which lets you publish your function code to WebJobs in Azure App Service.
-1. Get the latest stable 3.x version of the [Microsoft.Azure.WebJobs.Extensions NuGet package](https://www.nuget.org/packages/Microsoft.Azure.WebJobs.Extensions/).
+1. Get the latest stable 4.x version of the [Microsoft.Azure.WebJobs.Extensions NuGet package](https://www.nuget.org/packages/Microsoft.Azure.WebJobs.Extensions/).
2. In Visual Studio, go to **Tools** > **NuGet Package Manager**. 3. Select **Package Manager Console**. You'll see a list of NuGet cmdlets, a link to documentation, and a `PM>` entry point.
-4. In the following command, replace `<3_X_VERSION>` with the current version number you found in step 1.
+4. In the following command, replace `<4_X_VERSION>` with the current version number you found in step 1.
```powershell
- Install-Package Microsoft.Azure.WebJobs.Extensions -version <3_X_VERSION>
+ Install-Package Microsoft.Azure.WebJobs.Extensions -version <4_X_VERSION>
``` 5. In the **Package Manager Console**, execute the command. The extension list appears and automatically installs.
Install the latest WebJobs NuGet package. This package includes Microsoft.Azure.
The host is the runtime container for functions that listens for triggers and calls functions. The following steps create a host that implements [`IHost`](/dotnet/api/microsoft.extensions.hosting.ihost), which is the Generic Host in ASP.NET Core.
-1. Select the **Program.cs** tab and add these `using` statements:
+1. Select the **Program.cs** tab, remove the existing contents, and add these `using` statements:
```cs using System.Threading.Tasks; using Microsoft.Extensions.Hosting; ```
-1. Also under **Program.cs**, replace the `Main` method with the following code:
+1. Also under **Program.cs**, add the following code:
```cs
- static async Task Main()
+ namespace WebJobsSDKSample
{
- var builder = new HostBuilder();
- builder.ConfigureWebJobs(b =>
+ class Program
+ {
+ static async Task Main()
+ {
+ var builder = new HostBuilder();
+ builder.ConfigureWebJobs(b =>
{ b.AddAzureStorageCoreServices(); });
- var host = builder.Build();
- using (host)
- {
- await host.RunAsync();
+ var host = builder.Build();
+ using (host)
+ {
+ await host.RunAsync();
+ }
+ }
} } ```
Set up console logging that uses the [ASP.NET Core logging framework](/aspnet/co
1. Get the latest stable version of the [`Microsoft.Extensions.Logging.Console` NuGet package](https://www.nuget.org/packages/Microsoft.Extensions.Logging.Console/), which includes `Microsoft.Extensions.Logging`.
-2. In the following command, replace `<3_X_VERSION>` with the current version number you found in step 1. Each type of NuGet Package has a unique version number.
+2. In the following command, replace `<6_X_VERSION>` with the current version number you found in step 1. Each type of NuGet Package has a unique version number.
```powershell
- Install-Package Microsoft.Extensions.Logging.Console -version <3_X_VERSION>
+ Install-Package Microsoft.Extensions.Logging.Console -version <6_X_VERSION>
``` 3. In the **Package Manager Console**, fill in the current version number and execute the command. The extension list appears and automatically installs.
Starting with version 3 of the WebJobs SDK, to connect to Azure Storage services
>[!NOTE] > Beginning with 5.x, Microsoft.Azure.WebJobs.Extensions.Storage has been [split by storage service](https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/storage/Microsoft.Azure.WebJobs.Extensions.Storage/CHANGELOG.md#major-changes-and-features) and has migrated the `AddAzureStorage()` extension method by service type.
-1. Get the latest stable version of the [Microsoft.Azure.WebJobs.Extensions.Storage](https://www.nuget.org/packages/Microsoft.Azure.WebJobs.Extensions.Storage) NuGet package, version 3.x.
+1. Get the latest stable version of the [Microsoft.Azure.WebJobs.Extensions.Storage](https://www.nuget.org/packages/Microsoft.Azure.WebJobs.Extensions.Storage) NuGet package, version 5.x.
-1. In the following command, replace `<3_X_VERSION>` with the current version number you found in step 1. Each type of NuGet Package has a unique version number.
+1. In the following command, replace `<5_X_VERSION>` with the current version number you found in step 1. Each type of NuGet Package has a unique version number.
```powershell
- Install-Package Microsoft.Azure.WebJobs.Extensions.Storage -Version <3_X_VERSION>
+ Install-Package Microsoft.Azure.WebJobs.Extensions.Storage -Version <5_X_VERSION>
``` 1. In the **Package Manager Console**, execute the command with the current version number at the `PM>` entry point.
-1. Continuing in **Program.cs**, in the `ConfigureWebJobs` extension method, add the `AddAzureStorage` method on the [`HostBuilder`](/dotnet/api/microsoft.extensions.hosting.hostbuilder) instance (before the `Build` command) to initialize the Storage extension. At this point, the `ConfigureWebJobs` method looks like this:
+1. Continuing in **Program.cs**, in the `ConfigureWebJobs` extension method, add the `AddAzureStorageQueues` method on the [`HostBuilder`](/dotnet/api/microsoft.extensions.hosting.hostbuilder) instance (before the `Build` command) to initialize the Storage extension. At this point, the `ConfigureWebJobs` method looks like this:
```cs builder.ConfigureWebJobs(b => { b.AddAzureStorageCoreServices();
- b.AddAzureStorage();
+ b.AddAzureStorageQueues();
}); ``` 1. Add the following code in the `Main` method after the `builder` is instantiated:
Starting with version 3 of the WebJobs SDK, to connect to Azure Storage services
builder.ConfigureWebJobs(b => { b.AddAzureStorageCoreServices();
- b.AddAzureStorage();
+ b.AddAzureStorageQueues();
}); var host = builder.Build(); using (host)
Because this file contains a connection string secret, you shouldn't store the f
Build and run the project locally and create a message queue to trigger the function.
-1. In **Cloud Explorer** in Visual Studio, expand the node for your new storage account, and then right-click **Queues**.
-
-1. Select **Create Queue**.
-
-1. Enter *queue* as the name for the queue, and then select **OK**.
-
- ![Screenshot that shows where you create the queue and name it "queue". ](./media/webjobs-sdk-get-started/create-queue.png)
-
-1. Right-click the node for the new queue, and then select **Open**.
+1. In the Azure portal, navigate to your storage account and select the **Queues** tab (1). Select **+ Queue** (2) and enter **queue** as the Queue name (3). Then, select **OK** (4).
-1. Select the **Add Message** icon.
+ ![This image shows how to create a new Azure Storage Queue.](./media/webjobs-sdk-get-started/create-queue-azure-storage.png "New Azure Storage Queue")
- ![Screenshot that highlights the Add Message icon.](./media/webjobs-sdk-get-started/create-queue-message.png)
+2. Click the new queue and select **Add message**.
-1. In the **Add Message** dialog, enter *Hello World!* as the **Message text**, and then select **OK**. There is now a message in the queue.
+3. In the **Add Message** dialog, enter *Hello World!* as the **Message text**, and then select **OK**. There is now a message in the queue.
![Create queue](./media/webjobs-sdk-get-started/hello-world-text.png)
-1. Press **Ctrl+F5** to run the project.
+4. Press **Ctrl+F5** to run the project.
The console shows that the runtime found your function. Because you used the `QueueTrigger` attribute in the `ProcessQueueMessage` function, the WebJobs runtime listens for messages in the queue named `queue`. When it finds a new message in this queue, the runtime calls the function, passing in the message string value.
-1. Go back to the **Queue** window and refresh it. The message is gone, since it has been processed by your function running locally.
+5. Go back to the **Queue** window and refresh it. The message is gone, since it has been processed by your function running locally.
-1. Close the console window.
+6. Close the console window.
It's now time to publish your WebJobs SDK project to Azure. ## <a name="deploy-as-a-webjob"></a>Deploy to Azure
-During deployment, you create an app service instance where you'll run your functions. When you publish a .NET Core console app to App Service in Azure, it automatically runs as a WebJob. To learn more about publishing, see [Develop and deploy WebJobs using Visual Studio](webjobs-dotnet-deploy-vs.md).
+During deployment, you create an app service instance where you'll run your functions. When you publish a .NET console app to App Service in Azure, it automatically runs as a WebJob. To learn more about publishing, see [Develop and deploy WebJobs using Visual Studio](webjobs-dotnet-deploy-vs.md).
### Create Azure resources
For a continuous WebJob, you should enable the Always on setting in the site so
With the web app created in Azure, it's time to publish the WebJobs project.
-1. In the **Publish** page under **Hosting**, select the edit button and change the **WebJob Type** to `Continuous` and select **Save**. This makes sure that the WebJob is running when messages are added to the queue. Triggered WebJobs are typically used only for manual webhooks.
+1. In the **Publish** page under **Hosting**, select the edit button and change the **WebJob Type** to `Continuous` and select **Save**. This makes sure that the WebJob is running when messages are added to the queue. Triggered WebJobs are typically used only for manual webhooks.
-1. Select the **Publish** button at the top right corner of the **Publish** page. When the operation completes, your WebJob is running on Azure.
+ ![Change WebJob type from the VS 2022 Publish window.](./media/webjobs-sdk-get-started/change-webjob-type.png)
++
+2. Select the **Publish** button at the top right corner of the **Publish** page. When the operation completes, your WebJob is running on Azure.
### Create a storage connection app setting
This initializes the Application Insights logging provider with default [filteri
1. In **Solution Explorer**, right-click the project and select **Publish**.
-1. As before, use **Cloud Explorer** in Visual Studio to create a queue message like you did [earlier](#test-locally), except enter *Hello App Insights!* as the message text.
+1. As before, use the Azure portal to create a queue message like you did [earlier](#test-locally), except enter *Hello App Insights!* as the message text.
1. In your **Publish** profile page, select the three dots above **Hosting** to show **Hosting profile section actions** and choose **Open in Azure Portal**.
This initializes the Application Insights logging provider with default [filteri
Bindings simplify code that reads and writes data. Input bindings simplify code that reads data. Output bindings simplify code that writes data.
-### Add input binding
+### Add bindings
+
+Input bindings simplify code that reads data. For this example, the queue message is the name of a blob, which you'll use to find and read a blob in Azure Storage. You will then use output bindings to write a copy of the file to the same container.
+
+1. In **Functions.cs**, add a `using`:
-Input bindings simplify code that reads data. For this example, the queue message is the name of a blob, which you'll use to find and read a blob in Azure Storage.
+ ```cs
+ using System.IO;
+ ```
-1. In *Functions.cs*, replace the `ProcessQueueMessage` method with the following code:
+2. Replace the `ProcessQueueMessage` method with the following code:
```cs public static void ProcessQueueMessage( [QueueTrigger("queue")] string message, [Blob("container/{queueTrigger}", FileAccess.Read)] Stream myBlob,
+ [Blob("container/copy-{queueTrigger}", FileAccess.Write)] Stream outputBlob,
ILogger logger) { logger.LogInformation($"Blob name:{message} \n Size: {myBlob.Length} bytes");
+ myBlob.CopyTo(outputBlob);
} ```-
+
In this code, `queueTrigger` is a [binding expression](../azure-functions/functions-bindings-expressions-patterns.md), which means it resolves to a different value at runtime. At runtime, it has the contents of the queue message.
-1. Add a `using`:
+ This code uses output bindings to create a copy of the file identified by the queue message. The file copy is prefixed with *copy-*.
- ```cs
- using System.IO;
- ```
+3. In **Program.cs**, in the `ConfigureWebJobs` extension method, add the `AddAzureStorageBlobs` method on the [`HostBuilder`](/dotnet/api/microsoft.extensions.hosting.hostbuilder) instance (before the `Build` command) to initialize the Storage extension. At this point, the `ConfigureWebJobs` method looks like this:
+
+ ```cs
+ builder.ConfigureWebJobs(b =>
+ {
+ b.AddAzureStorageCoreServices();
+ b.AddAzureStorageQueues();
+ b.AddAzureStorageBlobs();
+ });
+ ```
-1. Create a blob container in your storage account.
+4. Create a blob container in your storage account.
- a. In **Cloud Explorer** in Visual Studio, expand the node for your storage account, right-click **Blobs**, and then select **Create Blob Container**.
+ a. In the Azure portal, navigate to the **Containers** tab below **Data storage** and select **+ Container**
- b. In the **Create Blob Container** dialog, enter *container* as the container name, and then select **OK**.
+ b. In the **New container** dialog, enter *container* as the container name, and then select **Create**.
-1. Upload the *Program.cs* file to the blob container. (This file is used here as an example; you could upload any text file and create a queue message with the file's name.)
+5. Upload the *Program.cs* file to the blob container. (This file is used here as an example; you could upload any text file and create a queue message with the file's name.)
- a. In **Cloud Explorer**, double-click the node for the container you created.
+ a. Select the new container you created
- b. In the **Container** window, select the **Upload** button.
+ b. Select the **Upload** button.
![Blob upload button](./media/webjobs-sdk-get-started/blob-upload-button.png) c. Find and select *Program.cs*, and then select **OK**.
-1. Create a queue message in the queue you created earlier, with *Program.cs* as the text of the message.
-
- ![Queue message Program.cs](./media/webjobs-sdk-get-started/queue-msg-program-cs.png)
-
-1. Run the project locally.
-
- The queue message triggers the function, which then reads the blob and logs its length. The console output looks like this:
-
- ```console
- Found the following functions:
- ConsoleApp1.Functions.ProcessQueueMessage
- Job host started
- Executing 'Functions.ProcessQueueMessage' (Reason='New queue message detected on 'queue'.', Id=5a2ac479-de13-4f41-aae9-1361f291ff88)
- Blob name:Program.cs
- Size: 532 bytes
- Executed 'Functions.ProcessQueueMessage' (Succeeded, Id=5a2ac479-de13-4f41-aae9-1361f291ff88)
- ```
-### Add an output binding
-
-Output bindings simplify code that writes data. This example modifies the previous one by writing a copy of the blob instead of logging its size. Blob storage bindings are included in the Azure Storage extension package that we installed previously.
-
-1. Replace the `ProcessQueueMessage` method with the following code:
-
- ```cs
- public static void ProcessQueueMessage(
- [QueueTrigger("queue")] string message,
- [Blob("container/{queueTrigger}", FileAccess.Read)] Stream myBlob,
- [Blob("container/copy-{queueTrigger}", FileAccess.Write)] Stream outputBlob,
- ILogger logger)
- {
- logger.LogInformation($"Blob name:{message} \n Size: {myBlob.Length} bytes");
- myBlob.CopyTo(outputBlob);
- }
- ```
-
-1. Create another queue message with *Program.cs* as the text of the message.
-
-1. Run the project locally.
-
- The queue message triggers the function, which then reads the blob, logs its length, and creates a new blob. The console output is the same, but when you go to the blob container window and select **Refresh**, you see a new blob named *copy-Program.cs.*
- ### Republish the project 1. In **Solution Explorer**, right-click the project and select **Publish**. 1. In the **Publish** dialog, make sure that the current profile is selected and then select **Publish**. Results of the publish are detailed in the **Output** window.
-1. Verify the function in Azure by again uploading a file to the blob container and adding a message to the queue that is the name of the uploaded file. You see the message get removed from the queue and a copy of the file created in the blob container.
+1. Create a queue message in the queue you created earlier, with *Program.cs* as the text of the message.
+
+ ![Queue message Program.cs](./media/webjobs-sdk-get-started/queue-msg-program-cs.png)
+
+1. A copy of the file, *copy-Program.cs*, will appear in the blob container.
## Next steps
azure-functions Durable Functions Create First Csharp https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-functions/durable/durable-functions-create-first-csharp.md
You have used Visual Studio Code to create and publish a C# durable function app
::: zone pivot="code-editor-visualstudio"
-In this article, you learn how to use Visual Studio 2019 to locally create and test a "hello world" durable function. This function orchestrates and chains-together calls to other functions. You then publish the function code to Azure. These tools are available as part of the Azure development workload in Visual Studio 2019.
+In this article, you learn how to use Visual Studio 2022 to locally create and test a "hello world" durable function. This function orchestrates and chains-together calls to other functions. You then publish the function code to Azure. These tools are available as part of the Azure development workload in Visual Studio 2022.
![Screenshot shows a Visual Studio 2019 window with a durable function.](./media/durable-functions-create-first-csharp/functions-vs-complete.png)
In this article, you learn how to use Visual Studio 2019 to locally create and t
To complete this tutorial:
-* Install [Visual Studio 2019](https://visualstudio.microsoft.com/vs/). Make sure that the **Azure development** workload is also installed. Visual Studio 2017 also supports Durable Functions development, but the UI and steps differ.
+* Install [Visual Studio 2022](https://visualstudio.microsoft.com/vs/). Make sure that the **Azure development** workload is also installed. Visual Studio 2019 also supports Durable Functions development, but the UI and steps differ.
* Verify you have the [Azure Storage Emulator](../../storage/common/storage-use-emulator.md) installed and running.
The Azure Functions template creates a project that can be published to a functi
1. Type a **Project name** for your project, and select **OK**. The project name must be valid as a C# namespace, so don't use underscores, hyphens, or any other nonalphanumeric characters.
-1. In **Create a new Azure Functions Application**, use the settings specified in the table that follows the image.
+1. Under **Additional information**, use the settings specified in the table that follows the image.
![Create a new Azure Functions Application dialog in Visual Studio](./media/durable-functions-create-first-csharp/functions-vs-new-function.png) | Setting | Suggested value | Description | | | - |-- |
- | **Version** | Azure Functions 3.0 <br />(.NET Core) | Creates a function project that uses the version 3.0 runtime of Azure Functions, which supports .NET Core 3.1. For more information, see [How to target Azure Functions runtime version](../functions-versions.md). |
- | **Template** | Empty | Creates an empty function app. |
+ | **Functions worker** | .NET 6 | Creates a function project that supports .NET 6 and the Azure Functions Runtime 4.0. For more information, see [How to target Azure Functions runtime version](../functions-versions.md). |
+ | **Function** | Empty | Creates an empty function app. |
| **Storage account** | Storage Emulator | A storage account is required for durable function state management. | 4. Select **Create** to create an empty function project. This project has the basic configuration files needed to run your functions.
The following steps use a template to create the durable function code in your p
1. Verify **Azure Function** is selected from the add menu, type a name for your C# file, and then select **Add**.
-1. Select the **Durable Functions Orchestration** template and then select **Ok**
+1. Select the **Durable Functions Orchestration** template and then select **Add**.
![Select durable template](./media/durable-functions-create-first-csharp/functions-vs-select-template.png)
Azure Functions Core Tools lets you run an Azure Functions project on your local
```json {
+ "name": "Durable",
"instanceId": "d495cb0ac10d4e13b22729c37e335190", "runtimeStatus": "Completed", "input": null,
azure-functions Functions Bindings Azure Sql Input https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-functions/functions-bindings-azure-sql-input.md
The following table explains the binding configuration properties that you set i
|**direction** | Required. Must be set to `in`. | |**name** | Required. The name of the variable that represents the query results in function code. | | **commandText** | Required. The Transact-SQL query command or name of the stored procedure executed by the binding. |
-| **connectionStringSetting** | Required. The name of an app setting that contains the connection string for the database against which the query or stored procedure is being executed. This value isn't the actual connection string and must instead resolve to an environment variable name. |
+| **connectionStringSetting** | Required. The name of an app setting that contains the connection string for the database against which the query or stored procedure is being executed. This value isn't the actual connection string and must instead resolve to an environment variable name. Optional keywords in the connection string value are [available to refine SQL bindings connectivity](./functions-bindings-azure-sql.md#sql-connection-string). |
| **commandType** | Required. A [CommandType](/dotnet/api/system.data.commandtype) value, which is [Text](/dotnet/api/system.data.commandtype#fields) for a query and [StoredProcedure](/dotnet/api/system.data.commandtype#fields) for a stored procedure. | | **parameters** | Optional. Zero or more parameter values passed to the command during execution as a single string. Must follow the format `@param1=param1,@param2=param2`. Neither the parameter name nor the parameter value can contain a comma (`,`) or an equals sign (`=`). | ::: zone-end
The following table explains the binding configuration properties that you set i
::: zone pivot="programming-language-csharp,programming-language-javascript,programming-language-python"
-The attribute's constructor takes the SQL command text, the command type, parameters, and the connection string setting name. The command can be a Transact-SQL (T-SQL) query with the command type `System.Data.CommandType.Text` or stored procedure name with the command type `System.Data.CommandType.StoredProcedure`. The connection string setting name corresponds to the application setting (in `local.settings.json` for local development) that contains the [connection string](/dotnet/api/microsoft.data.sqlclient.sqlconnection.connectionstring?view=sqlclient-dotnet-core-3.0&preserve-view=true#Microsoft_Data_SqlClient_SqlConnection_ConnectionString) to the Azure SQL or SQL Server instance.
+The attribute's constructor takes the SQL command text, the command type, parameters, and the connection string setting name. The command can be a Transact-SQL (T-SQL) query with the command type `System.Data.CommandType.Text` or stored procedure name with the command type `System.Data.CommandType.StoredProcedure`. The connection string setting name corresponds to the application setting (in `local.settings.json` for local development) that contains the [connection string](/dotnet/api/microsoft.data.sqlclient.sqlconnection.connectionstring?view=sqlclient-dotnet-core-3.1&preserve-view=true#Microsoft_Data_SqlClient_SqlConnection_ConnectionString) to the Azure SQL or SQL Server instance.
::: zone-end
azure-functions Functions Bindings Azure Sql Output https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-functions/functions-bindings-azure-sql-output.md
The following table explains the binding configuration properties that you set i
|**direction** | Required. Must be set to `out`. | |**name** | Required. The name of the variable that represents the entity in function code. | | **commandText** | Required. The name of the table being written to by the binding. |
-| **connectionStringSetting** | Required. The name of an app setting that contains the connection string for the database to which data is being written. This isn't the actual connection string and must instead resolve to an environment variable.|
+| **connectionStringSetting** | Required. The name of an app setting that contains the connection string for the database to which data is being written. This isn't the actual connection string and must instead resolve to an environment variable. Optional keywords in the connection string value are [available to refine SQL bindings connectivity](./functions-bindings-azure-sql.md#sql-connection-string). |
::: zone-end
The following table explains the binding configuration properties that you set i
## Usage ::: zone pivot="programming-language-csharp,programming-language-javascript,programming-language-python"
-The `CommandText` property is the name of the table where the data is to be stored. The connection string setting name corresponds to the application setting that contains the [connection string](/dotnet/api/microsoft.data.sqlclient.sqlconnection.connectionstring?view=sqlclient-dotnet-core-3.0&preserve-view=true#Microsoft_Data_SqlClient_SqlConnection_ConnectionString) to the Azure SQL or SQL Server instance.
+The `CommandText` property is the name of the table where the data is to be stored. The connection string setting name corresponds to the application setting that contains the [connection string](/dotnet/api/microsoft.data.sqlclient.sqlconnection.connectionstring?view=sqlclient-dotnet-core-3.1&preserve-view=true#Microsoft_Data_SqlClient_SqlConnection_ConnectionString) to the Azure SQL or SQL Server instance.
::: zone-end
azure-functions Functions Bindings Azure Sql https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-functions/functions-bindings-azure-sql.md
Support for Python durable functions with SQL bindings isn't yet available.
::: zone-end
+## SQL connection string
+
+Azure SQL bindings for Azure Functions have a required property for connection string on both [input](./functions-bindings-azure-sql-input.md) and [output](./functions-bindings-azure-sql-output.md) bindings. SQL bindings passes the connection string to the Microsoft.Data.SqlClient library and supports the connection string as defined in the [SqlClient ConnectionString documentation](/dotnet/api/microsoft.data.sqlclient.sqlconnection.connectionstring?view=sqlclient-dotnet-core-3.1&preserve-view=true). Notable keywords include:
+
+- `Authentication` allows a function to connect to Azure SQL with Azure Active Directory, including [Active Directory Managed Identity](./functions-identity-access-azure-sql-with-managed-identity.md)
+- `Command Timeout` allows a function to wait for specified amount of time in seconds before terminating a query (default 30 seconds)
+- `ConnectRetryCount` allows a function to automatically make additional reconnection attempts, especially applicable to Azure SQL Database serverless tier (default 1)
++ ## Considerations - Because the Azure SQL bindings doesn't have a trigger, you need to use another supported trigger to start a function that reads from or writes to an Azure SQL database.
azure-functions Functions Create Your First Function Visual Studio https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-functions/functions-create-your-first-function-visual-studio.md
The Azure Functions project template in Visual Studio creates a C# class library
1. In **Configure your new project**, enter a **Project name** for your project, and then select **Create**. The function app name must be valid as a C# namespace, so don't use underscores, hyphens, or any other nonalphanumeric characters.
-1. For the **Create a new Azure Functions application** settings, use the values in the following table:
+1. For the **Additional information** settings, use the values in the following table:
| Setting | Value | Description | | | - |-- |
- | **.NET version** | **.NET 6** | This value creates a function project that runs in-process with version 4.x of the Azure Functions runtime. You can also choose **.NET 6 (isolated)** to create a project that runs in a separate worker process. Azure Functions 1.x supports the .NET Framework. For more information, see [Azure Functions runtime versions overview](./functions-versions.md). |
- | **Function template** | **HTTP trigger** | This value creates a function triggered by an HTTP request. |
- | **Storage account (AzureWebJobsStorage)** | **Storage emulator** | Because a function app in Azure requires a storage account, one is assigned or created when you publish your project to Azure. An HTTP trigger doesn't use an Azure Storage account connection string; all other trigger types require a valid Azure Storage account connection string. When you select this option, the Azurite emulator is used. |
+ | **Functions worker** | **.NET 6** or **.NET 6 Isolated** | When you choose **.NET 6**, you create a project that runs in-process with version 4.x of the Azure Functions runtime. When you choose **.NET 6 Isolated**, you create a project that runs in a separate worker process. Azure Functions 1.x supports the .NET Framework. For more information, see [Azure Functions runtime versions overview](./functions-versions.md). |
+ | **Function** | **HTTP trigger** | This value creates a function triggered by an HTTP request. |
+ | **Use Azurite for runtime storage account (AzureWebJobsStorage)** | Enable | Because a function app in Azure requires a storage account, one is assigned or created when you publish your project to Azure. An HTTP trigger doesn't use an Azure Storage account connection string; all other trigger types require a valid Azure Storage account connection string. When you select this option, the Azurite emulator is used. |
| **Authorization level** | **Anonymous** | The created function can be triggered by any client without providing a key. This authorization setting makes it easy to test your new function. For more information about keys and authorization, see [Authorization keys](./functions-bindings-http-webhook-trigger.md#authorization-keys) and [HTTP and webhook bindings](./functions-bindings-http-webhook.md). | :::image type="content" source="../../includes/media/functions-vs-tools-create/functions-project-settings-v4.png" alt-text="Azure Functions project settings"::: Make sure you set the **Authorization level** to **Anonymous**. If you choose the default level of **Function**, you're required to present the [function key](./functions-bindings-http-webhook-trigger.md#authorization-keys) in requests to access your function endpoint.
-1. Select **Create** to create the function project and HTTP trigger function.
+2. Select **Create** to create the function project and HTTP trigger function.
Visual Studio creates a project and class that contains boilerplate code for the HTTP trigger function type. The boilerplate code sends an HTTP response that includes a value from the request body or query string. The `HttpTrigger` attribute specifies that the function is triggered by an HTTP request.
azure-functions Functions Develop Vs https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-functions/functions-develop-vs.md
Title: Develop Azure Functions using Visual Studio
-description: Learn how to develop and test Azure Functions by using Azure Functions Tools for Visual Studio 2019.
+description: Learn how to develop and test Azure Functions by using Azure Functions Tools for Visual Studio 2022.
ms.devlang: csharp
Visual Studio provides the following benefits when you develop your functions:
This article provides details about how to use Visual Studio to develop C# class library functions and publish them to Azure. Before you read this article, consider completing the [Functions quickstart for Visual Studio](functions-create-your-first-function-visual-studio.md).
-Unless otherwise noted, procedures and examples shown are for Visual Studio 2019.
+Unless otherwise noted, procedures and examples shown are for Visual Studio 2022.
## Prerequisites -- Azure Functions Tools. To add Azure Function Tools, include the **Azure development** workload in your Visual Studio installation. Azure Functions Tools is available in the Azure development workload starting with Visual Studio 2017.
+- Azure Functions Tools. To add Azure Function Tools, include the **Azure development** workload in your Visual Studio installation. If you are using Visual Studio 2017, you may need to [follow some additional installation steps](#azure-functions-tools-with-visual-studio-2017).
- Other resources that you need, such as an Azure Storage account, are created in your subscription during the publishing process. - [!INCLUDE [quickstarts-free-trial-note](../../includes/quickstarts-free-trial-note.md)]
-> [!NOTE]
-> In Visual Studio 2017, the Azure development workload installs Azure Functions Tools as a separate extension. When you update your Visual Studio 2017 installation, make sure that you're using the [most recent version](#check-your-tools-version) of the Azure Functions Tools. The following sections show you how to check and (if needed) update your Azure Functions Tools extension in Visual Studio 2017.
->
-> Skip these sections if you're using Visual Studio 2019.
-
-### <a name="check-your-tools-version"></a>Check your tools version in Visual Studio 2017
-
-1. From the **Tools** menu, choose **Extensions and Updates**. Expand **Installed** > **Tools**, and then choose **Azure Functions and Web Jobs Tools**.
-
- ![Verify the Functions tools version](./media/functions-develop-vs/functions-vstools-check-functions-tools.png)
-
-1. Note the installed **Version** and compare this version with the latest version listed in the [release notes](https://github.com/Azure/Azure-Functions/blob/master/VS-AzureTools-ReleaseNotes.md).
-
-1. If your version is older, update your tools in Visual Studio as shown in the following section.
-
-### Update your tools in Visual Studio 2017
-
-1. In the **Extensions and Updates** dialog, expand **Updates** > **Visual Studio Marketplace**, choose **Azure Functions and Web Jobs Tools** and select **Update**.
-
- ![Update the Functions tools version](./media/functions-develop-vs/functions-vstools-update-functions-tools.png)
-
-1. After the tools update is downloaded, select **Close**, and then close Visual Studio to trigger the tools update with VSIX Installer.
-
-1. In VSIX Installer, choose **Modify** to update the tools.
-
-1. After the update is complete, choose **Close**, and then restart Visual Studio.
-
-> [!NOTE]
-> In Visual Studio 2019 and later, the Azure Functions tools extension is updated as part of Visual Studio.
- ## Create an Azure Functions project [!INCLUDE [Create a project using the Azure Functions](../../includes/functions-vstools-create.md)]
After you create an Azure Functions project, the project template creates a C# p
* **local.settings.json**: Maintains settings used when running functions locally. These settings aren't used when running in Azure. For more information, see [Local settings file](#local-settings). >[!IMPORTANT]
- >Because the local.settings.json file can contain secrets, you must exclude it from your project source control. Ensure the **Copy to Output Directory** setting for this file is set to **Copy if newer**.
+ >Because the local.settings.json file can contain secrets, you must exclude it from your project source control. Make sure the **Copy to Output Directory** setting for this file is set to **Copy if newer**.
For more information, see [Functions class library project](functions-dotnet-class-library.md#functions-class-library-project).
The Functions runtime uses an Azure Storage account internally. For all trigger
To set the storage account connection string:
-1. In Visual Studio, select **View** > **Cloud Explorer**.
+1. In the Azure portal, navigate to your storage account.
-2. In **Cloud Explorer**, expand **Storage Accounts**, and then select your storage account. In the **Properties** tab, copy the **Primary Connection String** value.
+2. In the **Access keys** tab, below **Security + networking**, copy the **Connection string** of **key1**.
2. In your project, open the local.settings.json file and set the value of the `AzureWebJobsStorage` key to the connection string you copied.
In C# class library functions, the bindings used by the function are defined by
2. Select **Azure Function**, enter a **Name** for the class, and then select **Add**.
-3. Choose your trigger, set the binding properties, and then select **OK**. The following example shows the settings for creating a Queue storage trigger function.
+3. Choose your trigger, set the binding properties, and then select **Add**. The following example shows the settings for creating a Queue storage trigger function.
![Create a Queue storage trigger function](./media/functions-develop-vs/functions-vstools-create-queuetrigger.png)
- This trigger example uses a connection string with a key named `QueueStorage`. Define this connection string setting in the [local.settings.json file](functions-develop-local.md#local-settings-file).
+ You will then be prompted to choose between two Azure storage emulators or referencing a provisioned Azure storage account.
+
+ This trigger example uses a connection string with a key named `QueueStorage`. This key, stored in the [local.settings.json file](functions-develop-local.md#local-settings-file), either references the Azure storage emulators or an Azure storage account.
4. Examine the newly added class. You see a static `Run()` method that's attributed with the `FunctionName` attribute. This attribute indicates that the method is the entry point for the function.
Use the following steps to publish your project to a function app in Azure.
Visual Studio doesn't upload these settings automatically when you publish the project. Any settings you add in the local.settings.json you must also add to the function app in Azure.
-The easiest way to upload the required settings to your function app in Azure is to select the **Manage Azure App Service settings** link that appears after you successfully publish your project.
+The easiest way to upload the required settings to your function app in Azure is to expand the three dots next to the **Hosting** section and select the **Manage Azure App Service settings** link that appears after you successfully publish your project.
:::image type="content" source="./media/functions-develop-vs/functions-vstools-app-settings.png" alt-text="Settings in Publish window":::
To set up your environment, create a function and test the app. The following st
1. [Create a new Functions app](functions-get-started.md) and name it **Functions** 2. [Create an HTTP function from the template](functions-get-started.md) and name it **MyHttpTrigger**. 3. [Create a timer function from the template](functions-create-scheduled-function.md) and name it **MyTimerTrigger**.
-4. [Create an xUnit Test app](https://xunit.net/docs/getting-started/netcore/cmdline) in the solution and name it **Functions.Tests**.
+4. [Create an xUnit Test app](https://xunit.net/docs/getting-started/netcore/cmdline) in the solution and name it **Functions.Tests**. Remove the default test files.
5. Use NuGet to add a reference from the test app to [Microsoft.AspNetCore.Mvc](https://www.nuget.org/packages/Microsoft.AspNetCore.Mvc/) 6. [Reference the *Functions* app](/visualstudio/ide/managing-references-in-a-project) from *Functions.Tests* app.
namespace Functions.Tests
public void Timer_should_log_message() { var logger = (ListLogger)TestFactory.CreateLogger(LoggerTypes.List);
- MyTimerTrigger.Run(null, logger);
+ new MyTimerTrigger().Run(null, logger);
var msg = logger.Logs[0]; Assert.Contains("C# Timer trigger function executed at", msg); }
The members implemented in this class are:
- **Http_trigger_should_return_string_from_member_data**: This test uses xUnit attributes to provide sample data to the HTTP function. -- **Timer_should_log_message**: This test creates an instance of `ListLogger` and passes it to a timer function. Once the function is run, then the log is checked to ensure the expected message is present.
+- **Timer_should_log_message**: This test creates an instance of `ListLogger` and passes it to a timer function. Once the function is run, then the log is checked to make sure the expected message is present.
If you want to access application settings in your tests, you can [inject](functions-dotnet-dependency-injection.md) an `IConfiguration` instance with mocked environment variable values into your function. ### Run tests
-To run the tests, navigate to the **Test Explorer** and select **Run all**.
+To run the tests, navigate to the **Test Explorer** and select **Run All Tests in View**.
![Testing Azure Functions with C# in Visual Studio](./media/functions-test-a-function/azure-functions-test-visual-studio-xunit.png)
To run the tests, navigate to the **Test Explorer** and select **Run all**.
To debug the tests, set a breakpoint on a test, navigate to the **Test Explorer** and select **Run > Debug Last Run**.
+## Azure Functions tools with Visual Studio 2017
+
+Azure Functions Tools is available in the Azure development workload starting with Visual Studio 2017. In Visual Studio 2017, the Azure development workload installs Azure Functions Tools as a separate extension. In Visual Studio 2019 and later, the Azure Functions tools extension is updated as part of Visual Studio.
+
+When you update your Visual Studio 2017 installation, make sure that you're using the [most recent version](#check-your-tools-version) of the Azure Functions Tools. The following sections show you how to check and (if needed) update your Azure Functions Tools extension in Visual Studio 2017.
+
+### <a name="check-your-tools-version"></a>Check your tools version in Visual Studio 2017
+
+1. From the **Tools** menu, choose **Extensions and Updates**. Expand **Installed** > **Tools**, and then choose **Azure Functions and Web Jobs Tools**.
+
+ ![Verify the Functions tools version](./media/functions-develop-vs/functions-vstools-check-functions-tools.png)
+
+1. Note the installed **Version** and compare this version with the latest version listed in the [release notes](https://github.com/Azure/Azure-Functions/blob/master/VS-AzureTools-ReleaseNotes.md).
+
+1. If your version is older, update your tools in Visual Studio as shown in the following section.
+
+### Update your tools in Visual Studio 2017
+
+1. In the **Extensions and Updates** dialog, expand **Updates** > **Visual Studio Marketplace**, choose **Azure Functions and Web Jobs Tools** and select **Update**.
+
+ ![Update the Functions tools version](./media/functions-develop-vs/functions-vstools-update-functions-tools.png)
+
+1. After the tools update is downloaded, select **Close**, and then close Visual Studio to trigger the tools update with VSIX Installer.
+
+1. In VSIX Installer, choose **Modify** to update the tools.
+
+1. After the update is complete, choose **Close**, and then restart Visual Studio.
## Next steps
azure-functions Functions Scenario Database Table Cleanup https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-functions/functions-scenario-database-table-cleanup.md
You must have previously published your app to Azure. If you haven't already don
You need to add the NuGet package that contains the SqlClient library. This data access library is needed to connect to SQL Database.
-1. Open your local function app project in Visual Studio 2019.
+1. Open your local function app project in Visual Studio 2022.
1. In Solution Explorer, right-click the function app project and choose **Manage NuGet Packages**. 1. On the **Browse** tab, search for ```System.Data.SqlClient``` and, when found, select it.
-1. In the **System.Data.SqlClient** page, select version `4.5.1` and then click **Install**.
+1. In the **System.Data.SqlClient** page, select version `4.8.3` and then click **Install**.
1. When the install completes, review the changes and then click **OK** to close the **Preview** window.
Now, you can add the C# function code that connects to your SQL Database.
1. With the **Azure Functions** template selected, name the new item something like `DatabaseCleanup.cs` and select **Add**.
-1. In the **New Azure function** dialog box, choose **Timer trigger** and then **OK**. This dialog creates a code file for the timer triggered function.
+1. In the **New Azure function** dialog box, choose **Timer trigger** and then **Add**. This dialog creates a code file for the timer triggered function.
1. Open the new code file and add the following using statements at the top of the file:
Now, you can add the C# function code that connects to your SQL Database.
On the first execution, you should update 32 rows of data. Following runs update no data rows, unless you make changes to the SalesOrderHeader table data so that more rows are selected by the `UPDATE` statement.
-If you plan to [publish this function](functions-develop-vs.md#publish-to-azure), remember to change the `TimerTrigger` attribute to a more reasonable [cron schedule](functions-bindings-timer.md#ncrontab-expressions) than every 15 seconds.
+If you plan to [publish this function](functions-develop-vs.md#publish-to-azure), remember to change the `TimerTrigger` attribute to a more reasonable [cron schedule](functions-bindings-timer.md#ncrontab-expressions) than every 15 seconds. Also, you need to ensure that the Function Apps instance has network access to the Azure SQL Database instance by granting access to Azure IP addresses.
## Next steps
azure-functions Openapi Apim Integrate Visual Studio https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-functions/openapi-apim-integrate-visual-studio.md
In this tutorial, you learn how to:
The serverless function you create provides an API that lets you determine whether an emergency repair on a wind turbine is cost-effective. Because both the function app and API Management instance you create use consumption plans, your cost for completing this tutorial is minimal. > [!NOTE]
-> The OpenAPI and API Management integration featured in this article is currently in preview. This method for exposing a serverless API is only supported for C# class library (.NET Core 3.1) functions. All other language runtimes should instead [use Azure API Management integration from the portal](functions-openapi-definition.md).
+> The OpenAPI and API Management integration featured in this article is currently in preview. This method for exposing a serverless API is only supported for [in-process](functions-dotnet-class-library.md) C# class library functions. [Isolated process](dotnet-isolated-process-guide.md) C# class library functions and all other language runtimes should instead [use Azure API Management integration from the portal](functions-openapi-definition.md).
## Prerequisites
-+ [Visual Studio 2019](https://azure.microsoft.com/downloads/), version 16.10, or a later version. Make sure you select the **Azure development** workload during installation.
++ [Visual Studio 2022](https://azure.microsoft.com/downloads/). Make sure you select the **Azure development** workload during installation. + An active [Azure subscription](../guides/developer/azure-developer-guide.md#understanding-accounts-subscriptions-and-billing), create a [free account](https://azure.microsoft.com/free/dotnet/) before you begin.
The Azure Functions project template in Visual Studio creates a project that you
| Setting | Value | Description | | | - |-- |
- | **.NET version** | **.NET Core 3 (LTS)** | This value creates a function project that uses the version 3.x runtime of Azure Functions. OpenAPI file generation is only supported for version 3.x of the Functions runtime. |
+ | **Functions worker** | **.NET 6** | This value creates a function project that runs in-process on version 4.x of the Azure Functions runtime. OpenAPI file generation is only supported for versions 3.x and 4.x of the Functions runtime, and isolated process isn't supported. |
| **Function template** | **HTTP trigger with OpenAPI** | This value creates a function triggered by an HTTP request, with the ability to generate an OpenAPI definition file. |
- | **Storage account (AzureWebJobsStorage)** | **Storage emulator** | You can use the emulator for local development of HTTP trigger functions. Because a function app in Azure requires a storage account, one is assigned or created when you publish your project to Azure. |
+ | **Use Azurite for runtime storage account (AzureWebJobsStorage)** | **Selected** | You can use the emulator for local development of HTTP trigger functions. Because a function app in Azure requires a storage account, one is assigned or created when you publish your project to Azure. |
| **Authorization level** | **Function** | When running in Azure, clients must provide a key when accessing the endpoint. For more information about keys and authorization, see [function access keys](functions-bindings-http-webhook-trigger.md#authorization-keys). | ![Azure Functions project settings](./media/openapi-apim-integrate-vs/functions-project-settings.png)
Before you can publish your project, you must have a function app in your Azure
1. In the **Publish** tab, select the ellipses (**...**) next to **Hosting** and select **Open API in Azure portal**. The API Management instance you created is opened in the Azure portal in your default browser. This API Management instance is already linked to your function app.
-1. Under **APIs**, select **Azure Functions OpenAPI Extension** > **Test** > **POST Run**, then under **Inbound policy** select **Add policy**.
+1. Under **APIs**, select **OpenAPI Document on Azure Functions** > **POST Run**, then under **Inbound processing** select **Add policy**.
:::image type="content" source="media/openapi-apim-integrate-vs/apim-add-policy.png" alt-text="Add an inbound policy to the API":::
-1. In **Add inbound policy**, choose **Set query parameters**, type `code` for **Name**, select **+Value**, paste in the copied function key, and select **Save**. API Management includes the function key when it passes call through to the function endpoint.
+1. Below **Inbound processing**, in **Set query parameters**, type `code` for **Name**, select **+Value**, paste in the copied function key, and select **Save**. API Management includes the function key when it passes calls through to the function endpoint.
+
+ :::image type="content" source="media/openapi-apim-integrate-vs/inbound-processing-rule.png" alt-text="Provide Function credentials to the API inbound processing rule":::
Now that the function key is set, you can call the API to verify that it works when hosted in Azure.
Now that the function key is set, you can call the API to verify that it works w
If your API works as expected, you can download the OpenAPI definition.
-1. 1. Under **APIs**, select **Azure Functions OpenAPI Extension**, select the ellipses (**...**), and select **Export**.
+1. 1. Under **APIs**, select **OpenAPI Document on Azure Functions**, select the ellipses (**...**), and select **Export**.
![Download OpenAPI definition](media/openapi-apim-integrate-vs/download-definition.png)
Select **Delete resource group**, type the name of your group in the text box to
## Next steps
-You've used Visual Studio 2019 to create a function that is self-documenting because of the [OpenAPI Extension](https://github.com/Azure/azure-functions-openapi-extension) and integrated with API Management. You can now refine the definition in API Management in the portal. You can also [learn more about API Management](../api-management/api-management-key-concepts.md).
+You've used Visual Studio 2022 to create a function that is self-documenting because of the [OpenAPI Extension](https://github.com/Azure/azure-functions-openapi-extension) and integrated with API Management. You can now refine the definition in API Management in the portal. You can also [learn more about API Management](../api-management/api-management-key-concepts.md).
> [!div class="nextstepaction"] > [Edit the OpenAPI definition in API Management](../api-management/edit-api.md)
azure-government Documentation Government Stig Linux Vm https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-government/documentation-government-stig-linux-vm.md
Title: Deploy STIG-compliant Linux Virtual Machines (Preview)
-description: This quickstart shows you how to deploy a STIG-compliant Linux VM (Preview) from Azure Marketplace
+description: This quickstart shows you how to deploy a STIG-compliant Linux VM (Preview) from the Azure portal or Azure Government portal.
Last updated 06/14/2021-+ # Deploy STIG-compliant Linux Virtual Machines (Preview)
azure-government Documentation Government Stig Windows Vm https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-government/documentation-government-stig-windows-vm.md
Title: Deploy STIG-compliant Windows Virtual Machines (Preview)
-description: This quickstart shows you how to deploy a STIG-compliant Windows VM (Preview) from Azure Marketplace
+description: This quickstart shows you how to deploy a STIG-compliant Windows VM (Preview) from the Azure portal or Azure Government portal.
Last updated 06/14/2021-+ # Deploy STIG-compliant Windows Virtual Machines (Preview)
azure-monitor Agents Overview https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/agents/agents-overview.md
The following tables list the operating systems that are supported by the Azure
<sup>2</sup> Using the Azure Monitor agent [client installer (preview)](./azure-monitor-agent-windows-client.md) ### Linux
+> [!NOTE]
+> For Dependency Agent, please additionally check for supported kernel versions. See "Dependency agent Linux kernel support" table below for details
++ | Operating system | Azure Monitor agent <sup>1</sup> | Log Analytics agent <sup>1</sup> | Dependency agent | Diagnostics extension <sup>2</sup>| |:|::|::|::|:: | AlmaLinux | X | | | |
The following tables list the operating systems that are supported by the Azure
| SUSE Linux Enterprise Server 12 SP5 | X | X | X | X | | SUSE Linux Enterprise Server 12 | X | X | X | X | | Ubuntu 22.04 LTS | X | | | |
-| Ubuntu 20.04 LTS | X | X | X | X |
+| Ubuntu 20.04 LTS | X | X | X | X <sup>4</sup> |
| Ubuntu 18.04 LTS | X | X | X | X | | Ubuntu 16.04 LTS | X | X | X | X | | Ubuntu 14.04 LTS | | X | | X |
The following tables list the operating systems that are supported by the Azure
<sup>3</sup> Known issue collecting Syslog events in versions prior to 1.9.0.
+<sup>4</sup> Not all kernel versions are supported, check supported kernel versions below.
+ #### Dependency agent Linux kernel support Since the Dependency agent works at the kernel level, support is also dependent on the kernel version. As of Dependency agent version 9.10.* the agent supports * kernels. The following table lists the major and minor Linux OS release and supported kernel versions for the Dependency agent.
azure-monitor Alerts Managing Alert States https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/alerts/alerts-managing-alert-states.md
- Title: Manage alert and smart group states
-description: Managing the states of the alert and smart group instances
-- Previously updated : 2/23/2022---
-# Manage alert and smart group states
-
-Alerts in Azure Monitor now have an [alert state and a monitor condition](./alerts-overview.md) and, similarly, Smart Groups have a [smart group state](./alerts-smartgroups-overview.md?toc=%2fazure%2fazure-monitor%2ftoc.json). Changes to the state are now captured in history associated with the respective alert or smart group. This article walks you through the process of changing the state, for both an alert and a smart group.
-
-## Change the state of an alert
-
-1. You can change the state of an alert in the following different ways:
- * In the All Alerts page, click the checkbox next to the alerts you wish to change the state of, and click change state.
- ![Screenshot shows the All Alerts page with Change state selected.](./media/alerts-managing-alert-states/state-all-alerts.jpg)
- * In the Alert Details page for a particular alert instance, you can click change state
- ![Screenshot shows the Alert Details page with Change alert state selected.](./media/alerts-managing-alert-states/state-alert-details.jpg)
- * In the Alert Details page for a specific alert instance, in the Smart Group pane you can click the checkbox next to the alerts you wish
- ![Screenshot shows the Alert Details page for the heartbeat alert with some instances having check marks.](./media/alerts-managing-alert-states/state-alert-details-sg.jpg)
-
- * In the Smart Group Details page, in the list of member alerts you can click the checkbox next to the alerts you wish to change the state of and click Change Stateto change the state of and click Change State.
- ![Screenshot shows the Smart Group Details page where you can select alerts for which to change state.](./media/alerts-managing-alert-states/state-sg-details-alerts.jpg)
-1. On clicking Change State, a popup opens up allowing you to select the state (New/Acknowledged/Closed) and enter a comment if necessary.
-![Screenshot shows the Details Change alert dialog box.](./media/alerts-managing-alert-states/state-alert-change.jpg)
-1. Once this is done, the state change is recorded in the history of the respective alert. This can be viewed by opening the respective Details page, and checking the history section.
-![Screenshot shows the history of state changes.](./media/alerts-managing-alert-states/state-alert-history.jpg)
-
-## Change the state of a smart group
-1. You can change the state of a smart group in the following different ways:
- 1. In the Smart Group list page, you can click the checkbox next to the smart groups you wish to change the state of and click Change State
- ![Screenshot shows the Change State page for Smart Groups.](./media/alerts-managing-alert-states/state-sg-list.jpg)
- 1. In the Smart Group Details page, you can click change state
- ![Screenshot shows the Smart Group Details page with Change smart group state selected.](./media/alerts-managing-alert-states/state-sg-details.jpg)
-1. On clicking Change State, a popup opens up allowing you to select the state (New/Acknowledged/Closed) and enter a comment if necessary.
-![Screenshot shows the Change state dialog box for the smart group.](./media/alerts-managing-alert-states/state-sg-change.jpg)
- > [!NOTE]
- > Changing the state of a smart group does not change the state of the individual member alerts.
-
-1. Once this is done, the state change is recorded in the history of the respective smart group. This can be viewed by opening the respective Details page, and checking the history section.
-![Screenshot shows the history of changes for the smart group.](./media/alerts-managing-alert-states/state-sg-history.jpg)
azure-monitor Alerts Managing Smart Groups https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/alerts/alerts-managing-smart-groups.md
- Title: Manage smart groups (preview)
-description: Managing Smart Groups created over your alert instances
- Previously updated : 2/23/2022---
-# Manage smart groups (preview)
-
-[Smart groups (preview)](./alerts-smartgroups-overview.md?toc=%2fazure%2fazure-monitor%2ftoc.json) use machine learning algorithms to group together alerts on the basis of co-occurrence or similarity, so that the user can now manage smart groups instead of having to manage each alert individually. This article will walk you through how to access and use smart groups in Azure Monitor.
-
-1. To see the Smart Groups created for your alert instances you can either:
-
- 1. Click on **Smart Groups** from the **Alerts Summary** page.
- ![Screenshot shows the Alert Summary page with Smart groups highlighted.](./media/alerts-managing-smart-groups/sg-alerts-summary.jpg)
-
- 1. Click on Alerts by Smart Groups from the All Alerts page.
- ![Screenshot shows the All Alerts page with Alert by Smart Group highlighted.](./media/alerts-managing-smart-groups/sg-all-alerts.jpg)
-
-2. This takes you to the list view for all Smart Groups created over your alert instances. Instead of sifting through multiple alerts, you can now deal with the smart groups instead.
-![Screenshot shows the All Alerts page.](./media/alerts-managing-smart-groups/sg-list.jpg)
-
-3. Clicking on any Smart Group opens up the details page, where you can see the grouping reason, along with the member alerts. This aggregation allows you to deal with a singular smart group, instead of sifting through multiple alerts.
-![Screenshot shows the Details page.](./media/alerts-managing-smart-groups/sg-details.jpg)
azure-monitor Alerts Prepare Migration https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/alerts/alerts-prepare-migration.md
The following table is a reference to the programmatic interfaces for both class
| Deployment script type | Classic alerts | New metric alerts | | - | -- | -- | |REST API | [microsoft.insights/alertrules](/rest/api/monitor/alertrules) | [microsoft.insights/metricalerts](/rest/api/monitor/metricalerts) |
-|Azure CLI | [az monitor alert](/cli/azure/monitor/alert) | [az monitor metrics alert](/cli/azure/monitor/metrics/alert) |
+|Azure CLI | [az monitor alert](/cli/monitor/alert) | [az monitor metrics alert](/cli/azure/monitor/metrics/alert) |
|PowerShell | [Reference](/powershell/module/az.monitor/add-azmetricalertrule) | [Reference](/powershell/module/az.monitor/add-azmetricalertrulev2) | | Azure Resource Manager template | [For classic alerts](./alerts-enable-template.md)|[For new metric alerts](./alerts-metric-create-templates.md)|
If you're using a partner integration that's not listed here, confirm with the p
## Next steps - [How to use the migration tool](alerts-using-migration-tool.md)-- [Understand how the migration tool works](alerts-understand-migration.md)
+- [Understand how the migration tool works](alerts-understand-migration.md)
azure-monitor Alerts Smartgroups Overview https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/alerts/alerts-smartgroups-overview.md
- Title: Smart groups (preview)
-description: Smart Groups are aggregations of alerts that help you reduce alert noise
- Previously updated : 2/23/2022--
-# Smart groups (preview)
-
-A common challenge faced when dealing with alerts is sifting through the noise to find out what actually matters - smart groups are intended to be the solution to that problem.
-
-Smart groups are automatically created by using machine learning algorithms to combine related alerts that represent a single issue. When an alert is created, the algorithm adds it to a new smart group or an existing smart group based on information such as historical patterns, similar properties, and similar structure. For example, if % CPU on several virtual machines in a subscription simultaneously spikes leading to many individual alerts, and if such alerts have occurred together anytime in the past, these alerts will likely be grouped into a single Smart Group, suggesting a potential common root cause. This means that for someone troubleshooting alerts, smart groups not only allows them to reduce noise by managing related alerts as a single aggregated unit, it also guides them towards possible common root causes for their alerts.
-
-Currently, the algorithm only considers alerts from the same monitor service within a subscription. Smart groups can reduce up to 99% of alert noise through this consolidation. You can view the reason that alerts were included in a group in the smart group details page.
-
-You can view the details of smart groups and set the state similarly to how you can with alerts. Each alert is a member of one and only one smart group.
-
-## Smart group state
-
-Smart group state is a similar concept to the alert state, which allows you to manage the resolution process at the level of a smart group. Similar to the alert state, when a smart group is created, it has the **New** state, which can be changed to either **Acknowledged** or **Closed**.
-
-The following smart group states are supported.
-
-| State | Description |
-|:|:|
-| New | The issue has just been detected and has not yet been reviewed. |
-| Acknowledged | An administrator has reviewed the smart group and started working on it. |
-| Closed | The issue has been resolved. After a smart group has been closed, you can reopen it by changing it to another state. |
-
-[Learn how to change the state of your smart group.](./alerts-managing-alert-states.md?toc=%2fazure%2fazure-monitor%2ftoc.json)
-
-> [!NOTE]
-> Changing the state of a smart group does not change the state of the individual member alerts.
-
-## Smart group details page
-
-The Smart group detail page is displayed when you select a smart group. It provides details about the smart group, including the reasoning that was used to create the group, and enables you to change its state.
-
-![Smart group detail](media/alerts-smartgroups-overview/smart-group-detail.png)
--
-The smart group detail page includes the following sections.
-
-| Section | Description |
-|:|:|
-| Alerts | Lists the individual alerts that are included in the smart group. Select an alert to open its alert detail page. |
-| History | Lists each action taken by the smart group and any changes that are made to it. This is currently limited to state changes and alert membership changes. |
-
-## Smart group taxonomy
-
-The name of a smart group is the name of its first alert. You can't create or rename a smart group.
-
-## Next steps
--- [Manage smart groups](./alerts-managing-smart-groups.md?toc=%2fazure%2fazure-monitor%2ftoc.json)-- [Change your alert and smart group state](./alerts-managing-alert-states.md?toc=%2fazure%2fazure-monitor%2ftoc.json)
azure-monitor Correlation https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/app/correlation.md
The `operation_ParentId` field is in the format `<trace-id>.<parent-id>`, where
OpenCensus Python enables you to correlate logs by adding a trace ID, a span ID, and a sampling flag to log records. You add these attributes by installing OpenCensus [logging integration](https://pypi.org/project/opencensus-ext-logging/). The following attributes will be added to Python `LogRecord` objects: `traceId`, `spanId`, and `traceSampled`. (applicable only for loggers that are created after the integration)
+Install the OpenCensus logging integration:
+
+```console
+python -m pip install opencensus-ext-logging
+```
+ **Sample application** ```python
azure-monitor Opencensus Python https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/app/opencensus-python.md
OpenCensus.stats supports 4 aggregation methods but provides partial support for
main() ```
-1. The exporter sends metric data to Azure Monitor at a fixed interval. The default is every 15 seconds. We're tracking a single metric, so this metric data, with whatever value and time stamp it contains, is sent every interval. The value is cumulative, can only increase and resets to 0 on restart. You can find the data under `customMetrics`, but `customMetrics` properties valueCount, valueSum, valueMin, valueMax, and valueStdDev are not effectively used.
+1. The exporter sends metric data to Azure Monitor at a fixed interval. The default is every 15 seconds. To modify the export interval, pass in `export_interval` as a parameter in seconds to `new_metrics_exporter()`. We're tracking a single metric, so this metric data, with whatever value and time stamp it contains, is sent every interval. The value is cumulative, can only increase and resets to 0 on restart. You can find the data under `customMetrics`, but `customMetrics` properties valueCount, valueSum, valueMin, valueMax, and valueStdDev are not effectively used.
### Setting custom dimensions in metrics
azure-monitor Overview https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/overview.md
Just a few examples of what you can do with Azure Monitor include:
- Detect and diagnose issues across applications and dependencies with [Application Insights](app/app-insights-overview.md). - Correlate infrastructure issues with [VM insights](vm/vminsights-overview.md) and [Container insights](containers/container-insights-overview.md). - Drill into your monitoring data with [Log Analytics](logs/log-query-overview.md) for troubleshooting and deep diagnostics.-- Support operations at scale with [smart alerts](alerts/alerts-smartgroups-overview.md) and [automated actions](alerts/alerts-action-rules.md).
+- Support operations at scale with [automated actions](alerts/alerts-action-rules.md).
- Create visualizations with Azure [dashboards](visualize/tutorial-logs-dashboards.md) and [workbooks](visualize/workbooks-overview.md). - Collect data from [monitored resources](./monitor-reference.md) using [Azure Monitor Metrics](./essentials/data-platform-metrics.md). - Investigate change data for routine monitoring or for triaging incidents using [Change Analysis](./change/change-analysis.md).
azure-monitor Profiler Aspnetcore Linux https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/profiler/profiler-aspnetcore-linux.md
+
+ Title: Profile ASP.NET Core Azure Linux web apps with Application Insights Profiler | Microsoft Docs
+description: A conceptual overview and step-by-step tutorial on how to use Application Insights Profiler.
+
+ms.devlang: csharp
+ Last updated : 02/23/2018++
+# Profile ASP.NET Core Azure Linux web apps with Application Insights Profiler
+
+This feature is currently in preview.
+
+Find out how much time is spent in each method of your live web application when using [Application Insights](../app/app-insights-overview.md). Application Insights Profiler is now available for ASP.NET Core web apps that are hosted in Linux on Azure App Service. This guide provides step-by-step instructions on how the Profiler traces can be collected for ASP.NET Core Linux web apps.
+
+After you complete this walkthrough, your app can collect Profiler traces like the traces that are shown in the image. In this example, the Profiler trace indicates that a particular web request is slow because of time spent waiting. The *hot path* in the code that's slowing the app is marked by a flame icon. The **About** method in the **HomeController** section is slowing the web app because the method is calling the **Thread.Sleep** function.
+
+![Profiler traces](./media/profiler-aspnetcore-linux/profiler-traces.png)
+
+## Prerequisites
+The following instructions apply to all Windows, Linux, and Mac development environments:
+
+* Install the [.NET Core SDK 3.1 or later](https://dotnet.microsoft.com/download/dotnet).
+* Install Git by following the instructions at [Getting Started - Installing Git](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git).
+
+## Set up the project locally
+
+1. Open a Command Prompt window on your machine. The following instructions work for all Windows, Linux, and Mac development environments.
+
+1. Create an ASP.NET Core MVC web application:
+
+ ```console
+ dotnet new mvc -n LinuxProfilerTest
+ ```
+
+1. Change the working directory to the root folder for the project.
+
+1. Add the NuGet package to collect the Profiler traces:
+
+ ```console
+ dotnet add package Microsoft.ApplicationInsights.Profiler.AspNetCore
+ ```
+
+1. Enable Application Insights and Profiler in Startup.cs:
+
+ ```csharp
+ public void ConfigureServices(IServiceCollection services)
+ {
+ services.AddApplicationInsightsTelemetry(); // Add this line of code to enable Application Insights.
+ services.AddServiceProfiler(); // Add this line of code to Enable Profiler
+ services.AddControllersWithViews();
+ }
+ ```
+
+1. Add a line of code in the **HomeController.cs** section to randomly delay a few seconds:
+
+ ```csharp
+ using System.Threading;
+ ...
+
+ public IActionResult About()
+ {
+ Random r = new Random();
+ int delay = r.Next(5000, 10000);
+ Thread.Sleep(delay);
+ return View();
+ }
+ ```
+
+1. Save and commit your changes to the local repository:
+
+ ```console
+ git init
+ git add .
+ git commit -m "first commit"
+ ```
+
+## Create the Linux web app to host your project
+
+1. Create the web app environment by using App Service on Linux:
+
+ :::image type="content" source="./media/profiler-aspnetcore-linux/create-linux-app-service.png" alt-text="Create the Linux web app":::
+
+2. Create the deployment credentials:
+
+ > [!NOTE]
+ > Record your password to use later when deploying your web app.
+
+ ![Create the deployment credentials](./media/profiler-aspnetcore-linux/create-deployment-credentials.png)
+
+3. Choose the deployment options. Set up a local Git repository in the web app by following the instructions on the Azure portal. A Git repository is automatically created.
+
+ ![Set up the Git repository](./media/profiler-aspnetcore-linux/setup-git-repo.png)
+
+For more deployment options, see [App Service documentation](../../app-service/index.yml).
+
+## Deploy your project
+
+1. In your Command Prompt window, browse to the root folder for your project. Add a Git remote repository to point to the repository on App Service:
+
+ ```console
+ git remote add azure https://<username>@<app_name>.scm.azurewebsites.net:443/<app_name>.git
+ ```
+
+ * Use the **username** that you used to create the deployment credentials.
+ * Use the **app name** that you used to create the web app by using App Service on Linux.
+
+2. Deploy the project by pushing the changes to Azure:
+
+ ```console
+ git push azure main
+ ```
+
+ You should see output similar to the following example:
+
+ ```output
+ Counting objects: 9, done.
+ Delta compression using up to 8 threads.
+ Compressing objects: 100% (8/8), done.
+ Writing objects: 100% (9/9), 1.78 KiB | 911.00 KiB/s, done.
+ Total 9 (delta 3), reused 0 (delta 0)
+ remote: Updating branch 'main'.
+ remote: Updating submodules.
+ remote: Preparing deployment for commit id 'd7369a99d7'.
+ remote: Generating deployment script.
+ remote: Running deployment command...
+ remote: Handling ASP.NET Core Web Application deployment.
+ remote: ......
+ remote: Restoring packages for /home/site/repository/EventPipeExampleLinux.csproj...
+ remote: .
+ remote: Installing Newtonsoft.Json 10.0.3.
+ remote: Installing Microsoft.ApplicationInsights.Profiler.Core 1.1.0-LKG
+ ...
+ ```
+
+## Add Application Insights to monitor your web apps
+
+1. [Create an Application Insights resource](../app/create-new-resource.md).
+
+2. Copy the **iKey** value of the Application Insights resource and set the following settings in your web apps:
+
+ `APPINSIGHTS_INSTRUMENTATIONKEY: [YOUR_APPINSIGHTS_KEY]`
+
+ When the app settings are changed, the site automatically restarts. After the new settings are applied, the Profiler immediately runs for two minutes. The Profiler then runs for two minutes every hour.
+
+3. Generate some traffic to your website. You can generate traffic by refreshing the site **About** page a few times.
+
+4. Wait two to five minutes for the events to aggregate to Application Insights.
+
+5. Browse to the Application Insights **Performance** pane in the Azure portal. You can view the Profiler traces at the bottom right of the pane.
+
+ ![View Profiler traces](./media/profiler-aspnetcore-linux/view-traces.png)
+++
+## Next steps
+If you use custom containers that are hosted by Azure App Service, follow the instructions in [
+Enable Service Profiler for a containerized ASP.NET Core application](https://github.com/Microsoft/ApplicationInsights-Profiler-AspNetCore/tree/master/examples/EnableServiceProfilerForContainerApp) to enable Application Insights Profiler.
+
+Report any issues or suggestions to the Application Insights GitHub repository:
+[ApplicationInsights-Profiler-AspNetCore: Issues](https://github.com/Microsoft/ApplicationInsights-Profiler-AspNetCore/issues).
azure-monitor Profiler Azure Functions https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/profiler/profiler-azure-functions.md
+
+ Title: Profile Azure Functions app with Application Insights Profiler
+description: Enable Application Insights Profiler for Azure Functions app.
+
+ms.contributor: charles.weininger
+ Last updated : 05/03/2022++
+# Profile live Azure Functions app with Application Insights
+
+In this article, you'll use the Azure portal to:
+- View the current app settings for your Functions app.
+- Add two new app settings to enable Profiler on the Functions app.
+- Navigate to the Profiler for your Functions app to view data.
+
+> [!NOTE]
+> You can enable the Application Insights Profiler for Azure Functions apps on the **App Service** plan.
+
+## Pre-requisites
+
+- [An Azure Functions app](../../azure-functions/functions-create-function-app-portal.md). Verify your Functions app is on the **App Service** plan.
+
+ :::image type="content" source="./media/profiler-azure-functions/choose-plan.png" alt-text="Screenshot of where to select App Service plan from drop-down in Functions app creation.":::
++
+- Linked to [an Application Insights resource](../app/create-new-resource.md). Make note of the instrumentation key.
+
+## App settings for enabling Profiler
+
+|App Setting | Value |
+||-|
+|APPINSIGHTS_PROFILERFEATURE_VERSION | 1.0.0 |
+|DiagnosticServices_EXTENSION_VERSION | ~3 |
+
+## Add app settings to your Azure Functions app
+
+From your Functions app overview page in the Azure portal:
+
+1. Under **Settings**, select **Configuration**.
+
+ :::image type="content" source="./media/profiler-azure-functions/configuration-menu.png" alt-text="Screenshot of selecting Configuration from under the Settings section of the left side menu.":::
+
+1. In the **Application settings** tab, verify the `APPINSIGHTS_INSTRUMENTATIONKEY` setting is included in the settings list.
+
+ :::image type="content" source="./media/profiler-azure-functions/app-insights-key.png" alt-text="Screenshot showing the App Insights Instrumentation Key setting in the list.":::
+
+1. Select **New application setting**.
+
+ :::image type="content" source="./media/profiler-azure-functions/new-setting-button.png" alt-text="Screenshot outlining the new application setting button.":::
+
+1. Copy the **App Setting** and its **Value** from the [table above](#app-settings-for-enabling-profiler) and paste into the corresponding fields.
+
+ :::image type="content" source="./media/profiler-azure-functions/app-setting-1.png" alt-text="Screenshot adding the app insights profiler feature version setting.":::
+
+ :::image type="content" source="./media/profiler-azure-functions/app-setting-2.png" alt-text="Screenshot adding the diagnostic services extension version setting.":::
+
+ Leave the **Deployment slot setting** blank for now.
+
+1. Click **OK**.
+
+1. Click **Save** in the top menu, then **Continue**.
+
+ :::image type="content" source="./media/profiler-azure-functions/save-button.png" alt-text="Screenshot outlining the save button in the top menu of the configuration blade.":::
+
+ :::image type="content" source="./media/profiler-azure-functions/continue-button.png" alt-text="Screenshot outlining the continue button in the dialog after saving.":::
+
+The app settings now show up in the table:
+
+ :::image type="content" source="./media/profiler-azure-functions/app-settings-table.png" alt-text="Screenshot showing the two new app settings in the table on the configuration blade.":::
++
+## View the Profiler data for your Azure Functions app
+
+1. Under **Settings**, select **Application Insights (preview)** from the left menu.
+
+ :::image type="content" source="./media/profiler-azure-functions/app-insights-menu.png" alt-text="Screenshot showing application insights from the left menu of the Functions app.":::
+
+1. Select **View Application Insights data**.
+
+ :::image type="content" source="./media/profiler-azure-functions/view-app-insights-data.png" alt-text="Screenshot showing the button for viewing application insights data for the Functions app.":::
+
+1. On the App Insights page for your Functions app, select **Performance** from the left menu.
+
+ :::image type="content" source="./media/profiler-azure-functions/performance-menu.png" alt-text="Screenshot showing the performance link in the left menu of the app insights blade of the functions app.":::
+
+1. Select **Profiler** from the top menu of the Performance blade.
+
+ :::image type="content" source="./media/profiler-azure-functions/profiler-function-app.png" alt-text="Screenshot showing link to profiler for functions app.":::
++
+## Next Steps
+
+- Set these values using [Azure Resource Manager Templates](../app/azure-web-apps-net-core.md#app-service-application-settings-with-azure-resource-manager), [Azure PowerShell](/powershell/module/az.websites/set-azwebapp), or the [Azure CLI](/cli/azure/webapp/config/appsettings).
+- Learn more about [Profiler settings](profiler-settings.md).
azure-monitor Profiler Bring Your Own Storage https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/profiler/profiler-bring-your-own-storage.md
+
+ Title: Configure BYOS (Bring Your Own Storage) for Profiler & Snapshot Debugger
+description: Configure BYOS (Bring Your Own Storage) for Profiler & Snapshot Debugger
+ Last updated : 01/14/2021++
+# Configure Bring Your Own Storage (BYOS) for Application Insights Profiler and Snapshot Debugger
+
+## What is Bring Your Own Storage (BYOS) and why might I need it?
+When you use Application Insights Profiler or Snapshot Debugger, artifacts generated by your application are uploaded into Azure storage accounts over the public Internet. Those accounts are paid and controlled by Microsoft for processing and analysis. Microsoft controls the encryption-at-rest and lifetime management policies for those artifacts.
+
+With Bring Your Own Storage, these artifacts are uploaded into a storage account that you control. That means you control the encryption-at-rest policy, the lifetime management policy and network access. You will, however, be responsible for the costs associated with that storage account.
+
+> [!NOTE]
+> If you are enabling Private Link, Bring Your Own Storage is a requirement. For more information about Private Link for Application Insights, [see the documentation.](../logs/private-link-security.md)
+>
+> If you are enabling Customer-Managed Keys, Bring Your Own Storage is a requirement. For more information about Customer-Managed Keys for Application Insights, [see the documentation.](../logs/customer-managed-keys.md).
+
+## How will my storage account be accessed?
+1. Agents running in your Virtual Machines or App Service will upload artifacts (profiles, snapshots, and symbols) to blob containers in your account. This process involves contacting the Application Insights Profiler or Snapshot Debugger service to obtain a SAS (Shared Access Signature) token to a new blob in your storage account.
+1. The Application Insights Profiler or Snapshot Debugger service will analyze the incoming blob and write back the analysis results and log files into blob storage. Depending on available compute capacity, this process may occur anytime after upload.
+1. When you view the profiler traces, or snapshot debugger analysis, the service will fetch the analysis results from blob storage.
+
+## Prerequisites
+* Make sure to create your Storage Account in the same location as your Application Insights Resource. Ex. If your Application Insights resource is in West US 2, your Storage Account must be also in West US 2.
+* Grant the "Storage Blob Data Contributor" role to the AAD application "Diagnostic Services Trusted Storage Access" in your storage account via the Access Control (IAM) UI.
+* If Private Link enabled, configure the additional setting to allow connection to our Trusted Microsoft Service from your Virtual Network.
+
+## How to enable BYOS
+
+### Create Storage Account
+Create a brand-new Storage Account (if you don't have it) on the same location as your Application Insights resource.
+If your Application Insights resource it's on `West US 2`, then, your Storage Account must be in `West US 2`.
+
+### Grant Access to Diagnostic Services to your Storage Account
+A BYOS storage account will be linked to an Application Insights resource. There may be only one storage account per Application Insights resource and both must be in the same location. You may use the same storage account with more than one Application Insights resource.
+
+First, the Application Insights Profiler, and Snapshot Debugger service needs to be granted access to the storage account. To grant access, add the role `Storage Blob Data Contributor` to the AAD application named `Diagnostic Services Trusted Storage Access` via the Access Control (IAM) page in your storage account as shown in Figure 1.0.
+
+Steps:
+
+1. Select **Access control (IAM)**.
+
+1. Select **Add** > **Add role assignment** to open the Add role assignment page.
+
+1. Assign the following role. For detailed steps, see [Assign Azure roles using the Azure portal](../../role-based-access-control/role-assignments-portal.md).
+
+ | Setting | Value |
+ | | |
+ | Role | Storage Blob Data Contributor |
+ | Assign access to | User, group, or service principal |
+ | Members | Diagnostic Services Trusted Storage Access |
+
+ ![Add role assignment page in Azure portal.](../../../includes/role-based-access-control/media/add-role-assignment-page.png)
+
+After you added the role, it will appear under the "Role assignments" section, like the below Figure 1.1.
+_![Figure 1.1](media/profiler-bring-your-own-storage/figure-11.png)_
+_Figure 1.1_
+
+If you're also using Private Link, it's required one additional configuration to allow connection to our Trusted Microsoft Service from your Virtual Network. Refer to the [Storage Network Security documentation](../../storage/common/storage-network-security.md#trusted-microsoft-services).
+
+### Link your Storage Account with your Application Insights resource
+To configure BYOS for code-level diagnostics (Profiler/Debugger), there are three options:
+
+* Using Azure PowerShell cmdlets
+* Using the Azure CLI
+* Using Azure Resource Manager templates
+
+#### Configure using Azure PowerShell Cmdlets
+
+1. Make sure you have installed Az PowerShell 4.2.0 or greater.
+
+ To install Azure PowerShell, refer to the [Official Azure PowerShell documentation](/powershell/azure/install-az-ps).
+
+1. Install the Application Insights PowerShell extension.
+ ```powershell
+ Install-Module -Name Az.ApplicationInsights -Force
+ ```
+
+1. Sign in with your Azure Account
+ ```powershell
+ Connect-AzAccount -Subscription "{subscription_id}"
+ ```
+
+ For more info of how to sign in, refer to the [Connect-AzAccount documentation](/powershell/module/az.accounts/connect-azaccount).
+
+1. Remove previous Storage Account linked to your Application Insights resource.
+
+ Pattern:
+ ```powershell
+ $appInsights = Get-AzApplicationInsights -ResourceGroupName "{resource_group_name}" -Name "{application_insights_name}"
+ Remove-AzApplicationInsightsLinkedStorageAccount -ResourceId $appInsights.Id
+ ```
+
+ Example:
+ ```powershell
+ $appInsights = Get-AzApplicationInsights -ResourceGroupName "byos-test" -Name "byos-test-westus2-ai"
+ Remove-AzApplicationInsightsLinkedStorageAccount -ResourceId $appInsights.Id
+ ```
+
+1. Connect your Storage Account with your Application Insights resource.
+
+ Pattern:
+ ```powershell
+ $storageAccount = Get-AzStorageAccount -ResourceGroupName "{resource_group_name}" -Name "{storage_account_name}"
+ $appInsights = Get-AzApplicationInsights -ResourceGroupName "{resource_group_name}" -Name "{application_insights_name}"
+ New-AzApplicationInsightsLinkedStorageAccount -ResourceId $appInsights.Id -LinkedStorageAccountResourceId $storageAccount.Id
+ ```
+
+ Example:
+ ```powershell
+ $storageAccount = Get-AzStorageAccount -ResourceGroupName "byos-test" -Name "byosteststoragewestus2"
+ $appInsights = Get-AzApplicationInsights -ResourceGroupName "byos-test" -Name "byos-test-westus2-ai"
+ New-AzApplicationInsightsLinkedStorageAccount -ResourceId $appInsights.Id -LinkedStorageAccountResourceId $storageAccount.Id
+ ```
+
+#### Configure using Azure CLI
+
+1. Make sure you have installed Azure CLI.
+
+ To install Azure CLI, refer to the [Official Azure CLI documentation](/cli/azure/install-azure-cli).
+
+1. Install the Application Insights CLI extension.
+ ```azurecli
+ az extension add -n application-insights
+ ```
+
+1. Connect your Storage Account with your Application Insights resource.
+
+ Pattern:
+ ```azurecli
+ az monitor app-insights component linked-storage link --resource-group "{resource_group_name}" --app "{application_insights_name}" --storage-account "{storage_account_name}"
+ ```
+
+ Example:
+ ```azurecli
+ az monitor app-insights component linked-storage link --resource-group "byos-test" --app "byos-test-westus2-ai" --storage-account "byosteststoragewestus2"
+ ```
+
+ Expected output:
+ ```powershell
+ {
+ "id": "/subscriptions/{subscription}/resourcegroups/byos-test/providers/microsoft.insights/components/byos-test-westus2-ai/linkedstorageaccounts/serviceprofiler",
+ "linkedStorageAccount": "/subscriptions/{subscription}/resourceGroups/byos-test/providers/Microsoft.Storage/storageAccounts/byosteststoragewestus2",
+ "name": "serviceprofiler",
+ "resourceGroup": "byos-test",
+ "type": "microsoft.insights/components/linkedstorageaccounts"
+ }
+ ```
+
+ > [!NOTE]
+ > For performing updates on the linked Storage Accounts to your Application Insights resource, refer to the [Application Insights CLI documentation](/cli/azure/monitor/app-insights/component/linked-storage).
+
+#### Configure using Azure Resource Manager template
+
+1. Create an Azure Resource Manager template file with the following content (byos.template.json).
+ ```json
+ {
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "applicationinsights_name": {
+ "type": "String"
+ },
+ "storageaccount_name": {
+ "type": "String"
+ }
+ },
+ "variables": {},
+ "resources": [
+ {
+ "name": "[concat(parameters('applicationinsights_name'), '/serviceprofiler')]",
+ "type": "Microsoft.Insights/components/linkedStorageAccounts",
+ "apiVersion": "2020-03-01-preview",
+ "properties": {
+ "linkedStorageAccount": "[resourceId('Microsoft.Storage/storageAccounts', parameters('storageaccount_name'))]"
+ }
+ }
+ ],
+ "outputs": {}
+ }
+ ```
+
+1. Run the following PowerShell command to deploy previous template (create Linked Storage Account).
+
+ Pattern:
+ ```powershell
+ New-AzResourceGroupDeployment -ResourceGroupName "{your_resource_name}" -TemplateFile "{local_path_to_arm_template}"
+ ```
+
+ Example:
+ ```powershell
+ New-AzResourceGroupDeployment -ResourceGroupName "byos-test" -TemplateFile "D:\Docs\byos.template.json"
+ ```
+
+1. Provide the following parameters when prompted in the PowerShell console:
+
+ | Parameter | Description |
+ |-|--|
+ | application_insights_name | The name of the Application Insights resource to enable BYOS. |
+ | storage_account_name | The name of the Storage Account resource that you'll use as your BYOS. |
+
+ Expected output:
+ ```powershell
+ Supply values for the following parameters:
+ (Type !? for Help.)
+ application_insights_name: byos-test-westus2-ai
+ storage_account_name: byosteststoragewestus2
+
+ DeploymentName : byos.template
+ ResourceGroupName : byos-test
+ ProvisioningState : Succeeded
+ Timestamp : 4/16/2020 1:24:57 AM
+ Mode : Incremental
+ TemplateLink :
+ Parameters :
+ Name Type Value
+ ============================== ========================= ==========
+ application_insights_name String byos-test-westus2-ai
+ storage_account_name String byosteststoragewestus2
+
+ Outputs :
+ DeploymentDebugLogLevel :
+ ```
+
+1. Enable code-level diagnostics (Profiler/Debugger) on the workload of interest through the Azure portal. (App Service > Application Insights)
+_![Figure 2.0](media/profiler-bring-your-own-storage/figure-20.png)_
+_Figure 2.0_
+
+## Troubleshooting
+### Template schema '{schema_uri}' isn't supported.
+* Make sure that the `$schema` property of the template is valid. It must follow the following pattern:
+`https://schema.management.azure.com/schemas/{schema_version}/deploymentTemplate.json#`
+* Make sure that the `schema_version` of the template is within valid values: `2014-04-01-preview, 2015-01-01, 2018-05-01, 2019-04-01, 2019-08-01`.
+ Error message:
+ ```powershell
+ New-AzResourceGroupDeployment : 11:53:49 AM - Error: Code=InvalidTemplate; Message=Deployment template validation failed: 'Template schema
+ 'https://schema.management.azure.com/schemas/2020-01-01/deploymentTemplate.json#' is not supported. Supported versions are
+ '2014-04-01-preview,2015-01-01,2018-05-01,2019-04-01,2019-08-01'. Please see https://aka.ms/arm-template for usage details.'.
+ ```
+
+### No registered resource provider found for location '{location}'.
+* Make sure that the `apiVersion` of the resource `microsoft.insights/components` is `2015-05-01`.
+* Make sure that the `apiVersion` of the resource `linkedStorageAccount` is `2020-03-01-preview`.
+ Error message:
+ ```powershell
+ New-AzResourceGroupDeployment : 6:18:03 PM - Resource microsoft.insights/components 'byos-test-westus2-ai' failed with message '{
+ "error": {
+ "code": "NoRegisteredProviderFound",
+ "message": "No registered resource provider found for location 'westus2' and API version '2020-03-01-preview' for type 'components'. The supported api-versions are '2014-04-01,
+ 2014-08-01, 2014-12-01-preview, 2015-05-01, 2018-05-01-preview'. The supported locations are ', eastus, southcentralus, northeurope, westeurope, southeastasia, westus2, uksouth,
+ canadacentral, centralindia, japaneast, australiaeast, koreacentral, francecentral, centralus, eastus2, eastasia, westus, southafricanorth, northcentralus, brazilsouth, switzerlandnorth,
+ australiasoutheast'."
+ }
+ }'
+ ```
+### Storage account location should match AI component location.
+* Make sure that the location of the Application Insights resource is the same as the Storage Account.
+ Error message:
+ ```powershell
+ New-AzResourceGroupDeployment : 1:01:12 PM - Resource microsoft.insights/components/linkedStorageAccounts 'byos-test-centralus-ai/serviceprofiler' failed with message '{
+ "error": {
+ "code": "BadRequest",
+ "message": "Storage account location should match AI component location",
+ "innererror": {
+ "trace": [
+ "System.ArgumentException"
+ ]
+ }
+ }
+ }'
+ ```
+
+For general Profiler troubleshooting, refer to the [Profiler Troubleshoot documentation](profiler-troubleshooting.md).
+
+For general Snapshot Debugger troubleshooting, refer to the [Snapshot Debugger Troubleshoot documentation](../app/snapshot-debugger-troubleshoot.md).
+
+## FAQs
+* If I have Profiler or Snapshot enabled, and then I enabled BYOS, will my data be migrated into my Storage Account?
+ _No, it won't._
+
+* Will BYOS work with Encryption at Rest and Customer-Managed Key?
+ _Yes, to be precise, BYOS is a requisite to have profiler/debugger enabled with Customer-Manager Keys._
+
+* Will BYOS work in an environment isolated from the Internet?
+ _Yes. In fact, BYOS is a requirement for isolated network scenarios._
+
+* Will BYOS work when, both, Customer-Managed Keys and Private Link were enabled?
+ _Yes, it can be possible._
+
+* If I have enabled BYOS, can I go back using Diagnostic Services storage accounts to store my data collected?
+ _Yes, you can, but, right now we don't support data migration from your BYOS._
+
+* After enabling BYOS, will I take over of all the related costs of it, which are Storage and Networking?
+ _Yes_
azure-monitor Profiler Cloudservice https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/profiler/profiler-cloudservice.md
+
+ Title: Profile live Azure Cloud Services with Application Insights | Microsoft Docs
+description: Enable Application Insights Profiler for Azure Cloud Services.
++ Last updated : 08/06/2018++
+# Profile live Azure Cloud Services with Application Insights
+
+You can also deploy Application Insights Profiler on these
+* [Azure App Service](profiler.md?toc=/azure/azure-monitor/toc.json)
+* [Azure Service Fabric applications](profiler-servicefabric.md?toc=/azure/azure-monitor/toc.json)
+* [Azure Virtual Machines](profiler-vm.md?toc=/azure/azure-monitor/toc.json)
+
+Application Insights Profiler is installed with the Azure Diagnostics extension. You just need to configure Azure Diagnostics to install Profiler and send profiles to your Application Insights resource.
+
+## Enable Profiler for Azure Cloud Services
+1. Check to make sure that you're using [.NET Framework 4.6.1](/dotnet/framework/migration-guide/how-to-determine-which-versions-are-installed) or newer. If you are using OS family 4, you'll need to install .NET Framework 4.6.1 or newer with a [startup task](../../cloud-services/cloud-services-dotnet-install-dotnet.md). OS Family 5 includes a compatible version of .NET Framework by default.
+
+1. Add [Application Insights SDK to Azure Cloud Services](../app/cloudservices.md?toc=%2fazure%2fazure-monitor%2ftoc.json).
+
+ **The bug in the profiler that ships in the WAD for Cloud Services has been fixed.** The latest version of WAD (1.12.2.0) for Cloud Services works with all recent versions of the App Insights SDK. Cloud Service hosts will upgrade WAD automatically, but it isn't immediate. To force an upgrade, you can redeploy your service or reboot the node.
+
+1. Track requests with Application Insights:
+
+ * For ASP.NET web roles, Application Insights can track the requests automatically.
+
+ * For worker roles, [add code to track requests](profiler-trackrequests.md?toc=/azure/azure-monitor/toc.json).
+
+1. Configure the Azure Diagnostics extension to enable Profiler:
+
+ a. Locate the [Azure Diagnostics](../agents/diagnostics-extension-overview.md) *diagnostics.wadcfgx* file for your application role, as shown here:
+
+ ![Location of the diagnostics config file](./media/profiler-cloudservice/cloud-service-solution-explorer.png)
+
+ If you can't find the file, see [Set up diagnostics for Azure Cloud Services and Virtual Machines](/visualstudio/azure/vs-azure-tools-diagnostics-for-cloud-services-and-virtual-machines).
+
+ b. Add the following `SinksConfig` section as a child element of `WadCfg`:
+
+ ```xml
+ <WadCfg>
+ <DiagnosticMonitorConfiguration>...</DiagnosticMonitorConfiguration>
+ <SinksConfig>
+ <Sink name="MyApplicationInsightsProfiler">
+ <!-- Replace with your own Application Insights instrumentation key. -->
+ <ApplicationInsightsProfiler>00000000-0000-0000-0000-000000000000</ApplicationInsightsProfiler>
+ </Sink>
+ </SinksConfig>
+ </WadCfg>
+ ```
+
+ > [!NOTE]
+ > If the *diagnostics.wadcfgx* file also contains another sink of type ApplicationInsights, all three of the following instrumentation keys must match:
+ > * The key that's used by your application.
+ > * The key that's used by the ApplicationInsights sink.
+ > * The key that's used by the ApplicationInsightsProfiler sink.
+ >
+ > You can find the actual instrumentation key value that's used by the `ApplicationInsights` sink in the *ServiceConfiguration.\*.cscfg* files.
+ > After the Visual Studio 15.5 Azure SDK release, only the instrumentation keys that are used by the application and the ApplicationInsightsProfiler sink need to match each other.
+
+1. Deploy your service with the new Diagnostics configuration, and Application Insights Profiler is configured to run on your service.
+
+
+## Next steps
+
+* Generate traffic to your application (for example, launch an [availability test](../app/monitor-web-app-availability.md)). Then, wait 10 to 15 minutes for traces to start to be sent to the Application Insights instance.
+* See [Profiler traces](profiler-overview.md?toc=/azure/azure-monitor/toc.json) in the Azure portal.
+* To troubleshoot Profiler issues, see [Profiler troubleshooting](profiler-troubleshooting.md?toc=/azure/azure-monitor/toc.json).
+
azure-monitor Profiler Containers https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/profiler/profiler-containers.md
+
+ Title: Profile Azure Containers with Application Insights Profiler
+description: Enable Application Insights Profiler for Azure Containers.
+ms.contributor: charles.weininger
+ Last updated : 05/26/2022++
+# Profile live Azure containers with Application Insights
+
+You can enable the Application Insights Profiler for ASP.NET Core application running in your container almost without code. To enable the Application Insights Profiler on your container instance, you'll need to:
+
+* Add the reference to the NuGet package.
+* Set the environment variables to enable it.
+
+In this article, you'll learn the various ways you can:
+- Install the NuGet package in the project.
+- Set the environment variable via the orchestrator (like Kubernetes).
+- Learn security considerations around production deployment, like protecting your Application Insights Instrumentation key.
+
+## Pre-requisites
+
+- [An Application Insights resource](../app/create-new-resource.md). Make note of the instrumentation key.
+- [Docker Desktop](https://www.docker.com/products/docker-desktop/) to build docker images.
+- [.NET 6 SDK](https://dotnet.microsoft.com/download/dotnet/6.0) installed.
+
+## Set up the environment
+
+1. Clone and use the following [sample project](https://github.com/microsoft/ApplicationInsights-Profiler-AspNetCore/tree/main/examples/EnableServiceProfilerForContainerAppNet6):
+
+ ```bash
+ git clone https://github.com/microsoft/ApplicationInsights-Profiler-AspNetCore.git
+ ```
+
+1. Navigate to the Container App example:
+
+ ```bash
+ cd examples/EnableServiceProfilerForContainerAppNet6
+ ```
+
+1. This example is a bare bone project created by calling the following CLI command:
+
+ ```powershell
+ dotnet new mvc -n EnableServiceProfilerForContainerApp
+ ```
+
+ Note that we've added delay in the `Controllers/WeatherForecastController.cs` project to simulate the bottleneck.
+
+ ```CSharp
+ [HttpGet(Name = "GetWeatherForecast")]
+ public IEnumerable<WeatherForecast> Get()
+ {
+ SimulateDelay();
+ ...
+ // Other existing code.
+ }
+ private void SimulateDelay()
+ {
+ // Delay for 500ms to 2s to simulate a bottleneck.
+ Thread.Sleep((new Random()).Next(500, 2000));
+ }
+ ```
+
+1. Enable Application Insights and Profiler in `Startup.cs`:
+
+ ```csharp
+ public void ConfigureServices(IServiceCollection services)
+ {
+ services.AddApplicationInsightsTelemetry(); // Add this line of code to enable Application Insights.
+ services.AddServiceProfiler(); // Add this line of code to Enable Profiler
+ services.AddControllersWithViews();
+ }
+ ```
+
+## Pull the latest ASP.NET Core build/runtime images
+
+1. Navigate to the .NET Core 6.0 example directory.
+
+ ```bash
+ cd examples/EnableServiceProfilerForContainerAppNet6
+ ```
+
+1. Pull the latest ASP.NET Core images
+
+ ```shell
+ docker pull mcr.microsoft.com/dotnet/sdk:6.0
+ docker pull mcr.microsoft.com/dotnet/aspnet:6.0
+ ```
+
+> [!TIP]
+> Find the official images for Docker [SDK](https://hub.docker.com/_/microsoft-dotnet-sdk) and [runtime](https://hub.docker.com/_/microsoft-dotnet-aspnet).
+
+## Add your Application Insights key
+
+1. Via your Application Insights resource in the Azure portal, take note of your Application Insights instrumentation key.
+
+ :::image type="content" source="./media/profiler-containerinstances/application-insights-key.png" alt-text="Find instrumentation key in Azure portal":::
+
+1. Open `appsettings.json` and add your Application Insights instrumentation key to this code section:
+
+ ```json
+ {
+ "ApplicationInsights":
+ {
+ "InstrumentationKey": "Your instrumentation key"
+ }
+ }
+ ```
+
+## Build and run the Docker image
+
+1. Review the `Dockerfile`.
+
+1. Build the example image:
+
+ ```bash
+ docker build -t profilerapp .
+ ```
+
+1. Run the container:
+
+ ```bash
+ docker run -d -p 8080:80 --name testapp profilerapp
+ ```
+
+## View the container via your browser
+
+To hit the endpoint, either:
+
+- Visit `http://localhost:8080/weatherforecast` in your browser, or
+- Use curl:
+
+ ```terraform
+ curl http://localhost:8080/weatherforecast
+ ```
++
+## Inspect the logs
+
+Optionally, inspect the local log to see if a session of profiling finished:
+
+```bash
+docker logs testapp
+```
+
+In the local logs, note the following events:
+
+```output
+Starting application insights profiler with instrumentation key: your-instrumentation key # Double check the instrumentation key
+Service Profiler session started. # Profiler started.
+Finished calling trace uploader. Exit code: 0 # Uploader is called with exit code 0.
+Service Profiler session finished. # A profiling session is completed.
+```
+
+## View the Service Profiler traces
+
+1. Wait for 2-5 minutes so the events can be aggregated to Application Insights.
+1. Open the **Performance** blade in your Application Insights resource.
+1. Once the trace process is complete, you will see the Profiler Traces button like it below:
+
+ :::image type="content" source="./media/profiler-containerinstances/profiler-traces.png" alt-text="Profile traces in the performance blade":::
+++
+## Clean up resources
+
+Run the following command to stop the example project:
+
+```bash
+docker rm -f testapp
+```
+
+## Next Steps
+
+- Learn more about [Application Insights Profiler](./profiler-overview.md).
+- Learn how to enable Profiler in your [ASP.NET Core applications run on Linux](./profiler-aspnetcore-linux.md).
azure-monitor Profiler Overview https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/profiler/profiler-overview.md
+
+ Title: Profile production apps in Azure with Application Insights Profiler
+description: Identify the hot path in your web server code with a low-footprint profiler
+ms.contributor: charles.weininger
+ Last updated : 05/26/2022+++
+# Profile production applications in Azure with Application Insights
+
+Azure Application Insights Profiler provides performance traces for applications running in production in Azure. Profiler:
+- Captures the data automatically at scale without negatively affecting your users.
+- Helps you identify the ΓÇ£hotΓÇ¥ code path spending the most time handling a particular web request.
+
+## Enable Application Insights Profiler for your application
+
+### Supported in Profiler
+
+Profiler works with .NET applications deployed on the following Azure services. View specific instructions for enabling Profiler for each service type in the links below.
+
+| Compute platform | .NET (>= 4.6) | .NET Core | Java |
+| - | - | | - |
+| [Azure App Service](profiler.md) | Yes | Yes | No |
+| [Azure Virtual Machines and virtual machine scale sets for Windows](profiler-vm.md) | Yes | Yes | No |
+| [Azure Virtual Machines and virtual machine scale sets for Linux](profiler-aspnetcore-linux.md) | No | Yes | No |
+| [Azure Cloud Services](profiler-cloudservice.md) | Yes | Yes | N/A |
+| [Azure Container Instances for Windows](profiler-containers.md) | No | Yes | No |
+| [Azure Container Instances for Linux](profiler-containers.md) | No | Yes | No |
+| Kubernetes | No | Yes | No |
+| Azure Functions | Yes | Yes | No |
+| Azure Spring Cloud | N/A | No | No |
+| [Azure Service Fabric](profiler-servicefabric.md) | Yes | Yes | No |
+
+If you've enabled Profiler but aren't seeing traces, check our [Troubleshooting guide](profiler-troubleshooting.md?toc=/azure/azure-monitor/toc.json).
+
+## How to generate load to view Profiler data
+
+For Profiler to upload traces, your application must be actively handling requests. You can trigger Profiler manually with a single click.
+
+Suppose you're running a web performance test. You'll need traces to help you understand how your web app is running under load. By controlling when traces are captured, you'll know when the load test will be running, while the random sampling interval might miss it.
+
+### Generate traffic to your web app by starting a web performance test
+
+If you've newly enabled Profiler, you can run a short [load test](/vsts/load-test/app-service-web-app-performance-test). If your web app already has incoming traffic or if you just want to manually generate traffic, skip the load test and start a Profiler on-demand session.
+
+### Start a Profiler on-demand session
+1. From the Application Insights overview page, select **Performance** from the left menu.
+1. On the **Performance** pane, select **Profiler** from the top menu for Profiler settings.
+
+ :::image type="content" source="./media/profiler-overview/profiler-button-inline.png" alt-text="Screenshot of the Profiler button from the Performance blade" lightbox="media/profiler-settings/profiler-button.png":::
+
+1. Once the Profiler settings page loads, select **Profile Now**.
+
+ :::image type="content" source="./media/profiler-settings/configure-blade-inline.png" alt-text="Profiler page features and settings" lightbox="media/profiler-settings/configure-blade.png":::
+
+### View traces
+1. After the Profiler sessions finish running, return to the **Performance** pane.
+1. Under **Drill into...**, select **Profiler traces** to view the traces.
+
+ :::image type="content" source="./media/profiler-overview/trace-explorer-inline.png" alt-text="Screenshot of trace explorer page" lightbox="media/profiler-overview/trace-explorer.png":::
+
+The trace explorer displays the following information:
+
+| Filter | Description |
+| | -- |
+| Profile tree v. Flame graph | View the traces as either a tree or in graph form. |
+| Hot path | Select to open the biggest leaf node. In most cases, this node is near a performance bottleneck. |
+| Framework dependencies | Select to view each of the traced framework dependencies associated with the traces. |
+| Hide events | Type in strings to hide from the trace view. Select *Suggested events* for suggestions. |
+| Event | Event or function name. The tree displays a mix of code and events that occurred, such as SQL and HTTP events. The top event represents the overall request duration. |
+| Module | The module where the traced event or function occurred. |
+| Thread time | The time interval between the start of the operation and the end of the operation. |
+| Timeline | The time when the function or event was running in relation to other functions. |
+
+## How to read performance data
+
+The Microsoft service profiler uses a combination of sampling methods and instrumentation to analyze the performance of your application. When detailed collection is in progress, the service profiler samples the instruction pointer of each machine CPU every millisecond. Each sample captures the complete call stack of the thread that's currently executing. It gives detailed information about what that thread was doing, at both a high level and a low level of abstraction. The service profiler also collects other events to track activity correlation and causality, including context switching events, Task Parallel Library (TPL) events, and thread pool events.
+
+The call stack displayed in the timeline view is the result of the sampling and instrumentation. Because each sample captures the complete call stack of the thread, it includes code from Microsoft .NET Framework and other frameworks that you reference.
+
+### <a id="jitnewobj"></a>Object allocation (clr!JIT\_New or clr!JIT\_Newarr1)
+
+**clr!JIT\_New** and **clr!JIT\_Newarr1** are helper functions in .NET Framework that allocate memory from a managed heap.
+- **clr!JIT\_New** is invoked when an object is allocated.
+- **clr!JIT\_Newarr1** is invoked when an object array is allocated.
+
+These two functions usually work quickly. If **clr!JIT\_New** or **clr!JIT\_Newarr1** take up time in your timeline, the code might be allocating many objects and consuming significant amounts of memory.
+
+### <a id="theprestub"></a>Loading code (clr!ThePreStub)
+
+**clr!ThePreStub** is a helper function in .NET Framework that prepares the code for initial execution, which usually includes just-in-time (JIT) compilation. For each C# method, **clr!ThePreStub** should be invoked, at most, once during a process.
+
+If **clr!ThePreStub** takes extra time for a request, it's the first request to execute that method. The .NET Framework runtime takes a significant amount of time to load the first method. Consider:
+- Using a warmup process that executes that portion of the code before your users access it.
+- Running Native Image Generator (ngen.exe) on your assemblies.
+
+### <a id="lockcontention"></a>Lock contention (clr!JITutil\_MonContention or clr!JITutil\_MonEnterWorker)
+
+**clr!JITutil\_MonContention** or **clr!JITutil\_MonEnterWorker** indicate that the current thread is waiting for a lock to be released. This text is often displayed when you:
+- Execute a C# **LOCK** statement,
+- Invoke the **Monitor.Enter** method, or
+- Invoke a method with the **MethodImplOptions.Synchronized** attribute.
+
+Lock contention usually occurs when thread _A_ acquires a lock and thread _B_ tries to acquire the same lock before thread _A_ releases it.
+
+### <a id="ngencold"></a>Loading code ([COLD])
+
+If the .NET Framework runtime is executing [unoptimized code](/cpp/build/profile-guided-optimizations) for the first time, the method name will contain **[COLD]**:
+
+`mscorlib.ni![COLD]System.Reflection.CustomAttribute.IsDefined`
+
+For each method, it should be displayed once during the process, at most.
+
+If loading code takes a substantial amount of time for a request, it's the request's initiate execute of the unoptimized portion of the method. Consider using a warmup process that executes that portion of the code before your users access it.
+
+### <a id="httpclientsend"></a>Send HTTP request
+
+Methods such as **HttpClient.Send** indicate that the code is waiting for an HTTP request to be completed.
+
+### <a id="sqlcommand"></a>Database operation
+
+Methods such as **SqlCommand.Execute** indicate that the code is waiting for a database operation to finish.
+
+### <a id="await"></a>Waiting (AWAIT\_TIME)
+
+**AWAIT\_TIME** indicates that the code is waiting for another task to finish. This delay occurs with the C# **AWAIT** statement. When the code does a C# **AWAIT**:
+- The thread unwinds and returns control to the thread pool.
+- There's no blocked thread waiting for the **AWAIT** to finish.
+
+However, logically, the thread that did the **AWAIT** is "blocked", waiting for the operation to finish. The **AWAIT\_TIME** statement indicates the blocked time, waiting for the task to finish.
+
+### <a id="block"></a>Blocked time
+
+**BLOCKED_TIME** indicates that the code is waiting for another resource to be available. For example, it might be waiting for:
+- A synchronization object
+- A thread to be available
+- A request to finish
+
+### Unmanaged Async
+
+In order for async calls to be tracked across threads, .NET Framework emits ETW events and passes activity ids between threads. Since unmanaged (native) code and some older styles of asynchronous code lack these events and activity ids, the Profiler can't track the thread and functions running on the thread. This is labeled **Unmanaged Async** in the call stack. Download the ETW file to use [PerfView](https://github.com/Microsoft/perfview/blob/master/documentation/Downloading.md) for more insight.
+
+### <a id="cpu"></a>CPU time
+
+The CPU is busy executing the instructions.
+
+### <a id="disk"></a>Disk time
+
+The application is performing disk operations.
+
+### <a id="network"></a>Network time
+
+The application is performing network operations.
+
+### <a id="when"></a>When column
+
+The **When** column is a visualization of the variety of _inclusive_ samples collected for a node over time. The total range of the request is divided into 32 time buckets, where the node's inclusive samples accumulate. Each bucket is represented as a bar. The height of the bar represents a scaled value. For the following nodes, the bar represents the consumption of one of the resources during the bucket:
+- Nodes marked **CPU_TIME** or **BLOCKED_TIME**.
+- Nodes with an obvious relationship to consuming a resource (for example, a CPU, disk, or thread).
+
+For these metrics, you can get a value of greater than 100% by consuming multiple resources. For example, if you use two CPUs during an interval on average, you get 200%.
+
+## Limitations
+
+The default data retention period is five days.
+
+There are no charges for using the Profiler service. To use it, your web app must be hosted in the basic tier of the Web Apps feature of Azure App Service, at minimum.
+
+## Overhead and sampling algorithm
+
+Profiler randomly runs two minutes/hour on each virtual machine hosting the application with Profiler enabled for capturing traces. When Profiler is running, it adds from 5-15% CPU overhead to the server.
+
+## Next steps
+Enable Application Insights Profiler for your Azure application. Also see:
+* [App Services](profiler.md?toc=/azure/azure-monitor/toc.json)
+* [Azure Cloud Services](profiler-cloudservice.md?toc=/azure/azure-monitor/toc.json)
+* [Azure Service Fabric](profiler-servicefabric.md?toc=/azure/azure-monitor/toc.json)
+* [Azure Virtual Machines and virtual machine scale sets](profiler-vm.md?toc=/azure/azure-monitor/toc.json)
++
+[performance-blade]: ./media/profiler-overview/performance-blade-v2-examples.png
+[trace-explorer]: ./media/profiler-overview/trace-explorer.png
azure-monitor Profiler Servicefabric https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/profiler/profiler-servicefabric.md
+
+ Title: Profile live Azure Service Fabric apps with Application Insights
+description: Enable Profiler for a Service Fabric application
++ Last updated : 08/06/2018++
+# Profile live Azure Service Fabric applications with Application Insights
+
+You can also deploy Application Insights Profiler on these
+* [Azure App Service](profiler.md?toc=/azure/azure-monitor/toc.json)
+* [Azure Cloud Services](profiler-cloudservice.md?toc=/azure/azure-monitor/toc.json)
+* [Azure Virtual Machines](profiler-vm.md?toc=/azure/azure-monitor/toc.json)
+
+## Set up the environment deployment definition
+
+Application Insights Profiler is included with Azure Diagnostics. You can install the Azure Diagnostics extension by using an Azure Resource Manager template for your Service Fabric cluster. Get a [template that installs Azure Diagnostics on a Service Fabric Cluster](https://github.com/Azure/azure-docs-json-samples/blob/master/application-insights/ServiceFabricCluster.json).
+
+To set up your environment, take the following actions:
+
+1. Profiler supports .NET Framework and .Net Core. If you're using .NET Framework, make sure you're using [.NET Framework 4.6.1](/dotnet/framework/migration-guide/how-to-determine-which-versions-are-installed) or later. It's sufficient to confirm that the deployed OS is `Windows Server 2012 R2` or later. Profiler supports .NET Core [LTS](https://dotnet.microsoft.com/platform/support/policy/dotnet-core) and newer applications.
+
+1. Search for the [Azure Diagnostics](../agents/diagnostics-extension-overview.md) extension in the deployment template file.
+
+1. Add the following `SinksConfig` section as a child element of `WadCfg`. Replace the `ApplicationInsightsProfiler` property value with your own Application Insights instrumentation key:
+
+ ```json
+ "SinksConfig": {
+ "Sink": [
+ {
+ "name": "MyApplicationInsightsProfilerSink",
+ "ApplicationInsightsProfiler": "00000000-0000-0000-0000-000000000000"
+ }
+ ]
+ }
+ ```
+
+ For information about adding the Diagnostics extension to your deployment template, see [Use monitoring and diagnostics with a Windows VM and Azure Resource Manager templates](../../virtual-machines/extensions/diagnostics-template.md?toc=/azure/virtual-machines/windows/toc.json).
+
+1. Deploy your Service Fabric cluster by using your Azure Resource Manager template.
+ If your settings are correct, Application Insights Profiler will be installed and enabled when the Azure Diagnostics extension is installed.
+
+1. Add Application Insights to your Service Fabric application.
+ For Profiler to collect profiles for your requests, your application must be tracking operations with Application Insights. For stateless APIs, you can refer to instructions for [tracking Requests for profiling](profiler-trackrequests.md?toc=/azure/azure-monitor/toc.json). For more information about tracking custom operations in other kinds of apps, see [track custom operations with Application Insights .NET SDK](../app/custom-operations-tracking.md).
+
+1. Redeploy your application.
++
+## Next steps
+
+* Generate traffic to your application (for example, launch an [availability test](../app/monitor-web-app-availability.md)). Then, wait 10 to 15 minutes for traces to start to be sent to the Application Insights instance.
+* See [Profiler traces](profiler-overview.md?toc=/azure/azure-monitor/toc.json) in the Azure portal.
+* For help with troubleshooting Profiler issues, see [Profiler troubleshooting](profiler-troubleshooting.md?toc=/azure/azure-monitor/toc.json).
+
azure-monitor Profiler Settings https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/profiler/profiler-settings.md
+
+ Title: Configure Application Insights Profiler | Microsoft Docs
+description: Use the Azure Application Insights Profiler settings pane to see Profiler status and start profiling sessions
+ms.contributor: Charles.Weininger
+ Last updated : 04/26/2022+++
+# Configure Application Insights Profiler
+
+To open the Azure Application Insights Profiler settings pane, select **Performance** from the left menu within your Application Insights page.
++
+View profiler traces across your Azure resources via two methods:
+
+**Profiler button**
+
+Select the **Profiler** button from the top menu.
++
+**By operation**
+
+1. Select an operation from the **Operation name** list ("Overall" is highlighted by default).
+1. Select the **Profiler traces** button.
+
+ :::image type="content" source="./media/profiler-settings/operation-entry-inline.png" alt-text="Select operation and Profiler traces to view all profiler traces" lightbox="media/profiler-settings/operation-entry.png":::
+
+1. Select one of the requests from the list to the left.
+1. Select **Configure Profiler**.
+
+ :::image type="content" source="./media/profiler-settings/configure-profiler-inline.png" alt-text="Overall selection and clicking Profiler traces to view all profiler traces" lightbox="media/profiler-settings/configure-profiler.png":::
+
+Once within the Profiler, you can configure and view the Profiler. The **Application Insights Profiler** page has these features:
++
+| Feature | Description |
+|-|-|
+Profile Now | Starts profiling sessions for all apps that are linked to this instance of Application Insights.
+Triggers | Allows you to configure triggers that cause the profiler to run.
+Recent profiling sessions | Displays information about past profiling sessions, which you can sort using the filters at the top of the page.
+
+## Profile Now
+Select **Profile Now** to start a profiling session on demand. When you click this link, all profiler agents that are sending data to this Application Insights instance will start to capture a profile. After 5 to 10 minutes, the profile session will show in the list below.
+
+To manually trigger a profiler session, you'll need, at minimum, *write* access on your role for the Application Insights component. In most cases, you get write access automatically. If you're having issues, you'll need the "Application Insights Component Contributor" subscription scope role added. [See more about role access control with Azure Monitoring](../app/resources-roles-access-control.md).
+
+## Trigger Settings
+
+Select the Triggers button on the menu bar to open the CPU, Memory, and Sampling trigger settings pane.
+
+**CPU or Memory triggers**
+
+You can set up a trigger to start profiling when the percentage of CPU or Memory use hits the level you set.
++
+| Setting | Description |
+|-|-|
+On / Off Button | On: profiler can be started by this trigger; Off: profiler won't be started by this trigger.
+Memory threshold | When this percentage of memory is in use, the profiler will be started.
+Duration | Sets the length of time the profiler will run when triggered.
+Cooldown | Sets the length of time the profiler will wait before checking for the memory or CPU usage again after it's triggered.
+
+**Sampling trigger**
+
+Unlike CPU or memory triggers, the Sampling trigger isn't triggered by an event. Instead, it's triggered randomly to get a truly random sample of your application's performance. You can:
+- Turn this trigger off to disable random sampling.
+- Set how often profiling will occur and the duration of the profiling session.
++
+| Setting | Description |
+|-|-|
+On / Off Button | On: profiler can be started by this trigger; Off: profiler won't be started by this trigger.
+Sample rate | The rate at which the profiler can occur. </br> <ul><li>The **Normal** setting collects data 5% of the time, which is about 2 minutes per hour.</li><li>The **High** setting profiles 50% of the time.</li><li>The **Maximum** setting profiles 75% of the time.</li></ul> </br> Normal is recommended for production environments.
+Duration | Sets the length of time the profiler will run when triggered.
+
+## Recent Profiling Sessions
+This section of the Profiler page displays recent profiling session information. A profiling session represents the time taken by the profiler agent while profiling one of the machines hosting your application. Open the profiles from a session by clicking on one of the rows. For each session, we show:
+
+| Setting | Description |
+|-|-|
+Triggered by | How the session was started, either by a trigger, Profile Now, or default sampling.
+App Name | Name of the application that was profiled.
+Machine Instance | Name of the machine the profiler agent ran on.
+Timestamp | Time when the profile was captured.
+Tracee | Number of traces that were attached to individual requests.
+CPU % | Percentage of CPU that was being used while the profiler was running.
+Memory % | Percentage of memory that was being used while the profiler was running.
+
+## Next steps
+[Enable Profiler and view traces](profiler-overview.md?toc=/azure/azure-monitor/toc.json)
+
+[profiler-on-demand]: ./media/profiler-settings/profiler-on-demand.png
+[performance-blade]: ./media/profiler-settings/performance-blade.png
+[configure-profiler-page]: ./media/profiler-settings/configureBlade.png
+[trigger-settings-flyout]: ./media/profiler-settings/trigger-central-p-u.png
+[create-performance-test]: ./media/profiler-settings/new-performance-test.png
+[configure-performance-test]: ./media/profiler-settings/configure-performance-test.png
+[load-test-queued]: ./media/profiler-settings/load-test-queued.png
+[load-test-in-progress]: ./media/profiler-settings/load-test-in-progress.png
+[enable-app-insights]: ./media/profiler-settings/enable-app-insights-blade-01.png
+[update-site-extension]: ./media/profiler-settings/update-site-extension-01.png
+[change-and-save-appinsights]: ./media/profiler-settings/change-and-save-app-insights-01.png
+[app-settings-for-profiler]: ./media/profiler-settings/app-settings-for-profiler-01.png
+[check-for-extension-update]: ./media/profiler-settings/check-extension-update-01.png
+[profiler-timeout]: ./media/profiler-settings/profiler-time-out.png
azure-monitor Profiler Trackrequests https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/profiler/profiler-trackrequests.md
+
+ Title: Write code to track requests with Azure Application Insights | Microsoft Docs
+description: Write code to track requests with Application Insights so you can get profiles for your requests.
++ Last updated : 08/06/2018++
+# Write code to track requests with Application Insights
+
+To view profiles for your application on the Performance page, Azure Application Insights needs to track requests for your application. Application Insights can automatically track requests for applications that are built on already-instrumented frameworks. Two examples are ASP.NET and ASP.NET Core.
+
+For other applications, such as Azure Cloud Services worker roles and Service Fabric stateless APIs, you need to write code to tell Application Insights where your requests begin and end. After you've written this code, requests telemetry is sent to Application Insights. You can view the telemetry on the Performance page, and profiles are collected for those requests.
++
+To manually track requests, do the following:
+
+ 1. Early in the application lifetime, add the following code:
+
+ ```csharp
+ using Microsoft.ApplicationInsights.Extensibility;
+ ...
+ // Replace with your own Application Insights instrumentation key.
+ TelemetryConfiguration.Active.InstrumentationKey = "00000000-0000-0000-0000-000000000000";
+ ```
+ For more information about this global instrumentation key configuration, see [Use Service Fabric with Application Insights](https://github.com/Azure-Samples/service-fabric-dotnet-getting-started/blob/dev/appinsights/ApplicationInsights.md).
+
+ 1. For any piece of code that you want to instrument, add a `StartOperation<RequestTelemetry>` **using** statement around it, as shown in the following example:
+
+ ```csharp
+ using Microsoft.ApplicationInsights;
+ using Microsoft.ApplicationInsights.DataContracts;
+ ...
+ var client = new TelemetryClient();
+ ...
+ using (var operation = client.StartOperation<RequestTelemetry>("Insert_Your_Custom_Event_Unique_Name"))
+ {
+ // ... Code I want to profile.
+ }
+ ```
+
+ Calling `StartOperation<RequestTelemetry>` within another `StartOperation<RequestTelemetry>` scope isn't supported. You can use `StartOperation<DependencyTelemetry>` in the nested scope instead. For example:
+
+ ```csharp
+ using (var getDetailsOperation = client.StartOperation<RequestTelemetry>("GetProductDetails"))
+ {
+ try
+ {
+ ProductDetail details = new ProductDetail() { Id = productId };
+ getDetailsOperation.Telemetry.Properties["ProductId"] = productId.ToString();
+
+ // By using DependencyTelemetry, 'GetProductPrice' is correctly linked as part of the 'GetProductDetails' request.
+ using (var getPriceOperation = client.StartOperation<DependencyTelemetry>("GetProductPrice"))
+ {
+ double price = await _priceDataBase.GetAsync(productId);
+ if (IsTooCheap(price))
+ {
+ throw new PriceTooLowException(productId);
+ }
+ details.Price = price;
+ }
+
+ // Similarly, note how 'GetProductReviews' doesn't establish another RequestTelemetry.
+ using (var getReviewsOperation = client.StartOperation<DependencyTelemetry>("GetProductReviews"))
+ {
+ details.Reviews = await _reviewDataBase.GetAsync(productId);
+ }
+
+ getDetailsOperation.Telemetry.Success = true;
+ return details;
+ }
+ catch(Exception ex)
+ {
+ getDetailsOperation.Telemetry.Success = false;
+
+ // This exception gets linked to the 'GetProductDetails' request telemetry.
+ client.TrackException(ex);
+ throw;
+ }
+ }
+ ```
azure-monitor Profiler Troubleshooting https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/profiler/profiler-troubleshooting.md
+
+ Title: Troubleshoot problems with Azure Application Insights Profiler
+description: This article presents troubleshooting steps and information to help developers enable and use Application Insights Profiler.
+ Last updated : 08/06/2018++
+# Troubleshoot problems enabling or viewing Application Insights Profiler
+
+## <a id="troubleshooting"></a>General troubleshooting
+
+### Make sure you're using the appropriate Profiler Endpoint
+
+Currently the only regions that require endpoint modifications are [Azure Government](../../azure-government/compare-azure-government-global-azure.md#application-insights) and [Azure China](/azure/china/resources-developer-guide).
+
+|App Setting | US Government Cloud | China Cloud |
+|||-|
+|ApplicationInsightsProfilerEndpoint | `https://profiler.monitor.azure.us` | `https://profiler.monitor.azure.cn` |
+|ApplicationInsightsEndpoint | `https://dc.applicationinsights.us` | `https://dc.applicationinsights.azure.cn` |
+
+### Profiles are uploaded only if there are requests to your application while Profiler is running
+
+Azure Application Insights Profiler collects data for two minutes each hour. It can also collect data when you select the **Profile Now** button in the **Configure Application Insights Profiler** pane.
+
+> [!NOTE]
+> The profiling data is uploaded only when it can be attached to a request that happened while Profiler was running.
+
+Profiler writes trace messages and custom events to your Application Insights resource. You can use these events to see how Profiler is running:
+
+1. Search for trace messages and custom events sent by Profiler to your Application Insights resource. You can use this search string to find the relevant data:
+
+ ```
+ stopprofiler OR startprofiler OR upload OR ServiceProfilerSample
+ ```
+ The following image displays two examples of searches from two AI resources:
+
+ * At the left, the application isn't receiving requests while Profiler is running. The message explains that the upload was canceled because of no activity.
+
+ * At the right, Profiler started and sent custom events when it detected requests that happened while Profiler was running. If the `ServiceProfilerSample` custom event is displayed, it means that a profile was captured and its available in the **Application Insights Performance** pane.
+
+ If no records are displayed, Profiler isn't running. To troubleshoot, see the troubleshooting sections for your specific app type later in this article.
+
+ ![Search Profiler telemetry][profiler-search-telemetry]
+
+### Other things to check
+* Make sure that your app is running on .NET Framework 4.6.
+* If your web app is an ASP.NET Core application, it must be running at least ASP.NET Core [LTS](https://dotnet.microsoft.com/platform/support/policy/dotnet-core).
+* If the data you're trying to view is older than a couple of weeks, try limiting your time filter and try again. Traces are deleted after seven days.
+* Make sure that proxies or a firewall haven't blocked access to https://gateway.azureserviceprofiler.net.
+* Profiler isn't supported on free or shared app service plans. If you're using one of those plans, try scaling up to one of the basic plans and Profiler should start working.
+
+### <a id="double-counting"></a>Double counting in parallel threads
+
+In some cases, the total time metric in the stack viewer is more than the duration of the request.
+
+This situation might occur when two or more parallel threads are associated with a request. In that case, the total thread time is more than the elapsed time.
+
+One thread might be waiting on the other to be completed. The viewer tries to detect this situation and omits the uninteresting wait. In doing so, it errs on the side of displaying too much information rather than omit what might be critical information.
+
+When you see parallel threads in your traces, determine which threads are waiting so that you can identify the hot path for the request.
+
+Usually, the thread that quickly goes into a wait state is simply waiting on the other threads. Concentrate on the other threads, and ignore the time in the waiting threads.
+
+### Error report in the profile viewer
+Submit a support ticket in the portal. Be sure to include the correlation ID from the error message.
+
+## Troubleshoot Profiler on Azure App Service
+
+For Profiler to work properly:
+* Your web app service plan must be Basic tier or higher.
+* Your web app must have Application Insights enabled.
+* Your web app must have the following app settings:
+
+ |App Setting | Value |
+ ||-|
+ |APPINSIGHTS_INSTRUMENTATIONKEY | iKey for your Application Insights resource |
+ |APPINSIGHTS_PROFILERFEATURE_VERSION | 1.0.0 |
+ |DiagnosticServices_EXTENSION_VERSION | ~3 |
++
+* The **ApplicationInsightsProfiler3** webjob must be running. To check the webjob:
+ 1. Go to [Kudu](/archive/blogs/cdndevs/the-kudu-debug-console-azure-websites-best-kept-secret).
+ 1. In the **Tools** menu, select **WebJobs Dashboard**.
+ The **WebJobs** pane opens.
+
+ ![Screenshot shows the WebJobs pane, which displays the name, status, and last run time of jobs.][profiler-webjob]
+
+ 1. To view the details of the webjob, including the log, select the **ApplicationInsightsProfiler3** link.
+ The **Continuous WebJob Details** pane opens.
+
+ ![Screenshot shows the Continuous WebJob Details pane.][profiler-webjob-log]
+
+If Profiler isn't working for you, you can download the log and send it to our team for assistance, serviceprofilerhelp@microsoft.com.
+
+### Check the Diagnostic Services site extension' Status Page
+If Profiler was enabled through the [Application Insights pane](profiler.md) in the portal, it was enabled by the Diagnostic Services site extension.
+
+> [!NOTE]
+> Codeless installation of Application Insights Profiler follows the .NET Core support policy.
+> For more information about supported runtimes, see [.NET Core Support Policy](https://dotnet.microsoft.com/platform/support/policy/dotnet-core).
+
+You can check the Status Page of this extension by going to the following url:
+`https://{site-name}.scm.azurewebsites.net/DiagnosticServices`
+
+> [!NOTE]
+> The domain of the Status Page link will vary depending on the cloud.
+This domain will be the same as the Kudu management site for App Service.
+
+This Status Page shows the installation state of the Profiler and Snapshot Collector agents. If there was an unexpected error, it will be displayed and show how to fix it.
+
+You can use the Kudu management site for App Service to get the base url of this Status Page:
+1. Open your App Service application in the Azure portal.
+2. Select **Advanced Tools**, or search for **Kudu**.
+3. Select **Go**.
+4. Once you are on the Kudu management site, in the URL, **append the following `/DiagnosticServices` and press enter**.
+ It will end like this: `https://<kudu-url>/DiagnosticServices`
+
+It will display a Status Page similar like the below:
+![Diagnostic Services Status Page](../app/media/diagnostic-services-site-extension/status-page.png)
+
+### Manual installation
+
+When you configure Profiler, updates are made to the web app's settings. If your environment requires it, you can apply the updates manually. An example might be that your application is running in a Web Apps environment for Power Apps. To apply updates manually:
+
+1. In the **Web App Control** pane, open **Settings**.
+
+1. Set **.NET Framework version** to **v4.6**.
+
+1. Set **Always On** to **On**.
+1. Create these app settings:
+
+ |App Setting | Value |
+ ||-|
+ |APPINSIGHTS_INSTRUMENTATIONKEY | iKey for your Application Insights resource |
+ |APPINSIGHTS_PROFILERFEATURE_VERSION | 1.0.0 |
+ |DiagnosticServices_EXTENSION_VERSION | ~3 |
+
+### Too many active profiling sessions
+
+You can enable Profiler on a maximum of four Web Apps that are running in the same service plan. If you've more than four, Profiler might throw a *Microsoft.ServiceProfiler.Exceptions.TooManyETWSessionException*. To solve it, move some web apps to a different service plan.
+
+### Deployment error: Directory Not Empty 'D:\\home\\site\\wwwroot\\App_Data\\jobs'
+
+If you're redeploying your web app to a Web Apps resource with Profiler enabled, you might see the following message:
+
+*Directory Not Empty 'D:\\home\\site\\wwwroot\\App_Data\\jobs'*
+
+This error occurs if you run Web Deploy from scripts or from the Azure Pipelines. The solution is to add the following deployment parameters to the Web Deploy task:
+
+```
+-skip:Directory='.*\\App_Data\\jobs\\continuous\\ApplicationInsightsProfiler.*' -skip:skipAction=Delete,objectname='dirPath',absolutepath='.*\\App_Data\\jobs\\continuous$' -skip:skipAction=Delete,objectname='dirPath',absolutepath='.*\\App_Data\\jobs$' -skip:skipAction=Delete,objectname='dirPath',absolutepath='.*\\App_Data$'
+```
+
+These parameters delete the folder that's used by Application Insights Profiler and unblock the redeploy process. They don't affect the Profiler instance that's currently running.
+
+### How do I determine whether Application Insights Profiler is running?
+
+Profiler runs as a continuous webjob in the web app. You can open the web app resource in the [Azure portal](https://portal.azure.com). In the **WebJobs** pane, check the status of **ApplicationInsightsProfiler**. If it isn't running, open **Logs** to get more information.
+
+## Troubleshoot VMs and Cloud Services
+
+>**The bug in the profiler that ships in the WAD for Cloud Services has been fixed.** The latest version of WAD (1.12.2.0) for Cloud Services works with all recent versions of the App Insights SDK. Cloud Service hosts will upgrade WAD automatically, but it isn't immediate. To force an upgrade, you can redeploy your service or reboot the node.
+
+To see whether Profiler is configured correctly by Azure Diagnostics, follow the below steps:
+1. Verify that the content of the Azure Diagnostics configuration deployed is what you expect.
+
+1. Second, make sure that Azure Diagnostics passes the proper iKey on the Profiler command line.
+
+1. Third, check the Profiler log file to see whether Profiler ran but returned an error.
+
+To check the settings that were used to configure Azure Diagnostics:
+
+1. Sign in to the virtual machine (VM), and then open the log file at this location. The plugin version may be newer on your machine.
+
+ For VMs:
+ ```
+ c:\WindowsAzure\logs\Plugins\Microsoft.Azure.Diagnostics.PaaSDiagnostics\1.11.3.12\DiagnosticsPlugin.log
+ ```
+
+ For Cloud
+ ```
+ c:\logs\Plugins\Microsoft.Azure.Diagnostics.PaaSDiagnostics\1.11.3.12\DiagnosticsPlugin.log
+ ```
+
+1. In the file, you can search for the string **WadCfg** to find the settings that were passed to the VM to configure Azure Diagnostics. You can check to see whether the iKey used by the Profiler sink is correct.
+
+1. Check the command line that's used to start Profiler. The arguments that are used to launch Profiler are in the following file. (The drive could be c: or d: and the directory may be hidden.)
+
+ For VMs:
+ ```
+ C:\ProgramData\ApplicationInsightsProfiler\config.json
+ ```
+
+ for Cloud
+ ```
+ D:\ProgramData\ApplicationInsightsProfiler\config.json
+ ```
+
+1. Make sure that the iKey on the Profiler command line is correct.
+
+1. Using the path found in the preceding *config.json* file, check the Profiler log file, called **BootstrapN.log**. It displays the debug information that indicates the settings that Profiler is using. It also displays status and error messages from Profiler.
+
+ For VMs, the file is here:
+ ```
+ C:\WindowsAzure\Logs\Plugins\Microsoft.Azure.Diagnostics.IaaSDiagnostics\1.17.0.6\ApplicationInsightsProfiler
+ ```
+
+ For Cloud
+ ```
+ C:\Logs\Plugins\Microsoft.Azure.Diagnostics.IaaSDiagnostics\1.17.0.6\ApplicationInsightsProfiler
+ ```
+
+ If Profiler is running while your application is receiving requests, the following message is displayed: *Activity detected from iKey*.
+
+ When the trace is being uploaded, the following message is displayed: *Start to upload trace*.
++
+## Edit network proxy or firewall rules
+
+If your application connects to the Internet via a proxy or a firewall, you may need to update the rules to communicate with the Profiler service.
+
+The IPs used by Application Insights Profiler are included in the Azure Monitor service tag. For more information, see [Service Tags documentation](../../virtual-network/service-tags-overview.md).
++
+[profiler-search-telemetry]:./media/profiler-troubleshooting/Profiler-Search-Telemetry.png
+[profiler-webjob]:./media/profiler-troubleshooting/profiler-web-job.png
+[profiler-webjob-log]:./media/profiler-troubleshooting/profiler-web-job-log.png
azure-monitor Profiler Vm https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/profiler/profiler-vm.md
+
+ Title: Profile web apps on an Azure VM - Application Insights Profiler
+description: Profile web apps on an Azure VM by using Application Insights Profiler.
+ Last updated : 11/08/2019++
+# Profile web apps running on an Azure virtual machine or a virtual machine scale set by using Application Insights Profiler
++
+You can also deploy Azure Application Insights Profiler on these
+* [Azure App Service](./profiler.md?toc=%2fazure%2fazure-monitor%2ftoc.json)
+* [Azure Cloud Services](profiler-cloudservice.md?toc=/azure/azure-monitor/toc.json)
+* [Azure Service Fabric](?toc=%2fazure%2fazure-monitor%2ftoc.json)
+
+## Deploy Profiler on a virtual machine or a virtual machine scale set
+This article shows you how to get Application Insights Profiler running on your Azure virtual machine (VM) or Azure virtual machine scale set. Profiler is installed with the Azure Diagnostics extension for VMs. Configure the extension to run Profiler, and build the Application Insights SDK into your application.
+
+1. Add the Application Insights SDK to your [ASP.NET application](../app/asp-net.md).
+
+ To view profiles for your requests, you must send request telemetry to Application Insights.
+
+1. Install Azure Diagnostics extension on your VM. For full Resource Manager template examples, see:
+ * [Virtual machine](https://github.com/Azure/azure-docs-json-samples/blob/master/application-insights/WindowsVirtualMachine.json)
+ * [Virtual machine scale set](https://github.com/Azure/azure-docs-json-samples/blob/master/application-insights/WindowsVirtualMachineScaleSet.json)
+
+ The key part is the ApplicationInsightsProfilerSink in the WadCfg. To have Azure Diagnostics enable Profiler to send data to your iKey, add another sink to this section.
+
+ ```json
+ "SinksConfig": {
+ "Sink": [
+ {
+ "name": "ApplicationInsightsSink",
+ "ApplicationInsights": "85f73556-b1ba-46de-9534-606e08c6120f"
+ },
+ {
+ "name": "MyApplicationInsightsProfilerSink",
+ "ApplicationInsightsProfiler": "85f73556-b1ba-46de-9534-606e08c6120f"
+ }
+ ]
+ },
+ ```
+
+1. Deploy the modified environment deployment definition.
+
+ Applying the modifications usually involves a full template deployment or a cloud service-based publish through PowerShell cmdlets or Visual Studio.
+
+ The following PowerShell commands are an alternate approach for existing virtual machines that touch only the Azure Diagnostics extension. Add the previously mentioned ProfilerSink to the config that's returned by the Get-AzVMDiagnosticsExtension command. Then pass the updated config to the Set-AzVMDiagnosticsExtension command.
+
+ ```powershell
+ $ConfigFilePath = [IO.Path]::GetTempFileName()
+ # After you export the currently deployed Diagnostics config to a file, edit it to include the ApplicationInsightsProfiler sink.
+ (Get-AzVMDiagnosticsExtension -ResourceGroupName "MyRG" -VMName "MyVM").PublicSettings | Out-File -Verbose $ConfigFilePath
+ # Set-AzVMDiagnosticsExtension might require the -StorageAccountName argument
+ # If your original diagnostics configuration had the storageAccountName property in the protectedSettings section (which is not downloadable), be sure to pass the same original value you had in this cmdlet call.
+ Set-AzVMDiagnosticsExtension -ResourceGroupName "MyRG" -VMName "MyVM" -DiagnosticsConfigurationPath $ConfigFilePath
+ ```
+
+1. If the intended application is running through [IIS](https://www.microsoft.com/web/downloads/platform.aspx), enable the `IIS Http Tracing` Windows feature.
+
+ 1. Establish remote access to the environment, and then use the [Add Windows features](/iis/configuration/system.webserver/tracing/) window. Or run the following command in PowerShell (as administrator):
+
+ ```powershell
+ Enable-WindowsOptionalFeature -FeatureName IIS-HttpTracing -Online -All
+ ```
+
+ 1. If establishing remote access is a problem, you can use the [Azure CLI](/cli/azure/get-started-with-azure-cli) to run the following command:
+
+ ```azurecli
+ az vm run-command invoke -g MyResourceGroupName -n MyVirtualMachineName --command-id RunPowerShellScript --scripts "Enable-WindowsOptionalFeature -FeatureName IIS-HttpTracing -Online -All"
+ ```
+
+1. Deploy your application.
+
+## Set Profiler Sink using Azure Resource Explorer
+
+We don't yet have a way to set the Application Insights Profiler sink from the portal. Instead of using PowerShell as described above, you can use Azure Resource Explorer to set the sink. But note, if you deploy the VM again, the sink will be lost. You'll need to update the config you use when deploying the VM to preserve this setting.
+
+1. Check that the Windows Azure Diagnostics extension is installed by viewing the extensions installed for your virtual machine.
+
+ ![Check if WAD extension is installed][wadextension]
+
+2. Find the VM Diagnostics extension for your VM. Go to [https://resources.azure.com](https://resources.azure.com). Expand your resource group, Microsoft.Compute virtualMachines, virtual machine name, and extensions.
+
+ ![Navigate to WAD config in Azure Resource Explorer][azureresourceexplorer]
+
+3. Add the Application Insights Profiler sink to the SinksConfig node under WadCfg. If you don't already have a SinksConfig section, you may need to add one. Be sure to specify the proper Application Insights iKey in your settings. You'll need to switch the explorers mode to Read/Write in the upper right corner and Press the blue 'Edit' button.
+
+ ![Add Application Insights Profiler Sink][resourceexplorersinksconfig]
+
+4. When you're done editing the config, press 'Put'. If the put is successful, a green check will appear in the middle of the screen.
+
+ ![Send put request to apply changes][resourceexplorerput]
++++++
+## Can Profiler run on on-premises servers?
+We have no plan to support Application Insights Profiler for on-premises servers.
+
+## Next steps
+
+- Generate traffic to your application (for example, launch an [availability test](../app/monitor-web-app-availability.md)). Then, wait 10 to 15 minutes for traces to start to be sent to the Application Insights instance.
+- See [Profiler traces](profiler-overview.md?toc=/azure/azure-monitor/toc.json) in the Azure portal.
+- For help with troubleshooting Profiler issues, see [Profiler troubleshooting](profiler-troubleshooting.md?toc=/azure/azure-monitor/toc.json).
+
+[azureresourceexplorer]: ./media/profiler-vm/azure-resource-explorer.png
+[resourceexplorerput]: ./media/profiler-vm/resource-explorer-put.png
+[resourceexplorersinksconfig]: ./media/profiler-vm/resource-explorer-sinks-config.png
+[wadextension]: ./media/profiler-vm/wad-extension.png
+
azure-monitor Profiler https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/profiler/profiler.md
+
+ Title: Enable Profiler for Azure App Service apps | Microsoft Docs
+description: Profile live apps on Azure App Service with Application Insights Profiler.
+ Last updated : 05/11/2022++
+# Enable Profiler for Azure App Service apps
+
+Application Insights Profiler is pre-installed as part of the App Services runtime. You can run Profiler on ASP.NET and ASP.NET Core apps running on Azure App Service using Basic service tier or higher. Follow these steps even if you've included the App Insights SDK in your application at build time.
+
+To enable Profiler on Linux, walk through the [ASP.NET Core Azure Linux web apps instructions](profiler-aspnetcore-linux.md).
+
+> [!NOTE]
+> Codeless installation of Application Insights Profiler follows the .NET Core support policy.
+> For more information about supported runtime, see [.NET Core Support Policy](https://dotnet.microsoft.com/platform/support/policy/dotnet-core).
++
+## Pre-requisites
+
+- An [Azure App Services ASP.NET/ASP.NET Core app](/app-service/quickstart-dotnetcore.md).
+- [Application Insights resource](../app/create-new-resource.md) connected to your App Service app.
+
+## Verify "Always On" setting is enabled
+
+1. In the Azure portal, navigate to your App Service.
+1. Under **Settings** in the left side menu, select **Configuration**.
+
+ :::image type="content" source="./media/profiler/configuration-menu.png" alt-text="Screenshot of selecting Configuration from the left side menu.":::
+
+1. Select the **General settings** tab.
+1. Verify **Always On** > **On** is selected.
+
+ :::image type="content" source="./media/profiler/always-on.png" alt-text="Screenshot of the General tab on the Configuration pane and showing the Always On being enabled.":::
+
+1. Select **Save** if you've made changes.
+
+## Enable Application Insights and Profiler
+
+1. Under **Settings** in the left side menu, select **Application Insights**.
+
+ :::image type="content" source="./media/profiler/app-insights-menu.png" alt-text="Screenshot of selecting Application Insights from the left side menu.":::
+
+1. Under **Application Insights**, select **Enable**.
+1. Verify you've connected an Application Insights resource to your app.
+
+ :::image type="content" source="./media/profiler/enable-app-insights.png" alt-text="Screenshot of enabling App Insights on your app.":::
+
+1. Scroll down and select the **.NET** or **.NET Core** tab, depending on your app.
+1. Verify **Collection Level** > **Recommended** is selected.
+1. Under **Profiler**, select **On**.
+ - If you chose the **Basic** collection level earlier, the Profiler setting is disabled.
+1. Select **Apply**, then **Yes** to confirm.
+
+ :::image type="content" source="./media/profiler/enable-profiler.png" alt-text="Screenshot of enabling Profiler on your app.":::
+
+## Enable Profiler using app settings
+
+If your Application Insights resource is in a different subscription from your App Service, you'll need to enable Profiler manually by creating app settings for your Azure App Service. You can automate the creation of these settings using a template or other means. The settings needed to enable the profiler:
+
+|App Setting | Value |
+||-|
+|APPINSIGHTS_INSTRUMENTATIONKEY | iKey for your Application Insights resource |
+|APPINSIGHTS_PROFILERFEATURE_VERSION | 1.0.0 |
+|DiagnosticServices_EXTENSION_VERSION | ~3 |
+
+Set these values using:
+- [Azure Resource Manager Templates](../app/azure-web-apps-net-core.md#app-service-application-settings-with-azure-resource-manager)
+- [Azure PowerShell](/powershell/module/az.websites/set-azwebapp)
+- [Azure CLI](/cli/azure/webapp/config/appsettings)
+
+## Enable Profiler for other clouds
+
+Currently the only regions that require endpoint modifications are [Azure Government](../../azure-government/compare-azure-government-global-azure.md#application-insights) and [Azure China](/azure/china/resources-developer-guide).
+
+|App Setting | US Government Cloud | China Cloud |
+|||-|
+|ApplicationInsightsProfilerEndpoint | `https://profiler.monitor.azure.us` | `https://profiler.monitor.azure.cn` |
+|ApplicationInsightsEndpoint | `https://dc.applicationinsights.us` | `https://dc.applicationinsights.azure.cn` |
+
+## Enable Azure Active Directory authentication for profile ingestion
+
+Application Insights Profiler supports Azure AD authentication for profiles ingestion. For all profiles of your application to be ingested, your application must be authenticated and provide the required application settings to the Profiler agent.
+
+Profiler only supports Azure AD authentication when you reference and configure Azure AD using the Application Insights SDK in your application.
+
+To enable Azure AD for profiles ingestion:
+
+1. Create and add the managed identity to authenticate against your Application Insights resource to your App Service.
+
+ a. [System-Assigned Managed identity documentation](../../app-service/overview-managed-identity.md?tabs=portal%2chttp#add-a-system-assigned-identity)
+
+ b. [User-Assigned Managed identity documentation](../../app-service/overview-managed-identity.md?tabs=portal%2chttp#add-a-user-assigned-identity)
+
+1. [Configure and enable Azure AD](../app/azure-ad-authentication.md?tabs=net#configuring-and-enabling-azure-ad-based-authentication) in your Application Insights resource.
+
+1. Add the following application setting to let the Profiler agent know which managed identity to use:
+
+ For System-Assigned Identity:
+
+ |App Setting | Value |
+ ||-|
+ |APPLICATIONINSIGHTS_AUTHENTICATION_STRING | Authorization=AAD |
+
+ For User-Assigned Identity:
+
+ |App Setting | Value |
+ ||-|
+ |APPLICATIONINSIGHTS_AUTHENTICATION_STRING | Authorization=AAD;ClientId={Client id of the User-Assigned Identity} |
+
+## Disable Profiler
+
+To stop or restart Profiler for an individual app's instance:
+
+1. Under **Settings** in the left side menu, select **WebJobs**.
+
+ :::image type="content" source="./media/profiler/web-jobs-menu.png" alt-text="Screenshot of selecting web jobs from the left side menu.":::
+
+1. Select the webjob named `ApplicationInsightsProfiler3`.
+
+1. Click **Stop** from the top menu.
+
+ :::image type="content" source="./media/profiler/stop-web-job.png" alt-text="Screenshot of selecting stop for stopping the webjob.":::
+
+1. Select **Yes** to confirm.
+
+We recommend that you have Profiler enabled on all your apps to discover any performance issues as early as possible.
+
+Profiler's files can be deleted when using WebDeploy to deploy changes to your web application. You can prevent the deletion by excluding the App_Data folder from being deleted during deployment.
+
+## Next steps
+
+* [Working with Application Insights in Visual Studio](../app/visual-studio.md)
azure-netapp-files Azacsnap Installation https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-netapp-files/azacsnap-installation.md
na Previously updated : 02/05/2022 Last updated : 06/01/2022
This section explains how to enable communication with storage. Ensure the stora
# [SAP HANA](#tab/sap-hana)
+> [!IMPORTANT]
+> If deploying to a centralized virtual machine, then it will need to have the SAP HANA client installed and set up so the AzAcSnap user can run `hdbsql` and `hdbuserstore` commands. The SAP HANA Client can downloaded from https://tools.hana.ondemand.com/#hanatools.
+ The snapshot tools communicate with SAP HANA and need a user with appropriate permissions to initiate and release the database save-point. The following example shows the setup of the SAP HANA v2 user and the `hdbuserstore` for communication to the SAP HANA database.
azure-netapp-files Azacsnap Preview https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-netapp-files/azacsnap-preview.md
na Previously updated : 03/07/2022 Last updated : 06/01/2022
The following example commands set up a user (AZACSNAP) in the Oracle database,
1. Copy the ZIP file to the target system (for example, the centralized virtual machine running AzAcSnap).
- > [!NOTE]
+ > [!IMPORTANT]
> If deploying to a centralized virtual machine, then it will need to have the Oracle instant client installed and set up so the AzAcSnap user can > run `sqlplus` commands. The Oracle Instant Client can downloaded from https://www.oracle.com/database/technologies/instant-client/linux-x86-64-downloads.html. > In order for SQL\*Plus to run correctly, download both the required package (for example, Basic Light Package) and the optional SQL\*Plus tools package.
azure-netapp-files Azure Netapp Files Solution Architectures https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-netapp-files/azure-netapp-files-solution-architectures.md
This section provides references to SAP on Azure solutions.
### SAP AnyDB
-* [SAP System on Oracle Database on Azure - Azure Architecture Center](/azure/architecture/example-scenario/apps/sap-on-oracle)
+* [SAP System on Oracle Database on Azure - Azure Architecture Center](/azure/architecture/example-scenario/apps/sap-production)
* [Oracle Azure Virtual Machines DBMS deployment for SAP workload - Azure Virtual Machines](../virtual-machines/workloads/sap/dbms_guide_oracle.md#oracle-configuration-guidelines-for-sap-installations-in-azure-vms-on-linux) * [Deploy SAP AnyDB (Oracle 19c) with Azure NetApp Files](https://techcommunity.microsoft.com/t5/running-sap-applications-on-the/deploy-sap-anydb-oracle-19c-with-azure-netapp-files/ba-p/2064043) * [Manual Recovery Guide for SAP Oracle 19c on Azure VMs from Azure NetApp Files snapshot with AzAcSnap](https://techcommunity.microsoft.com/t5/running-sap-applications-on-the/manual-recovery-guide-for-sap-oracle-19c-on-azure-vms-from-azure/ba-p/3242408)
azure-resource-manager Tutorial Custom Providers Function Authoring https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-resource-manager/custom-providers/tutorial-custom-providers-function-authoring.md
Title: Author a RESTful endpoint
description: This tutorial shows how to author a RESTful endpoint for custom providers. It details how to handle requests and responses for the supported RESTful HTTP methods. Previously updated : 01/13/2021 Last updated : 05/06/2022
In this tutorial, you update the function app to work as a RESTful endpoint for
- **POST**: Trigger an action - **GET (collection)**: List all existing resources
- For this tutorial, you use Azure Table storage. But any database or storage service can work.
+ For this tutorial, you use Azure Table storage, but any database or storage service works.
## Partition custom resources in storage
The following example shows an `x-ms-customproviders-requestpath` header for a c
X-MS-CustomProviders-RequestPath: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.CustomProviders/resourceProviders/{resourceProviderName}/{myResourceType}/{myResourceName} ```
-Based on the example's `x-ms-customproviders-requestpath` header, you can create the *partitionKey* and *rowKey* parameters for your storage as shown in the following table:
+Based on the `x-ms-customproviders-requestpath` header, you can create the *partitionKey* and *rowKey* parameters for your storage as shown in the following table:
Parameter | Template | Description ||
public class CustomResource : ITableEntity
public ETag ETag { get; set; } } ```+ **CustomResource** is a simple, generic class that accepts any input data. It's based on **ITableEntity**, which is used to store data. The **CustomResource** class implements all properties from interface **ITableEntity**: **timestamp**, **eTag**, **partitionKey**, and **rowKey**. ## Support custom provider RESTful methods
public static async Task<HttpResponseMessage> TriggerCustomAction(HttpRequestMes
} ```
-The **TriggerCustomAction** method accepts an incoming request and simply echoes back the response with a status code.
+The **TriggerCustomAction** method accepts an incoming request and echoes back the response with a status code.
### Create a custom resource
public static async Task<HttpResponseMessage> CreateCustomResource(HttpRequestMe
} ```
-The **CreateCustomResource** method updates the incoming request to include the Azure-specific fields **id**, **name**, and **type**. These fields are top-level properties used by services across Azure. They let the custom provider interoperate with other services like Azure Policy, Azure Resource Manager Templates, and Azure Activity Log.
+The **CreateCustomResource** method updates the incoming request to include the Azure-specific fields **id**, **name**, and **type**. These fields are top-level properties used by services across Azure. They let the custom provider interoperate with other services like Azure Policy, Azure Resource Manager templates, and Azure Activity Log.
Property | Example | Description ||
azure-resource-manager Tutorial Resource Onboarding https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-resource-manager/custom-providers/tutorial-resource-onboarding.md
Title: Tutorial - resource onboarding
+ Title: Extend resources with custom providers
description: Resource onboarding through custom providers allows you to manipulate and extend existing Azure resources. Previously updated : 09/17/2019 Last updated : 05/06/2022
-# Tutorial: Resource onboarding with Azure Custom Providers
+# Extend resources with custom providers
-In this tutorial, you'll deploy to Azure a custom resource provider that extends the Azure Resource Manager API with the Microsoft.CustomProviders/associations resource type. The tutorial shows how to extend existing resources that are outside the resource group where the custom provider instance is located. In this tutorial, the custom resource provider is powered by an Azure logic app, but you can use any public API endpoint.
+In this tutorial, you deploy a custom resource provider to Azure that extends the Azure Resource Manager API with the Microsoft.CustomProviders/associations resource type. The tutorial shows how to extend existing resources that are outside the resource group where the custom provider instance is located. In this tutorial, the custom resource provider is powered by an Azure logic app, but you can use any public API endpoint.
## Prerequisites
-To complete this tutorial, you need to know:
+To complete this tutorial, make sure you review the following:
* The capabilities of [Azure Custom Providers](overview.md). * Basic information about [resource onboarding with custom providers](concepts-resource-onboarding.md). ## Get started with resource onboarding
-In this tutorial, there are two pieces that need to be deployed: the custom provider and the association. To make the process easier, you can optionally use a single template that deploys both.
+In this tutorial, there are two pieces that need to be deployed: **the custom provider** and **the association**. To make the process easier, you can optionally use a single template that deploys both.
The template will use these resources:
-* Microsoft.CustomProviders/resourceProviders
-* Microsoft.Logic/workflows
-* Microsoft.CustomProviders/associations
+* [Microsoft.CustomProviders/resourceProviders](/azure/templates/microsoft.customproviders/resourcproviders)
+* [Microsoft.Logic/workflows](/azure/templates/microsoft.logic/workflows)
+* [Microsoft.CustomProviders/associations](/azure/templates/microsoft.customproviders/associations)
```json {
- "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0", "parameters": { "location": {
The template will use these resources:
"resources": [ { "type": "Microsoft.Resources/deployments",
- "apiVersion": "2017-05-10",
+ "apiVersion": "2021-04-01",
"condition": "[empty(parameters('customResourceProviderId'))]", "name": "customProviderInfrastructureTemplate", "properties": {
The template will use these resources:
"resources": [ { "type": "Microsoft.Logic/workflows",
- "apiVersion": "2017-07-01",
+ "apiVersion": "2019-05-01",
"name": "[parameters('logicAppName')]", "location": "[parameters('location')]", "properties": {
The template will use these resources:
"name": "associations", "mode": "Secure", "routingType": "Webhook,Cache,Extension",
- "endpoint": "[[listCallbackURL(concat(resourceId('Microsoft.Logic/workflows', parameters('logicAppName')), '/triggers/CustomProviderWebhook'), '2017-07-01').value]"
+ "endpoint": "[[listCallbackURL(concat(resourceId('Microsoft.Logic/workflows', parameters('logicAppName')), '/triggers/CustomProviderWebhook'), '2019-05-01').value]"
} ] }
The template will use these resources:
The first part of the template deploys the custom provider infrastructure. This infrastructure defines the effect of the associations resource. If you're not familiar with custom providers, see [Custom provider basics](overview.md).
-Let's deploy the custom provider infrastructure. Either copy, save, and deploy the preceding template, or follow along and deploy the infrastructure by using the Azure portal.
+Let's deploy the custom provider infrastructure. Either copy, save, and deploy the preceding template, or follow along and deploy the infrastructure using the Azure portal.
1. Go to the [Azure portal](https://portal.azure.com).
Let's deploy the custom provider infrastructure. Either copy, save, and deploy t
![Select Add](media/tutorial-resource-onboarding/templatesadd.png)
-4. Under **General**, enter a **Name** and **Description** for the new template:
+4. Under **General**, enter a *Name* and *Description* for the new template:
![Template name and description](media/tutorial-resource-onboarding/templatesdescription.png)
Let's deploy the custom provider infrastructure. Either copy, save, and deploy t
After you have the custom provider infrastructure set up, you can easily deploy more associations. The resource group for additional associations doesn't have to be the same as the resource group where you deployed the custom provider infrastructure. To create an association, you need to have Microsoft.CustomProviders/resourceproviders/write permissions on the specified Custom Resource Provider ID.
-1. Go to the custom provider **Microsoft.CustomProviders/resourceProviders** resource in the resource group of the previous deployment. You'll need to select the **Show hidden types** check box:
+1. Go to the custom provider **Microsoft.CustomProviders/resourceProviders** resource in the resource group of the previous deployment. You need to select the **Show hidden types** check box:
![Go to the resource](media/tutorial-resource-onboarding/showhidden.png) 2. Copy the Resource ID property of the custom provider.
-3. Search for **templates** in **All Services** or by using the main search box:
+3. Search for *templates* in **All Services** or by using the main search box:
![Search for templates](media/tutorial-resource-onboarding/templates.png)
After you have the custom provider infrastructure set up, you can easily deploy
![New associations resource](media/tutorial-resource-onboarding/createdassociationresource.png)
-If you want, you can go back to the logic app **Run history** and see that another call was made to the logic app. You can update the logic app to augment additional functionality for each created association.
+You can go back to the logic app **Run history** and see that another call was made to the logic app. You can update the logic app to augment additional functionality for each created association.
-## Getting help
+## Next steps
-If you have questions about Azure Custom Providers, try asking them on [Stack Overflow](https://stackoverflow.com/questions/tagged/azure-custom-providers). A similar question might have already been answered, so check first before posting. Add the tag `azure-custom-providers` to get a fast response!
+In this article, you deployed a custom resource provider to Azure that extends the Azure Resource Manager API with the Microsoft.CustomProviders/associates resource type. To continue learning about custom providers, see:
+* [Deploy associations for a custom provider using Azure Policy](./concepts-built-in-policy.md)
+* [Azure Custom Providers resource onboarding overview](./concepts-resource-onboarding.md)
azure-signalr Signalr Concept Performance https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-signalr/signalr-concept-performance.md
One of the key benefits of using Azure SignalR Service is the ease of scaling Si
In this guide, we'll introduce the factors that affect SignalR application performance. We'll describe typical performance in different use-case scenarios. In the end, we'll introduce the environment and tools that you can use to generate a performance report.
+## Quick evaluation using metrics
+ Before going through the factors that impact the performance, let's first introduce an easy way to monitor the pressure of your service. There's a metrics called **Server Load** on the Portal.
+
+ <kbd>![Screenshot of the Server Load metric of Azure SignalR on Portal. The metrics shows Server Load is at about 8 percent usage. ](./media/signalr-concept-performance/server-load.png "Server Load")</kbd>
++
+ It shows the computing pressure of your SignalR service. You could test on your own scenario and check this metrics to decide whether to scale up. The latency inside SignalR service would remain low if the Server Load is below 70%.
+
+> [!NOTE]
+> If you are using unit 50 or unit 100 **and** your scenario is mainly sending to small groups (group size <100) or single connection, you need to check [sending to small group](#small-group) or [sending to connection](#send-to-connection) for reference. In those scenarios there is large routing cost which is not included in the Server Load.
+
+ Below are detailed concepts for evaluating performance.
+ ## Term definitions *Inbound*: The incoming message to Azure SignalR Service.
azure-video-indexer Customize Person Model With Website https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-video-indexer/customize-person-model-with-website.md
You can add more faces to the person by selecting **Add images**.
Select the image you wish to delete and click **Delete**.
-#### Rename and delete the person
+#### Rename and delete a person
You can use the manage pane to rename the person and to delete the person from the Person model.
To delete a detected face in your video, go to the Insights pane and select the
The person, if they had been named, will also continue to exist in the Person model that was used to index the video from which you deleted the face unless you specifically delete the person from the Person model.
+## Optimize the ability of your model to recognize a person
+
+To optimize your model ability to recognize the person, upload as many different images as possible and from different angles. To get optimal results, use high resolution images.
+ ## Next steps [Customize Person model using APIs](customize-person-model-with-api.md)
azure-vmware Tutorial Configure Networking https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-vmware/tutorial-configure-networking.md
Title: Tutorial - Configure networking for your VMware private cloud in Azure
description: Learn to create and configure the networking needed to deploy your private cloud in Azure Previously updated : 07/30/2021 Last updated : 05/31/2022
In this tutorial, you learn how to:
## Connect with the Azure vNet connect feature
-You can use the **Azure vNet connect** feature to use an existing vNet or create a new vNet to connect to Azure VMware Solution.
+You can use the **Azure vNet connect** feature to use an existing vNet or create a new vNet to connect to Azure VMware Solution. **Azure vNet connect** is a function to configure vNet connectivity, it does not record configuration state; browse the Azure portal to check what settings have been configured.
>[!NOTE] >Address space in the vNet cannot overlap with the Azure VMware Solution private cloud CIDR.
Before selecting an existing vNet, there are specific requirements that must be
1. In the same region as Azure VMware Solution private cloud. 1. In the same resource group as Azure VMware Solution private cloud. 1. vNet must contain an address space that doesn't overlap with Azure VMware Solution.
+1. Validate solution design is within Azure VMware Solution limits (https://docs.microsoft.com/azure/azure-resource-manager/management/azure-subscription-service-limits).
### Select an existing vNet
azure-web-pubsub Tutorial Serverless Iot https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-web-pubsub/tutorial-serverless-iot.md
+
+ Title: Tutorial - Visualize IoT device data from IoT Hub using Azure Web PubSub service and Azure Functions
+description: A tutorial to walk through how to use Azure Web PubSub service and Azure Functions to monitor device data from IoT Hub.
++++ Last updated : 06/01/2022++
+# Tutorial: Visualize IoT device data from IoT Hub using Azure Web PubSub service and Azure Functions
+
+In this tutorial, you learn how to use Azure Web PubSub service and Azure Functions to build a serverless application with real-time data visualization from IoT Hub.
+
+In this tutorial, you learn how to:
+
+> [!div class="checklist"]
+> * Build a serverless data visualization app
+> * Work together with Web PubSub function input and output bindings and Azure IoT hub
+> * Run the sample functions locally
+
+## Prerequisites
+
+# [JavaScript](#tab/javascript)
+
+* A code editor, such as [Visual Studio Code](https://code.visualstudio.com/)
+
+* [Node.js](https://nodejs.org/en/download/), version 10.x.
+ > [!NOTE]
+ > For more information about the supported versions of Node.js, see [Azure Functions runtime versions documentation](../azure-functions/functions-versions.md#languages).
+
+* [Azure Functions Core Tools](https://github.com/Azure/azure-functions-core-tools#installing) (v3 or higher preferred) to run Azure Function apps locally and deploy to Azure.
+
+* The [Azure CLI](/cli/azure) to manage Azure resources.
+++++
+## Create a Web PubSub instance
+If you already have a Web PubSub instance in your Azure subscription, you can skip this section.
+++
+## Create and run the functions locally
+
+1. Make sure you have [Azure Functions Core Tools](https://github.com/Azure/azure-functions-core-tools#installing) installed. And then create an empty directory for the project. Run command under this working directory.
+
+ # [JavaScript](#tab/javascript)
+ ```bash
+ func init --worker-runtime javascript
+ ```
+
+
+2. Update `host.json`'s `extensionBundle` to version larger than _3.3.0_ which contains Web PubSub support.
+
+```json
+{
+ "version": "2.0",
+ "extensionBundle": {
+ "id": "Microsoft.Azure.Functions.ExtensionBundle",
+ "version": "[3.3.*, 4.0.0)"
+ }
+}
+```
+
+3. Create an `index` function to read and host a static web page for clients.
+ ```bash
+ func new -n index -t HttpTrigger
+ ```
+ # [JavaScript](#tab/javascript)
+ - Update `index/index.js` with following code that serve the html content as a static site.
+ ```js
+ var fs = require("fs");
+ var path = require("path");
+
+ module.exports = function (context, req) {
+ let index = path.join(
+ context.executionContext.functionDirectory,
+ "https://docsupdatetracker.net/index.html"
+ );
+ fs.readFile(index, "utf8", function (err, data) {
+ if (err) {
+ console.log(err);
+ context.done(err);
+ return;
+ }
+ context.res = {
+ status: 200,
+ headers: {
+ "Content-Type": "text/html",
+ },
+ body: data,
+ };
+ context.done();
+ });
+ };
+
+ ```
+
+4. Create this _https://docsupdatetracker.net/index.html_ file under the same folder as file _index.js_:
+
+ ```html
+ <!doctype html>
+
+ <html lang="en">
+
+ <head>
+ <!-- Required meta tags -->
+ <meta charset="utf-8">
+ <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
+ <script src="https://cdn.jsdelivr.net/npm/chart.js@2.8.0/dist/Chart.min.js" type="text/javascript"
+ charset="utf-8"></script>
+ <script>
+ document.addEventListener("DOMContentLoaded", async function (event) {
+ const res = await fetch(`/api/negotiate?id=${1}`);
+ const data = await res.json();
+ const webSocket = new WebSocket(data.url);
+
+ class TrackedDevices {
+ constructor() {
+ // key as the deviceId, value as the temperature array
+ this.devices = new Map();
+ this.maxLen = 50;
+ this.timeData = new Array(this.maxLen);
+ }
+
+ // Find a device temperature based on its Id
+ findDevice(deviceId) {
+ return this.devices.get(deviceId);
+ }
+
+ addData(time, temperature, deviceId, dataSet, options) {
+ let containsDeviceId = false;
+ this.timeData.push(time);
+ for (const [key, value] of this.devices) {
+ if (key === deviceId) {
+ containsDeviceId = true;
+ value.push(temperature);
+ } else {
+ value.push(null);
+ }
+ }
+
+ if (!containsDeviceId) {
+ const data = getRandomDataSet(deviceId, 0);
+ let temperatures = new Array(this.maxLen);
+ temperatures.push(temperature);
+ this.devices.set(deviceId, temperatures);
+ data.data = temperatures;
+ dataSet.push(data);
+ }
+
+ if (this.timeData.length > this.maxLen) {
+ this.timeData.shift();
+ this.devices.forEach((value, key) => {
+ value.shift();
+ })
+ }
+ }
+
+ getDevicesCount() {
+ return this.devices.size;
+ }
+ }
+
+ const trackedDevices = new TrackedDevices();
+ function getRandom(max) {
+ return Math.floor((Math.random() * max) + 1)
+ }
+ function getRandomDataSet(id, axisId) {
+ return getDataSet(id, axisId, getRandom(255), getRandom(255), getRandom(255));
+ }
+ function getDataSet(id, axisId, r, g, b) {
+ return {
+ fill: false,
+ label: id,
+ yAxisID: axisId,
+ borderColor: `rgba(${r}, ${g}, ${b}, 1)`,
+ pointBoarderColor: `rgba(${r}, ${g}, ${b}, 1)`,
+ backgroundColor: `rgba(${r}, ${g}, ${b}, 0.4)`,
+ pointHoverBackgroundColor: `rgba(${r}, ${g}, ${b}, 1)`,
+ pointHoverBorderColor: `rgba(${r}, ${g}, ${b}, 1)`,
+ spanGaps: true,
+ };
+ }
+
+ function getYAxy(id, display) {
+ return {
+ id: id,
+ type: "linear",
+ scaleLabel: {
+ labelString: display || id,
+ display: true,
+ },
+ position: "left",
+ };
+ }
+
+ // Define the chart axes
+ const chartData = { datasets: [], };
+
+ // Temperature (┬║C), id as 0
+ const chartOptions = {
+ responsive: true,
+ animation: {
+ duration: 250 * 1.5,
+ easing: 'linear'
+ },
+ scales: {
+ yAxes: [
+ getYAxy(0, "Temperature (┬║C)"),
+ ],
+ },
+ };
+ // Get the context of the canvas element we want to select
+ const ctx = document.getElementById("chart").getContext("2d");
+
+ chartData.labels = trackedDevices.timeData;
+ const chart = new Chart(ctx, {
+ type: "line",
+ data: chartData,
+ options: chartOptions,
+ });
+
+ webSocket.onmessage = function onMessage(message) {
+ try {
+ const messageData = JSON.parse(message.data);
+ console.log(messageData);
+
+ // time and either temperature or humidity are required
+ if (!messageData.MessageDate ||
+ !messageData.IotData.temperature) {
+ return;
+ }
+ trackedDevices.addData(messageData.MessageDate, messageData.IotData.temperature, messageData.DeviceId, chartData.datasets, chartOptions.scales);
+ const numDevices = trackedDevices.getDevicesCount();
+ document.getElementById("deviceCount").innerText =
+ numDevices === 1 ? `${numDevices} device` : `${numDevices} devices`;
+ chart.update();
+ } catch (err) {
+ console.error(err);
+ }
+ };
+ });
+ </script>
+ <style>
+ body {
+ font: 14px "Lucida Grande", Helvetica, Arial, sans-serif;
+ padding: 50px;
+ margin: 0;
+ text-align: center;
+ }
+
+ .flexHeader {
+ display: flex;
+ flex-direction: row;
+ flex-wrap: nowrap;
+ justify-content: space-between;
+ }
+
+ #charts {
+ display: flex;
+ flex-direction: row;
+ flex-wrap: wrap;
+ justify-content: space-around;
+ align-content: stretch;
+ }
+
+ .chartContainer {
+ flex: 1;
+ flex-basis: 40%;
+ min-width: 30%;
+ max-width: 100%;
+ }
+
+ a {
+ color: #00B7FF;
+ }
+ </style>
+
+ <title>Temperature Real-time Data</title>
+ </head>
+
+ <body>
+ <h1 class="flexHeader">
+ <span>Temperature Real-time Data</span>
+ <span id="deviceCount">0 devices</span>
+ </h1>
+ <div id="charts">
+ <canvas id="chart"></canvas>
+ </div>
+ </body>
+
+ </html>
+ ```
+
+5. Create a `negotiate` function to help clients get service connection url with access token.
+ ```bash
+ func new -n negotiate -t HttpTrigger
+ ```
+ # [JavaScript](#tab/javascript)
+ - Update `negotiate/function.json` to include input binding [`WebPubSubConnection`](reference-functions-bindings.md#input-binding), with the following json codes.
+ ```json
+ {
+ "bindings": [
+ {
+ "authLevel": "anonymous",
+ "type": "httpTrigger",
+ "direction": "in",
+ "name": "req"
+ },
+ {
+ "type": "http",
+ "direction": "out",
+ "name": "res"
+ },
+ {
+ "type": "webPubSubConnection",
+ "name": "connection",
+ "hub": "%hubName%",
+ "direction": "in"
+ }
+ ]
+ }
+ ```
+ - Update `negotiate/index.js` and to return the `connection` binding which contains the generated token.
+ ```js
+ module.exports = function (context, req, connection) {
+ // Add your own auth logic here
+ context.res = { body: connection };
+ context.done();
+ };
+ ```
+
+6. Create a `messagehandler` function to generate notifications with template `"IoT Hub (Event Hub)"`.
+ ```bash
+ func new --template "IoT Hub (Event Hub)" --name messagehandler
+ ```
+ # [JavaScript](#tab/javascript)
+ - Update _messagehandler/function.json_ to add [Web PubSub output binding](reference-functions-bindings.md#output-binding) with the following json code. Please note that we use variable `%hubName%` as the hub name for both IoT eventHubName and Web PubSub hub.
+ ```json
+ {
+ "bindings": [
+ {
+ "type": "eventHubTrigger",
+ "name": "IoTHubMessages",
+ "direction": "in",
+ "eventHubName": "%hubName%",
+ "connection": "IOTHUBConnectionString",
+ "cardinality": "many",
+ "consumerGroup": "$Default",
+ "dataType": "string"
+ },
+ {
+ "type": "webPubSub",
+ "name": "actions",
+ "hub": "%hubName%",
+ "direction": "out"
+ }
+ ]
+ }
+ ```
+ - Update `messagehandler/index.js` with the following code. It sends every message from IoT hub to every client connected to Web PubSub service using Web PubSub output bindings.
+ ```js
+ module.exports = function (context, IoTHubMessages) {
+ IoTHubMessages.forEach((message) => {
+ const deviceMessage = JSON.parse(message);
+ context.log(`Processed message: ${message}`);
+ context.bindings.actions = {
+ actionName: "sendToAll",
+ data: JSON.stringify({
+ IotData: deviceMessage,
+ MessageDate: deviceMessage.date || new Date().toISOString(),
+ DeviceId: deviceMessage.deviceId,
+ }),
+ };
+ });
+
+ context.done();
+ };
+ ```
+
+7. Update the Function settings
+
+ 1. Add `hubName` setting and replace `{YourIoTHubName}` with the hub name you used when creating your IoT Hub:
+
+ ```bash
+ func settings add hubName "{YourIoTHubName}"
+ ```
+
+ 2. Get the **Service Connection String** for IoT Hub using below CLI command:
+
+ ```azcli
+ az iot hub connection-string show --policy-name service --hub-name {YourIoTHubName} --output table --default-eventhub
+ ```
+
+ And set `IOTHubConnectionString` using below command, replacing `<iot-connection-string>` with the value:
+
+ ```bash
+ func settings add IOTHubConnectionString "<iot-connection-string>"
+ ```
+
+ 3. Get the **Connection String** for Web PubSub using below CLI command:
+
+ ```azcli
+ az webpubsub key show --name "<your-unique-resource-name>" --resource-group "<your-resource-group>" --query primaryConnectionString
+ ```
+
+ And set `WebPubSubConnectionString` using below command, replacing `<webpubsub-connection-string>` with the value:
+
+ ```bash
+ func settings add WebPubSubConnectionString "<webpubsub-connection-string>"
+ ```
+
+ > [!NOTE]
+ > `IoT Hub (Event Hub)` Function trigger used in the sample has dependency on Azure Storage, but you can use local storage emulator when the Function is running locally. If you got some error like `There was an error performing a read operation on the Blob Storage Secret Repository. Please ensure the 'AzureWebJobsStorage' connection string is valid.`, you'll need to download and enable [Storage Emulator](../storage/common/storage-use-emulator.md).
+
+8. Run the function locally
+
+ Now you're able to run your local function by command below.
+
+ ```bash
+ func start
+ ```
+
+ And checking the running logs, you can visit your local host static page by visiting: `https://localhost:7071/api/index`.
+
+## Run the device to send data
+
+### Register a device
+
+A device must be registered with your IoT hub before it can connect.
+
+If you already have a device registered in your IoT hub, you can skip this section.
+
+1. Run the [az iot hub device-identity create](/cli/azure/iot/hub/device-identity#az-iot-hub-device-identity-create) command in Azure Cloud Shell to create the device identity.
+
+ **YourIoTHubName**: Replace this placeholder below with the name you chose for your IoT hub.
+
+ ```azurecli-interactive
+ az iot hub device-identity create --hub-name {YourIoTHubName} --device-id simDevice
+ ```
+
+2. Run the [az iot hub device-identity connection-string show](/cli/azure/iot/hub/device-identity/connection-string#az-iot-hub-device-identity-connection-string-show) command in Azure Cloud Shell to get the _device connection string_ for the device you just registered:
+
+ **YourIoTHubName**: Replace this placeholder below with the name you chose for your IoT hub.
+
+ ```azurecli-interactive
+ az iot hub device-identity connection-string show --hub-name {YourIoTHubName} --device-id simDevice --output table
+ ```
+
+ Make a note of the device connection string, which looks like:
+
+ `HostName={YourIoTHubName}.azure-devices.net;DeviceId=simDevice;SharedAccessKey={YourSharedAccessKey}`
+
+- For quickest results, simulate temperature data using the [Raspberry Pi Azure IoT Online Simulator](https://azure-samples.github.io/raspberry-pi-web-simulator/#Getstarted). Paste in the **device connection string**, and select the **Run** button.
+
+- If you have a physical Raspberry Pi and BME280 sensor, you may measure and report real temperature and humidity values by following the [Connect Raspberry Pi to Azure IoT Hub (Node.js)](/azure/iot-hub/iot-hub-raspberry-pi-kit-node-get-started) tutorial.
+
+## Run the visualization website
+Open function host index page: `http://localhost:7071/api/index` to view the real-time dashboard. Register multiple devices and you can see the dashboard updates multiple devices in real-time. Open multiple browsers and you can see every page are updated in real-time.
++
+## Clean up resources
++
+## Next steps
+
+In this quickstart, you learned how to run a serverless chat application. Now, you could start to build your own application.
+
+> [!div class="nextstepaction"]
+> [Tutorial: Create a simple chatroom with Azure Web PubSub](https://azure.github.io/azure-webpubsub/getting-started/create-a-chat-app/js-handle-events)
+
+> [!div class="nextstepaction"]
+> [Azure Web PubSub bindings for Azure Functions](https://azure.github.io/azure-webpubsub/references/functions-bindings)
+
+> [!div class="nextstepaction"]
+> [Explore more Azure Web PubSub samples](https://github.com/Azure/azure-webpubsub/tree/main/samples)
backup Backup Azure Manage Vms https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-manage-vms.md
In the Azure portal, the Recovery Services vault dashboard provides access to va
You can manage backups by using the dashboard and by drilling down to individual VMs. To begin machine backups, open the vault on the dashboard:
-![Full dashboard view with slider](./media/backup-azure-manage-vms/bottom-slider.png)
[!INCLUDE [backup-center.md](../../includes/backup-center.md)]
To view VMs on the vault dashboard:
1. Sign in to the [Azure portal](https://portal.azure.com/). 1. On the left menu, select **All services**.
- ![Select All services](./media/backup-azure-manage-vms/select-all-services.png)
+ :::image type="content" source="./media/backup-azure-manage-vms/select-all-services.png" alt-text="Screenshot showing to select All services.":::
1. In the **All services** dialog box, enter *Recovery Services*. The list of resources filters according to your input. In the list of resources, select **Recovery Services vaults**.
- ![Enter and choose Recovery Services vaults](./media/backup-azure-manage-vms/all-services.png)
+ :::image type="content" source="./media/backup-azure-manage-vms/all-services.png" alt-text="Screenshot showing to enter and choose Recovery Services vaults.":::
The list of Recovery Services vaults in the subscription appears. 1. For ease of use, select the pin icon next to your vault name and select **Pin to dashboard**. 1. Open the vault dashboard.
- ![Open the vault dashboard and Settings pane](./media/backup-azure-manage-vms/full-view-rs-vault.png)
+ :::image type="content" source="./media/backup-azure-manage-vms/full-view-rs-vault.png" alt-text="Screenshot showing to open the vault dashboard and Settings pane.":::
1. On the **Backup Items** tile, select **Azure Virtual Machine**.
- ![Open the Backup Items tile](./media/backup-azure-manage-vms/azure-virtual-machine.png)
+ :::image type="content" source="./media/backup-azure-manage-vms/azure-virtual-machine.png" alt-text="Screenshot showing to open the Backup Items tile.":::
1. On the **Backup Items** pane, you can view the list of protected VMs. In this example, the vault protects one virtual machine: *myVMR1*.
- ![View the Backup Items pane](./media/backup-azure-manage-vms/backup-items-blade-select-item.png)
+ :::image type="content" source="./media/backup-azure-manage-vms/backup-items-blade-select-item.png" alt-text="Screenshot showing to view the Backup Items pane.":::
1. From the vault item's dashboard, you can modify backup policies, run an on-demand backup, stop or resume protection of VMs, delete backup data, view restore points, and run a restore.
- ![The Backup Items dashboard and the Settings pane](./media/backup-azure-manage-vms/item-dashboard-settings.png)
+ :::image type="content" source="./media/backup-azure-manage-vms/item-dashboard-settings.png" alt-text="Screenshot showing the Backup Items dashboard and the Settings pane.":::
## Manage backup policy for a VM
To manage a backup policy:
1. Sign in to the [Azure portal](https://portal.azure.com/). Open the vault dashboard. 2. On the **Backup Items** tile, select **Azure Virtual Machine**.
- ![Open the Backup Items tile](./media/backup-azure-manage-vms/azure-virtual-machine.png)
+ :::image type="content" source="./media/backup-azure-manage-vms/azure-virtual-machine.png" alt-text="Screenshot showing to open the Backup Items tile.":::
3. On the **Backup Items** pane, you can view the list of protected VMs and last backup status with latest restore points time.
- ![View the Backup Items pane](./media/backup-azure-manage-vms/backup-items-blade-select-item.png)
+ :::image type="content" source="./media/backup-azure-manage-vms/backup-items-blade-select-item.png" alt-text="Screenshot showing to view the Backup Items pane.":::
4. From the vault item's dashboard, you can select a backup policy. * To switch policies, select a different policy and then select **Save**. The new policy is immediately applied to the vault.
- ![Choose a backup policy](./media/backup-azure-manage-vms/backup-policy-create-new.png)
+ :::image type="content" source="./media/backup-azure-manage-vms/backup-policy-create-new.png" alt-text="Screenshot showing to choose a backup policy.":::
## Run an on-demand backup
To trigger an on-demand backup:
1. On the [vault item dashboard](#view-vms-on-the-dashboard), under **Protected Item**, select **Backup Item**.
- ![The Backup now option](./media/backup-azure-manage-vms/backup-now-button.png)
+ :::image type="content" source="./media/backup-azure-manage-vms/backup-now-button.png" alt-text="Screenshot showing the Backup now option.":::
2. From **Backup Management Type**, select **Azure Virtual Machine**. The **Backup Item (Azure Virtual Machine)** pane appears. 3. Select a VM and select **Backup Now** to create an on-demand backup. The **Backup Now** pane appears. 4. In the **Retain Backup Till** field, specify a date for the backup to be retained.
- ![The Backup Now calendar](./media/backup-azure-manage-vms/backup-now-check.png)
+ :::image type="content" source="./media/backup-azure-manage-vms/backup-now-check.png" alt-text="Screenshot showing the Backup Now calendar.":::
5. Select **OK** to run the backup job.
To stop protection and retain data of a VM:
1. On the [vault item's dashboard](#view-vms-on-the-dashboard), select **Stop backup**. 2. Choose **Retain Backup Data**, and confirm your selection as needed. Add a comment if you want. If you aren't sure of the item's name, hover over the exclamation mark to view the name.
- ![Retain Backup data](./media/backup-azure-manage-vms/retain-backup-data.png)
+ :::image type="content" source="./media/backup-azure-manage-vms/retain-backup-data.png" alt-text="Screenshot showing to retain Backup data.":::
A notification lets you know that the backup jobs have been stopped.
To stop protection and delete data of a VM:
1. On the [vault item's dashboard](#view-vms-on-the-dashboard), select **Stop backup**. 2. Choose **Delete Backup Data**, and confirm your selection as needed. Enter the name of the backup item and add a comment if you want.
- ![Delete backup data](./media/backup-azure-manage-vms/delete-backup-data.png)
+ :::image type="content" source="./media/backup-azure-manage-vms/delete-backup-data.png" alt-text="Screenshot showing to delete backup data.":::
> [!NOTE] > After completing the delete operation the backed up data will be retained for 14 days in the [soft deleted state](./soft-delete-virtual-machines.md). <br>In addition, you can also [enable or disable soft delete](./backup-azure-security-feature-cloud.md#enabling-and-disabling-soft-delete).
To resume protection for a VM:
2. Follow the steps in [Manage backup policies](#manage-backup-policy-for-a-vm) to assign the policy for the VM. You don't need to choose the VM's initial protection policy. 3. After you apply the backup policy to the VM, you see the following message:
- ![Message indicating a successfully protected VM](./media/backup-azure-manage-vms/success-message.png)
+ :::image type="content" source="./media/backup-azure-manage-vms/success-message.png" alt-text="Screenshot showing message indicating a successfully protected VM.":::
## Delete backup data
There are two ways to delete a VM's backup data:
* From the vault item dashboard, select Stop backup and follow the instructions for [Stop protection and delete backup data](#stop-protection-and-delete-backup-data) option.
- ![Select Stop backup](./media/backup-azure-manage-vms/stop-backup-button.png)
+ :::image type="content" source="./media/backup-azure-manage-vms/stop-backup-button.png" alt-text="Screenshot showing to select Stop backup.":::
* From the vault item dashboard, select Delete backup data. This option is enabled if you had chosen to [Stop protection and retain backup data](#stop-protection-and-retain-backup-data) option during stop VM protection.
- ![Select Delete backup](./media/backup-azure-manage-vms/delete-backup-button.png)
+ :::image type="content" source="./media/backup-azure-manage-vms/delete-backup-button.png" alt-text="Screenshot showing to select Delete backup.":::
* On the [vault item dashboard](#view-vms-on-the-dashboard), select **Delete backup data**. * Type the name of the backup item to confirm that you want to delete the recovery points.
- ![Delete backup data](./media/backup-azure-manage-vms/delete-backup-data.png)
+ :::image type="content" source="./media/backup-azure-manage-vms/delete-backup-data.png" alt-text="Screenshot showing to delete backup data.":::
* To delete the backup data for the item, select **Delete**. A notification message lets you know that the backup data has been deleted.
cloud-services-extended-support Swap Cloud Service https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cloud-services-extended-support/swap-cloud-service.md
To save compute costs, you can delete one of the cloud services (designated as a
## REST API
-To use the [REST API](/rest/api/compute/load-balancers/swap-public-ip-addresses) to swap to a new cloud services deployment in Azure Cloud Services (extended support), use the following command and JSON configuration:
+To use the [REST API](/rest/api/load-balancer/load-balancers/swap-public-ip-addresses) to swap to a new cloud services deployment in Azure Cloud Services (extended support), use the following command and JSON configuration:
```http POST https://management.azure.com/subscriptions/subid/providers/Microsoft.Network/locations/westus/setLoadBalancerFrontendPublicIpAddresses?api-version=2021-02-01
cognitive-services Language Support https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cognitive-services/Speech-Service/language-support.md
The following neural voices are in public preview.
| Language | Locale | Gender | Voice name | Style support | |-||--|-||
-| English (United Kingdom) | `en-GB` | Female | `en-GB-AbbiNeural` <sup>New</sup> | General |
-| English (United Kingdom) | `en-GB` | Female | `en-GB-BellaNeural` <sup>New</sup> | General |
-| English (United Kingdom) | `en-GB` | Female | `en-GB-HollieNeural` <sup>New</sup> | General |
-| English (United Kingdom) | `en-GB` | Female | `en-GB-OliviaNeural` <sup>New</sup> | General |
-| English (United Kingdom) | `en-GB` | Female | `en-GB-MaisieNeural` <sup>New</sup> | General, child voice |
-| English (United Kingdom) | `en-GB` | Male | `en-GB-AlfieNeural` <sup>New</sup> | General |
-| English (United Kingdom) | `en-GB` | Male | `en-GB-ElliotNeural` <sup>New</sup> | General |
-| English (United Kingdom) | `en-GB` | Male | `en-GB-EthanNeural` <sup>New</sup> | General |
-| English (United Kingdom) | `en-GB` | Male | `en-GB-NoahNeural` <sup>New</sup> | General |
-| English (United Kingdom) | `en-GB` | Male | `en-GB-OliverNeural` <sup>New</sup> | General |
-| English (United Kingdom) | `en-GB` | Male | `en-GB-ThomasNeural` <sup>New</sup> | General |
-| English (United States) | `en-US` | Male | `en-US-DavisNeural` | General, multiple voice styles available [using SSML](speech-synthesis-markup.md#adjust-speaking-styles) |
-| English (United States) | `en-US` | Female | `en-US-JaneNeural` | General, multiple voice styles available [using SSML](speech-synthesis-markup.md#adjust-speaking-styles) |
-| English (United States) | `en-US` | Male | `en-US-JasonNeural` | General, multiple voice styles available [using SSML](speech-synthesis-markup.md#adjust-speaking-styles) |
-| English (United States) | `en-US` | Female | `en-US-NancyNeural` | General, multiple voice styles available [using SSML](speech-synthesis-markup.md#adjust-speaking-styles) |
-| English (United States) | `en-US` | Male | `en-US-TonyNeural` | General, multiple voice styles available [using SSML](speech-synthesis-markup.md#adjust-speaking-styles) |
-| French (France) | `fr-FR` | Female | `fr-FR-BrigitteNeural` <sup>New</sup> | General |
-| French (France) | `fr-FR` | Female | `fr-FR-CelesteNeural` <sup>New</sup> | General |
-| French (France) | `fr-FR` | Female | `fr-FR-CoralieNeural` <sup>New</sup> | General |
-| French (France) | `fr-FR` | Female | `fr-FR-JacquelineNeural` <sup>New</sup> | General |
-| French (France) | `fr-FR` | Female | `fr-FR-JosephineNeural` <sup>New</sup> | General |
-| French (France) | `fr-FR` | Female | `fr-FR-YvetteNeural` <sup>New</sup> | General |
-| French (France) | `fr-FR` | Female | `fr-FR-EloiseNeural` <sup>New</sup> | General, child voice |
-| French (France) | `fr-FR` | Male | `fr-FR-AlainNeural` <sup>New</sup> | General |
-| French (France) | `fr-FR` | Male | `fr-FR-ClaudeNeural` <sup>New</sup> | General |
-| French (France) | `fr-FR` | Male | `fr-FR-JeromeNeural` <sup>New</sup> | General |
-| French (France) | `fr-FR` | Male | `fr-FR-MauriceNeural` <sup>New</sup> | General |
-| French (France) | `fr-FR` | Male | `fr-FR-YvesNeural` <sup>New</sup> | General |
-| German (Germany) | `de-DE` | Female | `de-DE-AmalaNeural` <sup>New</sup> | General |
-| German (Germany) | `de-DE` | Female | `de-DE-ElkeNeural` <sup>New</sup> | General |
-| German (Germany) | `de-DE` | Female | `de-DE-KlarissaNeural` <sup>New</sup> | General |
-| German (Germany) | `de-DE` | Female | `de-DE-LouisaNeural` <sup>New</sup> | General |
-| German (Germany) | `de-DE` | Female | `de-DE-MajaNeural` <sup>New</sup> | General |
-| German (Germany) | `de-DE` | Female | `de-DE-TanjaNeural` <sup>New</sup> | General |
-| German (Germany) | `de-DE` | Female | `de-DE-GiselaNeural` <sup>New</sup> | General, child voice |
-| German (Germany) | `de-DE` | Male | `de-DE-BerndNeural` <sup>New</sup> | General |
-| German (Germany) | `de-DE` | Male | `de-DE-ChristophNeural` <sup>New</sup> | General |
-| German (Germany) | `de-DE` | Male | `de-DE-KasperNeural` <sup>New</sup> | General |
-| German (Germany) | `de-DE` | Male | `de-DE-KillianNeural` <sup>New</sup> | General |
-| German (Germany) | `de-DE` | Male | `de-DE-KlausNeural` <sup>New</sup> | General |
-| German (Germany) | `de-DE` | Male | `de-DE-RalfNeural` <sup>New</sup> | General |
+| Chinese (Mandarin, Simplified) | `zh-CN` | Male | `zh-CN-YunjianNeural` <sup>New</sup> | Optimized for broadcasting sports event, 2 new multiple styles available [using SSML](speech-synthesis-markup.md#adjust-speaking-styles) |
+| Chinese (Mandarin, Simplified) | `zh-CN` | Male | `zh-CN-YunhaoNeural` <sup>New</sup> | Optimized for promoting a product or service, 1 new multiple style available [using SSML](speech-synthesis-markup.md#adjust-speaking-styles) |
+| Chinese (Mandarin, Simplified) | `zh-CN` | Male | `zh-CN-YunfengNeural` <sup>New</sup> | General, multiple styles available [using SSML](speech-synthesis-markup.md#adjust-speaking-styles) |
+| English (United Kingdom) | `en-GB` | Female | `en-GB-AbbiNeural` | General |
+| English (United Kingdom) | `en-GB` | Female | `en-GB-BellaNeural` | General |
+| English (United Kingdom) | `en-GB` | Female | `en-GB-HollieNeural` | General |
+| English (United Kingdom) | `en-GB` | Female | `en-GB-OliviaNeural` | General |
+| English (United Kingdom) | `en-GB` | Female | `en-GB-MaisieNeural` | General, child voice |
+| English (United Kingdom) | `en-GB` | Male | `en-GB-AlfieNeural` | General |
+| English (United Kingdom) | `en-GB` | Male | `en-GB-ElliotNeural` | General |
+| English (United Kingdom) | `en-GB` | Male | `en-GB-EthanNeural` | General |
+| English (United Kingdom) | `en-GB` | Male | `en-GB-NoahNeural` | General |
+| English (United Kingdom) | `en-GB` | Male | `en-GB-OliverNeural` | General |
+| English (United Kingdom) | `en-GB` | Male | `en-GB-ThomasNeural` | General |
+| English (United States) | `en-US` | Male | `en-US-DavisNeural` <sup>New</sup> | General, multiple voice styles available [using SSML](speech-synthesis-markup.md#adjust-speaking-styles) |
+| English (United States) | `en-US` | Female | `en-US-JaneNeural` <sup>New</sup> | General, multiple voice styles available [using SSML](speech-synthesis-markup.md#adjust-speaking-styles) |
+| English (United States) | `en-US` | Male | `en-US-JasonNeural` <sup>New</sup> | General, multiple voice styles available [using SSML](speech-synthesis-markup.md#adjust-speaking-styles) |
+| English (United States) | `en-US` | Female | `en-US-NancyNeural` <sup>New</sup> | General, multiple voice styles available [using SSML](speech-synthesis-markup.md#adjust-speaking-styles) |
+| English (United States) | `en-US` | Male | `en-US-TonyNeural` <sup>New</sup> | General, multiple voice styles available [using SSML](speech-synthesis-markup.md#adjust-speaking-styles) |
+| French (France) | `fr-FR` | Female | `fr-FR-BrigitteNeural` | General |
+| French (France) | `fr-FR` | Female | `fr-FR-CelesteNeural` | General |
+| French (France) | `fr-FR` | Female | `fr-FR-CoralieNeural` | General |
+| French (France) | `fr-FR` | Female | `fr-FR-JacquelineNeural` | General |
+| French (France) | `fr-FR` | Female | `fr-FR-JosephineNeural` | General |
+| French (France) | `fr-FR` | Female | `fr-FR-YvetteNeural` | General |
+| French (France) | `fr-FR` | Female | `fr-FR-EloiseNeural` | General, child voice |
+| French (France) | `fr-FR` | Male | `fr-FR-AlainNeural` | General |
+| French (France) | `fr-FR` | Male | `fr-FR-ClaudeNeural` | General |
+| French (France) | `fr-FR` | Male | `fr-FR-JeromeNeural` | General |
+| French (France) | `fr-FR` | Male | `fr-FR-MauriceNeural` | General |
+| French (France) | `fr-FR` | Male | `fr-FR-YvesNeural` | General |
+| German (Germany) | `de-DE` | Female | `de-DE-AmalaNeural` | General |
+| German (Germany) | `de-DE` | Female | `de-DE-ElkeNeural` | General |
+| German (Germany) | `de-DE` | Female | `de-DE-KlarissaNeural` | General |
+| German (Germany) | `de-DE` | Female | `de-DE-LouisaNeural` | General |
+| German (Germany) | `de-DE` | Female | `de-DE-MajaNeural` | General |
+| German (Germany) | `de-DE` | Female | `de-DE-TanjaNeural` | General |
+| German (Germany) | `de-DE` | Female | `de-DE-GiselaNeural` | General, child voice |
+| German (Germany) | `de-DE` | Male | `de-DE-BerndNeural` | General |
+| German (Germany) | `de-DE` | Male | `de-DE-ChristophNeural` | General |
+| German (Germany) | `de-DE` | Male | `de-DE-KasperNeural` | General |
+| German (Germany) | `de-DE` | Male | `de-DE-KillianNeural` | General |
+| German (Germany) | `de-DE` | Male | `de-DE-KlausNeural` | General |
+| German (Germany) | `de-DE` | Male | `de-DE-RalfNeural` | General |
### Voice styles and roles
Use the following table to determine supported styles and roles for each neural
|Voice|Styles|Style degree|Roles| |--|--|--|--| |en-US-AriaNeural|`angry`, `chat`, `cheerful`, `customerservice`, `empathetic`, `excited`, `friendly`, `hopeful`, `narration-professional`, `newscast-casual`, `newscast-formal`, `sad`, `shouting`, `terrified`, `unfriendly`, `whispering`|||
-|en-US-DavisNeural|`angry`, `chat`, `cheerful`, `excited`, `friendly`, `hopeful`, `sad`, `shouting`, `terrified`, `unfriendly`, `whispering`|||
+|en-US-DavisNeural <sup>Public preview</sup>|`angry`, `chat`, `cheerful`, `excited`, `friendly`, `hopeful`, `sad`, `shouting`, `terrified`, `unfriendly`, `whispering`|||
|en-US-GuyNeural|`angry`, `cheerful`, `excited`, `friendly`, `hopeful`, `newscast`, `sad`, `shouting`, `terrified`, `unfriendly`, `whispering`|||
-|en-US-JaneNeural|`angry`, `cheerful`, `excited`, `friendly`, `hopeful`, `sad`, `shouting`, `terrified`, `unfriendly`, `whispering`|||
-|en-US-JasonNeural|`angry`, `cheerful`, `excited`, `friendly`, `hopeful`, `sad`, `shouting`, `terrified`, `unfriendly`, `whispering`|||
+|en-US-JaneNeural <sup>Public preview</sup>|`angry`, `cheerful`, `excited`, `friendly`, `hopeful`, `sad`, `shouting`, `terrified`, `unfriendly`, `whispering`|||
+|en-US-JasonNeural <sup>Public preview</sup>|`angry`, `cheerful`, `excited`, `friendly`, `hopeful`, `sad`, `shouting`, `terrified`, `unfriendly`, `whispering`|||
|en-US-JennyNeural|`angry`, `assistant`, `chat`, `cheerful`,`customerservice`, `excited`, `friendly`, `hopeful`, `newscast`, `sad`, `shouting`, `terrified`, , `unfriendly`, `whispering`|||
-|en-US-NancyNeural|`angry`, `cheerful`, `excited`, `friendly`, `hopeful`, `sad`, `shouting`, `terrified`, `unfriendly`, `whispering`|||
+|en-US-NancyNeural <sup>Public preview</sup>|`angry`, `cheerful`, `excited`, `friendly`, `hopeful`, `sad`, `shouting`, `terrified`, `unfriendly`, `whispering`|||
|en-US-SaraNeural|`angry`, `cheerful`, `excited`, `friendly`, `hopeful`, `sad`, `shouting`, `terrified`, `unfriendly`, `whispering`|||
-|en-US-TonyNeural|`angry`, `cheerful`, `excited`, `friendly`, `hopeful`, `sad`, `shouting`, `terrified`, `unfriendly`, `whispering`|||
-|fr-FR-DeniseNeural |`cheerful` <sup>Public preview</sup>, `sad`<sup>Public preview</sup>|||
+|en-US-TonyNeural <sup>Public preview</sup>|`angry`, `cheerful`, `excited`, `friendly`, `hopeful`, `sad`, `shouting`, `terrified`, `unfriendly`, `whispering`|||
+|fr-FR-DeniseNeural |`cheerful`, `sad`|||
|ja-JP-NanamiNeural|`chat`, `cheerful`, `customerservice`||| |pt-BR-FranciscaNeural|`calm`||| |zh-CN-XiaohanNeural|`affectionate`, `angry`, `calm`, `cheerful`, `disgruntled`, `embarrassed`, `fearful`, `gentle`, `sad`, `serious`|Supported||
Use the following table to determine supported styles and roles for each neural
|zh-CN-YunxiNeural|`angry`, `assistant`, `cheerful`, `depressed`, `disgruntled`, `embarrassed`, `fearful`, `narration-relaxed`, `sad`, `serious`|Supported|Supported| |zh-CN-YunyangNeural|`customerservice`, `narration-professional`, `newscast-casual`|Supported|| |zh-CN-YunyeNeural|`angry`, `calm`, `cheerful`, `disgruntled`, `embarrassed`, `fearful`, `sad`, `serious`|Supported|Supported|
+|zh-CN-YunjianNeural <sup>Public preview</sup>|`narration-relaxed`, `sports-commentary` <sup>Public preview</sup>, `sports-commentary-excited` <sup>Public preview</sup>|Supported||
+|zh-CN-YunhaoNeural <sup>Public preview</sup>|`general`, `advertisement-upbeat` <sup>Public preview</sup>|Supported||
+|zh-CN-YunfengNeural <sup>Public preview</sup>|`calm`, `angry`, ` disgruntled`, `cheerful`, `fearful`, `sad`, `serious`, `depressed`|Supported||
### Custom Neural Voice
cognitive-services Speech Services Quotas And Limits https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cognitive-services/Speech-Service/speech-services-quotas-and-limits.md
In the following tables, the parameters without the **Adjustable** row aren't ad
<sup>3</sup> For the free (F0) pricing tier, see also the monthly allowances at the [pricing page](https://azure.microsoft.com/pricing/details/cognitive-services/speech-services/).<br/> <sup>4</sup> See [additional explanations](#detailed-description-quota-adjustment-and-best-practices) and [best practices](#general-best-practices-to-mitigate-throttling-during-autoscaling).<br/>
-<sup>5</sup> See [additional explanations](#detailed-description-quota-adjustment-and-best-practices), [best practices](#general-best-practices-to-mitigate-throttling-during-autoscaling), and [adjustment instructions](#text-to-speech-increase-concurrent-request-limit-for-custom-neural-voices).<br/>
+<sup>5</sup> See [additional explanations](#detailed-description-quota-adjustment-and-best-practices), [best practices](#general-best-practices-to-mitigate-throttling-during-autoscaling), and [adjustment instructions](#text-to-speech-increase-concurrent-request-limit).<br/>
## Detailed description, quota adjustment, and best practices
Suppose that a Speech service resource has the concurrent request limit set to 3
Generally, it's a very good idea to test the workload and the workload patterns before going to production.
-### Text-to-speech: increase concurrent request limit for custom neural voices
+### Text-to-speech: increase concurrent request limit
-By default, the number of concurrent requests for Custom Neural Voice endpoints is limited to 10. For the standard pricing tier, you can increase this amount. Before submitting the request, ensure that you're familiar with the material discussed earlier in this article, such as the best practices to mitigate throttling.
+For the standard pricing tier, you can increase this amount. Before submitting the request, ensure that you're familiar with the material discussed earlier in this article, such as the best practices to mitigate throttling.
Increasing the limit of concurrent requests doesn't directly affect your costs. Speech service uses a payment model that requires that you pay only for what you use. The limit defines how high the service can scale before it starts throttle your requests.
cognitive-services Speech Synthesis Markup https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cognitive-services/Speech-Service/speech-synthesis-markup.md
The following table has descriptions of each supported style.
|Style|Description| |--|-|
+|`style="advertisement-upbeat"`|Expresses an excited and high-energy tone for promoting a product or service.|
|`style="affectionate"`|Expresses a warm and affectionate tone, with higher pitch and vocal energy. The speaker is in a state of attracting the attention of the listener. The personality of the speaker is often endearing in nature.| |`style="angry"`|Expresses an angry and annoyed tone.| |`style="assistant"`|Expresses a warm and relaxed tone for digital assistants.|
The following table has descriptions of each supported style.
|`style="sad"`|Expresses a sorrowful tone.| |`style="serious"`|Expresses a strict and commanding tone. Speaker often sounds stiffer and much less relaxed with firm cadence.| |`style="shouting"`|Speaks like from a far distant or outside and to make self be clearly heard|
+|`style="sports-commentary"`|Expresses a relaxed and interesting tone for broadcasting a sports event.|
+|`style="sports-commentary-excited"`|Expresses an intensive and energetic tone for broadcasting exciting moments in a sports event.|
|`style="whispering"`|Speaks very softly and make a quiet and gentle sound| |`style="terrified"`|Expresses a very scared tone, with faster pace and a shakier voice. It sounds like the speaker is in an unsteady and frantic status.| |`style="unfriendly"`|Expresses a cold and indifferent tone.|
cognitive-services Faq https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cognitive-services/language-service/conversational-language-understanding/faq.md
Previously updated : 05/23/2022 Last updated : 05/31/2022
Yes, you can use [orchestration workflow](../orchestration-workflow/overview.md)
Add any out of scope utterances to the [none intent](./concepts/none-intent.md).
+## How do I control the none intent?
+
+You can control the none intent threshhold from UI through the project settings, by changing the none inten threshold value. The values can be between 0.0 and 1.0. Also, you can change this threshold from the APIs by changing the *confidenceThreshold* in settings object. Learn more about [none intent](./concepts/none-intent.md#none-score-threshold)
+ ## Is there any SDK support? Yes, only for predictions, and samples are available for [Python](https://aka.ms/sdk-samples-conversation-python) and [C#](https://aka.ms/sdk-sample-conversation-dot-net). There is currently no authoring support for the SDK.
cognitive-services Migrate Qnamaker https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cognitive-services/language-service/question-answering/how-to/migrate-qnamaker.md
You can follow the steps below to migrate knowledge bases:
> [!div class="mx-imgBorder"] > ![Migrate QnAMaker with red selection box around the knowledge base selection option with a drop-down displaying three knowledge base names](../media/migrate-qnamaker/select-knowledge-bases.png)
-8. You can review the knowledge bases you plan to migrate. There could be some validation errors in project names as we follow stricter validation rules for custom question answering projects.
+8. You can review the knowledge bases you plan to migrate. There could be some validation errors in project names as we follow stricter validation rules for custom question answering projects. To resolve these errors occuring due to invalid characters, select the checkbox (in red) and click **Next**. This is a one-click method to replace the problematic charcaters in the name with the accepted characters. If there's a duplicate, a new unique project name is generated by the system.
> [!CAUTION] > If you migrate a knowledge base with the same name as a project that already exists in the target language resource, **the content of the project will be overridden** by the content of the selected knowledge base. > [!div class="mx-imgBorder"]
- > ![Screenshot of an error message starting project names can't contain special characters](../media/migrate-qnamaker/special-characters.png)
+ > ![Screenshot of an error message starting project names can't contain special characters](../media/migrate-qnamaker/migration-kb-name-validation.png)
-9. After resolving any validation errors, select **Next**
+9. After resolving the validation errors, select **Start migration**
> [!div class="mx-imgBorder"]
- > ![Screenshot with special characters removed](../media/migrate-qnamaker/validation-errors.png)
+ > ![Screenshot with special characters removed](../media/migrate-qnamaker/migration-kb-name-validation-success.png)
10. It will take a few minutes for the migration to occur. Do not cancel the migration while it is in progress. You can navigate to the migrated projects within the [Language Studio](https://language.azure.com/) post migration.
confidential-computing Confidential Containers https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/confidential-computing/confidential-containers.md
You can enable confidential containers in Azure Partners and Open Source Softwar
### Fortanix
-[Fortanix](https://www.fortanix.com/) has portal and Command Line Interface (CLI) experiences to convert their containerized applications to SGX-capable confidential containers. You don't need to modify or recompile the application. Fortanix provides the flexibility to run and manage a broad set of applications. You can use existing applications, new enclave-native applications, and pre-packaged applications. Start with Fortanix's [Enclave Manager](https://em.fortanix.com/) UI or [REST APIs](https://www.fortanix.com/api/em/). Create confidential containers using the Fortanix's [quickstart guide for AKS](https://hubs.li/Q017JnNt0).
+[Fortanix](https://www.fortanix.com/) has portal and Command Line Interface (CLI) experiences to convert their containerized applications to SGX-capable confidential containers. You don't need to modify or recompile the application. Fortanix provides the flexibility to run and manage a broad set of applications. You can use existing applications, new enclave-native applications, and pre-packaged applications. Start with Fortanix's [Enclave Manager](https://em.fortanix.com/) UI or [REST APIs](https://www.fortanix.com/api/). Create confidential containers using the Fortanix's [quickstart guide for AKS](https://hubs.li/Q017JnNt0).
![Diagram of Fortanix deployment process, showing steps to move applications to confidential containers and deploy.](./media/confidential-containers/fortanix-confidential-containers-flow.png)
connectors Connectors Native Http https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/connectors/connectors-native-http.md
ms.suite: integration Previously updated : 09/13/2021 Last updated : 05/31/2022 tags: connectors
This built-in action makes an HTTP call to the specified URL for an endpoint and
## Trigger and action outputs
-Here is more information about the outputs from an HTTP trigger or action, which returns this information:
+Here's more information about the outputs from an HTTP trigger or action, which returns this information:
| Property | Type | Description | |-||-|
Here is more information about the outputs from an HTTP trigger or action, which
If you have a **Logic App (Standard)** resource in single-tenant Azure Logic Apps, and you want to use an HTTP operation with any of the following authentication types, make sure to complete the extra setup steps for the corresponding authentication type. Otherwise, the call fails.
-* [TLS/SSL certificate](#tls-ssl-certificate-authentication): Add the app setting, `WEBSITE_LOAD_ROOT_CERTIFICATES`, and provide the thumbprint for your thumbprint for your TLS/SSL certificate.
+* [TLS/SSL certificate](#tls-ssl-certificate-authentication): Add the app setting, `WEBSITE_LOAD_ROOT_CERTIFICATES`, and set the value to the thumbprint for your TLS/SSL certificate.
* [Client certificate or Azure Active Directory Open Authentication (Azure AD OAuth) with the "Certificate" credential type](#client-certificate-authentication): Add the app setting, `WEBSITE_LOAD_USER_PROFILE`, and set the value to `1`.
For example, suppose you have a logic app that sends an HTTP POST request for an
![Multipart form data](./media/connectors-native-http/http-action-multipart.png)
-Here is the same example that shows the HTTP action's JSON definition in the underlying workflow definition:
+Here's the same example that shows the HTTP action's JSON definition in the underlying workflow definition:
```json "HTTP_action": {
HTTP requests have a [timeout limit](../logic-apps/logic-apps-limits-and-config.
To specify the number of seconds between retry attempts, you can add the `Retry-After` header to the HTTP action response. For example, if the target endpoint returns the `429 - Too many requests` status code, you can specify a longer interval between retries. The `Retry-After` header also works with the `202 - Accepted` status code.
-Here is the same example that shows the HTTP action response that contains `Retry-After`:
+Here's the same example that shows the HTTP action response that contains `Retry-After`:
```json {
Here is the same example that shows the HTTP action response that contains `Retr
} ```
+## Pagination support
+
+Sometimes, the target service responds by returning the results one page at a time. If the response specifies the next page with the **nextLink** or **@odata.nextLink** property, you can turn on the **Pagination** setting on the HTTP action. This setting causes the HTTP action to automatically follow these links and get the next page. However, if the response specifies the next page with any other tag, you might have to add a loop to your workflow. Make this loop follow that tag and manually get each page until the tag is null.
## Disable checking location headers
connectors Connectors Native Recurrence https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/connectors/connectors-native-recurrence.md
Title: Schedule recurring tasks and workflows
-description: Schedule and run recurring automated tasks and workflows with the Recurrence trigger in Azure Logic Apps.
+ Title: Schedule and run recurring workflows
+description: Schedule and run recurring workflows with the generic Recurrence trigger in Azure Logic Apps.
ms.suite: integration Previously updated : 05/27/2022 Last updated : 06/01/2022
-# Create, schedule, and run recurring tasks and workflows with the Recurrence trigger in Azure Logic Apps
+# Schedule and run recurring workflows with the Recurrence trigger in Azure Logic Apps
-To regularly run tasks, processes, or jobs on specific schedule, you can start your logic app workflow with the built-in **Recurrence** trigger, which runs natively in Azure Logic Apps. You can set a date and time as well as a time zone for starting the workflow and a recurrence for repeating that workflow. If the trigger misses recurrences for any reason, for example, due to disruptions or disabled workflows, this trigger doesn't process the missed recurrences but restarts recurrences at the next scheduled interval. For more information about the built-in Schedule triggers and actions, see [Schedule and run recurring automated, tasks, and workflows with Azure Logic Apps](../logic-apps/concepts-schedule-automated-recurring-tasks-workflows.md).
+To start and run your workflow on a schedule, you can use the generic Recurrence trigger as the first step. You can set a date, time, and time zone for starting the workflow and a recurrence for repeating that workflow. The following list includes some patterns that this trigger supports along with more advanced recurrences and complex schedules:
-Here are some patterns that this trigger supports along with more advanced recurrences and complex schedules:
+* Run at a specific date and time, then repeat every *n* number of seconds, minutes, hours, days, weeks, or months.
* Run immediately and repeat every *n* number of seconds, minutes, hours, days, weeks, or months.
-* Start at a specific date and time, then run and repeat every *n* number of seconds, minutes, hours, days, weeks, or months.
+* Run immediately and repeat daily at one or more specific times, such as 8:00 AM and 5:00 PM.
-* Run and repeat at one or more times each day, for example, at 8:00 AM and 5:00 PM.
+* Run immediately and repeat weekly on specific days, such as Saturday and Sunday.
-* Run and repeat each week, but only for specific days, such as Saturday and Sunday.
+* Run immediately and repeat weekly on specific days and times, such as Monday through Friday at 8:00 AM and 5:00 PM.
-* Run and repeat each week, but only for specific days and times, such as Monday through Friday at 8:00 AM and 5:00 PM.
+> [!NOTE]
+>
+> To start and run your workflow only once in the future, use workflow template named
+> **Scheduler: Run Once Jobs**. This template uses the Request trigger and HTTP action,
+> rather than the Recurrence trigger, which doesn't support this recurrence pattern.
+> For more information, see [Run jobs one time only](../logic-apps/concepts-schedule-automated-recurring-tasks-workflows.md#run-once).
-For differences between this trigger and the Sliding Window trigger or for more information about scheduling recurring workflows, see [Schedule and run recurring automated tasks, processes, and workflows with Azure Logic Apps](../logic-apps/concepts-schedule-automated-recurring-tasks-workflows.md).
+The Recurrence trigger isn't associated with any specific service, so you can use the trigger with almost any workflow, such as [Consumption logic app workflows and Standard logic app *stateful* workflows](../logic-apps/logic-apps-overview.md#resource-environment-differences). This trigger is currently unavailable for [Standard logic app *stateless* workflows](../logic-apps/logic-apps-overview.md#resource-environment-differences).
-> [!TIP]
-> If you want to trigger your logic app and run only one time in the future, see
-> [Run jobs one time only](../logic-apps/concepts-schedule-automated-recurring-tasks-workflows.md#run-once).
+The Recurrence trigger is part of the built-in Schedule connector and runs natively on the Azure Logic Apps runtime. For more information about the built-in Schedule triggers and actions, see [Schedule and run recurring automated, tasks, and workflows with Azure Logic Apps](../logic-apps/concepts-schedule-automated-recurring-tasks-workflows.md).
## Prerequisites * An Azure account and subscription. If you don't have a subscription, [sign up for a free Azure account](https://azure.microsoft.com/free/?WT.mc_id=A261C142F).
-* Basic knowledge about [logic apps](../logic-apps/logic-apps-overview.md). If you're new to logic apps, learn [how to create your first logic app](../logic-apps/quickstart-create-first-logic-app-workflow.md).
+* Basic knowledge about [logic app workflows](../logic-apps/logic-apps-overview.md). If you're new to logic apps, learn [how to create your first logic app workflow](../logic-apps/quickstart-create-first-logic-app-workflow.md).
+
+<a name="add-recurrence-trigger"></a>
## Add the Recurrence trigger
-1. Sign in to the [Azure portal](https://portal.azure.com). Create a blank logic app.
+1. In the [Azure portal](https://portal.azure.com), create a blank logic app and workflow.
+
+ > [!NOTE]
+ >
+ > If you created a Standard logic app workflow, make sure to create a *stateful* workflow.
+ > The Recurrence trigger is currently unavailable for stateless workflows.
+
+1. In the designer, follow the corresponding steps, based on whether your logic app workflow is [Consumption or Standard](../logic-apps/logic-apps-overview.md#resource-environment-differences).
+
+ **Consumption**
+
+ 1. On the designer, under the search box, select **Built-in**.
+ 1. In the search box, enter **recurrence**.
+ 1. From the triggers list, select the trigger named **Recurrence**.
-1. After Logic App Designer appears, in the search box, enter `recurrence` as your filter. From the triggers list, select this trigger as the first step in your logic app workflow: **Recurrence**
+ ![Screenshot for Consumption logic app workflow designer with "Recurrence" trigger selected.](./media/connectors-native-recurrence/add-recurrence-trigger-consumption.png)
- ![Select "Recurrence" trigger](./media/connectors-native-recurrence/add-recurrence-trigger.png)
+ **Standard**
-1. Set the interval and frequency for the recurrence. In this example, set these properties to run your workflow every week.
+ 1. On the designer, select **Choose operation**.
+ 1. On the **Add a trigger** pane, under the search box, select **Built-in**.
+ 1. In the search box, enter **recurrence**.
+ 1. From the triggers list, select the trigger named **Recurrence**.
- ![Set interval and frequency](./media/connectors-native-recurrence/recurrence-trigger-details.png)
+ ![Screenshot for Standard logic app workflow designer with "Recurrence" trigger selected.](./media/connectors-native-recurrence/add-recurrence-trigger-standard.png)
+
+1. Set the interval and frequency for the recurrence. In this example, set these properties to run your workflow every week, for example:
+
+ **Consumption**
+
+ ![Screenshot for Consumption workflow designer with "Recurrence" trigger interval and frequency.](./media/connectors-native-recurrence/recurrence-trigger-details-consumption.png)
+
+ **Standard**
+
+ ![Screenshot for Standard workflow designer with "Recurrence" trigger interval and frequency.](./media/connectors-native-recurrence/recurrence-trigger-details-standard.png)
| Property | JSON name | Required | Type | Description | |-|--|-||-|
- | **Interval** | `interval` | Yes | Integer | A positive integer that describes how often the workflow runs based on the frequency. Here are the minimum and maximum intervals: <p>- Month: 1-16 months <br>- Week: 1-71 weeks <br>- Day: 1-500 days <br>- Hour: 1-12,000 hours <br>- Minute: 1-72,000 minutes <br>- Second: 1-9,999,999 seconds<p>For example, if the interval is 6, and the frequency is "Month", then the recurrence is every 6 months. |
+ | **Interval** | `interval` | Yes | Integer | A positive integer that describes how often the workflow runs based on the frequency. Here are the minimum and maximum intervals: <br><br>- Month: 1-16 months <br>- Week: 1-71 weeks <br>- Day: 1-500 days <br>- Hour: 1-12,000 hours <br>- Minute: 1-72,000 minutes <br>- Second: 1-9,999,999 seconds<br><br>For example, if the interval is 6, and the frequency is "Month", then the recurrence is every 6 months. |
| **Frequency** | `frequency` | Yes | String | The unit of time for the recurrence: **Second**, **Minute**, **Hour**, **Day**, **Week**, or **Month** | |||||| > [!IMPORTANT]
- > If you use the **Day**, **Week**, or **Month** frequency, and you specify a future date and time, make sure that you set up the recurrence in advance:
+ > If you use the **Day**, **Week**, or **Month** frequency, and you specify a future date and time,
+ > make sure that you set up the recurrence in advance. Otherwise, the workflow might skip the first recurrence.
> > * **Day**: Set up the daily recurrence at least 24 hours in advance. >
For differences between this trigger and the Sliding Window trigger or for more
> > * **Month**: Set up the monthly recurrence at least one month in advance. >
- > Otherwise, the workflow might skip the first recurrence.
- >
- > If a recurrence doesn't specify a specific [start date and time](../logic-apps/concepts-schedule-automated-recurring-tasks-workflows.md#start-time), the first recurrence runs immediately
- > when you save or deploy the logic app, despite your trigger's recurrence setup. To avoid this behavior, provide a start
- > date and time for when you want the first recurrence to run.
+ > If a recurrence doesn't specify a specific [start date and time](../logic-apps/concepts-schedule-automated-recurring-tasks-workflows.md#start-time),
+ > the first recurrence runs immediately when you save or deploy the logic app, despite your trigger's recurrence setup. To avoid this behavior,
+ > provide a start date and time for when you want the first recurrence to run.
> > If a recurrence doesn't specify any other advanced scheduling options such as specific times to run future recurrences, > those recurrences are based on the last run time. As a result, the start times for those recurrences might drift due to > factors such as latency during storage calls. To make sure that your logic app doesn't miss a recurrence, especially when
- > the frequency is in days or longer, try these options:
+ > the frequency is in days or longer, try the following options:
>
- > * Provide a start date and time for the recurrence plus the specific times when to run subsequent recurrences by using the properties
- > named **At these hours** and **At these minutes**, which are available only for the **Day** and **Week** frequencies.
+ > * Provide a start date and time for the recurrence and the specific times to run subsequent recurrences. You can use the
+ > properties named **At these hours** and **At these minutes**, which are available only for the **Day** and **Week** frequencies.
>
- > * Use the [Sliding Window trigger](../connectors/connectors-native-sliding-window.md), rather than the Recurrence trigger.
+ > * For Consumption logic app workflows, use the [Sliding Window trigger](../connectors/connectors-native-sliding-window.md),
+ > rather than the Recurrence trigger.
1. To set advanced scheduling options, open the **Add new parameter** list. Any options that you select appear on the trigger after selection.
- ![Advanced scheduling options](./media/connectors-native-recurrence/recurrence-trigger-more-options-details.png)
+ **Consumption**
+
+ ![Screenshot for Consumption workflow designer and "Recurrence" trigger with advanced scheduling options.](./media/connectors-native-recurrence/recurrence-trigger-advanced-consumption.png)
+
+ **Standard**
+
+ ![Screenshot for Standard workflow designer and "Recurrence" trigger with advanced scheduling options.](./media/connectors-native-recurrence/recurrence-trigger-advanced-standard.png)
| Property | JSON name | Required | Type | Description | |-|--|-||-| | **Time zone** | `timeZone` | No | String | Applies only when you specify a start time because this trigger doesn't accept [UTC offset](https://en.wikipedia.org/wiki/UTC_offset). Select the time zone that you want to apply. |
- | **Start time** | `startTime` | No | String | Provide a start date and time, which has a maximum of 49 years in the future and must follow the [ISO 8601 date time specification](https://en.wikipedia.org/wiki/ISO_8601#Combined_date_and_time_representations) in [UTC date time format](https://en.wikipedia.org/wiki/Coordinated_Universal_Time), but without a [UTC offset](https://en.wikipedia.org/wiki/UTC_offset): <p><p>YYYY-MM-DDThh:mm:ss if you select a time zone <p>-or- <p>YYYY-MM-DDThh:mm:ssZ if you don't select a time zone <p>So for example, if you want September 18, 2020 at 2:00 PM, then specify "2020-09-18T14:00:00" and select a time zone such as Pacific Standard Time. Or, specify "2020-09-18T14:00:00Z" without a time zone. <p><p>**Important:** If you don't select a time zone, you must add the letter "Z" at the end without any spaces. This "Z" refers to the equivalent [nautical time](https://en.wikipedia.org/wiki/Nautical_time). If you select a time zone value, you don't need to add a "Z" to the end of your **Start time** value. If you do, Logic Apps ignores the time zone value because the "Z" signifies a UTC time format. <p><p>For simple schedules, the start time is the first occurrence, while for complex schedules, the trigger doesn't fire any sooner than the start time. [*What are the ways that I can use the start date and time?*](../logic-apps/concepts-schedule-automated-recurring-tasks-workflows.md#start-time) |
+ | **Start time** | `startTime` | No | String | Provide a start date and time, which has a maximum of 49 years in the future and must follow the [ISO 8601 date time specification](https://en.wikipedia.org/wiki/ISO_8601#Combined_date_and_time_representations) in [UTC date time format](https://en.wikipedia.org/wiki/Coordinated_Universal_Time), but without a [UTC offset](https://en.wikipedia.org/wiki/UTC_offset): <br><br>YYYY-MM-DDThh:mm:ss if you select a time zone <br><br>-or- <br><br>YYYY-MM-DDThh:mm:ssZ if you don't select a time zone <br><br>So for example, if you want September 18, 2020 at 2:00 PM, then specify "2020-09-18T14:00:00" and select a time zone such as Pacific Standard Time. Or, specify "2020-09-18T14:00:00Z" without a time zone. <br><br>**Important:** If you don't select a time zone, you must add the letter "Z" at the end without any spaces. This "Z" refers to the equivalent [nautical time](https://en.wikipedia.org/wiki/Nautical_time). If you select a time zone value, you don't need to add a "Z" to the end of your **Start time** value. If you do, Logic Apps ignores the time zone value because the "Z" signifies a UTC time format. <br><br>For simple schedules, the start time is the first occurrence, while for complex schedules, the trigger doesn't fire any sooner than the start time. [*What are the ways that I can use the start date and time?*](../logic-apps/concepts-schedule-automated-recurring-tasks-workflows.md#start-time) |
| **On these days** | `weekDays` | No | String or string array | If you select "Week", you can select one or more days when you want to run the workflow: **Monday**, **Tuesday**, **Wednesday**, **Thursday**, **Friday**, **Saturday**, and **Sunday** |
- | **At these hours** | `hours` | No | Integer or integer array | If you select "Day" or "Week", you can select one or more integers from 0 to 23 as the hours of the day for when you want to run the workflow. <p><p>For example, if you specify "10", "12" and "14", you get 10 AM, 12 PM, and 2 PM for the hours of the day, but the minutes of the day are calculated based on when the recurrence starts. To set specific minutes of the day, for example, 10:00 AM, 12:00 PM, and 2:00 PM, specify those values by using the property named **At these minutes**. |
- | **At these minutes** | `minutes` | No | Integer or integer array | If you select "Day" or "Week", you can select one or more integers from 0 to 59 as the minutes of the hour when you want to run the workflow. <p>For example, you can specify "30" as the minute mark and using the previous example for hours of the day, you get 10:30 AM, 12:30 PM, and 2:30 PM. <p>**Note**: Sometimes, the timestamp for the triggered run might vary up to 1 minute from the scheduled time. If you need to pass the timestamp exactly as scheduled to subsequent actions, you can use template expressions to change the timestamp accordingly. For more information, see [Date and time functions for expressions](../logic-apps/workflow-definition-language-functions-reference.md#date-time-functions). |
+ | **At these hours** | `hours` | No | Integer or integer array | If you select "Day" or "Week", you can select one or more integers from 0 to 23 as the hours of the day for when you want to run the workflow. <br><br>For example, if you specify "10", "12" and "14", you get 10 AM, 12 PM, and 2 PM for the hours of the day, but the minutes of the day are calculated based on when the recurrence starts. To set specific minutes of the day, for example, 10:00 AM, 12:00 PM, and 2:00 PM, specify those values by using the property named **At these minutes**. |
+ | **At these minutes** | `minutes` | No | Integer or integer array | If you select "Day" or "Week", you can select one or more integers from 0 to 59 as the minutes of the hour when you want to run the workflow. <br><br>For example, you can specify "30" as the minute mark and using the previous example for hours of the day, you get 10:30 AM, 12:30 PM, and 2:30 PM. <br><br>**Note**: Sometimes, the timestamp for the triggered run might vary up to 1 minute from the scheduled time. If you need to pass the timestamp exactly as scheduled to subsequent actions, you can use template expressions to change the timestamp accordingly. For more information, see [Date and time functions for expressions](../logic-apps/workflow-definition-language-functions-reference.md#date-time-functions). |
|||||
- For example, suppose that today is Friday, September 4, 2020. The following Recurrence trigger doesn't fire *any sooner* than the start date and time, which is Friday, September 18, 2020 at 8:00 AM PST. However, the recurrence schedule is set for 10:30 AM, 12:30 PM, and 2:30 PM on Mondays only. So the first time that the trigger fires and creates a logic app workflow instance is on Monday at 10:30 AM. To learn more about how start times work, see these [start time examples](../logic-apps/concepts-schedule-automated-recurring-tasks-workflows.md#start-time).
+ For example, suppose that today is Friday, September 4, 2020. The following Recurrence trigger doesn't fire *any sooner* than the specified start date and time, which is Friday, September 18, 2020 at 8:00 AM Pacific Time. However, the recurrence schedule is set for 10:30 AM, 12:30 PM, and 2:30 PM on Mondays only. The first time that the trigger fires and creates a workflow instance is on Monday at 10:30 AM. To learn more about how start times work, see these [start time examples](../logic-apps/concepts-schedule-automated-recurring-tasks-workflows.md#start-time).
Future runs happen at 12:30 PM and 2:30 PM on the same day. Each recurrence creates their own workflow instance. After that, the entire schedule repeats all over again next Monday. [*What are some other example occurrences?*](../logic-apps/concepts-schedule-automated-recurring-tasks-workflows.md#example-recurrences)
- ![Advanced scheduling example](./media/connectors-native-recurrence/recurrence-trigger-advanced-schedule-options.png)
- > [!NOTE]
+ >
> The trigger shows a preview for your specified recurrence only when you select "Day" or "Week" as the frequency.
-1. Now build your remaining workflow with other actions. For more actions that you can add, see [Connectors for Azure Logic Apps](../connectors/apis-list.md).
+ **Consumption**
+
+ ![Screenshot showing Consumption workflow and "Recurrence" trigger with advanced scheduling example.](./media/connectors-native-recurrence/recurrence-trigger-advanced-example-consumption.png)
+
+ **Standard**
+
+ ![Screenshot showing Standard workflow and "Recurrence" trigger with advanced scheduling example.](./media/connectors-native-recurrence/recurrence-trigger-advanced-example-standard.png)
+
+1. Now continue building your workflow with other actions. For more actions that you can add, see [Connectors for Azure Logic Apps](../connectors/apis-list.md).
## Workflow definition - Recurrence
-In your logic app's underlying workflow definition, which uses JSON, you can view the [Recurrence trigger definition](../logic-apps/logic-apps-workflow-actions-triggers.md#recurrence-trigger) with the options that you chose. To view this definition, on the designer toolbar, choose **Code view**. To return to the designer, choose on the designer toolbar, **Designer**.
+You can view how the [Recurrence trigger definition](../logic-apps/logic-apps-workflow-actions-triggers.md#recurrence-trigger) appears with your chosen options by reviewing the underlying JSON definition for your workflow in Consumption logic apps and Standard logic apps (stateful only).
+
+Based on whether your logic app is Consumption or Standard, choose one of the following options:
-This example shows how a Recurrence trigger definition might look in an underlying workflow definition:
+* **Consumption**: On the designer toolbar, select **Code view**. To return to the designer, on the code view editor toolbar, select **Designer**.
+
+* **Standard**: On the workflow menu, select **Code view**. To return to the designer, on the workflow menu, select **Designer**.
+
+The following example shows how a Recurrence trigger definition might appear in the workflow's underlying JSON definition:
``` json "triggers": {
To schedule jobs, Azure Logic Apps puts the message for processing into the queu
Otherwise, if you don't select a time zone, daylight saving time (DST) events might affect when triggers run. For example, the start time shifts one hour forward when DST starts and one hour backward when DST ends. However, some time windows might cause problems when the time shifts. For more information and examples, see [Recurrence for daylight saving time and standard time](../logic-apps/concepts-schedule-automated-recurring-tasks-workflows.md#daylight-saving-standard-time). - ## Next steps * [Pause workflows with delay actions](../connectors/connectors-native-delay.md)
container-apps Microservices Dapr Azure Resource Manager https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/container-apps/microservices-dapr-azure-resource-manager.md
You learn how to:
> [!div class="checklist"] > * Create an Azure Blob Storage for use as a Dapr state store
-> * Deploy a container apps environment to host container apps
+> * Deploy a Container Apps environment to host container apps
> * Deploy two dapr-enabled container apps: one that produces orders and one that consumes orders and stores them > * Verify the interaction between the two microservices.
New-AzStorageAccount -ResourceGroupName $RESOURCE_GROUP `
-Once your Azure Blob Storage account is created, the following values are needed for subsequent steps in this tutorial.
+Once your Azure Blob Storage account is created, you'll create a template where these storage parameters will use environment variable values. The values are passed in via the `parameters` argument when you deploy your apps with the `az deployment group create` command.
-- `storage_account_name` is the value of the `STORAGE_ACCOUNT` variable.
+- `storage_account_name` uses the value of the `STORAGE_ACCOUNT` variable.
-- `storage_container_name` is the value of the `STORAGE_ACCOUNT_CONTAINER` variable.-
-Dapr creates a container with this name when it doesn't already exist in your Azure Storage account.
+- `storage_container_name` uses the value of the `STORAGE_ACCOUNT_CONTAINER` variable. Dapr creates a container with this name when it doesn't already exist in your Azure Storage account.
::: zone pivot="container-apps-arm" ### Create Azure Resource Manager (ARM) template
-Create an ARM template to deploy a Container Apps environment including the associated Log Analytics workspace and Application Insights resource for distributed tracing, a dapr component for the state store and the two dapr-enabled container apps.
+Create an ARM template to deploy a Container Apps environment including:
+
+* the associated Log Analytics workspace
+* Application Insights resource for distributed tracing
+* a dapr component for the state store
+* two dapr-enabled container apps
Save the following file as _hello-world.json_:
Save the following file as _hello-world.json_:
### Create Azure Bicep templates
-Create a bicep template to deploy a Container Apps environment including the associated Log Analytics workspace and Application Insights resource for distributed tracing, a dapr component for the state store and the two dapr-enabled container apps.
+Create a bicep template to deploy a Container Apps environment including:
+
+* the associated Log Analytics workspace
+* Application Insights resource for distributed tracing
+* a dapr component for the state store
+* the two dapr-enabled container apps
Save the following file as _hello-world.bicep_:
resource nodeapp 'Microsoft.App/containerApps@2022-03-01' = {
image: 'dapriosamples/hello-k8s-node:latest' name: 'hello-k8s-node' resources: {
- cpu: '0.5'
+ cpu: json('0.5')
memory: '1.0Gi' } }
resource pythonapp 'Microsoft.App/containerApps@2022-03-01' = {
image: 'dapriosamples/hello-k8s-python:latest' name: 'hello-k8s-python' resources: {
- cpu: '0.5'
+ cpu: json('0.5')
memory: '1.0Gi' } }
New-AzResourceGroupDeployment `
This command deploys: -- the container apps environment and associated Log Analytics workspace for hosting the hello world dapr solution
+- the Container Apps environment and associated Log Analytics workspace for hosting the hello world dapr solution
- an Application Insights instance for Dapr distributed tracing - the `nodeapp` app server running on `targetPort: 3000` with dapr enabled and configured using: `"appId": "nodeapp"` and `"appPort": 3000` - the `daprComponents` object of `"type": "state.azure.blobstorage"` scoped for use by the `nodeapp` for storing state
nodeapp Got a new order! Order ID: 63 PrimaryResult 2021-10-22
## Clean up resources
-Once you are done, run the following command to delete your resource group along with all the resources you created in this tutorial.
+Once you're done, run the following command to delete your resource group along with all the resources you created in this tutorial.
# [Bash](#tab/bash)
container-apps Vnet Custom Internal https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/container-apps/vnet-custom-internal.md
$VNET_NAME="my-custom-vnet"
-Now create an instance of the virtual network to associate with the Container Apps environment. The virtual network must have two subnets available for the container apps instance.
+Now create an instance of the virtual network to associate with the Container Apps environment. The virtual network must have two subnets available for the container app instance.
> [!NOTE] > You can use an existing virtual network, but two empty subnets are required to use with Container Apps.
The following table describes the parameters used in for `containerapp env creat
| Parameter | Description | |||
-| `name` | Name of the container apps environment. |
+| `name` | Name of the Container Apps environment. |
| `resource-group` | Name of the resource group. |
-| `logs-workspace-id` | The ID of the Log Analytics workspace. |
-| `logs-workspace-key` | The Log Analytics client secret. |
+| `logs-workspace-id` | (Optional) The ID of an existing the Log Analytics workspace. If omitted, a workspace will be created for you. |
+| `logs-workspace-key` | The Log Analytics client secret. Required if using an existing workspace. |
| `location` | The Azure location where the environment is to deploy. | | `infrastructure-subnet-resource-id` | Resource ID of a subnet for infrastructure components and user application containers. |
-| `internal-only` | Optional parameter that scopes the environment to IP addresses only available the custom VNET. |
+| `internal-only` | (Optional) The environment doesn't use a public static IP, only internal IP addresses available in the custom VNET. (Requires an infrastructure subnet resource ID.) |
-With your environment created in your custom virtual network, you can deploy container apps into the environment using the `az containerapp create` command.
+With your environment created using your custom virtual network, you can deploy container apps into the environment using the `az containerapp create` command.
### Optional configuration
You must either provide values for all three of these properties, or none of the
| Parameter | Description | ||| | `platform-reserved-cidr` | The address range used internally for environment infrastructure services. Must have a size between `/21` and `/12`. |
-| `platform-reserved-dns-ip` | An IP address from the `platform-reserved-cidr` range that is used for the internal DNS server. The address can't be the first address in the range, or the network address. For example, if `platform-reserved-cidr` is set to `10.2.0.0/16`, then `platform-reserved-dns-ip` can't be `10.2.0.0` (this is the network address), or `10.2.0.1` (infrastructure reserves use of this IP). In this case, the first usable IP for the DNS would be `10.2.0.2`. |
+| `platform-reserved-dns-ip` | An IP address from the `platform-reserved-cidr` range that is used for the internal DNS server. The address can't be the first address in the range, or the network address. For example, if `platform-reserved-cidr` is set to `10.2.0.0/16`, then `platform-reserved-dns-ip` can't be `10.2.0.0` (the network address), or `10.2.0.1` (infrastructure reserves use of this IP). In this case, the first usable IP for the DNS would be `10.2.0.2`. |
| `docker-bridge-cidr` | The address range assigned to the Docker bridge network. This range must have a size between `/28` and `/12`. | - The `platform-reserved-cidr` and `docker-bridge-cidr` address ranges can't conflict with each other, or with the ranges of either provided subnet. Further, make sure these ranges don't conflict with any other address range in the VNET.
You must either provide values for all three of these properties, or none of the
## Clean up resources
-If you're not going to continue to use this application, you can delete the Azure Container Apps instance and all the associated services by removing the **my-container-apps** resource group.
+If you're not going to continue to use this application, you can delete the Azure Container Apps instance and all the associated services by removing the **my-container-apps** resource group. Deleting this resource group will also delete the resource group automatically created by the Container Apps service containing the custom network components.
::: zone pivot="azure-cli"
az group delete `
## Additional resources -- Refer to [What is Azure Private Endpoint](../private-link/private-endpoint-overview.md) for more details on configuring your private endpoint.
+- For more information about configuring your private endpoints, see [What is Azure Private Endpoint](../private-link/private-endpoint-overview.md).
- To set up DNS name resolution for internal services, you must [set up your own DNS server](../dns/index.yml).
container-apps Vnet Custom https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/container-apps/vnet-custom.md
The following table describes the parameters used in `containerapp env create`.
| Parameter | Description | |||
-| `name` | Name of the container apps environment. |
+| `name` | Name of the Container Apps environment. |
| `resource-group` | Name of the resource group. | | `location` | The Azure location where the environment is to deploy. | | `infrastructure-subnet-resource-id` | Resource ID of a subnet for infrastructure components and user application containers. |
You must either provide values for all three of these properties, or none of the
| Parameter | Description | ||| | `platform-reserved-cidr` | The address range used internally for environment infrastructure services. Must have a size between `/21` and `/12`. |
-| `platform-reserved-dns-ip` | An IP address from the `platform-reserved-cidr` range that is used for the internal DNS server. The address can't be the first address in the range, or the network address. For example, if `platform-reserved-cidr` is set to `10.2.0.0/16`, then `platform-reserved-dns-ip` can't be `10.2.0.0` (this is the network address), or `10.2.0.1` (infrastructure reserves use of this IP). In this case, the first usable IP for the DNS would be `10.2.0.2`. |
+| `platform-reserved-dns-ip` | An IP address from the `platform-reserved-cidr` range that is used for the internal DNS server. The address can't be the first address in the range, or the network address. For example, if `platform-reserved-cidr` is set to `10.2.0.0/16`, then `platform-reserved-dns-ip` can't be `10.2.0.0` (the network address), or `10.2.0.1` (infrastructure reserves use of this IP). In this case, the first usable IP for the DNS would be `10.2.0.2`. |
| `docker-bridge-cidr` | The address range assigned to the Docker bridge network. This range must have a size between `/28` and `/12`. | - The `platform-reserved-cidr` and `docker-bridge-cidr` address ranges can't conflict with each other, or with the ranges of either provided subnet. Further, make sure these ranges don't conflict with any other address range in the VNET.
You must either provide values for all three of these properties, or none of the
## Clean up resources
-If you're not going to continue to use this application, you can delete the Azure Container Apps instance and all the associated services by removing the **my-container-apps** resource group.
+If you're not going to continue to use this application, you can delete the Azure Container Apps instance and all the associated services by removing the **my-container-apps** resource group. Deleting this resource group will also delete the resource group automatically created by the Container Apps service containing the custom network components.
::: zone pivot="azure-cli"
az group delete `
## Additional resources -- Refer to [What is Azure Private Endpoint](../private-link/private-endpoint-overview.md) for more details on configuring your private endpoint.
+- For more information about configuring your private endpoints, see [What is Azure Private Endpoint](../private-link/private-endpoint-overview.md).
+ - To set up DNS name resolution for internal services, you must [set up your own DNS server](../dns/index.yml).
container-registry Container Registry Intro https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/container-registry/container-registry-intro.md
Title: Managed container registries
-description: Introduction to the Azure Container Registry service, providing cloud-based, managed, private Docker registries.
+description: Introduction to the Azure Container Registry service, providing cloud-based, managed registries.
Last updated 02/10/2020
-# Introduction to private Docker container registries in Azure
+# Introduction to Container registries in Azure
-Azure Container Registry is a managed, private Docker registry service based on the open-source Docker Registry 2.0. Create and maintain Azure container registries to store and manage your private Docker container images and related artifacts.
+Azure Container Registry is a managed registry service based on the open-source Docker Registry 2.0. Create and maintain Azure container registries to store and manage your container images and related artifacts.
Use Azure container registries with your existing container development and deployment pipelines, or use Azure Container Registry Tasks to build container images in Azure. Build on demand, or fully automate builds with triggers such as source code commits and base image updates.
cosmos-db Access Key Vault Managed Identity https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/access-key-vault-managed-identity.md
+
+ Title: Use a managed identity to access Azure Key Vault from Azure Cosmos DB
+description: Use managed identity in Azure Cosmos DB to access Azure Key Vault.
+++
+ms.devlang: csharp
+ Last updated : 06/01/2022+++
+# Access Azure Key Vault from Azure Cosmos DB using a managed identity
+
+Azure Cosmos DB may need to read secret/key data from Azure Key Vault. For example, your Azure Cosmos DB may require a customer-managed key stored in Azure Key Vault. To do this, Azure Cosmos DB should be configured with a managed identity, and then an Azure Key Vault access policy should grant the managed identity access.
+
+## Prerequisites
+
+- An Azure account with an active subscription. [Create an account for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F).
+- An existing Azure Cosmos DB SQL API account. [Create an Azure Cosmos DB SQL API account](sql/create-cosmosdb-resources-portal.md)
+- An existing Azure Key Vault resource. [Create a key vault using the Azure CLI](../key-vault/general/quick-create-cli.md)
+- To perform the steps in this article, install the [Azure CLI](/cli/azure/install-azure-cli) and [sign in to Azure](/cli/azure/authenticate-azure-cli).
+
+## Prerequisite check
+
+1. In a terminal or command window, store the names of your Azure Key Vault resource, Azure Cosmos DB account and resource group as shell variables named ``keyVaultName``, ``cosmosName``, and ``resourceGroupName``.
+
+ ```azurecli-interactive
+ # Variable for function app name
+ keyVaultName="msdocs-keyvault"
+
+ # Variable for Cosmos DB account name
+ cosmosName="msdocs-cosmos-app"
+
+ # Variable for resource group name
+ resourceGroupName="msdocs-cosmos-keyvault-identity"
+ ```
+
+ > [!NOTE]
+ > These variables will be re-used in later steps. This example assumes your Azure Cosmos DB account name is ``msdocs-cosmos-app``, your key vault name is ``msdocs-keyvault`` and your resource group name is ``msdocs-cosmos-keyvault-identity``.
++
+## Create a system-assigned managed identity in Azure Cosmos DB
+
+First, create a system-assigned managed identity for the existing Azure Cosmos DB account.
+
+> [!IMPORTANT]
+> This how-to guide assumes that you are using a system-assigned managed identity. Many of the steps are similar when using a user-assigned managed identity.
+
+1. Run [``az cosmosdb identity assign``](/cli/azure/cosmosdb/identity#az-cosmosdb-identity-assign) to create a new system-assigned managed identity.
+
+ ```azurecli-interactive
+ az cosmosdb identity assign \
+ --resource-group $resourceGroupName \
+ --name $cosmosName
+ ```
+
+1. Retrieve the metadata of the system-assigned managed identity using [``az cosmosdb identity show``](/cli/azure/cosmosdb/identity#az-cosmosdb-identity-show), filter to just return the ``principalId`` property using the **query** parameter, and store the result in a shell variable named ``principal``.
+
+ ```azurecli-interactive
+ principal=$(
+ az cosmosdb identity show \
+ --resource-group $resourceGroupName \
+ --name $cosmosName \
+ --query principalId \
+ --output tsv
+ )
+
+ echo $principal
+ ```
+
+ > [!NOTE]
+ > This variable will be re-used in a later step.
+
+## Create an Azure Key Vault access policy
+
+In this step, create an access policy in Azure Key Vault using the previously managed identity.
+
+1. Use the [``az keyvault set-policy``](/cli/azure/keyvault#az-keyvault-set-policy) command to create an access policy in Azure Key Vault that gives the Azure Cosmos DB managed identity permission to access Key Vault. Specifically, the policy will use the **key-permissions** parameters to grant permissions to ``get``, ``list``, and ``import`` keys.
+
+ ```azurecli-itneractive
+ az keyvault set-policy \
+ --name $keyVaultName \
+ --object-id $principal \
+ --key-permissions get list import
+ ```
+
+## Next steps
+
+* To use customer-managed keys in Azure Key Vault with your Azure Cosmos account, see [configure customer-managed keys](how-to-setup-cmk.md#using-managed-identity)
+* To use Azure Key Vault to manage secrets, see [secure credentials](access-secrets-from-keyvault.md).
cosmos-db Access Secrets From Keyvault https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/access-secrets-from-keyvault.md
Title: Use Key Vault to store and access Azure Cosmos DB keys description: Use Azure Key Vault to store and access Azure Cosmos DB connection string, keys, endpoints. --++ ms.devlang: csharp Previously updated : 05/23/2019- Last updated : 06/01/2022+
-# Secure Azure Cosmos keys using Azure Key Vault
+# Secure Azure Cosmos credentials using Azure Key Vault
[!INCLUDE[appliesto-all-apis](includes/appliesto-all-apis.md)] >[!IMPORTANT]
-> The recommended solution to access Azure Cosmos DB keys is to use a [system-assigned managed identity](managed-identity-based-authentication.md). If your service cannot take advantage of managed identities then use the [cert based solution](certificate-based-authentication.md). If both the managed identity solution and cert based solution do not meet your needs, please use the key vault solution below.
+> The recommended solution to access Azure Cosmos DB is to use a [system-assigned managed identity](managed-identity-based-authentication.md). If your service cannot take advantage of managed identities then use the [cert based solution](certificate-based-authentication.md). If both the managed identity solution and cert based solution do not meet your needs, please use the key vault solution below.
-When using Azure Cosmos DB for your applications, you can access the database, collections, documents by using the endpoint and the key within the app's configuration file. However, it's not safe to put keys and URL directly in the application code because they are available in clear text format to all the users. You want to make sure that the endpoint and keys are available but through a secured mechanism. This is where Azure Key Vault can help you to securely store and manage application secrets.
+When using Azure Cosmos DB, you can access the database, collections, documents by using the endpoint and the key within the app's configuration file. However, it's not safe to put keys and URL directly in the application code because they're available in clear text format to all the users. You want to make sure that the endpoint and keys are available but through a secured mechanism. This scenario is where Azure Key Vault can help you to securely store and manage application secrets.
The following steps are required to store and read Azure Cosmos DB access keys from Key Vault:
The following steps are required to store and read Azure Cosmos DB access keys f
2. Select **Create a resource > Security > Key Vault**. 3. On the **Create key vault** section provide the following information: * **Name:** Provide a unique name for your Key Vault.
- * **Subscription:** Choose the subscription that you will use.
- * Under **Resource Group** choose **Create new** and enter a resource group name.
+ * **Subscription:** Choose the subscription that you'll use.
+ * Within **Resource Group**, choose **Create new** and enter a resource group name.
* In the Location pull-down menu, choose a location. * Leave other options to their defaults. 4. After providing the information above, select **Create**.
The following steps are required to store and read Azure Cosmos DB access keys f
* Provide a **Name** for your secret * Provide the connection string of your Cosmos DB account into the **Value** field. And then select **Create**.
- :::image type="content" source="./media/access-secrets-from-keyvault/create-a-secret.png" alt-text="Create a secret":::
+ :::image type="content" source="./media/access-secrets-from-keyvault/create-a-secret.png" alt-text="Screenshot of the Create a secret dialog in the Azure portal.":::
-4. After the secret is created, open it and copy the **Secret Identifier that is in the following format. You will use this identifier in the next section.
+4. After the secret is created, open it and copy the **Secret Identifier that is in the following format. You'll use this identifier in the next section.
`https://<Key_Vault_Name>.vault.azure.net/secrets/<Secret _Name>/<ID>` ## Create an Azure web application
-1. Create an Azure web application or you can download the app from the [GitHub repository](https://github.com/Azure/azure-cosmos-dotnet-v2/tree/master/Demo/keyvaultdemo). It is a simple MVC application.
+1. Create an Azure web application or you can download the app from the [GitHub repository](https://github.com/Azure/azure-cosmos-dotnet-v2/tree/master/Demo/keyvaultdemo). It's a simple MVC application.
2. Unzip the downloaded application and open the **HomeController.cs** file. Update the secret ID in the following line: `var secret = await keyVaultClient.GetSecretAsync("<Your Key VaultΓÇÖs secret identifier>")` 3. **Save** the file, **Build** the solution.
-4. Next deploy the application to Azure. Right click on project and choose **publish**. Create a new app service profile (you can name the app WebAppKeyVault1) and select **Publish**.
+4. Next deploy the application to Azure. Open the context menu for the project and choose **publish**. Create a new app service profile (you can name the app WebAppKeyVault1) and select **Publish**.
-5. Once the application is deployed. From the Azure portal, navigate to web app that you deployed, and turn on the **Managed service identity** of this application.
+5. Once the application is deployed from the Azure portal, navigate to web app that you deployed, and turn on the **Managed service identity** of this application.
- :::image type="content" source="./media/access-secrets-from-keyvault/turn-on-managed-service-identity.png" alt-text="Managed service identity":::
+ :::image type="content" source="./media/access-secrets-from-keyvault/turn-on-managed-service-identity.png" alt-text="Screenshot of the Managed service identity page in the Azure portal.":::
-If you will run the application now, you will see the following error, as you have not given any permission to this application in Key Vault.
+If you run the application now, you'll see the following error, as you have not given any permission to this application in Key Vault.
## Register the application & grant permissions to read the Key Vault
Similarly, you can add a user to access the key Vault. You need to add yourself
## Next steps
-* To configure a firewall for Azure Cosmos DB see [firewall support](how-to-configure-firewall.md) article.
+* To configure a firewall for Azure Cosmos DB, see [firewall support](how-to-configure-firewall.md) article.
* To configure virtual network service endpoint, see [secure access by using VNet service endpoint](how-to-configure-vnet-service-endpoint.md) article.
cosmos-db Concepts Limits https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/concepts-limits.md
Previously updated : 04/27/2022 Last updated : 05/30/2022 # Azure Cosmos DB service quotas
Depending on the current RU/s provisioned and resource settings, each resource c
| Maximum RU/s per container | 5,000 | | Maximum storage across all items per (logical) partition | 20 GB | | Maximum number of distinct (logical) partition keys | Unlimited |
-| Maximum storage per container (SQL API, Mongo API, Table API, Gremlin API)| 50 GB<sup>1</sup> |
-| Maximum storage per container (Cassandra API)| 30 GB |
+| Maximum storage per container (SQL API, Mongo API, Table API, Gremlin API)| 1 TB |
+| Maximum storage per container (Cassandra API)| 1 TB |
<sup>1</sup> Serverless containers up to 1 TB are currently in preview with Azure Cosmos DB. To try the new feature, register the *"Azure Cosmos DB Serverless 1 TB Container Preview"* [preview feature in your Azure subscription](../azure-resource-manager/management/preview-features.md).
You can [provision and manage your Azure Cosmos account](how-to-manage-database-
| Resource | Limit | | | | | Maximum number of accounts per subscription | 50 by default. <sup>1</sup> |
-| Maximum number of regional failovers | 1/hour by default. <sup>1</sup> <sup>2</sup> |
+| Maximum number of regional failovers | 10/hour by default. <sup>1</sup> <sup>2</sup> |
<sup>1</sup> You can increase these limits by creating an [Azure Support request](create-support-request-quota-increase.md).
cosmos-db Custom Partitioning Analytical Store https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/custom-partitioning-analytical-store.md
It is important to note that custom partitioning ensures complete transactional
If you configured [managed private endpoints](analytical-store-private-endpoints.md) for your analytical store, to ensure network isolation for partitioned store, we recommend that you also add managed private endpoints for the partitioned store. The partitioned store is primary storage account associated with your Synapse workspace.
-Similarly, if you configured [customer-managed keys on analytical store](how-to-setup-cmk.md#is-it-possible-to-use-customer-managed-keys-in-conjunction-with-the-azure-cosmos-db-analytical-store), you must directly enable it on the Synapse workspace primary storage account, which is the partitioned store, as well.
+Similarly, if you configured [customer-managed keys on analytical store](how-to-setup-cmk.md#is-it-possible-to-use-customer-managed-keys-with-the-azure-cosmos-db-analytical-store), you must directly enable it on the Synapse workspace primary storage account, which is the partitioned store, as well.
## Partitioning strategies You could use one or more partition keys for your analytical data. If you are using multiple partition keys, below are some recommendations on how to partition the data:
cosmos-db Dedicated Gateway https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/dedicated-gateway.md
There are many different ways to provision a dedicated gateway:
- [Provision a dedicated gateway using the Azure Portal](how-to-configure-integrated-cache.md#provision-a-dedicated-gateway-cluster) - [Use Azure Cosmos DB's REAT API](/rest/api/cosmos-db-resource-provider/2021-04-01-preview/service/create)-- [Azure CLI](/cli/azure/cosmosdb/service#az-cosmosdb-service-create)
+- [Azure CLI](/cli/azure/cosmosdb/service?view=azure-cli-latest&preserve-view=true#az-cosmosdb-service-create)
- [ARM template](/azure/templates/microsoft.documentdb/databaseaccounts/services?tabs=bicep) - Note: You cannot deprovision a dedicated gateway using ARM templates
cosmos-db Graph Visualization Partners https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/graph/graph-visualization-partners.md
With the Graphistry's GPU client/cloud technology, you can do interactive visual
Graphlytic is a highly customizable web application for graph visualization and analysis. Users can interactively explore the graph, look for patterns with the Gremlin language, or use filters to find answers to any graph question. Graph rendering is done with the 'Cytoscape.js' library, which allows Graphlytic to render tens of thousands of nodes and hundreds of thousands of relationships at once.
-Graphlytic is compatible with Azure Cosmos DB and can be deployed to Azure in minutes. GraphlyticΓÇÖs UI can be customized and extended in many ways, for instance the default [visualization configuration](https://graphlytic.biz/doc/latest/Visualization_settings.html), [data schema](https://graphlytic.biz/doc/latest/Data_schema.html), [style mappings](https://graphlytic.biz/doc/latest/Style_mappers.html), [virtual properties](https://graphlytic.biz/doc/latest/Virtual_properties.html) in the visualization, or custom implemented [widgets](https://graphlytic.biz/doc/latest/Widgets.html) that can enhance the visualization features with bespoke reports or integrations.
+Graphlytic is compatible with Azure Cosmos DB and can be deployed to Azure in minutes. GraphlyticΓÇÖs UI can be customized and extended in many ways, for instance the default [visualization configuration](https://graphlytic.biz/doc/latest/Visualization_Settings.html), [data schema](https://graphlytic.biz/doc/latest/Data_Schema.html), [style mappings](https://graphlytic.biz/doc/latest/Style_Mappers.html), [virtual properties](https://graphlytic.biz/doc/latest/Virtual_properties.html) in the visualization, or custom implemented [widgets](https://graphlytic.biz/doc/latest/Widgets.html) that can enhance the visualization features with bespoke reports or integrations.
The following are two example scenarios:
cosmos-db How To Setup Cmk https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/how-to-setup-cmk.md
az cosmosdb show \
## <a id="using-managed-identity"></a> Using a managed identity in the Azure Key Vault access policy
-This access policy ensures that your encryption keys can be accessed by your Azure Cosmos DB account. This is done by granting access to a specific Azure Active Directory (AD) identity. Two types of identities are supported:
+This access policy ensures that your encryption keys can be accessed by your Azure Cosmos DB account. The access policy is implemented by granting access to a specific Azure Active Directory (AD) identity. Two types of identities are supported:
- Azure Cosmos DB's first-party identity can be used to grant access to the Azure Cosmos DB service. - Your Azure Cosmos DB account's [managed identity](how-to-setup-managed-identity.md) can be used to grant access to your account specifically.
This access policy ensures that your encryption keys can be accessed by your Azu
Because a system-assigned managed identity can only be retrieved after the creation of your account, you still need to initially create your account using the first-party identity, as described [above](#add-access-policy). Then:
-1. If this wasn't done during account creation, [enable a system-assigned managed identity](./how-to-setup-managed-identity.md#add-a-system-assigned-identity) on your account and copy the `principalId` that got assigned.
+1. If the system-assigned managed identity wasn't configured during account creation, [enable a system-assigned managed identity](./how-to-setup-managed-identity.md#add-a-system-assigned-identity) on your account and copy the `principalId` that got assigned.
-1. Add a new access policy to your Azure Key Vault account just as described [above](#add-access-policy), but using the `principalId` you copied at the previous step instead of Azure Cosmos DB's first-party identity.
+1. Add a new access policy to your Azure Key Vault account as described [above](#add-access-policy), but using the `principalId` you copied at the previous step instead of Azure Cosmos DB's first-party identity.
-1. Update your Azure Cosmos DB account to specify that you want to use the system-assigned managed identity when accessing your encryption keys in Azure Key Vault. You can do this:
+1. Update your Azure Cosmos DB account to specify that you want to use the system-assigned managed identity when accessing your encryption keys in Azure Key Vault. You have two options:
- - by specifying this property in your account's Azure Resource Manager template:
+ - Specify the property in your account's Azure Resource Manager template:
- ```json
- {
- "type": " Microsoft.DocumentDB/databaseAccounts",
- "properties": {
- "defaultIdentity": "SystemAssignedIdentity",
+ ```json
+ {
+ "type": " Microsoft.DocumentDB/databaseAccounts",
+ "properties": {
+ "defaultIdentity": "SystemAssignedIdentity",
+ // ...
+ },
// ...
- },
- // ...
- }
- ```
-
- - by updating your account with the Azure CLI:
+ }
+ ```
- ```azurecli
- resourceGroupName='myResourceGroup'
- accountName='mycosmosaccount'
+ - Update your account with the Azure CLI:
- az cosmosdb update --resource-group $resourceGroupName --name $accountName --default-identity "SystemAssignedIdentity"
- ```
+ ```azurecli
+ resourceGroupName='myResourceGroup'
+ accountName='mycosmosaccount'
+
+ az cosmosdb update --resource-group $resourceGroupName --name $accountName --default-identity "SystemAssignedIdentity"
+ ```
1. Optionally, you can then remove the Azure Cosmos DB first-party identity from your Azure Key Vault access policy.
Because a system-assigned managed identity can only be retrieved after the creat
1. When creating the new access policy in your Azure Key Vault account as described [above](#add-access-policy), use the `Object ID` of the managed identity you wish to use instead of Azure Cosmos DB's first-party identity.
-1. When creating your Azure Cosmos DB account, you must enable the user-assigned managed identity and specify that you want to use this identity when accessing your encryption keys in Azure Key Vault. You can do this:
-
- - in an Azure Resource Manager template:
+1. When creating your Azure Cosmos DB account, you must enable the user-assigned managed identity and specify that you want to use this identity when accessing your encryption keys in Azure Key Vault. Options include:
- ```json
- {
- "type": "Microsoft.DocumentDB/databaseAccounts",
- "identity": {
- "type": "UserAssigned",
- "userAssignedIdentities": {
- "<identity-resource-id>": {}
- }
- },
- // ...
- "properties": {
- "defaultIdentity": "UserAssignedIdentity=<identity-resource-id>"
- "keyVaultKeyUri": "<key-vault-key-uri>"
+ - Using an Azure Resource Manager template:
+
+ ```json
+ {
+ "type": "Microsoft.DocumentDB/databaseAccounts",
+ "identity": {
+ "type": "UserAssigned",
+ "userAssignedIdentities": {
+ "<identity-resource-id>": {}
+ }
+ },
// ...
+ "properties": {
+ "defaultIdentity": "UserAssignedIdentity=<identity-resource-id>"
+ "keyVaultKeyUri": "<key-vault-key-uri>"
+ // ...
+ }
}
- }
- ```
+ ```
- - with the Azure CLI:
+ - Using the Azure CLI:
- ```azurecli
- resourceGroupName='myResourceGroup'
- accountName='mycosmosaccount'
- keyVaultKeyUri = 'https://<my-vault>.vault.azure.net/keys/<my-key>'
-
- az cosmosdb create \
- -n $accountName \
- -g $resourceGroupName \
- --key-uri $keyVaultKeyUri
- --assign-identity <identity-resource-id>
- --default-identity "UserAssignedIdentity=<identity-resource-id>"
- ```
+ ```azurecli
+ resourceGroupName='myResourceGroup'
+ accountName='mycosmosaccount'
+ keyVaultKeyUri = 'https://<my-vault>.vault.azure.net/keys/<my-key>'
+
+ az cosmosdb create \
+ -n $accountName \
+ -g $resourceGroupName \
+ --key-uri $keyVaultKeyUri
+ --assign-identity <identity-resource-id>
+ --default-identity "UserAssignedIdentity=<identity-resource-id>"
+ ```
## Use CMK with continuous backup
When you create a new Azure Cosmos account through an Azure Resource Manager tem
## Customer-managed keys and double encryption
-When using customer-managed keys, the data you store in your Azure Cosmos DB account ends up being encrypted twice:
+The data you store in your Azure Cosmos DB account when using customer-managed keys ends up being encrypted twice:
- Once through the default encryption performed with Microsoft-managed keys.-- Once through the additional encryption performed with customer-managed keys.
+- Once through the extra encryption performed with customer-managed keys.
-Note that **this only applies to the main Azure Cosmos DB transactional storage**. Some features involve internal replication of your data to a second tier of storage where double encryption isn't provided, even when using customer-managed keys. These features include:
+Double encryption only applies to the main Azure Cosmos DB transactional storage. Some features involve internal replication of your data to a second tier of storage where double encryption isn't provided, even with customer-managed keys. These features include:
-- [Synapse Link](./synapse-link.md)
+- [Azure Synapse Link](./synapse-link.md)
- [Continuous backups with point-in-time restore](./continuous-backup-restore-introduction.md) ## Key rotation
Rotating the customer-managed key used by your Azure Cosmos account can be done
- Create a new version of the key currently used from Azure Key Vault:
- :::image type="content" source="./media/how-to-setup-cmk/portal-akv-rot.png" alt-text="Create a new key version":::
+ :::image type="content" source="./media/how-to-setup-cmk/portal-akv-rot.png" alt-text="Screenshot of the New Version option in the Versions page of the Azure portal.":::
-- Swap the key currently used with a totally different one by updating the key URI on your account. From the Azure portal, go to your Azure Cosmos account and select **Data Encryption** from the left menu:
+- Swap the key currently used with a different one by updating the key URI on your account. From the Azure portal, go to your Azure Cosmos account and select **Data Encryption** from the left menu:
- :::image type="content" source="./media/how-to-setup-cmk/portal-data-encryption.png" alt-text="The Data Encryption menu entry":::
+ :::image type="content" source="./media/how-to-setup-cmk/portal-data-encryption.png" alt-text="Screenshot of the Data Encryption menu option in the Azure portal.":::
Then, replace the **Key URI** with the new key you want to use and select **Save**:
- :::image type="content" source="./media/how-to-setup-cmk/portal-key-swap.png" alt-text="Update the key URI":::
+ :::image type="content" source="./media/how-to-setup-cmk/portal-key-swap.png" alt-text="Screenshot of the Save option in the Key page of the Azure portal.":::
Here's how to do achieve the same result in PowerShell:
The previous key or key version can be disabled after the [Azure Key Vault audit
## Error handling
-When using customer-managed keys in Azure Cosmos DB, if there are any errors, Azure Cosmos DB returns the error details along with a HTTP sub-status code in the response. You can use this sub-status code to debug the root cause of the issue. See the [HTTP Status Codes for Azure Cosmos DB](/rest/api/cosmos-db/http-status-codes-for-cosmosdb) article to get the list of supported HTTP sub-status codes.
+If there are any errors with customer-managed keys in Azure Cosmos DB, Azure Cosmos DB returns the error details along with an HTTP substatus code in the response. You can use the HTTP substatus code to debug the root cause of the issue. See the [HTTP Status Codes for Azure Cosmos DB](/rest/api/cosmos-db/http-status-codes-for-cosmosdb) article to get the list of supported HTTP substatus codes.
## Frequently asked questions
-### Is there an additional charge to enable customer-managed keys?
+### Are there more charges to enable customer-managed keys?
No, there's no charge to enable this feature.
-### How do customer-managed keys impact capacity planning?
+### How do customer-managed keys influence capacity planning?
-When using customer-managed keys, [Request Units](./request-units.md) consumed by your database operations see an increase to reflect the additional processing required to perform encryption and decryption of your data. This may lead to slightly higher utilization of your provisioned capacity. Use the table below for guidance:
+[Request Units](./request-units.md) consumed by your database operations see an increase to reflect the extra processing required to perform encryption and decryption of your data when using customer-managed keys. The extra RU consumption may lead to slightly higher utilization of your provisioned capacity. Use the table below for guidance:
| Operation type | Request Unit increase | |||
All the data stored in your Azure Cosmos account is encrypted with the customer-
This feature is currently available only for new accounts.
-### Is it possible to use customer-managed keys in conjunction with the Azure Cosmos DB [analytical store](analytical-store-introduction.md)?
+### Is it possible to use customer-managed keys with the Azure Cosmos DB [analytical store](analytical-store-introduction.md)?
-Yes, Azure Synapse Link only supports configuring customer-managed keys using your Azure Cosmos DB account's managed identity. You must [use your Azure Cosmos DB account's managed identity](#using-managed-identity) in your Azure Key Vault access policy before [enabling Azure Synapse Link](configure-synapse-link.md#enable-synapse-link) on your account.
+Yes, Azure Synapse Link only supports configuring customer-managed keys using your Azure Cosmos DB account's managed identity. You must [use your Azure Cosmos DB account's managed identity](#using-managed-identity) in your Azure Key Vault access policy before [enabling Azure Synapse Link](configure-synapse-link.md#enable-synapse-link) on your account. For a how-to guide on how to enable managed identity and use it in an access policy, see [access Azure Key Vault from Azure Cosmos DB using a managed identity](access-key-vault-managed-identity.md).
### Is there a plan to support finer granularity than account-level keys?
You can also programmatically fetch the details of your Azure Cosmos account and
Azure Cosmos DB takes [regular and automatic backups](./online-backup-and-restore.md) of the data stored in your account. This operation backs up the encrypted data. The following conditions are necessary to successfully restore a periodic backup:-- The encryption key that you used at the time of the backup is required and must be available in Azure Key Vault. This means that no revocation was made and the version of the key that was used at the time of the backup is still enabled.-- If you [used a system-assigned managed identity in the Azure Key Vault access policy](#to-use-a-system-assigned-managed-identity) of the source account, you must temporarily grant access to the Azure Cosmos DB first-party identity in that access policy as described [here](#add-access-policy) before restoring your data. This is because a system-assigned managed identity is specific to an account and cannot be re-used in the target account. Once the data is fully restored to the target account, you can set your desired identity configuration and remove the first-party identity from the Key Vault access policy.
+- The encryption key that you used at the time of the backup is required and must be available in Azure Key Vault. This condition requires that no revocation was made and the version of the key that was used at the time of the backup is still enabled.
+- If you [used a system-assigned managed identity in the access policy](#to-use-a-system-assigned-managed-identity), temporarily [grant access to the Azure Cosmos DB first-party identity](#add-access-policy) before restoring your data. This requirement exists because a system-assigned managed identity is specific to an account and can't be reused in the target account. Once the data is fully restored to the target account, you can set your desired identity configuration and remove the first-party identity from the Key Vault access policy.
### How do customer-managed keys affect continuous backups?
-Azure Cosmos DB gives you the option to configure [continuous backups](./continuous-backup-restore-introduction.md) on your account. With continuous backups, you can restore your data to any point in time within the past 30 days. To use continuous backups on an account where customer-managed keys are enabled, you must [use a user-assigned managed identity](#to-use-a-user-assigned-managed-identity) in the Key Vault access policy; the Azure Cosmos DB first-party identity or a system-assigned managed identity aren't currently supported on accounts using continuous backups.
+Azure Cosmos DB gives you the option to configure [continuous backups](./continuous-backup-restore-introduction.md) on your account. With continuous backups, you can restore your data to any point in time within the past 30 days. To use continuous backups on an account where customer-managed keys are enabled, you must [use a user-assigned managed identity](#to-use-a-user-assigned-managed-identity) in the Key Vault access policy. Azure Cosmos DB first-party identities or system-assigned managed identities aren't currently supported on accounts using continuous backups.
The following conditions are necessary to successfully perform a point-in-time restore:-- The encryption key that you used at the time of the backup is required and must be available in Azure Key Vault. This means that no revocation was made and the version of the key that was used at the time of the backup is still enabled.
+- The encryption key that you used at the time of the backup is required and must be available in Azure Key Vault. This requirement means that no revocation was made and the version of the key that was used at the time of the backup is still enabled.
- You must ensure that the user-assigned managed identity originally used on the source account is still declared in the Key Vault access policy. > [!IMPORTANT]
cosmos-db How To Setup Rbac https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/how-to-setup-rbac.md
The way you create a `TokenCredential` instance is beyond the scope of this arti
- [In .NET](/dotnet/api/overview/azure/identity-readme#credential-classes) - [In Java](/java/api/overview/azure/identity-readme#credential-classes) - [In JavaScript](/javascript/api/overview/azure/identity-readme#credential-classes)-- [In Python](/python/api/overview/azure/identity-readme#credential-classes)
+- [In Python](/python/api/overview/azure/identity-readme?view=azure-python&preserve-view=true#credential-classes)
The examples below use a service principal with a `ClientSecretCredential` instance.
cosmos-db Local Emulator Release Notes https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/local-emulator-release-notes.md
This article shows the Azure Cosmos DB Emulator released versions and it details
## Release notes
+### 2.14.7 (May 9, 2022)
+
+ - This release updates the Azure Cosmos DB Emulator background services to match the latest online functionality of the Azure Cosmos DB. In addition to this update there are couple issues that were addressed in this release:
+ * Update Data Explorer to the latest content and fix a broken link for the quick start sample documentation.
+ * Add option to enable the Mongo API version for the Linux Cosmos DB emulator by setting the environment variable: "AZURE_COSMOS_EMULATOR_ENABLE_MONGODB_ENDPOINT" in the Docker container setting. Valid setting are: "3.2", "3.6", "4.0" and "4.2"
+ ### 2.14.6 (March 7, 2022) - This release updates the Azure Cosmos DB Emulator background services to match the latest online functionality of the Azure Cosmos DB. In addition to this update there are couple issues that were addressed in this release:
cosmos-db Managed Identity Based Authentication https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/managed-identity-based-authentication.md
Title: How to use a system-assigned managed identity to access Azure Cosmos DB data
+ Title: Use system-assigned managed identities to access Azure Cosmos DB data
description: Learn how to configure an Azure Active Directory (Azure AD) system-assigned managed identity (managed service identity) to access keys from Azure Cosmos DB. -+ Previously updated : 07/02/2021-- Last updated : 06/01/2022++ - # Use system-assigned managed identities to access Azure Cosmos DB data-
-> [!TIP]
-> [Data plane role-based access control (RBAC)](how-to-setup-rbac.md) is now available on Azure Cosmos DB, providing a seamless way to authorize your requests with Azure Active Directory.
-
-In this article, you'll set up a *robust, key rotation agnostic* solution to access Azure Cosmos DB keys by using [managed identities](../active-directory/managed-identities-azure-resources/services-support-managed-identities.md). The example in this article uses Azure Functions, but you can use any service that supports managed identities.
-
-You'll learn how to create a function app that can access Azure Cosmos DB data without needing to copy any Azure Cosmos DB keys. The function app will wake up every minute and record the current temperature of an aquarium fish tank. To learn how to set up a timer-triggered function app, see the [Create a function in Azure that is triggered by a timer](../azure-functions/functions-create-scheduled-function.md) article.
-
-To simplify the scenario, a [Time To Live](./time-to-live.md) setting is already configured to clean up older temperature documents.
-
-> [!IMPORTANT]
-> Because this approach fetches your account's primary key through the Azure Cosmos DB control plane, it will not work if [a read-only lock has been applied](../azure-resource-manager/management/lock-resources.md) to your account. In this situation, consider using the Azure Cosmos DB [data plane RBAC](how-to-setup-rbac.md) instead.
-
-## Assign a system-assigned managed identity to a function app
-
-In this step, you'll assign a system-assigned managed identity to your function app.
-1. In the [Azure portal](https://portal.azure.com/), open the **Azure Function** pane and go to your function app.
+In this article, you'll set up a *robust, key rotation agnostic* solution to access Azure Cosmos DB keys by using [managed identities](../active-directory/managed-identities-azure-resources/services-support-managed-identities.md) and [data plane role-based access control](how-to-setup-rbac.md). The example in this article uses Azure Functions, but you can use any service that supports managed identities.
-1. Open the **Platform features** > **Identity** tab:
+You'll learn how to create a function app that can access Azure Cosmos DB data without needing to copy any Azure Cosmos DB keys. The function app will trigger when an HTTP request is made and then list all of the existing databases.
- :::image type="content" source="./media/managed-identity-based-authentication/identity-tab-selection.png" alt-text="Screenshot showing Platform features and Identity options for the function app.":::
+## Prerequisites
-1. On the **Identity** tab, turn **On** the system identity **Status** and select **Save**. The **Identity** pane should look as follows:
+- An Azure account with an active subscription. [Create an account for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F).
+- An existing Azure Cosmos DB SQL API account. [Create an Azure Cosmos DB SQL API account](sql/create-cosmosdb-resources-portal.md)
+- An existing Azure Functions function app. [Create your first function in the Azure portal](../azure-functions/functions-create-function-app-portal.md)
+ - A system-assigned managed identity for the function app. [Add a system-assigned identity](/app-service/overview-managed-identity.md?tabs=cli#add-a-system-assigned-identity)
+- [Azure Functions Core Tools](../azure-functions/functions-run-local.md)
+- To perform the steps in this article, install the [Azure CLI](/cli/azure/install-azure-cli) and [sign in to Azure](/cli/azure/authenticate-azure-cli).
- :::image type="content" source="./media/managed-identity-based-authentication/identity-tab-system-managed-on.png" alt-text="Screenshot showing system identity Status set to On.":::
+## Prerequisite check
-## Grant access to your Azure Cosmos account
-
-In this step, you'll assign a role to the function app's system-assigned managed identity. Azure Cosmos DB has multiple built-in roles that you can assign to the managed identity. For this solution, you'll use the following two roles:
-
-|Built-in role |Description |
-|||
-|[DocumentDB Account Contributor](../role-based-access-control/built-in-roles.md#documentdb-account-contributor)|Can manage Azure Cosmos DB accounts. Allows retrieval of read/write keys. |
-|[Cosmos DB Account Reader Role](../role-based-access-control/built-in-roles.md#cosmos-db-account-reader-role)|Can read Azure Cosmos DB account data. Allows retrieval of read keys. |
-
-> [!TIP]
-> When you assign roles, assign only the needed access. If your service requires only reading data, then assign the **Cosmos DB Account Reader** role to the managed identity. For more information about the importance of least privilege access, see the [Lower exposure of privileged accounts](../security/fundamentals/identity-management-best-practices.md#lower-exposure-of-privileged-accounts) article.
-
-In this scenario, the function app will read the temperature of the aquarium, then write back that data to a container in Azure Cosmos DB. Because the function app must write the data, you'll need to assign the **DocumentDB Account Contributor** role.
+1. In a terminal or command window, store the names of your Azure Functions function app, Azure Cosmos DB account and resource group as shell variables named ``functionName``, ``cosmosName``, and ``resourceGroupName``.
-### Assign the role using Azure portal
+ ```azurecli-interactive
+ # Variable for function app name
+ functionName="msdocs-function-app"
+
+ # Variable for Cosmos DB account name
+ cosmosName="msdocs-cosmos-app"
-1. Sign in to the Azure portal and go to your Azure Cosmos DB account.
+ # Variable for resource group name
+ resourceGroupName="msdocs-cosmos-functions-dotnet-identity"
+ ```
-1. Select **Access control (IAM)**.
+ > [!NOTE]
+ > These variables will be re-used in later steps. This example assumes your Azure Cosmos DB account name is ``msdocs-cosmos-app``, your function app name is ``msdocs-function-app`` and your resource group name is ``msdocs-cosmos-functions-dotnet-identity``.
-1. Select **Add** > **Add role assignment**.
+1. View the function app's properties using the [``az functionapp show``](/cli/azure/functionapp&preserve-view=true#az-functionapp-show) command.
- :::image type="content" source="../../includes/role-based-access-control/media/add-role-assignment-menu-generic.png" alt-text="Screenshot that shows Access control (IAM) page with Add role assignment menu open.":::
+ ```azurecli-interactive
+ az functionapp show \
+ --resource-group $resourceGroupName \
+ --name $functionName
+ ```
-1. On the **Role** tab, select **DocumentDB Account Contributor**.
+1. View the properties of the system-assigned managed identity for your function app using [``az webapp identity show``](/cli/azure/webapp/identity#az-webapp-identity-show).
-1. On the **Members** tab, select **Managed identity**, and then select **Select members**.
+ ```azurecli-interactive
+ az webapp identity show \
+ --resource-group $resourceGroupName \
+ --name $functionName
+ ```
-1. Select your Azure subscription.
+1. View the Cosmos DB account's properties using [``az cosmosdb show``](/cli/azure/cosmosdb#az-cosmosdb-show).
-1. Under **System-assigned managed identity**, select **Function App**, and then select **FishTankTemperatureService**.
+ ```azurecli-interactive
+ az cosmosdb show \
+ --resource-group $resourceGroupName \
+ --name $cosmosName
+ ```
-1. On the **Review + assign** tab, select **Review + assign** to assign the role.
+## Create Cosmos DB SQL API databases
-### Assign the role using Azure CLI
+In this step, you'll create two databases.
-To assign the role by using Azure CLI, open the Azure Cloud Shell and run the following commands:
+1. In a terminal or command window, create a new ``products`` database using [``az cosmosdb sql database create``](/cli/azure/cosmosdb/sql/database#az-cosmosdb-sql-database-create).
-```azurecli-interactive
+ ```azurecli-interactive
+ az cosmosdb sql database create \
+ --resource-group $resourceGroupName \
+ --name products \
+ --account-name $cosmosName
+ ```
-scope=$(az cosmosdb show --name '<Your_Azure_Cosmos_account_name>' --resource-group '<CosmosDB_Resource_Group>' --query id)
+1. Create a new ``customers`` database.
-principalId=$(az webapp identity show -n '<Your_Azure_Function_name>' -g '<Azure_Function_Resource_Group>' --query principalId)
+ ```azurecli-interactive
+ az cosmosdb sql database create \
+ --resource-group $resourceGroupName \
+ --name customers \
+ --account-name $cosmosName
+ ```
-az role assignment create --assignee $principalId --role "DocumentDB Account Contributor" --scope $scope
-```
+## Get Cosmos DB SQL API endpoint
-## Programmatically access the Azure Cosmos DB keys
+In this step, you'll query the document endpoint for the SQL API account.
-Now we have a function app that has a system-assigned managed identity with the **DocumentDB Account Contributor** role in the Azure Cosmos DB permissions. The following function app code will get the Azure Cosmos DB keys, create a CosmosClient object, get the temperature of the aquarium, and then save this to Azure Cosmos DB.
+1. Use ``az cosmosdb show`` with the **query** parameter set to ``documentEndpoint``. Record the result. You'll use this value in a later step.
-This sample uses the [List Keys API](/rest/api/cosmos-db-resource-provider/2021-04-01-preview/database-accounts/list-keys) to access your Azure Cosmos DB account keys.
+ ```azurecli-interactive
+ az cosmosdb show \
+ --resource-group $resourceGroupName \
+ --name $cosmosName \
+ --query documentEndpoint
-> [!IMPORTANT]
-> If you want to [assign the Cosmos DB Account Reader](#grant-access-to-your-azure-cosmos-account) role, you'll need to use the [List Read Only Keys API](/rest/api/cosmos-db-resource-provider/2021-04-01-preview/database-accounts/list-read-only-keys). This will populate just the read-only keys.
+ cosmosEndpoint=$(
+ az cosmosdb show \
+ --resource-group $resourceGroupName \
+ --name $cosmosName \
+ --query documentEndpoint \
+ --output tsv
+ )
+
+ echo $cosmosEndpoint
+ ```
-The List Keys API returns the `DatabaseAccountListKeysResult` object. This type isn't defined in the C# libraries. The following code shows the implementation of this class:
+ > [!NOTE]
+ > This variable will be re-used in a later step.
-```csharp
-namespace Monitor
-{
- public class DatabaseAccountListKeysResult
- {
- public string primaryMasterKey { get; set; }
- public string primaryReadonlyMasterKey { get; set; }
- public string secondaryMasterKey { get; set; }
- public string secondaryReadonlyMasterKey { get; set; }
- }
-}
-```
-
-The example also uses a simple document called "TemperatureRecord," which is defined as follows:
+## Grant access to your Azure Cosmos account
-```csharp
-using System;
+In this step, you'll assign a role to the function app's system-assigned managed identity. Azure Cosmos DB has multiple built-in roles that you can assign to the managed identity. For this solution, you'll use the [Cosmos DB Built-in Data Reader](how-to-setup-rbac.md#built-in-role-definitions) role.
-namespace Monitor
-{
- public class TemperatureRecord
+> [!TIP]
+> When you assign roles, assign only the needed access. If your service requires only reading data, then assign the **Cosmos DB Built-in Data Reader** role to the managed identity. For more information about the importance of least privilege access, see the [Lower exposure of privileged accounts](../security/fundamentals/identity-management-best-practices.md#lower-exposure-of-privileged-accounts) article.
+
+1. Use ``az cosmosdb show`` with the **query** parameter set to ``id``. Store the result in a shell variable named ``scope``.
+
+ ```azurecli-interactive
+ scope=$(
+ az cosmosdb show \
+ --resource-group $resourceGroupName \
+ --name $cosmosName \
+ --query id \
+ --output tsv
+ )
+
+ echo $scope
+ ```
+
+ > [!NOTE]
+ > This variable will be re-used in a later step.
+
+1. Use ``az webapp identity show`` with the **query** parameter set to ``principalId``. Store the result in a shell variable named ``principal``.
+
+ ```azurecli-interactive
+ principal=$(
+ az webapp identity show \
+ --resource-group $resourceGroupName \
+ --name $functionName \
+ --query principalId \
+ --output tsv
+ )
+
+ echo $principal
+ ```
+
+1. Create a new JSON object with the configuration of the new custom role.
+
+ ```json
{
- public string id { get; set; } = Guid.NewGuid().ToString();
- public DateTime RecordTime { get; set; }
- public int Temperature { get; set; }
+ "RoleName": "Read Cosmos Metadata",
+ "Type": "CustomRole",
+ "AssignableScopes": ["/"],
+ "Permissions": [{
+ "DataActions": [
+ "Microsoft.DocumentDB/databaseAccounts/readMetadata"
+ ]
+ }]
}
-}
-```
+ ```
-You'll use the [Microsoft.Azure.Services.AppAuthentication](https://www.nuget.org/packages/Microsoft.Azure.Services.AppAuthentication) library to get the system-assigned managed identity token. To learn other ways to get the token and find out more information about the `Microsoft.Azure.Service.AppAuthentication` library, see the [Service-to-service authentication](/dotnet/api/overview/azure/service-to-service-authentication) article.
+1. Use [``az role assignment create``](/cli/azure/cosmosdb/sql/role/assignment#az-cosmosdb-sql-role-assignment-create) to assign the ``Cosmos DB Built-in Data Reader`` role to the system-assigned managed identity.
+ ```azurecli-interactive
+ az cosmosdb sql role assignment create \
+ --resource-group $resourceGroupName \
+ --account-name $cosmosName \
+ --role-definition-name "Read Cosmos Metadata" \
+ --principal-id $principal \
+ --scope $scope
+ ```
-```csharp
-using System;
-using System.Net.Http;
-using System.Net.Http.Headers;
-using System.Threading.Tasks;
-using Microsoft.Azure.Cosmos;
-using Microsoft.Azure.Services.AppAuthentication;
-using Microsoft.Azure.WebJobs;
-using Microsoft.Extensions.Logging;
+## Programmatically access the Azure Cosmos DB keys
-namespace Monitor
-{
- public static class FishTankTemperatureService
+We now have a function app that has a system-assigned managed identity with the **Cosmos DB Built-in Data Reader** role. The following function app will query the Azure Cosmos DB account for a list of databases.
+
+1. Create a local function project with the ``--dotnet`` parameter in a folder named ``csmsfunc``. Change your shell's directory
+
+ ```azurecli-interactive
+ func init csmsfunc --dotnet
+
+ cd csmsfunc
+ ```
+
+1. Create a new function with the **template** parameter set to ``httptrigger`` and the **name** set to ``readdatabases``.
+
+ ```azurecli-interactive
+ func new --template httptrigger --name readdatabases
+ ```
+
+1. Add the [``Azure.Identity``](https://www.nuget.org/packages/Azure.Identity/) and [``Microsoft.Azure.Cosmos``](https://www.nuget.org/packages/Microsoft.Azure.Cosmos/) NuGet package to the .NET project. Build the project using [``dotnet build``](/dotnet/core/tools/dotnet-build).
+
+ ```azurecli-interactive
+ dotnet add package Azure.Identity
+
+ dotnet add package Microsoft.Azure.Cosmos
+
+ dotnet build
+ ```
+
+1. Open the function code in an integrated developer environment (IDE).
+
+ > [!TIP]
+ > If you are using the Azure CLI locally or in the Azure Cloud Shell, you can open Visual Studio Code.
+ >
+ > ```azurecli
+ > code .
+ > ```
+ >
+
+1. Replace the code in the **readdatabases.cs** file with this sample function implementation. Save the updated file.
+
+ ```csharp
+ using System;
+ using System.Collections.Generic;
+ using System.Threading.Tasks;
+ using Azure.Identity;
+ using Microsoft.AspNetCore.Mvc;
+ using Microsoft.Azure.Cosmos;
+ using Microsoft.Azure.WebJobs;
+ using Microsoft.Azure.WebJobs.Extensions.Http;
+ using Microsoft.AspNetCore.Http;
+ using Microsoft.Extensions.Logging;
+
+ namespace csmsfunc
{
- private static string subscriptionId =
- "<azure subscription id>";
- private static string resourceGroupName =
- "<name of your azure resource group>";
- private static string accountName =
- "<Azure Cosmos DB account name>";
- private static string cosmosDbEndpoint =
- "<Azure Cosmos DB endpoint>";
- private static string databaseName =
- "<Azure Cosmos DB name>";
- private static string containerName =
- "<container to store the temperature in>";
-
- // HttpClient is intended to be instantiated once, rather than per-use.
- static readonly HttpClient httpClient = new HttpClient();
-
- [FunctionName("FishTankTemperatureService")]
- public static async Task Run([TimerTrigger("0 * * * * *")]TimerInfo myTimer, ILogger log)
+ public static class readdatabases
{
- log.LogInformation($"Starting temperature monitoring: {DateTime.Now}");
-
- // AzureServiceTokenProvider will help us to get the Service Managed token.
- var azureServiceTokenProvider = new AzureServiceTokenProvider();
-
- // Authenticate to the Azure Resource Manager to get the Service Managed token.
- string accessToken = await azureServiceTokenProvider.GetAccessTokenAsync("https://management.azure.com/");
-
- // Setup the List Keys API to get the Azure Cosmos DB keys.
- string endpoint = $"https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.DocumentDB/databaseAccounts/{accountName}/listKeys?api-version=2019-12-12";
+ [FunctionName("readdatabases")]
+ public static async Task<IActionResult> Run(
+ [HttpTrigger(AuthorizationLevel.Anonymous, "get")] HttpRequest req,
+ ILogger log)
+ {
+ log.LogTrace("Start function");
+
+ CosmosClient client = new CosmosClient(
+ accountEndpoint: Environment.GetEnvironmentVariable("COSMOS_ENDPOINT", EnvironmentVariableTarget.Process),
+ new DefaultAzureCredential()
+ );
+
+ using FeedIterator<DatabaseProperties> iterator = client.GetDatabaseQueryIterator<DatabaseProperties>();
+
+ List<(string name, string uri)> databases = new();
+ while(iterator.HasMoreResults)
+ {
+ foreach(DatabaseProperties database in await iterator.ReadNextAsync())
+ {
+ log.LogTrace($"[Database Found]\t{database.Id}");
+ databases.Add((database.Id, database.SelfLink));
+ }
+ }
+
+ return new OkObjectResult(databases);
+ }
+ }
+ }
+ ```
- // Add the access token to request headers.
- httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", accessToken);
+## (Optional) Run the function locally
- // Post to the endpoint to get the keys result.
- var result = await httpClient.PostAsync(endpoint, new StringContent(""));
+In a local environment, the [``DefaultAzureCredential``](/dotnet/api/azure.identity.defaultazurecredential) class will use various local credentials to determine the current identity. While running locally isn't required for the how-to, you can develop locally using your own identity or a service principal.
- // Get the result back as a DatabaseAccountListKeysResult.
- DatabaseAccountListKeysResult keys = await result.Content.ReadFromJsonAsync<DatabaseAccountListKeysResult>();
+1. In the **local.settings.json** file, add a new setting named ``COSMOS_ENDPOINT`` in the **Values** object. The value of the setting should be the document endpoint you recorded earlier in this how-to guide.
- log.LogInformation("Starting to create the client");
+ ```json
+ ...
+ "Values": {
+ ...
+ "COSMOS_ENDPOINT": "https://msdocs-cosmos-app.documents.azure.com:443/",
+ ...
+ }
+ ...
+ ```
- CosmosClient client = new CosmosClient(cosmosDbEndpoint, keys.primaryMasterKey);
+ > [!NOTE]
+ > This JSON object has been shortened for brevity. This JSON object also includes a sample value that assumes your account name is ``msdocs-cosmos-app``.
- log.LogInformation("Client created");
+1. Run the function app
- var database = client.GetDatabase(databaseName);
- var container = database.GetContainer(containerName);
+ ```azurecli
+ func start
+ ```
- log.LogInformation("Get the temperature.");
+## Deploy to Azure
- var tempRecord = new TemperatureRecord() { RecordTime = DateTime.UtcNow, Temperature = GetTemperature() };
+Once published, the ``DefaultAzureCredential`` class will use credentials from the environment or a managed identity. For this guide, the system-assigned managed identity will be used as a credential for the [``CosmosClient``](/dotnet/api/microsoft.azure.cosmos.cosmosclient) constructor.
- log.LogInformation("Store temperature");
+1. Set the ``COSMOS_ENDPOINT`` setting on the function app already deployed in Azure.
- await container.CreateItemAsync<TemperatureRecord>(tempRecord);
+ ```azurecli-interactive
+ az functionapp config appsettings set \
+ --resource-group $resourceGroupName \
+ --name $functionName \
+ --settings "COSMOS_ENDPOINT=$cosmosEndpoint"
+ ```
- log.LogInformation($"Ending temperature monitor: {DateTime.Now}");
- }
+1. Deploy your function app to Azure by reusing the ``functionName`` shell variable:
- private static int GetTemperature()
- {
- // Fake the temperature sensor for this demo.
- Random r = new Random(DateTime.UtcNow.Second);
- return r.Next(0, 120);
- }
- }
-}
-```
+ ```azurecli-interactive
+ func azure functionapp publish $functionName
+ ```
-You are now ready to [deploy your function app](../azure-functions/create-first-function-vs-code-csharp.md).
+1. [Test your function in the Azure portal](../azure-functions/functions-create-function-app-portal.md#test-the-function).
## Next steps
cosmos-db Feature Support 40 https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/mongodb/feature-support-40.md
$polygon | No |
## Sort operations
-When using the `findOneAndUpdate` operation, sort operations on a single field are supported but sort operations on multiple fields are not supported.
+When using the `findOneAndUpdate` operation with Mongo API version 4.0, sort operations on a single field and multiple fields are supported. Sort operations on multiple fields was a limitation of previous wire protocols.
## Indexing The API for MongoDB [supports a variety of indexes](mongodb-indexing.md) to enable sorting on multiple fields, improve query performance, and enforce uniqueness.
cosmos-db How To Setup Rbac https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/mongodb/how-to-setup-rbac.md
az cosmosdb create -n <account_name> -g <azure_resource_group> --kind MongoDB --
8. Create a database for users to connect to in the Azure portal. 9. Create an RBAC user with built-in read role. ```powershell
-az cosmosdb mongodb user definition create --account-name <YOUR_DB_ACCOUNT> --resource-group <YOUR_RG> --body {\"Id\":\"testdb.read\",\"UserName\":\"<YOUR_USERNAME>\",\"Password\":\"<YOUR_PASSWORD>\",\"DatabaseName\":\"<YOUR_DB_NAME>\",\"CustomData\":\"Some_Random_Info\",\"Mechanisms\":\"SCRAM-SHA-256\",\"Roles\":[{\"Role\":\"read\",\"Db\":\"<YOUR_DB_NAME>\"}]}
+az cosmosdb mongodb user definition create --account-name <YOUR_DB_ACCOUNT> --resource-group <YOUR_RG> --body {\"Id\":\"<YOUR_DB_NAME>.<YOUR_USERNAME>\",\"UserName\":\"<YOUR_USERNAME>\",\"Password\":\"<YOUR_PASSWORD>\",\"DatabaseName\":\"<YOUR_DB_NAME>\",\"CustomData\":\"Some_Random_Info\",\"Mechanisms\":\"SCRAM-SHA-256\",\"Roles\":[{\"Role\":\"read\",\"Db\":\"<YOUR_DB_NAME>\"}]}
```
cosmos-db How To Convert Session Token https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/sql/how-to-convert-session-token.md
This article explains how to convert between different session token formats to
> [!NOTE] > By default, the SDK keeps track of the session token automatically and it will use the most recent session token. For more information, please visit [Utilize session tokens](how-to-manage-consistency.md#utilize-session-tokens). The instructions in this article only apply with the following conditions: > * Your Azure Cosmos DB account uses Session consistency.
-> * You are managing the session tokens are manually.
+> * You are managing the session tokens manually.
> * You are using multiple versions of the SDK at the same time. ## Session token formats
Read the following articles:
* [Use session tokens to manage consistency in Azure Cosmos DB](how-to-manage-consistency.md#utilize-session-tokens) * [Choose the right consistency level in Azure Cosmos DB](../consistency-levels.md) * [Consistency, availability, and performance tradeoffs in Azure Cosmos DB](../consistency-levels.md)
-* [Availability and performance tradeoffs for various consistency levels](../consistency-levels.md)
+* [Availability and performance tradeoffs for various consistency levels](../consistency-levels.md)
cosmos-db How To Manage Consistency https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/sql/how-to-manage-consistency.md
item = client.ReadItem(doc_link, options)
## Monitor Probabilistically Bounded Staleness (PBS) metric
-How eventual is eventual consistency? For the average case, can we offer staleness bounds with respect to version history and time. The [**Probabilistically Bounded Staleness (PBS)**](https://pbs.cs.berkeley.edu/) metric tries to quantify the probability of staleness and shows it as a metric. To view the PBS metric, go to your Azure Cosmos account in the Azure portal. Open the **Metrics** pane, and select the **Consistency** tab. Look at the graph named **Probability of strongly consistent reads based on your workload (see PBS)**.
+How eventual is eventual consistency? For the average case, can we offer staleness bounds with respect to version history and time. The [**Probabilistically Bounded Staleness (PBS)**](http://pbs.cs.berkeley.edu/) metric tries to quantify the probability of staleness and shows it as a metric. To view the PBS metric, go to your Azure Cosmos account in the Azure portal. Open the **Metrics** pane, and select the **Consistency** tab. Look at the graph named **Probability of strongly consistent reads based on your workload (see PBS)**.
:::image type="content" source="./media/how-to-manage-consistency/pbs-metric.png" alt-text="PBS graph in the Azure portal":::
cosmos-db Migrate Dotnet V3 https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/sql/migrate-dotnet-v3.md
The following classes have been replaced on the 3.0 SDK:
* `Microsoft.Azure.Documents.Resource`
-The Microsoft.Azure.Documents.UriFactory class has been replaced by the fluent design. The fluent design builds URLs internally and allows a single `Container` object to be passed around instead of a `DocumentClient`, `DatabaseName`, and `DocumentCollection`.
+The Microsoft.Azure.Documents.UriFactory class has been replaced by the fluent design.
Because the .NET v3 SDK allows users to configure a custom serialization engine, there's no direct replacement for the `Document` type. When using Newtonsoft.Json (default serialization engine), `JObject` can be used to achieve the same functionality. When using a different serialization engine, you can use its base json document type (for example, `JsonDocument` for System.Text.Json). The recommendation is to use a C# type that reflects the schema of your items instead of relying on generic types.
+# [.NET SDK v3](#tab/dotnet-v3)
+
+```csharp
+private readonly CosmosClient _client;
+private readonly Container _container;
+
+public Program()
+{
+ // Client should be a singleton
+ _client = new CosmosClient(
+ accountEndpoint: "https://testcosmos.documents.azure.com:443/",
+ authKeyOrResourceToken: "SuperSecretKey",
+ clientOptions: new CosmosClientOptions()
+ {
+ ApplicationPreferredRegions = new List<string>()
+ {
+ Regions.EastUS,
+ Regions.WestUS,
+ }
+ });
+
+ _container = _client.GetContainer("DatabaseName","ContainerName");
+}
+
+private async Task CreateItemAsync(SalesOrder salesOrder)
+{
+ ItemResponse<SalesOrder> response = await this._container.CreateItemAsync(
+ salesOrder,
+ new PartitionKey(salesOrder.AccountNumber));
+}
+
+```
+
+# [.NET SDK v2](#tab/dotnet-v2)
+
+```csharp
+private readonly DocumentClient _client;
+private readonly string _databaseName;
+private readonly string _containerName;
+
+public Program()
+{
+ ConnectionPolicy connectionPolicy = new ConnectionPolicy()
+ {
+ ConnectionMode = ConnectionMode.Direct, // Default for v2 is Gateway. v3 is Direct
+ ConnectionProtocol = Protocol.Tcp,
+ };
+
+ connectionPolicy.PreferredLocations.Add(LocationNames.EastUS);
+ connectionPolicy.PreferredLocations.Add(LocationNames.WestUS);
+
+ // Client should always be a singleton
+ _client = new DocumentClient(
+ new Uri("https://testcosmos.documents.azure.com:443/"),
+ "SuperSecretKey",
+ connectionPolicy);
+
+ _databaseName = "DatabaseName";
+ _containerName = "ContainerName";
+}
+
+private async Task CreateItemAsync(SalesOrder salesOrder)
+{
+ Uri collectionUri = UriFactory.CreateDocumentCollectionUri(_databaseName, _containerName)
+ await this._client.CreateDocumentAsync(
+ collectionUri,
+ salesOrder,
+ new RequestOptions { PartitionKey = new PartitionKey(salesOrder.AccountNumber) });
+}
+```
++ ### Changes to item ID generation Item ID is no longer auto populated in the .NET v3 SDK. Therefore, the Item ID must specifically include a generated ID. View the following example:
The following properties have been removed:
The .NET SDK v3 provides a fluent `CosmosClientBuilder` class that replaces the need for the SDK v2 URI Factory.
+The fluent design builds URLs internally and allows a single `Container` object to be passed around instead of a `DocumentClient`, `DatabaseName`, and `DocumentCollection`.
+ The following example creates a new `CosmosClientBuilder` with a strong ConsistencyLevel and a list of preferred locations: ```csharp
cosmos-db Sql Api Sdk Python https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/sql/sql-api-sdk-python.md
|**API documentation**|[Python API reference documentation](/python/api/azure-cosmos/azure.cosmos?preserve-view=true&view=azure-python)| |**SDK installation instructions**|[Python SDK installation instructions](https://github.com/Azure/azure-sdk-for-python/tree/master/sdk/cosmos/azure-cosmos)| |**Get started**|[Get started with the Python SDK](create-sql-api-python.md)|
+|**Samples**|[Python SDK samples](https://github.com/Azure/azure-sdk-for-python/tree/main/sdk/cosmos/azure-cosmos/samples)|
|**Current supported platform**|[Python 3.6+](https://www.python.org/downloads/)| > [!IMPORTANT]
-> * Versions 4.3.0b2 and higher only support Python 3.6+. Python 2 is not supported.
+> * Versions 4.3.0b2 and higher support Async IO operations and only support Python 3.6+. Python 2 is not supported.
## Release history Release history is maintained in the azure-sdk-for-python repo, for detailed list of releases, see the [changelog file](https://github.com/Azure/azure-sdk-for-python/blob/main/sdk/cosmos/azure-cosmos/CHANGELOG.md).
Microsoft provides notification at least **12 months** in advance of retiring an
| Version | Release Date | Retirement Date | | | | |
+| 4.3.0 |May 23, 2022 | |
| 4.2.0 |Oct 09, 2020 | | | 4.1.0 |Aug 10, 2020 | | | 4.0.0 |May 20, 2020 | |
cosmos-db Troubleshoot Dot Net Sdk Slow Request https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/sql/troubleshoot-dot-net-sdk-slow-request.md
try
ItemResponse<Book> response = await this.Container.CreateItemAsync<Book>(item: testItem); if (response.Diagnostics.GetClientElapsedTime() > ConfigurableSlowRequestTimeSpan) {
- // Log the diagnostics and add any additional info necessary to correlate to other logs
- Console.Write(response.Diagnostics.ToString());
+ // Log the response.Diagnostics.ToString() and add any additional info necessary to correlate to other logs
} } catch (CosmosException cosmosException) {
- // Log the full exception including the stack trace
- Console.Write(cosmosException.ToString());
- // The Diagnostics can be logged separately if required.
- Console.Write(cosmosException.Diagnostics.ToString());
+ // Log the full exception including the stack trace with: cosmosException.ToString()
+
+ // The Diagnostics can be logged separately if required with: cosmosException.Diagnostics.ToString()
} // When using Stream APIs ResponseMessage response = await this.Container.CreateItemStreamAsync(partitionKey, stream); if (response.Diagnostics.GetClientElapsedTime() > ConfigurableSlowRequestTimeSpan || !response.IsSuccessStatusCode) {
- // Log the diagnostics and add any additional info necessary to correlate to other logs
- Console.Write(response.Diagnostics.ToString());
+ // Log the diagnostics and add any additional info necessary to correlate to other logs with: response.Diagnostics.ToString()
} ```
Show the time for the different stages of sending and receiving a request in the
* *Transit time is large*, which leads to a networking problem. Compare this number to the `BELatencyInMs`. If `BELatencyInMs` is small, then the time was spent on the network, and not on the Azure Cosmos DB service. * *Received time is large* might be caused by a thread starvation problem. This is the time between having the response and returning the result.
+### <a name="ServiceEndpointStatistics"></a>ServiceEndpointStatistics
+Information about a particular backend server. The SDK can open multiple connections to a single backend server depending upon the number of pending requests and the MaxConcurrentRequestsPerConnection.
+
+* `inflightRequests` The number of pending requests to a backend server (maybe from different partitions). A high number may to lead to more traffic and higher latencies.
+* `openConnections` is the total Number of connections open to a single backend server. This can be useful to show SNAT port exhausion if this number is very high.
+
+### <a name="ConnectionStatistics"></a>ConnectionStatistics
+Information about the particular connection (new or old) the request get's assigned to.
+
+* `waitforConnectionInit`: The current request was waiting for new connection initialization to complete. This will lead to higher latencies.
+* `callsPendingReceive`: Number of calls that was pending receive before this call was sent. A high number can show us that there were a lot of calls before this call and it may lead to higher latencies. If this number is high it points to a head of line blocking issue possibly caused by another request like query or feed operation that is taking a long time to process. Try lowering the CosmosClientOptions.MaxRequestsPerTcpConnection to increase the number of channels.
+* `LastSentTime`: Time of last request that was sent to this server. This along with LastReceivedTime can be used to see connectivity or endpoint issues. For example if there are a lot of receive timeouts, Sent time will be much larger than the Receive time.
+* `lastReceive`: Time of last request that was received from this server
+* `lastSendAttempt`: Time of the last send attempt
+
+### <a name="Request and response sizes"></a>Request and response sizes
+* `requestSizeInBytes`: The total size of the request sent to Cosmos DB
+* `responseMetadataSizeInBytes`: The size of headers returned from Cosmos DB
+* `responseBodySizeInBytes`: The size of content returned from Cosmos DB
+ ```json "StoreResult": {
- "ActivityId": "a3d325c1-f4e9-405b-820c-bab4d329ee4c",
- "StatusCode": "Created",
+ "ActivityId": "bab6ade1-b8de-407f-b89d-fa2138a91284",
+ "StatusCode": "Ok",
"SubStatusCode": "Unknown",
- "LSN": 1766,
- "PartitionKeyRangeId": "0",
- "GlobalCommittedLSN": -1,
- "ItemLSN": -1,
- "UsingLocalLSN": false,
- "QuorumAckedLSN": 1765,
- "SessionToken": "-1#1766",
- "CurrentWriteQuorum": 1,
- "CurrentReplicaSetSize": 1,
+ "LSN": 453362,
+ "PartitionKeyRangeId": "1",
+ "GlobalCommittedLSN": 0,
+ "ItemLSN": 453358,
+ "UsingLocalLSN": true,
+ "QuorumAckedLSN": -1,
+ "SessionToken": "-1#453362",
+ "CurrentWriteQuorum": -1,
+ "CurrentReplicaSetSize": -1,
"NumberOfReadRegions": 0,
- "IsClientCpuOverloaded": false,
"IsValid": true,
- "StorePhysicalAddress": "rntbd://127.0.0.1:10253/apps/DocDbApp/services/DocDbServer92/partitions/a4cb49a8-38c8-11e6-8106-8cdcd42c33be/replicas/1p/",
- "RequestCharge": 11.05,
- "BELatencyInMs": "7.954",
- "RntbdRequestStats": [
- {
- "EventName": "Created",
- "StartTime": "2021-06-15T13:53:10.1302477Z",
- "DurationInMicroSec": "6383"
- },
- {
- "EventName": "ChannelAcquisitionStarted",
- "StartTime": "2021-06-15T13:53:10.1366314Z",
- "DurationInMicroSec": "96511"
- },
- {
- "EventName": "Pipelined",
- "StartTime": "2021-06-15T13:53:10.2331431Z",
- "DurationInMicroSec": "50834"
- },
- {
- "EventName": "Transit Time",
- "StartTime": "2021-06-15T13:53:10.2839774Z",
- "DurationInMicroSec": "17677"
+ "StorePhysicalAddress": "rntbd://127.0.0.1:10253/apps/DocDbApp/services/DocDbServer92/partitions/a4cb49a8-38c8-11e6-8106-8cdcd42c33be/replicas/1s/",
+ "RequestCharge": 1,
+ "RetryAfterInMs": null,
+ "BELatencyInMs": "0.304",
+ "transportRequestTimeline": {
+ "requestTimeline": [
+ {
+ "event": "Created",
+ "startTimeUtc": "2022-05-25T12:03:36.3081190Z",
+ "durationInMs": 0.0024
+ },
+ {
+ "event": "ChannelAcquisitionStarted",
+ "startTimeUtc": "2022-05-25T12:03:36.3081214Z",
+ "durationInMs": 0.0132
+ },
+ {
+ "event": "Pipelined",
+ "startTimeUtc": "2022-05-25T12:03:36.3081346Z",
+ "durationInMs": 0.0865
+ },
+ {
+ "event": "Transit Time",
+ "startTimeUtc": "2022-05-25T12:03:36.3082211Z",
+ "durationInMs": 1.3324
+ },
+ {
+ "event": "Received",
+ "startTimeUtc": "2022-05-25T12:03:36.3095535Z",
+ "durationInMs": 12.6128
+ },
+ {
+ "event": "Completed",
+ "startTimeUtc": "2022-05-25T12:03:36.8621663Z",
+ "durationInMs": 0
+ }
+ ],
+ "serviceEndpointStats": {
+ "inflightRequests": 1,
+ "openConnections": 1
},
- {
- "EventName": "Received",
- "StartTime": "2021-06-15T13:53:10.3016546Z",
- "DurationInMicroSec": "7079"
+ "connectionStats": {
+ "waitforConnectionInit": "False",
+ "callsPendingReceive": 0,
+ "lastSendAttempt": "2022-05-25T12:03:34.0222760Z",
+ "lastSend": "2022-05-25T12:03:34.0223280Z",
+ "lastReceive": "2022-05-25T12:03:34.0257728Z"
},
- {
- "EventName": "Completed",
- "StartTime": "2021-06-15T13:53:10.3087338Z",
- "DurationInMicroSec": "0"
- }
- ],
+ "requestSizeInBytes": 447,
+ "responseMetadataSizeInBytes": 438,
+ "responseBodySizeInBytes": 604
+ },
"TransportException": null } ```
Contact [Azure support](https://aka.ms/azure-support).
## Next steps * [Diagnose and troubleshoot](troubleshoot-dot-net-sdk.md) problems when you use the Azure Cosmos DB .NET SDK.
-* Learn about performance guidelines for [.NET v3](performance-tips-dotnet-sdk-v3-sql.md) and [.NET v2](performance-tips.md).
+* Learn about performance guidelines for [.NET v3](performance-tips-dotnet-sdk-v3-sql.md) and [.NET v2](performance-tips.md).
cosmos-db Create Table Java https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/table/create-table-java.md
public class ExpandableWeatherObject {
} ```
-To insert or upsert such an object using the Table API, map the properties of the expandable object into a [TableEntity](/java/api/com.azure.data.tables.tableentity) object and use the [createEntity](/java/api/com.azure.data.tables.tableclient.createentity) or [upsertEntity](/java/api/com.azure.data.tables.tableclient.upsertentity) methods on the [TableClient](/java/api/com.azure.data.tables.tableclient) object as appropriate.
+To insert or upsert such an object using the Table API, map the properties of the expandable object into a [TableEntity](/java/api/com.azure.data.tables.models.tableentity) object and use the [createEntity](/java/api/com.azure.data.tables.tableclient.createentity) or [upsertEntity](/java/api/com.azure.data.tables.tableclient.upsertentity) methods on the [TableClient](/java/api/com.azure.data.tables.tableclient) object as appropriate.
```java public void insertExpandableEntity(ExpandableWeatherObject model) {
Remove-AzResourceGroup -Name $resourceGroupName
In this quickstart, you've learned how to create an Azure Cosmos DB account, create a table using the Data Explorer, and run an app. Now you can query your data using the Tables API. > [!div class="nextstepaction"]
-> [Import table data to the Tables API](table-import.md)
+> [Import table data to the Tables API](table-import.md)
cosmos-db How To Use Java https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/table/how-to-use-java.md
try
.buildClient(); // Create a filter condition where the partition key is "Sales".
- ListEntitiesOptions options = new ListEntitiesOptions().setFilter(PARTITION_KEY + " eq 'Sales' AND " + ROW_KEY + " lt '0004' AND ROW_KEY + " gt '0001'");
+ ListEntitiesOptions options = new ListEntitiesOptions().setFilter(PARTITION_KEY + " eq 'Sales' AND " + ROW_KEY + " lt '0004' AND " + ROW_KEY + " gt '0001'");
// Loop through the results, displaying information about the entities. tableClient.listEntities(options, null, null).forEach(tableEntity -> {
try
System.out.println(specificEntity.getPartitionKey() + " " + specificEntity.getRowKey() + "\t" + specificEntity.getProperty("FirstName") +
- "\t" + specificEntity.getProperty("LastName"));
+ "\t" + specificEntity.getProperty("LastName") +
"\t" + specificEntity.getProperty("Email") + "\t" + specificEntity.getProperty("PhoneNumber")); }
try
.tableName(tableName) .buildClient();
- Delete the entity for partition key 'Sales' and row key '0001' from the table.
+ // Delete the entity for partition key 'Sales' and row key '0001' from the table.
tableClient.deleteEntity("Sales", "0001"); } catch (Exception e)
For more information, visit [Azure for Java developers](/java/azure).
[Azure Tables client library for Java]: https://github.com/Azure/azure-sdk-for-java/tree/main/sdk/tables/azure-data-tables [Azure Tables client library reference documentation]: https://azure.github.io/azure-sdk-for-java/tables.html [Azure Tables REST API]: ../../storage/tables/table-storage-overview.md
-[Azure Tables Team Blog]: https://blogs.msdn.microsoft.com/windowsazurestorage/
+[Azure Tables Team Blog]: https://blogs.msdn.microsoft.com/windowsazurestorage/
cost-management-billing Cost Mgt Alerts Monitor Usage Spending https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cost-management-billing/costs/cost-mgt-alerts-monitor-usage-spending.md
# Use cost alerts to monitor usage and spending
-This article helps you understand and use Cost Management alerts to monitor your Azure usage and spending. Cost alerts are automatically generated based when Azure resources are consumed. Alerts show all active cost management and billing alerts together in one place. When your consumption reaches a given threshold, alerts are generated by Cost Management. There are three types of cost alerts: budget alerts, credit alerts, and department spending quota alerts.
+This article helps you understand and use Cost Management alerts to monitor your Azure usage and spending. Cost alerts are automatically generated based when Azure resources are consumed. Alerts show all active cost management and billing alerts together in one place. When your consumption reaches a given threshold, alerts are generated by Cost Management. There are three main types of cost alerts: budget alerts, credit alerts, and department spending quota alerts.
+
+You can also [create a cost anomaly alert](../understand/analyze-unexpected-charges.md#create-an-anomaly-alert) to automatically get notified when an anomaly is detected.
## Required permissions for alerts
cost-management-billing Ea Portal Agreements https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cost-management-billing/manage/ea-portal-agreements.md
An enrollment has one of the following status values. Each value determines how
- Migrate to the Microsoft Online Subscription Program (MOSP) - Confirm disablement of all services associated with the enrollment
+EA credit expires when the EA enrollment ends.
+ **Expired** - The EA enrollment expires when it reaches the enterprise agreement end date and is opted out of the extended term. Sign a new enrollment contract as soon as possible. Although your service won't be disabled immediately, there's a risk of it getting disabled. As of August 1, 2019, new opt-out forms aren't accepted for Azure commercial customers. Instead, all enrollments go into indefinite extended term. If you want to stop using Azure services, close your subscription in the [Azure portal](https://portal.azure.com). Or, your partner can submit a termination request. There's no change for customers with government agreement types.
cost-management-billing Grant Access To Create Subscription https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cost-management-billing/manage/grant-access-to-create-subscription.md
Previously updated : 02/24/2022 Last updated : 06/01/2022
As an Azure customer with an [Enterprise Agreement (EA)](https://azure.microsoft.com/pricing/enterprise-agreement/), you can give another user or service principal permission to create subscriptions billed to your account. In this article, you learn how to use [Azure role-based access control (Azure RBAC)](../../role-based-access-control/role-assignments-portal.md) to share the ability to create subscriptions, and how to audit subscription creations. You must have the Owner role on the account you wish to share. > [!NOTE]
-> This API only works with the [legacy APIs for subscription creation](programmatically-create-subscription-preview.md). Unless you have a specific need to use the legacy APIs, you should use the information for the [latest GA version](programmatically-create-subscription-enterprise-agreement.md) about the latest API version [2019-10-01-preview](/rest/api/billing/2019-10-01-preview/enrollment-account-role-assignments/put). If you're migrating to use the newer APIs, you must grant owner permissions again using [2019-10-01-preview](/rest/api/billing/2019-10-01-preview/enrollment-account-role-assignments/put). Your previous configuration that uses the following APIs doesn't automatically convert for use with newer APIs.
+> - This API only works with the [legacy APIs for subscription creation](programmatically-create-subscription-preview.md).
+> - Unless you have a specific need to use the legacy APIs, you should use the information for the [latest GA version](programmatically-create-subscription-enterprise-agreement.md) about the latest API version. **See [Enrollment Account Role Assignments - Put](/rest/api/billing/2019-10-01-preview/enrollment-account-role-assignments/put) to grant permission to create EA subscriptions with the latest API**.
+> - If you're migrating to use the newer APIs, you must grant owner permissions again using [2019-10-01-preview](/rest/api/billing/2019-10-01-preview/enrollment-account-role-assignments/put). Your previous configuration that uses the following APIs doesn't automatically convert for use with newer APIs.
[!INCLUDE [updated-for-az](../../../includes/updated-for-az.md)]
cost-management-billing Analyze Unexpected Charges https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cost-management-billing/understand/analyze-unexpected-charges.md
Previously updated : 04/02/2022 Last updated : 05/31/2022
The article helps you identify anomalies and unexpected changes in your cloud costs using Cost Management and Billing. You'll start with anomaly detection for subscriptions in cost analysis to identify any atypical usage patterns based on your cost and usage trends. You'll then learn how to drill into cost information to find and investigate cost spikes and dips.
+You can also create an anomaly alert to automatically get notified when an anomaly is detected.
+ In general, there are three types of changes that you might want to investigate: - New costsΓÇöFor example, a resource that was started or added such as a virtual machine. New costs often appear as a cost starting from zero.
If you have an existing policy of [tagging resources](../costs/cost-mgt-best-pra
If you've used the preceding strategies and you still don't understand why you received a charge or if you need other help with billing issues, [create a support request](https://go.microsoft.com/fwlink/?linkid=2083458).
+## Create an anomaly alert
+
+You can create an anomaly alert to automatically get notified when an anomaly is detected. All email recipients get notified when a subscription cost anomaly is detected.
+
+An anomaly alert email includes a summary of changes in resource group count and cost. It also includes the top resource group changes for the day compared to the previous 60 days. And, it has a direct link to the Azure portal so that you can review the cost and investigate further.
+
+1. Start on a subscription scope.
+1. In the left menu, select **Cost alerts**.
+1. On the Cost alerts page, select **+ Add** > **Add anomaly alert**.
+1. On the Subscribe to emails page, enter required information and then select **Save**.
+ :::image type="content" source="./media/analyze-unexpected-charges/subscribe-emails.png" alt-text="Screenshot showing the Subscribe to emails page where you enter notification information for an alert." lightbox="./media/analyze-unexpected-charges/subscribe-emails.png" :::
+
+Here's an example email generated for an anomaly alert.
++ ## Next steps - Learn about how to [Optimize your cloud investment with Cost Management](../costs/cost-mgt-best-practices.md).
data-factory Whats New https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/data-factory/whats-new.md
Azure Data Factory is improved on an ongoing basis. To stay up to date with the
This page is updated monthly, so revisit it regularly.
+## May 2022
+<br>
+<table>
+<tr><td><b>Service category</b></td><td><b>Service improvements</b></td><td><b>Details</b></td></tr>
+
+<tr><td><b>Data flow</b></td><td>User Defined Functions for mapping data flows</td><td>Azure Data Factory introduces in public preview user defined functions and data flow libraries. A user defined function is a customized expression you can define to be able to reuse logic across multiple mapping data flows. User defined functions live in a collection called a data flow library to be able to easily group up common sets of customized functions.<br><a href="concepts-data-flow-udf.md">Learn more</a></td></tr>
+
+</table>
+ ## April 2022 <br> <table>
defender-for-cloud Episode Eight https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/episode-eight.md
Title: Microsoft Defender for IoT description: Learn how Defender for IoT discovers devices to monitor and how it fits in the Microsoft Security portfolio. Previously updated : 05/25/2022 Last updated : 06/01/2022 # Microsoft Defender for IoT
Last updated 05/25/2022
<br> <br>
-<iframe src="https://aka.ms/docs/player?id=05fdecf5-f6a1-4162-b95d-1e34478d1d60" width="1080" height="530" max-width: 100%; min-width: 100%;"></iframe>
+<iframe src="https://aka.ms/docs/player?id=05fdecf5-f6a1-4162-b95d-1e34478d1d60" width="1080" height="530" allowFullScreen="true" frameBorder="0"></iframe>
- [1:20](/shows/mdc-in-the-field/defender-for-iot#time=01m20s) - Overview of the Defender for IoT solution
defender-for-cloud Episode Eleven https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/episode-eleven.md
Title: Threat landscape for Defender for Containers description: Learn about the new detections that are available for different attacks and how Defender for Containers can help to quickly identify malicious activities in containers. Previously updated : 05/25/2022 Last updated : 06/01/2022 # Threat landscape for Defender for Containers
Last updated 05/25/2022
<br> <br>
-<iframe src="https://aka.ms/docs/player?id=646c2b9a-3f15-4705-af23-7802bd9549c5" width="1080" height="530" max-width: 100%; min-width: 100%;"></iframe>
+<iframe src="https://aka.ms/docs/player?id=646c2b9a-3f15-4705-af23-7802bd9549c5" width="1080" height="530" allowFullScreen="true" frameBorder="0"></iframe>
- [01:15](/shows/mdc-in-the-field/threat-landscape-containers#time=01m15s) - The evolution of attacks against Kubernetes
defender-for-cloud Episode Five https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/episode-five.md
Title: Microsoft Defender for Servers description: Learn all about Microsoft Defender for Servers from the product manager. Previously updated : 05/25/2022 Last updated : 06/01/2022 # Microsoft Defender for Servers
Last updated 05/25/2022
<br> <br>
-<iframe src="https://aka.ms/docs/player?id=f62e1199-d0a8-4801-9793-5318fde27497" width="1080" height="530" max-width: 100%; min-width: 100%;"></iframe>
+<iframe src="https://aka.ms/docs/player?id=f62e1199-d0a8-4801-9793-5318fde27497" width="1080" height="530" allowFullScreen="true" frameBorder="0"></iframe>
- [1:22](/shows/mdc-in-the-field/defender-for-containers#time=01m22s) - Overview of the announcements for Microsoft Defender for Servers
defender-for-cloud Episode Four https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/episode-four.md
Title: Security posture management improvements in Microsoft Defender for Cloud description: Learn how to manage your security posture with Microsoft Defender for Cloud. Previously updated : 05/25/2022 Last updated : 06/01/2022 # Security posture management improvements in Microsoft Defender for Cloud
Last updated 05/25/2022
<br> <br>
-<iframe src="https://aka.ms/docs/player?id=845108fd-e57d-40e0-808a-1239e78a7390" width="1080" height="530" max-width: 100%; min-width: 100%;"></iframe>
+<iframe src="https://aka.ms/docs/player?id=845108fd-e57d-40e0-808a-1239e78a7390" width="1080" height="530" allowFullScreen="true" frameBorder="0"></iframe>
- [1:24](/shows/mdc-in-the-field/defender-for-containers#time=01m24s) - Security recommendation refresh time changes
defender-for-cloud Episode Nine https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/episode-nine.md
Title: Microsoft Defender for Containers in a multi-cloud environment description: Learn about Microsoft Defender for Containers implementation in AWS and GCP. Previously updated : 05/25/2022 Last updated : 06/01/2022 # Microsoft Defender for Containers in a Multi-Cloud Environment
Maya explains about the new workload protection capabilities related to Containe
<br> <br>
-<iframe src="https://aka.ms/docs/player?id=f9470496-abe3-4344-8160-d6a6b65c077f" width="1080" height="530" max-width: 100%; min-width: 100%;"></iframe>
+<iframe src="https://aka.ms/docs/player?id=f9470496-abe3-4344-8160-d6a6b65c077f" width="1080" height="530" allowFullScreen="true" frameBorder="0"></iframe>
- [01:12](/shows/mdc-in-the-field/containers-multi-cloud#time=01m12s) - Container protection in a multi-cloud environment
defender-for-cloud Episode One https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/episode-one.md
Title: New AWS connector in Microsoft Defender for Cloud description: Learn all about the new AWS connector in Microsoft Defender for Cloud. Previously updated : 05/25/2022 Last updated : 05/29/2022 # New AWS connector in Microsoft Defender for Cloud
Last updated 05/25/2022
<br> <br>
-<iframe src="https://aka.ms/docs/player?id=26cbaec8-0f3f-4bb1-9918-1bf7d912db57" width="1080" height="530" max-width: 100%; min-width: 100%;"></iframe>
+<iframe src="https://aka.ms/docs/player?id=26cbaec8-0f3f-4bb1-9918-1bf7d912db57" width="1080" height="530" allowFullScreen="true" frameBorder="0"></iframe>
- [00:00](/shows/mdc-in-the-field/aws-connector) - Introduction
defender-for-cloud Episode Seven https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/episode-seven.md
Title: New GCP connector in Microsoft Defender for Cloud description: Learn all about the new GCP connector in Microsoft Defender for Cloud. Previously updated : 05/25/2022 Last updated : 05/29/2022 # New GCP connector in Microsoft Defender for Cloud
Last updated 05/25/2022
<br> <br>
-<iframe src="https://aka.ms/docs/player?id=80ba04f0-1551-48f3-94a2-d2e82e7073c9" width="1080" height="530" max-width: 100%; min-width: 100%;"></iframe>
+<iframe src="https://aka.ms/docs/player?id=80ba04f0-1551-48f3-94a2-d2e82e7073c9" width="1080" height="530" allowFullScreen="true" frameBorder="0"></iframe>
- [1:23](/shows/mdc-in-the-field/gcp-connector#time=01m23s) - Overview of the new GCP connector
defender-for-cloud Episode Six https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/episode-six.md
Carlos also covers how Microsoft Defender for Cloud is used to fill the gap betw
<br> <br>
-<iframe src="https://aka.ms/docs/player?id=3811455b-cc20-4ee0-b1bf-9d4df5ee4eaf" width="1080" height="530" max-width: 100%; min-width: 100%;"></iframe>
+<iframe src="https://aka.ms/docs/player?id=3811455b-cc20-4ee0-b1bf-9d4df5ee4eaf" width="1080" height="530" allowFullScreen="true" frameBorder="0"></iframe>
- [1:30](/shows/mdc-in-the-field/lessons-from-the-field#time=01m30s) - Why Microsoft Defender for Cloud is a unique solution when compared with other competitors?
defender-for-cloud Episode Ten https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/episode-ten.md
Title: Protecting containers in GCP with Defender for Containers description: Learn how to use Defender for Containers, to protect Containers that are located in Google Cloud Projects. Previously updated : 05/25/2022 Last updated : 05/29/2022 # Protecting containers in GCP with Defender for Containers
Nadav gives insights about workload protection for GKE and how to obtain visibil
<br> <br>
-<iframe src="https://aka.ms/docs/player?id=078af1f2-1f12-4030-bd3f-3e7616150562" width="1080" height="530" max-width: 100%; min-width: 100%;"></iframe>
+<iframe src="https://aka.ms/docs/player?id=078af1f2-1f12-4030-bd3f-3e7616150562" width="1080" height="530" allowFullScreen="true" frameBorder="0"></iframe>
- [00:55](/shows/mdc-in-the-field/gcp-containers#time=00m55s) - Architecture solution for Defender for Containers and support for GKE
defender-for-cloud Episode Three https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/episode-three.md
Title: Microsoft Defender for Containers description: Learn how about Microsoft Defender for Containers. Previously updated : 05/25/2022 Last updated : 05/29/2022 # Microsoft Defender for Containers
Last updated 05/25/2022
<br> <br>
-<iframe src="https://aka.ms/docs/player?id=b8624912-ef9e-4fc6-8c0c-ea65e86d9128" width="1080" height="530" max-width: 100%; min-width: 100%;"></iframe>
+<iframe src="https://aka.ms/docs/player?id=b8624912-ef9e-4fc6-8c0c-ea65e86d9128" width="1080" height="530" allowFullScreen="true" frameBorder="0"></iframe>
- [1:09](/shows/mdc-in-the-field/defender-for-containers#time=01m09s) - What's new in the Defender for Containers plan?
defender-for-cloud Episode Twelve https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/episode-twelve.md
Title: Enhanced workload protection features in Defender for Servers description: Learn about the enhanced capabilities available in Defender for Servers, for VMs that are located in GCP, AWS and on-premises. Previously updated : 05/25/2022 Last updated : 05/29/2022 # Enhanced workload protection features in Defender for Servers
Netta explains how Defender for Servers applies Azure Arc as a bridge to onboard
<br> <br>
-<iframe src="https://aka.ms/docs/player?id=18fdbe74-4399-44fe-81e7-3e3ce92df451" width="1080" height="530" max-width: 100%; min-width: 100%;"></iframe>
+<iframe src="https://aka.ms/docs/player?id=18fdbe74-4399-44fe-81e7-3e3ce92df451" width="1080" height="530" allowFullScreen="true" frameBorder="0"></iframe>
- [00:55](/shows/mdc-in-the-field/enhanced-workload-protection#time=00m55s) - Arc Auto-provisioning in GCP
defender-for-cloud Episode Two https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/episode-two.md
Title: Integrate Azure Purview with Microsoft Defender for Cloud description: Learn how to integrate Azure Purview with Microsoft Defender for Cloud. Previously updated : 05/25/2022 Last updated : 05/29/2022 # Integrate Azure Purview with Microsoft Defender for Cloud
David explains the use case scenarios for this integration and how the data clas
<br> <br>
-<iframe src="https://aka.ms/docs/player?id=9b911e9c-e933-4b7b-908a-5fd614f822c7" width="1080" height="530" max-width: 100%; min-width: 100%;"></iframe>
+<iframe src="https://aka.ms/docs/player?id=9b911e9c-e933-4b7b-908a-5fd614f822c7" width="1080" height="530" allowFullScreen="true" frameBorder="0"></iframe>
- [1:36](/shows/mdc-in-the-field/integrate-with-purview) - Overview of Azure Purview
defender-for-cloud Review Security Recommendations https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/review-security-recommendations.md
The Insights column of the page gives you more details for each recommendation.
| Icon | Name | Description | |--|--|--|
-| :::image type="icon" source="media/secure-score-security-controls/preview-icon.png" border="false"::: | *Preview recommendation** | This recommendation won't affect your secure score until it's GA. |
+| :::image type="icon" source="media/secure-score-security-controls/preview-icon.png" border="false"::: | Preview recommendation | This recommendation won't affect your secure score until it's GA. |
| :::image type="icon" source="media/secure-score-security-controls/fix-icon.png" border="false"::: | **Fix** | From within the recommendation details page, you can use 'Fix' to resolve this issue. | | :::image type="icon" source="media/secure-score-security-controls/enforce-icon.png" border="false"::: | **Enforce** | From within the recommendation details page, you can automatically deploy a policy to fix this issue whenever someone creates a non-compliant resource. | | :::image type="icon" source="media/secure-score-security-controls/deny-icon.png" border="false"::: | **Deny** | From within the recommendation details page, you can prevent new resources from being created with this issue. |
defender-for-iot Concept Micro Agent Configuration https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-iot/device-builders/concept-micro-agent-configuration.md
These configurations include process, and network activity collectors.
|--|--|--|--| | **Interval** | `High` <br>`Medium`<br>`Low` | Determines the sending frequency. | `Medium` | | **Aggregation mode** | `True` <br>`False` | Determines whether to process event aggregation for an identical event. | `True` |
-| **Cache size** | cycle FIFO | Defines the number of events collected in between the the times that data is sent. | `256` |
+| **Cache size** | cycle FIFO | Defines the number of events collected in between the times that data is sent. | `256` |
| **Disable collector** | `True` <br> `False` | Determines whether or not the collector is operational. | `False` | | | | | |
These configurations include process, and network activity collectors.
| Setting Name | Setting options | Description | Default | |--|--|--|--|
-| **Devices** | A list of the network devices separated by a comma. <br><br>For example `eth0,eth1` | Defines the list of network devices (interfaces) that the agent will use to monitor the traffic. <br><br>If a network device is not listed, the Network Raw events will not be recorded for the missing device.| `eth0` |
+| **Devices** | A list of the network devices separated by a comma. <br><br>For example `eth0,eth1` | Defines the list of network devices (interfaces) that the agent will use to monitor the traffic. <br><br>If a network device isn't listed, the Network Raw events will not be recorded for the missing device.| `eth0` |
| | | | | ## Process collector specific-settings
defender-for-iot Concept Recommendations https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-iot/device-builders/concept-recommendations.md
Title: Security recommendations for IoT Hub
-description: Learn about the concept of security recommendations and how they are used in the Defender for IoT Hub.
+description: Learn about the concept of security recommendations and how they're used in the Defender for IoT Hub.
Last updated 11/09/2021
defender-for-iot Concept Security Module https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-iot/device-builders/concept-security-module.md
Title: Defender-IoT-micro-agent and device twins
-description: Learn about the concept of Defender-IoT-micro-agent twins and how they are used in Defender for IoT.
+description: Learn about the concept of Defender-IoT-micro-agent twins and how they're used in Defender for IoT.
Last updated 03/28/2022
defender-for-iot Configure Pam To Audit Sign In Events https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-iot/device-builders/configure-pam-to-audit-sign-in-events.md
Title: Configure Pluggable Authentication Modules (PAM) to audit sign-in events (Preview)
-description: Learn how to configure Pluggable Authentication Modules (PAM) to audit sign-in events when syslog is not configured for your device.
+description: Learn how to configure Pluggable Authentication Modules (PAM) to audit sign-in events when syslog isn't configured for your device.
Last updated 02/20/2022
defender-for-iot How To Agent Configuration https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-iot/device-builders/how-to-agent-configuration.md
If the agent configuration object does not exist in the **azureiotsecurity** mod
## Configuration schema and validation
-Make sure to validate your agent configuration against this [schema](https://aka.ms/iot-security-github-module-schema). An agent will not launch if the configuration object does not match the schema.
+Make sure to validate your agent configuration against this [schema](https://aka.ms/iot-security-github-module-schema). An agent will not launch if the configuration object doesn't match the schema.
-If, while the agent is running, the configuration object is changed to a non-valid configuration (the configuration does not match the schema), the agent will ignore the invalid configuration and will continue using the current configuration.
+If, while the agent is running, the configuration object is changed to a non-valid configuration (the configuration doesn't match the schema), the agent will ignore the invalid configuration and will continue using the current configuration.
### Configuration validation
defender-for-iot How To Azure Rtos Security Module https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-iot/device-builders/how-to-azure-rtos-security-module.md
The default behavior of each configuration is provided in the following tables:
| ASC_SECURITY_MODULE_ID | String | defender-iot-micro-agent | The unique identifier of the device. | | SECURITY_MODULE_VERSION_(MAJOR)(MINOR)(PATCH) | Number | 3.2.1 | The version. | | ASC_SECURITY_MODULE_SEND_MESSAGE_RETRY_TIME | Number | 3 | The amount of time the Defender-IoT-micro-agent will take to send the security message after a fail. (in seconds) |
-| ASC_SECURITY_MODULE_PENDING_TIME | Number | 300 | The Defender-IoT-micro-agent pending time (in seconds). The state will change to suspend, if the time is exceeded.. |
+| ASC_SECURITY_MODULE_PENDING_TIME | Number | 300 | The Defender-IoT-micro-agent pending time (in seconds). The state will change to suspend, if the time is exceeded. |
## Collection
defender-for-iot How To Deploy Linux C https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-iot/device-builders/how-to-deploy-linux-c.md
This script performs the following function:
1. Installs prerequisites.
-1. Adds a service user (with interactive sign in disabled).
+1. Adds a service user (with interactive sign-in disabled).
1. Installs the agent as a **Daemon** - assumes the device uses **systemd** for service management.
defender-for-iot How To Deploy Linux Cs https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-iot/device-builders/how-to-deploy-linux-cs.md
This script performs the following actions:
- Installs prerequisites. -- Adds a service user (with interactive sign in disabled).
+- Adds a service user (with interactive sign-in disabled).
- Installs the agent as a **Daemon** - assumes the device uses **systemd** for legacy deployment model.
defender-for-iot How To Install Micro Agent For Edge https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-iot/device-builders/how-to-install-micro-agent-for-edge.md
This article explains how to install, and authenticate the Defender micro agent
systemctl status defender-iot-micro-agent.service ```
- 1. Ensure that the service is stable by making sure it is `active` and that the uptime of the process is appropriate
+ 1. Ensure that the service is stable by making sure it's `active` and that the uptime of the process is appropriate
:::image type="content" source="media/quickstart-standalone-agent-binary-installation/active-running.png" alt-text="Check to make sure your service is stable and active.":::
defender-for-iot How To Manage Device Inventory On The Cloud https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-iot/device-builders/how-to-manage-device-inventory-on-the-cloud.md
The device inventory can be used to view device systems, and network information
Some of the benefits of the device inventory include: -- Identify all IOT, and OT devices from different inputs. For example, allowing you to understand which devices in your environment are not communicating, and will require troubleshooting.
+- Identify all IOT, and OT devices from different inputs. For example, allowing you to understand which devices in your environment aren't communicating, and will require troubleshooting.
- Group, and filter devices by site, type, or vendor.
For a list of filters that can be applied to the device inventory table, see the
1. Select the **Apply button**.
-Multiple filters can be applied at one time. The filters are not saved when you leave the Device inventory page.
+Multiple filters can be applied at one time. The filters aren't saved when you leave the Device inventory page.
## View device information
Select the :::image type="icon" source="media/how-to-manage-device-inventory-on-
## How to identify devices that have not recently communicated with the Azure cloud
-If you are under the impression that certain devices are not actively communicating, there is a way to check, and see which devices have not communicated in a specified time period.
+If you are under the impression that certain devices are not actively communicating, there's a way to check, and see which devices have not communicated in a specified time period.
**To identify all devices that have not communicated recently**:
defender-for-iot How To Region Move https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-iot/device-builders/how-to-region-move.md
You can move a Microsoft Defender for IoT "iotsecuritysolutions" resource to a d
## Prepare
-In this section, you will prepare to move the resource for the move by finding the resource and confirming it is in a region you wish to move from.
+In this section, you'll prepare to move the resource for the move by finding the resource and confirming it is in a region you wish to move from.
Before transitioning the resource to the new region, we recommended using [log analytics](../../azure-monitor/logs/quick-create-workspace.md) to store alerts, and raw events.
Before transitioning the resource to the new region, we recommended using [log a
1. Select your hub from the list.
-1. Ensure that you have selected the correct hub, and that it is in the region you want to move it from.
+1. Ensure that you've selected the correct hub, and that it is in the region you want to move it from.
:::image type="content" source="media/region-move/location.png" alt-text="Screenshot showing you the region your hub is located in."::: ## Move
-You are now ready to move your resource to your new location. Follow [these instructions](../../iot-hub/iot-hub-how-to-clone.md) to move your IoT Hub.
+You're now ready to move your resource to your new location. Follow [these instructions](../../iot-hub/iot-hub-how-to-clone.md) to move your IoT Hub.
After transferring, and enabling the resource, you can link to the same log analytics workspace that was configured earlier. ## Verify
-In this section, you will verify that the resource has been moved, that the connection to the IoT Hub has been enabled, and that everything is working correctly.
+In this section, you'll verify that the resource has been moved, that the connection to the IoT Hub has been enabled, and that everything is working correctly.
**To verify the resource in in the correct region**:
defender-for-iot How To Security Data Access https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-iot/device-builders/how-to-security-data-access.md
Defender for IoT stores security alerts, recommendations, and raw security data
To configure which Log Analytics workspace is used: 1. Open your IoT hub.
-1. Click the **Settings** blade under the **Security** section.
-1. Click **Data Collection**, and change your Log Analytics workspace configuration.
+1. Select the **Settings** blade under the **Security** section.
+1. Select **Data Collection**, and change your Log Analytics workspace configuration.
To access your alerts and recommendations in your Log Analytics workspace after configuration: 1. Choose an alert or recommendation in Defender for IoT.
-1. Click **further investigation**, then click **To see which devices have this alert click here and view the DeviceId column**.
+1. Select **further investigation**, then select **To see which devices have this alert click here and view the DeviceId column**.
For details on querying data from Log Analytics, see [Get started with log queries in Azure Monitor](../../azure-monitor/logs/get-started-queries.md).
defender-for-iot Quickstart Onboard Iot Hub https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-iot/device-builders/quickstart-onboard-iot-hub.md
You can onboard Defender for IoT to an existing IoT Hub, where you can then moni
:::image type="content" source="media/quickstart-onboard-iot-hub/secure-your-iot-solution.png" alt-text="Select the secure your IoT solution button to secure your solution." lightbox="media/quickstart-onboard-iot-hub/secure-your-iot-solution-expanded.png":::
-The **Secure your IoT solution** button will only appear if the IoT Hub has not already been onboarded, or if you set the Defender for IoT toggle to **Off** while onboarding.
+The **Secure your IoT solution** button will only appear if the IoT Hub hasn't already been onboarded, or if you set the Defender for IoT toggle to **Off** while onboarding.
:::image type="content" source="media/quickstart-onboard-iot-hub/toggle-is-off.png" alt-text="If your toggle was set to off during onboarding.":::
defender-for-iot References Defender For Iot Glossary https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-iot/device-builders/references-defender-for-iot-glossary.md
This glossary provides a brief description of important terms and concepts for t
|--|--|--| | **Device twins** | Device twins are JSON documents that store device state information including metadata, configurations, and conditions. | [Module Twin](#m) <br /> <br />[Defender-IoT-micro-agent twin](#s) | | **Defender-IoT-micro-agent twin** `(DB)` | The Defender-IoT-micro-agent twin holds all of the information that is relevant to device security, for each specific device in your solution. | [Device twin](#d) <br /> <br />[Module Twin](#m) |
-| **Device inventory** | Defender for IoT identifies, and classifies devices as a single unique network device in the inventory for: <br><br> - Standalone IT, OT, and IoT devices with 1 or multiple NICs. <br><br> - Devices composed of multiple backplane components. This includes all racks, slots, and modules. <br><br> - Devices that act as network infrastructure. For example, switches, and routers with multiple NICs. <br><br> - Public internet IP addresses, multicast groups, and broadcast groups are not considered inventory devices. <br><br>Devices that have been inactive for more than 60 days are classified as inactive Inventory devices.|
+| **Device inventory** | Defender for IoT identifies, and classifies devices as a single unique network device in the inventory for: <br><br> - Standalone IT, OT, and IoT devices with 1 or multiple NICs. <br><br> - Devices composed of multiple backplane components. This includes all racks, slots, and modules. <br><br> - Devices that act as network infrastructure. For example, switches, and routers with multiple NICs. <br><br> - Public internet IP addresses, multicast groups, and broadcast groups aren't considered inventory devices. <br><br>Devices that have been inactive for more than 60 days are classified as inactive Inventory devices.|
## E
defender-for-iot Release Notes https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-iot/device-builders/release-notes.md
Listed below are the support, breaking change policies for Defender for IoT, and
- **CIS benchmarks**: The micro agent now supports recommendations based on CIS Distribution Independent Linux Benchmarks, version 2.0.0, and the ability to disable specific CIS Benchmark checks or groups using twin configurations. For more information, see [Micro agent configurations (Preview)](concept-micro-agent-configuration.md). -- **Micro agent supported devices list expands**: The micro agent now supports Debian 11 AMD64 and ARM32v7 devices, as well as Ubuntu Server 18.04 ARM32 Linux devices & Ubuntu Server 20.04 ARM32 & ARM64 Linux devices.
+- **Micro agent supported devices list expands**: The micro agent now supports Debian 11 AMD64 and ARM32v7 devices, and Ubuntu Server 18.04 ARM32 Linux devices & Ubuntu Server 20.04 ARM32 & ARM64 Linux devices.
For more information, see [Agent portfolio overview and OS support (Preview)](concept-agent-portfolio-overview-os-support.md).
Listed below are the support, breaking change policies for Defender for IoT, and
- DNS network activity on managed devices is now supported. Microsoft threat intelligence security graph can now detect suspicious activity based on DNS traffic. -- [Leaf device proxying](../../iot-edge/how-to-connect-downstream-iot-edge-device.md#integrate-microsoft-defender-for-iot-with-iot-edge-gateway): There is now an enhanced integration with IoT Edge. This integration enhances the connectivity between the agent, and the cloud using leaf device proxying.
+- [Leaf device proxying](../../iot-edge/how-to-connect-downstream-iot-edge-device.md#integrate-microsoft-defender-for-iot-with-iot-edge-gateway): There's now an enhanced integration with IoT Edge. This integration enhances the connectivity between the agent, and the cloud using leaf device proxying.
## October 2021
defender-for-iot Resources Agent Frequently Asked Questions https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-iot/device-builders/resources-agent-frequently-asked-questions.md
This article provides a list of frequently asked questions and answers about the
## Do I have to install an embedded security agent?
-Agent installation on your IoT devices isn't mandatory in order to enable Defender for IoT. You can choose between the following two options There are four different levels of security monitoring, and management capabilities which will provide different levels of protection:
+Agent installation on your IoT devices isn't mandatory in order to enable Defender for IoT. You can choose between the following two options There are four different levels of security monitoring, and management capabilities, which will provide different levels of protection:
- Install the Defender for IoT embedded security agent with or without modifications. This option provides the highest level of enhanced security insights into device behavior and access.
defender-for-iot Security Agent Architecture https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-iot/device-builders/security-agent-architecture.md
Defender for IoT offers different installer agents for 32 bit and 64-bit Windows
## Next steps
-In this article, you got a high-level overview about Defender for IoT Defender-IoT-micro-agent architecture, and the available installers.To continue getting started with Defender for IoT deployment, review the security agent authentication methods that are available.
+In this article, you got a high-level overview about Defender for IoT Defender-IoT-micro-agent architecture, and the available installers. To continue getting started with Defender for IoT deployment, review the security agent authentication methods that are available.
> [!div class="nextstepaction"] > [Security agent authentication methods](concept-security-agent-authentication-methods.md)
defender-for-iot Troubleshoot Agent https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-iot/device-builders/troubleshoot-agent.md
Last updated 03/28/2022
This article explains how to solve potential problems in the security agent start-up process.
-Microsoft Defender for IoT agent self-starts immediately after installation. The agent start up process includes reading local configuration, connecting to Azure IoT Hub, and retrieving the remote twin configuration. Failure in any one of these steps may cause the security agent to fail.
+Microsoft Defender for IoT agent self-starts immediately after installation. The agent start-up process includes reading local configuration, connecting to Azure IoT Hub, and retrieving the remote twin configuration. Failure in any one of these steps may cause the security agent to fail.
In this troubleshooting guide you'll learn how to:
In this troubleshooting guide you'll learn how to:
## Validate if the security agent is running
-1. To validate is the security agent is running, wait a few minutes after installing the agent and and run the following command.
+1. To validate that the security agent is running, wait a few minutes after installing the agent and run the following command.
<br> **C agent**
Defender for IoT agent encountered an error! Error in: {Error Code}, reason: {Er
| Error Code | Error sub code | Error details | Remediate C | Remediate C# | |--|--|--|--|--| | Local Configuration | Missing configuration | A configuration is missing in the local configuration file. The error message should state which key is missing. | Add the missing key to the /var/LocalConfiguration.json file, see the [cs-localconfig-reference](azure-iot-security-local-configuration-c.md) for details. | Add the missing key to the General.config file, see the [c#-localconfig-reference](azure-iot-security-local-configuration-csharp.md) for details. |
-| Local Configuration | Cant Parse Configuration | A configuration value can't be parsed. The error message should state which key can't be parsed. A configuration value cannot be parsed either because the value is not in the expected type, or the value is out of range. | Fix the value of the key in /var/LocalConfiguration.json file so that it matches the LocalConfiguration schema, see the [c#-localconfig-reference](azure-iot-security-local-configuration-csharp.md) for details. | Fix the value of the key in General.config file so that it matches the schema, see the [cs-localconfig-reference](azure-iot-security-local-configuration-c.md) for details. |
+| Local Configuration | Cant Parse Configuration | A configuration value can't be parsed. The error message should state which key can't be parsed. A configuration value cannot be parsed either because the value isn't in the expected type, or the value is out of range. | Fix the value of the key in /var/LocalConfiguration.json file so that it matches the LocalConfiguration schema, see the [c#-localconfig-reference](azure-iot-security-local-configuration-csharp.md) for details. | Fix the value of the key in General.config file so that it matches the schema, see the [cs-localconfig-reference](azure-iot-security-local-configuration-c.md) for details. |
| Local Configuration | File Format | Failed to parse configuration file. | The configuration file is corrupted, download the agent and re-install. | - |
-| Remote Configuration | Timeout | The agent could not fetch the azureiotsecurity module twin within the timeout period. | Make sure authentication configuration is correct and try again. | The agent could not fetch the azureiotsecurity module twin within timeout period. Make sure authentication configuration is correct and try again. |
-| Authentication | File Not Exist | The file in the given path does not exist. | Make sure the file exists in the given path or go to the **LocalConfiguration.json** file and change the **FilePath** configuration. | Make sure the file exists in the given path or go to the **Authentication.config** file and change the **filePath** configuration. |
+| Remote Configuration | Timeout | The agent could not fetch the azureiotsecurity module twin within the timeout period. | Make sure authentication configuration is correct and try again. | The agent couldn't fetch the azureiotsecurity module twin within timeout period. Make sure authentication configuration is correct and try again. |
+| Authentication | File Not Exist | The file in the given path doesn't exist. | Make sure the file exists in the given path or go to the **LocalConfiguration.json** file and change the **FilePath** configuration. | Make sure the file exists in the given path or go to the **Authentication.config** file and change the **filePath** configuration. |
| Authentication | File Permission | The agent does not have sufficient permissions to open the file. | Give the **asciotagent** user read permissions on the file in the given path. | Make sure the file is accessible. | | Authentication | File Format | The given file is not in the correct format. | Make sure the file is in the correct format. The supported file types are .pfx and .pem. | Make sure the file is a valid certificate file. | | Authentication | Unauthorized | The agent was not able to authenticate against IoT Hub with the given credentials. | Validate authentication configuration in LocalConfiguration file, go through the authentication configuration and make sure all the details are correct, validate that the secret in the file matches the authenticated identity. | Validate authentication configuration in Authentication.config, go through the authentication configuration and make sure all the details are correct, then validate that the secret in the file matches the authenticated identity. |
defender-for-iot Troubleshoot Defender Micro Agent https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-iot/device-builders/troubleshoot-defender-micro-agent.md
To view the status of the service:
systemctl status defender-iot-micro-agent.service ```
-1. Check that the service is stable by making sure it is `active`, and that the uptime in the process is appropriate.
+1. Check that the service is stable by making sure it's `active`, and that the uptime in the process is appropriate.
- :::image type="content" source="media/troubleshooting/active-running.png" alt-text="Ensure your service is stable by checking to see that it is active and the uptime is appropriate.":::
+ :::image type="content" source="media/troubleshooting/active-running.png" alt-text="Ensure your service is stable by checking to see that it's active and the uptime is appropriate.":::
If the service is listed as `inactive`, use the following command to start the service:
defender-for-iot How To Connect Sensor By Proxy https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-iot/organizations/how-to-connect-sensor-by-proxy.md
The following diagram shows data going from Microsoft Defender for IoT to the Io
## Set up your system
-For this scenario we will be installing, and configuring the latest version of [Squid](http://www.squid-cache.org/) on an Ubuntu 18 server.
+For this scenario we'll be installing, and configuring the latest version of [Squid](http://www.squid-cache.org/) on an Ubuntu 18 server.
> [!Note] > Microsoft Defender for IoT does not offer support for Squid or any other proxy service.
defender-for-iot How To Create And Manage Users https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-iot/organizations/how-to-create-and-manage-users.md
This section describes how to define users. Cyberx, support, and administrator u
If users aren't active at the keyboard or mouse for a specific time, they're signed out of their session and must sign in again.
-When users haven't worked with their console mouse or keyboard for 30 minutes, a session sign out is forced.
+When users haven't worked with their console mouse or keyboard for 30 minutes, a session sign-out is forced.
This feature is enabled by default and on upgrade, but can be disabled. In addition, session counting times can be updated. Session times are defined in seconds. Definitions are applied per sensor and on-premises management console.
You can recover the password for the on-premises management console or the senso
**To recover the password for the on-premises management console, or the sensor**:
-1. On the sign in screen of either the on-premises management console or the sensor, select **Password recovery**. The **Password recovery** screen opens.
+1. On the sign-in screen of either the on-premises management console or the sensor, select **Password recovery**. The **Password recovery** screen opens.
- :::image type="content" source="media/how-to-create-and-manage-users/password-recovery.png" alt-text="Screenshot of the Select Password recovery from the sign in screen of either the on-premises management console, or the sensor.":::
+ :::image type="content" source="media/how-to-create-and-manage-users/password-recovery.png" alt-text="Screenshot of the Select Password recovery from the sign-in screen of either the on-premises management console, or the sensor.":::
1. Select either **CyberX** or **Support** from the drop-down menu, and copy the unique identifier code.
defender-for-iot References Defender For Iot Glossary https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-iot/organizations/references-defender-for-iot-glossary.md
This glossary provides a brief description of important terms and concepts for t
|--|--|--| | **Data mining** | Generate comprehensive and granular reports about your network devices:<br /><br />- **SOC incident response**: Reports in real time to help deal with immediate incident response. For example, a report can list devices that might need patching.<br /><br />- **Forensics**: Reports based on historical data for investigative reports.<br /><br />- **IT network integrity**: Reports that help improve overall network security. For example, a report can list devices with weak authentication credentials.<br /><br />- **visibility**: Reports that cover all query items to view all baseline parameters of your network.<br /><br />Save data-mining reports for read-only users to view. | **[Baseline](#b)<br /><br />[Reports](#r)** | | **Defender for IoT platform** | The Defender for IoT solution installed on Defender for IoT sensors and the on-premises management console. | **[Sensor](#s)<br /><br />[On-premises management console](#o)** |
-| **Inventory device** | Defender for IoT will identify and classify devices as a single unique network device in the inventory for:
-1. Standalone IT/OT/IoT devices (w/ 1 or multiple NICs)
-1. Devices composed of multiple backplane components (including all racks/slots/modules)
-1. Devices acting as network infrastructure such as Switch/Router (w/ multiple NICs).
-Public internet IP addresses, multicast groups, and broadcast groups are not considered inventory devices. Devices that have been inactive for more than 60 days are classified as inactive Inventory devices.|
+| **Inventory device** | Defender for IoT will identify and classify devices as a single unique network device in the inventory for:<br><br>- Standalone IT/OT/IoT devices (w/ 1 or multiple NICs)<br>- Devices composed of multiple backplane components (including all racks/slots/modules)<br>- Devices acting as network infrastructure such as Switch/Router (w/ multiple NICs). <br><br>Public internet IP addresses, multicast groups, and broadcast groups are not considered inventory devices. Devices that have been inactive for more than 60 days are classified as inactive Inventory devices.|
| **Device map** | A graphical representation of network devices that Defender for IoT detects. It shows the connections between devices and information about each device. Use the map to:<br /><br />- Retrieve and control critical device information.<br /><br />- Analyze network slices.<br /><br />- Export device details and summaries. | **[Purdue layer group](#p)** | | **Device inventory - sensor** | The device inventory displays an extensive range of device attributes detected by Defender for IoT. Options are available to:<br /><br />- Filter displayed information.<br /><br />- Export this information to a CSV file.<br /><br />- Import Windows registry details. | **[Group](#g)** <br /><br />**[Device inventory- on-premises management console](#d)** | | **Device inventory - on-premises management console** | Device information from connected sensors can be viewed from the on-premises management console in the device inventory. This gives users of the on-premises management console a comprehensive view of all network information. | **[Device inventory - sensor](#d)<br /><br />[Device inventory - data integrator](#d)** |
digital-twins Concepts Data Ingress Egress https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/digital-twins/concepts-data-ingress-egress.md
description: Learn about the data ingress and egress requirements for integrating Azure Digital Twins with other services. Previously updated : 03/01/2022 Last updated : 06/01/2022
Azure Digital Twins is typically used together with other services to create flexible, connected solutions that use your data in different kinds of ways. This article covers data ingress and egress for Azure Digital Twins and Azure services that can be used to take advantage of it.
-Using [event routes](concepts-route-events.md), Azure Digital Twins can receive data from upstream services such as [IoT Hub](../iot-hub/about-iot-hub.md) or [Logic Apps](../logic-apps/logic-apps-overview.md), which are used to deliver telemetry and notifications.
+Azure Digital Twins can receive data from upstream services such as [IoT Hub](../iot-hub/about-iot-hub.md) or [Logic Apps](../logic-apps/logic-apps-overview.md), which are used to deliver telemetry and notifications.
-Azure Digital Twins can also route data to downstream services, such as [Azure Maps](../azure-maps/about-azure-maps.md) and [Time Series Insights](../time-series-insights/overview-what-is-tsi.md), for storage, workflow integration, analytics, and more.
+Azure Digital Twins can also use [event routes](concepts-route-events.md) to send data to downstream services, such as [Azure Maps](../azure-maps/about-azure-maps.md) and [Time Series Insights](../time-series-insights/overview-what-is-tsi.md), for storage, workflow integration, analytics, and more.
## Data ingress
To ingest data from any source into Azure Digital Twins, use an [Azure function]
You can also learn how to connect Azure Digital Twins to a Logic Apps trigger in [Integrate with Logic Apps](how-to-integrate-logic-apps.md).
-## Data egress services
+## Data egress
-You may want to send Azure Digital Twins data to other downstream services for storage or additional processing.
+You may want to send Azure Digital Twins data to other downstream services for storage or additional processing.
-To send twin data to [Azure Data Explorer](/azure/data-explorer/data-explorer-overview), set up a [data history (preview) connection](concepts-data-history.md) that automatically historizes digital twin property updates from your Azure Digital Twins instance to an Azure Data Explorer cluster. You can then query this data in Azure Data Explorer using the [Azure Digital Twins query plugin for Azure Data Explorer](concepts-data-explorer-plugin.md).
+Digital twin data can be sent to most Azure services using *endpoints*. If your destination is [Azure Data Explorer](/azure/data-explorer/data-explorer-overview), you can use *data history* instead to automatically historize twin property updates to an Azure Data Explorer cluster, where they can be queried as time series data. The rest of this section describes these capabilities in more detail.
-To send data to other services, such as [Azure Maps](../azure-maps/about-azure-maps.md), [Time Series Insights](../time-series-insights/overview-what-is-tsi.md), or [Azure Storage](../storage/common/storage-introduction.md), start by attaching the destination service to an *endpoint*.
+>[!NOTE]
+>Azure Digital Twins implements *at least once* delivery for data emitted to egress services.
+
+### Endpoints
+
+To send Azure Digital Twins data to most Azure services, such as [Azure Maps](../azure-maps/about-azure-maps.md), [Time Series Insights](../time-series-insights/overview-what-is-tsi.md), or [Azure Storage](../storage/common/storage-introduction.md), start by attaching the destination service to an *endpoint*.
Endpoints can be instances of any of these Azure * [Event Hubs](../event-hubs/event-hubs-about.md)
The endpoint is attached to an Azure Digital Twins instance using management API
For detailed instructions on how to send Azure Digital Twins data to Azure Maps, see [Use Azure Digital Twins to update an Azure Maps indoor map](how-to-integrate-maps.md). For detailed instructions on how to send Azure Digital Twins data to Time Series Insights, see [Integrate with Time Series Insights](how-to-integrate-time-series-insights.md).
-Azure Digital Twins implements *at least once* delivery for data emitted to egress services.
+### Data history
+
+To send twin data to [Azure Data Explorer](/azure/data-explorer/data-explorer-overview), set up a [data history (preview) connection](concepts-data-history.md) that automatically historizes digital twin property updates from your Azure Digital Twins instance to an Azure Data Explorer cluster. The data history connection requires an [event hub](../event-hubs/event-hubs-about.md), but doesn't require an explicit endpoint.
+
+Once the data has been historized, you can query this data in Azure Data Explorer using the [Azure Digital Twins query plugin for Azure Data Explorer](concepts-data-explorer-plugin.md).
+
+You can also use data history in combination with [Azure Synapse Analytics](../syn