-* [SwissID]( identity-provider-swissid.md)

-You can use the other account types to create an app to manage your DevOps scenarios, like using Microsoft Graph to upload Identity Experience Framework policies or provision users. Learn [how register a Microsoft Graph application to manage Azure AD B2C resources](microsoft-graph-get-started.md).

-* Learn [how register a Microsoft Graph application to manage Azure AD B2C resources](microsoft-graph-get-started.md).

-6. Follow [this tutorial](./secure-rest-api.md#https-client-certificate-authentication ) to add the client certificate into Azure AD B2C.

-* An account with *global administrator* privileges. Some MFA settings can also be managed by an Authentication Policy Administrator. For more information, see [Authentication Policy Administrator](../roles/permissions-reference.md#authentication-policy-administrator).

- Since none are assigned yet, the list of users and groups (shown in the next step) opens automatically.

-1. On the **Basic SAML Configuration** section, Upload the **Service Provider metadata file** which you can download from the [URL](https://api.javelo.io/omniauth/<CustomerSPIdentifier>_saml/metadata) and perform the following steps:

-Once you configure Javelo you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Defender for Cloud Apps](/cloud-app-security/proxy-deployment-any-app).

-Learn more about [Storage Account - XstoreLargeClassicLog (Revisit retention policy for classic log data in storage accounts)]( /azure/storage/common/manage-storage-analytics-logs#modify-retention-policy).

- [  ](./media/tags/overview-tag-filters.png#lightbox)

- [  ](./media/tags/score-tag-filters.png#lightbox)

-description: Install the `arcdata` extension for Azure (az) CLI

-The [`arcdata` extension for Azure CLI (`az`)](reference/reference-az-arcdata-dc.md) replaces `azdata` for Azure Arc-enabled data services.

-| curl ³ | Required for some sample scripts. | Command-line tool for transferring data with URLs. | [Windows](https://curl.haxx.se/windows/) \| Linux: install curl package |

-| oc | Required for Red Hat OpenShift and Azure Redhat OpenShift deployments. |`oc` is the Open Shift command line interface (CLI). | [Installing the CLI](https://docs.openshift.com/container-platform/4.6/cli_reference/openshift_cli/getting-started-cli.html#installing-the-cli)

-³ If you are using PowerShell, curl is an alias to the Invoke-WebRequest cmdlet.

-description: Reference article for az arcdata ad-connector.

-# az arcdata ad-connector

-Manage Active Directory authentication for Azure Arc data services.

-## Commands

-| Command | Description|

-| | |

-[az arcdata ad-connector create](#az-arcdata-ad-connector-create) | Create a new Active Directory connector.

-[az arcdata ad-connector update](#az-arcdata-ad-connector-update) | Update the settings of an existing Active Directory connector.

-[az arcdata ad-connector delete](#az-arcdata-ad-connector-delete) | Delete an existing Active Directory connector.

-[az arcdata ad-connector show](#az-arcdata-ad-connector-show) | Get the details of an existing Active Directory connector.

-## az arcdata ad-connector create

-Create a new Active Directory connector.

-```azurecli

-az arcdata ad-connector create

-```

-### Examples

-Ex 1 - Deploy a new Active Directory connector in indirect mode.

-```azurecli

-az arcdata ad-connector create --name arcadc --k8s-namespace arc --realm CONTOSO.LOCAL --account-provisioning manual --primary-ad-dc-hostname azdc01.contoso.local --secondary-ad-dc-hostnames "azdc02.contoso.local, azdc03.contoso.local" --netbios-domain-name CONTOSO --dns-domain-name contoso.local --nameserver-addresses 10.10.10.11,10.10.10.12,10.10.10.13 --dns-replicas 2 --prefer-k8s-dns false --use-k8s

-```

-### Global Arguments

-#### `--debug`

-Increase logging verbosity to show all debug logs.

-#### `--help -h`

-Show this help message and exit.

-#### `--output -o`

-Output format. Allowed values: json, jsonc, table, tsv. Default: json.

-#### `--query -q`

-JMESPath query string. See [http://jmespath.org/](http://jmespath.org) for more information and examples.

-#### `--verbose`

-Increase logging verbosity. Use `--debug` for full debug logs.

-## az arcdata ad-connector update

-Update the settings of an existing Active Directory connector.

-```azurecli

-az arcdata ad-connector update

-```

-### Examples

-Ex 1 - Update an existing Active Directory connector in indirect mode.

-```azurecli

-az arcdata ad-connector update --name arcadc --k8s-namespace arc --primary-ad-dc-hostname azdc01.contoso.local --secondary-ad-dc-hostname "azdc02.contoso.local, azdc03.contoso.local" --nameserver-addresses 10.10.10.11,10.10.10.12,10.10.10.13 --dns-replicas 2 --prefer-k8s-dns false --use-k8s

-```

-### Global Arguments

-#### `--debug`

-Increase logging verbosity to show all debug logs.

-#### `--help -h`

-Show this help message and exit.

-#### `--output -o`

-Output format. Allowed values: json, jsonc, table, tsv. Default: json.

-#### `--query -q`

-JMESPath query string. See [http://jmespath.org/](http://jmespath.org) for more information and examples.

-#### `--verbose`

-Increase logging verbosity. Use `--debug` for full debug logs.

-## az arcdata ad-connector delete

-Delete an existing Active Directory connector.

-```azurecli

-az arcdata ad-connector delete

-```

-### Examples

-Ex 1 - Delete an existing Active Directory connector in indirect mode.

-```azurecli

-az arcdata ad-connector delete --name arcadc --k8s-namespace arc --use-k8s

-```

-### Global Arguments

-#### `--debug`

-Increase logging verbosity to show all debug logs.

-#### `--help -h`

-Show this help message and exit.

-#### `--output -o`

-Output format. Allowed values: json, jsonc, table, tsv. Default: json.

-#### `--query -q`

-JMESPath query string. See [http://jmespath.org/](http://jmespath.org) for more information and examples.

-#### `--verbose`

-Increase logging verbosity. Use `--debug` for full debug logs.

-## az arcdata ad-connector show

-Get the details of an existing Active Directory connector.

-```azurecli

-az arcdata ad-connector show

-```

-### Examples

-Ex 1 - Get an existing Active Directory connector in indirect mode.

-```azurecli

-az arcdata ad-connector show --name arcadc --k8s-namespace arc --use-k8s

-```

-### Global Arguments

-#### `--debug`

-Increase logging verbosity to show all debug logs.

-#### `--help -h`

-Show this help message and exit.

-#### `--output -o`

-Output format. Allowed values: json, jsonc, table, tsv. Default: json.

-#### `--query -q`

-JMESPath query string. See [http://jmespath.org/](http://jmespath.org) for more information and examples.

-#### `--verbose`

-Increase logging verbosity. Use `--debug` for full debug logs.

-description: Reference article for az arcdata dc config commands.

-# az arcdata dc config

-Configuration commands.

-## Commands

-| Command | Description|

-| | |

-[az arcdata dc config init](#az-arcdata-dc-config-init) | Initialize a data controller configuration profile that can be used with `az arcdata dc create`.

-[az arcdata dc config list](#az-arcdata-dc-config-list) | List available configuration profile choices.

-[az arcdata dc config add](#az-arcdata-dc-config-add) | Add a value for a json path in a config file.

-[az arcdata dc config remove](#az-arcdata-dc-config-remove) | Remove a value for a json path in a config file.

-[az arcdata dc config replace](#az-arcdata-dc-config-replace) | Replace a value for a json path in a config file.

-[az arcdata dc config patch](#az-arcdata-dc-config-patch) | Patch a config file based on a json patch file.

-## az arcdata dc config init

-Initialize a data controller configuration profile that can be used with `az arcdata dc create`. The specific source of the configuration profile can be specified in the arguments.

-```azurecli

-az arcdata dc config init

-```

-### Examples

-Guided data controller config init experience - you will receive prompts for needed values.

-```azurecli

-az arcdata dc config init

-```

-arcdata dc config init with arguments, creates a configuration profile of aks-dev-test in ./custom.

-```azurecli

-az arcdata dc config init --source azure-arc-kubeadm --path custom

-```

-### Global Arguments

-#### `--debug`

-Increase logging verbosity to show all debug logs.

-#### `--help -h`

-Show this help message and exit.

-#### `--output -o`

-Output format. Allowed values: json, jsonc, table, tsv. Default: json.

-#### `--query -q`

-JMESPath query string. See [http://jmespath.org/](http://jmespath.org) for more information and examples.

-#### `--verbose`

-Increase logging verbosity. Use `--debug` for full debug logs.

-## az arcdata dc config list

-List available configuration profile choices for use in `arcdata dc config init`

-```azurecli

-az arcdata dc config list

-```

-### Examples

-Shows all available configuration profile names.

-```azurecli

-az arcdata dc config list

-```

-Shows json of a specific configuration profile.

-```azurecli

-az arcdata dc config list --config-profile aks-dev-test

-```

-### Global Arguments

-#### `--debug`

-Increase logging verbosity to show all debug logs.

-#### `--help -h`

-Show this help message and exit.

-#### `--output -o`

-Output format. Allowed values: json, jsonc, table, tsv. Default: json.

-#### `--query -q`

-JMESPath query string. See [http://jmespath.org/](http://jmespath.org) for more information and examples.

-#### `--verbose`

-Increase logging verbosity. Use `--debug` for full debug logs.

-## az arcdata dc config add

-Add the value at the json path in the config file. All examples below are given in Bash. If using another command line, you may need to escape quotations appropriately. Alternatively, you may use the patch file functionality.

-```azurecli

-az arcdata dc config add

-```

-### Examples

-Add data controller storage.

-```azurecli

-az arcdata dc config add --path custom/control.json --json-values "spec.storage={"accessMode":"ReadWriteOnce","className":"managed-premium","size":"10Gi"}"

-```

-### Global Arguments

-#### `--debug`

-Increase logging verbosity to show all debug logs.

-#### `--help -h`

-Show this help message and exit.

-#### `--output -o`

-Output format. Allowed values: json, jsonc, table, tsv. Default: json.

-#### `--query -q`

-JMESPath query string. See [http://jmespath.org/](http://jmespath.org) for more information and examples.

-#### `--verbose`

-Increase logging verbosity. Use `--debug` for full debug logs.

-## az arcdata dc config remove

-Remove the value at the json path in the config file. All examples below are given in Bash. If using another command line, you may need to escape quotations appropriately. Alternatively, you may use the patch file functionality.

-```azurecli

-az arcdata dc config remove

-```

-### Examples

-Ex 1 - Remove data controller storage.

-```azurecli

-az arcdata dc config remove --path custom/control.json --json-path ".spec.storage"

-```

-### Global Arguments

-#### `--debug`

-Increase logging verbosity to show all debug logs.

-#### `--help -h`

-Show this help message and exit.

-#### `--output -o`

-Output format. Allowed values: json, jsonc, table, tsv. Default: json.

-#### `--query -q`

-JMESPath query string. See [http://jmespath.org/](http://jmespath.org) for more information and examples.

-#### `--verbose`

-Increase logging verbosity. Use `--debug` for full debug logs.

-## az arcdata dc config replace

-Replace the value at the json path in the config file. All examples below are given in Bash. If using another command line, you may need to escape quotations appropriately. Alternatively, you may use the patch file functionality.

-```azurecli

-az arcdata dc config replace

-```

-### Examples

-Ex 1 - Replace the port of a single endpoint (Data Controller Endpoint).

-```azurecli

-az arcdata dc config replace --path custom/control.json --json-values "$.spec.endpoints[?(@.name=="Controller")].port=30080"

-```

-Ex 2 - Replace data controller storage.

-```azurecli

-az arcdata dc config replace --path custom/control.json --json-values "spec.storage={"accessMode":"ReadWriteOnce","className":"managed-premium","size":"10Gi"}"

-```

-### Global Arguments

-#### `--debug`

-Increase logging verbosity to show all debug logs.

-#### `--help -h`

-Show this help message and exit.

-#### `--output -o`

-Output format. Allowed values: json, jsonc, table, tsv. Default: json.

-#### `--query -q`

-JMESPath query string. See [http://jmespath.org/](http://jmespath.org) for more information and examples.

-#### `--verbose`

-Increase logging verbosity. Use `--debug` for full debug logs.

-## az arcdata dc config patch

-Patch the config file according to the given patch file. Consult http://jsonpatch.com/ for a better understanding of how the paths should be composed. The replace operation can use conditionals in its path due to the jsonpath library https://jsonpath.com/. All patch json files must start with a key of "patch" that has an array of patches with their corresponding op (add, replace, remove), path, and value. The "remove" op does not require a value, just a path. See the examples below.

-```azurecli

-az arcdata dc config patch

-```

-### Examples

-Ex 1 - Replace the port of a single endpoint (Data Controller Endpoint) with patch file.

-```azurecli

-az arcdata dc config patch --path custom/control.json --patch ./patch.json

-```

-Patch File Example (patch.json):

-```json

-{"patch":[{"op":"replace","path":"$.spec.endpoints[?(@.name=="Controller")].port","value":30080}]}

-```

-Ex 2 - Replace data controller storage with patch file.

-```azurecli

-az arcdata dc config patch --path custom/control.json --patch ./patch.json

-```

-Patch File Example (patch.json):

-```json

-{"patch":[{"op":"replace","path":".spec.storage","value":{"accessMode":"ReadWriteMany","className":"managed-premium","size":"10Gi"}}]}

-```

-### Global Arguments

-#### `--debug`

-Increase logging verbosity to show all debug logs.

-#### `--help -h`

-Show this help message and exit.

-#### `--output -o`

-Output format. Allowed values: json, jsonc, table, tsv. Default: json.

-#### `--query -q`

-JMESPath query string. See [http://jmespath.org/](http://jmespath.org) for more information and examples.

-#### `--verbose`

-Increase logging verbosity. Use `--debug` for full debug logs.

-description: Reference article for az arcdata dc debug commands.

-# az arcdata dc debug

-Debug data controller.

-## Commands

-| Command | Description|

-| | |

-[az arcdata dc debug copy-logs](#az-arcdata-dc-debug-copy-logs) | Copy logs.

-[az arcdata dc debug dump](#az-arcdata-dc-debug-dump) | Trigger memory dump.

-## az arcdata dc debug copy-logs

-Copy the debug logs from the data controller - Kubernetes configuration is required on your system.

-```azurecli

-az arcdata dc debug copy-logs

-```

-### Global Arguments

-#### `--debug`

-Increase logging verbosity to show all debug logs.

-#### `--help -h`

-Show this help message and exit.

-#### `--output -o`

-Output format. Allowed values: json, jsonc, table, tsv. Default: json.

-#### `--query -q`

-JMESPath query string. See [http://jmespath.org/](http://jmespath.org) for more information and examples.

-#### `--verbose`

-Increase logging verbosity. Use `--debug` for full debug logs.

-## az arcdata dc debug dump

-Trigger memory dump and copy it out from container - Kubernetes configuration is required on your system.

-```azurecli

-az arcdata dc debug dump

-```

-### Global Arguments

-#### `--debug`

-Increase logging verbosity to show all debug logs.

-#### `--help -h`

-Show this help message and exit.

-#### `--output -o`

-Output format. Allowed values: json, jsonc, table, tsv. Default: json.

-#### `--query -q`

-JMESPath query string. See [http://jmespath.org/](http://jmespath.org) for more information and examples.

-#### `--verbose`

-Increase logging verbosity. Use `--debug` for full debug logs.

-description: Reference article for az arcdata dc endpoint commands.

-# az arcdata dc endpoint

-Endpoint commands.

-## Commands

-| Command | Description|

-| | |

-[az arcdata dc endpoint list](#az-arcdata-dc-endpoint-list) | List the data controller endpoint.

-## az arcdata dc endpoint list

-List the data controller endpoint.

-```azurecli

-az arcdata dc endpoint list

-```

-### Examples

-Lists all available data controller endpoints.

-```azurecli

-az arcdata dc endpoint list --k8s-namespace namespace

-```

-### Global Arguments

-#### `--debug`

-Increase logging verbosity to show all debug logs.

-#### `--help -h`

-Show this help message and exit.

-#### `--output -o`

-Output format. Allowed values: json, jsonc, table, tsv. Default: json.

-#### `--query -q`

-JMESPath query string. See [http://jmespath.org/](http://jmespath.org) for more information and examples.

-#### `--verbose`

-Increase logging verbosity. Use `--debug` for full debug logs.

-description: Reference article for az arcdata dc status commands.

-# az arcdata dc status

-Status commands.

-## Commands

-| Command | Description|

-| | |

-[az arcdata dc status show](#az-arcdata-dc-status-show) | Show the status of the data controller.

-## az arcdata dc status show

-Show the status of the data controller.

-```azurecli

-az arcdata dc status show

-```

-### Examples

-Show the status of the data controller in a particular kubernetes namespace.

-```azurecli

-az arcdata dc status show --k8s-namespace namespace --use-k8s

-```

-Show the status of a directly connected data controller in a particular resource group.

-```azurecli

-az arcdata dc status show --resource-group resource-group

-```

-### Global Arguments

-#### `--debug`

-Increase logging verbosity to show all debug logs.

-#### `--help -h`

-Show this help message and exit.

-#### `--output -o`

-Output format. Allowed values: json, jsonc, table, tsv. Default: json.

-#### `--query -q`

-JMESPath query string. See [http://jmespath.org/](http://jmespath.org) for more information and examples.

-#### `--verbose`

-Increase logging verbosity. Use `--debug` for full debug logs.

-description: Reference article for az arcdata dc commands.

-# az arcdata dc

-Create, delete, and manage data controllers.

-## Commands

-| Command | Description|

-| | |

-[az arcdata dc create](#az-arcdata-dc-create) | Create data controller.

-[az arcdata dc upgrade](#az-arcdata-dc-upgrade) | Upgrade data controller.

-[az arcdata dc update](#az-arcdata-dc-update) | Update data controller.

-[az arcdata dc list-upgrades](#az-arcdata-dc-list-upgrades) | List available upgrade versions.

-[az arcdata dc delete](#az-arcdata-dc-delete) | Delete data controller.

-[az arcdata dc endpoint](reference-az-arcdata-dc-endpoint.md) | Endpoint commands.

-[az arcdata dc status](reference-az-arcdata-dc-status.md) | Status commands.

-[az arcdata dc config](reference-az-arcdata-dc-config.md) | Configuration commands.

-[az arcdata dc debug](reference-az-arcdata-dc-debug.md) | Debug data controller.

-[az arcdata dc export](#az-arcdata-dc-export) | Export metrics, logs or usage.

-[az arcdata dc upload](#az-arcdata-dc-upload) | Upload exported data file.

-## az arcdata dc create

-Create data controller - kube config is required on your system along with credentials for the monitoring dashboards provided by the following environment variables - AZDATA_LOGSUI_USERNAME and AZDATA_LOGSUI_PASSWORD for Logs Dashboard, and AZDATA_METRICSUI_USERNAME and AZDATA_METRICSUI_PASSWORD for Metrics Dashboard. Alternatively AZDATA_USERNAME and AZDATA_PASSWORD will be used as a fallback if either sets of environment variables are missing.

-```azurecli

-az arcdata dc create

-```

-### Examples

-Deploy an indirectly connected data controller.

-```azurecli

-az arcdata dc create --name name --k8s-namespace namespace --connectivity-mode indirect --resource-group group --location location --subscription subscription --use-k8s

-```

-Deploy a directly connected data controller.

-```azurecli

-az arcdata dc create --name name --connectivity-mode direct --resource-group group --location location --subscription subscription --custom-location custom-location

-```

-### Global Arguments

-#### `--debug`

-Increase logging verbosity to show all debug logs.

-#### `--help -h`

-Show this help message and exit.

-#### `--output -o`

-Output format. Allowed values: json, jsonc, table, tsv. Default: json.

-#### `--query -q`

-JMESPath query string. See [http://jmespath.org/](http://jmespath.org) for more information and examples.

-#### `--verbose`

-Increase logging verbosity. Use `--debug` for full debug logs.

-## az arcdata dc upgrade

-Upgrade data controller to the desired-version specified. If desired-version is not specified, an attempt to upgrade to the latest version will be made. If you are unsure of the desired version, you may use the list-upgrades command to view available versions, or use the --dry-run argument to show which version would be used

-```azurecli

-az arcdata dc upgrade

-```

-### Examples

-Data controller upgrade.

-```azurecli

-az arcdata dc upgrade --k8s-namespace namespace --use-k8s

-```

-### Global Arguments

-#### `--debug`

-Increase logging verbosity to show all debug logs.

-#### `--help -h`

-Show this help message and exit.

-#### `--output -o`

-Output format. Allowed values: json, jsonc, table, tsv. Default: json.

-#### `--query -q`

-JMESPath query string. See [http://jmespath.org/](http://jmespath.org) for more information and examples.

-#### `--verbose`

-Increase logging verbosity. Use `--debug` for full debug logs.

-## az arcdata dc update

-Updates the datacontroller to enable/disable auto uploading logs and metrics

-```azurecli

-az arcdata dc update

-```

-### Examples

-Data controller upgrade.

-```azurecli

-az arcdata dc update --auto-upload-logs true --auto-upload-metrics true --name dc-name --resource-group resource-group

-```

-### Global Arguments

-#### `--debug`

-Increase logging verbosity to show all debug logs.

-#### `--help -h`

-Show this help message and exit.

-#### `--output -o`

-Output format. Allowed values: json, jsonc, table, tsv. Default: json.

-#### `--query -q`

-JMESPath query string. See [http://jmespath.org/](http://jmespath.org) for more information and examples.

-#### `--verbose`

-Increase logging verbosity. Use `--debug` for full debug logs.

-## az arcdata dc list-upgrades

-Attempts to list versions that are available in the docker image registry for upgrade. - kube config is required on your system along with the following environment variables ['AZDATA_USERNAME', 'AZDATA_PASSWORD'].

-```azurecli

-az arcdata dc list-upgrades

-```

-### Examples

-Data controller upgrade.

-```azurecli

-az arcdata dc list-upgrades --k8s-namespace namespace --use-k8s

-```

-### Global Arguments

-#### `--debug`

-Increase logging verbosity to show all debug logs.

-#### `--help -h`

-Show this help message and exit.

-#### `--output -o`

-Output format. Allowed values: json, jsonc, table, tsv. Default: json.

-#### `--query -q`

-JMESPath query string. See [http://jmespath.org/](http://jmespath.org) for more information and examples.

-#### `--verbose`

-Increase logging verbosity. Use `--debug` for full debug logs.

-## az arcdata dc delete

-Delete data controller - kube config is required on your system.

-```azurecli

-az arcdata dc delete

-```

-### Examples

-Delete an indirect connected data controller.

-```azurecli

-az arcdata dc delete --name name --k8s-namespace namespace --use-k8s

-```

-Delete a directly connected data controller.

-```azurecli

-az arcdata dc delete --name name --resource-group resource-group

-```

-### Global Arguments

-#### `--debug`

-Increase logging verbosity to show all debug logs.

-#### `--help -h`

-Show this help message and exit.

-#### `--output -o`

-Output format. Allowed values: json, jsonc, table, tsv. Default: json.

-#### `--query -q`

-JMESPath query string. See [http://jmespath.org/](http://jmespath.org) for more information and examples.

-#### `--verbose`

-Increase logging verbosity. Use `--debug` for full debug logs.

-## az arcdata dc export

-Export metrics, logs or usage to a file.

-```azurecli

-az arcdata dc export -t logs --path logs.json --k8s-namespace namespace --use-k8s

-```

-### Global Arguments

-#### `--debug`

-Increase logging verbosity to show all debug logs.

-#### `--help -h`

-Show this help message and exit.

-#### `--output -o`

-Output format. Allowed values: json, jsonc, table, tsv. Default: json.

-#### `--query -q`

-JMESPath query string. See [http://jmespath.org/](http://jmespath.org) for more information and examples.

-#### `--verbose`

-Increase logging verbosity. Use `--debug` for full debug logs.

-## az arcdata dc upload

-Upload data file exported from a data controller to Azure.

-```azurecli

-az arcdata dc upload

-```

-### Global Arguments

-#### `--debug`

-Increase logging verbosity to show all debug logs.

-#### `--help -h`

-Show this help message and exit.

-#### `--output -o`

-Output format. Allowed values: json, jsonc, table, tsv. Default: json.

-#### `--query -q`

-JMESPath query string. See [http://jmespath.org/](http://jmespath.org) for more information and examples.

-#### `--verbose`

-Increase logging verbosity. Use `--debug` for full debug logs.

-description: Reference article for az arcdata resource-kind commands.

-# az arcdata resource-kind

-Resource-kind commands to define and template custom resources on your cluster.

-## Commands

-| Command | Description|

-| | |

-[az arcdata resource-kind list](#az-arcdata-resource-kind-list) | List the available custom resource kinds for Arc that can be defined and created.

-[az arcdata resource-kind get](#az-arcdata-resource-kind-get) | Get the Arc resource-kind's template file.

-## az arcdata resource-kind list

-List the available custom resource kinds for Arc that can be defined and created. After listing, you can proceed to getting the template file needed to define or create that custom resource.

-```azurecli

-az arcdata resource-kind list

-```

-### Examples

-Example command for listing the available custom resource kinds for Arc.

-```azurecli

-az arcdata resource-kind list

-```

-### Global Arguments

-#### `--debug`

-Increase logging verbosity to show all debug logs.

-#### `--help -h`

-Show this help message and exit.

-#### `--output -o`

-Output format. Allowed values: json, jsonc, table, tsv. Default: json.

-#### `--query -q`

-JMESPath query string. See [http://jmespath.org/](http://jmespath.org) for more information and examples.

-#### `--verbose`

-Increase logging verbosity. Use `--debug` for full debug logs.

-## az arcdata resource-kind get

-Get the Arc resource-kind's template file.

-```azurecli

-az arcdata resource-kind get

-```

-### Examples

-Example command for getting an Arc resource-kind's CRD template file.

-```azurecli

-az arcdata resource-kind get --kind SqlManagedInstance

-```

-### Global Arguments

-#### `--debug`

-Increase logging verbosity to show all debug logs.

-#### `--help -h`

-Show this help message and exit.

-#### `--output -o`

-Output format. Allowed values: json, jsonc, table, tsv. Default: json.

-#### `--query -q`

-JMESPath query string. See [http://jmespath.org/](http://jmespath.org) for more information and examples.

-#### `--verbose`

-Increase logging verbosity. Use `--debug` for full debug logs.

-description: Reference article for az arcdata commands.

-# az arcdata

-## Commands

-| Command | Description|

-| | |

-|[az arcdata dc](reference-az-arcdata-dc.md) | Create, delete, and manage data controllers.

-|[az arcdata resource-kind](reference-az-arcdata-resource-kind.md) | Resource-kind commands to define and template custom resources on your cluster.

-|[az arcdata ad-connector](reference-az-arcdata-ad-connector.md) | Manage Active Directory authentication for Azure Arc data services.|

-## az sql mi-arc

-| Command | Description|

-| | |

-|[az sql_mi-arc](reference-az-sql-mi-arc.md) | Manage Azure Arc-enabled SQL managed instances.

-## az sql midb-arc

-| Command | Description|

-| | |

-|[az sql midb-arc](reference-az-sql-midb-arc.md) | Manage databases for Azure Arc-enabled SQL managed instances.

-## sql instance-failover-group-arc

-| Command | Description|

-| | |

-|[az sql instance-failover-group-arc](reference-az-sql-instance-failover-group-arc.md) | Create or Delete a Failover Group.|

-## az postgres arc-server

-| Command | Description|

-| | |

-|[az postgres arc-server](reference-az-postgres-arc-server.md) | Manage Azure Arc enabled PostgreSQL Hyperscale server groups.

-description: Reference article for az postgres arc-server endpoint commands.

-# az postgres arc-server endpoint

-Manage Azure Arc enabled PostgreSQL Hyperscale server group endpoints.

-## Commands

-| Command | Description|

-| | |

-[az postgres arc-server endpoint list](#az-postgres-arc-server-endpoint-list) | List Azure Arc enabled PostgreSQL Hyperscale server group endpoints.

-## az postgres arc-server endpoint list

-List Azure Arc enabled PostgreSQL Hyperscale server group endpoints.

-```azurecli

-az postgres arc-server endpoint list

-```

-### Examples

-List Azure Arc enabled PostgreSQL Hyperscale server group endpoints.

-```azurecli

-az postgres arc-server endpoint list --name postgres01 --k8s-namespace namespace --use-k8s

-```

-### Global Arguments

-#### `--debug`

-Increase logging verbosity to show all debug logs.

-#### `--help -h`

-Show this help message and exit.

-#### `--output -o`

-Output format. Allowed values: json, jsonc, table, tsv. Default: json.

-#### `--query -q`

-JMESPath query string. See [http://jmespath.org/](http://jmespath.org) for more information and examples.

-#### `--verbose`

-Increase logging verbosity. Use `--debug` for full debug logs.

-description: Reference article for az postgres arc-server commands.

-# az postgres arc-server

-Manage Azure Arc enabled PostgreSQL Hyperscale server groups.

-## Commands

-| Command | Description|

-| | |

-[az postgres arc-server create](#az-postgres-arc-server-create) | Create an Azure Arc enabled PostgreSQL Hyperscale server group.

-[az postgres arc-server edit](#az-postgres-arc-server-edit) | Edit the configuration of an Azure Arc enabled PostgreSQL Hyperscale server group.

-[az postgres arc-server delete](#az-postgres-arc-server-delete) | Delete an Azure Arc enabled PostgreSQL Hyperscale server group.

-[az postgres arc-server show](#az-postgres-arc-server-show) | Show the details of an Azure Arc enabled PostgreSQL Hyperscale server group.

-[az postgres arc-server list](#az-postgres-arc-server-list) | List Azure Arc enabled PostgreSQL Hyperscale server groups.

-[az postgres arc-server endpoint](reference-az-postgres-arc-server-endpoint.md) | Manage Azure Arc enabled PostgreSQL Hyperscale server group endpoints.

-## az postgres arc-server create

-To set the password of the server group, please set the environment variable AZDATA_PASSWORD

-```azurecli

-az postgres arc-server create

-```

-### Examples

-Create an Azure Arc enabled PostgreSQL Hyperscale server group.

-```azurecli

-az postgres arc-server create -n pg1 --k8s-namespace namespace --use-k8s

-```

-Create an Azure Arc enabled PostgreSQL Hyperscale server group with engine settings. Both below examples are valid.

-```azurecli

-az postgres arc-server create -n pg1 --engine-settings "key1=val1" --k8s-namespace namespace

-az postgres arc-server create -n pg1 --engine-settings "key2=val2" --k8s-namespace namespace --use-k8s

-```

-Create a PostgreSQL server group with volume claim mounts.

-```azurecli

-az postgres arc-server create -n pg1 --volume-claim-mounts backup-pvc:backup

-```

-Create a PostgreSQL server group with specific memory-limit for different node roles.

-```azurecli

-az postgres arc-server create -n pg1 --memory-limit "coordinator=2Gi,w=1Gi" --workers 1 --k8s-namespace namespace --use-k8s

-```

-### Global Arguments

-#### `--debug`

-Increase logging verbosity to show all debug logs.

-#### `--help -h`

-Show this help message and exit.

-#### `--output -o`

-Output format. Allowed values: json, jsonc, table, tsv. Default: json.

-#### `--query -q`

-JMESPath query string. See [http://jmespath.org/](http://jmespath.org) for more information and examples.

-#### `--verbose`

-Increase logging verbosity. Use `--debug` for full debug logs.

-## az postgres arc-server edit

-Edit the configuration of an Azure Arc enabled PostgreSQL Hyperscale server group.

-```azurecli

-az postgres arc-server edit

-```

-### Examples

-Edit the configuration of an Azure Arc enabled PostgreSQL Hyperscale server group.

-```azurecli

-az postgres arc-server edit --path ./spec.json -n pg1 --k8s-namespace namespace --use-k8s

-```

-Edit an Azure Arc enabled PostgreSQL Hyperscale server group with engine settings for the coordinator node.

-```azurecli

-az postgres arc-server edit -n pg1 --coordinator-settings "key2=val2" --k8s-namespace namespace

-```

-Edits an Azure Arc enabled PostgreSQL Hyperscale server group and replaces existing engine settings with new setting key1=val1.

-```azurecli

-az postgres arc-server edit -n pg1 --engine-settings "key1=val1" --replace-settings --k8s-namespace namespace

-```

-### Global Arguments

-#### `--debug`

-Increase logging verbosity to show all debug logs.

-#### `--help -h`

-Show this help message and exit.

-#### `--output -o`

-Output format. Allowed values: json, jsonc, table, tsv. Default: json.

-#### `--query -q`

-JMESPath query string. See [http://jmespath.org/](http://jmespath.org) for more information and examples.

-#### `--verbose`

-Increase logging verbosity. Use `--debug` for full debug logs.

-## az postgres arc-server delete

-Delete an Azure Arc enabled PostgreSQL Hyperscale server group.

-```azurecli

-az postgres arc-server delete

-```

-### Examples

-Delete an Azure Arc enabled PostgreSQL Hyperscale server group.

-```azurecli

-az postgres arc-server delete -n pg1 --k8s-namespace namespace --use-k8s

-```

-### Global Arguments

-#### `--debug`

-Increase logging verbosity to show all debug logs.

-#### `--help -h`

-Show this help message and exit.

-#### `--output -o`

-Output format. Allowed values: json, jsonc, table, tsv. Default: json.

-#### `--query -q`

-JMESPath query string. See [http://jmespath.org/](http://jmespath.org) for more information and examples.

-#### `--verbose`

-Increase logging verbosity. Use `--debug` for full debug logs.

-## az postgres arc-server show

-Show the details of an Azure Arc enabled PostgreSQL Hyperscale server group.

-```azurecli

-az postgres arc-server show

-```

-### Examples

-Show the details of an Azure Arc enabled PostgreSQL Hyperscale server group.

-```azurecli

-az postgres arc-server show -n pg1 --k8s-namespace namespace --use-k8s

-```

-### Global Arguments

-#### `--debug`

-Increase logging verbosity to show all debug logs.

-#### `--help -h`

-Show this help message and exit.

-#### `--output -o`

-Output format. Allowed values: json, jsonc, table, tsv. Default: json.

-#### `--query -q`

-JMESPath query string. See [http://jmespath.org/](http://jmespath.org) for more information and examples.

-#### `--verbose`

-Increase logging verbosity. Use `--debug` for full debug logs.

-## az postgres arc-server list

-List Azure Arc enabled PostgreSQL Hyperscale server groups.

-```azurecli

-az postgres arc-server list

-```

-### Examples

-List Azure Arc enabled PostgreSQL Hyperscale server groups.

-```azurecli

-az postgres arc-server list --k8s-namespace namespace --use-k8s

-```

-### Global Arguments

-#### `--debug`

-Increase logging verbosity to show all debug logs.

-#### `--help -h`

-Show this help message and exit.

-#### `--output -o`

-Output format. Allowed values: json, jsonc, table, tsv. Default: json.

-#### `--query -q`

-JMESPath query string. See [http://jmespath.org/](http://jmespath.org) for more information and examples.

-#### `--verbose`

-Increase logging verbosity. Use `--debug` for full debug logs.

-description: Reference article for az sql instance-failover-group-arc.

-# az sql instance-failover-group-arc

-Create or Delete a Failover Group.

-## Commands

-| Command | Description|

-| | |

-[az sql instance-failover-group-arc create](#az-sql-instance-failover-group-arc-create) | Create a failover group resource

-[az sql instance-failover-group-arc update](#az-sql-instance-failover-group-arc-update) | Update a failover group resource

-[az sql instance-failover-group-arc delete](#az-sql-instance-failover-group-arc-delete) | Delete a failover group resource on a SQL managed instance.

-[az sql instance-failover-group-arc show](#az-sql-instance-failover-group-arc-show) | show a failover group resource.

-## az sql instance-failover-group-arc create

-Create a failover group resource to create a distributed availability group

-```azurecli

-az sql instance-failover-group-arc create

-```

-### Examples

-Ex 1 - Create a failover group resource fogCr1 to create failover group by using shared name sharedName1 between sqlmi instance sqlmi1 and partner SQL managed instance sqlmi2. It requires partner sqlmi primary mirror partnerPrimary:5022 and partner sqlmi mirror endpoint certificate file ./sqlmi2.cer.

-```azurecli

-az sql instance-failover-group-arc create --name fogCr1 --shared-name sharedName1 --mi sqlmi1 --role primary --partner-mi sqlmi2 --partner-mirroring-url partnerPrimary:5022 --partner-mirroring-cert-file ./sqlmi2.cer --use-k8s

-```

-### Global Arguments

-#### `--debug`

-Increase logging verbosity to show all debug logs.

-#### `--help -h`

-Show this help message and exit.

-#### `--output -o`

-Output format. Allowed values: json, jsonc, table, tsv. Default: json.

-#### `--query -q`

-JMESPath query string. See [http://jmespath.org/](http://jmespath.org) for more information and examples.

-#### `--verbose`

-Increase logging verbosity. Use `--debug` for full debug logs.

-## az sql instance-failover-group-arc update

-Update a failover group resource to change the role of distributed availability group

-```azurecli

-az sql instance-failover-group-arc update

-```

-### Examples

-Ex 1 - Update a failover group resource fogCr1 to secondary role from primary

-```azurecli

-az sql instance-failover-group-arc update --name fogCr1 --role secondary --use-k8s

-```

-### Global Arguments

-#### `--debug`

-Increase logging verbosity to show all debug logs.

-#### `--help -h`

-Show this help message and exit.

-#### `--output -o`

-Output format. Allowed values: json, jsonc, table, tsv. Default: json.

-#### `--query -q`

-JMESPath query string. See [http://jmespath.org/](http://jmespath.org) for more information and examples.

-#### `--verbose`

-Increase logging verbosity. Use `--debug` for full debug logs.

-## az sql instance-failover-group-arc delete

-Delete a failover group resource on a SQL managed instance.

-```azurecli

-az sql instance-failover-group-arc delete

-```

-### Examples

-Ex 1 - delete failover group resources named fogCr1.

-```azurecli

-az sql instance-failover-group-arc delete --name fogCr1 --use-k8s

-```

-### Global Arguments

-#### `--debug`

-Increase logging verbosity to show all debug logs.

-#### `--help -h`

-Show this help message and exit.

-#### `--output -o`

-Output format. Allowed values: json, jsonc, table, tsv. Default: json.

-#### `--query -q`

-JMESPath query string. See [http://jmespath.org/](http://jmespath.org) for more information and examples.

-#### `--verbose`

-Increase logging verbosity. Use `--debug` for full debug logs.

-## az sql instance-failover-group-arc show

-show a failover group resource.

-```azurecli

-az sql instance-failover-group-arc show

-```

-### Examples

-Ex 1 - show failover group resources named fogCr1.

-```azurecli

-az sql instance-failover-group-arc show --name fogCr1 --use-k8s

-```

-### Global Arguments

-#### `--debug`

-Increase logging verbosity to show all debug logs.

-#### `--help -h`

-Show this help message and exit.

-#### `--output -o`

-Output format. Allowed values: json, jsonc, table, tsv. Default: json.

-#### `--query -q`

-JMESPath query string. See [http://jmespath.org/](http://jmespath.org) for more information and examples.

-#### `--verbose`

-Increase logging verbosity. Use `--debug` for full debug logs.

-description: Reference article for az sql mi-arc config commands.

-# az sql mi-arc config

-Configuration commands.

-## Commands

-| Command | Description|

-| | |

-[az sql mi-arc config init](#az-sql-mi-arc-config-init) | Initialize the CRD and specification files for a SQL managed instance.

-[az sql mi-arc config add](#az-sql-mi-arc-config-add) | Add a value for a json path in a config file.

-[az sql mi-arc config remove](#az-sql-mi-arc-config-remove) | Remove a value for a json path in a config file.

-[az sql mi-arc config replace](#az-sql-mi-arc-config-replace) | Replace a value for a json path in a config file.

-[az sql mi-arc config patch](#az-sql-mi-arc-config-patch) | Patch a config file based on a json patch file.

-## az sql mi-arc config init

-Initialize the CRD and specification files for a SQL managed instance.

-```azurecli

-az sql mi-arc config init

-```

-### Examples

-Initialize the CRD and specification files for a SQL managed instance.

-```azurecli

-az sql mi-arc config init --path ./template

-```

-### Global Arguments

-#### `--debug`

-Increase logging verbosity to show all debug logs.

-#### `--help -h`

-Show this help message and exit.

-#### `--output -o`

-Output format. Allowed values: json, jsonc, table, tsv. Default: json.

-#### `--query -q`

-JMESPath query string. See [http://jmespath.org/](http://jmespath.org) for more information and examples.

-#### `--verbose`

-Increase logging verbosity. Use `--debug` for full debug logs.

-## az sql mi-arc config add

-Add the value at the json path in the config file. All examples below are given in Bash. If using another command line, you may need to escape quotations appropriately. Alternatively, you may use the patch file functionality.

-```azurecli

-az sql mi-arc config add

-```

-### Examples

-Ex 1 - Add storage.

-```azurecli

-az sql mi-arc config add --path custom/spec.json --json-values "spec.storage={"accessMode":"ReadWriteOnce","className":"managed-premium","size":"10Gi"}"

-```

-### Global Arguments

-#### `--debug`

-Increase logging verbosity to show all debug logs.

-#### `--help -h`

-Show this help message and exit.

-#### `--output -o`

-Output format. Allowed values: json, jsonc, table, tsv. Default: json.

-#### `--query -q`

-JMESPath query string. See [http://jmespath.org/](http://jmespath.org) for more information and examples.

-#### `--verbose`

-Increase logging verbosity. Use `--debug` for full debug logs.

-## az sql mi-arc config remove

-Remove the value at the json path in the config file. All examples below are given in Bash. If using another command line, you may need to escape quotations appropriately. Alternatively, you may use the patch file functionality.

-```azurecli

-az sql mi-arc config remove

-```

-### Examples

-Ex 1 - Remove storage.

-```azurecli

-az sql mi-arc config remove --path custom/spec.json --json-path ".spec.storage"

-```

-### Global Arguments

-#### `--debug`

-Increase logging verbosity to show all debug logs.

-#### `--help -h`

-Show this help message and exit.

-#### `--output -o`

-Output format. Allowed values: json, jsonc, table, tsv. Default: json.

-#### `--query -q`

-JMESPath query string. See [http://jmespath.org/](http://jmespath.org) for more information and examples.

-#### `--verbose`

-Increase logging verbosity. Use `--debug` for full debug logs.

-## az sql mi-arc config replace

-Replace the value at the json path in the config file. All examples below are given in Bash. If using another command line, you may need to escape quotations appropriately. Alternatively, you may use the patch file functionality.

-```azurecli

-az sql mi-arc config replace

-```

-### Examples

-Ex 1 - Replace the port of a single endpoint.

-```azurecli

-az sql mi-arc config replace --path custom/spec.json --json-values "$.spec.endpoints[?(@.name=="Controller")].port=30080"

-```

-Ex 2 - Replace storage.

-```azurecli

-az sql mi-arc config replace --path custom/spec.json --json-values "spec.storage={"accessMode":"ReadWriteOnce","className":"managed-premium","size":"10Gi"}"

-```

-### Global Arguments

-#### `--debug`

-Increase logging verbosity to show all debug logs.

-#### `--help -h`

-Show this help message and exit.

-#### `--output -o`

-Output format. Allowed values: json, jsonc, table, tsv. Default: json.

-#### `--query -q`

-JMESPath query string. See [http://jmespath.org/](http://jmespath.org) for more information and examples.

-#### `--verbose`

-Increase logging verbosity. Use `--debug` for full debug logs.

-## az sql mi-arc config patch

-Patch the config file according to the given patch file. Consult http://jsonpatch.com/ for a better understanding of how the paths should be composed. The replace operation can use conditionals in its path due to the jsonpath library https://jsonpath.com/. All patch json files must start with a key of `patch` that has an array of patches with their corresponding op (add, replace, remove), path, and value. The `remove` op does not require a value, just a path. See the examples below.

-```azurecli

-az sql mi-arc config patch

-```

-### Examples

-Ex 1 - Replace the port of a single endpoint with patch file.

-```azurecli

-az sql mi-arc config patch --path custom/spec.json --patch ./patch.json

-```

-Patch File Example (patch.json):

-```json

-{"patch":[{"op":"replace","path":"$.spec.endpoints[?(@.name=="Controller")].port","value":30080}]}

-```

-Ex 2 - Replace storage with patch file.

-```azurecli

-az sql mi-arc config patch --path custom/spec.json --patch ./patch.json

-```

-Patch File Example (patch.json):

-```json

-{"patch":[{"op":"replace","path":".spec.storage","value":{"accessMode":"ReadWriteMany","className":"managed-premium","size":"10Gi"}}]}

-```

-### Global Arguments

-#### `--debug`

-Increase logging verbosity to show all debug logs.

-#### `--help -h`

-Show this help message and exit.

-#### `--output -o`

-Output format. Allowed values: json, jsonc, table, tsv. Default: json.

-#### `--query -q`

-JMESPath query string. See [http://jmespath.org/](http://jmespath.org) for more information and examples.

-#### `--verbose`

-Increase logging verbosity. Use `--debug` for full debug logs.

-description: Reference article for az sql mi-arc endpoint commands.

-# az sql mi-arc endpoint

-View and manage SQL endpoints.

-## Commands

-| Command | Description|

-| | |

-[az sql mi-arc endpoint list](#az-sql-mi-arc-endpoint-list) | List the SQL endpoints.

-## az sql mi-arc endpoint list

-List the SQL endpoints.

-```azurecli

-az sql mi-arc endpoint list

-```

-### Examples

-List the endpoints for a SQL managed instance.

-```azurecli

-az sql mi-arc endpoint list -n sqlmi1

-```

-### Global Arguments

-#### `--debug`

-Increase logging verbosity to show all debug logs.

-#### `--help -h`

-Show this help message and exit.

-#### `--output -o`

-Output format. Allowed values: json, jsonc, table, tsv. Default: json.

-#### `--query -q`

-JMESPath query string. See [http://jmespath.org/](http://jmespath.org) for more information and examples.

-#### `--verbose`

-Increase logging verbosity. Use `--debug` for full debug logs.

-description: Reference article for az sql mi-arc commands.

-# az sql mi-arc

-Manage Azure Arc-enabled SQL managed instances.

-## Commands

-| Command | Description|

-| | |

-[az sql mi-arc endpoint](reference-az-sql-mi-arc-endpoint.md) | View and manage SQL endpoints.

-[az sql mi-arc create](#az-sql-mi-arc-create) | Create a SQL managed instance.

-[az sql mi-arc update](#az-sql-mi-arc-update) | Update the configuration of a SQL managed instance.

-[az sql mi-arc delete](#az-sql-mi-arc-delete) | Delete a SQL managed instance.

-[az sql mi-arc show](#az-sql-mi-arc-show) | Show the details of a SQL managed instance.

-[az sql mi-arc get-mirroring-cert](#az-sql-mi-arc-get-mirroring-cert) | Retrieve certificate of availability group mirroring endpoint from sql mi and store in a file.

-[az sql mi-arc upgrade](#az-sql-mi-arc-upgrade) | Upgrade SQL managed instance.

-[az sql mi-arc list](#az-sql-mi-arc-list) | List SQL managed instances.

-[az sql mi-arc config](reference-az-sql-mi-arc-config.md) | Configuration commands.

-## az sql mi-arc create

-To set the password of the SQL managed instance, set the environment variable AZDATA_PASSWORD

-```azurecli

-az sql mi-arc create

-```

-### Examples

-Create an indirectly connected SQL managed instance.

-```azurecli

-az sql mi-arc create -n sqlmi1 --k8s-namespace namespace --use-k8s

-```

-Create an indirectly connected SQL managed instance with 3 replicas in HA scenario.

-```azurecli

-az sql mi-arc create -n sqlmi2 --replicas 3 --k8s-namespace namespace --use-k8s

-```

-Create a directly connected SQL managed instance.

-```azurecli

-az sql mi-arc create --name name --resource-group group --location location --subscription subscription --custom-location custom-location

-```

-Create an indirectly connected SQL managed instance with Active Directory authentication.

-```azurecli

-az sql mi-arc create --name contososqlmi --k8s-namespace arc --ad-connector-name arcadc --ad-connector-namespace arc --keytab-secret arcuser-keytab-secret --ad-account-name arcuser --primary-dns-name contososqlmi-primary.contoso.local --primary-port-number 81433 --use-k8s

-```

-### Global Arguments

-#### `--debug`

-Increase logging verbosity to show all debug logs.

-#### `--help -h`

-Show this help message and exit.

-#### `--output -o`

-Output format. Allowed values: json, jsonc, table, tsv. Default: json.

-#### `--query -q`

-JMESPath query string. See [http://jmespath.org/](http://jmespath.org) for more information and examples.

-#### `--verbose`

-Increase logging verbosity. Use `--debug` for full debug logs.

-## az sql mi-arc update

-Update the configuration of a SQL managed instance.

-```azurecli

-az sql mi-arc update

-```

-### Examples

-Update the configuration of a SQL managed instance.

-```azurecli

-az sql mi-arc update --path ./spec.json -n sqlmi1 --use-k8s

-```

-### Global Arguments

-#### `--debug`

-Increase logging verbosity to show all debug logs.

-#### `--help -h`

-Show this help message and exit.

-#### `--output -o`

-Output format. Allowed values: json, jsonc, table, tsv. Default: json.

-#### `--query -q`

-JMESPath query string. See [http://jmespath.org/](http://jmespath.org) for more information and examples.

-#### `--verbose`

-Increase logging verbosity. Use `--debug` for full debug logs.

-## az sql mi-arc delete

-Delete a SQL managed instance.

-```azurecli

-az sql mi-arc delete

-```

-### Examples

-Delete a SQL managed instance using provided namespace.

-```azurecli

-az sql mi-arc delete --name sqlmi1 --k8s-namespace namespace --use-k8s

-```

-### Global Arguments

-#### `--debug`

-Increase logging verbosity to show all debug logs.

-#### `--help -h`

-Show this help message and exit.

-#### `--output -o`

-Output format. Allowed values: json, jsonc, table, tsv. Default: json.

-#### `--query -q`

-JMESPath query string. See [http://jmespath.org/](http://jmespath.org) for more information and examples.

-#### `--verbose`

-Increase logging verbosity. Use `--debug` for full debug logs.

-## az sql mi-arc show

-Show the details of a SQL managed instance.

-```azurecli

-az sql mi-arc show

-```

-### Examples

-Show the details of an indirect connected SQL managed instance.

-```azurecli

-az sql mi-arc show --name sqlmi1 --k8s-namespace namespace --use-k8s

-```

-Show the details of a directly connected SQL managed instance.

-```azurecli

-az sql mi-arc show --name sqlmi1 --resource-group resource-group

-```

-### Global Arguments

-#### `--debug`

-Increase logging verbosity to show all debug logs.

-#### `--help -h`

-Show this help message and exit.

-#### `--output -o`

-Output format. Allowed values: json, jsonc, table, tsv. Default: json.

-#### `--query -q`

-JMESPath query string. See [http://jmespath.org/](http://jmespath.org) for more information and examples.

-#### `--verbose`

-Increase logging verbosity. Use `--debug` for full debug logs.

-## az sql mi-arc get-mirroring-cert

-Retrieve certificate of availability group mirroring endpoint from sql mi and store in a file.

-```azurecli

-az sql mi-arc get-mirroring-cert

-```

-### Examples

-Retrieve certificate of availability group mirroring endpoint from sqlmi1 and store in file fileName1

-```azurecli

-az sql mi-arc get-mirroring-cert -n sqlmi1 --cert-file fileName1

-```

-### Global Arguments

-#### `--debug`

-Increase logging verbosity to show all debug logs.

-#### `--help -h`

-Show this help message and exit.

-#### `--output -o`

-Output format. Allowed values: json, jsonc, table, tsv. Default: json.

-#### `--query -q`

-JMESPath query string. See [http://jmespath.org/](http://jmespath.org) for more information and examples.

-#### `--verbose`

-Increase logging verbosity. Use `--debug` for full debug logs.

-## az sql mi-arc upgrade

-Upgrade SQL managed instance to the desired-version specified. If desired-version is not specified, the data controller version will be used.

-```azurecli

-az sql mi-arc upgrade

-```

-### Examples

-Upgrade SQL managed instance.

-```azurecli

-az sql mi-arc upgrade -n sqlmi1 -k arc --desired-version v1.1.0 --use-k8s

-```

-### Global Arguments

-#### `--debug`

-Increase logging verbosity to show all debug logs.

-#### `--help -h`

-Show this help message and exit.

-#### `--output -o`

-Output format. Allowed values: json, jsonc, table, tsv. Default: json.

-#### `--query -q`

-JMESPath query string. See [http://jmespath.org/](http://jmespath.org) for more information and examples.

-#### `--verbose`

-Increase logging verbosity. Use `--debug` for full debug logs.

-## az sql mi-arc list

-List SQL managed instances.

-```azurecli

-az sql mi-arc list

-```

-### Examples

-List SQL managed instances.

-```azurecli

-az sql mi-arc list --use-k8s

-```

-### Global Arguments

-#### `--debug`

-Increase logging verbosity to show all debug logs.

-#### `--help -h`

-Show this help message and exit.

-#### `--output -o`

-Output format. Allowed values: json, jsonc, table, tsv. Default: json.

-#### `--query -q`

-JMESPath query string. See [http://jmespath.org/](http://jmespath.org) for more information and examples.

-#### `--verbose`

-Increase logging verbosity. Use `--debug` for full debug logs.

-description: Reference article for az sql midb-arc commands.

-# az sql midb-arc

-Manage databases for Azure Arc-enabled SQL managed instances.

-## Commands

-| Command | Description|

-| | |

-[az sql midb-arc restore](#az-sql-midb-arc-restore) | Restore a database to an Azure Arc enabled SQL managed instance.

-## az sql midb-arc restore

-Restore a database to an Azure Arc enabled SQL managed instance.

-```azurecli

-az sql midb-arc restore

-```

-### Examples

-Ex 1 - Restore a database using Point in time restore.

-```azurecli

-az sql midb-arc restore --managed-instance sqlmi1 --name mysourcedb

- --dest-name mynewdb --time "2021-10-20T05:34:22Z" --k8s-namespace

- arc --use-k8s --dry-run

-```

-### Global Arguments

-#### `--debug`

-Increase logging verbosity to show all debug logs.

-#### `--help -h`

-Show this help message and exit.

-#### `--output -o`

-Output format. Allowed values: json, jsonc, table, tsv. Default: json.

-#### `--query -q`

-JMESPath query string. See [http://jmespath.org/](http://jmespath.org) for more information and examples.

-#### `--verbose`

-Increase logging verbosity. Use `--debug` for full debug logs.

-|[JHC Technology, Inc.](https://www.effectual.com/jhc-technology/)|

- "dataSources": [

- {

- "resourceId": "/subscriptions/a5ea55e2-7482-49ba-90b3-60e7496dd873/resourcegroups/test/providers/microsoft.operationalinsights/workspaces/test",

- "tables": [

- "Heartbeat"

- ]

- }

- ],

- "IncludedSearchResults": "True",

- "AlertType": "Metric measurement"

-# Azure Monitor best practices - Analyze and visualize data

-This article is part of the scenario [Recommendations for configuring Azure Monitor](best-practices.md). It describes builtin features in Azure Monitor for analyzing collected data and options for creating custom visualizations to meet the requirements of different users in your organization. Visualizations such as charts and graphs can help you analyze your monitoring data to drill down on issues and identify patterns.

-## Builtin analysis features

-Most Azure services will have an **Overview** page in the Azure portal that includes a **Monitor** section with charts showing recent charts for critical metrics. This is intended for owners of individual services to quickly assess the performance of the resource. Since this page is based on platform metrics that are collected automatically, there's no configuration required for this feature.

-### Metrics explorer

-Metrics explorer allows users to interactively work with metric data and create metric alerts. Most users will be able to use metrics explorer with minimal training but must be familiar with the metrics they want to analyze. There's no configuration required for this feature once data collection has been configured. Platform metrics for Azure resources will automatically be available. Guest metrics for virtual machines will be available when Azure Monitor agent has been deployed to them, and application metrics will be available when Application Insights has been configured.

-Log Analytics allows users to create log queries to interactively work with log data and create log query alerts. There is some training required for users to become familiar with the query language, although they can use prebuilt queries for common requirements. You can also add [query packs](logs/query-packs.md) with queries that are unique to your organization. This allows users who are familiar with the query language to build queries for others in the organization.

-[Workbooks](./visualize/workbooks-overview.md) are the visualization platform of choice for Azure providing a flexible canvas for data analysis and creation of rich visual reports. Workbooks enable you to tap into multiple data sources from across Azure and combine them into unified interactive experiences. They are especially useful to prepare E2E monitoring views across multiple Azure resources.

-Insights use prebuilt workbooks to present users with critical health and performance information for a particular service. You can access a gallery of additional workbooks in the **Workbooks** tab of the Azure Monitor menu and create custom workbooks to meet requirements of your different users.

-Common scenarios for workbooks include the following:

-## Azure Dashboards

-[Azure dashboards](../azure-portal/azure-portal-dashboards.md) are useful in providing a single pane of glass over your Azure infrastructure and services. While a workbook provides richer functionality, a dashboard can combine Azure Monitor data with data from other Azure services.

-Here's a video walkthrough on creating dashboards:

-Common scenarios for dashboards include the following:

-

-See [Create and share dashboards of Log Analytics data](visualize/tutorial-logs-dashboards.md) for details on creating a dashboard that includes data from Azure Monitor Logs. See [Create custom KPI dashboards using Azure Application Insights](app/tutorial-app-dashboards.md) for details on creating a dashboard that includes data from Application Insights.

-[Grafana](https://grafana.com/) is an open platform that excels in operational dashboards. It's useful for detecting, isolating, and triaging operational incidents, combining visualizations of Azure and non-Azure data sources including on-premises, third party tools, and data stores in other clouds. Grafana has popular plugins and dashboard templates for APM tools such as Dynatrace, New Relic, and App Dynamics which enables users to visualize Azure platform data alongside other metrics from higher in the stack collected by other tools. It also has AWS CloudWatch and GCP BigQuery plugins for multi-cloud monitoring in a single pane of glass.

-Additionally, [Azure Managed Grafana](../managed-grafan) to get started.

-Common scenarios for Grafana include the following:

-[Power BI](https://powerbi.microsoft.com/documentation/powerbi-service-get-started/) is useful for creating business-centric dashboards and reports, along with reports that analyze long-term KPI trends. You can [import the results of a log query](./logs/log-powerbi.md) into a Power BI dataset and then take advantage of its features, such as combining data from different sources and sharing reports on the web and mobile devices.

-Common scenarios for Power BI include the following:

-Some Azure Monitor partners provide visualization functionality. For a list of partners that Microsoft has evaluated, see [Azure Monitor partner integrations](./partners.md). An Azure Monitor partner might provide out-of-the-box visualizations to save you time, although these solutions may have an additional cost.

-You can then build your own custom websites and applications using metric and log data in Azure Monitor accessed through a REST API. This gives you complete flexibility in UI, visualization, interactivity, and features.

-description: Monitoring data collected by Azure Monitor is separated into metrics that are lightweight and capable of supporting near real-time scenarios and logs that are used for advanced analysis.

-Enabling observability across today's complex computing environments running distributed applications that rely on both cloud and on-premises services, requires collection of operational data from every layer and every component of the distributed system. You need to be able to perform deep insights on this data and consolidate it into a single pane of glass with different perspectives to support the multitude of stakeholders in your organization.

-[Azure Monitor](overview.md) collects and aggregates data from a variety of sources into a common data platform where it can be used for analysis, visualization, and alerting. It provides a consistent experience on top of data from multiple sources, which gives you deep insights across all your monitored resources and even with data from other services that store their data in Azure Monitor.

-

-Metrics, logs, and distributed traces are commonly referred to as the three pillars of observability. These are the different kinds of data that a monitoring tool must collect and analyze to provide sufficient observability of a monitored system. Observability can be achieved by correlating data from multiple pillars and aggregating data across the entire set of resources being monitored. Because Azure Monitor stores data from multiple sources together, the data can be correlated and analyzed using a common set of tools. It also correlates data across multiple Azure subscriptions and tenants, in addition to hosting data for other services.

-Azure resources generate a significant amount of monitoring data. Azure Monitor consolidates this data along with monitoring data from other sources into either a Metrics or Logs platform. Each is optimized for particular monitoring scenarios, and each supports different features in Azure Monitor. Features such as data analysis, visualizations, or alerting require you to understand the differences so that you can implement your required scenario in the most efficient and cost effective manner. Insights in Azure Monitor such as [Application Insights](app/app-insights-overview.md) or [VM insights](vm/vminsights-overview.md) have analysis tools that allow you to focus on the particular monitoring scenario without having to understand the differences between the two types of data.

-[Metrics](essentials/data-platform-metrics.md) are numerical values that describe some aspect of a system at a particular point in time. They are collected at regular intervals and are identified with a timestamp, a name, a value, and one or more defining labels. Metrics can be aggregated using a variety of algorithms, compared to other metrics, and analyzed for trends over time.

-Metrics in Azure Monitor are stored in a time-series database which is optimized for analyzing time-stamped data. This makes metrics particularly suited for alerting and fast detection of issues. They can tell you how your system is performing but typically need to be combined with logs to identify the root cause of issues.

-Metrics are available for interactive analysis in the Azure portal with [Azure Metrics Explorer](essentials/metrics-getting-started.md). They can be added to an [Azure dashboard](app/tutorial-app-dashboards.md) for visualization in combination with other data and used for near-real time [alerting](alerts/alerts-metric.md).

-Read more about Azure Monitor Metrics including their sources of data in [Metrics in Azure Monitor](essentials/data-platform-metrics.md).

-[Logs](logs/data-platform-logs.md) are events that occurred within the system. They can contain different kinds of data and may be structured or free form text with a timestamp. They may be created sporadically as events in the environment generate log entries, and a system under heavy load will typically generate more log volume.

-Logs in Azure Monitor are stored in a Log Analytics workspace that's based on [Azure Data Explorer](/azure/data-explorer/) which provides a powerful analysis engine and [rich query language](/azure/kusto/query/). Logs typically provide enough information to provide complete context of the issue being identified and are valuable for identifying root case of issues.

-> [!NOTE]

-> It's important to distinguish between Azure Monitor Logs and sources of log data in Azure. For example, subscription level events in Azure are written to an [activity log](essentials/platform-logs-overview.md) that you can view from the Azure Monitor menu. Most resources will write operational information to a [resource log](essentials/platform-logs-overview.md) that you can forward to different locations. Azure Monitor Logs is a log data platform that collects activity logs and resource logs along with other monitoring data to provide deep analysis across your entire set of resources.

- You can work with [log queries](logs/log-query-overview.md) interactively with [Log Analytics](logs/log-query-overview.md) in the Azure portal or add the results to an [Azure dashboard](app/tutorial-app-dashboards.md) for visualization in combination with other data. You can also create [log alerts](alerts/alerts-log.md) which will trigger an alert based on the results of a schedule query.

-Read more about Azure Monitor Logs including their sources of data in [Logs in Azure Monitor](logs/data-platform-logs.md).

-Traces are series of related events that follow a user request through a distributed system. They can be used to determine behavior of application code and the performance of different transactions. While logs will often be created by individual components of a distributed system, a trace measures the operation and performance of your application across the entire set of components.

-Distributed tracing in Azure Monitor is enabled with the [Application Insights SDK](app/distributed-tracing.md), and trace data is stored with other application log data collected by Application Insights. This makes it available to the same analysis tools as other log data including log queries, dashboards, and alerts.

-Read more about distributed tracing at [What is Distributed Tracing?](app/distributed-tracing.md).

-## Compare Azure Monitor Metrics and Logs

-The following table compares Metrics and Logs in Azure Monitor.

-| Benefits | Lightweight and capable of near-real time scenarios such as alerting. Ideal for fast detection of issues. | Analyzed with rich query language. Ideal for deep analysis and identifying root cause. |

-| Data | Numerical values only | Text or numeric data |

-| Structure | Standard set of properties including sample time, resource being monitored, a numeric value. Some metrics include multiple dimensions for further definition. | Unique set of properties depending on the log type. |

-| Collection | Collected at regular intervals. | May be collected sporadically as events trigger a record to be created. |

-| View in Azure portal | Metrics Explorer | Log Analytics |

-| Data sources include | Platform metrics collected from Azure resources.<br>Applications monitored by Application Insights.<br>Custom defined by application or API. | Application and resource logs.<br>Monitoring solutions.<br>Agents and VM extensions.<br>Application requests and exceptions.<br>Microsoft Defender for Cloud.<br>Data Collector API. |

-Different [sources of data for Azure Monitor](agents/data-sources.md) will write to either a Log Analytics workspace (Logs) or the Azure Monitor metrics database (Metrics) or both. Some sources will write directly to these data stores, while others may write to another location such as Azure storage and require some configuration to populate logs or metrics.

-See [Metrics in Azure Monitor](essentials/data-platform-metrics.md) and [Logs in Azure Monitor](logs/data-platform-logs.md) for a listing of different data sources that populate each type.

-In addition to using the tools in Azure to analyze monitoring data, you may have a requirement to forward it to an external tool such as a security information and event management (SIEM) product. This forwarding is typically done directly from monitored resources through [Azure Event Hubs](../event-hubs/index.yml). Some sources can be configured to send data directly to an event hub while you can use another process such as a Logic App to retrieve the required data. See [Stream Azure monitoring data to an event hub for consumption by an external tool](essentials/stream-monitoring-data-event-hubs.md) for details.

-This document is intended to provide information specific to [Azure Monitor Logs](../logs/data-platform-logs.md) to supplement the information on [Azure Trust Center](https://www.microsoft.com/en-us/trust-center?rtc=1).

-This article explains how log data is collected, processed, and secured by Azure Monitor. You can use agents to connect to the web service, use System Center Operations Manager to collect operational data, or retrieve data from Azure diagnostics for use by Azure Monitor.

-Azure Monitor Logs manages your cloud-based data securely by using the following methods:

-You can also use additional security features built into Azure Monitor. These features require more administrator management.

-* Customer-managed (security) keys

-* Azure Private Storage

-* Private Link networking

-* Azure support access limits set by Azure Lockbox

-The [PCI Security Standards Council](https://www.pcisecuritystandards.org/) has set a [deadline of June 30th, 2018](https://www.pcisecuritystandards.org/pdfs/PCI_SSC_Migrating_from_SSL_and_Early_TLS_Resource_Guide.pdf) to disable older versions of TLS/SSL and upgrade to more secure protocols. Once Azure drops legacy support, if your agents cannot communicate over at least TLS 1.2 you would not be able to send data to Azure Monitor Logs.

-| Windows 8.0 - 10 | Supported, and enabled by default. | To confirm that you are still using the [default settings](/windows-server/security/tls/tls-registry-settings). |

-| Windows Server 2012 - 2016 | Supported, and enabled by default. | To confirm that you are still using the [default settings](/windows-server/security/tls/tls-registry-settings) |

-After your data is ingested by Azure Monitor, the data is kept logically separate on each component throughout the service. All data is tagged per workspace. This tagging persists throughout the data lifecycle, and it is enforced at each layer of the service. Your data is stored in a dedicated database in the storage cluster in the region you have selected.

-The Azure Monitor software development and service team's information security and governance program supports its business requirements and adheres to laws and regulations as described at [Microsoft Azure Trust Center](https://azure.microsoft.com/support/trust-center/) and [Microsoft Trust Center Compliance](https://www.microsoft.com/en-us/trustcenter/compliance/default.aspx). How Azure Monitor Logs establishes security requirements, identifies security controls, manages, and monitors risks are also described there. Annually, we review polices, standards, procedures, and guidelines.

-Microsoft has a security and compliance team that oversees and assesses all services in Microsoft. Information security officers make up the team and they are not associated with the engineering teams that develops Log Analytics. The security officers have their own management chain and conduct independent assessments of products and services to ensure security and compliance.

-The following diagram shows a cloud security architecture as the flow of information from your company and how it is secured as is moves to Azure Monitor, ultimately seen by you in the Azure portal. More information about each step follows the diagram.

-## 1. Sign up for Azure Monitor and collect data

-For Operations Manager, the Operations Manager management group establishes a connection with the Azure Monitor service. You then configure which agent-managed systems in the management group are allowed to collect and send data to the service. Depending on the solution you have enabled, data from these solutions are either sent directly from an Operations Manager management server to the Azure Monitor service, or because of the volume of data collected by the agent-managed system, are sent directly from the agent to the service. For systems not monitored by Operations Manager, each connects securely to the Azure Monitorservice directly.

-Each type of agent collects log data for Azure Monitor. The type of data that is collected is depends on the configuration of your workspace and other features of Azure Monitor.

-## 2. Send data from agents

-As described above, data from the management server or direct-connected agents is sent over TLS to Microsoft Azure datacenters. Optionally, you can use ExpressRoute to provide additional security for the data. ExpressRoute is a way to directly connect to Azure from your existing WAN network, such as a multi-protocol label switching (MPLS) VPN, provided by a network service provider. For more information, see [ExpressRoute](https://azure.microsoft.com/services/expressroute/).

-## 3. The Azure Monitor service receives and processes data

-## 4. Use Azure Monitor to access the data

-## Additional Security features

-Azure Monitor helps you maximize the availability and performance of your applications and services. It delivers a comprehensive solution for collecting, analyzing, and acting on telemetry from your cloud and on-premises environments. This information helps you understand how your applications are performing and proactively identify issues affecting them and the resources they depend on.

-Just a few examples of what you can do with Azure Monitor include:

-The following diagram gives a high-level view of Azure Monitor. At the center of the diagram are the data stores for metrics and logs, which are the two fundamental types of data used by Azure Monitor. On the left are the [sources of monitoring data](agents/data-sources.md) that populate these [data stores](data-platform.md). On the right are the different functions that Azure Monitor performs with this collected data. This includes such actions as analysis, alerting, and streaming to external systems.

-The video below uses an earlier version of the diagram above, but its explanations are still relevant.

-## Monitoring data platform

-All data collected by Azure Monitor fits into one of two fundamental types, [metrics and logs](data-platform.md). [Metrics](essentials/data-platform-metrics.md) are numerical values that describe some aspect of a system at a particular point in time. They are lightweight and capable of supporting near real-time scenarios. [Logs](logs/data-platform-logs.md) contain different kinds of data organized into records with different sets of properties for each type. Telemetry such as events and traces are stored as logs in addition to performance data so that it can all be combined for analysis.

-For many Azure resources, you'll see data collected by Azure Monitor right in their Overview page in the Azure portal. Have a look at any virtual machine for example, and you'll see several charts displaying performance metrics. Click on any of the graphs to open the data in [metrics explorer](essentials/metrics-charts.md) in the Azure portal, which allows you to chart the values of multiple metrics over time. You can view the charts interactively or pin them to a dashboard to view them with other visualizations.

-

-Log data collected by Azure Monitor can be analyzed with [queries](logs/log-query-overview.md) to quickly retrieve, consolidate, and analyze collected data. You can create and test queries using [Log Analytics](./logs/log-query-overview.md) in the Azure portal. You can then either directly analyze the data using different tools or save queries for use with [visualizations](best-practices-analysis.md) or [alert rules](alerts/alerts-overview.md).

-Azure Monitor uses a version of the [Kusto query language](/azure/kusto/query/) that is suitable for simple log queries but also includes advanced functionality such as aggregations, joins, and smart analytics. You can quickly learn the query language using [multiple lessons](logs/get-started-queries.md). Particular guidance is provided to users who are already familiar with [SQL](/azure/data-explorer/kusto/query/sqlcheatsheet) and [Splunk](/azure/data-explorer/kusto/query/splunk-cheat-sheet).

-

-Change Analysis not only alerts you to live site issues, outages, component failures, or other change data, but it provides insights into those application changes, increases observability, and reduces the mean time to repair (MTTR). You automatically register the `Microsoft.ChangeAnalysis` resource provider with an Azure Resource Manager subscription by navigating to the Change Analysis service via the Azure portal. For web app in-guest changes, you can enable Change Analysis using the [Diagnose and solve problems tool](./change/change-analysis-visualizations.md#diagnose-and-solve-problems-tool).

-Change Analysis builds on [Azure Resource Graph](../governance/resource-graph/overview.md) to provide a historical record of how your Azure resources have changed over time, detecting managed identities, platform OS upgrades, and hostname changes. Change Analysis securely queries IP Configuration rules, TLS settings, and extension versions to provide more detailed change data.

-Azure Monitor can collect data from a [variety of sources](monitor-reference.md). This ranges from your application, any operating system and services it relies on, down to the platform itself. Azure Monitor collects data from each of the following tiers:

-As soon as you create an Azure subscription and start adding resources such as virtual machines and web apps, Azure Monitor starts collecting data. [Activity logs](essentials/platform-logs-overview.md) record when resources are created or modified. [Metrics](essentials/data-platform-metrics.md) tell you how the resource is performing and the resources that it's consuming.

-[Enable diagnostics](essentials/platform-logs-overview.md) to extend the data you're collecting into the internal operation of the resources. [Add an agent](agents/agents-overview.md) to compute resources to collect telemetry from their guest operating systems.

-Azure Monitor can collect log data from any REST client using the [Data Collector API](logs/data-collector-api.md). This allows you to create custom monitoring scenarios and extend monitoring to resources that don't expose telemetry through other sources.

-Monitoring data is only useful if it can increase your visibility into the operation of your computing environment. Some Azure resource providers have a "curated visualization" which gives you a customized monitoring experience for that particular service or set of services. They generally require minimal configuration. Larger scalable curated visualizations are known as "insights" and marked with that name in the documentation and Azure portal.

-For more information, see [List of insights and curated visualizations using Azure Monitor](monitor-reference.md#insights-and-curated-visualizations). Some of the larger insights are also described below.

-[Application Insights](app/app-insights-overview.md) monitors the availability, performance, and usage of your web applications whether they're hosted in the cloud or on-premises. It leverages the powerful data analysis platform in Azure Monitor to provide you with deep insights into your application's operations. It enables you to diagnose errors without waiting for a user to report them. Application Insights includes connection points to a variety of development tools and integrates with Visual Studio to support your DevOps processes.

-

-[Container insights](containers/container-insights-overview.md) monitors the performance of container workloads that are deployed to managed Kubernetes clusters hosted on Azure Kubernetes Service (AKS). It gives you performance visibility by collecting metrics from controllers, nodes, and containers that are available in Kubernetes through the Metrics API. Container logs are also collected. After you enable monitoring from Kubernetes clusters, these metrics and logs are automatically collected for you through a containerized version of the Log Analytics agent for Linux.

-

-### VM insights

-[VM insights](vm/vminsights-overview.md) monitors your Azure virtual machines (VM) at scale. It analyzes the performance and health of your Windows and Linux VMs and identifies their different processes and interconnected dependencies on external processes. The solution includes support for monitoring performance and application dependencies for VMs hosted on-premises or another cloud provider.

-

-## Responding to critical situations

-In addition to allowing you to interactively analyze monitoring data, an effective monitoring solution must be able to proactively respond to critical conditions identified in the data that it collects. This could be sending a text or mail to an administrator responsible for investigating an issue. Or you could launch an automated process that attempts to correct an error condition.

-[Alerts in Azure Monitor](alerts/alerts-overview.md) proactively notify you of critical conditions and potentially attempt to take corrective action. Alert rules based on metrics provide near real time alerts based on numeric values. Rules based on logs allow for complex logic across data from multiple sources.

-Alert rules in Azure Monitor use [action groups](alerts/action-groups.md), which contain unique sets of recipients and actions that can be shared across multiple rules. Based on your requirements, action groups can perform such actions as using webhooks to have alerts start external actions or to integrate with your ITSM tools.

-

-## Visualizing monitoring data

-[Visualizations](best-practices-analysis.md) such as charts and tables are effective tools for summarizing monitoring data and presenting it to different audiences. Azure Monitor has its own features for visualizing monitoring data and leverages other Azure services for publishing it to different audiences.

-[Azure dashboards](../azure-portal/azure-portal-dashboards.md) allow you to combine different kinds of data into a single pane in the [Azure portal](https://portal.azure.com). You can optionally share the dashboard with other Azure users. Add the output of any log query or metrics chart to an Azure dashboard. For example, you could create a dashboard that combines tiles that show a graph of metrics, a table of activity logs, a usage chart from Application Insights, and the output of a log query.

-

-[Workbooks](visualize/workbooks-overview.md) provide a flexible canvas for data analysis and the creation of rich visual reports in the Azure portal. They allow you to tap into multiple data sources from across Azure, and combine them into unified interactive experiences. Use workbooks provided with Insights or create your own from predefined templates.

-

-[Power BI](https://powerbi.microsoft.com) is a business analytics service that provides interactive visualizations across a variety of data sources. It's an effective means of making data available to others within and outside your organization. You can configure Power BI to [automatically import log data from Azure Monitor](./logs/log-powerbi.md) to take advantage of these additional visualizations.

-

-[Azure Event Hubs](../event-hubs/index.yml) is a streaming platform and event ingestion service. It can transform and store data using any real-time analytics provider or batching/storage adapters. Use Event Hubs to [stream Azure Monitor data](essentials/stream-monitoring-data-event-hubs.md) to partner SIEM and monitoring tools.

-[Logic Apps](https://azure.microsoft.com/services/logic-apps) is a service that allows you to automate tasks and business processes using workflows that integrate with different systems and services. Activities are available that read and write metrics and logs in Azure Monitor. This allows you to build workflows integrating with a variety of other systems.

-Multiple APIs are available to read and write metrics and logs to and from Azure Monitor in addition to accessing generated alerts. You can also configure and retrieve alerts. This provides you with essentially unlimited possibilities to build custom solutions that integrate with Azure Monitor.

-Many teams need to strictly regulate access to monitoring data and settings. For example, if you have team members who work exclusively on monitoring (support engineers, DevOps engineers) or if you use a managed service provider, you might want to grant them access to only monitoring data. You might want to restrict their ability to create, modify, or delete resources.

-Built-in roles in Azure Monitor help limit access to resources in a subscription while still enabling infrastructure-monitoring staff to obtain and configure the data that they need. Azure Monitor provides two out-of-the-box roles: Monitoring Reader and Monitoring Contributor.

-People assigned the Monitoring Reader role can view all monitoring data in a subscription but can't modify any resource or edit any settings related to monitoring resources. This role is appropriate for users in an organization, such as support or operations engineers, who need to be able to:

-* Query the Activity Log by using the portal, Azure Monitor REST API, PowerShell cmdlets, or cross-platform CLI.

-> This role does not give read access to log data that has been streamed to an event hub or stored in a storage account. For information on configuring access to these resources, see the [Security considerations for monitoring data](#security-considerations-for-monitoring-data) section later in this article.

-People assigned the Monitoring Contributor role can view all monitoring data in a subscription. They can also create or modify monitoring settings, but they can't modify any other resources.

-This role is a superset of the Monitoring Reader role. It's appropriate for members of an organization's monitoring team or managed service providers who, in addition to the permissions mentioned earlier, need to be able to:

-> This role does not give read access to log data that has been streamed to an event hub or stored in a storage account. For information on configuring access to these resources, see the [Security considerations for monitoring data](#security-considerations-for-monitoring-data) section later in this article.

-## Monitoring permissions and Azure custom roles

-If the preceding built-in roles don't meet the exact needs of your team, you can [create an Azure custom role](../role-based-access-control/custom-roles.md) with more granular permissions. Here are the common Azure role-based access control (RBAC) operations for Azure Monitor:

-| Microsoft.Insights/ActivityLogAlerts/[Read, Write, Delete] |Read, write, or delete Activity Log alerts. |

-| Microsoft.Insights/EventCategories/Read |Enumerate all categories possible in the Activity Log. Used by the Azure portal. |

-| Microsoft.Insights/eventtypes/digestevents/Read |This permission is necessary for users who need access to the Activity Log via the portal. |

-| Microsoft.Insights/eventtypes/values/Read |List Activity Log events (management events) in a subscription. This permission applies to both programmatic and portal access to the Activity Log. |

-| Microsoft.Insights/LogDefinitions/Read |This permission is necessary for users who need access to the Activity Log via the portal. |

-| Microsoft.Insights/LogProfiles/[Read, Write, Delete] |Read, write, or delete log profiles (streaming the Activity Log to an event hub or storage account). |

-> Access to alerts, diagnostic settings, and metrics for a resource requires that the user has read access to the resource type and scope of that resource. Creating (writing) a diagnostic setting or a log profile that archives to a storage account or streams to event hubs requires the user to also have ListKeys permission on the target resource.

-All these data types can be stored in a storage account or streamed to an event hub, both of which are general-purpose Azure resources. Because these are general-purpose resources, creating, deleting, and accessing them is a privileged operation reserved for an administrator. We suggest that you use the following practices for monitoring-related resources to prevent misuse:

-* Use a single, dedicated storage account for monitoring data. If you need to separate monitoring data into multiple storage accounts, never share usage of a storage account between monitoring and non-monitoring data. Sharing usage in that way might inadvertently give access to non-monitoring data to organizations that need access to only monitoring data. For example, a third-party organization for security information and event management (SIEM) should need only access to monitoring data.

-### Limiting access to monitoring-related storage accounts

-When a user or application needs access to monitoring data in a storage account, you should [generate a shared access signature (SAS)](/rest/api/storageservices/create-account-sas) on the storage account that contains monitoring data with service-level read-only access to blob storage. In PowerShell, the account SAS might look like the following code:

-Alternatively, if you need to control this permission with Azure RBAC, you can grant that entity the `Microsoft.Storage/storageAccounts/listkeys/action` permission on that particular storage account. This permission is necessary for users who need to be able to set a diagnostic setting or a log profile to archive to a storage account. For example, you can create the following Azure custom role for a user or application that needs to read from only one storage account:

-> The ListKeys permission enables the user to list the primary and secondary storage account keys. These keys grant the user all signed permissions (such as read, write, create blobs, and delete blobs) across all signed services (blob, queue, table, file) in that storage account. We recommend using an account SAS when possible.

-### Limiting access to monitoring-related event hubs

-You can follow a similar pattern with event hubs, but first you need to create a dedicated authorization rule for listening. If you want to grant access to an application that only needs to listen to monitoring-related event hubs, do the following:

-2. If the consumer needs to be able to get the key ad hoc, grant the user the ListKeys action for that event hub. This step is also necessary for users who need to be able to set a diagnostic setting or a log profile to stream to event hubs. For example, you might create an Azure RBAC rule:

-Monitoring data is often written to a storage account. You might want to make sure that unauthorized users can't access the data that's copied to a storage account. For additional security, you can lock down network access to give only your authorized resources and trusted Microsoft services access to a storage account by restricting a storage account to use selected networks.

-Azure Monitor is considered a trusted Microsoft service. If you select the **Allow trusted Microsoft services to access this storage account** checkbox, Azure monitor will have access to your secured storage account. You then enable writing Azure Monitor resource logs, Activity Log, and metrics to your storage account under these protected conditions. This setting will also enable Log Analytics to read logs from secured storage.

-This **article** describes the different ways that Azure Monitor charges for usage, how to evaluate charges on your Azure bill, and how to estimate charges to monitor your entire environment.

-Azure Monitor uses a consumption-based pricing (pay-as-you-go) billing model where you only pay for what you use.

-Features of Azure Monitor that are enabled by default do not incur any charge. This includes collection and alerting on the [Activity log](essentials/activity-log.md) and collection and analysis of [platform metrics](essentials/metrics-supported.md).

-Several other features don't have a direct cost, but you instead pay for the ingestion and retention of data that they collect. The following table describes the different types of usage that are charged in Azure Monitor. Detailed pricing for each is provided in [Azure Monitor pricing](https://azure.microsoft.com/pricing/details/monitor/).

-| Logs | Ingestion, retention, and export of data in Log Analytics workspaces and legacy Application insights resources. This will typically be the bulk of Azure Monitor charges for most customers. There is no charge for querying this data except in the case of [Basic Logs](logs/basic-logs-configure.md) or [Archived Logs](logs/data-retention-archive.md).<br><br>Charges for Logs can vary significantly on the configuration that you choose. See [Azure Monitor Logs pricing details](logs/cost-logs.md) for details on how charges for Logs data are calculated and the different pricing tiers available. |

-| Platform Logs | Processing of [diagnostic and auditing information](essentials/resource-logs.md) is charged for [certain services](essentials/resource-logs-categories.md#costs) when sent to destinations other than a Log Analytics workspace. There's no direct charge when this data is sent to a Log Analytics workspace, but there is a charge for the workspace data ingestion and collection. |

-| Metrics | There is no charge for [standard metrics](essentials/metrics-supported.md) collected from Azure resources. There is a cost for collecting [custom metrics](essentials/metrics-custom-overview.md) and for retrieving metrics from the [REST API](essentials/rest-api-walkthrough.md#retrieve-metric-values). |

-| Alerts | Charged based on the type and number of signals used by the alert rule, its frequency, and the type of [notification](alerts/action-groups.md) used in response. For [Log alerts](alerts/alerts-types.md#log-alerts) configured for [at scale monitoring](alerts/alerts-types.md#splitting-by-dimensions-in-log-alert-rules), the cost will also depend on the number of time series created by the dimensions resulting from your query. |

-| Web tests | There is a cost for [standard web tests](app/availability-standard-tests.md) and [multi-step web tests](app/availability-multistep.md) in Application Insights. Multi-step web tests have been deprecated.

-## Data transfer charges

-Sending data to Azure Monitor can incur data bandwidth charges. As described in the [Azure Bandwidth pricing page](https://azure.microsoft.com/pricing/details/bandwidth/), data transfer between Azure services located in two regions charged as outbound data transfer at the normal rate, although data sent to a different region via [Diagnostic Settings](essentials/diagnostic-settings.md) does not incur data transfer charges. Inbound data transfer is free. Data transfer charges are typically very small compared to the costs for data ingestion and retention. Controlling costs for Log Analytics should focus on your ingested data volume.

-If you're new to Azure Monitor, you can use the [Azure Monitor pricing calculator](https://azure.microsoft.com/pricing/calculator/?service=monitor) to estimate your costs. In the **Search** box, enter *Azure Monitor*, and then select the **Azure Monitor** tile. The pricing calculator will help you estimate your likely costs based on your expected utilization.

-The bulk of your costs will typically be from data ingestion and retention for your Log Analytics workspaces and Application Insights resources. It's difficult to give accurate estimates for data volumes that you can expect since they'll vary significantly based on your configuration. A common strategy is to enable monitoring for a small group of resources and use the observed data volumes with the calculator to determine your costs for a full environment. See [Analyze usage in Log Analytics workspace](logs/analyze-usage.md) for queries and other methods to measure the billable data in your Log Analytics workspace.

-Following is basic guidance that you can use for common resources.

->The billable data volume is calculated using a customer friendly, cost-effective method. The billed data volume is defined as the size of the data that will be stored, excluding a set of standard columns and any JSON wrapper that was part of the data received for ingestion. This billable data volume is substantially smaller than the size of the entire JSON-packaged event, often less than 50%. It is essential to understand this calculation of billed data size when estimating costs and comparing to other pricing models. [Learn more](logs/cost-logs.md#data-size-calculation).

-There are two methods that you can use to estimate the amount of data from an application monitored with Application Insights.

-In the Azure Monitoring Pricing calculator for Application Insights, enable **Estimate data volume based on application activity** which allows you to provide inputs about your application. The calculator will then tell you the median and 90th percentile amount of data collected by similar applications. These applications span the range of Application Insights configuration, so you can still use options such as [sampling]() to reduce the volume of data you ingest for your application below the median level.

-### Data collection when using sampling

-With the ASP.NET SDK's [adaptive sampling](app/sampling.md#adaptive-sampling), the data volume is adjusted automatically to keep within a specified maximum rate of traffic for default Application Insights monitoring. If the application produces a low amount of telemetry, such as when debugging or due to low usage, items won't be dropped by the sampling processor as long as volume is below the configured events per second level. For a high volume application, with the default threshold of five events per second, adaptive sampling will limit the number of daily events to 432,000. Considering a typical average event size of 1 KB, this corresponds to 13.4 GB of telemetry per 31-day month per node hosting your application since the sampling is done local to each node.

-For SDKs that don't support adaptive sampling, you can employ [ingestion sampling](app/sampling.md#ingestion-sampling), which samples when the data is received by Application Insights based on a percentage of data to retain, or [fixed-rate sampling for ASP.NET, ASP.NET Core, and Java websites](app/sampling.md#fixed-rate-sampling) to reduce the traffic sent from your web server and web browsers

-## Viewing Azure Monitor usage and charges

-There are two primary tools to view and analyze your Azure Monitor billing and estimated charges.

-Azure Cost Management + Billing includes several built-in dashboards for deep cost analysis like cost by resource and invoice details. To get started analyzing your Azure Monitor charges, open [Cost Management + Billing](../cost-management-billing/costs/quick-acm-cost-analysis.md?toc=/azure/billing/TOC.json) in the Azure portal. Select **Cost Management** and then **Cost analysis**. Select your subscription or another [scope](../cost-management-billing/costs/understand-work-scopes.md).

->You might need additional access to Cost Management data. See [Assign access to Cost Management data](../cost-management-billing/costs/assign-access-acm-data.md).

-To limit the view to Azure Monitor charges, [create a filter](../cost-management-billing/costs/group-filter.md) for the following **Service names**:

-Other services such as Microsoft Defender for Cloud and Microsoft Sentinel also bill their usage against Log Analytics workspace resources, so you may want to add them to your filter. See [Common cost analysis uses](../cost-management-billing/costs/cost-analysis-common-uses.md) for details on using this view.

-

->Alternatively, you can go to the **Overview** page of a Log Analytics workspace or Application Insights resource and click **View Cost** in the upper right corner of the **Essentials** section. This will launch the **Cost Analysis** from Azure Cost Management + Billing already scoped to the workspace or application.

-> :::image type="content" source="logs/media/view-bill/view-cost-option.png" lightbox="logs/media/view-bill/view-cost-option.png" alt-text="Screenshot of option to view cost for Log Analytics workspace.":::

-To gain more understanding of your usage, you can download your usage from the Azure portal and see usage per Azure resource in the downloaded spreadsheet. See [Tutorial: Create and manage exported data](../cost-management-billing/costs/tutorial-export-acm-data.md) for a tutorial, including how to automatically create a daily report that you can use for regular analysis.

-Usage from your Log Analytics workspaces can be found by first filtering on the **Meter Category** column to show *Log Analytics*, *Insight and Analytics* (used by some of the legacy pricing tiers), and *Azure Monitor* (used by commitment tier pricing tiers). Add a filter on the *Instance ID* column for *contains workspace* or *contains cluster*. The usage is shown in the **Consumed Quantity** column, and the unit for each entry is shown in the **Unit of Measure** column.

-Most Application Insights usage for both classic and workspace-based resources is reported on meters with **Log Analytics** for **Meter Category**, because there's a single log back end for all Azure Monitor components. Only Application Insights resources on legacy pricing tiers and multiple-step web tests are reported with **Application Insights** for **Meter Category**. The usage is shown in the **Consumed Quantity** column, and the unit for each entry is shown in the **Unit of Measure** column. See [understand your Microsoft Azure bill](../cost-management-billing/understand/review-individual-bill.md) for more details.

-To separate costs from your Log Analytics or Application Insights usage, [create a filter](../cost-management-billing/costs/group-filter.md) on **Resource type**. To see all Application Insights costs, filter **Resource type** to **microsoft.insights/components**. For Log Analytics costs, filter **Resource type** to **microsoft.operationalinsights/workspaces**.

-You can get additional usage details about Log Analytics workspaces and Application Insights resources from the **Usage and Estimated Costs** option for each.

-To learn about your usage trends and choose the most cost-effective [commitment tier](logs/cost-logs.md#commitment-tiers) for your Log Analytics workspace, select **Usage and Estimated Costs** from the **Log Analytics workspace** menu in the Azure portal.

-This view includes the following:

-A. Estimated monthly charges based on usage from the past 31 days using the current pricing tier.<br>

-B. Estimated monthly charges using different commitment tiers.<br>

-C. Billable data ingestion by solution from the past 31 days.

-To explore the data in more detail, click on the icon in the upper-right corner of either chart to work with the query in Log Analytics.

-### Application insights

-To learn about your usage trends for your classic Application Insights resource, select **Usage and Estimated Costs** from the **Applications** menu in the Azure portal.

-This view includes the following:

-A. Estimated monthly charges based on usage from the past month.<br>

-B. Billable data ingestion by table from the past month.

-To investigate your Application Insights usage more deeply, open the **Metrics** page, add the metric named *Data point volume*, and then select the *Apply splitting* option to split the data by "Telemetry item type".

-## Viewing data allocation benefits

-To view data allocation benefits from sources such as [Microsoft Defender for Servers](https://azure.microsoft.com/pricing/details/defender-for-cloud/), [Microsoft Sentinel benefit for Microsoft 365 E5, A5, F5 and G5 customers](https://azure.microsoft.com/offers/sentinel-microsoft-365-offer/), or the [Sentinel Free Trial](https://azure.microsoft.com/pricing/details/microsoft-sentinel/), you need to export your usage details. Open the exported usage spreadsheet and filter the "Instance ID" column to your workspace. (To select all of your workspaces in the spreadsheet, filter the Instance ID column to "contains /workspaces/".) Next, filter the ResourceRate column to show only rows where this is equal to zero. Now you will see the data allocations from these various sources.

-> [!NOTE]

-> Data allocations from Defender for Servers 500 MB/server/day will appear in rows with the meter name "Data Included per Node" and the meter category to "Insight and Analytics" (the name of a legacy offer still used with this meter.) If the workspace is in the legacy Per Node Log Analytics pricing tier, this meter will also include the data allocations from this Log Analytics pricing tier.

-## Operations Management Suite subscription entitlements

-Customers who purchased Microsoft Operations Management Suite E1 and E2 are eligible for per-node data ingestion entitlements for Log Analytics and Application Insights. Each Application Insights node includes up to 200 MB of data ingested per day (separate from Log Analytics data ingestion), with 90-day data retention at no extra cost.

-To receive these entitlements for Log Analytics workspaces or Application Insights resources in a subscription, they must use the Per-Node (OMS) pricing tier. This entitlement isn't visible in the estimated costs shown in the Usage and estimated cost pane.

-Depending on the number of nodes of the suite that your organization purchased, moving some subscriptions into a Per GB (pay-as-you-go) pricing tier might be advantageous, but this requires careful consideration.

-> If your organization has Microsoft Operations Management Suite E1 or E2, it's usually best to keep your Log Analytics workspaces in the Per-Node (OMS) pricing tier and your Application Insights resources in the Enterprise pricing tier.

->

-* [Azure Policy built-in definitions for Azure NetApp](azure-policy-definitions.md#built-in-policy-definitions)

-> | publicipaddresses | Yes | Yes | Yes<br/><br/> Use [Azure Resource Mover](../../resource-mover/tutorial-move-region-virtual-machines.md) to move public IP address configurations (IP addresses are not retained). |

-For more information on the NSX-T Gateway Firewall see the [NSX-T Gateway Firewall Administration Guide]( https://docs.vmware.com/VMware-NSX-T-Data-Center/3.1/administration/GUID-A52E1A6F-F27D-41D9-9493-E3A75EC35481.html)

-[Disable Internet access or enable a default route](disable-internet-access.md)

-* Learn [how manage Azure resources](How-To/set-up-qnamaker-service-azure.md)

-* [Intent recognition and other Speech services using Unity in C#](https://github.com/Azure-Samples/cognitive-services-speech-sdk/tree/master/samples/unity/speechrecognizer)

-| Speech-to-text | Analyzes sentiment and transcribes continuous real-time speech or batch audio recordings with intermediate results. | 3.2.0 | Generally available |

-| Custom speech-to-text | Using a custom model from the [Custom Speech portal](https://speech.microsoft.com/customspeech), transcribes continuous real-time speech or batch audio recordings into text with intermediate results. | 3.2.0 | Generally available |

-Release note for `3.2.0-amd64`:

-* HTTP Proxy support.

-* Improve custom speech model download output message.

-Note that due to the phrase lists feature, the size of this container image has increased.

-| `latest` | | `sha256:90e5d8c1675571de926bfffd0e9844fabe8d763cc881bdbccb5bb4faa0258122`|

-| `3.1.0-amd64` | | `sha256:90e5d8c1675571de926bfffd0e9844fabe8d763cc881bdbccb5bb4faa0258122`|

-Release note for `3.2.0-amd64-<locale>`:

-* HTTP Proxy support.

-Note that due to the phrase lists feature, the size of this container image has increased.

-| `3.2.0-amd64-<locale>` | Replace `<locale>` with one of the available locales, listed below. For example `3.2.0-amd64-en-us`. |

-| `ar-ae` | Container image with the `ar-AE` locale. | `sha256:d63c13880627778742e42e00e25fd61aef1c4ee713e5def90642c68ddebc33c6` |

-| `ar-bh` | Container image with the `ar-BH` locale. | `sha256:22e8d931602bb91a86a68caac2c81e323ee9039b0bbd6bb19db35997b7fbd359` |

-| `ar-eg` | Container image with the `ar-EG` locale. | `sha256:80e8e9c6cfec8e53f9b04dcf20d1ee555bd89e72f8c0cdef88b1fbfbd83d6c6c` |

-| `ar-iq` | Container image with the `ar-IQ` locale. | `sha256:4a4810d2c3c0be63787994db412845909f10582d428620c70afb41bbeac1d034` |

-| `ar-jo` | Container image with the `ar-JO` locale. | `sha256:acca38a880c5ef6575647d372769acaaa7f14de848b3d07daa05138a27b51d96` |

-| `ar-kw` | Container image with the `ar-KW` locale. | `sha256:d63c13880627778742e42e00e25fd61aef1c4ee713e5def90642c68ddebc33c6` |

-| `ar-lb` | Container image with the `ar-LB` locale. | `sha256:3522d12e3be5eff50b4b33f41c51a137f0efe86aa9a7070ce3b84c78057804c7` |

-| `ar-om` | Container image with the `ar-OM` locale. | `sha256:2a586ff0be16883091e4853f1a15ce0c412e75936db57ad8e6b1a1d8321e2a46` |

-| `ar-qa` | Container image with the `ar-QA` locale. | `sha256:d63c13880627778742e42e00e25fd61aef1c4ee713e5def90642c68ddebc33c6` |

-| `ar-sa` | Container image with the `ar-SA` locale. | `sha256:d63c13880627778742e42e00e25fd61aef1c4ee713e5def90642c68ddebc33c6` |

-| `ar-sy` | Container image with the `ar-SY` locale. | `sha256:082ae364aaffd636676ed0cea755fcc3d0c2654ccd1a5659dada7dc135d43196` |

-| `bg-bg` | Container image with the `bg-BG` locale. | `sha256:e6639b807c3988f39b8a9478d043b847cc6e6223892840323ddd81883a8519c1` |

-| `ca-es` | Container image with the `ca-ES` locale. | `sha256:56570074924735a5952e280aab4e369be4c16b5d8fef14d1f2a6aa7946018e7b` |

-| `cs-cz` | Container image with the `cs-CZ` locale. | `sha256:bc8661627ce501091f0754d7062686882c5084cfbd9cb76670cd4e83a04f1834` |

-| `da-dk` | Container image with the `da-DK` locale. | `sha256:2843edc7b98bc189ded859d17ce8f92a650c73caa4e3ebb6752ea06241ce3bdf` |

-| `de-at` | Container image with the `de-AT` locale. | `sha256:e6b55644ebf9e0e9cf5072725a331a688c65f5b0e3a4257aea11470110c4aa71` |

-| `de-ch` | Container image with the `de-CH` locale. | `sha256:57fe70566d02e2dee1078fd7b1effdf82ebad01aed9195051b3fc27f81239e09` |

-| `de-de` | Container image with the `de-DE` locale. | `sha256:f6d46be11e09e01ccf99de0c643fefb38ed2d705ec693d797bc7543202b34007` |

-| `el-gr` | Container image with the `el-GR` locale. | `sha256:e5182ee56f28f43dafe9d503a659bc80e569a7fd6fbc57bc47465feea516c4fc` |

-| `en-au` | Container image with the `en-AU` locale. | `sha256:1e400d993fe59757fc4cf3de67d6b27654a9f53e21cb274145432ad6b880a7c6` |

-| `en-ca` | Container image with the `en-CA` locale. | `sha256:49c5bf1b0d5c83ddd85574005fb56b6e13c11fbc0590af7e731d8b5a603adee1` |

-| `en-gb` | Container image with the `en-GB` locale. | `sha256:d716caaf2e3699ef48e68cc5835b4fbcc8da756076efa30db1ba931cf995bf72` |

-| `en-hk` | Container image with the `en-HK` locale. | `sha256:5a9973801f79fec0faa591de42bd33e32c5b06b157d70ae7a5131cdcc05ea4e8` |

-| `en-ie` | Container image with the `en-IE` locale. | `sha256:c370b14c5fc0121201f6a14c7b713970ae02e6fce1d94b6768f9e301d793cb6f` |

-| `en-in` | Container image with the `en-IN` locale. | `sha256:a3fb074743369368233e8028f3c36e335fc04facff9b8700d1a092aba1dff3ac` |

-| `en-nz` | Container image with the `en-NZ` locale. | `sha256:71ed81d050168774f89da32854a0be5dbe4d89636109fc604d11afba313517ea` |

-| `en-ph` | Container image with the `en-PH` locale. | `sha256:0bb215fc8ce0e669add37630f90e42c93d6936e159ccd1a3fb83e9039212c2a5` |

-| `en-sg` | Container image with the `en-SG` locale. | `sha256:7b827a8f75610bc7f4838857e94231d50e4cb2c3602010ad00b0e970da45d6ef` |

-| `en-us` | Container image with the `en-US` locale. | `sha256:8141da6240e78c7b81955ee91c71eb7dec17f345c9b4dbe577494ee9e159bf5a` |

-| `en-za` | Container image with the `en-ZA` locale. | `sha256:9fe15bf9e12fe4185f8f3295f7f2a6a8563f894754537c1d8cd403a60763010f` |

-| `es-ar` | Container image with the `es-AR` locale. | `sha256:a136551dc0d33791deb370ee7af0ce198110467639a56f4e17a926b56808b0a9` |

-| `es-bo` | Container image with the `es-BO` locale. | `sha256:937cbabebf4f03dc0031e6716d6148479f5bba4d5dd9b7563a4dfa154b6eeace` |

-| `es-cl` | Container image with the `es-CL` locale. | `sha256:b0b9a7cdf96ddda5b90067c4efe7d4e8fb11ab2e3df05f5727b4e8aa916ff102` |

-| `es-co` | Container image with the `es-CO` locale. | `sha256:d639e4db6e3c005f76d36079514e2771e2516ebde86ba6594a9c9691453d0667` |

-| `es-cr` | Container image with the `es-CR` locale. | `sha256:01e2de748bd3632b1a4e25ae9a53503dcfbfc6d4f90f1a4ca804ca3045b6d1df` |

-| `es-cu` | Container image with the `es-CU` locale. | `sha256:1c25106375dbc5846a5ff1c5f594f969efeeb81d6fdb520dd41fae52f23dcc27` |

-| `es-do` | Container image with the `es-DO` locale. | `sha256:2f403243e5b7e097708532903777cf65ea95ab901067fe406a6aba81fc54819c` |

-| `es-ec` | Container image with the `es-EC` locale. | `sha256:164a27ae9c122617197ed67f6df3ac8bb1b38347d2f1e6dcd72254ff5c4cc92b` |

-| `es-es` | Container image with the `es-ES` locale. | `sha256:a39b95ffb862a82345780210aa5e7a8991fe271d55bf8c36693ce81a7adb0739` |

-| `es-gt` | Container image with the `es-GT` locale. | `sha256:90c3c225666dc74f6fe74cbbc8bc8c339a469c36c51ee87a9921253366c6ce69` |

-| `es-hn` | Container image with the `es-HN` locale. | `sha256:fc9e3c9e9dfc0bfda67d11fc9dba3edc62d65187bc9f54de68f473305639d147` |

-| `es-mx` | Container image with the `es-MX` locale. | `sha256:f2e15fe3dca24366240f4f20fc683c45d3a59c1150481f9286dedeb1113ec4da` |

-| `es-ni` | Container image with the `es-NI` locale. | `sha256:bdd341e3180888c3e0bd8fe271d1dccb95be82eca4a0b96ccfeba8f849d5c2d7` |

-| `es-pa` | Container image with the `es-PA` locale. | `sha256:065c343fa668f6ecc580c6e0e0284c76921428a458b50a02f0e7c6a0f65ae155` |

-| `es-pe` | Container image with the `es-PE` locale. | `sha256:17e801c032d8259cdd969ae4de492b1bd57aee9fe1f7345b276e69e93e91d8df` |

-| `es-pr` | Container image with the `es-PR` locale. | `sha256:79d846898998a801f3306657b2ef7a03c083684dec4f59700d82a569a293d5bd` |

-| `es-py` | Container image with the `es-PY` locale. | `sha256:f8efedcf1e8a2c078ff6e1e9c8a958a8d87e1390b51d2bbfb8be13c472e1b82b` |

-| `es-sv` | Container image with the `es-SV` locale. | `sha256:e88890fe32e107175f256452301eced892d4db17b29413926540676471b8f870` |

-| `es-us` | Container image with the `es-US` locale. | `sha256:0a7dcd7199629e2c5e3c36dd5adaa1f91ef59d27fca7b3786a62206dea002d77` |

-| `es-uy` | Container image with the `es-UY` locale. | `sha256:dd79516dbaf642ad42d12be89345914b38130e42f16585dd14c53f1de1303b12` |

-| `es-ve` | Container image with the `es-VE` locale. | `sha256:6ad036af7238b80953947f6a50d7838e977bde43fdebed58a26fc88167110cd0` |

-| `et-ee` | Container image with the `et-EE` locale. | `sha256:e9bcb09b2a777e3034509bba624d7fdb9ce3fc2c10195d9373bd53e1ed09646e` |

-| `fi-fi` | Container image with the `fi-FI` locale. | `sha256:2c28e8b15ae8f0797c66c0e3289637a325f573dd0c80f3e40053c57fd7b6ed79` |

-| `fr-ca` | Container image with the `fr-CA` locale. | `sha256:77ea9f489d3e200be8e701a1c26aa1701569c923af3c64444383f7b7533206be` |

-| `fr-fr` | Container image with the `fr-FR` locale. | `sha256:a3772449d4e7f4f720dc83dc4d29416c9e6e5f6b097cc5645cb1c0b3d42454fa` |

-| `ga-ie` | Container image with the `ga-IE` locale. | `sha256:e4019ce8cb3707abf7bc6b04371822d6f524e6dc22144ca3dc6017899162c8da` |

-| `gu-in` | Container image with the `gu-IN` locale. | `sha256:dff44a4aed248f5b908d4dde61eab3b31ae0505b30f9a096f99569c5eba57e06` |

-| `hi-in` | Container image with the `hi-IN` locale. | `sha256:2b94843006eb3648a47f41b0164ad5d2b09c3169a0266895a91ef78e374b8ad3` |

-| `hr-hr` | Container image with the `hr-HR` locale. | `sha256:4f9932479f7d1bf8b27feae12efa94ad850f7cee277007845629b0a3a81ce1b7` |

-| `hu-hu` | Container image with the `hu-HU` locale. | `sha256:73c84a4a1e58e81b064c29c0e1671639b772eecbfb1b0091ce71a4ccde19b0f2` |

-| `it-it` | Container image with the `it-IT` locale. | `sha256:e8f5491a4bfed56ca5316d36ad216c8fd1a9947eb74c3062c3a4f2c22545e3f6` |

-| `ja-jp` | Container image with the `ja-JP` locale. | `sha256:5ef963124f8c9764d2c7b4abf503a185d781ed200de21071cc7326d8e9360d15` |

-| `ko-kr` | Container image with the `ko-KR` locale. | `sha256:07871a0eeab99e99a22c59a5b234f8ff7ade8c52e216d1770c5af4e6d0889304` |

-| `lt-lt` | Container image with the `lt-LT` locale. | `sha256:bc5dc364b127bb0ef76547952f73e8efe6c9bde949566575ba180ecc143187a8` |

-| `lv-lv` | Container image with the `lv-LV` locale. | `sha256:09bcdf3781771e6826cd50463c1cf16e5b05f68e431ace04dfad97bde1cbae3c` |

-| `mr-in` | Container image with the `mr-IN` locale. | `sha256:e30f8d0d222944699afddbf08e28cdfe59e2d6a291f7ee7adbc7322fca495720` |

-| `mt-mt` | Container image with the `mt-MT` locale. | `sha256:69bd4ecc03ceb9beee1e0328ba2f03c0e68d0e5f66bfe0a7147f743dcba41f1b` |

-| `nb-no` | Container image with the `nb-NO` locale. | `sha256:2bce49324c5b50dfaaec6ac62627876130e0819a70c6f97792932eee4a866cd5` |

-| `nl-nl` | Container image with the `nl-NL` locale. | `sha256:87c365f3aa880bf7161895b7e14766473557634f0b2b80cb1caac526c548e3fa` |

-| `pl-pl` | Container image with the `pl-PL` locale. | `sha256:07710d4061204d09a271685464793474c53b7d641bd96ce2e23bdec9ce30102d` |

-| `pt-br` | Container image with the `pt-BR` locale. | `sha256:c41224ecaa09922773181d2af75efbcec670cce31c02bb72f5b83a6221b2707e` |

-| `pt-pt` | Container image with the `pt-PT` locale. | `sha256:017119251b3de7c5bba3f6e94bc6f0ca1c61978816278bd915367776ed063641` |

-| `ro-ro` | Container image with the `ro-RO` locale. | `sha256:a47954801c3a012fec68453200e35d3f90c5ddb501b8e2b2f57d4066bb9a801a` |

-| `ru-ru` | Container image with the `ru-RU` locale. | `sha256:450c847a023508e0ce113363c90bdd68492fb0ebf3505ba25371682f42615ee0` |

-| `sk-sk` | Container image with the `sk-SK` locale. | `sha256:938fc1b1dd4395ddfe3dda5aea74a6e69c1fda42170ac60110429751d93c2afa` |

-| `sl-si` | Container image with the `sl-SI` locale. | `sha256:31e428a55fbc3b09729a2e0ab52dd5e992d370ff16648c26ff4c36deefe9e7ee` |

-| `sv-se` | Container image with the `sv-SE` locale. | `sha256:bdec89e2f318831bc3caf7b2cf27de9f8b339b7482409902b45e363ad0e97d86` |

-| `ta-in` | Container image with the `ta-IN` locale. | `sha256:1b6e6abad2602708c29677c7c51f01f917da74eb46b4a0a0f304b99057b1a5d5` |

-| `te-in` | Container image with the `te-IN` locale. | `sha256:8d91b732895c4813fa1f14abcc45a0fbe6761a7012451fdc73101b06af708a52` |

-| `th-th` | Container image with the `th-TH` locale. | `sha256:6023049982f58bb4482b64ed68a37aacb09303c5769c8b15a85fb859fe091392` |

-| `tr-tr` | Container image with the `tr-TR` locale. | `sha256:b1196fa5e04f0c597a988a34340fc53d8736fd401bfd8c00dcedfa43767a5de4` |

-| `uk-ua` | Container image with the `uk-UA` locale. | `sha256:8b1b3f06dd8061d336de03cdb8b6853f8299ac15b081675337a40a72c02f6b04` |

-| `zh-cn` | Container image with the `zh-CN` locale. | `sha256:be65edec8ca921e4706de1d64d80ea59e7e0500dc7c21423fb7c756bc32b99a3` |

-| `zh-hk` | Container image with the `zh-HK` locale. | `sha256:d43398f02b9a607ae4c2352d760e7cba4e6546badc904a06f8a855d27fd730e9` |

-| `zh-tw` | Container image with the `zh-TW` locale. | `sha256:ef47403de6bc723682b316c1d97968c11cf28dedda869e689d4e5eecd8d024b2` |

-Using Azure Container Apps allows you to deploy applications without requiring the exposure of public endpoints. By using Container Apps scale rules, the application can scale up and down based on the Azure Storage queue length. When there are no messages on the queue, the container app scales down to zero.

-The application scales up to 10 replicas based on the queue length as defined in the `scale` section of the ARM template.

-* the two dapr-enabled container apps

-* the two dapr-enabled container apps

-This command deploys `pythonapp` that also runs with a Dapr sidecar that is used to look up and securely call the Dapr sidecar for `nodeapp`. As this app is headless there's no `--target-port` to start a server, nor is there a need to enable ingress.

-> Microsoft Defender for container registries has been replaced with **Microsoft Defender for Containers**. If you've already enabled Defender for container registries on a subscription, you can continue to use it. However, you won't get Defender for Containers' improvements and new features.

-|Release state:|Generally available (GA)|

-|Release state:|General availability (GA)|

-| Apply security recommendations for a resource</br> (and use [Fix](implement-security-recommendations.md#fix-button)) | - | Γ£ö | Γ£ö | Γ£ö | Γ£ö |

-|Storage|128 GB 3ME3 Wide Temperature mSATA SSD|

-You can track user activity in the event timeline on each sensor. The timeline displays the event or affected device, and the time and date that the user carried out the activity.

-**To view user activity**:

-1. Select **Event Timeline** from the sensor side menu.

-1. Verify that **User Operations** filter is set to **Show**.

- :::image type="content" source="media/how-to-create-and-manage-users/track-user-activity.png" alt-text="Screenshot of the Event timeline showing a user that signed in to Defender for IoT.":::

-1. Use the filters or Ctrl F option to find the information of interest to you.

-### Investigate a lack of expected alerts on the management console

-If an expected alert is not shown in the **Alerts** window, verify the following:

-### Export audit logs from the management console

-Audit logs record key information at the time of occurrence. Audit logs are useful when you are trying to figure out what changes were made, and by who. Audit logs can be exported in the management console, and contain the following information:

-| Action | Information logged |

-|--|--|

-| **Learn, and remediation of alerts** | Alert ID |

-| **Password changes** | User, User ID |

-| **Login** | User |

-| **User creation** | User, User role |

-| **Password reset** | User name |

-| **Exclusion rules-Creation**| Rule summary |

-| **Exclusion rules-Editing**| Rule ID, Rule Summary |

-| **Exclusion rules-Deletion** | Rule ID |

-| **Management Console Upgrade** | The upgrade file used |

-| **Sensor upgrade retry** | Sensor ID |

-| **Uploaded TI package** | No additional information recorded. |

-**To export the audit log**:

-1. In the management console, in the left pane, select **System Settings**.

-1. Select **Export**.

-1. In the File Name field, enter the file name that you want to use for the exported log. If no name is entered, the default file name will be the current date.

-1. Select **Audit Logs**.

-1. Select **Export**.

-The exported log is added to the **Archived Logs** list. Select the :::image type="icon" source="media/how-to-troubleshoot-the-sensor-and-on-premises-management-console/eye-icon.png" border="false"::: button to view the OTP. Send the OTP string to the support team in a separate message from the exported logs. The support team will be able to extract exported logs only by using the unique OTP that's used to encrypt the logs.

-# Build your own disaster recovery for custom topics in Event Grid

-Disaster recovery focuses on recovering from a severe loss of application functionality. This tutorial will walk you through how to set up your eventing architecture to recover if the Event Grid service becomes unhealthy in a particular region.

-In this tutorial, you'll learn how to create an active-passive failover architecture for custom topics in Event Grid. You'll accomplish failover by mirroring your topics and subscriptions across two regions and then managing a failover when a topic becomes unhealthy. The architecture in this tutorial fails over all new traffic. it's important to be aware, with this setup, events already in flight won't be recovered until the compromised region is healthy again.

-> [!NOTE]

-> Event Grid supports automatic geo disaster recovery (GeoDR) on the server side now. You can still implement client-side disaster recovery logic if you want a greater control on the failover process. For details about automatic GeoDR, see [Server-side geo disaster recovery in Azure Event Grid](geo-disaster-recovery.md).

-## Create a message endpoint

-To test your failover configuration, you'll need an endpoint to receive your events at. The endpoint isn't part of your failover infrastructure, but will act as our event handler to make it easier to test.

-To simplify testing, deploy a [pre-built web app](https://github.com/Azure-Samples/azure-event-grid-viewer) that displays the event messages. The deployed solution includes an App Service plan, an App Service web app, and source code from GitHub.

-1. Select **Deploy to Azure** to deploy the solution to your subscription. In the Azure portal, provide values for the parameters.

- <a href="https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure-Samples%2Fazure-event-grid-viewer%2Fmaster%2Fazuredeploy.json" target="_blank"><img src="../media/template-deployments/deploy-to-azure.svg" alt="Button to deploy to Azure."></a>

-1. The deployment may take a few minutes to complete. After the deployment has succeeded, view your web app to make sure it's running. In a web browser, navigate to:

-`https://<your-site-name>.azurewebsites.net`

-Make sure to note this URL as you'll need it later.

-1. You see the site but no events have been posted to it yet.

- 

-## Create your primary and secondary topics

-First, create two Event Grid topics. These topics will act as your primary and secondary. By default, your events will flow through your primary topic. If there is a service outage in the primary region, your secondary will take over.

-1. Sign in to the [Azure portal](https://portal.azure.com).

-1. From the upper left corner of the main Azure menu,

- choose **All services** > search for **Event Grid** > select **Event Grid Topics**.

- 

- Select the star next to Event Grid Topics to add it to resource menu for easier access in the future.

-1. In the Event Grid Topics Menu, select **+ADD** to create your primary topic.

- * Give the topic a logical name and add "-primary" as a suffix to make it easy to track.

- * This topic's region will be your primary region.

- 

-1. Once the Topic has been created, navigate to it and copy the **Topic Endpoint**. you'll need the URI later.

- 

-1. Get the access key for the topic, which you'll also need later. Click on **Access keys** in the resource menu and copy Key 1.

- 

-1. In the Topic blade, click **+Event Subscription** to create a subscription connecting your subscribing the event receiver website you made in the pre-requisites to the tutorial.

- * Give the event subscription a logical name and add "-primary" as a suffix to make it easy to track.

- * Select Endpoint Type Web Hook.

- * Set the endpoint to your event receiver's event URL, which should look something like: `https://<your-event-reciever>.azurewebsites.net/api/updates`

- 

-1. Repeat the same flow to create your secondary topic and subscription. This time, replace the "-primary" suffix with "-secondary" for easier tracking. Finally, make sure you put it in a different Azure Region. While you can put it anywhere you want, it's recommended that you use the [Azure Paired Regions](../availability-zones/cross-region-replication-azure.md). Putting the secondary topic and subscription in a different region ensures that your new events will flow even if the primary region goes down.

-You should now have:

- * An event receiver website for testing.

- * A primary topic in your primary region.

- * A primary event subscription connecting your primary topic to the event receiver website.

- * A secondary topic in your secondary region.

- * A secondary event subscription connecting your primary topic to the event receiver website.

-## Implement client-side failover

-Now that you have a regionally redundant pair of topics and subscriptions setup, you're ready to implement client-side failover. There are several ways to accomplish it, but all failover implementations will have a common feature: if one topic is no longer healthy, traffic will redirect to the other topic.

-### Basic client-side implementation

-The following sample code is a simple .NET publisher that will always attempt to publish to your primary topic first. If it doesn't succeed, it will then failover the secondary topic. In either case, it also checks the health api of the other topic by doing a GET on `https://<topic-name>.<topic-region>.eventgrid.azure.net/api/health`. A healthy topic should always respond with **200 OK** when a GET is made on the **/api/health** endpoint.

-> [!NOTE]

-> The following sample code is only for demonstration purposes and is not intended for production use.

-```csharp

-using System;

-using System.Net.Http;

-using System.Collections.Generic;

-using System.Threading.Tasks;

-using Azure;

-using Azure.Messaging.EventGrid;

-namespace EventGridFailoverPublisher

-{

- // This captures the "Data" portion of an EventGridEvent on a custom topic

- class FailoverEventData

- {

- public string TestStatus { get; set; }

- }

- class Program

- {

- static async Task Main(string[] args)

- {

- // TODO: Enter the endpoint each topic. You can find this topic endpoint value

- // in the "Overview" section in the "Event Grid Topics" blade in Azure Portal..

- string primaryTopic = "https://<primary-topic-name>.<primary-topic-region>.eventgrid.azure.net/api/events";

- string secondaryTopic = "https://<secondary-topic-name>.<secondary-topic-region>.eventgrid.azure.net/api/events";

- // TODO: Enter topic key for each topic. You can find this in the "Access Keys" section in the

- // "Event Grid Topics" blade in Azure Portal.

- string primaryTopicKey = "<your-primary-topic-key>";

- string secondaryTopicKey = "<your-secondary-topic-key>";

- Uri primaryTopicUri = new Uri(primaryTopic);

- Uri secondaryTopicUri = new Uri(secondaryTopic);

- Uri primaryTopicHealthProbe = new Uri($"https://{primaryTopicUri.Host}/api/health");

- Uri secondaryTopicHealthProbe = new Uri($"https://{secondaryTopicUri.Host}/api/health");

- var httpClient = new HttpClient();

- try

- {

- var client = new EventGridPublisherClient(primaryTopicUri, new AzureKeyCredential(primaryTopicKey));

- await client.SendEventsAsync(GetEventsList());

- Console.Write("Published events to primary Event Grid topic.");

- HttpResponseMessage health = httpClient.GetAsync(secondaryTopicHealthProbe).Result;

- Console.Write("\n\nSecondary Topic health " + health);

- }

- catch (RequestFailedException ex)

- {

- var client = new EventGridPublisherClient(secondaryTopicUri, new AzureKeyCredential(secondaryTopicKey));

- await client.SendEventsAsync(GetEventsList());

- Console.Write("Published events to secondary Event Grid topic. Reason for primary topic failure:\n\n" + ex);

- HttpResponseMessage health = await httpClient.GetAsync(primaryTopicHealthProbe);

- Console.WriteLine($"Primary Topic health {health}");

- }

- Console.ReadLine();

- }

- static IList<EventGridEvent> GetEventsList()

- {

- List<EventGridEvent> eventsList = new List<EventGridEvent>();

- for (int i = 0; i < 5; i++)

- {

- eventsList.Add(new EventGridEvent(

- subject: "test" + i,

- eventType: "Contoso.Failover.Test",

- dataVersion: "2.0",

- data: new FailoverEventData

- {

- TestStatus = "success"

- }));

- }

- return eventsList;

- }

- }

-}

-```

-### Try it out

-Now that you have all of your components in place, you can test out your failover implementation. Run the above sample in Visual Studio code, or your favorite environment. Replace the following four values with the endpoints and keys from your topics:

- * primaryTopic - the endpoint for your primary topic.

- * secondaryTopic - the endpoint for your secondary topic.

- * primaryTopicKey - the key for your primary topic.

- * secondaryTopicKey - the key for your secondary topic.

-Try running the event publisher. You should see your test events land in your Event Grid viewer like below.

-

-To make sure your failover is working, you can change a few characters in your primary topic key to make it no longer valid. Try running the publisher again. You should still see new events appear in your Event Grid viewer, however when you look at your console, you'll see that they are now being published via the secondary topic.

-### Possible extensions

-There are many ways to extend this sample based on your needs. For high-volume scenarios, you may want to regularly check the topic's health api independently. That way, if a topic were to go down, you don't need to check it with every single publish. Once you know a topic isn't healthy, you can default to publishing to the secondary topic.

-Similarly, you may want to implement failback logic based on your specific needs. If publishing to the closest data center is critical for you to reduce latency, you can periodically probe the health api of a topic that has failed over. Once it's healthy again, you'll know it's safe to failback to the closer data center.

- "target": "<target container name1>"

-* Learn [Safe rollout for online endpoints](how-to-safely-rollout-managed-endpoints.md).

-> If you are looking to migrate large databases with database sizes more than 1 TBs, you may want to consider using community tools like **mydumper/myloader** which supports parallel export and import. Learn [How to migrate large MySQL databases](https://techcommunity.microsoft.com/t5/azure-database-for-mysql/best-practices-for-migrating-large-databases-to-azure-database/ba-p/1362699).

-* Learn [How to migrate large MySQL databases](https://techcommunity.microsoft.com/t5/azure-database-for-mysql/best-practices-for-migrating-large-databases-to-azure-database/ba-p/1362699).

-## Zone redundant high availability - features

-* You can only choose your availability zone for your primary database server. Standby zone is auto-selected.

-## Zone redundant high availability - limitations

-* Due to synchronous replication to another availability zone, applications can experience elevated write and commit latency.

-## Availability without high availability

-

-> For best experience, we recommend that you use a connection pool manager like PgBouncer to efficiently manage connections. Azure Database for PostgreSQL - Flexible Server offers pgBouncer as [built-in connection pool management solution](concepts-pgbouncer.md).

-* Azure AD authentication is not yet supported. We recommend using the [Single Server](../overview-single-server.md) option if you require Azure AD authentication.

-* Read replicas are not yet supported. We recommend using the [Single Server](../overview-single-server.md) option if you require read replicas.

-* Moving resources to another subscription is not supported.

-description: Create a Microsoft Purview Account using .NET SDK.

-# Quickstart: Create a Microsoft Purview account using .NET SDK

-In this quickstart, you'll use the [.NET SDK](/dotnet/api/overview/azure/purviewresourceprovider) to create a Microsoft Purview account.

-Microsoft Purview is a data governance service that helps you manage and govern your data landscape. By connecting to data across your on-premises, multi-cloud, and software-as-a-service (SaaS) sources, Microsoft Purview creates an up-to-date map of your information. It identifies and classifies sensitive data, and provides end-to-end linage. Data consumers are able to discover data across your organization, and data administrators are able to audit, secure, and ensure right use of your data.

-For more information about Microsoft Purview, [see our overview page](overview.md). For more information about deploying Microsoft Purview across your organization, [see our deployment best practices](deployment-best-practices.md).

-1. In [Create an Azure Active Directory application](../active-directory/develop/howto-create-service-principal-portal.md#register-an-application-with-azure-ad-and-create-a-service-principal), create an application that represents the .NET application you are creating in this tutorial. For the sign-on URL, you can provide a dummy URL as shown in the article (`https://contoso.org/exampleapp`).

-## Create a Microsoft Purview account

-Add the following code to the **Main** method that creates a **Microsoft Purview Account**.

-To programmatically delete a Microsoft Purview Account, add the following lines of code to the program:

-The above code with print 'True' if the name is available and 'False' if the name is not available.

-The code in this tutorial creates a purview account, deletes a purview account and checks for name availability of purview account. You can now download the .NET SDK and learn about other resource provider actions you can perform for a Microsoft Purview account.

-Follow these next articles to learn how to navigate the Microsoft Purview governance portal, create a collection, and grant access to Microsoft Purview.

-* [Add users to your Microsoft Purview account](catalog-permissions.md)

-description: Create a Microsoft Purview account using Python.

-# Quickstart: Create a Microsoft Purview account using Python

-In this quickstart, youΓÇÖll create a Microsoft Purview account programatically using Python. [Python reference for Microsoft Purview](/python/api/azure-mgmt-purview/) is available, but this article will take you through all the steps needed to create an account with Python.

-Microsoft Purview is a data governance service that helps you manage and govern your data landscape. By connecting to data across your on-premises, multi-cloud, and software-as-a-service (SaaS) sources, Microsoft Purview creates an up-to-date map of your information. It identifies and classifies sensitive data, and provides end-to-end linage. Data consumers are able to discover data across your organization, and data administrators are able to audit, secure, and ensure right use of your data.

-For more information about Microsoft Purview, [see our overview page](overview.md). For more information about deploying Microsoft Purview across your organization, [see our deployment best practices](deployment-best-practices.md).

-The code in this tutorial creates a purview account and deletes a purview account. You can now download the Python SDK and learn about other resource provider actions you can perform for a Microsoft Purview account.

-Follow these next articles to learn how to navigate the Microsoft Purview governance portal, create a collection, and grant access to Microsoft Purview.

-* [Add users to your Microsoft Purview account](catalog-permissions.md)

-This quickstart describes the steps to Create a Microsft Purview (formerly Azure Purview) account through the Azure portal. Then we'll get started on the process of classifying, securing, and discovering your data in the Microsoft Purview Data Map!

-The Microsoft Purview governance portal surfaces tools like the Microsoft Purview Data Map and Microsoft Purview Data Catalog, that help you manage and govern your data landscape. By connecting to data across your on-premises, multi-cloud, and software-as-a-service (SaaS) sources, the Microsoft Purview Data Map creates an up-to-date map of your data estate. It identifies and classifies sensitive data, and provides end-to-end linage. Data consumers are able to discover data across your organization, and data administrators are able to audit, secure, and ensure right use of your data.

-For more information about the governance capabilities of Microsoft Purview, formerly Azure Purview, [see our overview page](overview.md). For more information about deploying Microsoft Purview across your organization, [see our deployment best practices](deployment-best-practices.md).

-description: This Quickstart describes how to create a Microsoft Purview account using Azure PowerShell/Azure CLI.

-# Quickstart: Create a Microsoft Purview account using Azure PowerShell/Azure CLI

-Microsoft Purview is a data governance service that helps you manage and govern your data landscape. By connecting to data across your on-premises, multi-cloud, and software-as-a-service (SaaS) sources, Microsoft Purview creates an up-to-date map of your information. It identifies and classifies sensitive data, and provides end-to-end linage. Data consumers are able to discover data across your organization, and data administrators are able to audit, secure, and ensure right use of your data.

-For more information about Microsoft Purview, [see our overview page](overview.md). For more information about deploying Microsoft Purview across your organization, [see our deployment best practices](deployment-best-practices.md).

-## Create a Microsoft Purview account

-1. Create a resource group for your Microsoft Purview account. You can skip this step if you already have one:

-1. Create or Deploy the Microsoft Purview account

-1. If you deployed the Microsoft Purview account using a service principal, instead of a user account, you will also need to run the below command in the Azure CLI:

-In this quickstart, you learned how to create a Microsoft Purview account.

-Follow these next articles to learn how to navigate the Microsoft Purview governance portal, create a collection, and grant access to Microsoft Purview.

-* [Add users to your Microsoft Purview account](catalog-permissions.md)

-description: This article provides a walkthrough to create a .NET Core application that sends/receives events to/from Microsoft Purview's Apache Atlas Kafka topics by using the latest Azure.Messaging.EventHubs package.

-# Publish messages to and process messages from Microsoft Purview's Atlas Kafka topics via Event Hubs using .NET

-This quickstart shows how to send events to and receive events from Microsoft Purview's Atlas Kafka topics via event hub using the **Azure.Messaging.EventHubs** .NET library.

-> A managed event hub is created as part of Microsoft Purview account creation, see [Microsoft Purview account creation](create-catalog-portal.md). You can publish messages to the event hub kafka topic ATLAS_HOOK and Microsoft Purview will consume and process it. Microsoft Purview will notify entity changes to event hub kafka topic ATLAS_ENTITIES and user can consume and process it.This quickstart uses the new **Azure.Messaging.EventHubs** library.

-If you're new to Azure Event Hubs, see [Event Hubs overview](../event-hubs/event-hubs-about.md) before you do this quickstart.

-To complete this quickstart, you need the following prerequisites:

-## Publish messages to Microsoft Purview

-This section shows you how to create a .NET Core console application to send events to a Microsoft Purview via event hub kafka topic **ATLAS_HOOK**.

-Next, create a C# .NET console application in Visual Studio:

-1. Start Visual Studio 2019.

-1. Select **Create a new project**.

-1. On the **Create a new project** dialog box, do the following steps: If you don't see this dialog box, select **File** on the menu, select **New**, and then select **Project**.

- 1. Select **Console** for the type of the application.

- 1. Select **Console App (.NET Core)** from the results list.

- 1. Then, select **Next**.

-1. Select **Tools** > **NuGet Package Manager** > **Package Manager Console** from the menu.

-

- ```

-### Write code to send messages to the event hub

-2. Add constants to the `Program` class for the Event Hubs connection string and Event Hub name.

- You can get event hub namespace associated with purview account by looking at Atlas kafka endpoint primary/secondary connection strings in properties tab of Microsoft Purview account.

- :::image type="content" source="media/manage-eventhub-kafka-dotnet/properties.png" alt-text="Event Hub Namespace":::

- The event hub name should be **ATLAS_HOOK** for sending messages to Microsoft Purview.

-3. Replace the `Main` method with the following `async Main` method and add an `async ProduceMessage` to push messages into Microsoft Purview. See the code comments for details.

-5. Build the project, and ensure that there are no errors.

-6. Run the program and wait for the confirmation message.

- > For the complete source code with more informational comments, see [this file on the GitHub](https://github.com/Azure/azure-sdk-for-net/blob/master/sdk/eventhub/Azure.Messaging.EventHubs/samples/Sample04_PublishingEvents.md)

-### Sample Create Entity JSON message to create a sql table with two columns.

-```

-## Consume messages from Microsoft Purview

-This section shows how to write a .NET Core console application that receives messages from an event hub using an event processor. You need to use ATLAS_ENTITIES event hub to receive messages from Microsoft Purview.The event processor simplifies receiving events from event hubs by managing persistent checkpoints and parallel receptions from those event hubs.

-> If you run this code on Azure Stack Hub, you will experience runtime errors unless you target a specific Storage API version. That's because the Event Hubs SDK uses the latest available Azure Storage API available in Azure that may not be available on your Azure Stack Hub platform. Azure Stack Hub may support a different version of Storage Blob SDK than those typically available on Azure. If you are using Azure Blob Storage as a checkpoint store, check the [supported Azure Storage API version for your Azure Stack Hub build](/azure-stack/user/azure-stack-acs-differences?#api-version) and target that version in your code.

-> For example, If you are running on Azure Stack Hub version 2005, the highest available version for the Storage service is version 2019-02-02. By default, the Event Hubs SDK client library uses the highest available version on Azure (2019-07-07 at the time of the release of the SDK). In this case, besides following steps in this section, you will also need to add code to target the Storage service API version 2019-02-02. For an example on how to target a specific Storage API version, see [this sample on GitHub](https://github.com/Azure/azure-sdk-for-net/tree/master/sdk/eventhub/Azure.Messaging.EventHubs.Processor/samples/).

-In this quickstart, you use Azure Storage as the checkpoint store. Follow these steps to create an Azure Storage account.

-3. [Get the connection string to the storage account](../storage/common/storage-configure-connection-string.md)

- Note down the connection string and the container name. You'll use them in the receive code.

-### Create a project for the receiver

-1. Enter **PurviewKafkaConsumer** for the **Project name**, and select **Create**.

-1. Select **Tools** > **NuGet Package Manager** > **Package Manager Console** from the menu.

- ```

-### Update the Main method

-1. Add constants to the `Program` class for the Event Hubs connection string and the event hub name. Replace placeholders in brackets with the proper values that you got when creating the event hub. Replace placeholders in brackets with the proper values that you got when creating the event hub and the storage account (access keys - primary connection string). Make sure that the `{Event Hubs namespace connection string}` is the namespace-level connection string, and not the event hub string.

-

- You can get event hub namespace associated with purview account by looking at Atlas kafka endpoint primary/secondary connection strings in properties tab of Microsoft Purview account.

- :::image type="content" source="media/manage-eventhub-kafka-dotnet/properties.png" alt-text="Event Hub Namespace":::

- The event hub name should be **ATLAS_ENTITIES** for sending messages to Microsoft Purview.

-3. Replace the `Main` method with the following `async Main` method. See the code comments for details.

-1. Now, add the following event and error handler methods to the class.

-1. Build the project, and ensure that there are no errors.

-6. Run the receiver application.

-### Sample Message received from Microsoft Purview

-> Atlas currently supports the following operation types: **ENTITY_CREATE_V2**, **ENTITY_PARTIAL_UPDATE_V2**, **ENTITY_FULL_UPDATE_V2**, **ENTITY_DELETE_V2**. Pushing messages to Microsoft Purview is currently enabled by default. If the scenario involves reading from Microsoft Purview contact us as it needs to be allow-listed. (provide subscription id and name of Microsoft Purview account).

-Check out the samples on GitHub.

-description: This Quickstart describes how to create a Microsoft Purview account using an ARM Template.

-# Quickstart: Create a Microsoft Purview account using an ARM template

-This quickstart describes the steps to deploy a Microsoft Purview account using an Azure Resource Manager (ARM) template.

-After you have created a Microsoft Purview account you can begin registering your data sources and using Microsoft Purview to understand and govern your data landscape. By connecting to data across your on-premises, multi-cloud, and software-as-a-service (SaaS) sources, Microsoft Purview creates an up-to-date map of your information. It identifies and classifies sensitive data, and provides end-to-end data linage. Data consumers are able to discover data across your organization and data administrators are able to audit, secure, and ensure right use of your data.

-For more information about Microsoft Purview, [see our overview page](overview.md). For more information about deploying Microsoft Purview across your organization, [see our deployment best practices](deployment-best-practices.md).

-In this quickstart, you learned how to create a Microsoft Purview account and how to access it through the Microsoft Purview governance portal.

-description: Collections are used for access control, and asset organization in Microsoft Purview. This article describes how to create a collection and add permissions, register sources, and register assets to collections.

-# Quickstart: Create a collection and assign permissions in Microsoft Purview

-Collections are Microsoft Purview's tool to manage ownership and access control across assets, sources, and information. They also organize your sources and assets into categories that are customized to match your management experience with your data. This guide will take you through setting up your first collection and collection admin to prepare your Microsoft Purview environment for your organization.

-In order to create and manage collections in Microsoft Purview, you will need to be a **Collection Admin** within Microsoft Purview. We can check these permissions in the [Microsoft Purview governance portal](use-azure-purview-studio.md). You can find the studio by going to your Microsoft Purview account in the [Azure portal](https://portal.azure.com), and selecting the **Open Microsoft Purview governance portal** tile on the overview page.

-1. Select your root collection. This is the top collection in your collection list and will have the same name as your Microsoft Purview account. In our example below, it's called Contoso Microsoft Purview.

-1. To create a collection, you will need to be in the collection admin list under role assignments. If you created the Microsoft Purview account, you should be listed as a collection admin under the root collection already. If not, you'll need to contact the collection admin to grant you permission.

-To create your collection, we'll start in the [Microsoft Purview governance portal](use-azure-purview-studio.md). You can find the studio by going to your Microsoft Purview account in the Azure portal and selecting the **Open Microsoft Purview governance portal** tile on the overview page.

-Now that you have a collection, you can assign permissions to this collection to manage your users access to Microsoft Purview.

-In this article, you learn how to map enriched input fields to output fields in a searchable index. Once you have [defined a skillset](cognitive-search-defining-skillset.md), you must map the output fields of any skill that directly contributes values to a given field in your search index.

-For each output field mapping, set the location of the data in the enriched document tree (sourceFieldName), and the name of the field as referenced in the index (targetFieldName). Assign any [mapping functions](search-indexer-field-mappings.md#field-mapping-functions) that you require to transform the content of a field before it's stored in the index.

-## Next steps

-Once you have mapped your enriched fields to searchable fields, you can set the field attributes for each of the searchable fields [as part of the index definition](search-what-is-an-index.md).

-For more information about field mapping, see [Field mappings in Azure Cognitive Search indexers](search-indexer-field-mappings.md).

-When using Azure Cognitive Search indexers, the indexer will automatically map fields in a data source to fields in a target index, assuming field names and types are compatible. When input data doesn't quite match the schema of your target index, you can define *field mappings* to specifically set the data path.

-Field mappings address the following scenarios:

-+ Mismatched field names. Suppose your data source has a field named `_id`. Given that Azure Cognitive Search doesn't allow field names that start with an underscore, a field mapping lets you effectively rename a field.

-+ One field to many fields. You can populate several fields in the index from the same data source data. For example, you might want to apply different analyzers to each field.

-+ Many fields to one field. You want to populate an index field with data from more than one data source, and the data sources each use different field names.

-+ Splitting strings or recasting a JSON array into a string collection. Field mapping functions provide this capability.

-Field mappings in indexers are a simple way to map data fields to index fields, with some ability for light-weight data conversion. More complex data might require pre-processing to reshape it into a form that's conducive to indexing. One option you might consider is [Azure Data Factory](../data-factory/index.yml).

-> [!NOTE]

-> Field mappings apply to search indexes only. For indexers that also create [knowledge stores](knowledge-store-concept-intro.md), data shapes and projections determine field associations, and any field mappings and output field mappings in the indexer are ignored.

-A field mapping consists of three parts:

-+ "sourceFieldName", which represents a field in your data source. This property is required.

-+ An optional "targetFieldName", representing a field in your search index. If omitted, the value of "sourceFieldName" is used for the target.

-+ An optional "mappingFunction", which can transform your data using one of several [predefined functions](#mappingFunctions). This can be applied on both input and output field mappings.

-Field mappings are added to the "fieldMappings" array of the indexer definition.

-## Map fields using REST

-You can add field mappings when creating a new indexer using the [Create Indexer](/rest/api/searchservice/create-Indexer) API request. You can manage the field mappings of an existing indexer using the [Update Indexer](/rest/api/searchservice/update-indexer) API request.

-For example, here's how to map a source field to a target field with a different name:

-> [!NOTE]

-> Azure Cognitive Search uses case-insensitive comparison to resolve the field and function names in field mappings. This is convenient (you don't have to get all the casing right), but it means that your data source or index cannot have fields that differ only by case.

->

-## Map fields using .NET

-You can define field mappings in the .NET SDK using the [FieldMapping](/dotnet/api/azure.search.documents.indexes.models.fieldmapping) class, which has the properties "SourceFieldName" and "TargetFieldName", and an optional "MappingFunction" reference.

-You can specify field mappings when constructing the indexer, or later by directly setting [SearchIndexer.FieldMappings](/dotnet/api/azure.search.documents.indexes.models.searchindexer.fieldmappings).

-The following C# example sets the field mappings when constructing an indexer.

-## Field mapping functions

-The .NET libraries in Azure Cognitive Search assume the full .NET Framework, which provides built-in encoding. The `useHttpServerUtilityUrlTokenEncode` and `useHttpServerUtilityUrlTokenDecode` options leverage this built-in functionality. If you are using .NET Core or another framework, we recommend setting those options to `false` and calling your framework's encoding and decoding functions directly.

-The following table compares different base64 encodings of the string `00>00?00`. To determine the required additional processing (if any) for your base64 functions, apply your library encode function on the string `00>00?00` and compare the output with the expected output `MDA-MDA_MDA`.

-For example, if the input string is `["red", "white", "blue"]`, then the target field of type `Collection(Edm.String)` will be populated with the three values `red`, `white`, and `blue`. For input values that cannot be parsed as JSON string arrays, an error is returned.

-This function can be used to encode a string so that it is "URL safe". When used with a string that contains characters that are not allowed in a URL, this function will convert those "unsafe" characters into character-entity equivalents. This function uses the UTF-8 encoding format.

-

-

-

-When facing errors complaining about document key being longer than 1024 characters, this function can be applied to reduce the length of the document key.

- ```

-The following table shows how Microsoft Sentinel and Log Analytics costs appear in the **Service name** and **Meter** columns of your Azure bill for free data services. For more information, see [Viewing Data Allocation Benefits](../azure-monitor/usage-estimated-costs.md#viewing-data-allocation-benefits).

-For example, the Azure Monitor [VM Insights solution](../azure-monitor/vm/vminsights-log-search.md) provides network sessions information in the `VMConnection`. The table provides an Azure Resource ID in the `_ResourceId` field and a VM insights specific device ID in the `Machine` field. Use the following mapping to represent those IDs:

-|**Tomcat** |Data connector, parser | DevOps, application |[Microsoft |

-|**Atlassian Confluence Audit** |Data connector |IT operations, application |Microsoft|

-## Armorblox

-|**Armorblox - Sentinel** |Data connector | Security - Threat protection |[Armorblox](https://www.armorblox.com/contact/) |

-|**Azure Firewall Solution for Sentinel**| [Data connector](data-connectors-reference.md#azure-firewall), workbook, analytics rules, playbooks, hunting queries, custom Logic App connector |Security - Network Security, Networking | Community|

-| **Microsoft Purview** | [Data connector](data-connectors-reference.md#microsoft-purview), workbook, analytics rules <br><br>For more information, see [Tutorial: Integrate Microsoft Sentinel and Microsoft Purview](purview-solution.md). | Compliance, Security- Cloud Security, and Security- Information Protection | Microsoft |

-|**Microsoft Sentinel for SQL PaaS** | [Data connector](data-connectors-reference.md#azure-sql-databases), workbook, analytics rules, playbooks, hunting queries | Application | Community |

-|**Microsoft Sentinel Training Lab** |Workbook, analytics rules, playbooks, hunting queries | Training and tutorials |Microsoft |

-|**Azure SQL** | [Data connector](data-connectors-reference.md#azure-sql-databases), workbook, analytics, playbooks, hunting queries | Application |Microsoft |

-## Digital Guardian

-|**NXLog AIX Audit** | Data connector, parser | IT operations |NXLog |

-|**NXLog DNS Logs** | Data connector | Networking |NXLog |

-|**Qualys VM Solution** |Workbooks, analytics rules |Security - Vulnerability Management |Microsoft |

-|**Symantec Endpoint**|Data connector, workbook, analytics rules, playbooks, hunting queries, parser| Security - Threat protection|Microsoft |

-|**Symantec ProxySG Solution**|Workbooks, analytics rules |Security - Network |Symantec |

-|**Zscaler Private Access**|Data connector, workbook, analytics rules, hunting queries, parser | Security - Network | Microsoft|

-description: How to use Tanzu Service Registry with Azure Spring Apps Enterprise Tier.

-This article shows you how to use VMware Tanzu® Service Registry with Azure Spring Apps Enterprise Tier.

-[Tanzu Service Registry](https://docs.vmware.com/en/Spring-Cloud-Services-for-VMware-Tanzu/2.1/spring-cloud-services/GUID-service-registry-https://docsupdatetracker.net/index.html) is one of the commercial VMware Tanzu components. It provides your apps with an implementation of the Service Discovery pattern, one of the key tenets of a Spring-based architecture. It can be difficult, and brittle in production, to hand-configure each client of a service or adopt some form of access convention. Instead, your apps can use Tanzu Service Registry to dynamically discover and call registered services.

-## Use Service Registry with apps

-Before your application can manage service registration and discovery using Tanzu Service Registry, you must include the following dependency in your application's *pom.xml* file:

-Additionally, add an annotation to the top level class of your application as shown in the following example:

-public class DemoApplication {

- SpringApplication.run(DemoApplication.class, args);

-Use the following steps to bind an application to Tanzu Service Registry.

-1. Open the **App binding** tab.

-1. Select **Bind app** and choose one app in the dropdown, then select **Apply** to bind.

- :::image type="content" source="media/enterprise/how-to-enterprise-service-registry/service-reg-app-bind-dropdown.png" alt-text="Screenshot of Azure portal showing Azure Spring Apps Service Registry page and 'App binding' section with 'Bind app' dropdown showing.":::

- > [!NOTE]

- > When you change the bind/unbind status, you must restart or redeploy the app to make the change take effect.

-| Standard general-purpose v2 |  | | |  |

-| Premium block blobs |  | |  |  |

-| [Logging in Azure Monitor](./monitor-blob-storage.md) |  |  |  |  |

-| [Logging in Azure Monitor](./monitor-blob-storage.md) |  |  |  |  |

-For deployment documentation of **Cisco SD-WAN** within Azure Virtual WAN, see [Cisco Cloud OnRamp for Multi-Cloud](https://www.cisco.com/c/en/us/td/docs/routers/sdwan/configuration/cloudonramp/ios-xe-17/cloud-onramp-book-xe/cloud-onramp-multi-cloud.html#Cisco_Concept.dita_c61e0e7a-fff8-4080-afee-47b81e8df701).

-Verify that you have met the following criteria before beginning your configuration:

-* Your virtual network does not have any virtual network gateways. If your virtual network has a gateway (either VPN or ExpressRoute), you must remove all gateways. This configuration requires that virtual networks are connected instead, to the Virtual WAN hub gateway.

-* Obtain an IP address range for your hub region. The hub is a virtual network that is created and used by Virtual WAN. The address range that you specify for the hub cannot overlap with any of your existing virtual networks that you connect to. It also cannot overlap with your address ranges that you connect to your on-premises sites. If you are unfamiliar with the IP address ranges located in your on-premises network configuration, coordinate with someone who can provide those details for you.

-A hub is a virtual network that can contain gateways for site-to-site, ExpressRoute, point-to-site, or Network Virtual Appliance functionality. Once the hub is created, you'll be charged for the hub, even if you don't attach any sites. If you choose to create a site-to-site VPN gateway, it takes 30 minutes to create the site-to-site VPN gateway in the virtual hub. Unlike site-to-site, ExpressRoute, or point-to-site, the hub must be created first before you can deploy a Network Virtual Appliance into the hub VNet.

-1. Locate the Virtual WAN that you created. On the **Virtual WAN** page, under the **Connectivity** section, select **Hubs**.

-1. On the **Hubs** page, select +New Hub to open the **Create virtual hub** page.

- :::image type="content" source="./media/how-to-nva-hub/vwan-hub.png" alt-text="Basics":::

-1. On the **Create virtual hub** page **Basics** tab, complete the following fields:

- **Project details**

- * Region (previously referred to as Location)

- * Name

- * Hub private address space. The minimum address space is /24 to create a hub, which implies anything range from /25 to /32 will produce an error during creation. Azure Virtual WAN, being a managed service by Microsoft, creates the appropriate subnets in the virtual hub for the different gateways/services. (For example: Network Virtual Appliances, VPN gateways, ExpressRoute gateways, User VPN/Point-to-site gateways, Firewall, Routing, etc.). There is no need for the user to explicitly plan for subnet address space for the services in the Virtual hub because Microsoft does this as a part of the service.

-1. Select **Review + Create** to validate.

-1. Select **Create** to create the hub.

-In this step, you will create a Network Virtual Appliance in the hub. The procedure for each NVA will be different for each NVA partner's product. For this example, we are creating a Barracuda CloudGen WAN Gateway.

- :::image type="content" source="./media/how-to-nva-hub/nva-hub.png" alt-text="Virtual hub":::

-1. Find the Network Virtual Appliances tile and select the **Create** link.

-1. On the **Network Virtual Appliance** blade, select **Barracuda CloudGen WAN**, then select the **Create** button.

- :::image type="content" source="./media/how-to-nva-hub/select-nva.png" alt-text="Select NVA":::

-1. This will take you to the Azure Marketplace offer for the Barracuda CloudGen WAN gateway. Read the terms, then select the **Create** button when you're ready.

- :::image type="content" source="./media/how-to-nva-hub/barracuda-create-basics.png" alt-text="Barracuda NVA basics":::

-1. On the **Basics** page you will need to provide the following information:

-1. Select the **Next: CloudGen WAN gateway** button.

- :::image type="content" source="./media/how-to-nva-hub/barracuda-cloudgen-wan.png" alt-text="CloudGen WAN Gateway":::

-1. Provide the following information here:

-1. On this page, you will be asked to accept the terms of the Co-Admin Access agreement. This is standard with Managed Applications where the Publisher will have access to some resources in this deployment. Check the **I agree to the terms and conditions above** box, and then select **Create**.