+### Add the technical profiles

+A claims transformation technical profile accesses the `isForgotPassword` claim. The technical profile is referenced later. When it's invoked, it sets the value of the `isForgotPassword` claim to `true`. Find the **ClaimsProviders** element (if the element doesn't exist, create it), and then add the following claims provider:

+ <TechnicalProfile Id="LocalAccountWritePasswordUsingObjectId">

+ <UseTechnicalProfileForSessionManagement ReferenceId="SM-AAD" />

+ </TechnicalProfile>

+The **LocalAccountWritePasswordUsingObjectId** technical profile **UseTechnicalProfileForSessionManagement** `SM-AAD` session manager is required for the user to preform subsequent logins successfully under [SSO](./custom-policy-reference-sso.md) conditions.

+With the location condition in Conditional Access, you can control access to your cloud apps based on the network location of a user. Configure Conditional Access via the Azure portal or Microsoft Graph APIs to enable a Conditional Access policy blocking access to specific locations. For more information, see [Using the location condition in a Conditional Access policy](../active-directory/conditional-access/location-condition.md)

+1. Under **Implicit grant and hybrid flows**, select both the **Access tokens (used for implicit flows)** and **ID tokens (used for implicit and hybrid flows)** check boxes.

+ - **How to configure:** Use the steps described above to navigate to the attribute mappings page and use the SingleAppRoleAssignment expression to map to the roles attribute. There are three role attributes to choose from (`roles[primary eq "True"].display`, `roles[primary eq "True"].type`, and `roles[primary eq "True"].value`). You can choose to include any or all of the role attributes in your mappings. If you would like to include more than one, just add a new mapping and include it as the target attribute.

+ * Microsoft may limit repeated authentication attempts that are performed by the same user or organization in a short period of time. This limitation does not apply to Microsoft Authenticator or verification codes. If you have hit these limits, you can use the Authenticator App, verification code or try to sign in again in a few minutes.

+You can disable the use of SSPR for administrator accounts using the [Set-MsolCompanySettings](/powershell/module/msonline/set-msolcompanysettings) PowerShell cmdlet. The `-SelfServePasswordResetEnabled $False` parameter disables SSPR for administrators. Policy changes to disable or enable SSPR for administrator accounts can take up to 60 minutes to take effect.

+ Title: Use additional context in Microsoft Authenticator notifications (Preview) - Azure Active Directory

+# How to use additional context in Microsoft Authenticator app notifications (Preview) - Authentication Methods Policy

+This topic covers how to improve the security of user sign-in by adding the application and location in Microsoft Authenticator app push notifications.

+1. In the Azure AD portal, click **Security** > **Authentication methods** > **Microsoft Authenticator**.

+[Authentication methods in Azure Active Directory - Microsoft Authenticator app](concept-authentication-authenticator-app.md)

+This topic covers how to enable number matching in Microsoft Authenticator push notifications to improve user sign-in security.

+1. In the Azure AD portal, click **Security** > **Authentication methods** > **Microsoft Authenticator**.

+ Title: Nudge users to set up Microsoft Authenticator - Azure Active Directory

+description: Learn how to move your organization away from less secure authentication methods to Microsoft Authenticator

+# Customer intent: As an identity administrator, I want to encourage users to use the Microsoft Authenticator app in Azure AD to improve and secure user sign-in events.

+# How to run a registration campaign to set up Microsoft Authenticator - Microsoft Authenticator

+You can nudge users to set up Microsoft Authenticator during sign-in. Users will go through their regular sign-in, perform multifactor authentication as usual, and then be prompted to set up Microsoft Authenticator. You can include or exclude users or groups to control who gets nudged to set up the app. This allows targeted campaigns to move users from less secure authentication methods to the Authenticator app.

+ - Authentication Methods Policy: Users will need to be enabled for the Authenticator app and the Authentication mode set to **Any** or **Push**. If the policy is set to **Passwordless**, the user won't be eligible for the nudge. For more information about how to set the Authentication mode, see [Enable passwordless sign-in with Microsoft Authenticator](howto-authentication-passwordless-phone.md).

+ 

+ 

+[Enable passwordless sign-in with Microsoft Authenticator](howto-authentication-passwordless-phone.md)

+ Title: Passwordless sign-in with Microsoft Authenticator - Azure Active Directory

+description: Enable passwordless sign-in to Azure AD using Microsoft Authenticator

+# Enable passwordless sign-in with Microsoft Authenticator

+Microsoft Authenticator can be used to sign in to any Azure AD account without using a password. Microsoft Authenticator uses key-based authentication to enable a user credential that is tied to a device, where the device uses a PIN or biometric. [Windows Hello for Business](/windows/security/identity-protection/hello-for-business/hello-identity-verification) uses a similar technology.

+Azure AD lets you choose which authentication methods can be used during the sign-in process. Users then register for the methods they'd like to use. The **Microsoft Authenticator** authentication method policy manages both the traditional push MFA method, as well as the passwordless authentication method.

+1. Under **Microsoft Authenticator**, choose the following options:

+1. In **Microsoft Authenticator**, choose **Enable phone sign-in** from the drop-down menu for the account registered.

+An organization can direct its users to sign in with their phones, without using a password. For further assistance configuring Microsoft Authenticator and enabling phone sign-in, see [Sign in to your accounts using the Microsoft Authenticator app](https://support.microsoft.com/account-billing/sign-in-to-your-accounts-using-the-microsoft-authenticator-app-582bdc07-4566-4c97-a7aa-56058122714c).

+description: Configure MFA server to send push notifications to users with the Microsoft Authenticator App.

+The Microsoft Authenticator app offers an additional out-of-band verification option. Instead of placing an automated phone call or SMS to the user during login, Azure Multi-Factor Authentication pushes a notification to the Authenticator app on the user's smartphone or tablet. The user simply taps **Verify** (or enters a PIN and taps "Authenticate") in the app to complete their sign-in.

+> ...The numbers on legacy authentication from an analysis of Azure Active Directory (Azure AD) traffic are stark:

+Azure AD supports the most widely used authentication and authorization protocols including legacy authentication. Legacy authentication can't prompt users for second factor authentication or other authentication requirements needed to satisfy conditional access policies, directly. This authentication pattern includes basic authentication, a widely used industry-standard method for collecting user name and password information. Examples of applications that commonly or only use legacy authentication are:

+This section explains how to configure a Conditional Access policy to block legacy authentication.

+Before you can block legacy authentication in your directory, you need to first understand if your users have clients that use legacy authentication. Below, you'll find useful information to identify and triage where clients are using legacy authentication.

+#### Indicators from Azure AD

+These logs will indicate where users are using clients that are still depending on legacy authentication. For users that don't appear in these logs and are confirmed to not be using legacy authentication, implement a Conditional Access policy for these users only.

+Additionally, to help triage legacy authentication within your tenant use the [Sign-ins using legacy authentication workbook](../reports-monitoring/workbook-legacy%20authentication.md).

+#### Indicators from client

+To determine if a client is using legacy or modern authentication based on the dialog box presented at sign-in, see the article [Deprecation of Basic authentication in Exchange Online](/exchange/clients-and-mobile-in-exchange-online/deprecation-of-basic-authentication-exchange-online#authentication-dialog).

+## Important considerations

+Many clients that previously only supported legacy authentication now support modern authentication. Clients that support both legacy and modern authentication may require configuration update to move from legacy to modern authentication. If you see **modern mobile**, **desktop client** or **browser** for a client in the Azure AD logs, it's using modern authentication. If it has a specific client or protocol name, such as **Exchange ActiveSync**, it's using legacy authentication. The client types in Conditional Access, Azure AD Sign-in logs, and the legacy authentication workbook distinguish between modern and legacy authentication clients for you.

+- Clients that support modern authentication but aren't configured to use modern authentication should be updated or reconfigured to use modern authentication.

+- All clients that don't support modern authentication should be replaced.

+> [!IMPORTANT]

+>

+> **Exchange Active Sync with Certificate-based authentication(CBA)**

+>

+> When implementing Exchange Active Sync (EAS) with CBA, configure clients to use modern authentication. Clients not using modern authentication for EAS with CBA **are not blocked** with [Deprecation of Basic authentication in Exchange Online](/exchange/clients-and-mobile-in-exchange-online/deprecation-of-basic-authentication-exchange-online). However, these clients **are blocked** by Conditional Access policies configured to block legacy authentication.

+>

+>For more Information on implementing support for CBA with Azure AD and modern authentication See: [How to configure Azure AD certificate-based authentication (Preview)](../authentication/how-to-certificate-based-authentication.md). As another option, CBA performed at a federation server can be used with modern authentication.

+If you're using Microsoft Intune, you might be able to change the authentication type using the email profile you push or deploy to your devices. If you're using iOS devices (iPhones and iPads), you should take a look at [Add e-mail settings for iOS and iPadOS devices in Microsoft Intune](/mem/intune/configuration/email-settings-ios).

+## Block legacy authentication

+- [How to set up a multifunction device or application to send email using Microsoft 365](/exchange/mail-flow-best-practices/how-to-set-up-a-multifunction-device-or-application-to-send-email-using-microsoft-365-or-office-365)

+#### Continuous access evaluation insights per sign-in

+The continuous access evaluation insights per sign-in page in the workbook connects multiple requests from the sign-in logs and displays a single request where a CAE token was issued.

+This workbook can come in handy, for example, when: A user opens Outlook on their desktop and attempts to access resources inside of Exchange Online. This sign-in action may map to multiple interactive and non-interactive sign-in requests in the logs making issues hard to diagnose.

+To log in to a VM over SSH, you must have the Virtual Machine Administrator Login or Virtual Machine User Login role to the Resource Group containing the VM and its associated Virtual Network, Network Interface, Public IP Address or Load Balancer resources. An Azure user with the Owner or Contributor roles assigned for a VM donΓÇÖt automatically have privileges to Azure AD login to the VM over SSH. This separation is to provide audited separation between the set of people who control virtual machines versus the set of people who can access virtual machines.

+1. Select the **Resource Group** containing the VM and its associated Virtual Network, Network Interface, Public IP Address or Load Balancer resource.

+rg=$(az group show --resource-group myResourceGroup --query id -o tsv)

+ --scope $rg

+> To allow a user to log in to the VM over RDP, you must assign either the Virtual Machine Administrator Login or Virtual Machine User Login role to the Resource Group containing the VM and its associated Virtual Network, Network Interface, Public IP Address or Load Balancer resources. An Azure user with the Owner or Contributor roles assigned for a VM do not automatically have privileges to log in to the VM over RDP. This is to provide audited separation between the set of people who control virtual machines versus the set of people who can access virtual machines.

+1. Select the **Resource Group** containing the VM and its associated Virtual Network, Network Interface, Public IP Address or Load Balancer resource.

+$rg=$(az group show --resource-group myResourceGroup --query id -o tsv)

+ --scope $rg

+| Infrastructure apps|Active Directory forms the basis for many infrastructure on-premises components, for example, DNS, DHCP, IPSec, WiFi, NPS, and VPN access|In a new cloud world, Azure AD, is the new control plane for accessing apps versus relying on networking controls. When users authenticate, [Conditional access (CA)](../conditional-access/overview.md) controls which users have access to which apps under required conditions.|

+

+

+

+The user assigned managed identity should be specified using its [resourceID](./how-manage-user-assigned-managed-identities.md).

+| Add or remove members | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |

+ > These values are not real. Update these values with the actual Identifier and Reply URL. Contact [BGS Online support team](mailto:bgsdashboardteam@millwardbrown.com) to get these values.

+> You also can enable SAML-based Single Sign-On for Tableau Online. Follow the instructions in the [Tableau Online single sign-on tutorial](tableauonline-tutorial.md). Single sign-on can be configured independently of automatic user provisioning, although these two features complement each other.

+## Update a Tableau Cloud application to use the Tableau Cloud SCIM 2.0 endpoint

+In June 2022, Tableau released a SCIM 2.0 connector. Completing the steps below will update applications configured to use the Tableau API endpoint to the use the SCIM 2.0 endpoint. These steps will remove any customizations previously made to the Tableau Cloud application, including:

+* Authentication details

+* Scoping filters

+* Custom attribute mappings

+> [!NOTE]

+> Be sure to note any changes that have been made to the settings listed above before completing the steps below. Failure to do so will result in the loss of customized settings.

+1. Sign into the Azure portal at https://portal.azure.com

+2. Navigate to your current Tableau Cloud app under Azure Active Directory > Enterprise Applications

+3. In the Properties section of your new custom app, copy the Object ID.

+ 

+4. In a new web browser window, go to https://developer.microsoft.com/graph/graph-explorer and sign in as the administrator for the Azure AD tenant where your app is added.

+ 

+5. Check to make sure the account being used has the correct permissions. The permission ΓÇ£Directory.ReadWrite.AllΓÇ¥ is required to make this change.

+ 

+ 

+6. Using the ObjectID selected from the app previously, run the following command:

+```

+GET https://graph.microsoft.com/beta/servicePrincipals/[object-id]/synchronization/jobs/

+```

+7. Taking the "id" value from the response body of the GET request from above, run the command below, replacing "[job-id]" with the id value from the GET request. The value should have the format of "Tableau.xxxxxxxxxxxxxxx.xxxxxxxxxxxxxxx":

+```

+DELETE https://graph.microsoft.com/beta/servicePrincipals/[object-id]/synchronization/jobs/[job-id]

+```

+8. In the Graph Explorer, run the command below. Replace "[object-id]" with the service principal ID (object ID) copied from the third step.

+```

+POST https://graph.microsoft.com/beta/servicePrincipals/[object-id]/synchronization/jobs { "templateId": "TableauOnlineSCIM" }

+```

+

+9. Return to the first web browser window and select the Provisioning tab for your application. Your configuration will have been reset. You can confirm the upgrade has taken place by confirming the Job ID starts with ΓÇ£TableauOnlineSCIMΓÇ¥.

+10. Under the Admin Credentials section, select "Bearer Authentication" as the authentication method and enter the Tenant URL and Secret Token of the Tableau instance you wish to provision to.

+

+11. Restore any previous changes you made to the application (Authentication details, Scoping filters, Custom attribute mappings) and re-enable provisioning.

+> [!NOTE]

+> Failure to restore the previous settings may results in attributes (name.formatted for example) updating in Workplace unexpectedly. Be sure to check the configuration before enabling provisioning

+[3]: ./media/tableau-online-provisioning-tutorial/tutorial_general_03.png

+>If you need to create a user manually, you need to contact [Voyance support team](mailto:support@nyansa.com).

+ b. In the **Issuer URL** textbox, paste the **Azure AD Identifier** value that you copied from the Azure portal.

+ c. In the **Single Sign-On URL** textbox, paste the **Login URL** value that you copied from the Azure portal.

+ d. In the **Single Sign-Out URL** textbox, paste the **Logout URL** value that you copied from Azure portal.

+In this section, you create a user called Britta Simon in Wizergos Productivity Software. Work with [Wizergos Productivity Software support team](mailto:support@wizergos.com) to add the users in the Wizergos Productivity Software platform.

+ItΓÇÖs important to plan your verifiable credential solution so that in addition to issuing and or validating credentials, you have a complete view of the architectural and business impacts of your solution. If you havenΓÇÖt reviewed them already, we recommend you review [Introduction to Azure Active Directory Verifiable Credentials](decentralized-identifier-overview.md) and the [FAQs](verifiable-credentials-faq.md), and then complete the [Getting Started](get-started-verifiable-credentials.md) tutorial.

+1. Go to the [Azure portal](https://portal.azure.com), select your API Management instance, and then select **Managed identities**. Make sure that the **Register with Azure Active Directory** option is set to **Yes**.

+ :::image type="content" source="media/compute-infrastructure/platformversion-property.png" alt-text="platformVersion property in JSON view":::

+* Currently, the set header policy doesn't support changing certain well-known headers, including `Host` headers, in onHandshake requests.

+1. Download [Fiddler](https://www.telerik.com/download/fiddler).

+ 

+Add backend pools named *imagesBackendPool* and *videoBackendPool* to your application gateway using [Add-AzApplicationGatewayBackendAddressPool](/powershell/module/az.network/add-azapplicationgatewaybackendaddresspool). Add the frontend port for the pools using [Add-AzApplicationGatewayFrontendPort](/powershell/module/az.network/add-azapplicationgatewayfrontendport). Submit the changes to the application gateway using [Set-AzApplicationGateway](/powershell/module/az.network/set-azapplicationgateway).

+description: Learn about customers who have used Azure Applied AI Services. See use cases that improve customer experience, streamline processes, and protect data.

+Customers are using Azure Applied AI Services to add AI horsepower to their business scenarios:

+- Chatbots improve customer experience in a robust, expandable way.

+- AI-driven search offers strong data security and delivers smart results that add value.

+- Azure Form Recognizer increases ROI by using automation to streamline data extraction.

+| <center> | **Progressive uses Azure Bot Service and Azure Cognitive Search to help customers make smarter insurance decisions.** <br>"One of the great things about Bot Service is that, out of the box, we could use it to quickly put together the basic framework for our bot." *-Matt White, Marketing Manager, Personal Lines Acquisition Experience, Progressive Insurance* | [Insurance shoppers gain new service channel with artificial intelligence chatbot](https://customers.microsoft.com/story/789698-progressive-insurance-cognitive-services-insurance) |

+| <center> | **WIX uses Cognitive Search to deploy smart search across 150 million websites.** <br> "We really benefitted from choosing Azure Cognitive Search because we could go to market faster than we had with other products. We don't have to manage infrastructure, and our developers can spend time on higher-value tasks."*-Giedrius Gra┼╛evi─ìius: Project Manager for Search, Wix* | [Wix deploys smart, scalable search across 150 million websites with Azure Cognitive Search](https://customers.microsoft.com/story/764974-wix-partner-professional-services-azure-cognitive-search) |

+| <center> | **Chevron uses Form Recognizer to extract volumes of data from unstructured reports.**<br>"We only have a finite amount of time to extract data, and oftentimes the data that's left behind is valuable. With this new technology, we're able to extract everything and then decide what we can use to improve our performance."*-Diane Cillis, Engineering Technologist, Chevron Canada* | [Chevron is using AI-powered robotic process automation to extract volumes of data from unstructured reports for analysis](https://customers.microsoft.com/story/chevron-mining-oil-gas-azure-cognitive-services) |

+- [What are Applied AI Services?](what-are-applied-ai-services.md)

+- [Why use Applied AI Services?](why-applied-ai-services.md)

+|<ul><li>**ID document**</li></ul>| Is your ID document a US driver's license or an international passport?| <ul><li>If **Yes**, use the [**ID document**](concept-id-document.md) model.</li><li>If **No**, use the [**Layout**](concept-layout.md) or [**General document (preview)**](concept-general-document.md) model</li></ul>|

+ 1. Set the **Allowed origins** to `https://fott-2-1.azurewebsites.net`.

+Uri fileUri = new Uri("https://raw.githubusercontent.com/Azure-Samples/cognitive-services-REST-api-samples/master/curl/form-recognizer/sample-layout.pdf");

+ Console.WriteLine($" Upper left => X: {line.BoundingPolygon[0].X}, Y= {line.BoundingPolygon[0].Y}");

+ Console.WriteLine($" Upper right => X: {line.BoundingPolygon[1].X}, Y= {line.BoundingPolygon[1].Y}");

+ Console.WriteLine($" Lower right => X: {line.BoundingPolygon[2].X}, Y= {line.BoundingPolygon[2].Y}");

+ Console.WriteLine($" Lower left => X: {line.BoundingPolygon[3].X}, Y= {line.BoundingPolygon[3].Y}");

+ Console.WriteLine($" Upper left => X: {selectionMark.BoundingPolygon[0].X}, Y= {selectionMark.BoundingPolygon[0].Y}");

+ Console.WriteLine($" Upper right => X: {selectionMark.BoundingPolygon[1].X}, Y= {selectionMark.BoundingPolygon[1].Y}");

+ Console.WriteLine($" Lower right => X: {selectionMark.BoundingPolygon[2].X}, Y= {selectionMark.BoundingPolygon[2].Y}");

+ Console.WriteLine($" Lower left => X: {selectionMark.BoundingPolygon[3].X}, Y= {selectionMark.BoundingPolygon[3].Y}");

+// sample form document

+ Console.WriteLine($" Upper left => X: {line.BoundingPolygon[0].X}, Y= {line.BoundingPolygon[0].Y}");

+ Console.WriteLine($" Upper right => X: {line.BoundingPolygon[1].X}, Y= {line.BoundingPolygon[1].Y}");

+ Console.WriteLine($" Lower right => X: {line.BoundingPolygon[2].X}, Y= {line.BoundingPolygon[2].Y}");

+ Console.WriteLine($" Lower left => X: {line.BoundingPolygon[3].X}, Y= {line.BoundingPolygon[3].Y}");

+ Console.WriteLine($" Upper left => X: {selectionMark.BoundingPolygon[0].X}, Y= {selectionMark.BoundingPolygon[0].Y}");

+ Console.WriteLine($" Upper right => X: {selectionMark.BoundingPolygon[1].X}, Y= {selectionMark.BoundingPolygon[1].Y}");

+ Console.WriteLine($" Lower right => X: {selectionMark.BoundingPolygon[2].X}, Y= {selectionMark.BoundingPolygon[2].Y}");

+ Console.WriteLine($" Lower left => X: {selectionMark.BoundingPolygon[3].X}, Y= {selectionMark.BoundingPolygon[3].Y}");

+After you've completed the prerequisites, navigate to [Form Recognizer Studio General Documents](https://formrecognizer.appliedai.azure.com/studio/document).

+1. Set the **Allowed origins** to `https://formrecognizer.appliedai.azure.com`.

+ // create your `DocumentAnalysisClient` instance and `AzureKeyCredential` variable

+ DocumentAnalysisClient client = new DocumentAnalysisClientBuilder()

+ .credential(new AzureKeyCredential(key))

+ .endpoint(endpoint)

+ .buildClient();

+ // sample document

+ String documentUrl = "https://raw.githubusercontent.com/Azure-Samples/cognitive-services-REST-api-samples/master/curl/form-recognizer/sample-layout.pdf";

+ String modelId = "prebuilt-document";

+ SyncPoller < DocumentOperationResult, AnalyzeResult> analyzeDocumentPoller =

+ client.beginAnalyzeDocumentFromUrl(modelId, documentUrl);

+ AnalyzeResult analyzeResult = analyzeDocumentPoller.getFinalResult();

+ // pages

+ analyzeResult.getPages().forEach(documentPage -> {

+ System.out.printf("Page has width: %.2f and height: %.2f, measured with unit: %s%n",

+ documentPage.getWidth(),

+ documentPage.getHeight(),

+ documentPage.getUnit());

+ // lines

+ documentPage.getLines().forEach(documentLine ->

+ System.out.printf("Line %s is within a bounding polygon %s.%n",

+ documentLine.getContent(),

+ documentLine.getBoundingPolygon().toString()));

+ // words

+ documentPage.getWords().forEach(documentWord ->

+ System.out.printf("Word %s has a confidence score of %.2f%n.",

+ documentWord.getContent(),

+ documentWord.getConfidence()));

+ });

+ // tables

+ List <DocumentTable> tables = analyzeResult.getTables();

+ for (int i = 0; i < tables.size(); i++) {

+ DocumentTable documentTable = tables.get(i);

+ System.out.printf("Table %d has %d rows and %d columns.%n", i, documentTable.getRowCount(),

+ documentTable.getColumnCount());

+ documentTable.getCells().forEach(documentTableCell -> {

+ System.out.printf("Cell '%s', has row index %d and column index %d.%n",

+ documentTableCell.getContent(),

+ documentTableCell.getRowIndex(), documentTableCell.getColumnIndex());

+ System.out.println();

+ // Key-value pairs

+ analyzeResult.getKeyValuePairs().forEach(documentKeyValuePair -> {

+ System.out.printf("Key content: %s%n", documentKeyValuePair.getKey().getContent());

+ System.out.printf("Key content bounding region: %s%n",

+ documentKeyValuePair.getKey().getBoundingRegions().toString());

+ if (documentKeyValuePair.getValue() != null) {

+ System.out.printf("Value content: %s%n", documentKeyValuePair.getValue().getContent());

+ System.out.printf("Value content bounding region: %s%n", documentKeyValuePair.getValue().getBoundingRegions().toString());

+ }

+ });

+}

+ public static void main(String[] args) {

+ // create your `DocumentAnalysisClient` instance and `AzureKeyCredential` variable

+ DocumentAnalysisClient client = new DocumentAnalysisClientBuilder()

+ .credential(new AzureKeyCredential(key))

+ .endpoint(endpoint)

+ .buildClient();

+ // sample document

+ String documentUrl = "https://raw.githubusercontent.com/Azure-Samples/cognitive-services-REST-api-samples/master/curl/form-recognizer/sample-layout.pdf";

+ String modelId = "prebuilt-layout";

+ SyncPoller < DocumentOperationResult, AnalyzeResult > analyzeLayoutResultPoller =

+ client.beginAnalyzeDocumentFromUrl(modelId, documentUrl);

+ AnalyzeResult analyzeLayoutResult = analyzeLayoutResultPoller.getFinalResult();

+ // pages

+ analyzeLayoutResult.getPages().forEach(documentPage -> {

+ System.out.printf("Page has width: %.2f and height: %.2f, measured with unit: %s%n",

+ documentPage.getWidth(),

+ documentPage.getHeight(),

+ documentPage.getUnit());

+ // lines

+ documentPage.getLines().forEach(documentLine ->

+ System.out.printf("Line %s is within a bounding polygon %s.%n",

+ documentLine.getContent(),

+ documentLine.getBoundingPolygon().toString()));

+ // words

+ documentPage.getWords().forEach(documentWord ->

+ System.out.printf("Word '%s' has a confidence score of %.2f%n",

+ documentWord.getContent(),

+ documentWord.getConfidence()));

+ // selection marks

+ documentPage.getSelectionMarks().forEach(documentSelectionMark ->

+ System.out.printf("Selection mark is %s and is within a bounding polygon %s with confidence %.2f.%n",

+ documentSelectionMark.getState().toString(),

+ documentSelectionMark.getBoundingPolygon().toString(),

+ documentSelectionMark.getConfidence()));

+ });

+ // tables

+ List < DocumentTable > tables = analyzeLayoutResult.getTables();

+ for (int i = 0; i < tables.size(); i++) {

+ DocumentTable documentTable = tables.get(i);

+ System.out.printf("Table %d has %d rows and %d columns.%n", i, documentTable.getRowCount(),

+ documentTable.getColumnCount());

+ documentTable.getCells().forEach(documentTableCell -> {

+ System.out.printf("Cell '%s', has row index %d and column index %d.%n", documentTableCell.getContent(),

+ documentTableCell.getRowIndex(), documentTableCell.getColumnIndex());

+ });

+ System.out.println();

+}

+ .credential(new AzureKeyCredential(key))

+ .endpoint(endpoint)

+ .buildClient();

+ SyncPoller<DocumentOperationResult, AnalyzeResult> analyzeInvoicePoller = client.beginAnalyzeDocumentFromUrl(modelId, invoiceUrl);

+ AnalyzedDocument analyzedInvoice = analyzeInvoiceResult.getDocuments().get(i);

+ Map<String, DocumentField> invoiceFields = analyzedInvoice.getFields();

+ System.out.printf("-- Analyzing invoice %d --%n", i);

+ System.out.printf("Analyzed document has doc type %s with confidence : %.2f%n",

+ analyzedInvoice.getDocType(), analyzedInvoice.getConfidence());

+ DocumentField vendorNameField = invoiceFields.get("VendorName");

+ if (vendorNameField != null) {

+ if (DocumentFieldType.STRING == vendorNameField.getType()) {

+ String merchantName = vendorNameField.getValueString();

+ Float confidence = vendorNameField.getConfidence();

+ System.out.printf("Vendor Name: %s, confidence: %.2f%n",

+ merchantName, vendorNameField.getConfidence());

+ }

+ DocumentField vendorAddressField = invoiceFields.get("VendorAddress");

+ if (vendorAddressField != null) {

+ if (DocumentFieldType.STRING == vendorAddressField.getType()) {

+ String merchantAddress = vendorAddressField.getValueString();

+ System.out.printf("Vendor address: %s, confidence: %.2f%n",

+ merchantAddress, vendorAddressField.getConfidence());

+ }

+ DocumentField customerNameField = invoiceFields.get("CustomerName");

+ if (customerNameField != null) {

+ if (DocumentFieldType.STRING == customerNameField.getType()) {

+ String merchantAddress = customerNameField.getValueString();

+ System.out.printf("Customer Name: %s, confidence: %.2f%n",

+ merchantAddress, customerNameField.getConfidence());

+ }

+ DocumentField customerAddressRecipientField = invoiceFields.get("CustomerAddressRecipient");

+ if (customerAddressRecipientField != null) {

+ if (DocumentFieldType.STRING == customerAddressRecipientField.getType()) {

+ String customerAddr = customerAddressRecipientField.getValueString();

+ System.out.printf("Customer Address Recipient: %s, confidence: %.2f%n",

+ customerAddr, customerAddressRecipientField.getConfidence());

+ }

+ DocumentField invoiceIdField = invoiceFields.get("InvoiceId");

+ if (invoiceIdField != null) {

+ if (DocumentFieldType.STRING == invoiceIdField.getType()) {

+ String invoiceId = invoiceIdField.getValueString();

+ System.out.printf("Invoice ID: %s, confidence: %.2f%n",

+ invoiceId, invoiceIdField.getConfidence());

+ }

+ DocumentField invoiceDateField = invoiceFields.get("InvoiceDate");

+ if (customerNameField != null) {

+ if (DocumentFieldType.DATE == invoiceDateField.getType()) {

+ LocalDate invoiceDate = invoiceDateField.getValueDate();

+ System.out.printf("Invoice Date: %s, confidence: %.2f%n",

+ invoiceDate, invoiceDateField.getConfidence());

+ }

+ DocumentField invoiceTotalField = invoiceFields.get("InvoiceTotal");

+ if (customerAddressRecipientField != null) {

+ if (DocumentFieldType.FLOAT == invoiceTotalField.getType()) {

+ Float invoiceTotal = invoiceTotalField.getValueFloat();

+ System.out.printf("Invoice Total: %.2f, confidence: %.2f%n",

+ invoiceTotal, invoiceTotalField.getConfidence());

+ }

+ }

+ DocumentField invoiceItemsField = invoiceFields.get("Items");

+ if (invoiceItemsField != null) {

+ System.out.printf("Invoice Items: %n");

+ if (DocumentFieldType.LIST == invoiceItemsField.getType()) {

+ List < DocumentField > invoiceItems = invoiceItemsField.getValueList();

+ invoiceItems.stream()

+ .filter(invoiceItem -> DocumentFieldType.MAP == invoiceItem.getType())

+ .map(formField -> formField.getValueMap())

+ .forEach(formFieldMap -> formFieldMap.forEach((key, formField) -> {

+ // See a full list of fields found on an invoice here:

+ // https://aka.ms/formrecognizer/invoicefields

+ if ("Description".equals(key)) {

+ if (DocumentFieldType.STRING == formField.getType()) {

+ String name = formField.getValueString();

+ System.out.printf("Description: %s, confidence: %.2fs%n",

+ name, formField.getConfidence());

+ }

+ }

+ if ("Quantity".equals(key)) {

+ if (DocumentFieldType.FLOAT == formField.getType()) {

+ Float quantity = formField.getValueFloat();

+ System.out.printf("Quantity: %f, confidence: %.2f%n",

+ quantity, formField.getConfidence());

+ }

+ }

+ if ("UnitPrice".equals(key)) {

+ if (DocumentFieldType.FLOAT == formField.getType()) {

+ Float unitPrice = formField.getValueFloat();

+ System.out.printf("Unit Price: %f, confidence: %.2f%n",

+ unitPrice, formField.getConfidence());

+ }

+ }

+ if ("ProductCode".equals(key)) {

+ if (DocumentFieldType.FLOAT == formField.getType()) {

+ Float productCode = formField.getValueFloat();

+ System.out.printf("Product Code: %f, confidence: %.2f%n",

+ productCode, formField.getConfidence());

+ }

+ }

+ }));

+ }

+ }

+ }

+ }

+ }

+ const client = new DocumentAnalysisClient(endpoint, new AzureKeyCredential(key));

+ const poller = await client.beginAnalyzeDocument("prebuilt-document", formUrl);

+ const {

+ keyValuePairs,

+ entities

+ } = await poller.pollUntilDone();

+ if (keyValuePairs.length <= 0) {

+ console.log("No key-value pairs were extracted from the document.");

+ } else {

+ console.log("Key-Value Pairs:");

+ for (const {

+ key,

+ value,

+ confidence

+ } of keyValuePairs) {

+ console.log("- Key :", `"${key.content}"`);

+ console.log(" Value:", `"${value?.content ?? "<undefined>"}" (${confidence})`);

+ }

+ }

+}

+main().catch((error) => {

+ console.error("An error occurred:", error);

+ process.exit(1);

+});

+ return ", ".join("Page #{}: {}".format(region.page_number, format_polygon(region.polygon)) for region in bounding_regions)

+def format_polygon(polygon):

+ if not polygon:

+ return ", ".join(["[{}, {}]".format(p.x, p.y) for p in polygon])

+ format_polygon(line.polygon),

+ format_polygon(selection_mark.polygon),

+ format_polygon(region.polygon),

+ format_polygon(region.polygon),

+def format_polygon(polygon):

+ if not polygon:

+ return ", ".join(["[{}, {}]".format(p.x, p.y) for p in polygon])

+ document_analysis_client = DocumentAnalysisClient(

+ endpoint=endpoint, credential=AzureKeyCredential(key)

+ )

+ format_polygon(line.polygon),

+ format_polygon(selection_mark.polygon),

+ format_polygon(region.polygon),

+ format_polygon(region.polygon),

+ return ", ".join("Page #{}: {}".format(region.page_number, format_polygon(region.polygon)) for region in bounding_regions)

+def format_polygon(polygon):

+ if not polygon:

+ return ", ".join(["[{}, {}]".format(p.x, p.y) for p in polygon])

+ document_analysis_client = DocumentAnalysisClient(

+ endpoint=endpoint, credential=AzureKeyCredential(key)

+ )

+ print("-")

+Follow the steps below to create a private endpoint for your Automation account.

+1. Go to [Private Link center](https://portal.azure.com/#blade/Microsoft_Azure_Network/PrivateLinkCenterBlade/privateendpoints) in Azure portal to create a private endpoint to connect our network.

+Once your changes to public Network Access and Private Link are applied, it can take up to 35 minutes for them to take effect.

+1. On **Private Link Center**, select **Create private endpoint**.

+ :::image type="content" source="./media/private-link-security/create-private-endpoint.png" alt-text="Screenshot of how to create a private endpoint.":::

+1. On **Basics**, enter the following details:

+ - **Subscription**

+ - **Resource group**

+ - **Name**

+ - **Network Interface Name**

+ - **Region** and select **Next: Resource**.

+ :::image type="content" source="./media/private-link-security/create-private-endpoint-basics.png" alt-text="Screenshot of how to create a private endpoint in Basics tab.":::

+1. On **Resource**, enter the following details:

+ - **Connection method**, select the default option - *Connect to an Azure resource in my directory*.

+ - **Subscription**

+ - **Resource type**

+ - **Resource**.

+ - The **Target sub-resource** can either be *Webhook* or *DSCAndHybridWorker* as per your scenario and select **Next : Virtual Network**.

+

+ :::image type="content" source="./media/private-link-security/create-private-endpoint-resource-inline.png" alt-text="Screenshot of how to create a private endpoint in Resource tab." lightbox="./media/private-link-security/create-private-endpoint-resource-expanded.png":::

+1. On **Virtual Network**, enter the following details:

+ - **Virtual network**

+ - **Subnet**

+ - Enable the checkbox for **Enable network policies for all private endpoints in this subnet**.

+ - Select **Dynamically allocate IP address** and select **Next : DNS**.

+ :::image type="content" source="./media/private-link-security/create-private-endpoint-virtual-network-inline.png" alt-text="Screenshot of how to create a private endpoint in Virtual network tab." lightbox="./media/private-link-security/create-private-endpoint-virtual-network-expanded.png":::

+1. On **DNS**, the data is populated as per the information entered in the **Basics**, **Resource**, **Virtual Network** tabs and it creates a Private DNS zone. Enter the following details:

+ - **Integrate with private DNS Zone**

+ - **Subscription**

+ - **Resource group** and select **Next : Tags**

+ :::image type="content" source="./media/private-link-security/create-private-endpoint-dns-inline.png" alt-text="Screenshot of how to create a private endpoint in DNS tab." lightbox="./media/private-link-security/create-private-endpoint-dns-expanded.png":::

+1. On **Tags**, you can categorize resources. Select **Name** and **Value** and select **Review + create**. You're taken to the **Review + create** page where Azure validates your configuration.

+On the **Private Link Center**, select **Private endpoints** to view your private link resource.

+In this tutorial, you created a [PowerShell runbook](../automation-runbook-types.md#powershell-runbooks) in Azure Automation that used a [managed identity](../automation-security-overview.md#managed-identities), rather than the Run As account to interact with resources. For a look at PowerShell Workflow runbooks, see:

+Azure Automation now supports Python 3 cloud and hybrid runbook execution in public preview in all regions in Azure global cloud. For more information, see the [announcement](https://azure.microsoft.com/updates/azure-automation-python-3-public-preview/).

+Additional Avere cluster documentation can be found on the [Avere website](https://azure.github.io/Avere/). These documents can help you understand the cluster's capabilities and how to configure its settings.

+For more information, see [Avere vFXT for Azure](https://azure.microsoft.com/services/storage/avere-vfxt/).

+1. Use the [Azure Cloud Shell](https://shell.azure.com) to sign in using your subscription ID.

+To create a new Spring Boot project:

+1. Browse to the [Spring Initializr](https://start.spring.io).

+To create a new Spring Boot project:

+1. Browse to the [Spring Initializr](https://start.spring.io).

+|`--storage-class-data`, `-d`|Storage class for all data files (.mdf, ndf). If not specified, defaults to storage class for data controller.|

+|`--storage-class-logs`, `-g`|Storage class for all log files. If not specified, defaults to storage class for data controller.|

+|`--storage-class-data-logs`|Storage class for the database transaction log files. If not specified, defaults to storage class for data controller.|

+|`--storage-class-backups`|Storage class for all backup files. If not specified, defaults to storage class for data (`--storage-class-data`).<br/><br/> Use a ReadWriteMany (RWX) capable storage class for backups. Learn more about [access modes](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes). |

+> If you don't specify a storage class for backups, the deployment uses the storage class specified for data. If this storage class isn't RWX capable, the point-in-time restore may not work as desired.

+|Parameter name, short name|Path inside `mssql-miaa` container|Description|

+To view your metrics, navigate to the [Azure portal](https://portal.azure.com). Then, search for your database instance by name in the search bar:

+Set the following environment variables:

+Next, run the following command

+```azurecli

+az keyvault create -n $AZUREKEYVAULT_NAME -g $AKV_RESOURCE_GROUP -l $AZUREKEYVAULT_LOCATION

+```

+ name: akvprovider-demo

+- Learn more about [Azure Key Vault](../../key-vault/general/overview.md).

+> The specifics of JWTs are beyond the scope of this article. For more information about the JWT standard, see [Introduction to JSON Web Tokens](https://jwt.io/introduction).

+ Title: Azure Fluid Relay limits

+description: Limits and throttles applied in Azure Fluid Relay.

+# Azure Fluid Relay Limits

+This article outlines known limitation of Azure Fluid Relay.

+## Distributed Data Structures

+The Azure Fluid Relay doesn't support [experimental distributed data structures (DDSes)](https://fluidframework.com/docs/data-structures/experimental/). These include but are not limited to DDS packages with the `@fluid-experimental` package namespace.

+## Fluid sessions

+The maximum number of simultaneous users in one session on Azure Fluid Relay is 100 users. This limit is on simultaneous users. What this means is that the 101st user won't be allowed to join the session. In the case where an existing user leaves the session, a new user will be able to join. This is because the number of simultaneous users at that point will be less than the limit.

+## Fluid Summaries

+Incremental summaries uploaded to Azure Fluid Relay can't exceed 28 MB in size. More info [here](https://fluidframework.com/docs/concepts/summarizer).

+## Signals

+Azure Fluid Relay doesn't currently have support for Signals. Learn about Signals [here](https://fluidframework.com/docs/concepts/signals/).

+## Need help?

+If you need help with any of the above limits or other Azure Fluid Relay topics, see the [support](../resources/support.md) options available to you.

+ Title: Azure Fluid Relay support

+description: Help and support options for Azure Fluid Relay.

+# Help and Support options for Azure Fluid Relay

+If you have an issue or question involving Azure Fluid Relay, the following options are available.

+## Check out Frequently Asked Questions

+You can see if your question is already answered on our Frequently Asked Questions [page](faq.md).

+## Create an Azure Support Request

+With Azure, there are many [support options and plans](https://azure.microsoft.com/support/plans/) available, which you can explore and review. You can create a support ticket in the [Azure portal](https://portal.azure.com/#blade/Microsoft_Azure_Support/HelpAndSupportBlade/overview).

+## Post a question to Microsoft Q&A

+For quick and reliable answers to product or technical questions you might have about Azure Fluid Relay from Microsoft Engineers, Azure Most Valuable Professionals (MVPs), or our community, engage with us on [Microsoft Q&A](/answers/products/azure).

+If you can't find an answer to your problem by searching you can, submit a new question to Microsoft Q&A. When creating a question, make sure to use the [Azure Fluid Relay tag](/answers/topics/azure-fluid-relay.html).

+## Post a question on Stack Overflow

+You can also try asking your question on Stack Overflow, which has a large community developer community and ecosystem. Azure Fluid Relay has a [dedicated tag](https://stackoverflow.com/questions/tagged/azure-fluid-relay) there too.

+## Fluid Framework

+For questions about the Fluid Framework, you can file issues on [GitHub](https://github.com/microsoft/fluidframework). The [Fluid Framework site](https://fluidframework.com) is another good source of information about the framework.

+ This folder contains the `Dockerfile` and other files for the project, including configurations files named [local.settings.json](functions-develop-local.md#local-settings-file) and [host.json](functions-host-json.md). By default, the *local.settings.json* file is excluded from source control in the *.gitignore* file. This exclusion is because the file can contain secrets that are downloaded from Azure.

+Sign in to the [Azure portal](https://portal.azure.com) using your Azure account.

+- Traffic redirection is seamless; no requests are dropped because of a swap. This seamless behavior is a result of the next function triggers being routed to the swapped slot.

+- Currently executing function are terminated during the swap. Please review [Improve the performance and reliability of Azure Functions](performance-reliability.md#write-functions-to-be-stateless) to learn how to write stateless and defensive functions.

+- Publishing endpoints

+- Custom domain names

+- Non-public certificates and TLS/SSL settings

+- Scale settings

+- IP restrictions

+- Always On

+- Diagnostic settings

+- Cross-origin resource sharing (CORS)

+- General settings, such as framework version, 32/64-bit, web sockets

+- App settings (can be configured to stick to a slot)

+- Connection strings (can be configured to stick to a slot)

+- Handler mappings

+- Public certificates

+- Hybrid connections *

+- Virtual network integration *

+- Service endpoints *

+- Azure Content Delivery Network *

+Features marked with an asterisk (*) are planned to be unswapped.

+You can use a few different technologies to deploy your Azure Functions project code to Azure. This article provides an overview of the deployment methods available to you and recommendations for the best method to use in various scenarios. It also provides an exhaustive list of and key details about the underlying deployment technologies.

+| Tools-based | &bull;&nbsp;[Visual&nbsp;Studio&nbsp;Code&nbsp;publish](functions-develop-vs-code.md#publish-to-azure)<br/>&bull;&nbsp;[Visual Studio publish](functions-develop-vs.md#publish-to-azure)<br/>&bull;&nbsp;[Core Tools publish](functions-run-local.md#publish) | Deployments during development and other ad hoc deployments. Deployments are managed locally by the tooling. |

+>__When to use it:__ External package URL is the only supported deployment method for Azure Functions running on Linux in the Consumption plan, if the user doesn't want a [remote build](#remote-build) to occur. When you update the package file that a function app references, you must [manually sync triggers](#trigger-syncing) to tell Azure that your application has changed. When you change the contents of the package file and not the URL itself, you must also restart your function app manually.

+>+ Create a Linux function app on an Azure App Service plan in the Azure portal. For **Publish**, select **Docker Image**, and then configure the container. Enter the location where the image is hosted.

+>+ Create a Linux function app on an App Service plan by using the Azure CLI. To learn how, see [Create a function on Linux by using a custom image](functions-create-function-linux-custom-image.md#create-supporting-azure-resources-for-your-function).

+>+ [Visual Studio Code](./create-first-function-vs-code-csharp.md)

+>+ [Azure Functions Core Tools (command line)](functions-run-local.md)

+>+ [Visual Studio](functions-create-your-first-function-visual-studio.md)

+When you deploy updates to your function app code, currently executing functions are terminated. After deployment completes, the new code is loaded to begin processing requests. Please review [Improve the performance and reliability of Azure Functions](performance-reliability.md#write-functions-to-be-stateless) to learn how to write stateless and defensive functions.

+| Information | **`Write-Information`** <br/> **`Write-Host`** <br /> **`Write-Output`** <br/> Writes to the `Information` log level. |

+When you create a new PowerShell functions project, dependency management is enabled by default, with the Azure [`Az` module](/powershell/azure/new-azureps-module-az) included. The maximum number of modules currently supported is 10. The supported syntax is *`MajorNumber.*`* or exact module version, as shown in the following requirements.psd1 example:

+PowerShell is a *single_threaded* scripting language by default. However, concurrency can be added by using multiple PowerShell runspaces in the same process. The number of runspaces created, and therefore the number of concurrent threads per worker, is limited by the `PSWorkerInProcConcurrencyUpperBound` application setting. By default, the number of runspaces is set to 1,000 in version 4.x of the Functions runtime. In versions 3.x and below, the maximum number of runspaces is set to 1. The throughput will be impacted by the amount of CPU and memory available in the selected plan.

+Azure PowerShell uses some *process-level* contexts and state to help save you from excess typing. However, if you turn on concurrency in your function app and invoke actions that change state, you could end up with race conditions. These race conditions are difficult to debug because one invocation relies on a certain state and the other invocation changed the state.

+How does your code react if a failure occurs after inserting 5,000 of those items into a queue for processing? Track items in a set that youΓÇÖve completed. Otherwise, you might insert them again next time. This double-insertion can have a serious impact on your work flow, so [make your functions idempotent](functions-idempotent.md).

+For HTTP based functions consider [API versioning strategies](/azure/architecture/reference-architectures/serverless/web-app#api-versioning) with Azure API Management. For example, if you have to update your HTTP based function app, deploy the new update to a separate function app and use API Management revisions or versions to direct clients to the new version or revision. Once all clients are using the version or revision and no more executions are left on the previous function app, you can deprovision the previous function app.

+This section provides information about how to run your function app from a local package file.

+[Zip deployment][Zip deployment for Azure Functions] is a feature of Azure App Service that lets you deploy your function app project to the `wwwroot` directory. The project is packaged as a .zip deployment file. The same APIs can be used to deploy your package to the `d:\home\data\SitePackages` (Windows) or `/home/data/SitePackages` (Linux) folder.

+> When a deployment occurs, a restart of the function app is triggered. Function executions currently running during the deploy are terminated. Please review [Improve the performance and reliability of Azure Functions](performance-reliability.md#write-functions-to-be-stateless) to learn how to write stateless and defensive functions.

+To deploy a zipped package when using the URL option, you must create a .zip compressed deployment package and upload it to the destination. This example deploys to a container in Blob Storage.

+1. Search for your function app or browse for it in the **Function App** page.

+You will need to create new routes in the UDR for the management addresses in order to keep the ASE healthy. For Azure Government ranges, see [App Service Environment management addresses](../app-service/environment/management-addresses.md).

+2. Create an Azure subscription (if you donΓÇÖt already have one) at [azure.com](https://azure.com).

+Developers can seek migration support through the [forums](/answers/topics/azure-maps.html) or through one of the many [Azure support options](https://azure.microsoft.com/support/options/).

+All layers have a `minZoom` and `maxZoom` option where the layer will be rendered when between these zoom levels based on this logic `maxZoom > zoom >= minZoom`.

+Learn more in the [Clustering and heat maps in this document](clustering-point-data-web-sdk.md#clustering-and-the-heat-maps-layer)

+¹ For stateless metric alert rules, an alert will trigger once every 10 minutes at a minimum, even if the frequency of evaluation is equal or less than 5 minutes and the condition is still being met.

+- For general troubleshooting information about alerts and notifications, see [Troubleshooting problems in Azure Monitor alerts](alerts-troubleshoot.md).

+See the [enable monitoring section](#enable-monitoring) below to begin setting up Application Insights with your App Service resource.

+See the [enable monitoring section](#enable-monitoring) below to begin setting up Application Insights with your App Service resource.

+> To see all configurations required to enable correlation, see the [JavaScript correlation documentation](./javascript.md#enable-distributed-tracing).

+* [JavaScript](./javascript.md#enable-distributed-tracing)

+Other sample code on how to create different types of metrics can be found in the [official Micrometer GitHub repo](https://github.com/micrometer-metrics/micrometer/tree/master/samples/micrometer-samples-core/src/main/java/io/micrometer/core/samples).

+In JavaScript correlation is turned off by default in order to minimize the telemetry we send by default. To enable correlation please reference [JavaScript client-side correlation documentation](./javascript.md#enable-distributed-tracing).

+In JavaScript correlation is turned off by default in order to minimize the telemetry we send by default. To enable correlation please reference [JavaScript client-side correlation documentation](./javascript.md#enable-distributed-tracing).

+In JavaScript correlation is turned off by default in order to minimize the telemetry we send by default. To enable correlation please reference [JavaScript client-side correlation documentation](./javascript.md#enable-distributed-tracing).

+In JavaScript correlation is turned off by default in order to minimize the telemetry we send by default. To enable correlation please reference [JavaScript client-side correlation documentation](./javascript.md#enable-distributed-tracing).

+## Enable Distributed Tracing

+You can also collect duplicate data with a single virtual machine running both the Azure Monitor agent and Log Analytics agent, even if they're both sending data to the same workspace. While the agents can coexist, each works independently without any knowledge of the other. You should continue to use the Log Analytics agent until you [migrate to the Azure Monitor agent](./agents/azure-monitor-agent-migration.md) rather than using both together unless you can ensure that each are collecting unique data.

+* **Limit Ajax calls**: [Limit the number of Ajax calls](app/javascript.md#configuration) that can be reported in every page view or disable Ajax reporting. Note that disabling Ajax calls will disable [JavaScript correlation](app/javascript.md#enable-distributed-tracing).

+ [](media/azure-networking-analytics/application-gateway-diagnostics-2.png#lightbox)

+

+[](media/azure-networking-analytics/application-gateway-workbook.png#lightbox)

+2. Access the [default insights workbook](#accessing-azure-application-gateway-analytics-via-azure-monitor-network-insights) for your Application Gateway resource. All existing insights supported by the Application Gateway analytics solution will be already present in the workbook. You can extend this by adding custom [visualizations](../visualize/workbooks-overview.md#visualizations) based on metric and log data.

+[](media/azure-networking-analytics/application-gateway-analytics-delete.png#lightbox)

+The resource requested is: `https://management.azure.com`.

+To batch queries, use the API endpoint, adding $batch at the end of the URL: `https://api.loganalytics.io/v1/$batch`.

+>The billable data volume calculation is substantially smaller than the size of the entire incoming JSON-packaged event. On average across all event types, the billed size is about 25% less than the incoming data size. This can be up to 50% for small events. It is essential to understand this calculation of billed data size when estimating costs and comparing to other pricing models.

+ Title: Creating an Azure Workbook

+# Creating an Azure Workbook

+This article describes how to create a new workbook and how to add elements to your Azure Workbook.

+This video walks you through creating workbooks.

+## Create a new Azure Workbook

+1. Combine any of these elements to add to your workbook:

+ - [Text](#adding-text)

+ - Parameters

+ - [Queries](#adding-queries)

+ - [Metric charts](#adding-metric-charts)

+ - [Links](#adding-links)

+ - Groups

+ - Configuration options

+## Adding text

+Workbooks allow authors to include text blocks in their workbooks. The text can be human analysis of the telemetry, information to help users interpret the data, section headings, etc.

+ :::image type="content" source="media/workbooks-create-workbook/workbooks-text-example.png" alt-text="Screenshot of adding text to a workbook.":::

+Text is added through a markdown control into which an author can add their content. An author can use the full formatting capabilities of markdown. These include different heading and font styles, hyperlinks, tables, etc. Markdown allows authors to create rich Word- or Portal-like reports or analytic narratives. Text can contain parameter values in the markdown text, and those parameter references will be updated as the parameters change.

+**Edit mode**:

+ :::image type="content" source="media/workbooks-create-workbook/workbooks-text-control-edit-mode.png" alt-text="Screenshot showing adding text to a workbook in edit mode.":::

+**Preview mode**:

+ :::image type="content" source="media/workbooks-create-workbook/workbooks-text-control-edit-mode-preview.png" alt-text="Screenshot showing adding text to a workbook in preview mode.":::

+### Add text to an Azure workbook

+1. Make sure you are in **Edit** mode. Add a query by doing any one of the following:

+ - Select **Add**, and **Add text** below an existing element, or at the bottom of the workbook.

+ - Select the ellipses (...) to the right of the **Edit** button next to one of the elements in the workbook, then select **Add** and then **Add text**.

+1. Enter markdown text into the editor field.

+1. Use the **Text Style** option to switch between plain markdown, and markdown wrapped with the Azure portal's standard info/warning/success/error styling.

+

+ > [!TIP]

+ > Use this [markdown cheat sheet](https://github.com/adam-p/markdown-here/wiki/Markdown-Cheatsheet) to see the different formatting options.

+1. Use the **Preview** tab to see how your content will look. The preview shows the content inside a scrollable area to limit its size, but when displayed at runtime, the markdown content will expand to fill whatever space it needs, without a scrollbar.

+1. Select **Done Editing**.

+### Text styles

+These text styles are available:

+| Style | Description |

+| | |

+| plain| No formatting is applied |

+|info| The portal's "info" style, with a `ℹ` or similar icon and blue background |

+|error| The portal's "error" style, with a `❌` or similar icon and red background |

+|success| The portal's "success" style, with a `Γ£ö` or similar icon and green background |

+|upsell| The portal's "upsell" style, with a `🚀` or similar icon and purple background |

+|warning| The portal's "warning" style, with a `ΓÜá` or similar icon and blue background |

+You can also choose a text parameter as the source of the style. The parameter value must be one of the above text values. The absence of a value, or any unrecognized value will be treated as `plain` style.

+### Text style examples

+**Info style example**:

+ :::image type="content" source="media/workbooks-create-workbook/workbooks-text-control-edit-mode-preview.png" alt-text="Screenshot of adding text to a workbook in preview mode showing info style.":::

+**Warning style example**:

+ :::image type="content" source="media/workbooks-create-workbook/workbooks-text-example-warning.png" alt-text="Screenshot of a text visualization in warning style.":::

+## Adding queries

+Azure Workbooks allow you to query any of the supported workbook [data sources](workbooks-data-sources.md).

+For example, you can query Azure Resource Health to help you view any service problems affecting your resources, or you can query Azure Monitor Metrics, which is numeric data collected at regular intervals and provide information about an aspect of a system at a particular time.

+### Add a query to an Azure Workbook

+1. Make sure you are in **Edit** mode. Add a query by doing any one of the following:

+ - Select **Add**, and **Add query** below an existing element, or at the bottom of the workbook.

+ - Select the ellipses (...) to the right of the **Edit** button next to one of the elements in the workbook, then select **Add** and then **Add query**.

+1. Select the [data source](workbooks-data-sources.md) for your query. The other fields are determined based on the data source you choose.

+1. Select any other values that are required based on the data source you selected.

+1. Select the [visualization](workbooks-visualizations.md) for your workbook.

+1. In the query section, enter your query, or select from a list of sample queries by selecting **Samples**, and then edit the query to your liking.

+1. Select **Run Query**.

+1. When you are sure you have the query you want in your workbook, select **Done editing**.

+## Adding metric charts

+Most Azure resources emit metric data about state and health such as CPU utilization, storage availability, count of database transactions, failing app requests, etc. Workbooks allow the visualization of this data as time-series charts.

+The example below shows the number of transactions in a storage account over the prior hour. This allows the storage owner to see the transaction trend and look for anomalies in behavior.

+### Add a metric chart to an Azure Workbook

+1. Make sure you are in **Edit** mode. Add a query by doing any one of the following:

+ - Select **Add**, and **Add metric** below an existing element, or at the bottom of the workbook.

+ - Select the ellipses (...) to the right of the **Edit** button next to one of the elements in the workbook, then select **Add** and then **Add metric**.

+3. Select a resource type (for example, Storage Account), the resources to target, the metric namespace and name, and the aggregation to use.

+4. Set other parameters if needed - like time range, split-by, visualization, size and color palette.

+Here is the edit mode version of the metric chart above:

+### Metric chart parameters

+| Parameter | Explanation | Example |

+| - |:-|:-|

+| Resource Type| The resource type to target | Storage or Virtual Machine. |

+| Resources| A set of resources to get the metrics value from | MyStorage1 |

+| Namespace | The namespace with the metric | Storage > Blob |

+| Metric| The metric to visualize | Storage > Blob > Transactions |

+| Aggregation | The aggregation function to apply to the metric | Sum, Count, Average, etc. |

+| Time Range | The time window to view the metric in | Last hour, Last 24 hours, etc. |

+| Visualization | The visualization to use | Area, Bar, Line, Scatter, Grid |

+| Split By| Optionally split the metric on a dimension | Transactions by Geo type |

+| Size | The vertical size of the control | Small, medium or large |

+| Color palette | The color palette to use in the chart. Ignored if the `Split by` parameter is used | Blue, green, red, etc. |

+### Metric chart examples

+**Transactions split by API name as a line chart**

+**Transactions split by response type as a large bar chart**

+**Average latency as a scatter chart**

+## Adding links

+Authors can use links to create links to other views, workbooks, other items inside a workbook, or to create tabbed views within a workbook. The links can be styled as hyperlinks, buttons, and tabs.

+### Link styles

+You can apply styles to the link element itself as well as to individual links.

+**Link element styles**

+|Style |Sample |Notes |

+||||

+|Bullet List | :::image type="content" source="media/workbooks-create-workbook/workbooks-link-style-bullet.png" alt-text="Screenshot of bullet style workbook link."::: | The default, links, appears as a bulleted list of links, one on each line. The **Text before link** and **Text after link** fields can be used to add additional text before or after the link items. |

+|List |:::image type="content" source="media/workbooks-create-workbook/workbooks-link-style-list.png" alt-text="Screenshot of list style workbook link."::: | Links appear as a list of links, with no bullets. |

+|Paragraph | :::image type="content" source="media/workbooks-create-workbook/workbooks-link-style-paragraph.png" alt-text="Screenshot of paragraph style workbook link."::: |Links appear as a paragraph of links, wrapped like a paragraph of text. |

+|Navigation | :::image type="content" source="media/workbooks-create-workbook/workbooks-link-style-navigation.png" alt-text="Screenshot of navigation style workbook link."::: | Links appear as links, with vertical dividers, or pipes (`|`) between each link. |

+|Tabs | :::image type="content" source="media/workbooks-create-workbook/workbooks-link-style-tabs.png" alt-text="Screenshot of tabs style workbook link."::: |Links appear as tabs. Each link appears as a tab, no link styling options apply to individual links. See the [tabs](#using-tabs) section below for how to configure tabs. |

+|Toolbar | :::image type="content" source="media/workbooks-create-workbook/workbooks-link-style-toolbar.png" alt-text="Screenshot of toolbar style workbook link."::: | Links appear an Azure Portal styled toolbar, with icons and text. Each link appears as a toolbar button. See the [toolbar](#using-toolbars) section below for how to configure toolbars. |

+**Link styles**

+| Style | Description |

+|:- |:-|

+| Link | The default - links appears as a hyperlink. URL links can only be link style. |

+| Button (Primary) | the link appears as a "primary" button in the portal, usually a blue color |

+| Button (Secondary) | the links appear as a "secondary" button in the portal, usually a "transparent" color, a white button in light themes and a dark gray button in dark themes. |

+When using buttons, if required parameters are used in Button text, Tooltip text, or Value fields, and the required parameter is unset, the button will be disabled. For example, this can be used to disable buttons when no value is selected in another parameter/control.

+### Link actions

+Links can use all of the link actions available in [link actions](workbooks-link-actions.md), and have 2 more available actions:

+| Action | Description |

+|:- |:-|

+|Set a parameter value | When selecting a link/button/tab, a parameter can be set to a value. Commonly tabs are configured to set a parameter to a value, which hides and shows other parts of the workbook based on that value |

+|Scroll to a step| When selecting a link, the workbook will move focus and scroll to make another step visible. This action can be use to create a "table of contents", or a "go back to the top" style experience. |

+### Using tabs

+Most of the time, tab links are combined with the **Set a parameter value** action. Here's an example showing the links step configured to create 2 tabs, where select either tab will set a **selectedTab** parameter to a different value (the example shows a third tab being edited to show the parameter name and parameter value placeholders):

+You can then add other items in the workbook that are conditionally visible if the **selectedTab** parameter value is "1" by using the advanced settings:

+When using tabs, the first tab will be selected by default, initially setting **selectedTab** to 1, and making that step visible. Selecting the second tab will change the value of the parameter to "2", and different content will be displayed:

+A sample workbook with the above tabs is available in [sample Azure Workbooks with links](workbooks-sample-links.md#sample-workbook-with-links).

+### Tabs limitations

+ - When using tabs, URL links are not supported. A URL link in a tab appears as a disabled tab.

+ - When using tabs, no item styling is available. Items will only be displayed as tabs, and only the tab name (link text) field will be displayed. Fields that are not used in tab style are hidden while in edit mode.

+- When using tabs, the first tab will become selected by default, invoking whatever action that tab has specified. If the first tab's action opens another view, that means as soon as the tabs are created, a view appears.

+- While having tabs open other views is *supported*, it should be used sparingly, as most users won't expect selecting a tab to navigate. (Also, if other tabs are setting parameter to a specific value, a tab that opens a view would not change that value, so the rest of the workbook content will continue to show the view/data for the previous tab.)

+### Using toolbars

+To have your links appear styled as a toolbar, use the Toolbar style. In toolbar style, the author must fill in fields for:

+- Button text, the text to display on the toolbar. Parameters may be used in this field.

+- Icon, the icon to display in the toolbar.

+- Tooltip Text, text to be displayed on the toolbar button's tooltip text. Parameters may be used in this field.

+If any required parameters are used in Button text, Tooltip text, or Value fields, and the required parameter is unset, the toolbar button will be disabled. For example, this can be used to disable toolbar buttons when no value is selected in another parameter/control.

+A sample workbook with toolbars, globals parameters, and ARM Actions is available in [sample Azure Workbooks with links](workbooks-sample-links.md#sample-workbook-with-toolbar-links).

+ - [Azure Data Explorer](#azure-data-explorer)

+ - [Merge](#merge)

+ - [Workload health](#workload-health)

+ - [Azure resource health](#azure-resource-health)

+ - [Change Analysis (preview)](#change-analysis-preview)

+

+

+

+

+> Only GET, POST, and HEAD operations are currently supported.

+

+## JSON

+The JSON provider allows you to create a query result from static JSON content. It is most commonly used in Parameters to create dropdown parameters of static values. Simple JSON arrays or objects will automatically be converted into grid rows and columns. For more specific behaviors, you can use the Results tab and JSONPath settings to configure columns.

+> [!NOTE]

+> Do not include any sensitive information in any fields (headers, parameters, body, url), since they will be visible to all of the Workbook users.

+This provider supports [JSONPath](workbooks-jsonpath.md).

+## Merge

+Merging data from different sources can enhance the insights experience. An example is augmenting active alert information with related metric data. This allows users to see not just the effect (an active alert), but also potential causes (for example, high CPU usage). The monitoring domain has numerous such correlatable data sources that are often critical to the triage and diagnostic workflow.

+Workbooks allow not just the querying of different data sources, but also provides simple controls that allow you to merge or join the data to provide rich insights. The **merge** control is the way to achieve it.

+### Combining alerting data with Log Analytics VM performance data

+The example below combines alerting data with Log Analytics VM performance data to get a rich insights grid.

+

+### Using merge control to combine Azure Resource Graph and Log Analytics data

+Here is a tutorial on using the merge control to combine Azure Resource Graph and Log Analytics data:

+[](https://www.youtube.com/watch?v=7nWP_YRzxHg "Video showing how to combine data from different sources in workbooks.")

+Workbooks support these merges:

+* Inner unique join

+* Full inner join

+* Full outer join

+* Left outer join

+* Right outer join

+* Left semi-join

+* Right semi-join

+* Left anti-join

+* Right anti-join

+* Union

+* Duplicate table

+To make a query control use this data source, use the **Data source** drop-down to choose **Custom Endpoint**. Provide the appropriate parameters such as **Http method**, **url**, **headers**, **url parameters**, and/or **body**. Make sure your data source supports [CORS](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS) otherwise the request will fail.

+To avoid automatically making calls to untrusted hosts when using templates, the user needs to mark the used hosts as trusted. This can be done by either selecting the **Add as trusted** button, or by adding it as a trusted host in Workbook settings. These settings will be saved in [browsers that support IndexDb with web workers](https://caniuse.com/#feat=indexeddb).

+## Workload health

+Azure Monitor has functionality that proactively monitors the availability and performance of Windows or Linux guest operating systems. Azure Monitor models key components and their relationships, criteria for how to measure the health of those components, and which components alert you when an unhealthy condition is detected. Workbooks allow users to use this information to create rich interactive reports.

+To make a query control use this data source, use the **Query type** drop-down to choose Workload Health and select subscription, resource group or VM resources to target. Use the health filter drop downs to select an interesting subset of health incidents for your analytic needs.

+

+## Azure resource health

+Workbooks support getting Azure resource health and combining it with other data sources to create rich, interactive health reports

+To make a query control use this data source, use the **Query type** drop-down to choose Azure health and select the resources to target. Use the health filter drop downs to select an interesting subset of resource issues for your analytic needs.

+

+## Change Analysis (preview)

+To make a query control using [Application Change Analysis](../app/change-analysis.md) as the data source, use the **Data source** drop-down and choose *Change Analysis (preview)* and select a single resource. Changes for up to the last 14 days can be shown. The *Level* drop-down can be used to filter between "Important", "Normal", and "Noisy" changes, and this drop down supports workbook parameters of type [drop down](workbooks-dropdowns.md).

+> [!div class="mx-imgBorder"]

+> 

+- In a **Log Analytics workspace** page, select the **Workbooks** icon at the top of the page.

+2. Select **Add query** to add a log query control to the workbook.

+|Query Type| The type of query to use. | Log, Azure Resource Graph, etc. |

+|Resource Type| The resource type to target. | Application Insights, Log Analytics, or Azure-first |

+|Resources| A set of resources to get the metrics value from. | MyApp1 |

+|Time Range| The time window to view the log chart. | Last hour, Last 24 hours, etc. |

+|Visualization| The visualization to use. | Grid |

+|Size| The vertical size of the control. | Small, medium, large, or full |

+|Query| Any KQL query that returns data in the format expected by the chart visualization. | _requests \| summarize Requests = count() by name_ |

+2. In the **Edit column settings**, select the column to style.

+Below is an example that styles the **Request** column as a bar:

+This usually is taking the user to some other view with context coming from the cell or may open up a url.

+Workbooks also allow users to set the number formatting of their cell values. They can do so by clicking on the **Custom formatting** checkbox when available.

+|Units| The units for the column - various options for percentage, counts, time, byte, count/time, bytes/time, etc. For example, the unit for a value of 1234 can be set to milliseconds and it's rendered as 1.234 s. |

+|Style| The format to render it as - decimal, currency, percent. |

+|Show group separator| Checkbox to show group separators. Renders 1234 as 1,234 in the US. |

+|Minimum integer digits| Minimum number of integer digits to use (default 1). |

+|Minimum fractional digits| Minimum number of fractional digits to use (default 0). |

+|Maximum fractional digits| Maximum number of fractional digits to use. |

+|Minimum significant digits| Minimum number of significant digits to use (default 1). |

+|Maximum significant digits| Maximum number of significant digits to use. |

+|Custom text for missing values| When a data point does not have a value, show this custom text instead of a blank. |

+|Style| The format to render a date as short, long, full formats, or a time as short or long time formats. |

+|Show time as| Allows the author to decide between showing the time in local time (default), or as UTC. Depending on the date format style selected, the UTC/time zone information may not be displayed. |

+The author can customize the width of any column in the grid using the **Custom Column Width** field in **Column Settings**.

+- cancelled

+- critical

+- disabled

+- error

+- failed

+- info

+- none

+- pending

+- stopped

+- question

+- success

+- unknown

+- warning

+- uninitialized

+- resource

+- up

+- down

+- left

+- right

+- trendup

+- trenddown

+- 4

+- 3

+- 2

+- 1

+- Sev0

+- Sev1

+- Sev2

+- Sev3

+- Sev4

+- Fired

+- Resolved

+- Available

+- Unavailable

+- Degraded

+- Unknown

+- Blank

+|Generic Details| Shows the row values in a property grid context view. |

+|Cell Details| Shows the cell value in a property grid context view. Useful when the cell contains a dynamic type with information (for example, json with request properties like location, role instance, etc.). |

+|Url| The value of the cell is expected to be a valid http url, and the cell will be a link that opens up that url in a new tab.|

+|Custom Event Details| Opens the Application Insights search details with the custom event ID ("itemId") in the cell. |

+|Details| Similar to Custom Event Details, except for dependencies, exceptions, page views, requests, and traces. |

+|Custom Event User Flows| Opens the Application Insights User Flows experience pivoted on the custom event name in the cell. |

+|User Flows| Similar to Custom Event User Flows except for exceptions, page views and requests. |

+|User Timeline| Opens the user timeline with the user ID ("user_Id") in the cell. |

+|Session Timeline| Opens the Application Insights search experience for the value in the cell (for example, search for text 'abc' where abc is the value in the cell). |

+|ARM Deployment| Deploy an Azure Resource Manager template. When this item is selected, additional fields are displayed to let the author configure which Azure Resource Manager template to open, parameters for the template, etc. [See Azure Resource Manager deployment link settings](#azure-resource-manager-deployment-link-settings). |

+|Create Alert Rule| Creates an Alert rule for a resource. |

+|Custom View| Opens a custom View. When this item is selected, additional fields are displayed to let the author configure the View extension, View name, and any parameters used to open the View. [See custom view](#custom-view-link-settings). |

+|Metrics| Opens a metrics view. |

+|Resource overview| Open the resource's view in the portal based on the resource ID value in the cell. The author can also optionally set a submenu value that will open up a specific menu item in the resource view. |

+|Workbook (template)| Open a workbook template. When this item is selected, additional fields are displayed to let the author configure what template to open, etc. |

+|View to open| Allows the author to select one of the actions enumerated above. |

+|Menu item| If "Resource Overview" is selected, this is the menu item in the resource's overview to open. This can be used to open alerts or activity logs instead of the "overview" for the resource. Menu item values are different for each Azure Resource type.|

+|Link label| If specified, this value will be displayed in the grid column. If this value is not specified, the value of the cell will be displayed. If you want another value to be displayed, like a heatmap or icon, do not use the link renderer, instead use the appropriate renderer and select the **Make this item a link** option. |

+|Open link in Context Blade| If specified, the link will be opened as a popup "context" view on the right side of the window instead of opening as a full view. |

+When using the **Make this item a link** option, the following settings are available:

+|Link value comes from| When displaying a cell as a renderer with a link, this field specifies where the "link" value to be used in the link comes from, allowing the author to select from a dropdown of the other columns in the grid. For example, the cell may be a heatmap value, but you want the link to open up the Resource Overview for the resource ID in the row. In that case, you'd set the link value to come from the **Resource ID** field.

+|View to open| Same as above. |

+|Menu item| Same as above. |

+|Open link in Context Blade| Same as above. |

+If the selected link type is **ARM Deployment** the author must specify additional settings to open an Azure Resource Manager deployment. There are two main tabs for configurations.

+|Resource group id comes from| The resource ID is used to manage deployed resources. The subscription is used to manage deployed resources and costs. The resource groups are used like folders to organize and manage all your resources. If this value is not specified, the deployment will fail. Select from: Cell, Column, Static Value, or Parameter in [link sources](#link-sources).|

+|ARM template URI from| The URI to the Azure Resource Manager template itself. The template URI needs to be accessible to the users who will deploy the template. Select from: Cell, Column, Parameter, or Static Value in [link sources](#link-sources). For starters, take a look at our [quickstart templates](https://azure.microsoft.com/resources/templates/).|

+|ARM Template Parameters|Defines the template parameters used for the template URI defined above. These parameters will be used to deploy the template on the run page. The grid contains an expand toolbar button to help fill the parameters using the names defined in the template URI and set it to static empty values. This option can only be used when there are no parameters in the grid and the template URI has been set. The lower section is a preview of what the parameter output looks like. Select Refresh to update the preview with current changes. Parameters are typically values, whereas references are something that could point to key vault secrets that the user has access to. <br/><br/> **Template Viewer blade limitation** - does not render reference parameters correctly and will show up as null/value, thus users will not be able to correctly deploy reference parameters from Template Viewer tab.|

+|Title from| Title used on the run view. Select from: Cell, Column, Parameter, or Static Value in [link sources](#link-sources).|

+|Description from| The markdown text used to provide a helpful description to users when they want to deploy the template. Select from: Cell, Column, Parameter, or Static Value in [link sources](#link-sources). <br/><br/> **NOTE:** If **Static Value** is selected, a multi-line text box will appear. In this text box, you can resolve parameters using "{paramName}". Also you can treat columns as parameters by appending "_column" after the column name like {columnName_column}. In the example image below, we can reference the column "VMName" by writing "{VMName_column}". The value after the colon is the [parameter formatter](../visualize/workbooks-parameters.md#parameter-options), in this case it is **value**.|

+|Run button text from| Label used on the run (execute) button to deploy the Azure Resource Manager template. This is what users will select to start deploying the Azure Resource Manager template.|

+After these configurations are set, when the users select the link, it will open up the view with the UX described in the UX settings. If the user selects **Run button text from** it will deploy an Azure Resource Manager template using the values from [template settings](#template-settings). View template will open up the template viewer tab for the user to examine the template and the parameters before deploying.

+Use this to open Custom Views in the Azure portal. Verify all of the configuration and settings. Incorrect values will cause errors in the portal or fail to open the views correctly. There are two ways to configure the settings via the form or URL.

+|Extension name| The name of the extension that hosts the name of the View.|

+|View name| The name of the View to open.|

+There are two types of inputs, grids and JSON. Use grid for simple key and value tab inputs or select JSON to specify a nested JSON input.

+ - **Parameter Name**: The name of the View input parameter.

+ - **Parameter Comes From**: Where the value of the View parameter should come from. Select from: Cell, Column, Parameter, or Static Value in [link sources](#link-sources).

+ > If **Static Value** is selected, the parameters can be resolved using brackets link "{paramName}" in the text box. Columns can be treated as parameters columns by appending `_column` after the column name like "{columnName_column}".

+ - **Parameter Value**: depending on `Parameter Comes From`, this will be a dropdown of available parameters, columns, or a static value.

+|Workbook owner Resource Id| This is the Resource ID of the Azure Resource that "owns" the workbook. Commonly it is an Application Insights resource, or a Log Analytics Workspace. Inside of Azure Monitor, this may also be the literal string "Azure Monitor". When the workbook is saved, this is what the workbook will be linked to. |

+|Workbook resources| An array of Azure Resource Ids that specify the default resource used in the workbook. For example, if the template being opened shows Virtual Machine metrics, the values here would be Virtual Machine resource IDs. Many times, the owner, and resources are set to the same settings. |

+|Template Id| Specify the ID of the template to be opened. If this is a community template from the gallery (the most common case), prefix the path to the template with `Community-`, like `Community-Workbooks/Performance/Apdex` for the `Workbooks/Performance/Apdex` template. If this is a link to a saved workbook/template, it is the full Azure resource ID of that item. |

+|Workbook Type| Specify the kind of workbook template to open. The most common cases use the default or workbook option to use the value in the current workbook. |

+|Gallery Type| This specifies the gallery type that will be displayed in the "Gallery" view of the template that opens. The most common cases use the default or workbook option to use the value in the current workbook. |

+|Location comes from| The location field should be specified if you are opening a specific Workbook resource. If location is not specified, finding the workbook content is much slower. If you know the location, specify it. If you do not know the location or are opening a template that with no specific location, leave this field as "Default".|

+|Pass specific parameters to template| Select to pass specific parameters to the template. If selected, only the specified parameters are passed to the template else all the parameters in the current workbook are passed to the template and in that case the parameter *names* must be the same in both workbooks for this parameter value to work.|

+|Workbook Template Parameters| This section defines the parameters that are passed to the target template. The name should match with the name of the parameter in the target template. Select value from: Cell, Column, Parameter, and Static Value. Name and value must not be empty to pass that parameter to the target template.|

+|Cell| This will use the value in that cell in the grid as the link value. |

+|Column| When selected, another field will be displayed to let the author select another column in the grid. The value of that column for the row will be used in the link value. This is commonly used to enable each row of a grid to open a different template, by setting the **Template Id** field to **column**, or to open up the same workbook template for different resources, if the **Workbook resources** field is set to a column that contains an Azure Resource ID. |

+|Parameter| When selected, another field will be displayed to let the author select a parameter. The value of that parameter will be used for the value when the link is clicked |

+|Static value| When selected, another field will be displayed to let the author type in a static value that will be used in the linked workbook. This is commonly used when all of the rows in the grid will use the same value for a field. |

+|Step| Use the value set in the current step of the workbook. This is common in query and metrics steps to set the workbook resources in the linked workbook to those used *in the query/metrics step*, not the current workbook. |

+|Workbook| Use the value set in the current workbook. |

+|Default| Use the default value that would be used if no value was specified. This is common for Gallery Type, where the default gallery would be set by the type of the owner resource. |

+# Workbook parameters

+The following styles are available for the parameters.

+ Title: Azure Workbook rendering options

+description: Learn about all the Azure Monitor workbook rendering options.

+# Rendering options

+These rendering options can be used with grids, tiles, and graphs to produce the visualizations in optimal format.

+## Column renderers

+| Column Renderer | Explanation | More Options |

+|:- |:-|:-|

+| Automatic | The default - uses the most appropriate renderer based on the column type. | |

+| Text| Renders the column values as text. | |

+| Right Aligned| Renders the column values as right-aligned text. | |

+| Date/Time| Renders a readable date time string. | |

+| Heatmap| Colors the grid cells based on the value of the cell. | Color palette and min/max value used for scaling. |

+| Bar| Renders a bar next to the cell based on the value of the cell. | Color palette and min/max value used for scaling. |

+| Bar underneath | Renders a bar near the bottom of the cell based on the value of the cell. | Color palette and min/max value used for scaling. |

+| Composite bar| Renders a composite bar using the specified columns in that row. Refer [Composite Bar](workbooks-composite-bar.md) for details. | Columns with corresponding colors to render the bar and a label to display at the top of the bar. |

+|Spark bars| Renders a spark bar in the cell based on the values of a dynamic array in the cell. For example, the Trend column from the screenshot at the top. | Color palette and min/max value used for scaling. |

+|Spark lines| Renders a spark line in the cell based on the values of a dynamic array in the cell. | Color palette and min/max value used for scaling. |

+|Icon| Renders icons based on the text values in the cell. Supported values include:<br><ul><li>canceled</li><li>critical</li><li>disabled</li><li>error</li><li>failed</li> <li>info</li><li>none</li><li>pending</li><li>stopped</li><li>question</li><li>success</li><li>unknown</li><li>warning</li><li>uninitialized</li><li>resource</li><li>up</li> <li>down</li><li>left</li><li>right</li><li>trendup</li><li>trenddown</li><li>4</li><li>3</li><li>2</li><li>1</li><li>Sev0</li><li>Sev1</li><li>Sev2</li><li>Sev3</li><li>Sev4</li><li>Fired</li><li>Resolved</li><li>Available</li><li>Unavailable</li><li>Degraded</li><li>Unknown</li><li>Blank</li></ul>| |

+| Link | Renders a link that when clicked or performs a configurable action. Use this setting if you **only** want the item to be a link. Any of the other types of renderers can also be a link by using the **Make this item a link** setting. For more information, see [Link Actions](#link-actions). | |

+| Location | Renders a friendly Azure region name based on a region ID. | |

+| Resource type | Renders a friendly resource type string based on a resource type ID. | |

+| Resource| Renders a friendly resource name and link based on a resource ID. | Option to show the resource type icon |

+| Resource group | Renders a friendly resource group name and link based on a resource group ID. If the value of the cell is not a resource group, it will be converted to one. | Option to show the resource group icon |

+|Subscription| Renders a friendly subscription name and link based on a subscription ID. if the value of the cell is not a subscription, it will be converted to one. | Option to show the subscription icon. |

+|Hidden| Hides the column in the grid. Useful when the default query returns more columns than needed but a project-away is not desired | |

+## Link actions

+If the **Link** renderer is selected or the **Make this item a link** checkbox is selected, the author can configure a link action to occur when the user selects the cell to taking the user to another view with context coming from the cell, or to open up a url.

+## Using thresholds with links

+The instructions below will show you how to use thresholds with links to assign icons and open different workbooks. Each link in the grid will open up a different workbook template for that Application Insights resource.

+1. Switch the workbook to edit mode by selecting **Edit** toolbar item.

+1. Select **Add** then **Add query**.

+1. Change the **Data source** to "JSON" and **Visualization** to "Grid".

+1. Enter this query.

+ ```json

+ [

+ { "name": "warning", "link": "Community-Workbooks/Performance/Performance Counter Analysis" },

+ { "name": "info", "link": "Community-Workbooks/Performance/Performance Insights" },

+ { "name": "error", "link": "Community-Workbooks/Performance/Apdex" }

+ ]

+ ```

+1. Run query.

+1. Select **Column Settings** to open the settings.

+1. Select "name" from **Columns**.

+1. Under **Column renderer**, choose "Thresholds".

+1. Enter and choose the following **Threshold Settings**.

+ Keep the default row as is. You may enter whatever text you like. The Text column takes a String format as an input and populates it with the column value and unit if specified. For example, if warning is the column value the text can be "{0} {1} link!", it will be displayed as "warning link!".

+

+ | Operator | Value | Icons |

+ |-|||

+ | == | warning | Warning |

+ | == | error | Failed |

+ 

+

+1. Select the **Make this item a link** box.

+ - Under **View to open**, choose **Workbook (Template)**.

+ - Under **Link value comes from**, choose **link**.

+ - Select the **Open link in Context Blade** box.

+ - Choose the following settings in **Workbook Link Settings**

+ - Under **Template Id comes from**, choose **Column**.

+ - Under **Column** choose **link**.

+ 

+1. Select **link** from **Columns**. Under **Settings**, next to **Column renderer**, select **(Hide column)**.

+1. To change the display name of the **name** column, select the **Labels** tab. On the row with **name** as its **Column ID**, under **Column Label** enter the name you want displayed.

+1. Select **Apply**.

+ 

+ Title: Sample Azure Workbooks with links

+description: See sample Azure Workbooks.

+# Sample Azure Workbooks with links

+This article includes sample Azure Workbooks.

+## Sample workbook with links

+```json

+{

+ "version": "Notebook/1.0",

+ "items": [

+ {

+ "type": 11,

+ "content": {

+ "version": "LinkItem/1.0",

+ "style": "tabs",

+ "links": [

+ {

+ "cellValue": "selectedTab",

+ "linkTarget": "parameter",

+ "linkLabel": "Tab 1",

+ "subTarget": "1",

+ "style": "link"

+ },

+ {

+ "cellValue": "selectedTab",

+ "linkTarget": "parameter",

+ "linkLabel": "Tab 2",

+ "subTarget": "2",

+ "style": "link"

+ }

+ ]

+ },

+ "name": "links - 0"

+ },

+ {

+ "type": 1,

+ "content": {

+ "json": "# selectedTab is {selectedTab}\r\n(this text step is always visible, but shows the value of the `selectedtab` parameter)"

+ },

+ "name": "always visible text"

+ },

+ {

+ "type": 1,

+ "content": {

+ "json": "## content only visible when `selectedTab == 1`"

+ },

+ "conditionalVisibility": {

+ "parameterName": "selectedTab",

+ "comparison": "isEqualTo",

+ "value": "1"

+ },

+ "name": "selectedTab 1 text"

+ },

+ {

+ "type": 1,

+ "content": {

+ "json": "## content only visible when `selectedTab == 2`"

+ },

+ "conditionalVisibility": {

+ "parameterName": "selectedTab",

+ "comparison": "isEqualTo",

+ "value": "2"

+ },

+ "name": "selectedTab 2"

+ }

+ ],

+ "styleSettings": {},

+ "$schema": "https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json"

+}

+```

+## Sample workbook with toolbar links

+```json

+{

+ "version": "Notebook/1.0",

+ "items": [

+ {

+ "type": 9,

+ "content": {

+ "version": "KqlParameterItem/1.0",

+ "crossComponentResources": [

+ "value::all"

+ ],

+ "parameters": [

+ {

+ "id": "eddb3313-641d-4429-b467-4793d6ed3575",

+ "version": "KqlParameterItem/1.0",

+ "name": "Subscription",

+ "type": 6,

+ "isRequired": true,

+ "multiSelect": true,

+ "quote": "'",

+ "delimiter": ",",

+ "query": "where type =~ \"microsoft.web/sites\"\r\n| summarize count() by subscriptionId\r\n| order by subscriptionId asc\r\n| project subscriptionId, label=subscriptionId, selected=row_number()==1",

+ "crossComponentResources": [

+ "value::all"

+ ],

+ "value": [],

+ "typeSettings": {

+ "additionalResourceOptions": [],

+ "showDefault": false

+ },

+ "timeContext": {

+ "durationMs": 86400000

+ },

+ "queryType": 1,

+ "resourceType": "microsoft.resourcegraph/resources"

+ },

+ {

+ "id": "8beaeea6-9550-4574-a51e-bb0c16e68e84",

+ "version": "KqlParameterItem/1.0",

+ "name": "site",

+ "type": 5,

+ "description": "global parameter set by selection in the grid",

+ "isRequired": true,

+ "isGlobal": true,

+ "query": "where type =~ \"microsoft.web/sites\"\r\n| project id",

+ "crossComponentResources": [

+ "{Subscription}"

+ ],

+ "isHiddenWhenLocked": true,

+ "typeSettings": {

+ "additionalResourceOptions": [],

+ "showDefault": false

+ },

+ "timeContext": {

+ "durationMs": 86400000

+ },

+ "queryType": 1,

+ "resourceType": "microsoft.resourcegraph/resources"

+ },

+ {

+ "id": "0311fb5a-33ca-48bd-a8f3-d3f57037a741",

+ "version": "KqlParameterItem/1.0",

+ "name": "properties",

+ "type": 1,

+ "isRequired": true,

+ "isGlobal": true,

+ "isHiddenWhenLocked": true

+ }

+ ],

+ "style": "above",

+ "queryType": 1,

+ "resourceType": "microsoft.resourcegraph/resources"

+ },

+ "name": "parameters - 0"

+ },

+ {

+ "type": 11,

+ "content": {

+ "version": "LinkItem/1.0",

+ "style": "toolbar",

+ "links": [

+ {

+ "id": "7ea6a29e-fc83-40cb-a7c8-e57f157b1811",

+ "cellValue": "{site}",

+ "linkTarget": "ArmAction",

+ "linkLabel": "Start",

+ "postText": "Start website {site:name}",

+ "style": "primary",

+ "icon": "Start",

+ "linkIsContextBlade": true,

+ "armActionContext": {

+ "pathSource": "static",

+ "path": "{site}/start",

+ "headers": [],

+ "params": [

+ {

+ "key": "api-version",

+ "value": "2019-08-01"

+ }

+ ],

+ "isLongOperation": false,

+ "httpMethod": "POST",

+ "titleSource": "static",

+ "title": "Start {site:name}",

+ "descriptionSource": "static",

+ "description": "Attempt to start:\n\n{site:grid}",

+ "resultMessage": "Start {site:name} completed",

+ "runLabelSource": "static",

+ "runLabel": "Start"

+ }

+ },

+ {

+ "id": "676a0860-6ec8-4c4f-a3b8-a98af422ae47",

+ "cellValue": "{site}",

+ "linkTarget": "ArmAction",

+ "linkLabel": "Stop",

+ "postText": "Stop website {site:name}",

+ "style": "primary",

+ "icon": "Stop",

+ "linkIsContextBlade": true,

+ "armActionContext": {

+ "pathSource": "static",

+ "path": "{site}/stop",

+ "headers": [],

+ "params": [

+ {

+ "key": "api-version",

+ "value": "2019-08-01"

+ }

+ ],

+ "isLongOperation": false,

+ "httpMethod": "POST",

+ "titleSource": "static",

+ "title": "Stop {site:name}",

+ "descriptionSource": "static",

+ "description": "# Attempt to Stop:\n\n{site:grid}",

+ "resultMessage": "Stop {site:name} completed",

+ "runLabelSource": "static",

+ "runLabel": "Stop"

+ }

+ },

+ {

+ "id": "5e48925f-f84f-4a2d-8e69-6a4deb8a3007",

+ "cellValue": "{properties}",

+ "linkTarget": "CellDetails",

+ "linkLabel": "Properties",

+ "postText": "View the properties for Start website {site:name}",

+ "style": "secondary",

+ "icon": "Properties",

+ "linkIsContextBlade": true

+ }

+ ]

+ },

+ "name": "site toolbar"

+ },

+ {

+ "type": 3,

+ "content": {

+ "version": "KqlItem/1.0",

+ "query": "where type =~ \"microsoft.web/sites\"\r\n| extend properties=tostring(properties)\r\n| project-away name, type",

+ "size": 0,

+ "showAnalytics": true,

+ "title": "Web Apps in Subscription {Subscription:name}",

+ "showRefreshButton": true,

+ "exportedParameters": [

+ {

+ "fieldName": "id",

+ "parameterName": "site"

+ },

+ {

+ "fieldName": "",

+ "parameterName": "properties",

+ "parameterType": 1

+ }

+ ],

+ "showExportToExcel": true,

+ "queryType": 1,

+ "resourceType": "microsoft.resourcegraph/resources",

+ "crossComponentResources": [

+ "{Subscription}"

+ ],

+ "gridSettings": {

+ "formatters": [

+ {

+ "columnMatch": "properties",

+ "formatter": 5

+ }

+ ],

+ "filter": true,

+ "sortBy": [

+ {

+ "itemKey": "subscriptionId",

+ "sortOrder": 1

+ }

+ ]

+ },

+ "sortBy": [

+ {

+ "itemKey": "subscriptionId",

+ "sortOrder": 1

+ }

+ ]

+ },

+ "name": "query - 1"

+ },

+ {

+ "type": 1,

+ "content": {

+ "json": "## How this workbook works\r\n1. The parameters step declares a `site` resource parameter that is hidden in reading mode, but uses the same query as the grid. this parameter is marked `global`, and has no default selection. The parameters also declares a `properties` hidden text parameter. These parameters are [declared global](https://github.com/microsoft/Application-Insights-Workbooks/blob/master/Documentation/Parameters/Parameters.md#global-parameters) so they can be set by the grid below, but the toolbar can appear *above* the grid.\r\n\r\n2. The workbook has a links step, that renders as a toolbar. This toolbar has items to start a website, stop a website, and show the Azure Resourcve Graph properties for that website. The toolbar buttons all reference the `site` parameter, which by default has no selection, so the toolbar buttons are disabled. The start and stop buttons use the [ARM Action](https://github.com/microsoft/Application-Insights-Workbooks/blob/master/Documentation/Links/LinkActions.md#arm-action-settings) feature to run an action against the selected resource.\r\n\r\n3. The workbook has an Azure Resource Graph (ARG) query step, which queries for web sites in the selected subscriptions, and displays them in a grid. When a row is selected, the selected resource is exported to the `site` global parameter, causing start and stop buttons to become enabled. The ARG properties are also exported to the `properties` parameter, causing the poperties button to become enabled.",

+ "style": "info"

+ },

+ "conditionalVisibility": {

+ "parameterName": "debug",

+ "comparison": "isEqualTo",

+ "value": "true"

+ },

+ "name": "text - 3"

+ }

+ ],

+ "fallbackResourceIds": [

+ "Azure Monitor"

+ ],

+ "$schema": "https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json"

+}

+```

+Workbooks provide a rich set of capabilities for visualizing Azure Monitor data. The exact set of capabilities depends on the data sources and result sets, but authors can expect them to converge over time. These controls allow authors to present their analysis in rich, interactive reports.

+> Each visualization and data source may have its own [limits](workbooks-limits.md).

+ - [Getting started with Azure Workbooks](workbooks-getting-started.md)

+| Article | Description |

+|:|:|

+| [Azure Monitor cost and usage](usage-estimated-costs.md) | Added standard web tests to table<br>Added explanation of billable GB calculation |

+| [Azure Monitor overview](overview.md) | Updated overview diagram |

+| Article | Description |

+|:|:|

+| [Azure Monitor agent extension versions](agents/azure-monitor-agent-extension-versions.md) | Update to latest extension version |

+| [Azure Monitor agent overview](agents/azure-monitor-agent-overview.md) | Added supported resource types |

+| [Collect text and IIS logs with Azure Monitor agent (preview)](agents/data-collection-text-log.md) | Corrected error in data collection rule |

+| [Overview of the Azure monitoring agents](agents/agents-overview.md) | Added new OS supported for agent |

+| [Resource Manager template samples for agents](agents/resource-manager-agent.md) | Added Bicep examples |

+| [Resource Manager template samples for data collection rules](agents/resource-manager-data-collection-rules.md) | Fixed bug in sample parameter file |

+| [Rsyslog data not uploaded due to Full Disk space issue on AMA Linux Agent](agents/azure-monitor-agent-troubleshoot-linux-vm-rsyslog.md) | New article |

+| [Troubleshoot the Azure Monitor agent on Linux virtual machines and scale sets](agents/azure-monitor-agent-troubleshoot-linux-vm.md) | New article |

+| [Troubleshoot the Azure Monitor agent on Windows Arc-enabled server](agents/azure-monitor-agent-troubleshoot-windows-arc.md) | New article |

+| [Troubleshoot the Azure Monitor agent on Windows virtual machines and scale sets](agents/azure-monitor-agent-troubleshoot-windows-vm.md) | New article |

+| Article | Description |

+|:|:|

+| [IT Service Management Connector | Secure Webhook in Azure Monitor | Azure Configurations](alerts/itsm-connector-secure-webhook-connections-azure-configuration.md) | Added the workflow for ITSM management and removed all references to SCSM. |

+| [Overview of Azure Monitor Alerts](alerts/alerts-overview.md) | Complete rewrite |

+| [Resource Manager template samples for log query alerts](alerts/resource-manager-alerts-log.md) | Bicep samples for alerting have been added to the Resource Manager template samples articles. |

+| [Supported resources for metric alerts in Azure Monitor](alerts/alerts-metric-near-real-time.md) | Added a newly supported resource type. |

+| Article | Description |

+|:|:|

+| [Application Map in Azure Application Insights](app/app-map.md) | Application Maps Intelligent View feature |

+| [Azure Application Insights for ASP.NET Core applications](app/asp-net-core.md) | telemetry.Flush() guidance is now available. |

+| [Diagnose with Live Metrics Stream](app/live-stream.md) | Updated information on using unsecure control channel. |

+| [Migrate an Azure Monitor Application Insights classic resource to a workspace-based resource](app/convert-classic-resource.md) | Schema change documentation is now available here. |

+| [Profile production apps in Azure with Application Insights Profiler](profiler/profiler-overview.md) | Profiler documentation now has a new home in the table of contents. |

+All references to unsupported versions of .NET and .NET CORE have been scrubbed from Application Insights product documentation. See [.NET and >NET Core Support Policy](https://dotnet.microsoft.com/platform/support/policy/dotnet-core)

+| Article | Description |

+|:|:|

+| [Navigate to a change using custom filters in Change Analysis](change/change-analysis-custom-filters.md) | New article |

+| [Pin and share a Change Analysis query to the Azure dashboard](change/change-analysis-query.md) | New article |

+| [Use Change Analysis in Azure Monitor to find web-app issues](change/change-analysis.md) | Added details enabling for web app in-guest changes |

+| Article | Description |

+|:|:|

+| [Configure ContainerLogv2 schema (preview) for Container Insights](containers/container-insights-logging-v2.md) | New article describing new schema for container logs |

+| [Enable Container insights](containers/container-insights-onboard.md) | General rewrite to improve clarity |

+| [Resource Manager template samples for Container insights](containers/resource-manager-container-insights.md) | Added Bicep examples |

+| Article | Description |

+|:|:|

+| [Troubleshoot SQL Insights (preview)](insights/sql-insights-troubleshoot.md) | Added known issue for OS computer name. |

+| Article | Description |

+|:|:|

+| [Azure Monitor customer-managed key](logs/customer-managed-keys.md) | Update limitations and constraint. |

+| [Design a Log Analytics workspace architecture](logs/workspace-design.md) | Complete rewrite to better describe decision criteria and include Sentinel considerations |

+| [Manage access to Log Analytics workspaces](logs/manage-access.md) | Consolidated and rewrote all content on configuring workspace access |

+| [Restore logs in Azure Monitor (Preview)](logs/restore.md) | Documented new Log Analytics table management configuration UI, which lets you configure a table's log plan and archive and retention policies. |

+| Article | Description |

+|:|:|

+| [Migrate from VM insights guest health (preview) to Azure Monitor log alerts](vm/vminsights-health-migrate.md) | New article describing process to replace VM guest health with alert rules |

+| [VM insights guest health (preview)](vm/vminsights-health-overview.md) | Added deprecation statement |

+Microsoft provided file. The [Microsoft PGP Public Key used for signing Linux packages](https://packages.microsoft.com/keys/microsoft.asc) has been used to sign the signature file.

+For more information about cron and the format of the crontab file, see [cron](https://wikipedia.org/wiki/Cron).

+For Azure Large Instance, you could contact the Microsoft operations team by opening a service request to restore a desired snapshot from the existing available snapshots. You can open a service request via the [Azure portal](https://portal.azure.com).

+ > Customers can open a service request via the [Azure portal](https://portal.azure.com).

+You can change the capacity pool size in 1-TiB increments or decrements. However, the capacity pool size cannot be smaller than the sum of the capacity of the volumes hosted in the pool, with a minimum of 4TiB. Resizing the capacity pool changes the purchased Azure NetApp Files capacity.

+```bash

+# For more information, see the [CC0 1.0 Public Domain Dedication](http://creativecommons.org/publicdomain/zero/1.0/).

+May Service Release (2205): [Azure-Percept-DK-1.0.20220511.1756-public_preview_1.0.zip](https://download.microsoft.com/download/c/7/7/c7738a05-819c-48d9-8f30-e4bf64e19f11/Azure-Percept-DK-1.0.20220511.1756-public_preview_1.0.zip)

+|May Service Release (2205)|[Azure-Percept-DK-1.0.20220511.1756-public_preview_1.0.zip](https://download.microsoft.com/download/c/7/7/c7738a05-819c-48d9-8f30-e4bf64e19f11/Azure-Percept-DK-1.0.20220511.1756-public_preview_1.0.zip)||

+|March Service Release (2203)|[Azure-Percept-DK-1.0.20220310.1223-public_preview_1.0.zip](https://download.microsoft.com/download/c/6/f/c6f6b152-699e-4f60-85b7-17b3ea57c189/Azure-Percept-DK-1.0.20220310.1223-public_preview_1.0.zip)||

+|February Service Release (2202)|[Azure-Percept-DK-1.0.20220209.1156-public_preview_1.0.zip](https://download.microsoft.com/download/f/8/6/f86ce7b3-8d76-494e-82d9-dcfb71fc2580/Azure-Percept-DK-1.0.20220209.1156-public_preview_1.0.zip)||

+|January Service Release (2201)|[Azure-Percept-DK-1.0.20220112.1519-public_preview_1.0.zip](https://download.microsoft.com/download/1/6/4/164cfcf2-ce52-4e75-9dee-63bb4a128e71/Azure-Percept-DK-1.0.20220112.1519-public_preview_1.0.zip)||

+|November Service Release (2111)|[Azure-Percept-DK-1.0.20211124.1851-public_preview_1.0.zip](https://download.microsoft.com/download/9/5/4/95464a73-109e-46c7-8624-251ceed0c5ea/Azure-Percept-DK-1.0.20211124.1851-public_preview_1.0.zip)||

+- Create a template that defines the resources to deploy with the managed application.

+- Define the user interface elements for the portal when deploying the managed application.

+- Create a _.zip_ package that contains the required template files.

+- Decide which user, group, or application needs access to the resource group in the user's subscription.

+- Create the managed application definition that points to the _.zip_ package and requests access for the identity.

+ "apiVersion": "2021-09-01",

+ "value": "[reference(resourceId('Microsoft.Storage/storageAccounts/', variables('storageAccountName')), '2021-09-01').primaryEndpoints.blob]"

+groupid=$(az ad group show --group mygroup --query id --output tsv)

+$roleid=(Get-AzRoleDefinition -Name Owner).Id

+roleid=$(az role definition list --name Owner --query [].name --output tsv)

+ -Authorization "${groupID}:$roleid" `

+ --authorizations "$groupid:$roleid" \

+- **resource group**: The name of the resource group where the managed application definition is created.

+- **lock level**: The type of lock placed on the managed resource group. It prevents the customer from performing undesirable operations on this resource group. Currently, ReadOnly is the only supported lock level. When ReadOnly is specified, the customer can only read the resources present in the managed resource group. The publisher identities that are granted access to the managed resource group are exempt from the lock.

+- **authorizations**: Describes the principal ID and the role definition ID that are used to grant permission to the managed resource group.

+ - **Azure PowerShell**: `"${groupid}:$roleid"` or you can use curly braces for each variable `"${groupid}:${roleid}"`. Use a comma to separate multiple values: `"${groupid1}:$roleid1", "${groupid2}:$roleid2"`.

+ - **Azure CLI**: `"$groupid:$roleid"` or you can use curly braces as shown in PowerShell. Use a space to separate multiple values: `"$groupid1:$roleid1" "$groupid2:$roleid2"`.

+- **package file URI**: The location of a _.zip_ package that contains the required files.

+As an alternative, you can choose to store your managed application definition within a storage account provided by you during creation so that its location and access can be fully managed by you for your regulatory needs.

+The `applicationDefinitions` properties include `storageAccountId` that contains the storage account ID for your storage account. You can verify that the application definition files are saved in your provided storage account in a container titled `applicationDefinitions`.

+> For added security, you can create a managed applications definition and store it in an [Azure storage account blob where encryption is enabled](../../storage/common/storage-service-encryption.md). The definition contents are encrypted through the storage account's encryption options. Only users with permissions to the file can see the definition in Service Catalog.

+> [Tutorial: Create and deploy your first ARM template](../azure-resource-manager/templates/template-tutorial-create-first-template.md)

+Sign in to the [Azure portal](https://portal.azure.com) using your Azure account.

+m

+This article describes the features of a Recovery Services vault. A Recovery Services vault is a storage entity in Azure that houses data. The data is typically copies of data, or configuration information for virtual machines (VMs), workloads, servers, or workstations. You can use Recovery Services vaults to hold backup data for various Azure services such as IaaS VMs (Linux or Windows) and SQL Server in Azure VMs. Recovery Services vaults support System Center DPM, Windows Server, Azure Backup Server, and more. Recovery Services vaults make it easy to organize your backup data, while minimizing management overhead. Recovery Services vaults are based on the Azure Resource Manager model of Azure, which provides features such as:

+ * The following example sets the **-BackupStorageRedundancy** option for the [Set-AzRecoveryServicesBackupProperty](/powershell/module/az.recoveryservices/set-azrecoveryservicesbackupproperty) cmd for **testvault** set to **GeoRedundant**.

+Sign in to the [Azure portal](https://portal.azure.com).

+1. Select the checkbox **I understand that tools and scripts associated with moved resources will not work until I update them to use new resource IDs** to confirm, and then select **Move**.

+1. Select the checkbox **I understand that tools and scripts associated with moved resources will not work until I update them to use new resource IDs** to confirm, and then select **Move**.

+You can remove protection on a protected file share but retain the data already backed up. To do so, remove the policy in the request body you used to [enable backup](backup-azure-file-share-rest-api.md#enable-backup-for-the-file-share) and submit the request. Once the association with the policy is removed, backups are no longer triggered, and no new recovery points are created.

+|Windows Server 2008 SP2 | <https://support.microsoft.com/help/4019276> |

+|Windows Server 2008 R2, Windows 7, Windows Server 2012 | <https://support.microsoft.com/help/3140245> |

+Sign in to the [Azure portal](https://portal.azure.com).

+- Learn more about [Azure Key Vault](../key-vault/general/basic-concepts.md).

+1. Deploy an Azure NC-series VM running Ubuntu 16.04 LTS. For example, create the VM in the US South Central region.

+2. Add the [NVIDIA GPU Drivers extension](../virtual-machines/extensions/hpccompute-gpu-linux.md) to the VM by using the Azure portal, a client computer that connects to the Azure subscription, or Azure Cloud Shell. Alternatively, follow the steps to connect to the VM and [install CUDA drivers](../virtual-machines/linux/n-series-driver-setup.md) manually.

+2. Open a browser and navigate to `http://127.0.0.1`.

+Learn how to search the web by using the [Bing Web Search API](../bing-web-search/overview.md), and explore the other [Bing Search APIs](../bing-web-search/index.yml).

+- **Custom images**: [Moderate with custom image lists](https://github.com/Azure-Samples/cognitive-services-dotnet-sdk-samples/blob/master/ContentModerator/ImageListManagement/Program.cs). See the [.NET SDK quickstart](./client-libraries.md?pivots=programming-language-csharp%253fpivots%253dprogramming-language-csharp).

+- **Text moderation**: [Screen text for profanity and personal data](https://github.com/Azure-Samples/cognitive-services-dotnet-sdk-samples/blob/master/ContentModerator/TextModeration/Program.cs). See the [.NET SDK quickstart](./client-libraries.md?pivots=programming-language-csharp%253fpivots%253dprogramming-language-csharp).

+> [!IMPORTANT]

+> If you've already exported a particular iteration, you cannot call the **export_iteration** method again. Instead, skip ahead to the **get_exports** method call to get a link to your existing exported model.

+After training has completed, the model's performance is calculated and displayed. The Custom Vision service uses the images that you submitted for training to calculate precision, recall, and mean average precision. Precision and recall are two different measurements of the effectiveness of a detector:

+After training has completed, the model's performance is estimated and displayed. The Custom Vision Service uses the images that you submitted for training to calculate precision and recall. Precision and recall are two different measurements of the effectiveness of a classifier:

+For a LUIS app, to *build from source* means to [create a new LUIS app version by importing the `.lu` source](./luis-how-to-manage-versions.md#import-version) , to [train the version](./luis-how-to-train.md) and to [publish it](./luis-how-to-publish-app.md). You can do this in the LUIS portal, or at the command line:

+* **API key** and **Endpoint URL**. The API key is used to start the container. You can retrieve the API key and Endpoint URL values by navigating to the Translator resource **Keys and Endpoint** page and selecting the `Copy to clipboard` <span class="docon docon-edit-copy x-hidden-focus"></span> icon.

+Navigate to the swagger page: `http://localhost:5000/swagger/https://docsupdatetracker.net/index.html`

+Ensure that the TMX conforms to the [TMX 1.4b Specification](https://www.gala-global.org/tmx-14b).

+* The `inputs` object contains both `sourceURL` and `targetURL` container addresses for your source and target language pairs.

+* The `prefix` and `suffix` are case-sensitive strings to filter documents in the source path for translation. The `prefix` field is often used to delineate subfolders for translation. The `suffix` field is most often used for file extensions.

+ },

+ static readonly string json = ("{\"inputs\": [{\"source\": {\"sourceUrl\": \"https://YOUR-SOURCE-URL-WITH-READ-LIST-ACCESS-SAS\",\"storageSource\": \"AzureBlob\",\"language\": \"en\"}, \"targets\": [{\"targetUrl\": \"https://YOUR-TARGET-URL-WITH-WRITE-LIST-ACCESS-SAS\",\"storageSource\": \"AzureBlob\",\"category\": \"general\",\"language\": \"es\"}]}]}");

+ "language": "en"

+ "language": "en"

+ RequestBody body = RequestBody.create(mediaType, "{\n \"inputs\": [\n {\n \"source\": {\n \"sourceUrl\": \"https://YOUR-SOURCE-URL-WITH-READ-LIST-ACCESS-SAS\",\n },\n \"language\": \"en\",\n \"storageSource\": \"AzureBlob\"\n },\n \"targets\": [\n {\n \"targetUrl\": \"https://YOUR-TARGET-URL-WITH-WRITE-LIST-ACCESS-SAS\",\n \"category\": \"general\",\n\"language\": \"fr\",\n\"storageSource\": \"AzureBlob\"\n }\n ],\n \"storageType\": \"Folder\"\n }\n ]\n}");

+var jsonStr = []byte(`{"inputs":[{"source":{"sourceUrl":"https://YOUR-SOURCE-URL-WITH-READ-LIST-ACCESS-SAS","storageSource":"AzureBlob","language":"en"},"targets":[{"targetUrl":"https://YOUR-TARGET-URL-WITH-WRITE-LIST-ACCESS-SAS","storageSource":"AzureBlob","category":"general","language":"es"}]}]}`)

+ Title: Previous language service updates

+description: An archive of previous Azure Cognitive Service for Language updates.

+# Previous updates for Azure Cognitive Service for Language

+This article contains a list of previously recorded updates for Azure Cognitive Service for Language. For more current service updates, see [What's new](../whats-new.md).

+## October 2021

+* Quality improvements for the extractive summarization feature in model-version `2021-08-01`.

+## September 2021

+* Starting with version `3.0.017010001-onprem-amd64` The text analytics for health container can now be called using the client library.

+## July 2021

+* General availability for text analytics for health containers and API.

+* General availability for opinion mining.

+* General availability for PII extraction and redaction.

+* General availability for asynchronous operation.

+## June 2021

+### General API updates

+* New model-version `2021-06-01` for key phrase extraction based on transformers. It provides:

+ * Support for 10 languages (Latin and CJK).

+ * Improved key phrase extraction.

+* The `2021-06-01` model version for Named Entity Recognition (NER) which provides

+ * Improved AI quality and expanded language support for the *Skill* entity category.

+ * Added Spanish, French, German, Italian and Portuguese language support for the *Skill* entity category

+### Text Analytics for health updates

+* A new model version `2021-05-15` for the `/health` endpoint and on-premise container which provides

+ * 5 new entity types: `ALLERGEN`, `CONDITION_SCALE`, `COURSE`, `EXPRESSION` and `MUTATION_TYPE`,

+ * 14 new relation types,

+ * Assertion detection expanded for new entity types and

+ * Linking support for `ALLERGEN` entity type

+* A new image for the Text Analytics for health container with tag `3.0.016230002-onprem-amd64` and model version `2021-05-15`. This container is available for download from Microsoft Container Registry.

+

+## May 2021

+* Custom question answering (previously QnA maker) can now be accessed using a Text Analytics resource.

+* Preview API release, including:

+ * Asynchronous API now supports sentiment analysis and opinion mining.

+ * A new query parameter, `LoggingOptOut`, is now available for customers who wish to opt out of logging input text for incident reports.

+* Text analytics for health and asynchronous operations are now available in all regions.

+## March 2021

+* Changes in the opinion mining JSON response body:

+ * `aspects` is now `targets` and `opinions` is now `assessments`.

+* Changes in the JSON response body of the hosted web API of text analytics for health:

+ * The `isNegated` boolean name of a detected entity object for negation is deprecated and replaced by assertion detection.

+ * A new property called `role` is now part of the extracted relation between an attribute and an entity as well as the relation between entities. This adds specificity to the detected relation type.

+* Entity linking is now available as an asynchronous task.

+* A new `pii-categories` parameter for the PII feature.

+ * This parameter lets you specify select PII entities, as well as those not supported by default for the input language.

+* Updated client libraries, which include asynchronous and text analytics for health operations.

+* A new model version `2021-03-01` for text analytics for health API and on-premise container which provides:

+ * A rename of the `Gene` entity type to `GeneOrProtein`.

+ * A new `Date` entity type.

+ * Assertion detection which replaces negation detection.

+ * A new preferred `name` property for linked entities that is normalized from various ontologies and coding systems.

+* A new text analytics for health container image with tag `3.0.015490002-onprem-amd64` and the new model-version `2021-03-01` has been released to the container preview repository.

+ * This container image will no longer be available for download from `containerpreview.azurecr.io` after April 26th, 2021.

+* **Processed Text Records** is now available as a metric in the **Monitoring** section for your text analytics resource in the Azure portal.

+## February 2021

+* The `2021-01-15` model version for the PII feature, which provides:

+ * Expanded support for 9 new languages

+ * Improved AI quality

+* The S0 through S4 pricing tiers are being retired on March 8th, 2021.

+* The language detection container is now generally available.

+## January 2021

+* The `2021-01-15` model version for Named Entity Recognition (NER), which provides

+ * Expanded language support.

+ * Improved AI quality of general entity categories for all supported languages.

+* The `2021-01-05` model version for language detection, which provides additional language support.

+## November 2020

+* Portuguese (Brazil) `pt-BR` is now supported in sentiment analysis, starting with model version `2020-04-01`. It adds to the existing `pt-PT` support for Portuguese.

+* Updated client libraries, which include asynchronous and text analytics for health operations.

+## October 2020

+* Hindi support for sentiment analysis, starting with model version `2020-04-01`.

+* Model version `2020-09-01` for language detection, which adds additional language support and accuracy improvements.

+## September 2020

+* PII now includes the new `redactedText` property in the response JSON where detected PII entities in the input text are replaced by an `*` for each character of those entities.

+* Entity linking endpoint now includes the `bingID` property in the response JSON for linked entities.

+* The following updates are specific to the September release of the text analytics for health container only.

+ * A new container image with tag `1.1.013530001-amd64-preview` with the new model-version `2020-09-03` has been released to the container preview repository.

+ * This model version provides improvements in entity recognition, abbreviation detection, and latency enhancements.

+## August 2020

+* Model version `2020-07-01` for key phrase extraction, PII detection, and language detection. This update adds:

+ * Additional government and country specific entity categories for Named Entity Recognition.

+ * Norwegian and Turkish support in Sentiment Analysis.

+* An HTTP 400 error will now be returned for API requests that exceed the published data limits.

+* Endpoints that return an offset now support the optional `stringIndexType` parameter, which adjusts the returned `offset` and `length` values to match a supported string index scheme.

+The following updates are specific to the August release of the Text Analytics for health container only.

+* New model-version for Text Analytics for health: `2020-07-24`

+

+The following properties in the JSON response have changed:

+* `type` has been renamed to `category`

+* `score` has been renamed to `confidenceScore`

+* Entities in the `category` field of the JSON output are now in pascal case. The following entities have been renamed:

+ * `EXAMINATION_RELATION` has been renamed to `RelationalOperator`.

+ * `EXAMINATION_UNIT` has been renamed to `MeasurementUnit`.

+ * `EXAMINATION_VALUE` has been renamed to `MeasurementValue`.

+ * `ROUTE_OR_MODE` has been renamed `MedicationRoute`.

+ * The relational entity `ROUTE_OR_MODE_OF_MEDICATION` has been renamed to `RouteOfMedication`.

+The following entities have been added:

+* Named Entity Recognition

+ * `AdministrativeEvent`

+ * `CareEnvironment`

+ * `HealthcareProfession`

+ * `MedicationForm`

+* Relation extraction

+ * `DirectionOfCondition`

+ * `DirectionOfExamination`

+ * `DirectionOfTreatment`

+

+## May 2020

+* Model version `2020-04-01`:

+ * Updated language support for sentiment analysis

+ * New "Address" entity category in Named Entity Recognition (NER)

+ * New subcategories in NER:

+ * Location - Geographical

+ * Location - Structural

+ * Organization - Stock Exchange

+ * Organization - Medical

+ * Organization - Sports

+ * Event - Cultural

+ * Event - Natural

+ * Event - Sports

+* The following properties in the JSON response have been added:

+ * `SentenceText` in sentiment analysis

+ * `Warnings` for each document

+* The names of the following properties in the JSON response have been changed, where applicable:

+* `score` has been renamed to `confidenceScore`

+ * `confidenceScore` has two decimal points of precision.

+* `type` has been renamed to `category`

+* `subtype` has been renamed to `subcategory`

+* New sentiment analysis feature - opinion mining

+* New personal (`PII`) domain filter for protected health information (`PHI`).

+## February 2020

+Additional entity types are now available in the Named Entity Recognition (NER). This update introduces model version `2020-02-01`, which includes:

+* Recognition of the following general entity types (English only):

+ * PersonType

+ * Product

+ * Event

+ * Geopolitical Entity (GPE) as a subtype under Location

+ * Skill

+* Recognition of the following personal information entity types (English only):

+ * Person

+ * Organization

+ * Age as a subtype under Quantity

+ * Date as a subtype under DateTime

+ * Email

+ * Phone Number (US only)

+ * URL

+ * IP Address

+### October 2019

+* Introduction of PII feature

+* Model version `2019-10-01`, which includes:

+ * Named entity recognition:

+ * Expanded detection and categorization of entities found in text.

+ * Recognition of the following new entity types:

+ * Phone number

+ * IP address

+ * Sentiment analysis:

+ * Significant improvements in the accuracy and detail of the API's text categorization and scoring.

+ * Automatic labeling for different sentiments in text.

+ * Sentiment analysis and output on a document and sentence level.

+ This model version supports: English (`en`), Japanese (`ja`), Chinese Simplified (`zh-Hans`), Chinese Traditional (`zh-Hant`), French (`fr`), Italian (`it`), Spanish (`es`), Dutch (`nl`), Portuguese (`pt`), and German (`de`).

+## Next steps

+See [What's new](../whats-new.md) for current service updates.

+ "category": "{entity}",

+ "category": "{entity}",

+ "category": "{entity}",

+The F1 score is a function of Precision and Recall. It's needed when you seek a balance between [precision](#precision) and [recall](#recall).

+> [!NOTE]

+> Active learning suggestions are not real time. There is an approximate delay of 30 minutes before the suggestions can show on this pane. This delay is to ensure that we balance the high cost involved for real time updates to the index and service performance.

+* See the [previous updates](./concepts/previous-updates.md) article for service updates not listed here.

+ Title: Data-at-rest encryption in Personalizer

+description: Learn about the keys that you use for data-at-rest encryption in Personalizer. See how to use Azure Key Vault to configure customer-managed keys.

+# Encryption of data at rest in Personalizer

+Personalizer is a service in Azure Cognitive Services that uses a machine learning model to provide apps with user-tailored content. When Personalizer persists data to the cloud, it encrypts that data. This encryption protects your data and helps you meet organizational security and compliance commitments.

+> Customer-managed keys are only available with the E0 pricing tier. To request the ability to use customer-managed keys, fill out and submit the [Personalizer Service Customer-Managed Key Request Form](https://aka.ms/cogsvc-cmk). It takes approximately 3-5 business days to hear back about the status of your request. If demand is high, you might be placed in a queue and approved when space becomes available.

+>

+> After you're approved to use customer-managed keys with Personalizer, create a new Personalizer resource and select E0 as the pricing tier. After you've created that resource, you can use Azure Key Vault to set up your managed identity.

+To learn more about Microsoft's privacy and security commitments, see the [Microsoft Trust Center](https://www.microsoft.com/trust-center).

+Microsoft empowers event platforms to integrate event capabilities using [Microsoft Teams](/microsoftteams/quick-start-meetings-live-events), [Graph](/graph/api/application-post-onlinemeetings?tabs=http&view=graph-rest-beta) and [Azure Communication Services](../overview.md). Virtual Events are a communication modality where event organizers schedule and configure a virtual environment for event presenters and participants to engage with content through voice, video, and chat. Event management platforms enable users to configure events and for attendees to participate in those events, within their platform, applying in-platform capabilities and gamification. Learn more about [Teams Meetings, Webinars and Live Events](/microsoftteams/quick-start-meetings-live-events) that are used throughout this article to enable virtual event scenarios.

+The adoption of hardware secure modules (HSM) enables secure transfer of keys and certificates to a protected cloud storage - [Azure Key Vault Managed HSM](../key-vault/managed-hsm/overview.md) ΓÇô without allowing the cloud service provider to access such sensitive information. Secrets being transferred never exist outside an HSM in plaintext form, enabling scenarios for sovereignty of keys and certificates that are client generated and managed, but still using a cloud-based secure storage.

+ These options determine how your application responds to unauthenticated requests. The default selections redirect all requests to sign in with this new provider. You can change customize this behavior now or adjust these settings later from the main **Authentication** screen by choosing **Edit** next to **Authentication settings**. To learn more about these options, see [Authentication flow](./authentication.md#authentication-flow).

+ "secretRef": "queueconnection"

+The secret value is mapped to the secret name declared at the application level as described in the [defining secrets](#defining-secrets) section. The `passwordSecretRef` and `secretRef` parameters are used to reference the secret names as environment variables at the container level. The `passwordSecretRef` provides a descriptive parameter name for secrets containing passwords.

+The following example shows an application that declares a connection string at the application level and is used throughout the configuration via `secretRef`.

+ --env-vars "QueueName=myqueue" "ConnectionString=secretRef:queue-connection-string"

+Here, the environment variable named `connection-string` gets its value from the application-level `queue-connection-string` secret by using `secretRef`.

+ --env-vars "QueueName=myqueue" "ConnectionString=secretRef:queue-connection-string"

+Here, the environment variable named `connection-string` gets its value from the application-level `queue-connection-string` secret by using `secretRef`.

+ Title: Connect a container app to a cloud service with Service Connector

+description: Learn to connect a container app to an Azure service using the Azure portal or the CLI.

+# Customer intent: As an app developer, I want to connect a containerized app to a storage account in the Azure portal using Service Connector.

+# How to connect a Container Apps instance to a backing service

+Azure Container Apps allows you to use Service Connector to connect to cloud services in just a few steps. Service Connector manages the configuration of the network settings and connection information between different services. To view all supported services, [learn more about Service Connector](../service-connector/overview.md#what-services-are-supported-in-service-connector).

+In this article, you learn to connect a container app to Azure Blob Storage.

+> [!IMPORTANT]

+> This feature in Container Apps is currently in preview.

+> See the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.

+## Prerequisites

+- An Azure account with an active subscription. [Create an account for free](https://azure.microsoft.com/free/dotnet).

+- An application deployed to Container Apps in a [region supported by Service Connector](../service-connector/concept-region-support.md). If you don't have one yet, [create and deploy a container to Container Apps](quickstart-portal.md)

+- An Azure Blob Storage account

+## Sign in to Azure

+First, sign in to Azure.

+### [Portal](#tab/azure-portal)

+Sign in to the Azure portal at [https://portal.azure.com/](https://portal.azure.com/) with your Azure account.

+### [Azure CLI](#tab/azure-cli)

+```azurecli-interactive

+az login

+```

+This command prompts your web browser to launch and load an Azure sign in page. If the browser fails to open, use device code flow with `az login --use-device-code`. For more sign in options, go to [sign in with the Azure CLI](/cli/azure/authenticate-azure-cli).

+## Create a new service connection

+Use Service Connector to create a new service connection in Container Apps using the Azure portal or the CLI.

+### [Portal](#tab/azure-portal)

+1. Navigate to the Azure portal.

+1. Select **All resources** on the left of the Azure portal.

+1. Enter **Container Apps** in the filter and select the name of the container app you want to use in the list.

+1. Select **Service Connector** from the left table of contents.

+1. Select **Create**.

+ :::image type="content" source="media/service-connector/connect-service-connector.png" alt-text="Screenshot of the Azure portal, selecting Service Connector within a container app." lightbox="media/service-connector/connect-service-connector-expanded.png":::

+1. Select or enter the following settings.

+ | Setting | Suggested value | Description |

+ | | | |

+ | **Container** | Your container name | Select your Container Apps. |

+ | **Service type** | Blob Storage | This is the target service type. If you don't have a Storage Blob container, you can [create one](../storage/blobs/storage-quickstart-blobs-portal.md) or use another service type. |

+ | **Subscription** | One of your subscriptions | The subscription containing your target service. The default value is the subscription for your container app. |

+ | **Connection name** | Generated unique name | The connection name that identifies the connection between your container app and target service. |

+ | **Storage account** | Your storage account name | The target storage account to which you want to connect. If you choose a different service type, select the corresponding target service instance. |

+ | **Client type** | The app stack in your selected container | Your application stack that works with the target service you selected. The default value is **none**, which generates a list of configurations. If you know about the app stack or the client SDK in the container you selected, select the same app stack for the client type. |

+1. Select **Next: Authentication** to select the authentication type. Then select **Connection string** to use access key to connect your Blob Storage account.

+1. Select **Next: Network** to select the network configuration. Then select **Enable firewall settings** to update firewall allowlist in Blob Storage so that your container apps can reach the Blob Storage.

+1. Then select **Next: Review + Create** to review the provided information. Running the final validation takes a few seconds. Then select **Create** to create the service connection. It might take a minute or so to complete the operation.

+### [Azure CLI](#tab/azure-cli)

+The following steps create a service connection using an access key or a system-assigned managed identity.

+1. Use the Azure CLI command `az containerapp connection list-support-types` to view all supported target services.

+ ```azurecli-interactive

+ az provider register -n Microsoft.ServiceLinker

+ az containerapp connection list-support-types --output table

+ ```

+1. Use the Azure CLI command `az containerapp connection connection create` to create a service connection from a container app.

+ If you're connecting with an access key, run the code below:

+ ```azurecli-interactive

+ az containerapp connection create storage-blob --secret

+ ```

+ If you're connecting with a system-assigned managed identity, run the code below:

+ ```azurecli-interactive

+ az containerapp connection create storage-blob --system-identity

+ ```

+1. Provide the following information at the Azure CLI's request:

+ - **The resource group which contains the container app**: the name of the resource group with the container app.

+ - **Name of the container app**: the name of your container app.

+ - **The container where the connection information will be saved**: the name of the container, in your container app, that connects to the target service

+ - **The resource group which contains the storage account:** the name of the resource group name with the storage account. In this guide, we're using a Blob Storage.

+ - **Name of the storage account**: the name of the storage account that contains your blob.

+ > [!IMPORTANT]

+ > To use Managed Identity, you must have the permission to manage [Azure Active Directory role assignments](../active-directory/managed-identities-azure-resources/howto-assign-access-portal.md). If you don't have this permission, you won't be able to create a connection. You can ask your subscription owner to grant you this permission or use an access key instead to create the connection.

+ > [!NOTE]

+ > If you don't have a Blob Storage, you can run `az containerapp connection create storage-blob --new --secret` to provision a new one.

+## View service connections in Container Apps

+View your existing service connections using the Azure portal or the CLI.

+### [Portal](#tab/azure-portal)

+1. In **Service Connector**, select **Refresh** and you'll see a Container Apps connection displayed.

+1. Select **>** to expand the list. You can see the environment variables required by your application code.

+1. Select **...** and then **Validate**. You can see the connection validation details in the pop-up panel on the right.

+ :::image type="content" source="media/service-connector/connect-service-connector-refresh.png" alt-text="Screenshot of the Azure portal, viewing connection validation details.":::

+### [Azure CLI](#tab/azure-cli)

+Use the Azure CLI command `az containerapp connection list` to list all your container app's provisioned connections. Provide the following information:

+- **Source compute service resource group name**: the resource group name of the container app.

+- **Container app name**: the name of your container app.

+```azurecli-interactive

+az containerapp connection list -g "<your-container-app-resource-group>" --name "<your-container-app-name>" --output table

+```

+The output also displays the provisioning state of your connections: failed or succeeded.

+## Next steps

+> [!div class="nextstepaction"]

+> [Environments in Azure Container Apps](environment.md)

+With the VNET established, you can now query for the infrastructure subnet ID.

+With the virtual network created, you can retrieve the ID for the infrastructure subnet.

+> This article has been updated with Helm 3 commands. Helm 3.7 includes changes to Helm CLI commands and OCI support introduced in earlier versions of Helm 3. By design `helm` moves forward with version. We recommend to use **3.7.2** or later.

+- **Helm client version 3.7 or later** - Run `helm version` to find your current version. For more information on how to install and upgrade Helm, see [Installing Helm][helm-install]. If you upgrade from an earlier version of Helm 3, review the [release notes](https://github.com/helm/helm/releases).

+az acr manifest list-metadata \

+ --registry $ACR_NAME \

+ --name helm/hello-world --detail

+In Azure Cosmos DB, you can configure your data and backups to remain in a single region to meet the [residency requirements](https://azure.microsoft.com/global-infrastructure/data-residency/).

+ - A system-assigned managed identity for the function app. [Add a system-assigned identity](../app-service/overview-managed-identity.md#add-a-system-assigned-identity)

+1. View the function app's properties using the [``az functionapp show``](/cli/azure/functionapp#az-functionapp-show) command.

+ Title: Get started with Azure Cosmos DB MongoDB API and JavaScript

+description: Get started developing a JavaScript application that works with Azure Cosmos DB MongoDB API. This article helps you learn how to set up a project and configure access to an Azure Cosmos DB MongoDB API database.

+ms.devlang: javascript

+# Get started with Azure Cosmos DB MongoDB API and JavaScript

+This article shows you how to connect to Azure Cosmos DB MongoDB API using the native MongoDB npm package. Once connected, you can perform operations on databases, collections, and docs.

+> [!NOTE]

+> The [example code snippets](https://github.com/Azure-Samples/cosmos-db-mongodb-api-javascript-samples) are available on GitHub as a JavaScript project.

+[MongoDB API reference documentation](https://docs.mongodb.com/drivers/node) | [MongoDB Package (npm)](https://www.npmjs.com/package/mongodb)

+## Prerequisites

+* An Azure account with an active subscription. [Create an account for free](https://azure.microsoft.com/free).

+* [Node.js LTS](https://nodejs.org/en/download/)

+* [Azure Command-Line Interface (CLI)](/cli/azure/) or [Azure PowerShell](/powershell/azure/)

+* [Azure Cosmos DB MongoDB API resource](quickstart-javascript.md#create-an-azure-cosmos-db-account)

+## Create a new JavaScript app

+1. Create a new JavaScript application in an empty folder using your preferred terminal. Use the [``npm init``](https://docs.npmjs.com/cli/v8/commands/npm-init) command to begin the prompts to create the `package.json` file. Accept the defaults for the prompts.

+ ```console

+ npm init

+ ```

+2. Add the [MongoDB](https://www.npmjs.com/package/mongodb) npm package to the JavaScript project. Use the [``npm install package``](https://docs.npmjs.com/cli/v8/commands/npm-install) command specifying the name of the npm package. The `dotenv` package is used to read the environment variables from a `.env` file during local development.

+ ```console

+ npm install mongodb dotenv

+ ```

+3. To run the app, use a terminal to navigate to the application directory and run the application.

+ ```console

+ node index.js

+ ```

+## Connect with MongoDB native driver to Azure Cosmos DB MongoDB API

+To connect with the MongoDB native driver to Azure Cosmos DB, create an instance of the [``MongoClient``](https://mongodb.github.io/node-mongodb-native/4.5/classes/MongoClient.html#connect) class. This class is the starting point to perform all operations against databases.

+The most common constructor for **MongoClient** has two parameters:

+| Parameter | Example value | Description |

+| | | |

+| ``url`` | ``COSMOS_CONNECTION_STRIN`` environment variable | MongoDB API connection string to use for all requests |

+| ``options`` | `{ssl: true, tls: true, }` | [MongoDB Options](https://mongodb.github.io/node-mongodb-native/4.5/interfaces/MongoClientOptions.html) for the connection. |

+Refer to the [Troubleshooting guide](error-codes-solutions.md) for connection issues.

+## Get resource name

+### [Azure CLI](#tab/azure-cli)

+### [PowerShell](#tab/azure-powershell)

+### [Portal](#tab/azure-portal)

+Skip this step and use the information for the portal in the next step.

+## Retrieve your connection string

+### [Azure CLI](#tab/azure-cli)

+### [PowerShell](#tab/azure-powershell)

+### [Portal](#tab/azure-portal)

+> [!TIP]

+> For this guide, we recommend using the resource group name ``msdocs-cosmos``.

+## Configure environment variables

+## Create MongoClient with connection string

+1. Add dependencies to reference the MongoDB and DotEnv npm packages.

+ :::code language="javascript" source="~/samples-cosmosdb-mongodb-javascript/101-client-connection-string/index.js" id="package_dependencies":::

+2. Define a new instance of the ``MongoClient,`` class using the constructor, and [``process.env.``](https://nodejs.org/dist/latest-v8.x/docs/api/process.html#process_process_env) to use the connection string.

+ :::code language="javascript" source="~/samples-cosmosdb-mongodb-javascript/101-client-connection-string/index.js" id="client_credentials":::

+For more information on different ways to create a ``MongoClient`` instance, see [MongoDB NodeJS Driver Quick Start](https://www.npmjs.com/package/mongodb#quick-start).

+## Close the MongoClient connection

+When your application is finished with the connection remember to close it. That `.close()` call should be after all database calls are made.

+```javascript

+client.close()

+```

+## Use MongoDB client classes with Cosmos DB for MongoDB API

+Each type of resource is represented by one or more associated JavaScript classes. Here's a list of the most common classes:

+| Class | Description |

+|||

+|[``MongoClient``](https://mongodb.github.io/node-mongodb-native/4.5/classes/MongoClient.html)|This class provides a client-side logical representation for the MongoDB API layer on Cosmos DB. The client object is used to configure and execute requests against the service.|

+|[``Db``](https://mongodb.github.io/node-mongodb-native/4.5/classes/Db.html)|This class is a reference to a database that may, or may not, exist in the service yet. The database is validated server-side when you attempt to access it or perform an operation against it.|

+|[``Collection``](https://mongodb.github.io/node-mongodb-native/4.5/classes/Collection.html)|This class is a reference to a collection that also may not exist in the service yet. The collection is validated server-side when you attempt to work with it.|

+The following guides show you how to use each of these classes to build your application.

+**Guide**:

+* [Manage databases](how-to-javascript-manage-databases.md)

+* [Manage collections](how-to-javascript-manage-collections.md)

+* [Manage documents](how-to-javascript-manage-documents.md)

+* [Use queries to find documents](how-to-javascript-manage-queries.md)

+## See also

+- [Package (NuGet)](https://www.nuget.org/packages/Microsoft.Azure.Cosmos)

+- [API reference](https://docs.mongodb.com/drivers/node)

+## Next steps

+Now that you've connected to a MongoDB API account, use the next guide to create and manage databases.

+> [!div class="nextstepaction"]

+> [Create a database in Azure Cosmos DB MongoDB API using JavaScript](how-to-javascript-manage-databases.md)

+ Title: Create a collection in Azure Cosmos DB MongoDB API using JavaScript

+description: Learn how to work with a collection in your Azure Cosmos DB MongoDB API database using the JavaScript SDK.

+ms.devlang: javascript

+# Manage a collection in Azure Cosmos DB MongoDB API using JavaScript

+Manage your MongoDB collection stored in Cosmos DB with the native MongoDB client driver.

+> [!NOTE]

+> The [example code snippets](https://github.com/Azure-Samples/cosmos-db-mongodb-api-javascript-samples) are available on GitHub as a JavaScript project.

+[MongoDB API reference documentation](https://docs.mongodb.com/drivers/node) | [MongoDB Package (npm)](https://www.npmjs.com/package/mongodb)

+## Name a collection

+In Azure Cosmos DB, a collection is analogous to a table in a relational database. When you create a collection, the collection name forms a segment of the URI used to access the collection resource and any child docs.

+Here are some quick rules when naming a collection:

+* Keep collection names between 3 and 63 characters long

+* Collection names can only contain lowercase letters, numbers, or the dash (-) character.

+* Container names must start with a lowercase letter or number.

+## Get collection instance

+Use an instance of the **Collection** class to access the collection on the server.

+* [MongoClient.Db.Collection](https://mongodb.github.io/node-mongodb-native/4.7/classes/Collection.html)

+The following code snippets assume you've already created your [client connection](how-to-javascript-get-started.md#create-mongoclient-with-connection-string) and that you [close your client connection](how-to-javascript-get-started.md#close-the-mongoclient-connection) after these code snippets.

+## Create a collection

+To create a collection, insert a document into the collection.

+* [MongoClient.Db.Collection](https://mongodb.github.io/node-mongodb-native/4.5/classes/Db.html#collection)

+* [MongoClient.Db.Collection.insertOne](https://mongodb.github.io/node-mongodb-native/4.7/classes/Collection.html#insertOne)

+* [MongoClient.Db.Collection.insertMany](https://mongodb.github.io/node-mongodb-native/4.7/classes/Collection.html#insertMany)

+## Drop a collection

+* [MongoClient.Db.dropCollection](https://mongodb.github.io/node-mongodb-native/4.7/classes/Db.html#dropCollection)

+Drop the collection from the database to remove it permanently. However, the next insert or update operation that accesses the collection will create a new collection with that name.

+The preceding code snippet displays the following example console output:

+## Get collection indexes

+An index is used by the MongoDB query engine to improve performance to database queries.

+* [MongoClient.Db.Collection.indexes](https://mongodb.github.io/node-mongodb-native/4.7/classes/Collection.html#indexes)

+The preceding code snippet displays the following example console output:

+## See also

+- [Get started with Azure Cosmos DB MongoDB API and JavaScript](how-to-javascript-get-started.md)

+- [Create a database](how-to-javascript-manage-databases.md)

+ Title: Manage a MongoDB database using JavaScript

+description: Learn how to manage your Cosmos DB resource when it provides the MongoDB API with a JavaScript SDK.

+ms.devlang: javascript

+# Manage a MongoDB database using JavaScript

+Your MongoDB server in Azure Cosmos DB is available from the common npm packages for MongoDB such as:

+* [MongoDB](https://www.npmjs.com/package/mongodb)

+> [!NOTE]

+> The [example code snippets](https://github.com/Azure-Samples/cosmos-db-mongodb-api-javascript-samples) are available on GitHub as a JavaScript project.

+[MongoDB API reference documentation](https://docs.mongodb.com/drivers/node) | [MongoDB Package (npm)](https://www.npmjs.com/package/mongodb)

+## Name a database

+In Azure Cosmos DB, a database is analogous to a namespace. When you create a database, the database name forms a segment of the URI used to access the database resource and any child resources.

+Here are some quick rules when naming a database:

+* Keep database names between 3 and 63 characters long

+* Database names can only contain lowercase letters, numbers, or the dash (-) character.

+* Database names must start with a lowercase letter or number.

+Once created, the URI for a database is in this format:

+``https://<cosmos-account-name>.documents.azure.com/dbs/<database-name>``

+## Get database instance

+The database holds the collections and their documents. Use an instance of the **Db** class to access the databases on the server.

+* [MongoClient.Db](https://mongodb.github.io/node-mongodb-native/4.7/classes/Db.html)

+The following code snippets assume you've already created your [client connection](how-to-javascript-get-started.md#create-mongoclient-with-connection-string) and that you [close your client connection](how-to-javascript-get-started.md#close-the-mongoclient-connection) after these code snippets.

+## Get server information

+Access the **Admin** class to retrieve server information. You don't need to specify the database name in the `db` method. The information returned is specific to MongoDB and doesn't represent the Azure Cosmos DB platform itself.

+* [MongoClient.Db.Admin](https://mongodb.github.io/node-mongodb-native/4.7/classes/Admin.html)

+The preceding code snippet displays the following example console output:

+## Does database exist?

+The native MongoDB driver for JavaScript creates the database if it doesn't exist when you access it. If you would prefer to know if the database already exists before using it, get the list of current databases and filter for the name:

+* [MongoClient.Db.Admin.listDatabases](https://mongodb.github.io/node-mongodb-native/4.7/classes/Db.html)

+The preceding code snippet displays the following example console output:

+## Get list of databases, collections, and document count

+When you manage your MongoDB server programmatically, it's helpful to know what databases and collections are on the server and how many documents in each collection.

+* [MongoClient.Db.Admin.listDatabases](https://mongodb.github.io/node-mongodb-native/4.7/classes/Db.html)

+* [MongoClient.Db.listCollections](https://mongodb.github.io/node-mongodb-native/4.7/classes/Db.html#listCollections)

+* [MongoClient.Db.Collection](https://mongodb.github.io/node-mongodb-native/4.7/classes/Collection.html)

+* [MongoClient.Db.Collection.countDocuments](https://mongodb.github.io/node-mongodb-native/4.7/classes/Collection.html#countDocuments)

+The preceding code snippet displays the following example console output:

+## Get database object instance

+To get a database object instance, call the following method. This method accepts an optional database name and can be part of a chain.

+* [``MongoClient.Db``](https://mongodb.github.io/node-mongodb-native/4.5/classes/Db.html)

+A database is created when it is accessed. The most common way to access a new database is to add a document to a collection. In one line of code using chained objects, the database, collection, and doc are created.

+```javascript

+const insertOneResult = await client.db("adventureworks").collection("products").insertOne(doc);

+```

+Learn more about working with [collections](how-to-javascript-manage-collections.md) and documents.

+## Drop a database

+A database is removed from the server using the dropDatabase method on the DB class.

+* [DB.dropDatabase](https://mongodb.github.io/node-mongodb-native/4.7/classes/Db.html#dropDatabase)

+The preceding code snippet displays the following example console output:

+## See also

+- [Get started with Azure Cosmos DB MongoDB API and JavaScript](how-to-javascript-get-started.md)

+- Work with a collection](how-to-javascript-manage-collections.md)

+ Title: Create a document in Azure Cosmos DB MongoDB API using JavaScript

+description: Learn how to work with a document in your Azure Cosmos DB MongoDB API database using the JavaScript SDK.

+ms.devlang: javascript

+# Manage a document in Azure Cosmos DB MongoDB API using JavaScript

+Manage your MongoDB documents with the ability to insert, update, and delete documents.

+> [!NOTE]

+> The [example code snippets](https://github.com/Azure-Samples/cosmos-db-mongodb-api-javascript-samples) are available on GitHub as a JavaScript project.

+[MongoDB API reference documentation](https://docs.mongodb.com/drivers/node) | [MongoDB Package (npm)](https://www.npmjs.com/package/mongodb)

+## Insert a document

+Insert a document, defined with a JSON schema, into your collection.

+* [MongoClient.Db.Collection.insertOne](https://mongodb.github.io/node-mongodb-native/4.7/classes/Collection.html#insertOne)

+* [MongoClient.Db.Collection.insertMany](https://mongodb.github.io/node-mongodb-native/4.7/classes/Collection.html#insertMany)

+The preceding code snippet displays the following example console output:

+## Document ID

+If you don't provide an ID, `_id`, for your document, one is created for you as a BSON object. The value of the provided ID is accessed with the ObjectId method.

+* [ObjectId](https://mongodb.github.io/node-mongodb-native/4.7/classes/ObjectId.html)

+Use the ID to query for documents:

+```javascript

+const query = { _id: ObjectId("62b1f43a9446918500c875c5")};

+```

+## Update a document

+To update a document, specify the query used to find the document along with a set of properties of the document that should be updated. You can choose to upsert the document, which inserts the document if it doesn't already exist.

+* [MongoClient.Db.Collection.updateOne](https://mongodb.github.io/node-mongodb-native/4.7/classes/Collection.html#updateOne)

+* [MongoClient.Db.Collection.updateMany](https://mongodb.github.io/node-mongodb-native/4.7/classes/Collection.html#updateMany)

+The preceding code snippet displays the following example console output for an insert:

+The preceding code snippet displays the following example console output for an update:

+## Bulk updates to a collection

+You can perform several operations at once with the **bulkWrite** operation. Learn more about how to [optimize bulk writes for Cosmos DB](optimize-write-performance.md#tune-for-the-optimal-batch-size-and-thread-count).

+The following bulk operations are available:

+* [MongoClient.Db.Collection.bulkWrite](https://mongodb.github.io/node-mongodb-native/4.7/classes/Collection.html#bulkWrite)

+ * insertOne

+ * updateOne

+ * updateMany

+ * deleteOne

+ * deleteMany

+The preceding code snippet displays the following example console output:

+## Delete a document

+To delete documents, use a query to define how the documents are found.

+* [MongoClient.Db.Collection.deleteOne](https://mongodb.github.io/node-mongodb-native/4.7/classes/Collection.html#deleteOne)

+* [MongoClient.Db.Collection.deleteMany](https://mongodb.github.io/node-mongodb-native/4.7/classes/Collection.html#deleteMany)

+The preceding code snippet displays the following example console output:

+## See also

+- [Get started with Azure Cosmos DB MongoDB API and JavaScript](how-to-javascript-get-started.md)

+- [Create a database](how-to-javascript-manage-databases.md)

+ Title: Use a query in Azure Cosmos DB MongoDB API using JavaScript

+description: Learn how to use a query in your Azure Cosmos DB MongoDB API database using the JavaScript SDK.

+ms.devlang: javascript

+# Use a query in Azure Cosmos DB MongoDB API using JavaScript

+Use queries to find documents in a collection.

+> [!NOTE]

+> The [example code snippets](https://github.com/Azure-Samples/cosmos-db-mongodb-api-javascript-samples) are available on GitHub as a JavaScript project.

+[MongoDB API reference documentation](https://docs.mongodb.com/drivers/node) | [MongoDB Package (npm)](https://www.npmjs.com/package/mongodb)

+## Query for documents

+To find documents, use a query to define how the documents are found.

+* [MongoClient.Db.Collection.findOne](https://mongodb.github.io/node-mongodb-native/4.7/classes/Collection.html#findOne)

+* [MongoClient.Db.Collection.find](https://mongodb.github.io/node-mongodb-native/4.7/classes/Collection.html#find)

+* [FindCursor](https://mongodb.github.io/node-mongodb-native/4.7/classes/FindCursor.html)

+The preceding code snippet displays the following example console output:

+## See also

+- [Get started with Azure Cosmos DB MongoDB API and JavaScript](how-to-javascript-get-started.md)

+- [Create a database](how-to-javascript-manage-databases.md)

+### Get MongoDB connection string

+#### [Azure CLI](#tab/azure-cli)

+#### [PowerShell](#tab/azure-powershell)

+#### [Portal](#tab/azure-portal)

+|Capax Global LLC | IoT, Personalization, Retail (inventory), Operational Analytics (Spark), Serverless architecture, App development| USA |

+* Learn how to configure [throughput control](throughput-control-spark.md).

+# Microsoft Defender for Azure Cosmos DB

+Microsoft Defender for Azure Cosmos DB provides an extra layer of security intelligence that detects unusual and potentially harmful attempts to access or exploit Azure Cosmos DB accounts. This layer of protection allows you to address threats, even without being a security expert, and integrate them with central security monitoring systems.

+> * Microsoft Defender for Azure Cosmos DB is currently available only for the Core (SQL) API.

+> * Microsoft Defender for Azure Cosmos DB is not currently available in Azure government and sovereign cloud regions.

+Microsoft Defender for Azure Cosmos DB detects anomalous activities indicating unusual and potentially harmful attempts to access or exploit databases. It can currently trigger the following alerts:

+## Configure Microsoft Defender for Azure Cosmos DB

+See [Enable Microsoft Defender for Azure Cosmos DB](../../defender-for-cloud/defender-for-databases-enable-cosmos-protections.md).

+* Learn more about [Microsoft Defender for Azure Cosmos DB](../../defender-for-cloud/concept-defender-for-cosmos.md)

+1. On the **Select API option** page, select the **Create** option within the **Core (SQL) - Recommend** section. Azure Cosmos DB has five APIs: SQL, MongoDB, Gremlin, Table, and Cassandra. [Learn more about the SQL API](../index.yml).

+1. Find the *PRIMARY KEY* from the list of keys for the account with the [`az-cosmosdb-keys-list`](/cli/azure/cosmosdb/keys#az-cosmosdb-keys-list) command.

+1. Find the *PRIMARY CONNECTION STRING* from the list of connection strings for the account with the [`az-cosmosdb-keys-list`](/cli/azure/cosmosdb/keys#az-cosmosdb-keys-list) command.

+1. Open Kafka Topic UI on `http://localhost:9000`.

+1. Find the *PRIMARY KEY* from the list of keys for the account with the [`az-cosmosdb-keys-list`](/cli/azure/cosmosdb/keys#az-cosmosdb-keys-list) command.

+1. On the **Select API option** page, select the **Create** option within the **Core (SQL) - Recommend** section. Azure Cosmos DB has five APIs: SQL, MongoDB, Gremlin, Table, and Cassandra. [Learn more about the SQL API](../index.yml).

+ Title: Azure Cosmos DB Spark Connector - Throughput Control

+description: Learn about controlling throughput for bulk data movements in the Azure Cosmos DB Spark Connector

+# Azure Cosmos DB Spark Connector - throughput control

+The [Spark Connector](create-sql-api-spark.md) allows you to communicate with Azure Cosmos DB using [Apache Spark](https://spark.apache.org/). This article describes how the throughput control feature works. Check out our [Spark samples in GitHub](https://github.com/Azure/azure-sdk-for-java/tree/main/sdk/cosmos/azure-cosmos-spark_3_2-12/Samples) to get started using throughput control.

+## Why is throughput control important?

+ Having throughput control helps to isolate the performance needs of applications running against a container, by limiting the amount of [request units](../request-units.md) that can be consumed by a given Spark client.

+There are several advanced scenarios that benefit from client-side throughput control:

+- **Different operations and tasks have different priorities** - there can be a need to prevent normal transactions from being throttled due to data ingestion or copy activities. Some operations and/or tasks aren't sensitive to latency, and are more tolerant to being throttled than others.

+- **Provide fairness/isolation to different end users/tenants** - An application will usually have many end users. Some users may send too many requests, which consume all available throughput, causing others to get throttled.

+- **Load balancing of throughput between different Azure Cosmos DB clients** - in some use cases, it's important to make sure all the clients get a fair (equal) share of the throughput

+Throughput control enables the capability for more granular level RU rate limiting as needed.

+## How does throughput control work?

+Throughput control for the Spark Connector is configured by first creating a container that will define throughput control metadata, with a partition key of `groupId`, and `ttl` enabled. Here we create this container using Spark SQL, and call it `ThroughputControl`:

+```sql

+ %sql

+ CREATE TABLE IF NOT EXISTS cosmosCatalog.`database-v4`.ThroughputControl

+ USING cosmos.oltp

+ OPTIONS(spark.cosmos.database = 'database-v4')

+ TBLPROPERTIES(partitionKeyPath = '/groupId', autoScaleMaxThroughput = '4000', indexingPolicy = 'AllProperties', defaultTtlInSeconds = '-1');

+```

+> [!NOTE]

+> The above example creates a container with [autoscale](../provision-throughput-autoscale.md). If you prefer standard provisioning, you can replace `autoScaleMaxThroughput` with `manualThroughput` instead.

+> [!IMPORTANT]

+> The partition key must be defined as `/groupId`, and `ttl` must be enabled, for the throughput control feature to work.

+Within the Spark config of a given application, we can then specify parameters for our workload. The below example sets throughput control as `enabled`, as well as defining a throughput control group `name` and a `targetThroughputThreshold`. We also define the `database` and `container` in which through control group is maintained:

+```scala

+ "spark.cosmos.throughputControl.enabled" -> "true",

+ "spark.cosmos.throughputControl.name" -> "SourceContainerThroughputControl",

+ "spark.cosmos.throughputControl.targetThroughputThreshold" -> "0.95",

+ "spark.cosmos.throughputControl.globalControl.database" -> "database-v4",

+ "spark.cosmos.throughputControl.globalControl.container" -> "ThroughputControl"

+```

+In the above example, the `targetThroughputThreshold` is defined as **0.95**, so rate limiting will occur (and requests will be retried) when clients consume more than 95% (+/- 5-10 percent) of the throughput that is allocated to the container. This configuration is stored as a document in the throughput container that looks like the below:

+```json

+ {

+ "id": "ZGF0YWJhc2UtdjQvY3VzdG9tZXIvU291cmNlQ29udGFpbmVyVGhyb3VnaHB1dENvbnRyb2w.info",

+ "groupId": "database-v4/customer/SourceContainerThroughputControl.config",

+ "targetThroughput": "",

+ "targetThroughputThreshold": "0.95",

+ "isDefault": true,

+ "_rid": "EHcYAPolTiABAAAAAAAAAA==",

+ "_self": "dbs/EHcYAA==/colls/EHcYAPolTiA=/docs/EHcYAPolTiABAAAAAAAAAA==/",

+ "_etag": "\"2101ea83-0000-1100-0000-627503dd0000\"",

+ "_attachments": "attachments/",

+ "_ts": 1651835869

+ }

+```

+> [!NOTE]

+> Throughput control does not do RU pre-calculation of each operation. Instead, it tracks the RU usages after the operation based on the response header. As such, throughput control is based on an approximation - and does not guarantee that amount of throughput will be available for the group at any given time.

+> [!WARNING]

+> The `targetThroughputThreshold` is **immutable**. If you change the target throughput threshold value, this will create a new throughput control group (but as long as you use Version 4.10.0 or later it can have the same name). You need to restart all Spark jobs that are using the group if you want to ensure they all consume the new threshold immediately (otherwise they will pick-up the new threshold after the next restart).

+For each Spark client that uses the throughput control group, a record will be created in the `ThroughputControl` container - with a ttl of a few seconds - so the documents will vanish pretty quickly if a Spark client isn't actively running anymore - which looks like the below:

+```json

+ {

+ "id": "Zhjdieidjojdook3osk3okso3ksp3ospojsp92939j3299p3oj93pjp93jsps939pkp9ks39kp9339skp",

+ "groupId": "database-v4/customer/SourceContainerThroughputControl.config",

+ "_etag": "\"1782728-w98999w-ww9998w9-99990000\"",

+ "ttl": 10,

+ "initializeTime": "2022-06-26T02:24:40.054Z",

+ "loadFactor": 0.97636377638898,

+ "allocatedThroughput": 484.89444487847,

+ "_rid": "EHcYAPolTiABAAAAAAAAAA==",

+ "_self": "dbs/EHcYAA==/colls/EHcYAPolTiA=/docs/EHcYAPolTiABAAAAAAAAAA==/",

+ "_etag": "\"2101ea83-0000-1100-0000-627503dd0000\"",

+ "_attachments": "attachments/",

+ "_ts": 1651835869

+ }

+```

+In each client record, the `loadFactor` attribute represents the load on the given client, relative to other clients in the throughput control group. The `allocatedThroughput` attribute shows how many RUs are currently allocated to this client. The Spark Connector will adjust allocated throughput for each client based on its load. This will ensure that each client gets a share of the throughput available that is proportional to its load, and all clients together don't consume more than the total allocated for the throughput control group to which they belong.

+## Next steps

+* [Spark samples in GitHub](https://github.com/Azure/azure-sdk-for-java/tree/main/sdk/cosmos/azure-cosmos-spark_3_2-12/Samples).

+* [Manage data with Azure Cosmos DB Spark 3 OLTP Connector for SQL API](create-sql-api-spark.md).

+* Learn more about [Apache Spark](https://spark.apache.org/).

+ Title: Enable preview features in Cost Management Labs

+description: This article explains how to explore preview features and provides a list of the recent previews you might be interested in.

+# Enable preview features in Cost Management Labs

+Cost Management Labs is an experience in the Azure portal where you can get a sneak peek at what's coming in Cost Management. You can engage directly with us to share feedback and help us better understand how you use the service, so we can deliver more tuned and optimized experiences.

+This article explains how to explore preview features and provides a list of the recent previews you might be interested in.

+## Explore preview features

+You can explore preview features from the Cost Management overview.

+1. On the Cost Management overview page, select the [Try preview](https://aka.ms/costmgmt/trypreview) command at the top of the page.

+2. From there, enable the features you'd like to use and select **Close** at the bottom of the page.

+ :::image type="content" source="./media/enable-preview-features-cost-management-labs/cost-management-labs.png" alt-text="Screenshot showing the Cost Management labs preview options." lightbox="./media/enable-preview-features-cost-management-labs/cost-management-labs.png" :::

+3. To see the features enabled, close and reopen Cost Management. You can reopen Cost Management by selecting the link in the notification in the top-right corner.

+ :::image type="content" source="./media/enable-preview-features-cost-management-labs/reopen-cost-management.png" alt-text="Screenshot showing the Reopen Cost Management notification." :::

+If you're interested in getting preview features even earlier:

+1. Navigate to Cost Management.

+2. Select **Go to preview portal**.

+Or, you can go directly to the [Azure preview portal](https://preview.portal.azure.com/).

+It's the same experience as the public portal, except with new improvements and preview features. Every change in Cost Management is available in the preview portal a week before it's in the full Azure portal.

+We encourage you to try out the preview features available in Cost Management Labs and share your feedback. It's your chance to influence the future direction of Cost Management. To provide feedback, use the **Report a bug** link in the Try preview menu. It's a direct way to communicate with the Cost Management engineering team.

+## Anomaly detection alerts

+<a name="anomalyalerts"></a>

+Get notified by email when a cost anomaly is detected on your subscription.

+Anomaly detection is available for Azure global subscriptions in the cost analysis preview.

+Here's an example of a cost anomaly shown in cost analysis:

+To configure anomaly alerts:

+1. Open the cost analysis preview.

+1. Navigate to **Cost alerts** and select **Add** > **Add Anomaly alert**.

+For more information about anomaly detection and how to configure alerts, see [Identify anomalies and unexpected changes in cost](../understand/analyze-unexpected-charges.md).

+**Anomaly detection is now available by default in Azure global.**

+## Grouping SQL databases and elastic pools

+<a name="aksnestedtable"></a>

+Get an at-a-glance view of your total SQL costs by grouping SQL databases and elastic pools. They're shown under their parent server in the cost analysis preview. This feature is enabled by default.

+Understanding what you're being charged for can be complicated. The best place to start for many people is the [Resources view](https://aka.ms/costanalysis/resources) in the cost analysis preview. It shows resources that are incurring cost. But even a straightforward list of resources can be hard to follow when a single deployment includes multiple, related resources. To help summarize your resource costs, we're trying to group related resources together. So, we're changing cost analysis to show child resources.

+Many Azure services use nested or child resources. SQL servers have databases, storage accounts have containers, and virtual networks have subnets. Most of the child resources are only used to configure services, but sometimes the resources have their own usage and charges. SQL databases are perhaps the most common example.

+SQL databases are deployed as part of a SQL server instance, but usage is tracked at the database level. Additionally, you might also have charges on the parent server, like for Microsoft Defender for Cloud. To get the total cost for your SQL deployment in classic cost analysis, you need to find the server and each database and then manually sum up their total cost. As an example, you can see the **aepool** elastic pool at the top of the list below and the **treyanalyticsengine** server lower down on the first page. What you don't see is another database even lower in the list. You can imagine how troubling this situation would be when you need the total cost of a large server instance with many databases.

+Here's an example showing classic cost analysis where multiple related resource costs aren't grouped.

+In the cost analysis preview, the child resources are grouped together under their parent resource. The grouping shows a quick, at-a-glance view of your deployment and its total cost. Using the same subscription, you can now see all three charges grouped together under the server, offering a one-line summary for your total server costs.

+Here's an example showing grouped resource costs with the **Grouping SQL databases and elastic pools** preview option enabled.

+You might also notice the change in row count. Classic cost analysis shows 53 rows where every resource is broken out on its own. The cost analysis preview only shows 25 rows. The difference is that the individual resources are being grouped together, making it easier to get an at-a-glance cost summary.

+In addition to SQL servers, you'll also see other services with child resources, like App Service, Synapse, and VNet gateways. Each is similarly shown grouped together in the cost analysis preview.

+**Grouping SQL databases and elastic pools is available by default in the cost analysis preview.**

+## Average in the cost analysis preview

+<a name="cav3average"></a>

+Average in the cost analysis preview shows your average daily or monthly cost at the top of the view.

+When the selected date range includes the current day, the average cost is calculated ending at yesterday's date. It doesn't include partial cost from the current day because data for the day isn't complete. Every service submits usage at different timelines that affects the average calculation. For more information about data latency and refresh processing, see [Understand Cost Management data](understand-cost-mgt-data.md).

+**Average in the cost analysis preview is available by default in the cost analysis preview.**

+## Budgets in the cost analysis preview

+<a name="budgetsfeature"></a>

+Budgets in the cost analysis preview help you quickly create and edit budgets directly from the cost analysis preview.

+If you don't have a budget yet, you'll see a link to create a new budget. Budgets created from the cost analysis preview are preconfigured with alerts. Thresholds are set for cost exceeding 50 percent, 80 percent, and 95 percent of your cost. Or, 100 percent of your forecast for the month. You can add other recipients or update alerts from the Budgets page.

+**Budgets in the cost analysis preview is available by default in the cost analysis preview.**

+## Charts in the cost analysis preview

+<a name="chartsfeature"></a>

+Charts in the cost analysis preview include a chart of daily or monthly charges for the specified date range.

+Charts are enabled on the [Try preview](https://aka.ms/costmgmt/trypreview) page in the Azure portal. Use the **How would you rate the cost analysis preview?** Option at the bottom of the page to share feedback about the preview.

+## Streamlined menu

+<a name="onlyinconfig"></a>

+Cost Management includes a central management screen for all configuration settings. Some of the settings are also available directly from the Cost Management menu currently. Enabling the **Streamlined menu** option removes configuration settings from the menu.

+In the following image, the menu on the left is classic cost analysis. The menu on the right is the streamlined menu.

+You can enable **Streamlined menu** on the [Try preview](https://aka.ms/costmgmt/trypreview) page in the Azure portal. Feel free to [share your feedback](https://feedback.azure.com/d365community/idea/5e0ea52c-1025-ec11-b6e6-000d3a4f07b8). As an experimental feature, we need your feedback to determine whether to release or remove the preview.

+## Open config items in the menu

+<a name="configinmenu"></a>

+Cost Management includes a central management view for all configuration settings. Currently, selecting a setting opens the configuration page outside of the Cost Management menu.

+**Open config items in the menu** is an experimental option to open the configuration page in the Cost Management menu. The option makes it easier to switch to other menu items with one selection. The feature works best with the [streamlined menu](#streamlined-menu).

+You can enable **Open config items in the menu** on the [Try preview](https://aka.ms/costmgmt/trypreview) page in the Azure portal.

+[Share your feedback](https://feedback.azure.com/d365community/idea/1403a826-1025-ec11-b6e6-000d3a4f07b8) about the feature. As an experimental feature, we need your feedback to determine whether to release or remove the preview.

+## Change scope from menu

+<a name="changescope"></a>

+If you manage many subscriptions and need to switch between subscriptions or resource groups often, you might want to include the **Change scope from menu** option.

+It allows changing the scope from the menu for quicker navigation. To enable the feature, navigate to the [Cost Management Labs preview page](https://portal.azure.com/#view/Microsoft_Azure_CostManagement/Menu/~/overview/open/overview.preview) in the Azure portal.

+[Share your feedback](https://feedback.azure.com/d365community/idea/e702a826-1025-ec11-b6e6-000d3a4f07b8) about the feature. As an experimental feature, we need your feedback to determine whether to release or remove the preview.

+## How to share feedback

+We're always listening and making constant improvements based on your feedback, so we welcome it. Here are a few ways to share your feedback with the team:

+- If you have a problem or are seeing data that doesn't make sense, submit a support request. It's the fastest way to investigate and resolve data issues and major bugs.

+- For feature requests, you can share ideas and vote up others in the [Cost Management feedback forum](https://aka.ms/costmgmt/feedback).

+- Take advantage of the **How would you rate…** prompts in the Azure portal to let us know how each experience is working for you. We monitor the feedback proactively to identify and prioritize changes. You'll see either a blue option in the bottom-right corner of the page or a banner at the top.

+## Next steps

+Learn about [what's new in Cost Management](https://azure.microsoft.com/blog/tag/cost-management/).

+If you pay for Azure with a credit card issued by a bank in the [European Economic Area](https://en.wikipedia.org/wiki/European_Economic_Area), you might be required to complete multi-factor authentication for the payment method of your account. You may be prompted to complete the multi-factor authentication challenge when signing up your Azure account or upgrading your Azure accountΓÇöeven if you are not making a purchase at the time. You may also be asked to provide multi-factor authentication when you change the payment method of your Azure account, remove your spending cap, or make an immediate payment from the Azure portalΓÇö such as settling outstanding balances or purchasing Azure credits.

+Identify the right VM size for your purchase. For example, a reservation purchased for ES series VMs doesn't apply to E series VMs, and vice-versa.

+To narrow eligible usage, apply the following filters to your usage data:

+Reserved capacity applies to Azure Synapse Analytics DWU usage and is purchased in increments on 100 DWU. To narrow eligible usage, apply the following filters on your usage data:

+Enterprise Agreement customers can use the VM RI Coverage reports for VMs and purchase recommendations. The coverage reports show total usage and the usage that's covered by reserved instances.

+- Advisor recommendations are calculated using 30-day look-back period. The projected savings are for a three-year reservation term.

+We recommend including global parameters in the ARM template during the CI/CD. The new mechanism of including global parameters in the ARM template (from 'Manage hub' -> 'ARM template' -> ΓÇÿInclude global parameters in ARM template

+') as illustrated below, will not conflict/ override the factory-level settings as it used to do earlier, hence not requiring additional PowerShell for global parameters deployment during CI/CD.

+> [!NOTE]

+> We have moved the UI experience for including global parameters from the 'Global parameters' section to the 'ARM template' section in the manage hub.

+If you are already using the older mechanism (from 'Manage hub' -> 'Global parameters' -> 'Include in ARM template'), you can continue. We will continue to support it.

+If you are using the older flow of integrating global parameters in your continuous integration and deployment solution, it will continue to work:

+* Include global parameters in the ARM template (from 'Manage hub' -> 'Global parameters' -> 'Include in ARM template')

+* Deploy global parameters via a PowerShell script

+We strongly recommend using the new mechanism of including global parameters in the ARM template (from 'Manage hub' -> 'ARM template' -> 'Include global parameters in an ARM template') since it makes the CICD with global parameters much more straightforward and easier to manage.

+> The **Include global parameters in an ARM template** configuration is only available in "Git mode". Currently it is disabled in "live mode" or "Data Factory" mode.

+### Deploying using PowerShell (older mechanism)

+> [!NOTE]

+> This is not required if you're including global parameters using the 'Manage hub' -> 'ARM template' -> 'Include global parameters in an ARM template' since you can deploy the ARM with the ARM templates without breaking the Factory-level configurations. For backward compatability we will continue to support it.

+}

+> Time to live is not available when using the auto-resolve integration runtime (default).

+description: Learn more about the Azure Data Factory studio preview experience.

+ [**Dataflow data first experimental view**](#dataflow-data-first-experimental-view)

+ * [Configuration panel](#configuration-panel)

+ * [Transformation settings](#transformation-settings)

+ * [Data preview](#data-preview)

+

+ [**Pipeline experimental view**](#pipeline-experimental-view)

+ * [Adding activities](#adding-activities)

+ * [ForEach activity container](#foreach-activity-container)

+### Dataflow data first experimental view

+When you use the wizard, JSON definitions for these Data Factory entities (linked services, datasets, and the pipeline) are automatically created for you. When you use tools/APIs (except .NET API), you define these Data Factory entities by using the JSON format. For samples with JSON definitions for Data Factory entities that are used to copy data to/from an Azure Blob Storage, see [JSON examples](#json-examples-for-copying-data-to-and-from-blob-storage) section of this article.

+**Answer:** Gateway makes HTTP-based connections to open internet. The **outbound ports 443 and 80** must be opened for gateway to make this connection. Open **Inbound Port 8050** only at the machine level (not at corporate firewall level) for Credential Manager application. If Azure SQL Database or Azure Synapse Analytics is used as source/ destination, then you need to open **1433** port as well. For more information, see [Firewall configurations and filtering IP addresses](#firewall-configurations-and-filtering-ip-address-of-gateway) section.

+ For more information on the available commands, go to [Debug Kubernetes issues](azure-stack-edge-gpu-connect-powershell-interface.md#debug-kubernetes-issues-related-to-iot-edge).

+| **Virtual machines should encrypt temp disks, caches, and data flows between Compute and Storage resources** | By default, a virtual machineΓÇÖs OS and data disks are encrypted-at-rest using platform-managed keys; temp disks and data caches arenΓÇÖt encrypted, and data isnΓÇÖt encrypted when flowing between compute and storage resources. For more information, see the [comparison of different disk encryption technologies in Azure](https://aka.ms/diskencryptioncomparison).<br>Use Azure Disk Encryption to encrypt all this data. Disregard this recommendation if: (1) youΓÇÖre using the encryption-at-host feature, or (2) server-side encryption on Managed Disks meets your security requirements. Learn more in Server-side encryption of Azure Disk Storage. | High |

+| REST API call | `GET https://management.azure.com/subscriptions/<SUBSCRIPTION_ID>/providers/Microsoft.Security/assessments?api-version=2019-01-01-preview&$expand=statusEvaluationDates` |

+You can safely ignore these policies and there will be no impact on your environment. If you'd like to enable them, sign up for the preview via the [Microsoft Cloud Security

+Private Community](https://aka.ms/SecurityPrP) and select from the following options:

+Until now, the integration with Microsoft Defender for Endpoint (MDE) included automatic installation of the new [MDE unified solution](/microsoft-365/security/defender-endpoint/configure-server-endpoints?view=o365-worldwide#new-windows-server-2012-r2-and-2016-functionality-in-the-modern-unified-solution&preserve-view=true) for machines (Azure subscriptions and multicloud connectors) with Defender for Servers Plan 1 enabled, and for multicloud connectors with Defender for Servers Plan 2 enabled. Plan 2 for Azure subscriptions enabled the unified solution for Linux machines and Windows 2019 and 2022 servers only. Windows servers 2012R2 and 2016 used the MDE legacy solution dependent on Log Analytics agent.

+Learn more about [MDE integration with Defender for Servers](integration-defender-for-endpoint.md#users-with-defender-for-servers-enabled-and-microsoft-defender-for-endpoint-deployed).

+To learn more about policy definitions for Azure App Service, see [Azure Policy built-in definitions for Azure App Service](../azure-app-configuration/policy-reference.md).

+Default values are available in the proper schema in [GitHub](https://aka.ms/iot-security-module-default).

+## Upload and play PCAP files

+When troubleshooting, you may want to examine data recorded by a specific PCAP file. To do so, you can upload a PCAP file to your sensor console and replay the data recorded.

+To view the PCAP player in your sensor console, you'll first need to configure the relevant advanced configuration option.

+Maximum size for uploaded files is 2 GB.

+**To show the PCAP player in your sensor console**:

+1. On your sensor console, go to **System settings > Sensor management > Advanced Configurations**.

+1. In the **Advanced configurations** pane, select the **Pcaps** category.

+1. In the configurations displayed, change `enabled=0` to `enabled=1`, and select **Save**.

+The **Play PCAP** option is now available in the sensor console's settings, under: **System settings > Basic > Play PCAP**.

+**To upload and play a PCAP file**:

+1. On your sensor console, select **System settings > Basic > Play PCAP**.

+1. In the **PCAP PLAYER** pane, select **Upload** and then navigate to and select the file you want to upload.

+1. Select **Play** to play your PCAP file, or **Play All** to play all PCAP files currently loaded.

+> [!TIP]

+> Select **Clear All** to clear the sensor of all PCAP files loaded.

+You can learn more [About forwarded alert information](how-to-forward-alert-information-to-partners.md#about-forwarded-alert-information). You can also [Test forwarding rules](how-to-forward-alert-information-to-partners.md#test-forwarding-rules), or [Edit and delete forwarding rules](how-to-forward-alert-information-to-partners.md#edit-and-delete-forwarding-rules). You can also learn more about [Forwarding rules and alert exclusion rules](how-to-forward-alert-information-to-partners.md#forwarding-rules-and-alert-exclusion-rules).

+ Title: Integrations with partner services - Microsoft Defender for IoT

+description: Learn about supported integrations with Microsoft Defender for IoT.

+# Integrations with partner services

+Integrate Microsoft Defender for Iot with partner services to view partner data in Defender for IoT, or to view Defender for IoT data in a partner service.

+## Supported integrations

+The following table lists available integrations for Microsoft Defender for IoT, as well as links for specific configuration information.

+|Partner service |Description | Learn more |

+||||

+|**Aruba ClearPass** | Share Defender for IoT data with ClearPass Security Exchange and update the ClearPass Policy Manager Endpoint Database with Defender for IoT data. | [Integrate ClearPass with Microsoft Defender for IoT](tutorial-clearpass.md) |

+|**CyberArk** | Send CyberArk PSM syslog data on remote sessions and verification failures to Defender for IoT for data correlation. | [Integrate CyberArk with Microsoft Defender for IoT](tutorial-cyberark.md) |

+|**Forescout** | Automate actions in Forescout based on activity detected by Defender for IoT, and correlate Defender for IoT data with other *Forescout eyeExtended* modules that oversee monitoring, incident management, and device control. | [Integrate Forescout with Microsoft Defender for IoT](tutorial-forescout.md) |

+|**Fortinet** | Send Defender for IoT data to Fortinet services for: <br><br>- Enhanced network visibility in FortiSIEM<br>- Extra abilities in FortiGate to stop anomalous behavior | [Integrate Fortinet with Microsoft Defender for IoT](tutorial-fortinet.md) |

+|**Palo Alto** |Use Defender for IoT data to block critical threats with Palo Alto firewalls, either with automatic blocking or with blocking recommendations. | [Integrate Palo-Alto with Microsoft Defender for IoT](tutorial-palo-alto.md) |

+|**QRadar** |Forward Defender for IoT alerts to IBM QRadar. | [Integrate Qradar with Microsoft Defender for IoT](tutorial-qradar.md) |

+|**ServiceNow** | View Defender for IoT device detections, attributes, and connections in ServiceNow. | [Integrate ServiceNow with Microsoft Defender for IoT](tutorial-servicenow.md) |

+| **Splunk** | Send Defender for IoT alerts to Splunk | [Integrate Splunk with Microsoft Defender for IoT](tutorial-splunk.md) |

+|**Axonius Cybersecurity Asset Management** | Import and manage device inventory discovered by Defender for IoT in your Axonius instance. | [Axonius documentation](https://docs.axonius.com/docs/azure-defender-for-iot) |

+## Next steps

+For more information, see:

+**Device inventory**:

+- [Use the Device inventory in the Azure portal](how-to-manage-device-inventory-for-organizations.md)

+- [Use the Device inventory in the OT sensor](how-to-investigate-sensor-detections-in-a-device-inventory.md)

+- [Use the Device inventory in the on-premises management console](how-to-investigate-all-enterprise-sensor-detections-in-a-device-inventory.md)

+**Alerts**:

+- [View alerts in the Azure portal](how-to-manage-cloud-alerts.md)

+- [View alerts in the OT sensor](how-to-view-alerts.md)

+- [View alerts in the on-premises management console](how-to-work-with-alerts-on-premises-management-console.md)

+| 22.1.5 | 06/2022 | 03/2023 |

+## June 2022

+description: Overview of the Azure Digital Twins IoT platform, including its features and value.

+Azure Digital Twins can be used to design a digital twin architecture that represents actual IoT devices in a wider cloud solution, and which connects to [IoT Hub](../iot-hub/iot-concepts-and-iot-hub.md) device twins to send and receive live data.

+* Connect assets such as IoT devices and existing business systems, using a robust event system to build dynamic business logic and data processing

+* Query the live execution environment to extract real-time insights from your twin graph

+* Build connected 3D visualizations of your environment that display business logic and twin data in context

+* Query historized environment data and integrate with other Azure data, analytics, and AI services to better track the past and predict the future

+## Define your business environment

+You can think of these model definitions as a specialized vocabulary to describe your business. For a building management solution, for example, you might define a model that defines a Building type, a Floor type, and an Elevator type. Models are defined in a JSON-like language called [Digital Twins Definition Language (DTDL)](https://github.com/Azure/opendigitaltwins-dtdl/blob/master/DTDL/v2/dtdlv2.md), and they describe types of entities according to their state properties, telemetry events, commands, components, and relationships. You can design your own model sets from scratch, or get started with a pre-existing set of [DTDL industry ontologies](concepts-ontologies.md) based on common vocabulary for your industry.

+>[!TIP]

+>DTDL is also used for data models throughout other Azure IoT services, including [IoT Plug and Play](../iot-develop/overview-iot-plug-and-play.md) and [Time Series Insights](../time-series-insights/overview-what-is-tsi.md). This compatibility helps you connect your Azure Digital Twins solution with other parts of the Azure ecosystem.

+Once you've defined your data models, use them to create [digital twins](concepts-twins-graph.md) that represent each specific entity in your environment. For example, you might use the Building model definition to create several Building-type twins (Building 1, Building 2, and so on). You can also use the relationships in the model definitions to connect twins to each other, forming a conceptual graph.

+You can view your Azure Digital Twins graph in [Azure Digital Twins Explorer](concepts-azure-digital-twins-explorer.md), which provides an interface to help you build and interact with your graph:

+## Contextualize IoT and business system data

+Digital models in Azure Digital Twins are live, up-to-date representations of the real world.

+To keep digital twin properties current against your environment, you can use [IoT Hub](../iot-hub/about-iot-hub.md) to connect your solution to IoT and IoT Edge devices. These hub-managed devices are represented as part of your twin graph, and provide the data that drives your model. You can create a new IoT Hub to use with Azure Digital Twins, or [connect an existing IoT Hub](how-to-ingest-iot-hub-data.md) along with the devices it already manages.

+You can also drive Azure Digital Twins from other data sources, using [REST APIs](concepts-apis-sdks.md) or connectors to other Azure services like [Logic Apps](../logic-apps/logic-apps-overview.md). These methods can help you input data from business systems and incorporate them into your twin graph.

+Azure Digital Twins provides a rich event system to keep your graph current, including data processing that can be customized to match your business logic. You can connect external compute resources, such as [Azure Functions](../azure-functions/functions-overview.md), to drive this data processing in flexible, customized ways.

+## Query for environment insights

+Azure Digital Twins provides a powerful query APIΓÇï to help you extract insights from the live execution environment. The API can query with extensive search conditions, including property values, relationships, relationship properties, model information, and more. You can also combine queries, gathering a broad range of insights about your environment and answering custom questions that are important to you. For more details about the language used to craft these queries, see [Query language](concepts-query-language.md).

+## Visualize environment in 3D Scenes Studio (preview)

+Azure Digital Twins [3D Scenes Studio (preview)](concepts-3d-scenes-studio.md) is an immersive visual 3D environment, where end users can monitor, diagnose, and investigate operational digital twin data with the visual context of 3D assets. With a digital twin graph and curated 3D model, subject matter experts can leverage the studio's low-code builder to map the 3D elements to digital twins in the Azure Digital Twins graph, and define UI interactivity and business logic for a 3D visualization of a business environment. The 3D scenes can then be consumed in the hosted 3D Scenes Studio, or in a custom application that leverages the embeddable 3D viewer component.

+Here's an example of a scene in 3D Scenes Studio, showing how digital twin properties can be visualized with 3D elements:

+## Share twin data to other Azure services

+## Sample solution architecture

+A possible architecture of a complete solution using Azure Digital Twins may contain the following components:

+The following diagram shows where Azure Digital Twins might lie in the context of a larger sample Azure IoT solution.

+> [Tutorial: Create and deploy your first ARM template](../azure-resource-manager/templates/template-tutorial-create-first-template.md)

+Each event processor instance acquires ownership of a partition and starts processing the partition from last known [checkpoint](#checkpointing). If a processor fails (VM shuts down), then other instances detect it by looking at the last modified time. Other instances try to get ownership of the partitions previously owned by the inactive instance, and the checkpoint store guarantees that only one of the instances succeeds in claiming ownership of a partition. So, at any given point of time, there is at most one processor that receives events from a partition.

+

+| **[Stream Data Centers](https://www.streamdatacenters.com/products-services/network-cloud/)** | Megaport |

+ > [!NOTE]

+ > Owner permissions are required at the scope of the policy objects being exported to GitHub.

+* For a list of the functions you can use in an Azure Resource Manager template, see [Template functions](../azure-resource-manager/templates/template-functions.md).

+- **Spark 2.3:** [Spark Release 2.3.0 deprecations](https://spark.apache.org/releases/spark-release-2-3-0.html#deprecations)

+* [Track and debug jobs running on an Apache Spark cluster in HDInsight](apache-spark-job-debugging.md)

+* [HL7 Da Vinci PDex Plan Network IG](https://build.fhir.org/ig/HL7/davinci-pdex-plan-net/): This implementation guide defines a FHIR interface to a health insurerΓÇÖs insurance plans, their associated networks, and the organizations and providers that participate in these networks.

+HL7 Fast Healthcare Interoperability Resources (FHIR&#174;) defines a standard and interoperable way to store and exchange healthcare data. Even within the base FHIR specification, it can be helpful to define other rules or extensions based on the context that FHIR is being used. For such context-specific uses of FHIR, **FHIR profiles** are used for the extra layer of specifications. [FHIR profile](https://www.hl7.org/fhir/profiling.html) allows you to narrow down and customize resource definitions using constraints and extensions.

+Profiles are also specified by various Implementation Guides (IGs). Some common IGs are listed below. For more information, visit the specific IG site to learn more about the IG and the profiles defined within it:

+- [US Core](https://www.hl7.org/fhir/us/core/)

+- [CARIN Blue Button](https://hl7.org/fhir/us/carin-bb)

+- [Da Vinci Payer Data Exchange](https://hl7.org/fhir/us/davinci-pdex)

+- [Argonaut](https://www.fhir.org/guides/argonaut/pd/)

+* [HL7 Da Vinci PDex Plan Network IG](https://build.fhir.org/ig/HL7/davinci-pdex-plan-net/): This implementation guide defines a FHIR interface to a health insurerΓÇÖs insurance plans, their associated networks, and the organizations and providers that participate in these networks.

+We don't allow custom FHIR resources. If you need a custom FHIR resource, you can build a custom resource on top of the [Basic resource](https://www.hl7.org/fhir/basic.html) with extensions.

+Profiles are also specified by various Implementation Guides (IGs). Some common IGs are listed below. For more information, visit the specific IG site to learn more about the IG and the profiles defined within it:

+- [US Core](https://www.hl7.org/fhir/us/core/)

+- [CARIN Blue Button](https://hl7.org/fhir/us/carin-bb)

+- [Da Vinci Payer Data Exchange](https://hl7.org/fhir/us/davinci-pdex)

+- [Argonaut](https://www.fhir.org/guides/argonaut/pd/)

+* **Support for transactions**: In Azure Health Data Services, the FHIR service supports transaction bundles. For more information about transaction bundles, visit [HL7.org](https://www.hl7.org/) and refer to batch/transaction interactions.

+ [](./media/storage-import-export-data-from-blobs/import-export-order-preview-03-export-job.png#lightbox)

+ [](./media/storage-import-export-data-from-blobs/import-export-order-preview-12-export-job.png#lightbox)

+1. Sign in to the [Azure portal](https://portal.azure.com).

+[](./media/storage-import-export-data-from-blobs/import-export-status-export-order-completed.png#lightbox)

+The sample device you use to test the scenario is written in Node.js. Make sure you have Node.js and NPM installed on your local machine. If you don't want to install these prerequisites, use the [Azure Cloud Shell](https://shell.azure.com/) that has them preinstalled.

+Select **Next: Target Devices**.

+### Step 4: Target devices

+Use the tags property from your devices to target the specific devices that should receive this deployment.

+Since multiple deployments may target the same device, you should give each deployment a priority number. If there's ever a conflict, the deployment with the highest priority (larger values indicate higher priority) wins. If two deployments have the same priority number, the one that was created most recently wins.

+If multiple deployments target the same device, then only the one with the higher priority is applied. If multiple layered deployments target the same device then they are all applied. However, if any properties are duplicated, like if there are two routes with the same name, then the one from the higher priority layered deployment overwrites the rest.

+Any layered deployment targeting a device must have a higher priority than the base deployment in order to be applied.

+1. Enter a positive integer for the deployment **Priority**.

+1. Enter a **Target condition** to determine which devices will be targeted with this deployment. The condition is based on device twin tags or device twin reported properties and should match the expression format. For example, `tags.environment='test'` or `properties.reported.devicemodel='4000x'`.

+### Step 5: Metrics

+## Nested virtualization

+Azure IoT Edge for Linux on Windows (EFLOW) can run in Windows virtual machines. Using a virtual machine as an IoT Edge device is common when customers want to augment existing infrastructure with edge intelligence. In order to run the EFLOW virtual machine inside a Windows VM, the host VM must support nested virtualization. EFLOW supports the following nested virtualization scenarios:

+| Version | Hyper-V VM | Azure VM | VMware ESXi VM | Other Hypervisor |

+| - | -- | -- | -- | -- |

+| EFLOW 1.1 LTS |  |  |  | - |

+| EFLOW Continuous Release (CR) ([Public preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/)) |  |  |  | - |

+

+For more information, see [EFLOW Nested virtualization](./nested-virtualization.md).

+Automatic configurations run for the first time shortly after the configuration is created and then at five minute intervals. Metrics queries run each time the automatic configuration runs. A maximum of 100 automatic configurations is supported on standard tier IoT hubs; ten on free tier IoT hubs. Throttling limits also apply. To learn more, see [Quotas and Throttling](iot-hub-devguide-quotas-throttling.md).

+You can create a maximum of 100 automatic configurations on standard tier IoT hubs; ten on free tier IoT hubs. To learn more, see [Quotas and Throttling](iot-hub-devguide-quotas-throttling.md).

+You configure target devices by creating a configuration that consists of the target content and metrics. Use the following command to create a configuration:

+Automatic configurations run for the first time shortly after the configuration is created and then at five minute intervals. Metrics queries run each time the automatic configuration runs. A maximum of 100 automatic configurations is supported on standard tier IoT hubs; ten on free tier IoT hubs. Throttling limits also apply. To learn more, see [Quotas and Throttling](iot-hub-devguide-quotas-throttling.md).

+You can create a maximum of 100 automatic configurations on standard tier IoT hubs; ten on free tier IoT hubs. To learn more, see [Quotas and Throttling](iot-hub-devguide-quotas-throttling.md).

+Download [OpenSSL for Windows](https://www.openssl.org/docs/faq.html#MISC4) or [build it from source](https://www.openssl.org/source/). Then run the preliminary scripts:

+ Title: Configure regions for labs

+description: Learn how to change the region of a lab.

+# Configure regions for labs

+This article shows you how to configure the locations where you can create labs by enabling or disabling regions associated with the lab plan. Enabling a region allows lab creators to create labs within that region. You cannot create labs in disabled regions.

+When you create a lab plan, you have to set an initial region for the labs, but you can enable or disable more regions for your lab at any time. If you create a lab plan by using the Azure portal, enable regions initially includes the same region as the location of the lab plan. If you create a lab plan by using the API or SDKs, you must set the AllowedRegion property when you create the lab plan.

+You might need to change the region for your labs in these circumstances:

+- Regulatory compliance. Choosing where your data resides, such as organizations choosing specific regions to help ensure that they are compliant with local regulations.

+- Service availability. Providing the optimal lab experience for your students by ensuring the Azure Lab Service is available in the region closest to them. For more information about service availability, see [Products available by region](https://azure.microsoft.com/global-infrastructure/services/?products=lab-services).

+- New region. You may acquire quota in a region different than the regions already enabled.

+## Prerequisites

+- To perform these steps, you must have an existing lab plan.

+## Enable regions

+To enable one or more regions after lab creation, follow these steps:

+1. In the [Azure portal](https://portal.azure.com), navigate to your lab plan.

+1. On the Lab plan overview page, select **Lab settings** from the left menu or select **Adjust settings**. Both go to the Lab settings page.

+ :::image type="content" source="./media/create-and-configure-labs-educator/lab-plan-overview-page.png" alt-text="Screenshot that shows the Lab overview page with Lab settings and Adjust settings highlighted.":::

+1. On the Lab settings page, under **Location selection**, select **Select regions**.

+ :::image type="content" source="./media/create-and-configure-labs-educator/lab-settings-page.png" alt-text="Screenshot that shows the Lab settings page with Select regions highlighted.":::

+1. On the Enabled regions page, select the region(s) you want to add, select **Enable**.

+ :::image type="content" source="./media/create-and-configure-labs-educator/enabled-regions-page.png" alt-text="Screenshot that shows the Enabled regions page with Enable and Apply highlighted.":::

+1. Enabled regions are displayed at the top of the list. Check that your desired regions are displayed and then select **Apply** to confirm your selection.

+ > [!NOTE]

+ > There are two steps to saving your enabled regions:

+ > - At the top of the regions list select **Enable**

+ > - At the bottom of the page, select **Apply**

+1. On the Lab settings page, verify that the regions you enabled are listed and then select **Save**.

+ :::image type="content" source="./media/create-and-configure-labs-educator/newly-enabled-regions.png" alt-text="Screenshot that shows the Lab settings page with the newly selected regions highlighted.":::

+ > [!NOTE]

+ > You must select **Save** to save your lab plan configuration.

+## Disable regions

+To disable one or more regions after lab creation, follow these steps:

+1. In the [Azure portal](https://portal.azure.com), navigate to your lab plan.

+1. On the Lab plan overview page, select **Lab settings** from the left menu or select **Adjust settings**. Both go to the Lab settings page.

+ :::image type="content" source="./media/create-and-configure-labs-educator/lab-plan-overview-page.png" alt-text="Screenshot that shows the Lab overview page with Lab settings and Adjust settings highlighted.":::

+1. On the Lab settings page, under **Location selection**, select **Select regions**.

+ :::image type="content" source="./media/create-and-configure-labs-educator/lab-settings-page.png" alt-text="Screenshot that shows the Lab settings page with Select regions highlighted.":::

+1. On the Enabled regions page, clear the check box of the region(s) you want to disable, select **Disable**.

+ :::image type="content" source="./media/create-and-configure-labs-educator/disable-regions-page.png" alt-text="Screenshot that shows the Enabled regions page with Disable and Apply highlighted.":::

+1. Enabled regions are displayed at the top of the list. Check that your desired regions are displayed and then select **Apply** to confirm your selection.

+ > [!NOTE]

+ > There are two steps to saving your disabled regions:

+ > - At the top of the regions list select **Disable**

+ > - At the bottom of the page, select **Apply**

+1. On the Lab settings page, verify that the regions you enabled are listed and then select **Save**.

+ :::image type="content" source="./media/create-and-configure-labs-educator/newly-enabled-regions.png" alt-text="Screenshot that shows the Lab settings page with the newly selected regions highlighted.":::

+ > [!NOTE]

+ > You must select **Save** to save your lab plan configuration.

+## Next steps

+- Learn how to choose the right regions for your Lab plan at [Azure geographies](https://azure.microsoft.com/global-infrastructure/geographies/#overview).

+- Check [Products available by region](https://azure.microsoft.com/global-infrastructure/services/?products=lab-services) For Azure Lab Services availability near you.

+> When students sign in to a lab, they aren't given the option to create a Microsoft account. For this reason, we recommend that you include this sign-up link, `http://signup.live.com`, in the lab registration email that you send to students who are using non-Microsoft accounts.

+Load Balancers can also be created in a non-zonal configuration by use of a "no-zone" frontend (a public IP or public IP prefix in the case of a public load balancer; a private IP in the case of an internal load balancer). This option does not give a guarantee of redundancy. Note that all public IP addresses that are [upgraded](../virtual-network/ip-services/public-ip-upgrade-portal.md) will be of type "no-zone".

+In the case where a region is augmented to have [availability zones](../availability-zones/az-overview.md), any existing IPs (e.g., used for load balancer frontends) would remain non-zonal. In order to ensure your architecture can take advantage of the new zones, it is recommended that new frontend IPs be created, and the appropriate rules and configurations be replicated to utilize these new IPs.

+### Job control settings

+These settings allow you to review and control your experiment jobs and its child jobs.

+|**Job summary table**| Γ£ô|Γ£ô|

+|**Cancel jobs & child jobs**| Γ£ô|Γ£ô|

+Authoring AutoML models for vision tasks is supported via the Azure ML Python SDK. The resulting experimentation jobs, models, and outputs can be accessed from the Azure Machine Learning studio UI.

+Support for natural language processing (NLP) tasks in automated ML allows you to easily generate models trained on text data for text classification and named entity recognition scenarios. Authoring automated ML trained NLP models is supported via the Azure Machine Learning Python SDK. The resulting experimentation jobs, models, and outputs can be accessed from the Azure Machine Learning studio UI.

+1. **Submit the training job.**

+You can also inspect the logged job information, which [contains metrics](how-to-understand-automated-ml.md) gathered during the job. The training job produces a Python serialized object (`.pkl` file) that contains the model and data preprocessing.

+ * **Choose a local compute**: If your scenario is about initial explorations or demos using small data and short trains (i.e. seconds or a couple of minutes per child job), training on your local computer might be a better choice. There is no setup time, the infrastructure resources (your PC or VM) are directly available.

+ * **Choose a remote ML compute cluster**: If you are training with larger datasets like in production training creating models which need longer trains, remote compute will provide much better end-to-end time performance because `AutoML` will parallelize trains across the cluster's nodes. On a remote compute, the start-up time for the internal infrastructure will add around 1.5 minutes per child job, plus additional minutes for the cluster infrastructure if the VMs are not yet up and running.

+|**Local compute target** | <li> No environment start-up time | <li> Subset of features<li> Can't parallelize jobs <li> Worse for large data. <li>No data streaming while training <li> No DNN-based featurization <li> Python SDK only |

+|**Remote ML compute clusters**| <li> Full set of features <li> Parallelize child jobs <li> Large data support<li> DNN-based featurization <li> Dynamic scalability of compute cluster on demand <li> No-code experience (web UI) also available | <li> Start-up time for cluster nodes <li> Start-up time for each child job |

+| Multiple jobs/iterations in parallel | Γ£ô | |

+| Continue a job | Γ£ô | |

+You can also [test any existing automated ML model (preview)](./v1/how-to-configure-auto-train-v1.md#test-existing-automated-ml-model)), including models from child jobs, by providing your own test data or by setting aside a portion of your training data.

+Automated machine learning supports ensemble models, which are enabled by default. Ensemble learning improves machine learning results and predictive performance by combining multiple models as opposed to using single models. The ensemble iterations appear as the final iterations of your job. Automated machine learning uses both voting and stacking ensemble methods for combining models:

+Azure Machine Learning has varying support across different compute targets. A typical model development lifecycle starts with development or experimentation on a small amount of data. At this stage, use a local environment like your local computer or a cloud-based VM. As you scale up your training on larger datasets or perform [distributed training](how-to-train-distributed-gpu.md), use Azure Machine Learning compute to create a single- or multi-node cluster that autoscales each time you submit a job. You can also attach your own compute resource, although support for different scenarios might vary.

+Learn more about how to [submit a training job to a compute target](how-to-set-up-training-targets.md).

+|Autoscales each time you submit a job | **&check;** | |

+* Cleans up your local scratch disk between jobs.

+| Azure Cosmos DB | Stores job history data. |

+The OS disk for each compute node stored in Azure Storage is encrypted with Microsoft-managed keys in Azure Machine Learning storage accounts. This compute target is ephemeral, and clusters are typically scaled down when no jobs are queued. The underlying virtual machine is de-provisioned, and the OS disk is deleted. Azure Disk Encryption isn't supported for the OS disk.

+Each virtual machine also has a local temporary disk for OS operations. If you want, you can use the disk to stage training data. If the workspace was created with the `hbi_workspace` parameter set to `TRUE`, the temporary disk is encrypted. This environment is short-lived (only during your job) and encryption support is limited to system-managed keys only.

+The OS disk for each compute node stored in Azure Storage is encrypted with Microsoft-managed keys in Azure Machine Learning storage accounts. This compute target is ephemeral, and clusters are typically scaled down when no jobs are queued. The underlying virtual machine is de-provisioned, and the OS disk is deleted. Azure Disk Encryption isn't supported for the OS disk.

+Each virtual machine also has a local temporary disk for OS operations. If you want, you can use the disk to stage training data. If the workspace was created with the `hbi_workspace` parameter set to `TRUE`, the temporary disk is encrypted. This environment is short-lived (only for the duration of your job,) and encryption support is limited to system-managed keys only.

+Microsoft also recommends not storing sensitive information (such as account key secrets) in environment variables. Environment variables are logged, encrypted, and stored by us. Similarly when naming your jobs, avoid including sensitive information such as user names or secret project names. This information may appear in telemetry logs accessible to Microsoft Support engineers.

+When you're ready to run your pipeline draft, you submit a pipeline job.

+### Pipeline job

+Each time you run a pipeline, the configuration of the pipeline and its results are stored in your workspace as a **pipeline job**. You can go back to any pipeline job to inspect it for troubleshooting or auditing. **Clone** a pipeline job to create a new pipeline draft for you to edit.

+Pipeline jobs are grouped into [experiments](v1/concept-azure-machine-learning-architecture.md#experiments) to organize job history. You can set the experiment for every pipeline job.

+You can also publish a pipeline to a **pipeline endpoint**. Similar to an online endpoint, a pipeline endpoint lets you submit new pipeline jobs from external applications using REST calls. However, you cannot send or receive data in real time using a pipeline endpoint.

+1. Azure Machine Learning provides a Machine Learning service token to the user compute target (for example, Azure Machine Learning compute cluster). This token is used by the user compute target to call back into the Machine Learning service after the job is complete. The scope is limited to the workspace.

+Azure Machine Learning environments are an encapsulation of the environment where your machine learning training happens. They specify the Python packages, environment variables, and software settings around your training and scoring scripts. They also specify runtimes (Python, Spark, or Docker). The environments are managed and versioned entities within your Machine Learning workspace that enable reproducible, auditable, and portable machine learning workflows across a variety of compute targets.

+The following diagram illustrates how you can use a single `Environment` object in both your job configuration (for training) and your inference and deployment configuration (for web service deployments).

+The environment, compute target and training script together form the job configuration: the full specification of a training job.

+Azure Machine Learning builds environment definitions into Docker images and conda environments. It also caches the environments so they can be reused in subsequent training jobs and service endpoint deployments. Running a training script remotely requires the creation of a Docker image, but a local job can use a conda environment directly.

+### Submitting a job using an environment

+When you first submit a remote job using an environment, the Azure Machine Learning service invokes an [ACR Build Task](../container-registry/container-registry-tasks-overview.md) on the Azure Container Registry (ACR) associated with the Workspace. The built Docker image is then cached on the Workspace ACR. Curated environments are backed by Docker images that are cached in Global ACR. At the start of the job execution, the image is retrieved by the compute target from the relevant ACR.

+For local jobs, a Docker or conda environment is created based on the environment definition. The scripts are then executed on the target compute - a local runtime environment or local Docker engine.

+If you use the same environment definition for another job, Azure Machine Learning reuses the cached image from the Workspace ACR to save time.

+The environment's computed hash value is compared with those in the Workspace and global ACR, or on the compute target (local jobs only). If there is a match then the cached image is pulled and used, otherwise an image build is triggered.

+In addition, automated ML jobs generate the following charts automatically, which can help you understand the correctness of the classifications of your model, and identify models potentially impacted by imbalanced data.

+[MLflow](https://www.mlflow.org) is an open-source library for managing the lifecycle of your machine learning experiments. MLflow's tracking URI and logging API, collectively known as [MLflow Tracking](https://mlflow.org/docs/latest/quickstart.html#using-the-tracking-api) is a component of MLflow that logs and tracks your training job metrics and model artifacts, no matter your experiment's environment--locally on your computer, on a remote compute target, a virtual machine or an Azure Machine Learning compute instance.

+You can use MLflow's tracking URI and logging API, collectively known as MLflow Tracking, to submit training jobs with [MLflow Projects](https://www.mlflow.org/docs/latest/projects.html) and Azure Machine Learning backend support (preview). You can submit jobs locally with Azure Machine Learning tracking or migrate your jobs to the cloud like via an [Azure Machine Learning Compute](./how-to-create-attach-compute-cluster.md).

+- Machine Learning Job history stores a snapshot of the code, data, and computes used to train a model.

+- [Integration with Azure](how-to-use-event-grid.md) allows you to act on events in the machine learning lifecycle. Examples are model registration, deployment, data drift, and training (job) events.

+You can use GitHub and Azure Pipelines to create a continuous integration process that trains a model. In a typical scenario, when a data scientist checks a change into the Git repo for a project, Azure Pipelines starts a training job. The results of the job can then be inspected to see the performance characteristics of the trained model. You can also create a pipeline that deploys the model as a web service.

+- Set termination policies on your training job

+- Data-driven insights to further understand heterogeneous treatment effects on an outcome, using historic data only. For example, ΓÇ£how would a medicine impact a patientΓÇÖs blood pressure?". Such insights are provided through the [Causal Inference](concept-causal-inference.md) component of the [Responsible AI dashboard](concept-responsible-ai-dashboard.md).

+ | [Run configuration](#run-configuration) | A **typical way to train models** is to use a training script and job configuration. The job configuration provides the information needed to configure the training environment used to train your model. You can specify your training script, compute target, and Azure ML environment in your job configuration and run a training job. |

+ | [Automated machine learning](#automated-machine-learning) | Automated machine learning allows you to **train models without extensive data science or programming knowledge**. For people with a data science and programming background, it provides a way to save time and resources by automating algorithm selection and hyperparameter tuning. You don't have to worry about defining a job configuration when using automated machine learning. |

+description: Learn how Azure Machine Learning integrates with a local Git repository to track repository, branch, and current commit information as part of a training job.

+When you submit a training job from the Python SDK or Machine Learning CLI, the files needed to train the model are uploaded to your workspace. If the `git` command is available on your development environment, the upload process uses it to check if the files are stored in a git repository. If so, then information from your git repository is also uploaded as part of the training job. This information is stored in the following properties for the training job:

+| `azureml.git.branch` | `git symbolic-ref --short HEAD` | The active branch when the job was submitted. |

+| `mlflow.source.git.branch` | `git symbolic-ref --short HEAD` | The active branch when the job was submitted. |

+| `azureml.git.commit` | `git rev-parse HEAD` | The commit hash of the code that was submitted for the job. |

+| `mlflow.source.git.commit` | `git rev-parse HEAD` | The commit hash of the code that was submitted for the job. |

+This information is sent for jobs that use an estimator, machine learning pipeline, or script run.

+The git information is stored in the properties for a training job. You can view this information using the Azure portal or Python SDK.

+1. Select __Jobs__, and then select one of your experiments.

+1. Select one of the jobs from the __Display name__ column.

+## Microsoft-managed container images

+ You can install new R packages by using the `install.packages()` function.

+Open a terminal window and start a new R session in the R interactive console.

+You can also query by using SQuirreL SQL. Follow steps similar to PostgreSQL by using the SQL Server JDBC driver. The JDBC driver is in the /usr/share/java/jdbcdrivers/sqljdbc42.jar folder.

+|Pre-installed Tools | Jupyter(lab), VSCode,<br> Visual Studio, PyCharm, Juno,<br>Power BI Desktop, SSMS, <br>Microsoft Office 365, Apache Drill | Jupyter(lab) |

+You have a choice of several code editors, including VS.Code, PyCharm, IntelliJ, vi/Vim, Emacs.

+VS.Code, PyCharm, and IntelliJ are graphical editors. To use them, you need to be signed in to a graphical

+Have additional questions? Consider creating a [support ticket](https://azure.microsoft.com/support/create-ticket/).

+The DSVM works closely with Azure services. It can read and process data that's already stored on Azure, in Azure Synapse (formerly SQL DW), Azure Data Lake, Azure Storage, or Azure Cosmos DB. It can also take advantage of other analytics tools, such as Azure Machine Learning.

+For R, you can use R Tools for Visual Studio. Microsoft has provided additional libraries on top of the open-source CRAN R to enable scalable analytics and the ability to analyze data larger than the memory size allowed in parallel chunked analysis.

+The pipeline uses [flake8](https://pypi.org/project/flake8/) to do the Python code linting. It runs the unit tests defined in the source code and publishes the linting and test results so they're available in the Azure Pipeline execution screen.

+[Azure RBAC](../role-based-access-control/overview.md) allows you to control which users in the workspace can create, delete, start, stop, restart a compute instance. All users in the workspace contributor and owner role can create, delete, start, stop, and restart compute instances across the workspace. However, only the creator of a specific compute instance, or the user assigned if it was created on their behalf, is allowed to access Jupyter, JupyterLab, and RStudio on that compute instance. A compute instance is dedicated to a single user who has root access, and can terminal in through Jupyter/JupyterLab/RStudio. Compute instance will have single-user sign-in and all actions will use that userΓÇÖs identity for Azure RBAC and attribution of experiment jobs. SSH access is controlled through public/private key mechanism.

+* [Submit a training job](how-to-set-up-training-targets.md)

+* Cleans up the local scratch disk between jobs.

+ To get the ID of the Key Vault, you can reference the output of the original template job or use the Azure CLI. The following command is an example of using the Azure CLI to get the Key Vault resource ID:

+In this option, the data is processed with custom Python code wrapped into an executable. It is invoked with an [Azure Data Factory Custom Component activity](../data-factory/transform-data-using-dotnet-custom-activity.md). This approach is a better fit for large data than the previous technique.

+1. To pass the location to Azure Machine Learning, the Data Factory pipeline calls an [Azure Machine Learning pipeline](concept-ml-pipelines.md). When calling the ML pipeline, the data location and job ID are sent as parameters.

+Since datasets support versioning, and each job from the pipeline creates a new version, it's easy to understand which version of the data was used to train a model.

+1. Select the VS Code Job view.

+### Register a model from an Azure ML training job

+### Register a model from an Azure ML training job

+All [Azure Data Box Edge devices](../databox-online/azure-stack-edge-overview.md) contain an FPGA for running the model. Only one model can be running on the FPGA at one time. To run a different model, just deploy a new container. Instructions and sample code can be found in [this Azure Sample](https://github.com/Azure-Samples/aml-hardware-accelerated-models).

+ Title: Deploy MLflow models

+description: Learn to deploy your MLflow model to the deployment targets supported by Azure.

+ms.devlang: azurecli

+# Deploy MLflow models

+> [!div class="op_single_selector" title1="Select the version of Azure Machine Learning CLI extension you are using:"]

+> * [v1](./v1/how-to-deploy-mlflow-models.md)

+> * [v2 (current version)](how-to-deploy-mlflow-models-online-endpoints.md)

+In this article, learn how to deploy your [MLflow](https://www.mlflow.org) model to Azure ML for both real-time and batch inference. Azure ML supports no-code deployment of models created and logged with MLflow. This means that you don't have to provide a scoring script or an environment. Those models can be deployed to ACI (Azure Container Instances), AKS (Azure Kubernetes Services) or our managed inference services (referred as MIR).

+For no-code-deployment, Azure Machine Learning

+* Dynamically installs Python packages provided in the `conda.yaml` file, this means the dependencies are installed during container runtime.

+ * The base container image/curated environment used for dynamic installation is `mcr.microsoft.com/azureml/mlflow-ubuntu18.04-py37-cpu-inference` or `AzureML-mlflow-ubuntu18.04-py37-cpu-inference`

+* Provides a MLflow base image/curated environment that contains the following items:

+ * [`azureml-inference-server-http`](how-to-inference-server-http.md)

+ * [`mlflow-skinny`](https://github.com/mlflow/mlflow/blob/master/README_SKINNY.rst)

+ * `pandas`

+ * The scoring script baked into the image.

+## Supported targets for MLflow models

+The following table shows the target support for MLflow models in Azure ML:

+| Scenario | Azure Container Instance | Azure Kubernetes | Managed Inference |

+| :- | :-: | :-: | :-: |

+| Deploying models logged with MLflow to real time inference | **&check;**¹ | **&check;**¹ | **&check;**¹ |

+| Deploying models logged with MLflow to batch inference | ² | ² | **&check;** |

+| Deploying models with ColSpec signatures | **&check;**⁴ | **&check;**⁴ | **&check;**⁴ |

+| Deploying models with TensorSpec signatures | **&check;**⁵ | **&check;**⁵ | **&check;**⁵ |

+| Run models logged with MLflow in you local compute with Azure ML CLI v2 | **&check;** | **&check;** | ³ |

+| Debug online endpoints locally in Visual Studio Code (preview) | | | |

+> [!NOTE]

+> - ¹ Spark flavor is not supported at the moment for deployment.

+> - ² We suggest you to use Azure Machine Learning Pipelines with Parallel Run Step.

+> - ³ For deploying MLflow models locally, use the MLflow CLI command `mlflow models serve -m <MODEL_NAME>`. Configure the environment variable `MLFLOW_TRACKING_URI` with the URL of your tracking server.

+> - ⁴ Data type `mlflow.types.DataType.Binary` is not supported as column type. For models that work with images, we suggest you to use or (a) tensors inputs using the [TensorSpec input type](https://mlflow.org/docs/latest/python_api/mlflow.types.html#mlflow.types.TensorSpec), or (b) `Base64` encoding schemes with a `mlflow.types.DataType.String` column type, which is commonly used when there is a need to encode binary data that needs be stored and transferred over media.

+> - ⁵ Tensors with unspecified shapes (`-1`) is only supported at the batch size by the moment. For instance, a signature with shape `(-1, -1, -1, 3)` is not supported but `(-1, 300, 300, 3)` is.

+For more information about how to specify requests to online-endpoints or the supported file types in batch-endpoints, check [Considerations when deploying to real time inference](#considerations-when-deploying-to-real-time-inference) and [Considerations when deploying to batch inference](#considerations-when-deploying-to-batch-inference).

+## Deployment tools

+There are three workflows for deploying MLflow models to Azure ML:

+- [Deploy using the MLflow plugin](#deploy-using-the-mlflow-plugin)

+- [Deploy using CLI (v2)](#deploy-using-cli-v2)

+- [Deploy using Azure Machine Learning studio](#deploy-using-azure-machine-learning-studio)

+### Which option to use?

+If you are familiar with MLflow or your platform support MLflow natively (like Azure Databricks) and you wish to continue using the same set of methods, use the `azureml-mlflow` plugin. On the other hand, if you are more familiar with the [Azure ML CLI v2](concept-v2.md), you want to automate deployments using automation pipelines, or you want to keep deployments configuration in a git repository; we recommend you to use the [Azure ML CLI v2](concept-v2.md). If you want to quickly deploy and test models trained with MLflow, you can use [Azure Machine Learning studio](https://ml.azure.com) UI deployment.

+## Deploy using the MLflow plugin

+The MLflow plugin [azureml-mlflow](https://pypi.org/project/azureml-mlflow/) can deploy models to Azure ML, either to Azure Kubernetes Service (AKS), Azure Container Instances (ACI) and Managed Inference Service (MIR) for real-time serving.

+> [!WARNING]

+> Deploying to Managed Inference Service - Batch endpoints is not supported in the MLflow plugin at the moment.

+### Prerequisites

+* Install the `azureml-mlflow` package.

+* If you are running outside an Azure ML compute, configure the MLflow tracking URI or MLflow's registry URI to point to the workspace you are working on. See [MLflow Tracking URI to connect with Azure Machine Learning)[https://docs.microsoft.com/en-us/azure/machine-learning/how-to-use-mlflow] for more details.

+### Deploying models to ACI or AKS

+Deployments can be generated using both the Python API for MLflow or MLflow CLI. In both cases, a JSON configuration file can be indicated with the details of the deployment you want to achieve. If not indicated, then a default deployment is done using Azure Container Instances (ACI) and a minimal configuration. The full specification of this configuration for ACI and AKS file can be checked at [Deployment configuration schema](v1/reference-azure-machine-learning-cli.md#deployment-configuration-schema).

+#### Configuration example for ACI deployment

+```json

+{

+ "computeType": "aci",

+ "containerResourceRequirements":

+ {

+ "cpu": 1,

+ "memoryInGB": 1

+ },

+ "location": "eastus2",

+}

+```

+> [!NOTE]

+> - If `containerResourceRequirements` is not indicated, a deployment with minimal compute configuration is applied (cpu: 0.1 and memory: 0.5).

+> - If `location` is not indicated, it defaults to the location of the workspace.

+#### Configuration example for an AKS deployment

+```json

+{

+ "computeType": "aks",

+ "computeTargetName": "aks-mlflow"

+}

+```

+> [!NOTE]

+> - In above exmaple, `aks-mlflow` is the name of an Azure Kubernetes Cluster registered/created in Azure Machine Learning.

+#### Running the deployment

+The following sample creates a deployment using an ACI:

+ ```python

+ import json

+ from mlflow.deployments import get_deploy_client

+ # Create the deployment configuration.

+ # If no deployment configuration is provided, then the deployment happens on ACI.

+ deploy_config = {"computeType": "aci"}

+ # Write the deployment configuration into a file.

+ deployment_config_path = "deployment_config.json"

+ with open(deployment_config_path, "w") as outfile:

+ outfile.write(json.dumps(deploy_config))

+ # Set the tracking uri in the deployment client.

+ client = get_deploy_client("<azureml-mlflow-tracking-url>")

+ # MLflow requires the deployment configuration to be passed as a dictionary.

+ config = {"deploy-config-file": deployment_config_path}

+ model_name = "mymodel"

+ model_version = 1

+ # define the model path and the name is the service name

+ # if model is not registered, it gets registered automatically and a name is autogenerated using the "name" parameter below

+ client.create_deployment(

+ model_uri=f"models:/{model_name}/{model_version}",

+ config=config,

+ name="mymodel-aci-deployment",

+ )

+ ```

+### Deploying models to Managed Inference

+Deployments can be generated using both the Python API for MLflow or MLflow CLI. In both cases, a JSON configuration file needs to be indicated with the details of the deployment you want to achieve. The full specification of this configuration can be found at [Managed online deployment schema (v2)](reference-yaml-deployment-managed-online.md).

+#### Configuration example for a Managed Inference Service deployment (real time)

+```json

+{

+ "instance_type": "Standard_DS2_v2",

+ "instance_count": 1,

+}

+```

+#### Running the deployment

+The following sample deploys a model to a real time Managed Inference Endpoint:

+ ```python

+ import json

+ from mlflow.deployments import get_deploy_client

+ # Create the deployment configuration.

+ deploy_config = {

+ "instance_type": "Standard_DS2_v2",

+ "instance_count": 1,

+ }

+ # Write the deployment configuration into a file.

+ deployment_config_path = "deployment_config.json"

+ with open(deployment_config_path, "w") as outfile:

+ outfile.write(json.dumps(deploy_config))

+ # Set the tracking uri in the deployment client.

+ client = get_deploy_client("<azureml-mlflow-tracking-url>")

+ # MLflow requires the deployment configuration to be passed as a dictionary.

+ config = {"deploy-config-file": deployment_config_path}

+ model_name = "mymodel"

+ model_version = 1

+ # define the model path and the name is the service name

+ # if model is not registered, it gets registered automatically and a name is autogenerated using the "name" parameter below

+ client.create_deployment(

+ model_uri=f"models:/{model_name}/{model_version}",

+ config=config,

+ name="mymodel-mir-deployment",

+ )

+ ```

+## Deploy using CLI (v2)

+You can use Azure ML CLI v2 to deploy models trained and logged with MLflow to Managed Inference. When you deploy your MLflow model using the Azure ML CLI v2, it's a no-code-deployment so you don't have to provide a scoring script or an environment, but you can if needed.

+### Prerequisites

+* You must have a MLflow model. The examples in this article are based on the models from [https://github.com/Azure/azureml-examples/blob/main/notebooks/using-mlflow](https://github.com/Azure/azureml-examples/blob/main/notebooks/using-mlflow/).

+ * If you don't have an MLflow formatted model, you can [convert your custom ML model to MLflow format](how-to-convert-custom-model-to-mlflow.md).

+In this code snippet used in this article, the `ENDPOINT_NAME` environment variable contains the name of the endpoint to create and use. To set this, use the following command from the CLI. Replace `<YOUR_ENDPOINT_NAME>` with the name of your endpoint:

+### Steps

+This example shows how you can deploy an MLflow model to an online endpoint using CLI (v2).

+> [!IMPORTANT]

+> For MLflow no-code-deployment, **[testing via local endpoints](how-to-deploy-managed-online-endpoints.md#deploy-and-debug-locally-by-using-local-endpoints)** is currently not supported.

+1. Create a YAML configuration file for your endpoint. The following example configures the name and authentication mode of the endpoint:

+ __create-endpoint.yaml__

+ :::code language="yaml" source="~/azureml-examples-main/cli/endpoints/online/mlflow/create-endpoint.yaml":::

+1. To create a new endpoint using the YAML configuration, use the following command:

+ :::code language="azurecli" source="~/azureml-examples-main/cli/deploy-managed-online-endpoint-mlflow.sh" ID="create_endpoint":::

+1. Create a YAML configuration file for the deployment. The following example configures a deployment of the `sklearn-diabetes` model to the endpoint created in the previous step:

+ > [!IMPORTANT]

+ > For MLflow no-code-deployment (NCD) to work, setting **`type`** to **`mlflow_model`** is required, `type: mlflow_modelΓÇï`. For more information, see [CLI (v2) model YAML schema](reference-yaml-model.md).

+ __sklearn-deployment.yaml__

+ :::code language="yaml" source="~/azureml-examples-main/cli/endpoints/online/mlflow/sklearn-deployment.yaml":::

+1. To create the deployment using the YAML configuration, use the following command:

+ :::code language="azurecli" source="~/azureml-examples-main/cli/deploy-managed-online-endpoint-mlflow.sh" ID="create_sklearn_deployment":::

+

+## Deploy using Azure Machine Learning studio

+This example shows how you can deploy an MLflow model to an online endpoint using [Azure Machine Learning studio](https://ml.azure.com).

+1. From [studio](https://ml.azure.com), select your workspace and then use the __models__ page to create a new model in the registry. You can use the option *From local files* to select the MLflow model from [https://github.com/Azure/azureml-examples/tree/main/cli/endpoints/online/mlflow/sklearn-diabetes/model](https://github.com/Azure/azureml-examples/tree/main/cli/endpoints/online/mlflow/sklearn-diabetes/model):

+ :::image type="content" source="media/how-to-deploy-mlflow-models-online-endpoints/register-model-ui.png" lightbox="media/how-to-deploy-mlflow-models-online-endpoints/register-model-ui.png" alt-text="Screenshot showing create option on the Models UI page.":::

+2. From [studio](https://ml.azure.com), select your workspace and then use either the __endpoints__ or __models__ page to create the endpoint deployment:

+ # [Endpoints page](#tab/endpoint)

+ 1. From the __Endpoints__ page, Select **+Create**.

+ :::image type="content" source="media/how-to-deploy-mlflow-models-online-endpoints/create-from-endpoints.png" lightbox="media/how-to-deploy-mlflow-models-online-endpoints/create-from-endpoints.png" alt-text="Screenshot showing create option on the Endpoints UI page.":::

+ 1. Provide a name and authentication type for the endpoint, and then select __Next__.

+ 1. When selecting a model, select the MLflow model registered previously. Select __Next__ to continue.

+ 1. When you select a model registered in MLflow format, in the Environment step of the wizard, you don't need a scoring script or an environment.

+ :::image type="content" source="media/how-to-deploy-mlflow-models-online-endpoints/ncd-wizard.png" lightbox="media/how-to-deploy-mlflow-models-online-endpoints/ncd-wizard.png" alt-text="Screenshot showing no code and environment needed for MLflow models.":::

+ 1. Complete the wizard to deploy the model to the endpoint.

+ :::image type="content" source="media/how-to-deploy-mlflow-models-online-endpoints/review-screen-ncd.png" lightbox="media/how-to-deploy-mlflow-models-online-endpoints/review-screen-ncd.png" alt-text="Screenshot showing NCD review screen.":::

+ # [Models page](#tab/models)

+ 1. Select the MLflow model, and then select __Deploy__. When prompted, select __Deploy to real-time endpoint__.

+ :::image type="content" source="media/how-to-deploy-mlflow-models-online-endpoints/deploy-from-models-ui.png" lightbox="media/how-to-deploy-mlflow-models-online-endpoints/deploy-from-models-ui.png" alt-text="Screenshot showing how to deploy model from Models UI.":::

+ 1. Complete the wizard to deploy the model to the endpoint.

+

+### Deploy models after a training job

+This section helps you understand how to deploy models to an online endpoint once you have completed your [training job](how-to-train-cli.md).

+1. Download the outputs from the training job. The outputs contain the model folder.

+ > [!NOTE]

+ > If you have used `mlflow.autolog()` in your training script, you will see model artifacts in the job's run history. Azure Machine Learning integrates with MLflow's tracking functionality. You can use `mlflow.autolog()` for several common ML frameworks to log model parameters, performance metrics, model artifacts, and even feature importance graphs.

+ >

+ > For more information, see [Train models with CLI](how-to-train-cli.md#model-tracking-with-mlflow). Also see the [training job samples](https://github.com/Azure/azureml-examples/tree/main/cli/jobs/single-step) in the GitHub repository.

+ # [Azure Machine Learning studio](#tab/studio)

+ :::image type="content" source="media/how-to-deploy-mlflow-models-online-endpoints/download-output-logs.png" lightbox="media/how-to-deploy-mlflow-models-online-endpoints/download-output-logs.png" alt-text="Screenshot showing how to download Outputs and logs from Experimentation run.":::

+ # [CLI](#tab/cli)

+ ```azurecli

+ az ml job download -n $run_id --outputs

+ ```

+2. To deploy using the downloaded files, you can use either studio or the Azure command-line interface. Use the model folder from the outputs for deployment:

+ * [Deploy using Azure Machine Learning studio](how-to-deploy-mlflow-models-online-endpoints.md#deploy-using-azure-machine-learning-studio).

+ * [Deploy using Azure Machine Learning CLI (v2)](how-to-deploy-mlflow-models-online-endpoints.md#deploy-using-cli-v2).

+## Considerations when deploying to real time inference

+The following input's types are supported in Azure ML when deploying models with no-code deployment. Take a look at *Notes* in the bottom of the table for additional considerations.

+| Input type | Support in MLflow models (serve) | Support in Azure ML|

+| :- | :-: | :-: |

+| JSON-serialized pandas DataFrames in the split orientation | **&check;** | **&check;** |

+| JSON-serialized pandas DataFrames in the records orientation | **&check;** | ¹ |

+| CSV-serialized pandas DataFrames | **&check;** | ² |

+| Tensor input format as JSON-serialized lists (tensors) and dictionary of lists (named tensors) | | **&check;** |

+| Tensor input formatted as in TF ServingΓÇÖs API | **&check;** | |

+> [!NOTE]

+> - ¹ We suggest you to use split orientation instead. Records orientation doesn't guarante column ordering preservation.

+> - ² We suggest you to explore batch inference for processing files.

+Regardless of the input type used, Azure Machine Learning requires inputs to be provided in a JSON payload, within a dictionary key `input_data`. Note that such key is not required when serving models using the command `mlflow models serve` and hence payloads can't be used interchangeably.

+### Creating requests

+Your inputs should be submitted inside a JSON payload containing a dictionary with key `input_data`.

+#### Payload example for a JSON-serialized pandas DataFrames in the split orientation

+```json

+{

+ "input_data": {

+ "columns": [

+ "age", "sex", "trestbps", "chol", "fbs", "restecg", "thalach", "exang", "oldpeak", "slope", "ca", "thal"

+ ],

+ "index": [1],

+ "data": [

+ [1, 1, 145, 233, 1, 2, 150, 0, 2.3, 3, 0, 2]

+ ]

+ }

+}

+```

+#### Payload example for a tensor input

+```json

+{

+ "input_data": [

+ [1, 1, 0, 233, 1, 2, 150, 0, 2.3, 3, 0, 2],

+ [1, 1, 0, 233, 1, 2, 150, 0, 2.3, 3, 0, 2]

+ [1, 1, 0, 233, 1, 2, 150, 0, 2.3, 3, 0, 2],

+ [1, 1, 145, 233, 1, 2, 150, 0, 2.3, 3, 0, 2]

+ ]

+}

+```

+#### Payload example for a named-tensor input

+```json

+{

+ "input_data": {

+ "tokens": [

+ [0, 655, 85, 5, 23, 84, 23, 52, 856, 5, 23, 1]

+ ],

+ "mask": [

+ [0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0]

+ ]

+ }

+}

+```

+## Considerations when deploying to batch inference

+Azure ML supports no-code deployment for batch inference in Managed Inference service. This represents a convenient way to deploy models that require processing of big amounts of data in a batch-fashion.

+### How work is distributed on workers

+Work is distributed at the file level, for both structured and unstructured data. As a consequence, only [file datasets](v1/how-to-create-register-datasets.md#filedataset) or [URI folders](reference-yaml-data.md) are supported for this feature. Each worker processes batches of `Mini batch size` files at a time. Further parallelism can be achieved if `Max concurrency per instance` is increased.

+> [!WARNING]

+> Nested folder structures are not explored during inference. If you are partitioning your data using folders, make sure to flatten the structure beforehand.

+### File's types support

+The following data types are supported for batch inference.

+| File extension | Type returned as model's input | Signature requirement |

+| :- | :- | :- |

+| `.csv` | `pd.DataFrame` | `ColSpec`. If not provided, columns typing is not enforced. |

+| `.png`, `.jpg`, `.jpeg`, `.tiff`, `.bmp`, `.gif` | `np.ndarray` | `TensorSpec`. Input is reshaped to match tensors shape if available. If no signature is available, tensors of type `np.uint8` are inferred. |

+## Next steps

+To learn more, review these articles:

+- [Deploy models with REST (preview)](how-to-deploy-with-rest.md)

+- [Create and use online endpoints in the studio](how-to-use-managed-online-endpoint-studio.md)

+- [Safe rollout for online endpoints](how-to-safely-rollout-managed-endpoints.md)

+- [How to autoscale managed online endpoints](how-to-autoscale-endpoints.md)

+- [Use batch endpoints for batch scoring](how-to-use-batch-endpoint.md)

+- [View costs for an Azure Machine Learning managed online endpoint (preview)](how-to-view-online-endpoints-costs.md)

+- [Access Azure resources with an online endpoint and managed identity (preview)](how-to-access-resources-from-endpoints-managed-identities.md)

+- [Troubleshoot online endpoint deployment](how-to-troubleshoot-managed-online-endpoints.md)

+An Azure Machine Learning workspace provides a centralized place to work with all the artifacts you create when you use Azure Machine Learning. The workspace keeps a history of all training jobs, including logs, metrics, output, and a snapshot of your scripts.

+### Submit the job

+Now that your pipeline is setup to split and export the data, submit a pipeline job.

+1. In the **Set up pipeline job** dialog, select **Create new** to create an experiment.

+ Experiments logically group together related pipeline jobs. If you run this pipeline in the future, you should use the same experiment for logging and tracking purposes.

+In Azure Machine Learning, personal data consists of user information in job history documents.

+Job history documents, which may contain personal user information, are stored in the storage account in blob storage, in subfolders of `/azureml`. You can download and delete the data from the portal.

+Datasets can be unregistered and Experiments can be archived, but these operations don't delete the data. To entirely remove the data, datasets and experiment data must be deleted at the storage level. Deleting at the storage level is done using the portal, as described previously. An individual Job can be deleted directly in studio. Deleting a Job deletes the Job's data.

+You can download training artifacts from experimental jobs using the Studio. Choose the **Experiment** and **Job** in which you're interested. Choose **Output + logs** and navigate to the specific artifacts you wish to download. Choose **...** and **Download**.

+You can download the outputs of a particular job using:

+|**Job** | 1. Submit a training job. |

+## Submit training job

+Jobs in Azure Machine Learning are defined by a job specification. This specification includes dependencies on input artifacts that are managed on a workspace-instance level, including environments, datasets, and compute. For multi-region job submission and deployments, we recommend the following practices:

+ * Use job submission helpers such as [ScriptRunConfig](/python/api/azureml-core/azureml.core.scriptrunconfig) and [Pipeline](/python/api/azureml-pipeline-core/azureml.pipeline.core.pipeline(class)).

+When your primary workspace becomes unavailable, you can switch over the secondary workspace to continue experimentation and development. Azure Machine Learning does not automatically submit jobs to the secondary workspace if there is an outage. Update your code configuration to point to the new workspace resource. We recommend to avoiding hardcoding workspace references. Instead, use a [workspace config file](how-to-configure-environment.md#workspace) to minimize manual user steps when changing workspaces. Make sure to also update any automation, such as continuous integration and deployment pipelines to the new workspace.

+Azure Machine Learning cannot sync or recover artifacts or metadata between workspace instances. Dependent on your application deployment strategy, you might have to move artifacts or recreate experimentation inputs such as dataset objects in the failover workspace in order to continue job submission. In case you have configured your primary workspace and secondary workspace resources to share associated resources with geo-replication enabled, some objects might be directly available to the failover workspace. For example, if both workspaces share the same docker images, configured datastores, and Azure Key Vault resources. The following diagram shows a configuration where two workspaces share the same images (1), datastores (2), and Key Vault (3).

+> * __Job outputs__ are stored in the default storage account associated with a workspace. While job outputs might become inaccessible from the studio UI in the case of a service outage, you can directly access the data through the storage account. For more information on working with data stored in blobs, see [Create, download, and list blobs with Azure CLI](../storage/blobs/storage-quickstart-blobs-cli.md).

+> This article shows you how to monitor the model training process. If you're interested in monitoring resource usage and events from Azure Machine learning, such as quotas, completed training jobs, or completed model deployments, see [Monitoring Azure Machine Learning](monitor-azure-machine-learning.md).

+## Log a training job with MLflow

+### Interactive jobs

+1. Start the job.

+1. End the job.

+For example, the following code snippet demonstrates setting the tracking URI, creating an experiment, and then logging during a job

+## View job information

+## View job metrics in the studio UI

+You can browse completed job records, including logged metrics, in the [Azure Machine Learning studio](https://ml.azure.com).

+Navigate to the **Jobs** tab. To view all your jobs in your Workspace across Experiments, select the **All jobs** tab. You can drill down on jobs for specific Experiments by applying the Experiment filter in the top menu bar.

+You can also edit the job list table to select multiple jobs and display either the last, minimum, or maximum logged value for your jobs. Customize your charts to compare the logged metrics values and aggregates across multiple jobs. You can plot multiple metrics on the y-axis of your chart and customize your x-axis to plot your logged metrics.

+### View and download log files for a job

+1. Navigate to the **Jobs** tab.

+ * **Jobs pane (Preview)**

+ 1. Select **Jobs** in the left pane to see a list of experiments that you've run on Azure Machine Learning.

+Curated environments contain collections of Python packages and are available in your workspace by default. These environments are backed by cached Docker images which reduces the job preparation cost and support training and inferencing scenarios.

+> If you are looking to deploy a model that was generated via the `automl` package with the Python SDK, you must [register your model](how-to-deploy-and-where.md?tabs=python#register-a-model-from-an-azure-ml-training-job-1) to the workspace.

+Additional details for these steps are in the following sections so you can successfully run your MLflow experiments with Azure Databricks.

+> [!NOTE]

+> MLflow Tracking in a [private link enabled Azure Machine Learning workspace](how-to-configure-private-link.md) is not supported.

+After you link your Azure Databricks workspace with your Azure Machine Learning workspace, MLflow Tracking is automatically set to be tracked in all of the following places:

+You can use then MLflow in Azure Databricks in the same way as you are used to. The following example sets the experiment name as it is usually done in Azure Databricks:

+import mlflow

+```

+In your training script, import `mlflow` to use the MLflow logging APIs, and start logging your run metrics. The following example, logs the epoch loss metric.

+```python

+import mlflow

+mlflow.log_metric('epoch_loss', loss.item())

+> [!NOTE]

+> As opposite to tracking, model registries don't support registering models at the same time on both Azure Machine Learning and Azure Databricks. Either one or the other has to be used. Please read the section [Registering models in the registry with MLflow](#registering-models-in-the-registry-with-mlflow) for more details.

+If you prefer to manage your tracked experiments in a centralized location, you can set MLflow tracking to **only** track in your Azure Machine Learning workspace. This configuration has the advantage of enabling easier path to deployment using Azure Machine Learning deployment options.

+You have to configure the MLflow tracking URI to point exclusively to Azure Machine Learning, as it is demonstrated in the following example:

+ # [Using the Azure ML SDK v2](#tab/sdkv2)

+

+ You can get the Azure ML MLflow tracking URI using the [Azure Machine Learning SDK v2 for Python](concept-v2.md). Ensure you have the library `azure-ai-ml` installed in the cluster you are using:

+

+ ```python

+ from azure.ai.ml import MLClient

+ from azure.identity import DeviceCodeCredential

+

+ subscription_id = ""

+ aml_resource_group = ""

+ aml_workspace_name = ""

+

+ ml_client = MLClient(credential=DeviceCodeCredential(),

+ subscription_id=subscription_id,

+ resource_group_name=aml_resource_group)

+

+ azureml_mlflow_uri = ml_client.workspaces.get(aml_workspace_name).mlflow_tracking_uri

+ mlflow.set_tracking_uri(azureml_mlflow_uri)

+ ```

+

+ # [Building the MLflow tracking URI](#tab/custom)

+

+ The Azure Machine Learning Tracking URI can be constructed using the subscription ID, region of where the resource is deployed, resource group name and workspace name. The following code sample shows how:

+

+ ```python

+ import mlflow

+ aml_region = ""

+ subscription_id = ""

+ aml_resource_group = ""

+ aml_workspace_name = ""

+ azureml_mlflow_uri = f"azureml://{aml_region}.api.azureml.ms/mlflow/v1.0/subscriptions/{subscription_id}/resourceGroups/{aml_resource_group}/providers/Microsoft.MachineLearningServices/workspaces/{aml_workspace_name}"

+ mlflow.set_tracking_uri(azureml_mlflow_uri)

+ ```

+

+ > [!NOTE]

+ > You can also get this URL by: Navigate to the [Azure ML Studio web portal](https://ml.azure.com) -> Clic on the uper-right corner of the page -> View all properties in Azure Portal -> MLflow tracking URI.

+

+#### Experiment's names in Azure Machine Learning

+When MLflow is configured to exclusively track experiments in Azure Machine Learning workspace, the experiment's naming convention has to follow the one used by Azure Machine Learning. In Azure Databricks, experiments are named with the path to where the experiment is saved like `/Users/alice@contoso.com/iris-classifier`. However, in Azure Machine Learning, you have to provide the experiment name directly. As in the previous example, the same experiment would be named `iris-classifier` directly:

+mlflow.set_experiment(experiment_name="experiment-name")

+## Logging models with MLflow

+After your model is trained, you can log it to the tracking server with the `mlflow.<model_flavor>.log_model()` method. `<model_flavor>`, refers to the framework associated with the model. [Learn what model flavors are supported](https://mlflow.org/docs/latest/models.html#model-api). In the following example, a model created with the Spark library MLLib is being registered. It's worth to mention that the flavor `spark` doesn't correspond to the fact that we are training a model in a Spark cluster but because of the training framework it was used (you can perfectly train a model using TensorFlow with Spark and hence the flavor to use would be `tensorflow`.

+mlflow.spark.log_model(model, artifact_path = "model")

+Models are logged inside of the run being tracked. That means that models are available in either both Azure Databricks and Azure Machine Learning (default) or exclusively in Azure Machine Learning if you configured the tracking URI to point to it.

+> [!IMPORTANT]

+> Notice that here the parameter `registered_model_name` has not been specified. Read the section [Registering models in the registry with MLflow](#registering-models-in-the-registry-with-mlflow) for more details about the implications of such parameter and how the registry works.

+## Registering models in the registry with MLflow

+As opposite to tracking, **model registries can't operate** at the same time in Azure Databricks and Azure Machine Learning. Either one or the other has to be used. By default, the Azure Databricks workspace is used for model registries; unless you chose to [set MLflow Tracking to only track in your Azure Machine Learning workspace](#set-mlflow-tracking-to-only-track-in-your-azure-machine-learning-workspace), then the model registry is the Azure Machine Learning workspace.

+Then, considering you are using the default configuration, the following line will log a model inside the corresponding runs of both Azure Databricks and Azure Machine Learning, but it will register it only on Azure Databricks:

+```

+* **If a registered model with the name doesnΓÇÖt exist**, the method registers a new model, creates version 1, and returns a ModelVersion MLflow object.

+* **If a registered model with the name already exists**, the method creates a new model version and returns the version object.

+### Registering models in the Azure Machine Learning Registry with MLflow

+At some point you may want to start registering models in Azure Machine Learning. Such configuration has the advantage of enabling all the deployment capabilities of Azure Machine Learning automatically, including no-code-deployment and model management capabilities. In that case, we recommend you to [set MLflow Tracking to only track in your Azure Machine Learning workspace](#set-mlflow-tracking-to-only-track-in-your-azure-machine-learning-workspace). This will remove the ambiguity of where models are being registered.

+If you want to continue using the dual-tracking capabilities but register models in Azure Machine Learning you can instruct MLflow to use Azure ML for model registries by configuring the MLflow Model Registry URI. This URI has the exact same format and value that the MLflow tracking URI.

+```python

+mlflow.set_registry_uri(azureml_mlflow_uri)

+> [!NOTE]

+> The value of `azureml_mlflow_uri` was obtained in the same way it was demostrated in [Set MLflow Tracking to only track in your Azure Machine Learning workspace](#set-mlflow-tracking-to-only-track-in-your-azure-machine-learning-workspace)

+For a complete example about this scenario please check the example [Training models in Azure Databricks and deploying them on Azure ML](https://github.com/Azure/azureml-examples/blob/main/notebooks/using-mlflow/no-code-deployment/track_with_databricks_deploy_aml.ipynb).

+## Deploying and consuming models registered in Azure Machine Learning

+Model registered in Azure Machine Learning Service using MLflow can be consumed as:

+* An Azure Machine Learning endpoint (real-time and batch): This deployment allows you to leverage Azure Machine Learning deployment capabilities for both real-time and batch inference in Azure Container Instances (ACI) Azure Kubernetes (AKS) or our Managed Inference endpoints (MIR).

+* MLFlow model objects or Pandas UDFs, which can be used in Azure Databricks notebooks in streaming or batch pipelines.

+You can leverage the `azureml-mlflow` plugin to deploy a model to your Azure Machine Learning workspace. Check [How to deploy MLflow models](how-to-deploy-mlflow-models.md) page for a complete detail about how to deploy models to the different targets.

+> [!IMPORTANT]

+> Models need to be registered in Azure Machine Learning registry in order to deploy them. If your models happen to be registered in the MLflow instance inside Azure Databricks, you will have to register them again in Azure Machine Learning. If this is you case, please check the example [Training models in Azure Databricks and deploying them on Azure ML](https://github.com/Azure/azureml-examples/blob/main/notebooks/using-mlflow/no-code-deployment/track_with_databricks_deploy_aml.ipynb)

+### Deploy models to ADB for batch scoring using UDFs

+The [Training models in Azure Databricks and deploying them on Azure ML](https://github.com/Azure/azureml-examples/blob/main/notebooks/using-mlflow/no-code-deployment/track_with_databricks_deploy_aml.ipynb) demonstrates how to train models in Azure Databricks and deploy them in Azure ML. It also includes how to handle cases where you also want to track the experiments and models with the MLflow instance in Azure Databricks and leverage Azure ML for deployment.

+ The **system_logs folder** contains logs generated by Azure Machine Learning. Learn more about [how to view and download log files for a run](how-to-log-view-metrics.md#view-and-download-log-files-for-a-job).

+> [Tutorial: Create and deploy your first ARM template](../azure-resource-manager/templates/template-tutorial-create-first-template.md)

+| Customers can manage subscriptions for the Apps they purchased in [Microsoft 365 admin center](https://admin.microsoft.com/), just like they normally do for any of their Microsoft Office or Dynamics subscriptions. | ISVs activate and manage deals in Partner Center [deal registration](/partner-center/register-deals) portal |

+The ability to change prices is available for both public and private plans of offers transacted through Microsoft.

+Supported offer types:

+- Azure application (Managed App)

+- Software as a service (SaaS)

+- Azure virtual machine.

+Price changes for the following offer types are not yet supported:

+- Dynamics 365 apps on Dataverse and Power Apps

+- Power BI visual

+- Azure container

+ > Private DNS zone names must end with `mysql.database.azure.com`. If you are connecting to the Azure Database for MySQL - Flexible sever with SSL and are using an option to perform full verification (sslmode=VERTIFY_IDENTITY) with certificate subject name, use \<servername\>.mysql.database.azure.com in your connection string.

+If you are using the custom DNS server then you must **use a DNS forwarder to resolve the FQDN of Azure Database for MySQL - Flexible Server**. The forwarder IP address should be [168.63.129.16](../../virtual-network/what-is-ip-address-168-63-129-16.md). The custom DNS server should be inside the VNet or reachable via the VNET's DNS Server setting. Refer to [name resolution that uses your own DNS server](../../virtual-network/virtual-networks-name-resolution-for-vms-and-role-instances.md#name-resolution-that-uses-your-own-dns-server) to learn more.

+> [!IMPORTANT]

+ > For successful provisioning of the Flexible Server, even if you are using a custom DNS server, **you must not block DNS traffic to [AzurePlatformDNS](../../virtual-network/service-tags-overview.md) using [NSG](../../virtual-network/network-security-groups-overview.md)**.

+> [Tutorial: Create and deploy your first ARM template](../../azure-resource-manager/templates/template-tutorial-create-first-template.md)

+If you are using Secure Sockets Tunneling Protocol (SSTP), the number of concurrent connections is limited to 128. To get a higher number of connections, we suggest transitioning to OpenVPN or IKEv2. For more information, see [Transition to OpenVPN protocol or IKEv2 from SSTP](../vpn-gateway/ikev2-openvpn-from-sstp.md).

+ Title: Model conversion error codes

+description: Learn about model conversion error codes and exception errors in the Azure Object Anchors service, and how to address them.

+# Model conversion error codes

+For common modes of model conversion failure, the `Azure.MixedReality.ObjectAnchors.Conversion.AssetConversionProperties` object you get from the `Value` field in the `Azure.MixedReality.ObjectAnchors.Conversion.AssetConversionOperation` contains an `ErrorCode` field of the `ConversionErrorCode` type.

+The `ConversionErrorCode` type enumerates the following common modes of model conversion failure. These enumerations are useful for error message localization, failure recovery, and tips to the user on how to correct the error.

+| Error code | Description | Mitigation |

+| INVALID_ASSET_URI | The asset at the URI provided when starting the conversion job couldn't be found. | When triggering an asset conversion job, provide an upload URI you get from the service where the asset to be converted is uploaded. |

+| INVALID_JOB_ID | The provided ID for the asset conversion job was set to the default all-zero GUID. | If a GUID is specified when creating an asset conversion job, make sure it isn't the default all-zero GUID. |

+| INVALID_SCALE | The provided scale factor wasn't a positive non-zero value. | When starting an asset conversion, provide the scalar value that corresponds to the measurement unit scale, with respect to meters, of the uploaded asset. |

+| ASSET_SIZE_TOO_LARGE | The intermediate PLY file generated from the asset or its serialized equivalent was too large. | Ensure conformity with the [asset size guidelines](faq.md) before submitting an asset for conversion. |

+| ASSET_DIMENSIONS_OUT_OF_BOUNDS | The dimensions of the asset exceeded the physical dimension limit. This error can be a sign of an improperly set scale for the asset when creating a job. | Inspect the `ScaledAssetDimensions` property in your `AssetConversionProperties` object. This property contains the actual dimensions of the asset calculated after applying the scale in meters. Then, ensure conformity with the [asset size guidelines](faq.md) before submitting the asset for conversion. Make sure the provided scale corresponds to the uploaded asset. |

+| ZERO_FACES | The intermediate PLY file generated from the asset was determined to have no faces, making it invalid for conversion. | Ensure the asset is a valid mesh. |

+| INVALID_FACE_VERTICES | The intermediate PLY file generated from the asset contained faces that referenced nonexistent vertices. | Ensure the asset file is validly constructed. |

+| ZERO_TRAJECTORIES_GENERATED | The camera trajectories generated from the uploaded asset were empty. | Ensure conformity with the [asset size guidelines](faq.md) before submitting an asset for conversion. |

+| TOO_MANY_RIG_POSES | The number of rig poses in the intermediate PLY file exceeded service limits. | Ensure conformity with the [asset size guidelines](faq.md) before submitting an asset for conversion. |

+| SERVICE_ERROR | An unknown service error occurred. | [File a GitHub issue to the Object Anchors service team](https://github.com/Azure/azure-object-anchors/issues) if the issue persists. |

+| ASSET_CANNOT_BE_CONVERTED | The provided asset was corrupted, malformed, or otherwise couldn't be converted in its provided format. | Ensure the asset is a validly constructed file of the specified type. Ensure conformity with the [asset size guidelines](faq.md) before submitting the asset for conversion. |

+## Exception errors

+Any errors that occur outside the actual asset conversion jobs are thrown as exceptions. Most notably, the `Azure.RequestFailedException` can be thrown for service calls that receive an unsuccessful (4xx or 5xx) or unexpected HTTP response code. For further details on these exceptions, examine the `Status`, `ErrorCode`, or `Message` fields on the exception.

+| ArgumentException | <ul><li>Using an invalidly constructed or all-zero account ID to construct a request with the `ObjectAnchorsConversionClient`.</li><li>Attempting to initialize the `ObjectAnchorsConversionClient` using an invalid whitespace account domain.</li><li>Providing an unsupported service version to the `ObjectAnchorsConversionClient` through `ObjectAnchorsConversionClientOptions`.</li></ul> |

+| ArgumentNullException | <ul><li>Attempting to initialize the `ObjectAnchorsConversionClient` using an invalid null account domain.</li><li>Attempting to initialize the `ObjectAnchorsConversionClient` using an invalid null credential.</li></ul> |

+| RequestFailedException | <ul><li>All other issues resulting from a bad HTTP status code, unrelated to job status. Examples include an account not being found, the front end detecting an invalid upload URI, or a front end service error.</li></ul> |

+| UnsupportedAssetFileTypeException | <ul><li>Submitting an asset with an extension or specified filetype that the Azure Object Anchors Conversion service doesn't support.</li></ul> |

+## Next steps

+- [Quickstart: Create an Object Anchors model from a 3D model](quickstarts/get-started-model-conversion.md)

+- [Frequently asked questions about Azure Object Anchors](faq.md)

+- [Azure Object Anchors client library for .NET](/dotnet/api/overview/azure/mixedreality.objectanchors.conversion-readme-pre)

+You can also download the [latest release of the CLI](https://mirror.openshift.com/pub/openshift-v4/clients/ocp/latest/) appropriate to your machine.

+You can also download the [latest release of the CLI](https://mirror.openshift.com/pub/openshift-v4/clients/ocp/latest/) appropriate to your machine.

+| Performance insights (iPerf) | Yes | Yes. Not available in portal |

+* General availability of Azure Database for PostgreSQL - Flexible Server in Canada East and Jio India West regions.

+**Pg_stat_statements** is a PostgreSQL extension that can be enabled in Azure Database for PostgreSQL. The extension provides a means to track execution statistics for all SQL statements executed by a server. This module hooks into every query execution and comes with a non-trivial performance cost. Enabling **pg_stat_statements** forces query text writes to files on disk.

+> [Tutorial: Create and deploy your first ARM template](../../azure-resource-manager/templates/template-tutorial-create-first-template.md)

+ 2. All required [private endpoints for Microsoft Purview](/azure/purview/catalog-private-link-end-to-end) are deployed.

+> | [Data Operator for Managed Disks](#data-operator-for-managed-disks) | Provides permissions to upload data to empty managed disks, read, or export data of managed disks (not attached to running VMs) and snapshots using SAS URIs and Azure AD authentication. | 959f8984-c045-4866-89c7-12bf9737be2e |

+### Data Operator for Managed Disks

+Provides permissions to upload data to empty managed disks, read, or export data of managed disks (not attached to running VMs) and snapshots using SAS URIs and Azure AD authentication.

+> [!div class="mx-tableFixed"]

+> | Actions | Description |

+> | | |

+> | *none* | |

+> | **NotActions** | |

+> | *none* | |

+> | **DataActions** | |

+> | [Microsoft.Compute](resource-provider-operations.md#microsoftcompute)/disks/download/action | Perform read data operations on Disk SAS Uri |

+> | [Microsoft.Compute](resource-provider-operations.md#microsoftcompute)/disks/upload/action | Perform write data operations on Disk SAS Uri |

+> | [Microsoft.Compute](resource-provider-operations.md#microsoftcompute)/snapshots/download/action | Perform read data operations on Snapshot SAS Uri |

+> | [Microsoft.Compute](resource-provider-operations.md#microsoftcompute)/snapshots/upload/action | Perform write data operations on Snapshot SAS Uri |

+> | **NotDataActions** | |

+> | *none* | |

+```json

+{

+ "assignableScopes": [

+ "/"

+ ],

+ "description": "Provides permissions to upload data to empty managed disks, read, or export data of managed disks (not attached to running VMs) and snapshots using SAS URIs and Azure AD authentication.",

+ "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/959f8984-c045-4866-89c7-12bf9737be2e",

+ "name": "959f8984-c045-4866-89c7-12bf9737be2e",

+ "permissions": [

+ {

+ "actions": [],

+ "notActions": [],

+ "dataActions": [

+ "Microsoft.Compute/disks/download/action",

+ "Microsoft.Compute/disks/upload/action",

+ "Microsoft.Compute/snapshots/download/action",

+ "Microsoft.Compute/snapshots/upload/action"

+ ],

+ "notDataActions": []

+ }

+ ],

+ "roleName": "Data Operator for Managed Disks",

+ "roleType": "BuiltInRole",

+ "type": "Microsoft.Authorization/roleDefinitions"

+}

+```

+> | [Microsoft.AppPlatform](resource-provider-operations.md#microsoftappplatform)/Spring/configService/read | Read the configuration content(for example, application.yaml) for a specific Azure Spring Apps service instance |

+> | [Microsoft.AppPlatform](resource-provider-operations.md#microsoftappplatform)/Spring/configService/write | Write config server content for a specific Azure Spring Apps service instance |

+> | [Microsoft.AppPlatform](resource-provider-operations.md#microsoftappplatform)/Spring/configService/delete | Delete config server content for a specific Azure Spring Apps service instance |

+> | [Microsoft.AppPlatform](resource-provider-operations.md#microsoftappplatform)/Spring/configService/read | Read the configuration content(for example, application.yaml) for a specific Azure Spring Apps service instance |

+> | [Microsoft.AppPlatform](resource-provider-operations.md#microsoftappplatform)/Spring/eurekaService/read | Read the user app(s) registration information for a specific Azure Spring Apps service instance |

+> | [Microsoft.AppPlatform](resource-provider-operations.md#microsoftappplatform)/Spring/eurekaService/write | Write the user app(s) registration information for a specific Azure Spring Apps service instance |

+> | [Microsoft.AppPlatform](resource-provider-operations.md#microsoftappplatform)/Spring/eurekaService/delete | Delete the user app registration information for a specific Azure Spring Apps service instance |

+> | [Microsoft.AppPlatform](resource-provider-operations.md#microsoftappplatform)/Spring/eurekaService/read | Read the user app(s) registration information for a specific Azure Spring Apps service instance |

+> | [Microsoft.EventGrid](resource-provider-operations.md#microsofteventgrid)/partnerNamespaces/read | Read a partner namespace |

+> | [Microsoft.AAD](resource-provider-operations.md#microsoftaad)/domainServices/* | |

+ "Microsoft.AAD/domainServices/*",

+> | [Microsoft.AAD](resource-provider-operations.md#microsoftaad)/domainServices/*/read | |

+ "Microsoft.AAD/domainServices/*/read",

+ "description": "Lets you push assessments to Security Center",

+> | Microsoft.Marketplace/privateStores/collections/upsertOfferWithMultiContext/action | Upsert an offer with different contexts |

+> | Microsoft.Network/locations/applicationgatewaywafdynamicmanifest/read | Get the application gateway waf dynamic manifest |

+> | Microsoft.Network/networkWatchers/packetCaptures/queryStatus/read | Read Packet Capture Status |

+> | Microsoft.Network/virtualNetworks/listDnsResolvers/action | Gets the DNS Resolver for Virtual Network, in JSON format |

+> | Microsoft.Network/virtualNetworks/listDnsForwardingRulesets/action | Gets the DNS Forwarding Ruleset for Virtual Network, in JSON format |

+> | Microsoft.NetApp/netAppAccounts/backupVaults/read | Reads a Backup Vault resource. |

+> | Microsoft.NetApp/netAppAccounts/backupVaults/write | Writes a Backup Vault resource. |

+> | Microsoft.NetApp/netAppIPSecPolicies/read | Reads an IPSec policy resource. |

+> | Microsoft.NetApp/netAppIPSecPolicies/write | Writes an IPSec policy resource. |

+> | Microsoft.NetApp/netAppIPSecPolicies/delete | Deletes an IPSec policy resource. |

+> | Microsoft.Storage/storageAccounts/privateEndpointConnections/action | |

+> | Microsoft.Storage/storageAccounts/networkSecurityPerimeterAssociationProxies/delete | |

+> | Microsoft.Storage/storageAccounts/networkSecurityPerimeterAssociationProxies/read | |

+> | Microsoft.Storage/storageAccounts/networkSecurityPerimeterAssociationProxies/write | |

+> | Microsoft.Storage/storageAccounts/storageTasks/delete | |

+> | Microsoft.Storage/storageAccounts/storageTasks/read | |

+> | Microsoft.Storage/storageAccounts/storageTasks/executionsummary/action | |

+> | Microsoft.Storage/storageAccounts/storageTasks/assignmentexecutionsummary/action | |

+> | Microsoft.Storage/storageAccounts/storageTasks/write | |

+> | Microsoft.Storage/storageTasks/read | |

+> | Microsoft.Storage/storageTasks/delete | |

+> | Microsoft.Storage/storageTasks/promote/action | |

+> | Microsoft.Storage/storageTasks/write | |

+> | Microsoft.AppPlatform/operations/read | List available operations of Microsoft Azure Spring Apps |

+> | Microsoft.AppPlatform/skus/read | List available skus of Microsoft Azure Spring Apps |

+> | Microsoft.AppPlatform/Spring/write | Create or Update a specific Azure Spring Apps service instance |

+> | Microsoft.AppPlatform/Spring/delete | Delete a specific Azure Spring Apps service instance |

+> | Microsoft.AppPlatform/Spring/read | Get Azure Spring Apps service instance(s) |

+> | Microsoft.AppPlatform/Spring/listTestKeys/action | List test keys for a specific Azure Spring Apps service instance |

+> | Microsoft.AppPlatform/Spring/regenerateTestKey/action | Regenerate test key for a specific Azure Spring Apps service instance |

+> | Microsoft.AppPlatform/Spring/disableTestEndpoint/action | Disable test endpoint functionality for a specific Azure Spring Apps service instance |

+> | Microsoft.AppPlatform/Spring/enableTestEndpoint/action | Enable test endpoint functionality for a specific Azure Spring Apps service instance |

+> | Microsoft.AppPlatform/Spring/stop/action | Stop a specific Azure Spring Apps service instance |

+> | Microsoft.AppPlatform/Spring/start/action | Start a specific Azure Spring Apps service instance |

+> | Microsoft.AppPlatform/Spring/configServers/action | Validate the config server settings for a specific Azure Spring Apps service instance |

+> | Microsoft.AppPlatform/Spring/apiPortals/read | Get the API portal for a specific Azure Spring Apps service instance |

+> | Microsoft.AppPlatform/Spring/apiPortals/write | Create or update the API portal for a specific Azure Spring Apps service instance |

+> | Microsoft.AppPlatform/Spring/apiPortals/delete | Delete the API portal for a specific Azure Spring Apps service instance |

+> | Microsoft.AppPlatform/Spring/apiPortals/validateDomain/action | Validate the API portal domain for a specific Azure Spring Apps service instance |

+> | Microsoft.AppPlatform/Spring/apiPortals/domains/read | Get the API portal domain for a specific Azure Spring Apps service instance |

+> | Microsoft.AppPlatform/Spring/apiPortals/domains/write | Create or update the API portal domain for a specific Azure Spring Apps service instance |

+> | Microsoft.AppPlatform/Spring/apiPortals/domains/delete | Delete the API portal domain for a specific Azure Spring Apps service instance |

+> | Microsoft.AppPlatform/Spring/apps/write | Create or update the application for a specific Azure Spring Apps service instance |

+> | Microsoft.AppPlatform/Spring/apps/delete | Delete the application for a specific Azure Spring Apps service instance |

+> | Microsoft.AppPlatform/Spring/apps/read | Get the applications for a specific Azure Spring Apps service instance |

+> | Microsoft.AppPlatform/Spring/apps/getResourceUploadUrl/action | Get the resource upload URL of a specific Microsoft Azure Spring Apps application |

+> | Microsoft.AppPlatform/Spring/apps/setActiveDeployments/action | Set active deployments for a specific Microsoft Azure Spring Apps application |

+> | Microsoft.AppPlatform/Spring/apps/deployments/getLogFileUrl/action | Get the log file URL of a specific Microsoft Azure Spring Apps application deployment |

+> | Microsoft.AppPlatform/Spring/buildServices/read | Get the Build Services for a specific Azure Spring Apps service instance |

+> | Microsoft.AppPlatform/Spring/buildServices/getResourceUploadUrl/action | Get the Upload URL of a specific Microsoft Azure Spring Apps build |

+> | Microsoft.AppPlatform/Spring/buildServices/agentPools/read | Get the Agent Pools for a specific Azure Spring Apps service instance |

+> | Microsoft.AppPlatform/Spring/buildServices/agentPools/write | Create or update the Agent Pools for a specific Azure Spring Apps service instance |

+> | Microsoft.AppPlatform/Spring/buildServices/builders/read | Get the Builders for a specific Azure Spring Apps service instance |

+> | Microsoft.AppPlatform/Spring/buildServices/builders/write | Create or update the Builders for a specific Azure Spring Apps service instance |

+> | Microsoft.AppPlatform/Spring/buildServices/builders/delete | Delete the Builders for a specific Azure Spring Apps service instance |

+> | Microsoft.AppPlatform/Spring/buildServices/builders/buildpackBindings/read | Get the BuildpackBinding for a specific Azure Spring Apps service instance Builder |

+> | Microsoft.AppPlatform/Spring/buildServices/builders/buildpackBindings/write | Create or update the BuildpackBinding for a specific Azure Spring Apps service instance Builder |

+> | Microsoft.AppPlatform/Spring/buildServices/builders/buildpackBindings/delete | Delete the BuildpackBinding for a specific Azure Spring Apps service instance Builder |

+> | Microsoft.AppPlatform/Spring/buildServices/builds/read | Get the Builds for a specific Azure Spring Apps service instance |

+> | Microsoft.AppPlatform/Spring/buildServices/builds/write | Create or update the Builds for a specific Azure Spring Apps service instance |

+> | Microsoft.AppPlatform/Spring/buildServices/builds/results/read | Get the Build Results for a specific Azure Spring Apps service instance |

+> | Microsoft.AppPlatform/Spring/buildServices/builds/results/getLogFileUrl/action | Get the Log File URL of a specific Microsoft Azure Spring Apps build result |

+> | Microsoft.AppPlatform/Spring/buildServices/supportedBuildpacks/read | Get the Supported Buildpacks for a specific Azure Spring Apps service instance |

+> | Microsoft.AppPlatform/Spring/buildServices/supportedStacks/read | Get the Supported Stacks for a specific Azure Spring Apps service instance |

+> | Microsoft.AppPlatform/Spring/certificates/write | Create or update the certificate for a specific Azure Spring Apps service instance |

+> | Microsoft.AppPlatform/Spring/certificates/delete | Delete the certificate for a specific Azure Spring Apps service instance |

+> | Microsoft.AppPlatform/Spring/certificates/read | Get the certificates for a specific Azure Spring Apps service instance |

+> | Microsoft.AppPlatform/Spring/configServers/read | Get the config server for a specific Azure Spring Apps service instance |

+> | Microsoft.AppPlatform/Spring/configServers/write | Create or update the config server for a specific Azure Spring Apps service instance |

+> | Microsoft.AppPlatform/Spring/configurationServices/read | Get the Application Configuration Services for a specific Azure Spring Apps service instance |

+> | Microsoft.AppPlatform/Spring/configurationServices/write | Create or update the Application Configuration Service for a specific Azure Spring Apps service instance |

+> | Microsoft.AppPlatform/Spring/configurationServices/delete | Delete the Application Configuration Service for a specific Azure Spring Apps service instance |

+> | Microsoft.AppPlatform/Spring/deployments/read | Get the deployments for a specific Azure Spring Apps service instance |

+> | Microsoft.AppPlatform/Spring/detectors/read | Get the detectors for a specific Azure Spring Apps service instance |

+> | Microsoft.AppPlatform/Spring/gateways/read | Get the Spring Cloud Gateways for a specific Azure Spring Apps service instance |

+> | Microsoft.AppPlatform/Spring/gateways/write | Create or update the Spring Cloud Gateway for a specific Azure Spring Apps service instance |

+> | Microsoft.AppPlatform/Spring/gateways/delete | Delete the Spring Cloud Gateway for a specific Azure Spring Apps service instance |

+> | Microsoft.AppPlatform/Spring/gateways/validateDomain/action | Validate the Spring Cloud Gateway domain for a specific Azure Spring Apps service instance |

+> | Microsoft.AppPlatform/Spring/gateways/domains/read | Get the Spring Cloud Gateways domain for a specific Azure Spring Apps service instance |

+> | Microsoft.AppPlatform/Spring/gateways/domains/write | Create or update the Spring Cloud Gateway domain for a specific Azure Spring Apps service instance |

+> | Microsoft.AppPlatform/Spring/gateways/domains/delete | Delete the Spring Cloud Gateway domain for a specific Azure Spring Apps service instance |

+> | Microsoft.AppPlatform/Spring/gateways/routeConfigs/read | Get the Spring Cloud Gateway route config for a specific Azure Spring Apps service instance |

+> | Microsoft.AppPlatform/Spring/gateways/routeConfigs/write | Create or update the Spring Cloud Gateway route config for a specific Azure Spring Apps service instance |

+> | Microsoft.AppPlatform/Spring/gateways/routeConfigs/delete | Delete the Spring Cloud Gateway route config for a specific Azure Spring Apps service instance |

+> | Microsoft.AppPlatform/Spring/monitoringSettings/read | Get the monitoring setting for a specific Azure Spring Apps service instance |

+> | Microsoft.AppPlatform/Spring/monitoringSettings/write | Create or update the monitoring setting for a specific Azure Spring Apps service instance |

+> | Microsoft.AppPlatform/Spring/providers/Microsoft.Insights/diagnosticSettings/read | Get the diagnostic settings for a specific Azure Spring Apps service instance |

+> | Microsoft.AppPlatform/Spring/providers/Microsoft.Insights/diagnosticSettings/write | Create or update the diagnostic settings for a specific Azure Spring Apps service instance |

+> | Microsoft.AppPlatform/Spring/providers/Microsoft.Insights/logDefinitions/read | Get definitions of logs from Azure Spring Apps service instance |

+> | Microsoft.AppPlatform/Spring/providers/Microsoft.Insights/metricDefinitions/read | Get definitions of metrics from Azure Spring Apps service instance |

+> | Microsoft.AppPlatform/Spring/serviceRegistries/read | Get the Service Registrys for a specific Azure Spring Apps service instance |

+> | Microsoft.AppPlatform/Spring/serviceRegistries/write | Create or update the Service Registry for a specific Azure Spring Apps service instance |

+> | Microsoft.AppPlatform/Spring/serviceRegistries/delete | Delete the Service Registry for a specific Azure Spring Apps service instance |

+> | Microsoft.AppPlatform/Spring/storages/write | Create or update the storage for a specific Azure Spring Apps service instance |

+> | Microsoft.AppPlatform/Spring/storages/delete | Delete the storage for a specific Azure Spring Apps service instance |

+> | Microsoft.AppPlatform/Spring/storages/read | Get storage for a specific Azure Spring Apps service instance |

+> | Microsoft.AppPlatform/Spring/configService/read | Read the configuration content(for example, application.yaml) for a specific Azure Spring Apps service instance |

+> | Microsoft.AppPlatform/Spring/configService/write | Write config server content for a specific Azure Spring Apps service instance |

+> | Microsoft.AppPlatform/Spring/configService/delete | Delete config server content for a specific Azure Spring Apps service instance |

+> | Microsoft.AppPlatform/Spring/eurekaService/read | Read the user app(s) registration information for a specific Azure Spring Apps service instance |

+> | Microsoft.AppPlatform/Spring/eurekaService/write | Write the user app(s) registration information for a specific Azure Spring Apps service instance |

+> | Microsoft.AppPlatform/Spring/eurekaService/delete | Delete the user app registration information for a specific Azure Spring Apps service instance |

+> | Microsoft.AppPlatform/Spring/logstreamService/read | Read the streaming log of user app for a specific Azure Spring Apps service instance |

+> | Microsoft.Media/locations/mediaServicesOperationResults/read | Read any Media Services Operation Result |

+> | Microsoft.Media/locations/mediaServicesOperationStatuses/read | Read Any Media Service Operation Status |

+> | Microsoft.ContainerInstance/containerGroupProfiles/revisions/read | Get container group profile revisions |

+> | Microsoft.ContainerInstance/containerGroupProfiles/revisions/deregister/action | Deregister container group profile revision. |

+> | Microsoft.ContainerService/managedClusters/unpinManagedCluster/action | Reset the service principal profile of a managed cluster |

+> | Microsoft.DataFactory/factories/dataMappers/read | Reads Data Mapping. |

+> | Microsoft.DataFactory/factories/dataMappers/delete | Deletes Data Mapping. |

+> | Microsoft.DataFactory/factories/dataMappers/write | Create or update Data Mapping |

+> | Microsoft.DBforPostgreSQL/flexibleServers/replicas/read | |

+> | Microsoft.Sql/unregister/action | Unregisters the subscription for the Azure SQL Database resource provider and disables the creation of Azure SQL Databases. |

+> | Microsoft.Sql/locations/managedInstanceDtcAzureAsyncOperation/read | Gets the status of Azure SQL Managed Instance DTC Azure async operation. |

+> | Microsoft.Sql/locations/sqlVulnerabilityAssessmentAzureAsyncOperation/read | Get a sql database vulnerability assessment scan azure async operation. |

+> | Microsoft.Sql/locations/sqlVulnerabilityAssessmentOperationResults/read | Get a sql database vulnerability assessment scan operation results. |

+> | Microsoft.Sql/managedInstances/dtc/read | Gets properties for the specified Azure SQL Managed Instance DTC. |

+> | Microsoft.Sql/managedInstances/dtc/write | Updates Azure SQL Managed Instance's DTC properties for the specified instance. |

+> | Microsoft.Sql/servers/databases/sqlVulnerabilityAssessments/read | Retrieve SQL Vulnerability Assessment policies on a given database |

+> | Microsoft.Sql/servers/databases/sqlVulnerabilityAssessments/initiateScan/action | Execute vulnerability assessment database scan. |

+> | Microsoft.Sql/servers/databases/sqlVulnerabilityAssessments/baselines/write | Change the sql vulnerability assessment baseline set for a given database |

+> | Microsoft.Sql/servers/databases/sqlVulnerabilityAssessments/baselines/read | List the Sql Vulnerability Assessment baseline set by Sql Vulnerability Assessments |

+> | Microsoft.Sql/servers/databases/sqlVulnerabilityAssessments/baselines/rules/delete | Remove the sql vulnerability assessment rule baseline for a given database |

+> | Microsoft.Sql/servers/databases/sqlVulnerabilityAssessments/baselines/rules/write | Change the sql vulnerability assessment rule baseline for a given database |

+> | Microsoft.Sql/servers/databases/sqlVulnerabilityAssessments/baselines/rules/read | Get the sql vulnerability assessment rule baseline list for a given database |

+> | Microsoft.Sql/servers/databases/sqlVulnerabilityAssessments/scans/read | Retrieve the scan record of the database SQL vulnerability assessment scan |

+> | Microsoft.Sql/servers/databases/sqlVulnerabilityAssessments/scans/scanResults/read | Retrieve the scan results of the database SQL vulnerability assessment scan |

+> | Microsoft.Sql/servers/recoverableDatabases/read | Return the list of recoverable databases or gets the properties for the specified recoverable database. |

+> | Microsoft.Sql/servers/sqlVulnerabilityAssessments/write | Change SQL Vulnerability Assessment for a given server |

+> | Microsoft.Sql/servers/sqlVulnerabilityAssessments/delete | Remove SQL Vulnerability Assessment for a given server |

+> | Microsoft.Sql/servers/sqlVulnerabilityAssessments/read | Retrieve SQL Vulnerability Assessment policies on a given server |

+> | Microsoft.Sql/servers/sqlVulnerabilityAssessments/initiateScan/action | Execute vulnerability assessment database scan. |

+> | Microsoft.Sql/servers/sqlVulnerabilityAssessments/baselines/write | Change the sql vulnerability assessment baseline set for a given system database |

+> | Microsoft.Sql/servers/sqlVulnerabilityAssessments/baselines/read | Retrieve the Sql Vulnerability Assessment baseline set on a system database |

+> | Microsoft.Sql/servers/sqlVulnerabilityAssessments/baselines/rules/read | Get the vulnerability assessment rule baseline for a given database |

+> | Microsoft.Sql/servers/sqlVulnerabilityAssessments/baselines/rules/delete | Remove the sql vulnerability assessment rule baseline for a given database |

+> | Microsoft.Sql/servers/sqlVulnerabilityAssessments/baselines/rules/write | Change the sql vulnerability assessment rule baseline for a given database |

+> | Microsoft.Sql/servers/sqlVulnerabilityAssessments/scans/read | List SQL vulnerability assessment scan records by database. |

+> | Microsoft.Sql/servers/sqlVulnerabilityAssessments/scans/scanResults/read | Retrieve the scan results of the database vulnerability assessment scan |

+> | Microsoft.Sql/servers/usages/read | Gets the Azure SQL Database Server usages information |

+> | Microsoft.EventHub/namespaces/joinPerimeter/action | Action to Join the Network Security Perimeter. This action is used to perform linked access by NSP RP. |

+> | Microsoft.CognitiveServices/accounts/joinPerimeter/action | Allow to join CognitiveServices account to an given perimeter. |

+> | Microsoft.IoTSecurity/locations/deviceGroups/read | Gets device group |

+> | Microsoft.ApiManagement/service/gateways/hostnameConfigurations/read | Lists the collection of hostname configurations for the specified gateway. or Get details of a hostname configuration |

+> | Microsoft.ApiManagement/service/gateways/hostnameConfigurations/write | Request subscription for a new product |

+> | Microsoft.ApiManagement/service/gateways/hostnameConfigurations/delete | Deletes the specified hostname configuration. |

+> | **DataAction** | **Description** |

+> | Microsoft.ApiManagement/service/gateways/getConfiguration/action | Fetches configuration for specified self-hosted gateway |

+> | Microsoft.AppConfiguration/configurationStores/replicas/read | Gets the properties of the specified replica or lists all the replicas under the specified configuration store. |

+> | Microsoft.AppConfiguration/configurationStores/replicas/write | Creates a replica with the specified parameters. |

+> | Microsoft.AppConfiguration/configurationStores/replicas/delete | Deletes a replica. |

+> | Microsoft.EventGrid/partnerConfigurations/read | Read a partner configuration |

+> | Microsoft.EventGrid/partnerConfigurations/write | Create or update a partner configuration |

+> | Microsoft.EventGrid/partnerConfigurations/delete | Delete a partner configuration |

+> | Microsoft.EventGrid/partnerConfigurations/authorizePartner/action | Authorize a partner in the partner configuration |

+> | Microsoft.EventGrid/partnerConfigurations/unauthorizePartner/action | Unauthorize a partner in the partner configuration |

+> | Microsoft.EventGrid/partnerDestinations/read | Read a partner destination |

+> | Microsoft.EventGrid/partnerDestinations/write | Create or update a partner destination |

+> | Microsoft.EventGrid/partnerDestinations/delete | Delete a partner destination |

+> | Microsoft.EventGrid/partnerDestinations/activate/action | Activate a partner destination |

+> | Microsoft.EventGrid/partnerDestinations/getPartnerDestinationChannelInfo/action | Get channel details of activated partner destination |

+> | Microsoft.EventGrid/partnerNamespaces/write | Create or update a partner namespace |

+> | Microsoft.EventGrid/partnerNamespaces/read | Read a partner namespace |

+> | Microsoft.EventGrid/partnerNamespaces/delete | Delete a partner namespace |

+> | Microsoft.EventGrid/partnerNamespaces/listKeys/action | List keys for a partner namespace |

+> | Microsoft.EventGrid/partnerNamespaces/regenerateKey/action | Regenerate key for a partner namespace |

+> | Microsoft.EventGrid/partnerNamespaces/PrivateEndpointConnectionsApproval/action | Approve PrivateEndpointConnections for partner namespaces |

+> | Microsoft.EventGrid/partnerNamespaces/channels/read | Read a channel |

+> | Microsoft.EventGrid/partnerNamespaces/channels/write | Create or update a channel |

+> | Microsoft.EventGrid/partnerNamespaces/channels/delete | Delete a channel |

+> | Microsoft.EventGrid/partnerNamespaces/channels/channelReadinessStateChange/action | Change channel readiness state |

+> | Microsoft.EventGrid/partnerNamespaces/channels/getFullUrl/action | Get full url for the partner destination channel |

+> | Microsoft.EventGrid/partnerNamespaces/eventChannels/read | Read an event channel |

+> | Microsoft.EventGrid/partnerNamespaces/eventChannels/write | Create or update an event channel |

+> | Microsoft.EventGrid/partnerNamespaces/eventChannels/delete | Delete an event channel |

+> | Microsoft.EventGrid/partnerNamespaces/eventChannels/channelReadinessStateChange/action | Change event channel readiness state |

+> | Microsoft.EventGrid/partnerNamespaces/privateEndpointConnectionProxies/validate/action | Validate PrivateEndpointConnectionProxies for partner namespaces |

+> | Microsoft.EventGrid/partnerNamespaces/privateEndpointConnectionProxies/read | Read PrivateEndpointConnectionProxies for partner namespaces |

+> | Microsoft.EventGrid/partnerNamespaces/privateEndpointConnectionProxies/write | Write PrivateEndpointConnectionProxies for partner namespaces |

+> | Microsoft.EventGrid/partnerNamespaces/privateEndpointConnectionProxies/delete | Delete PrivateEndpointConnectionProxies for partner namespaces |

+> | Microsoft.EventGrid/partnerNamespaces/privateEndpointConnections/read | Read PrivateEndpointConnections for partner namespaces |

+> | Microsoft.EventGrid/partnerNamespaces/privateEndpointConnections/write | Write PrivateEndpointConnections for partner namespaces |

+> | Microsoft.EventGrid/partnerNamespaces/privateEndpointConnections/delete | Delete PrivateEndpointConnections for partner namespaces |

+> | Microsoft.EventGrid/partnerNamespaces/privateLinkResources/read | Read PrivateLinkResources for partner namespaces |

+> | Microsoft.EventGrid/partnerRegistrations/write | Create or update a partner registration |

+> | Microsoft.EventGrid/partnerRegistrations/read | Read a partner registration |

+> | Microsoft.EventGrid/partnerRegistrations/delete | Delete a partner registration |

+> | Microsoft.EventGrid/partnerTopics/read | Read a partner topic |

+> | Microsoft.EventGrid/partnerTopics/write | Create or update a partner topic |

+> | Microsoft.EventGrid/partnerTopics/delete | Delete a partner topic |

+> | Microsoft.EventGrid/partnerTopics/activate/action | Activate a partner topic |

+> | Microsoft.EventGrid/partnerTopics/deactivate/action | Deactivate a partner topic |

+> | Microsoft.EventGrid/partnerTopics/eventSubscriptions/write | Create or update a PartnerTopic eventSubscription |

+> | Microsoft.EventGrid/partnerTopics/eventSubscriptions/read | Read a partner topic event subscription |

+> | Microsoft.EventGrid/partnerTopics/eventSubscriptions/delete | Delete a partner topic event subscription |

+> | Microsoft.EventGrid/partnerTopics/eventSubscriptions/getFullUrl/action | Get full url for the partner topic event subscription |

+> | Microsoft.EventGrid/verifiedPartners/read | Read a verified partner |

+> | Microsoft.AAD/domainServices/providers/Microsoft.Insights/metricDefinitions/read | Gets metrics for Domain Service |

+> | Microsoft.SecurityInsights/threatintelligence/bulkactions/read | Reads TI Bulk Action objects |

+> | Microsoft.SecurityInsights/threatintelligence/bulkactions/write | Creates or updates a TI Bulk Action |

+> | Microsoft.SecurityInsights/threatintelligence/bulkactions/delete | Deletes a TI Bulk Action |

+> | MICROSOFT.RECOVERYSERVICES/Locations/backupCrossRegionRestore/action | Trigger Cross region restore. |

+> | MICROSOFT.RECOVERYSERVICES/Locations/backupCrrJob/action | Get Cross Region Restore Job Details in the secondary region for Recovery Services Vault. |

+> | MICROSOFT.RECOVERYSERVICES/Locations/backupCrrJobs/action | List Cross Region Restore Jobs in the secondary region for Recovery Services Vault. |

+> | MICROSOFT.RECOVERYSERVICES/Locations/backupPreValidateProtection/action | |

+> | MICROSOFT.RECOVERYSERVICES/Locations/backupStatus/action | Check Backup Status for Recovery Services Vaults |

+> | MICROSOFT.RECOVERYSERVICES/Locations/backupValidateFeatures/action | Validate Features |

+> | MICROSOFT.RECOVERYSERVICES/Locations/backupAadProperties/read | Get AAD Properties for authentication in the third region for Cross Region Restore. |

+> | MICROSOFT.RECOVERYSERVICES/Locations/backupCrrOperationResults/read | Returns CRR Operation Result for Recovery Services Vault. |

+> | MICROSOFT.RECOVERYSERVICES/Locations/backupCrrOperationsStatus/read | Returns CRR Operation Status for Recovery Services Vault. |

+> | MICROSOFT.RECOVERYSERVICES/Locations/backupProtectedItem/write | Create a backup Protected Item |

+> | MICROSOFT.RECOVERYSERVICES/Locations/backupProtectedItems/read | Returns the list of all Protected Items. |

+> | MICROSOFT.RECOVERYSERVICES/Vaults/backupJobsExport/action | Export Jobs |

+> | MICROSOFT.RECOVERYSERVICES/Vaults/backupSecurityPIN/action | Returns Security PIN Information for Recovery Services Vault. |

+> | MICROSOFT.RECOVERYSERVICES/Vaults/backupTriggerValidateOperation/action | Validate Operation on Protected Item |

+> | MICROSOFT.RECOVERYSERVICES/Vaults/backupValidateOperation/action | Validate Operation on Protected Item |

+> | MICROSOFT.RECOVERYSERVICES/Vaults/backupconfig/read | Returns Configuration for Recovery Services Vault. |

+> | MICROSOFT.RECOVERYSERVICES/Vaults/backupconfig/write | Updates Configuration for Recovery Services Vault. |

+> | MICROSOFT.RECOVERYSERVICES/Vaults/backupEncryptionConfigs/read | Gets Backup Resource Encryption Configuration. |

+> | MICROSOFT.RECOVERYSERVICES/Vaults/backupEncryptionConfigs/write | Updates Backup Resource Encryption Configuration |

+> | MICROSOFT.RECOVERYSERVICES/Vaults/backupEngines/read | Returns all the backup management servers registered with vault. |

+> | MICROSOFT.RECOVERYSERVICES/Vaults/backupFabrics/refreshContainers/action | Refreshes the container list |

+> | MICROSOFT.RECOVERYSERVICES/Vaults/backupFabrics/backupProtectionIntent/delete | Delete a backup Protection Intent |

+> | MICROSOFT.RECOVERYSERVICES/Vaults/backupFabrics/backupProtectionIntent/read | Get a backup Protection Intent |

+> | MICROSOFT.RECOVERYSERVICES/Vaults/backupFabrics/backupProtectionIntent/write | Create a backup Protection Intent |

+> | MICROSOFT.RECOVERYSERVICES/Vaults/backupFabrics/operationResults/read | Returns status of the operation |

+> | MICROSOFT.RECOVERYSERVICES/Vaults/backupFabrics/operationsStatus/read | Returns status of the operation |

+> | MICROSOFT.RECOVERYSERVICES/Vaults/backupFabrics/protectableContainers/read | Get all protectable containers |

+> | MICROSOFT.RECOVERYSERVICES/Vaults/backupFabrics/protectionContainers/delete | Deletes the registered Container |

+> | MICROSOFT.RECOVERYSERVICES/Vaults/backupFabrics/protectionContainers/inquire/action | Do inquiry for workloads within a container |

+> | MICROSOFT.RECOVERYSERVICES/Vaults/backupFabrics/protectionContainers/read | Returns all registered containers |

+> | MICROSOFT.RECOVERYSERVICES/Vaults/backupFabrics/protectionContainers/write | Creates a registered container |

+> | MICROSOFT.RECOVERYSERVICES/Vaults/backupFabrics/protectionContainers/items/read | Get all items in a container |

+> | MICROSOFT.RECOVERYSERVICES/Vaults/backupFabrics/protectionContainers/operationResults/read | Gets result of Operation performed on Protection Container. |

+> | MICROSOFT.RECOVERYSERVICES/Vaults/backupFabrics/protectionContainers/operationsStatus/read | Gets status of Operation performed on Protection Container. |

+> | MICROSOFT.RECOVERYSERVICES/Vaults/backupFabrics/protectionContainers/protectedItems/backup/action | Performs Backup for Protected Item. |

+> | MICROSOFT.RECOVERYSERVICES/Vaults/backupFabrics/protectionContainers/protectedItems/delete | Deletes Protected Item |

+> | MICROSOFT.RECOVERYSERVICES/Vaults/backupFabrics/protectionContainers/protectedItems/read | Returns object details of the Protected Item |

+> | MICROSOFT.RECOVERYSERVICES/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPointsRecommendedForMove/action | Get Recovery points recommended for move to another tier |

+> | MICROSOFT.RECOVERYSERVICES/Vaults/backupFabrics/protectionContainers/protectedItems/write | Create a backup Protected Item |

+> | MICROSOFT.RECOVERYSERVICES/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/read | Gets Result of Operation Performed on Protected Items. |

+> | MICROSOFT.RECOVERYSERVICES/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/read | Returns the status of Operation performed on Protected Items. |

+> | MICROSOFT.RECOVERYSERVICES/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/accessToken/action | Get AccessToken for Cross Region Restore. |

+> | MICROSOFT.RECOVERYSERVICES/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/move/action | Move Recovery point to another tier |

+> | MICROSOFT.RECOVERYSERVICES/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/provisionInstantItemRecovery/action | Provision Instant Item Recovery for Protected Item |

+> | MICROSOFT.RECOVERYSERVICES/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/read | Get Recovery Points for Protected Items. |

+> | MICROSOFT.RECOVERYSERVICES/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/restore/action | Restore Recovery Points for Protected Items. |

+> | MICROSOFT.RECOVERYSERVICES/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/revokeInstantItemRecovery/action | Revoke Instant Item Recovery for Protected Item |

+> | MICROSOFT.RECOVERYSERVICES/Vaults/backupJobs/cancel/action | Cancel the Job |

+> | MICROSOFT.RECOVERYSERVICES/Vaults/backupJobs/read | Returns all Job Objects |

+> | MICROSOFT.RECOVERYSERVICES/Vaults/backupJobs/operationResults/read | Returns the Result of Job Operation. |

+> | MICROSOFT.RECOVERYSERVICES/Vaults/backupJobs/operationsStatus/read | Returns the status of Job Operation. |

+> | MICROSOFT.RECOVERYSERVICES/Vaults/backupOperationResults/read | Returns Backup Operation Result for Recovery Services Vault. |

+> | MICROSOFT.RECOVERYSERVICES/Vaults/backupOperations/read | Returns Backup Operation Status for Recovery Services Vault. |

+> | MICROSOFT.RECOVERYSERVICES/Vaults/backupPolicies/delete | Delete a Protection Policy |

+> | MICROSOFT.RECOVERYSERVICES/Vaults/backupPolicies/read | Returns all Protection Policies |

+> | MICROSOFT.RECOVERYSERVICES/Vaults/backupPolicies/write | Creates Protection Policy |

+> | MICROSOFT.RECOVERYSERVICES/Vaults/backupPolicies/operationResults/read | Get Results of Policy Operation. |

+> | MICROSOFT.RECOVERYSERVICES/Vaults/backupPolicies/operations/read | Get Status of Policy Operation. |

+> | MICROSOFT.RECOVERYSERVICES/Vaults/backupProtectableItems/read | Returns list of all Protectable Items. |

+> | MICROSOFT.RECOVERYSERVICES/Vaults/backupProtectedItems/read | Returns the list of all Protected Items. |

+> | MICROSOFT.RECOVERYSERVICES/Vaults/backupProtectionContainers/read | Returns all containers belonging to the subscription |

+> | MICROSOFT.RECOVERYSERVICES/Vaults/backupProtectionIntents/read | List all backup Protection Intents |

+> | MICROSOFT.RECOVERYSERVICES/Vaults/backupResourceGuardProxies/delete | The Delete ResourceGuard proxy operation deletes the specified Azure resource of type 'ResourceGuard proxy' |

+> | MICROSOFT.RECOVERYSERVICES/Vaults/backupResourceGuardProxies/read | Get the list of ResourceGuard proxies for a resource |

+> | MICROSOFT.RECOVERYSERVICES/Vaults/backupResourceGuardProxies/read | Get ResourceGuard proxy operation gets an object representing the Azure resource of type 'ResourceGuard proxy' |

+> | MICROSOFT.RECOVERYSERVICES/Vaults/backupResourceGuardProxies/unlockDelete/action | Unlock delete ResourceGuard proxy operation unlocks the next delete critical operation |

+> | MICROSOFT.RECOVERYSERVICES/Vaults/backupResourceGuardProxies/write | Create ResourceGuard proxy operation creates an Azure resource of type 'ResourceGuard Proxy' |

+> | MICROSOFT.RECOVERYSERVICES/Vaults/backupstorageconfig/read | Returns Storage Configuration for Recovery Services Vault. |

+> | MICROSOFT.RECOVERYSERVICES/Vaults/backupstorageconfig/write | Updates Storage Configuration for Recovery Services Vault. |

+> | MICROSOFT.RECOVERYSERVICES/Vaults/backupUsageSummaries/read | Returns summaries for Protected Items and Protected Servers for a Recovery Services . |

+> | MICROSOFT.RECOVERYSERVICES/Vaults/backupValidateOperationResults/read | Validate Operation on Protected Item |

+> | MICROSOFT.RECOVERYSERVICES/Vaults/backupValidateOperationsStatuses/read | Validate Operation on Protected Item |

+> | MICROSOFT.RECOVERYSERVICES/Vaults/privateEndpointConnectionProxies/delete | Wait for a few minutes and then try the operation again. If the issue persists, please contact Microsoft support. |

+> | MICROSOFT.RECOVERYSERVICES/Vaults/privateEndpointConnectionProxies/read | Get all protectable containers |

+> | MICROSOFT.RECOVERYSERVICES/Vaults/privateEndpointConnectionProxies/validate/action | Get all protectable containers |

+> | MICROSOFT.RECOVERYSERVICES/Vaults/privateEndpointConnectionProxies/write | Get all protectable containers |

+> | MICROSOFT.RECOVERYSERVICES/Vaults/privateEndpointConnectionProxies/operationsStatus/read | Get all protectable containers |

+> | MICROSOFT.RECOVERYSERVICES/Vaults/privateEndpointConnections/delete | Delete Private Endpoint requests. This call is made by Backup Admin. |

+> | MICROSOFT.RECOVERYSERVICES/Vaults/privateEndpointConnections/write | Approve or Reject Private Endpoint requests. This call is made by Backup Admin. |

+> | MICROSOFT.RECOVERYSERVICES/Vaults/privateEndpointConnections/operationsStatus/read | Returns the operation status for a private endpoint connection. |

+> | MICROSOFT.RECOVERYSERVICES/Vaults/usages/read | Returns usage details for a Recovery Services Vault. |

+- When you attempt to create or update a custom role, you get an error similar to "The client '&lt;clientName&gt;' with object id '&lt;objectId&gt;' has permission to perform action 'Microsoft.Authorization/roleDefinitions/write' on scope '/subscriptions/&lt;subscriptionId&gt;'; however, it does not have permission to perform action 'Microsoft.Authorization/roleDefinitions/write' on the linked scope(s)'/subscriptions/&lt;subscriptionId1&gt;,/subscriptions/&lt;subscriptionId2&gt;,/subscriptions/&lt;subscriptionId3&gt;' or the linked scope(s)are invalid". This error usually indicates that you do not have permissions to one or more of the [assignable scopes](role-definitions.md#assignablescopes) in the custom role. You can try the following:

+ - Review [Who can create, delete, update, or view a custom role](custom-roles.md#who-can-create-delete-update-or-view-a-custom-role) and check that you have permissions to create or update the custom role for all assignable scopes.

+ - If you don't have permissions, ask your administrator to assign you a role that has the `Microsoft.Authorization/roleDefinitions/write` action, such as [Owner](built-in-roles.md#owner) or [User Access Administrator](built-in-roles.md#user-access-administrator), at the scope of the assignable scope.

+ - Check that all the assignable scopes in the custom role are valid. If not, remove any invalid assignable scopes.

+Warnings don't stop indexing, but they do indicate conditions that could result in unexpected outcomes. Whether you take action or not depends on the data and your scenario.

+<a name="Could not map output field '`xyz`' to search index due to deserialization problem while applying mapping function '`abc`'"></a>

+The output mapping might have failed because the output data is in the wrong format for the mapping function you're using. For example, applying Base64Encode mapping function on binary data would generate this error. To resolve the issue, either rerun indexer without specifying mapping function or ensure that the mapping function is compatible with the output field data type. See [Output field mapping](cognitive-search-output-field-mapping.md) for details.

+<a name="could-not-execute-skill"></a>

+| Potential product bug | An unexpected error occurred. | This indicates an unknown class of failure and may indicate a product bug. File a [support ticket](https://portal.azure.com/#create/Microsoft.Support) to get help. |

+<a name="could-not-execute-skill-because-the-web-api-request-failed"></a>

+The skill execution failed because the call to the Web API failed. Typically, this class of failure occurs when custom skills are used, in which case you'll need to debug your custom code to resolve the issue. If instead the failure is from a built-in skill, refer to the error message for help in fixing the issue.

+<a name="could-not-execute-skill-because-web-api-skill-response-is-invalid"></a>

+The skill execution failed because the call to the Web API returned an invalid response. Typically, this class of failure occurs when custom skills are used, in which case you'll need to debug your custom code to resolve the issue. If instead the failure is from a built-in skill, file a [support ticket](https://portal.azure.com/#create/Microsoft.Support) to get assistance.

+<a name="skill-did-not-execute-within-the-time-limit"></a>

+If your data source has a field with a different data type than the field you're trying to map in your index, you may encounter this error. Check your data source field data types and make sure they are [mapped correctly to your index data types](/rest/api/searchservice/data-type-map-for-indexers-in-azure-search).

+<a name="skill-did-not-execute-within-the-time-limit"></a>

+If you continue to see this error on the same document for a built-in cognitive skill, file a [support ticket](https://portal.azure.com/#create/Microsoft.Support) to get assistance, as this isn't expected.

+If you encounter a timeout error with a custom skill, there are a couple of things you can try. First, review your custom skill and ensure that it's not getting stuck in an infinite loop and that it's returning a result consistently. Once you have confirmed that a result is returned, check the duration of execution. If you didn't explicitly set a `timeout` value on your custom skill definition, then the default `timeout` is 30 seconds. If 30 seconds isn't long enough for your skill to execute, you may specify a higher `timeout` value on your custom skill definition. Here's an example of a custom skill definition where the timeout is set to 90 seconds:

+The maximum value that you can set for the `timeout` parameter is 230 seconds. If your custom skill is unable to execute consistently within 230 seconds, you may consider reducing the `batchSize` of your custom skill so that it will have fewer documents to process within a single execution. If you have already set your `batchSize` to 1, you'll need to rewrite the skill to be able to execute in under 230 seconds or otherwise split it into multiple custom skills so that the execution time for any single custom skill is a maximum of 230 seconds. Review the [custom skill documentation](cognitive-search-custom-skill-web-api.md) for more information.

+<a name="could-not-mergeorupload--delete-document-to-the-search-index"></a>

+| A field contains a term that is too large | A term in your document is larger than the [32 KB limit](search-limits-quotas-capacity.md#api-request-limits) | You can avoid this restriction by ensuring the field isn't configured as filterable, facetable, or sortable.

+<a name="could-not-index-document-because-the-indexer-data-to-index-was-invalid"></a>

+This applies to SQL tables, and usually happens when the key is either defined as a composite key or, when the table has defined a unique clustered index (as in a SQL index, not an Azure Search index). The main reason is that the key attribute is modified to be a composite primary key in the case of a [unique clustered index](/sql/relational-databases/indexes/clustered-and-nonclustered-indexes-described). In that case, make sure that your SQL table doesn't have a unique clustered index, or that you map the key field to a field that is guaranteed not to have duplicate values.

+<a name="could-not-process-document-within-indexer-max-run-time"></a>

+This error occurs when the indexer is unable to finish processing a single document from the data source within the allowed execution time. [Maximum running time](search-limits-quotas-capacity.md#indexer-limits) is shorter when skillsets are used. When this error occurs, if you have maxFailedItems set to a value other than 0, the indexer bypasses the document on future runs so that indexing can progress. If you can't afford to skip any document, or if you're seeing this error consistently, consider breaking documents into smaller documents so that partial progress can be made within a single indexer execution.

+<a name="could-not-project-document"></a>

+This error occurs when the indexer is attempting to [project data into a knowledge store](knowledge-store-projection-overview.md) and there was a failure on the attempt. This failure could be consistent and fixable, or it could be a transient failure with the projection output sink that you may need to wait and retry in order to resolve. Here's a set of known failure states and possible resolutions.

+| Could not update projection blob `'blobUri'` in container `'containerName'` |The specified container doesn't exist. | The indexer will check if the specified container has been previously created and will create it if necessary, but it only performs this check once per indexer run. This error means that something deleted the container after this step. To resolve this error, try this: leave your storage account information alone, wait for the indexer to finish, and then rerun the indexer. |

+<a name="skill-throttled"></a>

+## `Error: The cognitive service for skill '<skill-name>' has been throttled`

+Skill execution failed because the call to Cognitive Services was throttled. Typically, this class of failure occurs when too many skills are executing in parallel. If you're using the Microsoft.Search.Documents client library to run the indexer, you can use the [SearchIndexingBufferedSender](https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/search/Azure.Search.Documents/samples/Sample05_IndexingDocuments.md#searchindexingbufferedsender) to get automatic retry on failed steps. Otherwise, you can [reset and rerun the indexer](search-howto-run-reset-indexers.md).

+<a name="could-not-execute-skill-because-a-skill-input-was-invalid"></a>

+1. `Could not execute skill`

+1.`Skill executed but may have unexpected results`

+If required inputs are missing or if the input isn't the right type, the skill gets skipped and generates a warning. Skipped skills don't generate outputs. If downstream skills consume the outputs of the skipped skill, they may generate additional warnings.

+If an optional input is missing, the skill still runs but may produce unexpected output due to the missing input.

+In both cases, this warning may be expected due to the shape of your data. For example, if you have a document containing information about people with the fields `firstName`, `middleName`, and `lastName`, you may have some documents which don't have an entry for `middleName`. If you pass `middleName` as an input to a skill in the pipeline, then it's expected that this skill input may be missing some of the time. You will need to evaluate your data and scenario to determine whether or not any action is required as a result of this warning.

+| Skill input is missing | `Required skill input is missing. Name: text, Source: /document/merged_content` `Missing value /document/normalized_images/0/imageTags.` `Unable to select 0 in array /document/pages of length 0.` | If this warning occurs for all documents, there could be a typo in the input paths. Check the property name casing. Check for an extra or missing `*` in the path. Verify that the documents from the data source provide the required inputs. |

+<a name="skill-input-languagecode-has-the-following-language-codes-xyz-at-least-one-of-which-is-invalid"></a>

+One or more of the values passed into the optional `languageCode` input of a downstream skill isn't supported. This can occur if you're passing the output of the [LanguageDetectionSkill](cognitive-search-skill-language-detection.md) to subsequent skills, and the output consists of more languages than are supported in those downstream skills.

+Note that you may also get a warning similar to this one if an invalid `countryHint` input gets passed to the LanguageDetectionSkill. If that happens, validate that the field you're using from your data source for that input contains valid ISO 3166-1 alpha-2 two letter country codes. If some are valid and some are invalid, continue with the following guidance but replace `languageCode` with `countryHint` and `defaultLanguageCode` with `defaultCountryHint` to match your use case.

+If you know that your data set contains multiple languages and thus you need the [LanguageDetectionSkill](cognitive-search-skill-language-detection.md) and `languageCode` input, consider adding a [ConditionalSkill](cognitive-search-skill-conditional.md) to filter out the text with languages that are not supported before passing in the text to the downstream skill. Here's an example of what this might look like for the EntityRecognitionSkill:

+<a name="skill-input-was-truncated"></a>

+Cognitive skills limit the length of text that can be analyzed at one time. If the text input exceeds the limit, the text is truncated before it's enriched. The skill executes, but not over all of your data.

+In the example `LanguageDetectionSkill` below, the `'text'` input field might trigger this warning if the input is over the character limit. Input limits can be found in the [skills reference documentation](cognitive-search-predefined-skills.md).

+<a name="web-api-skill-response-contains-warnings"></a>

+The indexer ran the skill in the skillset, but the response from the Web API request indicates there are warnings. Review the warnings to understand how your data is impacted and whether further action is required.

+<a name="the-current-indexer-configuration-does-not-support-incremental-progress"></a>

+It's possible to override this behavior, enabling incremental progress and suppressing this warning by using the `assumeOrderByHighWaterMarkColumn` configuration property.

+<a name="some-data-was-lost-during projection-row-x-in-table-y-has-string-property-z-which-was-too-long"></a>

+<a name="truncated-extracted-text-to-x-characters"></a>

+Indexers limit how much text can be extracted from any one document. This limit depends on the pricing tier: 32,000 characters for Free tier, 64,000 for Basic, 4 million for Standard, 8 million for Standard S2, and 16 million for Standard S3. Text that was truncated won't be indexed. To avoid this warning, try breaking apart documents with large amounts of text into multiple, smaller documents.

+<a name="could-not-map-output-field-x-to-search-index"></a>

+| Cannot iterate over non-array | "Cannot iterate over non-array `/document/normalized_images/0/imageCelebrities/0/detail/celebrities`." | This error occurs when the output isn't an array. If you think the output should be an array, check the indicated output source field path for errors. For example, you might have a missing or extra `*` in the source field name. It's also possible that the input to this skill is null, resulting in an empty array. Find similar details in [Skill Input was Invalid](cognitive-search-common-errors-warnings.md#warning-skill-input-was-invalid) section. |

+| Unable to select `0` in non-array | "Unable to select `0` in non-array `/document/pages`." | This could happen if the skills output doesn't produce an array and the output source field name has array index or `*` in its path. Double check the paths provided in the output source field names and the field value for the indicated field name. Find similar details in [Skill Input was Invalid](cognitive-search-common-errors-warnings.md#warning-skill-input-was-invalid) section. |

+<a name="the-data-change-detection-policy-is-configured-to-use-key-column-x"></a>

+<a name="document-text-appears-to-be-utf-16-encoded-but-is-missing-a-byte-order-mark"></a>

+<a name="cosmos-db-collection-has-a-lazy-indexing-policy"></a>

+This warning is passed from the Language service of Azure Cognitive Services. In some cases, it's safe to ignore this warning, such as when your document contains a long URL (which likely isn't a key phrase or driving sentiment, etc.). Be aware that when a word is longer than 64 characters, it will be truncated to 64 characters which can affect model predictions.

+BM25 ranking is the default because it tends to produce search rankings that align better with user expectations. It includes [parameters](#set-bm25-parameters) for tuning results based on factors such as document size. For search services created after July 2020, BM25 is the sole similarity algorithm. If you try to set "similarity" to ClassicSimilarity on a new service, an HTTP 400 error will be returned because that algorithm is not supported by the service.

+PUT [service-name].search.windows.net/indexes/[index-name]?api-version=2020-06-30&allowIndexDowntime=true

+Because Cognitive Search won't allow updates to a live index, you'll need to take the index offline so that the parameters can be added. Indexing and query requests will fail while the index is offline. The duration of the outage is the amount of time it takes to update the index, usually no more than several seconds. When the update is complete, the index comes back automatically. To take the index offline, append the "allowIndexDowntime=true" URI parameter on the request that sets the "similarity" property.

+If you're running a search service that was created from March 2014 through July 15, 2020, you can enable BM25 by setting a "similarity" property on new indexes. The property is only exposed on new indexes, so if want BM25 on an existing index, you must drop and [rebuild the index](search-howto-reindex.md) with a "similarity" property set to "Microsoft.Azure.Search.BM25Similarity".

+You can also use the [REST API](/rest/api/searchservice/create-index). The following example creates a new index with the "similarity" property set to BM25:

+PUT [service-name].search.windows.net/indexes/[index name]?api-version=2020-06-30

+This article describes relevance scoring and the similarity ranking algorithms used to compute search scores in Azure Cognitive Search. A relevance score applies to matches returned in [full text search](search-lucene-query-architecture.md), where the most relevant matches appear first. Filter queries, autocomplete and suggested queries, wildcard search or fuzzy search queries are not scored or ranked for relevance.

+> [!NOTE]

+> Matches are scored and ranked from high to low. The score is returned as "@search.score". By default, the top 50 are returned in the response, but you can use the **$top** parameter to return a smaller or larger number of items (up to 1000 in a single response), and **$skip** to get the next set of results.

+## Relevance scoring

+Relevance scoring refers to the computation of a search score that serves as an indicator of an item's relevance in the context of the current query. The higher the score, the more relevant the item.

+The search score is computed based on statistical properties of the string input and the query itself. Azure Cognitive Search finds documents that match on search terms (some or all, depending on [searchMode](/rest/api/searchservice/search-documents#query-parameters)), favoring documents that contain many instances of the search term. The search score goes up even higher if the term is rare across the data index, but common within the document. The basis for this approach to computing relevance is known as *TF-IDF or* term frequency-inverse document frequency.

+Search scores can be repeated throughout a result set. When multiple hits have the same search score, the ordering of the same scored items is undefined and not stable. Run the query again, and you might see items shift position, especially if you are using the free service or a billable service with multiple replicas. Given two items with an identical score, there is no guarantee which one appears first.

+ 

+1. Get the fully qualified domain name (FQDN) of your search service. This will look like `<search-service-name>.search.windows.net`. You can find the FQDN by looking up your search service on the Azure portal.

+ ```bash

+If you're using the Azure portal or the [Import Data wizard](search-import-data-portal.md) to create an indexer, you'll need an inbound rule for the Azure portal as well.

+To get the portal's IP address, perform `nslookup` (or `ping`) on `stamp2.ext.search.windows.net`, which is the domain of the traffic manager. For nslookup, the IP address is visible in the "Non-authoritative answer" portion of the response.

+In the example below, the IP address that you should copy is "52.252.175.48".

+```bash

+$ nslookup stamp2.ext.search.windows.net

+Server: ZenWiFi_ET8-0410

+Address: 192.168.50.1

+Non-authoritative answer:

+Name: azsyrie.northcentralus.cloudapp.azure.com

+Address: 52.252.175.48

+Aliases: stamp2.ext.search.windows.net

+ azs-ux-prod.trafficmanager.net

+ azspncuux.management.search.windows.net

+```

+For ping, the request will time out, but the IP address will be visible in the response. For example, in the message "Pinging azsyrie.northcentralus.cloudapp.azure.com [52.252.175.48]", the IP address is "52.252.175.48".

+You'll also need to create an inbound rule that allows requests from the [multi-tenant execution environment](search-indexer-securing-resources.md#indexer-execution-environment). This environment is managed by Microsoft and it's used to offload processing intensive jobs that could otherwise overwhelm your search service. This section explains how to get the range of IP addresses needed to create this inbound rule.

+An IP address range is defined for each region that supports Azure Cognitive Search. You'll need to specify the full range to ensure the success of requests originating from the multi-tenant execution environment.