+A monthly active user (MAU) is a unique user that performs an authentication within a given month. A user that authenticates at least once within a given month is counted as one MAU. Customers aren't charged for a MAUΓÇÖs subsequent authentications during the month, nor for inactive users. Authentications may include:

+By default, the password is set not to expire. However, the value is configurable by using the [Set-MsolPasswordPolicy](/powershell/module/msonline/set-msolpasswordpolicy) cmdlet from the Azure Active Directory Module for Windows PowerShell. This command updates the tenant, so that all users' passwords expire after number of days you configure.

+Timely response to policy violations or security issues really requires a "conversation" between the token issuer (Azure AD), and the relying party (enlightened app). This two-way conversation gives us two important capabilities. The relying party can see when properties change, like network location, and tell the token issuer. It also gives the token issuer a way to tell the relying party to stop respecting tokens for a given user because of account compromise, disablement, or other concerns. The mechanism for this conversation is continuous access evaluation (CAE), an industry standard based on [Open ID Continuous Access Evaluation Profile (CAEP)](https://openid.net/specs/openid-caep-specification-1_0-01.html). The goal for critical event evaluation is for response to be near real time, but latency of up to 15 minutes may be observed because of event propagation time; however, IP locations policy enforcement is instant.

+> Conditional Access filters for devices only works with custom security attributes of type "string". Custom Security Attributes support creation of Boolean data type but Conditional Access Policy only supports "string".

+Administrators can further control these Azure AD registered devices by enrolling the device(s) into Mobile Device Management (MDM) tools like Microsoft Intune. MDM provides a means to enforce organization-required configurations like requiring storage to be encrypted, password complexity, and security software kept updated.

+> * Remove users in MURAL Identity when they do not require access anymore.

+> * Provision groups and group memberships in MURAL Identity.

+> * [Single sign-on](mural-identity-tutorial.md) to MURAL Identity (recommended).

+1. Determine who will be in [scope for provisioning](../app-provisioning/define-conditional-rules-for-provisioning-user-accounts.md).

+1. Determine what data to [map between Azure AD and MURAL Identity](../app-provisioning/customize-application-attributes.md).

+1. In the applications list, select **MURAL Identity**.

+1. Select the **Provisioning** tab.

+1. Set the **Provisioning Mode** to **Automatic**.

+1. Under the **Admin Credentials** section, input your MURAL Identity Tenant URL and Secret Token. Click **Test Connection** to ensure Azure AD can connect to MURAL Identity. If the connection fails, ensure your MURAL Identity account has Admin permissions and try again.

+1. In the **Notification Email** field, enter the email address of a person or group who should receive the provisioning error notifications and select the **Send an email notification when a failure occurs** check box.

+1. Select **Save**.

+1. Under the **Mappings** section, select **Synchronize Azure Active Directory Users to MURAL Identity**.

+1. Review the user attributes that are synchronized from Azure AD to MURAL Identity in the **Attribute-Mapping** section. The attributes selected as **Matching** properties are used to match the user accounts in MURAL Identity for update operations. If you choose to change the [matching target attribute](../app-provisioning/customize-application-attributes.md), you will need to ensure that the MURAL Identity API supports filtering users based on that attribute. Select the **Save** button to commit any changes.

+ |Attribute|Type|Supported for filtering|Required by MURAL Identity

+ ||||

+ |userName|String|✓|✓

+ |emails[type eq "work"].value|String||✓

+ |active|Boolean||

+ |name.givenName|String||

+ |name.familyName|String||

+ |externalId|String||

+1. Under the **Mappings** section, select **Synchronize Azure Active Directory Groups to MURAL Identity**.

+1. Review the group attributes that are synchronized from Azure AD to MURAL Identity in the **Attribute-Mapping** section. The attributes selected as **Matching** properties are used to match the groups in MURAL Identity for update operations. Select the **Save** button to commit any changes.

+ |Attribute|Type|Supported for filtering|Required by MURAL Identity|

+ |||||

+ |displayName|String|✓|✓

+ |members|Reference||

+ |externalId|String||

+* Use the [provisioning logs](../reports-monitoring/concept-provisioning-logs.md) to determine which users have been provisioned successfully or unsuccessfully

+* Check the [progress bar](../app-provisioning/application-provisioning-when-will-provisioning-finish-specific-user.md) to see the status of the provisioning cycle and how close it is to completion

+* If the provisioning configuration seems to be in an unhealthy state, the application will go into quarantine. Learn more about quarantine states [here](../app-provisioning/application-provisioning-quarantine-status.md).

+* If you have any other issues, please reach out to [MURAL Identity support team](mailto:support@mural.co).

+## Change log

+06/22/2023 - Added support for **Group Provisioning**.

+ |Attribute|Type|Supported for Filtering|Required by Shopify Plus

+ ||||

+ |userName|String|✓|✓

+ |roles|String||

+ |name.givenName|String||✓

+ |name.familyName|String||✓

+3. If the provisioning configuration seems to be in an unhealthy state, the application will go into quarantine. Learn more about quarantine states [here](../app-provisioning/application-provisioning-quarantine-status.md).

+## Change log

+06/22/2023 - Added support for **roles**.

+ SUBSCRIPTION_ID="$(echo $DISK_URI | grep -o 'subscriptions/[^/]*' | sed 's#subscriptions/##g')"

+ az snapshot create --resource-group $TARGET_RESOURCE_GROUP --name $PVC-$FILENAME --source "$DISK_URI" --subscription ${SUBSCRIPTION_ID}

+ SNAPSHOT_PATH=$(az snapshot list --resource-group $TARGET_RESOURCE_GROUP --query "[?name == '$PVC-$FILENAME'].id | [0]" --subscription ${SUBSCRIPTION_ID})

+--set global.tag=1.10.0-mariner

+- [Learn more about using Mariner-based images with Dapr][dapr-mariner].

+[dapr-mariner]: https://docs.dapr.io/operations/hosting/kubernetes/kubernetes-deploy/#using-mariner-based-images

+> [!NOTE]

+> AKS start operations will restore all objects from ETCD with the exception of standalone pods with the same names and ages. meaning that a pod's age will continue to be calculated from its original creation time. This count will keep increasing over time, regardless of whether the cluster is in a stopped state.

+> Some providers may require additional steps for their configuration and how to use the values they provide. For example, Apple provides a private key which is not itself used as the OIDC client secret, and you instead must use it to craft a JWT which is treated as the secret you provide in your app config (see the "Creating the Client Secret" section of the [Sign in with Apple documentation](https://developer.apple.com/documentation/sign_in_with_apple/generate_and_validate_tokens))

+|**5**|**Learn more**|Need more help? [Submit a request](https://cxp.azure.com/nominationportal/nominationform/fasttrack) to contact FastTrack.<br><br>[Frequently asked questions](migrate.md#frequently-asked-questions)<br><br>[Community support](https://aka.ms/asev1v2retirement)|

+> Because [managed identities don't support cross-directory scenarios](../active-directory/managed-identities-azure-resources/managed-identities-faq.md#can-i-use-a-managed-identity-to-access-a-resource-in-a-different-directorytenant), they won't behave as expected if your app is migrated across subscriptions or tenants. To recreate the managed identities after such a move, see [Will managed identities be recreated automatically if I move a subscription to another directory?](../active-directory/managed-identities-azure-resources/managed-identities-faq.md#will-managed-identities-be-recreated-automatically-if-i-move-a-subscription-to-another-directory). Downstream resources also need to have access policies updated to use the new identity.

+The managed identity configuration is specific to the slot. To configure a managed identity for a deployment slot in the portal, navigate to the slot first. To find the managed identity for your web app or deployment slot in your Azure Active Directory tenant from the Azure portal, search for it directly from the **Overview** page of your tenant. Usually, the slot name is similar to `<app-name>/slots/<slot-name>`.

+ "apiVersion": "2022-03-01",

+ "tenantId": "<tenant-id>",

+ "principalId": "<principal-id>"

+1. Select **User assigned** > **Add**.

+1. Search for the identity you created earlier, select it, and select **Add**.

+ Once you select **Add**, the app restarts.

+Any resource of type `Microsoft.Web/sites` can be created with an identity by including the following block in the resource definition, replacing `<resource-id>` with the resource ID of the desired identity:

+ "<resource-id>": {}

+ "apiVersion": "2022-03-01",

+ "<resource-id>": {

+ "principalId": "<principal-id>",

+ "clientId": "<client-id>"

+ - **User-assigned identity**: Select the **User assigned** tab, select the checkbox for the identity, and select **Remove**. Select **Yes** to confirm.

+For a fully functional sample that shows how the different styles affect how the map is rendered, see [Map style options] in the [Azure Maps Samples]. For the source code for this sample, see [Map style options source code].

+[Map style options source code]: https://github.com/Azure-Samples/AzureMapsCodeSamples/blob/main/Samples/Map/Map%20style%20options/Map%20style%20options.html

+For a complete working sample of how to implement displaying clusters using a bubble layer, see [Point Clusters in Bubble Layer] in the [Azure Maps Samples]. For the source code for this sample, see [Point Clusters in Bubble Layer source code].

+For a complete working sample of how to implement displaying clusters using a symbol layer, see [Display clusters with a Symbol Layer] in the [Azure Maps Samples]. For the source code for this sample, see [Display clusters with a Symbol Layer source code].

+For a complete working sample that demonstrates how to create a heat map that uses clustering on the data source, see [Cluster weighted Heat Map] in the [Azure Maps Samples]. For the source code for this sample, see [Cluster weighted Heat Map source code].

+For a complete working sample that demonstrates how to do this, see [Display cluster area with Convex Hull] in the [Azure Maps Samples]. For the source code for this sample, see [Display cluster area with Convex Hull source code].

+The [Cluster aggregates] sample uses an aggregate expression. The code calculates a count based on the entity type property of each data point in a cluster. When a user selects a cluster, a popup shows with additional information about the cluster. For the source code for this sample, see [Cluster aggregates source code].

+[Point Clusters in Bubble Layer source code]: https://github.com/Azure-Samples/AzureMapsCodeSamples/blob/main/Samples/Bubble%20Layer/Point%20Clusters%20in%20Bubble%20Layer/Point%20Clusters%20in%20Bubble%20Layer.html

+[Display clusters with a Symbol Layer source code]: https://github.com/Azure-Samples/AzureMapsCodeSamples/blob/main/Samples/Symbol%20Layer/Display%20clusters%20with%20a%20Symbol%20layer/Display%20clusters%20with%20a%20Symbol%20layer.html

+[Cluster weighted Heat Map source code]: https://github.com/Azure-Samples/AzureMapsCodeSamples/blob/main/Samples/Heat%20Map%20Layer/Cluster%20weighted%20Heat%20Map/Cluster%20weighted%20Heat%20Map.html

+[Display cluster area with Convex Hull source code]: https://github.com/Azure-Samples/AzureMapsCodeSamples/blob/main/Samples/Spatial%20Math/Display%20cluster%20area%20with%20Convex%20Hull/Display%20cluster%20area%20with%20Convex%20Hull.html

+[Cluster aggregates source code]: https://github.com/Azure-Samples/AzureMapsCodeSamples/blob/main/Samples/Bubble%20Layer/Cluster%20aggregates/Cluster%20aggregates.html

+For a complete working sample of how to display data from a vector tile source on the map, see [Vector tile line layer] in the [Azure Maps Samples]. For the source code for this sample, see [Vector tile line layer sample code].

+[Vector tile line layer sample code]: https://github.com/Azure-Samples/AzureMapsCodeSamples/blob/main/Samples/Vector%20tiles/Vector%20tile%20line%20layer/Vector%20tile%20line%20layer.html

+ Title: Drawing tools events | Microsoft Azure Maps

+# Drawing tools events

+For a complete working sample of how to display data from a vector tile source on the map, see [Drawing tools events] in the [Azure Maps Samples]. In this sample you can draw shapes on the map and watch as the events fire. For the source code for this sample, see [Drawing tools events sample code].

+For a complete working sample of how to use the drawing tools to draw polygon areas on the map with points within them that can be selected, see [Select data in drawn polygon area] in the [Azure Maps Samples]. For the source code for this sample, see [Select data in drawn polygon area sample code].

+For a complete working sample of how to use the drawing tools to search for points of interests within drawn areas, see [Draw and search polygon area] in the [Azure Maps Samples]. For the source code for this sample, see [Draw and search polygon area sample code].

+For a complete working sample of how to use the drawing tools to measure distances and areas, see [Create a measuring tool] in the [Azure Maps Samples]. For the source code for this sample, see [Create a measuring tool sample code].

+[Drawing tools events]: https://samples.azuremaps.com/drawing-tools-module/drawing-tools-events

+[Drawing tools events sample code]: https://github.com/Azure-Samples/AzureMapsCodeSamples/blob/main/Samples/Drawing%20Tools%20Module/Drawing%20tools%20events/Drawing%20tools%20events.html

+[Select data in drawn polygon area sample code]: https://github.com/Azure-Samples/AzureMapsCodeSamples/blob/main/Samples/Drawing%20Tools%20Module/Select%20data%20in%20drawn%20polygon%20area/Select%20data%20in%20drawn%20polygon%20area.html

+[Draw and search polygon area sample code]: https://github.com/Azure-Samples/AzureMapsCodeSamples/blob/main/Samples/Drawing%20Tools%20Module/Draw%20and%20search%20polygon%20area/Draw%20and%20search%20polygon%20area.html

+[Create a measuring tool sample code]: https://github.com/Azure-Samples/AzureMapsCodeSamples/blob/main/Samples/Drawing%20Tools%20Module/Create%20a%20measuring%20tool/Create%20a%20measuring%20tool.html

+For the source code for this sample, see [Symbol layer with built-in icon template sample code].

+The [Line layer with built-in icon template] demonstrates how to do this. As show in the following screenshot, it renders a red line on the map and uses a symbol layer using the `car` image template with a dodger blue primary color and a white secondary color. For the source code for this sample, see [Line layer with built-in icon template sample code].

+The [Fill polygon with built-in icon template] sample demonstrates how to render a polygon layer using the `dot` image template with a red primary color and a transparent secondary color, as shown in the following screenshot. For the source code for this sample, see [Fill polygon with built-in icon template sample code].

+The [HTML Marker with built-in icon template] sample demonstrates this using the `marker-arrow` template with a red primary color, a pink secondary color, and a text value of "00", as shown in the following screenshot. For the source code for this sample, see [HTML Marker with built-in icon template sample code].

+The [Add custom icon template to atlas namespace] sample demonstrates how to take an SVG template, and add it to the Azure Maps web SDK as a reusable icon template, as shown in the following screenshot. For the source code for this sample, see [Add custom icon template to atlas namespace sample code].

+[Symbol layer with built-in icon template sample code]: https://github.com/Azure-Samples/AzureMapsCodeSamples/blob/main/Samples/Symbol%20Layer/Symbol%20layer%20with%20built-in%20icon%20template/Symbol%20layer%20with%20built-in%20icon%20template.html

+[Line layer with built-in icon template sample code]: https://github.com/Azure-Samples/AzureMapsCodeSamples/blob/main/Samples/Line%20Layer/Line%20layer%20with%20built-in%20icon%20template/Line%20layer%20with%20built-in%20icon%20template.html

+[Fill polygon with built-in icon template sample code]: https://github.com/Azure-Samples/AzureMapsCodeSamples/blob/main/Samples/Polygons/Fill%20polygon%20with%20built-in%20icon%20template/Fill%20polygon%20with%20built-in%20icon%20template.html

+[HTML Marker with built-in icon template sample code]: https://github.com/Azure-Samples/AzureMapsCodeSamples/blob/main/Samples/HTML%20Markers/HTML%20Marker%20with%20built-in%20icon%20template/HTML%20Marker%20with%20built-in%20icon%20template.html

+[Add custom icon template to atlas namespace sample code]: https://github.com/Azure-Samples/AzureMapsCodeSamples/blob/main/Samples/Map/Add%20custom%20icon%20template%20to%20atlas%20namespace/Add%20custom%20icon%20template%20to%20atlas%20namespace.html

+ Title: Use the Azure Maps Services module

+1. Create an authentication pipeline. The pipeline must be created before you can initialize a service URL client endpoint. Use your own Azure Maps account key or Azure Active Directory (Azure AD) credentials to authenticate an Azure Maps Search service client. In this example, the Search service URL client will be created.

+Here's the full, running code sample:

+```javascript

+<html>

+ <head>

+ <script src="https://atlas.microsoft.com/sdk/javascript/service/2/atlas-service.min.js"></script>

+ <script type="text/javascript">

+

+ // Get an Azure Maps key at https://azure.com/maps.

+ var subscriptionKey = '{Your-Azure-Maps-Subscription-key}';

+ // Use SubscriptionKeyCredential with a subscription key.

+ var subscriptionKeyCredential = new atlas.service.SubscriptionKeyCredential(subscriptionKey);

+ // Use subscriptionKeyCredential to create a pipeline.

+ var pipeline = atlas.service.MapsURL.newPipeline(subscriptionKeyCredential, {

+ retryOptions: { maxTries: 4 } // Retry options

+ });

+ // Create an instance of the SearchURL client.

+ var searchURL = new atlas.service.SearchURL(pipeline);

+ // Search for "1 microsoft way, redmond, wa".

+ searchURL.searchAddress(atlas.service.Aborter.timeout(10000), '1 microsoft way, redmond, wa')

+ .then(response => {

+ var html = [];

+ // Display the total results.

+ html.push('Total results: ', response.summary.numResults, '<br/><br/>');

+ // Create a table of the results.

+ html.push('<table><tr><td></td><td>Result</td><td>Latitude</td><td>Longitude</td></tr>');

+ for(var i=0;i<response.results.length;i++){

+ html.push('<tr><td>', (i+1), '.</td><td>',

+ response.results[i].address.freeformAddress,

+ '</td><td>',

+ response.results[i].position.lat,

+ '</td><td>',

+ response.results[i].position.lon,

+ '</td></tr>');

+ }

+ html.push('</table>');

+ // Add the resulting HTML to the body of the page.

+ document.body.innerHTML = html.join('');

+ });

+ </script>

+</head>

+<style>

+ table {

+ border: 1px solid black;

+ border-collapse: collapse;

+ }

+ td, th {

+ border: 1px solid black;

+ padding: 5px;

+ }

+</style>

+<body> </body>

+</html>

+```

+The following image is a screenshot showing the results of this sample code, a table with the address searched for, along with the resulting coordinates.

+<!-

+ (<a href='https://codepen.io/azuremaps'>@azuremaps</a>) on <a href='https://codepen.io'>CodePen</a>.</iframe>

+>

+> [Show directions from A to B](./map-route.md)

+The [Accessible popups] example loads points of interests on the map using a symbol layer and adds a popup to the map for each point of interest. A reference to each popup is stored in the properties of each data point. It can also be retrieved for a marker, such as when a marker is selected. When focused on the map, pressing the tab key allows the user to step through each popup on the map. For the source code for this sample, see [Accessible popups source code].

+[Accessible popups source code]: https://github.com/Azure-Samples/AzureMapsCodeSamples/blob/main/Samples/Popups/Accessible%20popups/Accessible%20popups.html

+The Bubble layer only has a few styling options. Use the [Bubble Layer Options] sample to try them out. For the source code for this sample, see [Bubble Layer Options source code].

+[Bubble Layer Options source code]: https://github.com/Azure-Samples/AzureMapsCodeSamples/blob/main/Samples/Bubble%20Layer/Bubble%20Layer%20Options/Bubble%20Layer%20Options.html

+The [Navigation Control Options] sample is a tool to test out the various options for customizing the controls. For the source code for this sample, see [Navigation Control Options source code].

+[Navigation Control Options source code]: https://github.com/Azure-Samples/AzureMapsCodeSamples/blob/main/Samples/Controls/Map%20Navigation%20Control%20Options/Map%20Navigation%20Control%20Options.html

+For a complete working sample of how to add an HTML marker, see [Simple HTML Marker] in the [Azure Maps Samples]. For the source code for this sample, see [Simple HTML Marker source code].

+For a complete working sample of how to create a custom SVG template and use it with the HtmlMarker class, see [HTML Marker with Custom SVG Template] in the [Azure Maps Samples]. When running this sample, select the button in the upper left hand side of the window labeled **Update Marker Options** to change the `color` and `text` options from the SVG template used in the HtmlMarker. For the source code for this sample, see [HTML Marker with Custom SVG Template source code].

+For a complete working sample of how to use CSS and HTML to create a marker on the map, see [CSS Styled HTML Marker] in the [Azure Maps Samples]. For the source code for this sample, see [CSS Styled HTML Marker source code].

+For a complete working sample of how to use CSS and HTML to create a marker on the map, see [Draggable HTML Marker] in the [Azure Maps Samples]. For the source code for this sample, see [Draggable HTML Marker source code].

+For a complete working sample of how to add mouse and drag events to an HTML marker, see [HTML Marker events] in the [Azure Maps Samples]. For the source code for this sample, see [HTML Marker events source code].

+[Simple HTML Marker source code]: https://github.com/Azure-Samples/AzureMapsCodeSamples/blob/main/Samples/HTML%20Markers/Simple%20HTML%20Marker/Simple%20HTML%20Marker.html

+[HTML Marker with Custom SVG Template source code]: https://github.com/Azure-Samples/AzureMapsCodeSamples/blob/main/Samples/HTML%20Markers/HTML%20Marker%20with%20Custom%20SVG%20Template/HTML%20Marker%20with%20Custom%20SVG%20Template.html

+[CSS Styled HTML Marker source code]: https://github.com/Azure-Samples/AzureMapsCodeSamples/blob/main/Samples/HTML%20Markers/CSS%20Styled%20HTML%20Marker/CSS%20Styled%20HTML%20Marker.html

+[Draggable HTML Marker source code]: https://github.com/Azure-Samples/AzureMapsCodeSamples/blob/main/Samples/HTML%20Markers/Draggable%20HTML%20Marker/Draggable%20HTML%20Marker.html

+[HTML Marker events source code]: https://github.com/Azure-Samples/AzureMapsCodeSamples/blob/main/Samples/HTML%20Markers/HTML%20Marker%20events/HTML%20Marker%20events.html

+For a complete working sample that demonstrates how to add a drawing toolbar to your map, see [Add drawing toolbar to map] in the [Azure Maps Samples]. For the source code for this sample, see [Add drawing toolbar to map source code].

+ (<a href='https://codepen.io/azuremaps'>@azuremaps</a>) on <a href='https://codepen.io'>CodePen</a>.</iframe>

+The following code creates an instance of the drawing manager and displays the toolbar with just a polygon drawing tool on the map.

+ (<a href='https://codepen.io/azuremaps'>@azuremaps</a>) on <a href='https://codepen.io'>CodePen</a>.</iframe>

+For a complete working sample that demonstrates how to customize the rendering of the drawing shapes in the drawing manager by accessing the rendering layers, see [Change drawing rendering style] in the [Azure Maps Samples]. For the source code for this sample, see [Change drawing rendering style source code].

+ (<a href='https://codepen.io/azuremaps'>@azuremaps</a>) on <a href='https://codepen.io'>CodePen</a>.</iframe>

+[Change drawing rendering style]: https://samples.azuremaps.com/drawing-tools-module/change-drawing-rendering-style

+[Add drawing toolbar to map source code]: https://github.com/Azure-Samples/AzureMapsCodeSamples/blob/main/Samples/Drawing%20Tools%20Module/Add%20drawing%20toolbar%20to%20map/Add%20drawing%20toolbar%20to%20map.html

+[Change drawing rendering style source code]: https://github.com/Azure-Samples/AzureMapsCodeSamples/blob/main/Samples/Drawing%20Tools%20Module/Change%20drawing%20rendering%20style/Change%20drawing%20rendering%20style.html

+The [Simple Heat Map Layer] sample demonstrates how to create a simple heat map from a data set of point features. For the source code for this sample, see [Simple Heat Map Layer source code].

+The [Heat Map Layer Options] sample shows how the different options of the heat map layer that affects rendering. For the source code for this sample, see [Heat Map Layer Options source code].

+The [Consistent zoomable Heat Map] sample shows how to create a heat map where the radius of each data point covers the same physical area on the ground, creating a more consistent user experience when zooming the map. The heat map in this sample scales consistently between zoom levels 10 and 22. Each zoom level of the map has twice as many pixels vertically and horizontally as the previous zoom level. Doubling the radius with each zoom level creates a heat map that looks consistent across all zoom levels. For the source code for this sample, see [Consistent zoomable Heat Map source code].

+[Simple Heat Map Layer source code]: https://github.com/Azure-Samples/AzureMapsCodeSamples/blob/main/Samples/Heat%20Map%20Layer/Simple%20Heat%20Map%20Layer/Simple%20Heat%20Map%20Layer.html

+[Heat Map Layer Options source code]: https://github.com/Azure-Samples/AzureMapsCodeSamples/blob/main/Samples/Heat%20Map%20Layer/Heat%20Map%20Layer%20Options/Heat%20Map%20Layer%20Options.html

+[Consistent zoomable Heat Map source code]: https://github.com/Azure-Samples/AzureMapsCodeSamples/blob/main/Samples/Heat%20Map%20Layer/Consistent%20zoomable%20Heat%20Map/Consistent%20zoomable%20Heat%20Map.html

+For a fully functional sample that shows how to overlay an image of a map of Newark New Jersey from 1922 as an Image layer, see [Simple Image Layer] in the [Azure Maps Samples]. For the source code for this sample, see [Simple Image Layer source code].

+For a fully functional sample that shows how to use a KML Ground Overlay as Image Layer, see [KML Ground Overlay as Image Layer] in the [Azure Maps Samples]. For the source code for this sample, see [KML Ground Overlay as Image Layer source code].

+The image layer has many styling options. For a fully functional sample that shows how the different options of the image layer affect rendering, see [Image Layer Options] in the [Azure Maps Samples]. For the source code for this sample, see [Image Layer Options source code].

+[Simple Image Layer source code]: https://github.com/Azure-Samples/AzureMapsCodeSamples/blob/main/Samples/Image%20Layer/Simple%20Image%20Layer/Simple%20Image%20Layer.html

+[KML Ground Overlay as Image Layer source code]: https://github.com/Azure-Samples/AzureMapsCodeSamples/blob/main/Samples/Image%20Layer/KML%20Ground%20Overlay%20as%20Image%20Layer/KML%20Ground%20Overlay%20as%20Image%20Layer.html

+[Image Layer Options source code]: https://github.com/Azure-Samples/AzureMapsCodeSamples/blob/main/Samples/Image%20Layer/Image%20Layer%20Options/Image%20Layer%20Options.html

+For a fully functional sample that shows how to apply a stroke gradient to a line on the map, see [Line with Stroke Gradient] in the [Azure Maps Samples]. For the source code for this sample, see [Line with Stroke Gradient source code].

+The Line layer has several styling options. For a fully functional sample that interactively demonstrates the line options, see [Line Layer Options] in the [Azure Maps Samples]. For the source code for this sample, see [Line Layer Options source code].

+[Line with Stroke Gradient source code]: https://github.com/Azure-Samples/AzureMapsCodeSamples/blob/main/Samples/Line%20Layer/Line%20with%20Stroke%20Gradient/Line%20with%20Stroke%20Gradient.html

+[Line Layer Options source code]: https://github.com/Azure-Samples/AzureMapsCodeSamples/blob/main/Samples/Line%20Layer/Line%20Layer%20Options/Line%20Layer%20Options.html

+Connect a symbol to a data source, and use it to render an icon or a text at a given point.

+The symbol layer has many styling options available. The [Symbol Layer Options] sample shows how the different options of the symbol layer that affects rendering. For the source code for this sample, see [Symbol Layer Options source code].

+[Symbol Layer Options source code]: https://github.com/Azure-Samples/AzureMapsCodeSamples/blob/main/Samples/Symbol%20Layer/Symbol%20Layer%20Options/Symbol%20Layer%20Options.html

+For a fully functional sample that shows how to create one popup and reuse it rather than creating a popup for each point feature, see [Reusing Popup with Multiple Pins] in the [Azure Maps Samples]. For the source code for this sample, see [Reusing Popup with Multiple Pins source code].

+For a fully functional sample that shows how to customize the look of a popup, see [Customize a popup] in the [Azure Maps Samples]. For the source code for this sample, see [Customize a popup source code].

+For a fully functional sample that shows hot to reuse a single popup template with multiple features that share a common set of property fields, see [Reuse a popup template] in the [Azure Maps Samples]. For the source code for this sample, see [Reuse a popup template source code].

+For a fully functional sample that shows how to add events to popups, see [Popup events] in the [Azure Maps Samples]. For the source code for this sample, see [Popup events source code].

+[Reusing Popup with Multiple Pins source code]: https://github.com/Azure-Samples/AzureMapsCodeSamples/blob/main/Samples/Popups/Reusing%20Popup%20with%20Multiple%20Pins/Reusing%20Popup%20with%20Multiple%20Pins.html

+[Customize a popup source code]: https://github.com/Azure-Samples/AzureMapsCodeSamples/blob/main/Samples/Popups/Customize%20a%20popup/Customize%20a%20popup.html

+[Reuse a popup template source code]: https://github.com/Azure-Samples/AzureMapsCodeSamples/blob/main/Samples/Popups/Reuse%20a%20popup%20template/Reuse%20a%20popup%20template.html

+[Popup events source code]: https://github.com/Azure-Samples/AzureMapsCodeSamples/blob/main/Samples/Popups/Popup%20events/Popup%20events.html

+For a fully functional sample that shows how to use an image template as a fill pattern in a polygon layer, see [Fill polygon with built-in icon template] in the [Azure Maps Samples]. For the source code for this sample, see [Fill polygon with built-in icon template source code].

+The [Make a geometry easy to update] sample shows how to wrap a circle GeoJSON object with a shape class. As the value of the radius changes in the shape, the circle renders automatically on the map. For the source code for this sample, see [Make a geometry easy to update source code].

+[Make a geometry easy to update]: https://samples.azuremaps.com/?sample=make-a-geometry-easy-to-update

+[Fill polygon with built-in icon template source code]: https://github.com/Azure-Samples/AzureMapsCodeSamples/blob/main/Samples/Polygons/Fill%20polygon%20with%20built-in%20icon%20template/Fill%20polygon%20with%20built-in%20icon%20template.html

+[Make a geometry easy to update source code]: https://github.com/Azure-Samples/AzureMapsCodeSamples/blob/main/Samples/Polygons/Make%20a%20geometry%20easy%20to%20update/Make%20a%20geometry%20easy%20to%20update.html

+The [Use a snapping grid] sample snaps an HTML marker to a grid when it's dragged. Drawing tools are used to snap drawn shapes to the grid when the `drawingcomplete` event fires. For the source code for this sample, see [Use a snapping grid source code].

+The [Snap grid options] sample shows the different customization options available for the snap grid manager. The grid line styles can be customized by retrieving the underlying line layer using the snap grid managers `getGridLayer` function. For the source code for this sample, see [Snap grid options source code].

+[Use a snapping grid source code]: https://github.com/Azure-Samples/AzureMapsCodeSamples/blob/main/Samples/Drawing%20Tools%20Module/Use%20a%20snapping%20grid/Use%20a%20snapping%20grid.html

+[Snap grid options source code]: https://github.com/Azure-Samples/AzureMapsCodeSamples/blob/main/Samples/Drawing%20Tools%20Module/Snap%20grid%20options/Snap%20grid%20options.html

+For a fully functional sample that shows how to create a tile layer that points to a set of tiles using the x, y, zoom tiling system, see the [Tile Layer using X, Y, and Z] sample in the [Azure Maps Samples]. The source of the tile layer in this sample is a nautical chart from the [OpenSeaMap project], an OpenStreetMaps project licensed under ODbL. For the source code for this sample, see [Tile Layer using X, Y, and Z source code].

+For a fully functional sample that shows how to create a tile layer that points to a Web Mapping Service (WMS), see the [WMS Tile Layer] sample in the [Azure Maps Samples]. For the source code for this sample, see [WMS Tile Layer source code].

+For a fully functional sample that shows how to create a tile layer that points to a Web Mapping Tile Service (WMTS), see the [WMTS Tile Layer] sample in the [Azure Maps Samples]. For the source code for this sample, see [WMTS Tile Layer source code].

+The tile layer class has many styling options. The [Tile Layer Options] sample is a tool to try them out. For the source code for this sample, see [Tile Layer Options source code].

+[Tile Layer Options]: https://samples.azuremaps.com/tile-layers/tile-layer-options

+[WMS Tile Layer]: https://samples.azuremaps.com/tile-layers/wms-tile-layer

+[WMTS Tile Layer]: https://samples.azuremaps.com/tile-layers/wmts-tile-layer

+[Tile Layer Options source code]: https://github.com/Azure-Samples/AzureMapsCodeSamples/blob/main/Samples/Tile%20Layers/Tile%20Layer%20Options/Tile%20Layer%20Options.html

+[WMS Tile Layer source code]: https://github.com/Azure-Samples/AzureMapsCodeSamples/blob/main/Samples/Tile%20Layers/WMS%20Tile%20Layer/WMS%20Tile%20Layer.html

+[WMTS Tile Layer source code]: https://github.com/Azure-Samples/AzureMapsCodeSamples/blob/main/Samples/Tile%20Layers/WMTS%20Tile%20Layer/WMTS%20Tile%20Layer.html

+[Tile Layer using X, Y, and Z source code]: https://github.com/Azure-Samples/AzureMapsCodeSamples/blob/main/Samples/Tile%20Layers/Tile%20Layer%20using%20X,%20Y%20and%20Z/Tile%20Layer%20using%20X,%20Y%20and%20Z.html

+[U.S. Geological Survey (USGS) National Map]:https://viewer.nationalmap.gov/services

+You can also load multiple maps on the same page, for sample code that demonstrates loading multiple maps on the same page, see [Multiple Maps] in the [Azure Maps Samples]. For the source code for this sample, see [Multiple Maps source code].

+[Multiple Maps]: https://samples.azuremaps.com/map/multiple-maps

+[Multiple Maps source code]: https://github.com/Azure-Samples/AzureMapsCodeSamples/blob/main/Samples/Map/Multiple%20Maps/Multiple%20Maps.html

+The [Map Events] sample highlights the name of the events that are firing as you interact with the map. For the source code for this sample, see [Map Events source code].

+The [Layer Events] sample highlights the name of the events that are firing as you interact with the Symbol Layer. The symbol, bubble, line, and polygon layer all support the same set of events. The heat map and tile layers don't support any of these events. For the source code for this sample, see [Layer Events source code].

+The [HTML marker layer events] sample highlights the name of the events that are firing as you interact with the HTML marker layer. For the source code for this sample, see [HTML marker layer Events source code].

+[Map Events source code]: https://github.com/Azure-Samples/AzureMapsCodeSamples/blob/main/Samples/Map/Map%20Events/Map%20Events.html

+[Layer Events source code]: https://github.com/Azure-Samples/AzureMapsCodeSamples/blob/main/Samples/Symbol%20Layer/Symbol%20layer%20events/Symbol%20layer%20events.html

+[HTML marker layer events source code]: https://github.com/Azure-Samples/AzureMapsCodeSamples/blob/main/Samples/HTML%20Markers/HTML%20marker%20layer%20events/HTML%20marker%20layer%20events.html

+The [Create a Choropleth Map] sample shows an extruded choropleth map of the United States based on the measurement of the population density by state. For the source code for this sample, see [Create a Choropleth Map source code].

+The Polygon Extrusion layer has several styling options. The [Polygon Extrusion Layer Options] sample is a tool to try them out. For the source code for this sample, see [Polygon Extrusion Layer Options source code].

+[Create a Choropleth Map source code]: https://github.com/Azure-Samples/AzureMapsCodeSamples/blob/main/Samples/Demos/Create%20a%20Choropleth%20Map/Create%20a%20Choropleth%20Map.html

+[Polygon Extrusion Layer Options source code]: https://github.com/Azure-Samples/AzureMapsCodeSamples/blob/main/Samples/Polygons/Polygon%20Extrusion%20Layer%20Options/Polygon%20Extrusion%20Layer%20Options.html

+The [Lazy Load the Map] code sample shows how to delay the loading the Azure Maps Web SDK until a button is pressed. For the source code, see [Lazy Load the Map sample code].

+<!

+ (<a href='https://codepen.io/azuremaps'>@azuremaps</a>) on <a href='https://codepen.io'>CodePen</a>.</iframe>

+>

+Unlike most layers in the Azure Maps Web control that use WebGL for rendering, HTML Markers and Popups use traditional DOM elements for rendering. As such, the more HTML markers and Popups added a page, the more DOM elements there are. Performance can degrade after adding a few hundred HTML markers or popups. For larger data sets, consider either clustering your data or using a symbol or bubble layer.

+The [Reusing Popup with Multiple Pins] code sample shows how to create a single popup and reuse it by updating its content and position. For the source code, see [Reusing Popup with Multiple Pins sample code].

+<!

+<iframe height='500' scrolling='no' title='Reusing Popup with Multiple Pins' src='//codepen.io/azuremaps/embed/rQbjvK/?height=500&theme-id=0&default-tab=js,result&embed-version=2&editable=true' frameborder='no' loading="lazy" allowtransparency='true' allowfullscreen='true'>See the Pen <a href='https://codepen.io/azuremaps/pen/rQbjvK/'>Reusing Popup with Multiple Pins</a> by Azure Maps (<a href='https://codepen.io/azuremaps'>@azuremaps</a>) on <a href='https://codepen.io'>CodePen</a>.</iframe>

+-->

+The map is capable of rendering hundreds of layers, however, the more layers there are, the more time it takes to render a scene. One strategy to reduce the number of layers is to combine layers that have similar styles or can be styled using [data-driven styles].

+The [Simple Symbol Animation] code sample demonstrates a simple way to animate a symbol layer. For the source code to this sample, see [Simple Symbol Animation sample code].

+<!-

+ (<a href='https://codepen.io/azuremaps'>@azuremaps</a>) on <a href='https://codepen.io'>CodePen</a>.</iframe>

+->

+[Lazy Load the Map]: https://samples.azuremaps.com/map/lazy-load-the-map

+[Lazy Load the Map sample code]: https://github.com/Azure-Samples/AzureMapsCodeSamples/blob/main/Samples/Map/Lazy%20Load%20the%20Map/Lazy%20Load%20the%20Map.html

+[Reusing Popup with Multiple Pins]: https://samples.azuremaps.com/popups/reusing-popup-with-multiple-pins

+[Reusing Popup with Multiple Pins sample code]: https://github.com/Azure-Samples/AzureMapsCodeSamples/blob/main/Samples/Popups/Reusing%20Popup%20with%20Multiple%20Pins/Reusing%20Popup%20with%20Multiple%20Pins.html

+[Simple Symbol Animation]: https://samples.azuremaps.com/animations/simple-symbol-animation

+[Simple Symbol Animation sample code]: https://github.com/Azure-Samples/AzureMapsCodeSamples/blob/main/Samples/Animations/Simple%20Symbol%20Animation/Simple%20Symbol%20Animation.html

+ | Cloud HSM | [CHSMManagementAuditLogs](/azure/azure-monitor/reference/tables/CHSMManagementAuditLogs) |

+ | Custom log tables | All custom tables created with or migrated to the [data collection rule (DCR)-based logs ingestion API.](logs-ingestion-api-overview.md) |

+This section provides you with an understanding about the backup process of an HANA database running on an Azure VM.

+### Backup architecture for database with HANA System Replication

+This section provides you with an understanding about the backup process of an HANA database with HANA System replication enabled running on a new Azure VM.

+This section provides you with an understanding about the backup process of an HANA database with HANA System replication enabled running on an existing Azure VM.

+ Title: Quickstart - Back up an SAP HANA database with Azure CLI

+description: In this quickstart, learn how to create a Recovery Services vault, enable protection on an SAP HANA System Replication database, and create the initial recovery point with Azure CLI.

+ms.devlang: azurecli

+# Quickstart: Back up SAP HANA System Replication on Azure VMs using Azure CLI

+This quickstart describes how to protect SAP HANA System Replication (HSR) using Azure CLI.

+SAP HANA databases are critical workloads that require a low recovery-point objective (RPO) and long-term retention. This article describes how you can back up SAP HANA databases that are running on Azure virtual machines (VMs) to an Azure Backup Recovery Services vault by using Azure Backup.

+For more information about the supported configurations and scenarios, see [SAP HANA backup support matrix](sap-hana-backup-support-matrix.md).

+## Create a Recovery Services vault

+A Recovery Services vault is a logical container that stores the backup data for each protected resource, such as SAP HANA database data. When the backup job for a protected resource runs, it creates a recovery point in the Recovery Services vault. You can then use one of these recovery points to restore data to a given point in time.

+To create a Recovery Services vault, run the following command:

+```azurecli-interactive

+az backup vault create --resource-group hanarghsr2 --name hanavault10 --location westus2

+```

+By default, the Recovery Services vault is set for Geo-Redundant storage. Geo-Redundant storage ensures your backup data is replicated to a secondary Azure region that's hundreds of miles away from the primary region. If the storage redundancy setting needs to be modified, use [az backup vault backup-properties set](/cli/azure/backup/vault/backup-properties#az-backup-vault-backup-properties-set) cmdlet.

+## Register and protect SAP HANA running on Azure VM

+When a failover occurs, the users are replicated to the new primary, but `hdbuserstore` isn't replicated. So, you need to create the same key in all nodes of the HSR setup, which allows the Azure Backup service to connect to any new primary node automatically, without any manual intervention.

+Follow these steps:

+1. To register and protect the SAP HANA database running on primary Azure VM, run the following command:

+ ```azurecli

+ az backup container register --resource-group hanarghsr2 --vault-name hanavault10 --workload-type SAPHANA --backup-management-type AzureWorkload --resource-id "/subscriptions/ef4ab5a7-c2c0-4304-af80-af49f48af3d1/resourceGroups/hanarghsr2/providers/Microsoft.Compute/virtualMachines/hsr-primary"

+ ```

+1. To register and protect the SAP HANA database running on secondary Azure VM, run the following command:

+ ```azurecli

+ az backup container register --resource-group hanarghsr2 --vault-name hanavault10 --workload-type SAPHANA --backup-management-type AzureWorkload --resource-id "/subscriptions/ef4ab5a7-c2c0-4304-af80-af49f48af3d1/resourceGroups/hanarghsr2/providers/Microsoft.Compute/virtualMachines/hsr-secondary"

+ ```

+To identify `resource-id`, run the following command:

+```azurecli

+az vm show --name hsr-primary --resource-group hanarghsr2

+```

+For example, `id` is `/subscriptions/ef4ab5a7-c2c0-4304-af80-af49f48af3d1/resourceGroups/hanarghsr2/providers/Microsoft.Compute/virtualMachines/hsr-primary`.

+## Check the registration of primary and secondary servers to the vault

+To check if primary and secondary servers are registered to the vault, run the following command:

+```azurecli

+az backup container list --resource-group hanarghsr2 --vault-name hanavault10 --output table --backup-management-type AzureWorkload

+Name Friendly Name Resource Group Type Registration Status

+-- - -

+VMAppContainer;Compute;hanarghsr2;hsr-primary hsr-primary hanarghsr2 AzureWorkload Registered

+VMAppContainer;Compute;hanarghsr2;hsr-secondary hsr-secondary hanarghsr2 AzureWorkload Registered

+```

+## View the item list for protection

+To check the items that you can protect, run the following command:

+```azurecli

+az backup protectable-item list --resource-group hanarghsr2 --vault-name hanavault10 --workload-type SAPHANA --output table

+pradeep [ ~ ]$ az backup protectable-item list --resource-group hanarghsr2 --vault-name hanavault10 --workload-type SAPHANA --output table

+Name Protectable Item Type ParentName ServerName IsProtected

+ -- - -

+saphanasystem;arv SAPHanaSystem ARV hsr-primary NotProtected

+saphanasystem;arv SAPHanaSystem ARV hsr-secondary NotProtected

+hanahsrcontainer;hsrtestps2 HanaHSRContainer HsrTestP2 hsr-primary NotProtected

+saphanadatabase;hsrtestps2;arv SAPHanaDatabase HsrTestP2 hsr-primary NotProtected

+saphanadatabase;hsrtestps2;2;DB1 SAPHanaDatabase HsrTestP2 hsr-primary NotProtected

+saphanadatabase;hsrtestps2;systemdb SAPHanaDatabase HsrTestP2 hsr-primary NotProtected

+```

+## Rediscover the database

+If the database isn't in the item list that can be protected or to rediscover the database, reinitiate discovery on the physical primary VM by running the following command:

+```azurecli

+az backup protectable-item initialize --resource-group hanarghsr2 --vault-name hanavault10 --container-name "VMAppContainer;Compute;hanarghsr2;hsr-primary" --workload-type SAPHanaDatabase

+```

+## Enable protection for the database

+To enable protection for the database listed under the HSR System with required backup policy, run the following command:

+```azurecli

+az backup protection enable-for-azurewl --resource-group hanarghsr2 --vault-name hanavault10 --policy-name hanahsr --protectable-item-name "saphanadatabase;hsrtestps2;DB1" --protectable-item-type SAPHanaDatabase --workload-type SAPHanaDatabase --output table --server-name HsrTestP2

+az backup protection enable-for-azurewl --resource-group hanarghsr2 --vault-name hanavault10 --policy-name hanahsr --protectable-item-name "saphanadatabase;hsrtestps2;systemdb" --protectable-item-type SAPHanaDatabase --workload-type SAPHanaDatabase --output table --server-name hsr-secondary

+```

+## Run an on-demand backup

+To initiate a backup job manually, run the following command:

+```azurecli

+az backup protection backup-now --resource-group hanarghsr2 --item-name "saphanadatabase;hsrtestps2;db1" --container-name "hanahsrcontainer;hsrtestp2" --vault-name hanavault10 --backup-type Full --retain-until 01-01-2030 --output table

+Name Operation Status Item Name Backup Management Type Start Time UTC Duration

+ - - -- -- --

+591f1840-4d6a-4464-8f3a-18e586f11bfc Backup (Full) InProgress ARV [hsr-primary] AzureWorkload 2023-04

+```

+## Next steps

+> [!div class="nextstepaction"]

+> [Quickstart: Restore SAP HANA System Replication databases on Azure VMs using Azure CLI](quick-restore-hana-cli.md)

+ Title: Quickstart - Restore an SAP HANA database with Azure CLI

+description: In this quickstart, learn how to restore SAP HANA System Replication database with Azure CLI.

+ms.devlang: azurecli

+# Quickstart: Restore SAP HANA System Replication on Azure VMs using Azure CLI

+This quickstart describes how to restore SAP HANA System Replication (HSR) using Azure CLI.

+SAP HANA databases are critical workloads that require a low recovery-point objective (RPO) and long-term retention. This article describes how you can back up SAP HANA databases that are running on Azure virtual machines (VMs) to an Azure Backup Recovery Services vault by using Azure Backup.

+>[!Note]

+>- Original Location Recovery (OLR) is currently not supported for HSR.

+>- Restore to HSR instance isn't supported. However, restore only to HANA instance is supported.

+For more information about the supported configurations and scenarios, see [SAP HANA backup support matrix](sap-hana-backup-support-matrix.md).

+## View the restore points for a protected database

+Before you restore the database, view the available restore points of the protected database by running the following command:

+```azurecli

+az backup recoverypoint list --resource-group hanarghsr2 --vault-name hanavault10 --container-name "hanahsrcontainer;hsrtestps2" --item-name "saphanadatabase;hsrtestpradeep2;db1" --output table

+abc@Azure:~$ az backup recoverypoint list --resource-group hanarghsr2 --vault-name hanavault10 --container-name "hanahsrcontainer;hsrtestps2" --item-name "saphanadatabase;hsrtestps2;db1" --output table

+```

+The list of recovery points will look as follows:

+```Output

+Name Time BackupManagementType Item Name RecoveryPointType

+- -- - -- -

+62640091676331 2023-05-04T08:13:09.469000+00:00 AzureWorkload SAPHanaDatabase;hsrtestps2;db1 Full

+68464937558101 2023-05-04T07:49:02.988000+00:00 AzureWorkload SAPHanaDatabase;hsrtestps2;db1 Full

+56015648627567 2023-05-04T07:27:54.425000+00:00 AzureWorkload SAPHanaDatabase;hsrtestps2;db1 Full

+DefaultRangeRecoveryPoint AzureWorkload SAPHanaDatabase;hsrtestps2;db1 Log

+arvind@Azure:~$

+```

+>[!Note]

+>If the command fails to extract the backup management type, check if the container name specified is complete or try using container friendly name instead.

+## Restore to an alternate location

+To restore the database using Alternate Location Restore (ALR), run the following command:

+```azurecli

+az backup recoveryconfig show --resource-group hanarghsr2 --vault-name hanavault10 --container-name "hanahsrcontainer;hsrtestps2" --item-name "saphanadatabase;hsrtestps2;db1" --restore-mode AlternateWorkloadRestore --log-point-in-time 04-05-2023-08:27:54 --target-item-name restored_DB_pradeep --target-server-name hsr-primary --target-container-name hsr-primary --target-server-type HANAInstance --backup-management-type AzureWorkload --workload-type SAPHANA --output json > recoveryInput.json

+ arvind@Azure:~$ cat recoveryInput.json

+{

+ "alternate_directory_paths": null,

+ "container_id": "/subscriptions/ef4ab5a7-c2c0-4304-af80-af49f48af3d1/resourceGroups/hanarghsr2/providers/Microsoft.RecoveryServices/vaults/hanavault10/backupFabrics/Azure/protectionContainers/vmappcontainer;compute;hanarghsr2;hsr-primary",

+ "container_uri": "HanaHSRContainer;hsrtestps2",

+ "database_name": "ARV/restored_DB_p2",

+ "filepath": null,

+ "item_type": "SAPHana",

+ "item_uri": "SAPHanaDatabase;hsrtestps2;db1",

+ "log_point_in_time": "04-05-2023-08:27:54",

+ "recovery_mode": null,

+ "recovery_point_id": "DefaultRangeRecoveryPoint",

+ "restore_mode": "AlternateLocation",

+ "source_resource_id": null,

+ "workload_type": "SAPHanaDatabase"

+}

+arvind@Azure:~$

+az backup restore restore-azurewl --resource-group hanarghsr2 --vault-name hanavault10 --recovery-config recoveryInput.json --output table

+```

+## Restore as files:

+To restore the database as files, run the following command:

+```azurecli

+az backup recoveryconfig show --resource-group hanarghsr2 \

+ --vault-name hanavault10 \

+ --container-name "hanahsrcontainer;hsrtestps2" \

+ --item-name "saphanadatabase;hsrtestps2;arv" \

+ --restore-mode RestoreAsFiles \

+ --log-point-in-time 18-04-2023-09:53:00 \

+ --rp-name DefaultRangeRecoveryPoint \

+ --target-container-name "VMAppContainer;Compute;hanarghsr2;hsr-primary" \

+ --filepath /home/abc \

+ --output json

+

+ az backup restore restore-azurewl --resource-group hanarghsr2 \

+ --vault-name hanavault10 \

+ --restore-config recoveryconfig.json \

+ --output json

+az backup recoveryconfig show --resource-group hanarghsr2 --vault-name hanavault10 --container-name "hanahsrcontainer;hsrtestps2" --item-name "saphanadatabase;hsrtestps2;arv" --restore-mode RestoreAsFiles --log-point-in-time 18-04-2023-09:53:00 --rp-name DefaultRangeRecoveryPoint --target-container-name "VMAppContainer;Compute;hanarghsr2;hsr-primary" --filepath /home/abc --output json > recoveryconfig.json

+```

+## Next steps

+> [!div class="nextstepaction"]

+> [Troubleshoot backup of SAP HANA databases on Azure](backup-azure-sap-hana-database-troubleshoot.md)

+## Back up a HANA system with replication enabled

+Azure Backup now supports backing up databases that have HSR enabled. This means that backups are managed automatically when a failover occurs, which eliminates the necessity for manual intervention. Backup also offers immediate protection with no remedial full backups, so you can protect HANA instances or HSR setup nodes as a single HSR container.

+>Support for HANA instance snapshots is in preview.

+ >- Based on the size of your database, creating the initial backup might take a while.

+ >- Before a planned failover, ensure that both VMs/Nodes are registered to the vault (physical and logical registration). [Learn more](#verify-the-registration-status-of-vms-or-nodes-to-the-vault).

+### Verify the registration status of VMs or Nodes to the vault

+Before a planned failover, ensure that both VMs/Nodes are registered to the vault (physical and logical registration). If backups fail after failover/fallback, ensure that physical/logical registration is complete. Otherwise, [rediscover the VMs/Nodes](sap-hana-database-with-hana-system-replication-backup.md#discover-the-databases).

+**Confirm the physical registration**

+Go to the *Recovery Services vault* > **Manage** > **Backup Infrastructure** > **Workload in Azure VM**.

+The status of both primary and secondary VMs should be **registered**.

+**Confirm the logical registration**

+Follow these steps:

+1. Go to *Recovery services vault* > **Backup Items** > **SAP HANA in Azure VM**.

+2. Under **HANA System**, select the name of the HANA instance.

+ :::image type="content" source="./media/sap-hana-db-manage/select-database-name.png" alt-text="Screenshot shows how to select the database name." lightbox="./media/sap-hana-db-manage/select-database-name.png":::

+ Two VMs/Nodes appear under **FQDN** and are in **registered** state.

+

+ :::image type="content" source="./media/sap-hana-db-manage/confirm-logical-registration-status.png" alt-text="Screenshot shows the logical registration status." lightbox="./media/sap-hana-db-manage/confirm-logical-registration-status.png":::

+

+>[!Note]

+>If status is in **not registered** state, you need to [rediscover the VMs/Nodes](sap-hana-database-with-hana-system-replication-backup.md#discover-the-databases) and check the status again.

+Azure Backup now supports backup and restore of SAP HANA System Replication (HSR) databases.

+>- The restore process for HANA databases with HSR is the same as the restore process for HANA databases without HSR. As per SAP advisories, you can restore databases with HSR mode as *standalone* databases. If the target system has the HSR mode enabled, first disable the mode, and then restore the database.

+>- Original Location Recovery (OLR) is currently not supported for HSR.

+>- Restore to HSR instance isn't supported. However, restore only to HANA instance is supported.

+ Title: Back up SAP HANA System Replication databases on Azure VMs

+# Back up SAP HANA System Replication databases on Azure VMs

+- Run the preregistration script on both VMs or nodes that are part of HANA System Replication (HSR). You can download the latest preregistration script [from here](https://aka.ms/ScriptForPermsOnHANA). You can also download it from the link under *Recovery Services vault* > **Backup** > **Discover DBs in VMs** > **Start Discovery**.

+ If the password of this custom backup key expires, the backup and restore operations will fail.

+ **Example**:

+ ```HDBSQL

+ hdbuserstore set SYSTEMKEY localhost:30013@SYSTEMDB <custom-user> '<some-password>'

+ hdbuserstore set SYSTEMKEY <load balancer host/ip>:30013@SYSTEMDB <custom-user> '<some-password>'

+ ```

+ >[!Note]

+ >You can create a custom backup key using the load balancer host/IP instead of local host to use Virtual IP (VIP).

+1. Create the same *Custom backup user* (with the same password) and key (in *hdbuserstore*) on both VMs/nodes.

+1. Run the SAP HANA backup configuration script (preregistration script) in the VMs where HANA is installed as the root user. This script sets up the HANA system for backup. For more information about the script actions, see the [What the preregistration script does](tutorial-backup-sap-hana-db.md#what-the-pre-registration-script-does) section.

+ There's no HANA-generated unique ID for an HSR setup. So, you need to provide a unique ID that helps the backup service to group all nodes of an HSR as a single data source.

+## Discover the databases

+To discover the HSR database, follow these steps:

+1. In the Azure portal, go to **Backup center**, and then select **+ Backup**.

+ :::image type="content" source="./media/sap-hana-database-with-hana-system-replication-backup/initiate-database-discovery.png" alt-text="Screenshot that shows how to start database discovery.":::

+1. Select **SAP HANA in Azure VM** as the data source type, select the Recovery Services vault to use for the backup, and then select **Continue**.

+ :::image type="content" source="./media/sap-hana-database-with-hana-system-replication-backup/configure-backup.png" alt-text="Screenshot that shows how to configure a database backup.":::

+1. Select **Start Discovery** to initiate the discovery of unprotected Linux VMs in the vault region.

+ - After discovery, unprotected VMs appear in the portal, listed by name and resource group.

+ - If a VM isn't listed as expected, check to see whether it's already backed up in a vault.

+ - Multiple VMs can have the same name, but they must belong to different resource groups.

+ :::image type="content" source="./media/sap-hana-database-with-hana-system-replication-backup/discover-hana-database.png" alt-text="Screenshot that shows how to discover a HANA database.":::

+1. On the **Select Virtual Machines** pane, at the bottom, select the **this** link in **Run this script on the SAP HANA VMs to provide these permissions to Azure Backup service**.

+ :::image type="content" source="./media/sap-hana-database-with-hana-system-replication-backup/download-script.png" alt-text="Screenshot that highlights the link for downloading the script." lightbox="./media/sap-hana-database-with-hana-system-replication-backup/download-script.png":::

+1. Run the script on each VM that hosts SAP HANA databases that you want to back up.

+1. On the **Select Virtual Machines** pane, after you run the script on the VMs, select the VMs, and then select **Discover DBs**.

+ Azure Backup discovers all SAP HANA databases on the VM. During discovery, Azure Backup registers the VM with the vault and installs an extension on the VM. It doesn't install any agent on the database.

+ To view the details about all the databases of each discovered VM, select **View details** under the **Step 1: Discover DBs in VMs section**.

+ :::image type="content" source="./media/sap-hana-database-with-hana-system-replication-backup/select-virtual-machines-for-protection.png" alt-text="Screenshot that shows a list of virtual machines available to be backed up." lightbox="./media/sap-hana-database-with-hana-system-replication-backup/select-virtual-machines-for-protection.png":::

+>[!Note]

+>During the *Configure system DB backup* stage, you need to set this parameter `[inifile_checker]/replicate` on the primary node. This enables to replicate parameters from the primary to secondary node or vm.

+>[!Note]

+>Before a planned failover, ensure that both VMs/Nodes are registered to the vault (physical and logical registration). [Learn more](sap-hana-database-manage.md#verify-the-registration-status-of-vms-or-nodes-to-the-vault).

+- [Restore SAP HANA System Replication databases on Azure VMs](sap-hana-database-restore.md)

+- [About backing up SAP HANA System Replication databases on Azure VMs](sap-hana-database-about.md#back-up-a-hana-system-with-replication-enabled)

+This tutorial describes how to back up SAP HANA database and SAP HANA System Replication (HSR) instances using Azure CLI.

+Azure Backup also supports backup and restore of SAP HANA System Replication (HSR).

+This document assumes that you already have an SAP HANA database installed on an Azure VM. (You can also [create a VM using Azure CLI](../virtual-machines/linux/quick-create-cli.md)).

+For more information on the supported scenarios, see the [support matrix](./sap-hana-backup-support-matrix.md#scenario-support) for SAP HANA.

+**Choose a database type**:

+# [HANA database](#tab/hana-database)

+For this tutorial, we'll be using:

+# [HSR database](#tab/hsr-database)

+To create the Recovery Services vault for HSR database instance protection, run the following command:

+```azurecli

+az backup vault create --resource-group hanarghsr2 --name hanavault10 --location westus2

+```

+Once the script is run, the SAP HANA instance can be registered with the Recovery Services vault we created earlier.

+**Choose a database type**

+# [HANA database](#tab/hana-database)

+To register and protect database instance, follow these steps:

+1. To register the instance, use the [az backup container register](/cli/azure/backup/container#az-backup-container-register) command. *VMResourceId* is the resource ID of the VM that you created to install SAP HANA.

+ ```azurecli-interactive

+ az backup container register --resource-group saphanaResourceGroup \

+ --vault-name saphanaVault \

+ --workload-type SAPHANA \

+ --backup-management-type AzureWorkload \

+ --resource-id VMResourceId

+ ```

+ >[!NOTE]

+ >If the VM isn't in the same resource group as the vault, then *saphanaResourceGroup* refers to the resource group where the vault was created.

+ Registering the SAP HANA instance automatically discovers all its current databases. However, to discover any new databases that may be added in the future refer to the [Discovering new databases added to the registered SAP HANA](tutorial-sap-hana-manage-cli.md#protect-new-databases-added-to-an-sap-hana-instance) instance section.

+1. To check if the SAP HANA instance is successfully registered with your vault, use the [az backup container list](/cli/azure/backup/container#az-backup-container-list) cmdlet. You'll see the following response:

+ ```output

+ Name Friendly Name Resource Group Type Registration Status

+ -- -- -

+ VMAppContainer;Compute;saphanaResourceGroup;saphanaVM saphanaVM saphanaResourceGroup AzureWorkload Registered

+ ```

+ >[!NOTE]

+ > The column ΓÇ£nameΓÇ¥ in the above output refers to the container name. This container name will be used in the next sections to enable backups and trigger them. Which in this case, is *VMAppContainer;Compute;saphanaResourceGroup;saphanaVM*.

+# [HSR database](#tab/hsr-database)

+To register and protect database instance, follow these steps:

+1. To register and protect the SAP HANA database running on primary Azure VM, run the following command:

+ ```azurecli

+ az backup container register --resource-group hanarghsr2 --vault-name hanavault10 --workload-type SAPHANA --backup-management-type AzureWorkload --resource-id "/subscriptions/ef4ab5a7-c2c0-4304-af80-af49f48af3d1/resourceGroups/hanarghsr2/providers/Microsoft.Compute/virtualMachines/hsr-primary"

+ ```

+1. To register and protect the SAP HANA database running on secondary Azure VM, run the following command:

+ ```azurecli

+ az backup container register --resource-group hanarghsr2 --vault-name hanavault10 --workload-type SAPHANA --backup-management-type AzureWorkload --resource-id "/subscriptions/ef4ab5a7-c2c0-4304-af80-af49f48af3d1/resourceGroups/hanarghsr2/providers/Microsoft.Compute/virtualMachines/hsr-secondary"

+ ```

+ To identify `resource-id`, run the following command:

+ ```azurecli

+ az vm show --name hsr-primary --resource-group hanarghsr2

+ ```

+ For example, `id` is `/subscriptions/ef4ab5a7-c2c0-4304-af80-af49f48af3d1/resourceGroups/hanarghsr2/providers/Microsoft.Compute/virtualMachines/hsr-primary`.

+1. To check if primary and secondary servers are registered to the vault, run the following command:

+ ```azurecli

+ az backup container list --resource-group hanarghsr2 --vault-name hanavault10 --output table --backup-management-type AzureWorkload

+ Name Friendly Name Resource Group Type Registration Status

+ -- - -

+ VMAppContainer;Compute;hanarghsr2;hsr-primary hsr-primary hanarghsr2 AzureWorkload Registered

+ VMAppContainer;Compute;hanarghsr2;hsr-secondary hsr-secondary hanarghsr2 AzureWorkload Registered

+ ```

+**Choose a database type**

+# [HANA database](#tab/hana-database)

+To enable database instance backup, follow these steps:

+1. To list the database to be protected, run the following command:

+ ```azurecli-interactive

+ az backup protectable-item list --resource-group saphanaResourceGroup \

+ --vault-name saphanaVault \

+ --workload-type SAPHANA \

+ --output table

+ ```

+ You should find the database that you want to back up in this list, which will look as follows:

+ ```output

+ Name Protectable Item Type ParentName ServerName IsProtected

+ -- - --

+ saphanasystem;hxe SAPHanaSystem HXE hxehost NotProtected

+ saphanadatabase;hxe;systemdb SAPHanaDatabase HXE hxehost NotProtected

+ saphanadatabase;hxe;hxe SAPHanaDatabase HXE hxehost NotProtected

+ ```

+ As you can see from the above output, the SID of the SAP HANA system is HXE. In this tutorial, we'll configure backup for the `saphanadatabase;hxe;hxe` database that resides on the `hxehost` server.

+1. To protect and configure the backups on a database, one at a time, we use the [az backup protection enable-for-azurewl](/cli/azure/backup/protection#az-backup-protection-enable-for-azurewl) cmdlet. Provide the name of the policy that you want to use. To create a policy using CLI, use the [az backup policy create](/cli/azure/backup/policy#az-backup-policy-create) cmdlet. For this tutorial, we'll be using the *sapahanaPolicy* policy.

+ ```azurecli-interactive

+ az backup protection enable-for-azurewl --resource-group saphanaResourceGroup \

+ --vault-name saphanaVault \

+ --policy-name saphanaPolicy \

+ --protectable-item-name "saphanadatabase;hxe;hxe" \

+ --protectable-item-type SAPHANADatabase \

+ --server-name hxehost \

+ --workload-type SAPHANA \

+ --output table

+ ```

+1. To check if the above backup configuration is complete, use the [az backup job list](/cli/azure/backup/job#az-backup-job-list) cmdlet. The output will display as follows:

+ ```output

+ Name Operation Status Item Name Start Time UTC

+ - -

+ e0f15dae-7cac-4475-a833-f52c50e5b6c3 ConfigureBackup Completed hxe 2019-12-03T03:09:210831+00:00

+ ```

+### Get the container name

+# [HSR database](#tab/hsr-database)

+To enable database instance backup, follow these steps:

+1. To check the items that you can protect, run the following command:

+ ```azurecli

+ az backup protectable-item list --resource-group hanarghsr2 --vault-name hanavault10 --workload-type SAPHANA --output table

+ pradeep [ ~ ]$ az backup protectable-item list --resource-group hanarghsr2 --vault-name hanavault10 --workload-type SAPHANA --output table

+ Name Protectable Item Type ParentName ServerName IsProtected

+ -- - -

+ saphanasystem;arv SAPHanaSystem ARV hsr-primary NotProtected

+ saphanasystem;arv SAPHanaSystem ARV hsr-secondary NotProtected

+ hanahsrcontainer;hsrtestps2 HanaHSRContainer HsrTestP2 hsr-primary NotProtected

+ saphanadatabase;hsrtestps2;arv SAPHanaDatabase HsrTestP2 hsr-primary NotProtected

+ saphanadatabase;hsrtestps2;2;DB1 SAPHanaDatabase HsrTestP2 hsr-primary NotProtected

+ saphanadatabase;hsrtestps2;systemdb SAPHanaDatabase HsrTestP2 hsr-primary NotProtected

+ ```

+ If the database isn't in the item list that can be protected or to rediscover the database, reinitiate discovery on the physical primary VM by running the following command:

+ ```azurecli

+ az backup protectable-item initialize --resource-group hanarghsr2 --vault-name hanavault10 --container-name "VMAppContainer;Compute;hanarghsr2;hsr-primary" --workload-type SAPHanaDatabase

+ ```

+1. To enable protection for the database listed under the HSR System with required backup policy, run the following command:

+ ```azurecli

+ az backup protection enable-for-azurewl --resource-group hanarghsr2 --vault-name hanavault10 --policy-name hanahsr --protectable-item-name "saphanadatabase;hsrtestps2;DB1" --protectable-item-type SAPHanaDatabase --workload-type SAPHanaDatabase --output table --server-name HsrTestP2

+ az backup protection enable-for-azurewl --resource-group hanarghsr2 --vault-name hanavault10 --policy-name hanahsr --protectable-item-name "saphanadatabase;hsrtestps2;systemdb" --protectable-item-type SAPHanaDatabase --workload-type SAPHanaDatabase --output table --server-name hsr-secondary

+ ```

+**Choose a database type**

+# [HANA database](#tab/hana-database)

+To run an on-demand backup, run the following command:

+# [HSR database](#tab/hsr-database)

+To run an on-demand backup, run the following command:

+```azurecli

+az backup protection backup-now --resource-group hanarghsr2 --item-name "saphanadatabase;hsrtestps2;db1" --container-name "hanahsrcontainer;hsrtestp2" --vault-name hanavault10 --backup-type Full --retain-until 01-01-2030 --output table

+```

+The output will display as follows:

+```Output

+Name Operation Status Item Name Backup Management Type Start Time UTC Duration

+ - - -- -- --

+591f1840-4d6a-4464-8f3a-18e586f11bfc Backup (Full) InProgress ARV [hsr-primary] AzureWorkload 2023-04

+```

+This tutorial describes how to restore SAP HANA database and SAP HANA System Replication (HSR) instances using Azure CLI.

+Azure Backup also supports backup and restore of SAP HANA System Replication (HSR).

+>[!Note]

+>- Original Location Recovery (OLR) is currently not supported for HSR.

+>- Restore to HSR instance isn't supported. However, restore only to HANA instance is supported.

+Use [Azure Cloud Shell](tutorial-sap-hana-backup-cli.md) to run CLI commands.

+* Protected container named `VMAppContainer;Compute;saphanaResourceGroup;saphanaVM`

+* Backed-up database/item named `saphanadatabase;hxe;hxe`

+For more information on the supported configurations and scenarios, see the [SAP HANA backup support matrix](sap-hana-backup-support-matrix.md).

+**Choose a database type**:

+# [HANA database](#tab/hana-database)

+To view the available recovery points, run the following command:

+# [HSR database](#tab/hsr-database)

+To view the available recovery points, run the following command:

+```azurecli

+az backup recoverypoint list --resource-group hanarghsr2 --vault-name hanavault10 --container-name "hanahsrcontainer;hsrtestps2" --item-name "saphanadatabase;hsrtestpradeep2;db1" --output table

+abc@Azure:~$ az backup recoverypoint list --resource-group hanarghsr2 --vault-name hanavault10 --container-name "hanahsrcontainer;hsrtestps2" --item-name "saphanadatabase;hsrtestps2;db1" --output table

+```

+The list of recovery points will look as follows:

+```Output

+Name Time BackupManagementType Item Name RecoveryPointType

+- -- - -- -

+62640091676331 2023-05-04T08:13:09.469000+00:00 AzureWorkload SAPHanaDatabase;hsrtestps2;db1 Full

+68464937558101 2023-05-04T07:49:02.988000+00:00 AzureWorkload SAPHanaDatabase;hsrtestps2;db1 Full

+56015648627567 2023-05-04T07:27:54.425000+00:00 AzureWorkload SAPHanaDatabase;hsrtestps2;db1 Full

+DefaultRangeRecoveryPoint AzureWorkload SAPHanaDatabase;hsrtestps2;db1 Log

+arvind@Azure:~$

+```

+By using the above restore point name and the restore mode, let's create the recovery config object using the [az backup recoveryconfig show](/cli/azure/backup/recoveryconfig#az-backup-recoveryconfig-show) cmdlet. Let's look at what each of the remaining parameters in this cmdlet mean:

+**Choose a database type**:

+# [HANA database](#tab/hana-database)

+To start the restore operation, run the following command:

+```Output

+# [HSR database](#tab/hsr-database)

+To start the restore operation, run the following command:

+```azurecli

+az backup recoveryconfig show --resource-group hanarghsr2 --vault-name hanavault10 --container-name "hanahsrcontainer;hsrtestps2" --item-name "saphanadatabase;hsrtestps2;db1" --restore-mode AlternateWorkloadRestore --log-point-in-time 04-05-2023-08:27:54 --target-item-name restored_DB_pradeep --target-server-name hsr-primary --target-container-name hsr-primary --target-server-type HANAInstance --backup-management-type AzureWorkload --workload-type SAPHANA --output json > recoveryInput.json

+ arvind@Azure:~$ cat recoveryInput.json

+{

+ "alternate_directory_paths": null,

+ "container_id": "/subscriptions/ef4ab5a7-c2c0-4304-af80-af49f48af3d1/resourceGroups/hanarghsr2/providers/Microsoft.RecoveryServices/vaults/hanavault10/backupFabrics/Azure/protectionContainers/vmappcontainer;compute;hanarghsr2;hsr-primary",

+ "container_uri": "HanaHSRContainer;hsrtestps2",

+ "database_name": "ARV/restored_DB_p2",

+ "filepath": null,

+ "item_type": "SAPHana",

+ "item_uri": "SAPHanaDatabase;hsrtestps2;db1",

+ "log_point_in_time": "04-05-2023-08:27:54",

+ "recovery_mode": null,

+ "recovery_point_id": "DefaultRangeRecoveryPoint",

+ "restore_mode": "AlternateLocation",

+ "source_resource_id": null,

+ "workload_type": "SAPHanaDatabase"

+}

+arvind@Azure:~$

+az backup restore restore-azurewl --resource-group hanarghsr2 --vault-name hanavault10 --recovery-config recoveryInput.json --output table

+```

+### Restore as files:

+To restore the database as files, run the following command:

+```azurecli

+az backup recoveryconfig show --resource-group hanarghsr2 \

+ --vault-name hanavault10 \

+ --container-name "hanahsrcontainer;hsrtestps2" \

+ --item-name "saphanadatabase;hsrtestps2;arv" \

+ --restore-mode RestoreAsFiles \

+ --log-point-in-time 18-04-2023-09:53:00 \

+ --rp-name DefaultRangeRecoveryPoint \

+ --target-container-name "VMAppContainer;Compute;hanarghsr2;hsr-primary" \

+ --filepath /home/abc \

+ --output json

+

+ az backup restore restore-azurewl --resource-group hanarghsr2 \

+ --vault-name hanavault10 \

+ --restore-config recoveryconfig.json \

+ --output json

+az backup recoveryconfig show --resource-group hanarghsr2 --vault-name hanavault10 --container-name "hanahsrcontainer;hsrtestps2" --item-name "saphanadatabase;hsrtestps2;arv" --restore-mode RestoreAsFiles --log-point-in-time 18-04-2023-09:53:00 --rp-name DefaultRangeRecoveryPoint --target-container-name "VMAppContainer;Compute;hanarghsr2;hsr-primary" --filepath /home/abc --output json > recoveryconfig.json

+```

+- June 2023

+ - [Support for backup of SAP HANA System Replication is now generally available](#support-for-backup-of-sap-hana-system-replication-is-now-generally-available)

+## Support for backup of SAP HANA System Replication is now generally available

+Azure Backup now supports backup of HANA database with HANA System Replication. Now, the log backups from the new primary node are accepted immediately; thus provides continuous database automatic protection,

+This eliminates the need of manual intervention to continue backups on the new primary node during a failover. With the elimination of the need to trigger full backups for every failover, you can save costs and reduce time for continue protection.

+For more information, see [Back up a HANA system with replication enabled (preview)](sap-hana-database-about.md#back-up-a-hana-system-with-replication-enabled).

+This eliminates the need of manual intervention to continue backups on the new primary node during a failover. With the elimination of the need to trigger full backups for every failover, you can save costs and reduce time for continue protection.

+For more information, see [Back up a HANA system with replication enabled (preview)](sap-hana-database-about.md#back-up-a-hana-system-with-replication-enabled).

+| Region | Max CPU | Max memory (GB) | VNET max CPU | VNET max memory (GB) | Storage (GB) | GPU SKUs (preview) | Availability Zone support | Confidential SKU | Spot containers (preview) |

+* Outbound connections to port 25 and 19390 are not supported at this time. Port 19390 needs to be opened in your Firewall for connecting to ACI from Azure portal when container groups are deployed in virtual networks.

+> The Microsoft Defender CSPM plan protects across multicloud workloads. With Defender CSPM generally available (GA), the plan will remain free until billing starts on August 1 2023. Billing will apply for Servers, Database, and Storage resources. Billable workloads will be VMs, Storage accounts, OSS DBs, SQL PaaS, & SQL servers on machines.ΓÇï

+Microsoft Defender CSPM protects across all your multicloud workloads, but billing only applies for Servers, Database, and Storage accounts at $5/billable resource/month. The underlying compute services for AKS are regarded as servers for billing purposes.

+>[!Note]

+>Once a plan is enabled, a 30-day trial period begins. There is no way to stop, pause, or extend this trial period.

+>To enjoy the full 30-day trial, make sure to plan ahead to meet your evaluation purposes.

+ > [!NOTE]

+ > Defender for Cloud can be connected to each AWS account or management account only once.

+ a. Choose deployment type, **Default access** or **Least privilege access**.

+ - Default access - Allows Defender for Cloud to scan your resources and automatically include future capabilities.

+ - Least privileged access - Grants Defender for Cloud access only to the current permissions needed for the selected plans. If you select the least privileged permissions, you'll receive notifications on any new roles and permissions that are required to get full functionality on the connector health section.

+ b. Choose deployment method: **AWS CloudFormation** or **Terraform**.

+ :::image type="content" source="media/quickstart-onboard-aws/aws-configure-access.png" alt-text="Screenshot showing the configure access and its deployment options and instructions.":::

+1. Follow the on-screen instructions for the selected deployment method to complete the required dependencies on AWS. If you're onboarding a management account, you'll need to run the CloudFormation template both as Stack and as StackSet. Connectors will be created for the member accounts up to 24 hours after the onboarding.

+1. For each connector, select the three-dot button **…** at the end of the row, and select **Delete**.

+ > [!NOTE]

+ > Defender for Cloud can be connected to each GCP project or organization only once.

+1. Select **Next: Configure access**.

+ a. Choose deployment type, **Default access** or **Least privilege access**.

+ - Default access - Allows Defender for Cloud to scan your resources and automatically include future capabilities.

+ - Least privileged access - Grants Defender for Cloud access only to the current permissions needed for the selected plans. If you select the least privileged permissions, you'll receive notifications on any new roles and permissions that are required to get full functionality on the connector health section.

+ b. Choose deployment method: **GCP Cloud Shell** or **Terraform**.

+1. Follow the on-screen instructions for the selected deployment method to complete the required dependencies on GCP.

+ :::image type="content" source="media/quickstart-onboard-gcp/gcp-configure-access.png" alt-text="Screenshot showing the configure access and its deployment options and instructions.":::

+ > [!NOTE]

+ > To discover GCP resources and for the authentication process, the following APIs must be enabled: `iam.googleapis.com`, `sts.googleapis.com`, `cloudresourcemanager.googleapis.com`, `iamcredentials.googleapis.com`, `compute.googleapis.com`. If these APIs are not enabled, we'll enable them during the onboarding process by running the GCloud script.

+| June 26 | [Streamlined multicloud account onboarding with enhanced settings](#streamlined-multicloud-account-onboarding-with-enhanced-settings) |

+### Streamlined multicloud account onboarding with enhanced settings

+June 26, 2023

+Defender for Cloud have improved the onboarding experience to include a new streamlined user interface and instructions in addition to new capabilities that allow you to onboard your AWS and GCP environments while providing access to advanced onboarding features.

+For organizations that have adopted Hashicorp Terraform for automation, Defender for Cloud now includes the ability to use Terraform as the deployment method alongside AWS CloudFormation or GCP Cloud Shell. You can now customize the required role names when creating the integration. You can also select between:

+- **Default access** - Allows Defender for Cloud to scan your resources and automatically include future capabilities.

+- **Least privileged access** -Grants Defender for Cloud access only to the current permissions needed for the selected plans.

+If you select the least privileged permissions, you'll only receive notifications on any new roles and permissions that are required to get full functionality on the connector health.

+Defender for Cloud allows you to distinguish between your cloud accounts by their native names from the cloud vendors. For example, AWS account aliases and GCP project names.

+Private Endpoint support is now available as part of the Malware Scanning public preview in Defender for Storage. This capability allows enabling Malware Scanning on storage accounts that are using private endpoints. No other configuration is needed.

+[Malware Scanning (Preview)](defender-for-storage-malware-scan.md) in Defender for Storage helps protect your storage accounts from malicious content by performing a full malware scan on uploaded content in near real-time, using Microsoft Defender Antivirus capabilities. It's designed to help fulfill security and compliance requirements for handling untrusted content. It's an agentless SaaS solution that allows simple setup at scale, with zero maintenance, and supports automating response at scale.

+For storage accounts with private endpoints that have Malware Scanning already enabled, you'll need to disable and [enable the plan with Malware Scanning](/azure/storage/common/azure-defender-storage-configure?toc=%2Fazure%2Fdefender-for-cloud%2Ftoc.json&tabs=enable-subscription) for this to work.

+Learn more about using [private endpoints](/azure/private-link/private-endpoint-overview) in [Defender for Storage](defender-for-storage-introduction.md) and how to secure your storage services further.

+Now you can discover potential cost savings in security by applying Defender for Cloud within the context of an [Azure Migrate business case](/azure/migrate/how-to-build-a-business-case).

+> [!NOTE]

+> In the exported file, date values are based on the region settings for the machine you're using to access the OT sensor. We recommend exporting data only from a machine with the same region settings as the sensor that detected your data. For more information, see [Synchronize time zones on an OT sensor](how-to-manage-individual-sensors.md#synchronize-time-zones-on-an-ot-sensor).

+>

+> [!NOTE]

+> In the exported file, date values are based on the region settings for the machine you're using to access the OT sensor. We recommend exporting data only from a machine with the same region settings as your sensor. For more information, see [Synchronize time zones on an OT sensor](how-to-manage-individual-sensors.md#synchronize-time-zones-on-an-ot-sensor).

+>

+ OEPAirFlowTask

+ OEPAirFlowTask

+ OEPAirFlowTask

+ OEPAirFlowTask

+| Microsoft Defender for Identity | 12076:5220 |

+**Classic WAF policy with only managed WAF rules, or both managed and custom WAF rules** - the new Azure Front Door profile defaults to Premium tier and can't be downgraded during the migration. If you want to use Standard tier, then you need to remove the WAF policy association or delete the managed WAF rules from the Front Door (classic) WAF policy.

+- [Azure Kubernetes Service](/azure/aks/learn/quick-kubernetes-deploy-cli) should be used to host the cloud microservices

+- For production deployments that require staging, rollback, scaling, and resilience, the platform can be deployed into [Azure Kubernetes Service (AKS)](/azure/aks/learn/quick-kubernetes-deploy-cli)

+- Deploying Azure Industrial IoT Platform microservices into an existing Kubernetes cluster using [Helm](https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/api-management/how-to-deploy-self-hosted-gateway-kubernetes-helm.md).

+- [Deploying Azure Industrial IoT Platform](/azure/industrial-iot/tutorial-deploy-industrial-iot-platform)

+- [How to deploy platform into AKS](/azure/aks/learn/quick-kubernetes-deploy-cli)

+The simplest way to configure OPC Publisher is via a configuration file. An example configuration file and format documentation are provided in the file [`publishednodes.json`](https://raw.githubusercontent.com/Azure/Industrial-IoT/main/src/Azure.IIoT.OpcUa.Publisher/tests/Publisher/publishednodes.json) in this repository.

+A cloud-based, companion microservice with a REST interface is described and available [here](https://github.com/Azure/Industrial-IoT/tree/main/docs/opc-publisher). It can be used to configure OPC Publisher via an OpenAPI-compatible interface, for example through Swagger.

+- [opcpublisher](https://github.com/Azure/Industrial-IoT/tree/main/docs/opc-publisher) - forwards OPC-UA data from an OPC-UA server to the **miabgateway**.

+The [opcpublisher](https://github.com/Azure/Industrial-IoT/tree/main/docs/opc-publisher) module on the IoT Edge device forwards OPC-UA data from an OPC-UA server to the **miabgateway** module.

+For example, a typical machine learning project includes the steps of data collection, data preparation, model training, model evaluation, and model deployment. Usually, the data engineers concentrate on data steps, data scientists spend most time on model training and evaluation, the machine learning engineers focus on model deployment and automation of the entire workflow. By leveraging machine learning pipeline, each team only needs to work on building their own steps. The best way of building steps is using [Azure Machine Learning component (v2)](concept-component.md), a self-contained piece of code that does one step in a machine learning pipeline. All these steps built by different users are finally integrated into one workflow through the pipeline definition. The pipeline is a collaboration tool for everyone in the project. The process of defining a pipeline and all its steps can be standardized by each company's preferred DevOps practice. The pipeline can be further versioned and automated. If the ML projects are described as a pipeline, then the best MLOps practice is already applied.

+1. Select **Existing Azure Pipelines YAML file**

+1. Select **Existing Azure Pipelines YAML file**

+1. Select **Existing Azure Pipelines YAML file**

+* Order runs by attributes, like `start_time`:

+* Order runs and limit results. The following example returns the last single run in the experiment:

+* Order runs by the attribute `duration`:

+ ```python

+ mlflow.search_runs(experiment_ids=[ "1234-5678-90AB-CDEFG" ],

+ order_by=["attributes.duration DESC"])

+ ```

+ > [!TIP]

+ > `attributes.duration` is not present in MLflow OSS, but provided in Azure Machine Learning for convenience.

+ > Using `order_by` with expressions containing `metrics.*`, `params.*`, or `tags.*` in the parameter `order_by` is not supported by the moment. Please use `order_values` method from Pandas as shown in the example.

+* Search runs taking longer than one hour:

+ ```python

+ duration = 360 * 1000 # duration is in milliseconds

+ mlflow.search_runs(experiment_ids=[ "1234-5678-90AB-CDEFG" ],

+ filter_string=f"attributes.duration > '{duration}'")

+ ```

+ > [!TIP]

+ > `attributes.duration` is not present in MLflow OSS, but provided in Azure Machine Learning for convenience.

+

+> Only training job pods and batch-deployment pods will have access to the PVC(s); managed and Kubernetes online-deployment pods will not. In addition, only the pods in the same Kubernetes namespace with the PVC(s) will be mounted the volume. Data scientist is able to access the `mount path` specified in the PVC annotation in the job.

+ Title: Create an Azure Nexus Kubernetes cluster by using Azure Resource Manager template (ARM template)

+description: Learn how to create an Azure Nexus Kubernetes cluster by using Azure Resource Manager template (ARM template).

+# Quickstart: Deploy an Azure Nexus Kubernetes cluster by using Azure Resource Manager template (ARM template)

+* Deploy an Azure Nexus Kubernetes cluster using an Azure Resource Manager template.

+This quickstart describes how to use an Azure Resource Manager template (ARM template) to create Azure Nexus Kubernetes cluster.

+## Prerequisites

+## Review the template

+Before deploying the Kubernetes template, let's review the content to understand its structure.

+Once you have reviewed and saved the template file named ```kubernetes-deploy.json```, proceed to the next section to deploy the template.

+## Deploy the template

+1. Create a file named ```kubernetes-deploy-parameters.json``` and add the required parameters in JSON format. You can use the following example as a starting point. Replace the values with your own.

+2. Deploy the template.

+```azurecli

+ az deployment group create \

+ --resource-group myResourceGroup \

+ --template-file kubernetes-deploy.json \

+ --parameters @kubernetes-deploy-parameters.json

+```

+## Review deployed resources

+## Connect to the cluster

+## Add an agent pool

+The cluster created in the previous step has a single node pool. Let's add a second agent pool using the ARM template. The following example creates an agent pool named ```myNexusAKSCluster-nodepool-2```:

+1. Review the template.

+Before adding the agent pool template, let's review the content to understand its structure.

+Once you have reviewed and saved the template file named ```kubernetes-add-agentpool.json```, proceed to the next section to deploy the template.

+1. Create a file named ```kubernetes-nodepool-parameters.json``` and add the required parameters in JSON format. You can use the following example as a starting point. Replace the values with your own.

+2. Deploy the template.

+```azurecli

+ az deployment group create \

+ --resource-group myResourceGroup \

+ --template-file kubernetes-add-agentpool.json \

+ --parameters @kubernetes-nodepool-parameters.json

+```

+## Clean up resources

+## Next steps

+ Title: Quickstart - Create an Azure Nexus Kubernetes cluster by using Bicep

+description: Learn how to create an Azure Nexus Kubernetes cluster by using Bicep.

+# Quickstart: Deploy an Azure Nexus Kubernetes cluster using Bicep

+* Deploy an Azure Nexus Kubernetes cluster using Bicep.

+## Prerequisites

+## Review the Bicep file

+Before deploying the Kubernetes template, let's review the content to understand its structure.

+Once you have reviewed and saved the template file named ```kubernetes-deploy.bicep```, proceed to the next section to deploy the template.

+## Deploy the Bicep file

+1. Create a file named ```kubernetes-deploy-parameters.json``` and add the required parameters in JSON format. You can use the following example as a starting point. Replace the values with your own.

+2. Deploy the template.

+```azurecli

+ az deployment group create \

+ --resource-group myResourceGroup \

+ --template-file kubernetes-deploy.bicep \

+ --parameters @kubernetes-deploy-parameters.json

+```

+## Review deployed resources

+## Connect to the cluster

+## Add an agent pool

+The cluster created in the previous step has a single node pool. Let's add a second agent pool using the Bicep template. The following example creates an agent pool named ```myNexusAKSCluster-nodepool-2```:

+1. Review the template.

+Before adding the agent pool template, let's review the content to understand its structure.

+Once you have reviewed and saved the template file named ```kubernetes-add-agentpool.bicep```, proceed to the next section to deploy the template.

+1. Create a file named ```kubernetes-nodepool-parameters.json``` and add the required parameters in JSON format. You can use the following example as a starting point. Replace the values with your own.

+2. Deploy the template.

+```azurecli

+ az deployment group create \

+ --resource-group myResourceGroup \

+ --template-file kubernetes-add-agentpool.bicep \

+ --parameters @kubernetes-nodepool-parameters.json

+```

+## Clean up resources

+## Next steps

+ Title: Create an Azure Nexus Kubernetes cluster by using Azure CLI

+description: Learn how to create an Azure Nexus Kubernetes cluster by using Azure CLI.

+# Quickstart: Create an Azure Nexus Kubernetes cluster by using Azure CLI

+* Deploy an Azure Nexus Kubernetes cluster using Azure CLI.

+## Before you begin

+## Create an Azure Nexus Kubernetes cluster

+The following example creates a cluster named *myNexusAKSCluster* in resource group *myResourceGroup* in the *eastus* location.

+Before you run the commands, you need to set several variables to define the configuration for your cluster. Here are the variables you need to set, along with some default values you can use for certain variables:

+| Variable | Description |

+| -- | |

+| LOCATION | The Azure region where you want to create your cluster. |

+| RESOURCE_GROUP | The name of the Azure resource group where you want to create the cluster. |

+| SUBSCRIPTION_ID | The ID of your Azure subscription. |

+| CUSTOM_LOCATION | This argument specifies a custom location of the Nexus instance. |

+| CSN_ARM_ID | CSN ID is the unique identifier for the cloud services network you want to use. |

+| CNI_ARM_ID | CNI ID is the unique identifier for the network interface to be used by the container runtime. |

+| AAD_ADMIN_GROUP_OBJECT_ID | The object ID of the Azure Active Directory group that should have admin privileges on the cluster. |

+| CLUSTER_NAME | The name you want to give to your Nexus Kubernetes cluster. |

+| K8S_VERSION | The version of Kubernetes you want to use. |

+| ADMIN_USERNAME | The username for the cluster administrator. |

+| SSH_PUBLIC_KEY | The SSH public key that is used for secure communication with the cluster. |

+| CONTROL_PLANE_COUNT | The number of control plane nodes for the cluster. |

+| CONTROL_PLANE_VM_SIZE | The size of the virtual machine for the control plane nodes. |

+| INITIAL_AGENT_POOL_NAME | The name of the initial agent pool. |

+| INITIAL_AGENT_POOL_COUNT | The number of nodes in the initial agent pool. |

+| INITIAL_AGENT_POOL_VM_SIZE | The size of the virtual machine for the initial agent pool. |

+| POD_CIDR | The network range for the Kubernetes pods in the cluster, in CIDR notation. |

+| SERVICE_CIDR | The network range for the Kubernetes services in the cluster, in CIDR notation. |

+| DNS_SERVICE_IP | The IP address for the Kubernetes DNS service. |

+Once you've defined these variables, you can run the Azure CLI command to create the cluster. The ```--debug``` flag at the end is used to provide more detailed output for troubleshooting purposes.

+To define these variables, use the following set commands and replace the example values with your preferred values. You can also use the default values for some of the variables, as shown in the following example:

+```bash

+RESOURCE_GROUP="myResourceGroup"

+LOCATION="$(az group show --name $RESOURCE_GROUP --query location | tr -d '\"')"

+SUBSCRIPTION_ID="$(az account show -o tsv --query id)"

+CUSTOM_LOCATION="/subscriptions/<subscription_id>/resourceGroups/<managed_resource_group>/providers/microsoft.extendedlocation/customlocations/<custom-location-name>"

+CSN_ARM_ID="/subscriptions/<subscription_id>/resourceGroups/<resource_group>/providers/Microsoft.NetworkCloud/cloudServicesNetworks/<csn-name>"

+CNI_ARM_ID="/subscriptions/<subscription_id>/resourceGroups/<resource_group>/providers/Microsoft.NetworkCloud/l3Networks/<l3Network-name>"

+AAD_ADMIN_GROUP_OBJECT_ID="00000000-0000-0000-0000-000000000000"

+CLUSTER_NAME="myNexusAKSCluster"

+K8S_VERSION="v1.24.9"

+ADMIN_USERNAME="azureuser"

+SSH_PUBLIC_KEY="$(cat ~/.ssh/id_rsa.pub)"

+CONTROL_PLANE_COUNT="1"

+CONTROL_PLANE_VM_SIZE="NC_G2_v1"

+INITIAL_AGENT_POOL_NAME="${CLUSTER_NAME}-nodepool-1"

+INITIAL_AGENT_POOL_COUNT="1"

+INITIAL_AGENT_POOL_VM_SIZE="NC_M4_v1"

+POD_CIDR="10.244.0.0/16"

+SERVICE_CIDR="10.96.0.0/16"

+DNS_SERVICE_IP="10.96.0.10"

+```

+> [!NOTE]

+> It is essential that you replace the placeholders for CUSTOM_LOCATION, CSN_ARM_ID, CNI_ARM_ID, and AAD_ADMIN_GROUP_OBJECT_ID with your actual values before running these commands.

+After defining these variables, you can create the Kubernetes cluster by executing the following Azure CLI command:

+```azurecli

+az networkcloud kubernetescluster create \

+--name "${CLUSTER_NAME}" \

+--resource-group "${RESOURCE_GROUP}" \

+--subscription "${SUBSCRIPTION_ID}" \

+--extended-location name="${CUSTOM_LOCATION}" type=CustomLocation \

+--location "${LOCATION}" \

+--kubernetes-version "${K8S_VERSION}" \

+--aad-configuration admin-group-object-ids="[${AAD_ADMIN_GROUP_OBJECT_ID}]" \

+--admin-username "${ADMIN_USERNAME}" \

+--ssh-key-values "${SSH_PUBLIC_KEY}" \

+--control-plane-node-configuration \

+ count="${CONTROL_PLANE_COUNT}" \

+ vm-sku-name="${CONTROL_PLANE_VM_SIZE}" \

+--initial-agent-pool-configurations "[{count:${INITIAL_AGENT_POOL_COUNT},mode:System,name:${INITIAL_AGENT_POOL_NAME},vm-sku-name:${INITIAL_AGENT_POOL_VM_SIZE}}]" \

+--network-configuration \

+ cloud-services-network-id="${CSN_ARM_ID}" \

+ cni-network-id="${CNI_ARM_ID}" \

+ pod-cidrs="[${POD_CIDR}]" \

+ service-cidrs="[${SERVICE_CIDR}]" \

+ dns-service-ip="${DNS_SERVICE_IP}"

+```

+After a few minutes, the command completes and returns information about the cluster. For more advanced options, see [Quickstart: Deploy an Azure Nexus Kubernetes cluster using Bicep](./quickstarts-kubernetes-cluster-deployment-bicep.md).

+## Review deployed resources

+## Connect to the cluster

+## Add an agent pool

+The cluster created in the previous step has a single node pool. Let's add a second agent pool using the ```az networkcloud kubernetescluster agentpool create``` command. The following example creates an agent pool named ```myNexusAKSCluster-nodepool-2```:

+You can also use the default values for some of the variables, as shown in the following example:

+```bash

+RESOURCE_GROUP="myResourceGroup"

+CUSTOM_LOCATION="/subscriptions/<subscription_id>/resourceGroups/<managed_resource_group>/providers/microsoft.extendedlocation/customlocations/<custom-location-name>"

+CLUSTER_NAME="myNexusAKSCluster"

+AGENT_POOL_NAME="${CLUSTER_NAME}-nodepool-2"

+AGENT_POOL_VM_SIZE="NC_M4_v1"

+AGENT_POOL_COUNT="1"

+AGENT_POOL_MODE="System"

+```

+After defining these variables, you can add an agent pool by executing the following Azure CLI command:

+```azurecli

+az networkcloud kubernetescluster agentpool create \

+ --name "${AGENT_POOL_NAME}" \

+ --kubernetes-cluster-name "${CLUSTER_NAME}" \

+ --resource-group "${RESOURCE_GROUP}" \

+ --extended-location name="${CUSTOM_LOCATION}" type=CustomLocation \

+ --count "${AGENT_POOL_COUNT}" \

+ --mode "${AGENT_POOL_MODE}" \

+ --vm-sku-name "${AGENT_POOL_VM_SIZE}"

+```

+After a few minutes, the command completes and returns information about the agent pool. For more advanced options, see [Quickstart: Deploy an Azure Nexus Kubernetes cluster using Bicep](./quickstarts-kubernetes-cluster-deployment-bicep.md).

+## Clean up resources

+## Next steps

+ Title: Scheduled maintenance - Azure Database for PostgreSQL - Flexible Server

+description: This article describes the scheduled maintenance feature in Azure Database for PostgreSQL - Flexible Server.

+# Scheduled maintenance in Azure Database for PostgreSQL ΓÇô Flexible Server

+Azure Database for PostgreSQL - Flexible Server performs periodic maintenance to keep your managed database secure, stable, and up-to-date. During maintenance, the server gets new features, updates, and patches.

+You can update scheduling settings at any time. If there is maintenance scheduled for your flexible server and you update scheduling preferences, the current rollout will proceed as scheduled and the scheduling settings change will become effective upon its successful completion for the next scheduled maintenance.

+ Title: Query Performance Insight - Azure Database for PostgreSQL - Flexible Server

+description: This article describes the Query Performance Insight feature in Azure Database for PostgreSQL - Flexible Server.

+Query Performance Insight provides intelligent query analysis for Azure Postgres Flexible Server databases. It helps identify the top resource consuming and long-running queries in your workload. This helps you find the queries to optimize to improve overall workload performance and efficiently use the resource that you are paying for. Query Performance Insight helps you spend less time troubleshooting database performance by providing:

+select * from pgaadauth_create_principal('<roleName>', <isAdmin>, <isMfa>);

+For example: select * from pgaadauth_create_principal('mary@contoso.com', false, false);

+select * from pgaadauth_create_principal_with_oid('<roleName>', '<objectId>', '<objectType>', <isAdmin>, <isMfa>);

+For example: select * from pgaadauth_create_principal_with_oid('accounting_application', '00000000-0000-0000-0000-000000000000', 'service', false, false);

+- *objectType* - Type of the Azure AD object to link to this role: service, user, group.

+ [--migration-mode]

+|`migration-mode` | This is an optional parameter. Default value: Offline. Offline migration involves copying of your source databases at a point in time, to your target server. |

+az postgres flexible-server migration create --subscription 11111111-1111-1111-1111-111111111111 --resource-group my-learning-rg --name myflexibleserver --migration-name migration1 --properties "C:\Users\Administrator\Documents\migrationBody.JSON" --migration-mode offline

+ "sourceDbServerResourceId":"/subscriptions/<subscriptionid>/resourceGroups/<src_ rg_name>/providers/Microsoft.DBforPostgreSQL/servers/<source server name>",

+"secretParameters": {

+ "adminCredentials":

+ "sourceServerPassword": "<password>",

+ "targetServerPassword": "<password>"

+"dbsToMigrate":

+"overwriteDbsInTarget":"true"

+| `sourceDbServerResourceId` | Required | This parameter is the resource ID of the Single Server source and is mandatory. |

+| `secretParameters` | Required | This parameter lists passwords for admin users for both the Single Server source and the Flexible Server target. These passwords help to authenticate against the source and target servers.

+| `dbsToMigrate` | Required | Specify the list of databases that you want to migrate to Flexible Server. You can include a maximum of eight database names at a time. |

+| `overwriteDbsInTarget` | Required | When set to true (default), if the target server happens to have an existing database with the same name as the one you're trying to migrate, migration tool automatically overwrites the database. |

+- Jun 23, 2023: Updated Azure scheduled events for SLES in [Pacemaker set up guide](./high-availability-guide-suse-pacemaker.md#configure-pacemaker-for-azure-scheduled-events).

+Azure offers [scheduled events](../../virtual-machines/linux/scheduled-events.md). Scheduled events are provided via the metadata service and allow time for the application to prepare for such events. Resource agent [azure-events-az](https://github.com/ClusterLabs/resource-agents/pull/1161) monitors for scheduled Azure events. If events are detected and the resource agent determines that another cluster node is available, it sets a cluster health attribute. When the cluster health attribute is set for a node, the location constraint triggers and all resources, whose name doesnΓÇÖt start with ΓÇ£health-ΓÇ£ are migrated away from the node with scheduled event. Once the affected cluster node is free of running cluster resources, scheduled event is acknowledged and can execute its action, such as restart.

+ > WARNING: cib-bootstrap-options: unknown attribute 'hostName_ **hostname**'

+ > WARNING: cib-bootstrap-options: unknown attribute 'azure-events_globalPullState'

+ > WARNING: cib-bootstrap-options: unknown attribute 'hostName_ **hostname**'

+- [FAQ: High availability for SAP HANA](https://help.sap.com/docs/SAP_HANA_PLATFORM/6b94445c94ae495c83a19646e7c3fd56/6d252db7cdd044d19ad85b46e6c294a4.html)

+| **Data collection rules support** | [Workspace transform DCR](/azure/azure-monitor/logs/tutorial-workspace-transformations-portal) |

+ `sudo wget -O cef_installer.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/CEF/cef_installer.py&&sudo python cef_installer.py {0} {1}`

+ `sudo wget -O cef_troubleshoot.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/CEF/cef_troubleshoot.py&&sudo python cef_troubleshoot.py {0}`

+ > This data connector depends on a parser based on a Kusto Function to work as expected which is deployed as part of the solution. To view the function code in Log Analytics, open Log Analytics/Microsoft Sentinel Logs blade, click Functions and search for the alias ApacheHTTPServer and load the function code or click [here](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/ApacheHTTPServer/Parsers/ApacheHTTPServer.txt). The function usually takes 10-15 minutes to activate after solution installation/update.

+The Apache Tomcat solution provides the capability to ingest [Apache Tomcat](http://tomcat.apache.org/) events into Microsoft Sentinel. Refer to [Apache Tomcat documentation](http://tomcat.apache.org/tomcat-10.0-doc/logging.html) for more information.

+**NOTE:** This data connector depends on a parser based on a Kusto Function to work as expected which is deployed as part of the solution. To view the function code in Log Analytics, open Log Analytics/Microsoft Sentinel Logs blade, click Functions and search for the alias TomcatEvent and load the function code or click [here](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Tomcat/Parsers/TomcatEvent.txt).The function usually takes 10-15 minutes to activate after solution installation/update.

+| **Data collection rules support** | [Workspace transform DCR](/azure/azure-monitor/logs/tutorial-workspace-transformations-portal) |

+**NOTE:** This data connector depends on a parser based on a Kusto Function to work as expected which is deployed as part of the solution. To view the function code in Log Analytics, open Log Analytics/Microsoft Sentinel Logs blade, click Functions and search for the alias ArubaClearPass and load the function code or click [here](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Aruba%20ClearPass/Parsers/ArubaClearPass.txt).The function usually takes 10-15 minutes to activate after solution installation/update.

+ `sudo wget -O cef_installer.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/CEF/cef_installer.py&&sudo python cef_installer.py {0} {1}`

+ `sudo wget -O cef_troubleshoot.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/CEF/cef_troubleshoot.py&&sudo python cef_troubleshoot.py {0}`

+Make sure to configure the machine's security according to your organization's security policy

+| **Data collection rules support** | [Workspace transform DCR](/azure/azure-monitor/logs/tutorial-workspace-transformations-portal) |

+ `sudo wget -O cef_installer.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/CEF/cef_installer.py&&sudo python cef_installer.py {0} {1}`

+ `sudo wget -O cef_troubleshoot.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/CEF/cef_troubleshoot.py&&sudo python cef_troubleshoot.py {0}`

+Connect to Azure DDoS Protection Standard logs via Public IP Address Diagnostic Logs. In addition to the core DDoS protection in the platform, Azure DDoS Protection Standard provides advanced DDoS mitigation capabilities against network attacks. It's automatically tuned to protect your specific Azure resources. Protection is simple to enable during the creation of new virtual networks. It can also be done after creation and requires no application or resource changes. For more information, see the [Microsoft Sentinel documentation](https://go.microsoft.com/fwlink/p/?linkid=2219760&wt.mc_id=sentinel_dataconnectordocs_content_cnl_csasci).

+CyberArk Enterprise Password Vault generates an xml Syslog message for every action taken against the Vault. The EPV will send the xml messages through the Microsoft Sentinel.xsl translator to be converted into CEF standard format and sent to a syslog staging server of your choice (syslog-ng, rsyslog). The Log Analytics agent installed on your syslog staging server will import the messages into Microsoft Log Analytics. Refer to the [CyberArk documentation](https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/PASIMP/DV-Integrating-with-SIEM-Applications.htm) for more guidance on SIEM integrations.

+| **Application settings** | DigitalShadowsAccountID<br/>WorkspaceID<br/>WorkspaceKey<br/>DigitalShadowsKey<br/>DigitalShadowsSecret<br/>HistoricalDays<br/>DigitalShadowsURL<br/>ClassificationFilterOperation<br/>HighVariabilityClassifications<br/>FUNCTION_NAME<br/>logAnalyticsUri (optional)(add any other settings required by the Function App)Set the <code>DigitalShadowsURL</code> value to: <code>https://api.searchlight.app/v1</code>Set the <code>HighVariabilityClassifications</code> value to: <code>exposed-credential,marked-document</code>Set the <code>ClassificationFilterOperation</code> value to: <code>exclude</code> for exclude function app or <code>include</code> for include function app |

+| **Azure function app code** | https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Digital%20Shadows/Data%20Connectors/Digital%20Shadows/digitalshadowsConnector.zip |

+- **Microsoft.Web/sites permissions**: Read and write permissions to Azure Functions to create a Function App is required. [See the documentation to learn more about Azure Functions](/azure/azure-functions/).

+2. Click **+ Create** at the top.

+3. In the **Basics** tab, ensure Runtime stack is set to **python 3.8**.

+4. In the **Hosting** tab, ensure **Plan type** is set to **'Consumption (Serverless)'**.

+5.select Storage account

+6. 'Add other required configurations'.

+2. Import Function App Code(Zip deployment)

+1. Install Azure CLI

+2. From terminal type `az functionapp deployment source config-zip -g <ResourceGroup> -n <FunctionApp> --src <Zip File>` and hit enter. Set the `ResourceGroup` value to: your resource group name. Set the `FunctionApp` value to: your newly created function app name. Set the `Zip File` value to: `digitalshadowsConnector.zip`(path to your zip file). Note:- Download the zip file from the link - [Function App Code](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Digital%20Shadows/Data%20Connectors/Digital%20Shadows/digitalshadowsConnector.zip)

+ DigitalShadowsAccountID

+ WorkspaceID

+ WorkspaceKey

+ DigitalShadowsKey

+ DigitalShadowsSecret

+ HistoricalDays

+ DigitalShadowsURL

+ ClassificationFilterOperation

+ HighVariabilityClassifications

+ FUNCTION_NAME

+Set the `DigitalShadowsURL` value to: `https://api.searchlight.app/v1`

+Set the `HighVariabilityClassifications` value to: `exposed-credential,marked-document`

+Set the `ClassificationFilterOperation` value to: `exclude` for exclude function app or `include` for include function app

+ - Use logAnalyticsUri to override the log analytics API endpoint for dedicated cloud. For example, for public cloud, leave the value empty; for Azure GovUS cloud environment, specify the value in the following format: https://CustomerId.ods.opinsights.azure.us.

+2. Configure the logs to be collected

+Configure the facilities you want to collect and their severities.

+ 1. Under workspace advanced settings **Configuration**, select **Data** and then **Syslog**.

+ 2. Select **Apply below configuration to my machines** and select the facilities and severities.

+ 3. Click **Save**.

+3. Configure Forescout event forwarding

+ Title: "Google Workspace (G Suite) (using Azure Functions) connector for Microsoft Sentinel"

+description: "Learn how to install the connector Google Workspace (G Suite) (using Azure Functions) to connect your data source to Microsoft Sentinel."

+# Google Workspace (G Suite) (using Azure Functions) connector for Microsoft Sentinel

+To integrate with Google Workspace (G Suite) (using Azure Functions) make sure you have:

+- **Microsoft.Web/sites permissions**: Read and write permissions to Azure Functions to create a Function App is required. [See the documentation to learn more about Azure Functions](/azure/azure-functions/).

+ > This connector uses Azure Functions to connect to the Google Reports API to pull its logs into Microsoft Sentinel. This might result in additional data ingestion costs. Check the [Azure Functions pricing page](https://azure.microsoft.com/pricing/details/functions/) for details.

+> **NOTE:** You will need to [prepare VS code](/azure/azure-functions/functions-create-first-function-python#prerequisites) for Azure function development.

+4. (Optional) Change the default delays if required.

+ > **NOTE:** The following default values for ingestion delays have been added for different set of logs from Google Workspace based on Google [documentation](https://support.google.com/a/answer/7061566). These can be modified based on environmental requirements.

+ Fetch Delay - 10 minutes

+ Calendar Fetch Delay - 6 hours

+ Chat Fetch Delay - 1 day

+ User Accounts Fetch Delay - 3 hours

+ Login Fetch Delay - 6 hours

+5. Use logAnalyticsUri to override the log analytics API endpoint for dedicated cloud. For example, for public cloud, leave the value empty; for Azure GovUS cloud environment, specify the value in the following format: `https://<CustomerId>.ods.opinsights.azure.us`.

+6. Once all application settings have been entered, click **Save**.

+The [NXLog AIX Audit](https://docs.nxlog.co/refman/current/im/aixaudit.html) data connector uses the AIX Audit subsystem to read events directly from the kernel for capturing audit events on the AIX platform. This REST API connector can efficiently export AIX Audit events to Microsoft Sentinel in real time.

+| **Supported by** | [NXLog](https://nxlog.co/support-tickets/add/support-ticket) |

+Follow the step-by-step instructions in the *NXLog User Guide* Integration Guide [Microsoft Sentinel](https://docs.nxlog.co/userguide/integrate/microsoft-azure-sentinel.html) to configure this connector.

+The [NXLog BSM](https://docs.nxlog.co/refman/current/im/bsm.html) macOS data connector uses Sun's Basic Security Module (BSM) Auditing API to read events directly from the kernel for capturing audit events on the macOS platform. This REST API connector can efficiently export macOS audit events to Microsoft Sentinel in real-time.

+| **Supported by** | [NXLog](https://nxlog.co/support-tickets/add/support-ticket) |

+Follow the step-by-step instructions in the *NXLog User Guide* Integration Topic [Microsoft Sentinel](https://docs.nxlog.co/userguide/integrate/microsoft-azure-sentinel.html) to configure this connector.

+The [NXLog LinuxAudit](https://docs.nxlog.co/refman/current/im/linuxaudit.html) data connector supports custom audit rules and collects logs without auditd or any other user-space software. IP addresses and group/user IDs are resolved to their respective names making [Linux audit](https://docs.nxlog.co/userguide/integrate/linux-audit.html) logs more intelligible to security analysts. This REST API connector can efficiently export Linux security events to Microsoft Sentinel in real-time.

+| **Supported by** | [NXLog](https://nxlog.co/support-tickets/add/support-ticket) |

+Follow the step-by-step instructions in the *NXLog User Guide* Integration Topic [Microsoft Sentinel](https://docs.nxlog.co/userguide/integrate/microsoft-azure-sentinel.html) to configure this connector.

+The [Qualys Vulnerability Management (VM)](https://www.qualys.com/apps/vulnerability-management/) KnowledgeBase (KB) connector provides the capability to ingest the latest vulnerability data from the Qualys KB into Microsoft Sentinel.

+ This data can used to correlate and enrich vulnerability detections found by the [Qualys Vulnerability Management (VM)](/azure/sentinel/data-connectors-reference#qualys) data connector.

+The [RSA® SecurID Authentication Manager](https://www.securid.com/) data connector provides the capability to ingest [RSA® SecurID Authentication Manager events](https://community.rsa.com/t5/rsa-authentication-manager/rsa-authentication-manager-log-messages/ta-p/630160) into Microsoft Sentinel. Refer to [RSA® SecurID Authentication Manager documentation](https://community.rsa.com/t5/rsa-authentication-manager/getting-started-with-rsa-authentication-manager/ta-p/569582) for more information.

+The [Sophos Cloud Optix](https://www.sophos.com/products/cloud-optix.aspx) connector allows you to easily connect your Sophos Cloud Optix logs with Microsoft Sentinel, to view dashboards, create custom alerts, and improve investigation. This gives you more insight into your organization's cloud security and compliance posture and improves your cloud security operation capabilities.

+In Sophos Cloud Optix go to [Settings->Integrations->Microsoft Sentinel](https://optix.sophos.com/#/integrations/sentinel) and enter the Workspace ID and Primary Key copied in Step 1.

+In Alert Levels, select which Sophos Cloud Optix alerts you want to send to Microsoft Sentinel.

+## Vendor installation instructions

+You can connect your threat intelligence data sources to Microsoft Sentinel by either:

+- Using an integrated Threat Intelligence Platform (TIP), such as Threat Connect, Palo Alto Networks MineMeld, MISP, and others.

+- Calling the Microsoft Sentinel data plane API directly from another application.

+Follow These Steps to Connect to your Threat Intelligence:

+Get AAD Access Token

+To send request to the APIs, you need to acquire Azure Active Directory access token. You can follow instruction in this page: [Get Azure AD tokens for users by using MSAL](/azure/databricks/dev-tools/api/latest/aad/app-aad-token#get-an-azure-ad-access-token).

+ - Notice: Please request AAD access token with appropriate scope value.

+You can send indicators by calling our Upload Indicators API. For more information about the API, click [here](/azure/sentinel/upload-indicators-api).

+```http

+HTTP method: POST

+Endpoint: https://sentinelus.azure-api.net/workspaces/[WorkspaceID]/threatintelligenceindicators:upload?api-version=2022-07-01

+WorkspaceID: the workspace that the indicators are uploaded to.

+Header Value 1: "Authorization" = "Bearer [AAD Access Token from step 1]"

+Header Value 2: "Content-Type" = "application/json"

+

+Body: The body is a JSON object containing an array of indicators in STIX format.'title : 2. Send indicators to Sentinel'

+```

+>* The work for Azure Portal experience for maintenance control with SFMC is currently underway, so customers shouldn't rely just on the portal. Issues with maintenance resources like SFMC cluster appearing as a Virtual Machine resource and not able to search/assign an SFMC cluster from the portal are known.

+Custom image templates in Azure Virtual Desktop enable you to easily create a custom image that you can use when deploying session host virtual machines (VMs). This article helps troubleshoot some issues you could run into.

+- The Agent works on more systems than those listed in the documentation. However, we do not test or provide support for distros that are not on the endorsed list. In particular, FreeBSD is not endorsed. The customer can try FreeBSD 8 and if they run into problems they can open an issue in our [Github repository](https://github.com/Azure/WALinuxAgent) and we may be able to help.

+- Output is limited to the last 4,096 bytes.

+ "type":"ManagedImage",

+ type:'ManagedImage'

+- **type** ΓÇô ManagedImage

+* [Migrate Azure Virtual Machines between Storage Accounts](https://azure.microsoft.com/blog/migrate-azure-virtual-machines-between-storage-accounts/)

+[15]:./media/migrate-to-premium-storage-using-azure-site-recovery/migrate-to-premium-storage-using-azure-site-recovery-14.png

+| Reserved IPs |Public IP address with static allocation method |Reserved IPs associated with the load balancer are migrated, along with the migration of the cloud service or the virtual machine. Unassociated reserved IPs can be migrated using [Move-AzureReservedIP](/powershell/module/servicemanagement/azure/move-azurereservedip). |

+| NSGs |NSGs |Network security groups associated with a virtual machine or subnet are cloned as part of the migration to the Resource Manager deployment model. The NSG in the classic deployment model is not removed during the migration. However, the management-plane operations for the NSG are blocked when the migration is in progress. Unassociated NSGs can be migrated using [Move-AzureNetworkSecurityGroup](/powershell/module/servicemanagement/azure/move-azurenetworksecuritygroup).|

+| UDRs |UDRs |User-defined routes associated with a subnet are cloned as part of the migration to the Resource Manager deployment model. The UDR in the classic deployment model is not removed during the migration. The management-plane operations for the UDR are blocked when the migration is in progress. Unassociated UDRs can be migrated using [Move-AzureRouteTable](/powershell/module/servicemanagement/azure/Move-AzureRouteTable). |

+| [Memory optimized](sizes-memory.md) |Dsv2-series, Esv3-series, Ev4-series, Esv4-series, Edv4-series, Edsv4-series, Eav4-series, Easv4-series, Easv5-series, Eadsv5-series, Ebsv5-series, Edv5-series, Edsv5-series, Ebdsv5-series | Epsv5-series, Epdsv5-series, M-series, Msv2-series and Mdsv2 Medium Memory series, Mv2-series

+| [High Performance Compute](sizes-hpc.md) |HB-series, HBv2-series, HBv3-series, HC-series, HBv4-series, HX-series | All sizes supported.

+* [Migrate Azure Virtual Machines between Storage Accounts](https://azure.microsoft.com/blog/migrate-azure-virtual-machines-between-storage-accounts/)

+[15]:./media/migrate-to-premium-storage-using-azure-site-recovery/migrate-to-premium-storage-using-azure-site-recovery-14.png