- <OutputClaim ClaimTypeReferenceId="last_name" PartnerClaimType="givenName" />

- <OutputClaim ClaimTypeReferenceId="first_name" PartnerClaimType="surname" />

-> Users don't have the option to register their mobile app when they enable SSPR. Instead, users can register their mobile app at [https://aka.ms/mfasetup](https://aka.ms/mfasetup) or as part of the combined security info registration at [https://aka.ms/setupsecurityinfo](https://aka.ms/setupsecurityinfo).

-# Conditional Access: Cloud apps, actions, and authentication context

-Cloud apps, actions, and authentication context are key signals in a Conditional Access policy. Conditional Access policies allow administrators to assign controls to specific applications, actions, or authentication context.

-When configuring location as a condition, organizations can choose to include or exclude locations. These named locations may include the public IPv4 or IPv6 network information, country or region, or even unknown areas that don't map to specific countries or regions. Only IP ranges can be marked as a trusted location.

-For example, some organizations may choose to not require multifactor authentication when their users are connected to the network in a trusted location such as their physical headquarters. Administrators could create a policy that includes any location but excludes the selected locations for their headquarters networks.

-More information about locations can be found in the article, [What is the location condition in Azure Active Directory Conditional Access](location-condition.md).

-Location data is provided by IP geolocation data. Administrators can choose to define locations and choose to mark some as trusted like those for their organization's network locations.

-### Define locations

-Once you've configured all the permissions your app needs, it must get admin consent [admin consent](../manage-apps/grant-admin-consent.md) for it to access the resources. For example, only users with the global admin role can grant app-only permissions (app roles) for the Microsoft Graph API. Users with other admin roles, like application admin and cloud app admin, are able to grant app-only permissions for other resources.

-> This feature [!INCLUDE [PREVIEW BOILERPLATE](../../../includes/active-directory-develop-preview.md)]

-1. **Application developers** write a single-account app (multiple-account apps aren't supported in shared device mode) to handle the following scenario:

-> Shared device mode for iOS [!INCLUDE [PREVIEW BOILERPLATE](../../../includes/active-directory-develop-preview.md)]

-

-

-

-

-

-Before moving the Azure AD Connect V2.0, you should consider moving to cloud sync. You can see if cloud sync is right for you, by accessing the [Check sync tool](https://aka.ms/M365Wizard) from the portal or via the link provided.

- - The user must have registered for Azure AD Multi-Factor Authentication.

- - The user must have registered for Azure AD Multi-Factor Authentication.

-1. On the **Basic SAML Configuration** section, if you have **Service Provider metadata file**, perform the following steps:

- a. Click **Upload metadata file**.

- 

- b. Click on **folder logo** to select the metadata file and click **Upload**.

- 

- c. After the metadata file is successfully uploaded, the **Identifier** and **Reply URL** values get auto populated in **Basic SAML Configuration** section.

- > [!NOTE]

- > You will get the **Service Provider metadata file** from the **Configure Informatica Intelligent Data Management Cloud SSO** section, which is explained later in the tutorial. If the **Identifier** and **Reply URL** values do not get auto populated, then fill in the values manually according to your requirement.

- `https://<INFORMATICA_CLOUD_REGION>.informaticacloud.com/ma/sso/<INFORMATICA_CLOUD_ORG_ID>`

- > This value is not real. Update this value with the actual Sign on URL. Contact [Informatica Intelligent Data Management Cloud support team](mailto:support@informatica.com) to get the value. You can also refer to the patterns shown in the **Basic SAML Configuration** section in the Azure portal.

- 1. **Download Service Provider Metadata** xml file and upload in the **Basic SAML Configuration** section in the Azure portal.

-description: Learn how to configure single sign-on between Azure Active Directory and OpenText Directory Services.

-# Tutorial: Azure Active Directory single sign-on (SSO) integration with OpenText Directory Services

-In this tutorial, you'll learn how to integrate OpenText Directory Services with Azure Active Directory (Azure AD). When you integrate OpenText Directory Services with Azure AD, you can:

-* Control in Azure AD who has access to OpenText Directory Services.

-* Enable your users to be automatically signed-in to OpenText Directory Services with their Azure AD accounts.

-* Manage your accounts in one central location - the Azure portal.

-## Prerequisites

-To get started, you need the following items:

-* An Azure AD subscription. If you don't have a subscription, you can get a [free account](https://azure.microsoft.com/free/).

-* OpenText Directory Services single sign-on (SSO) enabled subscription.

-## Scenario description

-In this tutorial, you configure and test Azure AD SSO in a test environment.

-* OpenText Directory Services supports **SP and IDP** initiated SSO.

-* OpenText Directory Services supports **Just In Time** user provisioning.

-* OpenText Directory Services supports [Automated user provisioning](open-text-directory-services-provisioning-tutorial.md).

-## Add OpenText Directory Services from the gallery

-To configure the integration of OpenText Directory Services into Azure AD, you need to add OpenText Directory Services from the gallery to your list of managed SaaS apps.

-1. Sign in to the Azure portal using either a work or school account, or a personal Microsoft account.

-1. On the left navigation pane, select the **Azure Active Directory** service.

-1. Navigate to **Enterprise Applications** and then select **All Applications**.

-1. To add new application, select **New application**.

-1. In the **Add from the gallery** section, type **OpenText Directory Services** in the search box.

-1. Select **OpenText Directory Services** from results panel and then add the app. Wait a few seconds while the app is added to your tenant.

- Alternatively, you can also use the [Enterprise App Configuration Wizard](https://portal.office.com/AdminPortal/home?Q=Docs#/azureadappintegration). In this wizard, you can add an application to your tenant, add users/groups to the app, assign roles, as well as walk through the SSO configuration as well. [Learn more about Microsoft 365 wizards.](/microsoft-365/admin/misc/azure-ad-setup-guides)

-## Configure and test Azure AD SSO for OpenText Directory Services

-Configure and test Azure AD SSO with OpenText Directory Services using a test user called **B.Simon**. For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in OpenText Directory Services.

-To configure and test Azure AD SSO with OpenText Directory Services, perform the following steps:

-1. **[Configure Azure AD SSO](#configure-azure-ad-sso)** - to enable your users to use this feature.

- 1. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon.

- 1. **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable B.Simon to use Azure AD single sign-on.

-1. **[Configure OpenText Directory Services SSO](#configure-opentext-directory-services-sso)** - to configure the single sign-on settings on application side.

- 1. **[Create OpenText Directory Services test user](#create-opentext-directory-services-test-user)** - to have a counterpart of B.Simon in OpenText Directory Services that is linked to the Azure AD representation of user.

-1. **[Test SSO](#test-sso)** - to verify whether the configuration works.

-## Configure Azure AD SSO

-Follow these steps to enable Azure AD SSO in the Azure portal.

-1. In the Azure portal, on the **OpenText Directory Services** application integration page, find the **Manage** section and select **single sign-on**.

-1. On the **Select a single sign-on method** page, select **SAML**.

-1. On the **Set up single sign-on with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.

- 

-1. On the **Basic SAML Configuration** section, if you wish to configure the application in **IDP** initiated mode, enter the values for the following fields:

- a. In the **Identifier** text box, type a URL using one of the following patterns:

- | Identifier |

- ||

- | `https://<HOSTNAME.DOMAIN.com>/otdsws/login` |

- | `https://<HOSTNAME.DOMAIN.com>/<OTDS_TENANT>/<TENANTID>/otdsws/login` |

- | `https://<HOSTNAME.DOMAIN.com>/otdsws/<OTDS_TENANT>/<TENANTID>/login` |

- | `https://<HOSTNAME.DOMAIN.com>/<OTDS_TENANT>/<TENANTID>/login` |

- |

- b. In the **Reply URL** text box, type a URL using one of the following patterns:

- | Reply URL |

- ||

- | `https://<HOSTNAME.DOMAIN.com>/otdsws/login` |

- | `https://<HOSTNAME.DOMAIN.com>/<OTDS_TENANT>/<TENANTID>/otdsws/login` |

- | `https://<HOSTNAME.DOMAIN.com>/otdsws/<OTDS_TENANT>/<TENANTID>/login` |

- | `https://<HOSTNAME.DOMAIN.com>/<OTDS_TENANT>/<TENANTID>/login` |

- |

-1. Click **Set additional URLs** and perform the following step if you wish to configure the application in **SP** initiated mode:

- In the **Sign-on URL** text box, type a URL using one of the following patterns:

-

- | Sign-on URL |

- ||

- | `https://<HOSTNAME.DOMAIN.com>/otdsws/login` |

- | `https://<HOSTNAME.DOMAIN.com>/<OTDS_TENANT>/<TENANTID>/otdsws/login` |

- | `https://<HOSTNAME.DOMAIN.com>/otdsws/<OTDS_TENANT>/<TENANTID>/login` |

- | `https://<HOSTNAME.DOMAIN.com>/<OTDS_TENANT>/<TENANTID>/login` |

- |

- > [!NOTE]

- > These values are not real. Update these values with the actual Identifier, Reply URL and Sign-on URL. Contact [OpenText Directory Services Client support team](mailto:support@opentext.com) to get these values. You can also refer to the patterns shown in the **Basic SAML Configuration** section in the Azure portal.

-1. On the **Set up single sign-on with SAML** page, In the **SAML Signing Certificate** section, click copy button to copy **App Federation Metadata Url** and save it on your computer.

- 

-### Create an Azure AD test user

-In this section, you'll create a test user in the Azure portal called B.Simon.

-1. From the left pane in the Azure portal, select **Azure Active Directory**, select **Users**, and then select **All users**.

-1. Select **New user** at the top of the screen.

-1. In the **User** properties, follow these steps:

- 1. In the **Name** field, enter `B.Simon`.

- 1. In the **User name** field, enter the username@companydomain.extension. For example, `B.Simon@contoso.com`.

- 1. Select the **Show password** check box, and then write down the value that's displayed in the **Password** box.

- 1. Click **Create**.

-### Assign the Azure AD test user

-In this section, you'll enable B.Simon to use Azure single sign-on by granting access to OpenText Directory Services.

-1. In the Azure portal, select **Enterprise Applications**, and then select **All applications**.

-1. In the applications list, select **OpenText Directory Services**.

-1. In the app's overview page, find the **Manage** section and select **Users and groups**.

-1. Select **Add user**, then select **Users and groups** in the **Add Assignment** dialog.

-1. In the **Users and groups** dialog, select **B.Simon** from the Users list, then click the **Select** button at the bottom of the screen.

-1. If you are expecting a role to be assigned to the users, you can select it from the **Select a role** dropdown. If no role has been set up for this app, you see "Default Access" role selected.

-1. In the **Add Assignment** dialog, click the **Assign** button.

-## Configure OpenText Directory Services SSO

-To configure single sign-on on **OpenText Directory Services** side, you need to send the **App Federation Metadata Url** to [OpenText Directory Services support team](mailto:support@opentext.com). They set this setting to have the SAML SSO connection set properly on both sides.

-### Create OpenText Directory Services test user

-In this section, a user called B.Simon is created in OpenText Directory Services. OpenText Directory Services supports just-in-time user provisioning, which is enabled by default. There is no action item for you in this section. If a user doesn't already exist in OpenText Directory Services, a new one is created after authentication.

-> [!NOTE]

-> OpenText Directory Services also supports automatic user provisioning, you can find more details [here](./open-text-directory-services-provisioning-tutorial.md) on how to configure automatic user provisioning.

-## Test SSO

-In this section, you test your Azure AD single sign-on configuration with following options.

-#### SP initiated:

-* Click on **Test this application** in Azure portal. This will redirect to OpenText Directory Services Sign on URL where you can initiate the login flow.

-* Go to OpenText Directory Services Sign-on URL directly and initiate the login flow from there.

-#### IDP initiated:

-* Click on **Test this application** in Azure portal and you should be automatically signed in to the OpenText Directory Services for which you set up the SSO.

-You can also use Microsoft My Apps to test the application in any mode. When you click the OpenText Directory Services tile in the My Apps, if configured in SP mode you would be redirected to the application sign on page for initiating the login flow and if configured in IDP mode, you should be automatically signed in to the OpenText Directory Services for which you set up the SSO. For more information about the My Apps, see [Introduction to the My Apps](https://support.microsoft.com/account-billing/sign-in-and-start-apps-from-the-my-apps-portal-2f3b1bae-0e5a-4a86-a33e-876fbd2a4510).

-## Next steps

-Once you configure OpenText Directory Services you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Defender for Cloud Apps](/cloud-app-security/proxy-deployment-any-app).

-## Limitations

-* Existing AKS private clusters can't be converted to API Server VNet Integration clusters.

-When using bring-your-own VNet, you must create and delegate an API server subnet to `Microsoft.ContainerService/managedClusters`, which grants the AKS service permissions to inject the API server pods and internal load balancer into that subnet. You can't use the subnet for any other workloads, but you can use it for multiple AKS clusters located in the same virtual network. An AKS cluster requires *two to seven* IP addresses depending on cluster scale. The minimum supported API server subnet size is a */28*.

-> Running out of IP addresses may prevent API server scaling and cause an API server outage.

-You can convert existing public AKS clusters to API Server VNet Integration clusters by supplying an API server subnet that meets the requirements listed earlier. These requirements include: in the same VNet as the cluster nodes, permissions granted for the AKS cluster identity, and size of at least */28*. Converting your cluster is a one-way migration. Clusters can't have API Server VNet Integration disabled after it's been enabled.

- namespace: SERVICE_ACCOUNT_NAMESPACE

- serviceAccountName: workload-identity-sa

-<forward-request timeout="time in seconds" follow-redirects="false | true" buffer-request-body="false | true" buffer-response="true | false" fail-on-error-status-code="false | true"/>

-New-AzAttestation -Name $attestationProvider -ResourceGroupName $attestationResourceGroup -Location $location

-New-AzAttestation -Name $attestationProvider -ResourceGroupName $attestationResourceGroup -Location $location -PolicySignersCertificateFile "C:\test\policySignersCertificates.pem"

-Get-AzAttestation -Name $attestationProvider -ResourceGroupName $attestationResourceGroup

-Remove-AzAttestation -Name $attestationProvider -ResourceGroupName $attestationResourceGroup

-> The new programming models for authoring Functions in Python (V2) and Node.js (V4) are currently in preview. Compared to the current models, the new experiences are designed to be more flexible and intuitive for Python and JavaScript/TypeScript developers. Learn more about the differences between the models in the [Python developer guide](../functions-reference-python.md?pivots=python-mode-decorators) and [Node.js upgrade guide](../functions-node-upgrade-v4.md).

-> [!NOTE]

-> The new programming model for authoring Functions in Python (V2) is currently in preview. Compared to the current model, the new experience is designed to be more idiomatic and intuitive for Python programmers. To learn more, see Azure Functions Python [developer guide](../functions-reference-python.md?pivots=python-mode-decorators).

-The following application setting is required to run the v2 programming model while it is in preview:

-If using [Azure Active Directory (Azure AD) authentication] or [Shared Access Signature (SAS) Token authentication] (preview), access to Azure Maps REST APIs is authorized using [role-based access control (RBAC)]. RBAC enables you to control what access is given to the issued tokens. You should consider how long access should be granted for the tokens. Unlike Shared Key authentication, the lifetime of these tokens is configurable.

-| : | :- |

-| Azure Maps Data Reader | Provides access to immutable Azure Maps REST APIs. |

-| Azure Maps Data Contributor | Provides access to mutable Azure Maps REST APIs. Mutability, defined by the actions: write and delete. |

-| Custom Role Definition | Create a crafted role to enable flexible restricted access to Azure Maps REST APIs. |

-Shared Access Signature token authentication is in preview.

-For information on limiting what regions a SAS token can use in see [Authentication with Azure Maps]

-# Secure an Azure Maps account with a SAS token (preview)

- "apiVersion": "2021-12-01-preview",

- "value": "[listSas(variables('accountId'), '2021-12-01-preview', variables('sasParameters')).accountSasToken]"

- * Enter `1.0.0-pre.1` into the **Dependency Rule** version field.

-| June 2023| **Windows** <ul><li>Add new file path column to custom logs table</li><li>Config setting to disable custom IMDS endpoint in Tenant.json file</li><li>Support DCR settings for DiskQuotaInMB</li><li>FluentBit binaries signed with Microsoft customer Code Sign cert</li><li>Minimize number of retries on calls to refresh tokens</li><li>Don't overwrite resource ID with empty string</li><li>AzSecPack updated to version 4.27</li><li>AzureProfiler and AzurePerfCollector updated to version 1.0.0.990</li><li>MetricsExtension updated to version 2.2023.513.10</li><li>Troubleshooter updated to version 1.5.0</li></ul>**Linux** <ul><li>Add the forwarder/collector's identifier (hostname)</li><li>Link OpenSSL dynamically</li><li>Support Arc-Enabled Servers proxy configuration file</li><li>**Fixes**<ul><li>Allow uploads soon after AMA start up</li><li>Run LocalSink GC on a dedicated thread to avoid thread pool scheduling issues</li><li>Fix upgrade restart of disabled services</li><li>Handle Linux Hardening where sudo on root is blocked</li><li>CEF processing fixes for noncomliant RFC 5424 logs</li><li>ASA tenant can fail to start up due to config-cache directory permissions</li><li>Fix auth proxy in AMA</li></ul></li></ul>|1.17.0 |1.27.0|

-This step grants the ability to create and link a monitored object to a user.

-| principalId | Provide the `Object Id` of the identity of the user to which the role needs to be assigned. It may be the user who elevated at the beginning of step 1, or another user who will perform later steps. |

-This article shows you how to create and manage action groups. Depending on your requirements, you can configure various alerts to use the same action group or different action groups.

-Each action is made up of the following properties:

-The **Alerts** page summarizes all alert instances in all your Azure resources generated in the last 30 days. You can see all types of alerts from multiple subscriptions in a single pane. You can search for a specific alert and manage alert instances.

-There are a few ways to get to the **Alerts** page:

-Alert context (payload) | The rule applies only to alerts that contain any of the filter's strings within the [alert context](./alerts-common-schema.md) section of the alert. This section includes fields specific to each alert type. This filter does not apply to log alert search results. |

-You must create a resource in Application Insights for each application that you're going to monitor. Log data collected by Application Insights is stored in Azure Monitor Logs for a workspace-based application. Log data for classic applications is stored separately from your Log Analytics workspace as described in [Data structure](logs/log-analytics-workspace-overview.md#data-structure).

- When you create the application, you must select whether to use classic or workspace based. See [Create an Application Insights resource](/previous-versions/azure/azure-monitor/app/create-new-resource) to create a classic application.

-See [Workspace-based Application Insights resources (preview)](app/create-workspace-resource.md) to create a workspace-based application.

- A fundamental design decision is whether to use separate or a single application resource for multiple applications. Separate resources can save costs and prevent mixing data from different applications, but a single resource can simplify your monitoring by keeping all relevant telemetry together. See [How many Application Insights resources should I deploy](app/separate-resources.md) for criteria to help you make this design decision.

-> [!NOTE]

-> Billing of queries on Basic Logs is not yet enabled. You can query Basic Logs for free until early 2023.

-# Tutorial: Ingest events from Azure Event Hubs into Azure Monitor Logs

-The charge for maintaining restored logs is calculated based on the volume of data you restore, in GB, and the number or days for which you restore the data. Charges are prorated and subject to the minimum restore duration and data volume. There is no charge for querying against restored logs.

-For example, if your table holds 500 GB a day and you restore 10 days of data, you'll be charged for 5000 GB a day until you dismiss the restored data.

-> Billing of restore is not yet enabled. You can restore logs for free until early 2023.

-For more information, see [Azure Monitor pricing](https://azure.microsoft.com/pricing/details/monitor/).

-For example, if your table holds 500 GB per day, for a query on three days, you'll be charged for 1500 GB of scanned data. If the job returns 1000 records, you'll be charged for ingesting these 1000 records into the results table.

-> [!NOTE]

-> Search job execution is free until early 2023. In other words, until early 2023, you will only incur charges for ingesting the search results, not for executing the search job.

-Bicep provides a function called `readEnvironmentVariable()` that allows you to retrieve values from environment variables. It also offers the flexibility to set a default value if the environment variable does not exist. This function can only be using in the `.bicepparam` files. For more information, see [Bicep parameters file](./parameter-files.md).

->- The support for HSR + Database scenario is currently not available because there is a restriction to have VM and Vault in the same region.

-The steps in the following sections help you connect to a Linux VM from a Linux native client using the **az network bastion** command. This extension can be installed by running, `az extension add --name ssh`.

-Azure OpenAI can be used to solve a large number of natural language tasks through prompting the completion API. To make it easier to scale your prompting workflows from a few examples to large datasets of examples, we have integrated the Azure OpenAI service with the distributed machine learning library [SynapseML](https://www.microsoft.com/research/blog/synapseml-a-simple-multilingual-and-massively-parallel-machine-learning-library/). This integration makes it easy to use the [Apache Spark](https://spark.apache.org/) distributed computing framework to process millions of prompts with the OpenAI service. This tutorial shows how to apply large language models at a distributed scale using Azure Open AI and Azure Synapse Analytics.

-<!-- ## Find different types of errors

-API will return the error messages when data validation failed or unable to submit the survey.

-# Handle incoming or inbound HTTPS requests sent to workflows in Azure Logic Apps

-To run your logic app workflow after receiving an HTTPS request from another service, you can start your workflow with the Request built-in trigger. Your workflow can then respond to the HTTPS request by using Response built-in action.

-The following list describes some example tasks that your workflow can perform when you use the Request trigger and Response action:

-* Receive and respond to an HTTPS request from another logic app workflow.

-If you're new to Azure Logic Apps, see the following documentation:

-* [What is Azure Logic Apps](../logic-apps/logic-apps-overview.md)

-* [Quickstart: Create a Consumption logic app workflow in multi-tenant Azure Logic Apps](../logic-apps/quickstart-create-example-consumption-workflow.md)

-* [Create a Standard logic app workflow in single-tenant Azure Logic Apps](../logic-apps/create-single-tenant-workflows-azure-portal.md)

-The Request trigger creates a manually callable endpoint that can handle *only* inbound requests over HTTPS. When the calling service sends a request to this endpoint, the Request trigger fires and runs the logic app workflow. For information about how to call this trigger, review [Call, trigger, or nest workflows with HTTPS endpoints in Azure Logic Apps](../logic-apps/logic-apps-http-endpoint.md).

-1. In the [Azure portal](https://portal.azure.com), open your blank logic app workflow in the designer.

-1. On the designer, under the search box, select **Built-in**. In the search box, enter **http request**. From the triggers list, select the trigger named **When a HTTP request is received**.

- 

- The HTTP request trigger information box appears on the designer.

- 

-1. In the trigger information box, provide the following values as necessary:

- |||||

-

- |||||

-1. In the [Azure portal](https://portal.azure.com), open your blank logic app workflow in the designer.

-1. On the designer, select **Choose an operation**. On the pane that appears, under the search box, select **Built-in**.

-1. In the search box, enter **http request**. From the triggers list, select the trigger named **When a HTTP request is received**.

- 

- The HTTP request trigger information box appears on the designer.

- 

-1. In the trigger information box, provide the following values as necessary:

- |||||

-

- 1. In the Request trigger's title bar, select the ellipses button (**...**).

- 1. In the trigger's settings, turn on **Schema Validation**, and select **Done**.

-1. To add other properties or parameters to the trigger, open the **Add new parameter** list, and select the parameters that you want to add.

- |||||

-| `headers` | Object | A JSON object that describes the headers from the request |

-| `body` | Object | A JSON object that describes the body content from the request |

-||||

-1. On the workflow designer, under the step where you want to add the Response action, select **New step**.

- Or, to add an action between steps, move your pointer over the arrow between those steps. Select the plus sign (**+**) that appears, and then select **Add an action**.

- The following example adds the Response action after the Request trigger from the preceding section:

- 

-1. On the designer, under the **Choose an operation** search box, select **Built-in**. In the search box, enter **response**. From the actions list, select the **Response** action.

- 

-1. In the Response action information box, add the required values for the response message.

- In some fields, clicking inside their boxes opens the dynamic content list. You can then select tokens that represent available outputs from previous steps in the workflow. Properties from the schema specified in the earlier example now appear in the dynamic content list.

- For example, for the **Headers** box, include **Content-Type** as the key name, and set the key value to **application/json** as mentioned earlier in this article. For the **Body** box, you can select the trigger body output from the dynamic content list.

- The following table has more information about the properties that you can set in the Response action.

- | Property name | JSON property name | Required | Description |

- ||--|-|-|

- | **Status Code** | `statusCode` | Yes | The status code to return in the response |

- | **Headers** | `headers` | No | A JSON object that describes one or more headers to include in the response |

- | **Body** | `body` | No | The response body |

- |||||

-1. To add more properties for the action, such as a JSON schema for the response body, open the **Add new parameter** list, and select the parameters that you want to add.

-1. On the workflow designer, under the step where you want to add the Response action, select plus sign (**+**), and then select **Add new action**.

- Or, to add an action between steps, move your pointer over the arrow between those steps. Select the plus sign (**+**) that appears, and then select **Add an action**.

- The following example adds the Response action after the Request trigger from the preceding section:

- 

-1. On the designer, under the **Choose an operation** search box, select **Built-in**. In the search box, enter **response**. From the actions list, select the **Response** action.

- 

-1. In the Response action information box, add the required values for the response message.

- In some fields, clicking inside their boxes opens the dynamic content list. You can then select tokens that represent available outputs from previous steps in the workflow. Properties from the schema specified in the earlier example now appear in the dynamic content list.

- For example, for the **Headers** box, include **Content-Type** as the key name, and set the key value to **application/json** as mentioned earlier in this article. For the **Body** box, you can select the trigger body output from the dynamic content list.

- The following table has more information about the properties that you can set in the Response action.

- | Property name | JSON property name | Required | Description |

- ||--|-|-|

- | **Status Code** | `statusCode` | Yes | The status code to return in the response |

- | **Headers** | `headers` | No | A JSON object that describes one or more headers to include in the response |

- | **Body** | `body` | No | The response body |

- |||||

- * **Location**: select a location for the resource group. Example: **North Europe**.

-> Azure Cosmos DB Migration for MongoDB extension does not perform an end-to-end assessment. We recommend you to go through [the supported features and syntax](./feature-support-42.md), [Azure Cosmos DB limits and quotas](../concepts-limits.md#per-account-limits) in detail, as well as perform a proof-of-concept prior to the actual migration.

-* General availability: Customer defined database name is now available in [all regions](./resources-regions.md) at [cluster provisioning](./quickstart-create-portal.md) time.

-| Maximum storage per container | Unlimited | 50 GB¹ |

-¹ Serverless containers up to 1 TB are currently in preview with Azure Cosmos DB. To try the new feature, register the *"Azure Cosmos DB Serverless 1 TB Container Preview"* [preview feature in your Azure subscription](../azure-resource-manager/management/preview-features.md).

-description: This guide contains instructions to migrate workloads from an Azure Stack Edge Pro FPGA device to an Azure Stack Edge Pro GPU device.

-# Migrate workloads from an Azure Stack Edge Pro FPGA to an Azure Stack Edge Pro GPU

-This article describes how to migrate workloads and data from an Azure Stack Edge Pro FPGA device to an Azure Stack Edge Pro GPU device. The migration process begins with a comparison of the two devices, a migration plan, and a review of migration considerations. The migration procedure gives detailed steps ending with verification and device cleanup.

-This migration guide provides a step-by-step walkthrough of the steps required to migrate data from an Azure Stack Edge Pro FPGA device to an Azure Stack Edge Pro GPU device. This document is intended for information technology (IT) professionals and knowledge workers who are responsible for operating, deploying, and managing Azure Stack Edge devices in the datacenter.

-In this article, the Azure Stack Edge Pro FPGA device is referred to as the *source* device and the Azure Stack Edge Pro GPU device is the *target* device.

-This section provides a comparative summary of capabilities between the Azure Stack Edge Pro GPU vs. the Azure Stack Edge Pro FPGA devices. The hardware in both the source and the target device is largely identical; only the hardware acceleration card and the storage capacity may differ.<!--Please verify: These components MAY, but need not necessarily, differ?-->

-| Hardware | Hardware acceleration: 1 or 2 Nvidia T4 GPUs <br> Compute, memory, network interface, power supply unit, and power cord specifications are identical to the device with FPGA. | Hardware acceleration: Intel Arria 10 FPGA <br> Compute, memory, network interface, power supply unit, and power cord specifications are identical to the device with GPU. |

-| Usable storage | 4.19 TB <br> After reserving space for parity resiliency and internal use | 12.5 TB <br> After reserving space for internal use |

-| Pricing | [Pricing](https://azure.microsoft.com/pricing/details/azure-stack/edge/) | [Pricing](https://azure.microsoft.com/pricing/details/azure-stack/edge/)|

-This table summarizes the overall flow for migration, describing the steps required for migration and the location where to take these steps.

-The preparation includes that you identify the Edge cloud shares, Edge local shares, and the IoT Edge modules deployed on the device.

-After the data migration is complete, erase local data and return the source device. Follow the steps in [Return your Azure Stack Edge Pro device](azure-stack-edge-return-device.md).

-1. Navigate to **Microsoft Defender for Cloud** > **Recommendations** > **Attack path**.

- :::image type="content" source="media/how-to-manage-attack-path/attack-path-icon.png" alt-text="Screenshot that shows where the icon is on the recommendations page to get to attack paths." lightbox="media/how-to-manage-attack-path/attack-path-icon.png":::

-1. Navigate to **Microsoft Defender for Cloud** > **Recommendations** > **Attack paths**.

-> For a list of the security recommendations that might appear for Kubernetes clusters and nodes, see the [Container recommendations](recommendations-reference.md#container-recommendations) of the recommendations reference table.

-Microsoft Defender for Cloud includes a bundle of recommendations that are available once you've installed the **Azure Policy add-on for Kubernetes or extensions**.

-When you enable Microsoft Defender for Containers, the "Azure Policy for Kubernetes" setting is enabled by default for the Azure Kubernetes Service, and for Azure Arc-enabled Kubernetes clusters in the relevant subscription. If you disable the setting, you can re-enable it later. Either in the Defender for Containers plan settings, or with  Azure Policy.

-When you enable this setting, the Azure Policy for Kubernetes pods are installed on the cluster. This allocates a small amount of CPU and memory for the pods to use. This allocation might reach maximum capacity, but it doesn't affect the rest of the CPU and memory on the resource.

-To enable Azure Kubernetes Service clusters and Azure Arc enabled Kubernetes clusters (Preview):

-1. Sign in to the [Azure portal](https://portal.azure.com).

-1. Navigate to **Microsoft Defender for Cloud** > **Environment settings**.

-1. Select the relevant subscription.

-1. On the Defender plans page, ensure that Containers is toggled to **On**.

-1. Select **Configure**.

- :::image type="content" source="media/kubernetes-workload-protections/configure-containers.png" alt-text="Screenshot showing where on the defenders plan to go to to select the configure button.":::

-1. On the Advanced configuration page, toggle each relevant component to **On**.

- :::image type="content" source="media/kubernetes-workload-protections/advanced-configuration.png" alt-text="Screenshot showing the toggles used to enable or disable them.":::

-1. Select **Save**.

-## Configure Defender for Containers components

-If you disabled any of the default protections when you enabled Microsoft Defender for Containers, you can change the configurations and reenable them.

-**To configure the Defender for Containers components**:

-1. In the Monitoring coverage column of the Defender for Containers plan, select **Settings**.

-1. Ensure that Microsoft Defenders for Containers components (preview) is toggled to On.

- :::image type="content" source="media/kubernetes-workload-protections/toggled-on.png" alt-text="Screenshot showing that Microsoft Defender for Containers is toggled to on.":::

-1. Select **Edit configuration**.

- :::image type="content" source="media/kubernetes-workload-protections/edit-configuration.png" alt-text="Screenshot showing the edit configuration button.":::

-1. On the Advanced configuration page, toggle each relevant component to **On**.

- :::image type="content" source="media/kubernetes-workload-protections/toggles.png" alt-text="Screenshot showing each option and the toggles to enable or disable them.":::

-1. Select **Confirm**.

-## Deploy the add-on to specified clusters

-You can manually configure the Kubernetes data plane hardening add-on, or extension protection through the Recommendations page. This can be accomplished by remediating the `Azure Policy add-on for Kubernetes should be installed and enabled on your clusters` recommendation, or `Azure policy extension for Kubernetes should be installed and enabled on your clusters`.

-**To Deploy the add-on to specified clusters**:

-1. From the recommendations page, search for the recommendation `Azure Policy add-on for Kubernetes should be installed and enabled on your clusters`, or `Azure policy extension for Kubernetes should be installed and enabled on your clusters`.

- :::image type="content" source="./media/defender-for-kubernetes-usage/recommendation-to-install-policy-add-on-for-kubernetes.png" alt-text="Recommendation **Azure Policy add-on for Kubernetes should be installed and enabled on your clusters**.":::

-1. Select the relevant cluster, and **Remediate**.

- :::image type="content" source="./media/defender-for-kubernetes-usage/recommendation-to-install-policy-add-on-for-kubernetes-details.png" alt-text="Recommendation details page for Azure Policy add-on for Kubernetes should be installed and enabled on your clusters.":::

-1. Approximately 30 minutes after the add-on installation completes, Defender for Cloud shows the clustersΓÇÖ health status for the following recommendations, each in the relevant security control as shown:

- > [!NOTE]

- > If you're installing the add-on for the first time, these recommendations will appear as new additions in the list of recommendations.

- > [!TIP]

- > Some recommendations have parameters that must be customized via Azure Policy to use them effectively. For example, to benefit from the recommendation **Container images should be deployed only from trusted registries**, you'll have to define your trusted registries.

- >

- > If you don't enter the necessary parameters for the recommendations that require configuration, your workloads will be shown as unhealthy.

- | Recommendation name | Security control | Configuration required |

- |--|||

- | Container CPU and memory limits should be enforced | Protect applications against DDoS attack | **Yes** |

- | Container images should be deployed only from trusted registries | Remediate vulnerabilities | **Yes** |

- | Least privileged Linux capabilities should be enforced for containers | Manage access and permissions | **Yes** |

- | Containers should only use allowed AppArmor profiles | Remediate security configurations | **Yes** |

- | Services should listen on allowed ports only | Restrict unauthorized network access | **Yes** |

- | Usage of host networking and ports should be restricted | Restrict unauthorized network access | **Yes** |

- | Usage of pod HostPath volume mounts should be restricted to a known list | Manage access and permissions | **Yes** |

- | Container with privilege escalation should be avoided | Manage access and permissions | No |

- | Containers sharing sensitive host namespaces should be avoided | Manage access and permissions | No |

- | Immutable (read-only) root filesystem should be enforced for containers | Manage access and permissions | No |

- | Kubernetes clusters should be accessible only over HTTPS | Encrypt data in transit | No |

- | Kubernetes clusters should disable automounting API credentials | Manage access and permissions | No |

- | Kubernetes clusters should not use the default namespace | Implement security best practices | No |

- | Kubernetes clusters should not grant CAPSYSADMIN security capabilities | Manage access and permissions | No |

- | Privileged containers should be avoided | Manage access and permissions | No |

- | Running containers as root user should be avoided | Manage access and permissions | No |

-For recommendations with parameters that need to be customized, you will need to set the parameters:

- :::image type="content" source="media/kubernetes-workload-protections/containers-parameter-requires-configuration.png" alt-text="Modifying the parameters for one of the recommendations in the Kubernetes data plane hardening protection bundle.":::

- :::image type="content" source="./media/defender-for-kubernetes-usage/enforce-workload-protection-example.png" alt-text="Deny option for Azure Policy parameter.":::

- This will open the pane where you set the scope.

-1. When you've set the scope, select **Change to deny**.

-1. Open Defender for Cloud's [asset inventory](asset-inventory.md) page and use the resource type filter to **Kubernetes services**.

-When viewing a recommendation from the workload protection set, you'll see the number of affected pods ("Kubernetes components") listed alongside the cluster. For a list of the specific pods, select the cluster and then select **Take action**.

-Deploy the example .yaml files as-is, or use them as a reference to remediate your own workload (step VIII).

-For other related material, see the following pages:

- Cosnider using the [provided PowerShell script](powershell-sample-vulnerability-assessment-azure-sql.md) for assistance.

-# View and remediate vulnerability assessment findings for registry images

-Defender for Cloud filters and classifies findings from the scanner and presents them as a list of recommendations.

-First review and remediate vulnerabilities exposed via [attack paths](how-to-manage-attack-path.md), as those findings pose the greatest risk to your security posture; then use the following procedures to view, remediate, prioritize, and monitor vulnerability findings for your containers.

-## View findings of Vulnerability Assessment for Containers

-Vulnerability Assessment for Containers reports vulnerabilities to Defender for Cloud, Defender for Cloud presents the findings and related information as recommendations, including related information such as remediation steps and relevant CVEs. You can view the identified vulnerabilities for one or more subscriptions, or for a specific resource.

- To view the findings, do the following:

-1. Open the **Recommendations** page. If issues were found, you'll see the recommendation [Container registry images should have vulnerability findings resolved (powered by MDVM)](https://portal.azure.com/#blade/Microsoft_Azure_Security/RecommendationsBlade/assessmentKey/c0b7cfc6-3172-465a-b378-53c7ff2cc0d5).

- :::image type="content" source="media/view-and-remediate-vulnerability-assessment-findings/view-container-registry-images-recommendation.png" alt-text="Screenshot showing the recommendation line for container registry images should have vulnerability findings resolved." lightbox="media/view-and-remediate-vulnerability-assessment-findings/view-container-registry-images-recommendation.png":::

-1. Select the recommendation; the recommendation details page opens with additional information. This information includes the list of registries with vulnerable images ("Affected resources") and the remediation steps.

- :::image type="content" source="media/view-and-remediate-vulnerability-assessment-findings/recommendation-details.png" alt-text="Screenshot showing the recommendation details." lightbox="media/view-and-remediate-vulnerability-assessment-findings/recommendation-details.png":::

-1. Select a specific registry to see the repositories in it that have vulnerable images.

- :::image type="content" source="media/view-and-remediate-vulnerability-assessment-findings/select-specific-registry.png" alt-text="Screenshot showing where to select the specific registry." lightbox="media/view-and-remediate-vulnerability-assessment-findings/select-specific-registry.png":::

- The registry details page opens with the list of affected repositories.

-1. Select a specific repository to see the images in it that are vulnerable.

- :::image type="content" source="media/view-and-remediate-vulnerability-assessment-findings/select-specific-repo.png" alt-text="Screenshot showing where to select the specific repository." lightbox="media/view-and-remediate-vulnerability-assessment-findings/select-specific-repo.png":::

- The repository details page opens. It lists the vulnerable images together with an assessment of the severity of the findings.

-1. Select a specific image to see the vulnerabilities.

- :::image type="content" source="media/view-and-remediate-vulnerability-assessment-findings/select-specific-image.png" alt-text="Screenshot showing where to select the specific image." lightbox="media/view-and-remediate-vulnerability-assessment-findings/select-specific-image.png":::

- ΓÇ»

-1. The list of findings for the selected image opens.

- :::image type="content" source="media/view-and-remediate-vulnerability-assessment-findings/list-of-findings-on-image.png" alt-text="Screenshot showing the list of findings on the specific image." lightbox="media/view-and-remediate-vulnerability-assessment-findings/list-of-findings-on-image.png":::

-1. To learn more about a finding, select the finding; the findings details pane opens.

-

- :::image type="content" source="media/view-and-remediate-vulnerability-assessment-findings/image-finding-details.png" alt-text="Screenshot showing the finding details of the image." lightbox="media/view-and-remediate-vulnerability-assessment-findings/image-finding-details.png":::

- This pane includes a detailed description of the issue and links to external resources to help mitigate the threats, and information on the software version that contributes to resolving the vulnerability.

-## Remediate the vulnerability for images in the registry

-1. When you've completed the steps required to remediate the security issue, replace the image in your registry:

-1. Push the updated image to trigger a scan; it may take up to 24 hours for the previous image to be removed from the results, and for the new image to be included in the results.

-1. Check the recommendations page for the recommendation [Container registry images should have vulnerability findings resolved (powered by MDVM)](https://portal.azure.com/#blade/Microsoft_Azure_Security/RecommendationsBlade/assessmentKey/c0b7cfc6-3172-465a-b378-53c7ff2cc0d5).

- If the recommendation still appears and the image you've handled still appears in the list of vulnerable images, check the remediation steps again.

-1. When you're sure the updated image has been pushed, scanned, and is no longer appearing in the recommendation, delete the ΓÇ£oldΓÇ¥ vulnerable image from your registry.

- > [!NOTE]

- > Kubernetes deployments using the vulnerable images must be updated with the new patched images.

-| WhoIs records | All domain names registered to any @contoso.com email address likely also belong to Microsoft |

-Both Visual Studio and Visual Studio Code have add-on extensions to help develop IoT Edge solutions. These extensions provide language-specific templates to help create and deploy new IoT Edge scenarios. The Azure IoT Edge extensions for Visual Studio and Visual Studio Code help you code, build, deploy, and debug your IoT Edge solutions. You can create an entire IoT Edge solution that contains multiple modules, and the extensions automatically update a deployment manifest template with each new module addition. The extensions also enable management of IoT devices from within Visual Studio or Visual Studio Code. You can deploy modules to a device, monitor the status, and view messages as they arrive at IoT Hub. Finally, both extensions use the [IoT EdgeHub dev tool](#iot-edgehub-dev-tool) to enable local running and debugging of modules on your development machine.

-If you prefer to develop with other editors or from the CLI, the Azure IoT Edge dev tool provides commands so that you can develop and test from the command line. You can create new IoT Edge scenarios, build module images, run modules in a simulator, and monitor messages sent to IoT Hub.

-#### Prerequisites

-The module templates for some languages and services have prerequisites that are necessary to build the project folders on your development machine with Visual Studio Code.

-| Module template | Prerequisite |

-| | |

-| Azure Functions | [.NET Core SDK](https://dotnet.microsoft.com/download) |

-| C | [Git](https://git-scm.com/) |

-| C# | [.NET Core SDK](https://dotnet.microsoft.com/download) |

-| Java | <ul><li>[Java SE Development Kit 10](/azure/developer/java/fundamentals/java-support-on-azure) <li> [Set the JAVA_HOME environment variable](https://docs.oracle.com/cd/E19182-01/820-7851/inst_cli_jdk_javahome_t/) <li> [Maven](https://maven.apache.org/)</ul> |

-| Node.js | <ul><li>[Node.js](https://nodejs.org/) <li> [Yeoman](https://www.npmjs.com/package/yo) <li> [Azure IoT Edge Node.js module generator](https://www.npmjs.com/package/generator-azure-iot-edge-module)</ul> |

-| Python |<ul><li> [Python](https://www.python.org/downloads/) <li> [Pip](https://pip.pypa.io/en/stable/installing/#installation) <li> [Git](https://git-scm.com/) </ul> |

-For more information and to download, see [Azure IoT Edge Tools for Visual Studio 2017](https://marketplace.visualstudio.com/items?itemName=vsc-iot.vsiotedgetools) or [Azure IoT Edge Tools for Visual Studio 2019](https://marketplace.visualstudio.com/items?itemName=vsc-iot.vs16iotedgetools).

-### IoT Edge dev tool

-The Azure IoT Edge dev tool simplifies IoT Edge development with command-line abilities. This tool provides CLI commands to develop, debug, and test modules. The IoT Edge dev tool works with your development system, whether you've manually installed the dependencies on your machine or are using the IoT Edge dev container.

-For more information and to get started, see [IoT Edge dev tool wiki](https://github.com/Azure/iotedgedev/wiki).

-The certificate common name **CN = edgegateway.local** is listed at the top of the chain. **edgegateway.local** is the hostname for *EdgeGateway* on the local network (LAN or VNet) where *TempSensor* and *EdgeGateway* are connected. It could be a private IP address such as *192.168.1.23* or a fully-qualified domain name (FQDN) similar to the diagram. The important parts are:

-* *TempSensor's* OS could resolve the hostname to reach *EdgeGateway*

-* The hostname is explicitly configured in *EdgeGateway's* `config.toml` as follows:

- ```toml

- hostname = 'edgegateway.local'

- ```

-The two values must *match exactly*. As in the example, **CN = 'edgegateway.local'** and **hostname = 'edgegateway.local'**.

- <BANK_COUNTRY>US</BANK_COUNTRY>

- <BANK_COUNTRY>US</BANK_COUNTRY>

- <BANK_KEY>123456789</BANK_KEY>

-> - Both serverless Spark compute and attached Synapse Spark pool do not work in a notebook created in a private link enabled workspace.

- [Latest version](https://go.microsoft.com/fwlink/?linkid=2191847) | 7134EF5B61D3560A102DF4814CB91C95E44EAE9677AAF1CC68AE0A04A6DBD613

- [Latest version](https://go.microsoft.com/fwlink/?linkid=2191847) | 7134EF5B61D3560A102DF4814CB91C95E44EAE9677AAF1CC68AE0A04A6DBD613

- [Latest version](https://go.microsoft.com/fwlink/?linkid=2191847) | 7134EF5B61D3560A102DF4814CB91C95E44EAE9677AAF1CC68AE0A04A6DBD613

-VMware | Windows Server 2016, with 32 GB of memory, eight vCPUs, around 80 GB of disk storage.

-Hyper-V | Windows Server 2016, with 16 GB of memory, eight vCPUs, around 80 GB of disk storage.

- [Latest version](https://go.microsoft.com/fwlink/?linkid=2191847) | 7134EF5B61D3560A102DF4814CB91C95E44EAE9677AAF1CC68AE0A04A6DBD613

- [Latest version](https://go.microsoft.com/fwlink/?linkid=2191847) | 7134EF5B61D3560A102DF4814CB91C95E44EAE9677AAF1CC68AE0A04A6DBD613

- [Latest version](https://go.microsoft.com/fwlink/?linkid=2191847) | 7134EF5B61D3560A102DF4814CB91C95E44EAE9677AAF1CC68AE0A04A6DBD613

-In **Download Azure Migrate appliance**, click **Download**. You need to download the PowerShell installer script to deploy the scale-out appliance on an existing server running Windows Server 2016 and with the required hardware configuration (32-GB RAM, 8 vCPUs, around 80 GB of disk storage and internet access, either directly or through a proxy).

-7134EF5B61D3560A102DF4814CB91C95E44EAE9677AAF1CC68AE0A04A6DBD613

- [Latest version](https://go.microsoft.com/fwlink/?linkid=2191847) | 7134EF5B61D3560A102DF4814CB91C95E44EAE9677AAF1CC68AE0A04A6DBD613

-**Supported deployment** | Deploy as new server running on vCenter Server using OVA template.<br><br> Deploy on an existing server running Windows Server 2016 using PowerShell installer script.

-**OVA template** | Download from project or from [here](https://go.microsoft.com/fwlink/?linkid=2140333)<br><br> Download size is 11.9 GB.<br><br> The downloaded appliance template comes with a Windows Server 2016 evaluation license, which is valid for 180 days.<br>If the evaluation period is close to expiry, we recommend that you download and deploy a new appliance using OVA template, or you activate the operating system license of the appliance server.

-**Hardware and network requirements** | The appliance should run on server with Windows Server 2016, 32-GB RAM, 8 vCPUs, around 80 GB of disk storage, and an external virtual switch.<br/> The appliance requires internet access, either directly or through a proxy.<br/><br/> If you deploy the appliance using OVA template, you need enough resources on the vCenter Server to create a server that meets the hardware requirements.<br/><br/> If you run the appliance on an existing server, make sure that it is running Windows Server 2016, and meets hardware requirements.<br/>_(Currently the deployment of appliance is only supported on Windows Server 2016.)_

-**Supported deployment** | Deploy as server running on a Hyper-V host using a VHD template.<br><br> Deploy on an existing server running Windows Server 2016 using PowerShell installer script.

-**VHD template** | Zip file that includes a VHD. Download from project or from [here](https://go.microsoft.com/fwlink/?linkid=2140422).<br><br> Download size is 8.91 GB.<br><br> The downloaded appliance template comes with a Windows Server 2016 evaluation license, which is valid for 180 days. If the evaluation period is close to expiry, we recommend that you download and deploy a new appliance, or that you activate the operating system license of the appliance server.

-**Hardware and network requirements** | The appliance should run on server with Windows Server 2016, 16-GB RAM, 8 vCPUs, around 80 GB of disk storage, and an external virtual switch.<br/> The appliance needs a static or dynamic IP address, and requires internet access, either directly or through a proxy.<br/><br/> If you run the appliance as a server running on a Hyper-V host, you need enough resources on the host to create a server that meets the hardware requirements.<br/><br/> If you run the appliance on an existing server, make sure that it is running Windows Server 2016, and meets hardware requirements.<br/>_(Currently the deployment of appliance is only supported on Windows Server 2016.)_

-**Supported deployment** | Deploy on an existing server running Windows Server 2016 using PowerShell installer script.

-**Hardware and network requirements** | The appliance should run on server with Windows Server 2016, 16-GB RAM, 8 vCPUs, around 80 GB of disk storage.<br/> The appliance needs a static or dynamic IP address, and requires internet access, either directly or through a proxy.<br/><br/> If you run the appliance on an existing server, make sure that it is running Windows Server 2016, and meets hardware requirements.<br/>_(Currently the deployment of appliance is only supported on Windows Server 2016.)_

-When you set up the replication appliance using the OVA template provided in the Azure Migrate hub, the appliance runs Windows Server 2016 and complies with the support requirements. If you set up the replication appliance manually on a physical server, then make sure that it complies with the requirements.

-Operating system | Windows Server 2016 or Windows Server 2012 R2

-License | The appliance comes with a Windows Server 2016 evaluation license, which is valid for 180 days. <br>If the evaluation period is close to expiry, we recommend that you download and deploy a new appliance, or that you activate the operating system license of the appliance VM.

-| **Host operating system** | Windows Server 2022, Windows Server 2019, Windows Server 2016, or Windows Server 2012 R2 with latest updates. Note that Server core installation of these operating systems is also supported. |

-| **Hyper-V host** | The Hyper-V host can be standalone or deployed in a cluster.<br/><br/> The Hyper-V host can run Windows Server 2019, Windows Server 2016, or Windows Server 2012 R2. Server core installations of these operating systems are also supported. <br/>You can't assess servers located on Hyper-V hosts running Windows Server 2012.

-If you set up the replication appliance manually, then make sure that it complies with the requirements summarized in the table. When you set up the Azure Migrate replication appliance as an VMware VM using the OVA template provided in the Azure Migrate hub, the appliance is set up with Windows Server 2016, and complies with the support requirements.

-When you set up the replication appliance using the OVA template provided in the Azure Migrate hub, the appliance runs Windows Server 2016 and complies with the support requirements. If you set up the replication appliance manually on a physical server, then make sure that it complies with the requirements.

-**Windows servers** | Windows Server 2019<br />Windows Server 2016<br /> Windows Server 2012 R2<br /> Windows Server 2012<br /> Windows Server 2008 R2 (64-bit)<br />Microsoft Windows Server 2008 (32-bit)

-|| OS license availability | Checks if the evaluation license on the appliance server created from OVA/VHD is still valid. *The Windows Server 2016 evaluation license is valid for 180 days.*

- Physical (85 MB) | [Latest version](https://go.microsoft.com/fwlink/?linkid=2191847) | 7134EF5B61D3560A102DF4814CB91C95E44EAE9677AAF1CC68AE0A04A6DBD613

- Physical (85 MB) | [Latest version](https://go.microsoft.com/fwlink/?linkid=2191847) | 7134EF5B61D3560A102DF4814CB91C95E44EAE9677AAF1CC68AE0A04A6DBD613

- Physical (85 MB) | [Latest version](https://go.microsoft.com/fwlink/?linkid=2191847) | 7134EF5B61D3560A102DF4814CB91C95E44EAE9677AAF1CC68AE0A04A6DBD613

- Physical (85 MB) | [Latest version](https://go.microsoft.com/fwlink/?linkid=2191847) | 7134EF5B61D3560A102DF4814CB91C95E44EAE9677AAF1CC68AE0A04A6DBD613

- Hyper-V (85.8 MB) | [Latest version](https://go.microsoft.com/fwlink/?linkid=2191847) | 7134EF5B61D3560A102DF4814CB91C95E44EAE9677AAF1CC68AE0A04A6DBD613

- [Latest version](https://go.microsoft.com/fwlink/?linkid=2191847) | 7134EF5B61D3560A102DF4814CB91C95E44EAE9677AAF1CC68AE0A04A6DBD613

- VMware (85.8 MB) | [Latest version](https://go.microsoft.com/fwlink/?linkid=2191847) | 7134EF5B61D3560A102DF4814CB91C95E44EAE9677AAF1CC68AE0A04A6DBD613

-For help with troubleshooting, see [Troubleshooting Apache Kafka for Confluent Cloud solutions](troubleshoot.md).

-# QuickStart: Get started with Apache Kafka for Confluent Cloud - Azure portal

-In this quickstart, you'll use the Azure portal to create an instance of Apache Kafka for Confluent Cloud.

-Use the Azure portal to find the Apache Kafka for Confluent Cloud application.

- | **Region** | From the drop-down menu, select one of these regions: <br/><br/> Australia East, Canada Central, Central US, East US, East US 2, France Central, North Europe, Southeast Asia, UK South, West Central US, West Europe, West US 2 |

-> [!div class="nextstepaction"]

-> [Manage the Confluent Cloud resource](manage.md)

-For help with troubleshooting, see [Troubleshooting Apache Kafka for Confluent Cloud solutions](troubleshoot.md).

-For help with troubleshooting, see [Troubleshooting Apache Kafka for Confluent Cloud solutions](troubleshoot.md).

-If you need to contact support, see [Get support for Confluent Cloud resource](get-support.md).

-# What is Apache Kafka for Confluent Cloud?

-Apache Kafka for Confluent Cloud is an Azure Marketplace offering that provides Apache Kafka as a service. It's fully managed so you can focus on building your applications rather than managing the clusters.

-To create an instance of Apache Kafka for Confluent Cloud, see [QuickStart: Get started with Confluent Cloud on Azure](create.md).

-# Troubleshooting Apache Kafka for Confluent Cloud solutions

-This document contains information about troubleshooting your solutions that use Apache Kafka for Confluent Cloud.

-Learn about [managing your instance](manage.md) of Apache Kafka for Confluent Cloud.

-You can find Azure Native Dynatrace Service in the [Azure Portal](https://aka.ms/partners/Dynatrace/portal) or get it on [Azure Marketplace](https://aka.ms/partners/Dynatrace/AMPOffer).

-To create an instance of Elastic, see [QuickStart: Get started with Elastic](create.md).

-# QuickStart: Get started with NGINXaaS

-For help with troubleshooting, see [Troubleshooting NGINXaaS integration with Azure](nginx-troubleshoot.md).

-# What is NGINXaaS?

-To create an instance of NGINXaaS, see [QuickStart: Get started with NGINXaaS](nginx-create.md).

-Learn about [managing your instance](nginx-manage.md) of NGINXaaS.

-1. Select **Review + Create** to create the resource.

-> Deleted servers **cannot** be restored. If you delete the server, all databases that belong to the server are also deleted and cannot be recovered. Use [Azure resource lock](../../azure-resource-manager/management/lock-resources.md) to help prevent accidental deletion of your server.

-| Germany West Central | :heavy_check_mark: (v3/v4 only) | :x: $ | :x: $ | :heavy_check_mark: |

- 1. Check that `pgaudit` is loaded in `shared_preload_libraries` by executing the following query in psql:

- ```SQL

- show shared_preload_libraries;

- ```

- You should see `pgaudit` in the query result that will return `shared_preload_libraries`.

-+ The "fields" collection includes a required key field, a category field, and pairs of fields (such as "title", "titleVector") for keyword and vector search. Colocating vector and nonvector fields in the same index enables hybrid queries. For instance, you can combine filters, keyword search with semantic ranking, and vectors into a single query operation.

-You can add filters, but the filters are applied to the nonvector content in your index. In this example, the filter applies to the "category" field.

-A cross-field vector query sends a single query across multiple vector fields in your search index. This query example looks for similarity in both `titleVector` and `contentVector`:

-Multi-query vector search sends multiple queries across multiple vector fields in your search index. This query example looks for similarity in both `titleVector` and `contentVector`, but sends in two different query embeddings respectively. This scenario is ideal for multi-modal use cases where you want to search over a `textVector` field and an `imageVector` field. You can also use this scenario if you have different embedding models with different dimensions in your search index.

-In Cognitive Search, semantic search and vector search are separate features, but you can use them together as described in this example. Semantic search adds language representation models that rerank search results based on query intent. This feature is optional and billable for the transactions against the language models.

-Here's the last query in the collection. It's the same hybrid query as the previous example, but with a filter.

-This article describes several approaches for chunking large documents so that you can generate embeddings for vector search.

-The models used to generate embedding vectors have maximum limits on the text fragments provided as input. For example, the maximum length of input text for the [Azure OpenAI](/azure/cognitive-services/openai/how-to/embeddings) embedding models is 8,191 tokens. Given that each token is around 4 tokens for common OpenAI models, this maximum limit is equivalent to around 6000 words of text. If you're using these models to generate embeddings, it's critical that the input text stays under the limit. Partitioning your content into chunks ensures that your data can be processed by the Large Language Models (LLM) used for indexing and queries.

-When chunking data, overlapping a small amount of text between chunks can help preserve context. We recommend starting with an overlap of approximately 10%. For example, given a fixed chunk size of 256 tokens, you would begin testing with an overlap of 25 tokens. The actual amount of overlap varies depending on the type of data and the specific use case, but we have found that 10-15% works for many scenarios.

-1. Optionally, include other fields with alphanumeric content for hybrid query scenarios that include full text search or semantic ranking.

- + We used **text-embedding-ada-002** to generate text embeddings and [Image Retrieval REST API](/rest/api/computervision/2023-02-01-preview/image-retrieval/vectorize-image) for image embeddings.

- + To avoid [rate limiting](/azure/cognitive-services/openai/quotas-limits), we implemented retry logic in our workload. For the Python demo, we used [tenacity](https://pypi.org/project/tenacity/).

-+ **Choose the right embedding model:** Select an appropriate model for your specific use case, such as word embeddings for text-based searches or image embeddings for visual searches. Consider using pre-trained models like **text-embedding-ada-002** from OpenAI or **Image Retreival** REST API from [Azure AI Computer Vision](/azure/cognitive-services/computer-vision/how-to/image-retrieval).

-+ **Normalize Vector lengths**: Ensure that the vector lengths are normalized before storing them in the search index to improve the accuracy and performance of similarity search. Most pre-trained models already are normalized but not all.

-In Azure Cognitive Search, if you added vector fields to a search index, this article explains how to query those fields. It also explains how to combine vector queries with full text search and semantic search for hybrid query scenarios.

-+ Azure Cognitive Search, in any region and on any tier. However, if you want to also use [semantic search](semantic-search-overview.md) for hybrid queries, your search service must be Basic tier or higher, with [semantic search enabled](semantic-search-overview.md#enable-semantic-search).

- Most existing services support vector search. For a small subset of services created prior to January 2019, an index containing vector fields will fail on creation. In this situation, a new service must be created.

-A hybrid query combines full text search, semantic search (reranking), and vector search. The search engine runs full text and vector queries in parallel. Semantic ranking is applied to the results from the text search. A single result set is returned in the response.

-As part of the deployment for GA, the default view of the content hub is now the **List view**. The install process is streamlined as well. When selecting **Install** or **Install/Update**, the experience behaves like bulk installation.

-All new Microsoft Sentinel workspaces will automatically default to the simplified pricing tiers. Existing workspaces will have the choice to switch to the new pricing from Microsoft Sentinel settings. For more information, see the [simplified pricing tiers](billing.md#simplified-pricing-tiers) section of our cost planning documentation.

- "Processes": "Fabric.exe;FabricHost.exe;FabricInstallerService.exe;FabricSetup.exe;FabricDeployer.exe;ImageBuilder.exe;FabricGateway.exe;FabricDCA.exe;FabricFAS.exe;FabricUOS.exe;FabricRM.exe;FileStoreService.exe"

-You can view the state of Application Accelerator in the Azure portal on the **Developer Tools (Preview)** page, as shown in the following screenshot:

-To view all published accelerators, see the App Accelerators section of the **Developer Tools (Preview)** page. Select the App Accelerator URL to view the published accelerators in Dev Tools Portal:

-1. On the **Developer Tools (Preview)** page, select the App Accelerator URL to open the Dev Tools Portal.

- :::image type="content" source="media/how-to-use-accelerator/tap-gui-url.png" alt-text="Screenshot of the Azure portal showing the Developer Tools (Preview) page with the App Accelerator URL highlighted." lightbox="media/how-to-use-accelerator/tap-gui-url.png":::

-1. Navigate to your service resource, and then select **Developer Tools (Preview)**.

-You can view whether App Accelerator is enabled or disabled on the **Developer Tools (Preview)** page.

-You can view the state of Application Live View in the Azure portal on the **Overview** tab of the **Developer Tools (Preview)** page.

-1. Navigate to your service resource, and then select **Developer Tools (Preview)**.

- :::image type="content" source="media/how-to-use-application-live-view/manage.png" alt-text="Screenshot of the Developer Tools (Preview) page." lightbox="media/how-to-use-application-live-view/manage.png":::

-1. You can then view the state of Application Live View on the **Developer Tools (Preview)**.

-## Prerequisites

- ```azurecli

- az extension add --name containerapp --upgrade

- az provider register --namespace Microsoft.App

- az provider register --namespace Microsoft.OperationalInsights

- az provider register --namespace Microsoft.AppPlatform

- ```

-## Clone and run the sample project locally

-Use the following steps to clone and run the app locally.

-1. Use the following command to clone the sample project from GitHub:

- ```bash

- git clone https://github.com/Azure-Samples/ASA-Samples-Web-Application.git

- ```

-1. Use the following command to build the sample project:

- ```bash

- cd ASA-Samples-Web-Application

- ./mvnw clean package -DskipTests

- ```

-1. Use the following command to run the sample application by Maven:

- ```bash

- java -jar web/target/simple-todo-web-0.0.1-SNAPSHOT.jar

- ```

-1. Go to `http://localhost:8080` in your browser to access the application.

-## Prepare the cloud environment

-The main resources required to run this sample are an Azure Spring Apps instance and an Azure Database for PostgreSQL instance. This section provides the steps to create these resources.

-### Provide names for each resource

-Create variables to hold the resource names by using the following commands. Be sure to replace the placeholders with your own values.

-```azurecli

-export RESOURCE_GROUP=<resource-group-name>

-export LOCATION=<location>

-export POSTGRESQL_SERVER=<server-name>

-export POSTGRESQL_DB=<database-name>

-export AZURE_SPRING_APPS_NAME=<Azure-Spring-Apps-service-instance-name>

-export APP_NAME=<web-app-name>

-export CONNECTION=<connection-name>

-```

-```azurecli

-export RESOURCE_GROUP=<resource-group-name>

-export LOCATION=<location>

-export POSTGRESQL_SERVER=<server-name>

-export POSTGRESQL_DB=<database-name>

-export POSTGRESQL_ADMIN_USERNAME=<admin-username>

-export POSTGRESQL_ADMIN_PASSWORD=<admin-password>

-export AZURE_SPRING_APPS_NAME=<Azure-Spring-Apps-service-instance-name>

-export APP_NAME=<web-app-name>

-export MANAGED_ENVIRONMENT="<Azure-Container-Apps-environment-name>"

-export CONNECTION=<connection-name>

-```

-### Create a new resource group

-Use the following steps to create a new resource group.

-1. Use the following command to sign in to the Azure CLI.

- ```azurecli

- az login

- ```

-1. Use the following command to set the default location.

- ```azurecli

- az configure --defaults location=${LOCATION}

- ```

-1. Use the following command to list all available subscriptions to determine the subscription ID to use.

- ```azurecli

- az account list --output table

- ```

-1. Use the following command to set the default subscription:

- ```azurecli

- az account set --subscription <subscription-ID>

- ```

-1. Use the following command to create a resource group.

- ```azurecli

- az group create --resource-group ${RESOURCE_GROUP}

- ```

-1. Use the following command to set the newly created resource group as the default resource group.

- ```azurecli

- az configure --defaults group=${RESOURCE_GROUP}

- ```

-### Create an Azure Spring Apps instance

-Azure Spring Apps is used to host the Spring web app. Create an Azure Spring Apps instance and an application inside it.

-An Azure Container Apps environment creates a secure boundary around a group of applications. Apps deployed to the same environment are deployed in the same virtual network and write logs to the same log analytics workspace. For more information, see [Log Analytics workspace overview](../azure-monitor/logs/log-analytics-workspace-overview.md).

-1. Use the following command to create the environment:

- az containerapp env create \

- --name ${MANAGED_ENVIRONMENT}

- ```

-1. Use the following command to create a variable to store the environment resource ID:

- ```azurecli

- export MANAGED_ENV_RESOURCE_ID=$(az containerapp env show \

- --name ${MANAGED_ENVIRONMENT} \

- --query id \

- --output tsv)

-1. The Azure Spring Apps Standard consumption and dedicated plan instance is built on top of the Azure Container Apps environment. Create your Azure Spring Apps instance by specifying the resource ID of the environment you created. Use the following command to create an Azure Spring Apps service instance with the resource ID:

- ```azurecli

- az spring create \

- --name ${AZURE_SPRING_APPS_NAME} \

- --managed-environment ${MANAGED_ENV_RESOURCE_ID} \

- --sku standardGen2

- ```

-1. Use the following command to specify the app name on Azure Spring Apps and to allocate required resources:

- az spring app create \

- --name ${APP_NAME} \

- --runtime-version Java_17 \

- --assign-endpoint true

-1. Use the following command to create an Azure Spring Apps service instance.

- ```azurecli

- az spring create --name ${AZURE_SPRING_APPS_NAME} --sku enterprise

- ```

-1. Use the following command to create an application in the Azure Spring Apps instance.

- az spring app create \

- --name ${APP_NAME} \

- --assign-endpoint true

-1. Use the following command to create an Azure Spring Apps service instance.

- ```azurecli

- az spring create --name ${AZURE_SPRING_APPS_NAME}

- ```

-1. Use the following command to create an application in the Azure Spring Apps instance.

- ```azurecli

- az spring app create \

- --service ${AZURE_SPRING_APPS_NAME} \

- --name ${APP_NAME} \

- --runtime-version Java_17 \

- --assign-endpoint true

- ```

-### Prepare the PostgreSQL instance

-The Spring web app uses H2 for the database in localhost, and Azure Database for PostgreSQL for the database in Azure.

-Use the following command to create a PostgreSQL instance:

-```azurecli

-az postgres flexible-server create \

- --name ${POSTGRESQL_SERVER} \

- --database-name ${POSTGRESQL_DB} \

- --admin-user ${POSTGRESQL_ADMIN_USERNAME} \

- --admin-password ${POSTGRESQL_ADMIN_PASSWORD} \

- --public-access 0.0.0.0

-```

-Specifying `0.0.0.0` enables public access from any resources deployed within Azure to access your server.

-```azurecli

-az postgres flexible-server create \

- --name ${POSTGRESQL_SERVER} \

- --database-name ${POSTGRESQL_DB} \

- --active-directory-auth Enabled

-```

-To ensure that the application is accessible only by PostgreSQL in Azure Spring Apps, enter `n` to the prompts to enable access to a specific IP address and to enable access for all IP addresses.

-```output

-Do you want to enable access to client xxx.xxx.xxx.xxx (y/n) (y/n): n

-Do you want to enable access for all IPs (y/n): n

-### Connect app instance to PostgreSQL instance

-After the application instance and the PostgreSQL instance are created, the application instance can't access the PostgreSQL instance directly. Use the following steps to enable the app to connect to the PostgreSQL instance.

-1. Use the following command to get the PostgreSQL instance's fully qualified domain name:

- ```azurecli

- export PSQL_FQDN=$(az postgres flexible-server show \

- --name ${POSTGRESQL_SERVER} \

- --query fullyQualifiedDomainName \

- --output tsv)

- ```

-1. Use the following command to provide the `spring.datasource.` properties to the app through environment variables:

- ```azurecli

- az spring app update \

- --service ${AZURE_SPRING_APPS_NAME} \

- --name ${APP_NAME} \

- --env SPRING_DATASOURCE_URL="jdbc:postgresql://${PSQL_FQDN}:5432/${POSTGRESQL_DB}?sslmode=require" \

- SPRING_DATASOURCE_USERNAME="${POSTGRESQL_ADMIN_USERNAME}" \

- SPRING_DATASOURCE_PASSWORD="${POSTGRESQL_ADMIN_PASSWORD}"

- ```

-After the application instance and the PostgreSQL instance are created, the application instance can't access the PostgreSQL instance directly. The following steps use Service Connector to configure the needed network settings and connection information. For more information about Service Connector, see [What is Service Connector?](../service-connector/overview.md).

-1. If you're using Service Connector for the first time, use the following command to register the Service Connector resource provider.

- ```azurecli

- az provider register --namespace Microsoft.ServiceLinker

- ```

-1. Use the following command to achieve a passwordless connection:

- ```azurecli

- az extension add --name serviceconnector-passwordless --upgrade

- ```

-1. Use the following command to create a service connection between the application and the PostgreSQL database:

- ```azurecli

- az spring connection create postgres-flexible \

- --resource-group ${RESOURCE_GROUP} \

- --service ${AZURE_SPRING_APPS_NAME} \

- --app ${APP_NAME} \

- --client-type springBoot \

- --target-resource-group ${RESOURCE_GROUP} \

- --server ${POSTGRESQL_SERVER} \

- --database ${POSTGRESQL_DB} \

- --system-identity \

- --connection ${CONNECTION}

- ```

- The `--system-identity` parameter is required for the passwordless connection. For more information, see [Bind an Azure Database for PostgreSQL to your application in Azure Spring Apps](how-to-bind-postgres.md).

-1. After the connection is created, use the following command to validate the connection:

- ```azurecli

- az spring connection validate \

- --resource-group ${RESOURCE_GROUP} \

- --service ${AZURE_SPRING_APPS_NAME} \

- --app ${APP_NAME} \

- --connection ${CONNECTION}

- ```

- The output should appear similar to the following JSON code:

- ```json

- [

- {

- "additionalProperties": {},

- "description": null,

- "errorCode": null,

- "errorMessage": null,

- "name": "The target existence is validated",

- "result": "success"

- },

- {

- "additionalProperties": {},

- "description": null,

- "errorCode": null,

- "errorMessage": null,

- "name": "The target service firewall is validated",

- "result": "success"

- },

- {

- "additionalProperties": {},

- "description": null,

- "errorCode": null,

- "errorMessage": null,

- "name": "The configured values (except username/password) is validated",

- "result": "success"

- },

- {

- "additionalProperties": {},

- "description": null,

- "errorCode": null,

- "errorMessage": null,

- "name": "The identity existence is validated",

- "result": "success"

- }

- ]

- ```

-## Deploy the app to Azure Spring Apps

-Now that the cloud environment is prepared, the application is ready to deploy.

-1. Use the following command to deploy the app:

- ```azurecli

- az spring app deploy \

- --service ${AZURE_SPRING_APPS_NAME} \

- --name ${APP_NAME} \

- --artifact-path web/target/simple-todo-web-0.0.1-SNAPSHOT.jar

- ```

-2. After the deployment has completed, you can access the app with this URL: `https://${AZURE_SPRING_APPS_NAME}-${APP_NAME}.azuremicroservices.io/`. The page should appear as you saw in localhost.

-2. After the deployment has completed, use the following command to access the app with the URL retrieved:

- ```azurecli

- az spring app show \

- --service ${AZURE_SPRING_APPS_NAME} \

- --name ${APP_NAME} \

- --query properties.url \

- --output tsv

- ```

- The page should appear as you saw in localhost.

-3. Use the following command to check the app's log to investigate any deployment issue:

- ```azurecli

- az spring app logs \

- --service ${AZURE_SPRING_APPS_NAME} \

- --name ${APP_NAME}

- ```

-## Clean up resources

-If you plan to continue working with subsequent quickstarts and tutorials, you might want to leave these resources in place. When you no longer need the resources, delete them by deleting the resource group. Use the following command to delete the resource group:

-```azurecli

-az group delete --name ${RESOURCE_GROUP}

-```

-## Next steps

-> [!div class="nextstepaction"]

-> [Create a service connection in Azure Spring Apps with the Azure CLI](../service-connector/quickstart-cli-spring-cloud-connection.md)

-public static async void AppendToBlob

- (BlobContainerClient containerClient, MemoryStream logEntryStream, string LogBlobName)

- AppendBlobClient appendBlobClient = containerClient.GetAppendBlobClient(LogBlobName);

- appendBlobClient.CreateIfNotExists();

- var maxBlockSize = appendBlobClient.AppendBlobMaxAppendBlockBytes;

-

- var buffer = new byte[maxBlockSize];

- appendBlobClient.AppendBlock(logEntryStream);

- var bytesLeft = (logEntryStream.Length - logEntryStream.Position);

- if (bytesLeft >= maxBlockSize)

- {

- buffer = new byte[maxBlockSize];

- await logEntryStream.ReadAsync

- (buffer, 0, maxBlockSize);

- }

- else

- {

- buffer = new byte[bytesLeft];

- await logEntryStream.ReadAsync

- (buffer, 0, Convert.ToInt32(bytesLeft));

- }

- appendBlobClient.AppendBlock(new MemoryStream(buffer));

- bytesLeft = (logEntryStream.Length - logEntryStream.Position);

-Azurite supports basic authentication by specifying the `basic` parameter to the `--oauth` switch. Azurite performs basic authentication, like validating the incoming bearer token, checking the issuer, audience, and expiry. Azurite doesn't check the token signature or permissions.

-If you're using the Azure SDKs, start Azurite with the `--oauth basic and --cert --key/--pwd` options.

-You can then instantiate a BlobContainerClient, BlobServiceClient, or BlobClient.

-You can also instantiate a QueueClient or QueueServiceClient.

-You can also instantiate a TableClient or TableServiceClient.

-| NUMBER | NUMBER |

-To learn about ETL and load for Oracle migration, see the next article in this series: [Data migration, ETL, and load for Oracle migrations](2-etl-load-migration-considerations.md).

-Returns file properties including file name, file path, file size, and whether it is a directory and a file.

- print(file.name, file.isDir, file.isFile, file.path, file.size)

- file => println(file.name,file.isDir,file.isFile,file.size)

- writeLines(paste(file$name, file$isDir, file$isFile, file$size))

-PUT on `/subscriptions/subscription_id/resourceGroups/myResourceGroup/providers/Microsoft.Compute/virtualMachines/myVirtualMachine?api-version=2023-03-01`

-PUT on `/subscriptions/subscription_id/resourceGroups/myResourceGroup/providers/Microsoft.Compute/virtualMachines/myVirtualMachine?api-version=2023-03-01`

-PUT on `/subscriptions/subscription_id/resourceGroups/myResourceGroup/providers/Microsoft.Compute/virtualMachines/myVirtualMachine?api-version=2023-03-01`

-PUT on `/subscriptions/subscription_id/resourceGroups/myResourceGroup/providers/Microsoft.Compute/virtualMachines/myVirtualMachine?api-version=2023-03-01`

-1. In the search bar, type *Azure Virtual Desktop* and select the matching service entry.

- | Security type | Select from **Standard**, **[Trusted launch virtual machines](../virtual-machines/trusted-launch.md)**, or **[Confidential virtual machines](../confidential-computing/confidential-vm-overview.md)**. |

- | Security type | Select from **Standard**, **[Trusted launch virtual machines](../virtual-machines/trusted-launch.md)**, or **[Confidential virtual machines](../confidential-computing/confidential-vm-overview.md)**. |

-## Azure Virtual Desktop support for Trusted Launch

-## Azure Confidential Computing virtual machines (preview)

-> [!IMPORTANT]

-> Azure Virtual Desktop support for Azure Confidential virtual machines is currently in PREVIEW.

-> See the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.

-Azure Virtual Desktop support for Azure Confidential Computing virtual machines (preview) ensures a userΓÇÖs virtual desktop is encrypted in memory, protected in use, and backed by hardware root of trust. Deploying confidential VMs with Azure Virtual Desktop gives users access to Microsoft 365 and other applications on session hosts that use hardware-based isolation, which hardens isolation from other virtual machines, the hypervisor, and the host OS. These virtual desktops are powered by the latest Third-generation (Gen 3) Advanced Micro Devices (AMD) EPYCΓäó processor with Secure Encrypted Virtualization Secure Nested Paging (SEV-SNP) technology. Memory encryption keys are generated and safeguarded by a dedicated secure processor inside the AMD CPU that can't be read from software. For more information, see the [Azure Confidential Computing overview](../confidential-computing/overview.md).

-| TCP | Unhealthy | The instance automatically enters an *Initializing* state at extension start time. For more information, see [Initializing state](#initializing-state). |

-## Create a scale set that references an Application Gateway

-To create a scale set that uses an application gateway, reference the backend address pool of the application gateway in the ipConfigurations section of your scale set as in this ARM template config: