| Service | Microsoft Docs article | Related commit history on GitHub | Change details |
|---|---|---|---|
| active-directory | Inbound Provisioning Api Faqs | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/app-provisioning/inbound-provisioning-api-faqs.md | You can retrieve the unique API endpoint for each job from the Provisioning blad To process terminations, identify an attribute in your source that will be used to set the ```accountEnabled``` flag in Azure AD. If you are provisioning to on-premises Active Directory, then map that source attribute to the `accountDisabled` attribute. -By default, the value associated with the SCIM User Core schema attribute ```active``` determines the status of the user's account in the target directory. +By default, the value associated with the SCIM Core User schema attribute ```active``` determines the status of the user's account in the target directory. If the attribute is set to **true**, the default mapping rule enables the account. If the attribute is set to **false**, then the default mapping rule disables the account. |
| active-directory | Powershell Assign Group To App | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/app-proxy/scripts/powershell-assign-group-to-app.md | |
| active-directory | Powershell Assign User To App | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/app-proxy/scripts/powershell-assign-user-to-app.md | |
| active-directory | Powershell Display Users Group Of App | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/app-proxy/scripts/powershell-display-users-group-of-app.md | |
| active-directory | Powershell Get All App Proxy Apps Basic | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/app-proxy/scripts/powershell-get-all-app-proxy-apps-basic.md | |
| active-directory | Powershell Get All App Proxy Apps By Connector Group | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/app-proxy/scripts/powershell-get-all-app-proxy-apps-by-connector-group.md | |
| active-directory | Powershell Get All App Proxy Apps Extended | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/app-proxy/scripts/powershell-get-all-app-proxy-apps-extended.md | |
| active-directory | Powershell Get All App Proxy Apps With Policy | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/app-proxy/scripts/powershell-get-all-app-proxy-apps-with-policy.md | |
| active-directory | Powershell Get All Connectors | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/app-proxy/scripts/powershell-get-all-connectors.md | |
| active-directory | Powershell Get All Custom Domain No Cert | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/app-proxy/scripts/powershell-get-all-custom-domain-no-cert.md | |
| active-directory | Powershell Get All Custom Domains And Certs | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/app-proxy/scripts/powershell-get-all-custom-domains-and-certs.md | |
| active-directory | Powershell Get All Default Domain Apps | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/app-proxy/scripts/powershell-get-all-default-domain-apps.md | |
| active-directory | Powershell Get All Wildcard Apps | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/app-proxy/scripts/powershell-get-all-wildcard-apps.md | |
| active-directory | Powershell Get Custom Domain Identical Cert | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/app-proxy/scripts/powershell-get-custom-domain-identical-cert.md | |
| active-directory | Powershell Get Custom Domain Replace Cert | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/app-proxy/scripts/powershell-get-custom-domain-replace-cert.md | |
| active-directory | Powershell Move All Apps To Connector Group | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/app-proxy/scripts/powershell-move-all-apps-to-connector-group.md | |
| active-directory | Howto Authentication Sms Signin | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/howto-authentication-sms-signin.md | If you receive an error when you try to set a phone number for a user account in [rest-disable]: /graph/api/phoneauthenticationmethod-disablesmssignin <!-- EXTERNAL LINKS -->-[azure-portal]: https://portal.azure.com [office]: https://www.office.com [m365-firstline-workers-licensing]: https://www.microsoft.com/licensing/news/m365-firstline-workers [azuread-licensing]: https://azure.microsoft.com/pricing/details/active-directory/ |
| active-directory | Howto Authentication Use Email Signin | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/authentication/howto-authentication-use-email-signin.md | During preview, you currently need *Global Administrator* permissions to enable ### Azure portal -1. Sign in to the [Azure portal][azure-portal] as a *Global Administrator*. +1. Sign in to the [Azure portal](https://portal.azure.com) as a *Global Administrator*. 1. Search for and select **Azure Active Directory**. 1. From the navigation menu on the left-hand side of the Azure Active Directory window, select **Azure AD Connect > Email as alternate login ID**. For more information on hybrid identity operations, see [how password hash sync] [sign-in-logs]: ../reports-monitoring/concept-sign-ins.md <!-- EXTERNAL LINKS -->-[azure-portal]: https://portal.azure.com [Install-Module]: /powershell/module/powershellget/install-module [Connect-AzureAD]: /powershell/module/azuread/connect-azuread [Get-AzureADPolicy]: /powershell/module/azuread/get-azureadpolicy |
| active-directory | Active Directory Devhowto Adal Error Handling | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/azuread-dev/active-directory-devhowto-adal-error-handling.md | Use the comments section that follows, to provide feedback and help us refine an [AAD-Auth-Libraries]: ./active-directory-authentication-libraries.md [AAD-Auth-Scenarios]:v1-authentication-scenarios.md [AAD-Integrating-Apps]:../develop/quickstart-register-app.md?toc=/azure/active-directory/azuread-dev/toc.json&bc=/azure/active-directory/azuread-dev/breadcrumb/toc.json-[AZURE-portal]: https://portal.azure.com <!--Image references--> [AAD-Sign-In]:./media/active-directory-devhowto-multi-tenant-overview/sign-in-with-microsoft-light.png |
| active-directory | How To Create Alert Trigger | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/cloud-infrastructure-entitlement-management/how-to-create-alert-trigger.md | This article describes how you can create and view activity alerts and alert tri The **Alerts** table displays information about your alert. + Select the alert name to view the individual activities and further details about the **resources**, **tasks**, and **identities** involved. + ## View activity alert triggers |
| active-directory | Ui Triggers | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/cloud-infrastructure-entitlement-management/ui-triggers.md | This article describes how to use the **Alerts** dashboard in Permissions Manage - **Alerts** - **Alert Triggers**+ +- Select the **Authorization system**(s) and/or **folder**(s) to display alerts and alert triggers in scope of the selected view. +- Alert triggers are based on data collected. All alerts, if triggered, are shown every hour under the Alerts subtab. ## View information about alerts The **Rule-Based Anomaly** tab and the **Statistical Anomaly** tab both have one - **Columns**: Select the columns you want to display: **Task**, **Resource**, and **Identity**. - To return to the system default settings, select **Reset to default**. -Alert triggers are based on data collected. All alerts, if triggered, are shown every hour under the Alerts subtab. ## View information about alert triggers |
| active-directory | How To App Protection Policy Windows | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/conditional-access/how-to-app-protection-policy-windows.md | App protection policies apply mobile application management (MAM) to specific ap ## Prerequisites -The following requirements must be met before you can apply an [app protection policy] to Windows client devices: --- Ensure your Windows client version is Windows 11, build 10.0.22621 (22H2) or newer.-- Ensure your device isn't managed, including:- - Not Azure AD joined or enrolled in Mobile Device Management (MDM) for the same tenant -as your MAM user. - - Not Azure AD registered (workplace joined) with more than two users besides the MAM user. There's a limit of no more than [three Azure AD registered users to a device](../devices/faq.yml#i-can-t-add-more-than-3-azure-ad-user-accounts-under-the-same-user-session-on-a-windows-10-11-device--why). -- Clients must be running Microsoft Edge build v115.0.1901.155 or newer.- - You can check the version by going to `edge://settings/help` in the address bar. -- Clients must have the **Enable MAM on Edge desktop platforms** flag enabled.- - You can enable this going to `edge://flags/#edge-desktop-mam` in the address bar. - - Enable **Enable MAM on Edge desktop platforms** - - Click the **Restart** button at the bottom of the window. +Customers interested in the public preview will need to opt-in using the [MAM for Windows Public Preview Sign Up Form](https://aka.ms/MAMforWindowsPublic). ## User exclusions [!INCLUDE [active-directory-policy-exclusions](../../../includes/active-directory-policy-exclude-user.md)] |
| active-directory | App Objects And Service Principals | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/app-objects-and-service-principals.md | The application object describes three aspects of an application: - The resources that the application might need to access - The actions that the application can take -You can use the **App registrations** page in the [Azure portal][azure-portal] to list and manage the application objects in your home tenant. +You can use the **App registrations** page in the [Azure portal] to list and manage the application objects in your home tenant.  Learn how to create a service principal: [ms-graph-app-entity]: /graph/api/resources/application [ms-graph-sp-entity]: /graph/api/resources/serviceprincipal-[azure-portal]: https://portal.azure.com +[Azure portal]: https://portal.azure.com |
| active-directory | Developer Glossary | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/developer-glossary.md | The application ID, or _[client ID](https://datatracker.ietf.org/doc/html/rfc674 ## Application manifest -A feature provided by the [Azure portal][AZURE-portal], which produces a JSON representation of the application's identity configuration, used as a mechanism for updating its associated [Application][Graph-App-Resource] and [ServicePrincipal][Graph-Sp-Resource] entities. See [Understanding the Azure Active Directory application manifest][AAD-App-Manifest] for more details. +A feature provided by the [Azure portal], which produces a JSON representation of the application's identity configuration, used as a mechanism for updating its associated [Application][Graph-App-Resource] and [ServicePrincipal][Graph-Sp-Resource] entities. See [Understanding the Azure Active Directory application manifest][AAD-App-Manifest] for more details. ## Application object -When you register/update an application in the [Azure portal][AZURE-portal], the portal creates/updates both an application object and a corresponding [service principal object](#service-principal-object) for that tenant. The application object _defines_ the application's identity configuration globally (across all tenants where it has access), providing a template from which its corresponding service principal object(s) are _derived_ for use locally at run-time (in a specific tenant). +When you register/update an application in the [Azure portal], the portal creates/updates both an application object and a corresponding [service principal object](#service-principal-object) for that tenant. The application object _defines_ the application's identity configuration globally (across all tenants where it has access), providing a template from which its corresponding service principal object(s) are _derived_ for use locally at run-time (in a specific tenant). For more information, see [Application and Service Principal Objects][AAD-App-SP-Objects]. A [client application](#client-application) gains access to a [resource server]( They also surface during the [consent](#consent) process, giving the administrator or resource owner the opportunity to grant/deny the client access to resources in their tenant. -Permission requests are configured on the **API permissions** page for an application in the [Azure portal][AZURE-portal], by selecting the desired "Delegated Permissions" and "Application Permissions" (the latter requires membership in the Global Administrator role). Because a [public client](#client-application) can't securely maintain credentials, it can only request delegated permissions, while a [confidential client](#client-application) has the ability to request both delegated and application permissions. The client's [application object](#application-object) stores the declared permissions in its [requiredResourceAccess property][Graph-App-Resource]. +Permission requests are configured on the **API permissions** page for an application in the [Azure portal], by selecting the desired "Delegated Permissions" and "Application Permissions" (the latter requires membership in the Global Administrator role). Because a [public client](#client-application) can't securely maintain credentials, it can only request delegated permissions, while a [confidential client](#client-application) has the ability to request both delegated and application permissions. The client's [application object](#application-object) stores the declared permissions in its [requiredResourceAccess property][Graph-App-Resource]. ## Refresh token Like [scopes](#scopes), app roles provide a way for a [resource server](#resourc App roles can support two assignment types: "user" assignment implements role-based access control for users/groups that require access to the resource, while "application" assignment implements the same for [client applications](#client-application) that require access. An app role can be defined as user-assignable, app-assignabnle, or both. -Roles are resource-defined strings (for example "Expense approver", "Read-only", "Directory.ReadWrite.All"), managed in the [Azure portal][AZURE-portal] via the resource's [application manifest](#application-manifest), and stored in the resource's [appRoles property][Graph-Sp-Resource]. The Azure portal is also used to assign users to "user" assignable roles, and configure client [application permissions](#permissions) to request "application" assignable roles. +Roles are resource-defined strings (for example "Expense approver", "Read-only", "Directory.ReadWrite.All"), managed in the [Azure portal] via the resource's [application manifest](#application-manifest), and stored in the resource's [appRoles property][Graph-Sp-Resource]. The Azure portal is also used to assign users to "user" assignable roles, and configure client [application permissions](#permissions) to request "application" assignable roles. For a detailed discussion of the application roles exposed by the Microsoft Graph API, see [Graph API Permission Scopes][Graph-Perm-Scopes]. For a step-by-step implementation example, see [Add or remove Azure role assignments using the Azure portal][AAD-RBAC]. For a detailed discussion of the application roles exposed by the Microsoft Grap Like [roles](#roles), scopes provide a way for a [resource server](#resource-server) to govern access to its protected resources. Scopes are used to implement [scope-based][OAuth2-Access-Token-Scopes] access control, for a [client application](#client-application) that has been given delegated access to the resource by its owner. -Scopes are resource-defined strings (for example "Mail.Read", "Directory.ReadWrite.All"), managed in the [Azure portal][AZURE-portal] via the resource's [application manifest](#application-manifest), and stored in the resource's [oauth2Permissions property][Graph-Sp-Resource]. The Azure portal is also used to configure client application [delegated permissions](#permissions) to access a scope. +Scopes are resource-defined strings (for example "Mail.Read", "Directory.ReadWrite.All"), managed in the [Azure portal] via the resource's [application manifest](#application-manifest), and stored in the resource's [oauth2Permissions property][Graph-Sp-Resource]. The Azure portal is also used to configure client application [delegated permissions](#permissions) to access a scope. A best practice naming convention, is to use a "resource.operation.constraint" format. For a detailed discussion of the scopes exposed by Microsoft Graph API, see [Graph API Permission Scopes][Graph-Perm-Scopes]. For scopes exposed by Microsoft 365 services, see [Microsoft 365 API permissions reference][O365-Perm-Ref]. A signed document containing claims, such as an OAuth 2.0 token or SAML 2.0 asse ## Service principal object -When you register/update an application in the [Azure portal][AZURE-portal], the portal creates/updates both an [application object](#application-object) and a corresponding service principal object for that tenant. The application object _defines_ the application's identity configuration globally (across all tenants where the associated application has been granted access), and is the template from which its corresponding service principal object(s) are _derived_ for use locally at run-time (in a specific tenant). +When you register/update an application in the [Azure portal], the portal creates/updates both an [application object](#application-object) and a corresponding service principal object for that tenant. The application object _defines_ the application's identity configuration globally (across all tenants where the associated application has been granted access), and is the template from which its corresponding service principal object(s) are _derived_ for use locally at run-time (in a specific tenant). For more information, see [Application and Service Principal Objects][AAD-App-SP-Objects]. Many of the terms in this glossary are related to the OAuth 2.0 and OpenID Conne [AAD-Multi-Tenant-Overview]:howto-convert-app-to-be-multi-tenant.md [AAD-Security-Token-Claims]: ./active-directory-authentication-scenarios/#claims-in-azure-ad-security-tokens [AAD-Tokens-Claims]:access-tokens.md-[AZURE-portal]: https://portal.azure.com +[Azure portal]: https://portal.azure.com [AAD-RBAC]: ../../role-based-access-control/role-assignments-portal.md [JWT]: https://tools.ietf.org/html/rfc7519 [Microsoft-Graph]: https://developer.microsoft.com/graph |
| active-directory | Howto Convert App To Be Multi Tenant | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/howto-convert-app-to-be-multi-tenant.md | You can also refer to the sample; [Build a multi-tenant SaaS web application tha ## Update registration to be multi-tenant -By default, web app/API registrations in Azure AD are single-tenant upon creation. To make the registration multi-tenant, look for the **Supported account types** section on the **Authentication** pane of the application registration in the [Azure portal][AZURE-portal]. Change the setting to **Accounts in any organizational directory**. +By default, web app/API registrations in Azure AD are single-tenant upon creation. To make the registration multi-tenant, look for the **Supported account types** section on the **Authentication** pane of the application registration in the [Azure portal]. Change the setting to **Accounts in any organizational directory**. When a single-tenant application is created via the Azure portal, one of the items listed on the **Overview** page is the **Application ID URI**. This is one of the ways an application is identified in protocol messages, and can be added at any time. The App ID URI for single tenant apps can be globally unique within that tenant. In contrast, for multi-tenant apps it must be globally unique across all tenants, which ensures that Azure AD can find the app across all tenants. When a single-tenant application validates a token, it checks the signature of t ## Understand user and admin consent and make appropriate code changes -For a user to sign in to an application in Azure AD, the application must be represented in the userΓÇÖs tenant. This allows the organization to do things like apply unique policies when users from their tenant sign in to the application. For a single-tenant application, one can use the registration via the [Azure portal][AZURE-portal]. +For a user to sign in to an application in Azure AD, the application must be represented in the userΓÇÖs tenant. This allows the organization to do things like apply unique policies when users from their tenant sign in to the application. For a single-tenant application, one can use the registration via the [Azure portal]. For a multi-tenant application, the initial registration for the application resides in the Azure AD tenant used by the developer. When a user from a different tenant signs in to the application for the first time, Azure AD asks them to consent to the permissions requested by the application. If they consent, then a representation of the application called a *service principal* is created in the userΓÇÖs tenant, and sign-in can continue. A delegation is also created in the directory that records the userΓÇÖs consent to the application. For details on the application's Application and ServicePrincipal objects, and how they relate to each other, see [Application objects and service principal objects][AAD-App-SP-Objects]. Certain delegated permissions also require a tenant administratorΓÇÖs consent. F If your application uses permissions that require admin consent, consider adding a button or link where the admin can initiate the action. The request your application sends for this action is the usual OAuth2/OpenID Connect authorization request that also includes the `prompt=consent` query string parameter. Once the admin has consented and the service principal is created in the customerΓÇÖs tenant, subsequent sign-in requests don't need the `prompt=consent` parameter. Since the administrator has decided the requested permissions are acceptable, no other users in the tenant are prompted for consent from that point forward. -A tenant administrator can disable the ability for regular users to consent to applications. If this capability is disabled, admin consent is always required for the application to be used in the tenant. If you want to test your application with end-user consent disabled, you can find the configuration switch in the [Azure portal][AZURE-portal] in the **[User settings](https://portal.azure.com/#blade/Microsoft_AAD_IAM/StartboardApplicationsMenuBlade/UserSettings/menuId/)** section under **Enterprise applications**. +A tenant administrator can disable the ability for regular users to consent to applications. If this capability is disabled, admin consent is always required for the application to be used in the tenant. If you want to test your application with end-user consent disabled, you can find the configuration switch in the [Azure portal] in the **[User settings](https://portal.azure.com/#blade/Microsoft_AAD_IAM/StartboardApplicationsMenuBlade/UserSettings/menuId/)** section under **Enterprise applications**. The `prompt=consent` parameter can also be used by applications that request permissions that don't require admin consent. An example of when this would be used is if the application requires an experience where the tenant admin ΓÇ£signs upΓÇ¥ one time, and no other users are prompted for consent from that point on. The following diagram provides an overview of consent for a multi-tier app regis Users and administrators can revoke consent to your application at any time: * Users revoke access to individual applications by removing them from their [Access Panel Applications][AAD-Access-Panel] list.-* Administrators revoke access to applications by removing them using the [Enterprise applications](https://portal.azure.com/#blade/Microsoft_AAD_IAM/StartboardApplicationsMenuBlade/AllApps) section of the [Azure portal][AZURE-portal]. +* Administrators revoke access to applications by removing them using the [Enterprise applications](https://portal.azure.com/#blade/Microsoft_AAD_IAM/StartboardApplicationsMenuBlade/AllApps) section of the [Azure portal]. If an administrator consents to an application for all users in a tenant, users can't revoke access individually. Only the administrator can revoke access, and only for the whole application. To learn more about making API calls to Azure AD and Microsoft 365 services like [AAD-Integrating-Apps]:quickstart-v1-integrate-apps-with-azure-ad.md [AAD-Samples-MT]: /samples/browse/?products=azure-active-directory [AAD-Why-To-Integrate]: ./active-directory-how-to-integrate.md-[AZURE-portal]: https://portal.azure.com [MSFT-Graph-overview]: /graph/ [MSFT-Graph-permission-scopes]: /graph/permissions-reference To learn more about making API calls to Azure AD and Microsoft 365 services like [AAD-Security-Token-Claims]: ./active-directory-authentication-scenarios/#claims-in-azure-ad-security-tokens [AAD-Tokens-Claims]:access-tokens.md [AAD-V2-Dev-Guide]: v2-overview.md-[AZURE-portal]: https://portal.azure.com +[Azure portal]: https://portal.azure.com [Duyshant-Role-Blog]: http://www.dushyantgill.com/blog/2014/12/10/roles-based-access-control-in-cloud-applications-using-azure-ad/ [JWT]: https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32 [O365-Perm-Ref]: /graph/permissions-reference |
| active-directory | Msal Net Migration Confidential Client | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/msal-net-migration-confidential-client.md | public partial class AuthWrapper public async Task<AuthenticationResult> GetAuthenticationResult() {- if (app == null) - { - app = ConfidentialClientApplicationBuilder.Create(ClientId) ++ var app = ConfidentialClientApplicationBuilder.Create(ClientId) .WithCertificate(certificate) .WithAuthority(authority) .Build();++ // Setup token caching https://learn.microsoft.com/azure/active-directory/develop/msal-net-token-cache-serialization?tabs=aspnet + // For example, for an in-memory cache with 1GB limit, use + app.AddInMemoryTokenCache(services => + { + // Configure the memory cache options + services.Configure<MemoryCacheOptions>(options => + { + options.SizeLimit = 1024 * 1024 * 1024; // in bytes (1 GB of memory) + }); } var authResult = await app.AcquireTokenForClient( public partial class AuthWrapper #### Benefit from token caching -To benefit from the in-memory cache, the instance of `IConfidentialClientApplication` must be kept in a member variable. If you re-create the confidential client app each time you request a token, you won't benefit from the token cache. +If you don't setup token caching, the token issuer will throttle you, resulting in errors. It also takes a lot less to get a token from the cache (10-20ms) than it is from ESTS (500-30000ms). -You'll need to serialize `AppTokenCache` if you don't use the default in-memory app token cache. Similarly, If you want to implement a distributed token cache, serialize `AppTokenCache`. For details, see [Token cache for a web app or web API (confidential client application)](msal-net-token-cache-serialization.md?tabs=aspnet) and the sample [active-directory-dotnet-v1-to-v2/ConfidentialClientTokenCache](https://github.com/Azure-Samples/active-directory-dotnet-v1-to-v2/tree/master/ConfidentialClientTokenCache). +If you want to implement a distributed token cache, see [Token cache for a web app or web API (confidential client application)](msal-net-token-cache-serialization.md?tabs=aspnet) and the sample [active-directory-dotnet-v1-to-v2/ConfidentialClientTokenCache](https://github.com/Azure-Samples/active-directory-dotnet-v1-to-v2/tree/master/ConfidentialClientTokenCache). [Learn more about the daemon scenario](scenario-daemon-overview.md) and how it's implemented with MSAL.NET or Microsoft.Identity.Web in new applications. public partial class AuthWrapper string resourceId, string tokenUsedToCallTheWebApi) {- if (app == null) - { - app = ConfidentialClientApplicationBuilder.Create(ClientId) + + var app = ConfidentialClientApplicationBuilder.Create(ClientId) .WithCertificate(certificate) .WithAuthority(authority) .Build();- } + // Setup token caching https://learn.microsoft.com/azure/active-directory/develop/msal-net-token-cache-serialization?tabs=aspnet + // For example, for an in-memory cache with 1GB limit. For OBO, it is recommended to use a distributed cache like Redis. + app.AddInMemoryTokenCache(services => + { + // Configure the memory cache options + services.Configure<MemoryCacheOptions>(options => + { + options.SizeLimit = 1024 * 1024 * 1024; // in bytes (1 GB of memory) + }); + } var userAssertion = new UserAssertion(tokenUsedToCallTheWebApi); |
| active-directory | Msal Net Token Cache Serialization | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/msal-net-token-cache-serialization.md | public static async Task<AuthenticationResult> GetTokenAsync(string clientId, X5 Instead of `app.AddInMemoryTokenCache();`, you can use different caching serialization technologies. For example, you can use no-serialization, in-memory, and distributed token cache storage provided by .NET. <a id="no-token-cache-serialization"></a>-#### Token cache without serialization +#### Token cache without serialization -You can specify that you don't want to have any token cache serialization and instead rely on the MSAL.NET internal cache. Use `.WithCacheOptions(CacheOptions.EnableSharedCacheOptions)` when building the application and don't add any serializer. -r. +Use `.WithCacheOptions(CacheOptions.EnableSharedCacheOptions)` when building the application and don't add any serializer. ++> [!IMPORTANT] +> There is no way to control the size of the cache with this option. If you are building a website, a web API, or a multi-tenant S2S app, then use the `In-memory token cache` option. ```CSharp // Create the confidential client application |
| active-directory | Reference App Manifest | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/reference-app-manifest.md | Use the following comments section to provide feedback that helps refine and sha [AAD-DEVELOPER-GLOSSARY]:developer-glossary.md [AAD-GROUPS-FOR-AUTHORIZATION]: http://www.dushyantgill.com/blog/2014/12/10/authorization-cloud-applications-using-ad-groups/ [ADD-UPD-RMV-APP]:quickstart-v1-integrate-apps-with-azure-ad.md-[AZURE-PORTAL]: https://portal.azure.com [DEV-GUIDE-TO-AUTH-WITH-ARM]: http://www.dushyantgill.com/blog/2015/05/23/developers-guide-to-auth-with-azure-resource-manager-api/ [GRAPH-API]: /graph/migrate-azure-ad-graph-planning-checklist [IMPLICIT-GRANT]:v1-oauth2-implicit-grant-flow.md |
| active-directory | Scenario Spa App Registration | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/develop/scenario-spa-app-registration.md | |
| active-directory | How To Web App Dotnet Sign In Prepare Tenant | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/customers/how-to-web-app-dotnet-sign-in-prepare-tenant.md | In this tutorial, you'll; ## Next steps > [!div class="nextstepaction"]-> [Prepare ASP.NET web app](how-to-web-app-dotnet-sign-in-prepare-app.md) +> [Prepare ASP.NET web app](how-to-web-app-dotnet-sign-in-prepare-app.md) |
| active-directory | How To Web App Role Based Access Control | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/customers/how-to-web-app-role-based-access-control.md | In this article, you have learned that you can use *App Roles* or *Groups* to im ## Next steps -- Learn more about [Configuring group claims and app roles in tokens](/security/zero-trust/develop/configure-tokens-group-claims-app-roles).+- Learn more about [Configuring group claims and app roles in tokens](/security/zero-trust/develop/configure-tokens-group-claims-app-roles). |
| active-directory | Sample Browserless App Dotnet Sign In | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/customers/sample-browserless-app-dotnet-sign-in.md | |
| active-directory | Sample Browserless App Node Sign In | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/customers/sample-browserless-app-node-sign-in.md | |
| active-directory | Sample Daemon Node Call Api | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/customers/sample-daemon-node-call-api.md | |
| active-directory | Sample Single Page App Vanillajs Sign In | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/customers/sample-single-page-app-vanillajs-sign-in.md | |
| active-directory | Sample Web App Dotnet Sign In | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/customers/sample-web-app-dotnet-sign-in.md | |
| active-directory | Sample Web App Node Sign In Call Api | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/customers/sample-web-app-node-sign-in-call-api.md | |
| active-directory | Sample Web App Node Sign In | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/customers/sample-web-app-node-sign-in.md | |
| active-directory | Samples Ciam All | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/customers/samples-ciam-all.md | These samples and how-to guides demonstrate how to write a desktop application t > | Language/<br/>Platform | Code sample guide | Build and integrate guide | > | - | -- | - | > | JavaScript, Electron | • [Sign in users](how-to-desktop-app-electron-sample-sign-in.md) | |-> | ASP.NET (MAUI) | • [Sign in users](how-to-desktop-app-maui-sample-sign-in.md) | | +> | ASP.NET (MAUI) | • [Sign in users](how-to-desktop-app-maui-sample-sign-in.md) |• [Sign in users](tutorial-desktop-app-maui-sign-in-prepare-tenant.md)| ### Mobile These samples and how-to guides demonstrate how to write a public client mobile > [!div class="mx-tdCol2BreakAll"] > | Language/<br/>Platform | Code sample guide | Build and integrate guide | > | -- | -- |-- |-> | ASP.NET Core MAUI | • [Sign in users](how-to-mobile-app-maui-sample-sign-in.md) | | +> | ASP.NET Core MAUI | • [Sign in users](how-to-mobile-app-maui-sample-sign-in.md) | • [Sign in users](tutorial-mobile-app-maui-sign-in-prepare-tenant.md)| ### Daemon These samples and how-to guides demonstrate how to write a daemon application th > | Language/<br/>Platform | Code sample guide | Build and integrate guide | > | -- | -- |-- | > | Node.js | • [Call an API](how-to-daemon-node-sample-call-api.md) | • [Call an API](how-to-daemon-node-call-api-overview.md) |+> | .NET | • [Call an API](sample-daemon-dotnet-call-api.md) | • [Call an API](tutorial-daemon-dotnet-call-api-prepare-tenant.md) | + # [**By language/platform**](#tab/language) These samples and how-to guides demonstrate how to write a daemon application th > | App type | Code sample guide | Build and integrate guide | > | - | -- | - | > | Browserless | • [Sign in users](how-to-browserless-app-dotnet-sample-sign-in.md) | • [Sign in users](how-to-browserless-app-dotnet-sign-in-overview.md) |+> | Daemon | • [Call an API](sample-daemon-dotnet-call-api.md) | • [Call an API](tutorial-daemon-dotnet-call-api-prepare-tenant.md) | ### ASP.NET Core These samples and how-to guides demonstrate how to write a daemon application th > [!div class="mx-tdCol2BreakAll"] > | App type | Code sample guide | Build and integrate guide | > | - | -- | - |-> | Desktop | • [Sign in users](how-to-desktop-app-maui-sample-sign-in.md) | | -> | Mobile | • [Sign in users](how-to-mobile-app-maui-sample-sign-in.md) | | +> | Desktop | • [Sign in users](how-to-desktop-app-maui-sample-sign-in.md) | • [Sign in users](tutorial-desktop-app-maui-sign-in-prepare-tenant.md) | +> | Mobile | • [Sign in users](how-to-mobile-app-maui-sample-sign-in.md) | • [Sign in users](tutorial-mobile-app-maui-sign-in-prepare-tenant.md) | ### JavaScript, Vanilla |
| active-directory | Tutorial Desktop App Maui Sign In Prepare App | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/customers/tutorial-desktop-app-maui-sign-in-prepare-app.md | |
| active-directory | Tutorial Desktop App Maui Sign In Prepare Tenant | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/customers/tutorial-desktop-app-maui-sign-in-prepare-tenant.md | |
| active-directory | Tutorial Desktop App Maui Sign In Sign Out | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/customers/tutorial-desktop-app-maui-sign-in-sign-out.md | |
| active-directory | Tutorial Mobile App Maui Sign In Prepare App | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/customers/tutorial-mobile-app-maui-sign-in-prepare-app.md | Download the following image: ## Next steps > [!div class="nextstepaction"]-> [Tutorial: Sign in users in .NET MAUI shell app](tutorial-mobile-app-maui-sign-in-sign-out.md) +> [Tutorial: Sign in users in .NET MAUI shell app](tutorial-mobile-app-maui-sign-in-sign-out.md) |
| active-directory | Tutorial Mobile App Maui Sign In Prepare Tenant | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/customers/tutorial-mobile-app-maui-sign-in-prepare-tenant.md | In this tutorial, you learn how to: ## Next steps > [!div class="nextstepaction"]-> [Tutorial: Create a .NET MAUI shell app](tutorial-mobile-app-maui-sign-in-prepare-app.md) +> [Tutorial: Create a .NET MAUI shell app](tutorial-mobile-app-maui-sign-in-prepare-app.md) |
| active-directory | Tutorial Mobile App Maui Sign In Sign Out | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/external-identities/customers/tutorial-mobile-app-maui-sign-in-sign-out.md | Run the app by pressing _F5_ or select the _play button_ at the top of Visual St ## Next Steps - [Customize the default branding](how-to-customize-branding-customers.md).-- [Configure sign-in with Google](how-to-google-federation-customers.md).+- [Configure sign-in with Google](how-to-google-federation-customers.md). |
| active-directory | Custom Security Attributes Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/fundamentals/custom-security-attributes-overview.md | Currently, you can add custom security attributes for the following Azure AD obj - Azure AD enterprise applications (service principals) - Managed identities for Azure resources -## How do custom security attributes compare with directory extensions? +## How do custom security attributes compare with extensions? -Here are some ways that custom security attributes compare with [directory extensions](../develop/active-directory-schema-extensions.md): +While both extensions and custom security attributes can be used to extend objects in Azure AD and Microsoft 365, they are suitable for fundamentally different custom data scenarios. Here are some ways that custom security attributes compare with [extensions](/graph/extensibility-overview): -- Directory extensions cannot be used for authorization scenarios and attributes because the access control for the extension attributes is tied to the Azure AD object. Custom security attributes can be used for authorization and attributes needing access control because the custom security attributes can be managed and protected through separate permissions.-- Directory extensions are tied to an application and share the lifecycle of an application. Custom security attributes are tenant wide and not tied to an application.-- Directory extensions support assigning a single value to an attribute. Custom security attributes support assigning multiple values to an attribute.+| Capability | Extensions | Custom security attributes | +|--|--|--| +| Extend Azure AD and Microsoft 365 objects | Yes | Yes | +| Supported objects | Depends on the extension type | Users and service principals | +| Restricted access | No. Anyone with permissions to read the object can read the extension data. | Yes. Read and write access is restricted through a separate set of permissions and RBAC. | +| When to use | Store data to be used by an application <br/> Store non-sensitive data | Store sensitive data <br/> Use for authorization scenarios | +| License requirements | Available in all editions of Azure AD | Requires an Azure AD Premium P1 or P2 license | ++For more information about working with extensions, see [Add custom data to resources using extensions](/graph/extensibility-overview). ## Steps to use custom security attributes |
| active-directory | Whats New Archive | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/fundamentals/whats-new-archive.md | -The primary [What's new in Azure Active Directory? release notes](whats-new.md) article contains updates for the last six months, while this article contains all the older information. +The primary [What's new in Azure Active Directory? release notes](whats-new.md) article contains updates for the last six months, while this article contains Information up to 18 months. The What's new in Azure Active Directory? release notes provide information about: For listing your application in the Azure AD app gallery, read the details here -### ADAL End of Support Announcement +### Microsoft Authentication Library End of Support Announcement **Type:** N/A **Service category:** Other **Product capability:** Developer Experience -As part of our ongoing initiative to improve the developer experience, service reliability, and security of customer applications, we'll end support for the Azure Active Directory Authentication Library (ADAL). The final deadline to migrate your applications to Azure Active Directory Authentication Library (MSAL) has been extended to **June 30, 2023**. +As part of our ongoing initiative to improve the developer experience, service reliability, and security of customer applications, we end support for the Microsoft Authentication Library (Microsoft Authentication Library). The final deadline to migrate your applications to Microsoft Authentication Library (MSAL) has been extended to **June 30, 2023**. ### Why are we doing this? -As we consolidate and evolve the Microsoft Identity platform, we're also investing in making significant improvements to the developer experience and service features that make it possible to build secure, robust and resilient applications. To make these features available to our customers, we needed to update the architecture of our software development kits. As a result of this change, weΓÇÖve decided that the path forward requires us to sunset Azure Active Directory Authentication Library. This allows us to focus on developer experience investments with Azure Active Directory Authentication Library. +As we consolidate and evolve the Microsoft Identity platform, we're also investing in making significant improvements to the developer experience and service features that make it possible to build secure, robust and resilient applications. To make these features available to our customers, we needed to update the architecture of our software development kits. As a result of this change, weΓÇÖve decided that the path forward requires us to sunset Microsoft Authentication Library. This allows us to focus on developer experience investments with Microsoft Authentication Library. ### What happens? We recognize that changing libraries isn't an easy task, and can't be accomplished quickly. We're committed to helping customers plan their migrations to Microsoft Authentication Library and execute them with minimal disruption. -- In June 2020, we [announced the 2-year end of support timeline for ADAL](https://devblogs.microsoft.com/microsoft365dev/end-of-support-timelines-for-azure-ad-authentication-library-adal-and-azure-ad-graph/). -- In December 2022, weΓÇÖve decided to extend the Azure Active Directory Authentication Library end of support to June 2023. +- In June 2020, we [announced the 2-year end of support timeline for Microsoft Authentication Library](https://devblogs.microsoft.com/microsoft365dev/end-of-support-timelines-for-azure-ad-authentication-library-adal-and-azure-ad-graph/). +- In December 2022, weΓÇÖve decided to extend the Microsoft Authentication Library end of support to June 2023. - Through the next six months (January 2023 ΓÇô June 2023) we continue informing customers about the upcoming end of support along with providing guidance on migration. -- On June 2023 we'll officially sunset Azure Active Directory Authentication Library, removing library documentation and archiving all GitHub repositories related to the project. +- On June 2023 we'll officially sunset Microsoft Authentication Library, removing library documentation and archiving all GitHub repositories related to the project. -### How to find out which applications in my tenant are using Azure Active Directory Authentication Library? +### How to find out which applications in my tenant are using Microsoft Authentication Library? -Refer to our post on [Microsoft Q&A](/answers/questions/360928/information-how-to-find-apps-using-adal-in-your-te.html) for details on identifying Azure Active Directory Authentication Library apps with the help of [Azure Workbooks](../../azure-monitor/visualize/workbooks-overview.md). -### If IΓÇÖm using Azure Active Directory Authentication Library, what can I expect after the deadline? +Refer to our post on [Microsoft Q&A](/answers/questions/360928/information-how-to-find-apps-using-adal-in-your-te.html) for details on identifying Microsoft Authentication Library apps with the help of [Azure Workbooks](../../azure-monitor/visualize/workbooks-overview.md). +### If IΓÇÖm using Microsoft Authentication Library, what can I expect after the deadline? - There will be no new releases (security or otherwise) to the library after June 2023. -- We won't accept any incident reports or support requests for Azure Active Directory Authentication Library. Azure Active Directory Authentication Library to Microsoft Authentication Library migration support would continue. -- The underpinning services continue working and applications that depend on Azure Active Directory Authentication Library should continue working. Applications, and the resources they access, are at increased security and reliability risk due to not having the latest updates, service configuration, and enhancements made available through the Microsoft Identity platform. +- We won't accept any incident reports or support requests for Microsoft Authentication Library. Microsoft Authentication Library to Microsoft Authentication Library migration support would continue. +- The underpinning services continue working and applications that depend on Microsoft Authentication Library should continue working. Applications, and the resources they access, are at increased security and reliability risk due to not having the latest updates, service configuration, and enhancements made available through the Microsoft Identity platform. ### What features can I only access with Microsoft Authentication Library? And more. For an up-to-date list, refer to our [migration guide](../develop/msal To make the migration process easier, we published a [comprehensive guide](../develop/msal-migration.md#how-to-migrate-to-msal) that documents the migration paths across different platforms and programming languages. -In addition to the Azure Active Directory Authentication Library to Microsoft Authentication Library update, we recommend migrating from Azure AD Graph API to Microsoft Graph. This change enables you to take advantage of the latest additions and enhancements, such as CAE, across the Microsoft service offering through a single, unified endpoint. You can read more in our [Migrate your apps from Azure AD Graph to Microsoft Graph](/graph/migrate-azure-ad-graph-overview) guide. You can post any questions to [Microsoft Q&A](/answers/topics/azure-active-directory.html) or [Stack Overflow](https://stackoverflow.com/questions/tagged/msal). +In addition to the Microsoft Authentication Library to Microsoft Authentication Library update, we recommend migrating from Azure AD Graph API to Microsoft Graph. This change enables you to take advantage of the latest additions and enhancements, such as CAE, across the Microsoft service offering through a single, unified endpoint. You can read more in our [Migrate your apps from Azure AD Graph to Microsoft Graph](/graph/migrate-azure-ad-graph-overview) guide. You can post any questions to [Microsoft Q&A](/answers/topics/azure-active-directory.html) or [Stack Overflow](https://stackoverflow.com/questions/tagged/msal). Admins can now pause, and resume, the processing of individual dynamic groups in **Service category:** Authentications (Logins) **Product capability:** User Authentication -Update the Azure AD and Microsoft 365 sign-in experience with new company branding capabilities. You can apply your companyΓÇÖs brand guidance to authentication experiences with pre-defined templates. For more information, see: [Configure your company branding](../fundamentals/customize-branding.md). +Update the Azure AD and Microsoft 365 sign-in experience with new company branding capabilities. You can apply your companyΓÇÖs brand guidance to authentication experiences with predefined templates. For more information, see: [Configure your company branding](../fundamentals/customize-branding.md). This functionality greatly enhances recoverability and resilience when using Adm **Product capability:** Platform With the growing adoption and support of IPv6 across enterprise networks, service providers, and devices, many customers are wondering if their users can continue to access their services and applications from IPv6 clients and networks. Today, weΓÇÖre excited to announce our plan to bring IPv6 support to Microsoft Azure Active Directory (Azure AD). This allows customers to reach the Azure AD services over both IPv4 and IPv6 network protocols (dual stack).-For most customers, IPv4 won't completely disappear from their digital landscape, so we aren't planning to require IPv6 or to de-prioritize IPv4 in any Azure Active Directory features or services. +For most customers, IPv4 won't completely disappear from their digital landscape, so we aren't planning to require IPv6 or to deprioritize IPv4 in any Azure Active Directory features or services. We'll begin introducing IPv6 support into Azure AD services in a phased approach, beginning March 31, 2023. We have guidance that is specifically for Azure AD customers who use IPv6 addresses and also use Named Locations in their Conditional Access policies. Azure Service Health supports service outage notifications to Tenant Admins for End users can now enable passwordless phone sign-in for multiple accounts in the Authenticator App on any supported iOS device. Consultants, students, and others with multiple accounts in Azure AD can add each account to Microsoft Authenticator and use passwordless phone sign-in for all of them from the same iOS device. The Azure AD accounts can be in either the same, or different, tenants. Guest accounts aren't supported for multiple account sign-ins from one device. -Note that end users are encouraged to enable the optional telemetry setting in the Authenticator App, if not done so already. For more information, see: [Enable passwordless sign-in with Microsoft Authenticator](../authentication/howto-authentication-passwordless-phone.md) +End users are encouraged to enable the optional telemetry setting in the Authenticator App, if not done so already. For more information, see: [Enable passwordless sign-in with Microsoft Authenticator](../authentication/howto-authentication-passwordless-phone.md) A new Azure AD Connect release fixes several bugs and includes new functionality -Cross-tenant access settings enable you to control how users in your organization collaborate with members of external Azure AD organizations. Now youΓÇÖll have granular inbound and outbound access control settings that work on a per org, user, group, and application basis. These settings also make it possible for you to trust security claims from external Azure AD organizations like multi-factor authentication (MFA), device compliance, and hybrid Azure AD joined devices. For more information, see: [Cross-tenant access with Azure AD External Identities](../external-identities/cross-tenant-access-overview.md). +Cross-tenant access settings enable you to control how users in your organization collaborate with members of external Azure AD organizations. Now you have granular inbound and outbound access control settings that work on a per org, user, group, and application basis. These settings also make it possible for you to trust security claims from external Azure AD organizations like multi-factor authentication (MFA), device compliance, and hybrid Azure AD joined devices. For more information, see: [Cross-tenant access with Azure AD External Identities](../external-identities/cross-tenant-access-overview.md). Cross-tenant access settings enable you to control how users in your organizatio **Product capability:** Outbound to SaaS Applications -Accidental deletion of users in your apps or in your on-premises directory could be disastrous. WeΓÇÖre excited to announce the general availability of the accidental deletions prevention capability. When a provisioning job would cause a spike in deletions, it will first pause and provide you visibility into the potential deletions. You can then accept or reject the deletions and have time to update the jobΓÇÖs scope if necessary. For more information, see [Understand how expression builder in Application Provisioning works](../app-provisioning/expression-builder.md). +Accidental deletion of users in your apps or in your on-premises directory could be disastrous. WeΓÇÖre excited to announce the general availability of the accidental deletions prevention capability. When a provisioning job would cause a spike in deletions, it will first pause and provide you with visibility into the potential deletions. You can then accept or reject the deletions and have time to update the jobΓÇÖs scope if necessary. For more information, see [Understand how expression builder in Application Provisioning works](../app-provisioning/expression-builder.md). For more information on how to use this feature, see: [Dynamic membership rule f **Product capability:** Platform -Azure Service Health will soon support service outage notifications to Tenant Admins for Azure Active Directory issues soon. These outages will also appear on the Azure portal overview page with appropriate links to Azure Service Health. Outage events will be able to be seen by built-in Tenant Administrator Roles. We'll continue to send outage notifications to subscriptions within a tenant for transition. More information will be available when this capability is released. The expected release is for June 2022. +Azure Service Health will soon support service outage notifications to Tenant Admins for Azure Active Directory issues soon. These outages will also appear on the Azure portal overview page with appropriate links to Azure Service Health. Outage events are able to be seen by built-in Tenant Administrator Roles. We continue to send outage notifications to subscriptions within a tenant for transition. More information is available when this capability is released. The expected release is for June 2022. Identity Protection now integrates a signal from Microsoft Defender for Endpoint -This update extends the Azure AD entitlement management access package policy to allow a third approval stage. This will be able to be configured via the Azure portal or Microsoft Graph. For more information, see: [Change approval and requestor information settings for an access package in Azure AD entitlement management](../governance/entitlement-management-access-package-approval-policy.md). +This update extends the Azure AD entitlement management access package policy to allow a third approval stage. This is able to be configured via the Azure portal or Microsoft Graph. For more information, see: [Change approval and requestor information settings for an access package in Azure AD entitlement management](../governance/entitlement-management-access-package-approval-policy.md). For more information about how to better secure your organization by using autom -We announced in April 2020 General Availability of our new combined registration experience, enabling users to register security information for multi-factor authentication and self-service password reset at the same time, which was available for existing customers to opt in. We're happy to announce the combined security information registration experience will be enabled to all non-enabled customers after September 30, 2022. This change doesn't impact tenants created after August 15, 2020, or tenants located in the China region. For more information, see: [Combined security information registration for Azure Active Directory overview](../authentication/concept-registration-mfa-sspr-combined.md). +We announced in April 2020 General Availability of our new combined registration experience, enabling users to register security information for multi-factor authentication and self-service password reset at the same time, which was available for existing customers to opt in. We're happy to announce the combined security information registration experience will be enabled to all nonenabled customers after September 30, 2022. This change doesn't impact tenants created after August 15, 2020, or tenants located in the China region. For more information, see: [Combined security information registration for Azure Active Directory overview](../authentication/concept-registration-mfa-sspr-combined.md). Azure AD Recommendations is now in public preview. This feature provides persona **Product capability:** Access Control -Administrative units now support dynamic membership rules for user and device members. Instead of manually assigning users and devices to administrative units, tenant admins can set up a query for the administrative unit. The membership will be automatically maintained by Azure AD. For more information, see:[Administrative units in Azure Active Directory](../roles/administrative-units.md). +Administrative units now support dynamic membership rules for user and device members. Instead of manually assigning users and devices to administrative units, tenant admins can set up a query for the administrative unit. The membership is automatically maintained by Azure AD. For more information, see:[Administrative units in Azure Active Directory](../roles/administrative-units.md). Azure AD Identity Protection is extending its core capabilities of detecting, in -Cross-tenant access settings enable you to control how users in your organization collaborate with members of external Azure AD organizations. Now youΓÇÖll have granular inbound and outbound access control settings that work on a per org, user, group, and application basis. These settings also make it possible for you to trust security claims from external Azure AD organizations like multi-factor authentication (MFA), device compliance, and hybrid Azure AD joined devices. [Learn more](../external-identities/cross-tenant-access-overview.md) +Cross-tenant access settings enable you to control how users in your organization collaborate with members of external Azure AD organizations. Now you have granular inbound and outbound access control settings that work on a per org, user, group, and application basis. These settings also make it possible for you to trust security claims from external Azure AD organizations like multi-factor authentication (MFA), device compliance, and hybrid Azure AD joined devices. [Learn more](../external-identities/cross-tenant-access-overview.md) For more information about how to better secure your organization by using autom **Product capability:** Privileged Identity Management -We've improved the Privileged Identity management (PIM) time to role activation for SharePoint Online. Now, when activating a role in PIM for SharePoint Online, you should be able to use your permissions right away in SharePoint Online. This change will roll out in stages, so you might not yet see these improvements in your organization. [Learn more](../privileged-identity-management/pim-how-to-activate-role.md) +We've improved the Privileged Identity management (PIM) time to role activation for SharePoint Online. Now, when activating a role in PIM for SharePoint Online, you should be able to use your permissions right away in SharePoint Online. This change rolls out in stages, so you might not yet see these improvements in your organization. [Learn more](../privileged-identity-management/pim-how-to-activate-role.md) ---## January 2022 --### Public preview - Custom security attributes --**Type:** New feature -**Service category:** Directory Management -**Product capability:** Directory - -Enables you to define business-specific attributes that you can assign to Azure AD objects. These attributes can be used to store information, categorize objects, or enforce fine-grained access control. Custom security attributes can be used with Azure attribute-based access control. [Learn more](custom-security-attributes-overview.md). - ---### Public preview - Filter groups in tokens using a substring match --**Type:** New feature -**Service category:** Enterprise Apps -**Product capability:** SSO - -In the past, Azure AD only permitted groups to be filtered based on whether they were assigned to an application. Now, you can also use Azure AD to filter the groups included in the token. You can filter with the substring match on the display name or onPremisesSAMAccountName attributes of the group object on the token. Only groups that the user is a member of will be included in the token. This token will be recognized whether it's on the ObjectID or the on premises SAMAccountName or security identifier (SID). This feature can be used together with the setting to include only groups assigned to the application if desired to further filter the list.[Learn more](../hybrid/how-to-connect-fed-group-claims.md) ----### General availability - Continuous Access Evaluation --**Type:** New feature -**Service category:** Other -**Product capability:** Access Control - -With Continuous access evaluation (CAE), critical security events and policies are evaluated in real time. This includes account disable, password reset, and location change. [Learn more](../conditional-access/concept-continuous-access-evaluation.md). - ---### General Availability - User management enhancements are now available --**Type:** New feature -**Service category:** User Management -**Product capability:** User Management - -The Azure portal has been updated to make it easier to find users in the All users and Deleted users pages. Changes in the preview include: --- More visible user properties including object ID, directory sync status, creation type, and identity issuer.-- **Search now** allows substring search and combined search of names, emails, and object IDs.-- Enhanced filtering by user type (member, guest, and none), directory sync status, creation type, company name, and domain name.-- New sorting capabilities on properties like name, user principal name, creation time, and deletion date.-- A new total users count that updates with any searches or filters.--For more information, go to [User management enhancements (preview) in Azure Active Directory](../enterprise-users/users-search-enhanced.md). ----### General Availability - My Apps customization of default Apps view --**Type:** New feature -**Service category:** My Apps -**Product capability:** End User Experiences --Customization of the default My Apps view in now in general availability. For more information on My Apps, you can go to [Sign in and start apps from the My Apps portal](https://support.microsoft.com/en-us/account-billing/sign-in-and-start-apps-from-the-my-apps-portal-2f3b1bae-0e5a-4a86-a33e-876fbd2a4510). - ---### General Availability - Audited BitLocker Recovery --**Type:** New feature -**Service category:** Device Access Management -**Product capability:** Device Lifecycle Management - -BitLocker keys are sensitive security items. Audited BitLocker recovery ensures that when BitLocker keys are read, an audit log is generated so that you can trace who accesses this information for given devices. [Learn more](../devices/device-management-azure-portal.md#view-or-copy-bitlocker-keys). ----### General Availability - Download a list of devices --**Type:** New feature -**Service category:** Device Registration and Management -**Product capability:** Device Lifecycle Management --Download a list of your organization's devices to a .csv file for easier reporting and management. [Learn more](../devices/device-management-azure-portal.md#download-devices). - ---### New provisioning connectors in the Azure AD Application Gallery - January 2022 --**Type:** New feature -**Service category:** App Provisioning -**Product capability:** 3rd Party Integration - -You can now automate creating, updating, and deleting user accounts for these newly integrated apps: --- [Autodesk SSO](../saas-apps/autodesk-sso-provisioning-tutorial.md)-- [frankli.io](../saas-apps/frankli-io-provisioning-tutorial.md)-- [Plandisc](../saas-apps/plandisc-provisioning-tutorial.md)-- [Swit](../saas-apps/swit-provisioning-tutorial.md)-- [TerraTrue](../saas-apps/terratrue-provisioning-tutorial.md)-- [TimeClock 365 SAML](../saas-apps/timeclock-365-saml-provisioning-tutorial.md)--For more information about how to better secure your organization by using automated user account provisioning, go to [Automate user provisioning to SaaS applications with Azure AD](../manage-apps/user-provisioning.md). ----### New Federated Apps available in Azure AD Application gallery - January 2022 --**Type:** New feature -**Service category:** Enterprise Apps -**Product capability:** 3rd Party Integration --In January 2022, we've added the following 47 new applications in our App gallery with Federation support: --[Jooto](../saas-apps/jooto-tutorial.md), [Proprli](https://app.proprli.com/), [Pace Scheduler](https://www.pacescheduler.com/accounts/login/), [DRTrack](../saas-apps/drtrack-tutorial.md), [Dining Sidekick](../saas-apps/dining-sidekick-tutorial.md), [Cryotos](https://app.cryotos.com/oauth2/authorization/azure-client), [Emergency Management Systems](https://secure.emsystems.com.au/), [Manifestly Checklists](../saas-apps/manifestly-checklists-tutorial.md), [eLearnPOSH](../saas-apps/elearnposh-tutorial.md), [Scuba Analytics](../saas-apps/scuba-analytics-tutorial.md), [Athena Systems sign-in Platform](../saas-apps/athena-systems-login-platform-tutorial.md), [TimeTrack](../saas-apps/timetrack-tutorial.md), [MiHCM](../saas-apps/mihcm-tutorial.md), [Health Note](https://www.healthnote.com/), [Active Directory SSO for DoubleYou](../saas-apps/active-directory-sso-for-doubleyou-tutorial.md), [Emplifi platform](../saas-apps/emplifi-platform-tutorial.md), [Flexera One](../saas-apps/flexera-one-tutorial.md), [Hypothesis](https://web.hypothes.is/help/authorizing-hypothesis-from-the-azure-ad-app-gallery/), [Recurly](../saas-apps/recurly-tutorial.md), [XpressDox AU Cloud](https://au.xpressdox.com/Authentication/Login.aspx), [Zoom for Intune](https://zoom.us/), [UPWARD AGENT](https://app.upward.jp/login/), [Linux Foundation ID](https://openprofile.dev/), [Asset Planner](../saas-apps/asset-planner-tutorial.md), [Kiho](https://v3.kiho.fi/index/sso), [chezie](https://app.chezie.co/), [Excelity HCM](../saas-apps/excelity-hcm-tutorial.md), [yuccaHR](https://app.yuccahr.com/), [Blue Ocean Brain](../saas-apps/blue-ocean-brain-tutorial.md), [EchoSpan](../saas-apps/echospan-tutorial.md), [Archie](../saas-apps/archie-tutorial.md), [Equifax Workforce Solutions](../saas-apps/equifax-workforce-solutions-tutorial.md), [Palantir Foundry](../saas-apps/palantir-foundry-tutorial.md), [ATP SpotLight and ChronicX](../saas-apps/atp-spotlight-and-chronicx-tutorial.md), [DigiSign](https://app.digisign.org/selfcare/sso), [mConnect](https://mconnect.skooler.com/), [BrightHR](https://login.brighthr.com/), [Mural Identity](../saas-apps/mural-identity-tutorial.md), [CloudClarity](https://portal.cloudclarity.app/dashboard), [Twic](../saas-apps/twic-tutorial.md), [Eduhouse Online](https://app.eduhouse.fi/palvelu/kirjaudu/microsoft), [Bealink](../saas-apps/bealink-tutorial.md), [Time Intelligence Bot](https://teams.microsoft.com/), [SentinelOne](https://sentinelone.com/) --You can also find the documentation of all the applications from: https://aka.ms/AppsTutorial, --For listing your application in the Azure AD app gallery, read the details in: https://aka.ms/AzureADAppRequest ----### Azure Ad access reviews reviewer recommendations now account for non-interactive sign-in information --**Type:** Changed feature -**Service category:** Access Reviews -**Product capability:** Identity Governance --Azure AD access reviews reviewer recommendations now account for non-interactive sign-in information, improving upon original recommendations based on interactive last sign-ins only. Reviewers can now make more accurate decisions based on the last sign-in activity of the users they're reviewing. To learn more about how to create access reviews, go to [Create an access review of groups and applications in Azure AD](../governance/create-access-review.md). - ---### Risk reason for offline Azure AD Threat Intelligence risk detection --**Type:** Changed feature -**Service category:** Identity Protection -**Product capability:** Identity Security & Protection - -The offline Azure AD Threat Intelligence risk detection can now have a risk reason that will help customers with the risk investigation. If a risk reason is available, it will show up as **Additional Info** in the risk details of that risk event. The information can be found in the Risk detections report. It will also be available through the additionalInfo property of the riskDetections API. [Learn more](../identity-protection/howto-identity-protection-investigate-risk.md). - ----## December 2021 --### Tenant enablement of combined security information registration for Azure Active Directory --**Type:** Plan for change -**Service category:** MFA -**Product capability:** Identity Security & Protection - -We previously announced in April 2020, a new combined registration experience enabling users to register authentication methods for SSPR and multi-factor authentication at the same time was generally available for existing customer to opt in. Any Azure AD tenants created after August 2020 automatically have the default experience set to combined registration. Starting in 2022 Microsoft will be enabling the multi-factor authentication and SSPR combined registration experience for existing customers. [Learn more](../authentication/concept-registration-mfa-sspr-combined.md). - ---### Public Preview - Number Matching now available to reduce accidental notification approvals --**Type:** New feature -**Service category:** Microsoft Authenticator App -**Product capability:** User Authentication - -To prevent accidental notification approvals, admins can now require users to enter the number displayed on the sign-in screen when approving a multi-factor authentication notification in the Authenticator app. This feature adds an extra security measure to the Microsoft Authenticator app. [Learn more](../authentication/how-to-mfa-number-match.md). - ---### Pre-authentication error events removed from Azure AD Sign-in Logs --**Type:** Deprecated -**Service category:** Reporting -**Product capability:** Monitoring & Reporting - -We're no longer publishing sign-in logs with the following error codes because these events are pre-authentication events that occur before our service has authenticated a user. Because these events happen before authentication, our service isn't always able to correctly identify the user. If a user continues on to authenticate, the user sign-in will show up in your tenant Sign-in logs. These logs are no longer visible in the Azure portal UX, and querying these error codes in the Graph API will no longer return results. --|Error code | Failure reason| -| | | -|50058| Session information isn't sufficient for single-sign-on.| -|16000| Either multiple user identities are available for the current request or selected account isn't supported for the scenario.| -|500581| Rendering JavaScript. Fetching sessions for single-sign-on on V2 with prompt=none requires JavaScript to verify if any MSA accounts are signed in.| -|81012| The user trying to sign in to Azure AD is different from the user signed into the device.| ------## November 2021 --### Tenant enablement of combined security information registration for Azure Active Directory --**Type:** Plan for change -**Service category:** MFA -**Product capability:** Identity Security & Protection - -We previously announced in April 2020, a new combined registration experience enabling users to register authentication methods for SSPR and multi-factor authentication at the same time was generally available for existing customer to opt in. Any Azure AD tenants created after August 2020 automatically have the default experience set to combined registration. Starting 2022, Microsoft will be enabling the MF). - ---### Windows users will see prompts more often when switching user accounts --**Type:** Fixed -**Service category:** Authentications (Logins) -**Product capability:** User Authentication - -A problematic interaction between Windows and a local Active Directory Federation Services (ADFS) instance can result in users attempting to sign into another account, but be silently signed into their existing account instead, with no warning. For federated IdPs such as ADFS, that support the [prompt=login](/windows-server/identity/ad-fs/operations/ad-fs-prompt-login) pattern, Azure AD will now trigger a fresh sign-in at ADFS when a user is directed to ADFS with a sign-in hint. This ensures that the user is signed into the account they requested, rather than being silently signed into the account they're already signed in with. --For more information, see the [change notice](../develop/reference-breaking-changes.md). - ---### Public preview - Conditional Access Overview Dashboard --**Type:** New feature -**Service category:** Conditional Access -**Product capability:** Monitoring & Reporting - -The new Conditional Access overview dashboard enables all tenants to see insights about the impact of their Conditional Access policies without requiring an Azure Monitor subscription. This built-in dashboard provides tutorials to deploy policies, a summary of the policies in your tenant, a snapshot of your policy coverage, and security recommendations. [Learn more](../conditional-access/overview.md). - ---### Public preview - SSPR writeback is now available for disconnected forests using Azure AD Connect cloud sync --**Type:** New feature -**Service category:** Azure AD Connect Cloud Sync -**Product capability:** Identity Lifecycle Management - -The Public Preview feature for Azure AD Connect Cloud Sync Password writeback provides customers the capability to write back a user's password changes in the cloud to the on-premises directory in real time using the lightweight Azure AD cloud provisioning agent.[Learn more](../authentication/tutorial-enable-cloud-sync-sspr-writeback.md). ----### Public preview - Conditional Access for workload identities --**Type:** New feature -**Service category:** Conditional Access for workload identities -**Product capability:** Identity Security & Protection - -Previously, Conditional Access policies applied only to users when they access apps and services like SharePoint online or the Azure portal. This preview adds support for Conditional Access policies applied to service principals owned by the organization. You can block service principals from accessing resources from outside trusted-named locations or Azure Virtual Networks. [Learn more](../conditional-access/workload-identity.md). ----### Public preview - Extra attributes available as claims --**Type:** Changed feature -**Service category:** Enterprise Apps -**Product capability:** SSO - -Several user attributes have been added to the list of attributes available to map to claims to bring attributes available in claims more in line with what is available on the user object in Microsoft Graph. New attributes include mobilePhone and ProxyAddresses. [Learn more](../develop/reference-claims-mapping-policy-type.md). - ---### Public preview - "Session Lifetime Policies Applied" property in the sign-in logs --**Type:** New feature -**Service category:** Authentications (Logins) -**Product capability:** Identity Security & Protection - -We have recently added other property to the sign-in logs called "Session Lifetime Policies Applied". This property will list all the session lifetime policies that applied to the sign-in for example, Sign-in frequency, Remember multi-factor authentication and Configurable token lifetime. [Learn more](../reports-monitoring/concept-sign-ins.md#authentication-details). - ---### Public preview - Enriched reviews on access packages in entitlement management --**Type:** New feature -**Service category:** User Access Management -**Product capability:** Entitlement Management - -Entitlement Management's enriched review experience allows even more flexibility on access packages reviews. Admins can now choose what happens to access if the reviewers don't respond, provide helper information to reviewers, or decide whether a justification is necessary. [Learn more](../governance/entitlement-management-access-reviews-create.md). - ---### General availability - randomString and redact provisioning functions --**Type:** New feature -**Service category:** Provisioning -**Product capability:** Outbound to SaaS Applications - --The Azure AD Provisioning service now supports two new functions, randomString() and Redact(): -- randomString - generate a string based on the length and characters you would like to include or exclude in your string.-- redact - remove the value of the attribute from the audit and provisioning logs. [Learn more](../app-provisioning/functions-for-customizing-application-data.md#randomstring).----### General availability - Now access review creators can select users and groups to receive notification on completion of reviews --**Type:** New feature -**Service category:** Access Reviews -**Product capability:** Identity Governance - -Now access review creators can select users and groups to receive notification on completion of reviews. [Learn more](../governance/create-access-review.md). - -- -### General availability - Azure AD users can now view and report suspicious sign-ins and manage their accounts within Microsoft Authenticator --**Type:** New feature -**Service category:** Microsoft Authenticator App -**Product capability:** Identity Security & Protection - -This feature allows Azure AD users to manage their work or school accounts within the Microsoft Authenticator app. The management features will allow users to view sign-in history and sign-in activity. Users can also report any suspicious or unfamiliar activity, change their Azure AD account passwords, and update the account's security information. --For more information on how to use this feature visit [View and search your recent sign-in activity from the My Sign-ins page](../user-help/my-account-portal-sign-ins-page.md). ----### General availability - New Microsoft Authenticator app icon --**Type:** New feature -**Service category:** Microsoft Authenticator App -**Product capability:** Identity Security & Protection - -New updates have been made to the Microsoft Authenticator app icon. To learn more about these updates, see the [Microsoft Authenticator app](https://techcommunity.microsoft.com/t5/azure-active-directory-identity/microsoft-authenticator-app-easier-ways-to-add-or-manage/ba-p/2464408) blog post. ----### General availability - Azure AD single sign-on and device-based Conditional Access support in Firefox on Windows 10/11 --**Type:** New feature -**Service category:** Authentications (Logins) -**Product capability:** SSO - -We now support native single sign-on (SSO) support and device-based Conditional Access to Firefox browser on Windows 10 and Windows Server 2019 starting in Firefox version 91. [Learn more](../conditional-access/require-managed-devices.md#prerequisites). - ---### New provisioning connectors in the Azure AD Application Gallery - November 2021 --**Type:** New feature -**Service category:** App Provisioning -**Product capability:** 3rd Party Integration - -You can now automate creating, updating, and deleting user accounts for these newly integrated apps: --- [Appaegis Isolation Access Cloud](../saas-apps/appaegis-isolation-access-cloud-provisioning-tutorial.md)-- [BenQ IAM](../saas-apps/benq-iam-provisioning-tutorial.md)-- [BIC Cloud Design](../saas-apps/bic-cloud-design-provisioning-tutorial.md)-- [Chaos](../saas-apps/chaos-provisioning-tutorial.md)-- [directprint.io](../saas-apps/directprint-io-provisioning-tutorial.md)-- [Documo](../saas-apps/documo-provisioning-tutorial.md)-- [Facebook Work Accounts](../saas-apps/facebook-work-accounts-provisioning-tutorial.md)-- [introDus Pre and Onboarding Platform](../saas-apps/introdus-pre-and-onboarding-platform-provisioning-tutorial.md)-- [Kisi Physical Security](../saas-apps/kisi-physical-security-provisioning-tutorial.md)-- [Klaxoon](../saas-apps/klaxoon-provisioning-tutorial.md)-- [Klaxoon SAML](../saas-apps/klaxoon-saml-provisioning-tutorial.md)-- [MX3 Diagnostics](../saas-apps/mx3-diagnostics-connector-provisioning-tutorial.md)-- [Netpresenter](../saas-apps/netpresenter-provisioning-tutorial.md)-- [Peripass](../saas-apps/peripass-provisioning-tutorial.md)-- [Real Links](../saas-apps/real-links-provisioning-tutorial.md)-- [Sentry](../saas-apps/sentry-provisioning-tutorial.md)-- [Teamgo](../saas-apps/teamgo-provisioning-tutorial.md)-- [Zero](../saas-apps/zero-provisioning-tutorial.md)--For more information about how to better secure your organization by using automated user account provisioning, see [Automate user provisioning to SaaS applications with Azure AD](../manage-apps/user-provisioning.md). - ---### New Federated Apps available in Azure AD Application gallery - November 2021 --**Type:** New feature -**Service category:** Enterprise Apps -**Product capability:** 3rd Party Integration - -In November 2021, we have added following 32 new applications in our App gallery with Federation support: --[Tide - Connector](https://gallery.ctinsuretech-tide.com/), [Virtual Risk Manager - USA](../saas-apps/virtual-risk-manager-usa-tutorial.md), [Xorlia Policy Management](https://app.xoralia.com/), [WorkPatterns](https://app.workpatterns.com/oauth2/login?data_source_type=office_365_account_calendar_workspace_sync&utm_source=azure_sso), [GHAE](../saas-apps/ghae-tutorial.md), [Nodetrax Project](../saas-apps/nodetrax-project-tutorial.md), [Touchstone Benchmarking](https://app.touchstonebenchmarking.com/), [SURFsecureID - Azure AD Multi-Factor Authentication](../saas-apps/surfsecureid-azure-mfa-tutorial.md), [AiDEA](https://truebluecorp.com/en/prodotti/aidea-en/),[R and D Tax Credit --You can also find the documentation of all the applications [here](../saas-apps/tutorial-list.md). --For listing your application in the Azure AD app gallery, read the details [here](../manage-apps/v2-howto-app-gallery-listing.md). ----### Updated "switch organizations" user experience in My Account. --**Type:** Changed feature -**Service category:** My Profile/Account -**Product capability:** End User Experiences - -Updated "switch organizations" user interface in My Account. This visually improves the UI and provides the end-user with clear instructions. Added a manage organizations link to blade per customer feedback. [Learn more](https://support.microsoft.com/account-billing/switch-organizations-in-your-work-or-school-account-portals-c54c32c9-2f62-4fad-8c23-2825ed49d146). - ---## October 2021 - -### Limits on the number of configured API permissions for an application registration will be enforced starting in October 2021 --**Type:** Plan for change -**Service category:** Other -**Product capability:** Developer Experience - -Sometimes, application developers configure their apps to require more permissions than it's possible to grant. To prevent this from happening, a limit on the total number of required permissions that can be configured for an app registration will be enforced. --The total number of required permissions for any single application registration mustn't exceed 400 permissions, across all APIs. The change to enforce this limit will begin rolling out mid-October 2021. Applications exceeding the limit can't increase the number of permissions they're configured for. The existing limit on the number of distinct APIs for which permissions are required remains unchanged and may not exceed 50 APIs. --In the Azure portal, the required permissions are listed under API permissions for the application you wish to configure. Using Microsoft Graph or Microsoft Graph PowerShell, the required permissions are listed in the requiredResourceAccess property of an [application](/graph/api/resources/application) entity. [Learn more](../enterprise-users/directory-service-limits-restrictions.md). - ---### Email one-time passcode on by default change beginning rollout in November 2021 --**Type:** Plan for change -**Service category:** B2B -**Product capability:** B2B/B2C - -Previously, we announced that starting October 31, 2021, Microsoft Azure Active Directory [email one-time passcode](../external-identities/one-time-passcode.md) authentication will become the default method for inviting accounts and tenants for B2B collaboration scenarios. However, because of deployment schedules, we'll begin rolling out on November 1, 2021. Most of the tenants will see the change rolled out in January 2022 to minimize disruptions during the holidays and deployment lock downs. After this change, Microsoft will no longer allow redemption of invitations using Azure Active Directory accounts that are unmanaged. [Learn more](../external-identities/one-time-passcode.md#frequently-asked-questions). - ---### Conditional Access Guest Access Blocking Screen --**Type:** Fixed -**Service category:** Conditional Access -**Product capability:** End User Experiences - -If there's no trust relation between a home and resource tenant, a guest user would have previously been asked to re-register their device, which would break the previous registration. However, the user would end up in a registration loop because only home tenant device registration is supported. In this specific scenario, instead of this loop, we've created a new conditional access blocking page. The page tells the end user that they can't get access to conditional access protected resources as a guest user. [Learn more](../external-identities/b2b-quickstart-add-guest-users-portal.md#prerequisites). - ---### 50105 Errors will now result in a UX error message instead of an error response to the application --**Type:** Fixed -**Service category:** Authentications (Logins) -**Product capability:** Developer Experience - -Azure AD has fixed a bug in an error response that occurs when a user isn't assigned to an app that requires a user assignment. Previously, Azure AD would return error 50105 with the OIDC error code "interaction_required" even during interactive authentication. This would cause well-coded applications to loop indefinitely, as they do interactive authentication and receive an error telling them to do interactive authentication, which they would then do. --The bug has been fixed, so that during non-interactive auth an "interaction_required" error will still be returned. Also, during interactive authentication an error page will be directly displayed to the user. --For greater details, see the change notices for [Azure AD protocols](../develop/reference-breaking-changes.md#error-50105-has-been-fixed-to-not-return-interaction_required-during-interactive-authentication). ----### Public preview - New claims transformation capabilities --**Type:** New feature -**Service category:** Enterprise Apps -**Product capability:** SSO - -The following new capabilities have been added to the claims transformations available for manipulating claims in tokens issued from Azure AD: - -- Join() on NameID. Used to be restricted to joining an email format address with a verified domain. Now Join() can be used on the NameID claim in the same way as any other claim, so NameID transforms can be used to create Windows account style NameIDs or any other string. For now if the result is an email address, the Azure AD will still validate that the domain is one that is verified in the tenant.-- Substring(). A new transformation in the claims configuration UI allows extraction of defined position substrings such as five characters starting at character three - substring(3,5)-- Claims transformations. These transformations can now be performed on Multi-valued attributes, and can emit multi-valued claims. Microsoft Graph can now be used to read/write multi-valued directory schema extension attributes. [Learn more](../develop/active-directory-saml-claims-customization.md).----### Public Preview ΓÇô Flagged Sign-ins --**Type:** New feature -**Service category:** Reporting -**Product capability:** Monitoring & Reporting - -Flagged sign-ins are a feature that will increase the signal to noise ratio for user sign-ins where users need help. The functionality is intended to empower users to raise awareness about sign-in errors they want help with. Also to help admins and help desk workers find the right sign-in events quickly and efficiently. [Learn more](../reports-monitoring/overview-flagged-sign-ins.md). ----### Public preview - Device overview --**Type:** New feature -**Service category:** Device Registration and Management -**Product capability:** Device Lifecycle Management - -The new Device Overview feature provides actionable insights about devices in your tenant. [Learn more](../devices/device-management-azure-portal.md). - ---### Public preview - Azure Active Directory workload identity federation --**Type:** New feature -**Service category:** Enterprise Apps -**Product capability:** Developer Experience - -Azure AD workload identity federation is a new capability that's in public preview. It frees developers from handling application secrets or certificates. This includes secrets in scenarios such as using GitHub Actions and building applications on Kubernetes. Rather than creating an application secret and using that to get tokens for that application, developers can instead use tokens provided by the respective platforms such as GitHub and Kubernetes without having to manage any secrets manually.[Learn more](../develop/workload-identity-federation.md). ----### Public Preview - Updates to Sign-in Diagnostic --**Type:** Changed feature -**Service category:** Reporting -**Product capability:** Monitoring & Reporting - -With this update, the diagnostic covers more scenarios and is made more easily available to admins. --New scenarios covered when using the Sign-in Diagnostic: -- Pass Through Authentication sign-in failures-- Seamless Single-Sign On sign-in failures- -Other changes include: -- Flagged Sign-ins will automatically appear for investigation when using the Sign-in Diagnostic from Diagnose and Solve.-- Sign-in Diagnostic is now available from the Enterprise Apps Diagnose and Solve blade.-- The Sign-in Diagnostic is now available in the Basic Info tab of the Sign-in Log event view for all sign-in events. [Learn more](../reports-monitoring/concept-sign-in-diagnostics-scenarios.md#supported-scenarios).----### General Availability - Privileged Role Administrators can now create Azure AD access reviews on role-assignable groups --**Type:** Fixed -**Service category:** Access Reviews -**Product capability:** Identity Governance - -Privileged Role Administrators can now create Azure AD access reviews on Azure AD role-assignable groups, in addition to Azure AD roles. [Learn more](../governance/deploy-access-reviews.md#who-will-create-and-manage-access-reviews). - ---### General Availability - Azure AD single sign-on and device-based Conditional Access support in Firefox on Windows 10/11 --**Type:** New feature -**Service category:** Authentications (Logins) -**Product capability:** SSO - -We now support native single sign-on (SSO) support and device-based Conditional Access to Firefox browser on Windows 10 and Windows Server 2019 starting in Firefox version 91. [Learn more](../conditional-access/require-managed-devices.md#prerequisites). - ---### General Availability - New app indicator in My Apps --**Type:** New feature -**Service category:** My Apps -**Product capability:** End User Experiences - -Apps that have been recently assigned to the user show up with a "new" indicator. When the app is launched or the page is refreshed, this indicator disappears. [Learn more](/azure/active-directory/user-help/my-apps-portal-end-user-access). - ---### General availability - Custom domain support in Azure AD B2C --**Type:** New feature -**Service category:** B2C - Consumer Identity Management -**Product capability:** B2B/B2C - -Azure AD B2C customers can now enable custom domains so their end-users are redirected to a custom URL domain for authentication. This is done via integration with Azure Front Door's custom domains capability. [Learn more](../../active-directory-b2c/custom-domain.md?pivots=b2c-user-flow). - ---### General availability - Edge Administrator built-in role --**Type:** New feature -**Service category:** RBAC -**Product capability:** Access Control - --Users in this role can create and manage the enterprise site list required for Internet Explorer mode on Microsoft Edge. This role grants permissions to create, edit, and publish the site list and additionally allows access to manage support tickets. [Learn more](/deployedge/edge-ie-mode-cloud-site-list-mgmt) - ---### General availability - Windows 365 Administrator built-in role --**Type:** New feature -**Service category:** RBAC -**Product capability:** Access Control - -Users with this role have global permissions on Windows 365 resources, when the service is present. Additionally, this role contains the ability to manage users and devices to associate a policy, and create and manage groups. [Learn more](../roles/permissions-reference.md) - ---### New Federated Apps available in Azure AD Application gallery - October 2021 --**Type:** New feature -**Service category:** Enterprise Apps -**Product capability:** 3rd Party Integration - -In October 2021 we've added the following 10 new applications in our App gallery with Federation support: --[Adaptive Shield](../saas-apps/adaptive-shield-tutorial.md), [SocialChorus Search](https://socialchorus.com/), [Hiretual-SSO](../saas-apps/hiretual-tutorial.md), [TeamSticker by Communitio](../saas-apps/teamsticker-by-communitio-tutorial.md), [embed signage](../saas-apps/embed-signage-tutorial.md), [JoinedUp](../saas-apps/joinedup-tutorial.md), [VECOS Releezme Locker management system](../saas-apps/vecos-releezme-locker-management-system-tutorial.md), [Altoura](../saas-apps/altoura-tutorial.md), [Dagster Cloud](../saas-apps/dagster-cloud-tutorial.md), [Qualaroo](../saas-apps/qualaroo-tutorial.md) --You can also find the documentation of all the applications here: https://aka.ms/AppsTutorial --For listing your application in the Azure AD app gallery, read the following article: https://aka.ms/AzureADAppRequest ----### Continuous Access Evaluation migration with Conditional Access --**Type:** Changed feature -**Service category:** Conditional Access -**Product capability:** User Authentication - -A new user experience is available for our CAE tenants. Tenants will now access CAE as part of Conditional Access. Any tenants that were previously using CAE for some (but not all) user accounts under the old UX or had previously disabled the old CAE UX will now be required to undergo a one time migration experience.[Learn more](../conditional-access/concept-continuous-access-evaluation.md#migration). - ---### Improved group list blade --**Type:** Changed feature -**Service category:** Group Management -**Product capability:** Directory - -The new group list blade offers more sort and filtering capabilities, infinite scrolling, and better performance. [Learn more](../enterprise-users/groups-members-owners-search.md). - ---### General availability - Google deprecation of Gmail sign-in support on embedded webviews on September 30, 2021 --**Type:** Changed feature -**Service category:** B2B -**Product capability:** B2B/B2C - -Google has deprecated Gmail sign-ins on Microsoft Teams mobile and custom apps that run Gmail authentications on embedded webviews on Sept. 30th, 2021. --If you would like to request an extension, impacted customers with affected OAuth client ID(s) should have received an email from Google Developers with the following information regarding a one-time policy enforcement extension, which must be completed by Jan 31, 2022. --To continue allowing your Gmail users to sign in and redeem, we strongly recommend that you refer toΓÇ»[Embedded vs System Web](../develop/msal-net-web-browsers.md#embedded-vs-system-web-ui) UIΓÇ»in the MSAL.NET documentation and modify your apps to use the system browser for sign-in. All MSAL SDKs use the system web-view by default. --As a workaround, we're deploying the device sign-in flow by October 8. Between today and until then, it's likely that it may not be rolled out to all regions yet (in which case, end-users will be met with an error screen until it gets deployed to your region.) --For more details on the device sign-in flow and details on requesting extension to Google, see [Add Google as an identity provider for B2B guest users](../external-identities/google-federation.md#deprecation-of-web-view-sign-in-support). - ---### Identity Governance Administrator can create and manage Azure AD access reviews of groups and applications --**Type:** Changed feature -**Service category:** Access Reviews -**Product capability:** Identity Governance - -Identity Governance Administrator can create and manage Azure AD access reviews of groups and applications. [Learn more](../governance/deploy-access-reviews.md#who-will-create-and-manage-access-reviews). - ------## September 2021 --### Limits on the number of configured API permissions for an application registration will be enforced starting in October 2021 --**Type:** Plan for change -**Service category:** Other -**Product capability:** Developer Experience - -Occasionally, application developers configure their apps to require more permissions than it's possible to grant. To prevent this from happening, we're enforcing a limit on the total number of required permissions that can be configured for an app registration. --The total number of required permissions for any single application registration must not exceed 400 permissions, across all APIs. The change to enforce this limit will begin rolling out no sooner than mid-October 2021. Applications exceeding the limit can't increase the number of permissions they're configured for. The existing limit on the number of distinct APIs for which permissions are required remains unchanged and can't exceed 50 APIs. --In the Azure portal, the required permissions are listed under Azure Active Directory > Application registrations > (select an application) > API permissions. Using Microsoft Graph or Microsoft Graph PowerShell, the required permissions are listed in the requiredResourceAccess property of an application entity. [Learn more](../enterprise-users/directory-service-limits-restrictions.md). ----### My Apps performance improvements --**Type:** Fixed -**Service category:** My Apps -**Product capability:** End User Experiences - -The load time of My Apps has been improved. Users going to myapps.microsoft.com load My Apps directly, rather than being redirected through another service. [Learn more](../user-help/my-apps-portal-end-user-access.md). ----### Single Page Apps using the `spa` redirect URI type must use a CORS enabled browser for auth --**Type:** Known issue -**Service category:** Authentications (Logins) -**Product capability:** Developer Experience - -The modern Edge browser is now included in the requirement to provide an `Origin` header when redeeming a [single page app authorization code](../develop/v2-oauth2-auth-code-flow.md#redirect-uris-for-single-page-apps-spas). A compatibility fix accidentally exempted the modern Edge browser from CORS controls, and that bug is being fixed during October. A subset of applications depended on CORS being disabled in the browser, which has the side effect of removing the `Origin` header from traffic. This is an unsupported configuration for using Azure AD, and these apps that depended on disabling CORS can no longer use modern Edge as a security workaround. All modern browsers must now include the `Origin` header per HTTP spec, to ensure CORS is enforced. [Learn more](../develop/reference-breaking-changes.md#the-device-code-flow-ux-will-now-include-an-app-confirmation-prompt). ----### General availability - On the My Apps portal, users can choose to view their apps in a list --**Type:** New feature -**Service category:** My Apps -**Product capability:** End User Experiences - -By default, My Apps displays apps in a grid view. Users can now toggle their My Apps view to display apps in a list. [Learn more](../user-help/my-apps-portal-end-user-access.md). - ---### General availability - New and enhanced device-related audit logs --**Type:** New feature -**Service category:** Audit -**Product capability:** Device Lifecycle Management - -Admins can now see various new and improved device-related audit logs. The new audit logs include the create and delete passwordless credentials (Phone sign-in, FIDO2 key, and Windows Hello for Business), register/unregister device and pre-create/delete pre-create device. Additionally, there have been minor improvements to existing device-related audit logs that include adding more device details. [Learn more](../reports-monitoring/concept-audit-logs.md). ----### General availability - Azure AD users can now view and report suspicious sign-ins and manage their accounts within Microsoft Authenticator --**Type:** New feature -**Service category:** Microsoft Authenticator App -**Product capability:** Identity Security & Protection - -This feature allows Azure AD users to manage their work or school accounts within the Microsoft Authenticator app. The management features will allow users to view sign-in history and sign-in activity. They can report any suspicious or unfamiliar activity based on the sign-in history and activity if necessary. Users also can change their Azure AD account passwords and update the account's security information. [Learn more](../user-help/my-account-portal-sign-ins-page.md). - ---### General availability - New MS Graph APIs for role management --**Type:** New feature -**Service category:** RBAC -**Product capability:** Access Control - -New APIs for role management to MS Graph v1.0 endpoint are generally available. Instead of old [directory roles](/graph/api/resources/directoryrole?view=graph-rest-1.0&preserve-view=true), use [unifiedRoleDefinition](/graph/api/resources/unifiedroledefinition?view=graph-rest-1.0&preserve-view=true) and [unifiedRoleAssignment](/graph/api/resources/unifiedroleassignment?view=graph-rest-1.0&preserve-view=true). - ---### General availability - Access Packages can expire after number of hours --**Type:** New feature -**Service category:** User Access Management -**Product capability:** Entitlement Management --It's now possible in entitlement management to configure an access package that will expire in a matter of hours in addition to the previous support for days or specific dates. [Learn more](../governance/entitlement-management-access-package-create.md#lifecycle). - ---### New provisioning connectors in the Azure AD Application Gallery - September 2021 --**Type:** New feature -**Service category:** App Provisioning -**Product capability:** 3rd Party Integration - -You can now automate creating, updating, and deleting user accounts for these newly integrated apps: --- [BLDNG APP](../saas-apps/bldng-app-provisioning-tutorial.md)-- [Cato Networks](../saas-apps/cato-networks-provisioning-tutorial.md)-- [Rouse Sales](../saas-apps/rouse-sales-provisioning-tutorial.md)-- [SchoolStream ASA](../saas-apps/schoolstream-asa-provisioning-tutorial.md)-- [Taskize Connect](../saas-apps/taskize-connect-provisioning-tutorial.md)--For more information about how to better secure your organization by using automated user account provisioning, see [Automate user provisioning to SaaS applications with Azure AD](../manage-apps/user-provisioning.md). - ---### New Federated Apps available in Azure AD Application gallery - September 2021 --**Type:** New feature -**Service category:** Enterprise Apps -**Product capability:** 3rd Party Integration - -In September 2021, we have added following 44 new applications in our App gallery with Federation support --[Studybugs](https://studybugs.com/signin), [Yello](https://yello.co/yello-for-microsoft-teams/), [LawVu](../saas-apps/lawvu-tutorial.md), [Formate eVo Mail](https://www.document-genetics.co.uk/formate-evo-erp-output-management), [Revenue Grid](https://app.revenuegrid.com/login), [Orbit for Office 365](https://azuremarketplace.microsoft.com/marketplace/apps/aad.orbitforoffice365?tab=overview), [Upmarket](https://app.upmarket.ai/), [Alinto Protect](https://protect.alinto.net/), [Cloud Concinnity](https://cloudconcinnity.com/), [Matlantis](https://matlantis.com/), [ModelGen for Visio (MG4V)](https://crecy.com.au/model-gen/), [NetRef: Classroom Management](https://oauth.net-ref.com/microsoft/sso), [VergeSense](../saas-apps/vergesense-tutorial.md), [SafetyCulture](../saas-apps/safety-culture-tutorial.md), [Secutraq](https://secutraq.net/login), [Active and Thriving](../saas-apps/active-and-thriving-tutorial.md), [Inova](https://login.microsoftonline.com/organizations/oauth2/v2.0/authorize?client_id=1bacdba3-7a3b-410b-8753-5cc0b8125f81&response_type=code&redirect_uri=https:%2f%2fbroker.partneringplace.com%2fpartner-companion%2f&code_challenge_method=S256&code_challenge=YZabcdefghijklmanopqrstuvwxyz0123456789._-~&scope=1bacdba3-7a3b-410b-8753-5cc0b8125f81/.default), [TerraTrue](../saas-apps/terratrue-tutorial.md), [Beyond Identity Admin Console](../saas-apps/beyond-identity-admin-console-tutorial.md), [Visult](https://visult.app), [ENGAGE TAG](https://app.engagetag.com/), [Appaegis Isolation Access Cloud](../saas-apps/appaegis-isolation-access-cloud-tutorial.md), [CrowdStrike Falcon Platform](../saas-apps/crowdstrike-falcon-platform-tutorial.md), [MY Emergency Control](https://my-emergency.co.uk/app/auth/login), [AlexisHR](../saas-apps/alexishr-tutorial.md), [Teachme Biz](../saas-apps/teachme-biz-tutorial.md), [Zero Networks](../saas-apps/zero-networks-tutorial.md), [Mavim iMprove](https://improve.mavimcloud.com/), [Azumuta](https://app.azumuta.com/login?microsoft=true), [Frankli](https://beta.frankli.io/login), [Amazon Managed Grafana](../saas-apps/amazon-managed-grafana-tutorial.md), [Productive](../saas-apps/productive-tutorial.md), [Create!Webπâòπâ¡πâ╝](../saas-apps/createweb-tutorial.md), [Evercate](https://evercate.com/), [Ezra Coaching](../saas-apps/ezra-coaching-tutorial.md), [Baldwin Safety and Compliance](../saas-apps/baldwin-safety-&-compliance-tutorial.md), [Nulab Pass (Backlog,Cacoo,Typetalk)](../saas-apps/nulab-pass-tutorial.md), [Metatask](../saas-apps/metatask-tutorial.md), [Contrast Security](../saas-apps/contrast-security-tutorial.md), [Animaker](../saas-apps/animaker-tutorial.md), [Traction Guest](../saas-apps/traction-guest-tutorial.md), [True Office Learning - LIO](../saas-apps/true-office-learning-lio-tutorial.md), [Qiita Team](../saas-apps/qiita-team-tutorial.md) --You can also find the documentation of all the applications here: https://aka.ms/AppsTutorial --For listing your application in the Azure AD app gallery, read the details here: https://aka.ms/AzureADAppRequest ----### Gmail users signing in on Microsoft Teams mobile and desktop clients will sign in with device sign-in flow starting September 30, 2021 --**Type:** Changed feature -**Service category:** B2B -**Product capability:** B2B/B2C - -Starting on September 30 2021, Azure AD B2B guests and Azure AD B2C customers signing in with their self-service signed up or redeemed Gmail accounts will have an extra sign-in step. Users will now be prompted to enter a code in a separate browser window to finish signing in on Microsoft Teams mobile and desktop clients. If you haven't already done so, make sure to modify your apps to use the system browser for sign-in. SeeΓÇ»[Embedded vs System Web UIΓÇ»in the MSAL.NET](../develop/msal-net-web-browsers.md#embedded-vs-system-web-ui) documentation for more information. All MSAL SDKs use the system web-view by default. --As the device sign-in flow will start September 30, 2021, it may not be available in your region immediately. If it's not available yet, your end-users will be met with the error screen shown in the doc until it gets deployed to your region.) For more details on the device sign-in flow and details on requesting extension to Google, see [Add Google as an identity provider for B2B guest users](../external-identities/google-federation.md#deprecation-of-web-view-sign-in-support). - ---### Improved Conditional Access Messaging for Non-compliant Device --**Type:** Changed feature -**Service category:** Conditional Access -**Product capability:** End User Experiences - -The text and design on the Conditional Access blocking screen shown to users when their device is marked as non-compliant has been updated. Users will be blocked until they take the necessary actions to meet their company's device compliance policies. Additionally, we have streamlined the flow for a user to open their device management portal. These improvements apply to all conditional access supported OS platforms. [Learn more](https://support.microsoft.com/account-billing/troubleshooting-the-you-can-t-get-there-from-here-error-message-479a9c42-d9d1-4e44-9e90-24bbad96c251) -----## August 2021 --### New major version of AADConnect available --**Type:** Fixed -**Service category:** AD Connect -**Product capability:** Identity Lifecycle Management - -We've released a new major version of Azure Active Directory Connect. This version contains several updates of foundational components to the latest versions and is recommended for all customers using Azure AD Connect. [Learn more](../hybrid/whatis-azure-ad-connect-v2.md). - ---### Public Preview - Azure AD single sign-on and device-based Conditional Access support in Firefox on Windows 10 --**Type:** New feature -**Service category:** Authentications (Logins) -**Product capability:** SSO - --We now support native single sign-on (SSO) support and device-based Conditional Access to the Firefox browser on Windows 10 and Windows Server 2019. Support is available in Firefox version 91. [Learn more](../conditional-access/require-managed-devices.md#prerequisites). - ---### Public preview - beta MS Graph APIs for Azure AD access reviews returns list of contacted reviewer names --**Type:** New feature -**Service category:** Access Reviews -**Product capability:** Identity Governance - --We've released beta MS Graph API for Azure AD access reviews. The API has methods to return a list of contacted reviewer names in addition to the reviewer type. [Learn more](/graph/api/resources/accessreviewinstance). - ---### General Availability - "Register or join devices" user action in Conditional Access --**Type:** New feature -**Service category:** Conditional Access -**Product capability:** Identity Security & Protection - --The "Register or join devices" user action is generally available in Conditional access. This user action allows you to control multi-factor authentication policies for Azure Active Directory (AD) device registration. Currently, this user action only allows you to enable multi-factor authentication as a control when users register or join devices to Azure AD. Other controls that are dependent on or not applicable to Azure AD device registration continue to be disabled with this user action. [Learn more](../conditional-access/concept-conditional-access-cloud-apps.md#user-actions). ----### General Availability - customers can scope reviews of privileged roles to eligible or permanent assignments --**Type:** New feature -**Service category:** Access Reviews -**Product capability:** Identity Governance - -Administrators can now create access reviews of only permanent or eligible assignments to privileged Azure AD or Azure resource roles. [Learn more](../privileged-identity-management/pim-create-azure-ad-roles-and-resource-roles-review.md). - - --### General availability - assign roles to Azure Active Directory (AD) groups --**Type:** New feature -**Service category:** RBAC -**Product capability:** Access Control - --Assigning roles to Azure AD groups is now generally available. This feature can simplify the management of role assignments in Azure AD for Global Administrators and Privileged Role Administrators. [Learn more](../roles/groups-concept.md). - ---### New Federated Apps available in Azure AD Application gallery - Aug 2021 --**Type:** New feature -**Service category:** Enterprise Apps -**Product capability:** 3rd Party Integration - -In August 2021, we have added following 46 new applications in our App gallery with Federation support: --[Siriux Customer Dashboard](https://portal.siriux.tech/login), [STRUXI](https://struxi.app/), [Autodesk Construction Cloud - Meetings](https://acc.autodesk.com/), [Eccentex AppBase for Azure](../saas-apps/eccentex-appbase-for-azure-tutorial.md), [Bookado](https://adminportal.bookado.io/), [FilingRamp](https://app.filingramp.com/login), [BenQ IAM](../saas-apps/benq-iam-tutorial.md), [Rhombus Systems](../saas-apps/rhombus-systems-tutorial.md), [CorporateExperience](../saas-apps/corporateexperience-tutorial.md), [TutorOcean](../saas-apps/tutorocean-tutorial.md), [Bookado Device](https://adminportal.bookado.io/), [HiFives-AD-SSO](https://app.hifives.in/login/azure), [Darzin](https://au.darzin.com/), [Simply Stakeholders](https://au.simplystakeholders.com/), [KACTUS HCM - Smart People](https://kactusspc.digitalware.co/), [Five9 UC Adapter for Microsoft Teams V2](https://uc.five9.net/?vendor=msteams), [Automation Center](https://automationcenter.cognizantgoc.com/portal/boot/signon), [Cirrus Identity Bridge for Azure AD](../saas-apps/cirrus-identity-bridge-for-azure-ad-tutorial.md), [ShiftWizard SAML](../saas-apps/shiftwizard-saml-tutorial.md), [Safesend Returns](https://www.safesendwebsites.com/), [Brushup](../saas-apps/brushup-tutorial.md), [directprint.io Cloud Print Administration](../saas-apps/directprint-io-cloud-print-administration-tutorial.md), [plain-x](https://app.plain-x.com/#/login),[X-point Cloud](../saas-apps/x-point-cloud-tutorial.md), [SmartHub INFER](../saas-apps/smarthub-infer-tutorial.md), [Fresh Relevance](../saas-apps/fresh-relevance-tutorial.md), [FluentPro G.A. Suite](https://gas.fluentpro.com/Account/SSOLogin?provider=Microsoft), [Clockwork Recruiting](../saas-apps/clockwork-recruiting-tutorial.md), [WalkMe SAML2.0](../saas-apps/walkme-saml-tutorial.md), [Sideways 6](https://app.sideways6.com/account/login?ReturnUrl=/), [Kronos Workforce Dimensions](../saas-apps/kronos-workforce-dimensions-tutorial.md), [SysTrack Cloud Edition](https://cloud.lakesidesoftware.com/Cloud/Account/Login), [mailworx Dynamics CRM Connector](https://www.mailworx.info/), [Palo Alto Networks Cloud Identity Engine - Cloud Authentication Service](../saas-apps/palo-alto-networks-cloud-identity-enginecloud-authentication-service-tutorial.md), [Peripass](https://accounts.peripass.app/v1/sso/challenge), [JobDiva](https://www.jobssos.com/index_azad.jsp?SSO=AZURE&ID=1), [Sanebox For Office365](https://sanebox.com/login), [Tulip](../saas-apps/tulip-tutorial.md), [HP Wolf Security](https://www.hpwolf.com/), [Genesys Engage cloud Email](https://login.microsoftonline.com/common/oauth2/authorize?prompt=consent&accessType=offline&state=07e035a7-6fb0-4411-afd9-efa46c9602f9&resource=https://graph.microsoft.com/&response_type=code&redirect_uri=https://iwd.api01-westus2.dev.genazure.com/iwd/v3/emails/oauth2/microsoft/callback&client_id=36cd21ab-862f-47c8-abb6-79facad09dda), [Meta Wiki](https://meta.dunkel.eu/), [Palo Alto Networks Cloud Identity Engine Directory Sync](https://directory-sync.us.paloaltonetworks.com/directory?instance=L2qoLVONpBHgdJp1M5K9S08Z7NBXlpi54pW1y3DDu2gQqdwKbyUGA11EgeaDfZ1dGwn397S8eP7EwQW3uyE4XL), [Valarea](https://www.valarea.com/en/download), [LanSchool Air](../saas-apps/lanschool-air-tutorial.md), [Catalyst](https://www.catalyst.org/sso-login/), [Webcargo](../saas-apps/webcargo-tutorial.md) --You can also find the documentation of all the applications here: https://aka.ms/AppsTutorial --For listing your application in the Azure AD app gallery, read the details here: https://aka.ms/AzureADAppRequest ----### New provisioning connectors in the Azure AD Application Gallery - August 2021 --**Type:** New feature -**Service category:** App Provisioning -**Product capability:** 3rd Party Integration - -You can now automate creating, updating, and deleting user accounts for these newly integrated apps: --- [Chatwork](../saas-apps/chatwork-provisioning-tutorial.md)-- [Freshservice](../saas-apps/freshservice-provisioning-tutorial.md)-- [InviteDesk](../saas-apps/invitedesk-provisioning-tutorial.md)-- [Maptician](../saas-apps/maptician-provisioning-tutorial.md)--For more information about how to better secure your organization by using automated user account provisioning, see Automate user provisioning to SaaS applications with Azure AD. - ---### Multifactor fraud report ΓÇô new audit event --**Type:** Changed feature -**Service category:** MFA -**Product capability:** Identity Security & Protection - --To help administrators understand that their users are blocked for multi-factor authentication as a result of fraud report, we've added a new audit event. This audit event is tracked when the user reports fraud. The audit log is available in addition to the existing information in the sign-in logs about fraud report. To learn how to get the audit report, see [multi-factor authentication Fraud alert](../authentication/howto-mfa-mfasettings.md#report-suspicious-activity). ----### Improved Low-Risk Detections --**Type:** Changed feature -**Service category:** Identity Protection -**Product capability:** Identity Security & Protection --To improve the quality of low risk alerts that Identity Protection issues, we've modified the algorithm to issue fewer low risk Risky sign-ins. Organizations may see a significant reduction in low risk sign-in in their environment. [Learn more](../identity-protection/concept-identity-protection-risks.md). - ---### Non-interactive risky sign-ins --**Type:** Changed feature -**Service category:** Identity Protection -**Product capability:** Identity Security & Protection - -Identity Protection now emits risky sign-ins on non-interactive sign-ins. Admins can find these risky sign-ins using the **sign-in type** filter in the risky sign-ins report. [Learn more](../identity-protection/howto-identity-protection-investigate-risk.md). - ---### Change from User Administrator to Identity Governance Administrator in Entitlement Management --**Type:** Changed feature -**Service category:** Roles -**Product capability:** Identity Governance - -The permissions assignments to manage access packages and other resources in Entitlement Management are moving from the User Administrator role to the Identity Governance administrator role. --Users that have been assigned the User administrator role can longer create catalogs or manage access packages in a catalog they don't own. If users in your organization have been assigned the User administrator role to configure catalogs, access packages, or policies in entitlement management, they'll need a new assignment. You should instead assign these users the Identity Governance administrator role. [Learn more](../governance/entitlement-management-delegate.md) ----### Microsoft Azure Active Directory connector is deprecated --**Type:** Deprecated -**Service category:** Microsoft Identity Manager -**Product capability:** Identity Lifecycle Management - -The Microsoft Azure Active Directory Connector for FIM is at feature freeze and deprecated. The solution of using FIM and the Azure AD Connector has been replaced. Existing deployments should migrate to [Azure AD Connect](../hybrid/whatis-hybrid-identity.md), Azure AD Connect Sync, or the [Microsoft Graph Connector](/microsoft-identity-manager/microsoft-identity-manager-2016-connector-graph), as the internal interfaces used by the Azure AD Connector for FIM are being removed from Azure AD. [Learn more](/microsoft-identity-manager/microsoft-identity-manager-2016-deprecated-features). ----### Retirement of older Azure AD Connect versions --**Type:** Deprecated -**Service category:** AD Connect -**Product capability:** User Management - -Starting August 31 2022, all V1 versions of Azure AD Connect will be retired. If you haven't already done so, you need to update your server to Azure AD Connect V2.0. You need to make sure you're running a recent version of Azure AD Connect to receive an optimal support experience. --If you run a retired version of Azure AD Connect, it may unexpectedly stop working. You may also not have the latest security fixes, performance improvements, troubleshooting, and diagnostic tools and service enhancements. Also, if you require support we can't provide you with the level of service your organization needs. --See [Azure Active Directory Connect V2.0](../hybrid/whatis-azure-ad-connect-v2.md), what has changed in V2.0 and how this change impacts you. ----### Retirement of support for installing MIM on Windows Server 2008 R2 or SQL Server 2008 R2 --**Type:** Deprecated -**Service category:** Microsoft Identity Manager -**Product capability:** Identity Lifecycle Management - -Deploying MIM Sync, Service, Portal or CM on Windows Server 2008 R2, or using SQL Server 2008 R2 as the underlying database, is deprecated as these platforms are no longer in mainstream support. Installing MIM Sync and other components on Windows Server 2016 or later, and with SQL Server 2016 or later, is recommended. --Deploying MIM for Privileged Access Management with a Windows Server 2012 R2 domain controller in the PRIV forest is deprecated. Use Windows Server 2016 or later Active Directory, with Windows Server 2016 functional level, for your PRIV forest domain. The Windows Server 2012 R2 functional level is still permitted for a CORP forest's domain. [Learn more](/microsoft-identity-manager/microsoft-identity-manager-2016-supported-platforms). ----## July 2021 --### New Google sign-in integration for Azure AD B2C and B2B self-service sign-up and invited external users will stop working starting July 12, 2021 --**Type:** Plan for change -**Service category:** B2B -**Product capability:** B2B/B2C - -Previously we announced that [the exception for Embedded WebViews for Gmail authentication will expire in the second half of 2021](https://www.yammer.com/cepartners/threads/1188371962232832). --On July 7, 2021, we learned from Google that some of these restrictions will apply starting **July 12, 2021**. Azure AD B2B and B2C customers who set up a new Google ID sign-in in their custom or line of business applications to invite external users or enable self-service sign-up will have the restrictions applied immediately. As a result, end-users will be met with an error screen that blocks their Gmail sign-in if the authentication is not moved to a system webview. See the docs linked below for details. --Most apps use system web-view by default, and will not be impacted by this change. This only applies to customers using embedded webviews (the non-default setting.) We advise customers to move their application's authentication to system browsers instead, prior to creating any new Google integrations. To learn how to move to system browsers for Gmail authentications, read the Embedded vs System Web UI section in the [Using web browsers (MSAL.NET)](../develop/msal-net-web-browsers.md#embedded-vs-system-web-ui) documentation. All MSAL SDKs use the system web-view by default. [Learn more](../external-identities/google-federation.md#deprecation-of-web-view-sign-in-support). ----### Google sign-in on embedded web-views expiring September 30, 2021 --**Type:** Plan for change -**Service category:** B2B -**Product capability:** B2B/B2C - --About two months ago we announced that the exception for Embedded WebViews for Gmail authentication will expire in the second half of 2021. --Recently, Google has specified the date to be **September 30, 2021**. --Rolling out globally beginning September 30, 2021, Azure AD B2B guests signing in with their Gmail accounts will now be prompted to enter a code in a separate browser window to finish signing in on Microsoft Teams mobile and desktop clients. This applies to invited guests and guests who signed up using Self-Service Sign-Up. --Azure AD B2C customers who have set up embedded webview Gmail authentications in their custom/line of business apps or have existing Google integrations, will no longer can let their users sign in with Gmail accounts. To mitigate this, make sure to modify your apps to use the system browser for sign-in. For more information, read the Embedded vs System Web UI section in the [Using web browsers (MSAL.NET)](../develop/msal-net-web-browsers.md#embedded-vs-system-web-ui) documentation. All MSAL SDKs use the system web-view by default. --As the device sign-in flow will start rolling out on September 30, 2021, it's likely that it may not be rolled out to your region yet (in which case, your end-users will be met with the error screen shown in the documentation until it gets deployed to your region.) --For details on known impacted scenarios and what experience your users can expect, read [Add Google as an identity provider for B2B guest users](../external-identities/google-federation.md#deprecation-of-web-view-sign-in-support). ----### Bug fixes in My Apps --**Type:** Fixed -**Service category:** My Apps -**Product capability:** End User Experiences - -- Previously, the presence of the banner recommending the use of collections caused content to scroll behind the header. This issue has been resolved. -- Previously, there was another issue when adding apps to a collection, the order of apps in All Apps collection would get randomly reordered. This issue has also been resolved. --For more information on My Apps, read [Sign in and start apps from the My Apps portal](https://support.microsoft.com/account-billing/sign-in-and-start-apps-from-the-my-apps-portal-2f3b1bae-0e5a-4a86-a33e-876fbd2a4510). ----### Public preview - Application authentication method policies --**Type:** New feature -**Service category:** MS Graph -**Product capability:** Developer Experience - -Application authentication method policies in MS Graph which allow IT admins to enforce lifetime on application password secret credential or block the use of secrets altogether. Policies can be enforced for an entire tenant as a default configuration and it can be scoped to specific applications or service principals. [Learn more](/graph/api/resources/policy-overview). - ---### Public preview - Authentication Methods registration campaign to download Microsoft Authenticator --**Type:** New feature -**Service category:** Microsoft Authenticator App -**Product capability:** User Authentication - -The Authenticator registration campaign helps admins to move their organizations to a more secure posture by prompting users to adopt the Microsoft Authenticator app. Prior to this feature, there was no way for an admin to push their users to set up the Authenticator app. --The registration campaign comes with the ability for an admin to scope users and groups by including and excluding them from the registration campaign to ensure a smooth adoption across the organization. [Learn more](../authentication/how-to-mfa-registration-campaign.md) - ---### Public preview - Separation of duties check --**Type:** New feature -**Service category:** User Access Management -**Product capability:** Entitlement Management - -In Azure AD entitlement management, an administrator can define that an access package is incompatible with another access package or with a group. Users who have the incompatible memberships will be then unable to request more access. [Learn more](../governance/entitlement-management-access-package-request-policy.md#prevent-requests-from-users-with-incompatible-access). - ---### Public preview - Identity Protection logs in Log Analytics, Storage Accounts, and Event Hubs --**Type:** New feature -**Service category:** Identity Protection -**Product capability:** Identity Security & Protection - -You can now send the risky users and risk detections logs to Azure Monitor, Storage Accounts, or Log Analytics using the Diagnostic Settings in the Azure AD blade. [Learn more](../identity-protection/howto-export-risk-data.md). - ---### Public preview - Application Proxy API addition for backend SSL certificate validation --**Type:** New feature -**Service category:** App Proxy -**Product capability:** Access Control - -The onPremisesPublishing resource type now includes the property, "isBackendCertificateValidationEnabled" which indicates whether backend SSL certificate validation is enabled for the application. For all new Application Proxy apps, the property will be set to true by default. For all existing apps, the property will be set to false. For more information, read the [onPremisesPublishing resource type](/graph/api/resources/onpremisespublishing?view=graph-rest-beta&preserve-view=true) api. - ---### General availability - Improved Authenticator setup experience for add Azure AD account in Microsoft Authenticator app by directly signing into the app. --**Type:** New feature -**Service category:** Microsoft Authenticator App -**Product capability:** User Authentication - -Users can now use their existing authentication methods to directly sign into the Microsoft Authenticator app to set up their credential. Users don't need to scan a QR Code anymore and can use a Temporary Access Pass (TAP) or Password + SMS (or other authentication method) to configure their account in the Authenticator app. --This improves the user credential provisioning process for the Microsoft Authenticator app and gives the end user a self-service method to provision the app. [Learn more](https://support.microsoft.com/account-billing/add-your-work-or-school-account-to-the-microsoft-authenticator-app-43a73ab5-b4e8-446d-9e54-2a4cb8e4e93c#sign-in-with-your-credentials). - ---### General availability - Set manager as reviewer in Azure AD entitlement management access packages --**Type:** New feature -**Service category:** User Access Management -**Product capability:** Entitlement Management - -Access packages in Azure AD entitlement management now support setting the user's manager as the reviewer for regularly occurring access reviews. [Learn more](../governance/entitlement-management-access-reviews-create.md). ----### General availability - Enable external users to self-service sign up in Azure Active Directory using MSA accounts --**Type:** New feature -**Service category:** B2B -**Product capability:** B2B/B2C - -Users can now enable external users to self-service sign up in Azure Active Directory using Microsoft accounts. [Learn more](../external-identities/microsoft-account.md). - -- -### General availability - External Identities Self-Service Sign-Up with Email One-time Passcode --**Type:** New feature -**Service category:** B2B -**Product capability:** B2B/B2C - --Now users can enable external users to self-service sign up in Azure Active Directory using their email and one-time passcode. [Learn more](../external-identities/one-time-passcode.md). - ---### General availability - Anomalous token --**Type:** New feature -**Service category:** Identity Protection -**Product capability:** Identity Security & Protection - -Anomalous token detection is now available in Identity Protection. This feature can detect that there are abnormal characteristics in the token such as time active and authentication from unfamiliar IP address. [Learn more](../identity-protection/concept-identity-protection-risks.md). - ---### General availability - Register or join devices in Conditional Access --**Type:** New feature -**Service category:** Conditional Access -**Product capability:** Identity Security & Protection - -The Register or join devices user action in Conditional access is now in general availability. This user action allows you to control multifactor authentication (MFA) policies for Azure AD device registration. --Currently, this user action only allows you to enable multifactor authentication as a control when users register or join devices to Azure AD. Other controls that are dependent on or not applicable to Azure AD device registration continue to be disabled with this user action. [Learn more](../conditional-access/concept-conditional-access-cloud-apps.md#user-actions). ----### New provisioning connectors in the Azure AD Application Gallery - July 2021 --**Type:** New feature -**Service category:** App Provisioning -**Product capability:** 3rd Party Integration - -You can now automate creating, updating, and deleting user accounts for these newly integrated apps: --- [Clebex](../saas-apps/clebex-provisioning-tutorial.md)-- [Exium](../saas-apps/exium-provisioning-tutorial.md)-- [SoSafe](../saas-apps/sosafe-provisioning-tutorial.md)-- [Talentech](../saas-apps/talentech-provisioning-tutorial.md)-- [Thrive LXP](../saas-apps/thrive-lxp-provisioning-tutorial.md)-- [Vonage](../saas-apps/vonage-provisioning-tutorial.md)-- [Zip](../saas-apps/zip-provisioning-tutorial.md)-- [TimeClock 365](../saas-apps/timeclock-365-provisioning-tutorial.md)--For more information about how to better secure your organization by using automated user account provisioning, read [Automate user provisioning to SaaS applications with Azure AD](../app-provisioning/user-provisioning.md). ----### Changes to security and Microsoft 365 group settings in Azure portal --**Type:** Changed feature -**Service category:** Group Management -**Product capability:** Directory - --In the past, users could create security groups and Microsoft 365 groups in the Azure portal. Now users will have the ability to create groups across Azure portals, PowerShell, and API. Customers are required to verify and update the new settings have been configured for their organization. [Learn More](../enterprise-users/groups-self-service-management.md#group-settings). - ---### "All Apps" collection has been renamed to "Apps" --**Type:** Changed feature -**Service category:** My Apps -**Product capability:** End User Experiences - -In the My Apps portal, the collection that was called "All Apps" has been renamed to be called "Apps". As the product evolves, "Apps" is a more fitting name for this default collection. [Learn more](../manage-apps/my-apps-deployment-plan.md#plan-the-user-experience). - ---## June 2021 --### Context panes to display risk details in Identity Protection Reports --**Type:** Plan for change -**Service category:** Identity Protection -**Product capability:** Identity Security & Protection - -For the Risky users, Risky sign-ins, and Risk detections reports in Identity Protection, the risk details of a selected entry will be shown in a context pane appearing from the right of the page July 2021. The change only impacts the user interface and won't affect any existing functionalities. To learn more about the functionality of these features, refer to [How To: Investigate risk](../identity-protection/howto-identity-protection-investigate-risk.md). - ---### Public preview - create Azure AD access reviews of Service Principals that are assigned to privileged roles --**Type:** New feature -**Service category:** Access Reviews -**Product capability:** Identity Governance - - You can use Azure AD access reviews to review service principal's access to privileged Azure AD and Azure resource roles. [Learn more](../privileged-identity-management/pim-create-azure-ad-roles-and-resource-roles-review.md#create-access-reviews). - ---### Public preview - group owners in Azure AD can create and manage Azure AD access reviews for their groups --**Type:** New feature -**Service category:** Access Reviews -**Product capability:** Identity Governance - -Now group owners in Azure AD can create and manage Azure AD access reviews on their groups. This ability can be enabled by tenant administrators through Azure AD access review settings and is disabled by default. [Learn more](../governance/create-access-review.md#allow-group-owners-to-create-and-manage-access-reviews-of-their-groups). - ---### Public preview - customers can scope access reviews of privileged roles to just users with eligible or active access --**Type:** New feature -**Service category:** Access Reviews -**Product capability:** Identity Governance - -When admins create access reviews of assignments to privileged roles, they can scope the reviews to only eligibly assigned users or only actively assigned users. [Learn more](../privileged-identity-management/pim-create-azure-ad-roles-and-resource-roles-review.md). - ---### Public preview - Microsoft Graph APIs for Mobility (MDM/MAM) management policies --**Type:** New feature -**Service category:** Other -**Product capability:** Device Lifecycle Management - -Microsoft Graph support for the Mobility (MDM/MAM) configuration in Azure AD is in public preview. Administrators can configure user scope and URLs for MDM applications like Intune using Microsoft Graph v1.0. For more information, see [mobilityManagementPolicy resource type](/graph/api/resources/mobilitymanagementpolicy?view=graph-rest-beta&preserve-view=true) ----### General availability - Custom questions in access package request flow in Azure Active Directory entitlement management --**Type:** New feature -**Service category:** User Access Management -**Product capability:** Entitlement Management - -Azure AD entitlement management now supports the creation of custom questions in the access package request flow. This feature allows you to configure custom questions in the access package policy. These questions are shown to requestors who can input their answers as part of the access request process. These answers will be displayed to approvers, giving them helpful information that empowers them to make better decisions on the access request. [Learn more](../governance/entitlement-management-access-package-create.md). ----### General availability - Multi-geo SharePoint sites as resources in Entitlement Management Access Packages --**Type:** New feature -**Service category:** User Access Management -**Product capability:** Entitlement Management - -Access packages in Entitlement Management now support multi-geo SharePoint sites for customers who use the multi-geo capabilities in SharePoint Online. [Learn more](../governance/entitlement-management-catalog-create.md#add-a-multi-geo-sharepoint-site). - ---### General availability - Knowledge Admin and Knowledge Manager built-in roles --**Type:** New feature -**Service category:** RBAC -**Product capability:** Access Control - -Two new roles, Knowledge Administrator and Knowledge Manager are now in general availability. --- Users in the Knowledge Administrator role have full access to all Organizational knowledge settings in the Microsoft 365 admin center. They can create and manage content, like topics and acronyms. Additionally, these users can create content centers, monitor service health, and create service requests. [Learn more](../roles/permissions-reference.md#knowledge-administrator)-- Users in the Knowledge Manager role can create and manage content and are primarily responsible for the quality and structure of knowledge. They have full rights to topic management actions to confirm a topic, approve edits, or delete a topic. This role can also manage taxonomies as part of the term store management tool and create content centers. [Learn more](../roles/permissions-reference.md#knowledge-manager).----### General availability - Cloud App Security Administrator built-in role --**Type:** New feature -**Service category:** RBAC -**Product capability:** Access Control - - Users with this role have full permissions in Cloud App Security. They can add administrators, add Microsoft Cloud App Security (MCAS) policies and settings, upload logs, and do governance actions. [Learn more](../roles/permissions-reference.md#cloud-app-security-administrator). - ---### General availability - Windows Update Deployment Administrator --**Type:** New feature -**Service category:** RBAC -**Product capability:** Access Control - -- Users in this role can create and manage all aspects of Windows Update deployments through the Windows Update for Business deployment service. The deployment service enables users to define settings for when and how updates are deployed. Also, users can specify which updates are offered to groups of devices in their tenant. It also allows users to monitor the update progress. [Learn more](../roles/permissions-reference.md#windows-update-deployment-administrator). - ---### General availability - multi-camera support for Windows Hello --**Type:** New feature -**Service category:** Authentications (Logins) -**Product capability:** User Authentication - -Now with the Windows 10 21H1 update, Windows Hello supports multiple cameras. The update includes defaults to use the external camera when both built-in and outside cameras are present. [Learn more](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/it-tools-to-support-windows-10-version-21h1/ba-p/2365103). --- -### General availability - Access Reviews MS Graph APIs now in v1.0 --**Type:** New feature -**Service category:** Access Reviews -**Product capability:** Identity Governance - -Azure Active Directory access reviews MS Graph APIs are now in v1.0 support fully configurable access reviews features. [Learn more](/graph/api/resources/accessreviewsv2-overview?view=graph-rest-1.0&preserve-view=true). - ---### New provisioning connectors in the Azure AD Application Gallery - June 2021 --**Type:** New feature -**Service category:** App Provisioning -**Product capability:** 3rd Party Integration - -You can now automate creating, updating, and deleting user accounts for these newly integrated apps: --- [askSpoke](../saas-apps/askspoke-provisioning-tutorial.md)-- [Cloud Academy - SSO](../saas-apps/cloud-academy-sso-provisioning-tutorial.md)-- [CheckProof](../saas-apps/checkproof-provisioning-tutorial.md)-- [GoLinks](../saas-apps/golinks-provisioning-tutorial.md)-- [Holmes Cloud](../saas-apps/holmes-cloud-provisioning-tutorial.md)-- [H5mag](../saas-apps/h5mag-provisioning-tutorial.md)-- [LimbleCMMS](../saas-apps/limblecmms-provisioning-tutorial.md)-- [LogMeIn](../saas-apps/logmein-provisioning-tutorial.md)-- [SECURE DELIVER](../saas-apps/secure-deliver-provisioning-tutorial.md)-- [Sigma Computing](../saas-apps/sigma-computing-provisioning-tutorial.md)-- [Smallstep SSH](../saas-apps/smallstep-ssh-provisioning-tutorial.md)-- [Tribeloo](../saas-apps/tribeloo-provisioning-tutorial.md)-- [Twingate](../saas-apps/twingate-provisioning-tutorial.md)--For more information, see [Automate user provisioning to SaaS applications with Azure AD](../app-provisioning/user-provisioning.md). - ---### New Federated Apps available in Azure AD Application gallery - June 2021 --**Type:** New feature -**Service category:** Enterprise Apps -**Product capability:** 3rd Party Integration - -In June 2021, we have added following 42 new applications in our App gallery with Federation support --[Taksel](https://help.ubuntu.com/community/Tasksel), [IDrive360](../saas-apps/idrive360-tutorial.md), [VIDA](../saas-apps/vida-tutorial.md), [ProProfs Classroom](../saas-apps/proprofs-classroom-tutorial.md), [WAN-Sign](../saas-apps/wan-sign-tutorial.md), [Citrix Cloud SAML SSO](../saas-apps/citrix-cloud-saml-sso-tutorial.md), [Fabric](../saas-apps/fabric-tutorial.md), [DssAD](https://cloudlicensing.deepseedsolutions.com/), [RICOH Creative Collaboration RICC](https://www.ricoh-europe.com/products/software-apps/collaboration-board-software/ricc/), [Styleflow](../saas-apps/styleflow-tutorial.md), [Chaos](https://accounts.chaosgroup.com/corporate_login), [Traced Connector](https://control.traced.app/signup), [Squarespace](https://account.squarespace.com/org/azure), [MX3 Diagnostics Connector](https://www.mx3diagnostics.com/), [Ten Spot](https://tenspot.co/api/v1/sso/azure/login/), [Finvari](../saas-apps/finvari-tutorial.md), [Mobile4ERP](https://play.google.com/store/apps/details?id=com.negevsoft.mobile4erp), [WalkMe US OpenID Connect](https://www.walkme.com/), [Neustar UltraDNS](../saas-apps/neustar-ultradns-tutorial.md), [cloudtamer.io](../saas-apps/cloudtamer-io-tutorial.md), [A Cloud Guru](../saas-apps/a-cloud-guru-tutorial.md), [PetroVue](../saas-apps/petrovue-tutorial.md), [Postman](../saas-apps/postman-tutorial.md), [ReadCube Papers](../saas-apps/readcube-papers-tutorial.md), [Peklostroj](https://app.peklostroj.cz/), [SynCloud](https://www.syncloud.org/apps.html), [Polymerhq.io](https://www.polymerhq.io/), [Bonos](../saas-apps/bonos-tutorial.md), [Astra Schedule](../saas-apps/astra-schedule-tutorial.md), [Draup](../saas-apps/draup-inc-tutorial.md), [Inc](../saas-apps/draup-inc-tutorial.md), [Applied Mental Health](../saas-apps/applied-mental-health-tutorial.md), [iHASCO Training](../saas-apps/ihasco-training-tutorial.md), [Nexsure](../saas-apps/nexsure-tutorial.md), [XEOX](https://login.xeox.com/), [Plandisc](https://create.plandisc.com/account/logon), [foundU](../saas-apps/foundu-tutorial.md), [Standard for Success Accreditation](../saas-apps/standard-for-success-accreditation-tutorial.md), [Penji Teams](https://web.penjiapp.com/), [CheckPoint Infinity Portal](../saas-apps/checkpoint-infinity-portal-tutorial.md), [Teamgo](../saas-apps/teamgo-tutorial.md), [Hopsworks.ai](../saas-apps/hopsworks-ai-tutorial.md), [HoloMeeting 2](https://backend2.holomeeting.io/) --You can also find the documentation of all the applications here: https://aka.ms/AppsTutorial --For listing your application in the Azure AD app gallery, read the details here: https://aka.ms/AzureADAppRequest - ---### Device code flow now includes an app verification prompt --**Type:** Changed feature -**Service category:** Authentications (Logins) -**Product capability:** User Authentication - -The [device code flow](../develop/v2-oauth2-device-code.md) has been updated to include one extra user prompt. While signing in, the user will see a prompt asking them to validate the app they're signing into. The prompt ensures that they aren't subject to a phishing attack. [Learn more](../develop/reference-breaking-changes.md#the-device-code-flow-ux-will-now-include-an-app-confirmation-prompt). - ---### User last sign-in date and time is now available on Azure portal --**Type:** Changed feature -**Service category:** User Management -**Product capability:** User Management - -You can now view your users' last sign-in date and time stamp on the Azure portal. The information is available for each user on the user profile page. This information helps you identify inactive users and effectively manage risky events. [Learn more](./active-directory-users-profile-azure-portal.md?context=%2fazure%2factive-directory%2fenterprise-users%2fcontext%2fugr-context). - ---### MIM BHOLD Suite impact of end of support for Microsoft Silverlight --**Type:** Changed feature -**Service category:** Microsoft Identity Manager -**Product capability:** Identity Governance - -Microsoft Silverlight will reach its end of support on October 12, 2021. This change only impacts customers using the Microsoft BHOLD Suite, and doesn't impact other Microsoft Identity Manager scenarios. For more information, see [Silverlight End of Support](https://support.microsoft.com/windows/silverlight-end-of-support-0a3be3c7-bead-e203-2dfd-74f0a64f1788). --Users who haven't installed Microsoft Silverlight in their browser can't use the BHOLD Suite modules, which require Silverlight. This includes the BHOLD Model Generator, BHOLD FIM Self-service integration, and BHOLD Analytics. Customers with an existing BHOLD deployment of one or more of those modules should plan to uninstall those modules from their BHOLD server computers by October 2021. Also, they should plan to uninstall Silverlight from any user computers that were previously interacting with that BHOLD deployment. - ---### My* experiences: End of support for Internet Explorer 11 --**Type:** Deprecated -**Service category:** My Apps -**Product capability:** End User Experiences - --Microsoft 365 and other apps are ending support for Internet Explorer 11 on August 21, 2021, and this includes the My* experiences. The My*s accessed via Internet Explorer won't receive bug fixes or any updates, which may lead to issues. These dates are being driven by the Edge team and may be subject to change. [Learn more](https://blogs.windows.com/windowsexperience/2021/05/19/the-future-of-internet-explorer-on-windows-10-is-in-microsoft-edge/). - ---### Planned deprecation - Malware linked IP address detection in Identity Protection --**Type:** Deprecated -**Service category:** Identity Protection -**Product capability:** Identity Security & Protection - -Starting October 1, 2021, Azure AD Identity Protection will no longer generate the "Malware linked IP address" detection. No action is required and customers will remain protected by the other detections provided by Identity Protection. To learn more about protection policies, refer to [Identity Protection policies](../identity-protection/concept-identity-protection-policies.md). - ---## May 2021 --### Public preview - Azure AD verifiable credentials --**Type:** New feature -**Service category:** Other -**Product capability:** User Authentication - -Azure AD customers can now easily design and issue verifiable credentials. Verifiable credentials can be used to represent proof of employment, education, or any other claim while respecting privacy. Digitally validate any piece of information about anyone and any business. [Learn more](../verifiable-credentials/index.yml). ----### Public preview - Device code flow now includes an app verification prompt --**Type:** New feature -**Service category:** User Authentication -**Product capability:** Authentications (Logins) - -As a security improvement, the [device code flow](../develop/v2-oauth2-device-code.md) has been updated to include another prompt, which validates that the user is signing into the app they expect. The rollout is planned to start in June and expected to be complete by June 30. --To help prevent phishing attacks where an attacker tricks the user into signing into a malicious application, the following prompt is being added: "Are you trying to sign in to [application display name]?". All users will see this prompt while signing in using the device code flow. As a security measure, it can't be removed or bypassed. [Learn more](../develop/reference-breaking-changes.md#the-device-code-flow-ux-will-now-include-an-app-confirmation-prompt). ----### Public preview - build and test expressions for user provisioning --**Type:** New feature -**Service category:** App Provisioning -**Product capability:** Identity Lifecycle Management - -The expression builder allows you to create and test expressions, without having to wait for the full sync cycle. [Learn more](../app-provisioning/functions-for-customizing-application-data.md). ----### Public preview - enhanced audit logs for Conditional Access policy changes --**Type:** New feature -**Service category:** Conditional Access -**Product capability:** Identity Security & Protection - -An important aspect of managing Conditional Access is understanding changes to your policies over time. Policy changes may cause disruptions for your end users, so maintaining a log of changes and enabling admins to revert to previous policy versions is critical. --and showing who made a policy change and when, the audit logs will now also contain a modified properties value. This change gives admins greater visibility into what assignments, conditions, or controls changed. If you want to revert to a previous version of a policy, you can copy the JSON representation of the old version and use the Conditional Access APIs to change the policy to its previous state. [Learn more](../conditional-access/concept-conditional-access-policies.md). ----### Public preview - Sign-in logs include authentication methods used during sign-in --**Type:** New feature -**Service category:** MFA -**Product capability:** Monitoring & Reporting - --Admins can now see the sequential steps users took to sign-in, including which authentication methods were used during sign-in. --To access these details, go to the Azure AD sign-in logs, select a sign-in, and then navigate to the Authentication Method Details tab. Here we have included information such as which method was used, details about the method (for example, phone number, phone name), authentication requirement satisfied, and result details. [Learn more](../reports-monitoring/concept-sign-ins.md). ----### Public preview - PIM adds support for ABAC conditions in Azure Storage roles --**Type:** New feature -**Service category:** Privileged Identity Management -**Product capability:** Privileged Identity Management - -Along with the public preview of attributed-based access control (ABAC) for specific Azure roles, you can also add ABAC conditions inside Privileged Identity Management for your eligible assignments. [Learn more](../../role-based-access-control/conditions-overview.md#conditions-and-azure-ad-pim). ----### General availability - Conditional Access and Identity Protection Reports in B2C --**Type:** New feature -**Service category:** B2C - Consumer Identity Management -**Product capability:** B2B/B2C --B2C now supports Conditional Access and Identity Protection for business-to-consumer (B2C) apps and users. This enables customers to protect their users with granular risk- and location-based access controls. With these features, customers can now look at the signals and create a policy to provide more security and access to your customers. [Learn more](../../active-directory-b2c/conditional-access-identity-protection-overview.md). ----### General availability - KMSI and Password reset now in next generation of user flows --**Type:** New feature -**Service category:** B2C - Consumer Identity Management -**Product capability:** B2B/B2C --The next generation of B2C user flows now supports [keep me signed in (KMSI)](../../active-directory-b2c/session-behavior.md?pivots=b2c-custom-policy#enable-keep-me-signed-in-kmsi) and password reset. The KMSI functionality allows customers to extend the session lifetime for the users of their web and native applications by using a persistent cookie. This feature keeps the session active even when the user closes and reopens the browser. The session is revoked when the user signs out. Password reset allows users to reset their password from the "Forgot your password -' link. This also allows the admin to force reset the user's expired password in the Azure AD B2C directory. [Learn more](../../active-directory-b2c/add-password-reset-policy.md?pivots=b2c-user-flow). - ---### General availability - New Log Analytics workbook Application role assignment activity --**Type:** New feature -**Service category:** User Access Management -**Product capability:** Entitlement Management - -A new workbook has been added for surfacing audit events for application role assignment changes. [Learn more](../governance/entitlement-management-logs-and-reporting.md). ----### General availability - Next generation Azure AD B2C user flows --**Type:** New feature -**Service category:** B2C - Consumer Identity Management -**Product capability:** B2B/B2C - -The new simplified user flow experience offers feature parity with preview features and is the home for all new features. Users can enable new features within the same user flow, reducing the need to create multiple versions with every new feature release. The new, user-friendly UX also simplifies the selection and creation of user flows. Refer to [Create user flows in Azure AD B2C](../../active-directory-b2c/tutorial-create-user-flows.md?pivots=b2c-user-flow) for guidance on using this feature. [Learn more](../../active-directory-b2c/user-flow-versions.md). ----### General availability - Azure Active Directory threat intelligence for sign-in risk --**Type:** New feature -**Service category:** Identity Protection -**Product capability:** Identity Security & Protection - -This new detection serves as an ad-hoc method to allow our security teams to notify you and protect your users by raising their session risk to a High risk when we observe an attack happening. The detection will also mark the associated sign-ins as risky. This detection follows the existing Azure Active Directory threat intelligence for user risk detection to provide complete coverage of the various attacks observed by Microsoft security teams. [Learn more](../identity-protection/concept-identity-protection-risks.md). - ---### General availability - Conditional Access named locations improvements --**Type:** New feature -**Service category:** Conditional Access -**Product capability:** Identity Security & Protection - -IPv6 support in named locations is now generally available. Updates include: --- Added the capability to define IPv6 address ranges-- Increased limit of named locations from 90 to 195-- Increased limit of IP ranges per named location from 1200 to 2000-- Added capabilities to search and sort named locations and filter by location type and trust type-- Added named locations a sign-in belonged to in the sign-in logs- -Additionally, to prevent admins from defining problematically named locations, extra checks have been added to reduce the chance of misconfiguration. [Learn more](../conditional-access/location-condition.md). ----### General availability - Restricted guest access permissions in Azure AD --**Type:** New feature -**Service category:** User Management -**Product capability:** Directory - -Directory level permissions for guest users have been updated. These permissions allow administrators to require extra restrictions and controls on external guest user access. --Admins can now add more restrictions for external guests' access to user and groups' profile and membership information. Also, customers can manage external user access at scale by hiding group memberships, including restricting guest users from seeing memberships of the group(s) they are in. To learn more, see [Restrict guest access permissions in Azure Active Directory](../enterprise-users/users-restrict-guest-permissions.md). - ---### New Federated Apps available in Azure AD Application gallery - May 2021 --**Type:** New feature -**Service category:** Enterprise Apps -**Product capability:** 3rd Party Integration - -You can now automate creating, updating, and deleting user accounts for these newly integrated apps: --- [AuditBoard](../saas-apps/auditboard-provisioning-tutorial.md)-- [Cisco Umbrella User Management](../saas-apps/cisco-umbrella-user-management-provisioning-tutorial.md)-- [Insite LMS](../saas-apps/insite-lms-provisioning-tutorial.md)-- [kpifire](../saas-apps/kpifire-provisioning-tutorial.md)-- [UNIFI](../saas-apps/unifi-provisioning-tutorial.md)--For more information about how to better secure your organization using automated user account provisioning, see [Automate user provisioning to SaaS applications with Azure AD](../app-provisioning/user-provisioning.md). ----### New Federated Apps available in Azure AD Application gallery - May 2021 --**Type:** New feature -**Service category:** Enterprise Apps -**Product capability:** 3rd Party Integration - -In May 2021, we have added following 29 new applications in our App gallery with Federation support --[InviteDesk](https://app.invitedesk.com/login), [Webrecruit ATS](https://id-test.webrecruit.co.uk/), [Workshop](../saas-apps/workshop-tutorial.md), [Gravity Sketch](https://landingpad.me/), [JustLogin](../saas-apps/justlogin-tutorial.md), [Custellence](https://custellence.com/sso/), [WEVO](https://hello.wevoconversion.com/login), [AppTec360 MDM](https://www.apptec360.com/ms/autopilot.html), [Filemail](https://www.filemail.com/login),[Ardoq](../saas-apps/ardoq-tutorial.md), [Leadfamly](../saas-apps/leadfamly-tutorial.md), [Documo](../saas-apps/documo-tutorial.md), [Autodesk SSO](../saas-apps/autodesk-sso-tutorial.md), [Check Point Harmony Connect](../saas-apps/check-point-harmony-connect-tutorial.md), [BrightHire](https://app.brighthire.ai/), [Rescana](../saas-apps/rescana-tutorial.md), [Bluewhale](https://cloud.bluewhale.dk/), [AlacrityLaw](../saas-apps/alacritylaw-tutorial.md), [Equisolve](../saas-apps/equisolve-tutorial.md), [Zip](../saas-apps/zip-tutorial.md), [Cognician](../saas-apps/cognician-tutorial.md), [Acra](https://www.acrasuite.com/), [VaultMe](https://app.vaultme.com/#/signIn), [TAP App Security](../saas-apps/tap-app-security-tutorial.md), [Cavelo Office365 Cloud Connector](https://dashboard.prod.cavelodata.com/), [Clebex](../saas-apps/clebex-tutorial.md), [Banyan Command Center](../saas-apps/banyan-command-center-tutorial.md), [Check Point Remote Access VPN](../saas-apps/check-point-remote-access-vpn-tutorial.md), [LogMeIn](../saas-apps/logmein-tutorial.md) --You can also find the documentation of all the applications from here https://aka.ms/AppsTutorial --For listing your application in the Azure AD app gallery, read the details here https://aka.ms/AzureADAppRequest ----### Improved Conditional Access Messaging for Android and iOS --**Type:** Changed feature -**Service category:** Device Registration and Management -**Product capability:** End User Experiences - -We've updated the wording on the Conditional Access screen shown to users when they're blocked from accessing corporate resources. They'll be blocked until they enroll their device in Mobile Device Management. These improvements apply to the Android and iOS/iPadOS platforms. The following have been changed: --- "Help us keep your device secure" has changed to "Set up your device to get access"-- "Your sign-in was successful but your admin requires your device to be managed by Microsoft to access this resource." to "[Organization's name] requires you to secure this device before you can access [organization's name] email, files, and data." -- "Enroll Now" to "Continue"--The information in [Enroll your Android enterprise device](https://support.microsoft.com/topic/enroll-your-android-enterprise-device-d661c82d-fa28-5dfd-b711-6dff41ae83bb) is out of date. ----### Azure Information Protection service will begin asking for consent --**Type:** Changed feature -**Service category:** Authentications (Logins) -**Product capability:** User Authentication - -The Azure Information Protection service signs users into the tenant that encrypted the document as part of providing access to the document. Starting June, Azure AD will begin prompting the user for consent when this access is given across organizations. This ensures that the user understands that the organization that owns the document will collect some information about the user as part of the document access. [Learn more](/azure/information-protection/known-issues#sharing-external-doc-types-across-tenants). - ---### Provisioning logs schema change impacting Graph API and Azure Monitor integration --**Type:** Changed feature -**Service category:** App Provisioning -**Product capability:** Monitoring & Reporting - -The attributes "Action" and "statusInfo" will be changed to "provisioningAction" and "provisoiningStatusInfo." Update any scripts that you have created using the [provisioning logs Graph API](/graph/api/resources/provisioningobjectsummary) or [Azure Monitor integrations](../app-provisioning/application-provisioning-log-analytics.md). - ---### New ARM API to manage PIM for Azure Resources and Azure AD roles --**Type:** Changed feature -**Service category:** Privileged Identity Management -**Product capability:** Privileged Identity Management - -An updated version of the PIM API for Azure Resource role and Azure AD role has been released. The PIM API for Azure Resource role is now released under the ARM API standard, which aligns with the role management API for regular Azure role assignment. On the other hand, the PIM API for Azure AD roles is also released under graph API aligned with the unifiedRoleManagement APIs. Some of the benefits of this change include: --- Alignment of the PIM API with objects in ARM and Graph for role managementReducing the need to call PIM to onboard new Azure resources. -- All Azure resources automatically work with new PIM API.-- Reducing the need to call PIM for role definition or keeping a PIM resource ID-- Supporting app-only API permissions in PIM for both Azure AD and Azure Resource roles--A previous version of the PIM API under `/privilegedaccess` will continue to function but we recommend you to move to this new API going forward. [Learn more](../privileged-identity-management/pim-apis.md). - ---### Revision of roles in Azure AD entitlement management --**Type:** Changed feature -**Service category:** Roles -**Product capability:** Entitlement Management - -A new role, Identity Governance Administrator, has recently been introduced. This role will be the replacement for the User Administrator role in managing catalogs and access packages in Azure AD entitlement management. If you have assigned administrators to the User Administrator role or have them activate this role to manage access packages in Azure AD entitlement management, switch to the Identity Governance Administrator role instead. The User Administrator role will no longer be providing administrative rights to catalogs or access packages. [Learn more](../governance/identity-governance-overview.md#appendixleast-privileged-roles-for-managing-in-identity-governance-features). ---## April 2021 --### Bug fixed - Azure AD will no longer double-encode the state parameter in responses --**Type:** Fixed -**Service category:** Authentications (Logins) -**Product capability:** User Authentication - -Azure AD has identified, tested, and released a fix for a bug in the `/authorize` response to a client application. Azure AD was incorrectly URL encoding the `state` parameter twice when sending responses back to the client. This can cause a client application to reject the request, due to a mismatch in state parameters. [Learn more](../develop/reference-breaking-changes.md#bug-fix-azure-ad-will-no-longer-url-encode-the-state-parameter-twice). ----### Users can only create security and Microsoft 365 groups in Azure portal being deprecated --**Type:** Plan for change -**Service category:** Group Management -**Product capability:** Directory - -Users will no longer be limited to create security and Microsoft 365 groups only in the Azure portal. The new setting will allow users to create security groups in the Azure portal, PowerShell, and API. Users will be required to verify and update the new setting. [Learn more](../enterprise-users/groups-self-service-management.md). ----### Public preview - External Identities Self-Service Sign-up in Azure AD using Email One-Time Passcode accounts --**Type:** New feature -**Service category:** B2B -**Product capability:** B2B/B2C - -External users can now use Email One-Time Passcode accounts to sign up or sign in to Azure AD 1st party and line-of-business applications. [Learn more](../external-identities/one-time-passcode.md). ----### General availability - External Identities Self-Service Sign Up --**Type:** New feature -**Service category:** B2B -**Product capability:** B2B/B2C - -Self-service sign-up for external users is now in general availability. With this new feature, external users can now self-service sign up to an application. --You can create customized experiences for these external users, including collecting information about your users during the registration process and allowing external identity providers like Facebook and Google. You can also integrate with third-party cloud providers for various functionalities like identity verification or approval of users. [Learn more](../external-identities/self-service-sign-up-overview.md). - ---### General availability - Azure AD B2C Phone Sign-up and Sign-in using Built-in Policy --**Type:** New feature -**Service category:** B2C - Consumer Identity Management -**Product capability:** B2B/B2C - -B2C Phone Sign-up and Sign-in using a built-in policy enable IT administrators and developers of organizations to allow their end-users to sign in and sign up using a phone number in user flows. With this feature, disclaimer links such as privacy policy and terms of use can be customized and shown on the page before the end-user proceeds to receive the one-time passcode via text message. [Learn more](../../active-directory-b2c/phone-authentication-user-flows.md). - ---### New Federated Apps available in Azure AD Application gallery - April 2021 --**Type:** New feature -**Service category:** Enterprise Apps -**Product capability:** 3rd Party Integration --In April 2021, we have added following 31 new applications in our App gallery with Federation support --[Zii Travel Azure AD Connect](https://azuremarketplace.microsoft.com/marketplace/apps/aad.ziitravelazureadconnect?tab=Overview), [Cerby](../saas-apps/cerby-tutorial.md), [Selflessly](https://app.selflessly.io/sign-in), [Apollo CX](https://apollo.cxlabs.de/sso/aad), [Pedagoo](https://account.pedagoo.com/), [Measureup](https://account.measureup.com/), [ProcessUnity](../saas-apps/processunity-tutorial.md), [Cisco Intersight](../saas-apps/cisco-intersight-tutorial.md), [Codility](../saas-apps/codility-tutorial.md), [H5mag](https://account.h5mag.com/auth/request-access/ms365), [Check Point Identity Awareness](../saas-apps/check-point-identity-awareness-tutorial.md), [Jarvis](https://jarvis.live/login), [desknet's NEO](../saas-apps/desknets-neo-tutorial.md), [SDS & Chemical Information Management](../saas-apps/sds-chemical-information-management-tutorial.md), [W├║ru App](../saas-apps/wuru-app-tutorial.md), [Holmes](../saas-apps/holmes-tutorial.md), [Telenor](https://www.telenor.no/kundeservice/internett/wifi/administrere-ruter/), [Yooz US](https://us1.getyooz.com/?kc_idp_hint=microsoft), [Mooncamp](https://app.mooncamp.com/#/login), [inwise SSO](https://app.inwise.com/defaultsso.aspx), [Ecolab Digital Solutions](https://ecolabb2c.b2clogin.com/account.ecolab.com/oauth2/v2.0/authorize?p=B2C_1A_Connect_OIDC_SignIn&client_id=01281626-dbed-4405-a430-66457825d361&nonce=defaultNonce&redirect_uri=https://jwt.ms&scope=openid&response_type=id_token&prompt=login), [Taguchi Digital Marketing System](https://login.taguchi.com.au/), [XpressDox EU Cloud](https://test.xpressdox.com/Authentication/Login.aspx), [EZSSH Client](https://portal.ezssh.io/signup), [KPN Grip](https://www.grip-on-it.com/), [AddressLook](https://portal.bbsonlineservices.net/Manage/AddressLook), [Cornerstone Single Sign-On](../saas-apps/cornerstone-ondemand-tutorial.md) --You can also find the documentation of all the applications here: https://aka.ms/AppsTutorial --For listing your application in the Azure AD app gallery, read the details here: https://aka.ms/AzureADAppRequest ----### New provisioning connectors in the Azure AD Application Gallery - April 2021 --**Type:** New feature -**Service category:** App Provisioning -**Product capability:** 3rd Party Integration - -You can now automate creating, updating, and deleting user accounts for these newly integrated apps: --- [Bentley - Automatic User Provisioning](../saas-apps/bentley-automatic-user-provisioning-tutorial.md)-- [Boxcryptor](../saas-apps/boxcryptor-provisioning-tutorial.md)-- [BrowserStack Single Sign-on](../saas-apps/browserstack-single-sign-on-provisioning-tutorial.md)-- [Eletive](../saas-apps/eletive-provisioning-tutorial.md)-- [Jostle](../saas-apps/jostle-provisioning-tutorial.md)-- [Olfeo SAAS](../saas-apps/olfeo-saas-provisioning-tutorial.md)-- [Proware](../saas-apps/proware-provisioning-tutorial.md)-- [Segment](../saas-apps/segment-provisioning-tutorial.md)--For more information about how to better secure your organization with automated user account provisioning, see [Automate user provisioning to SaaS applications with Azure AD](../app-provisioning/user-provisioning.md). - ---### Introducing new versions of page layouts for B2C --**Type:** Changed feature -**Service category:** B2C - Consumer Identity Management -**Product capability:** B2B/B2C - -The [page layouts](../../active-directory-b2c/page-layout.md) for B2C scenarios on the Azure AD B2C has been updated to reduce security risks by introducing the new versions of jQuery and Handlebars JS. - ---### Updates to Sign-in Diagnostic --**Type:** Changed feature -**Service category:** Reporting -**Product capability:** Monitoring & Reporting - -The scenario coverage of the Sign-in Diagnostic tool has increased. --With this update, the following event-related scenarios will now be included in the sign-in diagnosis results: -- Enterprise Applications configuration problem events.-- Enterprise Applications service provider (application-side) events.-- Incorrect credentials events. --These results will show contextual and relevant details about the event and actions to take to resolve these problems. Also, for scenarios where we don't have deep contextual diagnostics, Sign-in Diagnostic will present more descriptive content about the error event. --For more information, see [What is sign-in diagnostic in Azure AD?](../reports-monitoring/overview-sign-in-diagnostics.md) ---### Azure AD Connect cloud sync general availability refresh -**Type:** Changed feature -**Service category:** Azure AD Connect Cloud Sync -**Product capability:** Directory --Azure AD connect cloud sync now has an updated agent (version# - 1.1.359). For more details on agent updates, including bug fixes, check out the [version history](../cloud-sync/reference-version-history.md). With the updated agent, cloud sync customers can use GMSA cmdlets to set and reset their gMSA permission at a granular level. In addition that, we've changed the limit of syncing members using group scope filtering from 1499 to 50,000 (50K) members. --Check out the newly available [expression builder](../cloud-sync/how-to-expression-builder.md#deploy-the-expression) for cloud sync, which, helps you build complex expressions and simple expressions when you do transformations of attribute values from AD to Azure AD using attribute mapping. ----## March 2021 --### Guidance on how to enable support for TLS 1.2 in your environment, in preparation for upcoming Azure AD TLS 1.0/1.1 deprecation --**Type:** Plan for change -**Service category:** N/A -**Product capability:** Standards --Azure Active Directory will deprecate the following protocols in Azure Active Directory worldwide regions starting June 30, 2021: ---- TLS 1.0-- TLS 1.1-- 3DES cipher suite (TLS_RSA_WITH_3DES_EDE_CBC_SHA)--Affected environments include: --- Azure Commercial Cloud-- Office 365 GCC and WW--For more information, see [Enable support for TLS 1.2 in your environment for Azure AD TLS 1.1 and 1.0 deprecation](/troubleshoot/azure/active-directory/enable-support-tls-environment). ----### Public preview - Azure AD Entitlement management now supports multi-geo SharePoint Online --**Type:** New feature -**Service category:** Other -**Product capability:** Entitlement Management - -For organizations using multi-geo SharePoint Online, you can now include sites from specific multi-geo environments to your Entitlement management access packages. [Learn more](../governance/entitlement-management-catalog-create.md#add-a-multi-geo-sharepoint-site). ----### Public preview - Restore deleted apps from App registrations --**Type:** New feature -**Service category:** Other -**Product capability:** Developer Experience - -Customers can now view, restore, and permanently remove deleted app registrations from the Azure portal. This applies only to applications associated to a directory, not applications from a personal Microsoft account. [Learn more](../develop/howto-restore-app.md). - ---### Public preview - New "User action" in Conditional Access for registering or joining devices --**Type:** New feature -**Service category:** Conditional Access -**Product capability:** Identity Security & Protection - - A new user action called "Register or join devices" in Conditional access is available. This user action allows you to control Azure Active Directory Multi-Factor Authentication (MFA) policies for Azure AD device registration. --Currently, this user action only allows you to enable Azure AD MFA as a control when users register or join devices to Azure AD. Other controls that are dependent on or not applicable to Azure AD device registration are disabled with this user action. [Learn more](../conditional-access/concept-conditional-access-cloud-apps.md#user-actions). - ---### Public preview - Optimize connector groups to use the closest Application Proxy cloud service --**Type:** New feature -**Service category:** App Proxy -**Product capability:** Access Control - -With this new capability, connector groups can be assigned to the closest regional Application Proxy service an application is hosted in. This can improve app performance in scenarios where apps are hosted in regions other than the home tenant's region. [Learn more](../app-proxy/application-proxy-network-topology.md#optimize-connector-groups-to-use-closest-application-proxy-cloud-service). - ---### Public preview - External Identities Self-Service Sign up in Azure AD using Email One-Time Passcode accounts --**Type:** New feature -**Service category:** B2B -**Product capability:** B2B/B2C --External users will now be able to use Email One-Time Passcode accounts to sign up in to Azure AD 1st party and LOB apps. [Learn more](../external-identities/one-time-passcode.md). ----### Public preview - Availability of AD FS sign-ins in Azure AD --**Type:** New feature -**Service category:** Authentications (Logins) -**Product capability:** Monitoring & Reporting - -AD FS sign-in activity can now be integrated with Azure AD activity reporting, providing a unified view of hybrid identity infrastructure. Using the Azure AD sign-ins report, Log Analytics, and Azure Monitor Workbooks, it's possible to do in-depth analysis for both Azure AD and AD FS sign-in scenarios such as AD FS account lockouts, bad password attempts, and spikes of unexpected sign-in attempts. --To learn more, visit [AD FS sign-ins in Azure AD with Connect Health](../hybrid/how-to-connect-health-ad-fs-sign-in.md). ----### General availability - Staged rollout to cloud authentication --**Type:** New feature -**Service category:** AD Connect -**Product capability:** User Authentication - -Staged rollout to cloud authentication is now generally available. The staged rollout feature allows you to selectively test groups of users with cloud authentication methods, such as Passthrough Authentication (PTA) or Password Hash Sync (PHS). Meanwhile, all other users in the federated domains continue to use federation services, such as AD FS or any other federation services to authenticate users. [Learn more](../hybrid/how-to-connect-staged-rollout.md). ----### General availability - User Type attribute can now be updated in the Azure admin portal --**Type:** New feature -**Service category:** User Experience and Management -**Product capability:** User Management - -Customers can now update the user type of Azure AD users when they update their user profile information from the Azure admin portal. The user type can be updated from Microsoft Graph also. To learn more, see [Add or update user profile information](active-directory-users-profile-azure-portal.md). - ---### General availability - Replica Sets for Azure Active Directory Domain Services --**Type:** New feature -**Service category:** Azure AD Domain Services -**Product capability:** Azure AD Domain Services - -The capability of replica sets in Azure AD DS is now generally available. [Learn more](../../active-directory-domain-services/concepts-replica-sets.md). - ---### General availability - Collaborate with your partners using Email One-Time Passcode in the Azure Government cloud --**Type:** New feature -**Service category:** B2B -**Product capability:** B2B/B2C - -Organizations in the Microsoft Azure Government cloud can now enable their guests to redeem invitations with Email One-Time Passcode. This ensures that any guest users with no Azure AD, Microsoft, or Gmail accounts in the Azure Government cloud can still collaborate with their partners by requesting and entering a temporary code to sign in to shared resources. [Learn more](../external-identities/one-time-passcode.md). ----### New Federated Apps available in Azure AD Application gallery - March 2021 --**Type:** New feature -**Service category:** Enterprise Apps -**Product capability:** 3rd Party Integration - -In March 2021 we have added following 37 new applications in our App gallery with Federation support: --[Bambuser Live Video Shopping](https://lcx.bambuser.com/), [DeepDyve Inc](https://www.deepdyve.com/azure-sso), [Moqups](../saas-apps/moqups-tutorial.md), [RICOH Spaces Mobile](https://ricohspaces.app/welcome), [Flipgrid](https://auth.flipgrid.com/), [hCaptcha Enterprise](../saas-apps/hcaptcha-enterprise-tutorial.md), [SchoolStream ASA](https://www.ssk12.com/), [TransPerfect GlobalLink Dashboard](../saas-apps/transperfect-globallink-dashboard-tutorial.md), [SimplificaCI](https://app.simplificaci.com.br/), [Thrive LXP](../saas-apps/thrive-lxp-tutorial.md), [Lexonis TalentScape](../saas-apps/lexonis-talentscape-tutorial.md), [Exium](../saas-apps/exium-tutorial.md), [Sapient](../saas-apps/sapient-tutorial.md), [TrueChoice](../saas-apps/truechoice-tutorial.md), [RICOH Spaces](https://ricohspaces.app/welcome), [Saba Cloud](../saas-apps/learning-at-work-tutorial.md), [Acunetix 360](../saas-apps/acunetix-360-tutorial.md), [Exceed.ai](../saas-apps/exceed-ai-tutorial.md), [GitHub Enterprise Managed User](../saas-apps/github-enterprise-managed-user-tutorial.md), [Enterprise Vault.cloud for Outlook](https://login.microsoftonline.com/common/oauth2/v2.0/authorize?response_type=id_token&scope=openid%20profile%20User.Read&client_id=7176efe5-e954-4aed-b5c8-f5c85a980d3a&nonce=4b9e1981-1bcb-4938-a283-86f6931dc8cb), [Smartlook](../saas-apps/smartlook-tutorial.md), [Accenture Academy](../saas-apps/accenture-academy-tutorial.md), [Onshape](../saas-apps/onshape-tutorial.md), [Tradeshift](../saas-apps/tradeshift-tutorial.md), [JuriBlox](../saas-apps/juriblox-tutorial.md), [SecurityStudio](../saas-apps/securitystudio-tutorial.md), [ClicData](https://app.clicdata.com/), [Evergreen](../saas-apps/evergreen-tutorial.md), [Patchdeck](https://patchdeck.com/ad_auth/authenticate/), [FAX.PLUS](../saas-apps/fax-plus-tutorial.md), [ValidSign](../saas-apps/validsign-tutorial.md), [AWS Single Sign-on](../saas-apps/aws-single-sign-on-tutorial.md), [Nura Space](https://dashboard.nuraspace.com/login), [Broadcom DX SaaS](../saas-apps/broadcom-dx-saas-tutorial.md), [Interplay Learning](https://skilledtrades.interplaylearning.com/#login), [SendPro Enterprise](../saas-apps/sendpro-enterprise-tutorial.md), [FortiSASE SIA](../saas-apps/fortisase-sia-tutorial.md) --You can also find the documentation of all the applications here: https://aka.ms/AppsTutorial --For listing your application in the Azure AD app gallery, read the details here: https://aka.ms/AzureADAppRequest ----### New provisioning connectors in the Azure AD Application Gallery - March 2021 --**Type:** New feature -**Service category:** App Provisioning -**Product capability:** 3rd Party Integration --You can now automate creating, updating, and deleting user accounts for these newly integrated apps: --- [AWS Single Sign-on](../saas-apps/aws-single-sign-on-provisioning-tutorial.md)-- [Bpanda](../saas-apps/bpanda-provisioning-tutorial.md)-- [Britive](../saas-apps/britive-provisioning-tutorial.md)-- [GitHub Enterprise Managed User](../saas-apps/github-enterprise-managed-user-provisioning-tutorial.md)-- [Grammarly](../saas-apps/grammarly-provisioning-tutorial.md)-- [LogicGate](../saas-apps/logicgate-provisioning-tutorial.md)-- [SecureLogin](../saas-apps/secure-login-provisioning-tutorial.md)-- [TravelPerk](../saas-apps/travelperk-provisioning-tutorial.md)--For more information about how to better secure your organization by using automated user account provisioning, see [Automate user provisioning to SaaS applications with Azure AD](../app-provisioning/user-provisioning.md). - ---### Introducing MS Graph API for Company Branding --**Type:** Changed feature -**Service category:** MS Graph -**Product capability:** B2B/B2C --[MS Graph API for the Company Branding](/graph/api/resources/organizationalbrandingproperties) is available for the Azure AD or Microsoft 365 sign-in experience to allow the management of the branding parameters programmatically. ----### General availability - Header-based authentication SSO with Application Proxy --**Type:** Changed feature -**Service category:** App Proxy -**Product capability:** Access Control - -Azure AD Application Proxy native support for header-based authentication is now in general availability. With this feature, you can configure the user attributes required as HTTP headers for the application without additional components needed to deploy. [Learn more](../app-proxy/application-proxy-configure-single-sign-on-with-headers.md). ----### Two-way SMS for MFA Server is no longer supported --**Type:** Deprecated -**Service category:** MFA -**Product capability:** Identity Security & Protection - --Two-way SMS for MFA Server was originally deprecated in 2018, and won't be supported after February 24, 2021. Administrators should enable another method for users who still use two-way SMS. --Email notifications and Azure portal Service Health notifications were sent to affected admins on December 8, 2020 and January 28, 2021. The alerts went to the Owner, Co-Owner, Admin, and Service Admin RBAC roles tied to the subscriptions. [Learn more](../authentication/how-to-authentication-two-way-sms-unsupported.md). - -- -## February 2021 --### Email one-time passcode authentication on by default starting October 2021 --**Type:** Plan for change -**Service category:** B2B -**Product capability:** B2B/B2C - -Starting October 31, 2021, Microsoft Azure Active Directory [email one-time passcode authentication](../external-identities/one-time-passcode.md) will become the default method for inviting accounts and tenants for B2B collaboration scenarios. At this time, Microsoft will no longer allow the redemption of invitations using unmanaged Azure Active Directory accounts. ----### Unrequested but consented permissions will no longer be added to tokens if they would trigger Conditional Access --**Type:** Plan for change -**Service category:** Authentications (Logins) -**Product capability:** Platform - -Currently, applications using [dynamic permissions](../develop/v2-permissions-and-consent.md#requesting-individual-user-consent) are given all of the permissions they're consented to access. This includes applications that are unrequested and even if they trigger conditional access. For example, this can cause an app requesting only `user.read` that also has consent for `files.read`, to be forced to pass the Conditional Access assigned for the `files.read` permission. --To reduce the number of unnecessary Conditional Access prompts, Azure AD is changing the way that unrequested scopes are provided to applications. Apps will only trigger conditional access for permission they explicitly request. For more information, read [What's new in authentication](../develop/reference-breaking-changes.md#conditional-access-will-only-trigger-for-explicitly-requested-scopes). - -- -### Public preview - Use a Temporary Access Pass to register Passwordless credentials --**Type:** New feature -**Service category:** MFA -**Product capability:** Identity Security & Protection --Temporary Access Pass is a time-limited passcode that serves as strong credentials and allows onboarding of Passwordless credentials and recovery when a user has lost or forgotten their strong authentication factor (for example, FIDO2 security key or Microsoft Authenticator) app and needs to sign in to register new strong authentication methods. [Learn more](../authentication/howto-authentication-temporary-access-pass.md). ----### Public preview - Keep me signed in (KMSI) in next generation of user flows --**Type:** New feature -**Service category:** B2C - Consumer Identity Management -**Product capability:** B2B/B2C --The next generation of B2C user flows now supports the [keep me signed in (KMSI)](../../active-directory-b2c/session-behavior.md?pivots=b2c-custom-policy#enable-keep-me-signed-in-kmsi) functionality that allows customers to extend the session lifetime for the users of their web and native applications by using a persistent cookie. feature keeps the session active even when the user closes and reopens the browser, and is revoked when the user signs out. ----### Public preview - Reset redemption status for a guest user --**Type:** New feature -**Service category:** B2B -**Product capability:** B2B/B2C - -Customers can now reinvite existing external guest users to reset their redemption status, which allows the guest user account to remain without them losing any access. [Learn more](../external-identities/reset-redemption-status.md). - ---### Public preview - /synchronization (provisioning) APIs now support application permissions --**Type:** New feature -**Service category:** App Provisioning -**Product capability:** Identity Lifecycle Management - -Customers can now use application.readwrite.ownedby as an application permission to call the synchronization APIs. Note this is only supported for provisioning from Azure AD out into third-party applications (for example, AWS, Data Bricks, etc.). It's currently not supported for HR-provisioning (Workday / Successfactors) or Cloud Sync (AD to Azure AD). [Learn more](/graph/api/resources/provisioningobjectsummary). - ---### General availability - Authentication Policy Administrator built-in role --**Type:** New feature -**Service category:** RBAC -**Product capability:** Access Control - -Users with this role can configure the authentication methods policy, tenant-wide MFA settings, and password protection policy. This role grants permission to manage Password Protection settings: smart lockout configurations and updating the custom banned passwords list. [Learn more](../roles/permissions-reference.md#authentication-policy-administrator). ----### General availability - User collections on My Apps are available now! --**Type:** New feature -**Service category:** My Apps -**Product capability:** End User Experiences - -Users can now create their own groupings of apps on the My Apps app launcher. They can also reorder and hide collections shared with them by their administrator. [Learn more](../user-help/my-apps-portal-user-collections.md). ----### General availability - Autofill in Authenticator --**Type:** New feature -**Service category:** Microsoft Authenticator App -**Product capability:** Identity Security & Protection - -Microsoft Authenticator provides multifactor authentication and account management capabilities, and now also will autofill passwords on sites and apps users visit on their mobile (iOS and Android). --To use autofill on Authenticator, users need to add their personal Microsoft account to Authenticator and use it to sync their passwords. Work or school accounts can't be used to sync passwords at this time. [Learn more](../user-help/user-help-auth-app-faq.md#autofill-for-it-admins). ----### General availability - Invite internal users to B2B collaboration --**Type:** New feature -**Service category:** B2B -**Product capability:** B2B/B2C - -Customers can now invite internal guests to use B2B collaboration instead of sending an invitation to an existing internal account. This allows customers to keep that user's object ID, UPN, group memberships, and app assignments. [Learn more](../external-identities/invite-internal-users.md). ----### General availability - Domain Name Administrator built-in role --**Type:** New feature -**Service category:** RBAC -**Product capability:** Access Control - -Users with this role can manage (read, add, verify, update, and delete) domain names. They can also read directory information about users, groups, and applications, as these objects have domain dependencies. --For on-premises environments, users with this role can configure domain names for federation so that associated users are always authenticated on-premises. These users can then sign into Azure AD-based services with their on-premises passwords via single sign-on. Federation settings need to be synced via Azure AD Connect, so users also have permissions to manage Azure AD Connect. [Learn more](../roles/permissions-reference.md#domain-name-administrator). - ---### New Federated Apps available in Azure AD Application gallery - February 2021 --**Type:** New feature -**Service category:** Enterprise Apps -**Product capability:** 3rd Party Integration - -In February 2021 we have added following 37 new applications in our App gallery with Federation support: --[Loop Messenger Extension](https://loopworks.com/loop-flow-messenger/), [Silverfort Azure AD Adapter](http://www.silverfort.com/), [Interplay Learning](https://skilledtrades.interplaylearning.com/#login), [Nura Space](https://dashboard.nuraspace.com/login), [Yooz EU](https://eu1.getyooz.com/?kc_idp_hint=microsoft), [UXPressia](https://uxpressia.com/users/sign-in), [introDus Pre- and Onboarding Platform](http://app.introdus.dk/login), [Happybot](https://login.microsoftonline.com/organizations/oauth2/v2.0/authorize?client_id=34353e1e-dfe5-4d2f-bb09-2a5e376270c8&response_type=code&redirect_uri=https://api.happyteams.io/microsoft/integrate&response_mode=query&scope=offline_access%20User.Read%20User.Read.All), [LeaksID](https://leaksid.com/), [ShiftWizard](http://www.shiftwizard.com/), [PingFlow SSO](https://app.pingview.io/), [Swiftlane](https://admin.swiftlane.com/login), [Quasydoc SSO](https://www.quasydoc.eu/login), [Fenwick Gold Account](https://businesscentral.dynamics.com/), [SeamlessDesk](https://www.seamlessdesk.com/login), [Learnsoft LMS & TMS](http://www.learnsoft.com/), [P-TH+](https://p-th.jp/), [myViewBoard](https://api.myviewboard.com/auth/microsoft/), [Tartabit IoT Bridge](https://bridge-us.tartabit.com/), [AKASHI](../saas-apps/akashi-tutorial.md), [Rewatch](../saas-apps/rewatch-tutorial.md), [Zuddl](../saas-apps/zuddl-tutorial.md), [Parkalot - Car park management](../saas-apps/parkalot-car-park-management-tutorial.md), [HSB ThoughtSpot](../saas-apps/hsb-thoughtspot-tutorial.md), [IBMid](../saas-apps/ibmid-tutorial.md), [SharingCloud](../saas-apps/sharingcloud-tutorial.md), [PoolParty Semantic Suite](../saas-apps/poolparty-semantic-suite-tutorial.md), [GlobeSmart](../saas-apps/globesmart-tutorial.md), [Samsung Knox and Business Services](../saas-apps/samsung-knox-and-business-services-tutorial.md), [Penji](../saas-apps/penji-tutorial.md), [Kendis- Scaling Agile Platform](../saas-apps/kendis-scaling-agile-platform-tutorial.md), [Maptician](../saas-apps/maptician-tutorial.md), [Olfeo SAAS](../saas-apps/olfeo-saas-tutorial.md), [Sigma Computing](../saas-apps/sigma-computing-tutorial.md), [CloudKnox Permissions Management Platform](../saas-apps/cloudknox-permissions-management-platform-tutorial.md), [Klaxoon SAML](../saas-apps/klaxoon-saml-tutorial.md), [Enablon](../saas-apps/enablon-tutorial.md) --You can also find the documentation of all the applications here: https://aka.ms/AppsTutorial --For listing your application in the Azure AD app gallery, read the details here: https://aka.ms/AzureADAppRequest -- --### New provisioning connectors in the Azure AD Application Gallery - February 2021 --**Type:** New feature -**Service category:** App Provisioning -**Product capability:** 3rd Party Integration - --You can now automate creating, updating, and deleting user accounts for these newly integrated apps: --- [Atea](../saas-apps/atea-provisioning-tutorial.md)-- [Getabstract](../saas-apps/getabstract-provisioning-tutorial.md)-- [HelloID](../saas-apps/helloid-provisioning-tutorial.md)-- [Hoxhunt](../saas-apps/hoxhunt-provisioning-tutorial.md)-- [Iris Intranet](../saas-apps/iris-intranet-provisioning-tutorial.md)-- [Preciate](../saas-apps/preciate-provisioning-tutorial.md)--For more information, read [Automate user provisioning to SaaS applications with Azure AD](../app-provisioning/user-provisioning.md). ----### General availability - 10 Azure Active Directory roles now renamed --**Type:** Changed feature -**Service category:** RBAC -**Product capability:** Access Control - -10 Azure AD built-in roles have been renamed so that they're aligned across the [Microsoft 365 admin center](/microsoft-365/admin/microsoft-365-admin-center-preview), [Azure portal](https://portal.azure.com/), and [Microsoft Graph](https://developer.microsoft.com/graph/). To learn more about the new roles, refer to [Administrator role permissions in Azure Active Directory](../roles/permissions-reference.md#all-roles). -- ----### New Company Branding in multifactor authentication (MFA)/SSPR Combined Registration --**Type:** Changed feature -**Service category:** User Experience and Management -**Product capability:** End User Experiences - -In the past, company logos weren't used on Azure Active Directory sign-in pages. Company branding is now located to the top left of multifactor authentication (MFA)/SSPR Combined Registration. Company branding is also included on My sign-ins and the Security Info page. [Learn more](../fundamentals/customize-branding.md). ----### General availability - Second level manager can be set as alternate approver --**Type:** Changed feature -**Service category:** User Access Management -**Product capability:** Entitlement Management - -An extra option when you select approvers is now available in Entitlement Management. If you select "Manager as approver" for the First Approver, you'll have another option, "Second level manager as alternate approver", available to choose in the alternate approver field. If you select this option, you need to add a fallback approver to forward the request to in case the system can't find the second level manager. [Learn more](../governance/entitlement-management-access-package-approval-policy.md#alternate-approvers). - ---### Authentication Methods Activity Dashboard --**Type:** Changed feature -**Service category:** Reporting -**Product capability:** Monitoring & Reporting - --The refreshed Authentication Methods Activity dashboard gives admins an overview of authentication method registration and usage activity in their tenant. The report summarizes the number of users registered for each method, and also which methods are used during sign-in and password reset. [Learn more](../authentication/howto-authentication-methods-activity.md). - ---### Refresh and session token lifetimes configurability in Configurable Token Lifetime (CTL) are retired --**Type:** Deprecated -**Service category:** Other -**Product capability:** User Authentication - -Refresh and session token lifetimes configurability in CTL are retired. Azure Active Directory no longer honors refresh and session token configuration in existing policies. [Learn more](../develop/configurable-token-lifetimes.md#token-lifetime-policies-for-refresh-tokens-and-session-tokens). - ---## January 2021 --### Secret token will be a mandatory field when configuring provisioning --**Type:** Plan for change -**Service category:** App Provisioning -**Product capability:** Identity Lifecycle Management --In the past, the secret token field could be kept empty when setting up provisioning on the custom / BYOA application. This function was intended to solely be used for testing. We'll update the UI to make the field required. --Customers can work around this requirement for testing purposes by using a feature flag in the browser URL. [Learn more](../app-provisioning/use-scim-to-provision-users-and-groups.md#authorization-to-provisioning-connectors-in-the-application-gallery). - ---### Public Preview - Customize and configure Android shared devices for frontline workers at scale --**Type:** New feature -**Service category:** Device Registration and Management -**Product capability:** Identity Security & Protection - -Azure AD and Microsoft Intune teams have combined to bring the capability to customize, scale, and secure your frontline worker devices. --The following preview capabilities will allow you to: -- Provision Android shared devices at scale with Microsoft Intune-- Secure your access for shift workers using device-based conditional access-- Customize sign-in experiences for the shift workers with Managed Home Screen--To learn more, refer to [Customize and configure shared devices for frontline workers at scale](https://techcommunity.microsoft.com/t5/azure-active-directory-identity/customize-and-configure-shared-devices-for-firstline-workers-at/ba-p/1751708). ----### Public preview - Provisioning logs can now be downloaded as a CSV or JSON --**Type:** New feature -**Service category:** App Provisioning -**Product capability:** Identity Lifecycle Management --Customers can download the provisioning logs as a CSV or JSON file through the UI and via graph API. To learn more, refer to [Provisioning reports in the Azure portal](../reports-monitoring/concept-provisioning-logs.md). ----### Public preview - Assign cloud groups to Azure AD custom roles and admin unit scoped roles --**Type:** New feature -**Service category:** RBAC -**Product capability:** Access Control - -Customers can assign a cloud group to Azure AD custom roles or an admin unit scoped role. To learn how to use this feature, refer to [Use cloud groups to manage role assignments in Azure Active Directory](../roles/groups-concept.md). ----### General Availability - Azure AD Connect cloud sync (previously known as cloud provisioning) --**Type:** New feature -**Service category:** Azure AD Connect cloud sync -**Product capability:** Identity Lifecycle Management - -Azure AD Connect cloud sync is now generally available to all customers. --Azure AD Connect cloud moves the heavy lifting of transform logic to the cloud, reducing your on-premises footprint. Additionally, multiple light-weight agent deployments are available for higher sync availability. [Learn more](https://aka.ms/cloudsyncGA). - --### General Availability - Attack Simulation Administrator and Attack Payload Author built-in roles --**Type:** New feature -**Service category:** RBAC -**Product capability:** Access Control - -Two new roles in Role-Based Access Control are available to assign to users, Attack simulation Administrator and Attack Payload author. --Users in the [Attack Simulation Administrator](../roles/permissions-reference.md#attack-simulation-administrator) role have access for all simulations in the tenant and can: -- create and manage all aspects of attack simulation creation-- launch/scheduling of a simulation-- review simulation results. --Users in the [Attack Payload Author](../roles/permissions-reference.md#attack-payload-author) role can create attack payloads but not actually launch or schedule them. Attack payloads are then available to all administrators in the tenant who can use them to create a simulation. ----### General Availability - Usage Summary Reports Reader built-in role --**Type:** New feature -**Service category:** RBAC -**Product capability:** Access Control - -Users with the Usage Summary Reports Reader role can access tenant level aggregated data and associated insights in Microsoft 365 Admin Center for Usage and Productivity Score. However, they can't access any user level details or insights. --In the Microsoft 365 Admin Center for the two reports, we differentiate between tenant level aggregated data and user level details. This role adds an extra layer of protection to individual user identifiable data. [Learn more](../roles/permissions-reference.md#usage-summary-reports-reader). ----### General availability - Require App protection policy grant in Azure AD Conditional Access --**Type:** New Feature -**Service category:** Conditional Access -**Product capability:** Identity Security & Protection - -Azure AD Conditional Access grant for "Require App Protection policy" is now GA. --The policy provides the following capabilities: -- Allows access only when using a mobile application that supports Intune App protection-- Allows access only when a user has an Intune app protection policy delivered to the mobile application--Learn more on how to set up a conditional access policy for app protection [here](../conditional-access/app-protection-based-conditional-access.md). - ---### General availability - Email One-Time Passcode --**Type:** New feature -**Service category:** B2B -**Product capability:** B2B/B2C - -Email OTP enables organizations around the world to collaborate with anyone by sending a link or invitation via email. Invited users can verify their identity with the one-time passcode sent to their email to access their partner's resources. [Learn more](../external-identities/one-time-passcode.md). - --- ### New provisioning connectors in the Azure AD Application Gallery - January 2021 --**Type:** New feature -**Service category:** App Provisioning -**Product capability:** 3rd Party Integration - -You can now automate creating, updating, and deleting user accounts for these newly integrated apps: -- [Fortes Change Cloud](../saas-apps/fortes-change-cloud-provisioning-tutorial.md)-- [Gtmhub](../saas-apps/gtmhub-provisioning-tutorial.md)-- [monday.com](../saas-apps/mondaycom-provisioning-tutorial.md)-- [Splashtop](../saas-apps/splashtop-provisioning-tutorial.md)-- [Templafy OpenID Connect](../saas-apps/templafy-openid-connect-provisioning-tutorial.md)-- [WEDO](../saas-apps/wedo-provisioning-tutorial.md)--For more information, see [What is automated SaaS app user provisioning in Azure AD?](../app-provisioning/user-provisioning.md) ----### New Federated Apps available in Azure AD Application gallery - January 2021 --**Type:** New feature -**Service category:** Enterprise Apps -**Product capability:** 3rd Party Integration --In January 2021 we have added following 29 new applications in our App gallery with Federation support: --[mySCView](https://www.myscview.com/), [Talentech](https://talentech.com/contact/), [Bipsync](https://www.bipsync.com/), [OroTimesheet](https://app.orotimesheet.com/login.php), [Mio](https://app.m.io/auth/install/microsoft?scopetype=hub), Sovelto Easy, [Supportbench](https://account.supportbench.net/agent/login/),[Bienvenue Formation](https://formation.bienvenue.pro/login), [AIDA Healthcare SSO](https://aidaforparents.com/login/organizations), [International SOS Assistance Products](../saas-apps/international-sos-assistance-products-tutorial.md), [NAVEX One](../saas-apps/navex-one-tutorial.md), [LabLog](../saas-apps/lablog-tutorial.md), [Oktopost SAML](../saas-apps/oktopost-saml-tutorial.md), [EPHOTO DAM](../saas-apps/ephoto-dam-tutorial.md), [Notion](../saas-apps/notion-tutorial.md), [Syndio](../saas-apps/syndio-tutorial.md), [Yello Enterprise](../saas-apps/yello-enterprise-tutorial.md), [Timeclock 365 SAML](../saas-apps/timeclock-365-saml-tutorial.md), [Nalco E-data](https://www.ecolab.com/), [Vacancy Filler](https://app.vacancy-filler.co.uk/VFMVC/Account/Login), [Synerise AI Growth Ecosystem](../saas-apps/synerise-ai-growth-ecosystem-tutorial.md), [Imperva Data Security](../saas-apps/imperva-data-security-tutorial.md), [Illusive Networks](../saas-apps/illusive-networks-tutorial.md), [Proware](../saas-apps/proware-tutorial.md), [Splan Visitor](../saas-apps/splan-visitor-tutorial.md), [Aruba User Experience Insight](../saas-apps/aruba-user-experience-insight-tutorial.md), [Contentsquare SSO](../saas-apps/contentsquare-sso-tutorial.md), [Perimeter 81](../saas-apps/perimeter-81-tutorial.md), [Burp Suite Enterprise Edition](../saas-apps/burp-suite-enterprise-edition-tutorial.md) --You can also find the documentation of all the applications from here https://aka.ms/AppsTutorial --For listing your application in the Azure AD app gallery, read the details here https://aka.ms/AzureADAppRequest ----### Public preview - Second level manager can be set as alternate approver --**Type:** Changed feature -**Service category:** User Access Management -**Product capability:** Entitlement Management - -An extra option when you select approvers is now available in Entitlement Management. If you select "Manager as approver" for the First Approver, you'll have another option, "Second level manager as alternate approver", available to choose in the alternate approver field. If you select this option, you need to add a fallback approver to forward the request to in case the system can't find the second level manager. [Learn more](../governance/entitlement-management-access-package-approval-policy.md#alternate-approvers) - ---### General availability - Navigate to Teams directly from My Access portal --**Type:** Changed feature -**Service category:** User Access Management -**Product capability:** Entitlement Management - -You can now launch Teams directly from the My Access portal. --To do so, sign-in to My Access (https://myaccess.microsoft.com/), navigate to "Access packages", then go to the "Active" tab to see all of the access packages you already have access to. When you expand the selected access package and hover on Teams, you can launch it by clicking on the "Open" button. [Learn more](../governance/entitlement-management-request-access.md). - ---### Improved Logging & End-User Prompts for Risky Guest Users --**Type:** Changed feature -**Service category:** Identity Protection -**Product capability:** Identity Security & Protection - --The Logging and End-User Prompts for Risky Guest Users have been updated. Learn more in [Identity Protection and B2B users](../identity-protection/concept-identity-protection-b2b.md). - ---## December 2020 --### Public preview - Azure AD B2C Phone Sign-up and Sign-in using Built-in Policy --**Type:** New feature -**Service category:** B2C - Consumer Identity Management -**Product capability:** B2B/B2C - -B2C Phone Sign-up and Sign-in using Built-in Policy enable IT administrators and developers of organizations to allow their end-users to sign in and sign up using a phone number in user flows. Read [Set up phone sign-up and sign-in for user flows (preview)](../../active-directory-b2c/phone-authentication-user-flows.md) to learn more. ----### General Availability - Security Defaults now enabled for all new tenants by default --**Type:** New feature -**Service category:** Other -**Product capability:** Identity Security & Protection - -To protect user accounts, all new tenants created on or after November 12, 2020, will come with Security Defaults enabled. Security Defaults enforces multiple policies including: -- Requires all users and admins to register for multifactor authentication (MFA) using the Microsoft Authenticator App-- Requires critical admin roles to use multifactor authentication (MFA) every single time they sign-in. All other users will be prompted for multifactor authentication (MFA) whenever necessary. -- Legacy authentication will be blocked tenant wide. --For more information, read [What are security defaults?](../fundamentals/concept-fundamentals-security-defaults.md) ----### General availability - Support for groups with up to 250K members in AADConnect --**Type:** Changed feature -**Service category:** AD Connect -**Product capability:** Identity Lifecycle Management - -Microsoft has deployed a new endpoint (API) for Azure AD Connect that improves the performance of the synchronization service operations to Azure Active Directory. When you use the new [V2 endpoint](../hybrid/how-to-connect-sync-endpoint-api-v2.md), you'll experience noticeable performance gains on export and import to Azure AD. This new endpoint supports the following scenarios: --- Syncing groups with up to 250k members-- Performance gains on export and import to Azure AD----### General availability - Entitlement Management available for tenants in Azure China cloud --**Type:** New feature -**Service category:** User Access Management -**Product capability:** Entitlement Management - --The capabilities of Entitlement Management are now available for all tenants in the Azure China cloud. For information, visit our [Identity governance documentation](https://docs.azure.cn/zh-cn/active-directory/governance/) site. ----### New provisioning connectors in the Azure AD Application Gallery - December 2020 --**Type:** New feature -**Service category:** App Provisioning -**Product capability:** 3rd Party Integration --You can now automate creating, updating, and deleting user accounts for these newly integrated apps: --- [Bizagi Studio for Digital Process Automation](../saas-apps/bizagi-studio-for-digital-process-automation-provisioning-tutorial.md)-- [CybSafe](../saas-apps/cybsafe-provisioning-tutorial.md)-- [GroupTalk](../saas-apps/grouptalk-provisioning-tutorial.md)-- [PaperCut Cloud Print Management](../saas-apps/papercut-cloud-print-management-provisioning-tutorial.md)-- [Parsable](../saas-apps/parsable-provisioning-tutorial.md)-- [Shopify Plus](../saas-apps/shopify-plus-provisioning-tutorial.md)--For more information about how to better secure your organization by using automated user account provisioning, see [Automate user provisioning to SaaS applications with Azure AD](../app-provisioning/user-provisioning.md). - ---### New Federated Apps available in Azure AD Application gallery - December 2020 --**Type:** New feature -**Service category:** Enterprise Apps -**Product capability:** 3rd Party Integration - -In December 2020 we have added following 18 new applications in our App gallery with Federation support: --[AwareGo](../saas-apps/awarego-tutorial.md), [HowNow SSO](https://gethownow.com/), [ZyLAB ONE Legal Hold](https://www.zylab.com/en/product/legal-hold), [Guider](http://www.guider-ai.com/), [Softcrisis](https://www.softcrisis.se/sv/), [Pims 365](https://www.omega365.com/products/omega-pims), [InformaCast](../saas-apps/informacast-tutorial.md), [RetrieverMediaDatabase](../saas-apps/retrievermediadatabase-tutorial.md), [vonage](../saas-apps/vonage-tutorial.md), [Count Me In - Operations Dashboard](../saas-apps/count-me-in-operations-dashboard-tutorial.md), [ProProfs Knowledge Base](../saas-apps/proprofs-knowledge-base-tutorial.md), [RightCrowd Workforce Management](../saas-apps/rightcrowd-workforce-management-tutorial.md), [JLL TRIRIGA](../saas-apps/jll-tririga-tutorial.md), [Shutterstock](../saas-apps/shutterstock-tutorial.md), [FortiWeb Web Application Firewall](../saas-apps/linkedin-talent-solutions-tutorial.md), [LinkedIn Talent Solutions](../saas-apps/linkedin-talent-solutions-tutorial.md), [Equinix Federation App](../saas-apps/equinix-federation-app-tutorial.md), [KFAdvance](../saas-apps/kfadvance-tutorial.md) --You can also find the documentation of all the applications from here https://aka.ms/AppsTutorial --For listing your application in the Azure AD app gallery, read the details here https://aka.ms/AzureADAppRequest ----### Navigate to Teams directly from My Access portal --**Type:** Changed feature -**Service category:** User Access Management -**Product capability:** Entitlement Management --You can now launch Teams directly from My Access portal. To do so, sign-in to [My Access](https://myaccess.microsoft.com/), navigate to **Access packages**, then go to the **Active** Tab to see all access packages you already have access to. When you expand the access package and hover on Teams, you can launch it by clicking on the **Open** button. --To learn more about using the My Access portal, go to [Request access to an access package in Azure AD entitlement management](../governance/entitlement-management-request-access.md#sign-in-to-the-my-access-portal). ----### Public preview - Second level manager can be set as alternate approver --**Type:** Changed feature -**Service category:** User Access Management -**Product capability:** Entitlement Management --An extra option is now available in the approval process in Entitlement Management. If you select Manager as approver for the First Approver, you'll have another option, Second level manager as alternate approver, available to choose in the alternate approver field. When you select this option, you need to add a fallback approver to forward the request to in case the system can't find the second level manager. --For more information, go to [Change approval settings for an access package in Azure AD entitlement management](../governance/entitlement-management-access-package-approval-policy.md#alternate-approvers). ----## November 2020 --### Azure Active Directory TLS 1.0, TLS 1.1, and 3DES deprecation --**Type:** Plan for change -**Service category:** All Azure AD applications -**Product capability:** Standards --Azure Active Directory will deprecate the following protocols in Azure Active Directory worldwide regions starting June 30, 2021: --- TLS 1.0-- TLS 1.1-- 3DES cipher suite (TLS_RSA_WITH_3DES_EDE_CBC_SHA)--Affected environments are: -- Azure Commercial Cloud-- Office 365 GCC and WW--For guidance to remove deprecating protocols dependencies, please refer to [EEnable support for TLS 1.2 in your environment, in preparation for upcoming Azure AD TLS 1.0/1.1 deprecation](/troubleshoot/azure/active-directory/enable-support-tls-environment). ----### New Federated Apps available in Azure AD Application gallery - November 2020 --**Type:** New feature -**Service category:** Enterprise Apps -**Product capability:** 3rd Party Integration --In November 2020 we have added following 52 new applications in our App gallery with Federation support: --[Travel & Expense Management](https://app.expenseonce.com/Account/Login), [Tribeloo](../saas-apps/tribeloo-tutorial.md), [Itslearning File Picker](https://pmteam.itslearning.com/), [Crises Control](../saas-apps/crises-control-tutorial.md), [CourtAlert](https://www.courtalert.com/), [StealthMail](https://stealthmail.com/), [Edmentum - Study Island](https://app.studyisland.com/cfw/login/), [Virtual Risk Manager](../saas-apps/virtual-risk-manager-tutorial.md), [TIMU](../saas-apps/timu-tutorial.md), [Looker Analytics Platform](../saas-apps/looker-analytics-platform-tutorial.md), [Talview - Recruit](https://recruit.talview.com/login), Real Time Translator, [Klaxoon](https://access.klaxoon.com/login), [Podbean](../saas-apps/podbean-tutorial.md), [zcal](https://zcal.co/signup), [expensemanager](https://api.expense-manager.com/), [En-trak Tenant Experience Platform](https://portal.en-trak.app/), [Appian](../saas-apps/appian-tutorial.md), [Panorays](../saas-apps/panorays-tutorial.md), [Builterra](https://portal.builterra.com/), [EVA Check-in](https://my.evacheckin.com/organization), [HowNow WebApp SSO](../saas-apps/hownow-webapp-sso-tutorial.md), [Coupa Risk Assess](../saas-apps/coupa-risk-assess-tutorial.md), [Lucid (All Products)](../saas-apps/lucid-tutorial.md), [GoBright](https://portal.brightbooking.eu/), [SailPoint IdentityNow](../saas-apps/sailpoint-identitynow-tutorial.md),[Resource Central](../saas-apps/resource-central-tutorial.md), [UiPathStudioO365App](https://www.uipath.com/product/platform), [Jedox](../saas-apps/jedox-tutorial.md), [Cequence Application Security](../saas-apps/cequence-application-security-tutorial.md), [PerimeterX](../saas-apps/perimeterx-tutorial.md), [TrendMiner](../saas-apps/trendminer-tutorial.md), [Lexion](../saas-apps/lexion-tutorial.md), [WorkWare](../saas-apps/workware-tutorial.md), [ProdPad](../saas-apps/prodpad-tutorial.md), [AWS ClientVPN](../saas-apps/aws-clientvpn-tutorial.md), [AppSec Flow SSO](../saas-apps/appsec-flow-sso-tutorial.md), [Luum](../saas-apps/luum-tutorial.md), [Freight Measure](https://www.gpcsl.com/freight.html), [Terraform Cloud](../saas-apps/terraform-cloud-tutorial.md), [Nature Research](../saas-apps/nature-research-tutorial.md), [Play Digital Signage](https://login.playsignage.com/login), [RemotePC](../saas-apps/remotepc-tutorial.md), [Prolorus](../saas-apps/prolorus-tutorial.md), [Hirebridge ATS](../saas-apps/hirebridge-ats-tutorial.md), [Teamgage](https://teamgage.com), [Roadmunk](../saas-apps/roadmunk-tutorial.md), [Sunrise Software Relations CRM](https://cloud.relations-crm.com/), [Procaire](../saas-apps/procaire-tutorial.md), [Mentor® by eDriving: Business](https://www.edriving.com/), [Gradle Enterprise](https://gradle.com/) --You can also find the documentation of all the applications from here https://aka.ms/AppsTutorial --For listing your application in the Azure AD app gallery, read the details here https://aka.ms/AzureADAppRequest ----### Public preview - Custom roles for enterprise apps --**Type:** New feature -**Service category:** RBAC -**Product capability:** Access Control - - [Custom RBAC roles for delegated enterprise application management](../roles/custom-available-permissions.md) is now in public preview. These new permissions build on the custom roles for app registration management, which allows fine-grained control over what access your admins have. Over time, additional permissions to delegate management of Azure AD will be released. --Some common delegation scenarios: -- assignment of user and groups that can access SAML based single sign-on applications-- the creation of Azure AD Gallery applications-- update and read of basic SAML Configurations for SAML based single sign-on applications-- management of signing certificates for SAML based single sign-on applications-- update of expiring sign-in certificates notification email addresses for SAML based single sign-on applications-- update of the SAML token signature and sign-in algorithm for SAML based single sign-on applications-- create, delete, and update of user attributes and claims for SAML-based single sign-on applications-- ability to turn on, off, and restart provisioning jobs-- updates to attribute mapping-- ability to read provisioning settings associated with the object-- ability to read provisioning settings associated with your service principal-- ability to authorize application access for provisioning----### Public preview - Azure AD Application Proxy natively supports single sign-on access to applications that use headers for authentication --**Type:** New feature -**Service category:** App Proxy -**Product capability:** Access Control - -Azure Active Directory (Azure AD) Application Proxy natively supports single sign-on access to applications that use headers for authentication. You can configure header values required by your application in Azure AD. The header values will be sent down to the application via Application Proxy. To learn more, see [Header-based single sign-on for on-premises apps with Azure AD App Proxy](../app-proxy/application-proxy-configure-single-sign-on-with-headers.md) - ---### General Availability - Azure AD B2C Phone Sign-up and Sign-in using Custom Policy --**Type:** New feature -**Service category:** B2C - Consumer Identity Management -**Product capability:** B2B/B2C --With phone number sign-up and sign-in, developers and enterprises can allow their customers to sign up and sign in using a one-time password sent to the user's phone number via SMS. This feature also lets the customer change their phone number if they lose access to their phone. With the power of custom policies, allow developers and enterprises to communicate their brand through page customization. Find out how to [set up phone sign-up and sign-in with custom policies in Azure AD B2C](../../active-directory-b2c/phone-authentication-user-flows.md). - ---### New provisioning connectors in the Azure AD Application Gallery - November 2020 --**Type:** New feature -**Service category:** App Provisioning -**Product capability:** 3rd Party Integration - -You can now automate creating, updating, and deleting user accounts for these newly integrated apps: --- [Adobe Identity Management](../saas-apps/adobe-identity-management-provisioning-tutorial.md)-- [Blogin](../saas-apps/blogin-provisioning-tutorial.md)-- [Clarizen One](../saas-apps/clarizen-one-provisioning-tutorial.md)-- [Contentful](../saas-apps/contentful-provisioning-tutorial.md)-- [GitHub AE](../saas-apps/github-ae-provisioning-tutorial.md)-- [Playvox](../saas-apps/playvox-provisioning-tutorial.md)-- [PrinterLogic SaaS](../saas-apps/printer-logic-saas-provisioning-tutorial.md)-- [Tic - Tac Mobile](../saas-apps/tic-tac-mobile-provisioning-tutorial.md)-- [Visibly](../saas-apps/visibly-provisioning-tutorial.md)--For more information, see [Automate user provisioning to SaaS applications with Azure AD](../app-provisioning/user-provisioning.md). - ---### Public Preview - Email Sign in with ProxyAddresses now deployable via Staged Rollout --**Type:** New feature -**Service category:** Authentications (Logins) -**Product capability:** User Authentication - -Tenant administrators can now use Staged Rollout to deploy Email Sign-In with ProxyAddresses to specific Azure AD groups. This can help while trying out the feature before deploying it to the entire tenant via the Home Realm Discovery policy. Instructions for deploying Email Sign-In with ProxyAddresses via Staged Rollout are in the [documentation](../authentication/howto-authentication-use-email-signin.md). - ---### Limited Preview - Sign-in Diagnostic --**Type:** New feature -**Service category:** Reporting -**Product capability:** Monitoring & Reporting - -With the initial preview release of the Sign-in Diagnostic, admins can now review user sign-ins. Admins can receive contextual, specific, and relevant details and guidance on what happened during a sign-in and how to fix problems. The diagnostic is available in both the Azure AD level, and Conditional Access Diagnose and Solve blades. The diagnostic scenarios covered in this release are Conditional Access, Azure Active Directory Multi-Factor Authentication, and successful sign-in. --For more information, see [What is sign-in diagnostic in Azure AD?](../reports-monitoring/overview-sign-in-diagnostics.md). - ---### Improved Unfamiliar Sign-in Properties --**Type:** Changed feature -**Service category:** Identity Protection -**Product capability:** Identity Security & Protection -- Unfamiliar sign-in properties detections has been updated. Customers may notice more high-risk unfamiliar sign-in properties detections. For more information, see [What is risk?](../identity-protection/concept-identity-protection-risks.md) - ---### Public Preview refresh of Cloud Provisioning agent now available (Version: 1.1.281.0) --**Type:** Changed feature -**Service category:** Azure AD Cloud Provisioning -**Product capability:** Identity Lifecycle Management - -Cloud provisioning agent has been released in public preview and is now available through the portal. This release contains several improvements including, support for GMSA for your domains, which provides better security, improved initial sync cycles, and support for large groups. Check out the release version [history](../app-provisioning/provisioning-agent-release-version-history.md) for more details. - ---### BitLocker recovery key API endpoint now under /informationProtection --**Type:** Changed feature -**Service category:** Device Access Management -**Product capability:** Device Lifecycle Management - -Previously, you could recover BitLocker keys via the /bitlocker endpoint. We'll eventually be deprecating this endpoint, and customers should begin consuming the API that now falls under /informationProtection. --See [BitLocker recovery API](/graph/api/resources/bitlockerrecoverykey) for updates to the documentation to reflect these changes. ----### General Availability of Application Proxy support for Remote Desktop Services HTML5 Web Client --**Type:** Changed feature -**Service category:** App Proxy -**Product capability:** Access Control - -Azure AD Application Proxy support for Remote Desktop Services (RDS) Web Client is now in General Availability. The RDS web client allows users to access Remote Desktop infrastructure through any HTLM5-capable browser such as Microsoft Edge, Internet Explorer 11, Google Chrome, and so on. Users can interact with remote apps or desktops like they would with a local device from anywhere. --By using Azure AD Application Proxy, you can increase the security of your RDS deployment by enforcing pre-authentication and Conditional Access policies for all types of rich client apps. To learn more, see [Publish Remote Desktop with Azure AD Application Proxy](../app-proxy/application-proxy-integrate-with-remote-desktop-services.md) - ---### New enhanced Dynamic Group service is in Public Preview --**Type:** Changed feature -**Service category:** Group Management -**Product capability:** Collaboration - -Enhanced dynamic group service is now in Public Preview. New customers that create dynamic groups in their tenants will be using the new service. The time required to create a dynamic group will be proportional to the size of the group that is being created instead of the size of the tenant. This update will improve performance for large tenants significantly when customers create smaller groups. --The new service also aims to complete member addition and removal because of attribute changes within a few minutes. Also, single processing failures won't block tenant processing. To learn more about creating dynamic groups, see our [documentation](../enterprise-users/groups-create-rule.md). - ---## October 2020 --### Azure AD on-premises Hybrid Agents Impacted by Azure TLS Certificate Changes --**Type:** Plan for change -**Service category:** N/A -**Product capability:** Platform --Microsoft is updating Azure services to use TLS certificates from a different set of Root Certificate Authorities (CAs). This update is due to the current CA certificates not complying with one of the CA/Browser Forum Baseline requirements. This change will impact Azure AD hybrid agents installed on-premises that have hardened environments with a fixed list of root certificates and will need to be updated to trust the new certificate issuers. --This change will result in disruption of service if you don't take action immediately. These agents include [Application Proxy connectors](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/AppProxy) for remote access to on-premises, [Passthrough Authentication](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/AzureADConnect) agents that allow your users to sign in to applications using the same passwords, and [Cloud Provisioning Preview](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/AzureADConnect) agents that perform AD to Azure AD sync. --If you have an environment with firewall rules set to allow outbound calls to only specific Certificate Revocation List (CRL) download, you'll need to allow the following CRL and OCSP URLs. For full details on the change and the CRL and OCSP URLs to enable access to, see [Azure TLS certificate changes](../../security/fundamentals/tls-certificate-changes.md). ----### Provisioning events will be removed from audit logs and published solely to provisioning logs --**Type:** Plan for change -**Service category:** Reporting -**Product capability:** Monitoring & Reporting - -Activity by the SCIM [provisioning service](../app-provisioning/user-provisioning.md) is logged in both the audit logs and provisioning logs. This includes activity such as the creation of a user in ServiceNow, group in GSuite, or import of a role from AWS. In the future, these events will only be published in the provisioning logs. This change is being implemented to avoid duplicate events across logs, and additional costs incurred by customers consuming the logs in log analytics. --We'll provide an update when a date is completed. This deprecation isn't planned for the calendar year 2020. --> [!NOTE] -> This does not impact any events in the audit logs outside of the synchronization events emitted by the provisioning service. Events such as the creation of an application, conditional access policy, a user in the directory, etc. will continue to be emitted in the audit logs. [Learn more](../reports-monitoring/concept-provisioning-logs.md?context=azure%2factive-directory%2fapp-provisioning%2fcontext%2fapp-provisioning-context). - ----### Azure AD On-Premises Hybrid Agents Impacted by Azure Transport Layer Security (TLS) Certificate Changes --**Type:** Plan for change -**Service category:** N/A -**Product capability:** Platform - -Microsoft is updating Azure services to use TLS certificates from a different set of Root Certificate Authorities (CAs). There will be an update because of the current CA certificates not following one of the CA/Browser Forum Baseline requirements. This change will impact Azure AD hybrid agents installed on-premises that have hardened environments with a fixed list of root certificates. These agents will need to be updated to trust the new certificate issuers. --This change will result in disruption of service if you don't take action immediately. These agents include: -- [Application Proxy connectors](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/AppProxy) for remote access to on-premises -- [Passthrough Authentication](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/AzureADConnect) agents that allow your users to sign in to applications using the same passwords-- [Cloud Provisioning Preview](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/AzureADConnect) agents that do AD to Azure AD sync. --If you have an environment with firewall rules set to allow outbound calls to only specific Certificate Revocation List (CRL) download, you'll need to allow CRL and OCSP URLs. For full details on the change and the CRL and OCSP URLs to enable access to, see [Azure TLS certificate changes](../../security/fundamentals/tls-certificate-changes.md). ----[1305958](https://identitydivision.visualstudio.com/IAM/IXR/_queries?id=1305958&triage=true&fullScreen=false&_a=edit) --### Azure Active Directory TLS 1.0 & 1.1, and 3DES Cipher Suite Deprecation --**Type:** Plan for change -**Service category:** N/A -**Product capability:** Standards --Azure Active Directory will deprecate the following protocols in Azure Active Directory worldwide regions starting on January 31, 2022 (This date has been postponed from 30th June 2021 to 31st Jan 2022, to give Administrators more time to remove the dependency on legacy TLS protocols and ciphers (TLS 1.0,1.1 and 3DES)): --- TLS 1.0-- TLS 1.1-- 3DES cipher suite (TLS_RSA_WITH_3DES_EDE_CBC_SHA)--Affected environments are: --- Azure Commercial Cloud-- Office 365 GCC and WW--Users, services, and applications that interact with Azure Active Directory and Microsoft Graph, should use TLS 1.2 and modern cipher suites to maintain a secure connection to Azure Active Directory for Azure, Office 365, and Microsoft 365 services. For additional guidance, refer to [Enable support for TLS 1.2 in your environment, in preparation for upcoming deprecation of Azure AD TLS 1.0/1.1](/troubleshoot/azure/active-directory/enable-support-tls-environment). ----### Azure Active Directory TLS 1.0, TLS 1.1, and 3DES Deprecation in US Gov Cloud --**Type:** Plan for change -**Service category:** All Azure AD applications -**Product capability:** Standards - -Azure Active Directory will deprecate the following protocols starting March 31, 2021: -- TLS 1.0-- TLS 1.1-- 3DES cipher suite (TLS_RSA_WITH_3DES_EDE_CBC_SHA)--All client-server and browser-server combinations should use TLS 1.2 and modern cipher suites to maintain a secure connection to Azure Active Directory for Azure, Office 365, and Microsoft 365 services. --Affected environments are: -- Azure US Gov-- [Office 365 GCC High & DoD](/microsoft-365/compliance/tls-1-2-in-office-365-gcc)--For guidance to remove deprecating protocols dependencies, please refer to [Enable support for TLS 1.2 in your environment for Azure AD TLS 1.1 and 1.0 deprecation](/troubleshoot/azure/active-directory/enable-support-tls-environment). - ---### Assign applications to roles on administrative unit and object scope --**Type:** New feature -**Service category:** RBAC -**Product capability:** Access Control - -This feature enables the ability to assign an application (SPN) to an administrator role on the administrative unit scope. To learn more, refer to [Assign scoped roles to an administrative unit](../roles/admin-units-assign-roles.md). ----### Now you can disable and delete guest users when they're denied access to a resource --**Type:** New feature -**Service category:** Access Reviews -**Product capability:** Identity Governance - -Disable and delete is an advanced control in Azure AD Access Reviews to help organizations better manage external guests in Groups and Apps. If guests are denied in an access review, **disable and delete** will automatically block them from signing in for 30 days. After 30 days, then they'll be removed from the tenant altogether. --For more information about this feature, see [Disable and delete external identities with Azure AD Access Reviews](../governance/access-reviews-external-users.md#disable-and-delete-external-identities-with-azure-ad-access-reviews). - ---### Access Review creators can add custom messages in emails to reviewers --**Type:** New feature -**Service category:** Access Reviews -**Product capability:** Identity Governance - -In Azure AD access reviews, administrators creating reviews can now write a custom message to the reviewers. Reviewers will see the message in the email they receive that prompts them to complete the review. To learn more about using this feature, see step 14 of the [Create a single-stage review](../governance/create-access-review.md#create-a-single-stage-access-review) section. ----### New provisioning connectors in the Azure AD Application Gallery - October 2020 --**Type:** New feature -**Service category:** App Provisioning -**Product capability:** 3rd Party Integration - -You can now automate creating, updating, and deleting user accounts for these newly integrated apps: --- [Apple Business Manager](../saas-apps/apple-business-manager-provision-tutorial.md)-- [Apple School Manager](../saas-apps/apple-school-manager-provision-tutorial.md)-- [Code42](../saas-apps/code42-provisioning-tutorial.md)-- [AlertMedia](../saas-apps/alertmedia-provisioning-tutorial.md)-- [OpenText Directory Services](../saas-apps/open-text-directory-services-provisioning-tutorial.md)-- [Cinode](../saas-apps/cinode-provisioning-tutorial.md)-- [Global Relay Identity Sync](../saas-apps/global-relay-identity-sync-provisioning-tutorial.md)--For more information about how to better secure your organization by using automated user account provisioning, see [Automate user provisioning to SaaS applications with Azure AD](../app-provisioning/user-provisioning.md). - ---### Integration assistant for Azure AD B2C --**Type:** New feature -**Service category:** B2C - Consumer Identity Management -**Product capability:** B2B/B2C - -The Integration Assistant (preview) experience is now available for Azure AD B2C App registrations. This experience helps guide you in configuring your application for common scenarios.. Learn more about [Microsoft identity platform best practices and recommendations](../develop/identity-platform-integration-checklist.md). - ---### View role template ID in Azure portal UI --**Type:** New feature -**Service category:** Azure roles -**Product capability:** Access Control - --You can now view the template ID of each Azure AD role in the Azure portal. In Azure AD, select **description** of the selected role. --It's recommended that customers use role template IDs in their PowerShell script and code, instead of the display name. Role template ID is supported for use to [directoryRoles](/graph/api/resources/directoryrole) and [roleDefinition](/graph/api/resources/unifiedroledefinition) objects. For more information on role template IDs, see [Azure AD built-in roles](../roles/permissions-reference.md). ----### API connectors for Azure AD B2C sign-up user flows is now in public preview --**Type:** New feature -**Service category:** B2C - Consumer Identity Management -**Product capability:** B2B/B2C - --API connectors are now available for use with Azure Active Directory B2C. API connectors enable you to use web APIs to customize your sign-up user flows and integrate with external cloud systems. You can you can use API connectors to: --- Integrate with custom approval workflows-- Validate user input data-- Overwrite user attributes -- Run custom business logic -- Visit the [Use API connectors to customize and extend sign-up](../../active-directory-b2c/api-connectors-overview.md) documentation to learn more. ----### State property for connected organizations in entitlement management --**Type:** New feature -**Service category:** Directory Management -**Product capability:** Entitlement Management - -- All connected organizations will now have an additional property called "State". The state will control how the connected organization will be used in policies that refer to "all configured connected organizations". The value will be either "configured" (meaning the organization is in the scope of policies that use the "all" clause) or "proposed" (meaning that the organization isn't in scope). --Manually created connected organizations will have a default setting of "configured". Meanwhile, automatically created ones (created via policies that allow any user from the internet to request access) will default to "proposed." Any connected organizations created before September 9 2020 will be set to "configured." Admins can update this property as needed. [Learn more](../governance/entitlement-management-organization.md#managing-a-connected-organization-programmatically). - ----### Azure Active Directory External Identities now has premium advanced security settings for B2C --**Type:** New feature -**Service category:** B2C - Consumer Identity Management -**Product capability:** B2B/B2C - -Risk-based Conditional Access and risk detection features of Identity Protection are now available in [Azure AD B2C](../..//active-directory-b2c/conditional-access-identity-protection-overview.md). With these advanced security features, customers can now: -- Leverage intelligent insights to assess risk with B2C apps and end user accounts. Detections include atypical travel, anonymous IP addresses, malware-linked IP addresses, and Azure AD threat intelligence. Portal and API-based reports are also available.-- Automatically address risks by configuring adaptive authentication policies for B2C users. App developers and administrators can mitigate real-time risk by requiring Azure Active Directory Multi-Factor Authentication (MFA) or blocking access depending on the user risk level detected, with additional controls available based on location, group, and app.-- Integrate with Azure AD B2C user flows and custom policies. Conditions can be triggered from built-in user flows in Azure AD B2C or can be incorporated into B2C custom policies. As with other aspects of the B2C user flow, end user experience messaging can be customized. Customization is according to the organization's voice, brand, and mitigation alternatives.- ---### New Federated Apps available in Azure AD Application gallery - October 2020 --**Type:** New feature -**Service category:** Enterprise Apps -**Product capability:** 3rd Party Integration - -In October 2020 we have added following 27 new applications in our App gallery with Federation support: --[Sentry](../saas-apps/sentry-tutorial.md), [Bumblebee - Productivity Superapp](https://app.yellowmessenger.com/user/login), [ABBYY FlexiCapture Cloud](../saas-apps/abbyy-flexicapture-cloud-tutorial.md), [EAComposer](../saas-apps/eacomposer-tutorial.md), [Genesys Cloud Integration for Azure](https://apps.mypurecloud.com/msteams-integration/), [Zone Technologies Portal](https://portail.zonetechnologie.com/signin), [Beautiful.ai](../saas-apps/beautiful.ai-tutorial.md), [Datawiza Access Broker](https://console.datawiza.com/), [ZOKRI](https://app.zokri.com/), [CheckProof](../saas-apps/checkproof-tutorial.md), [Ecochallenge.org](https://events.ecochallenge.org/users/login), [atSpoke](https://www.atspoke.com/), [Appointment Reminder](https://app.appointmentreminder.co.nz/account/login), [Cloud.Market](https://cloud.market/), [TravelPerk](../saas-apps/travelperk-tutorial.md), [Greetly](https://app.greetly.com/), [OrgVitality SSO](../saas-apps/orgvitality-sso-tutorial.md), [Web Cargo Air](../saas-apps/web-cargo-air-tutorial.md), [Loop Flow CRM](../saas-apps/loop-flow-crm-tutorial.md), [Starmind](../saas-apps/starmind-tutorial.md), [Workstem](https://hrm.workstem.com/login), [Retail Zipline](../saas-apps/retail-zipline-tutorial.md), [Hoxhunt](../saas-apps/hoxhunt-tutorial.md), [MEVISIO](../saas-apps/mevisio-tutorial.md), [Samsara](../saas-apps/samsara-tutorial.md), [Nimbus](../saas-apps/nimbus-tutorial.md), [Pulse Secure virtual Traffic Manager](../saas-apps/pulse-secure-virtual-traffic-manager-tutorial.md) --You can also find the documentation of all the applications from here https://aka.ms/AppsTutorial --For listing your application in the Azure AD app gallery, read the details here https://aka.ms/AzureADAppRequest ----### Provisioning logs can now be streamed to log analytics --**Type:** New feature -**Service category:** Reporting -**Product capability:** Monitoring & Reporting - --Publish your provisioning logs to log analytics in order to: -- Store provisioning logs for more than 30 days-- Define custom alerts and notifications-- Build dashboards to visualize the logs-- Execute complex queries to analyze the logs --To learn how to use the feature, see [Understand how provisioning integrates with Azure Monitor logs](../app-provisioning/application-provisioning-log-analytics.md). - ---### Provisioning logs can now be viewed by application owners --**Type:** Changed feature -**Service category:** Reporting -**Product capability:** Monitoring & Reporting - -You can now allow application owners to monitor activity by the provisioning service and troubleshoot issues without providing them a privileged role or making IT a bottleneck. [Learn more](../reports-monitoring/concept-provisioning-logs.md). - ---### Renaming 10 Azure Active Directory roles --**Type:** Changed feature -**Service category:** Azure roles -**Product capability:** Access Control - -Some Azure Active Directory (AD) built-in roles have names that differ from those that appear in Microsoft 365 admin center, the Azure portal, and Microsoft Graph. This inconsistency can cause problems in automated processes. With this update, we're renaming 10 role names to make them consistent. The following table has the new role names: -- ----### Azure AD B2C support for auth code flow for SPAs using MSAL JS 2.x --**Type:** Changed feature -**Service category:** B2C - Consumer Identity Management -**Product capability:** B2B/B2C - -MSAL.js version 2.x now includes support for the authorization code flow for single-page web apps (SPAs). Azure AD B2C will now support the use of the SPA app type on the Azure portal and the use of MSAL.js authorization code flow with PKCE for single-page apps. This will allow SPAs using Azure AD B2C to maintain SSO with newer browsers and abide by newer authentication protocol recommendations. Get started with the [Register a single-page application (SPA) in Azure Active Directory B2C](../../active-directory-b2c/tutorial-register-spa.md) tutorial. ----### Updates to Remember Azure Active Directory Multi-Factor Authentication (MFA) on a trusted device setting --**Type:** Changed feature -**Service category:** MFA -**Product capability:** Identity Security & Protection - --We've recently updated the [remember Azure Active Directory Multi-Factor Authentication (MFA)](../authentication/howto-mfa-mfasettings.md#remember-multi-factor-authentication) on a trusted device feature to extend authentication for up to 365 days. Azure Active Directory (Azure AD) Premium licenses, can also use the [Conditional Access ΓÇô Sign-in Frequency policy](../conditional-access/howto-conditional-access-session-lifetime.md#user-sign-in-frequency) that provides more flexibility for reauthentication settings. --For the optimal user experience, we recommend using Conditional Access sign-in frequency to extend session lifetimes on trusted devices, locations, or low-risk sessions as an alternative to remember multifactor authentication (MFA) on a trusted device setting. To get started, review our [latest guidance on optimizing the reauthentication experience](../authentication/concepts-azure-multi-factor-authentication-prompts-session-lifetime.md). ----## September 2020 --### New provisioning connectors in the Azure AD Application Gallery - September 2020 --**Type:** New feature -**Service category:** App Provisioning -**Product capability:** 3rd Party Integration - -You can now automate creating, updating, and deleting user accounts for these newly integrated apps: --- [Coda](../saas-apps/coda-provisioning-tutorial.md)-- [Cofense Recipient Sync](../saas-apps/cofense-provision-tutorial.md)-- [InVision](../saas-apps/invision-provisioning-tutorial.md)-- [myday](../saas-apps/myday-provision-tutorial.md)-- [SAP Analytics Cloud](../saas-apps/sap-analytics-cloud-provisioning-tutorial.md)-- [Webroot Security Awareness](../saas-apps/webroot-security-awareness-training-provisioning-tutorial.md)--For more information about how to better secure your organization by using automated user account provisioning, see [Automate user provisioning to SaaS applications with Azure AD](../app-provisioning/user-provisioning.md). - --### Cloud Provisioning Public Preview Refresh --**Type:** New feature -**Service category:** Azure AD Cloud Provisioning -**Product capability:** Identity Lifecycle Management - -Azure AD Connect Cloud Provisioning public preview refresh features two major enhancements developed from customer feedback: --- Attribute Mapping Experience through Azure portal-- With this feature, IT Admins can map user, group, or contact attributes from AD to Azure AD using various mapping types present today. Attribute mapping is a feature used for standardizing the values of the attributes that flow from Active Directory to Azure Active Directory. One can determine whether to directly map the attribute value as it is from AD to Azure AD or use expressions to transform the attribute values when provisioning users. [Learn more](../cloud-sync/how-to-attribute-mapping.md) --- On-demand Provisioning or Test User experience-- Once you have set up your configuration, you might want to test to see if the user transformation is working as expected before applying it to all your users in scope. With on-demand provisioning, IT Admins can enter the Distinguished Name (DN) of an AD user and see if they're getting synced as expected. On-demand provisioning provides a great way to ensure that the attribute mappings you did previously work as expected. [Learn More](../cloud-sync/how-to-on-demand-provision.md) - ---### Audited BitLocker Recovery in Azure AD - Public Preview --**Type:** New feature -**Service category:** Device Access Management -**Product capability:** Device Lifecycle Management - -When IT admins or end users read BitLocker recovery key(s) they have access to, Azure Active Directory now generates an audit log that captures who accessed the recovery key. The same audit provides details of the device the BitLocker key was associated with. --End users can [access their recovery keys via My Account](https://support.microsoft.com/account-billing/manage-your-work-or-school-account-connected-devices-from-the-devices-page-6b5a735d-0a7f-4e94-8cfd-f5da6bc13d4e#view-a-bitlocker-key). IT admins can access recovery keys via the [BitLocker recovery key API](/graph/api/resources/bitlockerrecoverykey) or via the Azure portal. To learn more, see [View or copy BitLocker keys in the Azure portal](../devices/device-management-azure-portal.md#view-or-copy-bitlocker-keys). ----### Teams Devices Administrator built-in role --**Type:** New feature -**Service category:** RBAC -**Product capability:** Access Control - -Users with the [Teams Devices Administrator](../roles/permissions-reference.md#teams-devices-administrator) role can manage [Teams-certified devices](https://www.microsoft.com/microsoft-365/microsoft-teams/across-devices/devices) from the Teams Admin Center. --This role allows the user to view all devices at single glance, with the ability to search and filter devices. The user can also check the details of each device including logged-in account and the make and model of the device. The user can change the settings on the device and update the software versions. This role doesn't grant permissions to check Teams activity and call quality of the device. - ---### Advanced query capabilities for Directory Objects --**Type:** New feature -**Service category:** MS Graph -**Product capability:** Developer Experience - -All the new query capabilities introduced for Directory Objects in Azure AD APIs are now available in the v1.0 endpoint and production-ready. Developers can Count, Search, Filter, and Sort Directory Objects and related links using the standard OData operators. --To learn more, see the documentation [here](https://aka.ms/BlogPostMezzoGA), and you can also send feedback with this [brief survey](https://forms.office.com/Pages/ResponsePage.aspx?id=v4j5cvGGr0GRqy180BHbR_yN8EPoGo5OpR1hgmCp1XxUMENJRkNQTk5RQkpWTE44NEk2U0RIV0VZRy4u). - ---### Public preview: continuous access evaluation for tenants who configured Conditional Access policies --**Type:** New feature -**Service category:** Authentications (Logins) -**Product capability:** Identity Security & Protection - -Continuous access evaluation (CAE) is now available in public preview for Azure AD tenants with Conditional Access policies. With CAE, critical security events and policies are evaluated in real time. This includes account disable, password reset, and location change. To learn more, see [Continuous access evaluation](../conditional-access/concept-continuous-access-evaluation.md). ----### Public preview: ask users requesting an access package additional questions to improve approval decisions --**Type:** New feature -**Service category:** User Access Management -**Product capability:** Entitlement Management - -Administrators can now require that users requesting an access package answer additional questions beyond just business justification in Azure AD Entitlement management's My Access portal. The users' answers will then be shown to the approvers to help them make a more accurate access approval decision. To learn more, see [Collect additional requestor information for approval](../governance/entitlement-management-access-package-approval-policy.md#collect-additional-requestor-information-for-approval). - ---### Public preview: Enhanced user management --**Type:** New feature -**Service category:** User Management -**Product capability:** User Management - --The Azure portal has been updated to make it easier to find users in the All users and Deleted users pages. Changes in the preview include: -- More visible user properties including object ID, directory sync status, creation type, and identity issuer.-- Search now allows combined search of names, emails, and object IDs.-- Enhanced filtering by user type (member, guest, and none), directory sync status, creation type, company name, and domain name.-- New sorting capabilities on properties like name, user principal name and deletion date.-- A new total users count that updates with any searches or filters.--For more information, please see [User management enhancements (preview) in Azure Active Directory](../enterprise-users/users-search-enhanced.md). ----### New notes field for Enterprise applications --**Type:** New feature -**Service category:** Enterprise Apps -**Product capability:** SSO --You can add free text notes to Enterprise applications. You can add any relevant information that will help manager applications under Enterprise applications. For more information, see [Quickstart: Configure properties for an application in your Azure Active Directory (Azure AD) tenant](../manage-apps/add-application-portal-configure.md). ----### New Federated Apps available in Azure AD Application gallery - September 2020 --**Type:** New feature -**Service category:** Enterprise Apps -**Product capability:** 3rd Party Integration --In September 2020 we have added following 34 new applications in our App gallery with Federation support: --[VMware Horizon - Unified Access Gateway](), [Pulse Secure PCS](../saas-apps/vmware-horizon-unified-access-gateway-tutorial.md), [Inventory360](../saas-apps/pulse-secure-pcs-tutorial.md), [Frontitude](https://services.enteksystems.de/sso/microsoft/signup), [BookWidgets](https://www.bookwidgets.com/sso/office365), [ZVD_Server](https://zaas.zenmutech.com/user/signin), [HashData for Business](https://hashdata.app/login.xhtml), [SecureLogin](https://securelogin.securelogin.nu/sso/azure/login), [CyberSolutions MAILBASE╬ú/CMSS](../saas-apps/cybersolutions-mailbase-tutorial.md), [CyberSolutions CYBERMAIL╬ú](../saas-apps/cybersolutions-cybermail-tutorial.md), [LimbleCMMS](https://auth.limblecmms.com/), [Glint Inc](../saas-apps/glint-inc-tutorial.md), [zeroheight](../saas-apps/zeroheight-tutorial.md), [Gender Fitness](https://app.genderfitness.com/), [Coeo Portal](https://my.coeo.com/), [Grammarly](../saas-apps/grammarly-tutorial.md), [Fivetran](../saas-apps/fivetran-tutorial.md), [Kumolus](../saas-apps/kumolus-tutorial.md), [RSA Archer Suite](../saas-apps/rsa-archer-suite-tutorial.md), [TeamzSkill](../saas-apps/teamzskill-tutorial.md), [raumf├╝rraum](../saas-apps/raumfurraum-tutorial.md), [Saviynt](../saas-apps/saviynt-tutorial.md), [BizMerlinHR](https://marketplace.bizmerlin.net/bmone/signup), [Mobile Locker](../saas-apps/mobile-locker-tutorial.md), [Zengine](../saas-apps/zengine-tutorial.md), [CloudCADI](https://cloudcadi.com/), [Simfoni Analytics](https://simfonianalytics.com/accounts/microsoft/login/), [Priva Identity & Access Management](https://my.priva.com/), [Nitro Pro](https://www.gonitro.com/nps/product-details/downloads), [Eventfinity](../saas-apps/eventfinity-tutorial.md), [Fexa](../saas-apps/fexa-tutorial.md), [Secured Signing Enterprise Portal](https://www.securedsigning.com/aad/Auth/ExternalLogin/AdminPortal), [Secured Signing Enterprise Portal AAD Setup](https://www.securedsigning.com/aad/Auth/ExternalLogin/AdminPortal), [Wistec Online](https://wisteconline.com/auth/oidc), [Oracle PeopleSoft - Protected by F5 BIG-IP APM](../saas-apps/oracle-peoplesoft-protected-by-f5-big-ip-apm-tutorial.md) --You can also find the documentation of all the applications from here: https://aka.ms/AppsTutorial. --For listing your application in the Azure AD app gallery, read the details here: https://aka.ms/AzureADAppRequest. ----### New delegation role in Azure AD entitlement management: Access package assignment manager --**Type:** New feature -**Service category:** User Access Management -**Product capability:** Entitlement Management - -A new Access Package Assignment Manager role has been added in Azure AD entitlement management to provide granular permissions to manage assignments. You can now delegate tasks to a user in this role, who can delegate assignments management of an access package to a business owner. However, an Access Package Assignment Manager can't alter the access package policies or other properties that are set by the administrators. --With this new role, you benefit from the least privileges needed to delegate management of assignments and maintain administrative control on all other access package configurations. To learn more, see [Entitlement management roles](../governance/entitlement-management-delegate.md#entitlement-management-roles). - ---### Changes to Privileged Identity Management's onboarding flow --**Type:** Changed feature -**Service category:** Privileged Identity Management -**Product capability:** Privileged Identity Management - -Previously, onboarding to Privileged Identity Management (PIM) required user consent and an onboarding flow in PIM's blade that included enrollment in Azure Active Directory Multi-Factor Authentication (MFA). With the recent integration of PIM experience into the Azure AD roles and administrators blade, we are removing this experience. Any tenant with valid P2 license will be auto-onboarded to PIM. --Onboarding to PIM does not have any direct adverse effect on your tenant. You can expect the following changes: -- Additional assignment options such as active vs. eligible with start and end time when you make an assignment in either PIM or Azure AD roles and administrators blade. -- Additional scoping mechanisms, like Administrative Units and custom roles, introduced directly into the assignment experience. -- If you're a global administrator or privileged role administrator, you may start getting a few additional emails like the PIM weekly digest. -- You might also see ms-pim service principal in the audit log related to role assignment. This expected change shouldn't affect your regular workflow.-- For more information, see [Start using Privileged Identity Management](../privileged-identity-management/pim-getting-started.md). ----### Azure AD Entitlement Management: The Select pane of access package resources now shows by default the resources currently in the selected catalog --**Type:** Changed feature -**Service category:** User Access Management -**Product capability:** Entitlement Management - --In the access package creation flow, under the Resource roles tab, the Select pane behavior is changing. Currently, the default behavior is to show all resources that are owned by the user and resources added to the selected catalog. --This experience will be changed to display only the resources currently added in the catalog by default, so that users can easily pick resources from the catalog. The update will help with discoverability of the resources to add to access packages, and reduce risk of inadvertently adding resources owned by the user that aren't part of the catalog. To learn more, see [Create a new access package in Azure AD entitlement management](../governance/entitlement-management-access-package-create.md#resource-roles). - ---## August 2020 - -### Updates to Azure Active Directory Multi-Factor Authentication Server firewall requirements --**Type:** Plan for change -**Service category:** MFA -**Product capability:** Identity Security & Protection - -Starting 1 October 2020, Azure AD Multi-Factor Authentication (MFA) Server firewall requirements will require additional IP ranges. --If you have outbound firewall rules in your organization, update the rules so that your multifactor authentication (MFA) servers can communicate with all the necessary IP ranges. The IP ranges are documented in [Azure Active Directory Multi-Factor Authentication Server firewall requirements](../authentication/howto-mfaserver-deploy.md#azure-multi-factor-authentication-server-firewall-requirements). ----### Upcoming changes to user experience in Identity Secure Score --**Type:** Plan for change -**Service category:** Identity Protection -**Product capability:** Identity Security & Protection --We're updating the Identity Secure Score portal to align with the changes introduced in Microsoft Secure Score's [new release](/microsoft-365/security/mtp/microsoft-secure-score-whats-new). --The preview version with the changes will be available at the beginning of September. The changes in the preview version include: -- "Identity Secure Score" renamed to "Secure Score for Identity" for brand alignment with Microsoft Secure Score-- Points normalized to standard scale and reported in percentages instead of points--In this preview, customers can toggle between the existing experience and the new experience. This preview will last until the end of November 2020. After the preview, the customers will automatically be directed to the new UX experience. ----### New Restricted Guest Access Permissions in Azure AD - Public Preview --**Type:** New feature -**Service category:** Access Control -**Product capability:** User Management --We've updated directory level permissions for guest users. These permissions allow administrators to require additional restrictions and controls on external guest user access. Admins can now add additional restrictions for external guests' access to user and groups' profile and membership information. With this public preview feature, customers can manage external user access at scale by obfuscating group memberships, including restricting guest users from seeing memberships of the group(s) they are in. --To learn more, see [Restricted Guest Access Permissions](../enterprise-users/users-restrict-guest-permissions.md) and [Users Default Permissions](./users-default-permissions.md). - ---### General availability of delta queries for service principals --**Type:** New feature -**Service category:** MS Graph -**Product capability:** Developer Experience - -Microsoft Graph Delta Query now supports the resource type in v1.0: -- Service Principal--Now clients can track changes to those resources efficiently and provides the best solution to synchronize changes to those resources with a local data store. To learn how to configure these resources in a query, see [Use delta query to track changes in Microsoft Graph data](/graph/delta-query-overview). - ---### General availability of delta queries for oAuth2PermissionGrant --**Type:** New feature -**Service category:** MS Graph -**Product capability:** Developer Experience --Microsoft Graph Delta Query now supports the resource type in v1.0: -- OAuth2PermissionGrant--Clients can now track changes to those resources efficiently and provides the best solution to synchronize changes to those resources with a local data store. To learn how to configure these resources in a query, see [Use delta query to track changes in Microsoft Graph data](/graph/delta-query-overview). ----### New Federated Apps available in Azure AD Application gallery - August 2020 --**Type:** New feature -**Service category:** Enterprise Apps -**Product capability:** 3rd Party Integration --In August 2020 we have added following 25 new applications in our App gallery with Federation support: --[Backup365](https://portal.backup365.io/login), [Soapbox](https://app.soapboxhq.com/create?step=auth&provider=azure-ad2-oauth2), [Enlyft Dynamics 365 Connector](http://enlyft.com/), [Serraview Space Utilization Software Solutions](../saas-apps/serraview-space-utilization-software-solutions-tutorial.md), [Uniq](https://web.uniq.app/), [Visibly](../saas-apps/visibly-tutorial.md), [Zylo](../saas-apps/zylo-tutorial.md), [Edmentum - Courseware Assessments Exact Path](https://auth.edmentum.com/elf/login), [CyberLAB](https://cyberlab.evolvesecurity.com/#/welcome), [Altamira HRM](../saas-apps/altamira-hrm-tutorial.md), [WireWheel](../saas-apps/wirewheel-tutorial.md), [Zix Compliance and Capture](https://sminstall.zixcorp.com/teams/teams.php?install_request=true&tenant_id=common), [Greenlight Enterprise Business Controls Platform](../saas-apps/greenlight-enterprise-business-controls-platform-tutorial.md), [Genetec Clearance](https://www.clearance.network/), [iSAMS](../saas-apps/isams-tutorial.md), [VeraSMART](../saas-apps/verasmart-tutorial.md), [Amiko](https://amiko.io/), [Twingate](https://auth.twingate.com/signup), [Funnel Leasing](https://nestiolistings.com/sso/oidc/azure/authorize/), [Scalefusion](https://scalefusion.com/users/sign_in/), [Bpanda](https://goto.bpanda.com/login), [Vivun Calendar Connect](https://app.vivun.com/dashboard/calendar/connect), [FortiGate SSL VPN](../saas-apps/fortigate-ssl-vpn-tutorial.md), [Wandera End User](https://www.wandera.com/) --You can also find the documentation of all the applications from here https://aka.ms/AppsTutorial --For listing your application in the Azure AD app gallery, read the details here https://aka.ms/AzureADAppRequest ----### Resource Forests now available for Azure AD DS --**Type:** New feature -**Service category:** Azure AD Domain Services -**Product capability:** Azure AD Domain Services - -The capability of resource forests in Azure AD Domain Services is now generally available. You can now enable authorization without password hash synchronization to use Azure AD Domain Services, including smart-card authorization. To learn more, see [Replica sets concepts and features for Azure Active Directory Domain Services (preview)](../../active-directory-domain-services/concepts-replica-sets.md). - ---### Regional replica support for Azure AD DS managed domains now available --**Type:** New feature -**Service category:** Azure AD Domain Services -**Product capability:** Azure AD Domain Services - -You can expand a managed domain to have more than one replica set per Azure AD tenant. Replica sets can be added to any peered virtual network in any Azure region that supports Azure AD Domain Services. Additional replica sets in different Azure regions provide geographical disaster recovery for legacy applications if an Azure region goes offline. To learn more, see [Replica sets concepts and features for Azure Active Directory Domain Services (preview)](../../active-directory-domain-services/concepts-replica-sets.md). ----### General Availability of Azure AD My sign-ins --**Type:** New feature -**Service category:** Authentications (Logins) -**Product capability:** End User Experiences - -Azure AD My sign-ins is a new feature that allows enterprise users to review their sign-in history to check for any unusual activity. Additionally, this feature allows end users to report "This wasn't me" or "This was me" on suspicious activities. To learn more about using this feature, see [View and search your recent sign-in activity from the My sign-ins page](https://support.microsoft.com/account-billing/view-and-search-your-work-or-school-account-sign-in-activity-from-my-sign-ins-9e7d108c-8e3f-42aa-ac3a-bca892898972#confirm-unusual-activity). - ---### SAP SuccessFactors HR driven user provisioning to Azure AD is now generally available --**Type:** New feature -**Service category:** App Provisioning -**Product capability:** Identity Lifecycle Management - -You can now integrate SAP SuccessFactors as the authoritative identity source with Azure AD and automate the end-to-end identity lifecycle using HR events like new hires and terminations to drive provisioning and de-provisioning of accounts in Azure AD. --To learn more about how to configure SAP SuccessFactors inbound provisioning to Azure AD, refer to the tutorial [Configure SAP SuccessFactors to Active Directory user provisioning](../saas-apps/sap-successfactors-inbound-provisioning-tutorial.md). - ---### Custom Open ID Connect MS Graph API support for Azure AD B2C --**Type:** New feature -**Service category:** B2C - Consumer Identity Management -**Product capability:** B2B/B2C - -Previously, Custom Open ID Connect providers could only be added or managed through the Azure portal. Now the Azure AD B2C customers can add and manage them through Microsoft Graph APIs beta version as well. To learn how to configure this resource with APIs, see [identityProvider resource type](/graph/api/resources/identityprovider). - ---### Assign Azure AD built-in roles to cloud groups --**Type:** New feature -**Service category:** Azure AD roles -**Product capability:** Access Control --You can now assign Azure AD built-in roles to cloud groups with this new feature. For example, you can assign the SharePoint Administrator role to Contoso_SharePoint_Admins group. You can also use PIM to make the group an eligible member of the role, instead of granting standing access. To learn how to configure this feature, see [Use cloud groups to manage role assignments in Azure Active Directory (preview)](../roles/groups-concept.md). - ---### Insights Business Leader built-in role now available --**Type:** New feature -**Service category:** Azure AD roles -**Product capability:** Access Control - -Users in the Insights Business Leader role can access a set of dashboards and insights via the [Microsoft 365 Insights application](https://www.microsoft.com/microsoft-365/partners/workplaceanalytics). This includes full access to all dashboards and presented insights and data exploration functionality. However, users in this role don't have access to product configuration settings, which is the responsibility of the Insights Administrator role. To learn more about this role, see [Administrator role permissions in Azure Active Directory](../roles/permissions-reference.md#insights-business-leader) - ---### Insights Administrator built-in role now available --**Type:** New feature -**Service category:** Azure AD roles -**Product capability:** Access Control - -Users in the Insights Administrator role can access the full set of administrative capabilities in the [Microsoft 365 Insights application](https://www.microsoft.com/microsoft-365/partners/workplaceanalytics). A user in this role can read directory information, monitor service health, file support tickets, and access the Insights administrator settings aspects. To learn more about this role, see [Administrator role permissions in Azure Active Directory](../roles/permissions-reference.md#insights-administrator) - - --### Application Admin and Cloud Application Admin can manage extension properties of applications --**Type:** Changed feature -**Service category:** Azure AD roles -**Product capability:** Access Control - -Previously, only the Global Administrator could manage the [extension property](/graph/api/application-post-extensionproperty). We're now enabling this capability for the Application Administrator and Cloud Application Administrator as well. - ---### MIM 2016 SP2 hotfix 4.6.263.0 and connectors 1.1.1301.0 --**Type:** Changed feature -**Service category:** Microsoft Identity Manager -**Product capability:** Identity Lifecycle Management --A [hotfix rollup package (build 4.6.263.0)](https://support.microsoft.com/help/4576473/hotfix-rollup-package-build-4-6-263-0-is-available-for-microsoft-ident) is available for Microsoft Identity Manager (MIM) 2016 Service Pack 2 (SP2). This rollup package contains updates for the MIM CM, MIM Synchronization Manager, and PAM components. In addition, the MIM generic connectors build 1.1.1301.0 includes updates for the Graph connector. ----## July 2020 --### As an IT Admin, I want to target client apps using Conditional Access --**Type:** Plan for change -**Service category:** Conditional Access -**Product capability:** Identity Security & Protection - -With the GA release of the client apps condition in Conditional Access, new policies will now apply by default to all client applications. This includes legacy authentication clients. Existing policies will remain unchanged, but the *Configure Yes/No* toggle will be removed from existing policies to easily see which client apps are applied to by the policy. --When creating a new policy, make sure to exclude users and service accounts that are still using legacy authentication; if you don't, they'll be blocked. [Learn more](../conditional-access/concept-conditional-access-conditions.md). - ---### Upcoming SCIM compliance fixes --**Type:** Plan for change -**Service category:** App Provisioning -**Product capability:** Identity Lifecycle Management - -The Azure AD provisioning service uses the SCIM standard for integrating with applications. Our implementation of the SCIM standard is evolving, and we expect to make changes to our behavior around how we perform PATCH operations and set the property "active" on a resource. [Learn more](../app-provisioning/application-provisioning-config-problem-scim-compatibility.md). - ---### Group owner setting on Azure Admin portal will be changed --**Type:** Plan for change -**Service category:** Group Management -**Product capability:** Collaboration --Owner settings on Groups general setting page can be configured to restrict owner assignment privileges to a limited group of users in the Azure Admin portal and Access Panel. We'll soon have the ability to assign group owner privilege not only on these two UX portals but also enforce the policy on the backend to provide consistent behavior across endpoints, such as PowerShell and Microsoft Graph. --We'll start to disable the current setting for the customers who aren't using it and will offer an option to scope users for group owner privilege in the next few months. For guidance on updating group settings, see Edit your group information using [Azure Active Directory](./active-directory-groups-settings-azure-portal.md?context=azure%2factive-directory%2fusers-groups-roles%2fcontext%2fugr-context). ----### Azure Active Directory Registration Service is ending support for TLS 1.0 and 1.1 --**Type:** Plan for change -**Service category:** Device Registration and Management -**Product capability:** Platform --Transport layer security (TLS) 1.2 and update servers and clients will soon communicate with Azure Active Directory Device Registration Service. Support for TLS 1.0 and 1.1 for communication with Azure AD Device Registration service will retire: -- On August 31, 2020, in all sovereign clouds (GCC High, DoD, etc.)-- On October 30, 2020, in all commercial clouds--[Learn more](../devices/reference-device-registration-tls-1-2.md) about TLS 1.2 for the Azure AD Registration Service. ----### Windows Hello for Business Sign Ins visible in Azure AD Sign In Logs --**Type:** Fixed -**Service category:** Reporting -**Product capability:** Monitoring & Reporting - -Windows Hello for Business allows end users to sign into Windows machines with a gesture (such as a PIN or biometric). Azure AD admins may want to differentiate Windows Hello for Business sign-ins from other Windows sign-ins as part of an organization's journey to passwordless authentication. --Admins can now see whether a Windows authentication used Windows Hello for Business by checking the Authentication Details tab for a Windows sign-in event in the Azure AD sign-ins blade in the Azure portal. Windows Hello for Business authentications will include "WindowsHelloForBusiness" in the Authentication Method field. For more information on interpreting Sign-In Logs, please see the [Sign-In Logs documentation](../reports-monitoring/concept-sign-ins.md). - ---### Fixes to group deletion behavior and performance improvements --**Type:** Fixed -**Service category:** App Provisioning -**Product capability:** Identity Lifecycle Management - -Previously, when a group changed from "in-scope" to "out-of-scope" and an admin clicked restart before the change was completed, the group object wasn't being deleted. Now the group object will be deleted from the target application when it goes out of scope (disabled, deleted, unassigned, or didn't pass scoping filter). [Learn more](../app-provisioning/how-provisioning-works.md#incremental-cycles). - ---### Public Preview: Admins can now add custom content in the email to reviewers when creating an access review --**Type:** New feature -**Service category:** Access Reviews -**Product capability:** Identity Governance - -When a new access review is created, the reviewer receives an email requesting them to complete the access review. Many of our customers asked for the ability to add custom content to the email, such as contact information, or other additional supporting content to guide the reviewer. --Now available in public preview, administrators can specify custom content in the email sent to reviewers by adding content in the "advanced" section of Azure AD Access Reviews. For guidance on creating access reviews, see [Create an access review of groups and applications in Azure AD access reviews](../governance/create-access-review.md). - ---### Authorization Code Flow for Single-page apps available --**Type:** New feature -**Service category:** Authentications (Logins) -**Product capability:** Developer Experience - -Because of modern browser 3rd party cookie restrictions such as Safari ITP, SPAs will have to use the authorization code flow rather than the implicit flow to maintain SSO, and MSAL.js v 2.x will now support the authorization code flow. --There are corresponding updates to the Azure portal so you can update your SPA to be type "spa" and use the auth code flow. See [Sign in users and get an access token in a JavaScript SPA using the auth code flow](../develop/quickstart-v2-javascript-auth-code.md) for further guidance. - ---### Azure AD Application Proxy now supports the Remote Desktop Services Web Client --**Type:** New feature -**Service category:** App Proxy -**Product capability:** Access Control --Azure AD Application Proxy now supports the Remote Desktop Services (RDS) Web Client. The RDS web client allows users to access Remote Desktop infrastructure through any HTLM5-capable browser such as Microsoft Edge, Internet Explorer 11, Google Chrome, etc. Users can interact with remote apps or desktops like they would with a local device from anywhere. By using Azure AD Application Proxy you can increase the security of your RDS deployment by enforcing pre-authentication and Conditional Access policies for all types of rich client apps. For guidance, see [Publish Remote Desktop with Azure AD Application Proxy](../app-proxy/application-proxy-integrate-with-remote-desktop-services.md). - ---### Next generation Azure AD B2C user flows in public preview --**Type:** New feature -**Service category:** B2C - Consumer Identity Management -**Product capability:** B2B/B2C - -Simplified user flow experience offers feature parity with preview features and is the home for all new features. Users will be able to enable new features within the same user flow, reducing the need to create multiple versions with every new feature release. Lastly, the new, user-friendly UX simplifies the selection and creation of user flows. Try it now by [creating a user flow](../../active-directory-b2c/tutorial-create-user-flows.md). --For more information about users flows, see [User flow versions in Azure Active Directory B2C](../../active-directory-b2c/user-flow-versions.md). ----### New Federated Apps available in Azure AD Application gallery - July 2020 --**Type:** New feature -**Service category:** Enterprise Apps -**Product capability:** 3rd Party Integration - -In July 2020 we have added following 55 new applications in our App gallery with Federation support: --[Appreiz](https://microsoftteams.appreiz.com/), [Inextor Vault](https://inexto.com/inexto-suite/inextor), [Beekast](https://my.beekast.com/), [Templafy OpenID Connect](https://app.templafy.com/), [PeterConnects receptionist](https://msteams.peterconnects.com/), [AlohaCloud](https://www.alohacloud.com/), Control Tower, [Cocoom](https://start.cocoom.com/), [COINS Construction Cloud](https://sso.coinsconstructioncloud.com/#login/), [Medxnote MT](https://task.teamsmain.medx.im/authorization), [Reflekt](https://reflekt.konsolute.com/login), [Rever](https://app.reverscore.net/access), [MyCompanyArchive](https://login.mycompanyarchive.com/), [GReminders](https://app.greminders.com/o365-oauth), [Titanfile](../saas-apps/titanfile-tutorial.md), [Wootric](../saas-apps/wootric-tutorial.md), [SolarWinds Orion](https://support.solarwinds.com/SuccessCenter/s/orion-platform?language=en_US), [OpenText Directory Services](../saas-apps/opentext-directory-services-tutorial.md), [Datasite](../saas-apps/datasite-tutorial.md), [BlogIn](../saas-apps/blogin-tutorial.md), [IntSights](../saas-apps/intsights-tutorial.md), [kpifire](../saas-apps/kpifire-tutorial.md), [Textline](../saas-apps/textline-tutorial.md), [Cloud Academy - SSO](../saas-apps/cloud-academy-sso-tutorial.md), [Community Spark](../saas-apps/community-spark-tutorial.md), [Chatwork](../saas-apps/chatwork-tutorial.md), [CloudSign](../saas-apps/cloudsign-tutorial.md), [C3M Cloud Control](../saas-apps/c3m-cloud-control-tutorial.md), [SmartHR](https://smarthr.jp/), [NumlyEngage™](../saas-apps/numlyengage-tutorial.md), [Michigan Data Hub Single Sign-On](../saas-apps/michigan-data-hub-single-sign-on-tutorial.md), [Egress](../saas-apps/egress-tutorial.md), [SendSafely](../saas-apps/sendsafely-tutorial.md), [Eletive](https://app.eletive.com/), [Right-Hand Cybersecurity ADI](https://right-hand.ai/), [Fyde Enterprise Authentication](https://enterprise.fyde.com/), [Verme](../saas-apps/verme-tutorial.md), [Lenses.io](../saas-apps/lensesio-tutorial.md), [Momenta](../saas-apps/momenta-tutorial.md), [Uprise](https://app.uprise.co/sign-in), [Q](https://www.moduleq.com/), [CloudCords](../saas-apps/cloudcords-tutorial.md), [TellMe Bot](https://tellme365liteweb.azurewebsites.net/), [Inspire](https://app.inspiresoftware.com/), [Maverics Identity Orchestrator SAML Connector](https://www.strata.io/identity-fabric/), [Smartschool (School Management System)](https://smartschoolz.com/login), [Zepto - Intelligent timekeeping](https://user.zepto-ai.com/signin), [Studi.ly](https://studi.ly/), [Trackplan](http://www.trackplanfm.com/), [Skedda](../saas-apps/skedda-tutorial.md), [WhosOnLocation](../saas-apps/whos-on-location-tutorial.md), [Coggle](../saas-apps/coggle-tutorial.md), [Kemp LoadMaster](https://kemptechnologies.com/cloud-load-balancer/), [BrowserStack Single Sign-on](../saas-apps/browserstack-single-sign-on-tutorial.md) --You can also find the documentation of all the applications from here https://aka.ms/AppsTutorial --For listing your application in the Azure AD app gallery, please read the details here https://aka.ms/AzureADAppRequest ----### View role assignments across all scopes and ability to download them to a csv file --**Type:** Changed feature -**Service category:** Azure AD roles -**Product capability:** Access Control - -You can now view role assignments across all scopes for a role in the "Roles and administrators" tab in the Azure portal. You can also download those role assignments for each role into a CSV file. For guidance on viewing and adding role assignments, see [View and assign administrator roles in Azure Active Directory](../roles/manage-roles-portal.md). - ---### Azure Active Directory Multi-Factor Authentication Software Development (Azure MFA SDK) Deprecation --**Type:** Deprecated -**Service category:** MFA -**Product capability:** Identity Security & Protection - -The Azure Active Directory Multi-Factor Authentication Software Development (Azure MFA SDK) reached the end of life on November 14th, 2018, as first announced in November 2017. Microsoft will be shutting down the SDK service effective on September 30th, 2020. Any calls made to the SDK will fail. --If your organization is using the Azure MFA SDK, you need to migrate by September 30th, 2020: -- Azure MFA SDK for MIM: If you use the SDK with MIM, you should migrate to Azure AD Multi-Factor Authentication (MFA) Server and activate Privileged Access Management (PAM) following these [instructions](/microsoft-identity-manager/working-with-mfaserver-for-mim). -- Azure MFA SDK for customized apps: Consider integrating your app into Azure AD and use Conditional Access to enforce MFA. To get started, review this [page](../manage-apps/plan-an-application-integration.md). ----## June 2020 --### User risk condition in Conditional Access policy --**Type:** Plan for change -**Service category:** Conditional Access -**Product capability:** Identity Security & Protection - --User risk support in Azure AD Conditional Access policy allows you to create multiple user risk-based policies. Different minimum user risk levels can be required for different users and apps. Based on user risk, you can create policies to block access, require multifactor authentication, secure password change, or redirect to Microsoft Cloud App Security to enforce session policy, such as additional auditing. --The user risk condition requires Azure AD Premium P2 because it uses Azure Identity Protection, which is a P2 offering. for more information about conditional access, refer to [Azure AD Conditional Access documentation](../conditional-access/index.yml). ----### SAML SSO now supports apps that require SPNameQualifier to be set when requested --**Type:** Fixed -**Service category:** Enterprise Apps -**Product capability:** SSO - -Some SAML applications require SPNameQualifier to be returned in the assertion subject when requested. Now Azure AD responds correctly when a SPNameQualifier is requested in the request NameID policy. This also works for SP initiated sign-in, and IdP initiated sign-in will follow. ----### Azure AD B2B Collaboration supports inviting MSA and Google users in Azure Government tenants --**Type:** New feature -**Service category:** B2B -**Product capability:** B2B/B2C - --Azure Government tenants using the B2B collaboration features can now invite users that have a Microsoft or Google account. To find out if your tenant can use these capabilities, follow the instructions at [How can I tell if B2B collaboration is available in my Azure US Government tenant?](../external-identities/b2b-government-national-clouds.md#how-can-i-tell-if-b2b-collaboration-is-available-in-my-azure-us-government-tenant). -- -- -### User object in MS Graph v1 now includes externalUserState and externalUserStateChangedDateTime properties --**Type:** New feature -**Service category:** B2B -**Product capability:** B2B/B2C - --The externalUserState and externalUserStateChangedDateTime properties can be used to find invited B2B guests who have not accepted their invitations yet as well as build automation such as deleting users who haven't accepted their invitations after some number of days. These properties are now available in MS Graph v1. For guidance on using these properties, refer to [User resource type](/graph/api/resources/user). - ---### Manage authentication sessions in Azure AD Conditional Access is now generally available --**Type:** New feature -**Service category:** Conditional Access -**Product capability:** Identity Security & Protection - -Authentication session management capabilities allow you to configure how often your users need to provide sign-in credentials and whether they need to provide credentials after closing and reopening browsers to offer more security and flexibility in your environment. - -Additionally, authentication session management used to only apply to the First Factor Authentication on Azure AD joined, Hybrid Azure AD joined, and Azure AD registered devices. Now authentication session management will apply to multifactor authentication (MFA) as well. For more information, see [Configure authentication session management with Conditional Access](../conditional-access/howto-conditional-access-session-lifetime.md). ----### New Federated Apps available in Azure AD Application gallery - June 2020 --**Type:** New feature -**Service category:** Enterprise Apps -**Product capability:** 3rd Party Integration - -In June 2020 we've added the following 29 new applications in our App gallery with Federation support: --[Shopify Plus](../saas-apps/shopify-plus-tutorial.md), [Ekarda](../saas-apps/ekarda-tutorial.md), [MailGates](../saas-apps/mailgates-tutorial.md), [BullseyeTDP](../saas-apps/bullseyetdp-tutorial.md), [Raketa](../saas-apps/raketa-tutorial.md), [Segment](../saas-apps/segment-tutorial.md), [Ai Auditor](https://www.mindbridge.ai/products/ai-auditor/), [Pobuca Connect](https://app.pobu.c), [Smallstep SSH](https://smallstep.com/sso-ssh/) --You can also find the documentation of all the applications from here https://aka.ms/AppsTutorial. -For listing your application in the Azure AD app gallery, please read the details here: https://aka.ms/AzureADAppRequest. ----### API connectors for External Identities self-service sign-up are now in public preview --**Type:** New feature -**Service category:** B2B -**Product capability:** B2B/B2C - -External Identities API connectors enable you to leverage web APIs to integrate self-service sign-up with external cloud systems. This means you can now invoke web APIs as specific steps in a sign-up flow to trigger cloud-based custom workflows. For example, you can use API connectors to: --- Integrate with a custom approval workflows.-- Perform identity proofing-- Validate user input data-- Overwrite user attributes-- Run custom business logic--For more information about all of the experiences possible with API connectors, see [Use API connectors to customize and extend self-service sign-up](../external-identities/api-connectors-overview.md), or [Customize External Identities self-service sign-up with web API integrations](https://techcommunity.microsoft.com/t5/azure-active-directory-identity/customize-external-identities-self-service-sign-up-with-web-api/ba-p/1257364#.XvNz2fImuQg.linkedin). - ---### Provision on-demand and get users into your apps in seconds --**Type:** New feature -**Service category:** App Provisioning -**Product capability:** Identity Lifecycle Management - -The Azure AD provisioning service currently operates on a cyclic basis. The service runs every 40 mins. The [on-demand provisioning capability](https://aka.ms/provisionondemand) allows you to pick a user and provision them in seconds. This capability allows you to quickly troubleshoot provisioning issues, without having to do a restart to force the provisioning cycle to start again. - ---### New permission for using Azure AD entitlement management in Graph --**Type:** New feature -**Service category:** Other -**Product capability:** Entitlement Management - -A new delegated permission EntitlementManagement.Read.All is now available for use with the Entitlement Management API in Microsoft Graph beta. To find out more about the available APIs, see [Working with the Azure AD entitlement management API](/graph/api/resources/entitlementmanagement-overview). ----### Identity Protection APIs available in v1.0 --**Type:** New feature -**Service category:** Identity Protection -**Product capability:** Identity Security & Protection - -The riskyUsers and riskDetections Microsoft Graph APIs are now generally available. Now that they're available at the v1.0 endpoint, we invite you to use them in production. For more information, please check out the [Microsoft Graph docs](/graph/api/resources/identityprotectionroot). - ---### Sensitivity labels to apply policies to Microsoft 365 groups is now generally available --**Type:** New feature -**Service category:** Group Management -**Product capability:** Collaboration - --You can now create sensitivity labels and use the label settings to apply policies to Microsoft 365 groups, including privacy (Public or Private) and external user access policy. You can create a label with the privacy policy to be Private, and external user access policy to not allow to add guest users. When a user applies this label to a group, the group will be private, and no guest users are allowed to be added to the group. --Sensitivity labels are important to protect your business-critical data and enable you to manage groups at scale, in a compliant and secure fashion. For guidance on using sensitivity labels, refer to [Assign sensitivity labels to Microsoft 365 groups in Azure Active Directory (preview)](../enterprise-users/groups-assign-sensitivity-labels.md). - ---### Updates to support for Microsoft Identity Manager for Azure AD Premium customers --**Type:** Changed feature -**Service category:** Microsoft Identity Manager -**Product capability:** Identity Lifecycle Management - -Azure Support is now available for Azure AD integration components of Microsoft Identity Manager 2016, through the end of Extended Support for Microsoft Identity Manager 2016. Read more at [Support update for Azure AD Premium customers using Microsoft Identity Manager](/microsoft-identity-manager/support-update-for-azure-active-directory-premium-customers). ----### The use of group membership conditions in SSO claims configuration is increased --**Type:** Changed feature -**Service category:** Enterprise Apps -**Product capability:** SSO - -Previously, the number of groups you could use when you conditionally change claims based on group membership within any single application configuration was limited to 10. The use of group membership conditions in SSO claims configuration has now increased to a maximum of 50 groups. For more information on how to configure claims, refer to [Enterprise Applications SSO claims configuration](../develop/active-directory-saml-claims-customization.md). ----### Enabling basic formatting on the Sign In Page Text component in Company Branding. --**Type:** Changed feature -**Service category:** Authentications (Logins) -**Product capability:** User Authentication - -The Company Branding functionality on the Azure AD/Microsoft 365 login experience has been updated to allow the customer to add hyperlinks and simple formatting, including bold font, underline, and italics. For guidance on using this functionality, see [Add branding to your organization's Azure Active Directory sign-in page](./customize-branding.md). ----### Provisioning performance improvements --**Type:** Changed feature -**Service category:** App Provisioning -**Product capability:** Identity Lifecycle Management - -The provisioning service has been updated to reduce the time for an [incremental cycle](../app-provisioning/how-provisioning-works.md#incremental-cycles) to complete. This means that users and groups will be provisioned into their applications faster than they were previously. All new provisioning jobs created after 6/10/2020 will automatically benefit from the performance improvements. Any applications configured for provisioning before 6/10/2020 will need to restart once after 6/10/2020 to take advantage of the performance improvements. ----### Announcing the deprecation of ADAL and MS Graph Parity --**Type:** Deprecated -**Service category:** N/A -**Product capability:** Device Lifecycle Management --Now that Microsoft Authentication Libraries (MSAL) is available, we'll no longer add new features to the Azure Active Directory Authentication Libraries (ADAL) and will end security patches on June 30th, 2022. For more information on how to migrate to MSAL, refer to [Migrate applications to Microsoft Authentication Library (MSAL)](../develop/msal-migration.md). --Additionally, we've finished the work to make all Azure AD Graph functionality available through MS Graph. So, Azure AD Graph APIs will receive only bugfix and security fixes through June 30th, 2022. For more information, see [Update your applications to use Microsoft Authentication Library and Microsoft Graph API](https://techcommunity.microsoft.com/t5/azure-active-directory-identity/update-your-applications-to-use-microsoft-authentication-library/ba-p/1257363) - --## May 2020 --### Retirement of properties in signIns, riskyUsers, and riskDetections APIs --**Type:** Plan for change -**Service category:** Identity Protection -**Product capability:** Identity Security & Protection --Currently, enumerated types are used to represent the riskType property in both the riskDetections API and riskyUserHistoryItem (in preview). Enumerated types are also used for the riskEventTypes property in the signIns API. Going forward we'll represent these properties as strings. --Customers should transition to the riskEventType property in the beta riskDetections and riskyUserHistoryItem API, and to riskEventTypes_v2 property in the beta signIns API by September 9th, 2020. At that date, we'll be retiring the current riskType and riskEventTypes properties. For more information, refer to [Changes to risk event properties and Identity Protection APIs on Microsoft Graph](https://developer.microsoft.com/graph/blogs/changes-to-risk-event-properties-and-identity-protection-apis-on-microsoft-graph/). -- --### Deprecation of riskEventTypes property in signIns v1.0 API on Microsoft Graph --**Type:** Plan for change -**Service category:** Reporting -**Product capability:** Identity Security & Protection --Enumerated types will switch to string types when representing risk event properties in Microsoft Graph September 2020. In addition to impacting the preview APIs, this change will also impact the in-production signIns API. --We have introduced a new riskEventsTypes_v2 (string) property to the signIns v1.0 API. We'll retire the current riskEventTypes (enum) property on June 11, 2022 in accordance with our Microsoft Graph deprecation policy. Customers should transition to the riskEventTypes_v2 property in the v1.0 signIns API by June 11, 2022. For more information, see [Deprecation of riskEventTypes property in signIns v1.0 API on Microsoft Graph](https://developer.microsoft.com/graph/blogs/deprecation-of-riskeventtypes-property-in-signins-v1-0-api-on-microsoft-graph//). -- --### Upcoming changes to multifactor authentication (MFA) email notifications --**Type:** Plan for change -**Service category:** MFA -**Product capability:** Identity Security & Protection - --We're making the following changes to the email notifications for cloud multifactor authentication (MFA): --E-mail notifications will be sent from the following address: azure-noreply@microsoft.com and msonlineservicesteam@microsoftonline.com. We're updating the content of fraud alert emails to better indicate the required steps to unblock uses. ----### New self-service sign up for users in federated domains who can't access Microsoft Teams because they aren't synced to Azure Active Directory. --**Type:** Plan for change -**Service category:** Authentications (Logins) -**Product capability:** User Authentication - --Currently, users who are in domains federated in Azure AD, but who aren't synced into the tenant, can't access Teams. Starting at the end of June, this new capability will enable them to do so by extending the existing email verified sign-up feature. This will allow users who can sign in to a federated IdP, but who don't yet have a user object in Azure ID, to have a user object created automatically and be authenticated for Teams. Their user object will be marked as "self-service sign-up." This is an extension of the existing capability to do email verified self-sign up that users in managed domains can do and can be controlled using the same flag. This change will complete rolling out during the following two months. Watch for documentation updates [here](../enterprise-users/directory-self-service-signup.md). - ---### Upcoming fix: The OIDC discovery document for the Azure Government cloud is being updated to reference the correct Graph endpoints. --**Type:** Plan for change -**Service category:** Sovereign Clouds -**Product capability:** User Authentication - -Starting in June, the OIDC discovery document [Microsoft identity platform and OpenID Connect protocol](../develop/v2-protocols-oidc.md) on the [Azure Government cloud](../develop/authentication-national-cloud.md) endpoint (login.microsoftonline.us), will begin to return the correct [National cloud graph](/graph/deployments) endpoint (https://graph.microsoft.us or https://dod-graph.microsoft.us), based on the tenant provided. It currently provides the incorrect Graph endpoint (graph.microsoft.com) "msgraph_host" field. --This bug fix will be rolled out gradually over approximately 2 months. ----### Azure Government users will no longer be able to sign in on login.microsoftonline.com --**Type:** Plan for Change -**Service category:** Sovereign Clouds -**Product capability:** User Authentication - -On 1 June 2018, the official Azure Active Directory (Azure AD) Authority for Azure Government changed from https://login-us.microsoftonline.com to https://login.microsoftonline.us. If you own an application within an Azure Government tenant, you must update your application to sign users in on the.us endpoint. --Starting May 5th, Azure AD will begin enforcing the endpoint change, blocking Azure Government users from signing into apps hosted in Azure Government tenants using the public endpoint (microsoftonline.com). Impacted apps will begin seeing an error AADSTS900439 - USGClientNotSupportedOnPublicEndpoint. --There will be a gradual rollout of this change with enforcement expected to be complete across all apps June 2020. For more details, please see the [Azure Government blog post](https://devblogs.microsoft.com/azuregov/azure-government-aad-authority-endpoint-update/). ----### SAML Single Logout request now sends NameID in the correct format --**Type:** Fixed -**Service category:** Authentications (Logins) -**Product capability:** User Authentication - -When a user clicks on sign-out (for example, in the MyApps portal), Azure AD sends a SAML Single Logout message to each app that is active in the user session and has a Logout URL configured. These messages contain a NameID in a persistent format. --If the original SAML sign-in token used a different format for NameID (for example, email/UPN), then the SAML app cannot correlate the NameID in the logout message to an existing session (as the NameIDs used in both messages are different), which caused the logout message to be discarded by the SAML app and the user to stay logged in. This fix makes the sign-out message consistent with the NameID configured for the application. ----### Hybrid Identity Administrator role is now available with Cloud Provisioning --**Type:** New feature -**Service category:** Azure AD Cloud Provisioning -**Product capability:** Identity Lifecycle Management - -IT Admins can start using the new "Hybrid Admin" role as the least privileged role for setting up Azure AD Connect Cloud Provisioning. With this new role, you no longer have to use the Global Administrator role to set up and configure Cloud Provisioning. [Learn more](../roles/delegate-by-task.md#connect). - ---### New Federated Apps available in Azure AD Application gallery - May 2020 --**Type:** New feature -**Service category:** Enterprise Apps -**Product capability:** 3rd Party Integration - -In May 2020, we've added the following 36 new applications in our App gallery with Federation support: -- [Surveypal](https://www.surveypal.com/app), [Kbot365](https://www.konverso.ai/), [Powell Teams](https://powell-software.com/en/powell-teams-en/), [Talentsoft Assistant](https://msteams.talent-soft.com/), [ASC Recording Insights](https://teams.asc-recording.app/product), [GO1](https://www.go1.com/), [B-Engaged](https://b-engaged.se/), [Competella Contact Center Workgroup](http://www.competella.com/), [Asite](http://www.asite.com/), [ImageSoft Identity](https://identity.imagesoftinc.com/), [My IBISWorld](https://identity.imagesoftinc.com/), [insuite](../saas-apps/insuite-tutorial.md), [Change Process Management](../saas-apps/change-process-management-tutorial.md), [Cyara CX Assurance Platform](../saas-apps/cyara-cx-assurance-platform-tutorial.md), [Smart Global Governance](../saas-apps/smart-global-governance-tutorial.md), [Prezi](../saas-apps/prezi-tutorial.md), [Mapbox](../saas-apps/mapbox-tutorial.md), [Datava Enterprise Service Platform](../saas-apps/datava-enterprise-service-platform-tutorial.md), [Whimsical](../saas-apps/whimsical-tutorial.md), [Trelica](../saas-apps/trelica-tutorial.md), [EasySSO for Confluence](../saas-apps/easysso-for-confluence-tutorial.md), [EasySSO for BitBucket](../saas-apps/easysso-for-bitbucket-tutorial.md), [EasySSO for Bamboo](../saas-apps/easysso-for-bamboo-tutorial.md), [Torii](../saas-apps/torii-tutorial.md), [Axiad Cloud](../saas-apps/axiad-cloud-tutorial.md), [Humanage](../saas-apps/humanage-tutorial.md), [ColorTokens ZTNA](../saas-apps/colortokens-ztna-tutorial.md), [CCH Tagetik](../saas-apps/cch-tagetik-tutorial.md), [ShareVault](../saas-apps/sharevault-tutorial.md), [Vyond](../saas-apps/vyond-tutorial.md), [TextExpander](../saas-apps/textexpander-tutorial.md), [Anyone Home CRM](../saas-apps/anyone-home-crm-tutorial.md), [askSpoke](../saas-apps/askspoke-tutorial.md), [ice Contact Center](../saas-apps/ice-contact-center-tutorial.md) --You can also find the documentation of all the applications from here https://aka.ms/AppsTutorial. --For listing your application in the Azure AD app gallery, please read the details here https://aka.ms/AzureADAppRequest. ----### Report-only mode for Conditional Access is now generally available --**Type:** New feature -**Service category:** Conditional Access -**Product capability:** Identity Security & Protection --[Report-only mode for Azure AD Conditional Access](../conditional-access/concept-conditional-access-report-only.md) lets you evaluate the result of a policy without enforcing access controls. You can test report-only policies across your organization and understand their impact before enabling them, making deployment safer and easier. Over the past few months, we've seen strong adoption of report-only modeΓÇöover 26M users are already in scope of a report-only policy. With the announcement today, new Azure AD Conditional Access policies will be created in report-only mode by default. This means you can monitor the impact of your policies from the moment they're created. And for those of you who use the MS Graph APIs, you can [manage report-only policies programmatically](/graph/api/resources/conditionalaccesspolicy) as well. ----### Self-service sign up for guest users --**Type:** New feature -**Service category:** B2B -**Product capability:** B2B/B2C - -With External Identities in Azure AD, you can allow people outside your organization to access your apps and resources while letting them sign in using whatever identity they prefer. When sharing an application with external users, you might not always know in advance who will need access to the application. With [self-service sign-up](../external-identities/self-service-sign-up-overview.md), you can enable guest users to sign up and gain a guest account for your line of business (LOB) apps. The sign-up flow can be created and customized to support Azure AD and social identities. You can also collect additional information about the user during sign-up. ---- ### Conditional Access Insights and Reporting workbook is generally available --**Type:** New feature -**Service category:** Conditional Access -**Product capability:** Identity Security & Protection --The [insights and reporting workbook](../conditional-access/howto-conditional-access-insights-reporting.md) gives admins a summary view of Azure AD Conditional Access in their tenant. With the capability to select an individual policy, admins can better understand what each policy does and monitor any changes in real time. The workbook streams data stored in Azure Monitor, which you can set up in a few minutes [following these instructions](../reports-monitoring/howto-integrate-activity-logs-with-log-analytics.md). To make the dashboard more discoverable, we've moved it to the new insights and reporting tab within the Azure AD Conditional Access menu. ----### Policy details blade for Conditional Access is in public preview --**Type:** New feature -**Service category:** Conditional Access -**Product capability:** Identity Security & Protection --The new [policy details blade](../conditional-access/troubleshoot-conditional-access.md) displays the assignments, conditions, and controls satisfied during conditional access policy evaluation. You can access the blade by selecting a row in the Conditional Access or Report-only tabs of the Sign-in details. ----### New query capabilities for Directory Objects in Microsoft Graph are in Public Preview --**Type:** New feature -**Service category:** MS Graph -**Product capability:** Developer Experience --New capabilities are being introduced for Microsoft Graph Directory Objects APIs, enabling Count, Search, Filter, and Sort operations. This will give developers the ability to quickly query our Directory Objects without workarounds such as in-memory filtering and sorting. Find out more in this [blog post](https://aka.ms/CountFilterMSGraphAAD). --We're currently in Public Preview, looking for feedback. Please send your comments with this [brief survey](https://aka.ms/MsGraphAADSurveyDocs). ----### Configure SAML-based single sign-on using Microsoft Graph API (Beta) --**Type:** New feature -**Service category:** Enterprise Apps -**Product capability:** SSO - -Support for creating and configuring an application from the Azure AD Gallery using MS Graph APIs in Beta is now available. -If you need to set up SAML-based single sign-on for multiple instances of an application, save time by using the Microsoft Graph APIs to [automate the configuration of SAML-based single sign-on](/graph/application-saml-sso-configure-api). - ---### New provisioning connectors in the Azure AD Application Gallery - May 2020 --**Type:** New feature -**Service category:** App Provisioning -**Product capability:** 3rd Party Integration - -You can now automate creating, updating, and deleting user accounts for these newly integrated apps: --* [8x8](../saas-apps/8x8-provisioning-tutorial.md) -* [Juno Journey](../saas-apps/juno-journey-provisioning-tutorial.md) -* [MediusFlow](../saas-apps/mediusflow-provisioning-tutorial.md) -* [New Relic by Organization](../saas-apps/new-relic-by-organization-provisioning-tutorial.md) -* [Oracle Cloud Infrastructure Console](../saas-apps/oracle-cloud-infrastructure-console-provisioning-tutorial.md) --For more information about how to better secure your organization by using automated user account provisioning, see [Automate user provisioning to SaaS applications with Azure AD](../app-provisioning/user-provisioning.md). ----### SAML Token Encryption is Generally Available --**Type:** New feature -**Service category:** Enterprise Apps -**Product capability:** SSO - -[SAML token encryption](../manage-apps/howto-saml-token-encryption.md) allows applications to be configured to receive encrypted SAML assertions. The feature is now generally available in all clouds. - ---### Group name claims in application tokens is Generally Available --**Type:** New feature -**Service category:** Enterprise Apps -**Product capability:** SSO - -The group claims issued in a token can now be limited to just those groups assigned to the application. This is especially important when users are members of large numbers of groups and there was a risk of exceeding token size limits. With this new capability in place, the ability to [add group names to tokens](../hybrid/how-to-connect-fed-group-claims.md) is generally available. - ---### Workday Writeback now supports setting work phone number attributes --**Type:** New feature -**Service category:** App Provisioning -**Product capability:** Identity Lifecycle Management - -We have enhanced the Workday Writeback provisioning app to now support writeback of work phone number and mobile number attributes. In addition to email and username, you can now configure the Workday Writeback provisioning app to flow phone number values from Azure AD to Workday. For more details on how to configure phone number writeback, refer to the [Workday Writeback](../saas-apps/workday-writeback-tutorial.md) app tutorial. ----### Publisher Verification (preview) --**Type:** New feature -**Service category:** Other -**Product capability:** Developer Experience - -Publisher verification (preview) helps admins and end users understand the authenticity of application developers integrating with the Microsoft identity platform. For details, refer to [Publisher verification (preview)](../develop/publisher-verification-overview.md). - ---### Authorization Code Flow for Single-page apps --**Type:** Changed feature -**Service category:** Authentication -**Product capability:** Developer Experience --Because of modern browser [3rd party cookie restrictions such as Safari ITP](../develop/reference-third-party-cookies-spas.md), SPAs will have to use the authorization code flow rather than the implicit flow to maintain SSO; MSAL.js v 2.x will now support the authorization code flow. There as corresponding updates to the Azure portal so you can update your SPA to be type "spa" and use the auth code flow. For guidance, refer to [Quickstart: Sign in users and get an access token in a JavaScript SPA using the auth code flow](../develop/quickstart-v2-javascript-auth-code.md). ----### Improved Filtering for Devices is in Public Preview --**Type:** Changed Feature -**Service category:** Device Management -**Product capability:** Device Lifecycle Management - -Previously, the only filters you could use were "Enabled" and "Activity date." Now, you can [filter your list of devices on more properties](../devices/device-management-azure-portal.md#view-and-filter-your-devices-preview), including OS type, join type, compliance, and more. These additions should simplify locating a particular device. ----### The new App registrations experience for Azure AD B2C is now generally available --**Type:** Changed Feature -**Service category:** B2C - Consumer Identity Management -**Product capability:** Identity Lifecycle Management - -The new App registrations experience for Azure AD B2C is now generally available. --Previously, you had to manage your B2C consumer-facing applications separately from the rest of your apps using the legacy 'Applications' experience. That meant different app creation experiences across different places in Azure. --The new experience shows all B2C app registrations and Azure AD app registrations in one place and provides a consistent way to manage them. Whether you need to manage a customer-facing app or an app that has access to Microsoft Graph to programmatically manage Azure AD B2C resources, you only need to learn one way to do things. --You can reach the new experience by navigating the Azure AD B2C service and selecting the App registrations blade. The experience is also accessible from the Azure Active Directory service. --The Azure AD B2C App registrations experience is based on the general [App Registration experience](https://developer.microsoft.com/identity/blogs/new-app-registrations-experience-is-now-generally-available/) for Azure AD tenants but is tailored for Azure AD B2C. The legacy "Applications" experience will be deprecated in the future. --For more information, visit [The New app registration experience for Azure AD B2C](../../active-directory-b2c/app-registrations-training-guide.md). ---## April 2020 --### Combined security info registration experience is now generally available --**Type:** New feature --**Service category:** Authentications (Logins) --**Product capability:** Identity Security & Protection --The combined registration experience for Multi-Factor Authentication (MFA) and Self-Service Password Reset (SSPR) is now generally available. This new registration experience enables users to register for multifactor authentication (MFA) and SSPR in a single, step-by-step process. When you deploy the new experience for your organization, users can register in less time and with fewer hassles. Check out the blog post [here](https://bit.ly/3etiRyQ). ----### Continuous Access Evaluation --**Type:** New feature --**Service category:** Authentications (Logins) --**Product capability:** Identity Security & Protection --Continuous Access Evaluation is a new security feature that enables near real-time enforcement of policies on relying parties consuming Azure AD Access Tokens when events happen in Azure AD (such as user account deletion). We're rolling this feature out first for Teams and Outlook clients. For more details, please read our [blog](https://techcommunity.microsoft.com/t5/azure-active-directory-identity/moving-towards-real-time-policy-and-security-enforcement/ba-p/1276933) and [documentation](../conditional-access/concept-continuous-access-evaluation.md). ----### SMS Sign-in: Firstline Workers can sign in to Azure AD-backed applications with their phone number and no password --**Type:** New feature --**Service category:** Authentications (Logins) --**Product capability:** User Authentication --Office is launching a series of mobile-first business apps that cater to non-traditional organizations, and to employees in large organizations that don't use email as their primary communication method. These apps target frontline employees, deskless workers, field agents, or retail employees that may not get an email address from their employer, have access to a computer, or to IT. This project will let these employees sign in to business applications by entering a phone number and roundtripping a code. For more details, please see our [admin documentation](../authentication/howto-authentication-sms-signin.md) and [end user documentation](https://support.microsoft.com/account-billing/set-up-sms-sign-in-as-a-phone-verification-method-0aa5b3b3-a716-4ff2-b0d6-31d2bcfbac42). ----### Invite internal users to use B2B collaboration --**Type:** New feature --**Service category:** B2B --**Product capability:** --We're expanding B2B invitation capability to allow existing internal accounts to be invited to use B2B collaboration credentials going forward. This is done by passing the user object to the Invite API in addition to typical parameters like the invited email address. The user's object ID, UPN, group membership, app assignment, etc. remain intact, but going forward they'll use B2B to authenticate with their home tenant credentials rather than the internal credentials they used before the invitation. For details, see the [documentation](../external-identities/invite-internal-users.md). ----### Report-only mode for Conditional Access is now generally available --**Type:** New feature --**Service category:** Conditional Access --**Product capability:** Identity Security & Protection --[Report-only mode for Azure AD Conditional Access](../conditional-access/concept-conditional-access-report-only.md) lets you evaluate the result of a policy without enforcing access controls. You can test report-only policies across your organization and understand their impact before enabling them, making deployment safer and easier. Over the past few months, we've seen strong adoption of report-only mode, with over 26M users already in scope of a report-only policy. With this announcement, new Azure AD Conditional Access policies will be created in report-only mode by default. This means you can monitor the impact of your policies from the moment they're created. And for those of you who use the MS Graph APIs, you can also [manage report-only policies programmatically](/graph/api/resources/conditionalaccesspolicy). ----### Conditional Access insights and reporting workbook is generally available --**Type:** New feature --**Service category:** Conditional Access --**Product capability:** Identity Security & Protection --The Conditional Access [insights and reporting workbook](../conditional-access/howto-conditional-access-insights-reporting.md) gives admins a summary view of Azure AD Conditional Access in their tenant. With the capability to select an individual policy, admins can better understand what each policy does and monitor any changes in real time. The workbook streams data stored in Azure Monitor, which you can set up in a few minutes [following these instructions](../reports-monitoring/howto-integrate-activity-logs-with-log-analytics.md). To make the dashboard more discoverable, we've moved it to the new insights and reporting tab within the Azure AD Conditional Access menu. ----### Policy details blade for Conditional Access is in public preview --**Type:** New feature --**Service category:** Conditional Access --**Product capability:** Identity Security & Protection --The new [policy details blade](../conditional-access/troubleshoot-conditional-access.md) displays which assignments, conditions, and controls were satisfied during conditional access policy evaluation. You can access the blade by selecting a row in the **Conditional Access** or **Report-only** tabs of the Sign-in details. ----### New Federated Apps available in Azure AD App gallery - April 2020 --**Type:** New feature --**Service category:** Enterprise Apps --**Product capability:** 3rd Party Integration --In April 2020, we've added these 31 new apps with Federation support to the app gallery: --[SincroPool Apps](https://www.sincropool.com/), [SmartDB](https://hibiki.dreamarts.co.jp/smartdb/trial/), [Float](../saas-apps/float-tutorial.md), [LMS365](https://lms.365.systems/), [IWT Procurement Suite](../saas-apps/iwt-procurement-suite-tutorial.md), [Lunni](https://lunni.fi/), [EasySSO for Jira](../saas-apps/easysso-for-jira-tutorial.md), [Virtual Training Academy](https://vta.c3p.c) --For more information about the apps, see [SaaS application integration with Azure Active Directory](../saas-apps/tutorial-list.md). For more information about listing your application in the Azure AD app gallery, see [List your application in the Azure Active Directory application gallery](../manage-apps/v2-howto-app-gallery-listing.md). ----### Microsoft Graph delta query support for oAuth2PermissionGrant available for Public Preview --**Type:** New feature --**Service category:** MS Graph --**Product capability:** Developer Experience --Delta query for oAuth2PermissionGrant is available for public preview! You can now track changes without having to continuously poll Microsoft Graph. [Learn more.](/graph/api/oAuth2PermissionGrant-delta?tabs=http&view=graph-rest-beta&preserve-view=true) ----### Microsoft Graph delta query support for organizational contact generally available --**Type:** New feature --**Service category:** MS Graph --**Product capability:** Developer Experience --Delta query for organizational contacts is generally available! You can now track changes in production apps without having to continuously poll Microsoft Graph. Replace any existing code that continuously polls orgContact data by delta query to significantly improve performance. [Learn more.](/graph/api/orgcontact-delta?tabs=http) ----### Microsoft Graph delta query support for application generally available --**Type:** New feature --**Service category:** MS Graph --**Product capability:** Developer Experience --Delta query for applications is generally available! You can now track changes in production apps without having to continuously poll Microsoft Graph. Replace any existing code that continuously polls application data by delta query to significantly improve performance. [Learn more.](/graph/api/application-delta) ----### Microsoft Graph delta query support for administrative units available for Public Preview --**Type:** New feature --**Service category:** MS Graph --**Product capability:** Developer Experience -Delta query for administrative units is available for public preview! You can now track changes without having to continuously poll Microsoft Graph. [Learn more.](/graph/api/administrativeunit-delta?tabs=http&view=graph-rest-beta&preserve-view=true) ----### Manage authentication phone numbers and more in new Microsoft Graph beta APIs --**Type:** New feature --**Service category:** MS Graph --**Product capability:** Developer Experience --These APIs are a key tool for managing your users' authentication methods. Now you can programmatically pre-register and manage the authenticators used for multifactor authentication (MFA) and self-service password reset (SSPR). This has been one of the most-requested features in the Azure AD Multi-Factor Authentication (MFA), SSPR, and Microsoft Graph spaces. The new APIs we've released in this wave give you the ability to: --- Read, add, update, and remove a user's authentication phones-- Reset a user's password-- Turn on and off SMS-sign-in--For more information, see [Azure AD authentication methods API overview](/graph/api/resources/authenticationmethods-overview). ----### Administrative Units Public Preview --**Type:** New feature --**Service category:** Azure AD roles --**Product capability:** Access Control --Administrative units allow you to grant admin permissions that are restricted to a department, region, or other segment of your organization that you define. You can use administrative units to delegate permissions to regional administrators or to set policy at a granular level. For example, a User account admin could update profile information, reset passwords, and assign licenses for users only in their administrative unit. --Using administrative units, a central administrator could: --- Create an administrative unit for decentralized management of resources-- Assign a role with administrative permissions over only Azure AD users in an administrative unit-- Populate the administrative units with users and groups as needed--For more information, see [Administrative units management in Azure Active Directory (preview)](../roles/administrative-units.md). ----### Printer Administrator and Printer Technician built-in roles --**Type:** New feature --**Service category:** Azure AD roles --**Product capability:** Access Control --**Printer Administrator**: Users with this roleΓÇ»can register printers and manage all aspects of all printer configurations in the Microsoft Universal Print solution, including the Universal Print Connector settings. They can consent to all delegated print permission requests. Printer Administrators also have access to print reports. --**Printer Technician**: Users with this roleΓÇ»can register printers and manage printer status in the Microsoft Universal Print solution. They can also read all connector information. Key tasks a Printer Technician can't do are set user permissions on printers and sharing printers. [Learn more.](../roles/permissions-reference.md#printer-administrator) ----### Hybrid Identity Admin built-in role --**Type:** New feature --**Service category:** Azure AD roles --**Product capability:** Access Control --Users in this role can enable, configure and manage services and settings related to enabling hybrid identity in Azure AD. This role grants the ability to configure Azure AD to one of the three supported authentication methods—Password hash synchronization (PHS), Pass-through authentication (PTA) or Federation (AD FS or 3rd party federation provider)—and to deploy related on-premises infrastructure to enable them. On-premises infrastructure includes Provisioning and PTA agents. This role grants the ability to enable seamless single sign-on (S-SSO) to enable seamless authentication on non-Windows 10 devices or non-Windows Server 2016 computers. In addition, this role grants the ability to see sign-in logs and to access health and analytics for monitoring and troubleshooting purposes. [Learn more.](../roles/permissions-reference.md#hybrid-identity-administrator) ----### Network Administrator built-in role --**Type:** New feature --**Service category:** Azure AD roles --**Product capability:** Access Control --Users with this role can review network perimeter architecture recommendations from Microsoft that are based on network telemetry from their user locations. Network performance for Microsoft 365 relies on careful enterprise customer network perimeter architecture, which is generally user location-specific. This role allows for editing of discovered user locations and configuration of network parameters for those locations to facilitate improved telemetry measurements and design recommendations. [Learn more.](../roles/permissions-reference.md#network-administrator) ----### Bulk activity and downloads in the Azure portal experience --**Type:** New feature --**Service category:** User Management --**Product capability:** Directory --Now you can perform bulk activities on users and groups in Azure AD by uploading a CSV file in the Azure portal experience. You can create users, delete users, and invite guest users. And you can add and remove members from a group. --You can also download lists of Azure AD resources from the Azure portal experience. You can download the list of users in the directory, the list of groups in the directory, and the members of a particular group. --For more information, check out the following: --- [Create users](../enterprise-users/users-bulk-add.md) or [invite guest users](../external-identities/tutorial-bulk-invite.md)-- [Delete users](../enterprise-users/users-bulk-delete.md) or [restore deleted users](../enterprise-users/users-bulk-restore.md)-- [Download list of users](../enterprise-users/users-bulk-download.md) or [Download list of groups](../enterprise-users/groups-bulk-download.md)-- [Add (import) members](../enterprise-users/groups-bulk-import-members.md) or [remove members](../enterprise-users/groups-bulk-remove-members.md) or [Download list of members](../enterprise-users/groups-bulk-download-members.md) for a group----### My Staff delegated user management --**Type:** New feature --**Service category:** User Management --**Product capability:** --My Staff enables Firstline Managers, such as a store manager, to ensure that their staff members are able to access their Azure AD accounts. Instead of relying on a central helpdesk, organizations can delegate common tasks, such as resetting passwords or changing phone numbers, to a Firstline Manager. With My Staff, a user who can't access their account can re-gain access in just a couple of selections, with no helpdesk or IT staff required. For more information, see the [Manage your users with My Staff (preview)](../roles/my-staff-configure.md) and [Delegate user management with My Staff (preview)](https://support.microsoft.com/account-billing/manage-front-line-users-with-my-staff-c65b9673-7e1c-4ad6-812b-1a31ce4460bd). ----### An upgraded end user experience in access reviews --**Type:** Changed feature --**Service category:** Access Reviews --**Product capability:** Identity Governance --We have updated the reviewer experience for Azure AD access reviews in the My Apps portal. At the end of April, your reviewers who are logged in to the Azure AD access reviews reviewer experience will see a banner that will allow them to try the updated experience in My Access. Note that the updated Access reviews experience offers the same functionality as the current experience, but with an improved user interface on top of new capabilities to enable your users to be productive. [You can learn more about the updated experience here](../governance/perform-access-review.md). This public preview will last until the end of July 2020. At the end of July, reviewers who haven't opted into the preview experience will be automatically directed to My Access to perform access reviews. If you wish to have your reviewers permanently switched over to the preview experience in My Access now, [please make a request here](https://forms.microsoft.com/Pages/ResponsePage.aspx?id=v4j5cvGGr0GRqy180BHbR5dv-S62099HtxdeKIcgO-NUOFJaRDFDWUpHRk8zQ1BWVU1MMTcyQ1FFUi4u). ----### Workday inbound user provisioning and writeback apps now support the latest versions of Workday Web Services API --**Type:** Changed feature --**Service category:** App Provisioning --**Product capability:** --Based on customer feedback, we've now updated the Workday inbound user provisioning and writeback apps in the enterprise app gallery to support the latest versions of the Workday Web Services (WWS) API. With this change, customers can specify the WWS API version that they would like to use in the connection string. This gives customers the ability to retrieve more HR attributes available in the releases of Workday. The Workday Writeback app now uses the recommended Change_Work_Contact_Info Workday web service to overcome the limitations of Maintain_Contact_Info. --If no version is specified in the connection string, by default, the Workday inbound provisioning apps will continue to use WWS v21.1 To switch to the latest Workday APIs for inbound user provisioning, customers need to update the connection string as documented [in the tutorial](../saas-apps/workday-inbound-tutorial.md#which-workday-apis-does-the-solution-use-to-query-and-update-workday-worker-profiles) and also update the XPATHs used for Workday attributes as documented in the [Workday attribute reference guide](../app-provisioning/workday-attribute-reference.md#xpath-values-for-workday-web-services-wws-api-v30). --To use the new API for writeback, there are no changes required in the Workday Writeback provisioning app. On the Workday side, ensure that the Workday Integration System User (ISU) account has permissions to invoke the Change_Work_Contact business process as documented in the tutorial section, [Configure business process security policy permissions](../saas-apps/workday-inbound-tutorial.md#configuring-business-process-security-policy-permissions). --We have updated our [tutorial guide](../saas-apps/workday-inbound-tutorial.md) to reflect the new API version support. ----### Users with default access role are now in scope for provisioning --**Type:** Changed feature --**Service category:** App Provisioning --**Product capability:** Identity Lifecycle Management --Historically, users with the default access role have been out of scope for provisioning. We've heard feedback that customers want users with this role to be in scope for provisioning. As of April 16, 2020, all new provisioning configurations allow users with the default access role to be provisioned. Gradually we'll change the behavior for existing provisioning configurations to support provisioning users with this role. [Learn more.](../app-provisioning/application-provisioning-config-problem-no-users-provisioned.md) ----### Updated provisioning UI --**Type:** Changed feature --**Service category:** App Provisioning --**Product capability:** Identity Lifecycle Management --We've refreshed our provisioning experience to create a more focused management view. When you navigate to the provisioning blade for an enterprise application that has already been configured, you'll be able to easily monitor the progress of provisioning and manage actions such as starting, stopping, and restarting provisioning. [Learn more.](../app-provisioning/configure-automatic-user-provisioning-portal.md) ----### Dynamic Group rule validation is now available for Public Preview --**Type:** Changed feature --**Service category:** Group Management --**Product capability:** Collaboration --Azure Active Directory (Azure AD) now provides the means to validate dynamic group rules. On the **Validate rules** tab, you can validate your dynamic rule against sample group members to confirm the rule is working as expected. When creating or updating dynamic group rules, administrators want to know whether a user or a device will be a member of the group. This helps evaluate whether a user or device meets the rule criteria and aids in troubleshooting when membership is not expected. --For more information, see [Validate a dynamic group membership rule (preview)](../enterprise-users/groups-dynamic-rule-validation.md). ----### Identity Secure Score - Security Defaults and multifactor authentication (MFA) improvement action updates --**Type:** Changed feature --**Service category:** N/A --**Product capability:** Identity Security & Protection --**Supporting security defaults for Azure AD improvement actions:** Microsoft Secure Score will be updating improvement actions to support [security defaults in Azure AD](./concept-fundamentals-security-defaults.md), which make it easier to help protect your organization with pre-configured security settings for common attacks. This will affect the following improvement actions: --- Ensure all users can complete multifactor authentication for secure access-- Require multi-factor authentication (MFA) for administrative roles-- Enable policy to block legacy authentication- -**Multifactor authentication (MFA) improvement action updates:** To reflect the need for businesses to ensure the upmost security while applying policies that work with their business, Microsoft Secure Score has removed three improvement actions centered around multifactor authentication and added two. --Removed improvement actions: --- Register all users for multifactor authentication-- Require multifactor authentication (MFA) for all users-- Require multifactor authentication (MFA) for Azure AD privileged roles--Added improvement actions: --- Ensure all users can complete multifactor authentication for secure access-- Require multifactor authentication (MFA) for administrative roles--These new improvement actions require registering your users or admins for multifactor authentication (MFA) across your directory and establishing the right set of policies that fit your organizational needs. The main goal is to have flexibility while ensuring all your users and admins can authenticate with multiple factors or risk-based identity verification prompts. That can take the form of having multiple policies that apply scoped decisions, or setting security defaults (as of March 16th) that let Microsoft decide when to challenge users for multifactor authentication (MFA). [Read more about what's new in Microsoft Secure Score](/microsoft-365/security/mtp/microsoft-secure-score#whats-new). ----## March 2020 --### Unmanaged Azure Active Directory accounts in B2B update for March 2021 --**Type:** Plan for change -**Service category:** B2B -**Product capability:** B2B/B2C - -**Beginning on March 31, 2021**, Microsoft will no longer support the redemption of invitations by creating unmanaged Azure Active Directory (Azure AD) accounts and tenants for B2B collaboration scenarios. In preparation for this, we encourage you to opt in to [email one-time passcode authentication](../external-identities/one-time-passcode.md). ----### Users with the default access role will be in scope for provisioning --**Type:** Plan for change -**Service category:** App Provisioning -**Product capability:** Identity Lifecycle Management - -Historically, users with the default access role have been out of scope for provisioning. We've heard feedback that customers want users with this role to be in scope for provisioning. We're working on deploying a change so that all new provisioning configurations will allow users with the default access role to be provisioned. Gradually, we'll change the behavior for existing provisioning configurations to support provisioning users with this role. No customer action is required. We'll post an update to our [documentation](../app-provisioning/application-provisioning-config-problem-no-users-provisioned.md) once this change is in place. ----### Azure AD B2B collaboration will be available in Microsoft Azure operated by 21Vianet (Azure China 21Vianet) tenants --**Type:** Plan for change -**Service category:** B2B -**Product capability:** B2B/B2C - -The Azure AD B2B collaboration capabilities will be made available in Microsoft Azure operated by 21Vianet (Azure China 21Vianet) tenants, enabling users in an Azure China 21Vianet tenant to collaborate seamlessly with users in other Azure China 21Vianet tenants. [Learn more about Azure AD B2B collaboration](/azure/active-directory/b2b/). --- -### Azure AD B2B Collaboration invitation email redesign --**Type:** Plan for change -**Service category:** B2B -**Product capability:** B2B/B2C - -The [emails](../external-identities/invitation-email-elements.md) that are sent by the Azure AD B2B collaboration invitation service to invite users to the directory will be redesigned to make the invitation information and the user's next steps clearer. ----### HomeRealmDiscovery policy changes will appear in the audit logs --**Type:** Fixed -**Service category:** Audit -**Product capability:** Monitoring & Reporting - -We fixed a bug where changes to the [HomeRealmDiscovery policy](../manage-apps/configure-authentication-for-federated-users-portal.md) weren't included in the audit logs. You'll now be able to see when and how the policy was changed, and by whom. ----### New Federated Apps available in Azure AD App gallery - March 2020 --**Type:** New feature -**Service category:** Enterprise Apps -**Product capability:** 3rd Party Integration - -In March 2020, we've added these 51 new apps with Federation support to the app gallery: --[Cisco AnyConnect](../saas-apps/cisco-anyconnect.md), [Zoho One China](../saas-apps/zoho-one-china-tutorial.md), [PlusPlus](https://test.plusplus.app/auth/login/azuread-outlook/), [Profit.co SAML App](../saas-apps/profitco-saml-app-tutorial.md), [iPoint Service Provider](../saas-apps/ipoint-service-provider-tutorial.md), [contexxt.ai SPHERE](https://contexxt-sphere.com/login), [Wisdom By Invictus](../saas-apps/wisdom-by-invictus-tutorial.md), [Flare Digital Signage](https://pixelnebula.com/), [Logz.io - Cloud Observability for Engineers](../saas-apps/logzio-cloud-observability-for-engineers-tutorial.md), [SpectrumU](../saas-apps/spectrumu-tutorial.md), [BizzContact](https://www.bizzcontact.app/), [Elqano SSO](../saas-apps/elqano-sso-tutorial.md), [MarketSignShare](http://www.signshare.com/), [CrossKnowledge Learning Suite](../saas-apps/crossknowledge-learning-suite-tutorial.md), [Netvision Compas](../saas-apps/netvision-compas-tutorial.md), [FCM HUB](../saas-apps/fcm-hub-tutorial.md), [RIB ) --For more information about the apps, see [SaaS application integration with Azure Active Directory](../saas-apps/tutorial-list.md). For more information about listing your application in the Azure AD app gallery, see [List your application in the Azure Active Directory application gallery](../manage-apps/v2-howto-app-gallery-listing.md). ----### Azure AD B2B Collaboration available in Azure Government tenants --**Type:** New feature -**Service category:** B2B -**Product capability:** B2B/B2C - -The Azure AD B2B collaboration features are now available between some Azure Government tenants. To find out if your tenant is able to use these capabilities, follow the instructions at [How can I tell if B2B collaboration is available in my Azure US Government tenant?](../external-identities/b2b-government-national-clouds.md#how-can-i-tell-if-b2b-collaboration-is-available-in-my-azure-us-government-tenant). ----### Azure Monitor integration for Azure Logs is now available in Azure Government --**Type:** New feature -**Service category:** Reporting -**Product capability:** Monitoring & Reporting - -Azure Monitor integration with Azure AD logs is now available in Azure Government. You can route Azure AD Logs (Audit and Sign-in Logs) to a storage account, event hub and Log Analytics. Please check out the [detailed documentation](../reports-monitoring/concept-activity-logs-azure-monitor.md) as well as [deployment plans for reporting and monitoring](../reports-monitoring/plan-monitoring-and-reporting.md) for Azure AD scenarios. ----### Identity Protection Refresh in Azure Government --**Type:** New feature -**Service category:** Identity Protection -**Product capability:** Identity Security & Protection --We're excited to share that we've now rolled out the refreshed [Azure AD Identity Protection](../identity-protection/overview-identity-protection.md)ΓÇ»experience in the [Microsoft Azure Government portal](https://portal.azure.us/). For more information, see our [announcement blog post](https://techcommunity.microsoft.com/t5/public-sector-blog/identity-protection-refresh-in-microsoft-azure-government/ba-p/1223667). ----### Disaster recovery: Download and store your provisioning configuration --**Type:** New feature -**Service category:** App Provisioning -**Product capability:** Identity Lifecycle Management - -The Azure AD provisioning service provides a rich set of configuration capabilities. Customers need to be able to save their configuration so that they can refer to it later or roll back to a known good version. We've added the ability to download your provisioning configuration as a JSON file and upload it when you need it. [Learn more](../app-provisioning/export-import-provisioning-configuration.md). --- -### SSPR (self-service password reset) now requires two gates for admins in Microsoft Azure operated by 21Vianet (Azure China 21Vianet) --**Type:** Changed feature -**Service category:** Self-Service Password Reset -**Product capability:** Identity Security & Protection - -Previously in Microsoft Azure operated by 21Vianet (Azure China 21Vianet), admins using self-service password reset (SSPR) to reset their own passwords needed only one "gate" (challenge) to prove their identity. In public and other national clouds, admins generally must use two gates to prove their identity when using SSPR. But because we didn't support SMS or phone calls in Azure China 21Vianet, we allowed one-gate password reset by admins. --We're creating SSPR feature parity between Azure China 21Vianet and the public cloud. Going forward, admins must use two gates when using SSPR. SMS, phone calls, and Authenticator app notifications and codes will be supported. [Learn more](../authentication/concept-sspr-policy.md#administrator-reset-policy-differences). ----### Password length is limited to 256 characters --**Type:** Changed feature -**Service category:** Authentications (Logins) -**Product capability:** User Authentication - -To ensure the reliability of the Azure AD service, user passwords are now limited in length to 256 characters. Users with passwords longer than this will be asked to change their password on subsequent login, either by contacting their admin or by using the self-service password reset feature. --This change was enabled on March 13th, 2020, at 10AM PST (18:00 UTC), and the error is AADSTS 50052, InvalidPasswordExceedsMaxLength. See the [breaking change notice](../develop/reference-breaking-changes.md#user-passwords-will-be-restricted-to-256-characters) for more details. ----### Azure AD sign-in logs are now available for all free tenants through the Azure portal --**Type:** Changed feature -**Service category:** Reporting -**Product capability:** Monitoring & Reporting - -Starting now, customers who have free tenants can access the [Azure AD sign-in logs from the Azure portal](../reports-monitoring/concept-sign-ins.md) for up to 7 days. Previously, sign-in logs were available only for customers with Azure Active Directory Premium licenses. With this change, all tenants can access these logs through the portal. --> [!NOTE] -> Customers still need a premium license (Azure Active Directory Premium P1 or P2) to access the sign-in logs through Microsoft Graph API and Azure Monitor. ----### Deprecation of Directory-wide groups option from Groups General Settings on Azure portal --**Type:** Deprecated -**Service category:** Group Management -**Product capability:** Collaboration --To provide a more flexible way for customers to create directory-wide groups that best meet their needs, we've replaced the **Directory-wide Groups** option from the **Groups** > **General** settings in the Azure portal with a link to [dynamic group documentation](../enterprise-users/groups-dynamic-membership.md). We've improved our documentation to include more instructions so administrators can create all-user groups that include or exclude guest users. ----## February 2020 --### Upcoming changes to custom controls --**Type:** Plan for change -**Service category:** MFA -**Product capability:** Identity Security & Protection - -We're planning to replace the current custom controls preview with an approach that allows partner-provided authentication capabilities to work seamlessly with the Azure Active Directory administrator and end user experiences. Today, partner multifactor authentication (MFA) solutions face the following limitations: they work only after a password has been entered; they don't serve as multifactor authentication (MFA) for step-up authentication in other key scenarios; and they don't integrate with end user or administrative credential management functions. The new implementation will allow partner-provided authentication factors to work alongside built-in factors for key scenarios, including registration, usage, multifactor authentication (MFA) claims, step up authentication, reporting, and logging. --Custom controls will continue to be supported in preview alongside the new design until it reaches general availability. At that point, we'll give customers time to migrate to the new design. Because of the limitations of the current approach, we won't onboard new providers until the new design is available. We're working closely with customers and providers and will communicate the timeline as we get closer. [Learn more](https://techcommunity.microsoft.com/t5/azure-active-directory-identity/upcoming-changes-to-custom-controls/ba-p/1144696#). ----### Identity Secure Score - multifactor authentication (MFA) improvement action updates --**Type:** Plan for change -**Service category:** MFA -**Product capability:** Identity Security & Protection - -To reflect the need for businesses to ensure the upmost security while applying policies that work with their business, Microsoft Secure Score is removing three improvement actions centered around multifactor authentication (MFA), and adding two. --The following improvement actions will be removed: --- Register all users for multifactor authentication (MFA)-- Require multifactor authentication (MFA) for all users-- Require multifactor authentication (MFA) for Azure AD privileged roles--The following improvement actions will be added: --- Ensure all users can complete multifactor authentication (MFA) for secure access-- Require multifactor authentication (MFA) for administrative roles--These new improvement actions will require registering your users or admins for multifactor authentication (MFA) across your directory and establishing the right set of policies that fit your organizational needs. The main goal is to have flexibility while ensuring all your users and admins can authenticate with multiple factors or risk-based identity verification prompts. This can take the form of setting security defaults that let Microsoft decide when to challenge users for multifactor authentication (MFA), or having multiple policies that apply scoped decisions. As part of these improvement action updates, Baseline protection policies will no longer be included in scoring calculations. [Read more about what's coming in Microsoft Secure Score](/microsoft-365/security/mtp/microsoft-secure-score-whats-coming). ----### Azure AD Domain Services SKU selection --**Type:** New feature -**Service category:** Azure AD Domain Services -**Product capability:** Azure AD Domain Services - -We've heard feedback that Azure AD Domain Services customers want more flexibility in selecting performance levels for their instances. Starting on February 1, 2020, we switched from a dynamic model (where Azure AD determines the performance and pricing tier based on object count) to a self-selection model. Now customers can choose a performance tier that matches their environment. This change also allows us to enable new scenarios like Resource Forests, and Premium features like daily backups. The object count is now unlimited for all SKUs, but we'll continue to offer object count suggestions for each tier. --**No immediate customer action is required.** For existing customers, the dynamic tier that was in use on February 1, 2020, determines the new default tier. There is no pricing or performance impact as the result of this change. Going forward, Azure AD DS customers will need to evaluate performance requirements as their directory size and workload characteristics change. Switching between service tiers will continue to be a no-downtime operation, and we'll no longer automatically move customers to new tiers based on the growth of their directory. Furthermore, there will be no price increases, and new pricing will align with our current billing model. For more information, see the [Azure AD DS SKUs documentation](../../active-directory-domain-services/administration-concepts.md#azure-ad-ds-skus) and the [Azure AD Domain Services pricing page](https://azure.microsoft.com/pricing/details/active-directory-ds/). --- -### New Federated Apps available in Azure AD App gallery - February 2020 --**Type:** New feature -**Service category:** Enterprise Apps -**Product capability:** 3rd Party Integration - -In February 2020, we've added these 31 new apps with Federation support to the app gallery: --[IamIP Patent Platform](../saas-apps/iamip-patent-platform-tutorial.md), - [Experience Cloud](../saas-apps/experience-cloud-tutorial.md), - [NS1 SSO For Azure](../saas-apps/ns1-sso-azure-tutorial.md), - [Barracuda Email Security Service](https://ess.barracudanetworks.com/sso/azure), - [ABa Reporting](https://myaba.co.uk/client-access/signin/auth/msad), - [In Case of Crisis - Online Portal](../saas-apps/in-case-of-crisis-online-portal-tutorial.md), - [BIC Cloud Design](../saas-apps/bic-cloud-design-tutorial.md), - [Beekeeper Azure AD Data Connector](../saas-apps/beekeeper-azure-ad-data-connector-tutorial.md), - [Korn Ferry Assessments](https://www.kornferry.com/solutions/kf-digital/kf-assess), - [Verkada Command](../saas-apps/verkada-command-tutorial.md), - [Splashtop](../saas-apps/splashtop-tutorial.md), - [Syxsense](../saas-apps/syxsense-tutorial.md), - [EAB Navigate](../saas-apps/eab-navigate-tutorial.md), - [New Relic (Limited Release)](../saas-apps/new-relic-limited-release-tutorial.md), - [Thulium](https://admin.thulium.com/login/instance), - [Ticket Manager](../saas-apps/ticketmanager-tutorial.md), - [Template Chooser for Teams](https://links.officeatwork.com/templatechooser-download-teams), - [Beesy](https://www.beesy.me/index.php/site/login), - [Health Support System](../saas-apps/health-support-system-tutorial.md), - [MURAL](https://app.mural.co/signup), - [Hive](../saas-apps/hive-tutorial.md), - [LavaDo](https://appsource.microsoft.com/product/web-apps/lavaloon.lavado_standard?tab=Overview), - [Wakelet](https://wakelet.com/login), - [Firmex VDR](../saas-apps/firmex-vdr-tutorial.md), - [ThingLink for Teachers and Schools](https://www.thinglink.com/), - [Coda](../saas-apps/coda-tutorial.md), - [NearpodApp](https://nearpod.com/signup/?oc=Microsoft&utm_campaign=Microsoft&utm_medium=site&utm_source=product), - [WEDO](../saas-apps/wedo-tutorial.md), - [InvitePeople](https://invitepeople.com/login), - [Reprints Desk - Article Galaxy](../saas-apps/reprints-desk-article-galaxy-tutorial.md), - [TeamViewer](../saas-apps/teamviewer-tutorial.md) -- -For more information about the apps, see [SaaS application integration with Azure Active Directory](../saas-apps/tutorial-list.md). For more information about listing your application in the Azure AD app gallery, see [List your application in the Azure Active Directory application gallery](../manage-apps/v2-howto-app-gallery-listing.md). --- -### New provisioning connectors in the Azure AD Application Gallery - February 2020 --**Type:** New feature -**Service category:** Enterprise Apps -**Product capability:** 3rd Party Integration - -You can now automate creating, updating, and deleting user accounts for these newly integrated apps: --- [Mixpanel](../saas-apps/mixpanel-provisioning-tutorial.md)-- [TeamViewer](../saas-apps/teamviewer-provisioning-tutorial.md)-- [Azure Databricks](/azure/databricks/administration-guide/users-groups/scim/aad)-- [PureCloud by Genesys](../saas-apps/purecloud-by-genesys-provisioning-tutorial.md)-- [Zapier](../saas-apps/zapier-provisioning-tutorial.md)--For more information about how to better secure your organization by using automated user account provisioning, see [Automate user provisioning to SaaS applications with Azure AD](../app-provisioning/user-provisioning.md). --- -### Azure AD support for FIDO2 security keys in hybrid environments --**Type:** New feature -**Service category:** Authentications (Logins) -**Product capability:** User Authentication - -We're announcing the public preview of Azure AD support for FIDO2 security keys in Hybrid environments. Users can now use FIDO2 security keys to sign in to their Hybrid Azure AD joined Windows 10 devices and get seamless sign-on to their on-premises and cloud resources. Support for Hybrid environments has been the top most-requested feature from our passwordless customers since we initially launched the public preview for FIDO2 support in Azure AD joined devices. Passwordless authentication using advanced technologies like biometrics and public/private key cryptography provide convenience and ease-of-use while being secure. With this public preview, you can now use modern authentication like FIDO2 security keys to access traditional Active Directory resources. For more information, go to [SSO to on-premises resources](../authentication/howto-authentication-passwordless-security-key-on-premises.md). --To get started, visit [enable FIDO2 security keys for your tenant](../authentication/howto-authentication-passwordless-security-key.md) for step-by-step instructions. --- -### The new My Account experience is now generally available --**Type:** Changed feature -**Service category:** My Profile/Account -**Product capability:** End User Experiences - -My Account, the one stop shop for all end-user account management needs, is now generally available! End users can access this new site via URL, or in the header of the new My Apps experience. Learn more about all the self-service capabilities the new experience offers at [My Account Portal Overview](https://support.microsoft.com/account-billing/my-account-portal-for-work-or-school-accounts-eab41bfe-3b9e-441e-82be-1f6e568d65fd). --- -### My Account site URL updating to myaccount.microsoft.com --**Type:** Changed feature -**Service category:** My Profile/Account -**Product capability:** End User Experiences - -The new My Account end user experience will be updating its URL to `https://myaccount.microsoft.com` in the next month. Find more information about the experience and all the account self-service capabilities it offers to end users at [My Account portal help](https://support.microsoft.com/account-billing/my-account-portal-for-work-or-school-accounts-eab41bfe-3b9e-441e-82be-1f6e568d65fd). ----## January 2020 - -### The new My Apps portal is now generally available --**Type:** Plan for change -**Service category:** My Apps -**Product capability:** End User Experiences - -Upgrade your organization to the new My Apps portal that is now generally available! Find more information on the new portal and collections at [Create collections on the My Apps portal](../manage-apps/access-panel-collections.md). --- -### Workspaces in Azure AD have been renamed to collections --**Type:** Changed feature -**Service category:** My Apps -**Product capability:** End User Experiences - -Workspaces, the filters admins can configure to organize their users' apps, will now be referred to as collections. Find more info on how to configure them at [Create collections on the My Apps portal](../manage-apps/access-panel-collections.md). --- -### Azure AD B2C Phone sign-up and sign-in using custom policy (Public Preview) --**Type:** New feature -**Service category:** B2C - Consumer Identity Management -**Product capability:** B2B/B2C - -With phone number sign-up and sign-in, developers and enterprises can allow their customers to sign up and sign in using a one-time password sent to the user's phone number via SMS. This feature also lets the customer change their phone number if they lose access to their phone. With the power of custom policies and phone sign-up and sign-in, allows developers and enterprises to communicate their brand through page customization. Find out how to [set up phone sign-up and sign-in with custom policies in Azure AD B2C](../../active-directory-b2c/phone-authentication-user-flows.md). - -- -### New provisioning connectors in the Azure AD Application Gallery - January 2020 --**Type:** New feature -**Service category:** Enterprise Apps -**Product capability:** 3rd Party Integration - -You can now automate creating, updating, and deleting user accounts for these newly integrated apps: --- [Promapp](../saas-apps/promapp-provisioning-tutorial.md)-- [Zscaler Private Access](../saas-apps/zscaler-private-access-provisioning-tutorial.md)--For more information about how to better secure your organization by using automated user account provisioning, see [Automate user provisioning to SaaS applications with Azure AD](../app-provisioning/user-provisioning.md). --- -### New Federated Apps available in Azure AD App gallery - January 2020 --**Type:** New feature -**Service category:** Enterprise Apps -**Product capability:** 3rd Party Integration - -In January 2020, we've added these 33 new apps with Federation support to the app gallery: --[JOSA](../saas-apps/josa-tutorial.md), [Fastly Edge Cloud](../saas-apps/fastly-edge-cloud-tutorial.md), [Terraform Enterprise](../saas-apps/terraform-enterprise-tutorial.md), [Spintr SSO](../saas-apps/spintr-sso-tutorial.md), [Abibot Netlogistik](https://azuremarketplace.microsoft.com/marketplace/apps/aad.abibotnetlogistik), [SkyKick](https://login.skykick.com/login?state=g6Fo2SBTd3M5Q0xBT0JMd3luS2JUTGlYN3pYTE1remJQZnR1c6N0aWTZIDhCSkwzYVQxX2ZMZjNUaWxNUHhCSXg2OHJzbllTcmYto2NpZNkgM0h6czk3ZlF6aFNJV1VNVWQzMmpHeFFDbDRIMkx5VEc&client=3Hzs97fQzhSIWUMUd32jGxQCl4H2LyTG&protocol=oauth2&audience=https://papi.skykick.com&response_type=code&redirect_uri=https://portal.skykick.com/callback&scope=openid%20profile%20offline_access), [Upshotly](../saas-apps/upshotly-tutorial.md), [LeaveBot](https://appsource.microsoft.com/en-us/product/office/WA200001175), [DataCamp](../saas-apps/datacamp-tutorial.md), [TripActions](../saas-apps/tripactions-tutorial.md), [SmartWork](https://www.intumit.com/teams-smartwork/), [Dotcom-Monitor](../saas-apps/dotcom-monitor-tutorial.md), [SSOGEN - Azure AD SSO Gateway for Oracle E-Business Suite - EBS, PeopleSoft, and JDE](../saas-apps/ssogen-tutorial.md), [Hosted MyCirqa SSO](../saas-apps/hosted-mycirqa-sso-tutorial.md), [Yuhu Property Management Platform](../saas-apps/yuhu-property-management-platform-tutorial.md), [LumApps](https://sites.lumapps.com/login), [Upwork Enterprise](../saas-apps/upwork-enterprise-tutorial.md), [Talentsoft](../saas-apps/talentsoft-tutorial.md), [SmartDB for Microsoft Teams](http://teams.smartdb.jp/login/), [PressPage](../saas-apps/presspage-tutorial.md), [ContractSafe Saml2 SSO](../saas-apps/contractsafe-saml2-sso-tutorial.md), [Maxient Conduct Manager Software](../saas-apps/maxient-conduct-manager-software-tutorial.md), [Helpshift](../saas-apps/helpshift-tutorial.md), [PortalTalk 365](https://www.portaltalk.com/), [CoreView](https://portal.coreview.com/), Squelch Cloud Office365 Connector, [PingFlow Authentication](https://app-staging.pingview.io/), [PrinterLogic SaaS](../saas-apps/printerlogic-saas-tutorial.md), [Taskize Connect](../saas-apps/taskize-connect-tutorial.md), [Sandwai](https://app.sandwai.com/), [EZRentOut](../saas-apps/ezrentout-tutorial.md), [AssetSonar](../saas-apps/assetsonar-tutorial.md), [Akari Virtual Assistant](https://akari.io/akari-virtual-assistant/) --For more information about the apps, see [SaaS application integration with Azure Active Directory](../saas-apps/tutorial-list.md). For more information about listing your application in the Azure AD app gallery, see [List your application in the Azure Active Directory application gallery](../manage-apps/v2-howto-app-gallery-listing.md). ----### Two new Identity Protection detections --**Type:** New feature -**Service category:** Identity Protection -**Product capability:** Identity Security & Protection - -We've added two new sign-in linked detection types to Identity Protection: Suspicious inbox manipulation rules and Impossible travel. These offline detections are discovered by Microsoft Cloud App Security (MCAS) and influence the user and sign-in risk in Identity Protection. For more information on these detections, see our [sign-in risk types](../identity-protection/concept-identity-protection-risks.md). - -- -### Breaking Change: URI Fragments will not be carried through the login redirect --**Type:** Changed feature -**Service category:** Authentications (Logins) -**Product capability:** User Authentication - -Starting on February 8, 2020, when a request is sent to login.microsoftonline.com to sign in a user, the service will append an empty fragment to the request. This prevents a class of redirect attacks by ensuring that the browser wipes out any existing fragment in the request. No application should have a dependency on this behavior. For more information, see [Breaking changes](../develop/reference-breaking-changes.md#february-2020) in the Microsoft identity platform documentation. ----## December 2019 --### Integrate SAP SuccessFactors provisioning into Azure AD and on-premises AD (Public Preview) --**Type:** New feature -**Service category:** App Provisioning -**Product capability:** Identity Lifecycle Management --You can now integrate SAP SuccessFactors as an authoritative identity source in Azure AD. This integration helps you automate the end-to-end identity lifecycle, including using HR-based events, like new hires or terminations, to control provisioning of Azure AD accounts. --For more information about how to set up SAP SuccessFactors inbound provisioning to Azure AD, see the [Configure SAP SuccessFactors automatic provisioning](../saas-apps/sap-successfactors-inbound-provisioning-tutorial.md) tutorial. ----### Support for customized emails in Azure AD B2C (Public Preview) --**Type:** New feature -**Service category:** B2C - Consumer Identity Management -**Product capability:** B2B/B2C --You can now use Azure AD B2C to create customized emails when your users sign up to use your apps. By using DisplayControls (currently in preview) and a third-party email provider (such as, [SendGrid](https://sendgrid.com/), [SparkPost](https://sparkpost.com/), or a custom REST API), you can use your own email template, **From** address, and subject text, as well as support localization and custom one-time password (OTP) settings. --For more information, see [Custom email verification in Azure Active Directory B2C](../../active-directory-b2c/custom-email-sendgrid.md). ----### Replacement of baseline policies with security defaults --**Type:** Changed feature -**Service category:** Other -**Product capability:** Identity Security and Protection --As part of a secure-by-default model for authentication, we're removing the existing baseline protection policies from all tenants. This removal is targeted for completion at the end of February. The replacement for these baseline protection policies is security defaults. If you've been using baseline protection policies, you must plan to move to the new security defaults policy or to Conditional Access. If you haven't used these policies, there is no action for you to take. --For more information about the new security defaults, see [What are security defaults?](./concept-fundamentals-security-defaults.md) For more information about Conditional Access policies, see [Common Conditional Access policies](../conditional-access/concept-conditional-access-policy-common.md). ----## November 2019 --### Support for the SameSite attribute and Chrome 80 --**Type:** Plan for change -**Service category:** Authentications (Logins) -**Product capability:** User Authentication --As part of a secure-by-default model for cookies, the Chrome 80 browser is changing how it treats cookies without the `SameSite` attribute. Any cookie that doesn't specify the `SameSite` attribute will be treated as though it was set to `SameSite=Lax`, which will result in Chrome blocking certain cross-domain cookie sharing scenarios that your app may depend on. To maintain the older Chrome behavior, you can use the `SameSite=None` attribute and add an additional `Secure` attribute, so cross-site cookies can only be accessed over HTTPS connections. Chrome is scheduled to complete this change by February 4, 2020. --We recommend all our developers test their apps using this guidance: --- Set the default value for the **Use Secure Cookie** setting to **Yes**.--- Set the default value for the **SameSite** attribute to **None**.--- Add an additional `SameSite` attribute of **Secure**.--For more information, see [Upcoming SameSite Cookie Changes in ASP.NET and ASP.NET Core](https://devblogs.microsoft.com/aspnet/upcoming-samesite-cookie-changes-in-asp-net-and-asp-net-core/) and [Potential disruption to customer websites and Microsoft products and services in Chrome version 79 and later](https://support.microsoft.com/help/4522904/potential-disruption-to-microsoft-services-in-chrome-beta-version-79). ----### New hotfix for Microsoft Identity Manager (MIM) 2016 Service Pack 2 (SP2) --**Type:** Fixed -**Service category:** Microsoft Identity Manager -**Product capability:** Identity Lifecycle Management --A hotfix rollup package (build 4.6.34.0) is available for Microsoft Identity Manager (MIM) 2016 Service Pack 2 (SP2). This rollup package resolves issues and adds improvements that are described in the "Issues fixed and improvements added in this update" section. --For more information and to download the hotfix package, see [Microsoft Identity Manager 2016 Service Pack 2 (build 4.6.34.0) Update Rollup is available](https://support.microsoft.com/help/4512924/microsoft-identity-manager-2016-service-pack-2-build-4-6-34-0-update-r). ----### New AD FS app activity report to help migrate apps to Azure AD (Public Preview) --**Type:** New feature -**Service category:** Enterprise Apps -**Product capability:** SSO --Use the new Active Directory Federation Services (AD FS) app activity report, in the Azure portal, to identify which of your apps are capable of being migrated to Azure AD. The report assesses all AD FS apps for compatibility with Azure AD, checks for any issues, and gives guidance about preparing individual apps for migration. --For more information, see [Use the AD FS application activity report to migrate applications to Azure AD](../manage-apps/migrate-adfs-application-activity.md). ----### New workflow for users to request administrator consent (Public Preview) --**Type:** New feature -**Service category:** Enterprise Apps -**Product capability:** Access Control --The new admin consent workflow gives admins a way to grant access to apps that require admin approval. If a user tries to access an app, but is unable to provide consent, they can now send a request for admin approval. The request is sent by email, and placed in a queue that's accessible from the Azure portal, to all the admins who have been designated as reviewers. After a reviewer takes action on a pending request, the requesting users are notified of the action. --For more information, see [Configure the admin consent workflow (preview)](../manage-apps/configure-admin-consent-workflow.md). ----### New Azure AD App Registrations Token configuration experience for managing optional claims (Public Preview) --**Type:** New feature -**Service category:** Other -**Product capability:** Developer Experience --The new **Azure AD App Registrations Token configuration** blade on the Azure portal now shows app developers a dynamic list of optional claims for their apps. This new experience helps to streamline Azure AD app migrations and to minimize optional claims misconfigurations. --For more information, see [Provide optional claims to your Azure AD app](../develop/active-directory-optional-claims.md). ----### New two-stage approval workflow in Azure AD entitlement management (Public Preview) --**Type:** New feature -**Service category:** Other -**Product capability:** Entitlement Management --We've introduced a new two-stage approval workflow that allows you to require two approvers to approve a user's request to an access package. For example, you can set it so the requesting user's manager must first approve, and then you can also require a resource owner to approve. If one of the approvers doesn't approve, access isn't granted. --For more information, see [Change request and approval settings for an access package in Azure AD entitlement management](../governance/entitlement-management-access-package-request-policy.md). ----### Updates to the My Apps page along with new workspaces (Public Preview) --**Type:** New feature -**Service category:** My Apps -**Product capability:** 3rd Party Integration --You can now customize the way your organization's users view and access the refreshed My Apps experience. This new experience also includes the new workspaces feature, which makes it easier for your users to find and organize apps. --For more information about the new My Apps experience and creating workspaces, see [Create workspaces on the My Apps portal](../manage-apps/access-panel-collections.md). ----### Google social ID support for Azure AD B2B collaboration (General Availability) --**Type:** New feature -**Service category:** B2B -**Product capability:** User Authentication --New support for using Google social IDs (Gmail accounts) in Azure AD helps to make collaboration simpler for your users and partners. There's no longer a need for your partners to create and manage a new Microsoft-specific account. Microsoft Teams now fully supports Google users on all clients and across the common and tenant-related authentication endpoints. --For more information, see [Add Google as an identity provider for B2B guest users](../external-identities/google-federation.md). ----### Microsoft Edge Mobile Support for Conditional Access and Single Sign-on (General Availability) --**Type:** New feature -**Service category:** Conditional Access -**Product capability:** Identity Security & Protection --Azure AD for Microsoft Edge on iOS and Android now supports Azure AD single sign-on and Conditional Access: --- **Microsoft Edge single sign-on (SSO):** Single sign-on is now available across native clients (such as Microsoft Outlook and Microsoft Edge) for all Azure AD -connected apps.--- **Microsoft Edge conditional access:** Through application-based conditional access policies, your users must use Microsoft Intune-protected browsers, such as Microsoft Edge.--For more information about conditional access and SSO with Microsoft Edge, see the [Microsoft Edge Mobile Support for Conditional Access and single sign-on Now Generally Available](https://techcommunity.microsoft.com/t5/Intune-Customer-Success/Microsoft-Edge-Mobile-Support-for-Conditional-Access-and-Single/ba-p/988179) blog post. For more information about how to set up your client apps using [app-based conditional access](../conditional-access/app-based-conditional-access.md) or [device-based conditional access](../conditional-access/require-managed-devices.md), see [Manage web access using a Microsoft Intune policy-protected browser](/intune/apps/app-configuration-managed-browser). ----### Azure AD entitlement management (General Availability) --**Type:** New feature -**Service category:** Other -**Product capability:** Entitlement Management --Azure AD entitlement management is a new identity governance feature, which helps organizations manage identity and access lifecycle at scale. This new feature helps by automating access request workflows, access assignments, reviews, and expiration across groups, apps, and SharePoint Online sites. --With Azure AD entitlement management, you can more efficiently manage access both for employees and also for users outside your organization who need access to those resources. --For more information, see [What is Azure AD entitlement management?](../governance/entitlement-management-overview.md#license-requirements) ----### Automate user account provisioning for these newly supported SaaS apps --**Type:** New feature -**Service category:** Enterprise Apps -**Product capability:** 3rd Party Integration --You can now automate creating, updating, and deleting user accounts for these newly integrated apps: --[SAP Cloud Platform Identity Authentication Service](../saas-apps/sap-hana-cloud-platform-identity-authentication-tutorial.md), [RingCentral](../saas-apps/ringcentral-provisioning-tutorial.md), [SpaceIQ](../saas-apps/spaceiq-provisioning-tutorial.md), [Miro](../saas-apps/miro-provisioning-tutorial.md), [Cloudgate](../saas-apps/soloinsight-cloudgate-sso-provisioning-tutorial.md), [Infor CloudSuite](../saas-apps/infor-cloudsuite-provisioning-tutorial.md), [OfficeSpace Software](../saas-apps/officespace-software-provisioning-tutorial.md), [Priority Matrix](../saas-apps/priority-matrix-provisioning-tutorial.md) --For more information about how to better secure your organization by using automated user account provisioning, see [Automate user provisioning to SaaS applications with Azure AD](../app-provisioning/user-provisioning.md). ----### New Federated Apps available in Azure AD App gallery - November 2019 --**Type:** New feature -**Service category:** Enterprise Apps -**Product capability:** 3rd Party Integration --In November 2019, we've added these 21 new apps with Federation support to the app gallery: --[Airtable](../saas-apps/airtable-tutorial.md), [Hootsuite](../saas-apps/hootsuite-tutorial.md), [Blue Access for Members (BAM)](../saas-apps/blue-access-for-members-tutorial.md), [Bitly](../saas-apps/bitly-tutorial.md), [Riva](../saas-apps/riva-tutorial.md), [ResLife Portal](https://app.reslifecloud.com/hub5_signin/microsoft_azuread/?g=44BBB1F90915236A97502FF4BE2952CB&c=5&uid=0&ht=2&ref=), [NegometrixPortal Single Sign On (SSO)](../saas-apps/negometrixportal-tutorial.md), [TeamsChamp](https://login.microsoftonline.com/551f45da-b68e-4498-a7f5-a6e1efaeb41c/adminconsent?client_id=ca9bbfa4-1316-4c0f-a9ee-1248ac27f8ab&redirect_uri=https://admin.teamschamp.com/api/adminconsent&state=6883c143-cb59-42ee-a53a-bdb5faabf279), [Motus](../saas-apps/motus-tutorial.md), [MyAryaka](../saas-apps/myaryaka-tutorial.md), [BlueMail](https://loginself1.bluemail.me/), [Beedle](https://teams-web.beedle.co/#/), [Visma](../saas-apps/visma-tutorial.md), [OneDesk](../saas-apps/onedesk-tutorial.md), [Foko Retail](../saas-apps/foko-retail-tutorial.md), [Qmarkets Idea & Innovation Management](../saas-apps/qmarkets-idea-innovation-management-tutorial.md), [Netskope User Authentication](../saas-apps/netskope-user-authentication-tutorial.md), [uniFLOW Online](../saas-apps/uniflow-online-tutorial.md), [Claromentis](../saas-apps/claromentis-tutorial.md), [Jisc Student Voter Registration](../saas-apps/jisc-student-voter-registration-tutorial.md), [e4enable](https://portal.e4enable.com/) --For more information about the apps, see [SaaS application integration with Azure Active Directory](../saas-apps/tutorial-list.md). For more information about listing your application in the Azure AD app gallery, see [List your application in the Azure Active Directory application gallery](../manage-apps/v2-howto-app-gallery-listing.md). ----### New and improved Azure AD application gallery --**Type:** Changed feature -**Service category:** Enterprise Apps -**Product capability:** SSO --We've updated the Azure AD application gallery to make it easier for you to find pre-integrated apps that support provisioning, OpenID Connect, and SAML on your Azure Active Directory tenant. --For more information, see [Add an application to your Azure Active Directory tenant](../manage-apps/add-application-portal.md). ----### Increased app role definition length limit from 120 to 240 characters --**Type:** Changed feature -**Service category:** Enterprise Apps -**Product capability:** SSO --We've heard from customers that the length limit for the app role definition value in some apps and services is too short at 120 characters. In response, we've increased the maximum length of the role value definition to 240 characters. --For more information about using application-specific role definitions, see [Add app roles in your application and receive them in the token](../develop/howto-add-app-roles-in-azure-ad-apps.md). ----## October 2019 --### Deprecation of the identityRiskEvent API for Azure AD Identity Protection risk detections --**Type:** Plan for change -**Service category:** Identity Protection -**Product capability:** Identity Security & Protection --In response to developer feedback, Azure AD Premium P2 subscribers can now perform complex queries on Azure AD Identity Protection's risk detection data by using the new riskDetection API for Microsoft Graph. The existing [identityRiskEvent](/graph/api/resources/identityprotection-root) API beta version will stop returning data around **January 10, 2020**. If your organization is using the identityRiskEvent API, you should transition to the new riskDetection API. --For more information about the new riskDetection API, see the [Risk detection API reference documentation](/graph/api/resources/riskdetection). ----### Application Proxy support for the SameSite Attribute and Chrome 80 --**Type:** Plan for change -**Service category:** App Proxy -**Product capability:** Access Control --A couple of weeks prior to the Chrome 80 browser release, we plan to update how Application Proxy cookies treat the **SameSite** attribute. With the release of Chrome 80, any cookie that doesn't specify the **SameSite** attribute will be treated as though it was set to `SameSite=Lax`. --To help avoid potentially negative impacts due to this change, we're updating Application Proxy access and session cookies by: --- Setting the default value for the **Use Secure Cookie** setting to **Yes**.--- Setting the default value for the **SameSite** attribute to **None**.-- >[!NOTE] - > Application Proxy access cookies have always been transmitted exclusively over secure channels. These changes only apply to session cookies. --For more information about the Application Proxy cookie settings, see [Cookie settings for accessing on-premises applications in Azure Active Directory](../app-proxy/application-proxy-configure-cookie-settings.md). ----### App registrations (legacy) and app management in the Application Registration Portal (apps.dev.microsoft.com) is no longer available --**Type:** Plan for change -**Service category:** N/A -**Product capability:** Developer Experience --Users with Azure AD accounts can no longer register or manage applications using the Application Registration Portal (apps.dev.microsoft.com), or register and manage applications in the App registrations (legacy) experience in the Azure portal. --To learn more about the new App registrations experience, see the [App registrations in the Azure portal training guide](../develop/quickstart-register-app.md). ----### Users are no longer required to re-register during migration from per-user multifactor authentication (MFA) to Conditional Access-based multifactor authentication (MFA) --**Type:** Fixed -**Service category:** MFA -**Product capability:** Identity Security & Protection --We've fixed a known issue whereby when users were required to re-register if they were disabled for per-user MultiFactor Authentication (MFA) and then enabled for multifactor authentication (MFA) through a Conditional Access policy. --To require users to re-register, you can select the **Required re-register multifactor authentication (MFA)** option from the user's authentication methods in the Azure portal. ----### New capabilities to transform and send claims in your SAML token --**Type:** New feature -**Service category:** Enterprise Apps -**Product capability:** SSO --We've added additional capabilities to help you to customize and send claims in your SAML token. These new capabilities include: --- Additional claims transformation functions, helping you to modify the value you send in the claim.--- Ability to apply multiple transformations to a single claim.--- Ability to specify the claim source, based on the user type and the group to which the user belongs.--For detailed information about these new capabilities, including how to use them, see [Customize claims issued in the SAML token for enterprise applications](../develop/active-directory-saml-claims-customization.md). ----### New My Sign-ins page for end users in Azure AD --**Type:** New feature -**Service category:** Authentications (Logins) -**Product capability:** Monitoring & Reporting --We've added a new **My Sign-ins** page (https://mysignins.microsoft.com) to let your organization's users view their recent sign-in history to check for any unusual activity. This new page allows your users to see: --- If anyone is attempting to guess their password.--- If an attacker successfully signed in to their account and from what location.--- What apps the attacker tried to access.--For more information, see the [Users can now check their sign-in history for unusual activity](https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Users-can-now-check-their-sign-in-history-for-unusual-activity/ba-p/916066) blog. ----### Migration of Azure AD Domain Services (Azure AD DS) from classic to Azure Resource Manager virtual networks --**Type:** New feature -**Service category:** Azure AD Domain Services -**Product capability:** Azure AD Domain Services --To our customers who have been stuck on classic virtual networks -- we have great news for you! You can now perform a one-time migration from a classic virtual network to an existing Resource Manager virtual network. After moving to the Resource Manager virtual network, you'll be able to take advantage of the additional and upgraded features such as, fine-grained password policies, email notifications, and audit logs. ----### Updates to the Azure AD B2C page contract layout --**Type:** New feature -**Service category:** B2C - Consumer Identity Management -**Product capability:** B2B/B2C --We've introduced some new changes to version 1.2.0 of the page contract for Azure AD B2C. In this updated version, you can now control the load order for your elements, which can also help to stop the flicker that happens when the style sheet (CSS) is loaded. --For a full list of the changes made to the page contract, see the [Version change log](../../active-directory-b2c/page-layout.md#other-pages-providerselection-claimsconsent-unifiedssd). ----### Update to the My Apps page along with new workspaces (Public preview) --**Type:** New feature -**Service category:** My Apps -**Product capability:** Access Control --You can now customize the way your organization's users view and access the brand-new My Apps experience, including using the new workspaces feature to make it easier for them to find apps. The new workspaces functionality acts as a filter for the apps your organization's users already have access to. --For more information on rolling out the new My Apps experience and creating workspaces, see [Create workspaces on the My Apps (preview) portal](../manage-apps/access-panel-collections.md). ----### Support for the monthly active user-based billing model (General availability) --**Type:** New feature -**Service category:** B2C - Consumer Identity Management -**Product capability:** B2B/B2C --Azure AD B2C now supports monthly active users (MAU) billing. MAU billing is based on the number of unique users with authentication activity during a calendar month. Existing customers can switch to this new billing method at any time. --Starting on November 1, 2019, all new customers will automatically be billed using this method. This billing method benefits customers through cost benefits and the ability to plan ahead. --For more information, see [Upgrade to monthly active users billing model](../../active-directory-b2c/billing.md#switch-to-mau-billing-pre-november-2019-azure-ad-b2c-tenants). ----### New Federated Apps available in Azure AD App gallery - October 2019 --**Type:** New feature -**Service category:** Enterprise Apps -**Product capability:** 3rd Party Integration --In October 2019, we've added these 35 new apps with Federation support to the app gallery: --[In Case of Crisis ΓÇô Mobile](../saas-apps/in-case-of-crisis-mobile-tutorial.md), [Juno Journey](../saas-apps/juno-journey-tutorial.md), [ExponentHR](../saas-apps/exponenthr-tutorial.md), [Tact](https://www.tact.ai/products/tact-assistant), [OpusCapita Cash Management](https://appsource.microsoft.com/product/web-apps/opuscapitagroupoy-1036255.opuscapita-cm), [Salestim](https://www.salestim.com/), [Learnster](../saas-apps/learnster-tutorial.md), [Dynatrace](../saas-apps/dynatrace-tutorial.md), [HunchBuzz](https://login.hunchbuzz.com/integrations/azure/process), [Freshworks](../saas-apps/freshworks-tutorial.md), [eCornell](../saas-apps/ecornell-tutorial.md), [ShipHazmat](../saas-apps/shiphazmat-tutorial.md), [Netskope Cloud Security](../saas-apps/netskope-cloud-security-tutorial.md), [Contentful](../saas-apps/contentful-tutorial.md), [Bindtuning](https://bindtuning.com/login), [HireVue Coordinate ΓÇô Europe](https://www.hirevue.com/), [HireVue Coordinate - USOnly](https://www.hirevue.com/), [HireVue Coordinate - US](https://www.hirevue.com/), [WittyParrot Knowledge Box](https://wittyapi.wittyparrot.com/wittyparrot/api/provision/trail/signup), [Cloudmore](../saas-apps/cloudmore-tutorial.md), [Visit.org](../saas-apps/visitorg-tutorial.md), [Cambium Xirrus EasyPass Portal](https://login.xirrus.com/azure-signup), [Paylocity](../saas-apps/paylocity-tutorial.md), [Mail Luck!](../saas-apps/mail-luck-tutorial.md), [Teamie](https://theteamie.com/), [Velocity for Teams](https://velocity.peakup.org/teams/login), [SIGNL4](https://account.signl4.com/manage), [EAB Navigate IMPL](../saas-apps/eab-navigate-impl-tutorial.md), [ScreenMeet](https://console.screenmeet.com/), [Omega Point](https://pi.ompnt.com/), [Speaking Email for Intune (iPhone)](https://speaking.email/FAQ/98/email-access-via-microsoft-intune), [Speaking Email for Office 365 Direct (iPhone/Android)](https://speaking.email/FAQ/126/email-access-via-microsoft-office-365-direct), [ExactCare SSO](../saas-apps/exactcare-sso-tutorial.md), [iHealthHome Care Navigation System](https://ihealthnav.com/account/signin), [Qubie](https://www.qubie.app/) --For more information about the apps, see [SaaS application integration with Azure Active Directory](../saas-apps/tutorial-list.md). For more information about listing your application in the Azure AD app gallery, see [List your application in the Azure Active Directory application gallery](../manage-apps/v2-howto-app-gallery-listing.md). ----### Consolidated Security menu item in the Azure portal --**Type:** Changed feature -**Service category:** Identity Protection -**Product capability:** Identity Security & Protection --You can now access all of the available Azure AD security features from the new **Security** menu item, and from the **Search** bar, in the Azure portal. Additionally, the new **Security** landing page, called **Security - Getting started**, will provide links to our public documentation, security guidance, and deployment guides. --The new **Security** menu includes: --- Conditional Access-- Identity Protection-- Security Center-- Identity Secure Score-- Authentication methods-- Multifactor authentication (MFA)-- Risk reports - Risky users, Risky sign-ins, Risk detections-- And more...--For more information, see [Security - Getting started](https://portal.azure.com/#blade/Microsoft_AAD_IAM/SecurityMenuBlade/GettingStarted). ----### Office 365 groups expiration policy enhanced with autorenewal --**Type:** Changed feature -**Service category:** Group Management -**Product capability:** Identity Lifecycle Management --The Office 365 groups expiration policy has been enhanced to automatically renew groups that are actively in use by its members. Groups will be autorenewed based on user activity across all the Office 365 apps, including Outlook, SharePoint, and Teams. --This enhancement helps to reduce your group expiration notifications and helps to make sure that active groups continue to be available. If you already have an active expiration policy for your Office 365 groups, you don't need to do anything to turn on this new functionality. --For more information, see [Configure the expiration policy for Office 365 groups](../enterprise-users/groups-lifecycle.md). ----### Updated Azure AD Domain Services (Azure AD DS) creation experience --**Type:** Changed feature -**Service category:** Azure AD Domain Services -**Product capability:** Azure AD Domain Services --We've updated Azure AD Domain Services (Azure AD DS) to include a new and improved creation experience, helping you to create a managed domain in just three clicks! In addition, you can now upload and deploy Azure AD DS from a template. --For more information, see [Tutorial: Create and configure an Azure Active Directory Domain Services instance](../../active-directory-domain-services/tutorial-create-instance.md). ----## September 2019 --### Plan for change: Deprecation of the Power BI content packs --**Type:** Plan for change -**Service category:** Reporting -**Product capability:** Monitoring & Reporting --Starting on October 1, 2019, Power BI will begin to deprecate all content packs, including the Azure AD Power BI content pack. As an alternative to this content pack, you can use Azure AD Workbooks to gain insights into your Azure AD-related services. Additional workbooks are coming, including workbooks about Conditional Access policies in report-only mode, app consent-based insights, and more. --For more information about the workbooks, see [How to use Azure Monitor workbooks for Azure Active Directory reports](../reports-monitoring/howto-use-azure-monitor-workbooks.md). For more information about the deprecation of the content packs, see the [Announcing Power BI template apps general availability](https://powerbi.microsoft.com/blog/announcing-power-bi-template-apps-general-availability/) blog post. ----### My Profile is renaming and integrating with the Microsoft Office account page --**Type:** Plan for change -**Service category:** My Profile/Account -**Product capability:** Collaboration --Starting in October, the My Profile experience will become My Account. As part of that change, everywhere that currently says, **My Profile** will change to **My Account**. On top of the naming change and some design improvements, the updated experience will offer additional integration with the Microsoft Office account page. Specifically, you'll be able to access Office installations and subscriptions from the **Overview Account** page, along with Office-related contact preferences from the **Privacy** page. --For more information about the My Profile (preview) experience, see [My Profile (preview) portal overview](https://support.microsoft.com/account-billing/my-account-portal-for-work-or-school-accounts-eab41bfe-3b9e-441e-82be-1f6e568d65fd). ----### Bulk manage groups and members using CSV files in the Azure portal (Public Preview) --**Type:** New feature -**Service category:** Group Management -**Product capability:** Collaboration --We're pleased to announce public preview availability of the bulk group management experiences in the Azure portal. You can now use a CSV file and the Azure portal to manage groups and member lists, including: --- Adding or removing members from a group.--- Downloading the list of groups from the directory.--- Downloading the list of group members for a specific group.--For more information, see [Bulk add members](../enterprise-users/groups-bulk-import-members.md), [Bulk remove members](../enterprise-users/groups-bulk-remove-members.md), [Bulk download members list](../enterprise-users/groups-bulk-download-members.md), and [Bulk download groups list](../enterprise-users/groups-bulk-download.md). ----### Dynamic consent is now supported through a new admin consent endpoint --**Type:** New feature -**Service category:** Authentications (Logins) -**Product capability:** User Authentication --We've created a new admin consent endpoint to support dynamic consent, which is helpful for apps that want to use the dynamic consent model on the Microsoft Identity platform. --For more information about how to use this new endpoint, see [Using the admin consent endpoint](../develop/v2-admin-consent.md). ----### New Federated Apps available in Azure AD App gallery - September 2019 --**Type:** New feature -**Service category:** Enterprise Apps -**Product capability:** 3rd Party Integration --In September 2019, we've added these 29 new apps with Federation support to the app gallery: --[ScheduleLook](https://schedulelook.bbsonlineservices.net/), [MS Azure SSO Access for Ethidex Compliance Office™ - Single sign-on](../saas-apps/ms-azure-sso-access-for-ethidex-compliance-office-tutorial.md), [iServer Portal](../saas-apps/iserver-portal-tutorial.md), [SKYSITE](../saas-apps/skysite-tutorial.md), [Concur Travel and Expense](../saas-apps/concur-travel-and-expense-tutorial.md), [WorkBoard](../saas-apps/workboard-tutorial.md), `https://apps.yeeflow.com/`, [ARC Facilities](../saas-apps/arc-facilities-tutorial.md), [Luware Stratus Team](https://stratus.emea.luware.cloud/login), [Wide Ideas](https://wideideas.online/wideideas/), [Prisma Cloud](../saas-apps/prisma-cloud-tutorial.md), [RENRAKU](../saas-apps/renraku-tutorial.md), [SealPath Secure Browser](https://protection.sealpath.com/SealPathInterceptorWopiSaas/Open/InstallSealPathEditorOneDrive), [Prisma Cloud](../saas-apps/prisma-cloud-tutorial.md), `https://app.penneo.com/`, `https://app.testhtm.com/settings/email-integration`, [Cintoo Cloud](https://aec.cintoo.com/login), [Whitesource](../saas-apps/whitesource-tutorial.md), [Hosted Heritage Online SSO](../saas-apps/hosted-heritage-online-sso-tutorial.md), [IDC](../saas-apps/idc-tutorial.md), [CakeHR](../saas-apps/cakehr-tutorial.md), [BIS](../saas-apps/bis-tutorial.md), [Coo Kai Team Build](https://ms-contacts.coo-kai.jp/), [Sonarqube](../saas-apps/sonarqube-tutorial.md), [Adobe Identity Management](../saas-apps/tutorial-list.md), [Discovery Benefits SSO](../saas-apps/discovery-benefits-sso-tutorial.md), [Amelio](https://app.amelio.co/), `https://itask.yipinapp.com/` --For more information about the apps, see [SaaS application integration with Azure Active Directory](../saas-apps/tutorial-list.md). For more information about listing your application in the Azure AD app gallery, see [List your application in the Azure Active Directory application gallery](../manage-apps/v2-howto-app-gallery-listing.md). ----### New Azure AD Global Reader role --**Type:** New feature -**Service category:** Azure AD roles -**Product capability:** Access Control --Starting on September 24, 2019, we're going to start rolling out a new Azure Active Directory (AD) role called Global Reader. This rollout will start with production and Global cloud customers (GCC), finishing up worldwide in October. --The Global Reader role is the read-only counterpart to Global Administrator. Users in this role can read settings and administrative information across Microsoft 365 services, but can't take management actions. We've created the Global Reader role to help reduce the number of Global Administrators in your organization. Because Global Administrator accounts are powerful and vulnerable to attack, we recommend that you have fewer than five Global Administrators. We recommend using the Global Reader role for planning, audits, or investigations. We also recommend using the Global Reader role in combination with other limited administrator roles, like Exchange Administrator, to help get work done without requiring the Global Administrator role. --The Global Reader role works with the new Microsoft 365 Admin Center, Exchange Admin Center, Teams Admin Center, Security Center, Microsoft Purview compliance portal, Azure portal, and the Device Management Admin Center. -->[!NOTE] -> At the start of public preview, the Global Reader role won't work with: SharePoint, Privileged Access Management, Customer Lockbox, sensitivity labels, Teams Lifecycle, Teams Reporting & Call Analytics, Teams IP Phone Device Management, and Teams App Catalog. --For more information, see [Administrator role permissions in Azure Active Directory](../roles/permissions-reference.md). ----### Access an on-premises Report Server from your Power BI Mobile app using Azure Active Directory Application Proxy --**Type:** New feature -**Service category:** App Proxy -**Product capability:** Access Control --New integration between the Power BI mobile app and Azure AD Application Proxy allows you to securely sign in to the Power BI mobile app and view any of your organization's reports hosted on the on-premises Power BI Report Server. --For information about the Power BI Mobile app, including where to download the app, see the [Power BI site](https://powerbi.microsoft.com/mobile/). For more information about how to set up the Power BI mobile app with Azure AD Application Proxy, see [Enable remote access to Power BI Mobile with Azure AD Application Proxy](../app-proxy/application-proxy-integrate-with-power-bi.md). ----### New version of the AzureADPreview PowerShell module is available --**Type:** Changed feature -**Service category:** Other -**Product capability:** Directory --New cmdlets were added to the AzureADPreview module, to help define and assign custom roles in Azure AD, including: --- `Add-AzureADMSFeatureRolloutPolicyDirectoryObject`-- `Get-AzureADMSFeatureRolloutPolicy`-- `New-AzureADMSFeatureRolloutPolicy`-- `Remove-AzureADMSFeatureRolloutPolicy`-- `Remove-AzureADMSFeatureRolloutPolicyDirectoryObject`-- `Set-AzureADMSFeatureRolloutPolicy`----### New version of Azure AD Connect --**Type:** Changed feature -**Service category:** Other -**Product capability:** Directory --We've released an updated version of Azure AD Connect for auto-upgrade customers. This new version includes several new features, improvements, and bug fixes. ----### Azure Active Directory Multi-Factor Authentication (MFA) Server, version 8.0.2 is now available --**Type:** Fixed -**Service category:** MFA -**Product capability:** Identity Security & Protection --If you're an existing customer, who activated Azure AD Multi-Factor Authentication (MFA) Server prior to July 1, 2019, you can now download the latest version of Azure AD Multi-Factor Authentication (MFA) Server (version 8.0.2). In this new version, we: --- Fixed an issue so when Azure AD sync changes a user from Disabled to Enabled, an email is sent to the user.--- Fixed an issue so customers can successfully upgrade, while continuing to use the Tags functionality.--- Added the Kosovo (+383) country code.--- Added one-time bypass audit logging to the MultiFactorAuthSvc.log.--- Improved performance for the Web Service SDK.--- Fixed other minor bugs.--Starting July 1, 2019, Microsoft stopped offering multifactor authentication (MFA) Server for new deployments. New customers who require multifactor authentication should use cloud-based Azure AD Multi-Factor Authentication. For more information, see [Planning a cloud-based Azure AD Multi-Factor Authentication deployment](../authentication/howto-mfa-getstarted.md). ----## August 2019 --### Enhanced search, filtering, and sorting for groups is available in the Azure portal (Public Preview) --**Type:** New feature -**Service category:** Group Management -**Product capability:** Collaboration --We're pleased to announce public preview availability of the enhanced groups-related experiences in the Azure portal. These enhancements help you better manage groups and member lists, by providing: --- Advanced search capabilities, such as substring search on groups lists.-- Advanced filtering and sorting options on member and owner lists.-- New search capabilities for member and owner lists.-- More accurate group counts for large groups.--For more information, see [Manage groups in the Azure portal](./active-directory-groups-members-azure-portal.md?context=azure%2factive-directory%2fusers-groups-roles%2fcontext%2fugr-context). ----### New custom roles are available for app registration management (Public Preview) --**Type:** New feature -**Service category:** Azure AD roles -**Product capability:** Access Control --Custom roles (available with an Azure AD P1 or P2 subscription) can now help provide you with fine-grained access, by letting you create role definitions with specific permissions and then to assign those roles to specific resources. Currently, you create custom roles by using permissions for managing app registrations and then assigning the role to a specific app. For more information about custom roles, see [Custom administrator roles in Azure Active Directory (preview)](../roles/custom-overview.md). --If you need other permissions or resources supported, which you don't currently see, you can send feedback to our [Azure feedback site](https://feedback.azure.com/d365community/forum/22920db1-ad25-ec11-b6e6-000d3a4f0789) and we'll add your request to our update road map. ----### New provisioning logs can help you monitor and troubleshoot your app provisioning deployment (Public Preview) --**Type:** New feature -**Service category:** App Provisioning -**Product capability:** Identity Lifecycle Management --New provisioning logs are available to help you monitor and troubleshoot the user and group provisioning deployment. These new log files include information about: --- What groups were successfully created in [ServiceNow](../saas-apps/servicenow-provisioning-tutorial.md)-- What roles were imported from [AWS Single-Account Access](../saas-apps/amazon-web-service-tutorial.md#configure-and-test-azure-ad-sso-for-aws-single-account-access)-- What employees weren't imported from [Workday](../saas-apps/workday-inbound-tutorial.md)--For more information, see [Provisioning reports in the Azure portal (preview)](../reports-monitoring/concept-provisioning-logs.md). ----### New security reports for all Azure AD administrators (General Availability) --**Type:** New feature -**Service category:** Identity Protection -**Product capability:** Identity Security & Protection --By default, all Azure AD administrators will soon be able to access modern security reports within Azure AD. Until the end of September, you'll be able to use the banner at the top of the modern security reports to return to the old reports. --The modern security reports will provide more capabilities from the older versions, including: --- Advanced filtering and sorting-- Bulk actions, such as dismissing user risk-- Confirmation of compromised or safe entities-- Risk state, covering: At risk, Dismissed, Remediated, and Confirmed compromised-- New risk-related detections (available to Azure AD Premium subscribers)--For more information, see [Risky users](../identity-protection/howto-identity-protection-investigate-risk.md#risky-users), [Risky sign-ins](../identity-protection/howto-identity-protection-investigate-risk.md#risky-sign-ins), and [Risk detections](../identity-protection/howto-identity-protection-investigate-risk.md#risk-detections). ----### User-assigned managed identity is available for Virtual Machines and Virtual Machine Scale Sets (General Availability) --**Type:** New feature -**Service category:** Managed identities for Azure resources -**Product capability:** Developer Experience --User-assigned managed identities are now generally available for Virtual Machines and Virtual Machine Scale Sets. As part of this, Azure can create an identity in the Azure AD tenant that's trusted by the subscription in use, and can be assigned to one or more Azure service instances. For more information about user-assigned managed identities, see [What is managed identities for Azure resources?](../managed-identities-azure-resources/overview.md). ----### Users can reset their passwords using a mobile app or hardware token (General Availability) --**Type:** Changed feature -**Service category:** Self Service Password Reset -**Product capability:** User Authentication --Users who have registered a mobile app with your organization can now reset their own password by approving a notification from the Microsoft Authenticator app or by entering a code from their mobile app or hardware token. --For more information, see [How it works: Azure AD self-service password reset](../authentication/concept-sspr-howitworks.md). For more information about the user experience, see [Reset your own work or school password overview](https://support.microsoft.com/account-billing/register-the-password-reset-verification-method-for-a-work-or-school-account-47a55d4a-05b0-4f67-9a63-f39a43dbe20a). ----### ADAL.NET ignores the MSAL.NET shared cache for on-behalf-of scenarios --**Type:** Fixed -**Service category:** Authentications (Logins) -**Product capability:** User Authentication --Starting with Azure AD authentication library (ADAL.NET) version 5.0.0-preview, app developers must [serialize one cache per account for web apps and web APIs](https://github.com/AzureAD/azure-activedirectory-library-for-dotnet/wiki/Token-cache-serialization#custom-token-cache-serialization-in-web-applications--web-api). Otherwise, some scenarios using the [on-behalf-of flow](../develop/scenario-web-api-call-api-app-configuration.md?tabs=java) for Java, along with some specific use cases of `UserAssertion`, may result in an elevation of privilege. To avoid this vulnerability, ADAL.NET now ignores the Microsoft Authentication Library for dotnet (MSAL.NET) shared cache for on-behalf-of scenarios. --For more information about this issue, see [Azure Active Directory Authentication Library Elevation of Privilege Vulnerability](https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2019-1258). ----### New Federated Apps available in Azure AD App gallery - August 2019 --**Type:** New feature -**Service category:** Enterprise Apps -**Product capability:** 3rd Party Integration --In August 2019, we've added these 26 new apps with Federation support to the app gallery: --[Civic Platform](../saas-apps/civic-platform-tutorial.md), [Amazon Business](../saas-apps/amazon-business-tutorial.md), [ProNovos Ops Manager](../saas-apps/pronovos-ops-manager-tutorial.md), [Cognidox](../saas-apps/cognidox-tutorial.md), [Viareport's Inativ Portal (Europe)](../saas-apps/viareports-inativ-portal-europe-tutorial.md), [Azure Databricks](https://azure.microsoft.com/services/databricks), [Robin](../saas-apps/robin-tutorial.md), [Academy Attendance](../saas-apps/academy-attendance-tutorial.md), [Cousto MySpace](https://cousto.platformers.be/account/login), [Uploadcare](https://uploadcare.com/accounts/signup/), [Carbonite Endpoint Backup](../saas-apps/carbonite-endpoint-backup-tutorial.md), [CPQSync by Cincom](../saas-apps/cpqsync-by-cincom-tutorial.md), [Chargebee](../saas-apps/chargebee-tutorial.md), [deliver.media™ Portal](https://portal.deliver.media), [Frontline Education](../saas-apps/frontline-education-tutorial.md), [F5](https://www.f5.com/products/security/access-policy-manager), [stashcat AD connect](https://www.stashcat.com), [Blink](../saas-apps/blink-tutorial.md), [Vocoli](../saas-apps/vocoli-tutorial.md), [ProNovos Analytics](../saas-apps/pronovos-analytics-tutorial.md), [Sigstr](../saas-apps/sigstr-tutorial.md), [Darwinbox](../saas-apps/darwinbox-tutorial.md), [Watch by Colors](../saas-apps/watch-by-colors-tutorial.md), [Harness](../saas-apps/harness-tutorial.md), [EAB Navigate Strategic Care](../saas-apps/eab-navigate-strategic-care-tutorial.md) --For more information about the apps, see [SaaS application integration with Azure Active Directory](../saas-apps/tutorial-list.md). For more information about listing your application in the Azure AD app gallery, see [List your application in the Azure Active Directory application gallery](../manage-apps/v2-howto-app-gallery-listing.md). ----### New versions of the AzureAD PowerShell and AzureADPreview PowerShell modules are available --**Type:** Changed feature -**Service category:** Other -**Product capability:** Directory --New updates to the AzureAD and AzureAD Preview PowerShell modules are available: --- A new `-Filter` parameter was added to the `Get-AzureADDirectoryRole` parameter in the AzureAD module. This parameter helps you filter on the directory roles returned by the cmdlet.-- New cmdlets were added to the AzureADPreview module, to help define and assign custom roles in Azure AD, including:-- - `Get-AzureADMSRoleAssignment` - - `Get-AzureADMSRoleDefinition` - - `New-AzureADMSRoleAssignment` - - `New-AzureADMSRoleDefinition` - - `Remove-AzureADMSRoleAssignment` - - `Remove-AzureADMSRoleDefinition` - - `Set-AzureADMSRoleDefinition` ----### Improvements to the UI of the dynamic group rule builder in the Azure portal --**Type:** Changed feature -**Service category:** Group Management -**Product capability:** Collaboration --We've made some UI improvements to the dynamic group rule builder, available in the Azure portal, to help you more easily set up a new rule, or change existing rules. This design improvement allows you to create rules with up to five expressions, instead of just one. We've also updated the device property list to remove deprecated device properties. --For more information, see [Manage dynamic membership rules](../enterprise-users/groups-dynamic-membership.md). ----### New Microsoft Graph app permission available for use with access reviews --**Type:** Changed feature -**Service category:** Access Reviews -**Product capability:** Identity Governance --We've introduced a new Microsoft Graph app permission, `AccessReview.ReadWrite.Membership`, which allows apps to automatically create and retrieve access reviews for group memberships and app assignments. This permission can be used by your scheduled jobs or as part of your automation, without requiring a logged-in user context. --For more information, see the [Example how to create Azure AD access reviews using Microsoft Graph app permissions with PowerShell blog](https://techcommunity.microsoft.com/t5/Azure-Active-Directory/Example-how-to-create-Azure-AD-access-reviews-using-Microsoft/m-p/807241). ----### Azure AD activity logs are now available for government cloud instances in Azure Monitor --**Type:** Changed feature -**Service category:** Reporting -**Product capability:** Monitoring & Reporting --We're excited to announce that Azure AD activity logs are now available for government cloud instances in Azure Monitor. You can now send Azure AD logs to your storage account or to an event hub to integrate with your SIEM tools, like [Sumologic](../reports-monitoring/howto-integrate-activity-logs-with-sumologic.md), [Splunk](../reports-monitoring/howto-integrate-activity-logs-with-splunk.md), and [ArcSight](../reports-monitoring/howto-integrate-activity-logs-with-arcsight.md). --For more information about setting up Azure Monitor, see [Azure AD activity logs in Azure Monitor](../reports-monitoring/concept-activity-logs-azure-monitor.md#cost-considerations). ----### Update your users to the new, enhanced security info experience --**Type:** Changed feature -**Service category:** Authentications (Logins) -**Product capability:** User Authentication --On September 25, 2019, we'll be turning off the old, non-enhanced security info experience for registering and managing user security info and only turning on the new, [enhanced version](https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Cool-enhancements-to-the-Azure-AD-combined-MFA-and-password/ba-p/354271). This means that your users will no longer be able to use the old experience. --For more information about the enhanced security info experience, see our [admin documentation](../authentication/concept-registration-mfa-sspr-combined.md) and our [user documentation](https://support.microsoft.com/account-billing/set-up-your-security-info-from-a-sign-in-prompt-28180870-c256-4ebf-8bd7-5335571bf9a8). --#### To turn on this new experience, you must: --1. Sign in to the Azure portal as a Global Administrator or User Administrator. --2. Go to **Azure Active Directory > User settings > Manage settings for access panel preview features**. --3. In the **Users can use preview features for registering and managing security info - enhanced** area, select **Selected**, and then either choose a group of users or choose **All** to turn on this feature for all users in the tenant. --4. In the **Users can use preview features for registering and managing security **info**** area, select **None**. --5. Save your settings. -- After you save your settings, you'll no longer have access to the old security info experience. -->[!Important] ->If you don't complete these steps before September 25, 2019, your Azure Active Directory tenant will be automatically enabled for the enhanced experience. If you have questions, please contact us at registrationpreview@microsoft.com. ----### Authentication requests using POST logins will be more strictly validated --**Type:** Changed feature -**Service category:** Authentications (Logins) -**Product capability:** Standards --Starting on September 2, 2019, authentication requests using the POST method will be more strictly validated against the HTTP standards. Specifically, spaces and double-quotes (") will no longer be removed from request form values. These changes aren't expected to break any existing clients, and will help to make sure that requests sent to Azure AD are reliably handled every time. --For more information, see the [Azure AD breaking changes notices](../develop/reference-breaking-changes.md#post-form-semantics-will-be-enforced-more-strictlyspaces-and-quotes-will-be-ignored). ----## July 2019 --### Plan for change: Application Proxy service update to support only TLS 1.2 --**Type:** Plan for change -**Service category:** App Proxy -**Product capability:** Access Control --To help provide you with our strongest encryption, we're going to begin limiting Application Proxy service access to only TLS 1.2 protocols. This limitation will initially be rolled out to customers who are already using TLS 1.2 protocols, so you won't see the impact. Complete deprecation of the TLS 1.0 and TLS 1.1 protocols will be complete on August 31, 2019. Customers still using TLS 1.0 and TLS 1.1 will receive advanced notice to prepare for this change. --To maintain the connection to the Application Proxy service throughout this change, we recommend that you make sure your client-server and browser-server combinations are updated to use TLS 1.2. We also recommend that you make sure to include any client systems used by your employees to access apps published through the Application Proxy service. --For more information, see [Add an on-premises application for remote access through Application Proxy in Azure Active Directory](../app-proxy/application-proxy-add-on-premises-application.md). ----### Plan for change: Design updates are coming for the Application Gallery --**Type:** Plan for change -**Service category:** Enterprise Apps -**Product capability:** SSO --New user interface changes are coming to the design of the **Add from the gallery** area of the **Add an application** blade. These changes will help you more easily find your apps that support automatic provisioning, OpenID Connect, Security Assertion Markup Language (SAML), and Password single sign-on (SSO). ----### Plan for change: Removal of the multifactor authentication (MFA) server IP address from the Office 365 IP address --**Type:** Plan for change -**Service category:** MFA -**Product capability:** Identity Security & Protection --We're removing the multifactor authentication (MFA) server IP address from the [Office 365 IP Address and URL Web service](/office365/enterprise/office-365-ip-web-service). If you currently rely on these pages to update your firewall settings, you must make sure you're also including the list of IP addresses documented in the **Azure Active Directory Multi-Factor Authentication Server firewall requirements** section of the [Getting started with the Azure Active Directory Multi-Factor Authentication Server](../authentication/howto-mfaserver-deploy.md#azure-multi-factor-authentication-server-firewall-requirements) article. ----### App-only tokens now require the client app to exist in the resource tenant --**Type:** Fixed -**Service category:** Authentications (Logins) -**Product capability:** User Authentication --On July 26, 2019, we changed how we provide app-only tokens through the [client credentials grant](../develop/v2-oauth2-client-creds-grant-flow.md). Previously, apps could get tokens to call other apps, regardless of whether the client app was in the tenant. We've updated this behavior so single-tenant resources, sometimes called Web APIs, can only be called by client apps that exist in the resource tenant. --If your app isn't located in the resource tenant, you'll get an error message that says, `The service principal named <app_name> was not found in the tenant named <tenant_name>. This can happen if the application has not been installed by the administrator of the tenant.` To fix this problem, you must create the client app service principal in the tenant, using either the [admin consent endpoint](../develop/v2-permissions-and-consent.md#using-the-admin-consent-endpoint) or [through PowerShell](../develop/howto-authenticate-service-principal-powershell.md), which ensures your tenant has given the app permission to operate within the tenant. --For more information, see [What's new for authentication?](../develop/reference-breaking-changes.md#app-only-tokens-for-single-tenant-applications-are-only-issued-if-the-client-app-exists-in-the-resource-tenant). --> [!NOTE] -> Existing consent between the client and the API continues to not be required. Apps should still be doing their own authorization checks. ----### New passwordless sign-in to Azure AD using FIDO2 security keys --**Type:** New feature -**Service category:** Authentications (Logins) -**Product capability:** User Authentication --Azure AD customers can now set policies to manage FIDO2 security keys for their organization's users and groups. End users can also self-register their security keys, use the keys to sign in to their Microsoft accounts on web sites while on FIDO-capable devices, and sign-in to their Azure AD-joined Windows 10 devices. --For more information, see [Enable passwordless sign in for Azure AD (preview)](../authentication/concept-authentication-passwordless.md) for administrator-related information, and [Set up security info to use a security key (Preview)](https://support.microsoft.com/account-billing/set-up-a-security-key-as-your-verification-method-2911cacd-efa5-4593-ae22-e09ae14c6698) for end-user-related information. ----### New Federated Apps available in Azure AD App gallery - July 2019 --**Type:** New feature -**Service category:** Enterprise Apps -**Product capability:** 3rd Party Integration --In July 2019, we've added these 18 new apps with Federation support to the app gallery: --[Ungerboeck Software](../saas-apps/ungerboeck-software-tutorial.md), [Bright Pattern Omnichannel Contact Center](../saas-apps/bright-pattern-omnichannel-contact-center-tutorial.md), [Clever Nelly](../saas-apps/clever-nelly-tutorial.md), [AcquireIO](../saas-apps/acquireio-tutorial.md), [Looop](https://www.looop.co/schedule-a-demo/), [productboard](../saas-apps/productboard-tutorial.md), [MS Azure SSO Access for Ethidex Compliance Office™](../saas-apps/ms-azure-sso-access-for-ethidex-compliance-office-tutorial.md), [Hype](../saas-apps/hype-tutorial.md), [Abstract](../saas-apps/abstract-tutorial.md), [Ascentis](../saas-apps/ascentis-tutorial.md), [Flipsnack](https://www.flipsnack.com/accounts/sign-in-sso.html), [Wandera](../saas-apps/wandera-tutorial.md), [TwineSocial](https://twinesocial.com/), [Kallidus](../saas-apps/kallidus-tutorial.md), [HyperAnna](../saas-apps/hyperanna-tutorial.md), [PharmID WasteWitness](https://pharmid.com/), [i2B Connect](https://www.i2b-online.com/sign-up-to-use-i2b-connect-here-sso-access/), [JFrog Artifactory](../saas-apps/jfrog-artifactory-tutorial.md) --For more information about the apps, see [SaaS application integration with Azure Active Directory](../saas-apps/tutorial-list.md). For more information about listing your application in the Azure AD app gallery, see [List your application in the Azure Active Directory application gallery](../manage-apps/v2-howto-app-gallery-listing.md). ----### Automate user account provisioning for these newly supported SaaS apps --**Type:** New feature -**Service category:** Enterprise Apps -**Product capability:** Monitoring & Reporting --You can now automate creating, updating, and deleting user accounts for these newly integrated apps: --- [Dialpad](../saas-apps/dialpad-provisioning-tutorial.md)--- [Federated Directory](../saas-apps/federated-directory-provisioning-tutorial.md)--- [Figma](../saas-apps/figma-provisioning-tutorial.md)--- [Leapsome](../saas-apps/leapsome-provisioning-tutorial.md)--- [Peakon](../saas-apps/peakon-provisioning-tutorial.md)--- [Smartsheet](../saas-apps/smartsheet-provisioning-tutorial.md)--For more information about how to better secure your organization by using automated user account provisioning, see [Automate user provisioning to SaaS applications with Azure AD](../app-provisioning/user-provisioning.md) ----### New Azure AD Domain Services service tag for Network Security Group --**Type:** New feature -**Service category:** Azure AD Domain Services -**Product capability:** Azure AD Domain Services --If you're tired of managing long lists of IP addresses and ranges, you can use the new **AzureActiveDirectoryDomainServices** network service tag in your Azure network security group to help secure inbound traffic to your Azure AD Domain Services virtual network subnet. --For more information about this new service tag, see [Network Security Groups for Azure AD Domain Services](../../active-directory-domain-services/network-considerations.md#network-security-groups-and-required-ports). ----### New Security Audits for Azure AD Domain Services (Public Preview) --**Type:** New feature -**Service category:** Azure AD Domain Services -**Product capability:** Azure AD Domain Services --We're pleased to announce the release of Azure AD Domain Service Security Auditing to public preview. Security auditing helps provide you with critical insight into your authentication services by streaming security audit events to targeted resources, including Azure Storage, Azure Log Analytics workspaces, and Azure Event Hubs, using the Azure AD Domain Service portal. --For more information, see [Enable Security Audits for Azure AD Domain Services (Preview)](../../active-directory-domain-services/security-audit-events.md). ----### New Authentication methods usage & insights (Public Preview) --**Type:** New feature -**Service category:** Self Service Password Reset -**Product capability:** Monitoring & Reporting --The new Authentication methods usage & insights reports can help you to understand how features like Azure AD Multi-Factor Authentication and self-service password reset are being registered and used in your organization, including the number of registered users for each feature, how often self-service password reset is used to reset passwords, and by which method the reset happens. --For more information, see [Authentication methods usage & insights (preview)](../authentication/howto-authentication-methods-activity.md). ----### New security reports are available for all Azure AD administrators (Public Preview) --**Type:** New feature -**Service category:** Identity Protection -**Product capability:** Identity Security & Protection --All Azure AD administrators can now select the banner at the top of existing security reports, such as the **Users flagged for risk** report, to start using the new security experience as shown in the **Risky users** and the **Risky sign-ins** reports. Over time, all of the security reports will move from the older versions to the new versions, with the new reports providing you the following additional capabilities: --- Advanced filtering and sorting--- Bulk actions, such as dismissing user risk--- Confirmation of compromised or safe entities--- Risk state, covering: At risk, Dismissed, Remediated, and Confirmed compromised--For more information, see [Risky users report](../identity-protection/howto-identity-protection-investigate-risk.md#risky-users) and [Risky sign-ins report](../identity-protection/howto-identity-protection-investigate-risk.md#risky-sign-ins). ----### New Security Audits for Azure AD Domain Services (Public Preview) --**Type:** New feature -**Service category:** Azure AD Domain Services -**Product capability:** Azure AD Domain Services --We're pleased to announce the release of Azure AD Domain Service Security Auditing to public preview. Security auditing helps provide you with critical insight into your authentication services by streaming security audit events to targeted resources, including Azure Storage, Azure Log Analytics workspaces, and Azure Event Hubs, using the Azure AD Domain Service portal. --For more information, see [Enable Security Audits for Azure AD Domain Services (Preview)](../../active-directory-domain-services/security-audit-events.md). ----### New B2B direct federation using SAML/WS-Fed (Public Preview) --**Type:** New feature -**Service category:** B2B -**Product capability:** B2B/B2C --Direct federation helps to make it easier for you to work with partners whose IT-managed identity solution is not Azure AD, by working with identity systems that support the SAML or WS-Fed standards. After you set up a direct federation relationship with a partner, any new guest user you invite from that domain can collaborate with you using their existing organizational account, making the user experience for your guests more seamless. --For more information, see [Direct federation with AD FS and third-party providers for guest users (preview)](../external-identities/direct-federation.md). ----### Automate user account provisioning for these newly supported SaaS apps --**Type:** New feature -**Service category:** Enterprise Apps -**Product capability:** Monitoring & Reporting --You can now automate creating, updating, and deleting user accounts for these newly integrated apps: --- [Dialpad](../saas-apps/dialpad-provisioning-tutorial.md)--- [Federated Directory](../saas-apps/federated-directory-provisioning-tutorial.md)--- [Figma](../saas-apps/figma-provisioning-tutorial.md)--- [Leapsome](../saas-apps/leapsome-provisioning-tutorial.md)--- [Peakon](../saas-apps/peakon-provisioning-tutorial.md)--- [Smartsheet](../saas-apps/smartsheet-provisioning-tutorial.md)--For more information about how to better secure your organization by using automated user account provisioning, see [Automate user provisioning to SaaS applications with Azure AD](../app-provisioning/user-provisioning.md). ----### New check for duplicate group names in the Azure portal --**Type:** New feature -**Service category:** Group Management -**Product capability:** Collaboration --Now, when you create or update a group name from the Azure portal, we'll perform a check to see if you are duplicating an existing group name in your resource. If we determine that the name is already in use by another group, you'll be asked to modify your name. --For more information, see [Manage groups in the Azure portal](./active-directory-groups-create-azure-portal.md?context=azure%2factive-directory%2fusers-groups-roles%2fcontext%2fugr-context). ----### Azure AD now supports static query parameters in reply (redirect) URIs --**Type:** New feature -**Service category:** Authentications (Logins) -**Product capability:** User Authentication --Azure AD apps can now register and use reply (redirect) URIs with static query parameters (for example, `https://contoso.com/oauth2?idp=microsoft`) for OAuth 2.0 requests. The static query parameter is subject to string matching for reply URIs, just like any other part of the reply URI. If there's no registered string that matches the URL-decoded redirect-uri, the request is rejected. If the reply URI is found, the entire string is used to redirect the user, including the static query parameter. --Dynamic reply URIs are still forbidden because they represent a security risk and can't be used to retain state information across an authentication request. For this purpose, use the `state` parameter. --Currently, the app registration screens of the Azure portal still block query parameters. However, you can manually edit the app manifest to add and test query parameters in your app. For more information, see [What's new for authentication?](../develop/reference-breaking-changes.md#redirect-uris-can-now-contain-query-string-parameters). ----### Activity logs (MS Graph APIs) for Azure AD are now available through PowerShell Cmdlets --**Type:** New feature -**Service category:** Reporting -**Product capability:** Monitoring & Reporting --We're excited to announce that Azure AD activity logs (Audit and Sign-ins reports) are now available through the Azure AD PowerShell module. Previously, you could create your own scripts using MS Graph API endpoints, and now we've extended that capability to PowerShell cmdlets. --For more information about how to use these cmdlets, see [Azure AD PowerShell cmdlets for reporting](../reports-monitoring/reference-powershell-reporting.md). ----### Updated filter controls for Audit and Sign-in logs in Azure AD --**Type:** Changed feature -**Service category:** Reporting -**Product capability:** Monitoring & Reporting --We've updated the Audit and Sign-in log reports so you can now apply various filters without having to add them as columns on the report screens. Additionally, you can now decide how many filters you want to show on the screen. These updates all work together to make your reports easier to read and more scoped to your needs. --For more information about these updates, see [Filter audit logs](../reports-monitoring/concept-audit-logs.md#filtering-audit-logs) and [Filter sign-in activities](../reports-monitoring/concept-sign-ins.md#filter-sign-in-activities). ----## June 2019 --### New riskDetections API for Microsoft Graph (Public preview) --**Type:** New feature -**Service category:** Identity Protection -**Product capability:** Identity Security & Protection --We're pleased to announce the new riskDetections API for Microsoft Graph is now in public preview. You can use this new API to view a list of your organization's Identity Protection-related user and sign-in risk detections. You can also use this API to more efficiently query your risk detections, including details about the detection type, status, level, and more. --For more information, see the [Risk detection API reference documentation](/graph/api/resources/riskdetection). ----### New Federated Apps available in Azure AD app gallery - June 2019 --**Type:** New feature -**Service category:** Enterprise Apps -**Product capability:** 3rd Party Integration --In June 2019, we've added these 22 new apps with Federation support to the app gallery: --[Azure AD SAML Toolkit](../saas-apps/saml-toolkit-tutorial.md), [Otsuka Shokai (σñºσíÜσòåΣ╝Ü)](../saas-apps/otsuka-shokai-tutorial.md), [ANAQUA](../saas-apps/anaqua-tutorial.md), [Azure VPN Client](https://portal.azure.com/), [ExpenseIn](../saas-apps/expensein-tutorial.md), [Helper Helper](../saas-apps/helper-helper-tutorial.md), [Costpoint](../saas-apps/costpoint-tutorial.md), [GlobalOne](../saas-apps/globalone-tutorial.md), [Mercedes-Benz In-Car Office](https://me.secure.mercedes-benz.com/), [Skore](https://app.justskore.it/), [Oracle Cloud Infrastructure Console](../saas-apps/oracle-cloud-tutorial.md), [CyberArk SAML Authentication](../saas-apps/cyberark-saml-authentication-tutorial.md), [Scrible Edu](https://www.scrible.com/sign-in/#/create-account), [PandaDoc](../saas-apps/pandadoc-tutorial.md), [Vtiger CRM (SAML)](../saas-apps/vtiger-crm-saml-tutorial.md), Oracle Access Manager for Oracle Retail Merchandising, Oracle Access Manager for Oracle E-Business Suite, Oracle IDCS for E-Business Suite, Oracle IDCS for PeopleSoft, Oracle IDCS for JD Edwards --For more information about the apps, see [SaaS application integration with Azure Active Directory](../saas-apps/tutorial-list.md). For more information about listing your application in the Azure AD app gallery, see [List your application in the Azure Active Directory application gallery](../manage-apps/v2-howto-app-gallery-listing.md). ----### Automate user account provisioning for these newly supported SaaS apps --**Type:** New feature -**Service category:** Enterprise Apps -**Product capability:** Monitoring & Reporting --You can now automate creating, updating, and deleting user accounts for these newly integrated apps: --- [Zoom](../saas-apps/zoom-provisioning-tutorial.md)--- [Envoy](../saas-apps/envoy-provisioning-tutorial.md)--- [Proxyclick](../saas-apps/proxyclick-provisioning-tutorial.md)--- [4me](../saas-apps/4me-provisioning-tutorial.md)--For more information about how to better secure your organization by using automated user account provisioning, see [Automate user provisioning to SaaS applications with Azure AD](../app-provisioning/user-provisioning.md) ----### View the real-time progress of the Azure AD provisioning service --**Type:** Changed feature -**Service category:** App Provisioning -**Product capability:** Identity Lifecycle Management --We've updated the Azure AD provisioning experience to include a new progress bar that shows you how far you are in the user provisioning process. This updated experience also provides information about the number of users provisioned during the current cycle, as well as how many users have been provisioned to date. --For more information, see [Check the status of user provisioning](../app-provisioning/application-provisioning-when-will-provisioning-finish-specific-user.md). ----### Company branding now appears on sign out and error screens --**Type:** Changed feature -**Service category:** Authentications (Logins) -**Product capability:** User Authentication --We've updated Azure AD so that your company branding now appears on the sign out and error screens, as well as the sign-in page. You don't have to do anything to turn on this feature, Azure AD simply uses the assets you've already set up in the **Company branding** area of the Azure portal. --For more information about setting up your company branding, see [Add branding to your organization's Azure Active Directory pages](./customize-branding.md). ----### Azure Active Directory Multi-Factor Authentication (MFA) Server is no longer available for new deployments --**Type:** Deprecated -**Service category:** MFA -**Product capability:** Identity Security & Protection --As of July 1, 2019, Microsoft will no longer offer multifactor authentication (MFA) Server for new deployments. New customers who want to require multifactor authentication in their organization must now use cloud-based Azure AD Multi-Factor Authentication. Customers who activated multifactor authentication (MFA) Server prior to July 1 won't see a change. You'll still be able to download the latest version, get future updates, and generate activation credentials. --For more information, see [Getting started with the Azure Active Directory Multi-Factor Authentication Server](../authentication/howto-mfaserver-deploy.md). For more information about cloud-based Azure AD Multi-Factor Authentication, see [Planning a cloud-based Azure AD Multi-Factor Authentication deployment](../authentication/howto-mfa-getstarted.md). ----## May 2019 --### Service change: Future support for only TLS 1.2 protocols on the Application Proxy service --**Type:** Plan for change -**Service category:** App Proxy -**Product capability:** Access Control --To help provide best-in-class encryption for our customers, we're limiting access to only TLS 1.2 protocols on the Application Proxy service. This change is gradually being rolled out to customers who are already only using TLS 1.2 protocols, so you shouldn't see any changes. --Deprecation of TLS 1.0 and TLS 1.1 happens on August 31, 2019, but we'll provide additional advanced notice, so you'll have time to prepare for this change. To prepare for this change make sure your client-server and browser-server combinations, including any clients your users use to access apps published through Application Proxy, are updated to use the TLS 1.2 protocol to maintain the connection to the Application Proxy service. For more information, see [Add an on-premises application for remote access through Application Proxy in Azure Active Directory](../app-proxy/application-proxy-add-on-premises-application.md#prerequisites). ----### Use the usage and insights report to view your app-related sign-in data --**Type:** New feature -**Service category:** Enterprise Apps -**Product capability:** Monitoring & Reporting --You can now use the usage and insights report, located in the **Enterprise applications** area of the Azure portal, to get an application-centric view of your sign-in data, including info about: --- Top used apps for your organization--- Apps with the most failed sign-ins--- Top sign-in errors for each app--For more information about this feature, see [Usage and insights report in the Azure portal](../reports-monitoring/concept-usage-insights-report.md) ----### Automate your user provisioning to cloud apps using Azure AD --**Type:** New feature -**Service category:** Enterprise Apps -**Product capability:** Monitoring & Reporting --Follow these new tutorials to use the Azure AD Provisioning Service to automate the creation, deletion, and updating of user accounts for the following cloud-based apps: --- [Comeet](../saas-apps/comeet-recruiting-software-provisioning-tutorial.md)--- [DynamicSignal](../saas-apps/dynamic-signal-provisioning-tutorial.md)--- [KeeperSecurity](../saas-apps/keeper-password-manager-digitalvault-provisioning-tutorial.md)--You can also follow this new [Dropbox tutorial](../saas-apps/dropboxforbusiness-provisioning-tutorial.md), which provides info about how to provision group objects. --For more information about how to better secure your organization through automated user account provisioning, see [Automate user provisioning to SaaS applications with Azure AD](../app-provisioning/user-provisioning.md). ----### Identity secure score is now available in Azure AD (General availability) --**Type:** New feature -**Service category:** N/A -**Product capability:** Identity Security & Protection --You can now monitor and improve your identity security posture by using the identity secure score feature in Azure AD. The identity secure score feature uses a single dashboard to help you: --- Objectively measure your identity security posture, based on a score between 1 and 223.--- Plan for your identity security improvements--- Review the success of your security improvements--For more information about the identity security score feature, see [What is the identity secure score in Azure Active Directory?](./identity-secure-score.md). ----### New App registrations experience is now available (General availability) --**Type:** New feature -**Service category:** Authentications (Logins) -**Product capability:** Developer Experience --The new [App registrations](https://aka.ms/appregistrations) experience is now in general availability. This new experience includes all the key features you're familiar with from the Azure portal and the Application Registration portal and improves upon them through: --- **Better app management.** Instead of seeing your apps across different portals, you can now see all your apps in one location.--- **Simplified app registration.** From the improved navigation experience to the revamped permission selection experience, it's now easier to register and manage your apps.--- **More detailed information.** You can find more details about your app, including quickstart guides and more.--For more information, see [Microsoft identity platform](../develop/index.yml) and the [App registrations experience is now generally available!](https://developer.microsoft.com/identity/blogs/new-app-registrations-experience-is-now-generally-available/) blog announcement. ----### New capabilities available in the Risky Users API for Identity Protection --**Type:** New feature -**Service category:** Identity Protection -**Product capability:** Identity Security & Protection --We're pleased to announce that you can now use the Risky Users API to retrieve users' risk history, dismiss risky users, and to confirm users as compromised. This change helps you to more efficiently update the risk status of your users and understand their risk history. --For more information, see the [Risky Users API reference documentation](/graph/api/resources/riskyuser). ----### New Federated Apps available in Azure AD app gallery - May 2019 --**Type:** New feature -**Service category:** Enterprise Apps -**Product capability:** 3rd Party Integration --In May 2019, we've added these 21 new apps with Federation support to the app gallery: --[Freedcamp](../saas-apps/freedcamp-tutorial.md), [Real Links](../saas-apps/real-links-tutorial.md), [Kianda](https://app.kianda.com/sso/OpenID/AzureAD/), [Simple Sign](../saas-apps/simple-sign-tutorial.md), [Braze](../saas-apps/braze-tutorial.md), [Displayr](../saas-apps/displayr-tutorial.md), [Templafy](../saas-apps/templafy-tutorial.md), [Marketo Sales Engage](https://toutapp.com/login), [ACLP](../saas-apps/aclp-tutorial.md), [OutSystems](../saas-apps/outsystems-tutorial.md), [Meta4 Global HR](../saas-apps/meta4-global-hr-tutorial.md), [Quantum Workplace](../saas-apps/quantum-workplace-tutorial.md), [Cobalt](../saas-apps/cobalt-tutorial.md), [webMethods API Cloud](../saas-apps/webmethods-integration-cloud-tutorial.md), [RedFlag](https://pocketstop.com/redflag/), [Whatfix](../saas-apps/whatfix-tutorial.md), [Control](../saas-apps/control-tutorial.md), [JOBHUB](../saas-apps/jobhub-tutorial.md), [NEOGOV](../saas-apps/neogov-tutorial.md), [Foodee](../saas-apps/foodee-tutorial.md), [MyVR](../saas-apps/myvr-tutorial.md) --For more information about the apps, see [SaaS application integration with Azure Active Directory](../saas-apps/tutorial-list.md). For more information about listing your application in the Azure AD app gallery, see [List your application in the Azure Active Directory application gallery](../manage-apps/v2-howto-app-gallery-listing.md). ----### Improved groups creation and management experiences in the Azure portal --**Type:** New feature -**Service category:** Group Management -**Product capability:** Collaboration --We've made improvements to the groups-related experiences in the Azure portal. These improvements allow administrators to better manage groups lists, members lists, and to provide additional creation options. --Improvements include: --- Basic filtering by membership type and group type.--- Addition of new columns, such as Source and Email address.--- Ability to multi-select groups, members, and owner lists for easy deletion.--- Ability to choose an email address and add owners during group creation.--For more information, see [Create a basic group and add members using Azure Active Directory](./active-directory-groups-create-azure-portal.md). ----### Configure a naming policy for Office 365 groups in Azure portal (General availability) --**Type:** Changed feature -**Service category:** Group Management -**Product capability:** Collaboration --Administrators can now configure a naming policy for Office 365 groups, using the Azure portal. This change helps to enforce consistent naming conventions for Office 365 groups created or edited by users in your organization. --You can configure naming policy for Office 365 groups in two different ways: --- Define prefixes or suffixes, which are automatically added to a group name.--- Upload a customized set of blocked words for your organization, which aren't allowed in group names (for example, "CEO, Payroll, HR").--For more information, see [Enforce a Naming Policy for Office 365 groups](../enterprise-users/groups-naming-policy.md). ----### Microsoft Graph API endpoints are now available for Azure AD activity logs (General availability) --**Type:** Changed feature -**Service category:** Reporting -**Product capability:** Monitoring & Reporting --We're happy to announce general availability of Microsoft Graph API endpoints support for Azure AD activity logs. With this release, you can now use Version 1.0 of both the Azure AD audit logs, as well as the sign-in logs APIs. --For more information, see [Azure AD audit log API overview](/graph/api/resources/azure-ad-auditlog-overview). ----### Administrators can now use Conditional Access for the combined registration process (Public preview) --**Type:** New feature -**Service category:** Conditional Access -**Product capability:** Identity Security & Protection --Administrators can now create Conditional Access policies for use by the combined registration page. This includes applying policies to allow registration if: --- Users are on a trusted network.--- Users are a low sign-in risk.--- Users are on a managed device.--- Users agree to the organization's terms of use (TOU).--For more information about Conditional Access and password reset, you can see the [Conditional Access for the Azure AD combined MFA and password reset registration experience blog post](https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Conditional-access-for-the-Azure-AD-combined-MFA-and-password/ba-p/566348). For more information about Conditional Access policies for the combined registration process, see [Conditional Access policies for combined registration](../authentication/howto-registration-mfa-sspr-combined.md#conditional-access-policies-for-combined-registration). For more information about the Azure AD terms of use feature, see [Azure Active Directory terms of use feature](../conditional-access/terms-of-use.md). ----## April 2019 --### New Azure AD threat intelligence detection is now available as part of Azure AD Identity Protection --**Type:** New feature -**Service category:** Azure AD Identity Protection -**Product capability:** Identity Security & Protection --Azure AD threat intelligence detection is now available as part of the updated Azure AD Identity Protection feature. This new functionality helps to indicate unusual user activity for a specific user or activity that's consistent with known attack patterns based on Microsoft's internal and external threat intelligence sources. --For more information about the refreshed version of Azure AD Identity Protection, see the [Four major Azure AD Identity Protection enhancements are now in public preview](https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Four-major-Azure-AD-Identity-Protection-enhancements-are-now-in/ba-p/326935) blog and the [What is Azure Active Directory Identity Protection (refreshed)?](../identity-protection/overview-identity-protection.md) article. For more information about Azure AD threat intelligence detection, see the [Azure Active Directory Identity Protection risk detections](../identity-protection/concept-identity-protection-risks.md) article. ----### Azure AD entitlement management is now available (Public preview) --**Type:** New feature -**Service category:** Identity Governance -**Product capability:** Identity Governance --Azure AD entitlement management, now in public preview, helps customers to delegate management of access packages, which defines how employees and business partners can request access, who must approve, and how long they have access. Access packages can manage membership in Azure AD and Office 365 groups, role assignments in enterprise applications, and role assignments for SharePoint Online sites. Read more about entitlement management at the [overview of Azure AD entitlement management](../governance/entitlement-management-overview.md). To learn more about the breadth of Azure AD Identity Governance features, including Privileged Identity Management, access reviews and terms of use, see [What is Azure AD Identity Governance?](../governance/identity-governance-overview.md). ----### Configure a naming policy for Office 365 groups in Azure portal (Public preview) --**Type:** New feature -**Service category:** Group Management -**Product capability:** Collaboration --Administrators can now configure a naming policy for Office 365 groups, using the Azure portal. This change helps to enforce consistent naming conventions for Office 365 groups created or edited by users in your organization. --You can configure naming policy for Office 365 groups in two different ways: --- Define prefixes or suffixes, which are automatically added to a group name.--- Upload a customized set of blocked words for your organization, which are not allowed in group names (for example, "CEO, Payroll, HR").--For more information, see [Enforce a Naming Policy for Office 365 groups](../enterprise-users/groups-naming-policy.md). ----### Azure AD Activity logs are now available in Azure Monitor (General availability) --**Type:** New feature -**Service category:** Reporting -**Product capability:** Monitoring & Reporting --To help address your feedback about visualizations with the Azure AD Activity logs, we're introducing a new Insights feature in Log Analytics. This feature helps you gain insights about your Azure AD resources by using our interactive templates, called Workbooks. These pre-built Workbooks can provide details for apps or users, and include: --- **Sign-ins.** Provides details for apps and users, including sign-in location, the in-use operating system or browser client and version, and the number of successful or failed sign-ins.--- **Legacy authentication and Conditional Access.** Provides details for apps and users using legacy authentication, including multifactor authentication usage triggered by Conditional Access policies, apps using Conditional Access policies, and so on.--- **Sign-in failure analysis.** Helps you to determine if your sign-in errors are occurring due to a user action, policy issues, or your infrastructure.--- **Custom reports.** You can create new, or edit existing Workbooks to help customize the Insights feature for your organization.--For more information, see [How to use Azure Monitor workbooks for Azure Active Directory reports](../reports-monitoring/howto-use-azure-monitor-workbooks.md). ----### New Federated Apps available in Azure AD app gallery - April 2019 --**Type:** New feature -**Service category:** Enterprise Apps -**Product capability:** 3rd Party Integration --In April 2019, we've added these 21 new apps with Federation support to the app gallery: --[SAP Fiori](../saas-apps/sap-fiori-tutorial.md), [HRworks Single Sign-On](../saas-apps/hrworks-single-sign-on-tutorial.md), [Percolate](../saas-apps/percolate-tutorial.md), [MobiControl](../saas-apps/mobicontrol-tutorial.md), [Citrix NetScaler](../saas-apps/citrix-netscaler-tutorial.md), [Shibumi](../saas-apps/shibumi-tutorial.md), [Benchling](../saas-apps/benchling-tutorial.md), [MileIQ](https://mileiq.onelink.me/991934284/7e980085), [PageDNA](../saas-apps/pagedna-tutorial.md), [EduBrite LMS](../saas-apps/edubrite-lms-tutorial.md), [RStudio Connect](../saas-apps/rstudio-connect-tutorial.md), [AMMS](../saas-apps/amms-tutorial.md), [Mitel Connect](../saas-apps/mitel-connect-tutorial.md), [Alibaba Cloud (Role-based SSO)](../saas-apps/alibaba-cloud-service-role-based-sso-tutorial.md), [Certent Equity Management](../saas-apps/certent-equity-management-tutorial.md), [Sectigo Certificate Manager](../saas-apps/sectigo-certificate-manager-tutorial.md), [GreenOrbit](../saas-apps/greenorbit-tutorial.md), [Workgrid](../saas-apps/workgrid-tutorial.md), [monday.com](../saas-apps/mondaycom-tutorial.md), [SurveyMonkey Enterprise](../saas-apps/surveymonkey-enterprise-tutorial.md), [Indiggo](https://indiggolead.com/) --For more information about the apps, see [SaaS application integration with Azure Active Directory](../saas-apps/tutorial-list.md). For more information about listing your application in the Azure AD app gallery, see [List your application in the Azure Active Directory application gallery](../manage-apps/v2-howto-app-gallery-listing.md). ----### New access reviews frequency option and multiple role selection --**Type:** New feature -**Service category:** Access Reviews -**Product capability:** Identity Governance --New updates in Azure AD access reviews allow you to: --- Change the frequency of your access reviews to **semi-annually**, in addition to the previously existing options of weekly, monthly, quarterly, and annually.--- Select multiple Azure AD and Azure resource roles when creating a single access review. In this situation, all roles are set up with the same settings and all reviewers are notified at the same time.--For more information about how to create an access review, see [Create an access review of groups or applications in Azure AD access reviews](../governance/create-access-review.md). ----### Azure AD Connect email alert system(s) are transitioning, sending new email sender information for some customers --**Type:** Changed feature -**Service category:** AD Sync -**Product capability:** Platform --Azure AD Connect is in the process of transitioning our email alert system(s), potentially showing some customers a new email sender. To address this, you must add `azure-noreply@microsoft.com` to your organization's allowlist or you won't be able to continue receiving important alerts from your Office 365, Azure, or your Sync services. ----### UPN suffix changes are now successful between Federated domains in Azure AD Connect --**Type:** Fixed -**Service category:** AD Sync -**Product capability:** Platform --You can now successfully change a user's UPN suffix from one Federated domain to another Federated domain in Azure AD Connect. This fix means you should no longer experience the FederatedDomainChangeError error message during the synchronization cycle or receive a notification email stating, "Unable to update this object in Azure Active Directory, because the attribute [FederatedUser.UserPrincipalName], is not valid. Update the value in your local directory services". -----### Increased security using the app protection-based Conditional Access policy in Azure AD (Public preview) --**Type:** New feature -**Service category:** Conditional Access -**Product capability:** Identity Security & Protection --App protection-based Conditional Access is now available by using the **Require app protection** policy. This new policy helps to increase your organization's security by helping to prevent: --- Users gaining access to apps without a Microsoft Intune license.--- Users being unable to get a Microsoft Intune app protection policy.--- Users gaining access to apps without a configured Microsoft Intune app protection policy.--For more information, see [How to Require app protection policy for cloud app access with Conditional Access](../conditional-access/app-protection-based-conditional-access.md). ----### New support for Azure AD single sign-on and Conditional Access in Microsoft Edge (Public preview) --**Type:** New feature -**Service category:** Conditional Access -**Product capability:** Identity Security & Protection --We've enhanced our Azure AD support for Microsoft Edge, including providing new support for Azure AD single sign-on and Conditional Access. If you've previously used Microsoft Intune Managed Browser, you can now use Microsoft Edge instead. --For more information about setting up and managing your devices and apps using Conditional Access, see [Require managed devices for cloud app access with Conditional Access](../conditional-access/require-managed-devices.md) and [Require approved client apps for cloud app access with Conditional Access](../conditional-access/app-based-conditional-access.md). For more information about how to manage access using Microsoft Edge with Microsoft Intune policies, see [Manage Internet access using a Microsoft Intune policy-protected browser](/intune/app-configuration-managed-browser). ----## March 2019 --### Identity Experience Framework and custom policy support in Azure Active Directory B2C is now available (GA) --**Type:** New feature -**Service category:** B2C - Consumer Identity Management -**Product capability:** B2B/B2C --You can now create custom policies in Azure AD B2C, including the following tasks, which are supported at-scale and under our Azure SLA: --- Create and upload custom authentication user journeys by using custom policies.--- Describe user journeys step-by-step as exchanges between claims providers.--- Define conditional branching in user journeys.--- Transform and map claims for use in real-time decisions and communications.--- Use REST API-enabled services in your custom authentication user journeys. For example, with email providers, CRMs, and proprietary authorization systems.--- Federate with identity providers who are compliant with the OpenIDConnect protocol. For example, with multi-tenant Azure AD, social account providers, or two-factor verification providers.--For more information about creating custom policies, see [Developer notes for custom policies in Azure Active Directory B2C](../../active-directory-b2c/custom-policy-developer-notes.md) and read [Alex Simon's blog post, including case studies](https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Azure-AD-B2C-custom-policies-to-build-your-own-identity-journeys/ba-p/382791). ----### New Federated Apps available in Azure AD app gallery - March 2019 --**Type:** New feature -**Service category:** Enterprise Apps -**Product capability:** 3rd Party Integration --In March 2019, we've added these 14 new apps with Federation support to the app gallery: --[ISEC7 Mobile Exchange Delegate](https://www.isec7.com/english/), [MediusFlow](https://office365.cloudapp.mediusflow.com/), [ePlatform](../saas-apps/eplatform-tutorial.md), [Fulcrum](../saas-apps/fulcrum-tutorial.md), [ExcelityGlobal](../saas-apps/excelityglobal-tutorial.md), [Explanation-Based Auditing System](../saas-apps/explanation-based-auditing-system-tutorial.md), [Lean](../saas-apps/lean-tutorial.md), [Powerschool Performance Matters](../saas-apps/powerschool-performance-matters-tutorial.md), [Cinode](https://cinode.com/), [Iris Intranet](../saas-apps/iris-intranet-tutorial.md), [Empactis](../saas-apps/empactis-tutorial.md), [SmartDraw](../saas-apps/smartdraw-tutorial.md), [Confirmit Horizons](../saas-apps/confirmit-horizons-tutorial.md), [TAS](../saas-apps/tas-tutorial.md) --For more information about the apps, see [SaaS application integration with Azure Active Directory](../saas-apps/tutorial-list.md). For more information about listing your application in the Azure AD app gallery, see [List your application in the Azure Active Directory application gallery](../manage-apps/v2-howto-app-gallery-listing.md). ----### New Zscaler and Atlassian provisioning connectors in the Azure AD gallery - March 2019 --**Type:** New feature -**Service category:** App Provisioning -**Product capability:** 3rd Party Integration --Automate creating, updating, and deleting user accounts for the following apps: --[Zscaler](../saas-apps/zscaler-provisioning-tutorial.md), [Zscaler Beta](../saas-apps/zscaler-beta-provisioning-tutorial.md), [Zscaler One](../saas-apps/zscaler-one-provisioning-tutorial.md), [Zscaler Two](../saas-apps/zscaler-two-provisioning-tutorial.md), [Zscaler Three](../saas-apps/zscaler-three-provisioning-tutorial.md), [Zscaler ZSCloud](../saas-apps/zscaler-zscloud-provisioning-tutorial.md), [Atlassian Cloud](../saas-apps/atlassian-cloud-provisioning-tutorial.md) --For more information about how to better secure your organization through automated user account provisioning, see [Automate user provisioning to SaaS applications with Azure AD](../app-provisioning/user-provisioning.md). ----### Restore and manage your deleted Office 365 groups in the Azure portal --**Type:** New feature -**Service category:** Group Management -**Product capability:** Collaboration --You can now view and manage your deleted Office 365 groups from the Azure portal. This change helps you to see which groups are available to restore, along with letting you permanently delete any groups that aren't needed by your organization. --For more information, see [Restore expired or deleted groups](../enterprise-users/groups-restore-deleted.md#view-and-manage-the-deleted-microsoft-365-groups-that-are-available-to-restore). ----### Single sign-on is now available for Azure AD SAML-secured on-premises apps through Application Proxy (public preview) --**Type:** New feature -**Service category:** App Proxy -**Product capability:** Access Control --You can now provide a single sign-on (SSO) experience for on-premises, SAML-authenticated apps, along with remote access to these apps through Application Proxy. For more information about how to set up SAML SSO with your on-premises apps, see [SAML single sign-on for on-premises applications with Application Proxy (Preview)](../app-proxy/application-proxy-configure-single-sign-on-on-premises-apps.md). ----### Client apps in request loops will be interrupted to improve reliability and user experience --**Type:** New feature -**Service category:** Authentications (Logins) -**Product capability:** User Authentication --Client apps can incorrectly issue hundreds of the same login requests over a short period of time. These requests, whether they're successful or not, all contribute to a poor user experience and heightened workloads for the IDP, increasing latency for all users and reducing the availability of the IDP. --This update sends an `invalid_grant` error: `AADSTS50196: The server terminated an operation because it encountered a loop while processing a request` to client apps that issue duplicate requests multiple times over a short period of time, beyond the scope of normal operation. Client apps that encounter this issue should show an interactive prompt, requiring the user to sign in again. For more information about this change and about how to fix your app if it encounters this error, see [What's new for authentication?](../develop/reference-breaking-changes.md#looping-clients-will-be-interrupted). ----### New Audit Logs user experience now available --**Type:** Changed feature -**Service category:** Reporting -**Product capability:** Monitoring & Reporting --We've created a new Azure AD **Audit logs** page to help improve both readability and how you search for your information. To see the new **Audit logs** page, select **Audit logs** in the **Activity** section of Azure AD. -- --For more information about the new **Audit logs** page, see [Audit activity reports in the Azure portal](../reports-monitoring/concept-audit-logs.md). ----### New warnings and guidance to help prevent accidental administrator lockout from misconfigured Conditional Access policies --**Type:** Changed feature -**Service category:** Conditional Access -**Product capability:** Identity Security & Protection --To help prevent administrators from accidentally locking themselves out of their own tenants through misconfigured Conditional Access policies, we've created new warnings and updated guidance in the Azure portal. For more information about the new guidance, see [What are service dependencies in Azure Active Directory Conditional Access](../conditional-access/service-dependencies.md). ----### Improved end-user terms of use experiences on mobile devices --**Type:** Changed feature -**Service category:** Terms of use -**Product capability:** Governance --We've updated our existing terms of use experiences to help improve how you review and consent to terms of use on a mobile device. You can now zoom in and out, go back, download the information, and select hyperlinks. For more information about the updated terms of use, see [Azure Active Directory terms of use feature](../conditional-access/terms-of-use.md#what-terms-of-use-looks-like-for-users). ----### New Azure AD Activity logs download experience available --**Type:** Changed feature -**Service category:** Reporting -**Product capability:** Monitoring & Reporting --You can now download large amounts of activity logs directly from the Azure portal. This update lets you: --- Download up to 250,000 rows.--- Get notified after the download completes.--- Customize your file name.--- Determine your output format, either JSON or CSV.--For more information about this feature, see [Quickstart: Download an audit report using the Azure portal](../reports-monitoring/howto-download-logs.md) ----### Breaking change: Updates to condition evaluation by Exchange ActiveSync (EAS) --**Type:** Plan for change -**Service category:** Conditional Access -**Product capability:** Access Control --We're in the process of updating how Exchange ActiveSync (EAS) evaluates the following conditions: --- User location, based on country/region or IP address--- Sign-in risk--- Device platform--If you've previously used these conditions in your Conditional Access policies, be aware that the condition behavior might change. For example, if you previously used the user location condition in a policy, you might find the policy now being skipped based on the location of your user. - |
| active-directory | How To Connect Syncservice Features | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/hybrid/connect/how-to-connect-syncservice-features.md | Connect-MgGraph -Scopes OnPremDirectorySynchronization.Read.All, OnPremDirectory Get-MgDirectoryOnPremisSynchronization | Select-Object -ExpandProperty Features | Format-List ``` -The output looks similar to `Get-MsolDireSyncFeatures`: +The output looks similar to `Get-MsolDirSyncFeatures`: ```powershell BlockCloudObjectTakeoverThroughHardMatchEnabled : False BlockSoftMatchEnabled : False |
| active-directory | Concept Identity Protection Risks | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/identity-protection/concept-identity-protection-risks.md | Real-time detections may not show up in reporting for 5 to 10 minutes. Offline d | [Atypical travel](#atypical-travel) | Offline | Premium | | [Anomalous Token](#anomalous-token) | Offline | Premium | | [Token Issuer Anomaly](#token-issuer-anomaly) | Offline | Premium |-| [Malware linked IP address](#malware-linked-ip-address-deprecated) | Offline | Premium **[This detection has been deprecated](../fundamentals/whats-new-archive.md#planned-deprecationmalware-linked-ip-address-detection-in-identity-protection)**. | +| [Malware linked IP address](#malware-linked-ip-address-deprecated) | Offline | Premium **This detection has been deprecated.** | | [Suspicious browser](#suspicious-browser) | Offline | Premium | | [Unfamiliar sign-in properties](#unfamiliar-sign-in-properties) | Real-time | Premium | | [Malicious IP address](#malicious-ip-address) | Offline | Premium | The algorithm ignores obvious "false positives" contributing to the impossible t #### Malware linked IP address (deprecated) -**Calculated offline**. This risk detection type indicates sign-ins from IP addresses infected with malware that is known to actively communicate with a bot server. This detection matches the IP addresses of the user's device against IP addresses that were in contact with a bot server while the bot server was active. **[This detection has been deprecated](../fundamentals/whats-new-archive.md#planned-deprecationmalware-linked-ip-address-detection-in-identity-protection)**. Identity Protection no longer generates new "Malware linked IP address" detections. Customers who currently have "Malware linked IP address" detections in their tenant will still be able to view, remediate, or dismiss them until the 90-day detection retention time is reached. +**Calculated offline**. This risk detection type indicates sign-ins from IP addresses infected with malware that is known to actively communicate with a bot server. This detection matches the IP addresses of the user's device against IP addresses that were in contact with a bot server while the bot server was active. **This detection has been deprecated**. Identity Protection no longer generates new "Malware linked IP address" detections. Customers who currently have "Malware linked IP address" detections in their tenant will still be able to view, remediate, or dismiss them until the 90-day detection retention time is reached. #### Suspicious browser |
| active-directory | Delete Application Portal | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/manage-apps/delete-application-portal.md | Last updated 06/21/2023 zone_pivot_groups: enterprise-apps-all--+ #Customer intent: As an administrator of an Azure AD tenant, I want to delete an enterprise application. |
| active-directory | Restore Application | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/manage-apps/restore-application.md | |
| active-directory | Powershell Export All App Registrations Secrets And Certs | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/manage-apps/scripts/powershell-export-all-app-registrations-secrets-and-certs.md | |
| active-directory | Powershell Export All Enterprise Apps Secrets And Certs | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/manage-apps/scripts/powershell-export-all-enterprise-apps-secrets-and-certs.md | |
| active-directory | Powershell Export Apps With Expiring Secrets | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/manage-apps/scripts/powershell-export-apps-with-expiring-secrets.md | You can modify the "$Path" variable directly in PowerShell, with a CSV file path For more information on the Microsoft Graph PowerShell module, see [Microsoft Graph PowerShell module overview](/powershell/microsoftgraph/installation). -For other PowerShell examples for Application Management, see [Azure Microsoft Graph PowerShell examples for Application Management](../app-management-powershell-samples.md). +For other PowerShell examples for Application Management, see [Azure Microsoft Graph PowerShell examples for Application Management](../app-management-powershell-samples.md). |
| active-directory | Powershell Export Apps With Secrets Beyond Required | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/manage-apps/scripts/powershell-export-apps-with-secrets-beyond-required.md | |
| active-directory | Groups Role Settings | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/privileged-identity-management/groups-role-settings.md | On the **Notifications** tab on the **Role settings** page, Privileged Identity - **Send emails to both default recipients and more recipients**: You can send emails to both the default recipient and another recipient. Select the default recipient checkbox and add email addresses for other recipients. - **Critical emails only**: For each type of email, you can select the checkbox to receive critical emails only. Privileged Identity Management continues to send emails to the specified recipients only when the email requires immediate action. For example, emails that ask users to extend their role assignment aren't triggered. Emails that require admins to approve an extension request are triggered. +>[!NOTE] +>One event in Privileged Identity Management can generate email notifications to multiple recipients ΓÇô assignees, approvers, or administrators. The maximum number of notifications sent per one event is 1000. If the number of recipients exceeds 1000 ΓÇô only the first 1000 recipients will receive an email notification. This does not prevent other assignees, administrators, or approvers from using their permissions in Microsoft Entra and Privileged Identity Management. + ## Manage role settings by using Microsoft Graph To manage role settings for groups by using PIM APIs in Microsoft Graph, use the [unifiedRoleManagementPolicy resource type and its related methods](/graph/api/resources/unifiedrolemanagementpolicy). |
| active-directory | Pim Email Notifications | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/privileged-identity-management/pim-email-notifications.md | +>[!NOTE] +>One event in Privileged Identity Management can generate email notifications to multiple recipients ΓÇô assignees, approvers, or administrators. The maximum number of notifications sent per one event is 1000. If the number of recipients exceeds 1000 ΓÇô only the first 1000 recipients will receive an email notification. This does not prevent other assignees, administrators, or approvers from using their permissions in Microsoft Entra and Privileged Identity Management. + ## Sender email address and subject line Emails sent from Privileged Identity Management for both Azure AD and Azure resource roles have the following sender email address: |
| active-directory | Pim How To Change Default Settings | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/privileged-identity-management/pim-how-to-change-default-settings.md | On the **Notifications** tab on the **Role settings** page, Privileged Identity - **Send emails to both default recipients and more recipients**: You can send emails to both the default recipient and another recipient. Select the default recipient checkbox and add email addresses for other recipients. - **Critical emails only**: For each type of email, you can select the checkbox to receive critical emails only. With this option, Privileged Identity Management continues to send emails to the specified recipients only when the email requires immediate action. For example, emails that ask users to extend their role assignment aren't triggered. Emails that require admins to approve an extension request are triggered. +>[!NOTE] +>One event in Privileged Identity Management can generate email notifications to multiple recipients ΓÇô assignees, approvers, or administrators. The maximum number of notifications sent per one event is 1000. If the number of recipients exceeds 1000 ΓÇô only the first 1000 recipients will receive an email notification. This does not prevent other assignees, administrators, or approvers from using their permissions in Microsoft Entra and Privileged Identity Management. ## Manage role settings by using Microsoft Graph To manage settings for Azure AD roles by using PIM APIs in Microsoft Graph, use the [unifiedRoleManagementPolicy resource type and related methods](/graph/api/resources/unifiedrolemanagementpolicy). |
| active-directory | Pim How To Configure Security Alerts | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/privileged-identity-management/pim-how-to-configure-security-alerts.md | +>[!NOTE] +>One event in Privileged Identity Management can generate email notifications to multiple recipients ΓÇô assignees, approvers, or administrators. The maximum number of notifications sent per one event is 1000. If the number of recipients exceeds 1000 ΓÇô only the first 1000 recipients will receive an email notification. This does not prevent other assignees, administrators, or approvers from using their permissions in Microsoft Entra and Privileged Identity Management. +  ## License requirements |
| active-directory | Pim Resource Roles Configure Alerts | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/privileged-identity-management/pim-resource-roles-configure-alerts.md | +>[!NOTE] +>One event in Privileged Identity Management can generate email notifications to multiple recipients ΓÇô assignees, approvers, or administrators. The maximum number of notifications sent per one event is 1000. If the number of recipients exceeds 1000 ΓÇô only the first 1000 recipients will receive an email notification. This does not prevent other assignees, administrators, or approvers from using their permissions in Microsoft Entra and Privileged Identity Management. +  ## Review alerts |
| active-directory | Pim Resource Roles Configure Role Settings | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/privileged-identity-management/pim-resource-roles-configure-role-settings.md | On the **Notifications** tab on the **Role settings** page, Privileged Identity - **Send emails to both default recipients and more recipients**: You can send emails to both the default recipient and another recipient. Select the default recipient checkbox and add email addresses for other recipients. - **Critical emails only**: For each type of email, you can select the checkbox to receive critical emails only. Privileged Identity Management continues to send emails to the specified recipients only when the email requires immediate action. For example, emails that ask users to extend their role assignment aren't triggered. Emails that require admins to approve an extension request are triggered. +>[!NOTE] +>One event in Privileged Identity Management can generate email notifications to multiple recipients ΓÇô assignees, approvers, or administrators. The maximum number of notifications sent per one event is 1000. If the number of recipients exceeds 1000 ΓÇô only the first 1000 recipients will receive an email notification. This does not prevent other assignees, administrators, or approvers from using their permissions in Microsoft Entra and Privileged Identity Management. + ## Next steps - [Assign Azure resource roles in Privileged Identity Management](pim-resource-roles-assign-roles.md) |
| active-directory | Get Started Request Api | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/verifiable-credentials/get-started-request-api.md | In the preceding code, provide the following parameters: | Parameter | Condition | Description | | | | |-| Authority | Required | The directory tenant the application plans to operate against. For example: `https://login.microsoftonline.com/{your-tenant}`. (Replace `your-tenant` with your [tenant ID or name](../fundamentals/active-directory-how-to-find-tenant.md).) | +| Authority | Required | The directory tenant the application plans to operate against. For example: `https://login.microsoftonline.com/{your-tenant}`. (Replace `your-tenant` with your [tenant ID or name](/azure/active-directory-b2c/tenant-management-read-tenant-name).) | | Client ID | Required | The application ID that's assigned to your app. You can find this information in the Azure portal, where you registered your app. | | Client secret | Required | The client secret that you generated for your app.| | Scopes | Required | Must be set to `3db474b9-6a0c-4840-96ac-1fceb342124f/.default`. This will produce an access token with a **roles** claim of `VerifiableCredential.Create.All`. | |
| ai-services | Luis Traffic Manager | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/LUIS/luis-traffic-manager.md | This article explains how to manage the traffic across keys with Azure [Traffic [!INCLUDE [updated-for-az](../../../includes/updated-for-az.md)] ## Connect to PowerShell in the Azure portal-In the [Azure][azure-portal] portal, open the PowerShell window. The icon for the PowerShell window is the **>_** in the top navigation bar. By using PowerShell from the portal, you get the latest PowerShell version and you are authenticated. PowerShell in the portal requires an [Azure Storage](https://azure.microsoft.com/services/storage/) account. +In the [Azure portal](https://portal.azure.com), open the PowerShell window. The icon for the PowerShell window is the **>_** in the top navigation bar. By using PowerShell from the portal, you get the latest PowerShell version and you are authenticated. PowerShell in the portal requires an [Azure Storage](https://azure.microsoft.com/services/storage/) account.  Review [middleware](/azure/bot-service/bot-builder-create-middleware?tabs=csaddm [traffic-manager-marketing]: https://azure.microsoft.com/services/traffic-manager/ [traffic-manager-docs]: ../../traffic-manager/index.yml [LUIS]: ./luis-reference-regions.md#luis-website-[azure-portal]: https://portal.azure.com/ [azure-storage]: https://azure.microsoft.com/services/storage/ [routing-methods]: ../../traffic-manager/traffic-manager-routing-methods.md [traffic-manager-endpoints]: ../../traffic-manager/traffic-manager-endpoint-types.md |
| ai-services | Data Formats | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/sentiment-opinion-mining/custom/concepts/data-formats.md | + + Title: Custom sentiment analysis data formats ++description: Learn about the data formats accepted by custom sentiment analysis. ++++++ Last updated : 07/19/2023+++++# Accepted custom sentiment analysis data formats ++If you are trying to [import your data](../how-to/create-project.md#import-a-custom-sentiment-analysis-project) into custom sentiment analysis, it has to follow a specific format. If you don't have data to import, you can [create your project](../how-to/create-project.md) and use Language Studio to [label your documents](../how-to/label-data.md). ++## Labels file format ++Your Labels file should be in the `json` format below to be used in [importing](../how-to/create-project.md#import-a-custom-sentiment-analysis-project) your labels into a project. ++```json +{ + "projectFileVersion": "2023-04-15-preview", + "stringIndexType": "Utf16CodeUnit", + "metadata": { + "projectKind": "CustomTextSentiment", + "storageInputContainerName": "custom-sentiment-2", + "projectName": "sa-test", + "multilingual": false, + "description": "", + "language": "en-us" + }, + "assets": { + "projectKind": "CustomTextSentiment", + "documents": [ + { + "location": "document_1.txt", + "language": "en-us", + "sentimentSpans": [ + { + "category": "positive", + "offset": 0, + "length": 60 + }, + { + "category": "neutral", + "offset": 61, + "length": 31 + } + ], + "dataset": "Train" + }, + { + "location": "document_2.txt", + "language": "en-us", + "sentimentSpans": [ + { + "category": "positive", + "offset": 0, + "length": 50 + }, + { + "category": "positive", + "offset": 51, + "length": 49 + }, + { + "category": "positive", + "offset": 101, + "length": 26 + } + ], + "dataset": "Train" + } + ] + } +} ++``` ++|Key |Placeholder |Value | Example | +|||-|--| +| `multilingual` | `true`| A boolean value that enables you to have documents in multiple languages in your dataset and when your model is deployed you can query the model in any supported language (not necessarily included in your training documents). See [language support](../../language-support.md#multi-lingual-option-custom-sentiment-analysis-only) to learn more about multilingual support. | `true`| +|`projectName`|`{PROJECT-NAME}`|Project name|`myproject`| +| storageInputContainerName|`{CONTAINER-NAME}`|Container name|`mycontainer`| +| `sentimentSpans` | | Array containing all the sentiments and their locations in the document. | | +| `documents` | | Array containing all the documents in your project and list of the entities labeled within each document. | [] | +| `location` | `{DOCUMENT-NAME}` | The location of the documents in the storage container. Since all the documents are in the root of the container this should be the document name.|`doc1.txt`| +| `dataset` | `{DATASET}` | The test set to which this file will go to when split before training. Learn more about data splitting [here](../how-to/train-model.md#data-splitting) . Possible values for this field are `Train` and `Test`. |`Train`| +| `offset` | | The inclusive character position of the start of a sentiment in the text. |`0`| +| `length` | | The length of the bounding box in terms of UTF16 characters. Training only considers the data in this region. |`500`| +| `category` | | The sentiment associated with the span of text specified. | `positive`| +| `offset` | | The start position for the entity text. | `25`| +| `length` | | The length of the entity in terms of UTF16 characters. | `20`| +| `language` | `{LANGUAGE-CODE}` | A string specifying the language code for the document used in your project. If your project is a multilingual project, choose the language code of the majority of the documents. See [Language support](../../language-support.md) for more information about supported language codes. |`en-us`| ++++## Next steps +* You can import your labeled data into your project directly. Learn how to [import project](../how-to/create-project.md#import-a-custom-sentiment-analysis-project) +* See the [how-to article](../how-to/label-data.md) more information about labeling your data. When you're done labeling your data, you can [train your model](../how-to/train-model.md). |
| ai-services | Call Api | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/sentiment-opinion-mining/custom/how-to/call-api.md | + + Title: Send a Custom sentiment analysis request to your custom model +description: Learn how to send requests for Custom sentiment analysis. +++++++ Last updated : 07/19/2023++ms.devlang: csharp, python ++++# Send a Custom sentiment analysis request to your custom model ++After the deployment is added successfully, you can query the deployment to extract entities from your text based on the model you assigned to the deployment. +You can query the deployment programmatically using the [Prediction API](https://aka.ms/ct-runtime-api) or through the client libraries (Azure SDK). ++## Test a deployed Custom sentiment analysis model ++You can use Language Studio to submit the custom entity recognition task and visualize the results. +++<!--:::image type="content" source="../media/test-model-results.png" alt-text="View the test results" lightbox="../media/test-model-results.png":::> +++## Send a sentiment analysis request to your model ++# [Language Studio](#tab/language-studio) +++# [REST API](#tab/rest-api) ++First you need to get your resource key and endpoint: ++++++### Submit a Custom sentiment analysis task +++### Get task results +++## Next steps ++* [Sentiment Analysis overview](../../overview.md) |
| ai-services | Create Project | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/sentiment-opinion-mining/custom/how-to/create-project.md | + + Title: How to create Custom sentiment analysis projects ++description: Learn about the steps for using Azure resources with Custom sentiment analysis. ++++++ Last updated : 07/19/2023+++++# How to create Custom sentiment analysis project ++Use this article to learn how to set up the requirements for starting with Custom sentiment analysis and create a project. ++## Prerequisites ++Before you start using Custom sentiment analysis, you'll need: ++* An Azure subscription - [Create one for free](https://azure.microsoft.com/free/cognitive-services). ++## Create a Language resource ++Before you start using Custom sentiment analysis, you'll need an Azure Language resource. It's recommended to create your Language resource and connect a storage account to it in the Azure portal. Creating a resource in the Azure portal lets you create an Azure storage account at the same time, with all of the required permissions preconfigured. You can also read further in the article to learn how to use a pre-existing resource, and configure it to work with Custom sentiment analysis. ++You also need an Azure storage account where you'll upload your `.txt` documents that will be used to train a model to classify text. ++> [!NOTE] +> * You need to have an **owner** role assigned on the resource group to create a Language resource. +> * If you will connect a pre-existing storage account, you should have an **owner** role assigned to it. ++## Create Language resource and connect storage account +++> [!Note] +> You shouldn't move the storage account to a different resource group or subscription once it's linked with the Language resource. ++++++++> [!NOTE] +> * The process of connecting a storage account to your Language resource is irreversible, it cannot be disconnected later. +> * You can only connect your language resource to one storage account. ++## Using a pre-existing Language resource ++++## Create a Custom sentiment analysis project ++Once your resource and storage container are configured, create a new Custom sentiment analysis project. A project is a work area for building your custom AI models based on your data. Your project can only be accessed by you and others who have access to the Azure resource being used. If you have labeled data, you can [import it](#import-a-custom-sentiment-analysis-project) to get started. ++### [Language Studio](#tab/studio) ++++### [REST APIs](#tab/apis) +++++## Import a Custom sentiment analysis project ++<!--If you have already labeled data, you can use it to get started with the service. Make sure that your labeled data follows the [accepted data formats](../concepts/data-formats.md).--> ++### [Language Studio](#tab/studio) +++### [REST APIs](#tab/apis) +++++## Get project details ++### [Language Studio](#tab/studio) +++### [REST APIs](#tab/apis) +++++## Delete project ++### [Language Studio](#tab/studio) +++### [REST APIs](#tab/apis) +++++## Next steps ++* [Sentiment analysis overview](../../overview.md) +<!--* You should have an idea of the [project schema](design-schema.md) you will use to label your data. ++* After your project is created, you can start [labeling your data](tag-data.md), which will inform your text classification model how to interpret text, and is used for training and evaluation.--> |
| ai-services | Deploy Model | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/sentiment-opinion-mining/custom/how-to/deploy-model.md | + + Title: Deploy a Custom sentiment analysis model ++description: Learn about deploying a model for Custom sentiment analysis. ++++++ Last updated : 07/19/2023+++++# Deploy a Custom sentiment analysis model ++Once you're satisfied with how your model performs, it's ready to be deployed and used to recognize entities in text. Deploying a model makes it available for use through the [prediction API](https://aka.ms/ct-runtime-swagger). ++## Prerequisites ++* A successfully [created project](create-project.md) with a configured Azure storage account. +* Text data that has [been uploaded](design-schema.md#data-preparation) to your storage account. +<!--* [Labeled data](label-data.md) and a successfully [trained model](train-model.md). +* Reviewed the [model evaluation details](view-model-evaluation.md) to determine how your model is performing. ++For more information, see [project development lifecycle](../overview.md#project-development-lifecycle).--> ++## Deploy model ++After you've reviewed your model's performance and decided it can be used in your environment, you need to assign it to a deployment. Assigning the model to a deployment makes it available for use through the [prediction API](https://aka.ms/ct-runtime-swagger). It is recommended to create a deployment named *production* to which you assign the best model you have built so far and use it in your system. You can create another deployment called *staging* to which you can assign the model you're currently working on to be able to test it. You can have a maximum of 10 deployments in your project. ++<!--# [Language Studio](#tab/language-studio) ++ +# [REST APIs](#tab/rest-api) +--> +### Submit deployment job +++### Get deployment job status +++## Swap deployments ++After you are done testing a model assigned to one deployment and you want to assign this model to another deployment you can swap these two deployments. Swapping deployments involves taking the model assigned to the first deployment, and assigning it to the second deployment. Then taking the model assigned to second deployment, and assigning it to the first deployment. You can use this process to swap your *production* and *staging* deployments when you want to take the model assigned to *staging* and assign it to *production*. ++# [Language Studio](#tab/language-studio) +++# [REST APIs](#tab/rest-api) ++++++## Delete deployment ++# [Language Studio](#tab/language-studio) +++# [REST APIs](#tab/rest-api) +++++## Assign deployment resources ++You can [deploy your project to multiple regions](../../../concepts/custom-features/multi-region-deployment.md) by assigning different Language resources that exist in different regions. ++# [Language Studio](#tab/language-studio) +++# [REST APIs](#tab/rest-api) +++++## Unassign deployment resources ++When unassigning or removing a deployment resource from a project, you will also delete all the deployments that have been deployed to that resource's region. ++# [Language Studio](#tab/language-studio) +++# [REST APIs](#tab/rest-api) +++++## Next steps ++* [Sentiment analysis overview](../../overview.md) +<!--After you have a deployment, you can use it to [extract entities](call-api.md) from text.--> |
| ai-services | Design Schema | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/sentiment-opinion-mining/custom/how-to/design-schema.md | + + Title: How to prepare data and define a custom sentiment analysis schema ++description: Learn about data selection and preparation for custom sentient analysis projects. ++++++ Last updated : 07/19/2023+++++# How to prepare data for custom sentiment analysis ++In order to create a Custom sentiment analysis model, you will need quality data to train it. This article covers how you should select and prepare your data, along with defining a schema. Defining the schema is the first step in the project development lifecycle, and it defines the classes that you need your model to classify your text into at runtime. ++## Data selection ++The quality of data you train your model with affects model performance greatly. ++* Use real-life data that reflects your domain's problem space to effectively train your model. You can use synthetic data to accelerate the initial model training process, but it will likely differ from your real-life data and make your model less effective when used. ++* Balance your data distribution as much as possible without deviating far from the distribution in real-life. ++* Use diverse data whenever possible to avoid overfitting your model. Less diversity in training data may lead to your model learning spurious correlations that may not exist in real-life data. + +* Avoid duplicate documents in your data. Duplicate data has a negative effect on the training process, model metrics, and model performance. ++* Consider where your data comes from. If you are collecting data from one person, department, or part of your scenario, you are likely missing diversity that may be important for your model to learn about. ++> [!NOTE] +> If your documents are in multiple languages, select the **multiple languages** option during project creation and set the **language** option to the language of the majority of your documents. ++## Data preparation ++As a prerequisite for creating a Custom sentiment analysis project, your training data needs to be uploaded to a blob container in your storage account. You can create and upload training documents from Azure directly, or through using the Azure Storage Explorer tool. Using the Azure Storage Explorer tool allows you to upload more data quickly. ++* [Create and upload documents from Azure](../../../../../storage/blobs/storage-quickstart-blobs-portal.md#create-a-container) +* [Create and upload documents using Azure Storage Explorer](../../../../../vs-azure-tools-storage-explorer-blobs.md) ++You can only use `.txt`. documents for custom text. If your data is in other format, you can use [CLUtils parse command](https://github.com/microsoft/CognitiveServicesLanguageUtilities/blob/main/CustomTextAnalytics.CLUtils/Solution/CogSLanguageUtilities.ViewLayer.CliCommands/Commands/ParseCommand/README.md) to change your file format. ++## Test set ++When defining the testing set, make sure to include example documents that are not present in the training set. Defining the testing set is an important step to calculate the model performance<!--[model performance](view-model-evaluation.md#model-details)-->. Also, make sure that the testing set include documents that represent all classes used in your project. ++## Next steps ++If you haven't already, create a Custom sentiment analysis project. If it's your first time using Custom sentiment analysis, consider following the [quickstart](../quickstart.md) to create an example project. You can also see the [project requirements](../how-to/create-project.md) for more details on what you need to create a project. |
| ai-services | Label Data | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/sentiment-opinion-mining/custom/how-to/label-data.md | + + Title: How to label your data for Custom sentiment analysis - Azure AI services ++description: Learn about how to label your data for use with the custom Sentiment analysis. ++++++ Last updated : 07/19/2023+++++# Label text data for training your model for Custom sentiment analysis ++Before training your model you need to label your documents with the sentiments you want to categorize them into. This data will be used in the next step when training your model so that your model can learn from the labeled data. If you already have labeled data, you can directly [import](create-project.md) it into your project. Be sure that your data follows the [accepted data format](../concepts/data-formats.md). ++Before creating a Custom sentiment analysis model, you need to have labeled data first. If your data isn't labeled already, you can label it in the [Language Studio](https://aka.ms/languageStudio). Labeled data informs the model how to interpret text, and is used for training and evaluation. ++## Prerequisites ++Before you can label data, you need: ++* [A successfully created project](create-project.md) with a configured Azure blob storage account. +* Documents containing text data that have [been uploaded](design-schema.md#data-preparation) to your storage account. ++See the [project development lifecycle](../../overview.md#project-development-lifecycle) for more information. ++## Data labeling guidelines ++After [preparing your data](design-schema.md) and [creating your project](create-project.md), you will need to label your data. Labeling your data is important so your model knows which documents will be associated with the sentiments you need. When you label your data in [Language Studio](https://aka.ms/languageStudio) (or import labeled data), these labels will be stored in the JSON file in your storage container that you've connected to this project. ++As you label your data, keep in mind: ++* In general, more labeled data leads to better results, provided the data is labeled accurately. ++* There is no fixed number of labels that can guarantee your model will perform the best. Model performance on possible ambiguity in your [data](design-schema.md), and the quality of your labeled data. ++## Label your data ++Use the following steps to label your data: ++1. Go to your project page in [Language Studio](https://aka.ms/languageStudio). ++2. From the left side menu, select **Data labeling**. You can find a list of all documents in your storage container. ++ >[!TIP] + > You can use the filters in top menu to view the unlabeled files so that you can start labeling them. + > You can also use the filters to view the documents that are labeled with a specific sentiment. ++3. Change to a single file view from the left side in the top menu or select a specific file to start labeling. You can find a list of all `.txt` files available in your projects to the left. You can use the **Back** and **Next** button from the bottom of the page to navigate through your documents. ++ > [!NOTE] + > If you enabled multiple languages for your project, you will find a **Language** dropdown in the top menu, which lets you select the language of each document. +++4. In the right side pane, you can add sentiments to your project to start labeling your data with them. <!--You can also use the [auto labeling feature](use-autolabeling.md) to ensure complete labeling.--> ++6. In the right side pane under the **Labels** pivot you can find all the sentiments in your project and the count of labeled instances for each. ++7. In the bottom section of the right side pane you can add the current file you are viewing to the training set or the testing set. By default all the documents are added to your training set. Learn more about [training and testing sets](train-model.md#data-splitting) and how they are used for model training and evaluation. ++ > [!TIP] + > If you are planning on using **Automatic** data splitting use the default option of assigning all the documents into your training set. ++8. Under the **Distribution** pivot you can view the distribution across training and testing sets. You have two options for viewing: + * *Total instances* where you can view count of all labeled instances of a specific sentiment. + * *Documents with at least one label* where each document is counted if it contains at least one labeled instance of this sentiment. ++9. While you're labeling, your changes will be synced periodically, if they have not been saved yet you will find a warning at the top of your page. If you want to save manually, click on **Save labels** button at the bottom of the page. ++## Next steps ++After you've labeled your data, you can begin [training a model](train-model.md) that will learn based on your data. |
| ai-services | Train Model | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/sentiment-opinion-mining/custom/how-to/train-model.md | + + Title: How to train your Custom sentiment analysis model - Azure AI services ++description: Learn about how to train your model for Custom sentiment analysis. ++++++ Last updated : 07/19/2023+++++# How to train a Custom sentiment analysis model ++<!--Training is the process where the model learns from your [labeled data](label-data.md). After training is completed, you'll be able to [view the model's performance](view-model-evaluation.md) to determine if you need to improve your model.--> ++To train a model, start a training job. Only successfully completed jobs create a usable model. Training jobs expire after seven days. After this period, you won't be able to retrieve the job details. If your training job completed successfully and a model was created, it won't be affected by the job expiration. You can only have one training job running at a time, and you can't start other jobs in the same project. ++The training times can be anywhere from a few minutes when dealing with few documents, up to several hours depending on the dataset size and the complexity of your schema. ++++## Prerequisites ++Before you train your model, you need: ++* [A successfully created project](create-project.md) with a configured Azure blob storage account. +<!--* Text data that has [been uploaded](design-schema.md#data-preparation) to your storage account. +* [Labeled data](label-data.md). ++See the [project development lifecycle](../../overview.md#project-development-lifecycle) for more information.--> ++## Data splitting ++Before you start the training process, labeled documents in your project are divided into a training set and a testing set. Each one of them serves a different function. +The **training set** is used in training the model, this is the set from which the model learns the class/classes assigned to each document. +The **testing set** is a blind set that is not introduced to the model during training but only during evaluation. +After the model is trained successfully, it is used to make predictions from the documents in the testing set. Based on these predictions, the model's evaluation metrics will be calculated. +It is recommended to make sure that all your classes are adequately represented in both the training and testing set. ++Custom sentiment analysis supports two methods for data splitting: ++* **Automatically splitting the testing set from training data**: The system will split your labeled data between the training and testing sets, according to the percentages you choose. The system attempts to have a representation of all classes in your training set. The recommended percentage split is 80% for training and 20% for testing. ++ > [!NOTE] + > If you choose the **Automatically splitting the testing set from training data** option, only the data assigned to training set will be split according to the percentages provided. ++* **Use a manual split of training and testing data**: This method enables users to define which labeled documents should belong to which set. <!--This step is only enabled if you have added documents to your testing set during [data labeling](tag-data.md).--> ++## Train model ++# [Language studio](#tab/Language-studio) +++# [REST APIs](#tab/REST-APIs) ++### Start training job +++### Get training job status ++Training could take sometime depending on the size of your training data and complexity of your schema. You can use the following request to keep polling the status of the training job until it is successfully completed. ++ [!INCLUDE [get training model status](../../includes/custom/rest-api/get-training-status.md)] ++++### Cancel training job ++# [Language Studio](#tab/language-studio) +++# [REST APIs](#tab/rest-api) +++++## Next steps ++After training is completed, you will be able to view the model's performance to optionally improve your model if needed. Once you're satisfied with your model, you can deploy it, making it available to use for use. |
| ai-services | Quickstart | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/sentiment-opinion-mining/custom/quickstart.md | + + Title: Quickstart - Custom sentiment analysis ++description: Quickly start building an AI model to identify the sentiment of text. ++++++ Last updated : 07/19/2023+++zone_pivot_groups: usage-custom-language-features +++# Quickstart: Custom sentiment analysis ++Use this article to get started with creating a Custom sentiment analysis project where you can train custom models for detecting the sentiment of text. A model is artificial intelligence software that's trained to do a certain task. For this system, the models classify text, and are trained by learning from tagged data. ++++++++## Next steps ++After you've created a Custom sentiment analysis model, you can: +* [Use the runtime API to classify text](how-to/call-api.md) ++When you start to create your own Custom sentiment analysis projects, use the how-to articles to learn more about developing your model in greater detail: ++* [Data selection](how-to/design-schema.md) +* [Tag data](how-to/label-data.md) +* [Train a model](how-to/train-model.md) +<!--* [View the model's evaluation](how-to/view-model-evaluation.md)--> |
| ai-services | Call Api | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/sentiment-opinion-mining/how-to/call-api.md | The labels are *positive*, *negative*, and *neutral*. At the document level, the | At least one `negative` sentence and at least one `positive` sentence are in the document. | `mixed` | | All sentences in the document are `neutral`. | `neutral` | -Confidence scores range from 1 to 0. Scores closer to 1 indicate a higher confidence in the label's classification, while lower scores indicate lower confidence. For each document or each sentence, the predicted scores associated with the labels (positive, negative, and neutral) add up to 1. For more information, see the [Responsible AI transparency note](/legal/cognitive-services/text-analytics/transparency-note?context=/azure/ai-services/text-analytics/context/context). +Confidence scores range from 1 to 0. Scores closer to 1 indicate a higher confidence in the label's classification, while lower scores indicate lower confidence. For each document or each sentence, the predicted scores associated with the labels (positive, negative, and neutral) add up to 1. For more information, see the [Responsible AI transparency note](/legal/cognitive-services/text-analytics/transparency-note?context=/azure/cognitive-services/text-analytics/context/context). ## Opinion Mining |
| ai-services | Use Containers | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/sentiment-opinion-mining/how-to/use-containers.md | In this article, you learned concepts and workflow for downloading, installing, * You must specify billing information when instantiating a container. > [!IMPORTANT]-> Azure AI containers are not licensed to run without being connected to Azure for metering. Customers need to enable the containers to communicate billing information with the metering service at all times. Azure AI containers do not send customer data (e.g. text that is being analyzed) to Microsoft. +> Azure AI services containers are not licensed to run without being connected to Azure for metering. Customers need to enable the containers to communicate billing information with the metering service at all times. Azure AI services containers do not send customer data (e.g. text that is being analyzed) to Microsoft. ## Next steps |
| ai-services | Language Support | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/sentiment-opinion-mining/language-support.md | Title: Sentiment Analysis and Opinion Mining language support -description: This article explains which languages are supported by the Sentiment Analysis and Opinion Mining features of Azure AI Language. +description: This article explains which languages are supported by the Sentiment Analysis and Opinion Mining features of the Language service. Previously updated : 10/31/2022 Last updated : 07/19/2023 Total supported language codes: 94 | Xhosa (new) | `xh` | 2022-11-01 | | | Yiddish (new) | `yi` | 2022-11-01 | | +## Multi-lingual option (Custom sentiment analysis only) ++With [Custom sentiment analysis](./overview.md?tabs=custom), you can train a model in one language and use to classify documents in another language. This feature is useful because it helps save time and effort. Instead of building separate projects for every language, you can handle multi-lingual dataset in one project. Your dataset doesn't have to be entirely in the same language but you should enable the multi-lingual option for your project while creating or later in project settings. If you notice your model performing poorly in certain languages during the evaluation process, consider adding more data in these languages to your training set. ++You can train your project entirely with English documents, and query it in: French, German, Mandarin, Japanese, Korean, and others. Custom sentiment analysis +makes it easy for you to scale your projects to multiple languages by using multilingual technology to train your models. ++Whenever you identify that a particular language is not performing as well as other languages, you can add more documents for that language in your project. <!--In the [data labeling](./custom/how-to/label-data.md) page in Language Studio, you can select the language of the document you're adding. When you introduce more documents for that language to the model, it is introduced to more of the syntax of that language, and learns to predict it better.--> ++You aren't expected to add the same number of documents for every language. You should build the majority of your project in one language, and only add a few documents in languages you observe aren't performing well. If you create a project that is primarily in English, and start testing it in French, German, and Spanish, you might observe that German doesn't perform as well as the other two languages. In that case, consider adding 5% of your original English documents in German, train a new model and test in German again. You should see better results for German queries. The more labeled documents you add, the more likely the results are going to get better. ++When you add data in another language, you shouldn't expect it to negatively affect other languages. ## Next steps |
| ai-services | Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/sentiment-opinion-mining/overview.md | Title: What is sentiment analysis and opinion mining in Azure AI Language? + Title: What is sentiment analysis and opinion mining in the Language service? description: An overview of the sentiment analysis feature in Azure AI services, which helps you find out what people think of a topic by mining text for clues. -# What is sentiment analysis and opinion mining in Azure AI Language? +# What is sentiment analysis and opinion mining? -Sentiment analysis and opinion mining are features offered by [Azure AI Language](../overview.md), a collection of machine learning and AI algorithms in the cloud for developing intelligent applications that involve written language. These features help you find out what people think of your brand or topic by mining text for clues about positive or negative sentiment, and can associate them with specific aspects of the text. +Sentiment analysis and opinion mining are features offered by [the Language service](../overview.md), a collection of machine learning and AI algorithms in the cloud for developing intelligent applications that involve written language. These features help you find out what people think of your brand or topic by mining text for clues about positive or negative sentiment, and can associate them with specific aspects of the text. Both sentiment analysis and opinion mining work with a variety of [written languages](./language-support.md). The sentiment analysis feature provides sentiment labels (such as "negative", "n Opinion mining is a feature of sentiment analysis. Also known as aspect-based sentiment analysis in Natural Language Processing (NLP), this feature provides more granular information about the opinions related to words (such as the attributes of products or services) in text. +#### [Prebuilt model](#tab/prebuilt) + [!INCLUDE [Typical workflow for pre-configured language features](../includes/overview-typical-workflow.md)] ## Get started with sentiment analysis [!INCLUDE [development options](./includes/development-options.md)] -## Responsible AI +#### [Custom model](#tab/custom) -An AI system includes not only the technology, but also the people who use it, the people who will be affected by it, and the environment in which it's deployed. Read the [transparency note for sentiment analysis](/legal/cognitive-services/language-service/transparency-note-sentiment-analysis?context=/azure/ai-services/language-service/context/context) to learn about responsible AI use and deployment in your systems. You can also see the following articles for more information: +Custom sentiment analysis enables users to build custom AI models to classify text into sentiments pre-defined by the user. By creating a Custom sentiment analysis project, developers can iteratively label data, train, evaluate, and improve model performance before making it available for consumption. The quality of the labeled data greatly impacts model performance. To simplify building and customizing your model, the service offers a custom web portal that can be accessed through the [Language studio](https://aka.ms/languageStudio). You can easily get started with the service by following the steps in this [quickstart](quickstart.md). ++## Project development lifecycle ++Creating a Custom sentiment analysis project typically involves several different steps. +++Follow these steps to get the most out of your model: ++1. **Define your schema**: Know your data and identify the sentiments you want, to avoid ambiguity. ++2. **Label your data**: The quality of data labeling is a key factor in determining model performance. Avoid ambiguity, make sure that your sentiments are clearly separable from each other. ++3. **Train the model**: Your model starts learning from your labeled data. ++4. **View the model's performance**: View the evaluation details for your model to determine how well it performs when introduced to new data. ++5. **Deploy the model**: Deploying a model makes it available for use via the [Analyze API](https://aka.ms/ct-runtime-swagger). ++6. **Classify text**: Use your custom model for sentiment analysis tasks. ++## Reference documentation ++As you use Custom sentiment analysis, see the following reference documentation and samples for the Language service: ++|Development option / language |Reference documentation |Samples | +|||| +|REST APIs (Authoring) | [REST API documentation](https://aka.ms/ct-authoring-swagger) | | +|REST APIs (Runtime) | [REST API documentation](https://aka.ms/ct-runtime-swagger) | | ++ +++## Responsible AI ++An AI system includes not only the technology, but also the people who use it, the people who will be affected by it, and the environment in which it's deployed. Read the [transparency note for sentiment analysis](/legal/cognitive-services/language-service/transparency-note-sentiment-analysis?context=/azure/cognitive-services/language-service/context/context) to learn about responsible AI use and deployment in your systems. You can also see the following articles for more information: ## Next steps -There are two ways to get started using the entity linking feature: -* [Language Studio](../language-studio.md), which is a web-based platform that enables you to try several Language service features without needing to write code. -* The [quickstart article](quickstart.md) for instructions on making requests to the service using the REST API and client library SDK. +* The quickstart articles with instructions on using the service for the first time. + * [Use the prebuilt model](./quickstart.md) + * [Create a custom model](./custom/quickstart.md) |
| ai-services | Quickstart | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/sentiment-opinion-mining/quickstart.md | |
| ai-services | Whats New | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/whats-new.md | +## July 2023 ++* [Custom sentiment analysis](./sentiment-opinion-mining/overview.md) is now available in preview. + ## May 2023 * [Custom Named Entity Recognition (NER) Docker containers](./custom-named-entity-recognition/how-to/use-containers.md) are now available for on-premises deployment. |
| ai-services | Quota | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/openai/how-to/quota.md | To minimize issues related to rate limits, it's a good idea to use the following - Avoid sharp changes in the workload. Increase the workload gradually. - Test different load increase patterns. +## Resource deletion ++When an attempt to delete an Azure OpenAI resource is made from the Azure portal if any deployments are still present deletion is blocked until the associated deployments are deleted. Deleting the deployments first allows quota allocations to be properly freed up so they can be used on new deployments. ++However, if you delete a resource using the REST API or some other programmatic method, this bypasses the need to delete deployments first. When this occurs, the associated quota allocation will remain unavailable to assign to a new deployment for 48 hours until the resource is purged. To trigger an immediate purge for a deleted resource to free up quota, follow the [purge a deleted resource instructions](/azure/ai-services/manage-resources?tabs=azure-portal#purge-a-deleted-resource). + ## Next steps - To review quota defaults for Azure OpenAI, consult the [quotas & limits article](../quotas-limits.md) |
| aks | Configure Azure Cni | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/aks/configure-azure-cni.md | Learn more about networking in AKS in the following articles: <!-- LINKS - External --> [services]: https://kubernetes.io/docs/concepts/services-networking/service/-[portal]: https://portal.azure.com [cni-networking]: https://github.com/Azure/azure-container-networking/blob/master/docs/cni.md [kubenet]: concepts-network.md#kubenet-basic-networking [github]: https://raw.githubusercontent.com/microsoft/Docker-Provider/ci_prod/kubernetes/container-azm-ms-agentconfig.yaml |
| aks | Egress Outboundtype | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/aks/egress-outboundtype.md | The following tables show the supported migration paths between outbound types f ### Supported Migration Paths for Managed VNet -| | loadBalancer | managedNATGateway | userAssignedNATGateway | userDefinedRouting | -||--|-||--| -| loadBalancer | N/A | Supported | Not Supported | Not Supported | -| managedNATGateway | Supported | N/A | Not Supported | Supported | -| userAssignedNATGateway | Supported | Not Supported | N/A | Not Supported | -| userDefinedRouting | Supported | Supported | Supported | N/A | +| Managed VNet |loadBalancer | managedNATGateway | userAssignedNATGateway | userDefinedRouting | +|||-||--| +| loadBalancer | N/A | Supported | Not Supported | Supported | +| managedNATGateway | Supported | N/A | Not Supported | Supported | +| userAssignedNATGateway | Not Supported | Not Supported | N/A | Not Supported | +| userDefinedRouting | Supported | Supported | Not Supported | N/A | ### Supported Migration Paths for BYO VNet -| | loadBalancer | managedNATGateway | userAssignedNATGateway | userDefinedRouting | +| BYO VNet | loadBalancer | managedNATGateway | userAssignedNATGateway | userDefinedRouting | |||-||--|-| loadBalancer | N/A | Supported | Supported | Supported | -| managedNATGateway | Supported | N/A | Not Supported | Not Supported | +| loadBalancer | N/A | Not Supported | Supported | Supported | +| managedNATGateway | Not Supported | N/A | Not Supported | Not Supported | | userAssignedNATGateway | Supported | Not Supported | N/A | Supported |-| userDefinedRouting | Not Supported | Not Supported | Not Supported | N/A | +| userDefinedRouting | Supported | Not Supported | Supported | N/A | ++Migration is only supported between `loadBalancer`, `managedNATGateway` (if using a managed virtual network), `userAssignedNATGateway` and `userDefinedRouting` (if using a custom virtual network). -Migration is only supported between `loadBalancer`, `managedNATGateway` (if using a managed virtual network), and `userDefinedNATGateway` (if using a custom virtual network). +> [!WARNING] +> Migrating the outbound type to user managed types (`userAssignedNATGateway` and `userDefinedRouting`) will change the outbound public IP addresses of the cluster. +> if [Authorized IP ranges](./api-server-authorized-ip-ranges.md) is enabled, please make sure new outbound ip range is appended to authorized ip range. > [!WARNING] > Changing the outbound type on a cluster is disruptive to network connectivity and will result in a change of the cluster's egress IP address. If any firewall rules have been configured to restrict traffic from the cluster, you need to update them to match the new egress IP address. |
| aks | Quick Kubernetes Deploy Bicep Extensibility Kubernetes Provider | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/aks/learn/quick-kubernetes-deploy-bicep-extensibility-kubernetes-provider.md | To learn more about AKS, and walk through a complete code to deployment example, [install-azure-powershell]: /powershell/azure/install-az-ps [connect-azaccount]: /powershell/module/az.accounts/Connect-AzAccount [sp-delete]: ../kubernetes-service-principal.md#additional-considerations-[azure-portal]: https://portal.azure.com [kubernetes-deployment]: ../concepts-clusters-workloads.md#deployments-and-yaml-manifests [kubernetes-service]: ../concepts-network.md#services [ssh-keys]: ../../virtual-machines/linux/create-ssh-keys-detailed.md |
| aks | Quick Kubernetes Deploy Rm Template | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/aks/learn/quick-kubernetes-deploy-rm-template.md | To learn more about AKS, and walk through a complete code to deployment example, [install-azure-powershell]: /powershell/azure/install-az-ps [connect-azaccount]: /powershell/module/az.accounts/Connect-AzAccount [sp-delete]: ../kubernetes-service-principal.md#additional-considerations-[azure-portal]: https://portal.azure.com [kubernetes-deployment]: ../concepts-clusters-workloads.md#deployments-and-yaml-manifests [kubernetes-service]: ../concepts-network.md#services [ssh-keys]: ../../virtual-machines/linux/create-ssh-keys-detailed.md |
| aks | Quick Windows Container Deploy Cli | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/aks/learn/quick-windows-container-deploy-cli.md | To learn more about AKS, and walk through a complete code to deployment example, [az-provider-register]: /cli/azure/provider#az_provider_register [azure-cli-install]: /cli/azure/install-azure-cli [sp-delete]: ../kubernetes-service-principal.md#additional-considerations-[azure-portal]: https://portal.azure.com [kubernetes-deployment]: ../concepts-clusters-workloads.md#deployments-and-yaml-manifests [kubernetes-service]: ../concepts-network.md#services [restricted-vm-sizes]: ../quotas-skus-regions.md#restricted-vm-sizes |
| aks | Network Observability Byo Cli | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/aks/network-observability-byo-cli.md | In this how-to article, you learned how to install and enable AKS Network Observ - For more information about AKS Network Observability, see [What is Azure Kubernetes Service (AKS) Network Observability?](network-observability-overview.md). - To create an AKS cluster with Network Observability and managed Prometheus and Grafana, see [Setup Network Observability for Azure Kubernetes Service (AKS) Azure managed Prometheus and Grafana](network-observability-managed-cli.md).- |
| aks | Network Observability Managed Cli | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/aks/network-observability-managed-cli.md | |
| aks | Open Ai Quickstart | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/aks/open-ai-quickstart.md | Title: Deploy an application that uses OpenAI on Azure Kubernetes Service (AKS) description: Learn how to deploy an application that uses OpenAI on Azure Kubernetes Service (AKS). #Required; article description that is displayed in search results. Last updated 6/29/2023-+ # Deploy an application that uses OpenAI on Azure Kubernetes Service (AKS) Now that you've seen how to add OpenAI functionality to an AKS application, lear [aoai]: ../cognitive-services/openai/index.yml [learn-aoai]: /training/modules/explore-azure-openai- |
| aks | Operator Best Practices Run At Scale | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/aks/operator-best-practices-run-at-scale.md | If your AKS clusters satisfy any of the following criteria, we recommend using t * Clusters running more than 10 nodes on average * Clusters that need to scale beyond 1000 nodes -To scale AKS clusters beyond 1000 nodes, you need to request a node limit quota increase by raising a support ticket in the [Azure portal][Azure portal] up to a maximum of 5000 nodes per cluster. Increasing the node limit doesn't increase other AKS service quota limits, like the number of pods per node. For more information, see [Limits, quotas, and restrictions for AKS resources][quotas-skus-regions]. +To scale AKS clusters beyond 1000 nodes, you need to request a node limit quota increase by [raising a support ticket in the Azure portal][support-ticket] up to a maximum of 5000 nodes per cluster. Increasing the node limit doesn't increase other AKS service quota limits, like the number of pods per node. For more information, see [Limits, quotas, and restrictions for AKS resources][quotas-skus-regions]. To increase the node limit beyond 1000, you must have the following pre-requisites: To increase the node limit beyond 1000, you must have the following pre-requisit [Managed NAT Gateway - Azure Kubernetes Service]: nat-gateway.md [Configure Azure CNI networking for dynamic allocation of IPs and enhanced subnet support in Azure Kubernetes Service (AKS)]: configure-azure-cni-dynamic-ip-allocation.md [max surge]: upgrade-cluster.md?tabs=azure-cli#customize-node-surge-upgrade-[Azure portal]: https://portal.azure.com/#create/Microsoft.Support/Parameters/%7B%0D%0A%09%22subId%22%3A+%22%22%2C%0D%0A%09%22pesId%22%3A+%225a3a423f-8667-9095-1770-0a554a934512%22%2C%0D%0A%09%22supportTopicId%22%3A+%2280ea0df7-5108-8e37-2b0e-9737517f0b96%22%2C%0D%0A%09%22contextInfo%22%3A+%22AksLabelDeprecationMarch22%22%2C%0D%0A%09%22caller%22%3A+%22Microsoft_Azure_ContainerService+%2B+AksLabelDeprecationMarch22%22%2C%0D%0A%09%22severity%22%3A+%223%22%0D%0A%7D +[support-ticket]: https://portal.azure.com/#create/Microsoft.Support/Parameters/%7B%0D%0A%09%22subId%22%3A+%22%22%2C%0D%0A%09%22pesId%22%3A+%225a3a423f-8667-9095-1770-0a554a934512%22%2C%0D%0A%09%22supportTopicId%22%3A+%2280ea0df7-5108-8e37-2b0e-9737517f0b96%22%2C%0D%0A%09%22contextInfo%22%3A+%22AksLabelDeprecationMarch22%22%2C%0D%0A%09%22caller%22%3A+%22Microsoft_Azure_ContainerService+%2B+AksLabelDeprecationMarch22%22%2C%0D%0A%09%22severity%22%3A+%223%22%0D%0A%7D [standard-tier]: free-standard-pricing-tiers.md [throttling-policies]: https://azure.microsoft.com/blog/api-management-advanced-caching-and-throttling-policies/ |
| api-management | Cosmosdb Data Source Policy | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/api-management/cosmosdb-data-source-policy.md | type Query { * [GraphQL resolver policies](api-management-policies.md#graphql-resolver-policies) |
| app-service | App Service Hybrid Connections | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/app-service/app-service-hybrid-connections.md | Things you cannot do with Hybrid Connections include: ## Add and Create Hybrid Connections in your app ## -To create a Hybrid Connection, go to the [Azure portal][portal] and select your app. Select **Networking** > **Configure your Hybrid Connection endpoints**. Here you can see the Hybrid Connections that are configured for your app. +To create a Hybrid Connection, go to the [Azure portal] and select your app. Select **Networking** > **Configure your Hybrid Connection endpoints**. Here you can see the Hybrid Connections that are configured for your app. :::image type="content" source="media/app-service-hybrid-connections/hybridconn-portal.png" alt-text="Screenshot of Hybrid Connection list"::: In addition to there being an App Service plan SKU requirement, there's an addit ## Hybrid Connection Manager ## -The Hybrid Connections feature requires a relay agent in the network that hosts your Hybrid Connection endpoint. That relay agent is called the Hybrid Connection Manager (HCM). To download HCM, from your app in the [Azure portal][portal], select **Networking** > **Configure your Hybrid Connection endpoints**. +The Hybrid Connections feature requires a relay agent in the network that hosts your Hybrid Connection endpoint. That relay agent is called the Hybrid Connection Manager (HCM). To download HCM, from your app in the [Azure portal], select **Networking** > **Configure your Hybrid Connection endpoints**. This tool runs on Windows Server 2012 and later. The HCM runs as a service and connects outbound to Azure Relay on port 443. Each HCM can support multiple Hybrid Connections. Also, any given Hybrid Connect ### Manually add a Hybrid Connection ### -To enable someone outside your subscription to host an HCM instance for a given Hybrid Connection, share the gateway connection string for the Hybrid Connection with them. You can see the gateway connection string in the Hybrid Connection properties in the [Azure portal][portal]. To use that string, select **Enter Manually** in the HCM, and paste in the gateway connection string. +To enable someone outside your subscription to host an HCM instance for a given Hybrid Connection, share the gateway connection string for the Hybrid Connection with them. You can see the gateway connection string in the Hybrid Connection properties in the [Azure portal]. To use that string, select **Enter Manually** in the HCM, and paste in the gateway connection string. :::image type="content" source="media/app-service-hybrid-connections/hybridconn-manual.png" alt-text="Manually add a Hybrid Connection"::: If you have a command-line client for your endpoint, you can test connectivity f <!--Links--> [HCService]: /azure/service-bus-relay/relay-hybrid-connections-protocol/-[portal]: https://portal.azure.com/ +[Azure portal]: https://portal.azure.com/ [oldhc]: /azure/biztalk-services/integration-hybrid-connection-overview/ [sbpricing]: https://azure.microsoft.com/pricing/details/service-bus/ [armclient]: https://github.com/projectkudu/ARMClient/ |
| app-service | Configure Authentication Provider Openid Connect | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/app-service/configure-authentication-provider-openid-connect.md | If you are unable to use a configuration metadata document, you will need to gat ## <a name="related-content"> </a>Next steps [!INCLUDE [app-service-mobile-related-content-get-started-users](../../includes/app-service-mobile-related-content-get-started-users.md)]++[Azure portal]: https://portal.azure.com |
| app-service | Configure Common | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/app-service/configure-common.md | To add a custom handler: <!-- URL List --> [ASP.NET SignalR]: https://www.asp.net/signalr-[Azure Portal]: https://portal.azure.com/ +[Azure portal]: https://portal.azure.com/ [Configure a custom domain name in Azure App Service]: ./app-service-web-tutorial-custom-domain.md [Set up staging environments in Azure App Service]: ./deploy-staging-slots.md [How to: Monitor web endpoint status]: ./web-sites-monitor.md |
| app-service | Configure Ssl Bindings | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/app-service/configure-ssl-bindings.md | tags: buy-ssl-certificates Last updated 04/20/2023 -+ # Secure a custom DNS name with a TLS/SSL binding in Azure App Service |
| app-service | Configure Ssl Certificate | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/app-service/configure-ssl-certificate.md | tags: buy-ssl-certificates Last updated 07/28/2023 -+ # Add and manage TLS/SSL certificates in Azure App Service If your certificate authority gives you multiple certificates in the certificate Now, export your merged TLS/SSL certificate with the private key that was used to generate your certificate request. If you generated your certificate request using OpenSSL, then you created a private key file. > [!NOTE]-> OpenSSL v3 creates certificate serials with 20 octets (40 chars) as the X.509 specification allows. Currently only 10 octets (20 chars) is supported when uploading certificate PFX files. -> OpenSSL v3 also changed default cipher from 3DES to AES256, but this can be overridden on the command line. -> OpenSSL v1 uses 3DES as default and only uses 8 octets (16 chars) in the serial, so the PFX files generated are supported without any special modifications. +> OpenSSL v3 changed default cipher from 3DES to AES256, but this can be overridden on the command line -keypbe PBE-SHA1-3DES -certpbe PBE-SHA1-3DES -machalg SHA1. +> OpenSSL v1 uses 3DES as default, so the PFX files generated are supported without any special modifications. 1. To export your certificate to a PFX file, run the following command, but replace the placeholders _<private-key-file>_ and _<merged-certificate-file>_ with the paths to your private key and your merged certificate file. |
| app-service | Deploy Zip | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/app-service/deploy-zip.md | Publish-AzWebApp -ResourceGroupName Default-Web-WestUS -Name MyApp -ArchivePath # [Kudu API](#tab/api) -The following example uses the cURL tool to deploy a ZIP package. Replace the placeholders `<username>`, `<zip-package-path>`, and `<app-name>`. When prompted by cURL, type in the [deployment password](deploy-configure-credentials.md). +The following example uses the cURL tool to deploy a ZIP package. Replace the placeholders `<username>`, `<password>`, `<zip-package-path>`, and `<app-name>`. Use the [deployment credentials](deploy-configure-credentials.md) for authentication. ```bash-curl -X POST -u <username:password> -T "@<zip-package-path>" https://<app-name>.scm.azurewebsites.net/api/publish?type=zip +curl -X POST \ + -H "Content-Type: application/octet-stream" \ + -u '<username>:<password>' \ + -T "<zip-package-path>" \ + "https://<app-name>.scm.azurewebsites.net/api/zipdeploy" ``` [!INCLUDE [deploying to network secured sites](../../includes/app-service-deploy-network-secured-sites.md)] curl -X POST -u <username:password> -T "@<zip-package-path>" https://<app-name>. The following example uses the `packageUri` parameter to specify the URL of an Azure Storage account that the web app should pull the ZIP from. ```bash-curl -X POST -u <username:password> https://<app-name>.scm.azurewebsites.net/api/publish -d '{"packageUri": "https://storagesample.blob.core.windows.net/sample-container/myapp.zip?sv=2021-10-01&sb&sig=slk22f3UrS823n4kSh8Skjpa7Naj4CG3"}' +curl -X PUT \ + -H "Content-Type: application/json" \ + -u '<username>:<password>' \ + -d '{"packageUri": "https://storagesample.blob.core.windows.net/sample-container/myapp.zip?sv=2021-10-01&sb&sig=slk22f3UrS823n4kSh8Skjpa7Naj4CG3"}' \ + "https://<app-name>.scm.azurewebsites.net/api/zipdeploy" ``` # [Kudu UI](#tab/kudu-ui) |
| app-service | App Service App Service Environment Control Inbound Traffic | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/app-service/environment/app-service-app-service-environment-control-inbound-traffic.md | The following list contains the ports used by an App Service Environment. All po ## Outbound Connectivity and DNS Requirements For an App Service Environment to function properly, it also requires outbound access to various endpoints. A full list of the external endpoints used by an ASE is in the "Required Network Connectivity" section of the [Network Configuration for ExpressRoute](app-service-app-service-environment-network-configuration-expressroute.md#required-network-connectivity) article. -App Service Environments require a valid DNS infrastructure configured for the virtual network. If the DNS configuration is changed after the creation of an App Service Environment, developers can force an App Service Environment to pick up the new DNS configuration. If you trigger a rolling environment reboot using the **Restart** icon, the environment picks up the new DNS configuration. (The **Restart** icon is located at the top of the App Service Environment management blade, in the [Azure portal][NewPortal].) +App Service Environments require a valid DNS infrastructure configured for the virtual network. If the DNS configuration is changed after the creation of an App Service Environment, developers can force an App Service Environment to pick up the new DNS configuration. If you trigger a rolling environment reboot using the **Restart** icon, the environment picks up the new DNS configuration. (The **Restart** icon is located at the top of the App Service Environment management blade, in the [Azure portal](https://portal.azure.com).) It's also recommended that any custom DNS servers on the vnet be set up ahead of time before creating an App Service Environment. If a virtual network's DNS configuration is changed during the creation of an App Service Environment, the App Service Environment creation process will fail. Similarly, if there's a custom DNS server that's unreachable or unavailable on the other end of a VPN gateway, the App Service Environment creation process will also fail. For more information, see [Securely connecting to Backend resources from an App [NetworkSecurityGroups]: ../../virtual-network/virtual-network-vnet-plan-design-arm.md [IntroToAppServiceEnvironment]: app-service-app-service-environment-intro.md [SecurelyConnecttoBackend]: app-service-app-service-environment-securely-connecting-to-backend-resources.md-[NewPortal]: https://portal.azure.com <!-- IMAGES --> |
| app-service | App Service App Service Environment Network Configuration Expressroute | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/app-service/environment/app-service-app-service-environment-network-configuration-expressroute.md | App Service Environment requires the following network connectivity settings to * Inbound network access to required ports for App Service Environment must be allowed. For details, see [How to control inbound traffic to App Service Environment][requiredports]. -To fulfill the DNS requirements, make sure a valid DNS infrastructure is configured and maintained for the virtual network. If the DNS configuration is changed after App Service Environment is created, developers can force App Service Environment to pick up the new DNS configuration. You can trigger a rolling environment reboot by using the **Restart** icon under App Service Environment management in the [Azure portal][NewPortal]. The reboot causes the environment to pick up the new DNS configuration. +To fulfill the DNS requirements, make sure a valid DNS infrastructure is configured and maintained for the virtual network. If the DNS configuration is changed after App Service Environment is created, developers can force App Service Environment to pick up the new DNS configuration. You can trigger a rolling environment reboot by using the **Restart** icon under App Service Environment management in the [Azure portal](https://portal.azure.com). The reboot causes the environment to pick up the new DNS configuration. To fulfill the inbound network access requirements, configure a [network security group (NSG)][NetworkSecurityGroups] on the App Service Environment subnet. The NSG allows the required access [to control inbound traffic to App Service Environment][requiredports]. To get started with App Service Environment for Power Apps, see [Introduction to [DownloadCenterAddressRanges]: https://www.microsoft.com/download/details.aspx?id=41653 [NetworkSecurityGroups]: ../../virtual-network/virtual-network-vnet-plan-design-arm.md [IntroToAppServiceEnvironment]: app-service-app-service-environment-intro.md -[NewPortal]: https://portal.azure.com - <!-- IMAGES --> |
| app-service | Manage Scale Up | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/app-service/manage-scale-up.md | For information about the pricing and features of individual App Service plans, > [!NOTE] > To scale up to Premium V3 tier, see [Configure Premium V3 tier for App Service](app-service-configure-premium-tier.md).-> -1. In your browser, open the [Azure portal][portal]. +1. In your browser, open the [Azure portal](https://portal.azure.com). 1. In the left navigation of your App Service app page, select **Scale up (App Service plan)**. For a table of service limits, quotas, and constraints, and supported features i [vmsizes]:https://azure.microsoft.com/pricing/details/app-service/ [SQLaccountsbilling]:https://go.microsoft.com/fwlink/?LinkId=234930 [azuresubscriptions]:https://account.windowsazure.com/subscriptions-[portal]: https://portal.azure.com/ <!-- IMAGES --> [ChooseWHP]: ./media/web-sites-scale/scale1ChooseWHP.png |
| app-service | Overview Managed Identity | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/app-service/overview-managed-identity.md | First, you'll need to create a user-assigned identity resource. 1. Run the `az webapp identity assign` command to assign the identity to the app. ```azurepowershell-interactive- az webapp identity assign --resource-group <group-name> --name <app-name> --identities <identity-name> + az webapp identity assign --resource-group <group-name> --name <app-name> --identities <identity-id> ``` # [Azure PowerShell](#tab/ps) az webapp identity remove --name <app-name> --resource-group <group-name> To remove one or more user-assigned identities: ```azurecli-interactive-az webapp identity remove --name <app-name> --resource-group <group-name> --identities <identity-name1>,<identity-name2>,... +az webapp identity remove --name <app-name> --resource-group <group-name> --identities <identity-id1> <identity-id2> ... ``` You can also remove the system assigned identity by specifying `[system]` in `--identities`. |
| application-gateway | Migrate V1 V2 | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/application-gateway/migrate-v1-v2.md | description: This article shows you how to migrate Azure Application Gateway and + Last updated 07/05/2023 |
| application-gateway | Retirement Faq | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/application-gateway/retirement-faq.md | On April 28,2023 we announced retirement of Application gateway V1 on 28 April 2 ### What is the official date Application Gateway V1 is cut off from creation? -New Customers aren't allowed to create v1 from 1 July 2023. However, any existing V1 customers can continue to create resources until August 2024 and manage V1 resources until the retirement date of 28 April 2026. +New Customers will not be allowed to create V1 from 1 July 2023 onwards. However, any existing V1 customers can continue to create resources in existing subscriptions until August 2024 and manage V1 resources until the retirement date of 28 April 2026. ### What happens to existing Application Gateway V1 after 28 April 2026? Once the deadline arrives V1 gateways aren't supported. Any V1 SKU resources tha ### What is the definition of a new customer on Application Gateway V1 SKU? -Customers who didn't have Application Gateway V1 SKU in their subscriptions in the month of June 2023 are considered as new customers. These customers wonΓÇÖt be able to create new V1 gateways from 1 July 2023. +Customers who didn't have Application Gateway V1 SKU in their subscriptions as of 4 July 2023 are considered as new customers. These customers wonΓÇÖt be able to create new V1 gateways going forward. ### What is the definition of an existing customer on Application Gateway V1 SKU? -Customers who had active or stopped but allocated Application Gateway V1 SKU in their subscriptions in the month of June 2023, are considered existing customers. These customers get until August 28, 2024 to create new V1 application gateways and until April 28,2026 to migrate their V1 gateways to V2. +Customers who had active or stopped but allocated Application Gateway V1 SKU in their subscriptions as of 4 July 2023, are considered existing customers. These customers get until August 28, 2024 to create new V1 application gateways in their existing subscriptions and until April 28,2026 to migrate their V1 gateways to V2. ### Does this migration plan affect any of my existing workloads that run on Application Gateway V1 SKU? |
| application-gateway | V1 Retirement | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/application-gateway/v1-retirement.md | We announced the deprecation of Application Gateway V1 on **April 28 ,2023**. St - Deprecation announcement: April 28 ,2023 -- No new subscriptions for V1 deployments: July 1,2023 - Application Gateway V1 is no longer available for deployment on new subscriptions from July 1 2023.+- No new subscriptions for V1 deployments: July 1,2023 onwards - Application Gateway V1 is no longer available for deployment on [new subscriptions](./retirement-faq.md#what-is-the-definition-of-a-new-customer-on-application-gateway-v1-sku) from July 1 2023 onwards. - No new V1 deployments: August 28, 2024 - V1 creation is stopped completely for all customers 28 August 2024 onwards. |
| azure-app-configuration | Monitor App Configuration | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-app-configuration/monitor-app-configuration.md | When you have critical applications and business processes relying on Azure reso This article describes the monitoring data generated by App Configuration. App Configuration uses [Azure Monitor](../azure-monitor/overview.md). If you are unfamiliar with the features of Azure Monitor common to all Azure services that use it, read [Monitoring Azure resources with Azure Monitor](../azure-monitor/essentials/monitor-azure-resource.md). -## Monitoring overview page in Azure portal +## Monitoring overview page in the Azure portal The **Overview** page in the Azure portal includes a brief view of the resource usage, such as the total number of requests, number of throttled requests, and request duration per configuration store. This information is useful, but only displays a small amount of the monitoring data available. Some of this monitoring data is collected automatically and is available for analysis as soon as you create the resource. You can enable additional types of data collection with some configuration. > [!div class="mx-imgBorder"] |
| azure-arc | Configure Transparent Data Encryption Sql Managed Instance | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-arc/data/configure-transparent-data-encryption-sql-managed-instance.md | |
| azure-cache-for-redis | Cache Remove Tls 10 11 | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-cache-for-redis/cache-remove-tls-10-11.md | description: Learn how to remove TLS 1.0 and 1.1 from your application when comm Previously updated : 03/07/2023 Last updated : 07/13/2023 ms.devlang: csharp, golang, java, javascript, php, python |
| azure-cache-for-redis | Cache Tutorial Functions Getting Started | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-cache-for-redis/cache-tutorial-functions-getting-started.md | The following tutorial shows how to implement basic triggers with Azure Cache fo Create a new **Azure Cache for Redis** instance using the Azure portal or your preferred CLI tool. We use a _Standard C1_ instance, which is a good starting point. Use the [quickstart guide](quickstart-create-redis.md) to get started. -<!--  --> The default settings should suffice. We use a public endpoint for this demo, but we recommend you use a private endpoint for anything in production. -Creating the cache can take a few minutes, so feel move to the next section while creating the cache completes. +Creating the cache can take a few minutes. You can move to the next section while creating the cache completes. ### Set up Visual Studio Code -If you haven’t installed the functions extension for VS Code, search for _Azure Functions_ in the extensions menu, and select **Install**. If you don’t have the C# extension installed, install it, too. +1. If you haven’t installed the functions extension for VS Code, search for _Azure Functions_ in the extensions menu, and select **Install**. If you don’t have the C# extension installed, install it, too. -<!--  --> + :::image type="content" source="media/cache-tutorial-functions-getting-started/cache-code-editor.png" alt-text="Screenshot of the required extensions installed in VS Code."::: -Next, go to the **Azure** tab, and sign-in to your existing Azure account, or create a new one: +1. Next, go to the **Azure** tab, and sign-in to your existing Azure account, or create a new one: -Create a new local folder on your computer to hold the project that you're building. In our example, we use “AzureRedisFunctionDemo”. +1. Create a new local folder on your computer to hold the project that you're building. In our example, we use _RedisAzureFunctionDemo_. -In the Azure tab, create a new functions app by clicking on the lightning bolt icon in the top right of the **Workspace** box in the lower left of the screen. +1. In the Azure tab, create a new functions app by clicking on the lightning bolt icon in the top right of the **Workspace** tab. -<!--  --> + :::image type="content" source="media/cache-tutorial-functions-getting-started/cache-add-resource.png" alt-text="Screenshot showing how to add a new function from VS Code."::: -Select the new folder that you’ve created to start the creation of a new Azure Functions project. You get several on-screen prompts. Select: +1. Select the new folder that you’ve created to start the creation of a new Azure Functions project. You get several on-screen prompts. Select: -- **C#** as the language-- **.NET 6.0 LTS** as the .NET runtime-- **Skip for now** as the project template+ - **C#** as the language + - **.NET 6.0 LTS** as the .NET runtime + - **Skip for now** as the project template -> [!NOTE] -> If you don’t have the .NET Core SDK installed, you’ll be prompted to do so. + > [!NOTE] + > If you don’t have the .NET Core SDK installed, you’ll be prompted to do so. -The new project is created: +1. The new project is created: -<!--  --> + :::image type="content" source="media/cache-tutorial-functions-getting-started/cache-vscode-workspace.png" alt-text="Screenshot of a workspace in VS Code."::: ### Install the necessary NuGet package -You'll need to install `Microsoft.Azure.WebJobs.Extensions.Redis`, the NuGet package for the Redis extension that allows Redis keyspace notifications to be used as triggers in Azure Functions. +You need to install `Microsoft.Azure.WebJobs.Extensions.Redis`, the NuGet package for the Redis extension that allows Redis keyspace notifications to be used as triggers in Azure Functions. Install this package by going to the **Terminal** tab in VS Code and entering the following command: dotnet add package Microsoft.Azure.WebJobs.Extensions.Redis --prerelease ### Configure cache -Go to your newly created Azure Cache for Redis instance. Two steps are needed here. +1. Go to your newly created Azure Cache for Redis instance. -First, enable **keyspace notifications** on the cache to trigger on keys and commands. Go to your cache in the Azure portal and select the **Advanced settings** from the Resource menu. Scroll down to the field labeled _notify-keyspace-events_ and enter “KEA”. Then select Save at the top of the window. “KEA” is a configuration string that enables keyspace notifications for all keys and events. More information on keyspace configuration strings can be found [here](https://redis.io/docs/manual/keyspace-notifications/). +1. Go to your cache in the Azure portal and select the **Advanced settings** from the Resource menu. Scroll down to the field labeled _notify-keyspace-events_ and enter `KEA`. You have enabled **keyspace notifications** on the cache to trigger on keys and commands. -<!--  --> +1. Then select **Save** at the top of the window. “KEA” is a configuration string that enables keyspace notifications for all keys and events. More information on keyspace configuration strings can be found [here](https://redis.io/docs/manual/keyspace-notifications/). -Second, select **Access keys** from the Resource menu and write down/copy the Primary connection string field. We use the access key to connect to the cache. + :::image type="content" source="media/cache-tutorial-functions-getting-started/cache-keyspace-notifications.png" alt-text="Screenshot of Advanced settings selected in the Resource menu and notify-keyspace-events highlighted with a red box."::: -<!--  --> +1. Select **Access keys** from the Resource menu and write down/copy the Primary connection string field. This string is used to connect to the cache. -### Set up the example code --Go back to VS Code, add a file to the project called `RedisFunctions.cs` Copy and paste the code sample: + :::image type="content" source="media/cache-tutorial-functions-getting-started/cache-access-keys.png" alt-text="Screenshot showing the primary access key highlighted with a red box."::: -```csharp -using Microsoft.Extensions.Logging; -using StackExchange.Redis; --namespace Microsoft.Azure.WebJobs.Extensions.Redis.Samples -{ - public static class RedisSamples - { - public const string connectionString = "redisConnectionString"; -- [FunctionName(nameof(PubSubTrigger))] - public static void PubSubTrigger( - [RedisPubSubTrigger(connectionString, "pubsubTest")] string message, - ILogger logger) - { - logger.LogInformation(message); - } +### Set up the example code - [FunctionName(nameof(KeyspaceTrigger))] - public static void KeyspaceTrigger( - [RedisPubSubTrigger(connectionString, "__keyspace@0__:keyspaceTest")] string message, - ILogger logger) - { - logger.LogInformation(message); - } +1. Go back to VS Code, add a file to the project called `RedisFunctions.cs`. - [FunctionName(nameof(KeyeventTrigger))] - public static void KeyeventTrigger( - [RedisPubSubTrigger(connectionString, "__keyevent@0__:del")] string message, - ILogger logger) - { - logger.LogInformation(message); - } +1. Copy and paste the code sample into the new file. - [FunctionName(nameof(ListTrigger))] - public static void ListTrigger( - [RedisListTrigger(connectionString, "listTest")] string entry, - ILogger logger) - { - logger.LogInformation(entry); - } + ```csharp + using Microsoft.Extensions.Logging; + using StackExchange.Redis; - [FunctionName(nameof(StreamTrigger))] - public static void StreamTrigger( - [RedisStreamTrigger(connectionString, "streamTest")] string entry, - ILogger logger) + namespace Microsoft.Azure.WebJobs.Extensions.Redis.Samples + { + public static class RedisSamples {- logger.LogInformation(entry); + public const string connectionString = "redisConnectionString"; ++ [FunctionName(nameof(PubSubTrigger))] + public static void PubSubTrigger( + [RedisPubSubTrigger(connectionString, "pubsubTest")] string message, + ILogger logger) + { + logger.LogInformation(message); + } ++ [FunctionName(nameof(KeyspaceTrigger))] + public static void KeyspaceTrigger( + [RedisPubSubTrigger(connectionString, "__keyspace@0__:keyspaceTest")] string message, + ILogger logger) + { + logger.LogInformation(message); + } ++ [FunctionName(nameof(KeyeventTrigger))] + public static void KeyeventTrigger( + [RedisPubSubTrigger(connectionString, "__keyevent@0__:del")] string message, + ILogger logger) + { + logger.LogInformation(message); + } ++ [FunctionName(nameof(ListTrigger))] + public static void ListTrigger( + [RedisListTrigger(connectionString, "listTest")] string entry, + ILogger logger) + { + logger.LogInformation(entry); + } ++ [FunctionName(nameof(StreamTrigger))] + public static void StreamTrigger( + [RedisStreamTrigger(connectionString, "streamTest")] string entry, + ILogger logger) + { + logger.LogInformation(entry); + } } }-} -``` --This tutorial shows multiple different ways to trigger on Redis activity: + ``` -1. _PubSubTrigger_, which is triggered when activity is published to the pub/sub channel named `pubsubTest` +1. This tutorial shows multiple different ways to trigger on Redis activity: -1. _KeyspaceTrigger_, which is built on the Pub/Sub trigger. Use it to look for changes to the key `keyspaceTest` + - _PubSubTrigger_, which is triggered when activity is published to the pub/sub channel named `pubsubTest` + - _KeyspaceTrigger_, which is built on the Pub/Sub trigger. Use it to look for changes to the key `keyspaceTest` + - _KeyeventTrigger_, which is also built on the Pub/Sub trigger. Use it to look for any use of the`DEL` command. + - _ListTrigger_, which looks for changes to the list `listTest` + - _StreamTrigger_, which looks for changes to the stream `streamTest` -1. _KeyeventTrigger_, which is also built on the Pub/Sub trigger. Use it to look for any use of the`DEL` command. +### Connect to your cache -1. _ListTrigger_, which looks for changes to the list `listTest` +1. In order to trigger on Redis activity, you need to pass in the connection string of your cache instance. This information is stored in the `local.settings.json` file that was automatically created in your folder. Using the [local settings file](../azure-functions/functions-run-local.md#local-settings) is recommended as a security best practice. -1. _StreamTrigger_, which looks for changes to the stream `streamTest` +1. To connect to your cache, add a `ConnectionStrings` section in the `local.settings.json` file and add your connection string using the parameter `redisConnectionString`. It should look like this: -### Connect to your cache -In order to trigger on Redis activity, you need to pass in the connection string of your cache instance. This information will be stored in the `local.settings.json` file that was automatically created in your folder. Using the [local settings file](../azure-functions/functions-run-local.md#local-settings) is recommended as a security best practice. --To connect to your cache, add a `ConnectionStrings` section in the `local.settings.json` file and add your connection string using the parameter `redisConnectionString`. It should look like this: --```json -{ - "IsEncrypted": false, - "Values": { - "AzureWebJobsStorage": "", - "FUNCTIONS_WORKER_RUNTIME": "dotnet", - "redisConnectionString": "<your-connection-string>" - } -} -``` + ```json + { + "IsEncrypted": false, + "Values": { + "AzureWebJobsStorage": "", + "FUNCTIONS_WORKER_RUNTIME": "dotnet", + "redisConnectionString": "<your-connection-string>" + } + } + ``` -<!--  --> > [!IMPORTANT] > This example is simplified for the tutorial. For production use, we recommend that you use [Azure Key Vault](../service-connector/tutorial-portal-key-vault.md) to store connection string information. To connect to your cache, add a `ConnectionStrings` section in the `local.settin ### Build and run the code locally -Switch to the **Run and debug** tab in VS Code and select the green arrow to debug the code locally. If you don’t have Azure Functions core tools installed, you're prompted to do so. In that case, you’ll need to restart VS Code after installing. +1. Switch to the **Run and debug** tab in VS Code and select the green arrow to debug the code locally. If you don’t have Azure Functions core tools installed, you're prompted to do so. In that case, you’ll need to restart VS Code after installing. -The code should build successfully, which you can track in the Terminal output. + The code should build successfully, which you can track in the Terminal output. -To test the trigger functionality, try creating and deleting the _keyspaceTest_ key. You can use any way you prefer to connect to the cache. An easy way is to use the built-in Console tool in the Azure Cache for Redis portal. Bring up the cache instance in the Azure portal, and select **Console** to open it. +1. To test the trigger functionality, try creating and deleting the _keyspaceTest_ key. You can use any way you prefer to connect to the cache. An easy way is to use the built-in Console tool in the Azure Cache for Redis portal. Bring up the cache instance in the Azure portal, and select **Console** to open it. -<!--  --> + :::image type="content" source="media/cache-tutorial-functions-getting-started/cache-console.png" alt-text="Screenshot of C# code and a connection string."::: -After it's open, try the following commands: +1. After it's open, try the following commands: -- `SET keyspaceTest 1`-- `SET keyspaceTest 2`-- `DEL keyspaceTest`-- `PUBLISH pubsubTest testMessage`-- `LPUSH listTest test`-- `XADD streamTest * name Clippy`+ - `SET keyspaceTest 1` + - `SET keyspaceTest 2` + - `DEL keyspaceTest` + - `PUBLISH pubsubTest testMessage` + - `LPUSH listTest test` + - `XADD streamTest * name Clippy` -<!--  --> + :::image type="content" source="media/cache-tutorial-functions-getting-started/cache-console-output.png" alt-text="Screenshot of a console and some Redis commands and results."::: -You should see the triggers activating in the terminal: +1. You should see the triggers activating in the terminal: -<!--  --> + :::image type="content" source="media/cache-tutorial-functions-getting-started/cache-triggers-working-lightbox.png" alt-text="Screenshot of the VS Code editor with code running." lightbox="media/cache-tutorial-functions-getting-started/cache-triggers-working.png"::: ### Deploy code to an Azure function -Create a new Azure function by going back to the Azure tab, expanding your subscription, and right clicking on **Function App**. Select **Create a Function App in Azure…(Advanced)**. +1. Create a new Azure function by going back to the Azure tab, expanding your subscription, and right clicking on **Function App**. Select **Create a Function App in Azure…(Advanced)**. -<!--  --> + :::image type="content" source="media/cache-tutorial-functions-getting-started/cache-create-function-app.png" alt-text="Screenshot of creating a function app in VS Code."::: -You see several prompts on information to configure the new functions app: +1. You see several prompts on information to configure the new functions app: -- Enter a unique name-- Choose **.NET 6** as the runtime stack-- Choose either **Linux** or **Windows** (either works)-- Select an existing or new resource group to hold the Function App-- Choose the same region as your cache instance-- Select **Premium** as the hosting plan-- Create a new App Service plan-- Choose the **EP1** pricing tier.-- Choose an existing storage account or create a new one-- Create a new Application Insights resource. We use the resource to confirm the trigger is working.+ - Enter a unique name + - Choose **.NET 6** as the runtime stack + - Choose either **Linux** or **Windows** (either works) + - Select an existing or new resource group to hold the Function App + - Choose the same region as your cache instance + - Select **Premium** as the hosting plan + - Create a new App Service plan + - Choose the **EP1** pricing tier. + - Choose an existing storage account or create a new one + - Create a new Application Insights resource. We use the resource to confirm the trigger is working. -> [!IMPORTANT] -> Redis triggers are not currently supported on consumption functions. -> + > [!IMPORTANT] + > Redis triggers are not currently supported on consumption functions. + > -Wait a few minutes for the new Function App to be created. It appears in the drop down under **Function App** in your subscription. Right click on the new function app and select **Deploy to Function App…** +1. Wait a few minutes for the new Function App to be created. It appears in the drop-down under **Function App** in your subscription. Right-click on the new function app and select **Deploy to Function App…** -<!--  --> + :::image type="content" source="media/cache-tutorial-functions-getting-started/cache-deploy-to-function.png" alt-text="Screenshot of deploying to a function app in VS Code."::: -The app builds and starts deploying. You can track progress in the **Output Window**. +1. The app builds and starts deploying. You can track progress in the **Output Window**. ### Add connection string information -Navigate to your new Function App in the Azure portal and select the **Configuration** blade from the Resource menu. Select **New application setting** and enter `redisConnectionString` as the Name, with your connection string as the Value. Set Type to _Custom_, and select **Ok** to close the menu and then **Save** on the Configuration page to confirm. The functions app will restart with the new connection string information. +1. Navigate to your new Function App in the Azure portal and select the **Configuration** from the Resource menu. ++1. Select **New application setting** and enter `redisConnectionString` as the Name, with your connection string as the Value. Set Type to _Custom_, and select **Ok** to close the menu and then **Save** on the Configuration page to confirm. The functions app restarts with the new connection string information. ### Test your triggers -Once deployment is complete and the connection string information added, open your Function App in the Azure portal and select **Log Stream** from the Resource menu. Wait for log analytics to connect, and then use the Redis console to activate any of the triggers. You should see the triggers being logged here. +1. Once deployment is complete and the connection string information added, open your Function App in the Azure portal and select **Log Stream** from the Resource menu. ++1. Wait for log analytics to connect, and then use the Redis console to activate any of the triggers. You should see the triggers being logged here. -<!--  --> + :::image type="content" source="media/cache-tutorial-functions-getting-started/cache-log-stream.png" alt-text="Screenshot of log stream for a function app resource in the Resource menu." lightbox="media/cache-tutorial-functions-getting-started/cache-log-stream.png"::: ## Next steps |
| azure-functions | Configure Monitoring | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-functions/configure-monitoring.md | Azure Functions integrates with Application Insights to better enable you to mon You can use Application Insights without any custom configuration. The default configuration can result in high volumes of data. If you're using a Visual Studio Azure subscription, you might hit your data cap for Application Insights. For information about Application Insights costs, see [Application Insights billing](../azure-monitor/logs/cost-logs.md#application-insights-billing). For more information, see [Solutions with high-volume of telemetry](#solutions-with-high-volume-of-telemetry). -Later in this article, you learn how to configure and customize the data that your functions send to Application Insights. For a function app, logging is configured in the *[host.json]* file. +Later in this article, you learn how to configure and customize the data that your functions send to Application Insights. Common logging configuration can be set in the *[host.json]* file. By default, these settings also govern custom logs emitted by your code, though in some cases this behavior can be disabled in favor of options that give you more control over logging. See [Custom logs](#custom-logs) for more information. > [!NOTE] > You can use specially configured application settings to represent specific settings in a *host.json* file for a specific environment. This lets you effectively change *host.json* settings without having to republish the *host.json* file in your project. For more information, see [Override host.json values](functions-host-json.md#override-hostjson-values). +## Custom logs ++By default, custom logs you write are sent to the Functions host, which then sends them to Application Insights through the ["Worker" category](#configure-categories). Some language stacks allow you to instead send the logs directly to Application Insights, giving you full control over how logs you write are emitted. The following table summarizes the options available to each stack: ++| Language stack | Configuration of custom logs | +|-|-| +| .NET (in-process model) | `host.json` | +| .NET (isolated model) | By default: `host.json`<br/>Option to send logs directly: [Configure Application Insights in the HostBuilder](./dotnet-isolated-process-guide.md#application-insights) | +| Node.JS | `host.json` | +| Python | `host.json` | +| Java | By default: `host.json`<br/>Option to send logs directly: [Configure the Application Insights Java agent](../azure-monitor/app/monitor-functions.md#distributed-tracing-for-java-applications) | +| PowerShell | `host.json` | ++When custom logs are sent directly, the host no longer be emits them, and `host.json` no longer controls their behavior. Similarly, the options exposed by each stack only apply to custom logs, and they do not change the behavior of the other runtime logs described in this article. To control the behavior of all logs, you may need to make changes for both configurations. + ## Configure categories The Azure Functions logger includes a *category* for every log. The category indicates which part of the runtime code or your function code wrote the log. Categories differ between version 1.x and later versions. The following chart describes the main categories of logs that the runtime creates: |
| azure-functions | Dotnet Isolated Process Guide | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-functions/dotnet-isolated-process-guide.md | The following code shows an example of a [HostBuilder] pipeline: This code requires `using Microsoft.Extensions.DependencyInjection;`. -A [HostBuilder] is used to build and return a fully initialized [IHost] instance, which you run asynchronously to start your function app. +A [HostBuilder] is used to build and return a fully initialized [`IHost`][IHost] instance, which you run asynchronously to start your function app. :::code language="csharp" source="~/azure-functions-dotnet-worker/samples/FunctionApp/Program.cs" id="docsnippet_host_run"::: Dependency injection is simplified, compared to .NET class libraries. Rather tha The following example injects a singleton service dependency: +```csharp +.ConfigureServices(services => +{ + services.AddSingleton<IHttpResponderService, DefaultHttpResponderService>(); +}) +``` This code requires `using Microsoft.Extensions.DependencyInjection;`. To learn more, see [Dependency injection in ASP.NET Core](/aspnet/core/fundamentals/dependency-injection?view=aspnetcore-5.0&preserve-view=true). To compile your project as ReadyToRun, update your project file by adding the `< ## Execution context -.NET isolated passes a [FunctionContext] object to your function methods. This object lets you get an [ILogger] instance to write to the logs by calling the [GetLogger] method and supplying a `categoryName` string. To learn more, see [Logging](#logging). +.NET isolated passes a [FunctionContext] object to your function methods. This object lets you get an [`ILogger`][ILogger] instance to write to the logs by calling the [GetLogger] method and supplying a `categoryName` string. To learn more, see [Logging](#logging). ## Bindings The following service-specific bindings are currently included in the preview: | Service | Trigger | Input binding | Output binding | |-|-|-|-|-| [Azure Blobs][blob-sdk-types] | **Preview support** | **Preview support** | _SDK types not recommended<sup>1</sup>_ | -| [Azure Queues][queue-sdk-types] | **Preview support** | _Input binding does not exist_ | _SDK types not recommended<sup>1</sup>_ | -| [Azure Service Bus][servicebus-sdk-types] | **Preview support<sup>2</sup>** | _Input binding does not exist_ | _SDK types not recommended<sup>1</sup>_ | -| [Azure Event Hubs][eventhub-sdk-types] | **Preview support** | _Input binding does not exist_ | _SDK types not recommended<sup>1</sup>_ | -| [Azure Cosmos DB][cosmos-sdk-types] | _SDK types not used<sup>3</sup>_ | **Preview support** | _SDK types not recommended<sup>1</sup>_ | -| [Azure Tables][tables-sdk-types] | _Trigger does not exist_ | **Preview support** | _SDK types not recommended<sup>1</sup>_ | -| [Azure Event Grid][eventgrid-sdk-types] | **Preview support** | _Input binding does not exist_ | _SDK types not recommended<sup>1</sup>_ | +| [Azure Blobs][blob-sdk-types] | **Preview support** | **Preview support** | _SDK types not recommended.<sup>1</sup>_ | +| [Azure Queues][queue-sdk-types] | **Preview support** | _Input binding does not exist_ | _SDK types not recommended.<sup>1</sup>_ | +| [Azure Service Bus][servicebus-sdk-types] | **Preview support<sup>2</sup>** | _Input binding does not exist_ | _SDK types not recommended.<sup>1</sup>_ | +| [Azure Event Hubs][eventhub-sdk-types] | **Preview support** | _Input binding does not exist_ | _SDK types not recommended.<sup>1</sup>_ | +| [Azure Cosmos DB][cosmos-sdk-types] | _SDK types not used<sup>3</sup>_ | **Preview support** | _SDK types not recommended<.sup>1</sup>_ | +| [Azure Tables][tables-sdk-types] | _Trigger does not exist_ | **Preview support** | _SDK types not recommended.<sup>1</sup>_ | +| [Azure Event Grid][eventgrid-sdk-types] | **Preview support** | _Input binding does not exist_ | _SDK types not recommended.<sup>1</sup>_ | [blob-sdk-types]: ./functions-bindings-storage-blob.md?tabs=isolated-process%2Cextensionv5&pivots=programming-language-csharp#binding-types [cosmos-sdk-types]: ./functions-bindings-cosmosdb-v2.md?tabs=isolated-process%2Cextensionv4&pivots=programming-language-csharp#binding-types This section shows how to work with the underlying HTTP request and response obj ## Logging -In .NET isolated, you can write to logs by using an [ILogger] instance obtained from a [FunctionContext] object passed to your function. Call the [GetLogger] method, passing a string value that is the name for the category in which the logs are written. The category is usually the name of the specific function from which the logs are written. To learn more about categories, see the [monitoring article](functions-monitoring.md#log-levels-and-categories). +In .NET isolated, you can write to logs by using an [`ILogger`][ILogger] instance obtained from a [FunctionContext] object passed to your function. Call the [GetLogger] method, passing a string value that is the name for the category in which the logs are written. The category is usually the name of the specific function from which the logs are written. To learn more about categories, see the [monitoring article](functions-monitoring.md#log-levels-and-categories). -The following example shows how to get an [ILogger] and write logs inside a function: +The following example shows how to get an [`ILogger`][ILogger] and write logs inside a function: :::code language="csharp" source="~/azure-functions-dotnet-worker/samples/Extensions/Http/HttpFunction.cs" id="docsnippet_logging" ::: -Use various methods of [ILogger] to write various log levels, such as `LogWarning` or `LogError`. To learn more about log levels, see the [monitoring article](functions-monitoring.md#log-levels-and-categories). +Use various methods of [`ILogger`][ILogger] to write various log levels, such as `LogWarning` or `LogError`. To learn more about log levels, see the [monitoring article](functions-monitoring.md#log-levels-and-categories). ++An [`ILogger`][ILogger] is also provided when using [dependency injection](#dependency-injection). ++As part of configuring your app in `Program.cs`, you can also define the behavior for how errors are surfaced to your logs. By default, exceptions thrown by your code may end up wrapped in an `RpcException`. To remove this extra layer, set the `EnableUserCodeExceptions` property to "true" as part of configuring the builder: ++```csharp + var host = new HostBuilder() + .ConfigureFunctionsWorkerDefaults(builder => {}, options => + { + options.EnableUserCodeExceptions = true; + }) + .Build(); +``` ++### Application Insights ++You can configure your isolated process application to emit logs directly [Application Insights](../azure-monitor/app/app-insights-overview.md?tabs=net), giving you control over how those logs are emitted. To do this, you will need to add a reference to [Microsoft.Azure.Functions.Worker.ApplicationInsights, version 1.0.0-preview5 or later](https://www.nuget.org/packages/Microsoft.Azure.Functions.Worker.ApplicationInsights/). You will also need to reference [Microsoft.ApplicationInsights.WorkerService](https://www.nuget.org/packages/Microsoft.ApplicationInsights.WorkerService). Add these packages to your isolated process project: ++```dotnetcli +dotnet add package Microsoft.ApplicationInsights.WorkerService +dotnet add package Microsoft.Azure.Functions.Worker.ApplicationInsights --prerelease +``` ++You then need to call to `AddApplicationInsightsTelemetryWorkerService()` and `ConfigureFunctionsApplicationInsights()` during service configuration in your `Program.cs` file: -An [ILogger] is also provided when using [dependency injection](#dependency-injection). +```csharp + var host = new HostBuilder() + .ConfigureFunctionsWorkerDefaults() + .ConfigureServices(services => { + services.AddApplicationInsightsTelemetryWorkerService(); + services.ConfigureFunctionsApplicationInsights(); + }) + .Build(); + + host.Run(); +``` ++The call to `ConfigureFunctionsApplicationInsights()` adds an `ITelemetryModule` listening to a Functions-defined `ActivitySource`. This creates dependency telemetry needed to support distributed tracing in Application Insights. To learn more about `AddApplicationInsightsTelemetryWorkerService()` and how to use it, see [Application Insights for Worker Service applications](../azure-monitor/app/worker-service.md). ++> [!IMPORTANT] +> The Functions host and the isolated process worker have separate configuration for log levels, etc. Any [Application Insights configuration in host.json](./functions-host-json.md#applicationinsights) will not affect the logging from the worker, and similarly, configuration made in your worker code will not impact logging from the host. You may need to apply changes in both places if your scenario requires customization at both layers. ++The rest of your application continues to work with `ILogger`. However, by default, the Application Insights SDK adds a logging filter that instructs `ILogger` to capture only warnings and more severe logs. If you want to disable this behavior, remove the filter rule as part of service configuration: ++```csharp + var host = new HostBuilder() + .ConfigureFunctionsWorkerDefaults() + .ConfigureServices(services => { + services.AddApplicationInsightsTelemetryWorkerService(); + services.ConfigureFunctionsApplicationInsights(); + services.Configure<LoggerFilterOptions>(options => + { + LoggerFilterRule defaultRule = options.Rules.FirstOrDefault(rule => rule.ProviderName + == "Microsoft.Extensions.Logging.ApplicationInsights.ApplicationInsightsLoggerProvider"); + if (defaultRule is not null) + { + options.Rules.Remove(defaultRule); + } + }); + }) + .Build(); + + host.Run(); +``` ## Debugging when targeting .NET Framework |
| azure-functions | Functions Create Container Registry | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-functions/functions-create-container-registry.md | Title: Create Azure Functions in a local Linux container description: Get started with Azure Functions by creating a containerized function app on your local computer and publishing the image to a container registry. Last updated 06/23/2023 + zone_pivot_groups: programming-languages-set-functions |
| azure-functions | Functions Run Local | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-functions/functions-run-local.md | description: Learn how to code and test Azure Functions from the command prompt ms.assetid: 242736be-ec66-4114-924b-31795fd18884 Last updated 06/26/2023-+ zone_pivot_groups: programming-languages-set-functions |
| azure-government | Documentation Government Csp List | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-government/documentation-government-csp-list.md | Below you can find a list of all the authorized Cloud Solution Providers (CSPs), |[Quest Media & Supplies Inc.](https://www.questsys.com/)| |[Quisitive](https://quisitive.com)| |[Quite Professionals](https://www.quietprofessionalsllc.com)|-|[R3 LLC](https://www.r3.com)| +|[R3 LLC](https://www.r3-it.com)| |[Ravnur Inc.](https://www.ravnur.com)| |[Razor Technology, LLC](https://www.razor-tech.com)| |[Re:discovery Software, Inc.](https://rediscoverysoftware.com)| |
| azure-large-instances | Configure Azure Service Health Alerts | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-large-instances/configure-azure-service-health-alerts.md | + + Title: Configure Azure service health alerts ++description: Explains how to configure Azure service health alerts. +ms. Title: Configure Azure service health alerts ++++ Last updated : 06/01/2023++# Configure Azure Service Health alerts +This article explains how to configure Azure Service Health alerts. ++You can get automatic notifications when there are planned maintenance events or unplanned +downtime that affects your infrastructure. ++Follow these steps to configure Service Health alerts: ++1. Go to the [Microsoft Azure portal](https://portal.Azure.Com). +2. Search for ΓÇ£service healthΓÇ¥ in the search bar and select **Service Health** from the results. ++ :::image type="content" source="media/health-alerts-step-2.png" alt-text="Screenshot of the health alert dashboard."::: ++1. In the Service Health Dashboard, select **Health Alerts**. + :::image type="content" source="media/health-alerts-step-3.png" alt-text="Screenshot of the health alert service issues."::: ++1. Select **Create service health alert**. ++ :::image type="content" source="media/health-alerts-step-4.png" alt-text="Screenshot of create health service alert."::: ++1. Deselect **Select all** under **Services**. + :::image type="content" source="media/health-alerts-step-5.png" alt-text="Screenshot of create health service alert rule."::: ++1. Select **Azure Large Instances**. ++1. Select the regions in which your Azure Large Instances for the Epic workload instances are deployed. +1. Under **Action Groups**, select **Create New**. +1. Fill in the details and select the type of notification for the Action (Examples: Email, SMS, Voice). ++1. Click **OK** to add the Action. +1. Click **OK** to add the Action Group. +1. Verify you see your newly created Action Group. +You will now receive alerts when there are health issues or maintenance actions on your systems. + |
| azure-large-instances | Faq | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-large-instances/faq.md | + + Title: Azure Large Instances FAQ ++description: Provides resolutions for common issues that arise in working with Azure Large Instances for the Epic workload. +++++ Last updated : 06/01/2023+++# Frequently asked questions about the Epic workload on Azure Large Instances ++This article provides answers to frequently asked questions about Azure Large Instances. ++## In which regions is this service available? ++Azure Large Instances is available in the following regions: ++* East US +* US West2 +* US South Central ++## Do I need to give permissions to allow the deployment of a managed resource group in my subscription? ++No, explicit permissions aren't required but you should register the resource provider with your subscription. ++## Why am I not able to see the Azure Large Instances resources in Azure portal? ++Check Azure Policy set up if Azure Large Instances managed RGs aren't reflected in the portal. +Azure subscription you use for Azure Large Instances deployments is registered with the Azure Large Instances infrastructure resource provider by the Microsoft Operations team during the provisioning process. +If you don't see your deployed Azure Large Instances under your subscription, register the resource provider with your subscription. +Ensure that your VNET address space provided in the request is the same as what you configure [Working with Azure large Instances in the Azure portal](work-with-azure-large-instances-in-azure-portal.md) ++## Is it possible to have Azure ARC installed on Azure Large Instances? ++ItΓÇÖs not mandatory, but it's possible. +If you need guidance, [create a support ticket](work-with-azure-large-instances-in-azure-portal.md#open-a-support-request-for-azure-large-instances) with the Azure Customer Support team to help with your setup. ++## How do I monitor Azure Large Instances? ++Azure Large Instances is an IaaS offering and Azure teams are actively monitoring Azure Large Instances infrastructure (network devices, storage appliances, server hardware, etc.). +Customer alerts related to infrastructure are provided only via Azure portalΓÇÖs Service Health. +Customers are highly recommended to set up Service Health alerts to get notified via their preferred communication channels when service issues, planned maintenance, or other changes happen around Azure Large Instances. ++ For more information, see [Configure Azure Service Health Alerts](configure-azure-service-health-alerts.md) ++> [!NOTE] +> Microsoft is not responsible for integration with any other tooling or 3P agents. +Customers are responsible for any additional third-party agents that they would like to install for logging and monitoring on Azure Large Instances infrastructure. ++ItΓÇÖs also recommended to rerun Azure Large Instances GenIO test post third-party agents are installed to check for any performance variations. ++## How does Microsoft communicate unplanned issues? ++Microsoft sends service health notification only through the Azure portal. +We always recommend customers to configure alerts for service health notifications. ++This monitoring and alerting mechanism is different than traditional mechanisms. It's recommended for customers to set up Service Health alerts to their preferred communication channels for service issues, planned maintenance, or other changes that occur around Azure Large Instances. +Not setting this up could cause issues with your Azure Large Instances that might go undetected for a long time and cause downtime if not addressed at the right time. ++[Receive activity log alerts on Azure service notifications using Azure portal](./../service-health/alerts-activity-log-service-notifications-portal.md) +## Based on my business priority, can I request a change in the ΓÇ£PlannedΓÇ¥ maintenance schedule for Azure Large Instances - if I must? ++Microsoft sends a health notification service for both planned and unplanned events. +Ensure you configure health alerts for service health notifications. +If due to any business dependency, you need to request a change in the planned maintenance schedule, the preferred way would be to create a service request. +Planned maintenance doesn't include emergency fixes/patches required which can't be rescheduled. ++## Where do we create an Azure Large Instances-related Service or Support Request? ++You can get Help and support in the Azure portal. +It's available from the Azure portal menu, the global header, or the resource menu for a service and create a Service Request. +In the dropdown menu you can look for the Epic key word and then "Azure Large Instances" and select appropriate service type. ++## What resources are available to learn more? ++See [What is Azure Large Instances?](what-is-azure-large-instances.md). + |
| azure-large-instances | Find Your Subscription Id | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-large-instances/find-your-subscription-id.md | + + Title: Find your Azure Large Instances subscription ID ++description: Explains how to find your Azure Large Instances subscription ID. +ms. Title: Find your subscription ID ++++ Last updated : 06/01/2023+++# Find your subscription ID +This article explains how to find your Azure Large Instances subscription ID. ++A *Subscription ID* is a unique identifier for your service in Azure. +You need it when interacting with the Microsoft Support team. To find your subscription ID, follow these steps: ++1. Go to [Azure support portal](https://portal.Azure.Com) +2. From the left pane, select **Subscriptions**. +3. A new blade called ΓÇ£SubscriptionsΓÇ¥ will open to display your subscriptions. ++1. Choose the subscription you have used for Azure Large Instances. ++++ |
| azure-large-instances | Onboarding Requirements | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-large-instances/onboarding-requirements.md | + + Title: Onboarding requirements for Azure Large Instances ++description: Provides an overview of onboarding requirements for Azure Large Instances. +ms. Title: Onboarding requirements ++++ Last updated : 06/01/2023+++# Azure Large Instances onboarding requirements ++This article explains the actions to take after you receive an environment from the Microsoft Azure Large Instances team. ++## Azure portal ++Use the Azure portal to: + * Create Azure Virtual Network (or networks) and ExpressRoute Gateway or Gateways with High or Ultra Performance Reference. + * Link them with Azure Large Instances stamps using the Circuit/peer ID and Authorization Keys provided by Microsoft team.ΓÇ» ++## VNET address space ++Ensure that the VNET address space provided in your request is the same as what you configure. ++## Time sync ++Setup time synchronization with NTP server.ΓÇ» ++## Jump box ++* Set up a jump box in a VM to connect to Azure Large Instances stamps. +* Change the root password at first login and store password in a secure location.ΓÇ» ++## Satellite server ++Install a red hat satellite server in a VM for RHEL 8.4 and patch download. ++## Azure Large Instances stamps ++* Validate Azure Large Instances stamps and configure and patch OS based on your requirements.ΓÇ» +* Verify that the servers are visible on Azure portal. ++ > [!Note] + > Do *not* place large files like Azure Large Instances installation bits on the boot volume. The Boot volume is small and can fill quickly, which could cause the server to hang (50 GB per OS is the boot limit). ++## Secure Server IP pool address range ++This IP address range is used to assign the individual IP address to Azure Large Instances servers. +The recommended subnet size is a /24 CIDR block. If needed, it can be smaller, with as few as 64 IP addresses. ++From this range, the first 30 IP addresses are reserved for use by Microsoft. +Make sure that you account for this when you choose the size of the range. +This range must NOT overlap with your on-premises or other Azure IP addresses. ++Your corporate network team or service provider should provide an IP address range that's not currently being used inside your network. +This range is an IP address range, which must be submitted to Microsoft when asking for an initial deployment. ++## Optional IP address ranges to submit to Microsoft +ΓÇ» +If you choose to use ExpressRoute Global Reach to enable direct routing from on-premises to Azure Large Instances tenant, you must reserve another /29 IP address range. +This range may not overlap with any of the other IP addresses ranges you defined before.ΓÇ» ++If you choose to use ExpressRoute Global Reach to enable direct routing from an Azure Large Instances tenant in one Azure region to another Azure Large Instances tenant in another Azure region, you must reserve another /29 IP address range. +This range may not overlap with the IP address ranges you defined before.ΓÇ» ++## Using ExpressRoute Fast Path ++You can use ExpressRoute Fast Path to access your Azure Large Instances servers from anywhere, Azure VMs (hub and spoke) and on-premises. ++For setup instructions, see [Enable ExpressRoute Fast Path](#enable-expressroute-fast-path). ++To see the learned routes from Azure Large Instances, one of the options is looking at the Effective Routes table of one of your VMs, as follows: ++1. In Azure portal, select any of your VMs (any connected to the Hub, or to a Spoke connected to the Hub that is connected to Azure Large Instances), select **Networking**, select the network interface name, then select **Effective Routes**. ++2. Make sure to enable accelerated networking with all VMs connecting to Azure Large Instances. ++3. Set up Azure Large Instances solution based on your system requirements and take a system backup.ΓÇ» +4. Take an OS backup.ΓÇ» +5. Set up volume groups. For more information, see [Create a volume group](./workloads/epic/create-a-volume-group.md).ΓÇ» +6. Set up a storage snapshot, backup, and data offload. ++> [!Note] +> A storage snapshot should only be set up after all data-intensive work (for example, Endian conversions) are complete in order to avoid creating unnecessary snapshots while build work is in progress ++The Azure subscription you use for Azure Large Instances deployments is already registered with the Azure Large Instances resource provider by the Microsoft Operations team during the provisioning process. +If you don't see your deployed Azure Large Instances under your subscription, register the resource provider with your subscription. For more information, see Register the resource provider in [What is Azure Large Instances?](what-is-azure-large-instances.md) ++### Enable ExpressRoute Fast Path ++Before you begin, install the latest version of the Azure Resource Manager PowerShell cmdlets, at least 4.0 or later. ++For more information, see these resources: ++* [Azure ExpressRoute overview](https://azure.microsoft.com/products/expressroute/) ++* [How to create a connection between your VPN Gateway and ExpressRoute circuit](https://learn.microsoft.com/shows/azure/expressroute-how-to-create-connection-between-your-vpn-gateway-expressroute-circuit) +++* [How to set up Microsoft peering for your ExpressRoute circuit](https://learn.microsoft.com/shows/azure/expressroute-how-to-set-up-microsoft-peering-your-expressroute-circuit) ++### AuthorizingΓÇ» ++Ensure you have an authorization key for the express route (ER) circuit used for virtual gateway connection to ER circuit. +Also obtain ER circuit resource ID. ++If you donΓÇÖt have this information, obtain the details from the circuit owner. Reach out to Azure Large Instances support by [creating a support ticket](work-with-azure-large-instances-in-azure-portal.md#open-a-support-request-for-azure-large-instances) with the Azure Customer Support team. +### Declare variables ++This example declares the variables using the values for this exercise. +Replace the values with your subscription values. ++```azurecli +$Sub = "Replace_With_Your_Subscription_ID" +$RG = "Your_Resource_Group_Name" +$CircuitName="ExpressRoute Circuit Name" +$Location="Location_Name" #Example: "East US" +$GWName="VNET_Gateway_Name" +$ConnectionName=ΓÇ¥ER Gateway Connection NameΓÇ¥ +$Authkey="ExpressRoute Circuit Authorization Key" +``` +### Login into your account +```azurecli +Login-AzAccount +``` +### Check the subscription for the account. +```azurecli +Get-AzSubscriptionΓÇ» +``` +### Specify the subscription that you want to use ++```azurecli +Select-AzSubscription -SubscriptionId $Sub1ΓÇ» +``` +ΓÇ» +### Enable ER FastPath on the gateway connection.ΓÇ» +```$Circuit = Get-AzExpressRouteCircuit -Name $CircuitName -ResourceGroupName $RG +$GW = Get-AzVirtualNetworkGateway -Name $GWName -ResourceGroupName $RG``` +dotnetcli ++``` +#### Declare a variable for the gateway object ++```azurecli +$gw = Get-AzVirtualNetworkGateway -Name $GWName1 -ResourceGroupName $RG1 ++Enable MSEEv2 using "ExpressRouteGatewayBypass" flag +$connection = New-AzVirtualNetworkGatewayConnection -Name $ConnectionName -ResourceGroupName $RG -ExpressRouteGatewayBypass -VirtualNetworkGateway1 $GW -PeerId $Circuit.Id -ConnectionType ExpressRoute -Location $Location -AuthorizationKey $AuthkeyΓÇ» +``` ++#### Declare a variable for the Express route circuit ID ++```azurecli +$id = "/subscriptions/ΓÇ¥express route subscrioption IDΓÇ¥/resourceGroups/ΓÇ¥ER resource groupΓÇ¥/providers/Microsoft.Network/expressRouteCircuits/ΓÇ¥circuitΓÇ¥ΓÇ» +``` ++#### Enable MSEEv2 using the **ExpressRouteGatewayBypass** flag ++```azurecli +New-AzureRmVirtualNetworkGatewayConnection -Name "Virtual Gateway connection name" -ResourceGroupName $RG1ΓÇ»-Location $Location1 -VirtualNetworkGateway1 $gw -PeerId $id -AuthorizationKey $Authkey -ConnectionType ExpressRouteΓÇ»-ExpressRouteGatewayBypass ΓÇ» +``` +ΓÇ» +### Enable Accelerated Networking on VMs ++To take advantage of low latency access on VMs network stack, enable accelerated networking (AN), also known as SR-IOV, on supported VMs. +For more information, see [Accelerated networking for Windows or Linux virtual machines](./../virtual-network/create-vm-accelerated-networking-cli.md). |
| azure-large-instances | Quality Checks | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-large-instances/quality-checks.md | + + Title: Quality checks for Azure Large Instances ++description: Provides an overview of Azure Large Instances for Epic quality checks. ++ms. Title: Quality checks +++ Last updated : 06/01/2023+++# Quality checks for Azure Large Instances +This article provides an overview of Azure Large Instances for Epic<sup>®</sup> quality checks. ++The Microsoft operations team performs a series of extensive quality checks to ensure that customers' requests to run Azure Large Instances for Epic<sup>®</sup> are fulfilled accurately, and that infrastructure is healthy before handover. +However, customers are advised to perform their own checks to ensure services have been provided as requested, including the following: ++* Basic connectivity +* Latency check +* Server health check from operating system +* OS level sanity checks / configuration checks ++The following sections identify quality checks often performed by Microsoft teams before the infrastructure handover to the customer. ++## Network ++* IP blade information +* Access control list on firewall ++## Compute ++* Number of processors and cores for servers +* Accuracy of memory size for the assigned server +* Latest firmware version on the blades ++## Storage ++* Size of boot LUN and FC LUNs are consistent with the Azure Large Instances on Epic standard configuration +* SAN configuration +* Required VLANs creation ++## Operating System ++* Accuracy of LUNs + |
| azure-large-instances | What Is Azure Large Instances | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-large-instances/what-is-azure-large-instances.md | + + Title: What is Azure Large Instances? ++description: Provides an overview of Azure Large Instances. ++ms. Title: What is Azure Large Instances? ++++ Last updated : 06/01/2023+++# What is Azure Large Instances? ++While Microsoft Azure offers a cloud infrastructure with a wide range of integrated cloud services to meet your business needs, +in some cases, you may need to run services on Azure large servers without a virtualization layer. You may also require root access and control over the operating system (OS). To meet these needs, Azure offers Azure Large Instances for several high-value, mission-critical applications. ++Azure Large Instances is comprised of dedicated large compute instances with the following key features: ++- High-performance storage appropriate to the application (Fiber Channel). + Storage can also be shared across Azure Large Instances to enable features like scale-out clusters or high availability pairs with failed-node-fencing capability. ++- A set of function-specific virtual LANs (VLANs) in an isolated environment. + This environment also has special VLANs you can access if you're running virtual machines (VMs) on one or more Azure Virtual Networks (VNets) in your Azure subscription. + The entire environment is represented as a resource group in that subscription. ++- A large set of Azure Large Instances SKUs is available with Optane memory. + Azure offers the largest range of Azure Large Instances in a hyperscale cloud. ++## Why Azure Large Instances? ++Some workloads in the enterprise consist of technologies that just aren't designed to run in a typical virtualized cloud setting. +They require special architecture, certified hardware, or extraordinarily large servers. Although those technologies have the most sophisticated data protection and business continuity features, they aren't built for the virtualized cloud. +They're more sensitive to latencies and noisy neighbors and require more control over change management and maintenance activity. ++Azure Large Instances is built, certified, and tested for a select set of such applications. Azure was the first to offer such solutions and has since led with the largest portfolio and most sophisticated systems. ++## Azure Large Instances benefits ++Azure Large Instances is intended for critical workloads that require certification to run your enterprise applications. +Azure Large Instances implementations are dedicated only to you, and you'll have full access (root access) to the operating system (OS). +You manage OS and application installation according to your needs. +For security, the instances are provisioned within your Azure Virtual Network (VNet) with no internet connectivity. If you need access to the internet, you need to set up an internet proxy service. ++Only services running on your virtual machines (VMs), and other Azure services in same Tier 2 network, can communicate with your implementation of Azure Large Instances. ++Azure Large Instances offers the following benefits: ++* Non-hypervised Azure Large Instances, single tenant ownership +* Low latency between Azure hosted application VMs to Azure Large Instances implementations (0.35 ms) +* All Flash SSD and NVMe + * Up to 1 PB/tenant + * IOPS up to 1.2 million/tenant + * 40/100-GB network bandwidth + * Accessible via FC +* Redundant power, power supplies, NICs, TORs, ports, WANs, storage, and management +* Hot spares for replacement on a failure (without the need for reconfiguring) +* Customer-coordinated maintenance windows +* Application-aware snapshots, archive, mirroring, and cloning ++## SKU availability in Azure regions ++Azure Large Instances for specialized workloads is available in the following Azure regions: ++* West Europe +* North Europe +* Germany West Central zones support +* East US zones support +* East US 2 zones support +* West US zones support +* West US 2 zones support +* South Central US +* South Central US ++> [!Note] +>Zones support refers to availability zones in which a region where Azure Large Instances can be deployed across zones for high resiliency and availability. This capability enables support for multi-site active-active scaling. ++## Managing Azure Large Instances in Azure ++Depending on your needs, the application topologies of Azure Large Instances can be complex. You may deploy multiple instances in one or more locations. The instances can have shared or dedicated storage, and specialized LAN and WAN connections +Therefore, for Azure Large Instances, Azure offers a consultation with a CSA/GBB in the field who can work with you. ++By the time your Azure Large Instances implementation has been provisioned, the OS, networks, storage volumes, placements in zones and regions, and WAN connections between locations have already been configured. +You're set to register your OS licenses (BYOL), configure the OS, and install the application layer. ++You'll see all the Azure Large Instances resources, and their state and attributes, in the Azure portal. You can also operate the instances, open service requests, and support tickets from there. ++Azure Large Instances is ISO 27001, ISO 27017, ISO 27018, SOC 1, and SOC 2 compliant. It also uses a bring-your-own-license (BYOL) model: OS, specialized workload, and third-party applications. ++As soon as you receive root access and full control, you assume responsibility for the following tasks: ++- Designing and implementing backup and recovery solutions, high availability, and disaster recovery. ++- Licensing, security, and support for the OS and third-party software. ++Microsoft is responsible for: +- Providing the hardware for specialized workloads. +- Provisioning the OS. ++ :::image type="content" source="media/what-is-azure-large-instances/azure-large-instances-support-model.png" alt-text="Screenshot of Azure Large Instances support model." lightbox="media/what-is-azure-large-instances/azure-large-instances-support-model.png" border="false"::: +++## Azure Large Instances stamp ++The Azure Large instance stamp itself combines the following components: ++* **Computing** +Servers based on the generation of Intel Xeon processors that provide the necessary computing capability and are certified for the specialized workload. ++* **Network** +A unified high-speed network fabric interconnects computing, storage, and LAN components. ++* **Storage** +An infrastructure accessed through a unified network fabric. ++Within the multi-tenant infrastructure of the Azure Large instance stamp, customers are deployed in isolated tenants. +When deploying a tenant, you name an Azure subscription within your Azure enrollment. +This Azure subscription is the one billed for your implementation of Azure Large Instances. ++> [!Note] +> A customer implementing Azure Large Instances is isolated into a tenant. +A tenant is isolated in the networking, storage, and compute layer from other tenants. +Storage and compute units assigned to different tenants cannot see each other or communicate with each other on their implementations of Azure Large Instances. ++## Operating system ++The Linux OS version for Azure Large Instances is Red Hat Enterprise Linux (RHEL) 8.4. ++>[!Note] +> Remember,Check properties of an instance Azure Large Instances is a BYOL model. ++Microsoft loads base image with RHEL 8.4, but customers can choose to upgrade to newer versions in collaboration with Microsoft team. ++## Storage ++Azure Large Instances provide highly redundant Fiber Channel storage. +The infrastructure offers deep integration for enterprise workloads like SAP, SQL, and others. +It also provides application-consistent data protection and data-management capabilities. +The self-service management tools offer space-efficient snapshot, cloning, and granular replication capabilities along with single pane of glass monitoring. +The infrastructure enables zero Recovery Point Objective (RPO) and Recovery Time Objective (RTO) capabilities for data availability and business continuity needs. ++The storage infrastructure offers: ++* Up to 4 x 100-GB uplinks. +* Up to 32-GB Fiber channel uplinks. +* All flash SSD and NVMe drive. +* Ultra-low latency and high throughput. +* Scales up to 4 PB of raw storage. +* Up to 11 million IOPS. ++Fiber Channel Protocol (FCP) is supported. ++## Networking ++The architecture of Azure network services is a key component for a successful deployment of specialized workloads in Azure Large Instances. +It's likely that not all IT systems are located in Azure already. Azure offers you network technology to make Azure look like a virtual data center to your on-premises software deployments. +The Azure network functionality required for Azure Large Instances includes: ++* Azure virtual networks connected to the Azure ExpressRoute circuit that connects to your on-premises network assets. +* The ExpressRoute circuit that connects on-premises to Azure should have a minimum bandwidth of 1 Gbps or higher. +* Extended Active Directory and DNS in Azure, or completely running in Azure. +* ExpressRoute lets you extend your on-premises network into the Microsoft cloud over a private connection with a connectivity provider's help. +You can use ExpressRoute Local for cost-effective data transfer between your on-premises location and the Azure region you want. +To extend connectivity across geopolitical boundaries, you can enable ExpressRoute Premium. ++Azure Large Instances is provisioned within your Azure VNet server IP address range. +++The architecture shown is divided into three sections: ++### On-premises (left) +Shows the customer on-premises infrastructure that runs different applications, connecting through the partner or local edge router like Equinix. +For more information, see [Connectivity providers and locations: Azure ExpressRoute](../expressroute/expressroute-locations-providers.md). ++### ExpressRoute (center) +Shows ExpressRoute provisioned using your Azure subscription offering connectivity to Azure edge network. ++### Azure IaaS with VMs (right) +Shows Azure IaaS, and in this case, use of VMs to host your applications, which are provisioned within your Azure virtual network. ++### ExpressRoute Gateway (lower) +Shows using your ExpressRoute Gateway enabled with ExpressRoute FastPath for Azure Large Instances connectivity offering low latency. ++> [!Note] +>To support this configuration, your ExpressRoute Gateway should be UltraPerformance. For more information, [About ExpressRoute virtual network gateways](../expressroute/expressroute-about-virtual-network-gateways.md). +++ |
| azure-large-instances | Work With Azure Large Instances In Azure Portal | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-large-instances/work-with-azure-large-instances-in-azure-portal.md | + + Title: Work with Azure Large Instances in the Azure portal ++description: Shows how to what you can do in the Azure portal with Azure Large Instances. +++ms. Title: Work with Azure Large Instances in the Azure portal +++ Last updated : 06/01/2023+++# Work with Azure Large Instances in the Azure portal ++In this article, you learn what to do in the Azure portal with your implementation of Azure Large Instances. ++> [!Note] +> For now, BareMetal Infrastructure or BareMetal Instances are being used as synonyms with Azure Large Instances. ++## Register the resource provider ++An Azure resource provider for Azure Large Instances enables you to see the instances in the Azure portal. By default, the Azure subscription you use for Azure Large Instances deployments registers the Azure Large Instances resource provider. If you don't see your deployed Azure Large Instances, register the resource provider with your subscription. ++You can register the Azure Large Instance resource provider using the Azure portal or the Azure CLI. ++### [Portal](#tab/azure-portal) +++You need to list your subscription in the Azure portal and then double-click the subscription used to deploy your Azure Large Instances tenant. ++1. Sign in to the Azure portal. +2. On the Azure portal menu, select **All services**. +3. In the **All services** box, enter **subscription**, and then select **Subscriptions**. +4. Select the subscription from the subscription list. +5. Select **Resource providers** and type **BareMetalInfrastructure** in the search box. The resource provider should be Registered, as the image shows. +++> [!Note] +> If the resource provider isn't registered, select **Register**. ++### [Azure CLI](#tab/azure-cli) ++To begin using Azure CLI: +++[comment]: <The following section duplicates the content provided by the INCLUDE above> ++Use the Bash environment in [Azure Cloud Shell](../cloud-shell/overview.md). +For more information, see [Quickstart for Bash in Azure Cloud Shell](../cloud-shell/quickstart.md). ++If you prefer to run CLI reference commands locally, [install](https://learn.microsoft.com/cli/azure/install-azure-cli) the Azure CLI. If you're running on Windows or macOS, consider running Azure CLI in a Docker container. For more information, see [How to run the Azure CLI in a Docker container](https://learn.microsoft.com/cli/azure/run-azure-cli-docker). ++If you're using a local installation, sign in to the Azure CLI by using the [az login command](https://learn.microsoft.com/cli/azure/reference-index?view=azure-cli-latest#az-login). To finish the authentication process, follow the steps displayed in your terminal. For other sign-in options, see [Sign in with the Azure CLI](https://learn.microsoft.com/cli/azure/authenticate-azure-cli). ++When you're prompted, install the Azure CLI extension on first use. For more information about extensions, see [Use extensions with the Azure CLI](https://learn.microsoft.com/cli/azure/azure-cli-extensions-overview). ++Run [az version](https://learn.microsoft.com/cli/azure/reference-index?view=azure-cli-latest#az-version) to find the version and dependent libraries that are installed. To upgrade to the latest version, run [az upgrade](https://learn.microsoft.com/cli/azure/reference-index?view=azure-cli-latest#az-upgrade). ++For more information about resource providers, see [Azure resource providers and types](./../azure-resource-manager/management/resource-providers-and-types.md). ++[comment]: <End of Include content> ++Sign in to the Azure subscription you use for the Azure Large Instances deployment through the Azure CLI. +Register the BareMetalInfrastructure Azure Large Instance resource provider with the az provider register command: ++```azurecli +az provider register --namespace Microsoft.BareMetalInfrastructure +``` ++You can use the az provider list command to see all available providers. ++++For more information about resource providers, see [Azure resource providers and types](../azure-resource-manager/management/resource-providers-and-types.md). ++## Azure Large Instances in the Azure portal ++When you submit an Azure Large Instances deployment request, specify the Azure subscription you're connecting to the Azure Large Instances. Use the same subscription you use to deploy the application layer that works against the Azure Large Instances. ++ During the deployment of your Azure Large Instances, a new [Azure resource group](../azure-resource-manager/management/manage-resources-portal.md) is created in the Azure subscription you used in the deployment request. +This new resource group lists the Azure Large Instances you've deployed in that subscription. ++### [Portal](#tab/azure-portal) ++1. In the Azure portal, in the Azure Large Instances subscription, select **Resource groups**. ++ :::image type="content" source="../baremetal-infrastructure/media/connect-baremetal-infrastructure/view-baremetal-instances-azure-portal.png" alt-text="Screenshot showing the list of Resource groups." lightbox="../baremetal-infrastructure/media/connect-baremetal-infrastructure/view-baremetal-instances-azure-portal.png" border="false"::: ++1. In the list, locate the new resource group. + + :::image type="content" source="../baremetal-infrastructure/media/connect-baremetal-infrastructure/filter-resource-groups.png" alt-text="Screenshot showing the BareMetal instance in a filtered Resource groups list." lightbox="../baremetal-infrastructure/media/connect-baremetal-infrastructure/filter-resource-groups.png" border="false"::: ++1. Select the new resource group to view its details. The image shows one Azure Large Instances tenant deployed. ++### [Azure CLI](#tab/azure-cli) ++To see all your Azure Large Instances, run the [az baremetalinstance list](/cli/azure/baremetalinstance#az-baremetalinstance-list) command for your resource group: ++```azurecli +az baremetalinstance list --resource-group MyResourceGroup ΓÇôoutput table +``` ++> [!TIP] +> The `--output` parameter is a global parameter, available for all commands. The **table** value presents output in a friendly format. For more information, see [Output formats for Azure CLI commands](/cli/azure/format-output-azure-cli). ++> [!Note] +> If you deployed several Azure Large Instances tenants under the same Azure subscription, you will see multiple Azure resource groups. ++++## View the attributes of a single instance ++You can view the details of a single instance. ++### [Portal](#tab/azure-portal) ++In the list of Azure Large Instances, select the single instance you want to view. +++The attributes in the image don't look much different than the Azure virtual machine (VM) attributes. +On the left, you see the Resource group, Azure region, and subscription name and ID. +If you assigned tags, you see them here as well. +By default, the Azure Large Instances don't have tags assigned. ++On the right, you see the name of the Azure Large Instances, operating system (OS), IP address, and SKU that shows the number of CPU threads and memory. +You also see the power state and hardware version (revision of the Azure Large Instances stamp). +The power state indicates whether the hardware unit is powered on or off. The operating system details, however, don't indicate whether it's up and running. ++Also on the right is the [Azure proximity placement group's name](../virtual-machines/co-location.md). +The placement group's name is created automatically for each deployed Azure Large Instances tenant. +Reference the proximity placement group when you deploy the Azure VMs that host the application layer. +Use the proximity placement group associated with the Azure Large Instances to ensure the Azure VMs are deployed close to the Azure Large Instances. ++### [Azure CLI](#tab/azure-cli) ++To see details of an Azure Large Instances instance, run the [az baremetalinstance show](/cli/azure/baremetalinstance#az-baremetalinstance-show) command: ++```azurecli +az baremetalinstance show --resource-group MyResourceGroup --instance-name MyInstanceName +``` ++If you're uncertain of the instance name, run the **az baremetalinstance list** command as previously described. ++++## Check activities of a single instance ++You can check the activities of a single Azure Large Instances tenant. +One of the main activities recorded are restarts of the instance. +The data listed includes: ++* Activity status +* Time the activity triggered +* Subscription ID +* Azure user who triggered the activity ++ :::image type="content" source="../baremetal-infrastructure/media/connect-baremetal-infrastructure/check-activities-single-baremetal-instance.png" alt-text="Screenshot of the BareMetal instance activities." lightbox="../baremetal-infrastructure/media/connect-baremetal-infrastructure/check-activities-single-baremetal-instance.png"::: ++Changes to an instance's metadata in Azure also get recorded in the Activity log. +Besides the restart, you can see the activity of **WriteBareMetalInstances**. +This activity makes no changes on the Azure Large Instances tenant itself, but documents the changes to the unit's metadata in Azure. ++Another activity that gets recorded is adding a tag to or deleting a tag from an instance. ++## Add an Azure tag to or delete an Azure tag from an instance ++You can add Azure tags to an Azure Large Instances tenant or delete them using either the Portal or Azure CLI. ++### [Portal](#tab/azure-portal) + +Tags get assigned just as they do when assigning tags to VMs. +As with VMs, the tags exist in the Azure metadata. +Tags have the same restrictions for Azure Large Instances as for VMs. + +Deleting tags also works the same way as for VMs. +Both applying and deleting a tag is listed in the Azure Large Instances instance's Activity log. ++### [Azure CLI](#tab/azure-cli) ++Assigning tags to Azure Large Instances works the same as assigning tags for VMs. +As with VMs, the tags exist in the Azure metadata. +Tags have the same restrictions for Azure Large Instances as for VMs. ++To add tags to an Azure Large Instances implementation, run the [az baremetalinstance update](/cli/azure/baremetalinstance#az-baremetalinstance-update) command: ++```azurecli +az baremetalinstance update --resource-group MyResourceGroup --instance-name MyALIinstanceName --set tags.Dept=Finance tags.Status=Normal +``` ++Use the same command to remove a tag: ++```azurecli +az baremetalinstance update --resource-group MyResourceGroup --instance-name MyALIinstanceName --remove tags.Dept +``` ++++### Check properties of an instance ++When you acquire the instances, you can go to the Properties section to view the data collected about the instances. +Data collected includes: ++* Azure connectivity +* Storage backend +* ExpressRoute circuit ID +* Unique resource ID +* Subscription ID ++This information is important in support requests and when setting up a storage snapshot configuration. +++### Restart an Azure Large Instances tenant through the Azure portal ++There are various situations in which the operating system won't complete a restart, which requires a power restart of the Azure Large Instances. ++You can do a power restart of the instance directly from the Azure portal or through Azure CLI. ++### [Portal](#tab/azure-portal) ++Select Restart and then Yes to confirm the restart. ++When you restart an AKI instance, you'll experience a delay. +During this delay, the power state moves from **Starting** to **Started**, which means the OS has started up completely. +As a result, after a restart, you can only log into the unit once the state switches to **Started**. ++### [Azure CLI](#tab/azure-cli) ++To restart an Azure Large Instances tenant, use the [az baremetalinstance restart](/cli/azure/baremetalinstance#az-baremetalinstance-restart) command: ++```azurecli +az baremetalinstance restart --resource-group MyResourceGroup --instance-name MyALIinstanceName +``` ++++> [!Important] +> Depending on the amount of memory in your Azure Large Instances, a restart and a reboot of the hardware and operating system can take up to one hour. ++### Open a support request for Azure Large Instances + +You can submit support requests specifically for Azure Large Instances. +1. In Azure portal, under **Help + Support**, create a **[New support request](https://rc.portal.azure.com/#create/Microsoft.Support)** and provide the following information for the ticket: + + * **Issue type:** Select an issue type. + * **Subscription:** Select your subscription. + * **Service:** Select Epic on Azure + * **Problem type:** Azure Large Instances + * **Problem subtype:** Select a subtype for the problem. ++1. Select the **Solutions** tab to find a solution to your problem. If you can't find a solution, go to the next step. ++1. Select the **Details** tab and select whether the issue is with VMs or BareMetal instances. This information helps direct the support request to the correct specialists. ++1. Indicate when the problem began and select the instance region. ++1. Provide more details about the request and upload a file if needed. ++1. Select **Review + Create** to submit the request. ++Support response depends on the support plan chosen by the customer. +For more information, see [Support scope and responsiveness](https://azure.microsoft.com/support/plans/response/). ++ |
| azure-large-instances | Available Skus | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-large-instances/workloads/epic/available-skus.md | + + Title: Available Azure Large Instances SKUs +description: Provides a list of Azure Large Instances for Epic SKUs. ++ms. Title: Available Azure Large Instances SKUs +++++ Last updated : 06/01/2023+++# Azure Large Instances for Epic workload SKUs ++This article provides a list of available Azure Large Instances for Epic<sup>®</sup> workload SKUs. +## Azure Large Instances availability by region ++* West Europe +* North Europe +* Germany West Central with Zones support +* East US with Zones support +* East US 2 +* South Central US +* West US 2 with Zones support ++Azure Large Instances for Epic<sup>®</sup> workload has limited availability and is currently available in the following regions: ++* East US with Zones support +* South Central US +* West US 2 with Zones support ++> [!Note] +> Zones support refers to availability zones within a region where Azure Large Instances can be deployed across zones for high resiliency and availability. This capability enables support for multi-site active-active scaling. ++## Azure Large Instances for Epic availability ++| Name | Type | Availability | +|- |-|| +|4S Compute v1 | S224SE - 4 x Intel® Xeon® Platinum 8380HL processor 112 CPU cores |Available | +|8S Compute v1 | S448SE - 8 x Intel® Xeon® Platinum 8276L processor 224 CPU cores |Available | +|100TB v1 | N100 | Available| +|10TB v1|N10 |Available| ++## Tenant considerations ++A complete Azure Large Instances for Epic stamp isn't exclusively allocated for a single customer's use. +This applies to the racks of compute and storage resources connected through a network fabric deployed in Azure as well. +Azure Large Instances, like Azure, deploys different customer "tenants" that are isolated from one another in the following three levels. ++### Network ++Isolation through virtual networks within the Azure Large Instances stamp for Epic. ++### Storage ++Isolation through storage virtual machines that have storage volumes assigned and isolate storage volumes between tenants. ++### Compute ++Dedicated assignment of server units to a single tenant. +No hard or soft partitioning of server units. +No sharing of a single server or host unit between tenants. ++The deployments of Azure Large Instances units for Epic between different tenants aren't visible to each other. +Azure Large Instances units for Epic deployed in different tenants can't communicate directly with each other on the Azure Large Instances for Epic stamp level. Only Azure Large Instances units for Epic within one tenant can communicate with each other on the Azure Large Instances for Epic stamp level. ++A deployed tenant in the Azure Large Instances stamp is assigned to one Azure subscription for billing purposes. For a network, it can be accessed from virtual networks of other Azure subscriptions within the same Azure enrollment. +If you deploy with another Azure subscription in the same Azure region, you also request for a separated Azure Large Instances tenant. ++++ |
| azure-large-instances | Create A Volume Group | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-large-instances/workloads/epic/create-a-volume-group.md | + + Title: Create a volume group +description: Explains how to create an ALI for Epic volume group. ++ms. Title: Create a volume group ++++ Last updated : 06/01/2023+++# Create a volume group +This article explains how to create an Azure Large Instances for Epic<sup>®</sup> volume group. +1. Discover storage using the following command. ++ `[root@rhel101 ~]# lsblk -do KNAME,TYPE,SIZE,MODEL` ++1. Create physical disk for database and journal using the WWIDs provided in the reference mapping above. ++ `[root@rhel101 ~]# pvcreate /dev/mapper/<WWID` ++1. Create and extend the volume groups. ++```azurecli +[root @themetal05 ~] # vgcreate prodvg -s 8M /dev/mapper/<WWID> +Expected output: Volume group “prodvg” successfully created +[root @themetal05 ~] # vgextend prodvg /dev/mapper/<WWID> +Expected output: Volume group “prodvg” successfully extended +``` ++> [!Note] +> The “-s 8M” physical extent size has been used for the environment and was tested to yield the best performance. ++4. Create logical volume. ++```azurecli +[root @themetal05 ~] # lvcreate -L 2T -n jrnlv -i 8 -I 8M jrnvg +Expected output: Logical volume “jrnlv” created. +[root @themetal05 ~] # lvcreate -L 45T -n prodlv -i 32 -I 8M prodvg +Expected output: Logical volume “prodlv” created. +[root @themetal05 ~]# lvs +Expected output: lists all the logical volumes created. +``` ++> [!Note] + > - `-L 45T` specifies the logical volume size. + > - `-i 32` specifies the number of stripes, this is equal to the number of physical LUNs to scatter the logical volume. + > - `-I 8M` specifies the stripe size. ++5. Make the file system + + `[root @themetal05 ~] # mkfs.xfs /dev/mapper/prodvg-prodlv` ++6. Create the folders to mount. ++```azurecli +[root @themetal05 ~] mkdir /prod0; +[root @themetal05 ~] mkdir /jrn +[root @themetal05 ~] mkdir /prod +``` ++7. Set required permissions. ++```azurecli +[root @themetal05 ~] chmod 755 /prod01 +[root @themetal05 ~] chmod 755 /jrn +[root @themetal05 ~] chmod 755 /prod +[root @themetal05 ~] chown root:root /prod01 +[root @themetal05 ~] chown root:root /jrn +[root @themetal05 ~] chown root:root /prod +``` ++8. Add mount to /etc/fstab ++```azurecli +[root @themetal05 ~] /dev/mapper/prodvg-prod01 /prod01 xfs defaults 0 0 +[root @themetal05 ~] /dev/mapper/jrnvg-jrn /jrn xfs defaults 0 0 +[root @themetal05 ~] /dev/mapper/instvg-prd /prd xfs defaults 0 0 +``` ++9. Mount storage ++ `mount -a` +++++++ |
| azure-linux | Quickstart Terraform | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-linux/quickstart-terraform.md | description: Learn how to quickly create an Azure Linux Container Host for AKS c + ms.editor: schaffererin Last updated 06/27/2023 |
| azure-maps | How To Use Indoor Module | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-maps/how-to-use-indoor-module.md | To use the globally hosted Azure Content Delivery Network version of the *Azure }; ``` + To learn more, see [How to use the Azure Maps map control npm package]. + ## Set the domain and instantiate the Map object Set the map domain with a prefix matching the location of your Creator resource, `US` or `EU`, for example: Learn more about how to add more data to your map: [Use Creator to create indoor maps]: tutorial-creator-indoor-maps.md [visual style editor]: https://azure.github.io/Azure-Maps-Style-Editor [Webpack]: https://webpack.js.org+[How to use the Azure Maps map control npm package]: how-to-use-npm-package.md |
| azure-maps | How To Use Spatial Io Module | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-maps/how-to-use-spatial-io-module.md | You can load the Azure Maps spatial IO module using one of the two options: import * as spatial from "azure-maps-spatial-io"; ``` + To learn more, see [How to use the Azure Maps map control npm package]. + ## Using the Spatial IO module 1. Create a new HTML file. Refer to the Azure Maps Spatial IO documentation: [Spatial IO module]: https://www.npmjs.com/package/azure-maps-spatial-io [subscription key]: quick-demo-map-app.md#get-the-subscription-key-for-your-account [Supported data format details]: spatial-io-supported-data-format-details.md-+[How to use the Azure Maps map control npm package]: how-to-use-npm-package.md |
| azure-maps | How To Use Ts Rest Sdk | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-maps/how-to-use-ts-rest-sdk.md | + + Title: Use Azure Maps TypeScript REST SDK ++description: Learn about the Azure Maps TypeScript REST SDK. See how to load and use this client library to access Azure Maps REST services in web or Node.js applications. ++ Last updated : 07/01/2023+++++++# Use Azure Maps TypeScript REST SDK ++Azure Maps provides a collection of npm modules for the [Azure TypeScript REST SDK]. These modules consist of client libraries that make it easy to use the Azure Maps REST services in web or Node.js applications by using JavaScript or TypeScript. For a complete list of the available modules, see [JavaScript/TypeScript REST SDK Developers Guide]. ++## Use the REST SDK in a web application ++1. Using `@azure-rest/maps-search` as an example, install the package with `npm install @azure-rest/maps-search`. ++1. Create and authenticate a [MapsSearch] client. To create a client to access the Azure Maps Search APIs, you need a credential object. The client supports an [Azure Active Directory credential] or an [Azure Key credential] for authentication. You may need to install either [@azure/identity] or [@azure/core-auth] for different authentication methods. ++ If you use a subscription key for authentication, install the package with `npm install @azure/core-auth`: ++ ```javascript + import MapsSearch from "@azure-rest/maps-search"; + import { AzureKeyCredential } from "@azure/core-auth"; ++ // Get an Azure Maps key at https://azure.com/maps. + const subscriptionKey = "<Your Azure Maps Key>"; ++ // Use AzureKeyCredential with a subscription key. + const credential = new AzureKeyCredential(subscriptionKey); ++ // Use the credential to create a client + const client = MapsSearch(credential); + ``` ++ If you use Azure AD for authentication, install the package with `npm install @azure/identity`: ++ ```javascript + import MapsSearch from "@azure-rest/maps-search"; + import { InteractiveBrowserCredential } from "@azure/identity"; ++ // Enter your Azure AD client and tenant ID. + const clientId = "<Your Azure Active Directory Client Id>"; + const tenantId = "<Your Azure Active Directory Tenant Id>"; ++ // Enter your Azure Maps client ID. + const mapsClientId = "<Your Azure Maps Client Id>"; ++ // Use InteractiveBrowserCredential with Azure AD client and tenant ID. + const credential = new InteractiveBrowserCredential({ + clientId, + tenantId + }); ++ // Use the credential to create a client + const client = MapsSearch(credential, mapsClientId); + ``` ++ For more information, see [Authentication with Azure Maps](azure-maps-authentication.md). ++1. The following code uses the newly created Azure Maps Search client to geocode an address: "1 Microsoft Way, Redmond, WA". The code makes a GET request and displays the results as a table in the body of the page. ++ ```javascript + // Search for "1 microsoft way, redmond, wa". + const html = []; + const response = await client + .path("/search/address/{format}", "json") + .get({ queryParameters: { query: "1 microsoft way, redmond, wa" } }); ++ // Display the total results. + html.push("Total results: ", response.body.summary.numResults, "<br/><br/>"); ++ // Create a table of the results. + html.push("<table><tr><td>Result</td><td>Latitude</td><td>Longitude</td></tr>"); + response.body.results.forEach((result) => { + html.push( + "<tr><td>", + result.address.freeformAddress, + "</td><td>", + result.position.lat, + "</td><td>", + result.position.lon, + "</td></tr>" + ); + }); ++ html.push("</table>"); ++ // Add the resulting HTML to the body of the page. + document.body.innerHTML = html.join(""); + ``` ++The following image is a screenshot showing the results of this sample code, a table with the address searched for, along with the resulting coordinates. +++## Azure Government cloud support ++The Azure Maps Web SDK supports the Azure Government cloud. All JavaScript and CSS URLs used to access the Azure Maps Web SDK remain the same, however the following tasks need to be done to connect to the Azure Government cloud version of the Azure Maps platform. ++When using the interactive map control, add the following line of code before creating an instance of the `Map` class. ++```javascript +atlas.setDomain('atlas.azure.us'); +``` ++Be sure to use an Azure Maps authentication details from the Azure Government cloud platform when authenticating the map and services. ++When using the TypeScript REST SDK, the domain for the services needs to be set when creating an instance of the client. For example, the following code creates an instance of the [MapsSearch] class and points the domain to the Azure Government cloud. ++```javascript +const client = MapsSearch(credential, { baseUrl: 'https://atlas.azure.us'}); +``` ++If directly accessing the Azure Maps REST services, change the URL domain to `atlas.azure.us`. For example, if using the search API service, change the URL domain from `https://atlas.microsoft.com/search/` to `https://atlas.azure.us/search/`. ++## Next steps ++Learn more about the classes and methods used in this article: ++> [!div class="nextstepaction"] +> [MapsSearch](/javascript/api/@azure-rest/maps-search) ++> [!div class="nextstepaction"] +> [AzureKeyCredential](/javascript/api/@azure/core-auth/azurekeycredential) ++> [!div class="nextstepaction"] +> [InteractiveBrowserCredential](/javascript/api/@azure/identity/interactivebrowsercredential) ++For more code samples that use the TypeScript REST SDK with Web SDK integration, see these articles: ++> [!div class="nextstepaction"] +> [Show search results on the map](./map-search-location.md) ++> [!div class="nextstepaction"] +> [Get information from a coordinate](./map-get-information-from-coordinate.md) ++> [!div class="nextstepaction"] +> [Show directions from A to B](./map-route.md) ++[Azure TypeScript REST SDK]: ./rest-sdk-developer-guide.md#javascripttypescript +[JavaScript/TypeScript REST SDK Developers Guide]: ./how-to-dev-guide-js-sdk.md +[MapsSearch]: /javascript/api/@azure-rest/maps-search +[Azure Active Directory credential]: ./how-to-dev-guide-js-sdk.md#using-an-azure-ad-credential +[Azure Key credential]: ./how-to-dev-guide-js-sdk.md#using-a-subscription-key-credential +[@azure/identity]: https://www.npmjs.com/package/@azure/identity +[@azure/core-auth]: https://www.npmjs.com/package/@azure/core-auth |
| azure-maps | Map Add Custom Html | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-maps/map-add-custom-html.md | |
| azure-maps | Map Get Information From Coordinate | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-maps/map-get-information-from-coordinate.md | Title: Show information about a coordinate on a map | Microsoft Azure Maps + Title: Show information about a coordinate on a map + description: Learn how to display information about an address on the map when a user selects a coordinate.-- Previously updated : 07/29/2019-++ Last updated : 07/01/2023+ - # Get information from a coordinate -This article shows how to make a reverse address search that shows the address of a clicked popup location. --There are two ways to make a reverse address search. One way is to query the [Reverse Address Search API] through a service module. The other way is to use the [Fetch API] to make a request to the [Reverse Address Search API] to find an address. Both ways are surveyed below. --## Make a reverse search request via service module -+This article shows how to make a reverse address search that shows the address of a selected popup location. ++There are two ways to make a reverse address search. One way is to query the [Reverse Address Search API] through the TypeScript REST SDK [@azure-rest/maps-search]. The other way is to use the [Fetch API] to make a request to the [Reverse Address Search API] to find an address. Both approaches are described in this article. ++## Make a reverse search request via REST SDK ++```javascript +import * as atlas from "azure-maps-control"; +import MapsSearch from "@azure-rest/maps-search"; +import "azure-maps-control/dist/atlas.min.css"; ++const onload = () => { + // Initialize a map instance. + const map = new atlas.Map("map", { + view: "Auto", + // Add authentication details for connecting to Azure Maps. + authOptions: { + // Use Azure Active Directory authentication. + authType: "aad", + clientId: "<Your Azure Maps Client Id>", + aadAppId: "<Your Azure Active Directory Client Id>", + aadTenant: "<Your Azure Active Directory Tenant Id>" + } + }); ++ map.events.add("load", async () => { + // Use the access token from the map and create an object that implements the TokenCredential interface. + const credential = { + getToken: () => { + return { + token: map.authentication.getToken() + }; + } + }; ++ // Create a Search client. + const client = MapsSearch(credential, "<Your Azure Maps Client Id>"); ++ // Update the style of mouse cursor to a pointer + map.getCanvasContainer().style.cursor = "pointer"; ++ // Create a popup + const popup = new atlas.Popup(); ++ // Upon a mouse click, open a popup at the selected location and render in the popup the address of the selected location + map.events.add("click", async (e) => { + const position = [e.position[1], e.position[0]]; ++ // Execute the reverse address search query and open a popup once a response is received + const response = await client.path("/search/address/reverse/{format}", "json").get({ + queryParameters: { query: position } + }); ++ // Get address data from response + const data = response.body.addresses; ++ // Construct the popup + var popupContent = document.createElement("div"); + popupContent.classList.add("popup-content"); + popupContent.innerHTML = data.length !== 0 ? data[0].address.freeformAddress : "No address for that location!"; + popup.setOptions({ + position: e.position, + content: popupContent + }); ++ // Render the popup on the map + popup.open(map); + }); + }); +}; ++document.body.onload = onload; +``` ++<!-- <iframe height='500' scrolling='no' title='Get information from a coordinate (Service Module)' src='//codepen.io/azuremaps/embed/ejEYMZ/?height=265&theme-id=0&default-tab=js,result&embed-version=2&editable=true' frameborder='no' loading="lazy" allowtransparency='true' allowfullscreen='true'>See the Pen <a href='https://codepen.io/azuremaps/pen/ejEYMZ/'>Get information from a coordinate (Service Module)</a> by Azure Maps (<a href='https://codepen.io/azuremaps'>@azuremaps</a>) on <a href='https://codepen.io'>CodePen</a>. </iframe>+> -In the code above, the first block constructs a map object and sets the authentication mechanism to use the access token. For more information, see [create a map]. +In the previous code example, the first block constructs a map object and sets the authentication mechanism to use Azure Active Directory. For more information, see [Create a map]. -The second code block creates a `TokenCredential` to authenticate HTTP requests to Azure Maps with the access token. It then passes the `TokenCredential` to `atlas.service.MapsURL.newPipeline()` and creates a [Pipeline] instance. The `searchURL` represents a URL to the [Search service]. +The second block of code creates an object that implements the [TokenCredential] interface to authenticate HTTP requests to Azure Maps with the access token. It then passes the credential object to [MapsSearch] and creates an instance of the client. -The third code block updates the style of mouse cursor to a pointer and creates a [popup] object. For more information, see [add a popup on the map]. +The third code block updates the style of mouse cursor to a pointer and creates a [popup] object. For more information, see [Add a popup on the map]. -The fourth block of code adds a mouse click [event listener]. When triggered, it creates a search query with the coordinates of the clicked point. It then uses the [getSearchAddressReverse] method to query the [Get Search Address Reverse API] for the address of the coordinates. A GeoJSON feature collection is then extracted using the `geojson.getFeatures()` method from the response. +The fourth block of code adds a mouse click [event listener]. When triggered, it creates a search query with the coordinates of the selected point. It then makes a GET request to query the [Get Search Address Reverse API] for the address of the coordinates. -The fifth block of code sets up the HTML popup content to display the response address for the clicked coordinate position. +The fifth block of code sets up the HTML popup content to display the response address for the selected coordinate position. -The change of cursor, the popup object, and the click event are all created in the map's [load event listener]. This code structure ensures map fully loads before retrieving the coordinates information. +The change of cursor, the popup object, and the `click` event are all created in the map's [load event listener]. This code structure ensures map fully loads before retrieving the coordinates information. ## Make a reverse search request via Fetch API -Click on the map to make a reverse geocode request for that location using fetch. -+Select a location on the map to make a reverse geocode request for that location using fetch. ++```javascript +import * as atlas from "azure-maps-control"; +import "azure-maps-control/dist/atlas.min.css"; ++const onload = () => { + // Initialize a map instance. + const map = new atlas.Map("map", { + view: "Auto", + // Add authentication details for connecting to Azure Maps. + authOptions: { + // Use Azure Active Directory authentication. + authType: "aad", + clientId: "<Your Azure Maps Client Id>", + aadAppId: "<Your Azure Active Directory Client Id>", + aadTenant: "<Your Azure Active Directory Tenant Id>" + } + }); ++ map.events.add("load", async () => { + // Update the style of mouse cursor to a pointer + map.getCanvasContainer().style.cursor = "pointer"; ++ // Create a popup + const popup = new atlas.Popup(); ++ // Upon a mouse click, open a popup at the selected location and render in the popup the address of the selected location + map.events.add("click", async (e) => { + //Send a request to Azure Maps reverse address search API + let url = "https://atlas.microsoft.com/search/address/reverse/json?"; + url += "&api-version=1.0"; + url += "&query=" + e.position[1] + "," + e.position[0]; ++ // Process request + fetch(url, { + headers: { + Authorization: "Bearer " + map.authentication.getToken(), + "x-ms-client-id": "<Your Azure Maps Client Id>" + } + }) + .then((response) => response.json()) + .then((response) => { + const popupContent = document.createElement("div"); + popupContent.classList.add("popup-content"); + const address = response["addresses"]; + popupContent.innerHTML = + address.length !== 0 ? address[0]["address"]["freeformAddress"] : "No address for that location!"; + popup.setOptions({ + position: e.position, + content: popupContent + }); + // render the popup on the map + popup.open(map); + }); + }); + }); +}; ++document.body.onload = onload; +``` ++<!-- <iframe height='500' scrolling='no' title='Get information from a coordinate' src='//codepen.io/azuremaps/embed/ddXzoB/?height=516&theme-id=0&default-tab=js,result&embed-version=2&editable=true' frameborder='no' loading="lazy" allowtransparency='true' allowfullscreen='true'>See the Pen <a href='https://codepen.io/azuremaps/pen/ddXzoB/'>Get information from a coordinate</a> by Azure Maps (<a href='https://codepen.io/azuremaps'>@azuremaps</a>) on <a href='https://codepen.io'>CodePen</a>. </iframe>+> ++In the previous code example, the first block of code constructs a map object and sets the authentication mechanism to use Azure Active Directory. You can see [Create a map] for instructions. ++The second block of code updates the style of the mouse cursor to a pointer. It instantiates a [popup](/javascript/api/azure-maps-control/atlas.popup#open) object. For more information, see [Add a popup on the map]. -In the code above, the first block of code constructs a map object and sets the authentication mechanism to use the access token. You can see [create a map] for instructions. +The third block of code adds an event listener for mouse clicks. Upon a mouse click, it uses the [Fetch API] to query the Azure Maps [Reverse Address Search API] for the selected coordinates address. For a successful response, it collects the address for the selected location. It defines the popup content and position using the [setOptions] function of the popup class. -The second block of code updates the style of the mouse cursor to a pointer. It instantiates a [popup](/javascript/api/azure-maps-control/atlas.popup#open) object. You can see [add a popup on the map] for instructions. +The change of cursor, the popup object, and the `click` event are all created in the map's [load event listener]. This code structure ensures the map fully loads before retrieving the coordinates information. -The third block of code adds an event listener for mouse clicks. Upon a mouse click, it uses the [Fetch API] to query the Azure Maps [Reverse Address Search API] for the clicked coordinates address. For a successful response, it collects the address for the clicked location. It defines the popup content and position using the [setOptions] function of the popup class. +The following image is a screenshot showing the results of the two code samples. -The change of cursor, the popup object, and the click event are all created in the map's [load event listener]. This code structure ensures the map fully loads before retrieving the coordinates information. ## Next steps See the following articles for full code examples: [Reverse Address Search API]: /rest/api/maps/search/getsearchaddressreverse [Fetch API]: https://fetch.spec.whatwg.org/-[create a map]: map-create.md -[Search service]: /rest/api/maps/search -[Pipeline]: /javascript/api/azure-maps-rest/atlas.service.pipeline +[Create a map]: map-create.md [popup]: /javascript/api/azure-maps-control/atlas.popup#open-[add a popup on the map]: map-add-popup.md +[Add a popup on the map]: map-add-popup.md [event listener]: /javascript/api/azure-maps-control/atlas.map#events-[getSearchAddressReverse]: /javascript/api/azure-maps-rest/atlas.service.searchurl#searchaddressreverse-aborter--geojson-position--searchaddressreverseoptions- [Get Search Address Reverse API]: /rest/api/maps/search/getsearchaddressreverse [load event listener]: /javascript/api/azure-maps-control/atlas.map#events [setOptions]: /javascript/api/azure-maps-control/atlas.popup#setoptions-popupoptions-+[@azure-rest/maps-search]: https://www.npmjs.com/package/@azure-rest/maps-search +[MapsSearch]: /javascript/api/@azure-rest/maps-search +[TokenCredential]: /javascript/api/@azure/identity/tokencredential |
| azure-maps | Map Route | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-maps/map-route.md | Title: Show route directions on a map | Microsoft Azure Maps -description: In this article, you'll learn how to display directions between two locations on a map using the Microsoft Azure Maps Web SDK. -- Previously updated : 07/29/2019-+ Title: Show route directions on a map ++description: This article demonstrates how to display directions between two locations on a map using the Microsoft Azure Maps Web SDK. ++ Last updated : 07/01/2023+ - # Show directions from A to B This article shows you how to make a route request and show the route on the map. -There are two ways to do so. The first way is to query the [Get Route Directions] request in the Azure Maps Route service. The second way is to use the [Fetch API] to make a search request to the [Get Route Directions] request. Both ways are discussed below. --## Query the route via service module -+There are two ways to do so. The first way is to query the [Get Route Directions] API using the TypeScript REST SDK [@azure-rest/maps-route]. The second way is to use the [Fetch API] to make a search request to the [Get Route Directions] API. Both approaches are described in this article. ++## Query the route via REST SDK ++```javascript +import * as atlas from "azure-maps-control"; +import MapsRoute, { toColonDelimitedLatLonString } from "@azure-rest/maps-route"; +import "azure-maps-control/dist/atlas.min.css"; ++const onload = () => { + // Initialize a map instance. + const map = new atlas.Map("map", { + view: "Auto", + // Add authentication details for connecting to Azure Maps. + authOptions: { + // Use Azure Active Directory authentication. + authType: "aad", + clientId: "<Your Azure Maps Client Id>", + aadAppId: "<Your Azure Active Directory Client Id>", + aadTenant: "<Your Azure Active Directory Tenant Id>" + } + }); ++ map.events.add("load", async () => { + // Use the access token from the map and create an object that implements the TokenCredential interface. + const credential = { + getToken: () => { + return { + token: map.authentication.getToken() + }; + } + }; ++ // Create a Route client. + const client = MapsRoute(credential, "<Your Azure Maps Client Id>"); ++ // Create a data source and add it to the map. + const dataSource = new atlas.source.DataSource(); + map.sources.add(dataSource); ++ // Create the GeoJSON objects which represent the start and end points of the route. + const startPoint = new atlas.data.Feature(new atlas.data.Point([-122.130137, 47.644702]), { + Title: "Redmond", + icon: "pin-blue" + }); ++ const endPoint = new atlas.data.Feature(new atlas.data.Point([-122.3352, 47.61397]), { + Title: "Seattle", + icon: "pin-round-blue" + }); ++ // Add the data to the data source. + dataSource.add([startPoint, endPoint]); ++ // Create a layer for rendering the route line under the road labels. + map.layers.add( + new atlas.layer.LineLayer(dataSource, null, { + strokeColor: "#2272B9", + strokeWidth: 5, + lineJoin: "round", + lineCap: "round" + }), + "labels" + ); ++ // Create a layer for rendering the start and end points of the route as symbols. + map.layers.add( + new atlas.layer.SymbolLayer(dataSource, null, { + iconOptions: { + image: ["get", "icon"], + allowOverlap: true, + ignorePlacement: true + }, + textOptions: { + textField: ["get", "title"], + offset: [0, 1.2] + }, + filter: ["any", ["==", ["geometry-type"], "Point"], ["==", ["geometry-type"], "MultiPoint"]] //Only render Point or MultiPoints in this layer. + }) + ); ++ // Get the coordinates of the start and end points. + const coordinates = [ + [startPoint.geometry.coordinates[1], startPoint.geometry.coordinates[0]], + [endPoint.geometry.coordinates[1], endPoint.geometry.coordinates[0]] + ]; ++ // Get the route directions between the start and end points. + const response = await client.path("/route/directions/{format}", "json").get({ + queryParameters: { + query: toColonDelimitedLatLonString(coordinates) + } + }); ++ // Get the GeoJSON feature collection of the route. + const data = getFeatures(response.body.routes); ++ // Add the route data to the data source. + dataSource.add(data); ++ // Update the map view to center over the route. + map.setCamera({ + bounds: data.bbox, + padding: 40 + }); + }); +}; ++/** + * Helper function to convert a route response into a GeoJSON FeatureCollection. + */ +const getFeatures = (routes) => { + const bounds = []; + const features = routes.map((route, index) => { + const multiLineCoords = route.legs.map((leg) => { + return leg.points.map((coord) => { + const position = [coord.longitude, coord.latitude]; + bounds.push(position); + return position; + }); + }); ++ // Include all properties on the route object except legs. + // Legs is used to create the MultiLineString, so we only need the summaries. + // The legSummaries property replaces the legs property with just summary data. + const props = { + ...route, + legSummaries: route.legs.map((leg) => leg.summary), + resultIndex: index + }; + delete props.legs; ++ return { + type: "Feature", + geometry: { + type: "MultiLineString", + coordinates: multiLineCoords + }, + properties: props + }; + }); ++ return { + type: "FeatureCollection", + features: features, + bbox: new atlas.data.BoundingBox.fromLatLngs(bounds) + }; +}; ++document.body.onload = onload; +``` ++<!-- <iframe height='500' scrolling='no' title='Show directions from A to B on a map (Service Module)' src='//codepen.io/azuremaps/embed/RBZbep/?height=265&theme-id=0&default-tab=js,result&embed-version=2&editable=true' frameborder='no' loading="lazy" allowtransparency='true' allowfullscreen='true'>See the Pen <a href='https://codepen.io/azuremaps/pen/RBZbep/'>Show directions from A to B on a map (Service Module)</a> by Azure Maps (<a href='https://codepen.io/azuremaps'>@azuremaps</a>) on <a href='https://codepen.io'>CodePen</a>. </iframe>+> -In the above code, the first block constructs a map object and sets the authentication mechanism to use the access token. You can see [create a map] for instructions. +In the previous code example, the first block constructs a map object and sets the authentication mechanism to use Azure Active Directory. You can see [Create a map] for instructions. -The second block of code creates a `TokenCredential` to authenticate HTTP requests to Azure Maps with the access token. It then passes the `TokenCredential` to `atlas.service.MapsURL.newPipeline()` and creates a [Pipeline] instance. The `routeURL` represents a URL to Azure Maps [Route service]. +The second block of code creates an object that implements the [TokenCredential] interface to authenticate HTTP requests to Azure Maps with the access token. It then passes the credential object to [MapsRoute] and creates an instance of the client. The third block of code creates and adds a [DataSource] object to the map. A line is a [Feature] for LineString. A [LineLayer] renders line objects wrapped A [symbol layer] uses texts or icons to render point-based data wrapped in the [DataSource]. The texts or the icons render as symbols on the map. The fifth block of code creates and adds a symbol layer to the map. -The sixth block of code queries the Azure Maps routing service, which is part of the [service module]. The [calculateRouteDirections] method of the `RouteURL` is used to get a route between the start and end points. A GeoJSON feature collection from the response is then extracted using the `geojson.getFeatures()` method and is added to the datasource. It then renders the response as a route on the map. For more information about adding a line to the map, see [add a line on the map]. +The sixth block of code queries the Azure Maps routing service, which is part of the [MapsRoute] client. A GET request is used to get a route between the start and end points. A GeoJSON feature collection from the response is then extracted using a `getFeatures()` helper function and is added to the datasource. It then renders the response as a route on the map. For more information about adding a line to the map, see [Add a line on the map]. The last block of code sets the bounds of the map using the Map's [setCamera] property. The route query, data source, symbol, line layers, and camera bounds are created ## Query the route via Fetch API +```javascript +import * as atlas from "azure-maps-control"; +import "azure-maps-control/dist/atlas.min.css"; ++const onload = () => { + // Initialize a map instance. + const map = new atlas.Map("map", { + view: "Auto", + // Add authentication details for connecting to Azure Maps. + authOptions: { + // Use Azure Active Directory authentication. + authType: "aad", + clientId: "<Your Azure Maps Client Id>", + aadAppId: "<Your Azure Active Directory Client Id>", + aadTenant: "<Your Azure Active Directory Tenant Id>" + } + }); ++ map.events.add("load", async () => { + // Create a data source and add it to the map. + const dataSource = new atlas.source.DataSource(); + map.sources.add(dataSource); ++ // Create the GeoJSON objects which represent the start and end points of the route. + const startPoint = new atlas.data.Feature(new atlas.data.Point([-122.130137, 47.644702]), { + Title: "Redmond", + icon: "pin-blue" + }); ++ const endPoint = new atlas.data.Feature(new atlas.data.Point([-122.3352, 47.61397]), { + Title: "Seattle", + icon: "pin-round-blue" + }); ++ // Add the data to the data source. + dataSource.add([startPoint, endPoint]); ++ // Create a layer for rendering the route line under the road labels. + map.layers.add( + new atlas.layer.LineLayer(dataSource, null, { + strokeColor: "#2272B9", + strokeWidth: 5, + lineJoin: "round", + lineCap: "round" + }), + "labels" + ); ++ // Create a layer for rendering the start and end points of the route as symbols. + map.layers.add( + new atlas.layer.SymbolLayer(dataSource, null, { + iconOptions: { + image: ["get", "icon"], + allowOverlap: true, + ignorePlacement: true + }, + textOptions: { + textField: ["get", "title"], + offset: [0, 1.2] + }, + filter: ["any", ["==", ["geometry-type"], "Point"], ["==", ["geometry-type"], "MultiPoint"]] //Only render Point or MultiPoints in this layer. + }) + ); ++ // Send a request to the route API + let url = "https://atlas.microsoft.com/route/directions/json?"; + url += "&api-version=1.0"; + url += + "&query=" + + startPoint.geometry.coordinates[1] + + "," + + startPoint.geometry.coordinates[0] + + ":" + + endPoint.geometry.coordinates[1] + + "," + + endPoint.geometry.coordinates[0]; ++ // Process request + fetch(url, { + headers: { + Authorization: "Bearer " + map.authentication.getToken(), + "x-ms-client-id": "<Your Azure Maps Client Id>" + } + }) + .then((response) => response.json()) + .then((response) => { + const bounds = []; + const route = response.routes[0]; + + // Create an array to store the coordinates of each turn + let routeCoordinates = []; + route.legs.forEach((leg) => { + const legCoordinates = leg.points.map((point) => { + const position = [point.longitude, point.latitude]; + bounds.push(position); + return position; + }); + // Add each turn coordinate to the array + routeCoordinates = routeCoordinates.concat(legCoordinates); + }); ++ // Add route line to the dataSource + dataSource.add(new atlas.data.Feature(new atlas.data.LineString(routeCoordinates))); ++ // Update the map view to center over the route. + map.setCamera({ + bounds: new atlas.data.BoundingBox.fromLatLngs(bounds), + padding: 40 + }); + }); + }); +}; ++document.body.onload = onload; +``` ++<!-- <iframe height='500' scrolling='no' title='Show directions from A to B on a map' src='//codepen.io/azuremaps/embed/zRyNmP/?height=469&theme-id=0&default-tab=js,result&embed-version=2&editable=true' frameborder='no' loading="lazy" allowtransparency='true' allowfullscreen='true'>See the Pen <a href='https://codepen.io/azuremaps/pen/zRyNmP/'>Show directions from A to B on a map</a> by Azure Maps (<a href='https://codepen.io/azuremaps'>@azuremaps</a>) on <a href='https://codepen.io'>CodePen</a>. </iframe>+> -In the code above, the first block of code constructs a map object and sets the authentication mechanism to use the access token. You can see [create a map] for instructions. +In the previous code example, the first block of code constructs a map object and sets the authentication mechanism to use Azure Active Directory. You can see [Create a map] for instructions. The second block of code creates and adds a [DataSource] object to the map. -The third code block creates the start and destination points for the route. Then, it adds them to the data source. For more information, see [add a pin on the map]. +The third code block creates the start and destination points for the route. Then, it adds them to the data source. For more information, see [Add a pin on the map]. A [LineLayer] renders line objects wrapped in the [DataSource] as lines on the map. The fourth block of code creates and adds a line layer to the map. See properties of a line layer at [LineLayerOptions]. A [symbol layer] uses text or icons to render point-based data wrapped in the [DataSource] as symbols on the map. The fifth block of code creates and adds a symbol layer to the map. See properties of a symbol layer at [SymbolLayerOptions]. -The next code block creates `SouthWest` and `NorthEast` points from the start and destination points and sets the bounds of the map using the Map's [setCamera] property. +The next block of code uses the [Fetch API] to make a search request to [Get Route Directions]. The response is then parsed. If the response was successful, the latitude and longitude information is used to create an array a line by connecting those points. The line data is then added to data source to render the route on the map. For more information, see [Add a line on the map]. -The last block of code uses the [Fetch API] to make a search request to [Get Route Directions]. The response is then parsed. If the response was successful, the latitude and longitude information is used to create an array a line by connecting those points. The line data is then added to data source to render the route on the map. For more information, see [add a line on the map]. +The last block of code sets the bounds of the map using the Map's [setCamera] property. The route query, data source, symbol, line layers, and camera bounds are created inside the [event listener]. Again, we want to ensure that results are displayed after the map loads fully. +The following image is a screenshot showing the results of the two code samples. ++ ## Next steps > [!div class="nextstepaction"] See the following articles for full code examples: > [Interacting with the map - mouse events](./map-events.md) [Get Route Directions]: /rest/api/maps/route/getroutedirections-[Route service]: /rest/api/maps/route [Fetch API]: https://fetch.spec.whatwg.org/-[create a map]: map-create.md +[Create a map]: map-create.md [DataSource]: /javascript/api/azure-maps-control/atlas.source.datasource-[add a line on the map]: map-add-line-layer.md +[Add a line on the map]: map-add-line-layer.md [setCamera]: /javascript/api/azure-maps-control/atlas.map#setcamera-cameraoptionscameraboundsoptionsanimationoptions- [SymbolLayerOptions]: /javascript/api/azure-maps-control/atlas.symbollayeroptions [LineLayerOptions]: /javascript/api/azure-maps-control/atlas.linelayeroptions-[add a pin on the map]: map-add-pin.md +[Add a pin on the map]: map-add-pin.md [LineLayer]: /javascript/api/azure-maps-control/atlas.layer.linelayer [symbol layer]: /javascript/api/azure-maps-control/atlas.layer.symbollayer-[Pipeline]: /javascript/api/azure-maps-rest/atlas.service.pipeline [event listener]: /javascript/api/azure-maps-control/atlas.map#events--[service module]: how-to-use-services-module.md -[calculateRouteDirections]: /javascript/api/azure-maps-rest/atlas.service.routeurl#methods [LinestringLayerOptions]: /javascript/api/azure-maps-control/atlas.linelayeroptions [Feature]: /javascript/api/azure-maps-control/atlas.data.feature [points]: /javascript/api/azure-maps-control/atlas.data.point+[@azure-rest/maps-route]: https://www.npmjs.com/package/@azure-rest/maps-route +[MapsRoute]: /javascript/api/@azure-rest/maps-route +[TokenCredential]: /javascript/api/@azure/identity/tokencredential |
| azure-maps | Map Search Location | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-maps/map-search-location.md | Title: Show search results on a map | Microsoft Azure Maps -description: In this article, you'll learn how to perform a search request using Microsoft Azure Maps Web SDK and display the results on the map. -- Previously updated : 07/29/2019-+ Title: Show search results on a map ++description: This article demonstrates how to perform a search request using Microsoft Azure Maps Web SDK and display the results on the map. ++ Last updated : 07/01/2023+ - # Show search results on the map This article shows you how to search for location of interest and show the search results on the map. -There are two ways to search for a location of interest. One way is to use a service module to make a search request. The other way is to make a search request to Azure Maps [Fuzzy search API] through the [Fetch API]. Both ways are discussed below. --## Make a search request via service module -+There are two ways to search for a location of interest. One way is to use the TypeScript REST SDK, [@azure-rest/maps-search] to make a search request. The other way is to make a search request to Azure Maps [Fuzzy search API] through the [Fetch API]. Both approaches are described in this article. ++## Make a search request via REST SDK ++```javascript +import * as atlas from "azure-maps-control"; +import MapsSearch from "@azure-rest/maps-search"; +import "azure-maps-control/dist/atlas.min.css"; ++const onload = () => { + // Initialize a map instance. + const map = new atlas.Map("map", { + view: "Auto", + // Add authentication details for connecting to Azure Maps. + authOptions: { + // Use Azure Active Directory authentication. + authType: "aad", + clientId: "<Your Azure Maps Client Id>", + aadAppId: "<Your Azure Active Directory Client Id>", + aadTenant: "<Your Azure Active Directory Tenant Id>" + } + }); ++ map.events.add("load", async () => { + // Use the access token from the map and create an object that implements the TokenCredential interface. + const credential = { + getToken: () => { + return { + token: map.authentication.getToken() + }; + } + }; ++ // Create a Search client. + const client = MapsSearch(credential, "<Your Azure Maps Client Id>"); ++ // Create a data source and add it to the map. + const datasource = new atlas.source.DataSource(); + map.sources.add(datasource); ++ // Add a layer for rendering point data. + const resultLayer = new atlas.layer.SymbolLayer(datasource); + map.layers.add(resultLayer); ++ // Search for gas stations near Seattle. + const response = await client.path("/search/fuzzy/{format}", "json").get({ + queryParameters: { + query: "gasoline station", + lat: 47.6101, + lon: -122.34255 + } + }); ++ // Arrays to store bounds for results. + const bounds = []; ++ // Convert the response into Feature and add it to the data source. + const searchPins = response.body.results.map((result) => { + const position = [result.position.lon, result.position.lat]; + bounds.push(position); + return new atlas.data.Feature(new atlas.data.Point(position), { + position: result.position.lat + ", " + result.position.lon + }); + }); ++ // Add the pins to the data source. + datasource.add(searchPins); ++ // Set the camera to the bounds of the pins + map.setCamera({ + bounds: new atlas.data.BoundingBox.fromLatLngs(bounds), + padding: 40 + }); + }); +}; ++document.body.onload = onload; +``` ++<!-- <iframe height='500' scrolling='no' title='Show search results on a map (Service Module)' src='//codepen.io/azuremaps/embed/zLdYEB/?height=265&theme-id=0&default-tab=js,result&embed-version=2&editable=true' frameborder='no' loading="lazy" allowtransparency='true' allowfullscreen='true'>See the Pen <a href='https://codepen.io/azuremaps/pen/zLdYEB/'>Show search results on a map (Service Module)</a> by Azure Maps (<a href='https://codepen.io/azuremaps'>@azuremaps</a>) on <a href='https://codepen.io'>CodePen</a>. </iframe>+> -In the code above, the first block constructs a map object and sets the authentication mechanism to use the access token. You can see [create a map] for instructions. +In the previous code example, the first block constructs a map object and sets the authentication mechanism to use Azure Active Directory. For more information, see [Create a map]. -The second block of code creates a `TokenCredential` to authenticate HTTP requests to Azure Maps with the access token. It then passes the `TokenCredential` to `atlas.service.MapsURL.newPipeline()` and creates a [Pipeline] instance. The `searchURL` represents a URL to Azure Maps [Search service]. +The second block of code creates an object that implements the [TokenCredential] interface to authenticate HTTP requests to Azure Maps with the access token. It then passes the credential object to [MapsSearch] and creates an instance of the client. The third block of code creates a data source object using the [DataSource] class and add search results to it. A [symbol layer] uses text or icons to render point-based data wrapped in the [DataSource] as symbols on the map. A symbol layer is then created. The data source is added to the symbol layer, which is then added to the map. -The fourth code block uses the [SearchFuzzy] method in the [service module]. It allows you to perform a free form text search via the [Get Search Fuzzy rest API] to search for point of interest. Get requests to the Search Fuzzy API can handle any combination of fuzzy inputs. A GeoJSON feature collection from the response is then extracted using the `geojson.getFeatures()` method and added to the data source, which automatically results in the data being rendered on the map via the symbol layer. +The fourth code block makes a GET request in the [MapsSearch] client. It allows you to perform a free form text search via the [Get Search Fuzzy rest API] to search for point of interest. Get requests to the Search Fuzzy API can handle any combination of fuzzy inputs. The response is then converted to [Feature] objects and added to the data source, which automatically results in the data being rendered on the map via the symbol layer. The last block of code adjusts the camera bounds for the map using the Map's [setCamera] property. The search request, data source, symbol layer, and camera bounds are inside the ## Make a search request via Fetch API +```javascript +import * as atlas from "azure-maps-control"; +import "azure-maps-control/dist/atlas.min.css"; ++const onload = () => { + // Initialize a map instance. + const map = new atlas.Map("map", { + view: "Auto", + // Add authentication details for connecting to Azure Maps. + authOptions: { + // Use Azure Active Directory authentication. + authType: "aad", + clientId: "<Your Azure Maps Client Id>", + aadAppId: "<Your Azure Active Directory Client Id>", + aadTenant: "<Your Azure Active Directory Tenant Id>" + } + }); ++ map.events.add("load", () => { + // Create a data source and add it to the map. + const datasource = new atlas.source.DataSource(); + map.sources.add(datasource); ++ // Add a layer for rendering point data. + const resultLayer = new atlas.layer.SymbolLayer(datasource); + map.layers.add(resultLayer); ++ // Send a request to Azure Maps search API + let url = "https://atlas.microsoft.com/search/fuzzy/json?"; + url += "&api-version=1"; + url += "&query=gasoline%20station"; + url += "&lat=47.6101"; + url += "&lon=-122.34255"; + url += "&radius=100000"; ++ // Parse the API response and create a pin on the map for each result + fetch(url, { + headers: { + Authorization: "Bearer " + map.authentication.getToken(), + "x-ms-client-id": "<Your Azure Maps Client Id>" + } + }) + .then((response) => response.json()) + .then((response) => { + // Arrays to store bounds for results. + const bounds = []; ++ // Convert the response into Feature and add it to the data source. + const searchPins = response.results.map((result) => { + const position = [result.position.lon, result.position.lat]; + bounds.push(position); + return new atlas.data.Feature(new atlas.data.Point(position), { + position: result.position.lat + ", " + result.position.lon + }); + }); ++ // Add the pins to the data source. + datasource.add(searchPins); ++ // Set the camera to the bounds of the pins + map.setCamera({ + bounds: new atlas.data.BoundingBox.fromLatLngs(bounds), + padding: 40 + }); + }); + }); +}; ++document.body.onload = onload; +``` ++<!-- <iframe height='500' scrolling='no' title='Show search results on a map' src='//codepen.io/azuremaps/embed/KQbaeM/?height=265&theme-id=0&default-tab=js,result&embed-version=2&editable=true' frameborder='no' loading="lazy" allowtransparency='true' allowfullscreen='true'>See the Pen <a href='https://codepen.io/azuremaps/pen/KQbaeM/'>Show search results on a map</a> by Azure Maps (<a href='https://codepen.io/azuremaps'>@azuremaps</a>) on <a href='https://codepen.io'>CodePen</a>. </iframe>+> -In the code above, the first block of code constructs a map object. It sets the authentication mechanism to use the access token. You can see [create a map] for instructions. +In the previous code example, the first block of code constructs a map object. It sets the authentication mechanism to use Azure Active Directory. For more information, see [Create a map]. -The second block of code creates a URL to make a search request to. It also creates two arrays to store bounds and pins for search results. +The second block of code creates a data source object using the [DataSource] class and add search results to it. A [symbol layer] uses text or icons to render point-based data wrapped in the [DataSource] as symbols on the map. A symbol layer is then created. The data source is added to the symbol layer, which is then added to the map. -The third block of code uses the [Fetch API]. The [Fetch API] is used to make a request to Azure Maps [Fuzzy search API] to search for the points of interest. The Fuzzy search API can handle any combination of fuzzy inputs. It then handles and parses the search response and adds the result pins to the searchPins array. +The third block of code creates a URL to make a search request to. -The fourth block of code creates a data source object using the [DataSource] class. In the code, we add search results to the source object. A [symbol layer] uses text or icons to render point-based data wrapped in the [DataSource] as symbols on the map. A symbol layer is then created. The data source is added to the symbol layer, which is then added to the map. +The fourth block of code uses the [Fetch API]. The [Fetch API] is used to make a request to Azure Maps [Fuzzy search API] to search for the points of interest. The Fuzzy search API can handle any combination of fuzzy inputs. It then handles and parses the search response and adds the result pins to the searchPins array. The last block of code creates a [BoundingBox] object. It uses the array of results, and then it adjusts the camera bounds for the map using the Map's [setCamera]. It then renders the result pins. The search request, the data source, symbol layer, and the camera bounds are set within the map's [event listener] to ensure that the results are displayed after the map loads fully. +The following image is a screenshot showing the results of the two code samples. ++ ## Next steps > [!div class="nextstepaction"] See the following articles for full code examples: [Fuzzy search API]: /rest/api/maps/search/getsearchfuzzy [Fetch API]: https://fetch.spec.whatwg.org/ [DataSource]: /javascript/api/azure-maps-control/atlas.source.datasource-[Search service]: /rest/api/maps/search -[Pipeline]: /javascript/api/azure-maps-rest/atlas.service.pipeline [symbol layer]: /javascript/api/azure-maps-control/atlas.layer.symbollayer-[create a map]: map-create.md -[SearchFuzzy]: /javascript/api/azure-maps-rest/atlas.service.models.searchgetsearchfuzzyoptionalparams -[service module]: how-to-use-services-module.md +[Create a map]: map-create.md [Get Search Fuzzy rest API]: /rest/api/maps/search/getsearchfuzzy [setCamera]: /javascript/api/azure-maps-control/atlas.map#setcamera-cameraoptionscameraboundsoptionsanimationoptions- [event listener]: /javascript/api/azure-maps-control/atlas.map#events [BoundingBox]: /javascript/api/azure-maps-control/atlas.data.boundingbox+[@azure-rest/maps-search]: https://www.npmjs.com/package/@azure-rest/maps-search +[MapsSearch]: /javascript/api/@azure-rest/maps-search +[TokenCredential]: /javascript/api/@azure/identity/tokencredential +[Feature]: /javascript/api/azure-maps-control/atlas.data.feature |
| azure-maps | Power Bi Visual Add Reference Layer | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-maps/power-bi-visual-add-reference-layer.md | Title: Add a reference layer to Azure Maps Power BI visual- -description: In this article, you will learn how to use the reference layer in Azure Maps Power BI visual. ++description: This article describes how to use the reference layer in Azure Maps Power BI visual. Previously updated : 11/29/2021 Last updated : 07/17/2023 -The reference layer feature lets a secondary spatial dataset be uploaded to the visual and overlaid on the map to provide addition context. This dataset is hosted by Power BI and must be a [GeoJSON file](https://wikipedia.org/wiki/GeoJSON) with a `.json` or `.geojson` file extension. +The reference layer feature lets a secondary spatial dataset be uploaded to the visual and overlaid on the map to provide addition context. Power BI hosts this dataset as a [GeoJSON file] with a `.json` or `.geojson` file extension. To add a **GeoJSON** file as a reference layer, go to the **Format** pane, expand the **Reference layer** section, and press the **+ Add local file** button. After a GeoJSON file is added to the reference layer, the name of the file will appear in place of the **+ Add local file** button with an **X** beside it. Press the **X** button to remove the data from the visual and delete the GeoJSON file from Power BI. -The following map is displays [2016 census tracts for Colorado](https://github.com/Azure-Samples/AzureMapsCodeSamples/tree/master/Static/data/geojson), colored by population. --> [!div class="mx-imgBorder"] ->  +The following map displays [2016 census tracts for Colorado], colored by population. :::image type="content" source="./media/power-bi-visual/reference-layer-CO-census-tract.png" alt-text="A map displaying 2016 census tracts for Colorado, colored by population as a reference layer."::: The following are all settings in the **Format** pane that are available in the | Setting | Description | |-||-| Reference layer data | The data GeoJSON file to upload to the visual as an additional layer within the map. The **+ Add local file** button opens a file dialog the user can use to select a GeoJSON file that has a `.json` or `.geojson` file extension. | +| Reference layer data | The data GeoJSON file to upload to the visual as another layer within the map. The **+ Add local file** button opens a file dialog the user can use to select a GeoJSON file that has a `.json` or `.geojson` file extension. | > [!NOTE] > In this preview of the Azure Maps Power BI visual, the reference layer will only load the first 5,000 shape features to the map. This limit will be increased in a future update. ## Styling data in a reference layer -Properties can be added to each feature within the GeoJSON file to customize how it is styled on the map. This feature uses the simple data layer feature in the Azure Maps Web SDK. For more information, see this document on [supported style properties](spatial-io-add-simple-data-layer.md#default-supported-style-properties). Custom icon images are not supported within the Azure Maps Power BI visual as a security precaution. +Properties can be added to each feature within the GeoJSON file to customize how it's styled on the map. This feature uses the simple data layer feature in the Azure Maps Web SDK. For more information, see this document on [supported style properties]. Custom icon images aren't supported within the Azure Maps Power BI visual as a security precaution. -The following is an example of a GeoJSON point feature that sets its displayed color to red. +The following json is an example of a GeoJSON point feature that sets its displayed color to red. ```json { The following is an example of a GeoJSON point feature that sets its displayed c Add more context to the map: > [!div class="nextstepaction"]-> [Add a tile layer](power-bi-visual-add-tile-layer.md) +> [Add a tile layer] > [!div class="nextstepaction"]-> [Show real-time traffic](power-bi-visual-show-real-time-traffic.md) +> [Show real-time traffic] ++[GeoJSON file]: https://wikipedia.org/wiki/GeoJSON +[2016 census tracts for Colorado]: https://github.com/Azure-Samples/AzureMapsCodeSamples/tree/master/Static/data/geojson +[supported style properties]: spatial-io-add-simple-data-layer.md#default-supported-style-properties +[Add a tile layer]: power-bi-visual-add-tile-layer.md +[Show real-time traffic]: power-bi-visual-show-real-time-traffic.md |
| azure-maps | Power Bi Visual Filled Map | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-maps/power-bi-visual-filled-map.md | Title: Filled map in Azure Maps Power BI Visual -description: In this article, you'll learn about the Filled map feature in Azure Maps Power BI Visual. +description: This article demonstrates using the Filled map feature in Azure Maps Power BI Visual. Previously updated : 04/11/2022 Last updated : 07/19/2023 -<!-- - >- :::image type="content" source="media/power-bi-visual/filled-map-us-teal.png" lightbox="media/power-bi-visual/filled-map-us-teal.png" alt-text="A screenshot showing a map of America with states colored in varying degrees depending on the amount of sales attained in each."::: -The image above shows an example of a filled map. The map of America shows each state with a different shade that represents the sales by state. A viewer can immediately see that California has the most sales followed by Texas, then Florida. +This image shows an example of a filled map. The map of America shows each state with a different shade that represents the sales by state. A viewer can immediately see that California has the most sales followed by Texas, then Florida. ## When to use a filled map Some common uses for filled maps include: ## Prerequisites -This article uses [Sales and Marketing Sample PBIX](https://download.microsoft.com/download/9/7/6/9767913A-29DB-40CF-8944-9AC2BC940C53/Sales%20and%20Marketing%20Sample%20PBIX.pbix) as the data source for demonstration purposes. You can create a new report using this data before continuing if you wish to follow along. +This article uses [Sales and Marketing Sample PBIX] as the data source for demonstration purposes. You can create a new report using this data before continuing if you wish to follow along. ## Filled map settings There are two places where you can adjust filled maps settings: Build and format | Options | Specify the position of the layer relative to other map layers | Drop down menu:<BR>Above labels<BR>Below labels<BR>Below roads | > [!TIP]-> You can use **Conditional formatting** in the **Colors** setting to set the field that your map is based on, as demonstrated in the [Create a filled map](#create-a-filled-map) section below. +> You can use **Conditional formatting** in the **Colors** setting to set the field that your map is based on, as demonstrated in the [Create a filled map](#create-a-filled-map) section. ### Format visuals -| Bucket | Description | -|-|-| -| Location | Geospatial area with a boundary, such as country/region, state, city, county or postal code. Street and address aren't supported in filled map. | -| Legend | Categorical data that will be used to shade the map. | -| Tool Tips (optional) | Determined the data/columns that would be shown in tool tips | +| Bucket | Description | +|-|| +| Location | Geospatial area with a boundary, such as country/region, state, city, county or postal code. Street and address aren't supported in filled map. | +| Legend | Categorical data that is used to shade the map. | +| Tool Tips (optional) | Determined the data/columns that would be shown in tool tips. | ## Create a filled map 1. From the **Fields** pane, select the **Geo > State** field. Notice that it populates the **Location** field in the **Visualizations** pane.- <!-- -  - --> :::image type="content" source="media/power-bi-visual/filled-map-geo-state.png" alt-text="A screenshot showing the selection of the state field from the geo table."::: There are two places where you can adjust filled maps settings: Build and format 1. In the **Visualizations** pane, select **Format your visual** 1. Set **Filled map** to **On**- <!-- -  - --> :::image type="content" source="media/power-bi-visual/filled-map-visualization-setting.png" alt-text="A screenshot showing the filled maps option in the visualizations pane in the Format your visual view."::: 1. Select **Filled maps** to expand that section then select **Colors**. 1. Select **Conditional formatting**.- <!-- -  - --> :::image type="content" source="media/power-bi-visual/filled-map-conditional-formatting.png" alt-text="A screenshot showing the Conditional formatting button in the colors section."::: 1. The **Default color - Filled map** dialog should appear, select the **What field should we base this on?** Drop down, then select **Sales $** from the **SalesFact** table.- <!-- -  - --> - :::image type="content" source="media/power-bi-visual/filled-map-sales.png" lightbox="media/power-bi-visual/filled-map-sales.png" alt-text="A screenshot showing Default color - Filled map dialog box with sales selected from the What field should we base this on? Drop down."::: + :::image type="content" source="media/power-bi-visual/filled-map-sales.png" lightbox="media/power-bi-visual/filled-map-sales.png" alt-text="A screenshot showing Default color - Filled map dialog box with sales selected from the 'What field should we base this on?' drop down list."::: 1. Set the **Minimum** color to white then select the **OK** button. There are two places where you can adjust filled maps settings: Build and format :::image type="content" source="media/power-bi-visual/filled-map-us-minus-alaska.png" lightbox="media/power-bi-visual/filled-map-us-minus-alaska.png" alt-text="A screenshot showing a map of America with states colored in teal with varying degrees of shading depending on the amount of sales attained in each state."::: - <!-- -  - --> - ## Next steps Change how your data is displayed on the map: Customize the visual: > [!div class="nextstepaction"] > [Customize visualization titles, backgrounds, and legends](/power-bi/visuals/power-bi-visualization-customize-title-background-and-legend)++[Sales and Marketing Sample PBIX]: https://download.microsoft.com/download/9/7/6/9767913A-29DB-40CF-8944-9AC2BC940C53/Sales%20and%20Marketing%20Sample%20PBIX.pbix |
| azure-maps | Power Bi Visual Geocode | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-maps/power-bi-visual-geocode.md | Title: Geocoding in Azure Maps Power BI visual -description: In this article, you'll learn about geocoding in Azure Maps Power BI visual. +description: This article describes geocoding in Azure Maps Power BI visual. Last updated 03/16/2022 When entering multiple values into the **Location** field, you create a geo-hier |:-:|-| | 1 | The drill button on the far right, called Drill Mode, allows you to select a map Location and drill down into that specific location one level at a time. For example, if you turn on the drill-down option and select North America, you move down in the hierarchy to the next level--states in North America. For geocoding, Power BI sends Azure Maps country and state data for North America only. The button on the left goes back up one level. | | 2 | The double arrow drills to the next level of the hierarchy for all locations at once. For example, if you're currently looking at countries/regions and then use this option to move to the next level, states, Power BI displays state data for all countries/regions. For geocoding, Power BI sends Azure Maps state data (no country/region data) for all locations. This option is useful if each level of your hierarchy is unrelated to the level above it. |-| 3 | Similar to the drill-down option, except that you don't need to click on the map. It expands down to the next level of the hierarchy remembering the current level's context. For example, if you're currently looking at countries/regions and select this icon, you move down in the hierarchy to the next level--states. For geocoding, Power BI sends data for each state and its corresponding country/region to help Azure Maps geocode more accurately. In most maps, you'll either use this option or the drill-down option on the far right. This will send Azure as much information as possible and result in more accurate location information. | +| 3 | Similar to the drill-down option, except that you don't need to select the map. It expands down to the next level of the hierarchy remembering the current level's context. For example, if you're currently looking at countries/regions and select this icon, you move down in the hierarchy to the next level--states. For geocoding, Power BI sends data for each state and its corresponding country/region to help Azure Maps geocode more accurately. In most maps, you'll either use this option or the drill-down option on the far right. This sends Azure as much information as possible and result in more accurate location information. | ## Categorize geographic fields in Power BI -To ensure fields are correctly geocoded, you can set the Data Category on the data fields in Power BI. In Data view, select the desired column. From the ribbon, select the Modeling tab and then set the Data Category to one of the following: Address, City, Continent, Country, Region, County, Postal Code, State, or Province. These data categories help Azure correctly encode the data. To learn more, see [Data categorization in Power BI Desktop](/power-bi/transform-model/desktop-data-categorization). If you're live connecting to SQL Server Analysis Services, you'll need to set the data categorization outside of Power BI using [SQL Server Data Tools (SSDT)](/sql/ssdt/download-sql-server-data-tools-ssdt). +To ensure fields are correctly geocoded, you can set the Data Category on the data fields in Power BI. In Data view, select the desired column. From the ribbon, select the Modeling tab and then set the Data Category to one of the following properties: Address, City, Continent, Country, Region, County, Postal Code, State, or Province. These data categories help Azure correctly encode the data. To learn more, see [Data categorization in Power BI Desktop]. If you're live connecting to SQL Server Analysis Services, set the data categorization outside of Power BI using [SQL Server Data Tools (SSDT)]. :::image type="content" source="media/power-bi-visual/data-category.png" alt-text="A screenshot showing the data category drop-down list in Power BI desktop."::: Learn about the Azure Maps Power BI visual Pie Chart layer that uses geocoding: > [!div class="nextstepaction"] > [Add a pie chart layer](power-bi-visual-add-pie-chart-layer.md)++[Data categorization in Power BI Desktop]: /power-bi/transform-model/desktop-data-categorization +[SQL Server Data Tools (SSDT)]: /sql/ssdt/download-sql-server-data-tools-ssdt |
| azure-maps | Power Bi Visual Manage Access | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-maps/power-bi-visual-manage-access.md | Title: Manage Azure Maps Power BI visual within your organization -description: In this article, you will learn how to manage Azure Maps Power BI visual within your organization. +description: This article demonstrates how to manage Azure Maps Power BI visual within your organization. Last updated 11/29/2021-Power BI provides the ability for designers and tenant administrators to manage the use of the Azure Maps visual. Below you will find steps each role can take. +Power BI provides the ability for designers and tenant administrators to manage the use of the Azure Maps visual. ## Tenant admin options -In PowerBI.com, tenant administrators can turn off the Azure Maps visual for all users. Select **Settings** > **Admin** **Portal** > **Tenant settings**. When disabled, Power BI will no longer display the Azure Maps visual in the visualizations pane. +In PowerBI.com, tenant administrators can turn off the Azure Maps visual for all users. Select **Settings** > **Admin** **Portal** > **Tenant settings**. When disabled, Power BI doesn't display the Azure Maps visual in the visualizations pane. :::image type="content" source="media/power-bi-visual/tenant-admin-settings.png" alt-text="Power BI admin portal showing tenant settings for the Azure Maps visual."::: |
| azure-maps | Power Bi Visual Show Real Time Traffic | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-maps/power-bi-visual-show-real-time-traffic.md | Title: Show real-time traffic on an Azure Maps Power BI visual -description: In this article, you will learn how to show real-time traffic on an Azure Maps Power BI visual. +description: This article demonstrates how to show real-time traffic on an Azure Maps Power BI visual. Previously updated : 11/29/2021 Last updated : 07/18/2023 -The traffic layer feature overlays real-time traffic data on top of the map. To enable this feature, move the **Traffic layer** slider in the **Format** pane to the **On** position. This will overlay traffic flow data as color coded roads. +The traffic layer feature overlays real-time traffic data on top of the map. To enable this feature, move the **Traffic layer** slider in the **Format** pane to the **On** position. This overlays traffic flow data as color coded roads. :::image type="content" source="media/power-bi-visual/traffic-layer.png" alt-text="A map displaying real-time traffic data."::: |
| azure-maps | Power Bi Visual Understanding Layers | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-maps/power-bi-visual-understanding-layers.md | Title: Layers in an Azure Maps Power BI visual- -description: In this article, you will learn about the different layers available in an Azure Maps Power BI visual. ++description: This article describes the different layers available in an Azure Maps Power BI visual. Previously updated : 11/29/2021 Last updated : 07/19/2023 The second type of layer connects addition external sources of data to map to pr :::column-end::: :::row-end::: -All the data rendering layers, as well as the **Tile layer**, have options for min and max zoom levels that are used to specify a zoom level range these layers should be displayed at. This allows one type of rendering layer to be used at one zoom level and a transition to another rendering layer at another zoom level. +All the data rendering layers and the **Tile layer**, have options for min and max zoom levels that are used to specify a zoom level range these layers should be displayed at. These options allow one type of rendering layer to be used at one zoom level and a transition to another rendering layer at another zoom level. -These layers also have an option to be positioned relative to other layers in the map. When multiple data rendering layers are used, the order in which they are added to the map determines their relative layering order when they have the same **Layer position** value. +These layers can also be positioned relative to other layers in the map. When multiple data rendering layers are used, the order in which they're added to the map determines their relative layering order when they have the same **Layer position** value. ## General layer settings The general layer section of the **Format** pane are common settings that apply to the layers that are connected to the Power BI dataset in the **Fields** pane (Bubble layer, 3D column layer). -| Setting | Description | -|-|| -| Unselected transparency | The transparency of shapes that are not selected, when one or more shapes are selected. | -| Show zeros | Specifies if points that have a size value of zero should be shown on the map using the minimum radius. | -| Show negatives | Specifies if absolute value of negative size values should be plotted. | -| Min data value | The minimum value of the input data to scale against. Good for clipping outliers. | -| Max data value | The maximum value of the input data to scale against. Good for clipping outliers. | +| Setting | Description | +|-|-| +| Unselected transparency | The transparency of shapes that aren't selected, when one or more shapes are selected. | +| Show zeros | Specifies if points that have a size value of zero should be shown on the map using the minimum radius. | +| Show negatives | Specifies if absolute value of negative size values should be plotted. | +| Min data value | The minimum value of the input data to scale against. Good for clipping outliers. | +| Max data value | The maximum value of the input data to scale against. Good for clipping outliers. | ## Next steps |
| azure-maps | Quick Android Map | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-maps/quick-android-map.md | This article shows you how to add the Azure Maps to an Android app. It walks you ## Prerequisites -1. A subscription to [Microsoft Azure](https://azure.microsoft.com). If you don't have an Azure subscription, [create a free account](https://azure.microsoft.com/free/) before you begin. +1. A subscription to [Microsoft Azure]. If you don't have an Azure subscription, [create a free account] before you begin. -1. [Android Studio](https://developer.android.com/studio/). If you don't have Android Studio, you can get it for free from Google. +1. [Android Studio]. If you don't have Android Studio, you can get it for free from Google. > [!NOTE] > Many of the instructions in this quickstart were created using Android Studio Arctic Fox (2020.3.1). If you use a different version of Android Studio, the steps specific to Android Studio may vary. This article shows you how to add the Azure Maps to an Android app. It walks you Create a new Azure Maps account using the following steps: -1. In the upper left-hand corner of the [Azure portal](https://portal.azure.com), select **Create a resource**. +1. In the upper left-hand corner of the [Azure portal], select **Create a resource**. 2. In the *Search the Marketplace* box, type **Azure Maps**, then select **Azure Maps** from the search results. 3. Select the **Create** button. 4. On the **Create Maps Account** page, enter the following values: Once your Azure Maps account is successfully created, retrieve the subscription 3. Copy the **Primary Key** and save it locally to use later in this tutorial. >[!NOTE]-> For security purposes, it is recommended that you rotate between your primary and secondary keys. To rotate keys, update your app to use the secondary key, deploy, then press the cycle/refresh button beside the primary key to generate a new primary key. The old primary key will be disabled. For more information on key rotation, see [Set up Azure Key Vault with key rotation and auditing](../key-vault/secrets/tutorial-rotation-dual.md) +> For security purposes, it is recommended that you rotate between your primary and secondary keys. To rotate keys, update your app to use the secondary key, deploy, then press the cycle/refresh button beside the primary key to generate a new primary key. The old primary key will be disabled. For more information on key rotation, see [Set up Azure Key Vault with key rotation and auditing]. :::image type="content" source="./media/quick-android-map/get-key.png" alt-text="A screenshot showing the Azure Maps Primary key in the Azure portal."::: Complete the following steps to create a new project with an empty activity in A :::image type="content" source="./media/quick-android-map/3-empty-activity.png" alt-text="A screenshot that shows the Create an Empty Activity screen in Android Studio."::: -1. In the **Empty Activity** screen you'll need to enter values for the following fields: +1. In the **Empty Activity** screen, enter values for the following fields: * **Name**. Enter **AzureMapsApp**. * **Package name**. Use the default **com.example.azuremapsapp**. * **Save location**. Use the default or select a new location to save your project files. Avoid using spaces in the path or filename due to potential problems with the NDK tools. Complete the following steps to create a new project with an empty activity in A * **Minimum SDK**. Select `API 21: Android 5.0.0 (Lollipop)` as the minimum SDK. It's the earliest version supported by the Azure Maps Android SDK. 1. Select **Finish** to create your new project. -See the [Android Studio documentation](https://developer.android.com/studio/intro/) for more help with installing Android Studio and creating a new project. +See the [Android Studio documentation] for more help with installing Android Studio and creating a new project. ## Set up a virtual device To set up an Android Virtual Device (AVD): 1. The **Android Virtual Device Manager** appears. Select **Create Virtual Device**. 1. In the **Phones** category, select **Nexus 5X**, and then select **Next**. -You can learn more about setting up an AVD in the [Android Studio documentation](https://developer.android.com/studio/run/managing-avds). +For more information about setting up an AVD, see [Create and manage virtual devices] in the Android Studio documentation. :::image type="content" source="./media/quick-android-map/4-avd-select-hardware.png" alt-text="A screenshot that shows the Select Hardware screen in Android Virtual Device Manager when creating a new Virtual Device."::: The next step in building your application is to install the Azure Maps Android :::image type="content" source="./media/quick-android-map/project-settings-file.png" alt-text="A screenshot of the project settings file in Android Studio."::: 3. Open the project's **gradle.properties** file, verify that `android.useAndroidX` and `android.enableJetifier` are both set to `true`.- + If the **gradle.properties** file doesn't include `android.useAndroidX` and `android.enableJetifier`, add the next two lines to the end of the file:- + ```gradle android.useAndroidX=true android.enableJetifier=true ```- 4. Open the application **build.gradle** file and do the following: The next step in building your application is to install the Azure Maps Android ::: zone pivot="programming-language-java-android" -6. In the **MainActivity.java** file you'll need to: +6. In the **MainActivity.java** file: * Add imports for the Azure Maps SDK. * Set your Azure Maps authentication information. The next step in building your application is to install the Azure Maps Android ::: zone pivot="programming-language-kotlin" -7. In the **MainActivity.kt** file you'll need to: +7. In the **MainActivity.kt** file: * add imports for the Azure Maps SDK * set your Azure Maps authentication information Android Studio takes a few seconds to build the application. After the build is ## Clean up resources >[!WARNING]-> The tutorials listed in the [Next Steps](#next-steps) section detail how to use and configure Azure Maps with your account. Don't clean up the resources created in this quickstart if you plan to continue to the tutorials. +> The tutorials listed in the [Next Steps] section detail how to use and configure Azure Maps with your account. Don't clean up the resources created in this quickstart if you plan to continue to the tutorials. If you don't plan to continue to the tutorials, take these steps to clean up the resources: If you don't plan on continuing to develop with the Azure Maps Android SDK: For more code examples, see these guides: -* [Manage authentication in Azure Maps](how-to-manage-authentication.md) -* [Change map styles in Android maps](set-android-map-styles.md) -* [Add a symbol layer](how-to-add-symbol-to-android-map.md) -* [Add a line layer](android-map-add-line-layer.md) -* [Add a polygon layer](how-to-add-shapes-to-android-map.md) +* [Manage authentication in Azure Maps] +* [Change map styles in Android maps] +* [Add a symbol layer] +* [Add a line layer] +* [Add a polygon layer] ## Next steps In this quickstart, you created your Azure Maps account and created a demo application. Take a look at the following tutorial to learn more about Azure Maps: > [!div class="nextstepaction"]-> [Load GeoJSON data into Azure Maps](tutorial-load-geojson-file-android.md) +> [Tutorial: Load GeoJSON data into Azure Maps Android SDK] ++[Add a line layer]: android-map-add-line-layer.md +[Add a polygon layer]: how-to-add-shapes-to-android-map.md +[Add a symbol layer]: how-to-add-symbol-to-android-map.md +[Android Studio documentation]: https://developer.android.com/studio/intro +[Android Studio]: https://developer.android.com/studio +[Azure portal]: https://portal.azure.com +[Change map styles in Android maps]: set-android-map-styles.md +[create a free account]: https://azure.microsoft.com/free +[Create and manage virtual devices]: https://developer.android.com/studio/run/managing-avds +[Manage authentication in Azure Maps]: how-to-manage-authentication.md +[Microsoft Azure]: https://azure.microsoft.com +[Next Steps]: #next-steps +[Set up Azure Key Vault with key rotation and auditing]: ../key-vault/secrets/tutorial-rotation-dual.md +[Tutorial: Load GeoJSON data into Azure Maps Android SDK]: tutorial-load-geojson-file-android.md |
| azure-maps | Quick Demo Map App | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-maps/quick-demo-map-app.md | Title: 'Quickstart: Interactive map search with Azure Maps' titeSuffix: Microsoft Azure Maps -description: 'Quickstart: Learn how to create interactive, searchable maps. See how to create an Azure Maps account, get the subscription key, and use the Web SDK to set up map applications' +description: A quickstart that demonstrates how to create interactive, searchable maps. Last updated 12/23/2021-In this quickstart, you will learn how to use Azure Maps to create a map that gives users an interactive search experience. It walks you through these basic steps: +This quickstart demonstrates how to use Azure Maps to create a map that gives users an interactive search experience. It walks you through these basic steps: * Create your own Azure Maps account. * Get your Azure Maps subscription key to use in the demo web application. * Download and open the demo map application. -This quickstart uses the Azure Maps Web SDK, however the Azure Maps service can be used with any map control, such as these popular [open-source map controls](open-source-projects.md#third-party-map-control-plugins) that the Azure Maps team has created plugin's for. +This quickstart uses the Azure Maps Web SDK, however the Azure Maps service can be used with any map control, such as these popular [open-source map controls] that the Azure Maps team has created plugin's for. ## Prerequisites -* If you don't have an Azure subscription, create a [free account](https://azure.microsoft.com/free/?WT.mc_id=A261C142F) before you begin. +* If you don't have an Azure subscription, create a [free account] before you begin. -* Sign in to the [Azure portal](https://portal.azure.com). +* Sign in to the [Azure portal]. <a id="createaccount"></a> This quickstart uses the Azure Maps Web SDK, however the Azure Maps service can Create a new Azure Maps account with the following steps: -1. Select **Create a resource** in the upper left-hand corner of the [Azure portal](https://portal.azure.com). +1. Select **Create a resource** in the upper left-hand corner of the [Azure portal]. 2. Type **Azure Maps** in the *Search services and Marketplace* box. 3. Select **Azure Maps** in the drop-down list that appears, then select the **Create** button. 4. On the **Create an Azure Maps Account resource** page, enter the following values then select the **Create** button: Once your Azure Maps account is successfully created, retrieve the subscription :::image type="content" source="./media/quick-demo-map-app/get-key.png" alt-text="Screenshot showing your Azure Maps subscription key in the Azure portal" lightbox="./media/quick-demo-map-app/get-key.png"::: >[!NOTE]-> This quickstart uses the [Shared Key](azure-maps-authentication.md#shared-key-authentication) authentication approach for demonstration purposes, but the preferred approach for any production environment is to use [Azure Active Directory](azure-maps-authentication.md#azure-ad-authentication) authentication. +> This quickstart uses the [Shared Key] authentication approach for demonstration purposes, but the preferred approach for any production environment is to use [Azure Active Directory] authentication. ## Download and update the Azure Maps demo -1. Go to [interactiveSearch.html](https://github.com/Azure-Samples/AzureMapsCodeSamples/blob/master/Samples/Tutorials/Interactive%20Search/Interactive%20Search%20Quickstart.html). Copy the contents of the file. +1. Copy the contents of the file: [Interactive Search Quickstart.html]. 2. Save the contents of this file locally as **AzureMapDemo.html**. Open it in a text editor. 3. Add the **Primary Key** value you got in the preceding section 1. Comment out all of the code in the `authOptions` function, this code is used for Azure Active Directory authentication. Once your Azure Maps account is successfully created, retrieve the subscription ## Clean up resources ->[!WARNING] ->The tutorials listed in the [Next Steps](#next-steps) section detail how to use and configure Azure Maps with your account. Don't clean up the resources created in this quickstart if you plan to continue to the tutorials. +>[!IMPORTANT] +>The tutorials listed in the [Next Steps] section detail how to use and configure Azure Maps with your account. Don't clean up the resources created in this quickstart if you plan to continue to the tutorials. If you don't plan to continue to the tutorials, take these steps to clean up the resources: If you don't plan to continue to the tutorials, take these steps to clean up the For more code examples and an interactive coding experience, see these articles: -* [Find an address with Azure Maps search service](how-to-search-for-address.md) -* [Use the Azure Maps Map Control](how-to-use-map-control.md) +* [Find an address with Azure Maps search service] +* [Use the Azure Maps Map Control] ## Next steps In this quickstart, you created an Azure Maps account and a demo application. Take a look at the following tutorials to learn more about Azure Maps: > [!div class="nextstepaction"]-> [Search nearby points of interest with Azure Maps](tutorial-search-location.md) +> [Search nearby points of interest with Azure Maps] ++[Azure Active Directory]: azure-maps-authentication.md#azure-ad-authentication +[Azure portal]: https://portal.azure.com +[Find an address with Azure Maps search service]: how-to-search-for-address.md +[free account]: https://azure.microsoft.com/free/?WT.mc_id=A261C142F +[Interactive Search Quickstart.html]: https://github.com/Azure-Samples/AzureMapsCodeSamples/blob/master/Samples/Tutorials/Interactive%20Search/Interactive%20Search%20Quickstart.html +[Next Steps]: #next-steps +[open-source map controls]: open-source-projects.md#third-party-map-control-plugins +[Search nearby points of interest with Azure Maps]: tutorial-search-location.md +[Shared Key]: azure-maps-authentication.md#shared-key-authentication +[Use the Azure Maps Map Control]: how-to-use-map-control.md |
| azure-maps | Quick Ios App | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-maps/quick-ios-app.md | If you don't have an Azure subscription, create a [free account] before you begi Create a new Azure Maps account with the following steps: -1. In the upper left-hand corner of the [Azure portal](https://portal.azure.com/) , select **Create a resource**. +1. In the upper left-hand corner of the [Azure portal], select **Create a resource**. 2. In the _Search the Marketplace_ box, type **Azure Maps**. Once your Maps account is successfully created, retrieve the primary key that en 3. Copy the **Primary Key** to your clipboard. Save it locally to use later in this tutorial. >[!NOTE]-> This quickstart uses the [Shared Key](azure-maps-authentication.md#shared-key-authentication) authentication approach for demonstration purposes, but the preferred approach for any production environment is to use [Azure Active Directory](azure-maps-authentication.md#azure-ad-authentication) authentication. +> This quickstart uses [Shared Key authentication] for demonstration purposes, but the preferred approach for any production environment is to use [Azure Active Directory authentication]. <!-- > If you use the Azure subscription key instead of the Azure Maps primary key, your map won't render properly. Also, for security purposes, it is recommended that you rotate between your primary and secondary keys. To rotate keys, update your app to use the secondary key, deploy, then press the cycle/refresh button beside the primary key to generate a new primary key. The old primary key will be disabled. For more information on key rotation, see [Set up Azure Key Vault with key rotation and auditing](../key-vault/secrets/tutorial-rotation-dual.md) --> First, create a new iOS App project. Complete these steps to create an Xcode pro 3. Enter app name, bundle ID then select **Next**. -See the [Creating a Xcode Project for an App](https://developer.apple.com/documentation/xcode/creating-an-xcode-project-for-an-app) for more help with creating a new project. +See the [Creating an Xcode Project for an App] for more help with creating a new project.  The next step in building your application is to install the Azure Maps iOS SDK.  -2. Enter the following in the resulting dialog: +2. Enter the following values in the resulting dialog: * Enter `https://github.com/Azure/azure-maps-ios-sdk-distribution.git` in the search bar that appears in the top right corner. * Select `Up to Next Major Version` in the **Dependency Rule** field. * Enter `1.0.0-pre.3` into the **Dependency Rule** version field. The next step in building your application is to install the Azure Maps iOS SDK. * add import for the Azure Maps SDK * set your Azure Maps authentication information -By setting the authentication information on the AzureMaps class globally using the `AzureMaps.configure(subscriptionKey:)` or `AzureMaps.configure(aadClient:aadAppId:aadTenant:)` you won't need to add your authentication information on every view. +By setting the authentication information on the AzureMaps class globally using the `AzureMaps.configure(subscriptionKey:)` or `AzureMaps.configure(aadClient:aadAppId:aadTenant:)`, you don't need to add your authentication information on every view. 1. Select the run button, as shown in the following graphic (or press `CMD` + `R`), to build your application. Xcode takes a few seconds to build the application. After the build is complete, ## Access map functionality -You can start customing map functionality by getting hold to `AzureMap` instance in a `mapView.onReady` handler. For a MapControl view added above, your sample `ViewController` may look the following way: +You can start customizing map functionality by getting hold to `AzureMap` instance in a `mapView.onReady` handler. Once the `MapControl` view is added, your sample `ViewController` should look similar to the following code: ```swift class ViewController: UIViewController { class ViewController: UIViewController { } ``` -Proceed to [Add a polygon layer to the map in the iOS SDK](add-polygon-layer-map-ios.md) for one such example. +Proceed to [Add a polygon layer to the map in the iOS SDK] for one such example. ## Clean up resources -<!-- -> [!WARNING] -> The tutorials listed in the [Next Steps](#next-steps) section detail how to use and configure Azure Maps with your account. Don't clean up the resources created in this quickstart if you plan to continue to the tutorials. >- Take these steps to clean up the resources created in this quickstart: 1. Close Xcode and delete the project you created. If you don't plan on continuing to develop with the Azure Maps iOS SDK: See the following articles for more code examples: -* [Manage authentication in Azure Maps](how-to-manage-authentication.md) -* [Change map styles in iOS maps](set-map-style-ios-sdk.md) -* [Add a symbol layer](add-symbol-layer-ios.md) -* [Add a line layer](add-line-layer-map-ios.md) -* [Add a polygon layer](add-polygon-layer-map-ios.md) +* [Manage authentication in Azure Maps] +* [Change map styles in iOS maps] +* [Add a symbol layer] +* [Add a line layer] +* [Add a polygon layer] -<!-- -## Next steps +<!--## Next steps In this quickstart, you created your Azure Maps account and created a demo application. Take a look at the following tutorials to learn more about Azure Maps: > [!div class="nextstepaction"] -> [Load GeoJSON data into Azure Maps](tutorial-load-geojson-file-ios.md) >+> [Load GeoJSON data into Azure Maps](tutorial-load-geojson-file-ios.md)--> ++[Add a line layer]: add-line-layer-map-ios.md +[Add a polygon layer to the map in the iOS SDK]: add-polygon-layer-map-ios.md +[Add a polygon layer]: add-polygon-layer-map-ios.md +[Add a symbol layer]: add-symbol-layer-ios.md +[Azure Active Directory authentication]: azure-maps-authentication.md#azure-ad-authentication [Azure Maps account]: quick-demo-map-app.md#create-an-azure-maps-account-[subscription key]: quick-demo-map-app.md#get-the-subscription-key-for-your-account +[Azure portal]: https://portal.azure.com +[Change map styles in iOS maps]: set-map-style-ios-sdk.md +[Creating an Xcode Project for an App]: https://developer.apple.com/documentation/xcode/creating-an-xcode-project-for-an-app [free account]: https://azure.microsoft.com/free/ [manage authentication in Azure Maps]: how-to-manage-authentication.md+[Shared Key authentication]: azure-maps-authentication.md#shared-key-authentication +[subscription key]: quick-demo-map-app.md#get-the-subscription-key-for-your-account [ΓÇÄXcode]: https://apps.apple.com/cz/app/xcode/id497799835?mt=12 |
| azure-maps | Set Drawing Options | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-maps/set-drawing-options.md | The Azure Maps Web SDK provides a [drawing tools module]. This module makes it e 1. Create a new HTML file and [implement the map as usual](./how-to-use-map-control.md). 2. Load the Azure Maps drawing tools module. You can load it in one of two ways:- - Use the globally hosted, Azure Content Delivery Network version of the Azure Maps services module. Add reference to the JavaScript and CSS stylesheet in the `<head>` element of the file: + - Use the globally hosted, Azure Content Delivery Network version of the Azure Maps services module. Add reference to the JavaScript and CSS Style Sheet in the `<head>` element of the file: ```html <link rel="stylesheet" href="https://atlas.microsoft.com/sdk/javascript/drawing/1/atlas-drawing.min.css" type="text/css" /> The Azure Maps Web SDK provides a [drawing tools module]. This module makes it e }; ``` + To learn more, see [How to use the Azure Maps map control npm package]. + ## Use the drawing manager directly Once the drawing tools module is loaded in your application, you can enable drawing and editing capabilities using the [drawing manager](/javascript/api/azure-maps-drawing-tools/atlas.drawing.drawingmanager#setoptions-drawingmanageroptions-). You can specify options for the drawing manager while instantiating it or alternatively use the `drawingManager.setOptions()` function. Learn more about the classes and methods used in this article: [style-loader]: https://webpack.js.org/loaders/style-loader/ [Drawing manager options source code]: https://github.com/Azure-Samples/AzureMapsCodeSamples/blob/main/Samples/Drawing%20Tools%20Module/Drawing%20manager%20options/Drawing%20manager%20options.html [drawing tools module]: https://www.npmjs.com/package/azure-maps-drawing-tools+[How to use the Azure Maps map control npm package]: how-to-use-npm-package.md |
| azure-monitor | Agents Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/agents/agents-overview.md | description: Overview of the Azure Monitor Agent, which collects monitoring data Previously updated : 3/30/2023 Last updated : 7/19/2023 -+ #customer-intent: As an IT manager, I want to understand the capabilities of Azure Monitor Agent to determine whether I can use the agent to collect the data I need from the operating systems of my virtual machines. |
| azure-monitor | Azure Monitor Agent Manage | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/agents/azure-monitor-agent-manage.md | description: Options for managing Azure Monitor Agent on Azure virtual machines Previously updated : 1/30/2022 Last updated : 7/18/2023 -+ |
| azure-monitor | Azure Monitor Agent Migration | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/agents/azure-monitor-agent-migration.md | description: This article provides guidance for migrating from the existing lega - Previously updated : 4/3/2023 + Last updated : 7/19/2023 # Customer intent: As an IT manager, I want to understand how I should move from using legacy agents to Azure Monitor Agent. |
| azure-monitor | Azure Monitor Agent Transformation | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/agents/azure-monitor-agent-transformation.md | Title: Transform text logs during ingestion in Azure Monitor Logs description: Write a KQL query that transforms text log data and add the transformation to a data collection rule in Azure Monitor Logs. Previously updated : 01/23/2023 Last updated : 07/19/2023 |
| azure-monitor | Azure Monitor Agent Troubleshoot Windows Arc | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/agents/azure-monitor-agent-troubleshoot-windows-arc.md | Title: Troubleshoot the Azure Monitor agent on Windows Arc-enabled server description: Guidance for troubleshooting issues on Windows Arc-enabled server with Azure Monitor agent and Data Collection Rules. Previously updated : 7/19/2022 Last updated : 7/19/2023 -+ |
| azure-monitor | Azure Monitor Agent Windows Client | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/agents/azure-monitor-agent-windows-client.md | Title: Set up the Azure Monitor agent on Windows client devices description: This article describes the instructions to install the agent on Windows 10, 11 client OS devices, configure data collection, manage and troubleshoot the agent. Previously updated : 7/6/2023 Last updated : 7/19/2023 -+ # Azure Monitor agent on Windows client devices |
| azure-monitor | Data Collection Iis | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/agents/data-collection-iis.md | Title: Collect IIS logs with Azure Monitor Agent description: Configure collection of Internet Information Services (IIS) logs on virtual machines with Azure Monitor Agent. Previously updated : 12/07/2022 Last updated : 07/19/2022 -+ |
| azure-monitor | Data Collection Rule Azure Monitor Agent | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/agents/data-collection-rule-azure-monitor-agent.md | Title: Collect events and performance counters from virtual machines with Azure Monitor Agent description: Describes how to collect events and performance data from virtual machines by using Azure Monitor Agent. Previously updated : 12/11/2022 Last updated : 7/19/2023 -+ |
| azure-monitor | Data Collection Rule Sample Agent | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/agents/data-collection-rule-sample-agent.md | Title: Sample data collection rule - agent description: Sample data collection rule for Azure Monitor agent Previously updated : 02/15/2022 Last updated : 07/19/2023 -+ |
| azure-monitor | Data Collection Snmp Data | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/agents/data-collection-snmp-data.md | Title: Collect SNMP trap data with Azure Monitor Agent description: Learn how to collect SNMP trap data and send the data to Azure Monitor Logs using Azure Monitor Agent. Previously updated : 06/22/2022- Last updated : 07/19/2023+ Learn more about: - [Azure Monitor Agent](azure-monitor-agent-overview.md). - [Data collection rules](../essentials/data-collection-rule-overview.md).-- [Best practices for cost management in Azure Monitor](../best-practices-cost.md). +- [Best practices for cost management in Azure Monitor](../best-practices-cost.md). |
| azure-monitor | Diagnostics Extension Logs | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/agents/diagnostics-extension-logs.md | description: Azure Monitor can read the logs for Azure services that write diagn Previously updated : 07/12/2022 Last updated : 07/19/2023 In approximately 30 minutes, you'll see data from the storage account in the Log * [Collect logs and metrics for Azure services](../essentials/resource-logs.md#send-to-log-analytics-workspace) for supported Azure services. * [Enable solutions](/previous-versions/azure/azure-monitor/insights/solutions) to provide insight into the data.-* [Use search queries](../logs/log-query-overview.md) to analyze the data. +* [Use search queries](../logs/log-query-overview.md) to analyze the data. |
| azure-monitor | Diagnostics Extension Stream Event Hubs | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/agents/diagnostics-extension-stream-event-hubs.md | description: Configure diagnostics extension in Azure Monitor to send data to Az Previously updated : 07/12/2022 Last updated : 07/19/2023 |
| azure-monitor | Diagnostics Extension Windows Install | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/agents/diagnostics-extension-windows-install.md | description: Learn about installing and configuring the Azure Diagnostics extens Previously updated : 07/12/2022 Last updated : 07/19/2023 ms.devlang: azurecli |
| azure-monitor | Resource Manager Agent | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/agents/resource-manager-agent.md | |
| azure-monitor | Resource Manager Data Collection Rules | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/agents/resource-manager-data-collection-rules.md | |
| azure-monitor | Action Groups | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/alerts/action-groups.md | description: Find out how to create and manage action groups. Learn about notifi Last updated 05/02/2023 --+ # Action groups |
| azure-monitor | Alerts Log Api Switch | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/alerts/alerts-log-api-switch.md | In the past, users used the [legacy Log Analytics Alert API](/azure/azure-monito - Ability to create a [cross workspace log alert](/azure/azure-monitor/logs/cross-workspace-query) that spans several external resources like Log Analytics workspaces or Application Insights resources for switched rules. - Users can specify dimensions to split the alerts for switched rules. - Log alerts have extended period of up to two days of data (previously limited to one day) for switched rules.-- -## Changes to the log alert rule creation experience --The current alert rule wizard is different from the earlier experience: --- Previously, search results were included in the payload of the triggered alert and its associated notifications. The email included only 10 rows from the unfiltered results while the webhook payload contained 1,000 unfiltered results. To get detailed context information about the alert so that you can decide on the appropriate action:- - We recommend using [dimensions](alerts-types.md#narrow-the-target-using-dimensions). Dimensions provide the column value that fired the alert, which gives you context for why the alert fired and how to fix the issue. - - When you need to investigate in the logs, use the link in the alert to the search results in logs. - - If you need the raw search results or for any other advanced customizations, [use Azure Logic Apps](alerts-logic-apps.md). -- The new alert rule wizard doesn't support customization of the JSON payload.- - Use custom properties in the [new API](/rest/api/monitor/scheduledqueryrule-2021-08-01/scheduled-query-rules/create-or-update#actions) to add static parameters and associated values to the webhook actions triggered by the alert. - - For more advanced customizations, [use Azure Logic Apps](alerts-logic-apps.md). -- The new alert rule wizard doesn't support customization of the email subject.- - Customers often use the custom email subject to indicate the resource on which the alert fired, instead of using the Log Analytics workspace. Use the [new API](/rest/api/monitor/scheduledqueryrule-2021-08-01/scheduled-query-rules/create-or-update#actions) to trigger an alert of the desired resource by using the resource ID column. - - For more advanced customizations, [use Azure Logic Apps](alerts-logic-apps.md). - ## Impact - All switched rules must be created/edited with the current API. See [sample use via Azure Resource Template](/azure/azure-monitor/alerts/alerts-log-create-templates) and [sample use via PowerShell](/azure/azure-monitor/alerts/alerts-manage-alerts-previous-version#manage-log-alerts-by-using-powershell).-- As rules become Azure Resource Manager tracked resources in the current API and must be unique, rules resource ID will change to this structure: `<WorkspaceName>|<savedSearchId>|<scheduleId>|<ActionId>`. Display names of the alert rule will remain unchanged.-+- As rules become Azure Resource Manager tracked resources in the current API and must be unique, rules resource ID will change to this structure: `<WorkspaceName>|<savedSearchId>|<scheduleId>|<ActionId>`. Display names of the alert rule will remain unchanged. ## Process View workspaces to upgrade using this [Azure Resource Graph Explorer query](https://portal.azure.com/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/resources%0A%7C%20where%20type%20%3D~%20%22microsoft.insights%2Fscheduledqueryrules%22%0A%7C%20where%20properties.isLegacyLogAnalyticsRule%20%3D%3D%20true%0A%7C%20distinct%20tolower%28properties.scopes%5B0%5D%29). Open the [link](https://portal.azure.com/?feature.customportal=false#blade/HubsExtension/ArgQueryBlade/query/resources%0A%7C%20where%20type%20%3D~%20%22microsoft.insights%2Fscheduledqueryrules%22%0A%7C%20where%20properties.isLegacyLogAnalyticsRule%20%3D%3D%20true%0A%7C%20distinct%20tolower%28properties.scopes%5B0%5D%29), select all available subscriptions, and run the query. |
| azure-monitor | Alerts Manage Alerts Previous Version | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/alerts/alerts-manage-alerts-previous-version.md | +## Changes to the log alert rule creation experience ++The current alert rule wizard is different from the earlier experience: ++- Previously, search results were included in the payload of the triggered alert and its associated notifications. The email included only 10 rows from the unfiltered results while the webhook payload contained 1,000 unfiltered results. To get detailed context information about the alert so that you can decide on the appropriate action: + - We recommend using [dimensions](alerts-types.md#narrow-the-target-using-dimensions). Dimensions provide the column value that fired the alert, which gives you context for why the alert fired and how to fix the issue. + - When you need to investigate in the logs, use the link in the alert to the search results in logs. + - If you need the raw search results or for any other advanced customizations, [use Azure Logic Apps](alerts-logic-apps.md). +- The new alert rule wizard doesn't support customization of the JSON payload. + - Use custom properties in the [new API](/rest/api/monitor/scheduledqueryrule-2021-08-01/scheduled-query-rules/create-or-update#actions) to add static parameters and associated values to the webhook actions triggered by the alert. + - For more advanced customizations, [use Azure Logic Apps](alerts-logic-apps.md). +- The new alert rule wizard doesn't support customization of the email subject. + - Customers often use the custom email subject to indicate the resource on which the alert fired, instead of using the Log Analytics workspace. Use the [new API](/rest/api/monitor/scheduledqueryrule-2021-08-01/scheduled-query-rules/create-or-update#actions) to trigger an alert of the desired resource by using the resource ID column. + - For more advanced customizations, [use Azure Logic Apps](alerts-logic-apps.md). ++## Manage alert rules created in previous versions in the Azure portal 1. In the [Azure portal](https://portal.azure.com/), select the resource you want. 1. Under **Monitoring**, select **Alerts**. 1. On the top bar, select **Alert rules**. This article describes the process of managing alert rules created in the previo  1. After you've finished editing all the alert rule options, select **Save**. -## Manage log alerts by using PowerShell +## Manage log alerts using PowerShell [!INCLUDE [updated-for-az](../../../includes/updated-for-az.md)] |
| azure-monitor | Asp Net Trace Logs | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/app/asp-net-trace-logs.md | Perhaps your application sends voluminous amounts of data and you're using the A [availability]: ./availability-overview.md [diagnostic]: ./diagnostic-search.md [exceptions]: asp-net-exceptions.md-[portal]: https://portal.azure.com/ [qna]: ../faq.yml [start]: ./app-insights-overview.md |
| azure-monitor | Codeless Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/app/codeless-overview.md | Title: Autoinstrumentation for Azure Monitor Application Insights description: Overview of autoinstrumentation for Azure Monitor Application Insights codeless application performance management. + Last updated 07/10/2023 |
| azure-monitor | Ilogger | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/app/ilogger.md | namespace ConsoleApp For more information, see [What Application Insights telemetry type is produced from ILogger logs? Where can I see ILogger logs in Application Insights?](#what-application-insights-telemetry-type-is-produced-from-ilogger-logs-where-can-i-see-ilogger-logs-in-application-insights). +## Logging scopes ++`ApplicationInsightsLoggingProvider` supports [log scopes](/dotnet/core/extensions/logging#log-scopes). Scopes are enabled by default. ++If the scope is of type `IReadOnlyCollection<KeyValuePair<string,object>>`, then each key/value pair in the collection is added to the Application Insights telemetry as custom properties. In the following example, logs are captured as `TraceTelemetry` and has `("MyKey", "MyValue")` in properties. ++```csharp +using (_logger.BeginScope(new Dictionary<string, object> { ["MyKey"] = "MyValue" })) +{ + _logger.LogError("An example of an Error level message"); +} +``` ++If any other type is used as a scope, it's stored under the property `Scope` in Application Insights telemetry. In the following example, `TraceTelemetry` has a property called `Scope` that contains the scope. ++```csharp + using (_logger.BeginScope("hello scope")) + { + _logger.LogError("An example of an Error level message"); + } +``` + ## Frequently asked questions ### What Application Insights telemetry type is produced from ILogger logs? Where can I see ILogger logs in Application Insights? builder.AddApplicationInsights( ``` ### Why do some ILogger logs not have the same properties as others? -Application Insights captures and sends `ILogger` logs by using the same `TelemetryConfiguration` information that's used for every other telemetry. But there's an exception. By default, `TelemetryConfiguration` isn't fully set up when you log from *Program.cs* or *Startup.cs*. Logs from these places won't have the default configuration, so they won't be running all `TelemetryInitializer` instances and `TelemetryProcessor` instances. +Application Insights captures and sends `ILogger` logs by using the same `TelemetryConfiguration` information that's used for every other telemetry. But there's an exception. By default, `TelemetryConfiguration` isn't fully set up when you log from *Program.cs* or *Startup.cs*. Logs from these places don't have the default configuration, so they aren't running all `TelemetryInitializer` instances and `TelemetryProcessor` instances. ### I'm using the standalone package Microsoft.Extensions.Logging.ApplicationInsights, and I want to log more custom telemetry manually. How should I do that? |
| azure-monitor | Java Standalone Config | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/app/java-standalone-config.md | The script is aiming at helping customers to track the web user data, and sent t If you want to enable this feature, add the below configuration option: ```json-"preview": { - "browserSdkLoader": { - "enabled": true - } +{ + "preview": { + "browserSdkLoader": { + "enabled": true + } + } } ``` |
| azure-monitor | Javascript Framework Extensions | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/app/javascript-framework-extensions.md | None. The React plug-in for the Application Insights JavaScript SDK enables: -- Tracking of router changes-- React components usage statistics+- Track router history +- Track exceptions +- Track components usage +- Use Application Insights with React Context ### [React Native](#tab/reactnative) -The React Native plugin for Application Insights JavaScript SDK collects device information. By default, this plugin automatically collects: +The React Native plugin for Application Insights JavaScript SDK enables: -- **Unique Device ID** (Also known as Installation ID.)-- **Device Model Name** (Such as iPhone XS, Samsung Galaxy Fold, Huawei P30 Pro etc.)-- **Device Type** (For example, handset, tablet, etc.)+- Track exceptions +- Collect device information ++ By default, this plugin automatically collects: ++ - **Unique Device ID** (Also known as Installation ID.) + - **Device Model Name** (Such as iPhone XS, Samsung Galaxy Fold, Huawei P30 Pro etc.) + - **Device Type** (For example, handset, tablet, etc.) ++- Disable automatic device info collection +- Use your own device info collection class +- Override the device information ### [Angular](#tab/angular) -The Angular plugin for the Application Insights JavaScript SDK, enables: +The Angular plugin for the Application Insights JavaScript SDK enables: -- Tracking of router changes-- Tracking uncaught exceptions+- Track router history +- Track exceptions +- Chain more custom exception handlers > [!WARNING] > Angular plugin is NOT ECMAScript 3 (ES3) compatible. appInsights.loadAppInsights(); Set up an instance of Application Insights in the entry component in your app: > [!IMPORTANT]-> When using the ErrorService, there is an implicit dependency on the `@microsoft/applicationinsights-analytics-js` extension. you MUST include either the `'@microsoft/applicationinsights-web'` or include the `@microsoft/applicationinsights-analytics-js` extension. Otherwise, unhandled errors caught by the error service will not be sent. +> When using the ErrorService, there is an implicit dependency on the `@microsoft/applicationinsights-analytics-js` extension. you MUST include either the `'@microsoft/applicationinsights-web'` or include the `@microsoft/applicationinsights-analytics-js` extension. Otherwise, unhandled exceptions caught by the error service will not be sent. > [!TIP] > If you want to add the [Click Analytics plug-in](./javascript-feature-extensions.md), uncomment the lines for Click Analytics and delete `extensions: [angularPlugin],`. export class AppComponent { -## Add configuration +## Configuration -### [React](#tab/react) +This section covers configuration settings for the framework extensions for Application Insights JavaScript SDK. ++### Track exceptions ++#### [React](#tab/react) ++[React error boundaries](https://react.dev/reference/react/Component#catching-rendering-errors-with-an-error-boundary) provide a way to gracefully handle an exception when it occurs within a React application. When such an exception occurs, it's likely that the exception needs to be logged. The React plug-in for Application Insights provides an error boundary component that automatically logs the exception when it occurs. ++```javascript +import React from "react"; +import { reactPlugin } from "./AppInsights"; +import { AppInsightsErrorBoundary } from "@microsoft/applicationinsights-react-js"; ++const App = () => { + return ( + <AppInsightsErrorBoundary onError={() => <h1>I believe something went wrong</h1>} appInsights={reactPlugin}> + /* app here */ + </AppInsightsErrorBoundary> + ); +}; +``` ++The `AppInsightsErrorBoundary` requires two props to be passed to it. They're the `ReactPlugin` instance created for the application and a component to be rendered when an exception occurs. When an unhandled exception occurs, `trackException` is called with the information provided to the error boundary, and the `onError` component appears. ++#### [React Native](#tab/reactnative) ++Exception tracking is enabled by default. If you want to disable it, set `disableExceptionCollection` to `true`. ++```javascript +import { ApplicationInsights } from '@microsoft/applicationinsights-web'; ++var RNPlugin = new ReactNativePlugin(); +var appInsights = new ApplicationInsights({ + config: { + connectionString: 'YOUR_CONNECTION_STRING_GOES_HERE', + disableExceptionCollection: true, + extensions: [RNPlugin] + } +}); +appInsights.loadAppInsights(); +``` ++#### [Angular](#tab/angular) ++To track uncaught exceptions, set up ApplicationinsightsAngularpluginErrorService in `app.module.ts`: ++> [!IMPORTANT] +> When using the ErrorService, there is an implicit dependency on the `@microsoft/applicationinsights-analytics-js` extension. you MUST include either the `'@microsoft/applicationinsights-web'` or include the `@microsoft/applicationinsights-analytics-js` extension. Otherwise, unhandled exceptions caught by the error service will not be sent. ++```js +import { ApplicationinsightsAngularpluginErrorService } from '@microsoft/applicationinsights-angularplugin-js'; ++@NgModule({ + ... + providers: [ + { + provide: ErrorHandler, + useClass: ApplicationinsightsAngularpluginErrorService + } + ] + ... +}) +export class AppModule { } +``` ++#### Chain more custom exception handlers ++Chain more custom exception handlers when you want to want the application to gracefully handle what would previously have been an unhandled exception, but you still want to report this exception as an application failure. ++To chain more custom exception handlers: ++1. Create custom exception handlers that implement IErrorService. ++ ```javascript + import { IErrorService } from '@microsoft/applicationinsights-angularplugin-js'; ++ export class CustomErrorHandler implements IErrorService { + handleError(error: any) { + ... + } + } + ``` ++1. Pass errorServices array through extensionConfig. ++ ```javascript + extensionConfig: { + [angularPlugin.identifier]: { + router: this.router, + error + } + } + ``` ++++### Collect device information ++#### [React](#tab/react) ++N/A ++> [!NOTE] +> The device information, which includes Browser, OS, version, and language, is already being collected by the Application Insights web package. ++#### [React Native](#tab/reactnative) ++In addition to user agent info from the browser, which is collected by Application Insights web package, React Native also collects device information. Device information is automatically collected when you add the plug-in. ++#### [Angular](#tab/angular) ++N/A ++> [!NOTE] +> The device information, which includes Browser, OS, version, and language, is already being collected by the Application Insights web package. ++++### Configuration (other) -### React router configuration +#### [React](#tab/react) ++#### Track router history | Name | Type | Required? | Default | Description | ||--|--||| var appInsights = new ApplicationInsights({ appInsights.loadAppInsights(); ``` -### React components usage tracking +#### Track components usage ++A feature that's unique to the React plug-in is that you're able to instrument specific components and track them individually. To instrument React components with usage tracking, apply the `withAITracking` higher-order component function. To enable Application Insights for a component, wrap `withAITracking` around the component: export default withAITracking(reactPlugin, MyComponent); It measures time from the [`ComponentDidMount`](https://react.dev/reference/react/Component#componentdidmount) event through the [`ComponentWillUnmount`](https://react.dev/reference/react/Component#componentwillunmount) event. To make the result more accurate, it subtracts the time in which the user was idle by using `React Component Engaged Time = ComponentWillUnmount timestamp - ComponentDidMount timestamp - idle time`. -#### Explore your data +##### Explore your data Use [Metrics Explorer](../essentials/metrics-getting-started.md) to plot a chart for the custom metric name `React Component Engaged Time (seconds)` and [split](../essentials/metrics-getting-started.md#apply-dimension-filters-and-splitting) this custom metric by `Component Name`. customMetrics > [!NOTE] > It can take up to 10 minutes for new custom metrics to appear in the Azure portal. -### Use React Hooks --[React Hooks](https://react.dev/reference/react) are an approach to state and lifecycle management in a React application without relying on class-based React components. The Application Insights React plug-in provides several Hooks integrations that operate in a similar way to the higher-order component approach. +#### Use Application Insights with React Context -#### Use React Context +We provide general hooks to allow you to customize the change tracking for individual components. Alternatively, you can use [useTrackMetric](#usetrackmetric) or [useTrackEvent](#usetrackevent), which are pre-defined contacts we provide for tracking the changes to components. The React Hooks for Application Insights are designed to use [React Context](https://react.dev/learn/passing-data-deeply-with-context) as a containing aspect for it. To use Context, initialize Application Insights, and then import the Context object: const MyComponent = () => { export default MyComponent; ``` -#### useTrackMetric +##### useTrackMetric The `useTrackMetric` Hook replicates the functionality of the `withAITracking` higher-order component, without adding another component to the component structure. The Hook takes two arguments: export default MyComponent; It operates like the higher-order component, but it responds to Hooks lifecycle events rather than a component lifecycle. If there's a need to run on particular interactions, the Hook needs to be explicitly provided to user events. -#### useTrackEvent +##### useTrackEvent -The `useTrackEvent` Hook is used to track any custom event that an application might need to track, such as a button click or other API call. It takes four arguments: +Use the `useTrackEvent` Hook to track any custom event that an application might need to track, such as a button click or other API call. It takes four arguments: - Application Insights instance, which can be obtained from the `useAppInsightsContext` Hook. - Name for the event. export default MyComponent; When the Hook is used, a data payload can be provided to it to add more data to the event when it's stored in Application Insights. -### React error boundaries --[React error boundaries](https://react.dev/reference/react/Component#catching-rendering-errors-with-an-error-boundary) provide a way to gracefully handle an exception when it occurs within a React application. When such an error occurs, it's likely that the exception needs to be logged. The React plug-in for Application Insights provides an error boundary component that automatically logs the error when it occurs. --```javascript -import React from "react"; -import { reactPlugin } from "./AppInsights"; -import { AppInsightsErrorBoundary } from "@microsoft/applicationinsights-react-js"; --const App = () => { - return ( - <AppInsightsErrorBoundary onError={() => <h1>I believe something went wrong</h1>} appInsights={reactPlugin}> - /* app here */ - </AppInsightsErrorBoundary> - ); -}; -``` --The `AppInsightsErrorBoundary` requires two props to be passed to it. They're the `ReactPlugin` instance created for the application and a component to be rendered when an error occurs. When an unhandled error occurs, `trackException` is called with the information provided to the error boundary, and the `onError` component appears. --### [React Native](#tab/reactnative) --### IDeviceInfoModule --Interface to abstract how the plugin can access the Device Info. This interface is a stripped down version of the `react-native-device-info` interface and is mostly supplied for testing. --```typescript -export interface IDeviceInfoModule { - /** - * Returns the Device Model - */ - getModel: () => string; -- /** - * Returns the device type - */ - getDeviceType: () => string; -- /** - * Returns the unique Id for the device. To support both the current version and previous - * versions react-native-device-info, this may return either a `string` or `Promise<string>`. - * When a promise is returned, the plugin will "wait" for the promise to `resolve` or `reject` - * before processing any events. This WILL cause telemetry to be BLOCKED until either of these - * states, so when returning a Promise, it MUST `resolve` or `reject`. Tt can't just never resolve. - * There is a default timeout configured via `uniqueIdPromiseTimeout` to automatically unblock - * event processing when this issue occurs. - */ - getUniqueId: () => Promise<string> | string; -} -``` --If events are getting "blocked" because the `Promise` returned via `getUniqueId` is never resolved / rejected, you can call `setDeviceId()` on the plugin to "unblock" this waiting state. There is also an automatic timeout configured via `uniqueIdPromiseTimeout` (defaults to 5 seconds), which will internally call `setDeviceId()` with any previously configured value. +#### [React Native](#tab/reactnative) -### Disable automatic device info collection +#### Disable automatic device info collection If you donΓÇÖt want to collect the device information, you can set `disableDeviceCollection` to `true`. var appInsights = new ApplicationInsights({ appInsights.loadAppInsights(); ``` -### Use your own device info collection class +#### Use your own device info collection class If you want to override your own deviceΓÇÖs information, you can use `myDeviceInfoModule` to collect your own device information. var appInsights = new ApplicationInsights({ appInsights.loadAppInsights(); ``` -### [Angular](#tab/angular) +#### Override the device information -### Track uncaught exceptions +Use the `IDeviceInfoModule` interface to abstract how the plug-in can access the Device Info. This interface is a stripped down version of the `react-native-device-info` interface and is mostly supplied for testing. -To track uncaught exceptions, set up ApplicationinsightsAngularpluginErrorService in `app.module.ts`: --> [!IMPORTANT] -> When using the ErrorService, there is an implicit dependency on the `@microsoft/applicationinsights-analytics-js` extension. you MUST include either the `'@microsoft/applicationinsights-web'` or include the `@microsoft/applicationinsights-analytics-js` extension. Otherwise, unhandled errors caught by the error service will not be sent. +```typescript +export interface IDeviceInfoModule { + /** + * Returns the Device Model + */ + getModel: () => string; -```js -import { ApplicationinsightsAngularpluginErrorService } from '@microsoft/applicationinsights-angularplugin-js'; + /** + * Returns the device type + */ + getDeviceType: () => string; -@NgModule({ - ... - providers: [ - { - provide: ErrorHandler, - useClass: ApplicationinsightsAngularpluginErrorService - } - ] - ... -}) -export class AppModule { } + /** + * Returns the unique Id for the device. To support both the current version and previous + * versions react-native-device-info, this may return either a `string` or `Promise<string>`. + * When a promise is returned, the plugin will "wait" for the promise to `resolve` or `reject` + * before processing any events. This WILL cause telemetry to be BLOCKED until either of these + * states, so when returning a Promise, it MUST `resolve` or `reject`. Tt can't just never resolve. + * There is a default timeout configured via `uniqueIdPromiseTimeout` to automatically unblock + * event processing when this issue occurs. + */ + getUniqueId: () => Promise<string> | string; +} ``` -### Chain more custom error handlers +If events are getting "blocked" because the `Promise` returned via `getUniqueId` is never resolved / rejected, you can call `setDeviceId()` on the plugin to "unblock" this waiting state. There is also an automatic timeout configured via `uniqueIdPromiseTimeout` (defaults to 5 seconds), which will internally call `setDeviceId()` with any previously configured value. -To chain more custom error handlers: +#### [Angular](#tab/angular) -1. Create custom error handlers that implement IErrorService. +#### Track router history - ```javascript - import { IErrorService } from '@microsoft/applicationinsights-angularplugin-js'; +| Name | Type | Required? | Default | Description | +||--|--||| +| router | object | Optional | null | Angular router for enabling Application Insights PageView tracking. | - export class CustomErrorHandler implements IErrorService { - handleError(error: any) { - ... - } - } - ``` +The following code example shows how to enable tracking of router history. -1. Pass errorServices array through extensionConfig. +```javascript +import { Component } from '@angular/core'; +import { ApplicationInsights } from '@microsoft/applicationinsights-web'; +import { AngularPlugin } from '@microsoft/applicationinsights-angularplugin-js'; +import { Router } from '@angular/router'; - ```javascript - extensionConfig: { - [angularPlugin.identifier]: { - router: this.router, - error - } - } - ``` +++@Component({ + selector: 'app-root', + templateUrl: './app.component.html', + styleUrls: ['./app.component.css'] +}) +export class AppComponent { + constructor( + private router: Router + ){ + var angularPlugin = new AngularPlugin(); + const appInsights = new ApplicationInsights({ config: { + connectionString: 'YOUR_CONNECTION_STRING', + extensions: [angularPlugin], + extensionConfig: { + [angularPlugin.identifier]: { router: this.router } + } + } }); + appInsights.loadAppInsights(); + } +} +``` |
| azure-monitor | Javascript Sdk Configuration | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/app/javascript-sdk-configuration.md | These configuration fields are optional and default to false unless otherwise st | distributedTracingMode | numeric or `DistributedTracingModes` | `DistributedTracingModes.AI_AND_W3C` | Sets the distributed tracing mode. If AI_AND_W3C mode or W3C mode is set, W3C trace context headers (traceparent/tracestate) are generated and included in all outgoing requests. AI_AND_W3C is provided for back-compatibility with any legacy Application Insights instrumented services. | enableAjaxErrorStatusText | boolean | false | Default false. If true, include response error data text boolean in dependency event on failed AJAX requests. | | enableAjaxPerfTracking | boolean | false | Default false. Flag to enable looking up and including extra browser window.performance timings in the reported Ajax (XHR and fetch) reported metrics.-| enableAutoRouteTracking | boolean | false | Automatically track route changes in Single Page Applications (SPA). If true, each route change sends a new Pageview to Application Insights. Hash route changes (`example.com/foo#bar`) are also recorded as new page views.<br>***Note***: If you enable this field, don't enable the `history` object for [React router configuration](./javascript-framework-extensions.md?tabs=react#react-router-configuration) because you'll get multiple page view events. +| enableAutoRouteTracking | boolean | false | Automatically track route changes in Single Page Applications (SPA). If true, each route change sends a new Pageview to Application Insights. Hash route changes (`example.com/foo#bar`) are also recorded as new page views.<br>***Note***: If you enable this field, don't enable the `history` object for [React router configuration](./javascript-framework-extensions.md?tabs=react#track-router-history) because you'll get multiple page view events. | enableCorsCorrelation | boolean | false | If true, the SDK adds two headers ('Request-Id' and 'Request-Context') to all CORS requests to correlate outgoing AJAX dependencies with corresponding requests on the server side. Default is false | | enableDebug | boolean | false | If true, **internal** debugging data is thrown as an exception **instead** of being logged, regardless of SDK logging settings. Default is false. <br>***Note:*** Enabling this setting results in dropped telemetry whenever an internal error occurs. It can be useful for quickly identifying issues with your configuration or usage of the SDK. If you don't want to lose telemetry while debugging, consider using `loggingLevelConsole` or `loggingLevelTelemetry` instead of `enableDebug`. | | enablePerfMgr | boolean | false | When enabled (true) it creates local perfEvents for code that has been instrumented to emit perfEvents (via the doPerf() helper). It can be used to identify performance issues within the SDK based on your usage or optionally within your own instrumented code. |
| azure-monitor | Nodejs | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/app/nodejs.md | Before you begin, make sure that you have an Azure subscription, or [get a new o ### <a name="resource"></a> Set up an Application Insights resource -1. Sign in to the [Azure portal][portal]. +1. Sign in to the [Azure portal](https://portal.azure.com). 1. Create an [Application Insights resource](create-new-resource.md). [!INCLUDE [azure-monitor-log-analytics-rebrand](../../../includes/azure-monitor-instrumentation-key-deprecation.md)] Include the SDK in your app so that it can gather data. The SDK automatically gathers telemetry about the Node.js runtime and some common third-party modules. Use your application to generate some of this data. -Then, in the [Azure portal][portal] go to the Application Insights resource that you created earlier. In the **Overview timeline**, look for your first few data points. To see more detailed data, select different components in the charts. +Then, in the [Azure portal](https://portal.azure.com) go to the Application Insights resource that you created earlier. In the **Overview timeline**, look for your first few data points. To see more detailed data, select different components in the charts. To view the topology that's discovered for your app, you can use [Application Map](app-map.md). process.env.APPLICATIONINSIGHTS_LOGDIR = "C:\\applicationinsights\\logs"; <!--references--> -[portal]: https://portal.azure.com/ [FAQ]: ../faq.yml |
| azure-monitor | Resources Roles Access Control | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/app/resources-roles-access-control.md | You can control who has read and update access to your data in [Application Insi First, let's define some terms: * **Resource**: An instance of an Azure service. Your Application Insights resource collects, analyzes, and displays the telemetry data sent from your application. Other types of Azure resources include web apps, databases, and VMs.- - To see your resources, open the [Azure portal][portal], sign in, and select **All resources**. To find a resource, enter part of its name in the filter field. - ++ To see your resources, open the [Azure portal](https://portal.azure.com), sign in, and select **All resources**. To find a resource, enter part of its name in the filter field. + :::image type="content" source="./media/resources-roles-access-control/10-browse.png" lightbox="./media/resources-roles-access-control/10-browse.png" alt-text="Screenshot that shows a list of Azure resources."::: <a name="resource-group"></a> $resourceGroup = "RGNAME" [account]: https://account.microsoft.com [group]: ../../azure-resource-manager/management/overview.md-[portal]: https://portal.azure.com/ [start]: ./app-insights-overview.md |
| azure-monitor | Metrics Getting Started | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/essentials/metrics-getting-started.md | By default, the chart shows the most recent 24 hours of metrics data. Use the ** [Filtering](../essentials/metrics-charts.md#filters) and [splitting](../essentials/metrics-charts.md#apply-splitting) are powerful diagnostic tools for the metrics that have dimensions. These features show how various metric segments or dimensions affect the overall value of the metric. You can use them to identify possible outliers. For example - **Filtering** lets you choose which dimension values are included in the chart. For example, you might want to show successful requests when you chart the *server response time* metric. You apply the filter on the *success of request* dimension.-- **Splitting** controls whether the chart displays separate lines for each value of a dimension or aggregates the values into a single line. For example, you can see one line for an average CPU usage across all server instances, or you can see separate lines for each server. The image blow shows splitting a Virtual Machine Scale Set to see each virtual machine separately.+- **Splitting** controls whether the chart displays separate lines for each value of a dimension or aggregates the values into a single line. For example, you can see one line for an average CPU usage across all server instances, or you can see separate lines for each server. The following image shows splitting a Virtual Machine Scale Set to see each virtual machine separately. :::image type="content" source="./media/metrics-getting-started/split-metrics.png" alt-text="{alt-text}"::: |
| azure-monitor | Metrics Supported | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/essentials/metrics-supported.md | - Title: Azure Monitor supported metrics by resource type -description: List of metrics available for each resource type with Azure Monitor. ---- Previously updated : 07/18/2023-----# Supported metrics with Azure Monitor --> [!NOTE] -> This list is largely auto-generated. Any modification made to this list via GitHub might be written over without warning. Contact the author of this article for details on how to make permanent updates. --Date list was last updated: 07/18/2023. --Azure Monitor provides several ways to interact with metrics, including charting them in the Azure portal, accessing them through the REST API, or querying them by using PowerShell or the Azure CLI (Command Line Interface). --This article is a complete list of all platform (that is, automatically collected) metrics currently available with the consolidated metric pipeline in Azure Monitor. Metrics changed or added after the date at the top of this article might not yet appear in the list. To query for and access the list of metrics programmatically, use the [2018-01-01 api-version](/rest/api/monitor/metricdefinitions). Other metrics not in this list might be available in the portal or through legacy APIs. --The metrics are organized by resource provider and resource type. For a list of services and the resource providers and types that belong to them, see [Resource providers for Azure services](../../azure-resource-manager/management/azure-services-resource-providers.md). --## Exporting platform metrics to other locations --You can export the platform metrics from the Azure monitor pipeline to other locations in one of two ways: --- Use the [metrics REST API](/rest/api/monitor/metrics/list).-- Use [diagnostic settings](../essentials/diagnostic-settings.md) to route platform metrics to: - - Azure Storage. - - Azure Monitor Logs (and thus Log Analytics). - - Event hubs, which is how you get them to non-Microsoft systems. --Using diagnostic settings is the easiest way to route the metrics, but there are some limitations: --- **Exportability**. All metrics are exportable through the REST API, but some can't be exported through diagnostic settings because of intricacies in the Azure Monitor back end. The column "Exportable via Diagnostic Settings" in the following tables lists which metrics can be exported in this way. --- **Multi-dimensional metrics**. Sending multi-dimensional metrics to other locations via diagnostic settings is not currently supported. Metrics with dimensions are exported as flattened single-dimensional metrics, aggregated across dimension values. -- For example, the *Incoming Messages* metric on an event hub can be explored and charted on a per-queue level. But when the metric is exported via diagnostic settings, it will be represented as all incoming messages across all queues in the event hub. --## Guest OS and host OS metrics --Metrics for the guest operating system (guest OS) that runs in Azure Virtual Machines, Service Fabric, and Cloud Services are *not* listed here. Guest OS metrics must be collected through one or more agents that run on or as part of the guest operating system. Guest OS metrics include performance counters that track guest CPU percentage or memory usage, both of which are frequently used for autoscaling or alerting. --Host OS metrics *are* available and listed in the tables. Host OS metrics relate to the Hyper-V session that's hosting your guest OS session. --> [!TIP] -> A best practice is to use and configure the Azure Monitor agent to send guest OS performance metrics into the same Azure Monitor metric database where platform metrics are stored. The agent routes guest OS metrics through the [custom metrics](../essentials/metrics-custom-overview.md) API. You can then chart, alert, and otherwise use guest OS metrics like platform metrics. -> -> Alternatively or in addition, you can send the guest OS metrics to Azure Monitor Logs by using the same agent. There you can query on those metrics in combination with non-metric data by using Log Analytics. Standard [Log Analytics workspace costs](https://azure.microsoft.com/pricing/details/monitor/) would then apply. --The Azure Monitor agent replaces the Azure Diagnostics extension and Log Analytics agent, which were previously used for guest OS routing. For important additional information, see [Overview of Azure Monitor agents](../agents/agents-overview.md). --## Table formatting --This latest update adds a new column and reorders the metrics to be alphabetical. The additional information means that the tables might have a horizontal scroll bar at the bottom, depending on the width of your browser window. If you seem to be missing information, use the scroll bar to see the entirety of the table. --## Microsoft.AAD/DomainServices -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|\DirectoryServices(NTDS)\LDAP Searches/sec |Yes |NTDS - LDAP Searches/sec |CountPerSecond |Average |This metric indicates the average number of searches per second for the NTDS object. It is backed by performance counter data from the domain controller, and can be filtered or splitted by role instance. |DataCenter, Tenant, Role, RoleInstance, ScaleUnit | -|\DirectoryServices(NTDS)\LDAP Successful Binds/sec |Yes |NTDS - LDAP Successful Binds/sec |CountPerSecond |Average |This metric indicates the number of LDAP successful binds per second for the NTDS object. It is backed by performance counter data from the domain controller, and can be filtered or splitted by role instance. |DataCenter, Tenant, Role, RoleInstance, ScaleUnit | -|\DNS\Total Query Received/sec |Yes |DNS - Total Query Received/sec |CountPerSecond |Average |This metric indicates the average number of queries received by DNS server in each second. It is backed by performance counter data from the domain controller, and can be filtered or splitted by role instance. |DataCenter, Tenant, Role, RoleInstance, ScaleUnit | -|\DNS\Total Response Sent/sec |Yes |Total Response Sent/sec |CountPerSecond |Average |This metric indicates the average number of reponses sent by DNS server in each second. It is backed by performance counter data from the domain controller, and can be filtered or splitted by role instance. |DataCenter, Tenant, Role, RoleInstance, ScaleUnit | -|\Memory\% Committed Bytes In Use |Yes |% Committed Bytes In Use |Percent |Average |This metric indicates the ratio of Memory\Committed Bytes to the Memory\Commit Limit. Committed memory is the physical memory in use for which space has been reserved in the paging file should it need to be written to disk. The commit limit is determined by the size of the paging file. If the paging file is enlarged, the commit limit increases, and the ratio is reduced. This counter displays the current percentage value only; it is not an average. It is backed by performance counter data from the domain controller, and can be filtered or splitted by role instance. |DataCenter, Tenant, Role, RoleInstance, ScaleUnit | -|\Process(dns)\% Processor Time |Yes |% Processor Time (dns) |Percent |Average |This metric indicates the percentage of elapsed time that all of dns process threads used the processor to execute instructions. An instruction is the basic unit of execution in a computer, a thread is the object that executes instructions, and a process is the object created when a program is run. Code executed to handle some hardware interrupts and trap conditions are included in this count. It is backed by performance counter data from the domain controller, and can be filtered or splitted by role instance. |DataCenter, Tenant, Role, RoleInstance, ScaleUnit | -|\Process(lsass)\% Processor Time |Yes |% Processor Time (lsass) |Percent |Average |This metric indicates the percentage of elapsed time that all of lsass process threads used the processor to execute instructions. An instruction is the basic unit of execution in a computer, a thread is the object that executes instructions, and a process is the object created when a program is run. Code executed to handle some hardware interrupts and trap conditions are included in this count. It is backed by performance counter data from the domain controller, and can be filtered or splitted by role instance. |DataCenter, Tenant, Role, RoleInstance, ScaleUnit | -|\Processor(_Total)\% Processor Time |Yes |Total Processor Time |Percent |Average |This metric indicates the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processor has an idle thread that consumes cycles when no other threads are ready to run). This counter is the primary indicator of processor activity, and displays the average percentage of busy time observed during the sample interval. It should be noted that the accounting calculation of whether the processor is idle is performed at an internal sampling interval of the system clock (10ms). On todays fast processors, % Processor Time can therefore underestimate the processor utilization as the processor may be spending a lot of time servicing threads between the system clock sampling interval. Workload based timer applications are one example of applications which are more likely to be measured inaccurately as timers are signaled just after the sample is taken. It is backed by performance counter data from the domain controller, and can be filtered or splitted by role instance. |DataCenter, Tenant, Role, RoleInstance, ScaleUnit | -|\Security System-Wide Statistics\Kerberos Authentications |Yes |Kerberos Authentications |CountPerSecond |Average |This metric indicates the number of times that clients use a ticket to authenticate to this computer per second. It is backed by performance counter data from the domain controller, and can be filtered or splitted by role instance. |DataCenter, Tenant, Role, RoleInstance, ScaleUnit | -|\Security System-Wide Statistics\NTLM Authentications |Yes |NTLM Authentications |CountPerSecond |Average |This metric indicates the number of NTLM authentications processed per second for the Active Directory on this domain contrller or for local accounts on this member server. It is backed by performance counter data from the domain controller, and can be filtered or splitted by role instance. |DataCenter, Tenant, Role, RoleInstance, ScaleUnit | --## Microsoft.AnalysisServices/servers -<!-- Data source : arm--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|CleanerCurrentPrice |Yes |Memory: Cleaner Current Price |Count |Average |Current price of memory, $/byte/time, normalized to 1000. |ServerResourceType | -|CleanerMemoryNonshrinkable |Yes |Memory: Cleaner Memory nonshrinkable |Bytes |Average |Amount of memory, in bytes, not subject to purging by the background cleaner. |ServerResourceType | -|CleanerMemoryShrinkable |Yes |Memory: Cleaner Memory shrinkable |Bytes |Average |Amount of memory, in bytes, subject to purging by the background cleaner. |ServerResourceType | -|CommandPoolBusyThreads |Yes |Threads: Command pool busy threads |Count |Average |Number of busy threads in the command thread pool. |ServerResourceType | -|CommandPoolIdleThreads |Yes |Threads: Command pool idle threads |Count |Average |Number of idle threads in the command thread pool. |ServerResourceType | -|CommandPoolJobQueueLength |Yes |Command Pool Job Queue Length |Count |Average |Number of jobs in the queue of the command thread pool. |ServerResourceType | -|CurrentConnections |Yes |Connection: Current connections |Count |Average |Current number of client connections established. |ServerResourceType | -|CurrentUserSessions |Yes |Current User Sessions |Count |Average |Current number of user sessions established. |ServerResourceType | -|LongParsingBusyThreads |Yes |Threads: Long parsing busy threads |Count |Average |Number of busy threads in the long parsing thread pool. |ServerResourceType | -|LongParsingIdleThreads |Yes |Threads: Long parsing idle threads |Count |Average |Number of idle threads in the long parsing thread pool. |ServerResourceType | -|LongParsingJobQueueLength |Yes |Threads: Long parsing job queue length |Count |Average |Number of jobs in the queue of the long parsing thread pool. |ServerResourceType | -|mashup_engine_memory_metric |Yes |M Engine Memory |Bytes |Average |Memory usage by mashup engine processes |ServerResourceType | -|mashup_engine_private_bytes_metric |Yes |M Engine Private Bytes |Bytes |Average |Private bytes usage by mashup engine processes. |ServerResourceType | -|mashup_engine_qpu_metric |Yes |M Engine QPU |Count |Average |QPU usage by mashup engine processes |ServerResourceType | -|mashup_engine_virtual_bytes_metric |Yes |M Engine Virtual Bytes |Bytes |Average |Virtual bytes usage by mashup engine processes. |ServerResourceType | -|memory_metric |Yes |Memory |Bytes |Average |Memory. Range 0-25 GB for S1, 0-50 GB for S2 and 0-100 GB for S4 |ServerResourceType | -|memory_thrashing_metric |Yes |Memory Thrashing |Percent |Average |Average memory thrashing. |ServerResourceType | -|MemoryLimitHard |Yes |Memory: Memory Limit Hard |Bytes |Average |Hard memory limit, from configuration file. |ServerResourceType | -|MemoryLimitHigh |Yes |Memory: Memory Limit High |Bytes |Average |High memory limit, from configuration file. |ServerResourceType | -|MemoryLimitLow |Yes |Memory: Memory Limit Low |Bytes |Average |Low memory limit, from configuration file. |ServerResourceType | -|MemoryLimitVertiPaq |Yes |Memory: Memory Limit VertiPaq |Bytes |Average |In-memory limit, from configuration file. |ServerResourceType | -|MemoryUsage |Yes |Memory: Memory Usage |Bytes |Average |Memory usage of the server process as used in calculating cleaner memory price. Equal to counter Process\PrivateBytes plus the size of memory-mapped data, ignoring any memory which was mapped or allocated by the xVelocity in-memory analytics engine (VertiPaq) in excess of the xVelocity engine Memory Limit. |ServerResourceType | -|private_bytes_metric |Yes |Private Bytes |Bytes |Average |Private bytes. |ServerResourceType | -|ProcessingPoolBusyIOJobThreads |Yes |Threads: Processing pool busy I/O job threads |Count |Average |Number of threads running I/O jobs in the processing thread pool. |ServerResourceType | -|ProcessingPoolBusyNonIOThreads |Yes |Threads: Processing pool busy non-I/O threads |Count |Average |Number of threads running non-I/O jobs in the processing thread pool. |ServerResourceType | -|ProcessingPoolIdleIOJobThreads |Yes |Threads: Processing pool idle I/O job threads |Count |Average |Number of idle threads for I/O jobs in the processing thread pool. |ServerResourceType | -|ProcessingPoolIdleNonIOThreads |Yes |Threads: Processing pool idle non-I/O threads |Count |Average |Number of idle threads in the processing thread pool dedicated to non-I/O jobs. |ServerResourceType | -|ProcessingPoolIOJobQueueLength |Yes |Threads: Processing pool I/O job queue length |Count |Average |Number of I/O jobs in the queue of the processing thread pool. |ServerResourceType | -|ProcessingPoolJobQueueLength |Yes |Processing Pool Job Queue Length |Count |Average |Number of non-I/O jobs in the queue of the processing thread pool. |ServerResourceType | -|qpu_metric |Yes |QPU |Count |Average |QPU. Range 0-100 for S1, 0-200 for S2 and 0-400 for S4 |ServerResourceType | -|QueryPoolBusyThreads |Yes |Query Pool Busy Threads |Count |Average |Number of busy threads in the query thread pool. |ServerResourceType | -|QueryPoolIdleThreads |Yes |Threads: Query pool idle threads |Count |Average |Number of idle threads for I/O jobs in the processing thread pool. |ServerResourceType | -|QueryPoolJobQueueLength |Yes |Threads: Query pool job queue lengt |Count |Average |Number of jobs in the queue of the query thread pool. |ServerResourceType | -|Quota |Yes |Memory: Quota |Bytes |Average |Current memory quota, in bytes. Memory quota is also known as a memory grant or memory reservation. |ServerResourceType | -|QuotaBlocked |Yes |Memory: Quota Blocked |Count |Average |Current number of quota requests that are blocked until other memory quotas are freed. |ServerResourceType | -|RowsConvertedPerSec |Yes |Processing: Rows converted per sec |CountPerSecond |Average |Rate of rows converted during processing. |ServerResourceType | -|RowsReadPerSec |Yes |Processing: Rows read per sec |CountPerSecond |Average |Rate of rows read from all relational databases. |ServerResourceType | -|RowsWrittenPerSec |Yes |Processing: Rows written per sec |CountPerSecond |Average |Rate of rows written during processing. |ServerResourceType | -|ShortParsingBusyThreads |Yes |Threads: Short parsing busy threads |Count |Average |Number of busy threads in the short parsing thread pool. |ServerResourceType | -|ShortParsingIdleThreads |Yes |Threads: Short parsing idle threads |Count |Average |Number of idle threads in the short parsing thread pool. |ServerResourceType | -|ShortParsingJobQueueLength |Yes |Threads: Short parsing job queue length |Count |Average |Number of jobs in the queue of the short parsing thread pool. |ServerResourceType | -|SuccessfullConnectionsPerSec |Yes |Successful Connections Per Sec |CountPerSecond |Average |Rate of successful connection completions. |ServerResourceType | -|TotalConnectionFailures |Yes |Total Connection Failures |Count |Average |Total failed connection attempts. |ServerResourceType | -|TotalConnectionRequests |Yes |Total Connection Requests |Count |Average |Total connection requests. These are arrivals. |ServerResourceType | -|VertiPaqNonpaged |Yes |Memory: VertiPaq Nonpaged |Bytes |Average |Bytes of memory locked in the working set for use by the in-memory engine. |ServerResourceType | -|VertiPaqPaged |Yes |Memory: VertiPaq Paged |Bytes |Average |Bytes of paged memory in use for in-memory data. |ServerResourceType | -|virtual_bytes_metric |Yes |Virtual Bytes |Bytes |Average |Virtual bytes. |ServerResourceType | --## Microsoft.ApiManagement/service -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|BackendDuration |Yes |Duration of Backend Requests |MilliSeconds |Average |Duration of Backend Requests in milliseconds |Location, Hostname | -|Capacity |Yes |Capacity |Percent |Average |Utilization metric for ApiManagement service. Note: For skus other than Premium, 'Max' aggregation will show the value as 0. |Location | -|ConnectionAttempts |Yes |WebSocket Connection Attempts (Preview) |Count |Total |Count of WebSocket connection attempts based on selected source and destination |Location, Source, Destination, State | -|Duration |Yes |Overall Duration of Gateway Requests |MilliSeconds |Average |Overall Duration of Gateway Requests in milliseconds |Location, Hostname | -|EventHubDroppedEvents |Yes |Dropped EventHub Events |Count |Total |Number of events skipped because of queue size limit reached |Location | -|EventHubRejectedEvents |Yes |Rejected EventHub Events |Count |Total |Number of rejected EventHub events (wrong configuration or unauthorized) |Location | -|EventHubSuccessfulEvents |Yes |Successful EventHub Events |Count |Total |Number of successful EventHub events |Location | -|EventHubThrottledEvents |Yes |Throttled EventHub Events |Count |Total |Number of throttled EventHub events |Location | -|EventHubTimedoutEvents |Yes |Timed Out EventHub Events |Count |Total |Number of timed out EventHub events |Location | -|EventHubTotalBytesSent |Yes |Size of EventHub Events |Bytes |Total |Total size of EventHub events in bytes |Location | -|EventHubTotalEvents |Yes |Total EventHub Events |Count |Total |Number of events sent to EventHub |Location | -|EventHubTotalFailedEvents |Yes |Failed EventHub Events |Count |Total |Number of failed EventHub events |Location | -|FailedRequests |Yes |Failed Gateway Requests (Deprecated) |Count |Total |Number of failures in gateway requests - Use multi-dimension request metric with GatewayResponseCodeCategory dimension instead |Location, Hostname | -|NetworkConnectivity |Yes |Network Connectivity Status of Resources (Preview) |Count |Average |Network Connectivity status of dependent resource types from API Management service |Location, ResourceType | -|OtherRequests |Yes |Other Gateway Requests (Deprecated) |Count |Total |Number of other gateway requests - Use multi-dimension request metric with GatewayResponseCodeCategory dimension instead |Location, Hostname | -|Requests |Yes |Requests |Count |Total |Gateway request metrics with multiple dimensions |Location, Hostname, LastErrorReason, BackendResponseCode, GatewayResponseCode, BackendResponseCodeCategory, GatewayResponseCodeCategory | -|SuccessfulRequests |Yes |Successful Gateway Requests (Deprecated) |Count |Total |Number of successful gateway requests - Use multi-dimension request metric with GatewayResponseCodeCategory dimension instead |Location, Hostname | -|TotalRequests |Yes |Total Gateway Requests (Deprecated) |Count |Total |Number of gateway requests - Use multi-dimension request metric with GatewayResponseCodeCategory dimension instead |Location, Hostname | -|UnauthorizedRequests |Yes |Unauthorized Gateway Requests (Deprecated) |Count |Total |Number of unauthorized gateway requests - Use multi-dimension request metric with GatewayResponseCodeCategory dimension instead |Location, Hostname | -|WebSocketMessages |Yes |WebSocket Messages (Preview) |Count |Total |Count of WebSocket messages based on selected source and destination |Location, Source, Destination | --## Microsoft.App/containerapps -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|CoresQuotaUsed |Yes |Reserved Cores |Count |Maximum |Number of reserved cores for container app revisions |revisionName | -|Replicas |Yes |Replica Count |Count |Maximum |Number of replicas count of container app |revisionName | -|Requests |Yes |Requests |Count |Total |Requests processed |revisionName, podName, statusCodeCategory, statusCode | -|RestartCount |Yes |Replica Restart Count |Count |Maximum |Restart count of container app replicas |revisionName, podName | -|RxBytes |Yes |Network In Bytes |Bytes |Total |Network received bytes |revisionName, podName | -|TotalCoresQuotaUsed |Yes |Total Reserved Cores |Count |Average |Number of total reserved cores for the container app |No Dimensions | -|TxBytes |Yes |Network Out Bytes |Bytes |Total |Network transmitted bytes |revisionName, podName | -|UsageNanoCores |Yes |CPU Usage |NanoCores |Average |CPU consumed by the container app, in nano cores. 1,000,000,000 nano cores = 1 core |revisionName, podName | -|WorkingSetBytes |Yes |Memory Working Set Bytes |Bytes |Average |Container App working set memory used in bytes. |revisionName, podName | --## Microsoft.App/managedEnvironments -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|EnvCoresQuotaLimit |Yes |Cores Quota Limit |Count |Average |The cores quota limit of managed environment |No Dimensions | -|EnvCoresQuotaUtilization |Yes |Percentage Cores Used Out Of Limit |Percent |Average |The cores quota utilization of managed environment |No Dimensions | --## Microsoft.AppConfiguration/configurationStores -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|DailyStorageUsage |Yes |DailyStorageUsage |Percent |Maximum |Total storage usage of the store in percentage. Updated at minimum every 24 hours. |No Dimensions | -|HttpIncomingRequestCount |Yes |HttpIncomingRequestCount |Count |Total |Total number of incoming http requests. |StatusCode, Authentication, Endpoint | -|HttpIncomingRequestDuration |Yes |HttpIncomingRequestDuration |Count |Average |Latency on an http request. |StatusCode, Authentication, Endpoint | -|ThrottledHttpRequestCount |Yes |ThrottledHttpRequestCount |Count |Total |Throttled http requests. |Endpoint | --## Microsoft.AppPlatform/Spring -<!-- Data source : arm--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|active-timer-count |Yes |active-timer-count |Count |Average |Number of timers that are currently active |Deployment, AppName, Pod | -|alloc-rate |Yes |alloc-rate |Bytes |Average |Number of bytes allocated in the managed heap |Deployment, AppName, Pod | -|AppCpuUsage |Yes |App CPU Usage (Deprecated) |Percent |Average |The recent CPU usage for the app. This metric is being deprecated. Please use "App CPU Usage" with metric id "PodCpuUsage". |Deployment, AppName, Pod | -|assembly-count |Yes |assembly-count |Count |Average |Number of Assemblies Loaded |Deployment, AppName, Pod | -|cpu-usage |Yes |cpu-usage |Percent |Average |% time the process has utilized the CPU |Deployment, AppName, Pod | -|current-requests |Yes |current-requests |Count |Average |Total number of requests in processing in the lifetime of the process |Deployment, AppName, Pod | -|exception-count |Yes |exception-count |Count |Total |Number of Exceptions |Deployment, AppName, Pod | -|failed-requests |Yes |failed-requests |Count |Average |Total number of failed requests in the lifetime of the process |Deployment, AppName, Pod | -|GatewayHttpServerRequestsMilliSecondsMax |Yes |Max time of requests |Milliseconds |Maximum |The max time of requests |Pod, httpStatusCode, outcome, httpMethod | -|GatewayHttpServerRequestsMilliSecondsSum |Yes |Total time of requests |Milliseconds |Total |The total time of requests |Pod, httpStatusCode, outcome, httpMethod | -|GatewayHttpServerRequestsSecondsCount |Yes |Request count |Count |Total |The number of requests |Pod, httpStatusCode, outcome, httpMethod | -|GatewayJvmGcLiveDataSizeBytes |Yes |jvm.gc.live.data.size |Bytes |Average |Size of old generation memory pool after a full GC |Pod | -|GatewayJvmGcMaxDataSizeBytes |Yes |jvm.gc.max.data.size |Bytes |Maximum |Max size of old generation memory pool |Pod | -|GatewayJvmGcMemoryAllocatedBytesTotal |Yes |jvm.gc.memory.allocated |Bytes |Maximum |Incremented for an increase in the size of the young generation memory pool after one GC to before the next |Pod | -|GatewayJvmGcMemoryPromotedBytesTotal |Yes |jvm.gc.memory.promoted |Bytes |Maximum |Count of positive increases in the size of the old generation memory pool before GC to after GC |Pod | -|GatewayJvmGcPauseSecondsCount |Yes |jvm.gc.pause.total.count |Count |Total |GC Pause Count |Pod | -|GatewayJvmGcPauseSecondsMax |Yes |jvm.gc.pause.max.time |Seconds |Maximum |GC Pause Max Time |Pod | -|GatewayJvmGcPauseSecondsSum |Yes |jvm.gc.pause.total.time |Seconds |Total |GC Pause Total Time |Pod | -|GatewayJvmMemoryCommittedBytes |Yes |jvm.memory.committed |Bytes |Average |Memory assigned to JVM in bytes |Pod | -|GatewayJvmMemoryUsedBytes |Yes |jvm.memory.used |Bytes |Average |Memory Used in bytes |Pod | -|GatewayProcessCpuUsage |Yes |process.cpu.usage |Percent |Average |The recent CPU usage for the JVM process |Pod | -|GatewayRatelimitThrottledCount |Yes |Throttled requests count |Count |Total |The count of the throttled requests |Pod | -|GatewaySystemCpuUsage |Yes |system.cpu.usage |Percent |Average |The recent CPU usage for the whole system |Pod | -|gc-heap-size |Yes |gc-heap-size |Count |Average |Total heap size reported by the GC (MB) |Deployment, AppName, Pod | -|gen-0-gc-count |Yes |gen-0-gc-count |Count |Average |Number of Gen 0 GCs |Deployment, AppName, Pod | -|gen-0-size |Yes |gen-0-size |Bytes |Average |Gen 0 Heap Size |Deployment, AppName, Pod | -|gen-1-gc-count |Yes |gen-1-gc-count |Count |Average |Number of Gen 1 GCs |Deployment, AppName, Pod | -|gen-1-size |Yes |gen-1-size |Bytes |Average |Gen 1 Heap Size |Deployment, AppName, Pod | -|gen-2-gc-count |Yes |gen-2-gc-count |Count |Average |Number of Gen 2 GCs |Deployment, AppName, Pod | -|gen-2-size |Yes |gen-2-size |Bytes |Average |Gen 2 Heap Size |Deployment, AppName, Pod | -|IngressBytesReceived |Yes |Bytes Received |Bytes |Average |Count of bytes received by Azure Spring Apps from the clients |Hostname, HttpStatus | -|IngressBytesReceivedRate |Yes |Throughput In (bytes/s) |BytesPerSecond |Average |Bytes received per second by Azure Spring Apps from the clients |Hostname, HttpStatus | -|IngressBytesSent |Yes |Bytes Sent |Bytes |Average |Count of bytes sent by Azure Spring Apps to the clients |Hostname, HttpStatus | -|IngressBytesSentRate |Yes |Throughput Out (bytes/s) |BytesPerSecond |Average |Bytes sent per second by Azure Spring Apps to the clients |Hostname, HttpStatus | -|IngressFailedRequests |Yes |Failed Requests |Count |Average |Count of failed requests by Azure Spring Apps from the clients |Hostname, HttpStatus | -|IngressRequests |Yes |Requests |Count |Average |Count of requests by Azure Spring Apps from the clients |Hostname, HttpStatus | -|IngressResponseStatus |Yes |Response Status |Count |Average |HTTP response status returned by Azure Spring Apps. The response status code distribution can be further categorized to show responses in 2xx, 3xx, 4xx, and 5xx categories |Hostname, HttpStatus | -|IngressResponseTime |Yes |Response Time |Seconds |Average |Http response time return by Azure Spring Apps |Hostname, HttpStatus | -|jvm.gc.live.data.size |Yes |jvm.gc.live.data.size |Bytes |Average |Size of old generation memory pool after a full GC |Deployment, AppName, Pod | -|jvm.gc.max.data.size |Yes |jvm.gc.max.data.size |Bytes |Average |Max size of old generation memory pool |Deployment, AppName, Pod | -|jvm.gc.memory.allocated |Yes |jvm.gc.memory.allocated |Bytes |Maximum |Incremented for an increase in the size of the young generation memory pool after one GC to before the next |Deployment, AppName, Pod | -|jvm.gc.memory.promoted |Yes |jvm.gc.memory.promoted |Bytes |Maximum |Count of positive increases in the size of the old generation memory pool before GC to after GC |Deployment, AppName, Pod | -|jvm.gc.pause.total.count |Yes |jvm.gc.pause.total.count |Count |Total |GC Pause Count |Deployment, AppName, Pod | -|jvm.gc.pause.total.time |Yes |jvm.gc.pause.total.time |Milliseconds |Total |GC Pause Total Time |Deployment, AppName, Pod | -|jvm.memory.committed |Yes |jvm.memory.committed |Bytes |Average |Memory assigned to JVM in bytes |Deployment, AppName, Pod | -|jvm.memory.max |Yes |jvm.memory.max |Bytes |Maximum |The maximum amount of memory in bytes that can be used for memory management |Deployment, AppName, Pod | -|jvm.memory.used |Yes |jvm.memory.used |Bytes |Average |App Memory Used in bytes |Deployment, AppName, Pod | -|loh-size |Yes |loh-size |Bytes |Average |LOH Heap Size |Deployment, AppName, Pod | -|monitor-lock-contention-count |Yes |monitor-lock-contention-count |Count |Average |Number of times there were contention when trying to take the monitor lock |Deployment, AppName, Pod | -|PodCpuUsage |Yes |App CPU Usage |Percent |Average |The recent CPU usage for the app |Deployment, AppName, Pod | -|PodMemoryUsage |Yes |App Memory Usage |Percent |Average |The recent Memory usage for the app |Deployment, AppName, Pod | -|PodNetworkIn |Yes |App Network In |Bytes |Average |Cumulative count of bytes received in the app |Deployment, AppName, Pod | -|PodNetworkOut |Yes |App Network Out |Bytes |Average |Cumulative count of bytes sent from the app |Deployment, AppName, Pod | -|process.cpu.usage |Yes |process.cpu.usage |Percent |Average |The recent CPU usage for the JVM process |Deployment, AppName, Pod | -|Requests |Yes |Requests |Count |Total |Requests processed |containerAppName, podName, statusCodeCategory, statusCode | -|requests-per-second |Yes |requests-rate |Count |Average |Request rate |Deployment, AppName, Pod | -|RestartCount |Yes |Restart Count |Count |Maximum |Restart count of Spring App |containerAppName, podName | -|RxBytes |Yes |Network In Bytes |Bytes |Total |Network received bytes |containerAppName, podName | -|system.cpu.usage |Yes |system.cpu.usage |Percent |Average |The recent CPU usage for the whole system |Deployment, AppName, Pod | -|threadpool-completed-items-count |Yes |threadpool-completed-items-count |Count |Average |ThreadPool Completed Work Items Count |Deployment, AppName, Pod | -|threadpool-queue-length |Yes |threadpool-queue-length |Count |Average |ThreadPool Work Items Queue Length |Deployment, AppName, Pod | -|threadpool-thread-count |Yes |threadpool-thread-count |Count |Average |Number of ThreadPool Threads |Deployment, AppName, Pod | -|time-in-gc |Yes |time-in-gc |Percent |Average |% time in GC since the last GC |Deployment, AppName, Pod | -|tomcat.global.error |Yes |tomcat.global.error |Count |Total |Tomcat Global Error |Deployment, AppName, Pod | -|tomcat.global.received |Yes |tomcat.global.received |Bytes |Total |Tomcat Total Received Bytes |Deployment, AppName, Pod | -|tomcat.global.request.avg.time |Yes |tomcat.global.request.avg.time |Milliseconds |Average |Tomcat Request Average Time |Deployment, AppName, Pod | -|tomcat.global.request.max |Yes |tomcat.global.request.max |Milliseconds |Maximum |Tomcat Request Max Time |Deployment, AppName, Pod | -|tomcat.global.request.total.count |Yes |tomcat.global.request.total.count |Count |Total |Tomcat Request Total Count |Deployment, AppName, Pod | -|tomcat.global.request.total.time |Yes |tomcat.global.request.total.time |Milliseconds |Total |Tomcat Request Total Time |Deployment, AppName, Pod | -|tomcat.global.sent |Yes |tomcat.global.sent |Bytes |Total |Tomcat Total Sent Bytes |Deployment, AppName, Pod | -|tomcat.sessions.active.current |Yes |tomcat.sessions.active.current |Count |Total |Tomcat Session Active Count |Deployment, AppName, Pod | -|tomcat.sessions.active.max |Yes |tomcat.sessions.active.max |Count |Total |Tomcat Session Max Active Count |Deployment, AppName, Pod | -|tomcat.sessions.alive.max |Yes |tomcat.sessions.alive.max |Milliseconds |Maximum |Tomcat Session Max Alive Time |Deployment, AppName, Pod | -|tomcat.sessions.created |Yes |tomcat.sessions.created |Count |Total |Tomcat Session Created Count |Deployment, AppName, Pod | -|tomcat.sessions.expired |Yes |tomcat.sessions.expired |Count |Total |Tomcat Session Expired Count |Deployment, AppName, Pod | -|tomcat.sessions.rejected |Yes |tomcat.sessions.rejected |Count |Total |Tomcat Session Rejected Count |Deployment, AppName, Pod | -|tomcat.threads.config.max |Yes |tomcat.threads.config.max |Count |Total |Tomcat Config Max Thread Count |Deployment, AppName, Pod | -|tomcat.threads.current |Yes |tomcat.threads.current |Count |Total |Tomcat Current Thread Count |Deployment, AppName, Pod | -|total-requests |Yes |total-requests |Count |Average |Total number of requests in the lifetime of the process |Deployment, AppName, Pod | -|TxBytes |Yes |Network Out Bytes |Bytes |Total |Network transmitted bytes |containerAppName, podName | -|UsageNanoCores |Yes |CPU Usage |NanoCores |Average |CPU consumed by Spring App, in nano cores. 1,000,000,000 nano cores = 1 core |containerAppName, podName | -|working-set |Yes |working-set |Count |Average |Amount of working set used by the process (MB) |Deployment, AppName, Pod | -|WorkingSetBytes |Yes |Memory Working Set Bytes |Bytes |Average |Spring App working set memory used in bytes. |containerAppName, podName | --## Microsoft.Automation/automationAccounts -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|HybridWorkerPing |Yes |Hybrid Worker Ping |Count |Count |The number of pings from the hybrid worker |HybridWorkerGroup, HybridWorker, HybridWorkerVersion | -|TotalJob |Yes |Total Jobs |Count |Total |The total number of jobs |Runbook, Status | -|TotalUpdateDeploymentMachineRuns |Yes |Total Update Deployment Machine Runs |Count |Total |Total software update deployment machine runs in a software update deployment run |Status, TargetComputer, SoftwareUpdateConfigurationName, SoftwareUpdateConfigurationRunId | -|TotalUpdateDeploymentRuns |Yes |Total Update Deployment Runs |Count |Total |Total software update deployment runs |Status, SoftwareUpdateConfigurationName | --## microsoft.avs/privateClouds -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|CapacityLatest |Yes |Datastore Disk Total Capacity |Bytes |Average |The total capacity of disk in the datastore |dsname | -|DiskUsedPercentage |Yes | Percentage Datastore Disk Used |Percent |Average |Percent of available disk used in Datastore |dsname | -|EffectiveCpuAverage |Yes |Percentage CPU |Percent |Average |Percentage of Used CPU resources in Cluster |clustername | -|EffectiveMemAverage |Yes |Average Effective Memory |Bytes |Average |Total available amount of machine memory in cluster |clustername | -|OverheadAverage |Yes |Average Memory Overhead |Bytes |Average |Host physical memory consumed by the virtualization infrastructure |clustername | -|TotalMbAverage |Yes |Average Total Memory |Bytes |Average |Total memory in cluster |clustername | -|UsageAverage |Yes |Average Memory Usage |Percent |Average |Memory usage as percentage of total configured or available memory |clustername | -|UsedLatest |Yes |Datastore Disk Used |Bytes |Average |The total amount of disk used in the datastore |dsname | --## microsoft.azuresphere/catalogs -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|DeviceEventsCount |Yes |Device Events |Count |Count |Count of all the events generated by an Azure Sphere device. |DeviceId, EventCategory, EventClass, EventType | -|DeviceRequestsCount |Yes |Device Requests |Count |Count |Count of all the requests sent by an Azure Sphere device. |DeviceId, OperationName, ResultType | --## Microsoft.Batch/batchaccounts -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|CoreCount |No |Dedicated Core Count |Count |Total |Total number of dedicated cores in the batch account |No Dimensions | -|CreatingNodeCount |No |Creating Node Count |Count |Total |Number of nodes being created |No Dimensions | -|IdleNodeCount |No |Idle Node Count |Count |Total |Number of idle nodes |No Dimensions | -|JobDeleteCompleteEvent |Yes |Job Delete Complete Events |Count |Total |Total number of jobs that have been successfully deleted. |jobId | -|JobDeleteStartEvent |Yes |Job Delete Start Events |Count |Total |Total number of jobs that have been requested to be deleted. |jobId | -|JobDisableCompleteEvent |Yes |Job Disable Complete Events |Count |Total |Total number of jobs that have been successfully disabled. |jobId | -|JobDisableStartEvent |Yes |Job Disable Start Events |Count |Total |Total number of jobs that have been requested to be disabled. |jobId | -|JobStartEvent |Yes |Job Start Events |Count |Total |Total number of jobs that have been successfully started. |jobId | -|JobTerminateCompleteEvent |Yes |Job Terminate Complete Events |Count |Total |Total number of jobs that have been successfully terminated. |jobId | -|JobTerminateStartEvent |Yes |Job Terminate Start Events |Count |Total |Total number of jobs that have been requested to be terminated. |jobId | -|LeavingPoolNodeCount |No |Leaving Pool Node Count |Count |Total |Number of nodes leaving the Pool |No Dimensions | -|LowPriorityCoreCount |No |LowPriority Core Count |Count |Total |Total number of low-priority cores in the batch account |No Dimensions | -|OfflineNodeCount |No |Offline Node Count |Count |Total |Number of offline nodes |No Dimensions | -|PoolCreateEvent |Yes |Pool Create Events |Count |Total |Total number of pools that have been created |poolId | -|PoolDeleteCompleteEvent |Yes |Pool Delete Complete Events |Count |Total |Total number of pool deletes that have completed |poolId | -|PoolDeleteStartEvent |Yes |Pool Delete Start Events |Count |Total |Total number of pool deletes that have started |poolId | -|PoolResizeCompleteEvent |Yes |Pool Resize Complete Events |Count |Total |Total number of pool resizes that have completed |poolId | -|PoolResizeStartEvent |Yes |Pool Resize Start Events |Count |Total |Total number of pool resizes that have started |poolId | -|PreemptedNodeCount |No |Preempted Node Count |Count |Total |Number of preempted nodes |No Dimensions | -|RebootingNodeCount |No |Rebooting Node Count |Count |Total |Number of rebooting nodes |No Dimensions | -|ReimagingNodeCount |No |Reimaging Node Count |Count |Total |Number of reimaging nodes |No Dimensions | -|RunningNodeCount |No |Running Node Count |Count |Total |Number of running nodes |No Dimensions | -|StartingNodeCount |No |Starting Node Count |Count |Total |Number of nodes starting |No Dimensions | -|StartTaskFailedNodeCount |No |Start Task Failed Node Count |Count |Total |Number of nodes where the Start Task has failed |No Dimensions | -|TaskCompleteEvent |Yes |Task Complete Events |Count |Total |Total number of tasks that have completed |poolId, jobId | -|TaskFailEvent |Yes |Task Fail Events |Count |Total |Total number of tasks that have completed in a failed state |poolId, jobId | -|TaskStartEvent |Yes |Task Start Events |Count |Total |Total number of tasks that have started |poolId, jobId | -|TotalLowPriorityNodeCount |No |Low-Priority Node Count |Count |Total |Total number of low-priority nodes in the batch account |No Dimensions | -|TotalNodeCount |No |Dedicated Node Count |Count |Total |Total number of dedicated nodes in the batch account |No Dimensions | -|UnusableNodeCount |No |Unusable Node Count |Count |Total |Number of unusable nodes |No Dimensions | -|WaitingForStartTaskNodeCount |No |Waiting For Start Task Node Count |Count |Total |Number of nodes waiting for the Start Task to complete |No Dimensions | --## microsoft.bing/accounts -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|BlockedCalls |Yes |Blocked Calls |Count |Total |Number of calls that exceeded the rate or quota limit |ApiName, ServingRegion, StatusCode | -|ClientErrors |Yes |Client Errors |Count |Total |Number of calls with any client error (HTTP status code 4xx) |ApiName, ServingRegion, StatusCode | -|DataIn |Yes |Data In |Bytes |Total |Incoming request Content-Length in bytes |ApiName, ServingRegion, StatusCode | -|DataOut |Yes |Data Out |Bytes |Total |Outgoing response Content-Length in bytes |ApiName, ServingRegion, StatusCode | -|Latency |Yes |Latency |Milliseconds |Average |Latency in milliseconds |ApiName, ServingRegion, StatusCode | -|ServerErrors |Yes |Server Errors |Count |Total |Number of calls with any server error (HTTP status code 5xx) |ApiName, ServingRegion, StatusCode | -|SuccessfulCalls |Yes |Successful Calls |Count |Total |Number of successful calls (HTTP status code 2xx) |ApiName, ServingRegion, StatusCode | -|TotalCalls |Yes |Total Calls |Count |Total |Total number of calls |ApiName, ServingRegion, StatusCode | -|TotalErrors |Yes |Total Errors |Count |Total |Number of calls with any error (HTTP status code 4xx or 5xx) |ApiName, ServingRegion, StatusCode | --## microsoft.botservice/botservices -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|RequestLatency |Yes |Request Latency |Milliseconds |Total |Time taken by the server to process the request |Operation, Authentication, Protocol, DataCenter | -|RequestsTraffic |Yes |Requests Traffic |Percent |Count |Number of Requests Made |Operation, Authentication, Protocol, StatusCode, StatusCodeClass, DataCenter | --## Microsoft.BotService/botServices/channels -<!-- Data source : arm--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|RequestLatency |Yes |Requests Latencies |Milliseconds |Average |How long it takes to get request response |Operation, Authentication, Protocol, ResourceId, Region | -|RequestsTraffic |Yes |Requests Traffic |Count |Average |Number of requests within a given period of time |Operation, Authentication, Protocol, ResourceId, Region, StatusCode, StatusCodeClass, StatusText | --## Microsoft.BotService/botServices/connections -<!-- Data source : arm--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|RequestLatency |Yes |Requests Latencies |Milliseconds |Average |How long it takes to get request response |Operation, Authentication, Protocol, ResourceId, Region | -|RequestsTraffic |Yes |Requests Traffic |Count |Average |Number of requests within a given period of time |Operation, Authentication, Protocol, ResourceId, Region, StatusCode, StatusCodeClass, StatusText | --## Microsoft.BotService/checknameavailability -<!-- Data source : arm--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|RequestLatency |Yes |Requests Latencies |Milliseconds |Average |How long it takes to get request response |Operation, Authentication, Protocol, ResourceId, Region | -|RequestsTraffic |Yes |Requests Traffic |Count |Average |Number of requests within a given period of time |Operation, Authentication, Protocol, ResourceId, Region, StatusCode, StatusCodeClass, StatusText | --## Microsoft.BotService/hostsettings -<!-- Data source : arm--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|RequestLatency |Yes |Requests Latencies |Milliseconds |Average |How long it takes to get request response |Operation, Authentication, Protocol, ResourceId, Region | -|RequestsTraffic |Yes |Requests Traffic |Count |Average |Number of requests within a given period of time |Operation, Authentication, Protocol, ResourceId, Region, StatusCode, StatusCodeClass, StatusText | --## Microsoft.BotService/listauthserviceproviders -<!-- Data source : arm--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|RequestLatency |Yes |Requests Latencies |Milliseconds |Average |How long it takes to get request response |Operation, Authentication, Protocol, ResourceId, Region | -|RequestsTraffic |Yes |Requests Traffic |Count |Average |Number of requests within a given period of time |Operation, Authentication, Protocol, ResourceId, Region, StatusCode, StatusCodeClass, StatusText | --## Microsoft.BotService/listqnamakerendpointkeys -<!-- Data source : arm--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|RequestLatency |Yes |Requests Latencies |Milliseconds |Average |How long it takes to get request response |Operation, Authentication, Protocol, ResourceId, Region | -|RequestsTraffic |Yes |Requests Traffic |Count |Average |Number of requests within a given period of time |Operation, Authentication, Protocol, ResourceId, Region, StatusCode, StatusCodeClass, StatusText | --## Microsoft.Cache/redis -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|allcachehits |Yes |Cache Hits (Instance Based) |Count |Total |The number of successful key lookups. For more details, see https://aka.ms/redis/metrics. |ShardId, Port, Primary | -|allcachemisses |Yes |Cache Misses (Instance Based) |Count |Total |The number of failed key lookups. For more details, see https://aka.ms/redis/metrics. |ShardId, Port, Primary | -|allcacheRead |Yes |Cache Read (Instance Based) |BytesPerSecond |Maximum |The amount of data read from the cache in bytes per second. For more details, see https://aka.ms/redis/metrics. |ShardId, Port, Primary | -|allcacheWrite |Yes |Cache Write (Instance Based) |BytesPerSecond |Maximum |The amount of data written to the cache in bytes per second. For more details, see https://aka.ms/redis/metrics. |ShardId, Port, Primary | -|allconnectedclients |Yes |Connected Clients (Instance Based) |Count |Maximum |The number of client connections to the cache. For more details, see https://aka.ms/redis/metrics. |ShardId, Port, Primary | -|allConnectionsClosedPerSecond |Yes |Connections Closed Per Second (Instance Based) |CountPerSecond |Maximum |The number of instantaneous connections closed per second on the cache via port 6379 or 6380 (SSL). For more details, see https://aka.ms/redis/metrics. |ShardId, Primary, Ssl | -|allConnectionsCreatedPerSecond |Yes |Connections Created Per Second (Instance Based) |CountPerSecond |Maximum |The number of instantaneous connections created per second on the cache via port 6379 or 6380 (SSL). For more details, see https://aka.ms/redis/metrics. |ShardId, Primary, Ssl | -|allevictedkeys |Yes |Evicted Keys (Instance Based) |Count |Total |The number of items evicted from the cache. For more details, see https://aka.ms/redis/metrics. |ShardId, Port, Primary | -|allexpiredkeys |Yes |Expired Keys (Instance Based) |Count |Total |The number of items expired from the cache. For more details, see https://aka.ms/redis/metrics. |ShardId, Port, Primary | -|allgetcommands |Yes |Gets (Instance Based) |Count |Total |The number of get operations from the cache. For more details, see https://aka.ms/redis/metrics. |ShardId, Port, Primary | -|alloperationsPerSecond |Yes |Operations Per Second (Instance Based) |Count |Maximum |The number of instantaneous operations per second executed on the cache. For more details, see https://aka.ms/redis/metrics. |ShardId, Port, Primary | -|allpercentprocessortime |Yes |CPU (Instance Based) |Percent |Maximum |The CPU utilization of the Azure Redis Cache server as a percentage. For more details, see https://aka.ms/redis/metrics. |ShardId, Port, Primary | -|allserverLoad |Yes |Server Load (Instance Based) |Percent |Maximum |The percentage of cycles in which the Redis server is busy processing and not waiting idle for messages. For more details, see https://aka.ms/redis/metrics. |ShardId, Port, Primary | -|allsetcommands |Yes |Sets (Instance Based) |Count |Total |The number of set operations to the cache. For more details, see https://aka.ms/redis/metrics. |ShardId, Port, Primary | -|alltotalcommandsprocessed |Yes |Total Operations (Instance Based) |Count |Total |The total number of commands processed by the cache server. For more details, see https://aka.ms/redis/metrics. |ShardId, Port, Primary | -|alltotalkeys |Yes |Total Keys (Instance Based) |Count |Maximum |The total number of items in the cache. For more details, see https://aka.ms/redis/metrics. |ShardId, Port, Primary | -|allusedmemory |Yes |Used Memory (Instance Based) |Bytes |Maximum |The amount of cache memory used for key/value pairs in the cache in MB. For more details, see https://aka.ms/redis/metrics. |ShardId, Port, Primary | -|allusedmemorypercentage |Yes |Used Memory Percentage (Instance Based) |Percent |Maximum |The percentage of cache memory used for key/value pairs. For more details, see https://aka.ms/redis/metrics. |ShardId, Port, Primary | -|allusedmemoryRss |Yes |Used Memory RSS (Instance Based) |Bytes |Maximum |The amount of cache memory used in MB, including fragmentation and metadata. For more details, see https://aka.ms/redis/metrics. |ShardId, Port, Primary | -|cachehits |Yes |Cache Hits |Count |Total |The number of successful key lookups. For more details, see https://aka.ms/redis/metrics. |ShardId | -|cachehits0 |Yes |Cache Hits (Shard 0) |Count |Total |The number of successful key lookups. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|cachehits1 |Yes |Cache Hits (Shard 1) |Count |Total |The number of successful key lookups. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|cachehits2 |Yes |Cache Hits (Shard 2) |Count |Total |The number of successful key lookups. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|cachehits3 |Yes |Cache Hits (Shard 3) |Count |Total |The number of successful key lookups. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|cachehits4 |Yes |Cache Hits (Shard 4) |Count |Total |The number of successful key lookups. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|cachehits5 |Yes |Cache Hits (Shard 5) |Count |Total |The number of successful key lookups. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|cachehits6 |Yes |Cache Hits (Shard 6) |Count |Total |The number of successful key lookups. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|cachehits7 |Yes |Cache Hits (Shard 7) |Count |Total |The number of successful key lookups. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|cachehits8 |Yes |Cache Hits (Shard 8) |Count |Total |The number of successful key lookups. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|cachehits9 |Yes |Cache Hits (Shard 9) |Count |Total |The number of successful key lookups. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|cacheLatency |Yes |Cache Latency Microseconds (Preview) |Count |Average |The latency to the cache in microseconds. For more details, see https://aka.ms/redis/metrics. |ShardId | -|cachemisses |Yes |Cache Misses |Count |Total |The number of failed key lookups. For more details, see https://aka.ms/redis/metrics. |ShardId | -|cachemisses0 |Yes |Cache Misses (Shard 0) |Count |Total |The number of failed key lookups. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|cachemisses1 |Yes |Cache Misses (Shard 1) |Count |Total |The number of failed key lookups. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|cachemisses2 |Yes |Cache Misses (Shard 2) |Count |Total |The number of failed key lookups. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|cachemisses3 |Yes |Cache Misses (Shard 3) |Count |Total |The number of failed key lookups. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|cachemisses4 |Yes |Cache Misses (Shard 4) |Count |Total |The number of failed key lookups. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|cachemisses5 |Yes |Cache Misses (Shard 5) |Count |Total |The number of failed key lookups. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|cachemisses6 |Yes |Cache Misses (Shard 6) |Count |Total |The number of failed key lookups. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|cachemisses7 |Yes |Cache Misses (Shard 7) |Count |Total |The number of failed key lookups. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|cachemisses8 |Yes |Cache Misses (Shard 8) |Count |Total |The number of failed key lookups. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|cachemisses9 |Yes |Cache Misses (Shard 9) |Count |Total |The number of failed key lookups. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|cachemissrate |Yes |Cache Miss Rate |Percent |Total |The % of get requests that miss. For more details, see https://aka.ms/redis/metrics. |ShardId | -|cacheRead |Yes |Cache Read |BytesPerSecond |Maximum |The amount of data read from the cache in bytes per second. For more details, see https://aka.ms/redis/metrics. |ShardId | -|cacheRead0 |Yes |Cache Read (Shard 0) |BytesPerSecond |Maximum |The amount of data read from the cache in bytes per second. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|cacheRead1 |Yes |Cache Read (Shard 1) |BytesPerSecond |Maximum |The amount of data read from the cache in bytes per second. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|cacheRead2 |Yes |Cache Read (Shard 2) |BytesPerSecond |Maximum |The amount of data read from the cache in bytes per second. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|cacheRead3 |Yes |Cache Read (Shard 3) |BytesPerSecond |Maximum |The amount of data read from the cache in bytes per second. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|cacheRead4 |Yes |Cache Read (Shard 4) |BytesPerSecond |Maximum |The amount of data read from the cache in bytes per second. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|cacheRead5 |Yes |Cache Read (Shard 5) |BytesPerSecond |Maximum |The amount of data read from the cache in bytes per second. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|cacheRead6 |Yes |Cache Read (Shard 6) |BytesPerSecond |Maximum |The amount of data read from the cache in bytes per second. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|cacheRead7 |Yes |Cache Read (Shard 7) |BytesPerSecond |Maximum |The amount of data read from the cache in bytes per second. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|cacheRead8 |Yes |Cache Read (Shard 8) |BytesPerSecond |Maximum |The amount of data read from the cache in bytes per second. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|cacheRead9 |Yes |Cache Read (Shard 9) |BytesPerSecond |Maximum |The amount of data read from the cache in bytes per second. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|cacheWrite |Yes |Cache Write |BytesPerSecond |Maximum |The amount of data written to the cache in bytes per second. For more details, see https://aka.ms/redis/metrics. |ShardId | -|cacheWrite0 |Yes |Cache Write (Shard 0) |BytesPerSecond |Maximum |The amount of data written to the cache in bytes per second. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|cacheWrite1 |Yes |Cache Write (Shard 1) |BytesPerSecond |Maximum |The amount of data written to the cache in bytes per second. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|cacheWrite2 |Yes |Cache Write (Shard 2) |BytesPerSecond |Maximum |The amount of data written to the cache in bytes per second. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|cacheWrite3 |Yes |Cache Write (Shard 3) |BytesPerSecond |Maximum |The amount of data written to the cache in bytes per second. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|cacheWrite4 |Yes |Cache Write (Shard 4) |BytesPerSecond |Maximum |The amount of data written to the cache in bytes per second. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|cacheWrite5 |Yes |Cache Write (Shard 5) |BytesPerSecond |Maximum |The amount of data written to the cache in bytes per second. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|cacheWrite6 |Yes |Cache Write (Shard 6) |BytesPerSecond |Maximum |The amount of data written to the cache in bytes per second. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|cacheWrite7 |Yes |Cache Write (Shard 7) |BytesPerSecond |Maximum |The amount of data written to the cache in bytes per second. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|cacheWrite8 |Yes |Cache Write (Shard 8) |BytesPerSecond |Maximum |The amount of data written to the cache in bytes per second. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|cacheWrite9 |Yes |Cache Write (Shard 9) |BytesPerSecond |Maximum |The amount of data written to the cache in bytes per second. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|connectedclients |Yes |Connected Clients |Count |Maximum |The number of client connections to the cache. For more details, see https://aka.ms/redis/metrics. |ShardId | -|connectedclients0 |Yes |Connected Clients (Shard 0) |Count |Maximum |The number of client connections to the cache. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|connectedclients1 |Yes |Connected Clients (Shard 1) |Count |Maximum |The number of client connections to the cache. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|connectedclients2 |Yes |Connected Clients (Shard 2) |Count |Maximum |The number of client connections to the cache. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|connectedclients3 |Yes |Connected Clients (Shard 3) |Count |Maximum |The number of client connections to the cache. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|connectedclients4 |Yes |Connected Clients (Shard 4) |Count |Maximum |The number of client connections to the cache. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|connectedclients5 |Yes |Connected Clients (Shard 5) |Count |Maximum |The number of client connections to the cache. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|connectedclients6 |Yes |Connected Clients (Shard 6) |Count |Maximum |The number of client connections to the cache. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|connectedclients7 |Yes |Connected Clients (Shard 7) |Count |Maximum |The number of client connections to the cache. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|connectedclients8 |Yes |Connected Clients (Shard 8) |Count |Maximum |The number of client connections to the cache. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|connectedclients9 |Yes |Connected Clients (Shard 9) |Count |Maximum |The number of client connections to the cache. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|ConnectedClientsUsingAADToken |Yes |Connected Clients using AAD Token (Instance Based) |Count |Maximum |The number of client connections to the cache using AAD Token. For more details, see https://aka.ms/redis/metrics. |ShardId, Port, Primary | -|errors |Yes |Errors |Count |Maximum |The number errors that occured on the cache. For more details, see https://aka.ms/redis/metrics. |ShardId, ErrorType | -|evictedkeys |Yes |Evicted Keys |Count |Total |The number of items evicted from the cache. For more details, see https://aka.ms/redis/metrics. |ShardId | -|evictedkeys0 |Yes |Evicted Keys (Shard 0) |Count |Total |The number of items evicted from the cache. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|evictedkeys1 |Yes |Evicted Keys (Shard 1) |Count |Total |The number of items evicted from the cache. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|evictedkeys2 |Yes |Evicted Keys (Shard 2) |Count |Total |The number of items evicted from the cache. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|evictedkeys3 |Yes |Evicted Keys (Shard 3) |Count |Total |The number of items evicted from the cache. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|evictedkeys4 |Yes |Evicted Keys (Shard 4) |Count |Total |The number of items evicted from the cache. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|evictedkeys5 |Yes |Evicted Keys (Shard 5) |Count |Total |The number of items evicted from the cache. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|evictedkeys6 |Yes |Evicted Keys (Shard 6) |Count |Total |The number of items evicted from the cache. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|evictedkeys7 |Yes |Evicted Keys (Shard 7) |Count |Total |The number of items evicted from the cache. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|evictedkeys8 |Yes |Evicted Keys (Shard 8) |Count |Total |The number of items evicted from the cache. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|evictedkeys9 |Yes |Evicted Keys (Shard 9) |Count |Total |The number of items evicted from the cache. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|expiredkeys |Yes |Expired Keys |Count |Total |The number of items expired from the cache. For more details, see https://aka.ms/redis/metrics. |ShardId | -|expiredkeys0 |Yes |Expired Keys (Shard 0) |Count |Total |The number of items expired from the cache. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|expiredkeys1 |Yes |Expired Keys (Shard 1) |Count |Total |The number of items expired from the cache. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|expiredkeys2 |Yes |Expired Keys (Shard 2) |Count |Total |The number of items expired from the cache. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|expiredkeys3 |Yes |Expired Keys (Shard 3) |Count |Total |The number of items expired from the cache. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|expiredkeys4 |Yes |Expired Keys (Shard 4) |Count |Total |The number of items expired from the cache. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|expiredkeys5 |Yes |Expired Keys (Shard 5) |Count |Total |The number of items expired from the cache. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|expiredkeys6 |Yes |Expired Keys (Shard 6) |Count |Total |The number of items expired from the cache. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|expiredkeys7 |Yes |Expired Keys (Shard 7) |Count |Total |The number of items expired from the cache. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|expiredkeys8 |Yes |Expired Keys (Shard 8) |Count |Total |The number of items expired from the cache. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|expiredkeys9 |Yes |Expired Keys (Shard 9) |Count |Total |The number of items expired from the cache. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|GeoReplicationConnectivityLag |Yes |Geo-replication Connectivity Lag |Seconds |Average |Time in seconds since last successful data synchronization with geo-primary cache. Value will continue to increase if the link status is down. For more details, see https://aka.ms/redis/georeplicationmetrics. |ShardId | -|GeoReplicationDataSyncOffset |Yes |Geo-replication Data Sync Offset |Bytes |Average |Approximate amount of data in bytes that needs to be synchronized to geo-secondary cache. For more details, see https://aka.ms/redis/georeplicationmetrics. |ShardId | -|GeoReplicationFullSyncEventFinished |Yes |Geo-replication Full Sync Event Finished |Count |Count |Fired on completion of a full synchronization event between geo-replicated caches. This metric reports 0 most of the time because geo-replication uses partial resynchronizations for any new data added after the initial full synchronization. For more details, see https://aka.ms/redis/georeplicationmetrics. |ShardId | -|GeoReplicationFullSyncEventStarted |Yes |Geo-replication Full Sync Event Started |Count |Count |Fired on initiation of a full synchronization event between geo-replicated caches. This metric reports 0 most of the time because geo-replication uses partial resynchronizations for any new data added after the initial full synchronization. For more details, see https://aka.ms/redis/georeplicationmetrics. |ShardId | -|GeoReplicationHealthy |Yes |Geo-replication Healthy |Count |Minimum |The health status of geo-replication link. 1 if healthy and 0 if disconnected or unhealthy. For more details, see https://aka.ms/redis/georeplicationmetrics. |ShardId | -|getcommands |Yes |Gets |Count |Total |The number of get operations from the cache. For more details, see https://aka.ms/redis/metrics. |ShardId | -|getcommands0 |Yes |Gets (Shard 0) |Count |Total |The number of get operations from the cache. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|getcommands1 |Yes |Gets (Shard 1) |Count |Total |The number of get operations from the cache. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|getcommands2 |Yes |Gets (Shard 2) |Count |Total |The number of get operations from the cache. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|getcommands3 |Yes |Gets (Shard 3) |Count |Total |The number of get operations from the cache. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|getcommands4 |Yes |Gets (Shard 4) |Count |Total |The number of get operations from the cache. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|getcommands5 |Yes |Gets (Shard 5) |Count |Total |The number of get operations from the cache. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|getcommands6 |Yes |Gets (Shard 6) |Count |Total |The number of get operations from the cache. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|getcommands7 |Yes |Gets (Shard 7) |Count |Total |The number of get operations from the cache. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|getcommands8 |Yes |Gets (Shard 8) |Count |Total |The number of get operations from the cache. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|getcommands9 |Yes |Gets (Shard 9) |Count |Total |The number of get operations from the cache. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|LatencyP99 |Yes |99th percentile latency |Count |Maximum |Measures the worst-case (99th percentile) latency of server-side commands in microseconds. Measured by issuing PING commands from the load balancer to the Redis server and tracking the time to respond. |No Dimensions | -|operationsPerSecond |Yes |Operations Per Second |Count |Maximum |The number of instantaneous operations per second executed on the cache. For more details, see https://aka.ms/redis/metrics. |ShardId | -|operationsPerSecond0 |Yes |Operations Per Second (Shard 0) |Count |Maximum |The number of instantaneous operations per second executed on the cache. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|operationsPerSecond1 |Yes |Operations Per Second (Shard 1) |Count |Maximum |The number of instantaneous operations per second executed on the cache. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|operationsPerSecond2 |Yes |Operations Per Second (Shard 2) |Count |Maximum |The number of instantaneous operations per second executed on the cache. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|operationsPerSecond3 |Yes |Operations Per Second (Shard 3) |Count |Maximum |The number of instantaneous operations per second executed on the cache. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|operationsPerSecond4 |Yes |Operations Per Second (Shard 4) |Count |Maximum |The number of instantaneous operations per second executed on the cache. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|operationsPerSecond5 |Yes |Operations Per Second (Shard 5) |Count |Maximum |The number of instantaneous operations per second executed on the cache. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|operationsPerSecond6 |Yes |Operations Per Second (Shard 6) |Count |Maximum |The number of instantaneous operations per second executed on the cache. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|operationsPerSecond7 |Yes |Operations Per Second (Shard 7) |Count |Maximum |The number of instantaneous operations per second executed on the cache. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|operationsPerSecond8 |Yes |Operations Per Second (Shard 8) |Count |Maximum |The number of instantaneous operations per second executed on the cache. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|operationsPerSecond9 |Yes |Operations Per Second (Shard 9) |Count |Maximum |The number of instantaneous operations per second executed on the cache. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|percentProcessorTime |Yes |CPU |Percent |Maximum |The CPU utilization of the Azure Redis Cache server as a percentage. For more details, see https://aka.ms/redis/metrics. |ShardId | -|percentProcessorTime0 |Yes |CPU (Shard 0) |Percent |Maximum |The CPU utilization of the Azure Redis Cache server as a percentage. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|percentProcessorTime1 |Yes |CPU (Shard 1) |Percent |Maximum |The CPU utilization of the Azure Redis Cache server as a percentage. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|percentProcessorTime2 |Yes |CPU (Shard 2) |Percent |Maximum |The CPU utilization of the Azure Redis Cache server as a percentage. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|percentProcessorTime3 |Yes |CPU (Shard 3) |Percent |Maximum |The CPU utilization of the Azure Redis Cache server as a percentage. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|percentProcessorTime4 |Yes |CPU (Shard 4) |Percent |Maximum |The CPU utilization of the Azure Redis Cache server as a percentage. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|percentProcessorTime5 |Yes |CPU (Shard 5) |Percent |Maximum |The CPU utilization of the Azure Redis Cache server as a percentage. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|percentProcessorTime6 |Yes |CPU (Shard 6) |Percent |Maximum |The CPU utilization of the Azure Redis Cache server as a percentage. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|percentProcessorTime7 |Yes |CPU (Shard 7) |Percent |Maximum |The CPU utilization of the Azure Redis Cache server as a percentage. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|percentProcessorTime8 |Yes |CPU (Shard 8) |Percent |Maximum |The CPU utilization of the Azure Redis Cache server as a percentage. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|percentProcessorTime9 |Yes |CPU (Shard 9) |Percent |Maximum |The CPU utilization of the Azure Redis Cache server as a percentage. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|serverLoad |Yes |Server Load |Percent |Maximum |The percentage of cycles in which the Redis server is busy processing and not waiting idle for messages. For more details, see https://aka.ms/redis/metrics. |ShardId | -|serverLoad0 |Yes |Server Load (Shard 0) |Percent |Maximum |The percentage of cycles in which the Redis server is busy processing and not waiting idle for messages. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|serverLoad1 |Yes |Server Load (Shard 1) |Percent |Maximum |The percentage of cycles in which the Redis server is busy processing and not waiting idle for messages. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|serverLoad2 |Yes |Server Load (Shard 2) |Percent |Maximum |The percentage of cycles in which the Redis server is busy processing and not waiting idle for messages. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|serverLoad3 |Yes |Server Load (Shard 3) |Percent |Maximum |The percentage of cycles in which the Redis server is busy processing and not waiting idle for messages. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|serverLoad4 |Yes |Server Load (Shard 4) |Percent |Maximum |The percentage of cycles in which the Redis server is busy processing and not waiting idle for messages. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|serverLoad5 |Yes |Server Load (Shard 5) |Percent |Maximum |The percentage of cycles in which the Redis server is busy processing and not waiting idle for messages. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|serverLoad6 |Yes |Server Load (Shard 6) |Percent |Maximum |The percentage of cycles in which the Redis server is busy processing and not waiting idle for messages. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|serverLoad7 |Yes |Server Load (Shard 7) |Percent |Maximum |The percentage of cycles in which the Redis server is busy processing and not waiting idle for messages. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|serverLoad8 |Yes |Server Load (Shard 8) |Percent |Maximum |The percentage of cycles in which the Redis server is busy processing and not waiting idle for messages. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|serverLoad9 |Yes |Server Load (Shard 9) |Percent |Maximum |The percentage of cycles in which the Redis server is busy processing and not waiting idle for messages. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|setcommands |Yes |Sets |Count |Total |The number of set operations to the cache. For more details, see https://aka.ms/redis/metrics. |ShardId | -|setcommands0 |Yes |Sets (Shard 0) |Count |Total |The number of set operations to the cache. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|setcommands1 |Yes |Sets (Shard 1) |Count |Total |The number of set operations to the cache. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|setcommands2 |Yes |Sets (Shard 2) |Count |Total |The number of set operations to the cache. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|setcommands3 |Yes |Sets (Shard 3) |Count |Total |The number of set operations to the cache. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|setcommands4 |Yes |Sets (Shard 4) |Count |Total |The number of set operations to the cache. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|setcommands5 |Yes |Sets (Shard 5) |Count |Total |The number of set operations to the cache. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|setcommands6 |Yes |Sets (Shard 6) |Count |Total |The number of set operations to the cache. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|setcommands7 |Yes |Sets (Shard 7) |Count |Total |The number of set operations to the cache. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|setcommands8 |Yes |Sets (Shard 8) |Count |Total |The number of set operations to the cache. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|setcommands9 |Yes |Sets (Shard 9) |Count |Total |The number of set operations to the cache. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|totalcommandsprocessed |Yes |Total Operations |Count |Total |The total number of commands processed by the cache server. For more details, see https://aka.ms/redis/metrics. |ShardId | -|totalcommandsprocessed0 |Yes |Total Operations (Shard 0) |Count |Total |The total number of commands processed by the cache server. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|totalcommandsprocessed1 |Yes |Total Operations (Shard 1) |Count |Total |The total number of commands processed by the cache server. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|totalcommandsprocessed2 |Yes |Total Operations (Shard 2) |Count |Total |The total number of commands processed by the cache server. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|totalcommandsprocessed3 |Yes |Total Operations (Shard 3) |Count |Total |The total number of commands processed by the cache server. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|totalcommandsprocessed4 |Yes |Total Operations (Shard 4) |Count |Total |The total number of commands processed by the cache server. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|totalcommandsprocessed5 |Yes |Total Operations (Shard 5) |Count |Total |The total number of commands processed by the cache server. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|totalcommandsprocessed6 |Yes |Total Operations (Shard 6) |Count |Total |The total number of commands processed by the cache server. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|totalcommandsprocessed7 |Yes |Total Operations (Shard 7) |Count |Total |The total number of commands processed by the cache server. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|totalcommandsprocessed8 |Yes |Total Operations (Shard 8) |Count |Total |The total number of commands processed by the cache server. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|totalcommandsprocessed9 |Yes |Total Operations (Shard 9) |Count |Total |The total number of commands processed by the cache server. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|totalkeys |Yes |Total Keys |Count |Maximum |The total number of items in the cache. For more details, see https://aka.ms/redis/metrics. |ShardId | -|totalkeys0 |Yes |Total Keys (Shard 0) |Count |Maximum |The total number of items in the cache. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|totalkeys1 |Yes |Total Keys (Shard 1) |Count |Maximum |The total number of items in the cache. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|totalkeys2 |Yes |Total Keys (Shard 2) |Count |Maximum |The total number of items in the cache. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|totalkeys3 |Yes |Total Keys (Shard 3) |Count |Maximum |The total number of items in the cache. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|totalkeys4 |Yes |Total Keys (Shard 4) |Count |Maximum |The total number of items in the cache. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|totalkeys5 |Yes |Total Keys (Shard 5) |Count |Maximum |The total number of items in the cache. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|totalkeys6 |Yes |Total Keys (Shard 6) |Count |Maximum |The total number of items in the cache. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|totalkeys7 |Yes |Total Keys (Shard 7) |Count |Maximum |The total number of items in the cache. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|totalkeys8 |Yes |Total Keys (Shard 8) |Count |Maximum |The total number of items in the cache. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|totalkeys9 |Yes |Total Keys (Shard 9) |Count |Maximum |The total number of items in the cache. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|usedmemory |Yes |Used Memory |Bytes |Maximum |The amount of cache memory used for key/value pairs in the cache in MB. For more details, see https://aka.ms/redis/metrics. |ShardId | -|usedmemory0 |Yes |Used Memory (Shard 0) |Bytes |Maximum |The amount of cache memory used for key/value pairs in the cache in MB. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|usedmemory1 |Yes |Used Memory (Shard 1) |Bytes |Maximum |The amount of cache memory used for key/value pairs in the cache in MB. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|usedmemory2 |Yes |Used Memory (Shard 2) |Bytes |Maximum |The amount of cache memory used for key/value pairs in the cache in MB. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|usedmemory3 |Yes |Used Memory (Shard 3) |Bytes |Maximum |The amount of cache memory used for key/value pairs in the cache in MB. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|usedmemory4 |Yes |Used Memory (Shard 4) |Bytes |Maximum |The amount of cache memory used for key/value pairs in the cache in MB. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|usedmemory5 |Yes |Used Memory (Shard 5) |Bytes |Maximum |The amount of cache memory used for key/value pairs in the cache in MB. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|usedmemory6 |Yes |Used Memory (Shard 6) |Bytes |Maximum |The amount of cache memory used for key/value pairs in the cache in MB. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|usedmemory7 |Yes |Used Memory (Shard 7) |Bytes |Maximum |The amount of cache memory used for key/value pairs in the cache in MB. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|usedmemory8 |Yes |Used Memory (Shard 8) |Bytes |Maximum |The amount of cache memory used for key/value pairs in the cache in MB. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|usedmemory9 |Yes |Used Memory (Shard 9) |Bytes |Maximum |The amount of cache memory used for key/value pairs in the cache in MB. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|usedmemorypercentage |Yes |Used Memory Percentage |Percent |Maximum |The percentage of cache memory used for key/value pairs. For more details, see https://aka.ms/redis/metrics. |ShardId | -|usedmemoryRss |Yes |Used Memory RSS |Bytes |Maximum |The amount of cache memory used in MB, including fragmentation and metadata. For more details, see https://aka.ms/redis/metrics. |ShardId | -|usedmemoryRss0 |Yes |Used Memory RSS (Shard 0) |Bytes |Maximum |The amount of cache memory used in MB, including fragmentation and metadata. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|usedmemoryRss1 |Yes |Used Memory RSS (Shard 1) |Bytes |Maximum |The amount of cache memory used in MB, including fragmentation and metadata. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|usedmemoryRss2 |Yes |Used Memory RSS (Shard 2) |Bytes |Maximum |The amount of cache memory used in MB, including fragmentation and metadata. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|usedmemoryRss3 |Yes |Used Memory RSS (Shard 3) |Bytes |Maximum |The amount of cache memory used in MB, including fragmentation and metadata. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|usedmemoryRss4 |Yes |Used Memory RSS (Shard 4) |Bytes |Maximum |The amount of cache memory used in MB, including fragmentation and metadata. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|usedmemoryRss5 |Yes |Used Memory RSS (Shard 5) |Bytes |Maximum |The amount of cache memory used in MB, including fragmentation and metadata. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|usedmemoryRss6 |Yes |Used Memory RSS (Shard 6) |Bytes |Maximum |The amount of cache memory used in MB, including fragmentation and metadata. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|usedmemoryRss7 |Yes |Used Memory RSS (Shard 7) |Bytes |Maximum |The amount of cache memory used in MB, including fragmentation and metadata. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|usedmemoryRss8 |Yes |Used Memory RSS (Shard 8) |Bytes |Maximum |The amount of cache memory used in MB, including fragmentation and metadata. For more details, see https://aka.ms/redis/metrics. |No Dimensions | -|usedmemoryRss9 |Yes |Used Memory RSS (Shard 9) |Bytes |Maximum |The amount of cache memory used in MB, including fragmentation and metadata. For more details, see https://aka.ms/redis/metrics. |No Dimensions | --## Microsoft.Cache/redisEnterprise -<!-- Data source : arm--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|cachehits |Yes |Cache Hits |Count |Total |The number of successful key lookups. For more details, see https://aka.ms/redis/enterprise/metrics. |No Dimensions | -|cacheLatency |Yes |Cache Latency Microseconds (Preview) |Count |Average |The latency to the cache in microseconds. For more details, see https://aka.ms/redis/enterprise/metrics. |InstanceId | -|cachemisses |Yes |Cache Misses |Count |Total |The number of failed key lookups. For more details, see https://aka.ms/redis/enterprise/metrics. |InstanceId | -|cacheRead |Yes |Cache Read |BytesPerSecond |Maximum |The amount of data read from the cache in Megabytes per second (MB/s). For more details, see https://aka.ms/redis/enterprise/metrics. |InstanceId | -|cacheWrite |Yes |Cache Write |BytesPerSecond |Maximum |The amount of data written to the cache in Megabytes per second (MB/s). For more details, see https://aka.ms/redis/enterprise/metrics. |InstanceId | -|connectedclients |Yes |Connected Clients |Count |Maximum |The number of client connections to the cache. For more details, see https://aka.ms/redis/enterprise/metrics. |InstanceId | -|errors |Yes |Errors |Count |Maximum |The number errors that occured on the cache. For more details, see https://aka.ms/redis/enterprise/metrics. |InstanceId, ErrorType | -|evictedkeys |Yes |Evicted Keys |Count |Total |The number of items evicted from the cache. For more details, see https://aka.ms/redis/enterprise/metrics. |No Dimensions | -|expiredkeys |Yes |Expired Keys |Count |Total |The number of items expired from the cache. For more details, see https://aka.ms/redis/enterprise/metrics. |No Dimensions | -|geoReplicationHealthy |Yes |Geo Replication Healthy |Count |Maximum |The health of geo replication in an Active Geo-Replication group. 0 represents Unhealthy and 1 represents Healthy. For more details, see https://aka.ms/redis/enterprise/metrics. |No Dimensions | -|getcommands |Yes |Gets |Count |Total |The number of get operations from the cache. For more details, see https://aka.ms/redis/enterprise/metrics. |No Dimensions | -|operationsPerSecond |Yes |Operations Per Second |Count |Maximum |The number of instantaneous operations per second executed on the cache. For more details, see https://aka.ms/redis/enterprise/metrics. |No Dimensions | -|percentProcessorTime |Yes |CPU |Percent |Maximum |The CPU utilization of the Azure Redis Cache server as a percentage. For more details, see https://aka.ms/redis/enterprise/metrics. |InstanceId | -|serverLoad |Yes |Server Load |Percent |Maximum |The percentage of cycles in which the Redis server is busy processing and not waiting idle for messages. For more details, see https://aka.ms/redis/enterprise/metrics. |No Dimensions | -|setcommands |Yes |Sets |Count |Total |The number of set operations to the cache. For more details, see https://aka.ms/redis/enterprise/metrics. |No Dimensions | -|totalcommandsprocessed |Yes |Total Operations |Count |Total |The total number of commands processed by the cache server. For more details, see https://aka.ms/redis/enterprise/metrics. |No Dimensions | -|totalkeys |Yes |Total Keys |Count |Maximum |The total number of items in the cache. For more details, see https://aka.ms/redis/enterprise/metrics. |No Dimensions | -|usedmemory |Yes |Used Memory |Bytes |Maximum |The amount of cache memory used for key/value pairs in the cache in MB. For more details, see https://aka.ms/redis/enterprise/metrics. |No Dimensions | -|usedmemorypercentage |Yes |Used Memory Percentage |Percent |Maximum |The percentage of cache memory used for key/value pairs. For more details, see https://aka.ms/redis/enterprise/metrics. |InstanceId | --## Microsoft.Cdn/cdnwebapplicationfirewallpolicies -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|WebApplicationFirewallRequestCount |Yes |Web Application Firewall Request Count |Count |Total |The number of client requests processed by the Web Application Firewall |PolicyName, RuleName, Action | --## Microsoft.Cdn/profiles -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|ByteHitRatio |Yes |Byte Hit Ratio |Percent |Average |This is the ratio of the total bytes served from the cache compared to the total response bytes |Endpoint | -|OriginHealthPercentage |Yes |Origin Health Percentage |Percent |Average |The percentage of successful health probes from AFDX to backends. |Origin, OriginGroup | -|OriginLatency |Yes |Origin Latency |MilliSeconds |Average |The time calculated from when the request was sent by AFDX edge to the backend until AFDX received the last response byte from the backend. |Origin, Endpoint | -|OriginRequestCount |Yes |Origin Request Count |Count |Total |The number of requests sent from AFDX to origin. |HttpStatus, HttpStatusGroup, Origin, Endpoint | -|Percentage4XX |Yes |Percentage of 4XX |Percent |Average |The percentage of all the client requests for which the response status code is 4XX |Endpoint, ClientRegion, ClientCountry | -|Percentage5XX |Yes |Percentage of 5XX |Percent |Average |The percentage of all the client requests for which the response status code is 5XX |Endpoint, ClientRegion, ClientCountry | -|RequestCount |Yes |Request Count |Count |Total |The number of client requests served by the HTTP/S proxy |HttpStatus, HttpStatusGroup, ClientRegion, ClientCountry, Endpoint | -|RequestSize |Yes |Request Size |Bytes |Total |The number of bytes sent as requests from clients to AFDX. |HttpStatus, HttpStatusGroup, ClientRegion, ClientCountry, Endpoint | -|ResponseSize |Yes |Response Size |Bytes |Total |The number of bytes sent as responses from HTTP/S proxy to clients |HttpStatus, HttpStatusGroup, ClientRegion, ClientCountry, Endpoint | -|TotalLatency |Yes |Total Latency |MilliSeconds |Average |The time calculated from when the client request was received by the HTTP/S proxy until the client acknowledged the last response byte from the HTTP/S proxy |HttpStatus, HttpStatusGroup, ClientRegion, ClientCountry, Endpoint | -|WebApplicationFirewallRequestCount |Yes |Web Application Firewall Request Count |Count |Total |The number of client requests processed by the Web Application Firewall |PolicyName, RuleName, Action | --## Microsoft.ClassicCompute/domainNames/slots/roles -<!-- Data source : arm--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|Disk Read Bytes/Sec |No |Disk Read |BytesPerSecond |Average |Average bytes read from disk during monitoring period. |RoleInstanceId | -|Disk Read Operations/Sec |Yes |Disk Read Operations/Sec |CountPerSecond |Average |Disk Read IOPS. |RoleInstanceId | -|Disk Write Bytes/Sec |No |Disk Write |BytesPerSecond |Average |Average bytes written to disk during monitoring period. |RoleInstanceId | -|Disk Write Operations/Sec |Yes |Disk Write Operations/Sec |CountPerSecond |Average |Disk Write IOPS. |RoleInstanceId | -|Network In |Yes |Network In |Bytes |Total |The number of bytes received on all network interfaces by the Virtual Machine(s) (Incoming Traffic). |RoleInstanceId | -|Network Out |Yes |Network Out |Bytes |Total |The number of bytes out on all network interfaces by the Virtual Machine(s) (Outgoing Traffic). |RoleInstanceId | -|Percentage CPU |Yes |Percentage CPU |Percent |Average |The percentage of allocated compute units that are currently in use by the Virtual Machine(s). |RoleInstanceId | --## Microsoft.ClassicCompute/virtualMachines -<!-- Data source : arm--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|Disk Read Bytes/Sec |No |Disk Read |BytesPerSecond |Average |Average bytes read from disk during monitoring period. |No Dimensions | -|Disk Read Operations/Sec |Yes |Disk Read Operations/Sec |CountPerSecond |Average |Disk Read IOPS. |No Dimensions | -|Disk Write Bytes/Sec |No |Disk Write |BytesPerSecond |Average |Average bytes written to disk during monitoring period. |No Dimensions | -|Disk Write Operations/Sec |Yes |Disk Write Operations/Sec |CountPerSecond |Average |Disk Write IOPS. |No Dimensions | -|Network In |Yes |Network In |Bytes |Total |The number of bytes received on all network interfaces by the Virtual Machine(s) (Incoming Traffic). |No Dimensions | -|Network Out |Yes |Network Out |Bytes |Total |The number of bytes out on all network interfaces by the Virtual Machine(s) (Outgoing Traffic). |No Dimensions | -|Percentage CPU |Yes |Percentage CPU |Percent |Average |The percentage of allocated compute units that are currently in use by the Virtual Machine(s). |No Dimensions | --## Microsoft.ClassicStorage/storageAccounts -<!-- Data source : arm--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|Availability |Yes |Availability |Percent |Average |The percentage of availability for the storage service or the specified API operation. Availability is calculated by taking the TotalBillableRequests value and dividing it by the number of applicable requests, including those that produced unexpected errors. All unexpected errors result in reduced availability for the storage service or the specified API operation. |GeoType, ApiName, Authentication | -|Egress |Yes |Egress |Bytes |Total |The amount of egress data, in bytes. This number includes egress from an external client into Azure Storage as well as egress within Azure. As a result, this number does not reflect billable egress. |GeoType, ApiName, Authentication | -|Ingress |Yes |Ingress |Bytes |Total |The amount of ingress data, in bytes. This number includes ingress from an external client into Azure Storage as well as ingress within Azure. |GeoType, ApiName, Authentication | -|SuccessE2ELatency |Yes |Success E2E Latency |Milliseconds |Average |The end-to-end latency of successful requests made to a storage service or the specified API operation, in milliseconds. This value includes the required processing time within Azure Storage to read the request, send the response, and receive acknowledgment of the response. |GeoType, ApiName, Authentication | -|SuccessServerLatency |Yes |Success Server Latency |Milliseconds |Average |The latency used by Azure Storage to process a successful request, in milliseconds. This value does not include the network latency specified in SuccessE2ELatency. |GeoType, ApiName, Authentication | -|Transactions |Yes |Transactions |Count |Total |The number of requests made to a storage service or the specified API operation. This number includes successful and failed requests, as well as requests which produced errors. Use ResponseType dimension for the number of different type of response. |ResponseType, GeoType, ApiName, Authentication | -|UsedCapacity |No |Used capacity |Bytes |Average |Account used capacity |No Dimensions | --## Microsoft.ClassicStorage/storageAccounts/blobServices -<!-- Data source : arm--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|Availability |Yes |Availability |Percent |Average |The percentage of availability for the storage service or the specified API operation. Availability is calculated by taking the TotalBillableRequests value and dividing it by the number of applicable requests, including those that produced unexpected errors. All unexpected errors result in reduced availability for the storage service or the specified API operation. |GeoType, ApiName, Authentication | -|BlobCapacity |No |Blob Capacity |Bytes |Average |The amount of storage used by the storage account's Blob service in bytes. |BlobType, Tier | -|BlobCount |No |Blob Count |Count |Average |The number of Blob in the storage account's Blob service. |BlobType, Tier | -|ContainerCount |No |Blob Container Count |Count |Average |The number of containers in the storage account's Blob service. |No Dimensions | -|Egress |Yes |Egress |Bytes |Total |The amount of egress data, in bytes. This number includes egress from an external client into Azure Storage as well as egress within Azure. As a result, this number does not reflect billable egress. |GeoType, ApiName, Authentication | -|IndexCapacity |No |Index Capacity |Bytes |Average |The amount of storage used by ADLS Gen2 (Hierarchical) Index in bytes. |No Dimensions | -|Ingress |Yes |Ingress |Bytes |Total |The amount of ingress data, in bytes. This number includes ingress from an external client into Azure Storage as well as ingress within Azure. |GeoType, ApiName, Authentication | -|SuccessE2ELatency |Yes |Success E2E Latency |Milliseconds |Average |The end-to-end latency of successful requests made to a storage service or the specified API operation, in milliseconds. This value includes the required processing time within Azure Storage to read the request, send the response, and receive acknowledgment of the response. |GeoType, ApiName, Authentication | -|SuccessServerLatency |Yes |Success Server Latency |Milliseconds |Average |The latency used by Azure Storage to process a successful request, in milliseconds. This value does not include the network latency specified in SuccessE2ELatency. |GeoType, ApiName, Authentication | -|Transactions |Yes |Transactions |Count |Total |The number of requests made to a storage service or the specified API operation. This number includes successful and failed requests, as well as requests which produced errors. Use ResponseType dimension for the number of different type of response. |ResponseType, GeoType, ApiName, Authentication | --## Microsoft.ClassicStorage/storageAccounts/fileServices -<!-- Data source : arm--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|Availability |Yes |Availability |Percent |Average |The percentage of availability for the storage service or the specified API operation. Availability is calculated by taking the TotalBillableRequests value and dividing it by the number of applicable requests, including those that produced unexpected errors. All unexpected errors result in reduced availability for the storage service or the specified API operation. |GeoType, ApiName, Authentication, FileShare | -|Egress |Yes |Egress |Bytes |Total |The amount of egress data, in bytes. This number includes egress from an external client into Azure Storage as well as egress within Azure. As a result, this number does not reflect billable egress. |GeoType, ApiName, Authentication, FileShare | -|FileCapacity |No |File Capacity |Bytes |Average |The amount of storage used by the storage account's File service in bytes. |FileShare | -|FileCount |No |File Count |Count |Average |The number of file in the storage account's File service. |FileShare | -|FileShareCount |No |File Share Count |Count |Average |The number of file shares in the storage account's File service. |No Dimensions | -|FileShareQuota |No |File share quota size |Bytes |Average |The upper limit on the amount of storage that can be used by Azure Files Service in bytes. |FileShare | -|FileShareSnapshotCount |No |File Share Snapshot Count |Count |Average |The number of snapshots present on the share in storage account's Files Service. |FileShare | -|FileShareSnapshotSize |No |File Share Snapshot Size |Bytes |Average |The amount of storage used by the snapshots in storage account's File service in bytes. |FileShare | -|Ingress |Yes |Ingress |Bytes |Total |The amount of ingress data, in bytes. This number includes ingress from an external client into Azure Storage as well as ingress within Azure. |GeoType, ApiName, Authentication, FileShare | -|SuccessE2ELatency |Yes |Success E2E Latency |Milliseconds |Average |The end-to-end latency of successful requests made to a storage service or the specified API operation, in milliseconds. This value includes the required processing time within Azure Storage to read the request, send the response, and receive acknowledgment of the response. |GeoType, ApiName, Authentication, FileShare | -|SuccessServerLatency |Yes |Success Server Latency |Milliseconds |Average |The latency used by Azure Storage to process a successful request, in milliseconds. This value does not include the network latency specified in SuccessE2ELatency. |GeoType, ApiName, Authentication, FileShare | -|Transactions |Yes |Transactions |Count |Total |The number of requests made to a storage service or the specified API operation. This number includes successful and failed requests, as well as requests which produced errors. Use ResponseType dimension for the number of different type of response. |ResponseType, GeoType, ApiName, Authentication, FileShare | --## Microsoft.ClassicStorage/storageAccounts/queueServices -<!-- Data source : arm--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|Availability |Yes |Availability |Percent |Average |The percentage of availability for the storage service or the specified API operation. Availability is calculated by taking the TotalBillableRequests value and dividing it by the number of applicable requests, including those that produced unexpected errors. All unexpected errors result in reduced availability for the storage service or the specified API operation. |GeoType, ApiName, Authentication | -|Egress |Yes |Egress |Bytes |Total |The amount of egress data, in bytes. This number includes egress from an external client into Azure Storage as well as egress within Azure. As a result, this number does not reflect billable egress. |GeoType, ApiName, Authentication | -|Ingress |Yes |Ingress |Bytes |Total |The amount of ingress data, in bytes. This number includes ingress from an external client into Azure Storage as well as ingress within Azure. |GeoType, ApiName, Authentication | -|QueueCapacity |Yes |Queue Capacity |Bytes |Average |The amount of storage used by the storage account's Queue service in bytes. |No Dimensions | -|QueueCount |Yes |Queue Count |Count |Average |The number of queue in the storage account's Queue service. |No Dimensions | -|QueueMessageCount |Yes |Queue Message Count |Count |Average |The approximate number of queue messages in the storage account's Queue service. |No Dimensions | -|SuccessE2ELatency |Yes |Success E2E Latency |Milliseconds |Average |The end-to-end latency of successful requests made to a storage service or the specified API operation, in milliseconds. This value includes the required processing time within Azure Storage to read the request, send the response, and receive acknowledgment of the response. |GeoType, ApiName, Authentication | -|SuccessServerLatency |Yes |Success Server Latency |Milliseconds |Average |The latency used by Azure Storage to process a successful request, in milliseconds. This value does not include the network latency specified in SuccessE2ELatency. |GeoType, ApiName, Authentication | -|Transactions |Yes |Transactions |Count |Total |The number of requests made to a storage service or the specified API operation. This number includes successful and failed requests, as well as requests which produced errors. Use ResponseType dimension for the number of different type of response. |ResponseType, GeoType, ApiName, Authentication | --## Microsoft.ClassicStorage/storageAccounts/tableServices -<!-- Data source : arm--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|Availability |Yes |Availability |Percent |Average |The percentage of availability for the storage service or the specified API operation. Availability is calculated by taking the TotalBillableRequests value and dividing it by the number of applicable requests, including those that produced unexpected errors. All unexpected errors result in reduced availability for the storage service or the specified API operation. |GeoType, ApiName, Authentication | -|Egress |Yes |Egress |Bytes |Total |The amount of egress data, in bytes. This number includes egress from an external client into Azure Storage as well as egress within Azure. As a result, this number does not reflect billable egress. |GeoType, ApiName, Authentication | -|Ingress |Yes |Ingress |Bytes |Total |The amount of ingress data, in bytes. This number includes ingress from an external client into Azure Storage as well as ingress within Azure. |GeoType, ApiName, Authentication | -|SuccessE2ELatency |Yes |Success E2E Latency |Milliseconds |Average |The end-to-end latency of successful requests made to a storage service or the specified API operation, in milliseconds. This value includes the required processing time within Azure Storage to read the request, send the response, and receive acknowledgment of the response. |GeoType, ApiName, Authentication | -|SuccessServerLatency |Yes |Success Server Latency |Milliseconds |Average |The latency used by Azure Storage to process a successful request, in milliseconds. This value does not include the network latency specified in SuccessE2ELatency. |GeoType, ApiName, Authentication | -|TableCapacity |No |Table Capacity |Bytes |Average |The amount of storage used by the storage account's Table service in bytes. |No Dimensions | -|TableCount |No |Table Count |Count |Average |The number of table in the storage account's Table service. |No Dimensions | -|TableEntityCount |No |Table Entity Count |Count |Average |The number of table entities in the storage account's Table service. |No Dimensions | -|Transactions |Yes |Transactions |Count |Total |The number of requests made to a storage service or the specified API operation. This number includes successful and failed requests, as well as requests which produced errors. Use ResponseType dimension for the number of different type of response. |ResponseType, GeoType, ApiName, Authentication | --## Microsoft.Cloudtest/hostedpools -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|Allocated |Yes |Allocated |Count |Average |Resources that are allocated |PoolId, SKU, Images, ProviderName | -|AllocationDurationMs |Yes |AllocationDurationMs |Milliseconds |Average |Average time to allocate requests (ms) |PoolId, Type, ResourceRequestType, Image | -|Count |Yes |Count |Count |Count |Number of requests in last dump |RequestType, Status, PoolId, Type, ErrorCode, FailureStage | -|NotReady |Yes |NotReady |Count |Average |Resources that are not ready to be used |PoolId, SKU, Images, ProviderName | -|PendingReimage |Yes |PendingReimage |Count |Average |Resources that are pending reimage |PoolId, SKU, Images, ProviderName | -|PendingReturn |Yes |PendingReturn |Count |Average |Resources that are pending return |PoolId, SKU, Images, ProviderName | -|Provisioned |Yes |Provisioned |Count |Average |Resources that are provisioned |PoolId, SKU, Images, ProviderName | -|Ready |Yes |Ready |Count |Average |Resources that are ready to be used |PoolId, SKU, Images, ProviderName | -|Starting |Yes |Starting |Count |Average |Resources that are starting |PoolId, SKU, Images, ProviderName | -|Total |Yes |Total |Count |Average |Total Number of Resources |PoolId, SKU, Images, ProviderName | --## Microsoft.Cloudtest/pools -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|Allocated |Yes |Allocated |Count |Average |Resources that are allocated |PoolId, SKU, Images, ProviderName | -|AllocationDurationMs |Yes |AllocationDurationMs |Milliseconds |Average |Average time to allocate requests (ms) |PoolId, Type, ResourceRequestType, Image | -|Count |Yes |Count |Count |Count |Number of requests in last dump |RequestType, Status, PoolId, Type, ErrorCode, FailureStage | -|NotReady |Yes |NotReady |Count |Average |Resources that are not ready to be used |PoolId, SKU, Images, ProviderName | -|PendingReimage |Yes |PendingReimage |Count |Average |Resources that are pending reimage |PoolId, SKU, Images, ProviderName | -|PendingReturn |Yes |PendingReturn |Count |Average |Resources that are pending return |PoolId, SKU, Images, ProviderName | -|Provisioned |Yes |Provisioned |Count |Average |Resources that are provisioned |PoolId, SKU, Images, ProviderName | -|Ready |Yes |Ready |Count |Average |Resources that are ready to be used |PoolId, SKU, Images, ProviderName | -|Starting |Yes |Starting |Count |Average |Resources that are starting |PoolId, SKU, Images, ProviderName | -|Total |Yes |Total |Count |Average |Total Number of Resources |PoolId, SKU, Images, ProviderName | --## Microsoft.ClusterStor/nodes -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|TotalCapacityAvailable |No |TotalCapacityAvailable |Bytes |Average |The total capacity available in lustre file system |filesystem_name, category, system | -|TotalCapacityUsed |No |TotalCapacityUsed |Bytes |Average |The total capacity used in lustre file system |filesystem_name, category, system | -|TotalRead |No |TotalRead |BytesPerSecond |Average |The total lustre file system read per second |filesystem_name, category, system | -|TotalWrite |No |TotalWrite |BytesPerSecond |Average |The total lustre file system write per second |filesystem_name, category, system | --## Microsoft.CodeSigning/codesigningaccounts -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|SignCompleted |Yes |SignCompleted |Count |Count |Completed Sign Request |CertType, Region, TenantId | --## Microsoft.CognitiveSearch/indexes -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|IndexReadVCoreAllocationCurrent |No |Query Capacity Current vCore |Cores |Maximum |The currently allocated vCore capacity for querying an index |IndexSin | -|IndexReadVCoreAllocationMaximum |No |Query Capacity Maximum vCore |Cores |Maximum |The upper bound of vCore usage for querying an index |IndexSin | -|IndexReadVCoreAllocationMinimum |No |Query Capacity Minimum vCore |Cores |Maximum |The lower bound of vCore capacity for querying an index |IndexSin | -|IndexWriteVCoreAllocationCurrent |No |Indexing Capacity Current vCore |Cores |Maximum |The currently allocated vCore consumption for indexing documents |IndexSin | -|IndexWriteVCoreAllocationMaximum |No |Indexing Capacity Maximum vCore |Cores |Maximum |The upper bound of vCore usage for indexing documents |IndexSin | -|IndexWriteVCoreAllocationMinimum |No |Indexing Capacity Minimum vCore |Cores |Maximum |The lower bound of vCore usage for indexing documents |IndexSin | --## Microsoft.CognitiveServices/accounts -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|ActionFeatureIdOccurrences |Yes |Action Feature Occurrences |Count |Total |Number of times each action feature appears. |FeatureId, Mode, RunId | -|ActionFeaturesPerEvent |Yes |Action Features Per Event |Count |Average |Average number of action features per event. |Mode, RunId | -|ActionIdOccurrences |Yes |Action Occurences |Count |Total |Number of times each action appears. |ActionId, Mode, RunId | -|ActionNamespacesPerEvent |Yes |Action Namespaces Per Event |Count |Average |Average number of action namespaces per event. |Mode, RunId | -|ActionsPerEvent |Yes |Actions Per Event |Count |Average |Number of actions per event. |Mode, RunId | -|AudioSecondsTranscribed |Yes |Audio Seconds Transcribed |Count |Total |Number of seconds transcribed |ApiName, FeatureName, UsageChannel, Region | -|AudioSecondsTranslated |Yes |Audio Seconds Translated |Count |Total |Number of seconds translated |ApiName, FeatureName, UsageChannel, Region | -|BaselineEstimatorOverallReward |Yes |Baseline Estimator Overall Reward |Count |Average |Baseline Estimator Overall Reward. |Mode, RunId | -|BaselineEstimatorSlotReward |Yes |Baseline Estimator Slot Reward |Count |Average |Baseline Estimator Reward by slot. |SlotId, SlotIndex, Mode, RunId | -|BaselineRandomEstimatorOverallReward |Yes |Baseline Random Estimator Overall Reward |Count |Average |Baseline Random Estimator Overall Reward. |Mode, RunId | -|BaselineRandomEstimatorSlotReward |Yes |Baseline Random Estimator Slot Reward |Count |Average |Baseline Random Estimator Reward by slot. |SlotId, SlotIndex, Mode, RunId | -|BaselineRandomEventCount |Yes |Baseline Random Event count |Count |Total |Estimation for baseline random event count. |Mode, RunId | -|BaselineRandomReward |Yes |Baseline Random Reward |Count |Total |Estimation for baseline random reward. |Mode, RunId | -|BlockedCalls |Yes |Blocked Calls |Count |Total |Number of calls that exceeded rate or quota limit. |ApiName, OperationName, Region, RatelimitKey | -|CarnegieInferenceCount |Yes |Inference Count |Count |Total |Inference Count of Carnegie Frontdoor Service |Region, Modality, Category, Language, SeverityLevel, UseCustomList | -|CharactersTrained |Yes |Characters Trained (Deprecated) |Count |Total |Total number of characters trained. |ApiName, OperationName, Region | -|CharactersTranslated |Yes |Characters Translated (Deprecated) |Count |Total |Total number of characters in incoming text request. |ApiName, OperationName, Region | -|ClientErrors |Yes |Client Errors |Count |Total |Number of calls with client side error (HTTP response code 4xx). |ApiName, OperationName, Region, RatelimitKey | -|ComputerVisionTransactions |Yes |Computer Vision Transactions |Count |Total |Number of Computer Vision Transactions |ApiName, FeatureName, UsageChannel, Region | -|ContentSafetyImageAnalyzeRequestCount |Yes |Call Count for Image Moderation |Count |Total |Number of calls for image moderation. |ApiVersion | -|ContentSafetyTextAnalyzeRequestCount |Yes |Call Count for Text Moderation |Count |Total |Number of calls for text moderation. |ApiVersion | -|ContextFeatureIdOccurrences |Yes |Context Feature Occurrences |Count |Total |Number of times each context feature appears. |FeatureId, Mode, RunId | -|ContextFeaturesPerEvent |Yes |Context Features Per Event |Count |Average |Number of context features per event. |Mode, RunId | -|ContextNamespacesPerEvent |Yes |Context Namespaces Per Event |Count |Average |Number of context namespaces per event. |Mode, RunId | -|CustomVisionTrainingTime |Yes |Custom Vision Training Time |Seconds |Total |Custom Vision training time |ApiName, FeatureName, UsageChannel, Region | -|CustomVisionTransactions |Yes |Custom Vision Transactions |Count |Total |Number of Custom Vision prediction transactions |ApiName, FeatureName, UsageChannel, Region | -|DataIn |Yes |Data In |Bytes |Total |Size of incoming data in bytes. |ApiName, OperationName, Region | -|DataOut |Yes |Data Out |Bytes |Total |Size of outgoing data in bytes. |ApiName, OperationName, Region | -|DocumentCharactersTranslated |Yes |Document Characters Translated |Count |Total |Number of characters in document translation request. |ApiName, FeatureName, UsageChannel, Region | -|DocumentCustomCharactersTranslated |Yes |Document Custom Characters Translated |Count |Total |Number of characters in custom document translation request. |ApiName, FeatureName, UsageChannel, Region | -|FaceImagesTrained |Yes |Face Images Trained |Count |Total |Number of images trained. 1,000 images trained per transaction. |ApiName, FeatureName, UsageChannel, Region | -|FacesStored |Yes |Faces Stored |Count |Total |Number of faces stored, prorated daily. The number of faces stored is reported daily. |ApiName, FeatureName, UsageChannel, Region | -|FaceTransactions |Yes |Face Transactions |Count |Total |Number of API calls made to Face service |ApiName, FeatureName, UsageChannel, Region | -|FeatureCardinality_Action |Yes |Feature Cardinality by Action |Count |Average |Feature Cardinality based on Action. |FeatureId, Mode, RunId | -|FeatureCardinality_Context |Yes |Feature Cardinality by Context |Count |Average |Feature Cardinality based on Context. |FeatureId, Mode, RunId | -|FeatureCardinality_Slot |Yes |Feature Cardinality by Slot |Count |Average |Feature Cardinality based on Slot. |FeatureId, Mode, RunId | -|FineTunedTrainingHours |Yes |Processed FineTuned Training Hours |Count |Total |Number of Training Hours Processed on an OpenAI FineTuned Model |ApiName, ModelDeploymentName, FeatureName, UsageChannel, Region | -|GeneratedTokens |Yes |Generated Completion Tokens |Count |Total |Number of Generated Tokens from an OpenAI Model |ApiName, ModelDeploymentName, FeatureName, UsageChannel, Region | -|ImagesStored |Yes |Images Stored |Count |Total |Number of Custom Vision images stored. |ApiName, FeatureName, UsageChannel, Region | -|Latency |Yes |Latency |MilliSeconds |Average |Latency in milliseconds. |ApiName, OperationName, Region, RatelimitKey | -|LearnedEvents |Yes |Learned Events |Count |Total |Number of Learned Events. |IsMatchBaseline, Mode, RunId | -|LUISSpeechRequests |Yes |LUIS Speech Requests |Count |Total |Number of LUIS speech to intent understanding requests |ApiName, FeatureName, UsageChannel, Region | -|LUISTextRequests |Yes |LUIS Text Requests |Count |Total |Number of LUIS text requests |ApiName, FeatureName, UsageChannel, Region | -|MatchedRewards |Yes |Matched Rewards |Count |Total |Number of Matched Rewards. |Mode, RunId | -|NonActivatedEvents |Yes |Non Activated Events |Count |Total |Number of skipped events. |Mode, RunId | -|NumberOfSlots |Yes |Slots |Count |Average |Number of slots per event. |Mode, RunId | -|NumberofSpeakerProfiles |Yes |Number of Speaker Profiles |Count |Total |Number of speaker profiles enrolled. Prorated hourly. |ApiName, FeatureName, UsageChannel, Region | -|ObservedRewards |Yes |Observed Rewards |Count |Total |Number of Observed Rewards. |Mode, RunId | -|OnlineEstimatorOverallReward |Yes |Online Estimator Overall Reward |Count |Average |Online Estimator Overall Reward. |Mode, RunId | -|OnlineEstimatorSlotReward |Yes |Online Estimator Slot Reward |Count |Average |Online Estimator Reward by slot. |SlotId, SlotIndex, Mode, RunId | -|OnlineEventCount |Yes |Online Event Count |Count |Total |Estimation for online event count. |Mode, RunId | -|OnlineReward |Yes |Online Reward |Count |Total |Estimation for online reward. |Mode, RunId | -|ProcessedCharacters |Yes |Processed Characters |Count |Total |Number of Characters processed by Immersive Reader. |ApiName, FeatureName, UsageChannel, Region | -|ProcessedHealthTextRecords |Yes |Processed Health Text Records |Count |Total |Number of health text records processed |ApiName, FeatureName, UsageChannel, Region | -|ProcessedImages |Yes |Processed Images |Count |Total |Number of images processed |ApiName, FeatureName, UsageChannel, Region | -|ProcessedPages |Yes |Processed Pages |Count |Total |Number of pages processed |ApiName, FeatureName, UsageChannel, Region | -|ProcessedPromptTokens |Yes |Processed Prompt Tokens |Count |Total |Number of Prompt Tokens Processed on an OpenAI Model |ApiName, ModelDeploymentName, FeatureName, UsageChannel, Region | -|ProcessedTextRecords |Yes |Processed Text Records |Count |Total |Count of Text Records. |ApiName, FeatureName, UsageChannel, Region | -|QuestionAnsweringTextRecords |Yes |QA Text Records |Count |Total |Number of text records processed |ApiName, FeatureName, UsageChannel, Region | -|Ratelimit |Yes |Ratelimit |Count |Total |The current ratelimit of the ratelimit key. |Region, RatelimitKey | -|Reward |Yes |Average Reward Per Event |Count |Average |Average reward per event. |BaselineAction, ChosenActionId, MatchesBaseline, NonDefaultReward, Mode, RunId | -|ServerErrors |Yes |Server Errors |Count |Total |Number of calls with service internal error (HTTP response code 5xx). |ApiName, OperationName, Region, RatelimitKey | -|SlotFeatureIdOccurrences |Yes |Slot Feature Occurrences |Count |Total |Number of times each slot feature appears. |FeatureId, Mode, RunId | -|SlotFeaturesPerEvent |Yes |Slot Features Per Event |Count |Average |Average number of slot features per event. |Mode, RunId | -|SlotIdOccurrences |Yes |Slot Occurrences |Count |Total |Number of times each slot appears. |SlotId, SlotIndex, Mode, RunId | -|SlotNamespacesPerEvent |Yes |Slot Namespaces Per Event |Count |Average |Average number of slot namespaces per event. |Mode, RunId | -|SlotReward |Yes |Slot Reward |Count |Average |Reward per slot. |BaselineActionId, ChosenActionId, MatchesBaseline, NonDefaultReward, SlotId, SlotIndex, Mode, RunId | -|SpeakerRecognitionTransactions |Yes |Speaker Recognition Transactions |Count |Total |Number of speaker recognition transactions |ApiName, FeatureName, UsageChannel, Region | -|SpeechModelHostingHours |Yes |Speech Model Hosting Hours |Count |Total |Number of speech model hosting hours |ApiName, FeatureName, UsageChannel, Region | -|SpeechSessionDuration |Yes |Speech Session Duration (Deprecated) |Seconds |Total |Total duration of speech session in seconds. |ApiName, OperationName, Region | -|SuccessfulCalls |Yes |Successful Calls |Count |Total |Number of successful calls. |ApiName, OperationName, Region, RatelimitKey | -|SuccessRate |No |AvailabilityRate |Percent |Average |Availability percentage with the following calculation: (Total Calls - Server Errors)/Total Calls. Server Errors include any HTTP responses >=500. |ApiName, OperationName, Region, RatelimitKey | -|SynthesizedCharacters |Yes |Synthesized Characters |Count |Total |Number of Characters. |ApiName, FeatureName, UsageChannel, Region | -|TextCharactersTranslated |Yes |Text Characters Translated |Count |Total |Number of characters in incoming text translation request. |ApiName, FeatureName, UsageChannel, Region | -|TextCustomCharactersTranslated |Yes |Text Custom Characters Translated |Count |Total |Number of characters in incoming custom text translation request. |ApiName, FeatureName, UsageChannel, Region | -|TextTrainedCharacters |Yes |Text Trained Characters |Count |Total |Number of characters trained using text translation. |ApiName, FeatureName, UsageChannel, Region | -|TokenTransaction |Yes |Processed Inference Tokens |Count |Total |Number of Inference Tokens Processed on an OpenAI Model |ApiName, ModelDeploymentName, FeatureName, UsageChannel, Region | -|TotalCalls |Yes |Total Calls |Count |Total |Total number of calls. |ApiName, OperationName, Region, RatelimitKey | -|TotalErrors |Yes |Total Errors |Count |Total |Total number of calls with error response (HTTP response code 4xx or 5xx). |ApiName, OperationName, Region, RatelimitKey | -|TotalEvents |Yes |Total Events |Count |Total |Number of events. |Mode, RunId | -|TotalTokenCalls |Yes |Total Token Calls |Count |Total |Total number of token calls. |ApiName, OperationName, Region | -|TotalTransactions |Yes |Total Transactions (Deprecated) |Count |Total |Total number of transactions. |No Dimensions | -|UserBaselineEventCount |Yes |User Baseline Event Count |Count |Total |Estimation for user defined baseline event count. |Mode, RunId | -|UserBaselineReward |Yes |User Baseline Reward |Count |Total |Estimation for user defined baseline reward. |Mode, RunId | -|VoiceModelHostingHours |Yes |Voice Model Hosting Hours |Count |Total |Number of Hours. |ApiName, FeatureName, UsageChannel, Region | -|VoiceModelTrainingMinutes |Yes |Voice Model Training Minutes |Count |Total |Number of Minutes. |ApiName, FeatureName, UsageChannel, Region | --## Microsoft.Communication/CommunicationServices -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|APIRequestAuthentication |No |Authentication API Requests |Count |Count |Count of all requests against the Communication Services Authentication endpoint. |Operation, StatusCode, StatusCodeClass | -|APIRequestCallAutomation |Yes |Call Automation API Requests |Count |Count |Count of all requests against the Communication Call Automation endpoint. |Operation, StatusCode, StatusCodeClass | -|APIRequestCallRecording |Yes |Call Recording API Requests |Count |Count |Count of all requests against the Communication Services Call Recording endpoint. |Operation, StatusCode, StatusCodeClass | -|APIRequestChat |Yes |Chat API Requests |Count |Count |Count of all requests against the Communication Services Chat endpoint. |Operation, StatusCode, StatusCodeClass | -|APIRequestNetworkTraversal |No |Network Traversal API Requests |Count |Count |Count of all requests against the Communication Services Network Traversal endpoint. |Operation, StatusCode, StatusCodeClass | -|ApiRequestRooms |Yes |Rooms API Requests |Count |Count |Count of all requests against the Communication Services Rooms endpoint. |Operation, StatusCode, StatusCodeClass | -|ApiRequestRouter |Yes |Job Router API Requests |Count |Count |Count of all requests against the Communication Services Job Router endpoint. |OperationName, StatusCode, StatusCodeSubClass, ApiVersion | -|ApiRequests |Yes |Email Service API Requests |Count |Count |Email Communication Services API request metric for the data-plane API surface. |Operation, StatusCode, StatusCodeClass, StatusCodeReason | -|APIRequestSMS |Yes |SMS API Requests |Count |Count |Count of all requests against the Communication Services SMS endpoint. |Operation, StatusCode, StatusCodeClass, ErrorCode, NumberType, Country, OptAction | -|DeliveryStatusUpdate |Yes |Email Service Delivery Status Updates |Count |Count |Email Communication Services message delivery results. |MessageStatus, Result, SmtpStatusCode, EnhancedSmtpStatusCode, SenderDomain, IsHardBounce | -|UserEngagement |Yes |Email Service User Engagement |Count |Count |Email Communication Services user engagement metrics. |EngagementType | --## Microsoft.Compute/cloudservices -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|Available Memory Bytes |Yes |Available Memory Bytes (Preview) |Bytes |Average |Amount of physical memory, in bytes, immediately available for allocation to a process or for system use in the Virtual Machine |RoleInstanceId, RoleId | -|Disk Read Bytes |Yes |Disk Read Bytes |Bytes |Total |Bytes read from disk during monitoring period |RoleInstanceId, RoleId | -|Disk Read Operations/Sec |Yes |Disk Read Operations/Sec |CountPerSecond |Average |Disk Read IOPS |RoleInstanceId, RoleId | -|Disk Write Bytes |Yes |Disk Write Bytes |Bytes |Total |Bytes written to disk during monitoring period |RoleInstanceId, RoleId | -|Disk Write Operations/Sec |Yes |Disk Write Operations/Sec |CountPerSecond |Average |Disk Write IOPS |RoleInstanceId, RoleId | -|Network In Total |Yes |Network In Total |Bytes |Total |The number of bytes received on all network interfaces by the Virtual Machine(s) (Incoming Traffic) |RoleInstanceId, RoleId | -|Network Out Total |Yes |Network Out Total |Bytes |Total |The number of bytes out on all network interfaces by the Virtual Machine(s) (Outgoing Traffic) |RoleInstanceId, RoleId | -|Percentage CPU |Yes |Percentage CPU |Percent |Average |The percentage of allocated compute units that are currently in use by the Virtual Machine(s) |RoleInstanceId, RoleId | --## Microsoft.Compute/cloudServices/roles -<!-- Data source : arm--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|Available Memory Bytes |Yes |Available Memory Bytes (Preview) |Bytes |Average |Amount of physical memory, in bytes, immediately available for allocation to a process or for system use in the Virtual Machine |RoleInstanceId, RoleId | -|Disk Read Bytes |Yes |Disk Read Bytes |Bytes |Total |Bytes read from disk during monitoring period |RoleInstanceId, RoleId | -|Disk Read Operations/Sec |Yes |Disk Read Operations/Sec |CountPerSecond |Average |Disk Read IOPS |RoleInstanceId, RoleId | -|Disk Write Bytes |Yes |Disk Write Bytes |Bytes |Total |Bytes written to disk during monitoring period |RoleInstanceId, RoleId | -|Disk Write Operations/Sec |Yes |Disk Write Operations/Sec |CountPerSecond |Average |Disk Write IOPS |RoleInstanceId, RoleId | -|Network In Total |Yes |Network In Total |Bytes |Total |The number of bytes received on all network interfaces by the Virtual Machine(s) (Incoming Traffic) |RoleInstanceId, RoleId | -|Network Out Total |Yes |Network Out Total |Bytes |Total |The number of bytes out on all network interfaces by the Virtual Machine(s) (Outgoing Traffic) |RoleInstanceId, RoleId | -|Percentage CPU |Yes |Percentage CPU |Percent |Average |The percentage of allocated compute units that are currently in use by the Virtual Machine(s) |RoleInstanceId, RoleId | --## microsoft.compute/disks -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|Composite Disk Read Bytes/sec |No |Disk Read Bytes/sec(Preview) |BytesPerSecond |Average |Bytes/sec read from disk during monitoring period, please note, this metric is in preview and is subject to change before becoming generally available |No Dimensions | -|Composite Disk Read Operations/sec |No |Disk Read Operations/sec(Preview) |CountPerSecond |Average |Number of read IOs performed on a disk during monitoring period, please note, this metric is in preview and is subject to change before becoming generally available |No Dimensions | -|Composite Disk Write Bytes/sec |No |Disk Write Bytes/sec(Preview) |BytesPerSecond |Average |Bytes/sec written to disk during monitoring period, please note, this metric is in preview and is subject to change before becoming generally available |No Dimensions | -|Composite Disk Write Operations/sec |No |Disk Write Operations/sec(Preview) |CountPerSecond |Average |Number of Write IOs performed on a disk during monitoring period, please note, this metric is in preview and is subject to change before becoming generally available |No Dimensions | -|DiskPaidBurstIOPS |No |Disk On-demand Burst Operations(Preview) |Count |Average |The accumulated operations of burst transactions used for disks with on-demand burst enabled. Emitted on an hour interval |No Dimensions | --## Microsoft.Compute/virtualMachines -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|Available Memory Bytes |Yes |Available Memory Bytes (Preview) |Bytes |Average |Amount of physical memory, in bytes, immediately available for allocation to a process or for system use in the Virtual Machine |No Dimensions | -|CPU Credits Consumed |Yes |CPU Credits Consumed |Count |Average |Total number of credits consumed by the Virtual Machine. Only available on B-series burstable VMs |No Dimensions | -|CPU Credits Remaining |Yes |CPU Credits Remaining |Count |Average |Total number of credits available to burst. Only available on B-series burstable VMs |No Dimensions | -|Data Disk Bandwidth Consumed Percentage |Yes |Data Disk Bandwidth Consumed Percentage |Percent |Average |Percentage of data disk bandwidth consumed per minute. Only available on VM series that support premium storage. |LUN | -|Data Disk IOPS Consumed Percentage |Yes |Data Disk IOPS Consumed Percentage |Percent |Average |Percentage of data disk I/Os consumed per minute. Only available on VM series that support premium storage. |LUN | -|Data Disk Max Burst Bandwidth |Yes |Data Disk Max Burst Bandwidth |Count |Average |Maximum bytes per second throughput Data Disk can achieve with bursting |LUN | -|Data Disk Max Burst IOPS |Yes |Data Disk Max Burst IOPS |Count |Average |Maximum IOPS Data Disk can achieve with bursting |LUN | -|Data Disk Queue Depth |Yes |Data Disk Queue Depth |Count |Average |Data Disk Queue Depth(or Queue Length) |LUN | -|Data Disk Read Bytes/sec |Yes |Data Disk Read Bytes/Sec |BytesPerSecond |Average |Bytes/Sec read from a single disk during monitoring period |LUN | -|Data Disk Read Operations/Sec |Yes |Data Disk Read Operations/Sec |CountPerSecond |Average |Read IOPS from a single disk during monitoring period |LUN | -|Data Disk Target Bandwidth |Yes |Data Disk Target Bandwidth |Count |Average |Baseline bytes per second throughput Data Disk can achieve without bursting |LUN | -|Data Disk Target IOPS |Yes |Data Disk Target IOPS |Count |Average |Baseline IOPS Data Disk can achieve without bursting |LUN | -|Data Disk Used Burst BPS Credits Percentage |Yes |Data Disk Used Burst BPS Credits Percentage |Percent |Average |Percentage of Data Disk burst bandwidth credits used so far |LUN | -|Data Disk Used Burst IO Credits Percentage |Yes |Data Disk Used Burst IO Credits Percentage |Percent |Average |Percentage of Data Disk burst I/O credits used so far |LUN | -|Data Disk Write Bytes/sec |Yes |Data Disk Write Bytes/Sec |BytesPerSecond |Average |Bytes/Sec written to a single disk during monitoring period |LUN | -|Data Disk Write Operations/Sec |Yes |Data Disk Write Operations/Sec |CountPerSecond |Average |Write IOPS from a single disk during monitoring period |LUN | -|Disk Read Bytes |Yes |Disk Read Bytes |Bytes |Total |Bytes read from disk during monitoring period |No Dimensions | -|Disk Read Operations/Sec |Yes |Disk Read Operations/Sec |CountPerSecond |Average |Disk Read IOPS |No Dimensions | -|Disk Write Bytes |Yes |Disk Write Bytes |Bytes |Total |Bytes written to disk during monitoring period |No Dimensions | -|Disk Write Operations/Sec |Yes |Disk Write Operations/Sec |CountPerSecond |Average |Disk Write IOPS |No Dimensions | -|Inbound Flows |Yes |Inbound Flows |Count |Average |Inbound Flows are number of current flows in the inbound direction (traffic going into the VM) |No Dimensions | -|Inbound Flows Maximum Creation Rate |Yes |Inbound Flows Maximum Creation Rate |CountPerSecond |Average |The maximum creation rate of inbound flows (traffic going into the VM) |No Dimensions | -|Network In |Yes |Network In Billable (Deprecated) |Bytes |Total |The number of billable bytes received on all network interfaces by the Virtual Machine(s) (Incoming Traffic) (Deprecated) |No Dimensions | -|Network In Total |Yes |Network In Total |Bytes |Total |The number of bytes received on all network interfaces by the Virtual Machine(s) (Incoming Traffic) |No Dimensions | -|Network Out |Yes |Network Out Billable (Deprecated) |Bytes |Total |The number of billable bytes out on all network interfaces by the Virtual Machine(s) (Outgoing Traffic) (Deprecated) |No Dimensions | -|Network Out Total |Yes |Network Out Total |Bytes |Total |The number of bytes out on all network interfaces by the Virtual Machine(s) (Outgoing Traffic) |No Dimensions | -|OS Disk Bandwidth Consumed Percentage |Yes |OS Disk Bandwidth Consumed Percentage |Percent |Average |Percentage of operating system disk bandwidth consumed per minute. Only available on VM series that support premium storage. |LUN | -|OS Disk IOPS Consumed Percentage |Yes |OS Disk IOPS Consumed Percentage |Percent |Average |Percentage of operating system disk I/Os consumed per minute. Only available on VM series that support premium storage. |LUN | -|OS Disk Max Burst Bandwidth |Yes |OS Disk Max Burst Bandwidth |Count |Average |Maximum bytes per second throughput OS Disk can achieve with bursting |LUN | -|OS Disk Max Burst IOPS |Yes |OS Disk Max Burst IOPS |Count |Average |Maximum IOPS OS Disk can achieve with bursting |LUN | -|OS Disk Queue Depth |Yes |OS Disk Queue Depth |Count |Average |OS Disk Queue Depth(or Queue Length) |No Dimensions | -|OS Disk Read Bytes/sec |Yes |OS Disk Read Bytes/Sec |BytesPerSecond |Average |Bytes/Sec read from a single disk during monitoring period for OS disk |No Dimensions | -|OS Disk Read Operations/Sec |Yes |OS Disk Read Operations/Sec |CountPerSecond |Average |Read IOPS from a single disk during monitoring period for OS disk |No Dimensions | -|OS Disk Target Bandwidth |Yes |OS Disk Target Bandwidth |Count |Average |Baseline bytes per second throughput OS Disk can achieve without bursting |LUN | -|OS Disk Target IOPS |Yes |OS Disk Target IOPS |Count |Average |Baseline IOPS OS Disk can achieve without bursting |LUN | -|OS Disk Used Burst BPS Credits Percentage |Yes |OS Disk Used Burst BPS Credits Percentage |Percent |Average |Percentage of OS Disk burst bandwidth credits used so far |LUN | -|OS Disk Used Burst IO Credits Percentage |Yes |OS Disk Used Burst IO Credits Percentage |Percent |Average |Percentage of OS Disk burst I/O credits used so far |LUN | -|OS Disk Write Bytes/sec |Yes |OS Disk Write Bytes/Sec |BytesPerSecond |Average |Bytes/Sec written to a single disk during monitoring period for OS disk |No Dimensions | -|OS Disk Write Operations/Sec |Yes |OS Disk Write Operations/Sec |CountPerSecond |Average |Write IOPS from a single disk during monitoring period for OS disk |No Dimensions | -|Outbound Flows |Yes |Outbound Flows |Count |Average |Outbound Flows are number of current flows in the outbound direction (traffic going out of the VM) |No Dimensions | -|Outbound Flows Maximum Creation Rate |Yes |Outbound Flows Maximum Creation Rate |CountPerSecond |Average |The maximum creation rate of outbound flows (traffic going out of the VM) |No Dimensions | -|Percentage CPU |Yes |Percentage CPU |Percent |Average |The percentage of allocated compute units that are currently in use by the Virtual Machine(s) |No Dimensions | -|Premium Data Disk Cache Read Hit |Yes |Premium Data Disk Cache Read Hit |Percent |Average |Premium Data Disk Cache Read Hit |LUN | -|Premium Data Disk Cache Read Miss |Yes |Premium Data Disk Cache Read Miss |Percent |Average |Premium Data Disk Cache Read Miss |LUN | -|Premium OS Disk Cache Read Hit |Yes |Premium OS Disk Cache Read Hit |Percent |Average |Premium OS Disk Cache Read Hit |No Dimensions | -|Premium OS Disk Cache Read Miss |Yes |Premium OS Disk Cache Read Miss |Percent |Average |Premium OS Disk Cache Read Miss |No Dimensions | -|VM Cached Bandwidth Consumed Percentage |Yes |VM Cached Bandwidth Consumed Percentage |Percent |Average |Percentage of cached disk bandwidth consumed by the VM. Only available on VM series that support premium storage. |No Dimensions | -|VM Cached IOPS Consumed Percentage |Yes |VM Cached IOPS Consumed Percentage |Percent |Average |Percentage of cached disk IOPS consumed by the VM. Only available on VM series that support premium storage. |No Dimensions | -|VM Local Used Burst BPS Credits Percentage |Yes |VM Cached Used Burst BPS Credits Percentage |Percent |Average |Percentage of Cached Burst BPS Credits used by the VM. |No Dimensions | -|VM Local Used Burst IO Credits Percentage |Yes |VM Cached Used Burst IO Credits Percentage |Percent |Average |Percentage of Cached Burst IO Credits used by the VM. |No Dimensions | -|VM Remote Used Burst BPS Credits Percentage |Yes |VM Uncached Used Burst BPS Credits Percentage |Percent |Average |Percentage of Uncached Burst BPS Credits used by the VM. |No Dimensions | -|VM Remote Used Burst IO Credits Percentage |Yes |VM Uncached Used Burst IO Credits Percentage |Percent |Average |Percentage of Uncached Burst IO Credits used by the VM. |No Dimensions | -|VM Uncached Bandwidth Consumed Percentage |Yes |VM Uncached Bandwidth Consumed Percentage |Percent |Average |Percentage of uncached disk bandwidth consumed by the VM. Only available on VM series that support premium storage. |No Dimensions | -|VM Uncached IOPS Consumed Percentage |Yes |VM Uncached IOPS Consumed Percentage |Percent |Average |Percentage of uncached disk IOPS consumed by the VM. Only available on VM series that support premium storage. |No Dimensions | -|VmAvailabilityMetric |Yes |VM Availability Metric (Preview) |Count |Average |Measure of Availability of Virtual machines over time. |No Dimensions | --## Microsoft.Compute/virtualmachineScaleSets -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|Available Memory Bytes |Yes |Available Memory Bytes (Preview) |Bytes |Average |Amount of physical memory, in bytes, immediately available for allocation to a process or for system use in the Virtual Machine |VMName | -|CPU Credits Consumed |Yes |CPU Credits Consumed |Count |Average |Total number of credits consumed by the Virtual Machine. Only available on B-series burstable VMs |No Dimensions | -|CPU Credits Remaining |Yes |CPU Credits Remaining |Count |Average |Total number of credits available to burst. Only available on B-series burstable VMs |No Dimensions | -|Data Disk Bandwidth Consumed Percentage |Yes |Data Disk Bandwidth Consumed Percentage |Percent |Average |Percentage of data disk bandwidth consumed per minute |LUN, VMName | -|Data Disk IOPS Consumed Percentage |Yes |Data Disk IOPS Consumed Percentage |Percent |Average |Percentage of data disk I/Os consumed per minute |LUN, VMName | -|Data Disk Max Burst Bandwidth |Yes |Data Disk Max Burst Bandwidth |Count |Average |Maximum bytes per second throughput Data Disk can achieve with bursting |LUN, VMName | -|Data Disk Max Burst IOPS |Yes |Data Disk Max Burst IOPS |Count |Average |Maximum IOPS Data Disk can achieve with bursting |LUN, VMName | -|Data Disk Queue Depth |Yes |Data Disk Queue Depth |Count |Average |Data Disk Queue Depth(or Queue Length) |LUN, VMName | -|Data Disk Read Bytes/sec |Yes |Data Disk Read Bytes/Sec |BytesPerSecond |Average |Bytes/Sec read from a single disk during monitoring period |LUN, VMName | -|Data Disk Read Operations/Sec |Yes |Data Disk Read Operations/Sec |CountPerSecond |Average |Read IOPS from a single disk during monitoring period |LUN, VMName | -|Data Disk Target Bandwidth |Yes |Data Disk Target Bandwidth |Count |Average |Baseline bytes per second throughput Data Disk can achieve without bursting |LUN, VMName | -|Data Disk Target IOPS |Yes |Data Disk Target IOPS |Count |Average |Baseline IOPS Data Disk can achieve without bursting |LUN, VMName | -|Data Disk Used Burst BPS Credits Percentage |Yes |Data Disk Used Burst BPS Credits Percentage |Percent |Average |Percentage of Data Disk burst bandwidth credits used so far |LUN, VMName | -|Data Disk Used Burst IO Credits Percentage |Yes |Data Disk Used Burst IO Credits Percentage |Percent |Average |Percentage of Data Disk burst I/O credits used so far |LUN, VMName | -|Data Disk Write Bytes/sec |Yes |Data Disk Write Bytes/Sec |BytesPerSecond |Average |Bytes/Sec written to a single disk during monitoring period |LUN, VMName | -|Data Disk Write Operations/Sec |Yes |Data Disk Write Operations/Sec |CountPerSecond |Average |Write IOPS from a single disk during monitoring period |LUN, VMName | -|Disk Read Bytes |Yes |Disk Read Bytes |Bytes |Total |Bytes read from disk during monitoring period |VMName | -|Disk Read Operations/Sec |Yes |Disk Read Operations/Sec |CountPerSecond |Average |Disk Read IOPS |VMName | -|Disk Write Bytes |Yes |Disk Write Bytes |Bytes |Total |Bytes written to disk during monitoring period |VMName | -|Disk Write Operations/Sec |Yes |Disk Write Operations/Sec |CountPerSecond |Average |Disk Write IOPS |VMName | -|Inbound Flows |Yes |Inbound Flows |Count |Average |Inbound Flows are number of current flows in the inbound direction (traffic going into the VM) |VMName | -|Inbound Flows Maximum Creation Rate |Yes |Inbound Flows Maximum Creation Rate |CountPerSecond |Average |The maximum creation rate of inbound flows (traffic going into the VM) |VMName | -|Network In |Yes |Network In Billable (Deprecated) |Bytes |Total |The number of billable bytes received on all network interfaces by the Virtual Machine(s) (Incoming Traffic) (Deprecated) |VMName | -|Network In Total |Yes |Network In Total |Bytes |Total |The number of bytes received on all network interfaces by the Virtual Machine(s) (Incoming Traffic) |VMName | -|Network Out |Yes |Network Out Billable (Deprecated) |Bytes |Total |The number of billable bytes out on all network interfaces by the Virtual Machine(s) (Outgoing Traffic) (Deprecated) |VMName | -|Network Out Total |Yes |Network Out Total |Bytes |Total |The number of bytes out on all network interfaces by the Virtual Machine(s) (Outgoing Traffic) |VMName | -|OS Disk Bandwidth Consumed Percentage |Yes |OS Disk Bandwidth Consumed Percentage |Percent |Average |Percentage of operating system disk bandwidth consumed per minute |LUN, VMName | -|OS Disk IOPS Consumed Percentage |Yes |OS Disk IOPS Consumed Percentage |Percent |Average |Percentage of operating system disk I/Os consumed per minute |LUN, VMName | -|OS Disk Max Burst Bandwidth |Yes |OS Disk Max Burst Bandwidth |Count |Average |Maximum bytes per second throughput OS Disk can achieve with bursting |LUN, VMName | -|OS Disk Max Burst IOPS |Yes |OS Disk Max Burst IOPS |Count |Average |Maximum IOPS OS Disk can achieve with bursting |LUN, VMName | -|OS Disk Queue Depth |Yes |OS Disk Queue Depth |Count |Average |OS Disk Queue Depth(or Queue Length) |VMName | -|OS Disk Read Bytes/sec |Yes |OS Disk Read Bytes/Sec |BytesPerSecond |Average |Bytes/Sec read from a single disk during monitoring period for OS disk |VMName | -|OS Disk Read Operations/Sec |Yes |OS Disk Read Operations/Sec |CountPerSecond |Average |Read IOPS from a single disk during monitoring period for OS disk |VMName | -|OS Disk Target Bandwidth |Yes |OS Disk Target Bandwidth |Count |Average |Baseline bytes per second throughput OS Disk can achieve without bursting |LUN, VMName | -|OS Disk Target IOPS |Yes |OS Disk Target IOPS |Count |Average |Baseline IOPS OS Disk can achieve without bursting |LUN, VMName | -|OS Disk Used Burst BPS Credits Percentage |Yes |OS Disk Used Burst BPS Credits Percentage |Percent |Average |Percentage of OS Disk burst bandwidth credits used so far |LUN, VMName | -|OS Disk Used Burst IO Credits Percentage |Yes |OS Disk Used Burst IO Credits Percentage |Percent |Average |Percentage of OS Disk burst I/O credits used so far |LUN, VMName | -|OS Disk Write Bytes/sec |Yes |OS Disk Write Bytes/Sec |BytesPerSecond |Average |Bytes/Sec written to a single disk during monitoring period for OS disk |VMName | -|OS Disk Write Operations/Sec |Yes |OS Disk Write Operations/Sec |CountPerSecond |Average |Write IOPS from a single disk during monitoring period for OS disk |VMName | -|Outbound Flows |Yes |Outbound Flows |Count |Average |Outbound Flows are number of current flows in the outbound direction (traffic going out of the VM) |VMName | -|Outbound Flows Maximum Creation Rate |Yes |Outbound Flows Maximum Creation Rate |CountPerSecond |Average |The maximum creation rate of outbound flows (traffic going out of the VM) |VMName | -|Percentage CPU |Yes |Percentage CPU |Percent |Average |The percentage of allocated compute units that are currently in use by the Virtual Machine(s) |VMName | -|Premium Data Disk Cache Read Hit |Yes |Premium Data Disk Cache Read Hit |Percent |Average |Premium Data Disk Cache Read Hit |LUN, VMName | -|Premium Data Disk Cache Read Miss |Yes |Premium Data Disk Cache Read Miss |Percent |Average |Premium Data Disk Cache Read Miss |LUN, VMName | -|Premium OS Disk Cache Read Hit |Yes |Premium OS Disk Cache Read Hit |Percent |Average |Premium OS Disk Cache Read Hit |VMName | -|Premium OS Disk Cache Read Miss |Yes |Premium OS Disk Cache Read Miss |Percent |Average |Premium OS Disk Cache Read Miss |VMName | -|VM Cached Bandwidth Consumed Percentage |Yes |VM Cached Bandwidth Consumed Percentage |Percent |Average |Percentage of cached disk bandwidth consumed by the VM |VMName | -|VM Cached IOPS Consumed Percentage |Yes |VM Cached IOPS Consumed Percentage |Percent |Average |Percentage of cached disk IOPS consumed by the VM |VMName | -|VM Local Used Burst BPS Credits Percentage |Yes |VM Cached Used Burst BPS Credits Percentage |Percent |Average |Percentage of Cached Burst BPS Credits used by the VM. |VMName | -|VM Local Used Burst IO Credits Percentage |Yes |VM Cached Used Burst IO Credits Percentage |Percent |Average |Percentage of Cached Burst IO Credits used by the VM. |VMName | -|VM Remote Used Burst BPS Credits Percentage |Yes |VM Uncached Used Burst BPS Credits Percentage |Percent |Average |Percentage of Uncached Burst BPS Credits used by the VM. |VMName | -|VM Remote Used Burst IO Credits Percentage |Yes |VM Uncached Used Burst IO Credits Percentage |Percent |Average |Percentage of Uncached Burst IO Credits used by the VM. |VMName | -|VM Uncached Bandwidth Consumed Percentage |Yes |VM Uncached Bandwidth Consumed Percentage |Percent |Average |Percentage of uncached disk bandwidth consumed by the VM |VMName | -|VM Uncached IOPS Consumed Percentage |Yes |VM Uncached IOPS Consumed Percentage |Percent |Average |Percentage of uncached disk IOPS consumed by the VM |VMName | -|VmAvailabilityMetric |Yes |VM Availability Metric (Preview) |Count |Average |Measure of Availability of Virtual machines over time. |VMName | --## Microsoft.Compute/virtualMachineScaleSets/virtualMachines -<!-- Data source : arm--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|Available Memory Bytes |Yes |Available Memory Bytes (Preview) |Bytes |Average |Amount of physical memory, in bytes, immediately available for allocation to a process or for system use in the Virtual Machine |No Dimensions | -|CPU Credits Consumed |Yes |CPU Credits Consumed |Count |Average |Total number of credits consumed by the Virtual Machine. Only available on B-series burstable VMs |No Dimensions | -|CPU Credits Remaining |Yes |CPU Credits Remaining |Count |Average |Total number of credits available to burst. Only available on B-series burstable VMs |No Dimensions | -|Data Disk Bandwidth Consumed Percentage |Yes |Data Disk Bandwidth Consumed Percentage |Percent |Average |Percentage of data disk bandwidth consumed per minute |LUN | -|Data Disk IOPS Consumed Percentage |Yes |Data Disk IOPS Consumed Percentage |Percent |Average |Percentage of data disk I/Os consumed per minute |LUN | -|Data Disk Max Burst Bandwidth |Yes |Data Disk Max Burst Bandwidth |Count |Average |Maximum bytes per second throughput Data Disk can achieve with bursting |LUN | -|Data Disk Max Burst IOPS |Yes |Data Disk Max Burst IOPS |Count |Average |Maximum IOPS Data Disk can achieve with bursting |LUN | -|Data Disk Queue Depth |Yes |Data Disk Queue Depth |Count |Average |Data Disk Queue Depth(or Queue Length) |LUN | -|Data Disk Read Bytes/sec |Yes |Data Disk Read Bytes/Sec |BytesPerSecond |Average |Bytes/Sec read from a single disk during monitoring period |LUN | -|Data Disk Read Operations/Sec |Yes |Data Disk Read Operations/Sec |CountPerSecond |Average |Read IOPS from a single disk during monitoring period |LUN | -|Data Disk Target Bandwidth |Yes |Data Disk Target Bandwidth |Count |Average |Baseline bytes per second throughput Data Disk can achieve without bursting |LUN | -|Data Disk Target IOPS |Yes |Data Disk Target IOPS |Count |Average |Baseline IOPS Data Disk can achieve without bursting |LUN | -|Data Disk Used Burst BPS Credits Percentage |Yes |Data Disk Used Burst BPS Credits Percentage |Percent |Average |Percentage of Data Disk burst bandwidth credits used so far |LUN | -|Data Disk Used Burst IO Credits Percentage |Yes |Data Disk Used Burst IO Credits Percentage |Percent |Average |Percentage of Data Disk burst I/O credits used so far |LUN | -|Data Disk Write Bytes/sec |Yes |Data Disk Write Bytes/Sec |BytesPerSecond |Average |Bytes/Sec written to a single disk during monitoring period |LUN | -|Data Disk Write Operations/Sec |Yes |Data Disk Write Operations/Sec |CountPerSecond |Average |Write IOPS from a single disk during monitoring period |LUN | -|Disk Read Bytes |Yes |Disk Read Bytes |Bytes |Total |Bytes read from disk during monitoring period |No Dimensions | -|Disk Read Operations/Sec |Yes |Disk Read Operations/Sec |CountPerSecond |Average |Disk Read IOPS |No Dimensions | -|Disk Write Bytes |Yes |Disk Write Bytes |Bytes |Total |Bytes written to disk during monitoring period |No Dimensions | -|Disk Write Operations/Sec |Yes |Disk Write Operations/Sec |CountPerSecond |Average |Disk Write IOPS |No Dimensions | -|Inbound Flows |Yes |Inbound Flows |Count |Average |Inbound Flows are number of current flows in the inbound direction (traffic going into the VM) |No Dimensions | -|Inbound Flows Maximum Creation Rate |Yes |Inbound Flows Maximum Creation Rate |CountPerSecond |Average |The maximum creation rate of inbound flows (traffic going into the VM) |No Dimensions | -|Network In |Yes |Network In Billable (Deprecated) |Bytes |Total |The number of billable bytes received on all network interfaces by the Virtual Machine(s) (Incoming Traffic) (Deprecated) |No Dimensions | -|Network In Total |Yes |Network In Total |Bytes |Total |The number of bytes received on all network interfaces by the Virtual Machine(s) (Incoming Traffic) |No Dimensions | -|Network Out |Yes |Network Out Billable (Deprecated) |Bytes |Total |The number of billable bytes out on all network interfaces by the Virtual Machine(s) (Outgoing Traffic) (Deprecated) |No Dimensions | -|Network Out Total |Yes |Network Out Total |Bytes |Total |The number of bytes out on all network interfaces by the Virtual Machine(s) (Outgoing Traffic) |No Dimensions | -|OS Disk Bandwidth Consumed Percentage |Yes |OS Disk Bandwidth Consumed Percentage |Percent |Average |Percentage of operating system disk bandwidth consumed per minute |LUN | -|OS Disk IOPS Consumed Percentage |Yes |OS Disk IOPS Consumed Percentage |Percent |Average |Percentage of operating system disk I/Os consumed per minute |LUN | -|OS Disk Max Burst Bandwidth |Yes |OS Disk Max Burst Bandwidth |Count |Average |Maximum bytes per second throughput OS Disk can achieve with bursting |LUN | -|OS Disk Max Burst IOPS |Yes |OS Disk Max Burst IOPS |Count |Average |Maximum IOPS OS Disk can achieve with bursting |LUN | -|OS Disk Queue Depth |Yes |OS Disk Queue Depth |Count |Average |OS Disk Queue Depth(or Queue Length) |No Dimensions | -|OS Disk Read Bytes/sec |Yes |OS Disk Read Bytes/Sec |BytesPerSecond |Average |Bytes/Sec read from a single disk during monitoring period for OS disk |No Dimensions | -|OS Disk Read Operations/Sec |Yes |OS Disk Read Operations/Sec |CountPerSecond |Average |Read IOPS from a single disk during monitoring period for OS disk |No Dimensions | -|OS Disk Target Bandwidth |Yes |OS Disk Target Bandwidth |Count |Average |Baseline bytes per second throughput OS Disk can achieve without bursting |LUN | -|OS Disk Target IOPS |Yes |OS Disk Target IOPS |Count |Average |Baseline IOPS OS Disk can achieve without bursting |LUN | -|OS Disk Used Burst BPS Credits Percentage |Yes |OS Disk Used Burst BPS Credits Percentage |Percent |Average |Percentage of OS Disk burst bandwidth credits used so far |LUN | -|OS Disk Used Burst IO Credits Percentage |Yes |OS Disk Used Burst IO Credits Percentage |Percent |Average |Percentage of OS Disk burst I/O credits used so far |LUN | -|OS Disk Write Bytes/sec |Yes |OS Disk Write Bytes/Sec |BytesPerSecond |Average |Bytes/Sec written to a single disk during monitoring period for OS disk |No Dimensions | -|OS Disk Write Operations/Sec |Yes |OS Disk Write Operations/Sec |CountPerSecond |Average |Write IOPS from a single disk during monitoring period for OS disk |No Dimensions | -|Outbound Flows |Yes |Outbound Flows |Count |Average |Outbound Flows are number of current flows in the outbound direction (traffic going out of the VM) |No Dimensions | -|Outbound Flows Maximum Creation Rate |Yes |Outbound Flows Maximum Creation Rate |CountPerSecond |Average |The maximum creation rate of outbound flows (traffic going out of the VM) |No Dimensions | -|Percentage CPU |Yes |Percentage CPU |Percent |Average |The percentage of allocated compute units that are currently in use by the Virtual Machine(s) |No Dimensions | -|Premium Data Disk Cache Read Hit |Yes |Premium Data Disk Cache Read Hit |Percent |Average |Premium Data Disk Cache Read Hit |LUN | -|Premium Data Disk Cache Read Miss |Yes |Premium Data Disk Cache Read Miss |Percent |Average |Premium Data Disk Cache Read Miss |LUN | -|Premium OS Disk Cache Read Hit |Yes |Premium OS Disk Cache Read Hit |Percent |Average |Premium OS Disk Cache Read Hit |No Dimensions | -|Premium OS Disk Cache Read Miss |Yes |Premium OS Disk Cache Read Miss |Percent |Average |Premium OS Disk Cache Read Miss |No Dimensions | -|VM Cached Bandwidth Consumed Percentage |Yes |VM Cached Bandwidth Consumed Percentage |Percent |Average |Percentage of cached disk bandwidth consumed by the VM |No Dimensions | -|VM Cached IOPS Consumed Percentage |Yes |VM Cached IOPS Consumed Percentage |Percent |Average |Percentage of cached disk IOPS consumed by the VM |No Dimensions | -|VM Uncached Bandwidth Consumed Percentage |Yes |VM Uncached Bandwidth Consumed Percentage |Percent |Average |Percentage of uncached disk bandwidth consumed by the VM |No Dimensions | -|VM Uncached IOPS Consumed Percentage |Yes |VM Uncached IOPS Consumed Percentage |Percent |Average |Percentage of uncached disk IOPS consumed by the VM |No Dimensions | --## Microsoft.ConnectedCache/CacheNodes -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|egressbps |Yes |Egress Mbps |BitsPerSecond |Average |Egress Throughput |cachenodeid | -|hitRatio |Yes |Cache Efficiency |Percent |Average |Cache Efficiency |cachenodeid | -|hits |Yes |Hits |Count |Count |Count of hits |cachenodeid | -|hitsbps |Yes |Hit Mbps |BitsPerSecond |Average |Hit Throughput |cachenodeid | -|misses |Yes |Misses |Count |Count |Count of misses |cachenodeid | -|missesbps |Yes |Miss Mbps |BitsPerSecond |Average |Miss Throughput |cachenodeid | --## Microsoft.ConnectedCache/ispCustomers -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|egressbps |Yes |Egress Mbps |BitsPerSecond |Average |Egress Throughput |cachenodeid | -|hitRatio |Yes |Hit Ratio |Percent |Average |Cache hit ratio is a measurement of how many content requests a cache is able to fill successfully, compared to how many requests it receives. |cachenodeid | -|hits |Yes |Hits |Count |Count |Count of hits |cachenodeid | -|hitsbps |Yes |Hit Mbps |BitsPerSecond |Average |Hit Throughput |cachenodeid | -|inboundbps |Yes |Inbound |BitsPerSecond |Average |Inbound Throughput |cachenodeid | -|misses |Yes |Misses |Count |Count |Count of misses |cachenodeid | -|missesbps |Yes |Miss Mbps |BitsPerSecond |Average |Miss Throughput |cachenodeid | -|outboundbps |Yes |Outbound |BitsPerSecond |Average |Outbound Throughput |cachenodeid | --## Microsoft.ConnectedVehicle/platformAccounts -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|ClaimsProviderRequestLatency |Yes |Claims request execution time |Milliseconds |Average |The average execution time of requests to the customer claims provider endpoint in milliseconds. |IsSuccessful, FailureCategory | -|ClaimsProviderRequests |Yes |Claims provider requests |Count |Total |Number of requests to claims provider |IsSuccessful, FailureCategory | -|ConnectionServiceRequestRuntime |Yes |Vehicle connection service request execution time |Milliseconds |Average |Vehicle conneciton request execution time average in milliseconds |IsSuccessful, FailureCategory | -|ConnectionServiceRequests |Yes |Vehicle connection service requests |Count |Total |Total number of vehicle connection requests |IsSuccessful, FailureCategory | -|DataPipelineMessageCount |Yes |Data pipeline message count |Count |Total |The total number of messages sent to the MCVP data pipeline for storage. |IsSuccessful, FailureCategory | -|ExtensionInvocationCount |Yes |Extension invocation count |Count |Total |Total number of times an extension was called. |ExtensionName, IsSuccessful, FailureCategory | -|ExtensionInvocationRuntime |Yes |Extension invocation execution time |Milliseconds |Average |Average execution time spent inside an extension in milliseconds. |ExtensionName, IsSuccessful, FailureCategory | -|MessagesInCount |Yes |Messages received count |Count |Total |The total number of vehicle-sourced publishes. |IsSuccessful, FailureCategory | -|MessagesOutCount |Yes |Messages sent count |Count |Total |The total number of cloud-sourced publishes. |IsSuccessful, FailureCategory | -|ProvisionerServiceRequestRuntime |Yes |Vehicle provision execution time |Milliseconds |Average |The average execution time of vehicle provision requests in milliseconds |IsSuccessful, FailureCategory | -|ProvisionerServiceRequests |Yes |Vehicle provision service requests |Count |Total |Total number of vehicle provision requests |IsSuccessful, FailureCategory | -|StateStoreReadRequestLatency |Yes |State store read execution time |Milliseconds |Average |State store read request execution time average in milliseconds. |ExtensionName, IsSuccessful, FailureCategory | -|StateStoreReadRequests |Yes |State store read requests |Count |Total |Number of read requests to state store |ExtensionName, IsSuccessful, FailureCategory | -|StateStoreWriteRequestLatency |Yes |State store write execution time |Milliseconds |Average |State store write request execution time average in milliseconds. |ExtensionName, IsSuccessful, FailureCategory | -|StateStoreWriteRequests |Yes |State store write requests |Count |Total |Number of write requests to state store |ExtensionName, IsSuccessful, FailureCategory | --## Microsoft.ContainerInstance/containerGroups -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|CpuUsage |Yes |CPU Usage |Count |Average |CPU usage on all cores in millicores. |containerName | -|MemoryUsage |Yes |Memory Usage |Bytes |Average |Total memory usage in byte. |containerName | -|NetworkBytesReceivedPerSecond |Yes |Network Bytes Received Per Second |Bytes |Average |The network bytes received per second. |No Dimensions | -|NetworkBytesTransmittedPerSecond |Yes |Network Bytes Transmitted Per Second |Bytes |Average |The network bytes transmitted per second. |No Dimensions | --## Microsoft.ContainerInstance/containerScaleSets -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|CpuPercentage |Yes |Percentage CPU |Percent |Average |Average of the CPU percentages consumed by individual Container Groups in this Scale Set |OrchestratorId | -|CpuUsage |Yes |CPU usage |MilliCores |Average |Average of the CPU utilizations in millicores consumed by Container Groups in this Scale Set |OrchestratorId | -|MemoryPercentage |Yes |Memory percentage |Percent |Average |Average of the memory percentages consumed ((usedMemory/allocatedMemory) * 100) by Container Groups in this Scale Set |OrchestratorId | -|MemoryUsage |Yes |Memory usage |Bytes |Total |Total memory used by all the Container Groups in this Scale Set |OrchestratorId | --## Microsoft.ContainerRegistry/registries -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|AgentPoolCPUTime |Yes |AgentPool CPU Time |Seconds |Total |AgentPool CPU Time in seconds |No Dimensions | -|RunDuration |Yes |Run Duration |MilliSeconds |Total |Run Duration in milliseconds |No Dimensions | -|StorageUsed |Yes |Storage used |Bytes |Average |The amount of storage used by the container registry. For a registry account, it's the sum of capacity used by all the repositories within a registry. It's sum of capacity used by shared layers, manifest files, and replica copies in each of its repositories. |Geolocation | -|SuccessfulPullCount |Yes |Successful Pull Count |Count |Total |Number of successful image pulls |No Dimensions | -|SuccessfulPushCount |Yes |Successful Push Count |Count |Total |Number of successful image pushes |No Dimensions | -|TotalPullCount |Yes |Total Pull Count |Count |Total |Number of image pulls in total |No Dimensions | -|TotalPushCount |Yes |Total Push Count |Count |Total |Number of image pushes in total |No Dimensions | --## Microsoft.ContainerService/managedClusters -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|apiserver_current_inflight_requests |No |Inflight Requests |Count |Average |Maximum number of currently used inflight requests on the apiserver per request kind in the last second |requestKind | -|cluster_autoscaler_cluster_safe_to_autoscale |No |Cluster Health |Count |Average |Determines whether or not cluster autoscaler will take action on the cluster |No Dimensions | -|cluster_autoscaler_scale_down_in_cooldown |No |Scale Down Cooldown |Count |Average |Determines if the scale down is in cooldown - No nodes will be removed during this timeframe |No Dimensions | -|cluster_autoscaler_unneeded_nodes_count |No |Unneeded Nodes |Count |Average |Cluster auotscaler marks those nodes as candidates for deletion and are eventually deleted |No Dimensions | -|cluster_autoscaler_unschedulable_pods_count |No |Unschedulable Pods |Count |Average |Number of pods that are currently unschedulable in the cluster |No Dimensions | -|kube_node_status_allocatable_cpu_cores |No |Total number of available cpu cores in a managed cluster |Count |Average |Total number of available cpu cores in a managed cluster |No Dimensions | -|kube_node_status_allocatable_memory_bytes |No |Total amount of available memory in a managed cluster |Bytes |Average |Total amount of available memory in a managed cluster |No Dimensions | -|kube_node_status_condition |No |Statuses for various node conditions |Count |Average |Statuses for various node conditions |condition, status, status2, node | -|kube_pod_status_phase |No |Number of pods by phase |Count |Average |Number of pods by phase |phase, namespace, pod | -|kube_pod_status_ready |No |Number of pods in Ready state |Count |Average |Number of pods in Ready state |namespace, pod, condition | -|node_cpu_usage_millicores |Yes |CPU Usage Millicores |MilliCores |Average |Aggregated measurement of CPU utilization in millicores across the cluster |node, nodepool | -|node_cpu_usage_percentage |Yes |CPU Usage Percentage |Percent |Average |Aggregated average CPU utilization measured in percentage across the cluster |node, nodepool | -|node_disk_usage_bytes |Yes |Disk Used Bytes |Bytes |Average |Disk space used in bytes by device |node, nodepool, device | -|node_disk_usage_percentage |Yes |Disk Used Percentage |Percent |Average |Disk space used in percent by device |node, nodepool, device | -|node_memory_rss_bytes |Yes |Memory RSS Bytes |Bytes |Average |Container RSS memory used in bytes |node, nodepool | -|node_memory_rss_percentage |Yes |Memory RSS Percentage |Percent |Average |Container RSS memory used in percent |node, nodepool | -|node_memory_working_set_bytes |Yes |Memory Working Set Bytes |Bytes |Average |Container working set memory used in bytes |node, nodepool | -|node_memory_working_set_percentage |Yes |Memory Working Set Percentage |Percent |Average |Container working set memory used in percent |node, nodepool | -|node_network_in_bytes |Yes |Network In Bytes |Bytes |Average |Network received bytes |node, nodepool | -|node_network_out_bytes |Yes |Network Out Bytes |Bytes |Average |Network transmitted bytes |node, nodepool | --## Microsoft.CustomProviders/resourceproviders -<!-- Data source : arm--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|FailedRequests |Yes |Failed Requests |Count |Total |Gets the available logs for Custom Resource Providers |HttpMethod, CallPath, StatusCode | -|SuccessfullRequests |Yes |Successful Requests |Count |Total |Successful requests made by the custom provider |HttpMethod, CallPath, StatusCode | --## Microsoft.Dashboard/grafana -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|HttpRequestCount |No |HttpRequestCount |Count |Count |Number of HTTP requests to Azure Managed Grafana server |No Dimensions | --## Microsoft.DataBoxEdge/dataBoxEdgeDevices -<!-- Data source : arm--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|AvailableCapacity |Yes |Available Capacity |Bytes |Average |The available capacity in bytes during the reporting period. |No Dimensions | -|BytesUploadedToCloud |Yes |Cloud Bytes Uploaded (Device) |Bytes |Average |The total number of bytes that is uploaded to Azure from a device during the reporting period. |No Dimensions | -|BytesUploadedToCloudPerShare |Yes |Cloud Bytes Uploaded (Share) |Bytes |Average |The total number of bytes that is uploaded to Azure from a share during the reporting period. |Share | -|CloudReadThroughput |Yes |Cloud Download Throughput |BytesPerSecond |Average |The cloud download throughput to Azure during the reporting period. |No Dimensions | -|CloudReadThroughputPerShare |Yes |Cloud Download Throughput (Share) |BytesPerSecond |Average |The download throughput to Azure from a share during the reporting period. |Share | -|CloudUploadThroughput |Yes |Cloud Upload Throughput |BytesPerSecond |Average |The cloud upload throughput to Azure during the reporting period. |No Dimensions | -|CloudUploadThroughputPerShare |Yes |Cloud Upload Throughput (Share) |BytesPerSecond |Average |The upload throughput to Azure from a share during the reporting period. |Share | -|HyperVMemoryUtilization |Yes |Edge Compute - Memory Usage |Percent |Average |Amount of RAM in Use |InstanceName | -|HyperVVirtualProcessorUtilization |Yes |Edge Compute - Percentage CPU |Percent |Average |Percent CPU Usage |InstanceName | -|NICReadThroughput |Yes |Read Throughput (Network) |BytesPerSecond |Average |The read throughput of the network interface on the device in the reporting period for all volumes in the gateway. |InstanceName | -|NICWriteThroughput |Yes |Write Throughput (Network) |BytesPerSecond |Average |The write throughput of the network interface on the device in the reporting period for all volumes in the gateway. |InstanceName | -|TotalCapacity |Yes |Total Capacity |Bytes |Average |The total capacity of the device in bytes during the reporting period. |No Dimensions | --## Microsoft.DataCollaboration/workspaces -<!-- Data source : arm--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|ComputationCount |Yes |Created Computations |Count |Maximum |Number of created computations |ComputationName | -|DataAssetCount |Yes |Created Data Assets |Count |Maximum |Number of created data assets |DataAssetName | -|PipelineCount |Yes |Created Pipelines |Count |Maximum |Number of created pipelines |PipelineName | -|PipelineCount |Yes |Created Pipelines |Count |Maximum |Number of created pipelines |PipelineName | -|ProposalCount |Yes |Created Proposals |Count |Maximum |Number of created proposals |ProposalName | -|ScriptCount |Yes |Created Scripts |Count |Maximum |Number of created scripts |ScriptName | --## Microsoft.DataFactory/datafactories -<!-- Data source : arm--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|FailedRuns |Yes |Failed Runs |Count |Total |Failed Runs |pipelineName, activityName | -|SuccessfulRuns |Yes |Successful Runs |Count |Total |Successful Runs |pipelineName, activityName | --## Microsoft.DataFactory/factories -<!-- Data source : arm--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|ActivityCancelledRuns |Yes |Cancelled activity runs metrics |Count |Total |Cancelled activity runs metrics |ActivityType, PipelineName, FailureType, Name | -|ActivityFailedRuns |Yes |Failed activity runs metrics |Count |Total |Failed activity runs metrics |ActivityType, PipelineName, FailureType, Name | -|ActivitySucceededRuns |Yes |Succeeded activity runs metrics |Count |Total |Succeeded activity runs metrics |ActivityType, PipelineName, FailureType, Name | -|AirflowIntegrationRuntimeCeleryTaskTimeoutError |No |Airflow Integration Runtime Celery Task Timeout Error |Count |Total |Airflow Integration Runtime Celery Task Timeout Error |IntegrationRuntimeName | -|AirflowIntegrationRuntimeCollectDBDags |No |Airflow Integration Runtime Collect DB Dags |Milliseconds |Average |Airflow Integration Runtime Collect DB Dags |IntegrationRuntimeName | -|AirflowIntegrationRuntimeCpuPercentage |No |Airflow Integration Runtime Cpu Percentage |Percent |Average |Airflow Integration Runtime Cpu Percentage |IntegrationRuntimeName, ContainerName | -|AirflowIntegrationRuntimeCpuUsage |Yes |Airflow Integration Runtime Memory Usage |Millicores |Average |Airflow Integration Runtime Memory Usage |IntegrationRuntimeName, ContainerName | -|AirflowIntegrationRuntimeDagBagSize |No |Airflow Integration Runtime Dag Bag Size |Count |Total |Airflow Integration Runtime Dag Bag Size |IntegrationRuntimeName | -|AirflowIntegrationRuntimeDagCallbackExceptions |No |Airflow Integration Runtime Dag Callback Exceptions |Count |Total |Airflow Integration Runtime Dag Callback Exceptions |IntegrationRuntimeName | -|AirflowIntegrationRuntimeDAGFileRefreshError |No |Airflow Integration Runtime DAG File Refresh Error |Count |Total |Airflow Integration Runtime DAG File Refresh Error |IntegrationRuntimeName | -|AirflowIntegrationRuntimeDAGProcessingImportErrors |No |Airflow Integration Runtime DAG Processing Import Errors |Count |Total |Airflow Integration Runtime DAG Processing Import Errors |IntegrationRuntimeName | -|AirflowIntegrationRuntimeDAGProcessingLastDuration |No |Airflow Integration Runtime DAG Processing Last Duration |Milliseconds |Average |Airflow Integration Runtime DAG Processing Last Duration |IntegrationRuntimeName, DagFile | -|AirflowIntegrationRuntimeDAGProcessingLastRunSecondsAgo |No |Airflow Integration Runtime DAG Processing Last Run Seconds Ago |Seconds |Average |Airflow Integration Runtime DAG Processing Last Run Seconds Ago |IntegrationRuntimeName, DagFile | -|AirflowIntegrationRuntimeDAGProcessingManagerStalls |No |Airflow Integration Runtime DAG ProcessingManager Stalls |Count |Total |Airflow Integration Runtime DAG ProcessingManager Stalls |IntegrationRuntimeName | -|AirflowIntegrationRuntimeDAGProcessingProcesses |No |Airflow Integration Runtime DAG Processing Processes |Count |Total |Airflow Integration Runtime DAG Processing Processes |IntegrationRuntimeName | -|AirflowIntegrationRuntimeDAGProcessingProcessorTimeouts |No |Airflow Integration Runtime DAG Processing Processor Timeouts |Seconds |Average |Airflow Integration Runtime DAG Processing Processor Timeouts |IntegrationRuntimeName | -|AirflowIntegrationRuntimeDAGProcessingTotalParseTime |No |Airflow Integration Runtime DAG Processing Total Parse Time |Seconds |Average |Airflow Integration Runtime DAG Processing Total Parse Time |IntegrationRuntimeName | -|AirflowIntegrationRuntimeDAGRunDependencyCheck |No |Airflow Integration Runtime DAG Run Dependency Check |Milliseconds |Average |Airflow Integration Runtime DAG Run Dependency Check |IntegrationRuntimeName, DagId | -|AirflowIntegrationRuntimeDAGRunDurationFailed |No |Airflow Integration Runtime DAG Run Duration Failed |Milliseconds |Average |Airflow Integration Runtime DAG Run Duration Failed |IntegrationRuntimeName, DagId | -|AirflowIntegrationRuntimeDAGRunDurationSuccess |No |Airflow Integration Runtime DAG Run Duration Success |Milliseconds |Average |Airflow Integration Runtime DAG Run Duration Success |IntegrationRuntimeName, DagId | -|AirflowIntegrationRuntimeDAGRunFirstTaskSchedulingDelay |No |Airflow Integration Runtime DAG Run First Task Scheduling Delay |Milliseconds |Average |Airflow Integration Runtime DAG Run First Task Scheduling Delay |IntegrationRuntimeName, DagId | -|AirflowIntegrationRuntimeDAGRunScheduleDelay |No |Airflow Integration Runtime DAG Run Schedule Delay |Milliseconds |Average |Airflow Integration Runtime DAG Run Schedule Delay |IntegrationRuntimeName, DagId | -|AirflowIntegrationRuntimeExecutorOpenSlots |No |Airflow Integration Runtime Executor Open Slots |Count |Total |Airflow Integration Runtime Executor Open Slots |IntegrationRuntimeName | -|AirflowIntegrationRuntimeExecutorQueuedTasks |No |Airflow Integration Runtime Executor Queued Tasks |Count |Total |Airflow Integration Runtime Executor Queued Tasks |IntegrationRuntimeName | -|AirflowIntegrationRuntimeExecutorRunningTasks |No |Airflow Integration Runtime Executor Running Tasks |Count |Total |Airflow Integration Runtime Executor Running Tasks |IntegrationRuntimeName | -|AirflowIntegrationRuntimeJobEnd |No |Airflow Integration Runtime Job End |Count |Total |Airflow Integration Runtime Job End |IntegrationRuntimeName, Job | -|AirflowIntegrationRuntimeJobHeartbeatFailure |No |Airflow Integration Runtime Heartbeat Failure |Count |Total |Airflow Integration Runtime Heartbeat Failure |IntegrationRuntimeName, Job | -|AirflowIntegrationRuntimeJobStart |No |Airflow Integration Runtime Job Start |Count |Total |Airflow Integration Runtime Job Start |IntegrationRuntimeName, Job | -|AirflowIntegrationRuntimeMemoryPercentage |Yes |Airflow Integration Runtime Memory Percentage |Percent |Average |Airflow Integration Runtime Memory Percentage |IntegrationRuntimeName, ContainerName | -|AirflowIntegrationRuntimeNodeCount |Yes |Airflow Integration Runtime Node Count |Count |Average |Airflow Integration Runtime Node Count |IntegrationRuntimeName | -|AirflowIntegrationRuntimeOperatorFailures |No |Airflow Integration Runtime Operator Failures |Count |Total |Airflow Integration Runtime Operator Failures |IntegrationRuntimeName, Operator | -|AirflowIntegrationRuntimeOperatorSuccesses |No |Airflow Integration Runtime Operator Successes |Count |Total |Airflow Integration Runtime Operator Successes |IntegrationRuntimeName, Operator | -|AirflowIntegrationRuntimePoolOpenSlots |No |Airflow Integration Runtime Pool Open Slots |Count |Total |Airflow Integration Runtime Pool Open Slots |IntegrationRuntimeName, Pool | -|AirflowIntegrationRuntimePoolQueuedSlots |No |Airflow Integration Runtime Pool Queued Slots |Count |Total |Airflow Integration Runtime Pool Queued Slots |IntegrationRuntimeName, Pool | -|AirflowIntegrationRuntimePoolRunningSlots |No |Airflow Integration Runtime Pool Running Slots |Count |Total |Airflow Integration Runtime Pool Running Slots |IntegrationRuntimeName, Pool | -|AirflowIntegrationRuntimePoolStarvingTasks |No |Airflow Integration Runtime Pool Starving Tasks |Count |Total |Airflow Integration Runtime Pool Starving Tasks |IntegrationRuntimeName, Pool | -|AirflowIntegrationRuntimeSchedulerCriticalSectionBusy |No |Airflow Integration Runtime Scheduler Critical Section Busy |Count |Total |Airflow Integration Runtime Scheduler Critical Section Busy |IntegrationRuntimeName | -|AirflowIntegrationRuntimeSchedulerCriticalSectionDuration |No |Airflow Integration Runtime Scheduler Critical Section Duration |Milliseconds |Average |Airflow Integration Runtime Scheduler Critical Section Duration |IntegrationRuntimeName | -|AirflowIntegrationRuntimeSchedulerFailedSLAEmailAttempts |No |Airflow Integration Runtime Scheduler Failed SLA Email Attempts |Count |Total |Airflow Integration Runtime Scheduler Failed SLA Email Attempts |IntegrationRuntimeName | -|AirflowIntegrationRuntimeSchedulerHeartbeat |No |Airflow Integration Runtime Scheduler Heartbeats |Count |Total |Airflow Integration Runtime Scheduler Heartbeats |IntegrationRuntimeName | -|AirflowIntegrationRuntimeSchedulerOrphanedTasksAdopted |No |Airflow Integration Runtime Scheduler Orphaned Tasks Adopted |Count |Total |Airflow Integration Runtime Scheduler Orphaned Tasks Adopted |IntegrationRuntimeName | -|AirflowIntegrationRuntimeSchedulerOrphanedTasksCleared |No |Airflow Integration Runtime Scheduler Orphaned Tasks Cleared |Count |Total |Airflow Integration Runtime Scheduler Orphaned Tasks Cleared |IntegrationRuntimeName | -|AirflowIntegrationRuntimeSchedulerTasksExecutable |No |Airflow Integration Runtime Scheduler Tasks Executable |Count |Total |Airflow Integration Runtime Scheduler Tasks Executable |IntegrationRuntimeName | -|AirflowIntegrationRuntimeSchedulerTasksKilledExternally |No |Airflow Integration Runtime Scheduler Tasks Killed Externally |Count |Total |Airflow Integration Runtime Scheduler Tasks Killed Externally |IntegrationRuntimeName | -|AirflowIntegrationRuntimeSchedulerTasksRunning |No |Airflow Integration Runtime Scheduler Tasks Running |Count |Total |Airflow Integration Runtime Scheduler Tasks Running |IntegrationRuntimeName | -|AirflowIntegrationRuntimeSchedulerTasksStarving |No |Airflow Integration Runtime Scheduler Tasks Starving |Count |Total |Airflow Integration Runtime Scheduler Tasks Starving |IntegrationRuntimeName | -|AirflowIntegrationRuntimeStartedTaskInstances |No |Airflow Integration Runtime Started Task Instances |Count |Total |Airflow Integration Runtime Started Task Instances |IntegrationRuntimeName, DagId, TaskId | -|AirflowIntegrationRuntimeTaskInstanceCreatedUsingOperator |No |Airflow Integration Runtime Task Instance Created Using Operator |Count |Total |Airflow Integration Runtime Task Instance Created Using Operator |IntegrationRuntimeName, Operator | -|AirflowIntegrationRuntimeTaskInstanceDuration |No |Airflow Integration Runtime Task Instance Duration |Milliseconds |Average |Airflow Integration Runtime Task Instance Duration |IntegrationRuntimeName, DagId, TaskID | -|AirflowIntegrationRuntimeTaskInstanceFailures |No |Airflow Integration Runtime Task Instance Failures |Count |Total |Airflow Integration Runtime Task Instance Failures |IntegrationRuntimeName | -|AirflowIntegrationRuntimeTaskInstanceFinished |No |Airflow Integration Runtime Task Instance Finished |Count |Total |Airflow Integration Runtime Task Instance Finished |IntegrationRuntimeName, DagId, TaskId, State | -|AirflowIntegrationRuntimeTaskInstancePreviouslySucceeded |No |Airflow Integration Runtime Task Instance Previously Succeeded |Count |Total |Airflow Integration Runtime Task Instance Previously Succeeded |IntegrationRuntimeName | -|AirflowIntegrationRuntimeTaskInstanceSuccesses |No |Airflow Integration Runtime Task Instance Successes |Count |Total |Airflow Integration Runtime Task Instance Successes |IntegrationRuntimeName | -|AirflowIntegrationRuntimeTaskRemovedFromDAG |No |Airflow Integration Runtime Task Removed From DAG |Count |Total |Airflow Integration Runtime Task Removed From DAG |IntegrationRuntimeName, DagId | -|AirflowIntegrationRuntimeTaskRestoredToDAG |No |Airflow Integration Runtime Task Restored To DAG |Count |Total |Airflow Integration Runtime Task Restored To DAG |IntegrationRuntimeName, DagId | -|AirflowIntegrationRuntimeTriggersBlockedMainThread |No |Airflow Integration Runtime Triggers Blocked Main Thread |Count |Total |Airflow Integration Runtime Triggers Blocked Main Thread |IntegrationRuntimeName | -|AirflowIntegrationRuntimeTriggersFailed |No |Airflow Integration Runtime Triggers Failed |Count |Total |Airflow Integration Runtime Triggers Failed |IntegrationRuntimeName | -|AirflowIntegrationRuntimeTriggersRunning |No |Airflow Integration Runtime Triggers Running |Count |Total |Airflow Integration Runtime Triggers Running |IntegrationRuntimeName | -|AirflowIntegrationRuntimeTriggersSucceeded |No |Airflow Integration Runtime Triggers Succeeded |Count |Total |Airflow Integration Runtime Triggers Succeeded |IntegrationRuntimeName | -|AirflowIntegrationRuntimeZombiesKilled |No |Airflow Integration Runtime Zombie Tasks Killed |Count |Total |Airflow Integration Runtime Zombie Tasks Killed |IntegrationRuntimeName | -|FactorySizeInGbUnits |Yes |Total factory size (GB unit) |Count |Maximum |Total factory size (GB unit) |No Dimensions | -|IntegrationRuntimeAvailableMemory |Yes |Integration runtime available memory |Bytes |Average |Integration runtime available memory |IntegrationRuntimeName, NodeName | -|IntegrationRuntimeAvailableNodeNumber |Yes |Integration runtime available node count |Count |Average |Integration runtime available node count |IntegrationRuntimeName | -|IntegrationRuntimeAverageTaskPickupDelay |Yes |Integration runtime queue duration |Seconds |Average |Integration runtime queue duration |IntegrationRuntimeName | -|IntegrationRuntimeCpuPercentage |Yes |Integration runtime CPU utilization |Percent |Average |Integration runtime CPU utilization |IntegrationRuntimeName, NodeName | -|IntegrationRuntimeQueueLength |Yes |Integration runtime queue length |Count |Average |Integration runtime queue length |IntegrationRuntimeName | -|MaxAllowedFactorySizeInGbUnits |Yes |Maximum allowed factory size (GB unit) |Count |Maximum |Maximum allowed factory size (GB unit) |No Dimensions | -|MaxAllowedResourceCount |Yes |Maximum allowed entities count |Count |Maximum |Maximum allowed entities count |No Dimensions | -|MVNetIRCopyAvailableCapacityPCT |Yes |Copy available capacity percentage of MVNet integration runtime |Percent |Maximum |Copy available capacity percentage of MVNet integration runtime |IntegrationRuntimeName | -|MVNetIRCopyCapacityUtilization |Yes |Copy capacity utilization of MVNet integration runtime |Percent |Maximum |Copy capacity utilization of MVNet integration runtime |IntegrationRuntimeName | -|MVNetIRCopyWaitingQueueLength |Yes |Copy waiting queue length of MVNet integration runtime |Count |Average |Copy waiting queue length of MVNet integration runtime |IntegrationRuntimeName | -|MVNetIRExternalAvailableCapacityPCT |Yes |External available capacity percentage of MVNet integration runtime |Percent |Maximum |External available capacity percentage of MVNet integration runtime |IntegrationRuntimeName | -|MVNetIRExternalCapacityUtilization |Yes |External capacity utilization of MVNet integration runtime |Percent |Maximum |External capacity utilization of MVNet integration runtime |IntegrationRuntimeName | -|MVNetIRExternalWaitingQueueLength |Yes |External waiting queue length of MVNet integration runtime |Count |Average |External waiting queue length of MVNet integration runtime |IntegrationRuntimeName | -|MVNetIRPipelineAvailableCapacityPCT |Yes |Pipeline available capacity percentage of MVNet integration runtime |Percent |Maximum |Pipeline available capacity percentage of MVNet integration runtime |IntegrationRuntimeName | -|MVNetIRPipelineCapacityUtilization |Yes |Pipeline capacity utilization of MVNet integration runtime |Percent |Maximum |Pipeline capacity utilization of MVNet integration runtime |IntegrationRuntimeName | -|MVNetIRPipelineWaitingQueueLength |Yes |Pipeline waiting queue length of MVNet integration runtime |Count |Average |Pipeline waiting queue length of MVNet integration runtime |IntegrationRuntimeName | -|PipelineCancelledRuns |Yes |Cancelled pipeline runs metrics |Count |Total |Cancelled pipeline runs metrics |FailureType, CancelledBy, Name | -|PipelineElapsedTimeRuns |Yes |Elapsed Time Pipeline Runs Metrics |Count |Total |Elapsed Time Pipeline Runs Metrics |RunId, Name | -|PipelineFailedRuns |Yes |Failed pipeline runs metrics |Count |Total |Failed pipeline runs metrics |FailureType, Name | -|PipelineSucceededRuns |Yes |Succeeded pipeline runs metrics |Count |Total |Succeeded pipeline runs metrics |FailureType, Name | -|ResourceCount |Yes |Total entities count |Count |Maximum |Total entities count |No Dimensions | -|SSISIntegrationRuntimeStartCancel |Yes |Cancelled SSIS integration runtime start metrics |Count |Total |Cancelled SSIS integration runtime start metrics |IntegrationRuntimeName | -|SSISIntegrationRuntimeStartFailed |Yes |Failed SSIS integration runtime start metrics |Count |Total |Failed SSIS integration runtime start metrics |IntegrationRuntimeName | -|SSISIntegrationRuntimeStartSucceeded |Yes |Succeeded SSIS integration runtime start metrics |Count |Total |Succeeded SSIS integration runtime start metrics |IntegrationRuntimeName | -|SSISIntegrationRuntimeStopStuck |Yes |Stuck SSIS integration runtime stop metrics |Count |Total |Stuck SSIS integration runtime stop metrics |IntegrationRuntimeName | -|SSISIntegrationRuntimeStopSucceeded |Yes |Succeeded SSIS integration runtime stop metrics |Count |Total |Succeeded SSIS integration runtime stop metrics |IntegrationRuntimeName | -|SSISPackageExecutionCancel |Yes |Cancelled SSIS package execution metrics |Count |Total |Cancelled SSIS package execution metrics |IntegrationRuntimeName | -|SSISPackageExecutionFailed |Yes |Failed SSIS package execution metrics |Count |Total |Failed SSIS package execution metrics |IntegrationRuntimeName | -|SSISPackageExecutionSucceeded |Yes |Succeeded SSIS package execution metrics |Count |Total |Succeeded SSIS package execution metrics |IntegrationRuntimeName | -|TriggerCancelledRuns |Yes |Cancelled trigger runs metrics |Count |Total |Cancelled trigger runs metrics |Name, FailureType | -|TriggerFailedRuns |Yes |Failed trigger runs metrics |Count |Total |Failed trigger runs metrics |Name, FailureType | -|TriggerSucceededRuns |Yes |Succeeded trigger runs metrics |Count |Total |Succeeded trigger runs metrics |Name, FailureType | --## Microsoft.DataLakeAnalytics/accounts -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|JobAUEndedCancelled |Yes |Cancelled AU Time |Seconds |Total |Total AU time for cancelled jobs. |No Dimensions | -|JobAUEndedFailure |Yes |Failed AU Time |Seconds |Total |Total AU time for failed jobs. |No Dimensions | -|JobAUEndedSuccess |Yes |Successful AU Time |Seconds |Total |Total AU time for successful jobs. |No Dimensions | -|JobEndedCancelled |Yes |Cancelled Jobs |Count |Total |Count of cancelled jobs. |No Dimensions | -|JobEndedFailure |Yes |Failed Jobs |Count |Total |Count of failed jobs. |No Dimensions | -|JobEndedSuccess |Yes |Successful Jobs |Count |Total |Count of successful jobs. |No Dimensions | -|JobStage |Yes |Jobs in Stage |Count |Total |Number of jobs in each stage. |No Dimensions | --## Microsoft.DataLakeStore/accounts -<!-- Data source : arm--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|DataRead |Yes |Data Read |Bytes |Total |Total amount of data read from the account. |No Dimensions | -|DataWritten |Yes |Data Written |Bytes |Total |Total amount of data written to the account. |No Dimensions | -|ReadRequests |Yes |Read Requests |Count |Total |Count of data read requests to the account. |No Dimensions | -|TotalStorage |Yes |Total Storage |Bytes |Maximum |Total amount of data stored in the account. |No Dimensions | -|WriteRequests |Yes |Write Requests |Count |Total |Count of data write requests to the account. |No Dimensions | --## Microsoft.DataProtection/BackupVaults -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|BackupHealthEvent |Yes |Backup Health Events (preview) |Count |Count |The count of health events pertaining to backup job health |dataSourceURL, backupInstanceUrl, dataSourceType, healthStatus, backupInstanceName | -|RestoreHealthEvent |Yes |Restore Health Events (preview) |Count |Count |The count of health events pertaining to restore job health |dataSourceURL, backupInstanceUrl, dataSourceType, healthStatus, backupInstanceName | --## Microsoft.DataShare/accounts -<!-- Data source : arm--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|FailedShareSubscriptionSynchronizations |Yes |Received Share Failed Snapshots |Count |Count |Number of received share failed snapshots in the account |No Dimensions | -|FailedShareSynchronizations |Yes |Sent Share Failed Snapshots |Count |Count |Number of sent share failed snapshots in the account |No Dimensions | -|ShareCount |Yes |Sent Shares |Count |Maximum |Number of sent shares in the account |ShareName | -|ShareSubscriptionCount |Yes |Received Shares |Count |Maximum |Number of received shares in the account |ShareSubscriptionName | -|SucceededShareSubscriptionSynchronizations |Yes |Received Share Succeeded Snapshots |Count |Count |Number of received share succeeded snapshots in the account |No Dimensions | -|SucceededShareSynchronizations |Yes |Sent Share Succeeded Snapshots |Count |Count |Number of sent share succeeded snapshots in the account |No Dimensions | --## Microsoft.DBforMariaDB/servers -<!-- Data source : arm--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|active_connections |Yes |Active Connections |Count |Average |Active Connections |No Dimensions | -|backup_storage_used |Yes |Backup Storage used |Bytes |Average |Backup Storage used |No Dimensions | -|connections_failed |Yes |Failed Connections |Count |Total |Failed Connections |No Dimensions | -|cpu_percent |Yes |CPU percent |Percent |Average |CPU percent |No Dimensions | -|io_consumption_percent |Yes |IO percent |Percent |Average |IO percent |No Dimensions | -|memory_percent |Yes |Memory percent |Percent |Average |Memory percent |No Dimensions | -|network_bytes_egress |Yes |Network Out |Bytes |Total |Network Out across active connections |No Dimensions | -|network_bytes_ingress |Yes |Network In |Bytes |Total |Network In across active connections |No Dimensions | -|seconds_behind_master |Yes |Replication lag in seconds |Count |Maximum |Replication lag in seconds |No Dimensions | -|serverlog_storage_limit |Yes |Server Log storage limit |Bytes |Maximum |Server Log storage limit |No Dimensions | -|serverlog_storage_percent |Yes |Server Log storage percent |Percent |Average |Server Log storage percent |No Dimensions | -|serverlog_storage_usage |Yes |Server Log storage used |Bytes |Average |Server Log storage used |No Dimensions | -|storage_limit |Yes |Storage limit |Bytes |Maximum |Storage limit |No Dimensions | -|storage_percent |Yes |Storage percent |Percent |Average |Storage percent |No Dimensions | -|storage_used |Yes |Storage used |Bytes |Average |Storage used |No Dimensions | --## Microsoft.DBforMySQL/flexibleServers -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|aborted_connections |Yes |Aborted Connections |Count |Total |Aborted Connections |No Dimensions | -|active_connections |Yes |Active Connections |Count |Maximum |Active Connections |No Dimensions | -|available_memory_bytes |Yes |Available Memory Bytes |Bytes |Average |Amount of physical memory, in bytes. |No Dimensions | -|backup_storage_used |Yes |Backup Storage Used |Bytes |Maximum |Backup Storage Used |No Dimensions | -|Com_alter_table |Yes |Com Alter Table |Count |Total |The number of times ALTER TABLE statement has been executed. |No Dimensions | -|Com_create_db |Yes |Com Create DB |Count |Total |The number of times CREATE DB statement has been executed. |No Dimensions | -|Com_create_table |Yes |Com Create Table |Count |Total |The number of times CREATE TABLE statement has been executed. |No Dimensions | -|Com_delete |Yes |Com Delete |Count |Total |The number of times DELETE statement has been executed. |No Dimensions | -|Com_drop_db |Yes |Com Drop DB |Count |Total |The number of times DROP DB statement has been executed. |No Dimensions | -|Com_drop_table |Yes |Com Drop Table |Count |Total |The number of times DROP TABLE statement has been executed. |No Dimensions | -|Com_insert |Yes |Com Insert |Count |Total |The number of times INSERT statement has been executed. |No Dimensions | -|Com_select |Yes |Com Select |Count |Total |The number of times SELECT statement has been executed. |No Dimensions | -|Com_update |Yes |Com Update |Count |Total |The number of times UPDATE statement has been executed. |No Dimensions | -|cpu_credits_consumed |Yes |CPU Credits Consumed |Count |Maximum |CPU Credits Consumed |No Dimensions | -|cpu_credits_remaining |Yes |CPU Credits Remaining |Count |Maximum |CPU Credits Remaining |No Dimensions | -|cpu_percent |Yes |Host CPU Percent |Percent |Maximum |Host CPU Percent |No Dimensions | -|HA_IO_status |Yes |HA IO Status |Count |Maximum |Status for replication IO thread running |No Dimensions | -|HA_replication_lag |Yes |HA Replication Lag |Seconds |Maximum |HA Replication lag in seconds |No Dimensions | -|HA_SQL_status |Yes |HA SQL Status |Count |Maximum |Status for replication SQL thread running |No Dimensions | -|Innodb_buffer_pool_pages_data |Yes |InnoDB Buffer Pool Pages Data |Count |Total |The number of pages in the InnoDB buffer pool containing data. |No Dimensions | -|Innodb_buffer_pool_pages_dirty |Yes |InnoDB Buffer Pool Pages Dirty |Count |Total |The current number of dirty pages in the InnoDB buffer pool. |No Dimensions | -|Innodb_buffer_pool_pages_free |Yes |InnoDB Buffer Pool Pages Free |Count |Total |The number of free pages in the InnoDB buffer pool. |No Dimensions | -|Innodb_buffer_pool_read_requests |Yes |InnoDB Buffer Pool Read Requests |Count |Total |The number of logical read requests. |No Dimensions | -|Innodb_buffer_pool_reads |Yes |InnoDB Buffer Pool Reads |Count |Total |The number of logical reads that InnoDB could not satisfy from the buffer pool, and had to read directly from disk. |No Dimensions | -|Innodb_data_writes |Yes |Innodb Data Writes |Count |Total |The total number of data writes. |No Dimensions | -|Innodb_row_lock_time |Yes |Innodb Row Lock Time |Milliseconds |Average |The total time spent in acquiring row locks for InnoDB tables, in milliseconds. |No Dimensions | -|io_consumption_percent |Yes |Storage IO Percent |Percent |Maximum |Storage I/O consumption percent |No Dimensions | -|memory_percent |Yes |Host Memory Percent |Percent |Maximum |Host Memory Percent |No Dimensions | -|network_bytes_egress |Yes |Host Network Out |Bytes |Total |Host Network egress in bytes |No Dimensions | -|network_bytes_ingress |Yes |Host Network In |Bytes |Total |Host Network ingress in bytes |No Dimensions | -|Queries |Yes |Queries |Count |Total |Queries |No Dimensions | -|Replica_IO_Running |No |Replica IO Status |Count |Maximum |Status for replication IO thread running |No Dimensions | -|Replica_SQL_Running |No |Replica SQL Status |Count |Maximum |Status for replication SQL thread running |No Dimensions | -|replication_lag |Yes |Replication Lag In Seconds |Seconds |Maximum |Replication lag in seconds |No Dimensions | -|serverlog_storage_limit |Yes |Serverlog Storage Limit |Bytes |Maximum |Serverlog Storage Limit |No Dimensions | -|serverlog_storage_percent |Yes |Serverlog Storage Percent |Percent |Maximum |Serverlog Storage Percent |No Dimensions | -|serverlog_storage_usage |Yes |Serverlog Storage Used |Bytes |Maximum |Serverlog Storage Used |No Dimensions | -|Slow_queries |Yes |Slow Queries |Count |Total |The number of queries that have taken more than long_query_time seconds. |No Dimensions | -|storage_io_count |No |Storage IO Count |Count |Total |The number of storage I/O consumed. |No Dimensions | -|storage_limit |Yes |Storage Limit |Bytes |Maximum |Storage Limit |No Dimensions | -|storage_percent |Yes |Storage Percent |Percent |Maximum |Storage Percent |No Dimensions | -|storage_throttle_count |Yes |Storage Throttle Count (deprecated) |Count |Maximum |Storage IO requests throttled in the selected time range. Deprecated, please check Storage IO Percent for throttling. |No Dimensions | -|storage_used |Yes |Storage Used |Bytes |Maximum |Storage Used |No Dimensions | -|Threads_running |Yes |Threads Running |Count |Total |The number of threads that are not sleeping. |No Dimensions | -|total_connections |Yes |Total Connections |Count |Total |Total Connections |No Dimensions | --## Microsoft.DBforMySQL/servers -<!-- Data source : arm--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|active_connections |Yes |Active Connections |Count |Average |Active Connections |No Dimensions | -|backup_storage_used |Yes |Backup Storage used |Bytes |Average |Backup Storage used |No Dimensions | -|connections_failed |Yes |Failed Connections |Count |Total |Failed Connections |No Dimensions | -|cpu_percent |Yes |CPU percent |Percent |Average |CPU percent |No Dimensions | -|io_consumption_percent |Yes |IO percent |Percent |Average |IO percent |No Dimensions | -|memory_percent |Yes |Memory percent |Percent |Average |Memory percent |No Dimensions | -|network_bytes_egress |Yes |Network Out |Bytes |Total |Network Out across active connections |No Dimensions | -|network_bytes_ingress |Yes |Network In |Bytes |Total |Network In across active connections |No Dimensions | -|seconds_behind_master |Yes |Replication lag in seconds |Count |Maximum |Replication lag in seconds |No Dimensions | -|serverlog_storage_limit |Yes |Server Log storage limit |Bytes |Maximum |Server Log storage limit |No Dimensions | -|serverlog_storage_percent |Yes |Server Log storage percent |Percent |Average |Server Log storage percent |No Dimensions | -|serverlog_storage_usage |Yes |Server Log storage used |Bytes |Average |Server Log storage used |No Dimensions | -|storage_limit |Yes |Storage limit |Bytes |Maximum |Storage limit |No Dimensions | -|storage_percent |Yes |Storage percent |Percent |Average |Storage percent |No Dimensions | -|storage_used |Yes |Storage used |Bytes |Average |Storage used |No Dimensions | --## Microsoft.DBforPostgreSQL/flexibleServers -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|active_connections |Yes |Active Connections |Count |Average |Active Connections |No Dimensions | -|analyze_count_user_tables |Yes |Analyze Counter User Tables (Preview) |Count |Maximum |Number of times user only tables have been manually analyzed in this database |DatabaseName | -|autoanalyze_count_user_tables |Yes |AutoAnalyze Counter User Tables (Preview) |Count |Maximum |Number of times user only tables have been analyzed by the autovacuum daemon in this database |DatabaseName | -|autovacuum_count_user_tables |Yes |AutoVacuum Counter User Tables (Preview) |Count |Maximum |Number of times user only tables have been vacuumed by the autovacuum daemon in this database |DatabaseName | -|backup_storage_used |Yes |Backup Storage Used |Bytes |Average |Backup Storage Used |No Dimensions | -|blks_hit |Yes |Disk Blocks Hit (Preview) |Count |Total |Number of times disk blocks were found already in the buffer cache, so that a read was not necessary |DatabaseName | -|blks_read |Yes |Disk Blocks Read (Preview) |Count |Total |Number of disk blocks read in this database |DatabaseName | -|client_connections_active |Yes |Active client connections (Preview) |Count |Maximum |Connections from clients which are associated with a PostgreSQL connection |DatabaseName | -|client_connections_waiting |Yes |Waiting client connections (Preview) |Count |Maximum |Connections from clients that are waiting for a PostgreSQL connection to service them |DatabaseName | -|connections_failed |Yes |Failed Connections |Count |Total |Failed Connections |No Dimensions | -|connections_succeeded |Yes |Succeeded Connections |Count |Total |Succeeded Connections |No Dimensions | -|cpu_credits_consumed |Yes |CPU Credits Consumed |Count |Average |Total number of credits consumed by the database server |No Dimensions | -|cpu_credits_remaining |Yes |CPU Credits Remaining |Count |Average |Total number of credits available to burst |No Dimensions | -|cpu_percent |Yes |CPU percent |Percent |Average |CPU percent |No Dimensions | -|deadlocks |Yes |Deadlocks (Preview) |Count |Total |Number of deadlocks detected in this database |DatabaseName | -|disk_bandwidth_consumed_percentage |Yes |Disk Bandwidth Consumed Percentage (Preview) |Percent |Average |Percentage of disk bandwidth consumed per minute |No Dimensions | -|disk_iops_consumed_percentage |Yes |Disk IOPS Consumed Percentage (Preview) |Percent |Average |Percentage of disk I/Os consumed per minute |No Dimensions | -|disk_queue_depth |Yes |Disk Queue Depth |Count |Average |Number of outstanding I/O operations to the data disk |No Dimensions | -|iops |Yes |IOPS |Count |Average |IO Operations per second |No Dimensions | -|is_db_alive |Yes |Database Is Alive (Preview) |Count |Maximum |Indicates if the database is up or not |No Dimensions | -|logical_replication_delay_in_bytes |Yes |Max Logical Replication Lag (Preview) |Bytes |Maximum |Maximum lag across all logical replication slots |No Dimensions | -|longest_query_time_sec |Yes |Oldest Query (Preview) |Seconds |Maximum |The age in seconds of the longest query that is currently running |No Dimensions | -|longest_transaction_time_sec |Yes |Oldest Transaction (Preview) |Seconds |Maximum |The age in seconds of the longest transaction (including idle transactions) |No Dimensions | -|max_connections |Yes |Max Connections (Preview) |Count |Maximum |Max connections |No Dimensions | -|maximum_used_transactionIDs |Yes |Maximum Used Transaction IDs |Count |Average |Maximum Used Transaction IDs |No Dimensions | -|memory_percent |Yes |Memory percent |Percent |Average |Memory percent |No Dimensions | -|n_dead_tup_user_tables |Yes |Estimated Dead Rows User Tables (Preview) |Count |Maximum |Estimated number of dead rows for user only tables in this database |DatabaseName | -|n_live_tup_user_tables |Yes |Estimated Live Rows User Tables (Preview) |Count |Maximum |Estimated number of live rows for user only tables in this database |DatabaseName | -|n_mod_since_analyze_user_tables |Yes |Estimated Modifications User Tables (Preview) |Count |Maximum |Estimated number of rows modified since user only tables were last analyzed |DatabaseName | -|network_bytes_egress |Yes |Network Out |Bytes |Total |Network Out across active connections |No Dimensions | -|network_bytes_ingress |Yes |Network In |Bytes |Total |Network In across active connections |No Dimensions | -|num_pools |Yes |Number of connection pools (Preview) |Count |Maximum |Total number of connection pools |DatabaseName | -|numbackends |Yes |Backends (Preview) |Count |Maximum |Number of backends connected to this database |DatabaseName | -|oldest_backend_time_sec |Yes |Oldest Backend (Preview) |Seconds |Maximum |The age in seconds of the oldest backend (irrespective of the state) |No Dimensions | -|oldest_backend_xmin |Yes |Oldest xmin (Preview) |Count |Maximum |The actual value of the oldest xmin. |No Dimensions | -|oldest_backend_xmin_age |Yes |Oldest xmin Age (Preview) |Count |Maximum |Age in units of the oldest xmin. It indicated how many transactions passed since oldest xmin |No Dimensions | -|physical_replication_delay_in_bytes |Yes |Max Physical Replication Lag (Preview) |Bytes |Maximum |Maximum lag across all asynchronous physical replication slots |No Dimensions | -|physical_replication_delay_in_seconds |Yes |Read Replica Lag (Preview) |Seconds |Maximum |Read Replica lag in seconds |No Dimensions | -|read_iops |Yes |Read IOPS |Count |Average |Number of data disk I/O read operations per second |No Dimensions | -|read_throughput |Yes |Read Throughput Bytes/Sec |Count |Average |Bytes read per second from the data disk during monitoring period |No Dimensions | -|server_connections_active |Yes |Active server connections (Preview) |Count |Maximum |Connections to PostgreSQL that are in use by a client connection |DatabaseName | -|server_connections_idle |Yes |Idle server connections (Preview) |Count |Maximum |Connections to PostgreSQL that are idle, ready to service a new client connection |DatabaseName | -|sessions_by_state |Yes |Sessions by State (Preview) |Count |Maximum |Overall state of the backends |State | -|sessions_by_wait_event_type |Yes |Sessions by WaitEventType (Preview) |Count |Maximum |Sessions by the type of event for which the backend is waiting |WaitEventType | -|storage_free |Yes |Storage Free |Bytes |Average |Storage Free |No Dimensions | -|storage_percent |Yes |Storage percent |Percent |Average |Storage percent |No Dimensions | -|storage_used |Yes |Storage used |Bytes |Average |Storage used |No Dimensions | -|tables_analyzed_user_tables |Yes |User Tables Analyzed (Preview) |Count |Maximum |Number of user only tables that have been analyzed in this database |DatabaseName | -|tables_autoanalyzed_user_tables |Yes |User Tables AutoAnalyzed (Preview) |Count |Maximum |Number of user only tables that have been analyzed by the autovacuum daemon in this database |DatabaseName | -|tables_autovacuumed_user_tables |Yes |User Tables AutoVacuumed (Preview) |Count |Maximum |Number of user only tables that have been vacuumed by the autovacuum daemon in this database |DatabaseName | -|tables_counter_user_tables |Yes |User Tables Counter (Preview) |Count |Maximum |Number of user only tables in this database |DatabaseName | -|tables_vacuumed_user_tables |Yes |User Tables Vacuumed (Preview) |Count |Maximum |Number of user only tables that have been vacuumed in this database |DatabaseName | -|temp_bytes |Yes |Temporary Files Size (Preview) |Bytes |Total |Total amount of data written to temporary files by queries in this database |DatabaseName | -|temp_files |Yes |Temporary Files (Preview) |Count |Total |Number of temporary files created by queries in this database |DatabaseName | -|total_pooled_connections |Yes |Total pooled connections (Preview) |Count |Maximum |Current number of pooled connections |DatabaseName | -|tup_deleted |Yes |Tuples Deleted (Preview) |Count |Total |Number of rows deleted by queries in this database |DatabaseName | -|tup_fetched |Yes |Tuples Fetched (Preview) |Count |Total |Number of rows fetched by queries in this database |DatabaseName | -|tup_inserted |Yes |Tuples Inserted (Preview) |Count |Total |Number of rows inserted by queries in this database |DatabaseName | -|tup_returned |Yes |Tuples Returned (Preview) |Count |Total |Number of rows returned by queries in this database |DatabaseName | -|tup_updated |Yes |Tuples Updated (Preview) |Count |Total |Number of rows updated by queries in this database |DatabaseName | -|txlogs_storage_used |Yes |Transaction Log Storage Used |Bytes |Average |Transaction Log Storage Used |No Dimensions | -|vacuum_count_user_tables |Yes |Vacuum Counter User Tables (Preview) |Count |Maximum |Number of times user only tables have been manually vacuumed in this database (not counting VACUUM FULL) |DatabaseName | -|write_iops |Yes |Write IOPS |Count |Average |Number of data disk I/O write operations per second |No Dimensions | -|write_throughput |Yes |Write Throughput Bytes/Sec |Count |Average |Bytes written per second to the data disk during monitoring period |No Dimensions | -|xact_commit |Yes |Transactions Committed (Preview) |Count |Total |Number of transactions in this database that have been committed |DatabaseName | -|xact_rollback |Yes |Transactions Rolled Back (Preview) |Count |Total |Number of transactions in this database that have been rolled back |DatabaseName | -|xact_total |Yes |Total Transactions (Preview) |Count |Total |Number of total transactions executed in this database |DatabaseName | --## Microsoft.DBForPostgreSQL/serverGroupsv2 -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|active_connections |Yes |Active Connections |Count |Average |Active Connections |ServerName | -|apps_reserved_memory_percent |Yes |Reserved Memory percent |Percent |Average |Percentage of Commit Memory Limit Reserved by Applications |ServerName | -|cpu_credits_consumed |Yes |CPU Credits Consumed |Count |Average |Total number of credits consumed by the node. Only available when burstable compute is provisioned on the node. |ServerName | -|cpu_credits_remaining |Yes |CPU Credits Remaining |Count |Average |Total number of credits available to burst. Only available when burstable compute is provisioned on the node. |ServerName | -|cpu_percent |Yes |CPU percent |Percent |Average |CPU percent |ServerName | -|iops |Yes |IOPS |Count |Average |IO operations per second |ServerName | -|memory_percent |Yes |Memory percent |Percent |Average |Memory percent |ServerName | -|network_bytes_egress |Yes |Network Out |Bytes |Total |Network Out across active connections |ServerName | -|network_bytes_ingress |Yes |Network In |Bytes |Total |Network In across active connections |ServerName | -|replication_lag |Yes |Replication lag |MilliSeconds |Average |Allows to see how much read replica nodes are behind their counterparts in the primary cluster |ServerName | -|storage_percent |Yes |Storage percent |Percent |Average |Storage percent |ServerName | -|storage_used |Yes |Storage used |Bytes |Average |Storage used |ServerName | -|vm_cached_bandwidth_percent |Yes |VM Cached Bandwidth Consumed Percentage |Percent |Average |Percentage of cached disk bandwidth consumed by the VM |ServerName | -|vm_cached_iops_percent |Yes |VM Cached IOPS Consumed Percentage |Percent |Average |Percentage of cached disk IOPS consumed by the VM |ServerName | -|vm_uncached_bandwidth_percent |Yes |VM Uncached Bandwidth Consumed Percentage |Percent |Average |Percentage of uncached disk bandwidth consumed by the VM |ServerName | -|vm_uncached_iops_percent |Yes |VM Uncached IOPS Consumed Percentage |Percent |Average |Percentage of uncached disk IOPS consumed by the VM |ServerName | --## Microsoft.DBforPostgreSQL/servers -<!-- Data source : arm--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|active_connections |Yes |Active Connections |Count |Average |Active Connections |No Dimensions | -|backup_storage_used |Yes |Backup Storage Used |Bytes |Average |Backup Storage Used |No Dimensions | -|connections_failed |Yes |Failed Connections |Count |Total |Failed Connections |No Dimensions | -|cpu_percent |Yes |CPU percent |Percent |Average |CPU percent |No Dimensions | -|io_consumption_percent |Yes |IO percent |Percent |Average |IO percent |No Dimensions | -|memory_percent |Yes |Memory percent |Percent |Average |Memory percent |No Dimensions | -|network_bytes_egress |Yes |Network Out |Bytes |Total |Network Out across active connections |No Dimensions | -|network_bytes_ingress |Yes |Network In |Bytes |Total |Network In across active connections |No Dimensions | -|pg_replica_log_delay_in_bytes |Yes |Max Lag Across Replicas |Bytes |Maximum |Lag in bytes of the most lagging replica |No Dimensions | -|pg_replica_log_delay_in_seconds |Yes |Replica Lag |Seconds |Maximum |Replica lag in seconds |No Dimensions | -|serverlog_storage_limit |Yes |Server Log storage limit |Bytes |Maximum |Server Log storage limit |No Dimensions | -|serverlog_storage_percent |Yes |Server Log storage percent |Percent |Average |Server Log storage percent |No Dimensions | -|serverlog_storage_usage |Yes |Server Log storage used |Bytes |Average |Server Log storage used |No Dimensions | -|storage_limit |Yes |Storage limit |Bytes |Maximum |Storage limit |No Dimensions | -|storage_percent |Yes |Storage percent |Percent |Average |Storage percent |No Dimensions | -|storage_used |Yes |Storage used |Bytes |Average |Storage used |No Dimensions | --## Microsoft.DBforPostgreSQL/serversv2 -<!-- Data source : arm--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|active_connections |Yes |Active Connections |Count |Average |Active Connections |No Dimensions | -|cpu_percent |Yes |CPU percent |Percent |Average |CPU percent |No Dimensions | -|iops |Yes |IOPS |Count |Average |IO Operations per second |No Dimensions | -|memory_percent |Yes |Memory percent |Percent |Average |Memory percent |No Dimensions | -|network_bytes_egress |Yes |Network Out |Bytes |Total |Network Out across active connections |No Dimensions | -|network_bytes_ingress |Yes |Network In |Bytes |Total |Network In across active connections |No Dimensions | -|storage_percent |Yes |Storage percent |Percent |Average |Storage percent |No Dimensions | -|storage_used |Yes |Storage used |Bytes |Average |Storage used |No Dimensions | --## Microsoft.Devices/IotHubs -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|c2d.commands.egress.abandon.success |Yes |C2D messages abandoned |Count |Total |Number of cloud-to-device messages abandoned by the device |No Dimensions | -|c2d.commands.egress.complete.success |Yes |C2D message deliveries completed |Count |Total |Number of cloud-to-device message deliveries completed successfully by the device |No Dimensions | -|c2d.commands.egress.reject.success |Yes |C2D messages rejected |Count |Total |Number of cloud-to-device messages rejected by the device |No Dimensions | -|c2d.methods.failure |Yes |Failed direct method invocations |Count |Total |The count of all failed direct method calls. |No Dimensions | -|c2d.methods.requestSize |Yes |Request size of direct method invocations |Bytes |Average |The average, min, and max of all successful direct method requests. |No Dimensions | -|c2d.methods.responseSize |Yes |Response size of direct method invocations |Bytes |Average |The average, min, and max of all successful direct method responses. |No Dimensions | -|c2d.methods.success |Yes |Successful direct method invocations |Count |Total |The count of all successful direct method calls. |No Dimensions | -|c2d.twin.read.failure |Yes |Failed twin reads from back end |Count |Total |The count of all failed back-end-initiated twin reads. |No Dimensions | -|c2d.twin.read.size |Yes |Response size of twin reads from back end |Bytes |Average |The average, min, and max of all successful back-end-initiated twin reads. |No Dimensions | -|c2d.twin.read.success |Yes |Successful twin reads from back end |Count |Total |The count of all successful back-end-initiated twin reads. |No Dimensions | -|c2d.twin.update.failure |Yes |Failed twin updates from back end |Count |Total |The count of all failed back-end-initiated twin updates. |No Dimensions | -|c2d.twin.update.size |Yes |Size of twin updates from back end |Bytes |Average |The average, min, and max size of all successful back-end-initiated twin updates. |No Dimensions | -|c2d.twin.update.success |Yes |Successful twin updates from back end |Count |Total |The count of all successful back-end-initiated twin updates. |No Dimensions | -|C2DMessagesExpired |Yes |C2D Messages Expired |Count |Total |Number of expired cloud-to-device messages |No Dimensions | -|configurations |Yes |Configuration Metrics |Count |Total |Metrics for Configuration Operations |No Dimensions | -|connectedDeviceCount |No |Connected devices |Count |Average |Number of devices connected to your IoT hub |No Dimensions | -|d2c.endpoints.egress.builtIn.events |Yes |Routing: messages delivered to messages/events |Count |Total |The number of times IoT Hub routing successfully delivered messages to the built-in endpoint (messages/events). |No Dimensions | -|d2c.endpoints.egress.eventHubs |Yes |Routing: messages delivered to Event Hub |Count |Total |The number of times IoT Hub routing successfully delivered messages to Event Hub endpoints. |No Dimensions | -|d2c.endpoints.egress.serviceBusQueues |Yes |Routing: messages delivered to Service Bus Queue |Count |Total |The number of times IoT Hub routing successfully delivered messages to Service Bus queue endpoints. |No Dimensions | -|d2c.endpoints.egress.serviceBusTopics |Yes |Routing: messages delivered to Service Bus Topic |Count |Total |The number of times IoT Hub routing successfully delivered messages to Service Bus topic endpoints. |No Dimensions | -|d2c.endpoints.egress.storage |Yes |Routing: messages delivered to storage |Count |Total |The number of times IoT Hub routing successfully delivered messages to storage endpoints. |No Dimensions | -|d2c.endpoints.egress.storage.blobs |Yes |Routing: blobs delivered to storage |Count |Total |The number of times IoT Hub routing delivered blobs to storage endpoints. |No Dimensions | -|d2c.endpoints.egress.storage.bytes |Yes |Routing: data delivered to storage |Bytes |Total |The amount of data (bytes) IoT Hub routing delivered to storage endpoints. |No Dimensions | -|d2c.endpoints.latency.builtIn.events |Yes |Routing: message latency for messages/events |MilliSeconds |Average |The average latency (milliseconds) between message ingress to IoT Hub and telemetry message ingress into the built-in endpoint (messages/events). |No Dimensions | -|d2c.endpoints.latency.eventHubs |Yes |Routing: message latency for Event Hub |MilliSeconds |Average |The average latency (milliseconds) between message ingress to IoT Hub and message ingress into an Event Hub endpoint. |No Dimensions | -|d2c.endpoints.latency.serviceBusQueues |Yes |Routing: message latency for Service Bus Queue |MilliSeconds |Average |The average latency (milliseconds) between message ingress to IoT Hub and telemetry message ingress into a Service Bus queue endpoint. |No Dimensions | -|d2c.endpoints.latency.serviceBusTopics |Yes |Routing: message latency for Service Bus Topic |MilliSeconds |Average |The average latency (milliseconds) between message ingress to IoT Hub and telemetry message ingress into a Service Bus topic endpoint. |No Dimensions | -|d2c.endpoints.latency.storage |Yes |Routing: message latency for storage |MilliSeconds |Average |The average latency (milliseconds) between message ingress to IoT Hub and telemetry message ingress into a storage endpoint. |No Dimensions | -|d2c.telemetry.egress.dropped |Yes |Routing: telemetry messages dropped |Count |Total |The number of times messages were dropped by IoT Hub routing due to dead endpoints. This value does not count messages delivered to fallback route as dropped messages are not delivered there. |No Dimensions | -|d2c.telemetry.egress.fallback |Yes |Routing: messages delivered to fallback |Count |Total |The number of times IoT Hub routing delivered messages to the endpoint associated with the fallback route. |No Dimensions | -|d2c.telemetry.egress.invalid |Yes |Routing: telemetry messages incompatible |Count |Total |The number of times IoT Hub routing failed to deliver messages due to an incompatibility with the endpoint. This value does not include retries. |No Dimensions | -|d2c.telemetry.egress.orphaned |Yes |Routing: telemetry messages orphaned |Count |Total |The number of times messages were orphaned by IoT Hub routing because they didn't match any routing rules (including the fallback rule). |No Dimensions | -|d2c.telemetry.egress.success |Yes |Routing: telemetry messages delivered |Count |Total |The number of times messages were successfully delivered to all endpoints using IoT Hub routing. If a message is routed to multiple endpoints, this value increases by one for each successful delivery. If a message is delivered to the same endpoint multiple times, this value increases by one for each successful delivery. |No Dimensions | -|d2c.telemetry.ingress.allProtocol |Yes |Telemetry message send attempts |Count |Total |Number of device-to-cloud telemetry messages attempted to be sent to your IoT hub |No Dimensions | -|d2c.telemetry.ingress.sendThrottle |Yes |Number of throttling errors |Count |Total |Number of throttling errors due to device throughput throttles |No Dimensions | -|d2c.telemetry.ingress.success |Yes |Telemetry messages sent |Count |Total |Number of device-to-cloud telemetry messages sent successfully to your IoT hub |No Dimensions | -|d2c.twin.read.failure |Yes |Failed twin reads from devices |Count |Total |The count of all failed device-initiated twin reads. |No Dimensions | -|d2c.twin.read.size |Yes |Response size of twin reads from devices |Bytes |Average |The average, min, and max of all successful device-initiated twin reads. |No Dimensions | -|d2c.twin.read.success |Yes |Successful twin reads from devices |Count |Total |The count of all successful device-initiated twin reads. |No Dimensions | -|d2c.twin.update.failure |Yes |Failed twin updates from devices |Count |Total |The count of all failed device-initiated twin updates. |No Dimensions | -|d2c.twin.update.size |Yes |Size of twin updates from devices |Bytes |Average |The average, min, and max size of all successful device-initiated twin updates. |No Dimensions | -|d2c.twin.update.success |Yes |Successful twin updates from devices |Count |Total |The count of all successful device-initiated twin updates. |No Dimensions | -|dailyMessageQuotaUsed |Yes |Total number of messages used |Count |Maximum |Number of total messages used today |No Dimensions | -|deviceDataUsage |Yes |Total device data usage |Bytes |Total |Bytes transferred to and from any devices connected to IotHub |No Dimensions | -|deviceDataUsageV2 |Yes |Total device data usage (preview) |Bytes |Total |Bytes transferred to and from any devices connected to IotHub |No Dimensions | -|devices.connectedDevices.allProtocol |Yes |Connected devices (deprecated) |Count |Total |Number of devices connected to your IoT hub |No Dimensions | -|devices.totalDevices |Yes |Total devices (deprecated) |Count |Total |Number of devices registered to your IoT hub |No Dimensions | -|EventGridDeliveries |Yes |Event Grid deliveries |Count |Total |The number of IoT Hub events published to Event Grid. Use the Result dimension for the number of successful and failed requests. EventType dimension shows the type of event (https://aka.ms/ioteventgrid). |Result, EventType | -|EventGridLatency |Yes |Event Grid latency |MilliSeconds |Average |The average latency (milliseconds) from when the Iot Hub event was generated to when the event was published to Event Grid. This number is an average between all event types. Use the EventType dimension to see latency of a specific type of event. |EventType | -|jobs.cancelJob.failure |Yes |Failed job cancellations |Count |Total |The count of all failed calls to cancel a job. |No Dimensions | -|jobs.cancelJob.success |Yes |Successful job cancellations |Count |Total |The count of all successful calls to cancel a job. |No Dimensions | -|jobs.completed |Yes |Completed jobs |Count |Total |The count of all completed jobs. |No Dimensions | -|jobs.createDirectMethodJob.failure |Yes |Failed creations of method invocation jobs |Count |Total |The count of all failed creation of direct method invocation jobs. |No Dimensions | -|jobs.createDirectMethodJob.success |Yes |Successful creations of method invocation jobs |Count |Total |The count of all successful creation of direct method invocation jobs. |No Dimensions | -|jobs.createTwinUpdateJob.failure |Yes |Failed creations of twin update jobs |Count |Total |The count of all failed creation of twin update jobs. |No Dimensions | -|jobs.createTwinUpdateJob.success |Yes |Successful creations of twin update jobs |Count |Total |The count of all successful creation of twin update jobs. |No Dimensions | -|jobs.failed |Yes |Failed jobs |Count |Total |The count of all failed jobs. |No Dimensions | -|jobs.listJobs.failure |Yes |Failed calls to list jobs |Count |Total |The count of all failed calls to list jobs. |No Dimensions | -|jobs.listJobs.success |Yes |Successful calls to list jobs |Count |Total |The count of all successful calls to list jobs. |No Dimensions | -|jobs.queryJobs.failure |Yes |Failed job queries |Count |Total |The count of all failed calls to query jobs. |No Dimensions | -|jobs.queryJobs.success |Yes |Successful job queries |Count |Total |The count of all successful calls to query jobs. |No Dimensions | -|RoutingDataSizeInBytesDelivered |Yes |Routing Delivery Message Size in Bytes (preview) |Bytes |Total |The total size in bytes of messages delivered by IoT hub to an endpoint. You can use the EndpointName and EndpointType dimensions to view the size of the messages in bytes delivered to your different endpoints. The metric value increases for every message delivered, including if the message is delivered to multiple endpoints or if the message is delivered to the same endpoint multiple times. |EndpointType, EndpointName, RoutingSource | -|RoutingDeliveries |Yes |Routing Deliveries (preview) |Count |Total |The number of times IoT Hub attempted to deliver messages to all endpoints using routing. To see the number of successful or failed attempts, use the Result dimension. To see the reason of failure, like invalid, dropped, or orphaned, use the FailureReasonCategory dimension. You can also use the EndpointName and EndpointType dimensions to understand how many messages were delivered to your different endpoints. The metric value increases by one for each delivery attempt, including if the message is delivered to multiple endpoints or if the message is delivered to the same endpoint multiple times. |EndpointType, EndpointName, FailureReasonCategory, Result, RoutingSource | -|RoutingDeliveryLatency |Yes |Routing Delivery Latency (preview) |MilliSeconds |Average |The average latency (milliseconds) between message ingress to IoT Hub and telemetry message ingress into an endpoint. You can use the EndpointName and EndpointType dimensions to understand the latency to your different endpoints. |EndpointType, EndpointName, RoutingSource | -|totalDeviceCount |No |Total devices |Count |Average |Number of devices registered to your IoT hub |No Dimensions | -|twinQueries.failure |Yes |Failed twin queries |Count |Total |The count of all failed twin queries. |No Dimensions | -|twinQueries.resultSize |Yes |Twin queries result size |Bytes |Average |The average, min, and max of the result size of all successful twin queries. |No Dimensions | -|twinQueries.success |Yes |Successful twin queries |Count |Total |The count of all successful twin queries. |No Dimensions | --## Microsoft.Devices/provisioningServices -<!-- Data source : arm--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|AttestationAttempts |Yes |Attestation attempts |Count |Total |Number of device attestations attempted |ProvisioningServiceName, Status, Protocol | -|DeviceAssignments |Yes |Devices assigned |Count |Total |Number of devices assigned to an IoT hub |ProvisioningServiceName, IotHubName | -|RegistrationAttempts |Yes |Registration attempts |Count |Total |Number of device registrations attempted |ProvisioningServiceName, IotHubName, Status | --## Microsoft.DigitalTwins/digitalTwinsInstances -<!-- Data source : arm--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|ApiRequests |Yes |API Requests |Count |Total |The number of API requests made for Digital Twins read, write, delete and query operations. |Operation, Authentication, Protocol, StatusCode, StatusCodeClass, StatusText | -|ApiRequestsFailureRate |Yes |API Requests Failure Rate |Percent |Average |The percentage of API requests that the service receives for your instance that return an internal error (500) response code for Digital Twins read, write, delete and query operations. |Operation, Authentication, Protocol | -|ApiRequestsLatency |Yes |API Requests Latency |Milliseconds |Average |The response time for API requests, i.e. from when the request is received by Azure Digital Twins until the service sends a success/fail result for Digital Twins read, write, delete and query operations. |Operation, Authentication, Protocol, StatusCode, StatusCodeClass, StatusText | -|BillingApiOperations |Yes |Billing API Operations |Count |Total |Billing metric for the count of all API requests made against the Azure Digital Twins service. |MeterId | -|BillingMessagesProcessed |Yes |Billing Messages Processed |Count |Total |Billing metric for the number of messages sent out from Azure Digital Twins to external endpoints. |MeterId | -|BillingQueryUnits |Yes |Billing Query Units |Count |Total |The number of Query Units, an internally computed measure of service resource usage, consumed to execute queries. |MeterId | -|DataHistoryRouting |Yes |Data History Messages Routed (preview) |Count |Total |The number of messages routed to a time series database. |EndpointType, Result | -|DataHistoryRoutingFailureRate |Yes |Data History Routing Failure Rate (preview) |Percent |Average |The percentage of events that result in an error as they are routed from Azure Digital Twins to a time series database. |EndpointType | -|DataHistoryRoutingLatency |Yes |Data History Routing Latency (preview) |Milliseconds |Average |Time elapsed between an event getting routed from Azure Digital Twins to when it is posted to a time series database. |EndpointType, Result | -|ImportJobEntityCount |Yes |Import Job Entity Count |Count |Total |The number of twins, models, or relationships processed by an import job. |Operation, Result | -|ImportJobLatency |Yes |Import Job Latency |Milliseconds |Average |Total time taken for an import job to complete. |Operation, Authentication, Protocol | -|IngressEvents |Yes |Ingress Events |Count |Total |The number of incoming telemetry events into Azure Digital Twins. |Result | -|IngressEventsFailureRate |Yes |Ingress Events Failure Rate |Percent |Average |The percentage of incoming telemetry events for which the service returns an internal error (500) response code. |No Dimensions | -|IngressEventsLatency |Yes |Ingress Events Latency |Milliseconds |Average |The time from when an event arrives to when it is ready to be egressed by Azure Digital Twins, at which point the service sends a success/fail result. |Result | -|ModelCount |Yes |Model Count |Count |Total |Total number of models in the Azure Digital Twins instance. Use this metric to determine if you are approaching the service limit for max number of models allowed per instance. |No Dimensions | -|Routing |Yes |Messages Routed |Count |Total |The number of messages routed to an endpoint Azure service such as Event Hub, Service Bus or Event Grid. |EndpointType, Result | -|RoutingFailureRate |Yes |Routing Failure Rate |Percent |Average |The percentage of events that result in an error as they are routed from Azure Digital Twins to an endpoint Azure service such as Event Hub, Service Bus or Event Grid. |EndpointType | -|RoutingLatency |Yes |Routing Latency |Milliseconds |Average |Time elapsed between an event getting routed from Azure Digital Twins to when it is posted to the endpoint Azure service such as Event Hub, Service Bus or Event Grid. |EndpointType, Result | -|TwinCount |Yes |Twin Count |Count |Total |Total number of twins in the Azure Digital Twins instance. Use this metric to determine if you are approaching the service limit for max number of twins allowed per instance. |No Dimensions | --## Microsoft.DocumentDB/cassandraClusters -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|cassandra_cache_capacity |No |capacity |Bytes |Total |Cache capacity in bytes. |cassandra_datacenter, cassandra_node, cache_name | -|cassandra_cache_entries |No |entries |Count |Total |Total number of cache entries. |cassandra_datacenter, cassandra_node, cache_name | -|cassandra_cache_hit_rate |No |hit rate |Percent |Average |All time cache hit rate. |cassandra_datacenter, cassandra_node, cache_name | -|cassandra_cache_hits |No |hits |Count |Total |Total number of cache hits. |cassandra_datacenter, cassandra_node, cache_name | -|cassandra_cache_miss_latency_histogram |No |cache miss latency average (microseconds) |Count |Average |Average cache miss latency (in microseconds). |cassandra_datacenter, cassandra_node, quantile | -|cassandra_cache_miss_latency_p99 |No |cache miss latency p99 (microseconds) |Count |Average |p99 Latency of misses. |cassandra_datacenter, cassandra_node, cache_name | -|cassandra_cache_requests |No |requests |Count |Total |Total number of cache requests. |cassandra_datacenter, cassandra_node, cache_name | -|cassandra_cache_size |No |occupied cache size |Bytes |Total |Total size of occupied cache, in bytes. |cassandra_datacenter, cassandra_node, cache_name | -|cassandra_client_auth_failure |No |auth failure (deprecated) |Count |Total |Number of failed client authentication requests. |cassandra_datacenter, cassandra_node | -|cassandra_client_auth_failure2 |No |auth failure |Count |Total |Number of failed client authentication requests. |cassandra_datacenter, cassandra_node | -|cassandra_client_auth_success |No |auth success |Count |Total |Number of successful client authentication requests. |cassandra_datacenter, cassandra_node | -|cassandra_client_request_condition_not_met |No |condition not met |Count |Total |Number of transaction preconditions did not match current values. |cassandra_datacenter, cassandra_node, request_type | -|cassandra_client_request_contention_histogram |No |contention average |Count |Average |How many contended reads/writes were encountered in average. |cassandra_datacenter, cassandra_node, request_type | -|cassandra_client_request_contention_histogram_p99 |No |contention p99 |Count |Average |p99 How many contended writes were encountered. |cassandra_datacenter, cassandra_node, request_type | -|cassandra_client_request_failures |No |failures (deprecated) |Count |Total |Number of transaction failures encountered. |cassandra_datacenter, cassandra_node, request_type | -|cassandra_client_request_failures2 |No |failures |Count |Total |Number of transaction failures encountered. |cassandra_datacenter, cassandra_node, request_type | -|cassandra_client_request_latency_histogram |No |client request latency average (microseconds) |Count |Average |Average client request latency (in microseconds). |cassandra_datacenter, cassandra_node, quantile, request_type | -|cassandra_client_request_latency_p99 |No |client request latency p99 (microseconds) |Count |Average |p99 client request latency (in microseconds). |cassandra_datacenter, cassandra_node, request_type | -|cassandra_client_request_timeouts |No |timeouts (deprecated) |Count |Total |Number of timeouts encountered. |cassandra_datacenter, cassandra_node, request_type | -|cassandra_client_request_timeouts2 |No |timeouts |Count |Total |Number of timeouts encountered. |cassandra_datacenter, cassandra_node, request_type | -|cassandra_client_request_unfinished_commit |No |unfinished commit |Count |Total |Number of transactions that were committed on write. |cassandra_datacenter, cassandra_node, request_type | -|cassandra_commit_log_waiting_on_commit_latency_histogram |No |commit latency on waiting average (microseconds) |Count |Average |Average time spent waiting on CL fsync (in microseconds); for Periodic this is only occurs when the sync is lagging its sync interval. |cassandra_datacenter, cassandra_node, quantile | -|cassandra_cql_prepared_statements_executed |No |prepared statements executed |Count |Total |Number of prepared statements executed. |cassandra_datacenter, cassandra_node | -|cassandra_cql_regular_statements_executed |No |regular statements executed |Count |Total |Number of non prepared statements executed. |cassandra_datacenter, cassandra_node | -|cassandra_jvm_gc_count |No |gc count |Count |Total |Total number of collections that have occurred. |cassandra_datacenter, cassandra_node | -|cassandra_jvm_gc_time |No |gc time |MilliSeconds |Average |Approximate accumulated collection elapsed time. |cassandra_datacenter, cassandra_node | -|cassandra_table_all_memtables_live_data_size |No |all memtables live data size |Bytes |Total |Total amount of live data stored in the memtables (2i and pending flush memtables included) that resides off-heap, excluding any data structure overhead. |cassandra_datacenter, cassandra_node, table, keyspace | -|cassandra_table_all_memtables_off_heap_size |No |all memtables off heap size |Bytes |Total |Total amount of data stored in the memtables (2i and pending flush memtables included) that resides off-heap. |cassandra_datacenter, cassandra_node, table, keyspace | -|cassandra_table_bloom_filter_disk_space_used |No |bloom filter disk space used |Bytes |Total |Disk space used by bloom filter (in bytes). |cassandra_datacenter, cassandra_node, table, keyspace | -|cassandra_table_bloom_filter_false_positives |No |bloom filter false positives |Count |Total |Number of false positives on table's bloom filter. |cassandra_datacenter, cassandra_node, table, keyspace | -|cassandra_table_bloom_filter_false_ratio |No |bloom filter false ratio |Percent |Average |False positive ratio of table's bloom filter. |cassandra_datacenter, cassandra_node, table, keyspace | -|cassandra_table_bloom_filter_off_heap_memory_used |No |bloom filter off-heap memory used |Bytes |Total |Off-heap memory used by bloom filter. |cassandra_datacenter, cassandra_node, table, keyspace | -|cassandra_table_bytes_flushed |No |bytes flushed |Bytes |Total |Total number of bytes flushed since server [re]start. |cassandra_datacenter, cassandra_node, table, keyspace | -|cassandra_table_cas_commit |No |cas commit average (microseconds) |Count |Average |Average latency of paxos commit round. |cassandra_datacenter, cassandra_node, table, keyspace | -|cassandra_table_cas_commit_p99 |No |cas commit p99 (microseconds) |Count |Average |p99 Latency of paxos commit round. |cassandra_datacenter, cassandra_node, table, keyspace | -|cassandra_table_cas_prepare |No |cas prepare average (microseconds) |Count |Average |Average latency of paxos prepare round. |cassandra_datacenter, cassandra_node, table, keyspace | -|cassandra_table_cas_prepare_p99 |No |cas prepare p99 (microseconds) |Count |Average |p99 Latency of paxos prepare round. |cassandra_datacenter, cassandra_node, table, keyspace | -|cassandra_table_cas_propose |No |cas propose average (microseconds) |Count |Average |Average latency of paxos propose round. |cassandra_datacenter, cassandra_node, table, keyspace | -|cassandra_table_cas_propose_p99 |No |cas propose p99 (microseconds) |Count |Average |p99 Latency of paxos propose round. |cassandra_datacenter, cassandra_node, table, keyspace | -|cassandra_table_col_update_time_delta_histogram |No |col update time delta average |Count |Average |Average column update time delta on this table. |cassandra_datacenter, cassandra_node, table, keyspace | -|cassandra_table_col_update_time_delta_histogram_p99 |No |col update time delta p99 |Count |Average |p99 Column update time delta on this table. |cassandra_datacenter, cassandra_node, table, keyspace | -|cassandra_table_compaction_bytes_written |No |compaction bytes written |Bytes |Total |Total number of bytes written by compaction since server [re]start. |cassandra_datacenter, cassandra_node, table, keyspace | -|cassandra_table_compression_metadata_off_heap_memory_used |No |compression metadata off-heap memory used |Bytes |Total |Off-heap memory used by compression metadata. |cassandra_datacenter, cassandra_node, table, keyspace | -|cassandra_table_compression_ratio |No |compression ratio |Percent |Average |Current compression ratio for all SSTables. |cassandra_datacenter, cassandra_node, table, keyspace | -|cassandra_table_coordinator_read_latency |No |coordinator read latency average (microseconds) |Count |Average |Average coordinator read latency for this table. |cassandra_datacenter, cassandra_node, table, keyspace | -|cassandra_table_coordinator_read_latency_p99 |No |coordinator read latency p99 (microseconds) |Count |Average |p99 Coordinator read latency for this table. |cassandra_datacenter, cassandra_node, table, keyspace | -|cassandra_table_coordinator_scan_latency |No |coordinator scan latency average (microseconds) |Count |Average |Average coordinator range scan latency for this table. |cassandra_datacenter, cassandra_node, table, keyspace | -|cassandra_table_coordinator_scan_latency_p99 |No |coordinator scan latency p99 (microseconds) |Count |Average |p99 Coordinator range scan latency for this table. |cassandra_datacenter, cassandra_node, table, keyspace | -|cassandra_table_dropped_mutations |No |dropped mutations (deprecated) |Count |Total |Number of dropped mutations on this table. |cassandra_datacenter, cassandra_node, table, keyspace | -|cassandra_table_dropped_mutations2 |No |dropped mutations |Count |Total |Number of dropped mutations on this table. |cassandra_datacenter, cassandra_node, table, keyspace | -|cassandra_table_estimated_column_count_histogram |No |estimated column count average |Count |Average |Estimated number of columns in average. |cassandra_datacenter, cassandra_node, table, keyspace | -|cassandra_table_estimated_column_count_histogram_p99 |No |estimated column count p99 |Count |Average |p99 Estimated number of columns. |cassandra_datacenter, cassandra_node, table, keyspace | -|cassandra_table_estimated_partition_count |No |estimated partition count |Count |Total |Approximate number of keys in table. |cassandra_datacenter, cassandra_node, table, keyspace | -|cassandra_table_estimated_partition_size_histogram |No |estimated partition size average |Bytes |Average |Estimated partition size in average. |cassandra_datacenter, cassandra_node, quantile, table, keyspace | -|cassandra_table_estimated_partition_size_histogram_p99 |No |estimated partition size p99 |Bytes |Average |p99 Estimated partition size (in bytes). |cassandra_datacenter, cassandra_node, table, keyspace | -|cassandra_table_index_summary_off_heap_memory_used |No |index summary off-heap memory used |Bytes |Total |Off-heap memory used by index summary. |cassandra_datacenter, cassandra_node, table, keyspace | -|cassandra_table_key_cache_hit_rate |No |key cache hit rate |Percent |Average |Key cache hit rate for this table. |cassandra_datacenter, cassandra_node, table, keyspace | -|cassandra_table_live_disk_space_used |No |live disk space used |Bytes |Total |Disk space used by SSTables belonging to this table (in bytes). |cassandra_datacenter, cassandra_node, table, keyspace | -|cassandra_table_live_scanned_histogram |No |live scanned average |Count |Average |Average live cells scanned in queries on this table. |cassandra_datacenter, cassandra_node, table, keyspace | -|cassandra_table_live_scanned_histogram_p99 |No |live scanned p99 |Count |Average |p99 Live cells scanned in queries on this table. |cassandra_datacenter, cassandra_node, table, keyspace | -|cassandra_table_live_sstable_count |No |live sstable count |Count |Total |Number of SSTables on disk for this table. |cassandra_datacenter, cassandra_node, table, keyspace | -|cassandra_table_max_partition_size |No |max partition size |Bytes |Maximum |Size of the largest compacted partition (in bytes). |cassandra_datacenter, cassandra_node, table, keyspace | -|cassandra_table_mean_partition_size |No |mean partition size |Bytes |Average |Size of the average compacted partition (in bytes). |cassandra_datacenter, cassandra_node, table, keyspace | -|cassandra_table_memtable_columns_count |No |memtable columns count |Count |Total |Total number of columns present in the memtable. |cassandra_datacenter, cassandra_node, table, keyspace | -|cassandra_table_memtable_off_heap_size |No |memtable off heap size |Bytes |Total |Total amount of data stored in the memtable that resides off-heap, including column related overhead and partitions overwritten. |cassandra_datacenter, cassandra_node, table, keyspace | -|cassandra_table_memtable_on_heap_size |No |memtable on heap size |Bytes |Total |Total amount of data stored in the memtable that resides on-heap, including column related overhead and partitions overwritten. |cassandra_datacenter, cassandra_node, table, keyspace | -|cassandra_table_memtable_switch_count |No |memtable switch count |Count |Total |Number of times flush has resulted in the memtable being switched out. |cassandra_datacenter, cassandra_node, table, keyspace | -|cassandra_table_min_partition_size |No |min partition size |Bytes |Minimum |Size of the smallest compacted partition (in bytes). |cassandra_datacenter, cassandra_node, table, keyspace | -|cassandra_table_pending_compactions |No |pending compactions (deprecated) |Count |Total |Estimate of number of pending compactions for this table. |cassandra_datacenter, cassandra_node, table, keyspace | -|cassandra_table_pending_compactions2 |No |pending compactions |Count |Total |Estimate of number of pending compactions for this table. |cassandra_datacenter, cassandra_node, table, keyspace | -|cassandra_table_pending_flushes |No |pending flushes (deprecated) |Count |Total |Estimated number of flush tasks pending for this table. |cassandra_datacenter, cassandra_node, table, keyspace | -|cassandra_table_pending_flushes2 |No |pending flushes |Count |Total |Estimated number of flush tasks pending for this table. |cassandra_datacenter, cassandra_node, table, keyspace | -|cassandra_table_percent_repaired |No |percent repaired |Percent |Average |Percent of table data that is repaired on disk. |cassandra_datacenter, cassandra_node, table, keyspace | -|cassandra_table_range_latency |No |range latency average (microseconds) |Count |Average |Average local range scan latency for this table. |cassandra_datacenter, cassandra_node, table, keyspace | -|cassandra_table_range_latency_p99 |No |range latency p99 (microseconds) |Count |Average |p99 Local range scan latency for this table. |cassandra_datacenter, cassandra_node, table, keyspace | -|cassandra_table_read_latency |No |read latency average (microseconds) |Count |Average |Average local read latency for this table. |cassandra_datacenter, cassandra_node, table, keyspace | -|cassandra_table_read_latency_p99 |No |read latency p99 (microseconds) |Count |Average |p99 Local read latency for this table. |cassandra_datacenter, cassandra_node, table, keyspace | -|cassandra_table_row_cache_hit |No |row cache hit |Count |Total |Number of table row cache hits. |cassandra_datacenter, cassandra_node, table, keyspace | -|cassandra_table_row_cache_hit_out_of_range |No |row cache hit out of range |Count |Total |Number of table row cache hits that do not satisfy the query filter, thus went to disk. |cassandra_datacenter, cassandra_node, table, keyspace | -|cassandra_table_row_cache_miss |No |row cache miss |Count |Total |Number of table row cache misses. |cassandra_datacenter, cassandra_node, table, keyspace | -|cassandra_table_speculative_retries |No |speculative retries |Count |Total |Number of times speculative retries were sent for this table. |cassandra_datacenter, cassandra_node, table, keyspace | -|cassandra_table_sstables_per_read_histogram |No |sstables per read average |Count |Average |Average number of sstable data files accessed per single partition read. SSTables skipped due to Bloom Filters, min-max key or partition index lookup are not taken into account. |cassandra_datacenter, cassandra_node, table, keyspace | -|cassandra_table_sstables_per_read_histogram_p99 |No |sstables per read p99 |Count |Average |p99 Number of sstable data files accessed per single partition read. SSTables skipped due to Bloom Filters, min-max key or partition index lookup are not taken into account. |cassandra_datacenter, cassandra_node, table, keyspace | -|cassandra_table_tombstone_scanned_histogram |No |tombstone scanned average |Count |Average |Average tombstones scanned in queries on this table. |cassandra_datacenter, cassandra_node, table, keyspace | -|cassandra_table_tombstone_scanned_histogram_p99 |No |tombstone scanned p99 |Count |Average |p99 Tombstones scanned in queries on this table. |cassandra_datacenter, cassandra_node, table, keyspace | -|cassandra_table_total_disk_space_used |No |total disk space used (deprecated) |Bytes |Total |Total disk space used by SSTables belonging to this table, including obsolete ones waiting to be GC'd. |cassandra_datacenter, cassandra_node, table, keyspace | -|cassandra_table_total_disk_space_used2 |No |total disk space used |Bytes |Total |Total disk space used by SSTables belonging to this table, including obsolete ones waiting to be GC'd. |cassandra_datacenter, cassandra_node, table, keyspace | -|cassandra_table_view_lock_acquire_time |No |view lock acquire time average |Count |Average |Average time taken acquiring a partition lock for materialized view updates on this table. |cassandra_datacenter, cassandra_node, table, keyspace | -|cassandra_table_view_lock_acquire_time_p99 |No |view lock acquire time p99 |Count |Average |p99 Time taken acquiring a partition lock for materialized view updates on this table. |cassandra_datacenter, cassandra_node, table, keyspace | -|cassandra_table_view_read_time |No |view read time average |Count |Average |Average time taken during the local read of a materialized view update. |cassandra_datacenter, cassandra_node, table, keyspace | -|cassandra_table_view_read_time_p99 |No |view read time p99 |Count |Average |p99 Time taken during the local read of a materialized view update. |cassandra_datacenter, cassandra_node, table, keyspace | -|cassandra_table_waiting_on_free_memtable_space |No |waiting on free memtable space average |Count |Average |Average time spent waiting for free memtable space, either on- or off-heap. |cassandra_datacenter, cassandra_node, table, keyspace | -|cassandra_table_waiting_on_free_memtable_space_p99 |No |waiting on free memtable space p99 |Count |Average |p99 Time spent waiting for free memtable space, either on- or off-heap. |cassandra_datacenter, cassandra_node, table, keyspace | -|cassandra_table_write_latency |No |write latency average (microseconds) |Count |Average |Average local write latency for this table. |cassandra_datacenter, cassandra_node, table, keyspace | -|cassandra_table_write_latency_p99 |No |write latency p99 (microseconds) |Count |Average |p99 Local write latency for this table. |cassandra_datacenter, cassandra_node, table, keyspace | -|cassandra_thread_pools_active_tasks |No |active tasks |Count |Total |Number of tasks being actively worked on by this pool. |cassandra_datacenter, cassandra_node, pool_name, pool_type | -|cassandra_thread_pools_currently_blocked_tasks |No |currently blocked tasks (deprecated) |Count |Total |Number of tasks that are currently blocked due to queue saturation but on retry will become unblocked. |cassandra_datacenter, cassandra_node, pool_name, pool_type | -|cassandra_thread_pools_currently_blocked_tasks2 |No |currently blocked tasks |Count |Total |Number of tasks that are currently blocked due to queue saturation but on retry will become unblocked. |cassandra_datacenter, cassandra_node, pool_name, pool_type | -|cassandra_thread_pools_max_pool_size |No |max pool size |Count |Maximum |The maximum number of threads in this pool. |cassandra_datacenter, cassandra_node, pool_name, pool_type | -|cassandra_thread_pools_pending_tasks |No |pending tasks |Count |Total |Number of queued tasks queued up on this pool. |cassandra_datacenter, cassandra_node, pool_name, pool_type | -|cassandra_thread_pools_total_blocked_tasks |No |total blocked tasks |Count |Total |Number of tasks that were blocked due to queue saturation. |cassandra_datacenter, cassandra_node, pool_name, pool_type | -|cpu |No |CPU usage active |Percent |Average |CPU active usage rate |ClusterResourceName, DataCenterResourceName, Address, Kind, CPU | -|disk_utilization |Yes |disk utilization |Percent |Average |Disk utilization rate |ClusterResourceName, DataCenterResourceName, Address | -|diskio_merged_reads |No |disk I/O merged reads |Count |Total |disk I/O merged reads |ClusterResourceName, DataCenterResourceName, Address, Kind | -|diskio_merged_writes |No |disk I/O merged writes |Count |Total |disk I/O merged writes |ClusterResourceName, DataCenterResourceName, Address, Kind | -|diskio_read_bytes |No |disk I/O read bytes |Bytes |Total |disk I/O read bytes |ClusterResourceName, DataCenterResourceName, Address, Kind | -|diskio_read_time |No |disk I/O read time (milliseconds) |MilliSeconds |Total |disk I/O read time (milliseconds) |ClusterResourceName, DataCenterResourceName, Address, Kind | -|diskio_reads |No |disk I/O read counts |Count |Total |disk I/O read counts |ClusterResourceName, DataCenterResourceName, Address, Kind | -|diskio_write_bytes |No |disk I/O write bytes |Bytes |Total |disk I/O write bytes |ClusterResourceName, DataCenterResourceName, Address, Kind | -|diskio_write_time |No |disk I/O write time (milliseconds) |MilliSeconds |Total |disk I/O write time (milliseconds) |ClusterResourceName, DataCenterResourceName, Address, Kind | -|diskio_writes |No |disk I/O write counts |Count |Total |disk I/O write counts |ClusterResourceName, DataCenterResourceName, Address, Kind | -|ethtool_rx_bytes |No |network received bytes |Bytes |Total |network received bytes |ClusterResourceName, DataCenterResourceName, Address, Kind | -|ethtool_rx_packets |No |network received packets |Count |Total |network received packets |ClusterResourceName, DataCenterResourceName, Address, Kind | -|ethtool_tx_bytes |No |network transmitted bytes |Bytes |Total |network transmitted bytes |ClusterResourceName, DataCenterResourceName, Address, Kind | -|ethtool_tx_packets |No |network transmitted packets |Count |Total |network transmitted packets |ClusterResourceName, DataCenterResourceName, Address, Kind | -|percent_mem |Yes |memory utilization |Percent |Average |Memory utilization rate |ClusterResourceName, DataCenterResourceName, Address | --## Microsoft.DocumentDB/DatabaseAccounts -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|AddRegion |Yes |Region Added |Count |Count |Region Added |Region | -|AutoscaleMaxThroughput |No |Autoscale Max Throughput |Count |Maximum |Autoscale Max Throughput |DatabaseName, CollectionName | -|AvailableStorage |No |(deprecated) Available Storage |Bytes |Total |"Available Storage"will be removed from Azure Monitor at the end of September 2023. Cosmos DB collection storage size is now unlimited. The only restriction is that the storage size for each logical partition key is 20GB. You can enable PartitionKeyStatistics in Diagnostic Log to know the storage consumption for top partition keys. For more info about Cosmos DB storage quota, please check this doc https://docs.microsoft.com/azure/cosmos-db/concepts-limits. After deprecation, the remaining alert rules still defined on the deprecated metric will be automatically disabled post the deprecation date. |CollectionName, DatabaseName, Region | -|CassandraConnectionClosures |No |Cassandra Connection Closures |Count |Total |Number of Cassandra connections that were closed, reported at a 1 minute granularity |APIType, Region, ClosureReason | -|CassandraConnectorAvgReplicationLatency |No |Cassandra Connector Average ReplicationLatency |MilliSeconds |Average |Cassandra Connector Average ReplicationLatency |No Dimensions | -|CassandraConnectorReplicationHealthStatus |No |Cassandra Connector Replication Health Status |Count |Count |Cassandra Connector Replication Health Status |NotStarted, ReplicationInProgress, Error | -|CassandraKeyspaceCreate |No |Cassandra Keyspace Created |Count |Count |Cassandra Keyspace Created |ResourceName, ApiKind, ApiKindResourceType, IsThroughputRequest, OperationType | -|CassandraKeyspaceDelete |No |Cassandra Keyspace Deleted |Count |Count |Cassandra Keyspace Deleted |ResourceName, ApiKind, ApiKindResourceType, OperationType | -|CassandraKeyspaceThroughputUpdate |No |Cassandra Keyspace Throughput Updated |Count |Count |Cassandra Keyspace Throughput Updated |ResourceName, ApiKind, ApiKindResourceType, IsThroughputRequest | -|CassandraKeyspaceUpdate |No |Cassandra Keyspace Updated |Count |Count |Cassandra Keyspace Updated |ResourceName, ApiKind, ApiKindResourceType, IsThroughputRequest, OperationType | -|CassandraRequestCharges |No |Cassandra Request Charges |Count |Total |RUs consumed for Cassandra requests made |APIType, DatabaseName, CollectionName, Region, OperationType, ResourceType | -|CassandraRequests |No |Cassandra Requests |Count |Count |Number of Cassandra requests made |APIType, DatabaseName, CollectionName, Region, OperationType, ResourceType, ErrorCode | -|CassandraTableCreate |No |Cassandra Table Created |Count |Count |Cassandra Table Created |ResourceName, ChildResourceName, ApiKind, ApiKindResourceType, IsThroughputRequest, OperationType | -|CassandraTableDelete |No |Cassandra Table Deleted |Count |Count |Cassandra Table Deleted |ResourceName, ChildResourceName, ApiKind, ApiKindResourceType, OperationType | -|CassandraTableThroughputUpdate |No |Cassandra Table Throughput Updated |Count |Count |Cassandra Table Throughput Updated |ResourceName, ChildResourceName, ApiKind, ApiKindResourceType, IsThroughputRequest | -|CassandraTableUpdate |No |Cassandra Table Updated |Count |Count |Cassandra Table Updated |ResourceName, ChildResourceName, ApiKind, ApiKindResourceType, IsThroughputRequest, OperationType | -|CreateAccount |Yes |Account Created |Count |Count |Account Created |No Dimensions | -|DataUsage |No |Data Usage |Bytes |Total |Total data usage reported at 5 minutes granularity |CollectionName, DatabaseName, Region | -|DedicatedGatewayAverageCPUUsage |No |DedicatedGatewayAverageCPUUsage |Percent |Average |Average CPU usage across dedicated gateway instances |Region, MetricType | -|DedicatedGatewayAverageMemoryUsage |No |DedicatedGatewayAverageMemoryUsage |Bytes |Average |Average memory usage across dedicated gateway instances, which is used for both routing requests and caching data |Region | -|DedicatedGatewayCPUUsage |No |DedicatedGatewayCPUUsage |Percent |Average |CPU usage across dedicated gateway instances |Region, ApplicationType | -|DedicatedGatewayMaximumCPUUsage |No |DedicatedGatewayMaximumCPUUsage |Percent |Average |Average Maximum CPU usage across dedicated gateway instances |Region, MetricType | -|DedicatedGatewayMemoryUsage |No |DedicatedGatewayMemoryUsage |Bytes |Average |Memory usage across dedicated gateway instances |Region, ApplicationType | -|DedicatedGatewayRequests |Yes |DedicatedGatewayRequests |Count |Count |Requests at the dedicated gateway |DatabaseName, CollectionName, CacheExercised, OperationName, Region, CacheHit | -|DeleteAccount |Yes |Account Deleted |Count |Count |Account Deleted |No Dimensions | -|DocumentCount |No |Document Count |Count |Total |Total document count reported at 5 minutes, 1 hour and 1 day granularity |CollectionName, DatabaseName, Region | -|DocumentQuota |No |Document Quota |Bytes |Total |Total storage quota reported at 5 minutes granularity |CollectionName, DatabaseName, Region | -|GremlinDatabaseCreate |No |Gremlin Database Created |Count |Count |Gremlin Database Created |ResourceName, ApiKind, ApiKindResourceType, IsThroughputRequest, OperationType | -|GremlinDatabaseDelete |No |Gremlin Database Deleted |Count |Count |Gremlin Database Deleted |ResourceName, ApiKind, ApiKindResourceType, OperationType | -|GremlinDatabaseThroughputUpdate |No |Gremlin Database Throughput Updated |Count |Count |Gremlin Database Throughput Updated |ResourceName, ApiKind, ApiKindResourceType, IsThroughputRequest | -|GremlinDatabaseUpdate |No |Gremlin Database Updated |Count |Count |Gremlin Database Updated |ResourceName, ApiKind, ApiKindResourceType, IsThroughputRequest, OperationType | -|GremlinGraphCreate |No |Gremlin Graph Created |Count |Count |Gremlin Graph Created |ResourceName, ChildResourceName, ApiKind, ApiKindResourceType, IsThroughputRequest, OperationType | -|GremlinGraphDelete |No |Gremlin Graph Deleted |Count |Count |Gremlin Graph Deleted |ResourceName, ChildResourceName, ApiKind, ApiKindResourceType, OperationType | -|GremlinGraphThroughputUpdate |No |Gremlin Graph Throughput Updated |Count |Count |Gremlin Graph Throughput Updated |ResourceName, ChildResourceName, ApiKind, ApiKindResourceType, IsThroughputRequest | -|GremlinGraphUpdate |No |Gremlin Graph Updated |Count |Count |Gremlin Graph Updated |ResourceName, ChildResourceName, ApiKind, ApiKindResourceType, IsThroughputRequest, OperationType | -|GremlinRequestCharges |No |Gremlin Request Charges |Count |Total |Request Units consumed for Gremlin requests made |APIType, DatabaseName, CollectionName, Region | -|GremlinRequests |No |Gremlin Requests |Count |Count |Number of Gremlin requests made |APIType, DatabaseName, CollectionName, Region, ErrorCode | -|IndexUsage |No |Index Usage |Bytes |Total |Total index usage reported at 5 minutes granularity |CollectionName, DatabaseName, Region | -|IntegratedCacheEvictedEntriesSize |No |IntegratedCacheEvictedEntriesSize |Bytes |Average |Size of the entries evicted from the integrated cache |Region | -|IntegratedCacheItemExpirationCount |No |IntegratedCacheItemExpirationCount |Count |Average |Number of items evicted from the integrated cache due to TTL expiration |Region, CacheEntryType | -|IntegratedCacheItemHitRate |No |IntegratedCacheItemHitRate |Percent |Average |Number of point reads that used the integrated cache divided by number of point reads routed through the dedicated gateway with eventual consistency |Region, CacheEntryType | -|IntegratedCacheQueryExpirationCount |No |IntegratedCacheQueryExpirationCount |Count |Average |Number of queries evicted from the integrated cache due to TTL expiration |Region, CacheEntryType | -|IntegratedCacheQueryHitRate |No |IntegratedCacheQueryHitRate |Percent |Average |Number of queries that used the integrated cache divided by number of queries routed through the dedicated gateway with eventual consistency |Region, CacheEntryType | -|MaterializedViewCatchupGapInMinutes |No |Materialized View Catchup Gap In Minutes |Count |Maximum |Maximum time difference in minutes between data in source container and data propagated to materialized view |Region, TargetContainerName, BuildType | -|MaterializedViewsBuilderAverageCPUUsage |No |Materialized Views Builder Average CPU Usage |Percent |Average |Average CPU usage across materialized view builder instances, which are used for populating data in materialized views |Region, MetricType | -|MaterializedViewsBuilderAverageMemoryUsage |No |Materialized Views Builder Average Memory Usage |Bytes |Average |Average memory usage across materialized view builder instances, which are used for populating data in materialized views |Region | -|MaterializedViewsBuilderMaximumCPUUsage |No |Materialized Views Builder Maximum CPU Usage |Percent |Average |Average Maximum CPU usage across materialized view builder instances, which are used for populating data in materialized views |Region, MetricType | -|MetadataRequests |No |Metadata Requests |Count |Count |Count of metadata requests. Cosmos DB maintains system metadata collection for each account, that allows you to enumerate collections, databases, etc, and their configurations, free of charge. |DatabaseName, CollectionName, Region, StatusCode, Role | -|MongoCollectionCreate |No |Mongo Collection Created |Count |Count |Mongo Collection Created |ResourceName, ChildResourceName, ApiKind, ApiKindResourceType, IsThroughputRequest, OperationType | -|MongoCollectionDelete |No |Mongo Collection Deleted |Count |Count |Mongo Collection Deleted |ResourceName, ChildResourceName, ApiKind, ApiKindResourceType, OperationType | -|MongoCollectionThroughputUpdate |No |Mongo Collection Throughput Updated |Count |Count |Mongo Collection Throughput Updated |ResourceName, ChildResourceName, ApiKind, ApiKindResourceType, IsThroughputRequest | -|MongoCollectionUpdate |No |Mongo Collection Updated |Count |Count |Mongo Collection Updated |ResourceName, ChildResourceName, ApiKind, ApiKindResourceType, IsThroughputRequest, OperationType | -|MongoDatabaseDelete |No |Mongo Database Deleted |Count |Count |Mongo Database Deleted |ResourceName, ApiKind, ApiKindResourceType, OperationType | -|MongoDatabaseThroughputUpdate |No |Mongo Database Throughput Updated |Count |Count |Mongo Database Throughput Updated |ResourceName, ApiKind, ApiKindResourceType, IsThroughputRequest | -|MongoDBDatabaseCreate |No |Mongo Database Created |Count |Count |Mongo Database Created |ResourceName, ApiKind, ApiKindResourceType, IsThroughputRequest, OperationType | -|MongoDBDatabaseUpdate |No |Mongo Database Updated |Count |Count |Mongo Database Updated |ResourceName, ApiKind, ApiKindResourceType, IsThroughputRequest, OperationType | -|MongoRequestCharge |Yes |Mongo Request Charge |Count |Total |Mongo Request Units Consumed |DatabaseName, CollectionName, Region, CommandName, ErrorCode, Status | -|MongoRequests |Yes |Mongo Requests |Count |Count |Number of Mongo Requests Made |DatabaseName, CollectionName, Region, CommandName, ErrorCode, Status | -|NormalizedRUConsumption |No |Normalized RU Consumption |Percent |Maximum |Max RU consumption percentage per minute |CollectionName, DatabaseName, Region, PartitionKeyRangeId, CollectionRid, PhysicalPartitionId | -|OfflineRegion |No |Region Offlined |Count |Count |Region Offlined |Region, StatusCode, Role, OperationName | -|OnlineRegion |No |Region Onlined |Count |Count |Region Onlined |Region, StatusCode, Role, OperationName | -|PhysicalPartitionSizeInfo |No |Physical Partition Size |Bytes |Maximum |Physical Partition Size in bytes |CollectionName, DatabaseName, PhysicalPartitionId, OfferOwnerRid, Region | -|PhysicalPartitionThroughputInfo |No |Physical Partition Throughput |Count |Maximum |Physical Partition Throughput |CollectionName, DatabaseName, PhysicalPartitionId, OfferOwnerRid, Region | -|ProvisionedThroughput |No |Provisioned Throughput |Count |Maximum |Provisioned Throughput |DatabaseName, CollectionName, AllowWrite | -|RegionFailover |Yes |Region Failed Over |Count |Count |Region Failed Over |No Dimensions | -|RemoveRegion |Yes |Region Removed |Count |Count |Region Removed |Region | -|ReplicationLatency |Yes |P99 Replication Latency |MilliSeconds |Average |P99 Replication Latency across source and target regions for geo-enabled account |SourceRegion, TargetRegion | -|ServerSideLatency |No |Server Side Latency |MilliSeconds |Average |Server Side Latency |DatabaseName, CollectionName, Region, ConnectionMode, OperationType, PublicAPIType | -|ServerSideLatencyDirect |No |Server Side Latency Direct |MilliSeconds |Average |Server Side Latency in Direct Connection Mode |DatabaseName, CollectionName, Region, ConnectionMode, OperationType, PublicAPIType, APIType | -|ServerSideLatencyGateway |No |Server Side Latency Gateway |MilliSeconds |Average |Server Side Latency in Gateway Connection Mode |DatabaseName, CollectionName, Region, ConnectionMode, OperationType, PublicAPIType, APIType | -|ServiceAvailability |No |Service Availability |Percent |Average |Account requests availability at one hour, day or month granularity |No Dimensions | -|SqlContainerCreate |No |Sql Container Created |Count |Count |Sql Container Created |ResourceName, ChildResourceName, ApiKind, ApiKindResourceType, IsThroughputRequest, OperationType | -|SqlContainerDelete |No |Sql Container Deleted |Count |Count |Sql Container Deleted |ResourceName, ChildResourceName, ApiKind, ApiKindResourceType, OperationType | -|SqlContainerThroughputUpdate |No |Sql Container Throughput Updated |Count |Count |Sql Container Throughput Updated |ResourceName, ChildResourceName, ApiKind, ApiKindResourceType, IsThroughputRequest | -|SqlContainerUpdate |No |Sql Container Updated |Count |Count |Sql Container Updated |ResourceName, ChildResourceName, ApiKind, ApiKindResourceType, IsThroughputRequest, OperationType | -|SqlDatabaseCreate |No |Sql Database Created |Count |Count |Sql Database Created |ResourceName, ApiKind, ApiKindResourceType, IsThroughputRequest, OperationType | -|SqlDatabaseDelete |No |Sql Database Deleted |Count |Count |Sql Database Deleted |ResourceName, ApiKind, ApiKindResourceType, OperationType | -|SqlDatabaseThroughputUpdate |No |Sql Database Throughput Updated |Count |Count |Sql Database Throughput Updated |ResourceName, ApiKind, ApiKindResourceType, IsThroughputRequest | -|SqlDatabaseUpdate |No |Sql Database Updated |Count |Count |Sql Database Updated |ResourceName, ApiKind, ApiKindResourceType, IsThroughputRequest, OperationType | -|TableTableCreate |No |AzureTable Table Created |Count |Count |AzureTable Table Created |ResourceName, ApiKind, ApiKindResourceType, IsThroughputRequest, OperationType | -|TableTableDelete |No |AzureTable Table Deleted |Count |Count |AzureTable Table Deleted |ResourceName, ApiKind, ApiKindResourceType, OperationType | -|TableTableThroughputUpdate |No |AzureTable Table Throughput Updated |Count |Count |AzureTable Table Throughput Updated |ResourceName, ApiKind, ApiKindResourceType, IsThroughputRequest | -|TableTableUpdate |No |AzureTable Table Updated |Count |Count |AzureTable Table Updated |ResourceName, ApiKind, ApiKindResourceType, IsThroughputRequest, OperationType | -|TotalRequests |Yes |Total Requests |Count |Count |Number of requests made |DatabaseName, CollectionName, Region, StatusCode, OperationType, Status, CapacityType | -|TotalRequestsPreview |No |Total Requests (Preview) |Count |Count |Number of SQL requests |DatabaseName, CollectionName, Region, StatusCode, OperationType, Status, IsExternal | -|TotalRequestUnits |Yes |Total Request Units |Count |Total |SQL Request Units consumed |DatabaseName, CollectionName, Region, StatusCode, OperationType, Status, CapacityType | -|TotalRequestUnitsPreview |No |Total Request Units (Preview) |Count |Total |Request Units consumed with CapacityType |DatabaseName, CollectionName, Region, StatusCode, OperationType, Status, CapacityType, PriorityLevel | -|UpdateAccountKeys |Yes |Account Keys Updated |Count |Count |Account Keys Updated |KeyType | -|UpdateAccountNetworkSettings |Yes |Account Network Settings Updated |Count |Count |Account Network Settings Updated |No Dimensions | -|UpdateAccountReplicationSettings |Yes |Account Replication Settings Updated |Count |Count |Account Replication Settings Updated |No Dimensions | -|UpdateDiagnosticsSettings |No |Account Diagnostic Settings Updated |Count |Count |Account Diagnostic Settings Updated |DiagnosticSettingsName, ResourceGroupName | --## Microsoft.DocumentDB/mongoClusters -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|CommittedMemoryPercent |No |Committed Memory percent |Percent |Average |Percentage of Commit Memory Limit allocated by applications on node |ServerName | -|CpuPercent |No |CPU percent |Percent |Average |Percent CPU utilization on node |ServerName | -|IOPS |Yes |IOPS |Count |Average |Disk IO operations per second on node |ServerName | -|MemoryPercent |No |Memory percent |Percent |Average |Percent memory utilization on node |ServerName | -|StoragePercent |No |Storage percent |Percent |Average |Percent of available storage used on node |ServerName | -|StorageUsed |No |Storage used |Bytes |Average |Quantity of available storage used on node |ServerName | --## microsoft.edgezones/edgezones -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|DiskStorageIOPSUsage |No |Disk IOPS |CountPerSecond |Average |The total IOPS generated by Managed Disks in Azure Edge Zone Enterprise site. |No Dimensions | -|DiskStorageUsedSizeUsage |Yes |Disk Usage Percentage |Percent |Average |The utilization of the Managed Disk capacity in Azure Edge Zone Enterprise site. |No Dimensions | -|RegionSiteConnectivity |Yes |Region Site Connectivity |Count |Average |The status of an Edge Zone Enterprise link connection to its Azure region |No Dimensions | -|TotalDiskStorageSizeCapacity |Yes |Total Disk Capacity |Bytes |Average |The total capacity of Managed Disk in Azure Edge Zone Enterprise site. |No Dimensions | -|TotalVcoreCapacity |Yes |Total VCore Capacity |Count |Average |The total capacity of the General-Purpose Compute vcore in Edge Zone Enterprise site. |No Dimensions | -|VcoresUsage |Yes |Vcore Usage Percentage |Percent |Average |The utilization of the General-Purpose Compute vcores in Edge Zone Enterprise site |No Dimensions | --## Microsoft.EventGrid/domains -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|AdvancedFilterEvaluationCount |Yes |Advanced Filter Evaluations |Count |Total |Total advanced filters evaluated across event subscriptions for this topic. |Topic, EventSubscriptionName, DomainEventSubscriptionName | -|DeadLetteredCount |Yes |Dead Lettered Events |Count |Total |Total dead lettered events matching to this event subscription |Topic, EventSubscriptionName, DomainEventSubscriptionName, DeadLetterReason | -|DeliveryAttemptFailCount |No |Delivery Failed Events |Count |Total |Total events failed to deliver to this event subscription |Topic, EventSubscriptionName, DomainEventSubscriptionName, Error, ErrorType | -|DeliverySuccessCount |Yes |Delivered Events |Count |Total |Total events delivered to this event subscription |Topic, EventSubscriptionName, DomainEventSubscriptionName | -|DestinationProcessingDurationInMs |No |Destination Processing Duration |MilliSeconds |Average |Destination processing duration in milliseconds |Topic, EventSubscriptionName, DomainEventSubscriptionName | -|DroppedEventCount |Yes |Dropped Events |Count |Total |Total dropped events matching to this event subscription |Topic, EventSubscriptionName, DomainEventSubscriptionName, DropReason | -|MatchedEventCount |Yes |Matched Events |Count |Total |Total events matched to this event subscription |Topic, EventSubscriptionName, DomainEventSubscriptionName | -|PublishFailCount |Yes |Publish Failed Events |Count |Total |Total events failed to publish to this topic |Topic, ErrorType, Error | -|PublishSuccessCount |Yes |Published Events |Count |Total |Total events published to this topic |Topic | -|PublishSuccessLatencyInMs |Yes |Publish Success Latency |MilliSeconds |Total |Publish success latency in milliseconds |No Dimensions | --## Microsoft.EventGrid/eventSubscriptions -<!-- Data source : arm--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|DeadLetteredCount |Yes |Dead Lettered Events |Count |Total |Total dead lettered events matching to this event subscription |DeadLetterReason | -|DeliveryAttemptFailCount |No |Delivery Failed Events |Count |Total |Total events failed to deliver to this event subscription |Error, ErrorType | -|DeliverySuccessCount |Yes |Delivered Events |Count |Total |Total events delivered to this event subscription |No Dimensions | -|DestinationProcessingDurationInMs |No |Destination Processing Duration |Milliseconds |Average |Destination processing duration in milliseconds |No Dimensions | -|DroppedEventCount |Yes |Dropped Events |Count |Total |Total dropped events matching to this event subscription |DropReason | -|MatchedEventCount |Yes |Matched Events |Count |Total |Total events matched to this event subscription |No Dimensions | --## Microsoft.EventGrid/extensionTopics -<!-- Data source : arm--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|PublishFailCount |Yes |Publish Failed Events |Count |Total |Total events failed to publish to this topic |ErrorType, Error | -|PublishSuccessCount |Yes |Published Events |Count |Total |Total events published to this topic |No Dimensions | -|PublishSuccessLatencyInMs |Yes |Publish Success Latency |Milliseconds |Total |Publish success latency in milliseconds |No Dimensions | -|UnmatchedEventCount |Yes |Unmatched Events |Count |Total |Total events not matching any of the event subscriptions for this topic |No Dimensions | --## Microsoft.EventGrid/namespaces -<!-- Data source : arm--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|AcknowledgeLatencyInMilliseconds |No |Acknowledge Operations Latency |Milliseconds |Total |The observed latency in milliseconds for acknowledge events operation. |Topic, EventSubscriptionName | -|FailedAcknowledgedEvents |No |Failed Acknowledged Events |Count |Total |The number of events for which acknowledgements from clients failed. |Topic, EventSubscriptionName, Error, ErrorType | -|FailedPublishedEvents |No |Failed Publish Events |Count |Total |The number of events that weren't accepted by Event Grid. This count excludes events that were published but failed to reach Event Grid due to a network issue, for example. |Topic, Error, ErrorType | -|FailedReceivedEvents |No |Failed Received Events |Count |Total |The number of events that were requested by clients but weren't delivered successfully by Event Grid. |Topic, EventSubscriptionName, Error, ErrorType | -|FailedReleasedEvents |No |Failed Released Events |Count |Total |The number of events for which release failed. |Topic, EventSubscriptionName, Error, ErrorType | -|Mqtt.Connections |Yes |MQTT: Connections |Count |Total |The number of active connections in the namespace. |Protocol | -|Mqtt.FailedPublishedMessages |Yes |MQTT: Failed Published Messages |Count |Total |The number of MQTT messages that failed to be published into the namespace. |QoS, Protocol, Error | -|Mqtt.FailedSubscriptionOperations |Yes |MQTT: Failed Subscription Operations |Count |Total |The number of failed subscription operations (Subscribe, Unsubscribe). This metric is incremented for every topic filter within a subscription request. |Protocol, OperationType, Error | -|Mqtt.RequestCount |Yes |MQTT: Request Count |Count |Total |The number of MQTT requests. |OperationType, Protocol, Error, Result | -|Mqtt.SuccessfulDeliveredMessages |Yes |MQTT: Successful Delivered Messages |Count |Total |The number of messages delivered by the namespace. There are no failures for this operation. |QoS, Protocol | -|Mqtt.SuccessfulPublishedMessages |Yes |MQTT: Successful Published Messages |Count |Total |The number of MQTT messages that were published successfully into the namespace. |QoS, Protocol | -|Mqtt.SuccessfulSubscriptionOperations |Yes |MQTT: Successful Subscription Operations |Count |Total |The number of successful subscription operations (Subscribe, Unsubscribe). This metric is incremented for every topic filter within a subscription request. |Protocol, OperationType | -|Mqtt.Throughput |Yes |MQTT: Throughput |Bytes |Total |The number of bytes published to or delivered by the namespace. |Direction | -|PublishLatencyInMilliseconds |No |Publish Operations Latency |Milliseconds |Total |The observed latency in milliseconds for publish events operation. |Topic | -|ReceiveLatencyInMilliseconds |No |Receive Operations Latency |Milliseconds |Total |The observed latency in milliseconds for receive events operation. |Topic, EventSubscriptionName | -|RejectLatencyInMilliseconds |No |Reject Operations Latency |Milliseconds |Total |The observed latency in milliseconds for reject events operation. |Topic, EventSubscriptionName | -|SuccessfulAcknowledgedEvents |No |Successful Acknowledged Events |Count |Total |The number of events for which delivery was successfully acknowledged by clients. |Topic, EventSubscriptionName | -|SuccessfulPublishedEvents |No |Successful Publish Events |Count |Total |The number of events published successfully to a topic or topic space within a namespace. |Topic | -|SuccessfulReceivedEvents |No |Successful Received Events |Count |Total |The total number of events that were successfully returned to (received by) clients by Event Grid. |Topic, EventSubscriptionName | -|SuccessfulReleasedEvents |No |Successful Released Events |Count |Total |The number of events that were released successfully by queue subscriber clients. |Topic, EventSubscriptionName | --## Microsoft.EventGrid/partnerNamespaces -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|PublishFailCount |Yes |Publish Failed Events |Count |Total |Total events failed to publish to this partner namespace |ErrorType, Error | -|PublishSuccessCount |Yes |Published Events |Count |Total |Total events published to this partner namespace |No Dimensions | -|PublishSuccessLatencyInMs |Yes |Publish Success Latency |MilliSeconds |Total |Publish success latency in milliseconds |No Dimensions | -|UnmatchedEventCount |Yes |Unmatched Events |Count |Total |Total events not matching any of the partner topics |No Dimensions | --## Microsoft.EventGrid/partnerTopics -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|AdvancedFilterEvaluationCount |Yes |Advanced Filter Evaluations |Count |Total |Total advanced filters evaluated across event subscriptions for this partner topic. |EventSubscriptionName | -|DeadLetteredCount |Yes |Dead Lettered Events |Count |Total |Total dead lettered events matching to this event subscription |DeadLetterReason, EventSubscriptionName | -|DeliveryAttemptFailCount |No |Delivery Failed Events |Count |Total |Total events failed to deliver to this event subscription |Error, ErrorType, EventSubscriptionName | -|DeliverySuccessCount |Yes |Delivered Events |Count |Total |Total events delivered to this event subscription |EventSubscriptionName | -|DestinationProcessingDurationInMs |No |Destination Processing Duration |MilliSeconds |Average |Destination processing duration in milliseconds |EventSubscriptionName | -|DroppedEventCount |Yes |Dropped Events |Count |Total |Total dropped events matching to this event subscription |DropReason, EventSubscriptionName | -|MatchedEventCount |Yes |Matched Events |Count |Total |Total events matched to this event subscription |EventSubscriptionName | -|PublishSuccessCount |Yes |Published Events |Count |Total |Total events published to this partner topic |No Dimensions | -|UnmatchedEventCount |Yes |Unmatched Events |Count |Total |Total events not matching any of the event subscriptions for this partner topic |No Dimensions | --## Microsoft.EventGrid/systemTopics -<!-- Data source : arm--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|AdvancedFilterEvaluationCount |Yes |Advanced Filter Evaluations |Count |Total |Total advanced filters evaluated across event subscriptions for this topic. |EventSubscriptionName | -|DeadLetteredCount |Yes |Dead Lettered Events |Count |Total |Total dead lettered events matching to this event subscription |DeadLetterReason, EventSubscriptionName | -|DeliveryAttemptFailCount |No |Delivery Failed Events |Count |Total |Total events failed to deliver to this event subscription |Error, ErrorType, EventSubscriptionName | -|DeliverySuccessCount |Yes |Delivered Events |Count |Total |Total events delivered to this event subscription |EventSubscriptionName | -|DestinationProcessingDurationInMs |No |Destination Processing Duration |Milliseconds |Average |Destination processing duration in milliseconds |EventSubscriptionName | -|DroppedEventCount |Yes |Dropped Events |Count |Total |Total dropped events matching to this event subscription |DropReason, EventSubscriptionName | -|MatchedEventCount |Yes |Matched Events |Count |Total |Total events matched to this event subscription |EventSubscriptionName | -|PublishFailCount |Yes |Publish Failed Events |Count |Total |Total events failed to publish to this topic |ErrorType, Error | -|PublishSuccessCount |Yes |Published Events |Count |Total |Total events published to this topic |No Dimensions | -|PublishSuccessLatencyInMs |Yes |Publish Success Latency |Milliseconds |Total |Publish success latency in milliseconds |No Dimensions | -|ServerDeliverySuccessRate |Yes |Server Delivery Success Rate |Count |Total |Success rate of events delivered to this event subscription where failure is caused due to server errors |EventSubscriptionName | -|UnmatchedEventCount |Yes |Unmatched Events |Count |Total |Total events not matching any of the event subscriptions for this topic |No Dimensions | --## Microsoft.EventGrid/topics -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|AdvancedFilterEvaluationCount |Yes |Advanced Filter Evaluations |Count |Total |Total advanced filters evaluated across event subscriptions for this topic. |EventSubscriptionName | -|DeadLetteredCount |Yes |Dead Lettered Events |Count |Total |Total dead lettered events matching to this event subscription |DeadLetterReason, EventSubscriptionName | -|DeliveryAttemptFailCount |No |Delivery Failed Events |Count |Total |Total events failed to deliver to this event subscription |Error, ErrorType, EventSubscriptionName | -|DeliverySuccessCount |Yes |Delivered Events |Count |Total |Total events delivered to this event subscription |EventSubscriptionName | -|DestinationProcessingDurationInMs |No |Destination Processing Duration |MilliSeconds |Average |Destination processing duration in milliseconds |EventSubscriptionName | -|DroppedEventCount |Yes |Dropped Events |Count |Total |Total dropped events matching to this event subscription |DropReason, EventSubscriptionName | -|MatchedEventCount |Yes |Matched Events |Count |Total |Total events matched to this event subscription |EventSubscriptionName | -|PublishFailCount |Yes |Publish Failed Events |Count |Total |Total events failed to publish to this topic |ErrorType, Error | -|PublishSuccessCount |Yes |Published Events |Count |Total |Total events published to this topic |No Dimensions | -|PublishSuccessLatencyInMs |Yes |Publish Success Latency |MilliSeconds |Total |Publish success latency in milliseconds |No Dimensions | -|UnmatchedEventCount |Yes |Unmatched Events |Count |Total |Total events not matching any of the event subscriptions for this topic |No Dimensions | --## Microsoft.EventHub/clusters -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|ActiveConnections |No |ActiveConnections |Count |Average |Total Active Connections for Microsoft.EventHub. |No Dimensions | -|AvailableMemory |No |Available Memory |Percent |Maximum |Available memory for the Event Hub Cluster as a percentage of total memory. |Role | -|CaptureBacklog |No |Capture Backlog. |Count |Total |Capture Backlog for Microsoft.EventHub. |No Dimensions | -|CapturedBytes |No |Captured Bytes. |Bytes |Total |Captured Bytes for Microsoft.EventHub. |No Dimensions | -|CapturedMessages |No |Captured Messages. |Count |Total |Captured Messages for Microsoft.EventHub. |No Dimensions | -|ConnectionsClosed |No |Connections Closed. |Count |Average |Connections Closed for Microsoft.EventHub. |No Dimensions | -|ConnectionsOpened |No |Connections Opened. |Count |Average |Connections Opened for Microsoft.EventHub. |No Dimensions | -|CPU |No |CPU |Percent |Maximum |CPU utilization for the Event Hub Cluster as a percentage |Role | -|IncomingBytes |Yes |Incoming Bytes. |Bytes |Total |Incoming Bytes for Microsoft.EventHub. |No Dimensions | -|IncomingMessages |Yes |Incoming Messages |Count |Total |Incoming Messages for Microsoft.EventHub. |No Dimensions | -|IncomingRequests |Yes |Incoming Requests |Count |Total |Incoming Requests for Microsoft.EventHub. |No Dimensions | -|OutgoingBytes |Yes |Outgoing Bytes. |Bytes |Total |Outgoing Bytes for Microsoft.EventHub. |No Dimensions | -|OutgoingMessages |Yes |Outgoing Messages |Count |Total |Outgoing Messages for Microsoft.EventHub. |No Dimensions | -|QuotaExceededErrors |No |Quota Exceeded Errors. |Count |Total |Quota Exceeded Errors for Microsoft.EventHub. |OperationResult | -|ServerErrors |No |Server Errors. |Count |Total |Server Errors for Microsoft.EventHub. |OperationResult | -|Size |No |Size |Bytes |Average |Size of an EventHub in Bytes. |Role | -|SuccessfulRequests |No |Successful Requests |Count |Total |Successful Requests for Microsoft.EventHub. |OperationResult | -|ThrottledRequests |No |Throttled Requests. |Count |Total |Throttled Requests for Microsoft.EventHub. |OperationResult | -|UserErrors |No |User Errors. |Count |Total |User Errors for Microsoft.EventHub. |OperationResult | --## Microsoft.EventHub/Namespaces -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|ActiveConnections |No |ActiveConnections |Count |Maximum |Total Active Connections for Microsoft.EventHub. |No Dimensions | -|CaptureBacklog |No |Capture Backlog. |Count |Total |Capture Backlog for Microsoft.EventHub. |EntityName | -|CapturedBytes |No |Captured Bytes. |Bytes |Total |Captured Bytes for Microsoft.EventHub. |EntityName | -|CapturedMessages |No |Captured Messages. |Count |Total |Captured Messages for Microsoft.EventHub. |EntityName | -|ConnectionsClosed |No |Connections Closed. |Count |Maximum |Connections Closed for Microsoft.EventHub. |EntityName | -|ConnectionsOpened |No |Connections Opened. |Count |Maximum |Connections Opened for Microsoft.EventHub. |EntityName | -|EHABL |Yes |Archive backlog messages (Deprecated) |Count |Total |Event Hub archive messages in backlog for a namespace (Deprecated) |No Dimensions | -|EHAMBS |Yes |Archive message throughput (Deprecated) |Bytes |Total |Event Hub archived message throughput in a namespace (Deprecated) |No Dimensions | -|EHAMSGS |Yes |Archive messages (Deprecated) |Count |Total |Event Hub archived messages in a namespace (Deprecated) |No Dimensions | -|EHINBYTES |Yes |Incoming bytes (Deprecated) |Bytes |Total |Event Hub incoming message throughput for a namespace (Deprecated) |No Dimensions | -|EHINMBS |Yes |Incoming bytes (obsolete) (Deprecated) |Bytes |Total |Event Hub incoming message throughput for a namespace. This metric is deprecated. Please use Incoming bytes metric instead (Deprecated) |No Dimensions | -|EHINMSGS |Yes |Incoming Messages (Deprecated) |Count |Total |Total incoming messages for a namespace (Deprecated) |No Dimensions | -|EHOUTBYTES |Yes |Outgoing bytes (Deprecated) |Bytes |Total |Event Hub outgoing message throughput for a namespace (Deprecated) |No Dimensions | -|EHOUTMBS |Yes |Outgoing bytes (obsolete) (Deprecated) |Bytes |Total |Event Hub outgoing message throughput for a namespace. This metric is deprecated. Please use Outgoing bytes metric instead (Deprecated) |No Dimensions | -|EHOUTMSGS |Yes |Outgoing Messages (Deprecated) |Count |Total |Total outgoing messages for a namespace (Deprecated) |No Dimensions | -|FAILREQ |Yes |Failed Requests (Deprecated) |Count |Total |Total failed requests for a namespace (Deprecated) |No Dimensions | -|IncomingBytes |Yes |Incoming Bytes. |Bytes |Total |Incoming Bytes for Microsoft.EventHub. |EntityName | -|IncomingMessages |Yes |Incoming Messages |Count |Total |Incoming Messages for Microsoft.EventHub. |EntityName | -|IncomingRequests |Yes |Incoming Requests |Count |Total |Incoming Requests for Microsoft.EventHub. |EntityName | -|INMSGS |Yes |Incoming Messages (obsolete) (Deprecated) |Count |Total |Total incoming messages for a namespace. This metric is deprecated. Please use Incoming Messages metric instead (Deprecated) |No Dimensions | -|INREQS |Yes |Incoming Requests (Deprecated) |Count |Total |Total incoming send requests for a namespace (Deprecated) |No Dimensions | -|INTERR |Yes |Internal Server Errors (Deprecated) |Count |Total |Total internal server errors for a namespace (Deprecated) |No Dimensions | -|MISCERR |Yes |Other Errors (Deprecated) |Count |Total |Total failed requests for a namespace (Deprecated) |No Dimensions | -|NamespaceCpuUsage |No |CPU |Percent |Maximum |CPU usage metric for Premium SKU namespaces. |Replica | -|NamespaceMemoryUsage |No |Memory Usage |Percent |Maximum |Memory usage metric for Premium SKU namespaces. |Replica | -|OutgoingBytes |Yes |Outgoing Bytes. |Bytes |Total |Outgoing Bytes for Microsoft.EventHub. |EntityName | -|OutgoingMessages |Yes |Outgoing Messages |Count |Total |Outgoing Messages for Microsoft.EventHub. |EntityName | -|OUTMSGS |Yes |Outgoing Messages (obsolete) (Deprecated) |Count |Total |Total outgoing messages for a namespace. This metric is deprecated. Please use Outgoing Messages metric instead (Deprecated) |No Dimensions | -|QuotaExceededErrors |No |Quota Exceeded Errors. |Count |Total |Quota Exceeded Errors for Microsoft.EventHub. |EntityName, OperationResult | -|ServerErrors |No |Server Errors. |Count |Total |Server Errors for Microsoft.EventHub. |EntityName, OperationResult | -|Size |No |Size |Bytes |Average |Size of an EventHub in Bytes. |EntityName | -|SuccessfulRequests |No |Successful Requests |Count |Total |Successful Requests for Microsoft.EventHub. |EntityName, OperationResult | -|SUCCREQ |Yes |Successful Requests (Deprecated) |Count |Total |Total successful requests for a namespace (Deprecated) |No Dimensions | -|SVRBSY |Yes |Server Busy Errors (Deprecated) |Count |Total |Total server busy errors for a namespace (Deprecated) |No Dimensions | -|ThrottledRequests |No |Throttled Requests. |Count |Total |Throttled Requests for Microsoft.EventHub. |EntityName, OperationResult | -|UserErrors |No |User Errors. |Count |Total |User Errors for Microsoft.EventHub. |EntityName, OperationResult | --## Microsoft.HDInsight/clusters -<!-- Data source : arm--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|CategorizedGatewayRequests |Yes |Categorized Gateway Requests |Count |Total |Number of gateway requests by categories (1xx/2xx/3xx/4xx/5xx) |HttpStatus | -|GatewayRequests |Yes |Gateway Requests |Count |Total |Number of gateway requests |HttpStatus | -|KafkaRestProxy.ConsumerRequest.m1_delta |Yes |REST proxy Consumer RequestThroughput |CountPerSecond |Total |Number of consumer requests to Kafka REST proxy |Machine, Topic | -|KafkaRestProxy.ConsumerRequestFail.m1_delta |Yes |REST proxy Consumer Unsuccessful Requests |CountPerSecond |Total |Consumer request exceptions |Machine, Topic | -|KafkaRestProxy.ConsumerRequestTime.p95 |Yes |REST proxy Consumer RequestLatency |Milliseconds |Average |Message latency in a consumer request through Kafka REST proxy |Machine, Topic | -|KafkaRestProxy.ConsumerRequestWaitingInQueueTime.p95 |Yes |REST proxy Consumer Request Backlog |Milliseconds |Average |Consumer REST proxy queue length |Machine, Topic | -|KafkaRestProxy.MessagesIn.m1_delta |Yes |REST proxy Producer MessageThroughput |CountPerSecond |Total |Number of producer messages through Kafka REST proxy |Machine, Topic | -|KafkaRestProxy.MessagesOut.m1_delta |Yes |REST proxy Consumer MessageThroughput |CountPerSecond |Total |Number of consumer messages through Kafka REST proxy |Machine, Topic | -|KafkaRestProxy.OpenConnections |Yes |REST proxy ConcurrentConnections |Count |Total |Number of concurrent connections through Kafka REST proxy |Machine, Topic | -|KafkaRestProxy.ProducerRequest.m1_delta |Yes |REST proxy Producer RequestThroughput |CountPerSecond |Total |Number of producer requests to Kafka REST proxy |Machine, Topic | -|KafkaRestProxy.ProducerRequestFail.m1_delta |Yes |REST proxy Producer Unsuccessful Requests |CountPerSecond |Total |Producer request exceptions |Machine, Topic | -|KafkaRestProxy.ProducerRequestTime.p95 |Yes |REST proxy Producer RequestLatency |Milliseconds |Average |Message latency in a producer request through Kafka REST proxy |Machine, Topic | -|KafkaRestProxy.ProducerRequestWaitingInQueueTime.p95 |Yes |REST proxy Producer Request Backlog |Milliseconds |Average |Producer REST proxy queue length |Machine, Topic | -|NumActiveWorkers |Yes |Number of Active Workers |Count |Maximum |Number of Active Workers |MetricName | -|PendingCPU |Yes |Pending CPU |Count |Maximum |Pending CPU Requests in YARN |No Dimensions | -|PendingMemory |Yes |Pending Memory |Count |Maximum |Pending Memory Requests in YARN |No Dimensions | --## Microsoft.HealthcareApis/services -<!-- Data source : arm--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|Availability |Yes |Availability |Percent |Average |The availability rate of the service. |No Dimensions | -|CosmosDbCollectionSize |Yes |Cosmos DB Collection Size |Bytes |Total |The size of the backing Cosmos DB collection, in bytes. |No Dimensions | -|CosmosDbIndexSize |Yes |Cosmos DB Index Size |Bytes |Total |The size of the backing Cosmos DB collection's index, in bytes. |No Dimensions | -|CosmosDbRequestCharge |Yes |Cosmos DB RU usage |Count |Total |The RU usage of requests to the service's backing Cosmos DB. |Operation, ResourceType | -|CosmosDbRequests |Yes |Service Cosmos DB requests |Count |Sum |The total number of requests made to a service's backing Cosmos DB. |Operation, ResourceType | -|CosmosDbThrottleRate |Yes |Service Cosmos DB throttle rate |Count |Sum |The total number of 429 responses from a service's backing Cosmos DB. |Operation, ResourceType | -|IoTConnectorDeviceEvent |Yes |Number of Incoming Messages |Count |Sum |The total number of messages received by the Azure IoT Connector for FHIR prior to any normalization. |Operation, ConnectorName | -|IoTConnectorDeviceEventProcessingLatencyMs |Yes |Average Normalize Stage Latency |Milliseconds |Average |The average time between an event's ingestion time and the time the event is processed for normalization. |Operation, ConnectorName | -|IoTConnectorMeasurement |Yes |Number of Measurements |Count |Sum |The number of normalized value readings received by the FHIR conversion stage of the Azure IoT Connector for FHIR. |Operation, ConnectorName | -|IoTConnectorMeasurementGroup |Yes |Number of Message Groups |Count |Sum |The total number of unique groupings of measurements across type, device, patient, and configured time period generated by the FHIR conversion stage. |Operation, ConnectorName | -|IoTConnectorMeasurementIngestionLatencyMs |Yes |Average Group Stage Latency |Milliseconds |Average |The time period between when the IoT Connector received the device data and when the data is processed by the FHIR conversion stage. |Operation, ConnectorName | -|IoTConnectorNormalizedEvent |Yes |Number of Normalized Messages |Count |Sum |The total number of mapped normalized values outputted from the normalization stage of the the Azure IoT Connector for FHIR. |Operation, ConnectorName | -|IoTConnectorTotalErrors |Yes |Total Error Count |Count |Sum |The total number of errors logged by the Azure IoT Connector for FHIR |Name, Operation, ErrorType, ErrorSeverity, ConnectorName | -|TotalErrors |Yes |Total Errors |Count |Sum |The total number of internal server errors encountered by the service. |Protocol, StatusCode, StatusCodeClass, StatusCodeText | -|TotalLatency |Yes |Total Latency |Milliseconds |Average |The response latency of the service. |Protocol | -|TotalRequests |Yes |Total Requests |Count |Sum |The total number of requests received by the service. |Protocol | --## Microsoft.HealthcareApis/workspaces/fhirservices -<!-- Data source : arm--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|Availability |Yes |Availability |Percent |Average |The availability rate of the service. |No Dimensions | -|TotalDataSize |Yes |Total Data Size |Bytes |Total |Total size of the data in the backing database, in bytes. |No Dimensions | -|TotalErrors |Yes |Total Errors |Count |Sum |The total number of internal server errors encountered by the service. |Protocol, StatusCode, StatusCodeClass, StatusCodeText | -|TotalLatency |Yes |Total Latency |Milliseconds |Average |The response latency of the service. |Protocol | -|TotalRequests |Yes |Total Requests |Count |Sum |The total number of requests received by the service. |Protocol | --## Microsoft.HealthcareApis/workspaces/iotconnectors -<!-- Data source : arm--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|DeviceEvent |Yes |Number of Incoming Messages |Count |Sum |The total number of messages received by the MedTech service prior to any normalization |Operation, ResourceName | -|DeviceEventProcessingLatencyMs |Yes |Average Normalize Stage Latency |Milliseconds |Average |The average time between an event's ingestion time and the time the event is processed for normalization. |Operation, ResourceName | -|DroppedEvent |Yes |Number of Dropped Events |Count |Sum |The number of input device events with no normalized events |Operation, ResourceName | -|FhirResourceSaved |Yes |Number of FHIR resources saved |Count |Sum |The total number of FHIR resources saved by the MedTech service |Operation, ResourceName, Name | -|IotConnectorStatus |Yes |MedTech Service Health Status |Percent |Average |Health checks which indicate the overall health of the MedTech service |Operation, ResourceName, HealthCheckName | -|Measurement |Yes |Number of Measurements |Count |Sum |The number of normalized value readings received by the FHIR conversion stage of the MedTech service |Operation, ResourceName | -|MeasurementGroup |Yes |Number of Message Groups |Count |Sum |The total number of unique groupings of measurements across type, device, patient, and configured time period generated by the FHIR conversion stage. |Operation, ResourceName | -|MeasurementIngestionLatencyMs |Yes |Average Group Stage Latency |Milliseconds |Average |The time period between when the MedTech service received the device data and when the data is processed by the FHIR conversion stage. |Operation, ResourceName | -|NormalizedEvent |Yes |Number of Normalized Messages |Count |Sum |The total number of mapped normalized values outputted from the normalization stage of the MedTech service |Operation, ResourceName | -|TotalErrors |Yes |Total Error Count |Count |Sum |The total number of errors logged by the MedTech service |Name, Operation, ErrorType, ErrorSeverity, ResourceName | --## Microsoft.HybridContainerService/provisionedClusters -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|capacity_cpu_cores |Yes |Total number of cpu cores in a provisioned cluster |Count |Average |Total number of cpu cores in a provisioned cluster |No Dimensions | --## microsoft.hybridnetwork/networkfunctions -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|HyperVVirtualProcessorUtilization |Yes |Average CPU Utilization |Percent |Average |Total average percentage of virtual CPU utilization at one minute interval. The total number of virtual CPU is based on user configured value in SKU definition. Further filter can be applied based on RoleName defined in SKU. |InstanceName | --## microsoft.hybridnetwork/virtualnetworkfunctions -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|HyperVVirtualProcessorUtilization |Yes |Average CPU Utilization |Percent |Average |Total average percentage of virtual CPU utilization at one minute interval. The total number of virtual CPU is based on user configured value in SKU definition. Further filter can be applied based on RoleName defined in SKU. |InstanceName | --## microsoft.insights/autoscalesettings -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|MetricThreshold |Yes |Metric Threshold |Count |Average |The configured autoscale threshold when autoscale ran. |MetricTriggerRule | -|ObservedCapacity |Yes |Observed Capacity |Count |Average |The capacity reported to autoscale when it executed. |No Dimensions | -|ObservedMetricValue |Yes |Observed Metric Value |Count |Average |The value computed by autoscale when executed |MetricTriggerSource | -|ScaleActionsInitiated |Yes |Scale Actions Initiated |Count |Total |The direction of the scale operation. |ScaleDirection | --## microsoft.insights/components -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|availabilityResults/availabilityPercentage |Yes |Availability |Percent |Average |Percentage of successfully completed availability tests |availabilityResult/name, availabilityResult/location | -|availabilityResults/count |No |Availability tests |Count |Count |Count of availability tests |availabilityResult/name, availabilityResult/location, availabilityResult/success | -|availabilityResults/duration |Yes |Availability test duration |MilliSeconds |Average |Availability test duration |availabilityResult/name, availabilityResult/location, availabilityResult/success | -|browserTimings/networkDuration |Yes |Page load network connect time |MilliSeconds |Average |Time between user request and network connection. Includes DNS lookup and transport connection. |No Dimensions | -|browserTimings/processingDuration |Yes |Client processing time |MilliSeconds |Average |Time between receiving the last byte of a document until the DOM is loaded. Async requests may still be processing. |No Dimensions | -|browserTimings/receiveDuration |Yes |Receiving response time |MilliSeconds |Average |Time between the first and last bytes, or until disconnection. |No Dimensions | -|browserTimings/sendDuration |Yes |Send request time |MilliSeconds |Average |Time between network connection and receiving the first byte. |No Dimensions | -|browserTimings/totalDuration |Yes |Browser page load time |MilliSeconds |Average |Time from user request until DOM, stylesheets, scripts and images are loaded. |No Dimensions | -|dependencies/count |No |Dependency calls |Count |Count |Count of calls made by the application to external resources. |dependency/type, dependency/performanceBucket, dependency/success, dependency/target, dependency/resultCode, operation/synthetic, cloud/roleInstance, cloud/roleName | -|dependencies/duration |Yes |Dependency duration |MilliSeconds |Average |Duration of calls made by the application to external resources. |dependency/type, dependency/performanceBucket, dependency/success, dependency/target, dependency/resultCode, operation/synthetic, cloud/roleInstance, cloud/roleName | -|dependencies/failed |No |Dependency call failures |Count |Count |Count of failed dependency calls made by the application to external resources. |dependency/type, dependency/performanceBucket, dependency/success, dependency/target, dependency/resultCode, operation/synthetic, cloud/roleInstance, cloud/roleName | -|exceptions/browser |No |Browser exceptions |Count |Count |Count of uncaught exceptions thrown in the browser. |client/isServer, cloud/roleName | -|exceptions/count |Yes |Exceptions |Count |Count |Combined count of all uncaught exceptions. |cloud/roleName, cloud/roleInstance, client/type | -|exceptions/server |No |Server exceptions |Count |Count |Count of uncaught exceptions thrown in the server application. |client/isServer, cloud/roleName, cloud/roleInstance | -|pageViews/count |Yes |Page views |Count |Count |Count of page views. |operation/synthetic, cloud/roleName | -|pageViews/duration |Yes |Page view load time |MilliSeconds |Average |Page view load time |operation/synthetic, cloud/roleName | -|performanceCounters/exceptionsPerSecond |Yes |Exception rate |CountPerSecond |Average |Count of handled and unhandled exceptions reported to windows, including .NET exceptions and unmanaged exceptions that are converted into .NET exceptions. |cloud/roleInstance | -|performanceCounters/memoryAvailableBytes |Yes |Available memory |Bytes |Average |Physical memory immediately available for allocation to a process or for system use. |cloud/roleInstance | -|performanceCounters/processCpuPercentage |Yes |Process CPU |Percent |Average |The percentage of elapsed time that all process threads used the processor to execute instructions. This can vary between 0 to 100. This metric indicates the performance of w3wp process alone. |cloud/roleInstance | -|performanceCounters/processIOBytesPerSecond |Yes |Process IO rate |BytesPerSecond |Average |Total bytes per second read and written to files, network and devices. |cloud/roleInstance | -|performanceCounters/processorCpuPercentage |Yes |Processor time |Percent |Average |The percentage of time that the processor spends in non-idle threads. |cloud/roleInstance | -|performanceCounters/processPrivateBytes |Yes |Process private bytes |Bytes |Average |Memory exclusively assigned to the monitored application's processes. |cloud/roleInstance | -|performanceCounters/requestExecutionTime |Yes |HTTP request execution time |MilliSeconds |Average |Execution time of the most recent request. |cloud/roleInstance | -|performanceCounters/requestsInQueue |Yes |HTTP requests in application queue |Count |Average |Length of the application request queue. |cloud/roleInstance | -|performanceCounters/requestsPerSecond |Yes |HTTP request rate |CountPerSecond |Average |Rate of all requests to the application per second from ASP.NET. |cloud/roleInstance | -|requests/count |No |Server requests |Count |Count |Count of HTTP requests completed. |request/performanceBucket, request/resultCode, operation/synthetic, cloud/roleInstance, request/success, cloud/roleName | -|requests/duration |Yes |Server response time |MilliSeconds |Average |Time between receiving an HTTP request and finishing sending the response. |request/performanceBucket, request/resultCode, operation/synthetic, cloud/roleInstance, request/success, cloud/roleName | -|requests/failed |No |Failed requests |Count |Count |Count of HTTP requests marked as failed. In most cases these are requests with a response code >= 400 and not equal to 401. |request/performanceBucket, request/resultCode, request/success, operation/synthetic, cloud/roleInstance, cloud/roleName | -|requests/rate |No |Server request rate |CountPerSecond |Average |Rate of server requests per second |request/performanceBucket, request/resultCode, operation/synthetic, cloud/roleInstance, request/success, cloud/roleName | -|traces/count |Yes |Traces |Count |Count |Trace document count |trace/severityLevel, operation/synthetic, cloud/roleName, cloud/roleInstance | --## Microsoft.IoTCentral/IoTApps -<!-- Data source : arm--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|c2d.commands.failure |Yes |Failed command invocations |Count |Total |The count of all failed command requests initiated from IoT Central |No Dimensions | -|c2d.commands.requestSize |Yes |Request size of command invocations |Bytes |Total |Request size of all command requests initiated from IoT Central |No Dimensions | -|c2d.commands.responseSize |Yes |Response size of command invocations |Bytes |Total |Response size of all command responses initiated from IoT Central |No Dimensions | -|c2d.commands.success |Yes |Successful command invocations |Count |Total |The count of all successful command requests initiated from IoT Central |No Dimensions | -|c2d.property.read.failure |Yes |Failed Device Property Reads from IoT Central |Count |Total |The count of all failed property reads initiated from IoT Central |No Dimensions | -|c2d.property.read.success |Yes |Successful Device Property Reads from IoT Central |Count |Total |The count of all successful property reads initiated from IoT Central |No Dimensions | -|c2d.property.update.failure |Yes |Failed Device Property Updates from IoT Central |Count |Total |The count of all failed property updates initiated from IoT Central |No Dimensions | -|c2d.property.update.success |Yes |Successful Device Property Updates from IoT Central |Count |Total |The count of all successful property updates initiated from IoT Central |No Dimensions | -|connectedDeviceCount |No |Total Connected Devices |Count |Average |Number of devices connected to IoT Central |No Dimensions | -|d2c.property.read.failure |Yes |Failed Device Property Reads from Devices |Count |Total |The count of all failed property reads initiated from devices |No Dimensions | -|d2c.property.read.success |Yes |Successful Device Property Reads from Devices |Count |Total |The count of all successful property reads initiated from devices |No Dimensions | -|d2c.property.update.failure |Yes |Failed Device Property Updates from Devices |Count |Total |The count of all failed property updates initiated from devices |No Dimensions | -|d2c.property.update.success |Yes |Successful Device Property Updates from Devices |Count |Total |The count of all successful property updates initiated from devices |No Dimensions | -|d2c.telemetry.ingress.allProtocol |Yes |Total Telemetry Message Send Attempts |Count |Total |Number of device-to-cloud telemetry messages attempted to be sent to the IoT Central application |No Dimensions | -|d2c.telemetry.ingress.success |Yes |Total Telemetry Messages Sent |Count |Total |Number of device-to-cloud telemetry messages successfully sent to the IoT Central application |No Dimensions | -|dataExport.error |Yes |Data Export Errors |Count |Total |Number of errors encountered for data export |exportId, exportDisplayName, destinationId, destinationDisplayName | -|dataExport.messages.filtered |Yes |Data Export Messages Filtered |Count |Total |Number of messages that have passed through filters in data export |exportId, exportDisplayName, destinationId, destinationDisplayName | -|dataExport.messages.received |Yes |Data Export Messages Received |Count |Total |Number of messages incoming to data export, before filtering and enrichment processing |exportId, exportDisplayName, destinationId, destinationDisplayName | -|dataExport.messages.written |Yes |Data Export Messages Written |Count |Total |Number of messages written to a destination |exportId, exportDisplayName, destinationId, destinationDisplayName | -|dataExport.statusChange |Yes |Data Export Status Change |Count |Total |Number of status changes |exportId, exportDisplayName, destinationId, destinationDisplayName, status | -|deviceDataUsage |Yes |Total Device Data Usage |Bytes |Total |Bytes transferred to and from any devices connected to IoT Central application |No Dimensions | -|provisionedDeviceCount |No |Total Provisioned Devices |Count |Average |Number of devices provisioned in IoT Central application |No Dimensions | --## microsoft.keyvault/managedhsms -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|Availability |No |Overall Service Availability |Percent |Average |Service requests availability |ActivityType, ActivityName, StatusCode, StatusCodeClass | -|ServiceApiHit |Yes |Total Service Api Hits |Count |Count |Number of total service api hits |ActivityType, ActivityName | -|ServiceApiLatency |No |Overall Service Api Latency |Milliseconds |Average |Overall latency of service api requests |ActivityType, ActivityName, StatusCode, StatusCodeClass | --## Microsoft.KeyVault/vaults -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|Availability |Yes |Overall Vault Availability |Percent |Average |Vault requests availability |ActivityType, ActivityName, StatusCode, StatusCodeClass | -|SaturationShoebox |No |Overall Vault Saturation |Percent |Average |Vault capacity used |ActivityType, ActivityName, TransactionType | -|ServiceApiHit |Yes |Total Service Api Hits |Count |Count |Number of total service api hits |ActivityType, ActivityName | -|ServiceApiLatency |Yes |Overall Service Api Latency |MilliSeconds |Average |Overall latency of service api requests |ActivityType, ActivityName, StatusCode, StatusCodeClass | -|ServiceApiResult |Yes |Total Service Api Results |Count |Count |Number of total service api results |ActivityType, ActivityName, StatusCode, StatusCodeClass | --## microsoft.kubernetes/connectedClusters -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|capacity_cpu_cores |Yes |Total number of cpu cores in a connected cluster |Count |Total |Total number of cpu cores in a connected cluster |No Dimensions | --## microsoft.kubernetesconfiguration/extensions -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|ActiveSessionCount |No |Active PDU Sessions |Count |Total |Number of Active PDU Sessions |3gppGen, PccpId, SiteId | -|AuthAttempt |Yes |Authentication Attempts |Count |Total |Authentication attempts rate (per minute) |3gppGen, PccpId, SiteId | -|AuthFailure |Yes |Authentication Failures |Count |Total |Authentication failure rate (per minute) |3gppGen, PccpId, SiteId, Result | -|AuthSuccess |Yes |Authentication Successes |Count |Total |Authentication success rate (per minute) |3gppGen, PccpId, SiteId | -|ConnectedNodebs |Yes |Connected NodeBs |Count |Total |Number of connected gNodeBs or eNodeBs |3gppGen, PccpId, SiteId | -|DeRegistrationAttempt |Yes |DeRegistration Attempts |Count |Total |UE deregistration attempts rate (per minute) |3gppGen, PccpId, SiteId | -|DeRegistrationSuccess |Yes |DeRegistration Successes |Count |Total |UE deregistration success rate (per minute) |3gppGen, PccpId, SiteId | -|PagingAttempt |Yes |Paging Attempts |Count |Total |Paging attempts rate (per minute) |3gppGen, PccpId, SiteId | -|PagingFailure |Yes |Paging Failures |Count |Total |Paging failure rate (per minute) |3gppGen, PccpId, SiteId | -|ProvisionedSubscribers |No |Provisioned Subscribers |Count |Total |Number of provisioned subscribers |PccpId, SiteId | -|RanSetupFailure |Yes |RAN Setup Failures |Count |Total |RAN setup failure rate (per minute) |3gppGen, PccpId, SiteId, Cause | -|RanSetupRequest |Yes |RAN Setup Requests |Count |Total |RAN setup reuests rate (per minute) |3gppGen, PccpId, SiteId | -|RanSetupResponse |Yes |RAN Setup Responses |Count |Total |RAN setup response rate (per minute) |3gppGen, PccpId, SiteId | -|RegisteredSubscribers |Yes |Registered Subscribers |Count |Total |Number of registered subscribers |3gppGen, PccpId, SiteId | -|RegisteredSubscribersConnected |Yes |Registered Subscribers Connected |Count |Total |Number of registered and connected subscribers |3gppGen, PccpId, SiteId | -|RegisteredSubscribersIdle |Yes |Registered Subscribers Idle |Count |Total |Number of registered and idle subscribers |3gppGen, PccpId, SiteId | -|RegistrationAttempt |Yes |Registration Attempts |Count |Total |Registration attempts rate (per minute) |3gppGen, PccpId, SiteId | -|RegistrationFailure |Yes |Registration Failures |Count |Total |Registration failure rate (per minute) |3gppGen, PccpId, SiteId, Result | -|RegistrationSuccess |Yes |Registration Successes |Count |Total |Registration success rate (per minute) |3gppGen, PccpId, SiteId | -|ServiceRequestAttempt |Yes |Service Request Attempts |Count |Total |Service request attempts rate (per minute) |3gppGen, PccpId, SiteId | -|ServiceRequestFailure |Yes |Service Request Failures |Count |Total |Service request failure rate (per minute) |3gppGen, PccpId, SiteId, Result, Tai | -|ServiceRequestSuccess |Yes |Service Request Successes |Count |Total |Service request success rate (per minute) |3gppGen, PccpId, SiteId | -|SessionEstablishmentAttempt |Yes |Session Establishment Attempts |Count |Total |PDU session establishment attempts rate (per minute) |3gppGen, PccpId, SiteId, Dnn | -|SessionEstablishmentFailure |Yes |Session Establishment Failures |Count |Total |PDU session establishment failure rate (per minute) |3gppGen, PccpId, SiteId, Dnn | -|SessionEstablishmentSuccess |Yes |Session Establishment Successes |Count |Total |PDU session establishment success rate (per minute) |3gppGen, PccpId, SiteId, Dnn | -|SessionRelease |Yes |Session Releases |Count |Total |Session release rate (per minute) |3gppGen, PccpId, SiteId | -|UeContextReleaseCommand |Yes |UE Context Release Commands |Count |Total |UE context release command message rate (per minute) |3gppGen, PccpId, SiteId | -|UeContextReleaseComplete |Yes |UE Context Release Completes |Count |Total |UE context release complete message rate (per minute) |3gppGen, PccpId, SiteId | -|UeContextReleaseRequest |Yes |UE Context Release Requests |Count |Total |UE context release request message rate (per minute) |3gppGen, PccpId, SiteId | -|UserPlaneBandwidth |No |User Plane Bandwidth |BitsPerSecond |Total |User plane bandwidth in bits/second. |PcdpId, SiteId, Direction, Interface | -|UserPlanePacketDropRate |No |User Plane Packet Drop Rate |CountPerSecond |Total |User plane packet drop rate (packets/sec) |PcdpId, SiteId, Cause, Direction, Interface | -|UserPlanePacketRate |No |User Plane Packet Rate |CountPerSecond |Total |User plane packet rate (packets/sec) |PcdpId, SiteId, Direction, Interface | -|XnHandoverAttempt |Yes |Xn Handover Attempts |Count |Total |Handover attempts rate (per minute) |3gppGen, PccpId, SiteId | -|XnHandoverFailure |Yes |Xn Handover Failures |Count |Total |Handover failure rate (per minute) |3gppGen, PccpId, SiteId | -|XnHandoverSuccess |Yes |Xn Handover Successes |Count |Total |Handover success rate (per minute) |3gppGen, PccpId, SiteId | --## Microsoft.Kusto/clusters -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|BatchBlobCount |Yes |Batch Blob Count |Count |Average |Number of data sources in an aggregated batch for ingestion. |Database | -|BatchDuration |Yes |Batch Duration |Seconds |Average |The duration of the aggregation phase in the ingestion flow. |Database | -|BatchesProcessed |Yes |Batches Processed |Count |Total |Number of batches aggregated for ingestion. Batching Type: whether the batch reached batching time, data size or number of files limit set by batching policy |Database, SealReason | -|BatchSize |Yes |Batch Size |Bytes |Average |Uncompressed expected data size in an aggregated batch for ingestion. |Database | -|BlobsDropped |Yes |Blobs Dropped |Count |Total |Number of blobs permanently rejected by a component. |Database, ComponentType, ComponentName | -|BlobsProcessed |Yes |Blobs Processed |Count |Total |Number of blobs processed by a component. |Database, ComponentType, ComponentName | -|BlobsReceived |Yes |Blobs Received |Count |Total |Number of blobs received from input stream by a component. |Database, ComponentType, ComponentName | -|CacheUtilization |Yes |Cache utilization (deprecated) |Percent |Average |Utilization level in the cluster scope. The metric is deprecated and presented for backward compatibility only, you should use the 'Cache utilization factor' metric instead. |No Dimensions | -|CacheUtilizationFactor |Yes |Cache utilization factor |Percent |Average |Percentage of utilized disk space dedicated for hot cache in the cluster. 100% means that the disk space assigned to hot data is optimally utilized. No action is needed in terms of the cache size. More than 100% means that the cluster's disk space is not large enough to accommodate the hot data, as defined by your caching policies. To ensure that sufficient space is available for all the hot data, the amount of hot data needs to be reduced or the cluster needs to be scaled out. Enabling auto scale is recommended. |No Dimensions | -|ContinuousExportMaxLatenessMinutes |Yes |Continuous Export Max Lateness |Count |Maximum |The lateness (in minutes) reported by the continuous export jobs in the cluster |No Dimensions | -|ContinuousExportNumOfRecordsExported |Yes |Continuous export - num of exported records |Count |Total |Number of records exported, fired for every storage artifact written during the export operation |ContinuousExportName, Database | -|ContinuousExportPendingCount |Yes |Continuous Export Pending Count |Count |Maximum |The number of pending continuous export jobs ready for execution |No Dimensions | -|ContinuousExportResult |Yes |Continuous Export Result |Count |Count |Indicates whether Continuous Export succeeded or failed |ContinuousExportName, Result, Database | -|CPU |Yes |CPU |Percent |Average |CPU utilization level |No Dimensions | -|DiscoveryLatency |Yes |Discovery Latency |Seconds |Average |Reported by data connections (if exist). Time in seconds from when a message is enqueued or event is created until it is discovered by data connection. This time is not included in the Azure Data Explorer total ingestion duration. |ComponentType, ComponentName | -|EventsDropped |Yes |Events Dropped |Count |Total |Number of events dropped permanently by data connection. An Ingestion result metric with a failure reason will be sent. |ComponentType, ComponentName | -|EventsProcessed |Yes |Events Processed |Count |Total |Number of events processed by the cluster |ComponentType, ComponentName | -|EventsProcessedForEventHubs |Yes |Events Processed (for Event/IoT Hubs) |Count |Total |Number of events processed by the cluster when ingesting from Event/IoT Hub |EventStatus | -|EventsReceived |Yes |Events Received |Count |Total |Number of events received by data connection. |ComponentType, ComponentName | -|ExportUtilization |Yes |Export Utilization |Percent |Maximum |Export utilization |No Dimensions | -|FollowerLatency |Yes |FollowerLatency |MilliSeconds |Average |The follower databases synchronize changes in the leader databases. Because of the synchronization, there's a data lag of a few seconds to a few minutes in data availability.This metric measures the length of the time lag. The time lag depends on the overall size of the leader database metadata.This is a cluster level metrics: the followers catch metadata of all databases that are followed. This metric represents the latency of the process. |State, RoleInstance | -|IngestionLatencyInSeconds |Yes |Ingestion Latency |Seconds |Average |Latency of data ingested, from the time the data was received in the cluster until it's ready for query. The ingestion latency period depends on the ingestion scenario. |No Dimensions | -|IngestionResult |Yes |Ingestion result |Count |Total |Total number of sources that either failed or succeeded to be ingested. Splitting the metric by status, you can get detailed information about the status of the ingestion operations. |IngestionResultDetails, FailureKind | -|IngestionUtilization |Yes |Ingestion utilization |Percent |Average |Ratio of used ingestion slots in the cluster |No Dimensions | -|IngestionVolumeInMB |Yes |Ingestion Volume |Bytes |Total |Overall volume of ingested data to the cluster |Database | -|InstanceCount |Yes |Instance Count |Count |Average |Total instance count |No Dimensions | -|KeepAlive |Yes |Keep alive |Count |Average |Sanity check indicates the cluster responds to queries |No Dimensions | -|MaterializedViewAgeMinutes |Yes |Materialized View Age |Count |Average |The materialized view age in minutes |Database, MaterializedViewName | -|MaterializedViewAgeSeconds |Yes |Materialized View Age |Seconds |Average |The materialized view age in seconds |Database, MaterializedViewName | -|MaterializedViewDataLoss |Yes |Materialized View Data Loss |Count |Maximum |Indicates potential data loss in materialized view |Database, MaterializedViewName, Kind | -|MaterializedViewExtentsRebuild |Yes |Materialized View Extents Rebuild |Count |Average |Number of extents rebuild |Database, MaterializedViewName | -|MaterializedViewHealth |Yes |Materialized View Health |Count |Average |The health of the materialized view (1 for healthy, 0 for non-healthy) |Database, MaterializedViewName | -|MaterializedViewRecordsInDelta |Yes |Materialized View Records In Delta |Count |Average |The number of records in the non-materialized part of the view |Database, MaterializedViewName | -|MaterializedViewResult |Yes |Materialized View Result |Count |Average |The result of the materialization process |Database, MaterializedViewName, Result | -|QueryDuration |Yes |Query duration |MilliSeconds |Average |Queries duration in seconds |QueryStatus | -|QueryResult |No |Query Result |Count |Count |Total number of queries. |QueryStatus | -|QueueLength |Yes |Queue Length |Count |Average |Number of pending messages in a component's queue. |ComponentType | -|QueueOldestMessage |Yes |Queue Oldest Message |Count |Average |Time in seconds from when the oldest message in queue was inserted. |ComponentType | -|ReceivedDataSizeBytes |Yes |Received Data Size Bytes |Bytes |Average |Size of data received by data connection. This is the size of the data stream, or of raw data size if provided. |ComponentType, ComponentName | -|StageLatency |Yes |Stage Latency |Seconds |Average |Cumulative time from when a message is discovered until it is received by the reporting component for processing (discovery time is set when message is enqueued for ingestion queue, or when discovered by data connection). |Database, ComponentType | -|StreamingIngestDataRate |Yes |Streaming Ingest Data Rate |Bytes |Average |Streaming ingest data rate |No Dimensions | -|StreamingIngestDuration |Yes |Streaming Ingest Duration |MilliSeconds |Average |Streaming ingest duration in milliseconds |No Dimensions | -|StreamingIngestResults |Yes |Streaming Ingest Result |Count |Count |Streaming ingest result |Result | -|TotalNumberOfConcurrentQueries |Yes |Total number of concurrent queries |Count |Maximum |Total number of concurrent queries |No Dimensions | -|TotalNumberOfExtents |Yes |Total number of extents |Count |Average |Total number of data extents |No Dimensions | -|TotalNumberOfThrottledCommands |Yes |Total number of throttled commands |Count |Total |Total number of throttled commands |CommandType | -|TotalNumberOfThrottledQueries |Yes |Total number of throttled queries |Count |Maximum |Total number of throttled queries |No Dimensions | -|WeakConsistencyLatency |Yes |Weak consistency latency |Seconds |Average |The max latency between the previous metadata sync and the next one (in DB/node scope) |Database, RoleInstance | --## Microsoft.Logic/IntegrationServiceEnvironments -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|ActionLatency |Yes |Action Latency |Seconds |Average |Latency of completed workflow actions. |No Dimensions | -|ActionsCompleted |Yes |Actions Completed |Count |Total |Number of workflow actions completed. |No Dimensions | -|ActionsFailed |Yes |Actions Failed |Count |Total |Number of workflow actions failed. |No Dimensions | -|ActionsSkipped |Yes |Actions Skipped |Count |Total |Number of workflow actions skipped. |No Dimensions | -|ActionsStarted |Yes |Actions Started |Count |Total |Number of workflow actions started. |No Dimensions | -|ActionsSucceeded |Yes |Actions Succeeded |Count |Total |Number of workflow actions succeeded. |No Dimensions | -|ActionSuccessLatency |Yes |Action Success Latency |Seconds |Average |Latency of succeeded workflow actions. |No Dimensions | -|IntegrationServiceEnvironmentConnectorMemoryUsage |Yes |Connector Memory Usage for Integration Service Environment |Percent |Average |Connector memory usage for integration service environment. |No Dimensions | -|IntegrationServiceEnvironmentConnectorProcessorUsage |Yes |Connector Processor Usage for Integration Service Environment |Percent |Average |Connector processor usage for integration service environment. |No Dimensions | -|IntegrationServiceEnvironmentWorkflowMemoryUsage |Yes |Workflow Memory Usage for Integration Service Environment |Percent |Average |Workflow memory usage for integration service environment. |No Dimensions | -|IntegrationServiceEnvironmentWorkflowProcessorUsage |Yes |Workflow Processor Usage for Integration Service Environment |Percent |Average |Workflow processor usage for integration service environment. |No Dimensions | -|RunLatency |Yes |Run Latency |Seconds |Average |Latency of completed workflow runs. |No Dimensions | -|RunsCancelled |Yes |Runs Cancelled |Count |Total |Number of workflow runs cancelled. |No Dimensions | -|RunsCompleted |Yes |Runs Completed |Count |Total |Number of workflow runs completed. |No Dimensions | -|RunsFailed |Yes |Runs Failed |Count |Total |Number of workflow runs failed. |No Dimensions | -|RunsStarted |Yes |Runs Started |Count |Total |Number of workflow runs started. |No Dimensions | -|RunsSucceeded |Yes |Runs Succeeded |Count |Total |Number of workflow runs succeeded. |No Dimensions | -|RunSuccessLatency |Yes |Run Success Latency |Seconds |Average |Latency of succeeded workflow runs. |No Dimensions | -|TriggerFireLatency |Yes |Trigger Fire Latency |Seconds |Average |Latency of fired workflow triggers. |No Dimensions | -|TriggerLatency |Yes |Trigger Latency |Seconds |Average |Latency of completed workflow triggers. |No Dimensions | -|TriggersCompleted |Yes |Triggers Completed |Count |Total |Number of workflow triggers completed. |No Dimensions | -|TriggersFailed |Yes |Triggers Failed |Count |Total |Number of workflow triggers failed. |No Dimensions | -|TriggersFired |Yes |Triggers Fired |Count |Total |Number of workflow triggers fired. |No Dimensions | -|TriggersSkipped |Yes |Triggers Skipped |Count |Total |Number of workflow triggers skipped. |No Dimensions | -|TriggersStarted |Yes |Triggers Started |Count |Total |Number of workflow triggers started. |No Dimensions | -|TriggersSucceeded |Yes |Triggers Succeeded |Count |Total |Number of workflow triggers succeeded. |No Dimensions | -|TriggerSuccessLatency |Yes |Trigger Success Latency |Seconds |Average |Latency of succeeded workflow triggers. |No Dimensions | --## Microsoft.Logic/Workflows -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|ActionLatency |Yes |Action Latency |Seconds |Average |Latency of completed workflow actions. |No Dimensions | -|ActionsCompleted |Yes |Actions Completed |Count |Total |Number of workflow actions completed. |No Dimensions | -|ActionsFailed |Yes |Actions Failed |Count |Total |Number of workflow actions failed. |No Dimensions | -|ActionsSkipped |Yes |Actions Skipped |Count |Total |Number of workflow actions skipped. |No Dimensions | -|ActionsStarted |Yes |Actions Started |Count |Total |Number of workflow actions started. |No Dimensions | -|ActionsSucceeded |Yes |Actions Succeeded |Count |Total |Number of workflow actions succeeded. |No Dimensions | -|ActionSuccessLatency |Yes |Action Success Latency |Seconds |Average |Latency of succeeded workflow actions. |No Dimensions | -|ActionThrottledEvents |Yes |Action Throttled Events |Count |Total |Number of workflow action throttled events.. |No Dimensions | -|BillableActionExecutions |Yes |Billable Action Executions |Count |Total |Number of workflow action executions getting billed. |No Dimensions | -|BillableTriggerExecutions |Yes |Billable Trigger Executions |Count |Total |Number of workflow trigger executions getting billed. |No Dimensions | -|BillingUsageNativeOperation |Yes |Billing Usage for Native Operation Executions |Count |Total |Number of native operation executions getting billed. |No Dimensions | -|BillingUsageStandardConnector |Yes |Billing Usage for Standard Connector Executions |Count |Total |Number of standard connector executions getting billed. |No Dimensions | -|BillingUsageStorageConsumption |Yes |Billing Usage for Storage Consumption Executions |Count |Total |Number of storage consumption executions getting billed. |No Dimensions | -|RunFailurePercentage |Yes |Run Failure Percentage |Percent |Total |Percentage of workflow runs failed. |No Dimensions | -|RunLatency |Yes |Run Latency |Seconds |Average |Latency of completed workflow runs. |No Dimensions | -|RunsCancelled |Yes |Runs Cancelled |Count |Total |Number of workflow runs cancelled. |No Dimensions | -|RunsCompleted |Yes |Runs Completed |Count |Total |Number of workflow runs completed. |No Dimensions | -|RunsFailed |Yes |Runs Failed |Count |Total |Number of workflow runs failed. |No Dimensions | -|RunsStarted |Yes |Runs Started |Count |Total |Number of workflow runs started. |No Dimensions | -|RunsSucceeded |Yes |Runs Succeeded |Count |Total |Number of workflow runs succeeded. |No Dimensions | -|RunStartThrottledEvents |Yes |Run Start Throttled Events |Count |Total |Number of workflow run start throttled events. |No Dimensions | -|RunSuccessLatency |Yes |Run Success Latency |Seconds |Average |Latency of succeeded workflow runs. |No Dimensions | -|RunThrottledEvents |Yes |Run Throttled Events |Count |Total |Number of workflow action or trigger throttled events. |No Dimensions | -|TotalBillableExecutions |Yes |Total Billable Executions |Count |Total |Number of workflow executions getting billed. |No Dimensions | -|TriggerFireLatency |Yes |Trigger Fire Latency |Seconds |Average |Latency of fired workflow triggers. |No Dimensions | -|TriggerLatency |Yes |Trigger Latency |Seconds |Average |Latency of completed workflow triggers. |No Dimensions | -|TriggersCompleted |Yes |Triggers Completed |Count |Total |Number of workflow triggers completed. |No Dimensions | -|TriggersFailed |Yes |Triggers Failed |Count |Total |Number of workflow triggers failed. |No Dimensions | -|TriggersFired |Yes |Triggers Fired |Count |Total |Number of workflow triggers fired. |No Dimensions | -|TriggersSkipped |Yes |Triggers Skipped |Count |Total |Number of workflow triggers skipped. |No Dimensions | -|TriggersStarted |Yes |Triggers Started |Count |Total |Number of workflow triggers started. |No Dimensions | -|TriggersSucceeded |Yes |Triggers Succeeded |Count |Total |Number of workflow triggers succeeded. |No Dimensions | -|TriggerSuccessLatency |Yes |Trigger Success Latency |Seconds |Average |Latency of succeeded workflow triggers. |No Dimensions | -|TriggerThrottledEvents |Yes |Trigger Throttled Events |Count |Total |Number of workflow trigger throttled events. |No Dimensions | --## Microsoft.MachineLearningServices/workspaces -<!-- Data source : arm--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|Active Cores |Yes |Active Cores |Count |Average |Number of active cores |Scenario, ClusterName | -|Active Nodes |Yes |Active Nodes |Count |Average |Number of Acitve nodes. These are the nodes which are actively running a job. |Scenario, ClusterName | -|Cancel Requested Runs |Yes |Cancel Requested Runs |Count |Total |Number of runs where cancel was requested for this workspace. Count is updated when cancellation request has been received for a run. |Scenario, RunType, PublishedPipelineId, ComputeType, PipelineStepType, ExperimentName | -|Cancelled Runs |Yes |Cancelled Runs |Count |Total |Number of runs cancelled for this workspace. Count is updated when a run is successfully cancelled. |Scenario, RunType, PublishedPipelineId, ComputeType, PipelineStepType, ExperimentName | -|Completed Runs |Yes |Completed Runs |Count |Total |Number of runs completed successfully for this workspace. Count is updated when a run has completed and output has been collected. |Scenario, RunType, PublishedPipelineId, ComputeType, PipelineStepType, ExperimentName | -|CpuCapacityMillicores |Yes |CpuCapacityMillicores |Count |Average |Maximum capacity of a CPU node in millicores. Capacity is aggregated in one minute intervals. |RunId, InstanceId, ComputeName | -|CpuMemoryCapacityMegabytes |Yes |CpuMemoryCapacityMegabytes |Count |Average |Maximum memory utilization of a CPU node in megabytes. Utilization is aggregated in one minute intervals. |RunId, InstanceId, ComputeName | -|CpuMemoryUtilizationMegabytes |Yes |CpuMemoryUtilizationMegabytes |Count |Average |Memory utilization of a CPU node in megabytes. Utilization is aggregated in one minute intervals. |RunId, InstanceId, ComputeName | -|CpuMemoryUtilizationPercentage |Yes |CpuMemoryUtilizationPercentage |Count |Average |Memory utilization percentage of a CPU node. Utilization is aggregated in one minute intervals. |RunId, InstanceId, ComputeName | -|CpuUtilization |Yes |CpuUtilization |Count |Average |Percentage of utilization on a CPU node. Utilization is reported at one minute intervals. |Scenario, runId, NodeId, ClusterName | -|CpuUtilizationMillicores |Yes |CpuUtilizationMillicores |Count |Average |Utilization of a CPU node in millicores. Utilization is aggregated in one minute intervals. |RunId, InstanceId, ComputeName | -|CpuUtilizationPercentage |Yes |CpuUtilizationPercentage |Count |Average |Utilization percentage of a CPU node. Utilization is aggregated in one minute intervals. |RunId, InstanceId, ComputeName | -|DiskAvailMegabytes |Yes |DiskAvailMegabytes |Count |Average |Available disk space in megabytes. Metrics are aggregated in one minute intervals. |RunId, InstanceId, ComputeName | -|DiskReadMegabytes |Yes |DiskReadMegabytes |Count |Average |Data read from disk in megabytes. Metrics are aggregated in one minute intervals. |RunId, InstanceId, ComputeName | -|DiskUsedMegabytes |Yes |DiskUsedMegabytes |Count |Average |Used disk space in megabytes. Metrics are aggregated in one minute intervals. |RunId, InstanceId, ComputeName | -|DiskWriteMegabytes |Yes |DiskWriteMegabytes |Count |Average |Data written into disk in megabytes. Metrics are aggregated in one minute intervals. |RunId, InstanceId, ComputeName | -|Errors |Yes |Errors |Count |Total |Number of run errors in this workspace. Count is updated whenever run encounters an error. |Scenario | -|Failed Runs |Yes |Failed Runs |Count |Total |Number of runs failed for this workspace. Count is updated when a run fails. |Scenario, RunType, PublishedPipelineId, ComputeType, PipelineStepType, ExperimentName | -|Finalizing Runs |Yes |Finalizing Runs |Count |Total |Number of runs entered finalizing state for this workspace. Count is updated when a run has completed but output collection still in progress. |Scenario, RunType, PublishedPipelineId, ComputeType, PipelineStepType, ExperimentName | -|GpuCapacityMilliGPUs |Yes |GpuCapacityMilliGPUs |Count |Average |Maximum capacity of a GPU device in milli-GPUs. Capacity is aggregated in one minute intervals. |RunId, InstanceId, DeviceId, ComputeName | -|GpuEnergyJoules |Yes |GpuEnergyJoules |Count |Total |Interval energy in Joules on a GPU node. Energy is reported at one minute intervals. |Scenario, runId, rootRunId, InstanceId, DeviceId, ComputeName | -|GpuMemoryCapacityMegabytes |Yes |GpuMemoryCapacityMegabytes |Count |Average |Maximum memory capacity of a GPU device in megabytes. Capacity aggregated in at one minute intervals. |RunId, InstanceId, DeviceId, ComputeName | -|GpuMemoryUtilization |Yes |GpuMemoryUtilization |Count |Average |Percentage of memory utilization on a GPU node. Utilization is reported at one minute intervals. |Scenario, runId, NodeId, DeviceId, ClusterName | -|GpuMemoryUtilizationMegabytes |Yes |GpuMemoryUtilizationMegabytes |Count |Average |Memory utilization of a GPU device in megabytes. Utilization aggregated in at one minute intervals. |RunId, InstanceId, DeviceId, ComputeName | -|GpuMemoryUtilizationPercentage |Yes |GpuMemoryUtilizationPercentage |Count |Average |Memory utilization percentage of a GPU device. Utilization aggregated in at one minute intervals. |RunId, InstanceId, DeviceId, ComputeName | -|GpuUtilization |Yes |GpuUtilization |Count |Average |Percentage of utilization on a GPU node. Utilization is reported at one minute intervals. |Scenario, runId, NodeId, DeviceId, ClusterName | -|GpuUtilizationMilliGPUs |Yes |GpuUtilizationMilliGPUs |Count |Average |Utilization of a GPU device in milli-GPUs. Utilization is aggregated in one minute intervals. |RunId, InstanceId, DeviceId, ComputeName | -|GpuUtilizationPercentage |Yes |GpuUtilizationPercentage |Count |Average |Utilization percentage of a GPU device. Utilization is aggregated in one minute intervals. |RunId, InstanceId, DeviceId, ComputeName | -|IBReceiveMegabytes |Yes |IBReceiveMegabytes |Count |Average |Network data received over InfiniBand in megabytes. Metrics are aggregated in one minute intervals. |RunId, InstanceId, ComputeName, DeviceId | -|IBTransmitMegabytes |Yes |IBTransmitMegabytes |Count |Average |Network data sent over InfiniBand in megabytes. Metrics are aggregated in one minute intervals. |RunId, InstanceId, ComputeName, DeviceId | -|Idle Cores |Yes |Idle Cores |Count |Average |Number of idle cores |Scenario, ClusterName | -|Idle Nodes |Yes |Idle Nodes |Count |Average |Number of idle nodes. Idle nodes are the nodes which are not running any jobs but can accept new job if available. |Scenario, ClusterName | -|Leaving Cores |Yes |Leaving Cores |Count |Average |Number of leaving cores |Scenario, ClusterName | -|Leaving Nodes |Yes |Leaving Nodes |Count |Average |Number of leaving nodes. Leaving nodes are the nodes which just finished processing a job and will go to Idle state. |Scenario, ClusterName | -|Model Deploy Failed |Yes |Model Deploy Failed |Count |Total |Number of model deployments that failed in this workspace |Scenario, StatusCode | -|Model Deploy Started |Yes |Model Deploy Started |Count |Total |Number of model deployments started in this workspace |Scenario | -|Model Deploy Succeeded |Yes |Model Deploy Succeeded |Count |Total |Number of model deployments that succeeded in this workspace |Scenario | -|Model Register Failed |Yes |Model Register Failed |Count |Total |Number of model registrations that failed in this workspace |Scenario, StatusCode | -|Model Register Succeeded |Yes |Model Register Succeeded |Count |Total |Number of model registrations that succeeded in this workspace |Scenario | -|NetworkInputMegabytes |Yes |NetworkInputMegabytes |Count |Average |Network data received in megabytes. Metrics are aggregated in one minute intervals. |RunId, InstanceId, ComputeName, DeviceId | -|NetworkOutputMegabytes |Yes |NetworkOutputMegabytes |Count |Average |Network data sent in megabytes. Metrics are aggregated in one minute intervals. |RunId, InstanceId, ComputeName, DeviceId | -|Not Responding Runs |Yes |Not Responding Runs |Count |Total |Number of runs not responding for this workspace. Count is updated when a run enters Not Responding state. |Scenario, RunType, PublishedPipelineId, ComputeType, PipelineStepType, ExperimentName | -|Not Started Runs |Yes |Not Started Runs |Count |Total |Number of runs in Not Started state for this workspace. Count is updated when a request is received to create a run but run information has not yet been populated. |Scenario, RunType, PublishedPipelineId, ComputeType, PipelineStepType, ExperimentName | -|Preempted Cores |Yes |Preempted Cores |Count |Average |Number of preempted cores |Scenario, ClusterName | -|Preempted Nodes |Yes |Preempted Nodes |Count |Average |Number of preempted nodes. These nodes are the low priority nodes which are taken away from the available node pool. |Scenario, ClusterName | -|Preparing Runs |Yes |Preparing Runs |Count |Total |Number of runs that are preparing for this workspace. Count is updated when a run enters Preparing state while the run environment is being prepared. |Scenario, RunType, PublishedPipelineId, ComputeType, PipelineStepType, ExperimentName | -|Provisioning Runs |Yes |Provisioning Runs |Count |Total |Number of runs that are provisioning for this workspace. Count is updated when a run is waiting on compute target creation or provisioning. |Scenario, RunType, PublishedPipelineId, ComputeType, PipelineStepType, ExperimentName | -|Queued Runs |Yes |Queued Runs |Count |Total |Number of runs that are queued for this workspace. Count is updated when a run is queued in compute target. Can occure when waiting for required compute nodes to be ready. |Scenario, RunType, PublishedPipelineId, ComputeType, PipelineStepType, ExperimentName | -|Quota Utilization Percentage |Yes |Quota Utilization Percentage |Count |Average |Percent of quota utilized |Scenario, ClusterName, VmFamilyName, VmPriority | -|Started Runs |Yes |Started Runs |Count |Total |Number of runs running for this workspace. Count is updated when run starts running on required resources. |Scenario, RunType, PublishedPipelineId, ComputeType, PipelineStepType, ExperimentName | -|Starting Runs |Yes |Starting Runs |Count |Total |Number of runs started for this workspace. Count is updated after request to create run and run info, such as the Run Id, has been populated |Scenario, RunType, PublishedPipelineId, ComputeType, PipelineStepType, ExperimentName | -|StorageAPIFailureCount |Yes |StorageAPIFailureCount |Count |Total |Azure Blob Storage API calls failure count. |RunId, InstanceId, ComputeName | -|StorageAPISuccessCount |Yes |StorageAPISuccessCount |Count |Total |Azure Blob Storage API calls success count. |RunId, InstanceId, ComputeName | -|Total Cores |Yes |Total Cores |Count |Average |Number of total cores |Scenario, ClusterName | -|Total Nodes |Yes |Total Nodes |Count |Average |Number of total nodes. This total includes some of Active Nodes, Idle Nodes, Unusable Nodes, Premepted Nodes, Leaving Nodes |Scenario, ClusterName | -|Unusable Cores |Yes |Unusable Cores |Count |Average |Number of unusable cores |Scenario, ClusterName | -|Unusable Nodes |Yes |Unusable Nodes |Count |Average |Number of unusable nodes. Unusable nodes are not functional due to some unresolvable issue. Azure will recycle these nodes. |Scenario, ClusterName | -|Warnings |Yes |Warnings |Count |Total |Number of run warnings in this workspace. Count is updated whenever a run encounters a warning. |Scenario | --## Microsoft.MachineLearningServices/workspaces/onlineEndpoints -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|ConnectionsActive |No |Connections Active |Count |Average |The total number of concurrent TCP connections active from clients. |No Dimensions | -|DataCollectionErrorsPerMinute |No |Data Collection Errors Per Minute |Count |Average |The number of data collection events dropped per minute. |deployment, reason, type | -|DataCollectionEventsPerMinute |No |Data Collection Events Per Minute |Count |Average |The number of data collection events processed per minute. |deployment, type | -|NetworkBytes |No |Network Bytes |BytesPerSecond |Average |The bytes per second served for the endpoint. |No Dimensions | -|NewConnectionsPerSecond |No |New Connections Per Second |CountPerSecond |Average |The average number of new TCP connections per second established from clients. |No Dimensions | -|RequestLatency |Yes |Request Latency |Milliseconds |Average |The average complete interval of time taken for a request to be responded in milliseconds |deployment | -|RequestLatency_P50 |Yes |Request Latency P50 |Milliseconds |Average |The average P50 request latency aggregated by all request latency values collected over the selected time period |deployment | -|RequestLatency_P90 |Yes |Request Latency P90 |Milliseconds |Average |The average P90 request latency aggregated by all request latency values collected over the selected time period |deployment | -|RequestLatency_P95 |Yes |Request Latency P95 |Milliseconds |Average |The average P95 request latency aggregated by all request latency values collected over the selected time period |deployment | -|RequestLatency_P99 |Yes |Request Latency P99 |Milliseconds |Average |The average P99 request latency aggregated by all request latency values collected over the selected time period |deployment | -|RequestsPerMinute |No |Requests Per Minute |Count |Average |The number of requests sent to online endpoint within a minute |deployment, statusCode, statusCodeClass, modelStatusCode | --## Microsoft.MachineLearningServices/workspaces/onlineEndpoints/deployments -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|CpuMemoryUtilizationPercentage |Yes |CPU Memory Utilization Percentage |Percent |Average |Percentage of memory utilization on an instance. Utilization is reported at one minute intervals. |instanceId | -|CpuUtilizationPercentage |Yes |CPU Utilization Percentage |Percent |Average |Percentage of CPU utilization on an instance. Utilization is reported at one minute intervals. |instanceId | -|DataCollectionErrorsPerMinute |No |Data Collection Errors Per Minute |Count |Average |The number of data collection events dropped per minute. |instanceId, reason, type | -|DataCollectionEventsPerMinute |No |Data Collection Events Per Minute |Count |Average |The number of data collection events processed per minute. |instanceId, type | -|DeploymentCapacity |No |Deployment Capacity |Count |Average |The number of instances in the deployment. |instanceId, State | -|DiskUtilization |Yes |Disk Utilization |Percent |Maximum |Percentage of disk utilization on an instance. Utilization is reported at one minute intervals. |instanceId, disk | -|GpuEnergyJoules |No |GPU Energy in Joules |Count |Average |Interval energy in Joules on a GPU node. Energy is reported at one minute intervals. |instanceId | -|GpuMemoryUtilizationPercentage |Yes |GPU Memory Utilization Percentage |Percent |Average |Percentage of GPU memory utilization on an instance. Utilization is reported at one minute intervals. |instanceId | -|GpuUtilizationPercentage |Yes |GPU Utilization Percentage |Percent |Average |Percentage of GPU utilization on an instance. Utilization is reported at one minute intervals. |instanceId | --## Microsoft.ManagedNetworkFabric/networkDevices -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|AclMatchedPackets |Yes |Acl Matched Packets |Count |Average |Count of the number of packets matching the current ACL entry. |FabricId, AclSetName, AclEntrySequenceId, AclSetType | -|BgpPeerStatus |Yes |BGP Peer Status |Unspecified |Minimum |Operational state of the BGP peer. State is represented in numerical form. Idle : 1, Connect : 2, Active : 3, Opensent : 4, Openconfirm : 5, Established : 6 |FabricId, IpAddress | -|ComponentOperStatus |Yes |Component Operational State |Unspecified |Minimum |The current operational status of the component. |FabricId, ComponentName | -|CpuUtilizationMax |Yes |Cpu Utilization Max |Percent |Average |Max cpu utilization. The maximum value of the percentage measure of the statistic over the time interval. |FabricId, ComponentName | -|CpuUtilizationMin |Yes |Cpu Utilization Min |Percent |Average |Min cpu utilization. The minimum value of the percentage measure of the statistic over the time interval. |FabricId, ComponentName | -|FanSpeed |Yes |Fan Speed |Unspecified |Average |Current fan speed. |FabricId, ComponentName | -|IfEthInCrcErrors |Yes |Ethernet Interface In CRC Errors |Count |Average |The total number of frames received that had a length (excluding framing bits, but including FCS octets) of between 64 and 1518 octets, inclusive, but had either a bad Frame Check Sequence (FCS) with an integral number of octets (FCS Error) or a bad FCS with a non-integral number of octets (Alignment Error) |FabricId, InterfaceName | -|IfEthInFragmentFrames |Yes |Ethernet Interface In Fragment Frames |Count |Average |The total number of frames received that were less than 64 octets in length (excluding framing bits but including FCS octets) and had either a bad Frame Check Sequence (FCS) with an integral number of octets (FCS Error) or a bad FCS with a non-integral number of octets (Alignment Error). |FabricId, InterfaceName | -|IfEthInJabberFrames |Yes |Ethernet Interface In Jabber Frames |Count |Average |Number of jabber frames received on the interface. Jabber frames are typically defined as oversize frames which also have a bad CRC. |FabricId, InterfaceName | -|IfEthInMacControlFrames |Yes |Ethernet Interface In MAC Control Frames |Count |Average |MAC layer control frames received on the interface |FabricId, InterfaceName | -|IfEthInMacPauseFrames |Yes |Ethernet Interface In MAC Pause Frames |Count |Average |MAC layer PAUSE frames received on the interface |FabricId, InterfaceName | -|IfEthInMaxsizeExceeded |Yes |Ethernet Interface In Maxsize Exceeded |Count |Average |The total number frames received that are well-formed dropped due to exceeding the maximum frame size on the interface. |FabricId, InterfaceName | -|IfEthInOversizeFrames |Yes |Ethernet Interface In Oversize Frames |Count |Average |The total number of frames received that were longer than 1518 octets (excluding framing bits, but including FCS octets) and were otherwise well formed. |FabricId, InterfaceName | -|IfEthOutMacControlFrames |Yes |Ethernet Interface Out MAC Control Frames |Count |Average |MAC layer control frames sent on the interface. |FabricId, InterfaceName | -|IfEthOutMacPauseFrames |Yes |Ethernet Interface Out MAC Pause Frames |Count |Average |MAC layer PAUSE frames sent on the interface. |FabricId, InterfaceName | -|IfInBroadcastPkts |Yes |Interface In Broadcast Pkts |Count |Average |The number of packets, delivered by this sub-layer to a higher (sub-)layer, that were addressed to a broadcast address at this sub-layer. |FabricId, InterfaceName | -|IfInDiscards |Yes |Interface In Discards |Count |Average |The number of inbound packets that were chosen to be discarded even though no errors had been detected to prevent their being deliverable to a higher-layer protocol. |FabricId, InterfaceName | -|IfInErrors |Yes |Interface In Errors |Count |Average |For packet-oriented interfaces, the number of inbound packets that contained errors preventing them from being deliverable to a higher-layer protocol. |FabricId, InterfaceName | -|IfInFcsErrors |Yes |Interface In FCS Errors |Count |Average |Number of received packets which had errors in the frame check sequence (FCS), i.e., framing errors. |FabricId, InterfaceName | -|IfInMulticastPkts |Yes |Interface In Multicast Pkts |Count |Average |The number of packets, delivered by this sub-layer to a higher (sub-)layer, that were addressed to a multicast address at this sub-layer. For a MAC-layer protocol, this includes both Group and Functional addresses. |FabricId, InterfaceName | -|IfInOctets |Yes |Interface In Octets |Count |Average |The total number of octets received on the interface, including framing characters. |FabricId, InterfaceName | -|IfInPkts |Yes |Interface In Pkts |Count |Average |The total number of packets received on the interface, including all unicast, multicast, broadcast and bad packets etc. |FabricId, InterfaceName | -|IfInUnicastPkts |Yes |Interface In Unicast Pkts |Count |Average |The number of packets, delivered by this sub-layer to a higher (sub-)layer, that were not addressed to a multicast or broadcast address at this sub-layer. |FabricId, InterfaceName | -|IfOutBroadcastPkts |Yes |Interface Out Broadcast Pkts |Count |Average |The total number of packets that higher-level protocols requested be transmitted, and that were addressed to a broadcast address at this sub-layer, including those that were discarded or not sent. |FabricId, InterfaceName | -|IfOutDiscards |Yes |Interface Out Discards |Count |Average |The number of outbound packets that were chosen to be discarded even though no errors had been detected to prevent their being transmitted. |FabricId, InterfaceName | -|IfOutErrors |Yes |Interface Out Errors |Count |Average |For packet-oriented interfaces, the number of outbound packets that could not be transmitted because of errors. |FabricId, InterfaceName | -|IfOutMulticastPkts |Yes |Interface Out Multicast Pkts |Count |Average |The total number of packets that higher-level protocols requested be transmitted, and that were addressed to a multicast address at this sub-layer, including those that were discarded or not sent. For a MAC-layer protocol, this includes both Group and Functional addresses. |FabricId, InterfaceName | -|IfOutOctets |Yes |Interface Out Octets |Count |Average |The total number of octets transmitted out of the interface, including framing characters. |FabricId, InterfaceName | -|IfOutPkts |Yes |Interface Out Pkts |Count |Average |The total number of packets transmitted out of the interface, including all unicast, multicast, broadcast, and bad packets etc. |FabricId, InterfaceName | -|IfOutUnicastPkts |Yes |Interface Out Unicast Pkts |Count |Average |The total number of packets that higher-level requested be transmitted, and that were not addressed to a multicast or broadcast address at this sub-layer, including those that were discarded or not sent. |FabricId, InterfaceName | -|InterfaceOperStatus |Yes |Interface Operational State |Unspecified |Minimum |The current operational state of the interface. State is represented in numerical form. Up: 0, Down: 1, Lower_layer_down: 2, Testing: 3, Unknown: 4, Dormant: 5, Not_present: 6. |FabricId, InterfaceName | -|LacpErrors |Yes |Lacp Errors |Count |Average |Number of LACPDU illegal packet errors. |FabricId, InterfaceName | -|LacpInPkts |Yes |Lacp In Pkts |Count |Average |Number of LACPDUs received. |FabricId, InterfaceName | -|LacpOutPkts |Yes |Lacp Out Pkts |Count |Average |Number of LACPDUs transmitted. |FabricId, InterfaceName | -|LacpRxErrors |Yes |Lacp Rx Errors |Count |Average |Number of LACPDU receive packet errors. |FabricId, InterfaceName | -|LacpTxErrors |Yes |Lacp Tx Errors |Count |Average |Number of LACPDU transmit packet errors. |FabricId, InterfaceName | -|LacpUnknownErrors |Yes |Lacp Unknown Errors |Count |Average |Number of LACPDU unknown packet errors. |FabricId, InterfaceName | -|LldpFrameIn |Yes |Lldp Frame In |Count |Average |The number of lldp frames received. |FabricId, InterfaceName | -|LldpFrameOut |Yes |Lldp Frame Out |Count |Average |The number of frames transmitted out. |FabricId, InterfaceName | -|LldpTlvUnknown |Yes |Lldp Tlv Unknown |Count |Average |The number of frames received with unknown TLV. |FabricId, InterfaceName | -|MemoryAvailable |Yes |Memory Available |Bytes |Average |The available memory physically installed, or logically allocated to the component. |FabricId, ComponentName | -|MemoryUtilized |Yes |Memory Utilized |Bytes |Average |The memory currently in use by processes running on the component, not considering reserved memory that is not available for use. |FabricId, ComponentName | -|PowerSupplyCapacity |Yes |Power Supply Maximum Power Capacity |Unspecified |Average |Maximum power capacity of the power supply (watts). |FabricId, ComponentName | -|PowerSupplyInputCurrent |Yes |Power Supply Input Current |Unspecified |Average |The input current draw of the power supply (amps). |FabricId, ComponentName | -|PowerSupplyInputVoltage |Yes |Power Supply Input Voltage |Unspecified |Average |Input voltage to the power supply (volts). |FabricId, ComponentName | -|PowerSupplyOutputCurrent |Yes |Power Supply Output Current |Unspecified |Average |The output current supplied by the power supply (amps) |FabricId, ComponentName | -|PowerSupplyOutputPower |Yes |Power Supply Output Power |Unspecified |Average |Output power supplied by the power supply (watts) |FabricId, ComponentName | -|PowerSupplyOutputVoltage |Yes |Power Supply Output Voltage |Unspecified |Average |Output voltage supplied by the power supply (volts). |FabricId, ComponentName | -|TemperatureMax |Yes |Temperature Max |Unspecified |Average |Max temperature in degrees Celsius of the component. The maximum value of the statistic over the sampling period. |FabricId, ComponentName | --## Microsoft.Maps/accounts -<!-- Data source : arm--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|Availability |Yes |Availability |Percent |Average |Availability of the APIs |ApiCategory, ApiName | -|Usage |No |Usage |Count |Count |Count of API calls |ApiCategory, ApiName, ResultType, ResponseCode | --## Microsoft.Media/mediaservices -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|AssetCount |Yes |Asset count |Count |Average |How many assets are already created in current media service account |No Dimensions | -|AssetQuota |Yes |Asset quota |Count |Average |How many assets are allowed for current media service account |No Dimensions | -|AssetQuotaUsedPercentage |Yes |Asset quota used percentage |Percent |Average |Asset used percentage in current media service account |No Dimensions | -|ChannelsAndLiveEventsCount |Yes |Live event count |Count |Average |The total number of live events in the current media services account |No Dimensions | -|ContentKeyPolicyCount |Yes |Content Key Policy count |Count |Average |How many content key policies are already created in current media service account |No Dimensions | -|ContentKeyPolicyQuota |Yes |Content Key Policy quota |Count |Average |How many content key polices are allowed for current media service account |No Dimensions | -|ContentKeyPolicyQuotaUsedPercentage |Yes |Content Key Policy quota used percentage |Percent |Average |Content Key Policy used percentage in current media service account |No Dimensions | -|JobQuota |Yes |Job quota |Count |Average |The Job quota for the current media service account. |No Dimensions | -|JobsScheduled |Yes |Jobs Scheduled |Count |Average |The number of Jobs in the Scheduled state. Counts on this metric only reflect jobs submitted through the v3 API. Jobs submitted through the v2 (Legacy) API are not counted. |No Dimensions | -|KeyDeliveryRequests |No |Key request time |Count |Average |The key delivery request status and latency in milliseconds for the current Media Service account. |KeyType, HttpStatusCode | -|MaxChannelsAndLiveEventsCount |Yes |Max live event quota |Count |Average |The maximum number of live events allowed in the current media services account |No Dimensions | -|MaxRunningChannelsAndLiveEventsCount |Yes |Max running live event quota |Count |Average |The maximum number of running live events allowed in the current media services account |No Dimensions | -|RunningChannelsAndLiveEventsCount |Yes |Running live event count |Count |Average |The total number of running live events in the current media services account |No Dimensions | -|StreamingPolicyCount |Yes |Streaming Policy count |Count |Average |How many streaming policies are already created in current media service account |No Dimensions | -|StreamingPolicyQuota |Yes |Streaming Policy quota |Count |Average |How many streaming policies are allowed for current media service account |No Dimensions | -|StreamingPolicyQuotaUsedPercentage |Yes |Streaming Policy quota used percentage |Percent |Average |Streaming Policy used percentage in current media service account |No Dimensions | -|TransformQuota |Yes |Transform quota |Count |Average |The Transform quota for the current media service account. |No Dimensions | --## Microsoft.Media/mediaservices/liveEvents -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|IngestBitrate |Yes |Live Event ingest bitrate |BitsPerSecond |Average |The incoming bitrate ingested for a live event, in bits per second. |TrackName | -|IngestDriftValue |Yes |Live Event ingest drift value |Seconds |Maximum |Drift between the timestamp of the ingested content and the system clock, measured in seconds per minute. A non zero value indicates that the ingested content is arriving slower than system clock time. |TrackName | -|IngestLastTimestamp |Yes |Live Event ingest last timestamp |Milliseconds |Maximum |Last timestamp ingested for a live event. |TrackName | -|LiveOutputLastTimestamp |Yes |Last output timestamp |Milliseconds |Maximum |Timestamp of the last fragment uploaded to storage for a live event output. |TrackName | --## Microsoft.Media/mediaservices/streamingEndpoints -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|CPU |Yes |CPU usage |Percent |Average |CPU usage for premium streaming endpoints. This data is not available for standard streaming endpoints. |No Dimensions | -|Egress |Yes |Egress |Bytes |Total |The amount of Egress data, in bytes. |OutputFormat | -|EgressBandwidth |No |Egress bandwidth |BitsPerSecond |Average |Egress bandwidth in bits per second. |No Dimensions | -|Requests |Yes |Requests |Count |Total |Requests to a Streaming Endpoint. |OutputFormat, HttpStatusCode, ErrorCode | -|SuccessE2ELatency |Yes |Success end to end Latency |MilliSeconds |Average |The average latency for successful requests in milliseconds. |OutputFormat | --## Microsoft.Media/videoanalyzers -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|IngressBytes |Yes |Ingress Bytes |Bytes |Total |The number of bytes ingressed by the pipeline node. |PipelineKind, PipelineTopology, Pipeline, Node | -|Pipelines |Yes |Pipelines |Count |Total |The number of pipelines of each kind and state |PipelineKind, PipelineTopology, PipelineState | --## Microsoft.MixedReality/remoteRenderingAccounts -<!-- Data source : arm--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|ActiveRenderingSessions |Yes |Active Rendering Sessions |Count |Average |Total number of active rendering sessions |SessionType, SDKVersion | -|AssetsConverted |Yes |Assets Converted |Count |Total |Total number of assets converted |SDKVersion | --## Microsoft.MixedReality/spatialAnchorsAccounts -<!-- Data source : arm--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|AnchorsCreated |Yes |Anchors Created |Count |Total |Number of Anchors created |DeviceFamily, SDKVersion | -|AnchorsDeleted |Yes |Anchors Deleted |Count |Total |Number of Anchors deleted |DeviceFamily, SDKVersion | -|AnchorsQueried |Yes |Anchors Queried |Count |Total |Number of Spatial Anchors queried |DeviceFamily, SDKVersion | -|AnchorsUpdated |Yes |Anchors Updated |Count |Total |Number of Anchors updated |DeviceFamily, SDKVersion | -|PosesFound |Yes |Poses Found |Count |Total |Number of Poses returned |DeviceFamily, SDKVersion | -|TotalDailyAnchors |Yes |Total Daily Anchors |Count |Average |Total number of Anchors - Daily |DeviceFamily, SDKVersion | --## Microsoft.Monitor/accounts -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|ActiveTimeSeries |No |Active Time Series |Count |Maximum | The number of unique time series recently ingested into the account over the previous 12 hours |StampColor | -|ActiveTimeSeriesLimit |No |Active Time Series Limit |Count |Maximum |The limit on the number of unique time series which can be actively ingested into the account |StampColor | -|ActiveTimeSeriesPercentUtilization |No | Active Time Series % Utilization |Percent |Average |The percentage of current active time series account limit being utilized |StampColor | -|EventsPerMinuteIngested |No |Events Per Minute Ingested |Count |Maximum |The number of events per minute recently received |StampColor | -|EventsPerMinuteIngestedLimit |No |Events Per Minute Ingested Limit |Count |Maximum |The maximum number of events per minute which can be received before events become throttled |StampColor | -|EventsPerMinuteIngestedPercentUtilization |No |Events Per Minute Ingested % Utilization |Percent |Average |The percentage of the current metric ingestion rate limit being utilized |StampColor | -|SimpleSamplesStored |No |Simple Data Samples Stored |Count |Maximum |The total number of samples stored for simple sampling types (like sum, count). For Prometheus this is equivalent to the number of samples scraped and ingested. |StampColor | --## Microsoft.NetApp/netAppAccounts/capacityPools -<!-- Data source : arm--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|VolumePoolAllocatedSize |Yes |Pool Allocated Size |Bytes |Average |Provisioned size of this pool |No Dimensions | -|VolumePoolAllocatedToVolumeThroughput |Yes |Pool allocated throughput |BytesPerSecond |Average |Sum of the throughput of all the volumes belonging to the pool |No Dimensions | -|VolumePoolAllocatedUsed |Yes |Pool Allocated To Volume Size |Bytes |Average |Allocated used size of the pool |No Dimensions | -|VolumePoolProvisionedThroughput |Yes |Provisioned throughput for the pool |BytesPerSecond |Average |Provisioned throughput of this pool |No Dimensions | -|VolumePoolTotalLogicalSize |Yes |Pool Consumed Size |Bytes |Average |Sum of the logical size of all the volumes belonging to the pool |No Dimensions | -|VolumePoolTotalSnapshotSize |Yes |Total Snapshot size for the pool |Bytes |Average |Sum of snapshot size of all volumes in this pool |No Dimensions | --## Microsoft.NetApp/netAppAccounts/capacityPools/volumes -<!-- Data source : arm--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|AverageReadLatency |Yes |Average read latency |MilliSeconds |Average |Average read latency in milliseconds per operation |No Dimensions | -|AverageWriteLatency |Yes |Average write latency |MilliSeconds |Average |Average write latency in milliseconds per operation |No Dimensions | -|CbsVolumeBackupActive |Yes |Is Volume Backup suspended |Count |Average |Is the backup policy suspended for the volume? 0 if yes, 1 if no. |No Dimensions | -|CbsVolumeLogicalBackupBytes |Yes |Volume Backup Bytes |Bytes |Average |Total bytes backed up for this Volume. |No Dimensions | -|CbsVolumeOperationBackupTransferredBytes |Yes |Volume Backup Operation Last Transferred Bytes |Bytes |Average |Total bytes transferred for last backup operation. |No Dimensions | -|CbsVolumeOperationComplete |Yes |Is Volume Backup Operation Complete |Count |Average |Did the last volume backup or restore operation complete successfully? 1 if yes, 0 if no. |No Dimensions | -|CbsVolumeOperationRestoreTransferredBytes |Yes |Volume Backup Restore Operation Last Transferred Bytes |Bytes |Average |Total bytes transferred for last backup restore operation. |No Dimensions | -|CbsVolumeOperationTransferredBytes |Yes |Volume Backup Last Transferred Bytes |Bytes |Average |Total bytes transferred for last backup or restore operation. |No Dimensions | -|CbsVolumeProtected |Yes |Is Volume Backup Enabled |Count |Average |Is backup enabled for the volume? 1 if yes, 0 if no. |No Dimensions | -|OtherThroughput |Yes |Other throughput |BytesPerSecond |Average |Other throughput (that is not read or write) in bytes per second |No Dimensions | -|ReadIops |Yes |Read iops |CountPerSecond |Average |Read In/out operations per second |No Dimensions | -|ReadThroughput |Yes |Read throughput |BytesPerSecond |Average |Read throughput in bytes per second |No Dimensions | -|TotalThroughput |Yes |Total throughput |BytesPerSecond |Average |Sum of all throughput in bytes per second |No Dimensions | -|VolumeAllocatedSize |Yes |Volume allocated size |Bytes |Average |The provisioned size of a volume |No Dimensions | -|VolumeConsumedSizePercentage |Yes |Percentage Volume Consumed Size |Percent |Average |The percentage of the volume consumed including snapshots. |No Dimensions | -|VolumeCoolTierDataReadSize |Yes |Volume cool tier data read size |Bytes |Average |Data read in using GET per volume |No Dimensions | -|VolumeCoolTierDataWriteSize |Yes |Volume cool tier data write size |Bytes |Average |Data tiered out using PUT per volume |No Dimensions | -|VolumeCoolTierSize |Yes |Volume cool tier size |Bytes |Average |Volume Footprint for Cool Tier |No Dimensions | -|VolumeLogicalSize |Yes |Volume Consumed Size |Bytes |Average |Logical size of the volume (used bytes) |No Dimensions | -|VolumeSnapshotSize |Yes |Volume snapshot size |Bytes |Average |Size of all snapshots in volume |No Dimensions | -|WriteIops |Yes |Write iops |CountPerSecond |Average |Write In/out operations per second |No Dimensions | -|WriteThroughput |Yes |Write throughput |BytesPerSecond |Average |Write throughput in bytes per second |No Dimensions | -|XregionReplicationHealthy |Yes |Is volume replication status healthy |Count |Average |Condition of the relationship, 1 or 0. |No Dimensions | -|XregionReplicationLagTime |Yes |Volume replication lag time |Seconds |Average |The amount of time in seconds by which the data on the mirror lags behind the source. |No Dimensions | -|XregionReplicationLastTransferDuration |Yes |Volume replication last transfer duration |Seconds |Average |The amount of time in seconds it took for the last transfer to complete. |No Dimensions | -|XregionReplicationLastTransferSize |Yes |Volume replication last transfer size |Bytes |Average |The total number of bytes transferred as part of the last transfer. |No Dimensions | -|XregionReplicationRelationshipProgress |Yes |Volume replication progress |Bytes |Average |Total amount of data transferred for the current transfer operation. |No Dimensions | -|XregionReplicationRelationshipTransferring |Yes |Is volume replication transferring |Count |Average |Whether the status of the Volume Replication is 'transferring'. |No Dimensions | -|XregionReplicationTotalTransferBytes |Yes |Volume replication total transfer |Bytes |Average |Cumulative bytes transferred for the relationship. |No Dimensions | --## Microsoft.Network/applicationgateways -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|ApplicationGatewayTotalTime |No |Application Gateway Total Time |MilliSeconds |Average |Time that it takes for a request to be processed and its response to be sent. This is the interval from the time when Application Gateway receives the first byte of an HTTP request to the time when the response send operation finishes. It's important to note that this usually includes the Application Gateway processing time, time that the request and response packets are traveling over the network and the time the backend server took to respond. |Listener | -|AvgRequestCountPerHealthyHost |No |Requests per minute per Healthy Host |Count |Average |Average request count per minute per healthy backend host in a pool |BackendSettingsPool | -|AzwafBotProtection |Yes |WAF Bot Protection Matches |Count |Total |Matched Bot Rules |Action, Category, Mode, CountryCode, PolicyName, PolicyScope | -|AzwafCustomRule |Yes |WAF Custom Rule Matches |Count |Total |Matched Custom Rules |Action, CustomRuleID, Mode, CountryCode, PolicyName, PolicyScope | -|AzwafSecRule |Yes |WAF Managed Rule Matches |Count |Total |Matched Managed Rules |Action, Mode, RuleGroupID, RuleID, CountryCode, PolicyName, PolicyScope, RuleSetName | -|AzwafTotalRequests |Yes |WAF Total Requests |Count |Total |Total number of requests evaluated by WAF |Action, CountryCode, Method, Mode, PolicyName, PolicyScope | -|BackendConnectTime |No |Backend Connect Time |MilliSeconds |Average |Time spent establishing a connection with a backend server |Listener, BackendServer, BackendPool, BackendHttpSetting | -|BackendFirstByteResponseTime |No |Backend First Byte Response Time |MilliSeconds |Average |Time interval between start of establishing a connection to backend server and receiving the first byte of the response header, approximating processing time of backend server |Listener, BackendServer, BackendPool, BackendHttpSetting | -|BackendLastByteResponseTime |No |Backend Last Byte Response Time |MilliSeconds |Average |Time interval between start of establishing a connection to backend server and receiving the last byte of the response body |Listener, BackendServer, BackendPool, BackendHttpSetting | -|BackendResponseStatus |Yes |Backend Response Status |Count |Total |The number of HTTP response codes generated by the backend members. This does not include any response codes generated by the Application Gateway. |BackendServer, BackendPool, BackendHttpSetting, HttpStatusGroup | -|BlockedCount |Yes |Web Application Firewall Blocked Requests Rule Distribution |Count |Total |Web Application Firewall blocked requests rule distribution |RuleGroup, RuleId | -|BytesReceived |Yes |Bytes Received |Bytes |Total |The total number of bytes received by the Application Gateway from the clients |Listener | -|BytesSent |Yes |Bytes Sent |Bytes |Total |The total number of bytes sent by the Application Gateway to the clients |Listener | -|CapacityUnits |No |Current Capacity Units |Count |Average |Capacity Units consumed |No Dimensions | -|ClientRtt |No |Client RTT |MilliSeconds |Average |Round trip time between clients and Application Gateway. This metric indicates how long it takes to establish connections and return acknowledgements |Listener | -|ComputeUnits |No |Current Compute Units |Count |Average |Compute Units consumed |No Dimensions | -|CpuUtilization |No |CPU Utilization |Percent |Average |Current CPU utilization of the Application Gateway |No Dimensions | -|CurrentConnections |Yes |Current Connections |Count |Total |Count of current connections established with Application Gateway |No Dimensions | -|EstimatedBilledCapacityUnits |No |Estimated Billed Capacity Units |Count |Average |Estimated capacity units that will be charged |No Dimensions | -|FailedRequests |Yes |Failed Requests |Count |Total |Count of failed requests that Application Gateway has served |BackendSettingsPool | -|FixedBillableCapacityUnits |No |Fixed Billable Capacity Units |Count |Average |Minimum capacity units that will be charged |No Dimensions | -|HealthyHostCount |Yes |Healthy Host Count |Count |Average |Number of healthy backend hosts |BackendSettingsPool | -|MatchedCount |Yes |Web Application Firewall Total Rule Distribution |Count |Total |Web Application Firewall Total Rule Distribution for the incoming traffic |RuleGroup, RuleId | -|NewConnectionsPerSecond |No |New connections per second |CountPerSecond |Average |New connections per second established with Application Gateway |No Dimensions | -|ResponseStatus |Yes |Response Status |Count |Total |Http response status returned by Application Gateway |HttpStatusGroup | -|Throughput |No |Throughput |BytesPerSecond |Average |Number of bytes per second the Application Gateway has served |No Dimensions | -|TlsProtocol |Yes |Client TLS Protocol |Count |Total |The number of TLS and non-TLS requests initiated by the client that established connection with the Application Gateway. To view TLS protocol distribution, filter by the dimension TLS Protocol. |Listener, TlsProtocol | -|TotalRequests |Yes |Total Requests |Count |Total |Count of successful requests that Application Gateway has served |BackendSettingsPool | -|UnhealthyHostCount |Yes |Unhealthy Host Count |Count |Average |Number of unhealthy backend hosts |BackendSettingsPool | --## Microsoft.Network/azureFirewalls -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|ApplicationRuleHit |Yes |Application rules hit count |Count |Total |Number of times Application rules were hit |Status, Reason, Protocol | -|DataProcessed |Yes |Data processed |Bytes |Total |Total amount of data processed by this firewall |No Dimensions | -|FirewallHealth |Yes |Firewall health state |Percent |Average |Indicates the overall health of this firewall |Status, Reason | -|FirewallLatencyPng |Yes |Latency Probe (Preview) |Milliseconds |Average |Estimate of the average latency of the Firewall as measured by latency probe |No Dimensions | -|NetworkRuleHit |Yes |Network rules hit count |Count |Total |Number of times Network rules were hit |Status, Reason, Protocol | -|SNATPortUtilization |Yes |SNAT port utilization |Percent |Average |Percentage of outbound SNAT ports currently in use |Protocol | -|Throughput |No |Throughput |BitsPerSecond |Average |Throughput processed by this firewall |No Dimensions | --## microsoft.network/bastionHosts -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|pingmesh |No |Bastion Communication Status |Count |Average |Communication status shows 1 if all communication is good and 0 if its bad. |No Dimensions | -|sessions |No |Session Count |Count |Total |Sessions Count for the Bastion. View in sum and per instance. |host | -|total |Yes |Total Memory |Count |Average |Total memory stats. |host | -|usage_user |No |CPU Usage |Count |Average |CPU Usage stats. |cpu, host | -|used |Yes |Memory Usage |Count |Average |Memory Usage stats. |host | --## Microsoft.Network/connections -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|BitsInPerSecond |Yes |BitsInPerSecond |BitsPerSecond |Average |Bits ingressing Azure per second |No Dimensions | -|BitsOutPerSecond |Yes |BitsOutPerSecond |BitsPerSecond |Average |Bits egressing Azure per second |No Dimensions | --## Microsoft.Network/dnsForwardingRulesets -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|ForwardingRuleCount |No |Forwarding Rule Count |Count |Maximum |This metric indicates the number of forwarding rules present in each DNS forwarding ruleset. |No Dimensions | -|VirtualNetworkLinkCount |No |Virtual Network Link Count |Count |Maximum |This metric indicates the number of associated virtual network links to a DNS forwarding ruleset. |No Dimensions | --## Microsoft.Network/dnsResolvers -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|InboundEndpointCount |No |Inbound Endpoint Count |Count |Maximum |This metric indicates the number of inbound endpoints created for a DNS Resolver. |No Dimensions | -|OutboundEndpointCount |No |Outbound Endpoint Count |Count |Maximum |This metric indicates the number of outbound endpoints created for a DNS Resolver. |No Dimensions | -|QPS |No |Queries Per Second |Count |Average |This metric indicates the queries per second for a DNS Resolver. (Can be aggregated per EndpointId) |EndpointId | --## Microsoft.Network/dnszones -<!-- Data source : arm--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|QueryVolume |No |Query Volume |Count |Total |Number of queries served for a DNS zone |No Dimensions | -|RecordSetCapacityUtilization |No |Record Set Capacity Utilization |Percent |Maximum |Percent of Record Set capacity utilized by a DNS zone |No Dimensions | -|RecordSetCount |No |Record Set Count |Count |Maximum |Number of Record Sets in a DNS zone |No Dimensions | --## Microsoft.Network/expressRouteCircuits -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|ArpAvailability |Yes |Arp Availability |Percent |Average |ARP Availability from MSEE towards all peers. |PeeringType, Peer | -|BgpAvailability |Yes |Bgp Availability |Percent |Average |BGP Availability from MSEE towards all peers. |PeeringType, Peer | -|BitsInPerSecond |Yes |BitsInPerSecond |BitsPerSecond |Average |Bits ingressing Azure per second |PeeringType, DeviceRole | -|BitsOutPerSecond |Yes |BitsOutPerSecond |BitsPerSecond |Average |Bits egressing Azure per second |PeeringType, DeviceRole | -|FastPathRoutesCountForCircuit |Yes |FastPathRoutesCount |Count |Maximum |Count of fastpath routes configured on circuit |No Dimensions | -|GlobalReachBitsInPerSecond |No |GlobalReachBitsInPerSecond |BitsPerSecond |Average |Bits ingressing Azure per second |PeeredCircuitSKey | -|GlobalReachBitsOutPerSecond |No |GlobalReachBitsOutPerSecond |BitsPerSecond |Average |Bits egressing Azure per second |PeeredCircuitSKey | -|QosDropBitsInPerSecond |Yes |DroppedInBitsPerSecond |BitsPerSecond |Average |Ingress bits of data dropped per second |No Dimensions | -|QosDropBitsOutPerSecond |Yes |DroppedOutBitsPerSecond |BitsPerSecond |Average |Egress bits of data dropped per second |No Dimensions | --## Microsoft.Network/expressRouteCircuits/peerings -<!-- Data source : arm--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|BitsInPerSecond |Yes |BitsInPerSecond |BitsPerSecond |Average |Bits ingressing Azure per second |No Dimensions | -|BitsOutPerSecond |Yes |BitsOutPerSecond |BitsPerSecond |Average |Bits egressing Azure per second |No Dimensions | --## microsoft.network/expressroutegateways -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|ErGatewayConnectionBitsInPerSecond |No |Bits In Per Second |BitsPerSecond |Average |Bits per second ingressing Azure via ExpressRoute Gateway which can be further split for specific connections |ConnectionName | -|ErGatewayConnectionBitsOutPerSecond |No |Bits Out Per Second |BitsPerSecond |Average |Bits per second egressing Azure via ExpressRoute Gateway which can be further split for specific connections |ConnectionName | -|ExpressRouteGatewayActiveFlows |No |Active Flows |Count |Average |Number of Active Flows on ExpressRoute Gateway |roleInstance | -|ExpressRouteGatewayBitsPerSecond |No |Bits Received Per second |BitsPerSecond |Average |Total Bits received on ExpressRoute Gateway per second |roleInstance | -|ExpressRouteGatewayCountOfRoutesAdvertisedToPeer |Yes |Count Of Routes Advertised to Peer |Count |Maximum |Count Of Routes Advertised To Peer by ExpressRoute Gateway |roleInstance | -|ExpressRouteGatewayCountOfRoutesLearnedFromPeer |Yes |Count Of Routes Learned from Peer |Count |Maximum |Count Of Routes Learned From Peer by ExpressRoute Gateway |roleInstance | -|ExpressRouteGatewayCpuUtilization |Yes |CPU utilization |Percent |Average |CPU Utilization of the ExpressRoute Gateway |roleInstance | -|ExpressRouteGatewayFrequencyOfRoutesChanged |No |Frequency of Routes change |Count |Total |Frequency of Routes change in ExpressRoute Gateway |roleInstance | -|ExpressRouteGatewayMaxFlowsCreationRate |No |Max Flows Created Per Second |CountPerSecond |Maximum |Maximum Number of Flows Created Per Second on ExpressRoute Gateway |roleInstance, direction | -|ExpressRouteGatewayNumberOfVmInVnet |No |Number of VMs in the Virtual Network |Count |Maximum |Number of VMs in the Virtual Network |No Dimensions | -|ExpressRouteGatewayPacketsPerSecond |No |Packets received per second |CountPerSecond |Average |Total Packets received on ExpressRoute Gateway per second |roleInstance | --## Microsoft.Network/expressRoutePorts -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|AdminState |Yes |AdminState |Count |Average |Admin state of the port |Link | -|FastPathRoutesCountForDirectPort |Yes |FastPathRoutesCount |Count |Maximum |Count of fastpath routes configured on port |No Dimensions | -|LineProtocol |Yes |LineProtocol |Count |Average |Line protocol status of the port |Link | -|PortBitsInPerSecond |No |BitsInPerSecond |BitsPerSecond |Average |Bits ingressing Azure per second |Link | -|PortBitsOutPerSecond |No |BitsOutPerSecond |BitsPerSecond |Average |Bits egressing Azure per second |Link | -|RxLightLevel |Yes |RxLightLevel |Count |Average |Rx Light level in dBm |Link, Lane | -|TxLightLevel |Yes |TxLightLevel |Count |Average |Tx light level in dBm |Link, Lane | --## Microsoft.Network/frontdoors -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|BackendHealthPercentage |Yes |Backend Health Percentage |Percent |Average |The percentage of successful health probes from the HTTP/S proxy to backends |Backend, BackendPool | -|BackendRequestCount |Yes |Backend Request Count |Count |Total |The number of requests sent from the HTTP/S proxy to backends |HttpStatus, HttpStatusGroup, Backend | -|BackendRequestLatency |Yes |Backend Request Latency |MilliSeconds |Average |The time calculated from when the request was sent by the HTTP/S proxy to the backend until the HTTP/S proxy received the last response byte from the backend |Backend | -|BillableResponseSize |Yes |Billable Response Size |Bytes |Total |The number of billable bytes (minimum 2KB per request) sent as responses from HTTP/S proxy to clients. |HttpStatus, HttpStatusGroup, ClientRegion, ClientCountry | -|RequestCount |Yes |Request Count |Count |Total |The number of client requests served by the HTTP/S proxy |HttpStatus, HttpStatusGroup, ClientRegion, ClientCountry | -|RequestSize |Yes |Request Size |Bytes |Total |The number of bytes sent as requests from clients to the HTTP/S proxy |HttpStatus, HttpStatusGroup, ClientRegion, ClientCountry | -|ResponseSize |Yes |Response Size |Bytes |Total |The number of bytes sent as responses from HTTP/S proxy to clients |HttpStatus, HttpStatusGroup, ClientRegion, ClientCountry | -|TotalLatency |Yes |Total Latency |MilliSeconds |Average |The time calculated from when the client request was received by the HTTP/S proxy until the client acknowledged the last response byte from the HTTP/S proxy |HttpStatus, HttpStatusGroup, ClientRegion, ClientCountry | -|WebApplicationFirewallRequestCount |Yes |Web Application Firewall Request Count |Count |Total |The number of client requests processed by the Web Application Firewall |PolicyName, RuleName, Action | --## Microsoft.Network/loadBalancers -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|AllocatedSnatPorts |No |Allocated SNAT Ports |Count |Average |Total number of SNAT ports allocated within time period |FrontendIPAddress, BackendIPAddress, ProtocolType, IsAwaitingRemoval | -|ByteCount |Yes |Byte Count |Bytes |Total |Total number of Bytes transmitted within time period |FrontendIPAddress, FrontendPort, Direction | -|DipAvailability |Yes |Health Probe Status |Count |Average |Average Load Balancer health probe status per time duration |ProtocolType, BackendPort, FrontendIPAddress, FrontendPort, BackendIPAddress | -|GlobalBackendAvailability |Yes |Health Probe Status |Count |Average |Azure Cross-region Load Balancer backend health and status per time duration |FrontendIPAddress, FrontendPort, BackendIPAddress, ProtocolType, FrontendRegion, BackendRegion | -|PacketCount |Yes |Packet Count |Count |Total |Total number of Packets transmitted within time period |FrontendIPAddress, FrontendPort, Direction | -|SnatConnectionCount |Yes |SNAT Connection Count |Count |Total |Total number of new SNAT connections created within time period |FrontendIPAddress, BackendIPAddress, ConnectionState | -|SYNCount |Yes |SYN Count |Count |Total |Total number of SYN Packets transmitted within time period |FrontendIPAddress, FrontendPort, Direction | -|UsedSnatPorts |No |Used SNAT Ports |Count |Average |Total number of SNAT ports used within time period |FrontendIPAddress, BackendIPAddress, ProtocolType, IsAwaitingRemoval | -|VipAvailability |Yes |Data Path Availability |Count |Average |Average Load Balancer data path availability per time duration |FrontendIPAddress, FrontendPort | --## Microsoft.Network/natGateways -<!-- Data source : arm--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|ByteCount |No |Bytes |Bytes |Total |Total number of Bytes transmitted within time period |Protocol, Direction | -|DatapathAvailability |No |Datapath Availability (Preview) |Count |Average |NAT Gateway Datapath Availability |No Dimensions | -|PacketCount |No |Packets |Count |Total |Total number of Packets transmitted within time period |Protocol, Direction | -|PacketDropCount |No |Dropped Packets |Count |Total |Count of dropped packets |No Dimensions | -|SNATConnectionCount |No |SNAT Connection Count |Count |Total |Total concurrent active connections |Protocol, ConnectionState | -|TotalConnectionCount |No |Total SNAT Connection Count |Count |Total |Total number of active SNAT connections |Protocol | --## Microsoft.Network/networkInterfaces -<!-- Data source : arm--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|BytesReceivedRate |Yes |Bytes Received |Bytes |Total |Number of bytes the Network Interface received |No Dimensions | -|BytesSentRate |Yes |Bytes Sent |Bytes |Total |Number of bytes the Network Interface sent |No Dimensions | -|PacketsReceivedRate |Yes |Packets Received |Count |Total |Number of packets the Network Interface received |No Dimensions | -|PacketsSentRate |Yes |Packets Sent |Count |Total |Number of packets the Network Interface sent |No Dimensions | --## Microsoft.Network/networkWatchers/connectionMonitors -<!-- Data source : arm--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|AverageRoundtripMs |Yes |Avg. Round-trip Time (ms) (classic) |MilliSeconds |Average |Average network round-trip time (ms) for connectivity monitoring probes sent between source and destination |No Dimensions | -|ChecksFailedPercent |Yes |Checks Failed Percent |Percent |Average |% of connectivity monitoring checks failed |SourceAddress, SourceName, SourceResourceId, SourceType, Protocol, DestinationAddress, DestinationName, DestinationResourceId, DestinationType, DestinationPort, TestGroupName, TestConfigurationName, SourceIP, DestinationIP, SourceSubnet, DestinationSubnet | -|ProbesFailedPercent |Yes |% Probes Failed (classic) |Percent |Average |% of connectivity monitoring probes failed |No Dimensions | -|RoundTripTimeMs |Yes |Round-Trip Time (ms) |MilliSeconds |Average |Round-trip time in milliseconds for the connectivity monitoring checks |SourceAddress, SourceName, SourceResourceId, SourceType, Protocol, DestinationAddress, DestinationName, DestinationResourceId, DestinationType, DestinationPort, TestGroupName, TestConfigurationName, SourceIP, DestinationIP, SourceSubnet, DestinationSubnet | -|TestResult |Yes |Test Result |Count |Average |Connection monitor test result |SourceAddress, SourceName, SourceResourceId, SourceType, Protocol, DestinationAddress, DestinationName, DestinationResourceId, DestinationType, DestinationPort, TestGroupName, TestConfigurationName, TestResultCriterion, SourceIP, DestinationIP, SourceSubnet, DestinationSubnet | --## microsoft.network/p2svpngateways -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|P2SBandwidth |Yes |Gateway P2S Bandwidth |BytesPerSecond |Average |Point-to-site bandwidth of a gateway in bytes per second |Instance | -|P2SConnectionCount |Yes |P2S Connection Count |Count |Total |Point-to-site connection count of a gateway |Protocol, Instance | -|UserVpnRouteCount |No |User Vpn Route Count |Count |Total |Count of P2S User Vpn routes learned by gateway |RouteType, Instance | --## Microsoft.Network/privateDnsZones -<!-- Data source : arm--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|QueryVolume |No |Query Volume |Count |Total |Number of queries served for a Private DNS zone |No Dimensions | -|RecordSetCapacityUtilization |No |Record Set Capacity Utilization |Percent |Maximum |Percent of Record Set capacity utilized by a Private DNS zone |No Dimensions | -|RecordSetCount |No |Record Set Count |Count |Maximum |Number of Record Sets in a Private DNS zone |No Dimensions | -|VirtualNetworkLinkCapacityUtilization |No |Virtual Network Link Capacity Utilization |Percent |Maximum |Percent of Virtual Network Link capacity utilized by a Private DNS zone |No Dimensions | -|VirtualNetworkLinkCount |No |Virtual Network Link Count |Count |Maximum |Number of Virtual Networks linked to a Private DNS zone |No Dimensions | -|VirtualNetworkWithRegistrationCapacityUtilization |No |Virtual Network Registration Link Capacity Utilization |Percent |Maximum |Percent of Virtual Network Link with auto-registration capacity utilized by a Private DNS zone |No Dimensions | -|VirtualNetworkWithRegistrationLinkCount |No |Virtual Network Registration Link Count |Count |Maximum |Number of Virtual Networks linked to a Private DNS zone with auto-registration enabled |No Dimensions | --## Microsoft.Network/privateEndpoints -<!-- Data source : arm--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|PEBytesIn |No |Bytes In |Count |Total |Total number of Bytes Out |No Dimensions | -|PEBytesOut |No |Bytes Out |Count |Total |Total number of Bytes Out |No Dimensions | --## Microsoft.Network/privateLinkServices -<!-- Data source : arm--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|PLSBytesIn |Yes |Bytes In |Count |Total |Total number of Bytes Out |PrivateLinkServiceId | -|PLSBytesOut |Yes |Bytes Out |Count |Total |Total number of Bytes Out |PrivateLinkServiceId | -|PLSNatPortsUsage |Yes |Nat Ports Usage |Percent |Average |Nat Ports Usage |PrivateLinkServiceId, PrivateLinkServiceIPAddress | --## Microsoft.Network/publicIPAddresses -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|ByteCount |Yes |Byte Count |Bytes |Total |Total number of Bytes transmitted within time period |Port, Direction | -|BytesDroppedDDoS |Yes |Inbound bytes dropped DDoS |BytesPerSecond |Maximum |Inbound bytes dropped DDoS |No Dimensions | -|BytesForwardedDDoS |Yes |Inbound bytes forwarded DDoS |BytesPerSecond |Maximum |Inbound bytes forwarded DDoS |No Dimensions | -|BytesInDDoS |Yes |Inbound bytes DDoS |BytesPerSecond |Maximum |Inbound bytes DDoS |No Dimensions | -|DDoSTriggerSYNPackets |Yes |Inbound SYN packets to trigger DDoS mitigation |CountPerSecond |Maximum |Inbound SYN packets to trigger DDoS mitigation |No Dimensions | -|DDoSTriggerTCPPackets |Yes |Inbound TCP packets to trigger DDoS mitigation |CountPerSecond |Maximum |Inbound TCP packets to trigger DDoS mitigation |No Dimensions | -|DDoSTriggerUDPPackets |Yes |Inbound UDP packets to trigger DDoS mitigation |CountPerSecond |Maximum |Inbound UDP packets to trigger DDoS mitigation |No Dimensions | -|IfUnderDDoSAttack |Yes |Under DDoS attack or not |Count |Maximum |Under DDoS attack or not |No Dimensions | -|PacketCount |Yes |Packet Count |Count |Total |Total number of Packets transmitted within time period |Port, Direction | -|PacketsDroppedDDoS |Yes |Inbound packets dropped DDoS |CountPerSecond |Maximum |Inbound packets dropped DDoS |No Dimensions | -|PacketsForwardedDDoS |Yes |Inbound packets forwarded DDoS |CountPerSecond |Maximum |Inbound packets forwarded DDoS |No Dimensions | -|PacketsInDDoS |Yes |Inbound packets DDoS |CountPerSecond |Maximum |Inbound packets DDoS |No Dimensions | -|SynCount |Yes |SYN Count |Count |Total |Total number of SYN Packets transmitted within time period |Port, Direction | -|TCPBytesDroppedDDoS |Yes |Inbound TCP bytes dropped DDoS |BytesPerSecond |Maximum |Inbound TCP bytes dropped DDoS |No Dimensions | -|TCPBytesForwardedDDoS |Yes |Inbound TCP bytes forwarded DDoS |BytesPerSecond |Maximum |Inbound TCP bytes forwarded DDoS |No Dimensions | -|TCPBytesInDDoS |Yes |Inbound TCP bytes DDoS |BytesPerSecond |Maximum |Inbound TCP bytes DDoS |No Dimensions | -|TCPPacketsDroppedDDoS |Yes |Inbound TCP packets dropped DDoS |CountPerSecond |Maximum |Inbound TCP packets dropped DDoS |No Dimensions | -|TCPPacketsForwardedDDoS |Yes |Inbound TCP packets forwarded DDoS |CountPerSecond |Maximum |Inbound TCP packets forwarded DDoS |No Dimensions | -|TCPPacketsInDDoS |Yes |Inbound TCP packets DDoS |CountPerSecond |Maximum |Inbound TCP packets DDoS |No Dimensions | -|UDPBytesDroppedDDoS |Yes |Inbound UDP bytes dropped DDoS |BytesPerSecond |Maximum |Inbound UDP bytes dropped DDoS |No Dimensions | -|UDPBytesForwardedDDoS |Yes |Inbound UDP bytes forwarded DDoS |BytesPerSecond |Maximum |Inbound UDP bytes forwarded DDoS |No Dimensions | -|UDPBytesInDDoS |Yes |Inbound UDP bytes DDoS |BytesPerSecond |Maximum |Inbound UDP bytes DDoS |No Dimensions | -|UDPPacketsDroppedDDoS |Yes |Inbound UDP packets dropped DDoS |CountPerSecond |Maximum |Inbound UDP packets dropped DDoS |No Dimensions | -|UDPPacketsForwardedDDoS |Yes |Inbound UDP packets forwarded DDoS |CountPerSecond |Maximum |Inbound UDP packets forwarded DDoS |No Dimensions | -|UDPPacketsInDDoS |Yes |Inbound UDP packets DDoS |CountPerSecond |Maximum |Inbound UDP packets DDoS |No Dimensions | -|VipAvailability |Yes |Data Path Availability |Count |Average |Average IP Address availability per time duration |Port | --## Microsoft.Network/trafficManagerProfiles -<!-- Data source : arm--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|ProbeAgentCurrentEndpointStateByProfileResourceId |Yes |Endpoint Status by Endpoint |Count |Maximum |1 if an endpoint's probe status is "Enabled", 0 otherwise. |EndpointName | -|QpsByEndpoint |Yes |Queries by Endpoint Returned |Count |Total |Number of times a Traffic Manager endpoint was returned in the given time frame |EndpointName | --## Microsoft.Network/virtualHubs -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|BgpPeerStatus |No |Bgp Peer Status |Count |Maximum |1 - Connected, 0 - Not connected |routeserviceinstance, bgppeerip, bgppeertype | -|CountOfRoutesAdvertisedToPeer |No |Count Of Routes Advertised To Peer |Count |Maximum |Total number of routes advertised to peer |routeserviceinstance, bgppeerip, bgppeertype | -|CountOfRoutesLearnedFromPeer |No |Count Of Routes Learned From Peer |Count |Maximum |Total number of routes learned from peer |routeserviceinstance, bgppeerip, bgppeertype | -|VirtualHubDataProcessed |No |Data Processed by the Virtual Hub Router |Bytes |Total |Data Processed by the Virtual Hub Router |No Dimensions | --## microsoft.network/virtualnetworkgateways -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|AverageBandwidth |Yes |Gateway S2S Bandwidth |BytesPerSecond |Average |Site-to-site bandwidth of a gateway in bytes per second |Instance | -|BgpPeerStatus |No |BGP Peer Status |Count |Average |Status of BGP peer |BgpPeerAddress, Instance | -|BgpRoutesAdvertised |Yes |BGP Routes Advertised |Count |Total |Count of Bgp Routes Advertised through tunnel |BgpPeerAddress, Instance | -|BgpRoutesLearned |Yes |BGP Routes Learned |Count |Total |Count of Bgp Routes Learned through tunnel |BgpPeerAddress, Instance | -|ExpressRouteGatewayActiveFlows |No |Active Flows |Count |Average |Number of Active Flows on ExpressRoute Gateway |roleInstance | -|ExpressRouteGatewayBitsPerSecond |No |Bits Received Per second |BitsPerSecond |Average |Total Bits received on ExpressRoute Gateway per second |roleInstance | -|ExpressRouteGatewayCountOfRoutesAdvertisedToPeer |Yes |Count Of Routes Advertised to Peer |Count |Maximum |Count Of Routes Advertised To Peer by ExpressRoute Gateway |roleInstance | -|ExpressRouteGatewayCountOfRoutesLearnedFromPeer |Yes |Count Of Routes Learned from Peer |Count |Maximum |Count Of Routes Learned From Peer by ExpressRoute Gateway |roleInstance | -|ExpressRouteGatewayCpuUtilization |Yes |CPU utilization |Percent |Average |CPU Utilization of the ExpressRoute Gateway |roleInstance | -|ExpressRouteGatewayFrequencyOfRoutesChanged |No |Frequency of Routes change |Count |Total |Frequency of Routes change in ExpressRoute Gateway |roleInstance | -|ExpressRouteGatewayMaxFlowsCreationRate |No |Max Flows Created Per Second |CountPerSecond |Maximum |Maximum Number of Flows Created Per Second on ExpressRoute Gateway |roleInstance, direction | -|ExpressRouteGatewayNumberOfVmInVnet |No |Number of VMs in the Virtual Network |Count |Maximum |Number of VMs in the Virtual Network |roleInstance | -|ExpressRouteGatewayPacketsPerSecond |No |Packets received per second |CountPerSecond |Average |Total Packets received on ExpressRoute Gateway per second |roleInstance | -|MmsaCount |Yes |Tunnel MMSA Count |Count |Total |MMSA Count |ConnectionName, RemoteIP, Instance | -|P2SBandwidth |Yes |Gateway P2S Bandwidth |BytesPerSecond |Average |Point-to-site bandwidth of a gateway in bytes per second |Instance | -|P2SConnectionCount |Yes |P2S Connection Count |Count |Total |Point-to-site connection count of a gateway |Protocol, Instance | -|QmsaCount |Yes |Tunnel QMSA Count |Count |Total |QMSA Count |ConnectionName, RemoteIP, Instance | -|TunnelAverageBandwidth |Yes |Tunnel Bandwidth |BytesPerSecond |Average |Average bandwidth of a tunnel in bytes per second |ConnectionName, RemoteIP, Instance | -|TunnelEgressBytes |Yes |Tunnel Egress Bytes |Bytes |Total |Outgoing bytes of a tunnel |ConnectionName, RemoteIP, Instance | -|TunnelEgressPacketDropCount |Yes |Tunnel Egress Packet Drop Count |Count |Total |Count of outgoing packets dropped by tunnel |ConnectionName, RemoteIP, Instance | -|TunnelEgressPacketDropTSMismatch |Yes |Tunnel Egress TS Mismatch Packet Drop |Count |Total |Outgoing packet drop count from traffic selector mismatch of a tunnel |ConnectionName, RemoteIP, Instance | -|TunnelEgressPackets |Yes |Tunnel Egress Packets |Count |Total |Outgoing packet count of a tunnel |ConnectionName, RemoteIP, Instance | -|TunnelIngressBytes |Yes |Tunnel Ingress Bytes |Bytes |Total |Incoming bytes of a tunnel |ConnectionName, RemoteIP, Instance | -|TunnelIngressPacketDropCount |Yes |Tunnel Ingress Packet Drop Count |Count |Total |Count of incoming packets dropped by tunnel |ConnectionName, RemoteIP, Instance | -|TunnelIngressPacketDropTSMismatch |Yes |Tunnel Ingress TS Mismatch Packet Drop |Count |Total |Incoming packet drop count from traffic selector mismatch of a tunnel |ConnectionName, RemoteIP, Instance | -|TunnelIngressPackets |Yes |Tunnel Ingress Packets |Count |Total |Incoming packet count of a tunnel |ConnectionName, RemoteIP, Instance | -|TunnelNatAllocations |No |Tunnel NAT Allocations |Count |Total |Count of allocations for a NAT rule on a tunnel |NatRule, ConnectionName, RemoteIP, Instance | -|TunnelNatedBytes |No |Tunnel NATed Bytes |Bytes |Total |Number of bytes that were NATed on a tunnel by a NAT rule |NatRule, ConnectionName, RemoteIP, Instance | -|TunnelNatedPackets |No |Tunnel NATed Packets |Count |Total |Number of packets that were NATed on a tunnel by a NAT rule |NatRule, ConnectionName, RemoteIP, Instance | -|TunnelNatFlowCount |No |Tunnel NAT Flows |Count |Total |Number of NAT flows on a tunnel by flow type and NAT rule |NatRule, FlowType, ConnectionName, RemoteIP, Instance | -|TunnelNatPacketDrop |No |Tunnel NAT Packet Drops |Count |Total |Number of NATed packets on a tunnel that dropped by drop type and NAT rule |NatRule, DropType, ConnectionName, RemoteIP, Instance | -|TunnelPeakPackets |Yes |Tunnel Peak PPS |Count |Maximum |Tunnel Peak Packets Per Second |ConnectionName, RemoteIP, Instance | -|TunnelReverseNatedBytes |No |Tunnel Reverse NATed Bytes |Bytes |Total |Number of bytes that were reverse NATed on a tunnel by a NAT rule |NatRule, ConnectionName, RemoteIP, Instance | -|TunnelReverseNatedPackets |No |Tunnel Reverse NATed Packets |Count |Total |Number of packets on a tunnel that were reverse NATed by a NAT rule |NatRule, ConnectionName, RemoteIP, Instance | -|TunnelTotalFlowCount |Yes |Tunnel Total Flow Count |Count |Total |Total flow count on a tunnel |ConnectionName, RemoteIP, Instance | -|UserVpnRouteCount |No |User Vpn Route Count |Count |Total |Count of P2S User Vpn routes learned by gateway |RouteType, Instance | -|VnetAddressPrefixCount |Yes |VNet Address Prefix Count |Count |Total |Count of Vnet address prefixes behind gateway |Instance | --## Microsoft.Network/virtualNetworks -<!-- Data source : arm--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|BytesDroppedDDoS |Yes |Inbound bytes dropped DDoS |BytesPerSecond |Maximum |Inbound bytes dropped DDoS |ProtectedIPAddress | -|BytesForwardedDDoS |Yes |Inbound bytes forwarded DDoS |BytesPerSecond |Maximum |Inbound bytes forwarded DDoS |ProtectedIPAddress | -|BytesInDDoS |Yes |Inbound bytes DDoS |BytesPerSecond |Maximum |Inbound bytes DDoS |ProtectedIPAddress | -|DDoSTriggerSYNPackets |Yes |Inbound SYN packets to trigger DDoS mitigation |CountPerSecond |Maximum |Inbound SYN packets to trigger DDoS mitigation |ProtectedIPAddress | -|DDoSTriggerTCPPackets |Yes |Inbound TCP packets to trigger DDoS mitigation |CountPerSecond |Maximum |Inbound TCP packets to trigger DDoS mitigation |ProtectedIPAddress | -|DDoSTriggerUDPPackets |Yes |Inbound UDP packets to trigger DDoS mitigation |CountPerSecond |Maximum |Inbound UDP packets to trigger DDoS mitigation |ProtectedIPAddress | -|IfUnderDDoSAttack |Yes |Under DDoS attack or not |Count |Maximum |Under DDoS attack or not |ProtectedIPAddress | -|PacketsDroppedDDoS |Yes |Inbound packets dropped DDoS |CountPerSecond |Maximum |Inbound packets dropped DDoS |ProtectedIPAddress | -|PacketsForwardedDDoS |Yes |Inbound packets forwarded DDoS |CountPerSecond |Maximum |Inbound packets forwarded DDoS |ProtectedIPAddress | -|PacketsInDDoS |Yes |Inbound packets DDoS |CountPerSecond |Maximum |Inbound packets DDoS |ProtectedIPAddress | -|PingMeshAverageRoundtripMs |Yes |Round trip time for Pings to a VM |MilliSeconds |Average |Round trip time for Pings sent to a destination VM |SourceCustomerAddress, DestinationCustomerAddress | -|PingMeshProbesFailedPercent |Yes |Failed Pings to a VM |Percent |Average |Percent of number of failed Pings to total sent Pings of a destination VM |SourceCustomerAddress, DestinationCustomerAddress | -|TCPBytesDroppedDDoS |Yes |Inbound TCP bytes dropped DDoS |BytesPerSecond |Maximum |Inbound TCP bytes dropped DDoS |ProtectedIPAddress | -|TCPBytesForwardedDDoS |Yes |Inbound TCP bytes forwarded DDoS |BytesPerSecond |Maximum |Inbound TCP bytes forwarded DDoS |ProtectedIPAddress | -|TCPBytesInDDoS |Yes |Inbound TCP bytes DDoS |BytesPerSecond |Maximum |Inbound TCP bytes DDoS |ProtectedIPAddress | -|TCPPacketsDroppedDDoS |Yes |Inbound TCP packets dropped DDoS |CountPerSecond |Maximum |Inbound TCP packets dropped DDoS |ProtectedIPAddress | -|TCPPacketsForwardedDDoS |Yes |Inbound TCP packets forwarded DDoS |CountPerSecond |Maximum |Inbound TCP packets forwarded DDoS |ProtectedIPAddress | -|TCPPacketsInDDoS |Yes |Inbound TCP packets DDoS |CountPerSecond |Maximum |Inbound TCP packets DDoS |ProtectedIPAddress | -|UDPBytesDroppedDDoS |Yes |Inbound UDP bytes dropped DDoS |BytesPerSecond |Maximum |Inbound UDP bytes dropped DDoS |ProtectedIPAddress | -|UDPBytesForwardedDDoS |Yes |Inbound UDP bytes forwarded DDoS |BytesPerSecond |Maximum |Inbound UDP bytes forwarded DDoS |ProtectedIPAddress | -|UDPBytesInDDoS |Yes |Inbound UDP bytes DDoS |BytesPerSecond |Maximum |Inbound UDP bytes DDoS |ProtectedIPAddress | -|UDPPacketsDroppedDDoS |Yes |Inbound UDP packets dropped DDoS |CountPerSecond |Maximum |Inbound UDP packets dropped DDoS |ProtectedIPAddress | -|UDPPacketsForwardedDDoS |Yes |Inbound UDP packets forwarded DDoS |CountPerSecond |Maximum |Inbound UDP packets forwarded DDoS |ProtectedIPAddress | -|UDPPacketsInDDoS |Yes |Inbound UDP packets DDoS |CountPerSecond |Maximum |Inbound UDP packets DDoS |ProtectedIPAddress | --## Microsoft.Network/virtualRouters -<!-- Data source : arm--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|PeeringAvailability |Yes |Bgp Availability |Percent |Average |BGP Availability between VirtualRouter and remote peers |Peer | --## microsoft.network/vpngateways -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|AverageBandwidth |Yes |Gateway S2S Bandwidth |BytesPerSecond |Average |Site-to-site bandwidth of a gateway in bytes per second |Instance | -|BgpPeerStatus |No |BGP Peer Status |Count |Average |Status of BGP peer |BgpPeerAddress, Instance | -|BgpRoutesAdvertised |Yes |BGP Routes Advertised |Count |Total |Count of Bgp Routes Advertised through tunnel |BgpPeerAddress, Instance | -|BgpRoutesLearned |Yes |BGP Routes Learned |Count |Total |Count of Bgp Routes Learned through tunnel |BgpPeerAddress, Instance | -|MmsaCount |Yes |Tunnel MMSA Count |Count |Total |MMSA Count |ConnectionName, RemoteIP, Instance | -|QmsaCount |Yes |Tunnel QMSA Count |Count |Total |QMSA Count |ConnectionName, RemoteIP, Instance | -|TunnelAverageBandwidth |Yes |Tunnel Bandwidth |BytesPerSecond |Average |Average bandwidth of a tunnel in bytes per second |ConnectionName, RemoteIP, Instance | -|TunnelEgressBytes |Yes |Tunnel Egress Bytes |Bytes |Total |Outgoing bytes of a tunnel |ConnectionName, RemoteIP, Instance | -|TunnelEgressPacketDropCount |Yes |Tunnel Egress Packet Drop Count |Count |Total |Count of outgoing packets dropped by tunnel |ConnectionName, RemoteIP, Instance | -|TunnelEgressPacketDropTSMismatch |Yes |Tunnel Egress TS Mismatch Packet Drop |Count |Total |Outgoing packet drop count from traffic selector mismatch of a tunnel |ConnectionName, RemoteIP, Instance | -|TunnelEgressPackets |Yes |Tunnel Egress Packets |Count |Total |Outgoing packet count of a tunnel |ConnectionName, RemoteIP, Instance | -|TunnelIngressBytes |Yes |Tunnel Ingress Bytes |Bytes |Total |Incoming bytes of a tunnel |ConnectionName, RemoteIP, Instance | -|TunnelIngressPacketDropCount |Yes |Tunnel Ingress Packet Drop Count |Count |Total |Count of incoming packets dropped by tunnel |ConnectionName, RemoteIP, Instance | -|TunnelIngressPacketDropTSMismatch |Yes |Tunnel Ingress TS Mismatch Packet Drop |Count |Total |Incoming packet drop count from traffic selector mismatch of a tunnel |ConnectionName, RemoteIP, Instance | -|TunnelIngressPackets |Yes |Tunnel Ingress Packets |Count |Total |Incoming packet count of a tunnel |ConnectionName, RemoteIP, Instance | -|TunnelNatAllocations |No |Tunnel NAT Allocations |Count |Total |Count of allocations for a NAT rule on a tunnel |NatRule, ConnectionName, RemoteIP, Instance | -|TunnelNatedBytes |No |Tunnel NATed Bytes |Bytes |Total |Number of bytes that were NATed on a tunnel by a NAT rule |NatRule, ConnectionName, RemoteIP, Instance | -|TunnelNatedPackets |No |Tunnel NATed Packets |Count |Total |Number of packets that were NATed on a tunnel by a NAT rule |NatRule, ConnectionName, RemoteIP, Instance | -|TunnelNatFlowCount |No |Tunnel NAT Flows |Count |Total |Number of NAT flows on a tunnel by flow type and NAT rule |NatRule, FlowType, ConnectionName, RemoteIP, Instance | -|TunnelNatPacketDrop |No |Tunnel NAT Packet Drops |Count |Total |Number of NATed packets on a tunnel that dropped by drop type and NAT rule |NatRule, DropType, ConnectionName, RemoteIP, Instance | -|TunnelPeakPackets |Yes |Tunnel Peak PPS |Count |Maximum |Tunnel Peak Packets Per Second |ConnectionName, RemoteIP, Instance | -|TunnelReverseNatedBytes |No |Tunnel Reverse NATed Bytes |Bytes |Total |Number of bytes that were reverse NATed on a tunnel by a NAT rule |NatRule, ConnectionName, RemoteIP, Instance | -|TunnelReverseNatedPackets |No |Tunnel Reverse NATed Packets |Count |Total |Number of packets on a tunnel that were reverse NATed by a NAT rule |NatRule, ConnectionName, RemoteIP, Instance | -|TunnelTotalFlowCount |Yes |Tunnel Total Flow Count |Count |Total |Total flow count on a tunnel |ConnectionName, RemoteIP, Instance | -|VnetAddressPrefixCount |Yes |VNet Address Prefix Count |Count |Total |Count of Vnet address prefixes behind gateway |Instance | --## Microsoft.NetworkAnalytics/DataConnectors -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|DataIngested |No |Data Ingested |Bytes |Total |The volume of data ingested by the pipeline (bytes). |No Dimensions | -|MalformedData |Yes |Malformed Data |Count |Total |The number of files unable to be processed by the pipeline. |No Dimensions | -|MalformedRecords |No |Malformed Records |Count |Total |The number of records unable to be processed by the pipeline. |No Dimensions | -|ProcessedFileCount |Yes |Processed File Count |Count |Total |The number of files processed by the data connector. |No Dimensions | -|Running |Yes |Running |Unspecified |Count |Values greater than 0 indicate that the pipeline is ready to process data. |No Dimensions | --## Microsoft.NetworkCloud/bareMetalMachines -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|HostBootTimeSeconds |No |Host Boot Seconds (Preview) |Seconds |Average |Unix time of last boot |Host | -|HostDiskReadCompleted |No |Host Disk Reads Completed |Count |Average |Disk reads completed by node |Device, Host | -|HostDiskReadSeconds |No |Host Disk Read Seconds (Preview) |Seconds |Average |Disk read time by node |Device, Host | -|HostDiskWriteCompleted |No |Total Number of Writes Completed |Count |Average |Disk writes completed by node |Device, Host | -|HostDiskWriteSeconds |No |Host Disk Write Seconds (Preview) |Seconds |Average |Disk write time by node |Device, Host | -|HostDmiInfo |No |Host DMI Info (Preview) |Unspecified |Count |Host Desktop Management Interface (DMI) environment information |BiosDate, BiosRelease, BiosVendor, BiosVersion, BoardAssetTag, BoardName, BoardVendor, BoardVersion, ChassisAssetTag, ChassisVendor, ChassisVersion, Host, ProductFamily, ProductName, ProductSku, ProductUuid, ProductVersion, SystemVendor | -|HostEntropyAvailableBits |No |Host Entropy Available Bits (Preview) |Count |Average |Available bits in node entropy |Host | -|HostFilesystemAvailBytes |No |Host Filesystem Available Bytes |Count |Average |Available filesystem size by node |Device, FSType, Host, Mountpoint | -|HostFilesystemDeviceError |No |Host Filesystem Device Errors |Count |Average |Indicates if there was a problem getting information for the filesystem |Device, FSType, Host, Mountpoint | -|HostFilesystemFiles |No |Host Filesystem Files |Count |Average |Total number of permitted inodes |Device, FSType, Host, Mountpoint | -|HostFilesystemFilesFree |No |Total Number of Free inodes |Count |Average |Total number of free inodes |Device, FSType, Host, Mountpoint | -|HostFilesystemReadOnly |No |Host Filesystem Read Only |Unspecified |Count |Indicates if the filesystem is readonly |Device, FSType, Host, Mountpoint | -|HostFilesystemSizeBytes |No |Host Filesystem Size In Bytes |Count |Average |Filesystem size by node |Device, FSType, Host, Mountpoint | -|HostHwmonTempCelsius |No |Host Hardware Monitor Temp |Count |Average |Hardware monitor for temperature (celsius) |Chip, Host, Sensor | -|HostHwmonTempMax |No |Host Hardware Monitor Temp Max |Count |Average |Hardware monitor for maximum temperature (celsius) |Chip, Host, Sensor | -|HostLoad1 |No |Average Load In 1 Minute (Preview) |Count |Average |1 minute load average |Host | -|HostLoad15 |No |Average Load In 15 Minutes (Preview) |Count |Average |15 minute load average |Host | -|HostLoad5 |No |Average load in 5 minutes (Preview) |Count |Average |5 minute load average |Host | -|HostMemAvailBytes |No |Host Memory Available Bytes |Count |Average |Available memory in bytes by node |Host | -|HostMemHWCorruptedBytes |No |Total Amount of Memory In Corrupted Pages |Count |Average |Corrupted bytes in hardware by node |Host | -|HostMemTotalBytes |No |Host Memory Total Bytes |Bytes |Average |Total bytes of memory by node |Host | -|HostSpecificCPUUtilization |No |Host Specific CPU Utilization (Preview) |Seconds |Average |A counter metric that counts the number of seconds the CPU has been running in a particular mode |Cpu, Host, Mode | -|IdracPowerCapacityWatts |No |IDRAC Power Capacity Watts |Unspecified |Average |Power Capacity |Host, PSU | -|IdracPowerInputWatts |No |IDRAC Power Input Watts |Unspecified |Average |Power Input |Host, PSU | -|IdracPowerOn |No |IDRAC Power On |Unspecified |Count |IDRAC Power On Status |Host | -|IdracPowerOutputWatts |No |IDRAC Power Output Watts |Unspecified |Average |Power Output |Host, PSU | -|IdracSensorsTemperature |No |IDRAC Sensors Temperature |Unspecified |Average |IDRAC sensor temperature |Host, Name, Units | -|NcNodeNetworkReceiveErrsTotal |No |Network Device Receive Errors |Count |Average |Total network device errors received |Hostname, Interface Name | -|NcNodeNetworkTransmitErrsTotal |No |Network Device Transmit Errors |Count |Average |Total network device errors transmitted |Hostname, Interface Name | -|NcTotalCpusPerNuma |No |Total CPUs Available to Nexus per NUMA |Count |Average |Total number of CPUs available to Nexus per NUMA |Hostname, NUMA Node | -|NcTotalWorkloadCpusAllocatedPerNuma |No |CPUs per NUMA Allocated for Nexus Kubernetes |Count |Average |Total number of CPUs per NUMA allocated for Nexus Kubernetes and Tenant Workloads |Hostname, NUMA Node | -|NcTotalWorkloadCpusAvailablePerNuma |No |CPUs per NUMA Available for Nexus Kubernetes |Count |Average |Total number of CPUs per NUMA available to Nexus Kubernetes and Tenant Workloads |Hostname, NUMA Node | -|NodeBondingActive |No |Node Bonding Active (Preview) |Count |Average |Number of active interfaces per bonding interface |Master | -|NodeMemHugePagesFree |No |Node Memory Huge Pages Free (Preview) |Bytes |Average |NUMA hugepages free by node |Host, Node | -|NodeMemHugePagesTotal |No |Node Memory Huge Pages Total |Bytes |Average |NUMA huge pages total by node |Host, Node | -|NodeMemNumaFree |No |Node Memory NUMA (Free Memory) |Bytes |Average |NUMA memory free |Name, Host | -|NodeMemNumaShem |No |Node Memory NUMA (Shared Memory) |Bytes |Average |NUMA shared memory |Host, Node | -|NodeMemNumaUsed |No |Node Memory NUMA (Used Memory) |Bytes |Average |NUMA memory used |Host, Node | -|NodeNetworkCarrierChanges |No |Node Network Carrier Changes |Count |Average |Node network carrier changes |Device, Host | -|NodeNetworkMtuBytes |No |Node Network Maximum Transmission Unit Bytes |Bytes |Average |Node network Maximum Transmission Unit (mtu_bytes) value of /sys/class/net/\<iface\> |Device, Host | -|NodeNetworkReceiveMulticastTotal |No |Node Network Received Multicast Total |Bytes |Average |Network device statistic receive_multicast |Device, Host | -|NodeNetworkReceivePackets |No |Node Network Received Packets |Count |Average |Network device statistic receive_packets |Device, Host | -|NodeNetworkSpeedBytes |No |Node Network Speed Bytes |Bytes |Average |speed_bytes value of /sys/class/net/\<iface\> |Device, Host | -|NodeNetworkTransmitPackets |No |Node Network Transmited Packets |Count |Average |Network device statistic transmit_packets |Device, Host | -|NodeNetworkUp |No |Node Network Up |Count |Count |Value is 1 if operstate is 'up', 0 otherwise. |Device, Host | -|NodeNvmeInfo |No |Node NVMe Info (Preview) |Count |Count |Non-numeric data from /sys/class/nvme/\<device\>, value is always 1. Provides firmware, model, state and serial for a device |Device, State | -|NodeOsInfo |No |Node OS Info |Count |Count |Node OS information |Host, Name, Version | -|NodeTimexMaxErrorSeconds |No |Node Timex Max Error Seconds |Seconds |Average |Maximum time error between the local system and reference clock |Host | -|NodeTimexOffsetSeconds |No |Node Timex Offset Seconds |Seconds |Average |Time offset in between the local system and reference clock |Host | -|NodeTimexSyncStatus |No |Node Timex Sync Status |Count |Average |Is clock synchronized to a reliable server (1 = yes, 0 = no) |Host | -|NodeVmOomKill |No |Node VM Out Of Memory Kill |Count |Average |Information in /proc/vmstat pertaining to the field oom_kill |Host | -|NodeVmstatPswpIn |No |Node VM PSWP In |Count |Average |Information in /proc/vmstat pertaining to the field pswpin |Host | -|NodeVmstatPswpout |No |Node VM PSWP Out |Count |Average |Information in /proc/vmstat pertaining to the field pswpout |Host | --## Microsoft.NetworkCloud/clusters -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|ApiserverAuditRequestsRejectedTotal |No |API Server Audit Requests Rejected Total |Count |Average |Counter of API server requests rejected due to an error in the audit logging backend |Component, Pod Name | -|ApiserverClientCertificateExpirationSecondsSum |No |API Server Client Certificate Expiration Seconds Sum (Preview) |Seconds |Average |Sum of API server client certificate expiration (seconds) |Component, Pod Name | -|ApiserverStorageDataKeyGenerationFailuresTotal |No |API Server Storage Data Key Generation Failures Total |Count |Average |Total number of operations that failed Data Encryption Key (DEK) generation |Component, Pod Name | -|ApiserverTlsHandshakeErrorsTotal |No |API Server TLS Handshake Errors Total (Preview) |Count |Average |Number of requests dropped with 'TLS handshake' error |Component, Pod Name | -|ContainerFsIoTimeSecondsTotal |No |Container FS I/O Time Seconds Total (Preview) |Seconds |Average |Time taken for container Input/Output (I/O) operations |Device, Host | -|ContainerMemoryFailcnt |No |Container Memory Fail Count |Count |Average |Number of times a container's memory usage limit is hit |Container, Host, Namespace, Pod | -|ContainerMemoryUsageBytes |No |Container Memory Usage Bytes |Bytes |Average |Current memory usage, including all memory regardless of when it was accessed |Container, Host, Namespace, Pod | -|ContainerNetworkReceiveErrorsTotal |No |Container Network Receive Errors Total (Preview) |Count |Average |Number of errors encountered while receiving bytes over the network |Interface, Namespace, Pod | -|ContainerNetworkTransmitErrorsTotal |No |Container Network Transmit Errors Total (Preview) |Count |Average |Count of errors that happened while transmitting |Interface, Namespace, Pod | -|ContainerScrapeError |No |Container Scrape Error |Unspecified |Average |Indicates whether there was an error while getting container metrics |Host | -|ContainerTasksState |No |Container Tasks State |Count |Average |Number of tasks or processes in a given state (sleeping, running, stopped, uninterruptible, or waiting) in a container |Container, Host, Namespace, Pod, State | -|ControllerRuntimeReconcileErrorsTotal |No |Controller Reconcile Errors Total |Count |Average |Total number of reconciliation errors per controller |Controller, Namespace, Pod Name | -|ControllerRuntimeReconcileTotal |No |Controller Reconciliations Total |Count |Average |Total number of reconciliations per controller |Controller, Namespace, Pod Name | -|CorednsDnsRequestsTotal |No |CoreDNS Requests Total |Count |Average |Total number of DNS requests |Family, Pod Name, Proto, Server, Type | -|CorednsDnsResponsesTotal |No |CoreDNS Responses Total |Count |Average |Total number of DNS responses |Pod Name, Server, Rcode | -|CorednsForwardHealthcheckBrokenTotal |No |CoreDNS Forward Healthcheck Broken Total (Preview) |Count |Average |Total number of times all upstreams are unhealthy |Pod Name, Namespace | -|CorednsForwardMaxConcurrentRejectsTotal |No |CoreDNS Forward Max Concurrent Rejects Total (Preview) |Count |Average |Total number of rejected queries because concurrent queries were at the maximum limit |Pod Name, Namespace | -|CorednsHealthRequestFailuresTotal |No |CoreDNS Health Request Failures Total |Count |Average |The number of times the self health check failed |Pod Name | -|CorednsPanicsTotal |No |CoreDNS Panics Total |Count |Average |Total number of panics |Pod Name | -|CorednsReloadFailedTotal |No |CoreDNS Reload Failed Total |Count |Average |Total number of failed reload attempts |Pod Name, Namespace | -|EtcdDiskBackendCommitDurationSecondsSum |No |Etcd Disk Backend Commit Duration Seconds Sum |Seconds |Total |The latency distribution of commits called by the backend |Component, Pod Name, Tier | -|EtcdDiskWalFsyncDurationSecondsSum |No |Etcd Disk WAL Fsync Duration Seconds Sum |Seconds |Total |The sum of latency distributions of 'fsync' called by the write-ahead log (WAL) |Component, Pod Name, Tier | -|EtcdServerHealthFailures |No |Etcd Server Health Failures |Count |Average |Total server health failures |Pod Name | -|EtcdServerIsLeader |No |Etcd Server Is Leader |Unspecified |Count |Whether or not this member is a leader; 1 if is, 0 otherwise |Component, Pod Name, Tier | -|EtcdServerIsLearner |No |Etcd Server Is Learner |Unspecified |Count |Whether or not this member is a learner; 1 if is, 0 otherwise |Component, Pod Name, Tier | -|EtcdServerLeaderChangesSeenTotal |No |Etcd Server Leader Changes Seen Total |Count |Average |The number of leader changes seen |Component, Pod Name, Tier | -|EtcdServerProposalsAppliedTotal |No |Etcd Server Proposals Applied Total |Count |Average |The total number of consensus proposals applied |Component, Pod Name, Tier | -|EtcdServerProposalsCommittedTotal |No |Etcd Server Proposals Committed Total |Count |Average |The total number of consensus proposals committed |Component, Pod Name, Tier | -|EtcdServerProposalsFailedTotal |No |Etcd Server Proposals Failed Total |Count |Average |The total number of failed proposals |Component, Pod Name, Tier | -|EtcdServerSlowApplyTotal |No |Etcd Server Slow Apply Total (Preview) |Count |Average |The total number of slow apply requests |Pod Name, Tier | -|FelixActiveLocalEndpoints |No |Felix Active Local Endpoints |Count |Average |Number of active endpoints on this host |Host | -|FelixClusterNumHostEndpoints |No |Felix Cluster Num Host Endpoints |Count |Average |Total number of host endpoints cluster-wide |Host | -|FelixClusterNumHosts |No |Felix Cluster Number of Hosts |Count |Average |Total number of Calico hosts in the cluster |Host | -|FelixClusterNumWorkloadEndpoints |No |Felix Cluster Number of Workload Endpoints |Count |Average |Total number of workload endpoints cluster-wide |Host | -|FelixIntDataplaneFailures |No |Felix Interface Dataplane Failures |Count |Average |Number of times dataplane updates failed and will be retried |Host | -|FelixIpsetErrors |No |Felix Ipset Errors |Count |Average |Number of 'ipset' command failures |Host | -|FelixIpsetsCalico |No |Felix Ipsets Calico |Count |Average |Number of active Calico IP sets |Host | -|FelixIptablesRestoreErrors |No |Felix IP Tables Restore Errors |Count |Average |Number of 'iptables-restore' errors |Host | -|FelixIptablesSaveErrors |No |Felix IP Tables Save Errors |Count |Average |Number of 'iptables-save' errors |Host | -|FelixResyncsStarted |No |Felix Resyncs Started |Count |Average |Number of times Felix has started resyncing with the datastore |Host | -|FelixResyncState |No |Felix Resync State |Unspecified |Average |Current datastore state |Host | -|KubeDaemonsetStatusCurrentNumberScheduled |No |Daemonsets Current Number Scheduled |Count |Average |Number of daemonsets currently scheduled |Daemonset, Namespace | -|KubeDaemonsetStatusDesiredNumberScheduled |No |Daemonsets Desired Number Scheduled |Count |Average |Number of daemonsets desired scheduled |Daemonset, Namespace | -|KubeDeploymentStatusReplicasAvailable |No |Deployment Replicas Available |Count |Average |Number of deployment replicas available |Deployment, Namespace | -|KubeDeploymentStatusReplicasReady |No |Deployment Replicas Ready |Count |Average |Number of deployment replicas ready |Deployment, Namespace | -|KubeJobStatusActive |No |Jobs Active |Count |Average |Number of jobs active |Job, Namespace | -|KubeJobStatusFailed |No |Jobs Failed |Count |Average |Number and reason of jobs failed |Job, Namespace, Reason | -|KubeJobStatusSucceeded |No |Jobs Succeeded |Count |Average |Number of jobs succeeded |Job, Namespace | -|KubeletRunningContainers |No |Kubelet Running Containers |Count |Average |Number of containers currently running |Container State, Host | -|KubeletRunningPods |No |Kubelet Running Pods |Count |Average |Number of pods running on the node |Host | -|KubeletRuntimeOperationsErrorsTotal |No |Kubelet Runtime Operations Errors Total |Count |Average |Cumulative number of runtime operation errors by operation type |Host, Operation Type | -|KubeletStartedPodsErrorsTotal |No |Kubelet Started Pods Errors Total |Count |Average |Cumulative number of errors when starting pods |Host | -|KubeletVolumeStatsAvailableBytes |No |Volume Available Bytes |Bytes |Average |Number of available bytes in the volume |Host, Namespace, Persistent Volume Claim | -|KubeletVolumeStatsCapacityBytes |No |Volume Capacity Bytes |Bytes |Average |Capacity (in bytes) of the volume |Host, Namespace, Persistent Volume Claim | -|KubeletVolumeStatsUsedBytes |No |Volume Used Bytes |Bytes |Average |Number of used bytes in the volume |Host, Namespace, Persistent Volume Claim | -|KubeNodeStatusAllocatable |No |Node Resources Allocatable |Count |Average |Node resources allocatable for pods |Node, Resource, Unit | -|KubeNodeStatusCapacity |No |Node Resources Capacity |Count |Average |Total amount of node resources available |Node, Resource, Unit | -|KubeNodeStatusCondition |No |Node Status Condition |Count |Average |The condition of a node |Condition, Node, Status | -|KubePodContainerResourceLimits |No |Container Resources Limits |Count |Average |The container's resources limits |Container, Namespace, Node, Pod, Resource, Unit | -|KubePodContainerResourceRequests |No |Container Resources Requests |Count |Average |The container's resources requested |Container, Namespace, Node, Pod, Resource, Unit | -|KubePodContainerStateStarted |No |Container State Started (Preview) |Count |Average |Unix timestamp start time of a container |Container, Namespace, Pod | -|KubePodContainerStatusLastTerminatedReason |No |Container Status Last Terminated Reason |Count |Average |The reason of a container's last terminated status |Container, Namespace, Pod, Reason | -|KubePodContainerStatusReady |No |Container Status Ready |Count |Average |Describes whether the container's readiness check succeeded |Container, Namespace, Pod | -|KubePodContainerStatusRestartsTotal |No |Container Restarts |Count |Average |The number of container restarts |Container, Namespace, Pod | -|KubePodContainerStatusRunning |No |Container Status Running |Count |Average |The number of containers with a status of 'running' |Container, Namespace, Pod | -|KubePodContainerStatusTerminated |No |Container Status Terminated |Count |Average |The number of containers with a status of 'terminated' |Container, Namespace, Pod | -|KubePodContainerStatusTerminatedReason |No |Container Status Terminated Reason |Count |Average |The number and reason of containers with a status of 'terminated' |Container, Namespace, Pod, Reason | -|KubePodContainerStatusWaiting |No |Container Status Waiting |Count |Average |The number of containers with a status of 'waiting' |Container, Namespace, Pod | -|KubePodContainerStatusWaitingReason |No |Container Status Waiting Reason |Count |Average |The number and reason of containers with a status of 'waiting' |Container, Namespace, Pod, Reason | -|KubePodDeletionTimestamp |No |Pod Deletion Timestamp (Preview) |Count |Average |The timestamp of the pod's deletion |Namespace, Pod | -|KubePodInitContainerStatusReady |No |Pod Init Container Ready |Count |Average |The number of ready pod init containers |Namespace, Container, Pod | -|KubePodInitContainerStatusRestartsTotal |No |Pod Init Container Restarts |Count |Average |The number of pod init containers restarts |Namespace, Container, Pod | -|KubePodInitContainerStatusRunning |No |Pod Init Container Running |Count |Average |The number of running pod init containers |Namespace, Container, Pod | -|KubePodInitContainerStatusTerminated |No |Pod Init Container Terminated |Count |Average |The number of terminated pod init containers |Namespace, Container, Pod | -|KubePodInitContainerStatusTerminatedReason |No |Pod Init Container Terminated Reason |Count |Average |The number of pod init containers with terminated reason |Namespace, Container, Pod, Reason | -|KubePodInitContainerStatusWaiting |No |Pod Init Container Waiting |Count |Average |The number of pod init containers waiting |Namespace, Container, Pod | -|KubePodInitContainerStatusWaitingReason |No |Pod Init Container Waiting Reason |Count |Average |The reason the pod init container is waiting |Namespace, Container, Pod, Reason | -|KubePodStatusPhase |No |Pod Status Phase |Count |Average |The pod status phase |Namespace, Pod, Phase | -|KubePodStatusReady |No |Pod Ready State |Count |Average |Signifies if the pod is in ready state |Namespace, Pod | -|KubePodStatusReason |No |Pod Status Reason |Count |Average |NodeAffinity |Namespace, Pod, Reason | -|KubeStatefulsetReplicas |No |Statefulset Desired Replicas Number |Count |Average |The desired number of statefulset replicas |Namespace, Statefulset | -|KubeStatefulsetStatusReplicas |No |Statefulset Replicas Number |Count |Average |The number of replicas per statefulset |Namespace, Statefulset | -|KubevirtInfo |No |Kubevirt Info |Unspecified |Average |Kubevirt version information |Kube Version | -|KubevirtVirtControllerLeading |No |Kubevirt Virt Controller Leading |Unspecified |Average |Indication for an operating virt-controller |Pod Name | -|KubevirtVirtControllerReady |No |Kubevirt Virt Controller Ready |Unspecified |Average |Indication for a virt-controller that is ready to take the lead |Pod Name | -|KubevirtVirtOperatorReady |No |Kubevirt Virt Operator Ready |Unspecified |Average |Indication for a virt operator being ready |Pod Name | -|KubevirtVmiMemoryActualBalloonBytes |No |Kubevirt VMI Memory Actual BalloonBytes |Bytes |Average |Current balloon size (in bytes) |Name, Node | -|KubevirtVmiMemoryAvailableBytes |No |Kubevirt VMI Memory Available Bytes |Bytes |Average |Amount of usable memory as seen by the domain. This value may not be accurate if a balloon driver is in use or if the guest OS does not initialize all assigned pages |Name, Node | -|KubevirtVmiMemoryDomainBytesTotal |No |Kubevirt VMI Memory Domain Bytes Total (Preview) |Bytes |Average |The amount of memory (in bytes) allocated to the domain. The memory value in domain XML file |Node | -|KubevirtVmiMemorySwapInTrafficBytesTotal |No |Kubevirt VMI Memory Swap In Traffic Bytes Total |Bytes |Average |The total amount of data read from swap space of the guest (in bytes) |Name, Node | -|KubevirtVmiMemorySwapOutTrafficBytesTotal |No |Kubevirt VMI Memory Swap Out Traffic Bytes Total |Bytes |Average |The total amount of memory written out to swap space of the guest (in bytes) |Name, Node | -|KubevirtVmiMemoryUnusedBytes |No |Kubevirt VMI Memory Unused Bytes |Bytes |Average |The amount of memory left completely unused by the system. Memory that is available but used for reclaimable caches should NOT be reported as free |Name, Node | -|KubevirtVmiNetworkReceivePacketsTotal |No |Kubevirt VMI Network Receive Packets Total |Bytes |Average |Total network traffic received packets |Interface, Name, Node | -|KubevirtVmiNetworkTransmitPacketsDroppedTotal |No |Kubevirt VMI Network Transmit Packets Dropped Total |Bytes |Average |The total number of transmit packets dropped on virtual NIC (vNIC) interfaces |Interface, Name, Node | -|KubevirtVmiNetworkTransmitPacketsTotal |No |Kubevirt VMI Network Transmit Packets Total |Bytes |Average |Total network traffic transmitted packets |Interface, Name, Node | -|KubevirtVmiOutdatedCount |No |Kubevirt VMI Outdated Count |Count |Average |Indication for the total number of VirtualMachineInstance (VMI) workloads that are not running within the most up-to-date version of the virt-launcher environment |Name | -|KubevirtVmiPhaseCount |No |Kubevirt VMI Phase Count |Count |Average |Sum of VirtualMachineInstances (VMIs) per phase and node |Node, Phase, Workload | -|KubevirtVmiStorageIopsReadTotal |No |Kubevirt VMI Storage IOPS Read Total |Count |Average |Total number of Input/Output (I/O) read operations |Drive, Name, Node | -|KubevirtVmiStorageIopsWriteTotal |No |Kubevirt VMI Storage IOPS Write Total |Count |Average |Total number of Input/Output (I/O) write operations |Drive, Name, Node | -|KubevirtVmiStorageReadTimesMsTotal |No |Kubevirt VMI Storage Read Times Total (Preview) |Milliseconds |Average |Total time in milliseconds (ms) spent on read operations |Drive, Name, Node | -|KubevirtVmiStorageWriteTimesMsTotal |No |Kubevirt VMI Storage Write Times Total (Preview) |Milliseconds |Average |Total time in milliseconds (ms) spent on write operations |Drive, Name, Node | -|NcVmiCpuAffinity |No |CPU Pinning Map (Preview) |Count |Average |Pinning map of virtual CPUs (vCPUs) to CPUs |CPU, NUMA Node, VMI Namespace, VMI Node, VMI Name | -|TyphaClientLatencySecsCount |No |Typha Client Latency Secs |Count |Average |Per-client latency. I.e. how far behind the current state each client is. |Pod Name | -|TyphaConnectionsAccepted |No |Typha Connections Accepted |Count |Average |Total number of connections accepted over time |Pod Name | -|TyphaConnectionsDropped |No |Typha Connections Dropped |Count |Average |Total number of connections dropped due to rebalancing |Pod Name | -|TyphaPingLatencyCount |No |Typha Ping Latency |Count |Average |Round-trip ping/pong latency to client. Typha's protocol includes a regular ping/pong keepalive to verify that the connection is still up |Pod Name | --## Microsoft.NetworkCloud/storageAppliances -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|PurefaAlertsTotal |No |Nexus Storage Alerts Total |Count |Average |Number of alert events |Severity | -|PurefaArrayPerformanceAvgBlockBytes |No |Nexus Storage Array Avg Block Bytes |Bytes |Average |Average block size |Dimension | -|PurefaArrayPerformanceBandwidthBytes |No |Nexus Storage Array Bandwidth Bytes |Bytes |Average |Array throughput in bytes per second |Dimension | -|PurefaArrayPerformanceIOPS |No |Nexus Storage Array IOPS |Count |Average |Storage array IOPS |Dimension | -|PurefaArrayPerformanceLatencyUsec |No |Nexus Storage Array Latency (Microseconds) |MilliSeconds |Average |Storage array latency in microseconds |Dimension | -|PurefaArrayPerformanceQdepth |No |Nexus Storage Array Queue Depth |Bytes |Average |Storage array queue depth |No Dimensions | -|PurefaArraySpaceCapacityBytes |No |Nexus Storage Array Capacity Bytes |Bytes |Average |Storage array overall space capacity |No Dimensions | -|PurefaArraySpaceDatareductionRatio |No |Nexus Storage Array Space Datareduction Ratio |Percent |Average |Storage array overall data reduction |No Dimensions | -|PurefaArraySpaceProvisionedBytes |No |Nexus Storage Array Space Provisioned Bytes |Bytes |Average |Storage array overall provisioned space |No Dimensions | -|PurefaArraySpaceUsedBytes |No |Nexus Storage Array Space Used Bytes |Bytes |Average |Storage Array overall used space |Dimension | -|PurefaHardwareComponentHealth |No |Nexus Storage Hardware Component Health |Count |Average |Storage array hardware component health status |Component, Controller, Index | -|PurefaHardwarePowerVolts |No |Nexus Storage Hardware Power Volts |Unspecified |Average |Storage array hardware power supply voltage |Power Supply | -|PurefaHardwareTemperatureCelsius |No |Nexus Storage Hardware Temperature Celsius |Unspecified |Average |Storage array hardware temperature sensors |Controller, Sensor | -|PurefaHostPerformanceBandwidthBytes |No |Nexus Storage Host Bandwidth Bytes |Bytes |Average |Storage array host bandwidth in bytes per second |Dimension, Host | -|PurefaHostPerformanceIOPS |No |Nexus Storage Host IOPS |Count |Average |Storage array host IOPS |Dimension, Host | -|PurefaHostPerformanceLatencyUsec |No |Nexus Storage Host Latency (Microseconds) |MilliSeconds |Average |Storage array host latency in microseconds |Dimension, Host | -|PurefaHostSpaceBytes |No |Nexus Storage Host Space Bytes |Bytes |Average |Storage array host space in bytes |Dimension, Host | -|PurefaHostSpaceDatareductionRatio |No |Nexus Storage Host Space Datareduction Ratio |Percent |Average |Storage array host volumes data reduction ratio |Host | -|PurefaHostSpaceSizeBytes |No |Nexus Storage Host Space Size Bytes |Bytes |Average |Storage array host volumes size |Host | -|PurefaInfo |No |Nexus Storage Info (Preview) |Unspecified |Average |Storage array system information |Array Name | -|PurefaVolumePerformanceIOPS |No |Nexus Storage Volume Performance IOPS |Count |Average |Storage array volume IOPS |Dimension, Volume | -|PurefaVolumePerformanceLatencyUsec |No |Nexus Storage Volume Performance Latency (Microseconds) |MilliSeconds |Average |Storage array volume latency in microseconds |Dimension, Volume | -|PurefaVolumePerformanceThroughputBytes |No |Nexus Storage Volume Performance Throughput Bytes |Bytes |Average |Storage array volume throughput |Dimension, Volume | -|PurefaVolumeSpaceBytes |No |Nexus Storage Volume Space Bytes |Bytes |Average |Storage array volume space in bytes |Dimension, Volume | -|PurefaVolumeSpaceDatareductionRatio |No |Nexus Storage Volume Space Datareduction Ratio |Percent |Average |Storage array overall data reduction |Volume | -|PurefaVolumeSpaceSizeBytes |No |Nexus Storage Volume Space Size Bytes |Bytes |Average |Storage array volumes size |Volume | --## Microsoft.NetworkFunction/azureTrafficCollectors -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|count |Yes |Flow Records |Count |Total |Flow Records Processed by ATC. |RoleInstance | -|usage_active |Yes |CPU Usage |Percent |Average |CPU Usage Percentage. |Hostname | -|used_percent |Yes |Memory Usage |Percent |Average |Memory Usage Percentage. |Hostname | --## Microsoft.NotificationHubs/Namespaces/NotificationHubs -<!-- Data source : arm--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|incoming |Yes |Incoming Messages |Count |Total |The count of all successful send API calls. |No Dimensions | -|incoming.all.failedrequests |Yes |All Incoming Failed Requests |Count |Total |Total incoming failed requests for a notification hub |No Dimensions | -|incoming.all.requests |Yes |All Incoming Requests |Count |Total |Total incoming requests for a notification hub |No Dimensions | -|incoming.scheduled |Yes |Scheduled Push Notifications Sent |Count |Total |Scheduled Push Notifications Sent |No Dimensions | -|incoming.scheduled.cancel |Yes |Scheduled Push Notifications Cancelled |Count |Total |Scheduled Push Notifications Cancelled |No Dimensions | -|installation.all |Yes |Installation Management Operations |Count |Total |Installation Management Operations |No Dimensions | -|installation.delete |Yes |Delete Installation Operations |Count |Total |Delete Installation Operations |No Dimensions | -|installation.get |Yes |Get Installation Operations |Count |Total |Get Installation Operations |No Dimensions | -|installation.patch |Yes |Patch Installation Operations |Count |Total |Patch Installation Operations |No Dimensions | -|installation.upsert |Yes |Create or Update Installation Operations |Count |Total |Create or Update Installation Operations |No Dimensions | -|notificationhub.pushes |Yes |All Outgoing Notifications |Count |Total |All outgoing notifications of the notification hub |No Dimensions | -|outgoing.allpns.badorexpiredchannel |Yes |Bad or Expired Channel Errors |Count |Total |The count of pushes that failed because the channel/token/registrationId in the registration was expired or invalid. |No Dimensions | -|outgoing.allpns.channelerror |Yes |Channel Errors |Count |Total |The count of pushes that failed because the channel was invalid not associated with the correct app throttled or expired. |No Dimensions | -|outgoing.allpns.invalidpayload |Yes |Payload Errors |Count |Total |The count of pushes that failed because the PNS returned a bad payload error. |No Dimensions | -|outgoing.allpns.pnserror |Yes |External Notification System Errors |Count |Total |The count of pushes that failed because there was a problem communicating with the PNS (excludes authentication problems). |No Dimensions | -|outgoing.allpns.success |Yes |Successful notifications |Count |Total |The count of all successful notifications. |No Dimensions | -|outgoing.apns.badchannel |Yes |APNS Bad Channel Error |Count |Total |The count of pushes that failed because the token is invalid (APNS status code: 8). |No Dimensions | -|outgoing.apns.expiredchannel |Yes |APNS Expired Channel Error |Count |Total |The count of token that were invalidated by the APNS feedback channel. |No Dimensions | -|outgoing.apns.invalidcredentials |Yes |APNS Authorization Errors |Count |Total |The count of pushes that failed because the PNS did not accept the provided credentials or the credentials are blocked. |No Dimensions | -|outgoing.apns.invalidnotificationsize |Yes |APNS Invalid Notification Size Error |Count |Total |The count of pushes that failed because the payload was too large (APNS status code: 7). |No Dimensions | -|outgoing.apns.pnserror |Yes |APNS Errors |Count |Total |The count of pushes that failed because of errors communicating with APNS. |No Dimensions | -|outgoing.apns.success |Yes |APNS Successful Notifications |Count |Total |The count of all successful notifications. |No Dimensions | -|outgoing.gcm.authenticationerror |Yes |GCM Authentication Errors |Count |Total |The count of pushes that failed because the PNS did not accept the provided credentials the credentials are blocked or the SenderId is not correctly configured in the app (GCM result: MismatchedSenderId). |No Dimensions | -|outgoing.gcm.badchannel |Yes |GCM Bad Channel Error |Count |Total |The count of pushes that failed because the registrationId in the registration was not recognized (GCM result: Invalid Registration). |No Dimensions | -|outgoing.gcm.expiredchannel |Yes |GCM Expired Channel Error |Count |Total |The count of pushes that failed because the registrationId in the registration was expired (GCM result: NotRegistered). |No Dimensions | -|outgoing.gcm.invalidcredentials |Yes |GCM Authorization Errors (Invalid Credentials) |Count |Total |The count of pushes that failed because the PNS did not accept the provided credentials or the credentials are blocked. |No Dimensions | -|outgoing.gcm.invalidnotificationformat |Yes |GCM Invalid Notification Format |Count |Total |The count of pushes that failed because the payload was not formatted correctly (GCM result: InvalidDataKey or InvalidTtl). |No Dimensions | -|outgoing.gcm.invalidnotificationsize |Yes |GCM Invalid Notification Size Error |Count |Total |The count of pushes that failed because the payload was too large (GCM result: MessageTooBig). |No Dimensions | -|outgoing.gcm.pnserror |Yes |GCM Errors |Count |Total |The count of pushes that failed because of errors communicating with GCM. |No Dimensions | -|outgoing.gcm.success |Yes |GCM Successful Notifications |Count |Total |The count of all successful notifications. |No Dimensions | -|outgoing.gcm.throttled |Yes |GCM Throttled Notifications |Count |Total |The count of pushes that failed because GCM throttled this app (GCM status code: 501-599 or result:Unavailable). |No Dimensions | -|outgoing.gcm.wrongchannel |Yes |GCM Wrong Channel Error |Count |Total |The count of pushes that failed because the registrationId in the registration is not associated to the current app (GCM result: InvalidPackageName). |No Dimensions | -|outgoing.mpns.authenticationerror |Yes |MPNS Authentication Errors |Count |Total |The count of pushes that failed because the PNS did not accept the provided credentials or the credentials are blocked. |No Dimensions | -|outgoing.mpns.badchannel |Yes |MPNS Bad Channel Error |Count |Total |The count of pushes that failed because the ChannelURI in the registration was not recognized (MPNS status: 404 not found). |No Dimensions | -|outgoing.mpns.channeldisconnected |Yes |MPNS Channel Disconnected |Count |Total |The count of pushes that failed because the ChannelURI in the registration was disconnected (MPNS status: 412 not found). |No Dimensions | -|outgoing.mpns.dropped |Yes |MPNS Dropped Notifications |Count |Total |The count of pushes that were dropped by MPNS (MPNS response header: X-NotificationStatus: QueueFull or Suppressed). |No Dimensions | -|outgoing.mpns.invalidcredentials |Yes |MPNS Invalid Credentials |Count |Total |The count of pushes that failed because the PNS did not accept the provided credentials or the credentials are blocked. |No Dimensions | -|outgoing.mpns.invalidnotificationformat |Yes |MPNS Invalid Notification Format |Count |Total |The count of pushes that failed because the payload of the notification was too large. |No Dimensions | -|outgoing.mpns.pnserror |Yes |MPNS Errors |Count |Total |The count of pushes that failed because of errors communicating with MPNS. |No Dimensions | -|outgoing.mpns.success |Yes |MPNS Successful Notifications |Count |Total |The count of all successful notifications. |No Dimensions | -|outgoing.mpns.throttled |Yes |MPNS Throttled Notifications |Count |Total |The count of pushes that failed because MPNS is throttling this app (WNS MPNS: 406 Not Acceptable). |No Dimensions | -|outgoing.wns.authenticationerror |Yes |WNS Authentication Errors |Count |Total |Notification not delivered because of errors communicating with Windows Live invalid credentials or wrong token. |No Dimensions | -|outgoing.wns.badchannel |Yes |WNS Bad Channel Error |Count |Total |The count of pushes that failed because the ChannelURI in the registration was not recognized (WNS status: 404 not found). |No Dimensions | -|outgoing.wns.channeldisconnected |Yes |WNS Channel Disconnected |Count |Total |The notification was dropped because the ChannelURI in the registration is throttled (WNS response header: X-WNS-DeviceConnectionStatus: disconnected). |No Dimensions | -|outgoing.wns.channelthrottled |Yes |WNS Channel Throttled |Count |Total |The notification was dropped because the ChannelURI in the registration is throttled (WNS response header: X-WNS-NotificationStatus:channelThrottled). |No Dimensions | -|outgoing.wns.dropped |Yes |WNS Dropped Notifications |Count |Total |The notification was dropped because the ChannelURI in the registration is throttled (X-WNS-NotificationStatus: dropped but not X-WNS-DeviceConnectionStatus: disconnected). |No Dimensions | -|outgoing.wns.expiredchannel |Yes |WNS Expired Channel Error |Count |Total |The count of pushes that failed because the ChannelURI is expired (WNS status: 410 Gone). |No Dimensions | -|outgoing.wns.invalidcredentials |Yes |WNS Authorization Errors (Invalid Credentials) |Count |Total |The count of pushes that failed because the PNS did not accept the provided credentials or the credentials are blocked. (Windows Live does not recognize the credentials). |No Dimensions | -|outgoing.wns.invalidnotificationformat |Yes |WNS Invalid Notification Format |Count |Total |The format of the notification is invalid (WNS status: 400). Note that WNS does not reject all invalid payloads. |No Dimensions | -|outgoing.wns.invalidnotificationsize |Yes |WNS Invalid Notification Size Error |Count |Total |The notification payload is too large (WNS status: 413). |No Dimensions | -|outgoing.wns.invalidtoken |Yes |WNS Authorization Errors (Invalid Token) |Count |Total |The token provided to WNS is not valid (WNS status: 401 Unauthorized). |No Dimensions | -|outgoing.wns.pnserror |Yes |WNS Errors |Count |Total |Notification not delivered because of errors communicating with WNS. |No Dimensions | -|outgoing.wns.success |Yes |WNS Successful Notifications |Count |Total |The count of all successful notifications. |No Dimensions | -|outgoing.wns.throttled |Yes |WNS Throttled Notifications |Count |Total |The count of pushes that failed because WNS is throttling this app (WNS status: 406 Not Acceptable). |No Dimensions | -|outgoing.wns.tokenproviderunreachable |Yes |WNS Authorization Errors (Unreachable) |Count |Total |Windows Live is not reachable. |No Dimensions | -|outgoing.wns.wrongtoken |Yes |WNS Authorization Errors (Wrong Token) |Count |Total |The token provided to WNS is valid but for another application (WNS status: 403 Forbidden). This can happen if the ChannelURI in the registration is associated with another app. Check that the client app is associated with the same app whose credentials are in the notification hub. |No Dimensions | -|registration.all |Yes |Registration Operations |Count |Total |The count of all successful registration operations (creations updates queries and deletions). |No Dimensions | -|registration.create |Yes |Registration Create Operations |Count |Total |The count of all successful registration creations. |No Dimensions | -|registration.delete |Yes |Registration Delete Operations |Count |Total |The count of all successful registration deletions. |No Dimensions | -|registration.get |Yes |Registration Read Operations |Count |Total |The count of all successful registration queries. |No Dimensions | -|registration.update |Yes |Registration Update Operations |Count |Total |The count of all successful registration updates. |No Dimensions | -|scheduled.pending |Yes |Pending Scheduled Notifications |Count |Total |Pending Scheduled Notifications |No Dimensions | --## Microsoft.OperationalInsights/workspaces -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|AvailabilityRate_Query |No |AvailabilityRate_Query |Percent |Average |User query success rate for this workspace. |IsUserQuery | -|Average_% Available Memory |Yes |% Available Memory |Count |Average |Average_% Available Memory. Supported for: Linux. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric). |Computer, ObjectName, InstanceName, CounterPath, SourceSystem | -|Average_% Available Swap Space |Yes |% Available Swap Space |Count |Average |Average_% Available Swap Space. Supported for: Linux. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric). |Computer, ObjectName, InstanceName, CounterPath, SourceSystem | -|Average_% Committed Bytes In Use |Yes |% Committed Bytes In Use |Count |Average |Average_% Committed Bytes In Use. Supported for: Windows. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric). |Computer, ObjectName, InstanceName, CounterPath, SourceSystem | -|Average_% DPC Time |Yes |% DPC Time |Count |Average |Average_% DPC Time. Supported for: Linux, Windows. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric). |Computer, ObjectName, InstanceName, CounterPath, SourceSystem | -|Average_% Free Inodes |Yes |% Free Inodes |Count |Average |Average_% Free Inodes. Supported for: Linux. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric). |Computer, ObjectName, InstanceName, CounterPath, SourceSystem | -|Average_% Free Space |Yes |% Free Space |Count |Average |Average_% Free Space. Supported for: Linux, Windows. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric). |Computer, ObjectName, InstanceName, CounterPath, SourceSystem | -|Average_% Idle Time |Yes |% Idle Time |Count |Average |Average_% Idle Time. Supported for: Linux, Windows. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric). |Computer, ObjectName, InstanceName, CounterPath, SourceSystem | -|Average_% Interrupt Time |Yes |% Interrupt Time |Count |Average |Average_% Interrupt Time. Supported for: Linux, Windows. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric). |Computer, ObjectName, InstanceName, CounterPath, SourceSystem | -|Average_% IO Wait Time |Yes |% IO Wait Time |Count |Average |Average_% IO Wait Time. Supported for: Linux. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric). |Computer, ObjectName, InstanceName, CounterPath, SourceSystem | -|Average_% Nice Time |Yes |% Nice Time |Count |Average |Average_% Nice Time. Supported for: Linux. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric). |Computer, ObjectName, InstanceName, CounterPath, SourceSystem | -|Average_% Privileged Time |Yes |% Privileged Time |Count |Average |Average_% Privileged Time. Supported for: Linux, Windows. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric). |Computer, ObjectName, InstanceName, CounterPath, SourceSystem | -|Average_% Processor Time |Yes |% Processor Time |Count |Average |Average_% Processor Time. Supported for: Linux, Windows. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric). |Computer, ObjectName, InstanceName, CounterPath, SourceSystem | -|Average_% Used Inodes |Yes |% Used Inodes |Count |Average |Average_% Used Inodes. Supported for: Linux. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric). |Computer, ObjectName, InstanceName, CounterPath, SourceSystem | -|Average_% Used Memory |Yes |% Used Memory |Count |Average |Average_% Used Memory. Supported for: Linux. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric). |Computer, ObjectName, InstanceName, CounterPath, SourceSystem | -|Average_% Used Space |Yes |% Used Space |Count |Average |Average_% Used Space. Supported for: Linux. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric). |Computer, ObjectName, InstanceName, CounterPath, SourceSystem | -|Average_% Used Swap Space |Yes |% Used Swap Space |Count |Average |Average_% Used Swap Space. Supported for: Linux. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric). |Computer, ObjectName, InstanceName, CounterPath, SourceSystem | -|Average_% User Time |Yes |% User Time |Count |Average |Average_% User Time. Supported for: Linux, Windows. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric). |Computer, ObjectName, InstanceName, CounterPath, SourceSystem | -|Average_Available MBytes |Yes |Available MBytes |Count |Average |Average_Available MBytes. Supported for: Windows. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric). |Computer, ObjectName, InstanceName, CounterPath, SourceSystem | -|Average_Available MBytes Memory |Yes |Available MBytes Memory |Count |Average |Average_Available MBytes Memory. Supported for: Linux. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric). |Computer, ObjectName, InstanceName, CounterPath, SourceSystem | -|Average_Available MBytes Swap |Yes |Available MBytes Swap |Count |Average |Average_Available MBytes Swap. Supported for: Linux. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric). |Computer, ObjectName, InstanceName, CounterPath, SourceSystem | -|Average_Avg. Disk sec/Read |Yes |Avg. Disk sec/Read |Count |Average |Average_Avg. Disk sec/Read. Supported for: Linux, Windows. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric). |Computer, ObjectName, InstanceName, CounterPath, SourceSystem | -|Average_Avg. Disk sec/Transfer |Yes |Avg. Disk sec/Transfer |Count |Average |Average_Avg. Disk sec/Transfer. Supported for: Linux, Windows. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric). |Computer, ObjectName, InstanceName, CounterPath, SourceSystem | -|Average_Avg. Disk sec/Write |Yes |Avg. Disk sec/Write |Count |Average |Average_Avg. Disk sec/Write. Supported for: Linux, Windows. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric). |Computer, ObjectName, InstanceName, CounterPath, SourceSystem | -|Average_Bytes Received/sec |Yes |Bytes Received/sec |Count |Average |Average_Bytes Received/sec. Supported for: Windows. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric). |Computer, ObjectName, InstanceName, CounterPath, SourceSystem | -|Average_Bytes Sent/sec |Yes |Bytes Sent/sec |Count |Average |Average_Bytes Sent/sec. Supported for: Windows. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric). |Computer, ObjectName, InstanceName, CounterPath, SourceSystem | -|Average_Bytes Total/sec |Yes |Bytes Total/sec |Count |Average |Average_Bytes Total/sec. Supported for: Windows. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric). |Computer, ObjectName, InstanceName, CounterPath, SourceSystem | -|Average_Current Disk Queue Length |Yes |Current Disk Queue Length |Count |Average |Average_Current Disk Queue Length. Supported for: Windows. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric). |Computer, ObjectName, InstanceName, CounterPath, SourceSystem | -|Average_Disk Read Bytes/sec |Yes |Disk Read Bytes/sec |Count |Average |Average_Disk Read Bytes/sec. Supported for: Linux, Windows. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric). |Computer, ObjectName, InstanceName, CounterPath, SourceSystem | -|Average_Disk Reads/sec |Yes |Disk Reads/sec |Count |Average |Average_Disk Reads/sec. Supported for: Linux, Windows. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric). |Computer, ObjectName, InstanceName, CounterPath, SourceSystem | -|Average_Disk Transfers/sec |Yes |Disk Transfers/sec |Count |Average |Average_Disk Transfers/sec. Supported for: Linux, Windows. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric). |Computer, ObjectName, InstanceName, CounterPath, SourceSystem | -|Average_Disk Write Bytes/sec |Yes |Disk Write Bytes/sec |Count |Average |Average_Disk Write Bytes/sec. Supported for: Linux, Windows. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric). |Computer, ObjectName, InstanceName, CounterPath, SourceSystem | -|Average_Disk Writes/sec |Yes |Disk Writes/sec |Count |Average |Average_Disk Writes/sec. Supported for: Linux, Windows. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric). |Computer, ObjectName, InstanceName, CounterPath, SourceSystem | -|Average_Free Megabytes |Yes |Free Megabytes |Count |Average |Average_Free Megabytes. Supported for: Linux, Windows. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric). |Computer, ObjectName, InstanceName, CounterPath, SourceSystem | -|Average_Free Physical Memory |Yes |Free Physical Memory |Count |Average |Average_Free Physical Memory. Supported for: Linux. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric). |Computer, ObjectName, InstanceName, CounterPath, SourceSystem | -|Average_Free Space in Paging Files |Yes |Free Space in Paging Files |Count |Average |Average_Free Space in Paging Files. Supported for: Linux. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric). |Computer, ObjectName, InstanceName, CounterPath, SourceSystem | -|Average_Free Virtual Memory |Yes |Free Virtual Memory |Count |Average |Average_Free Virtual Memory. Supported for: Linux. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric). |Computer, ObjectName, InstanceName, CounterPath, SourceSystem | -|Average_Logical Disk Bytes/sec |Yes |Logical Disk Bytes/sec |Count |Average |Average_Logical Disk Bytes/sec. Supported for: Linux. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric). |Computer, ObjectName, InstanceName, CounterPath, SourceSystem | -|Average_Page Reads/sec |Yes |Page Reads/sec |Count |Average |Average_Page Reads/sec. Supported for: Linux, Windows. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric). |Computer, ObjectName, InstanceName, CounterPath, SourceSystem | -|Average_Page Writes/sec |Yes |Page Writes/sec |Count |Average |Average_Page Writes/sec. Supported for: Linux, Windows. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric). |Computer, ObjectName, InstanceName, CounterPath, SourceSystem | -|Average_Pages/sec |Yes |Pages/sec |Count |Average |Average_Pages/sec. Supported for: Linux, Windows. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric). |Computer, ObjectName, InstanceName, CounterPath, SourceSystem | -|Average_Pct Privileged Time |Yes |Pct Privileged Time |Count |Average |Average_Pct Privileged Time. Supported for: Linux. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric). |Computer, ObjectName, InstanceName, CounterPath, SourceSystem | -|Average_Pct User Time |Yes |Pct User Time |Count |Average |Average_Pct User Time. Supported for: Linux. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric). |Computer, ObjectName, InstanceName, CounterPath, SourceSystem | -|Average_Physical Disk Bytes/sec |Yes |Physical Disk Bytes/sec |Count |Average |Average_Physical Disk Bytes/sec. Supported for: Linux. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric). |Computer, ObjectName, InstanceName, CounterPath, SourceSystem | -|Average_Processes |Yes |Processes |Count |Average |Average_Processes. Supported for: Linux, Windows. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric). |Computer, ObjectName, InstanceName, CounterPath, SourceSystem | -|Average_Processor Queue Length |Yes |Processor Queue Length |Count |Average |Average_Processor Queue Length. Supported for: Windows. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric). |Computer, ObjectName, InstanceName, CounterPath, SourceSystem | -|Average_Size Stored In Paging Files |Yes |Size Stored In Paging Files |Count |Average |Average_Size Stored In Paging Files. Supported for: Linux. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric). |Computer, ObjectName, InstanceName, CounterPath, SourceSystem | -|Average_Total Bytes |Yes |Total Bytes |Count |Average |Average_Total Bytes. Supported for: Linux. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric). |Computer, ObjectName, InstanceName, CounterPath, SourceSystem | -|Average_Total Bytes Received |Yes |Total Bytes Received |Count |Average |Average_Total Bytes Received. Supported for: Linux. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric). |Computer, ObjectName, InstanceName, CounterPath, SourceSystem | -|Average_Total Bytes Transmitted |Yes |Total Bytes Transmitted |Count |Average |Average_Total Bytes Transmitted. Supported for: Linux. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric). |Computer, ObjectName, InstanceName, CounterPath, SourceSystem | -|Average_Total Collisions |Yes |Total Collisions |Count |Average |Average_Total Collisions. Supported for: Linux. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric). |Computer, ObjectName, InstanceName, CounterPath, SourceSystem | -|Average_Total Packets Received |Yes |Total Packets Received |Count |Average |Average_Total Packets Received. Supported for: Linux. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric). |Computer, ObjectName, InstanceName, CounterPath, SourceSystem | -|Average_Total Packets Transmitted |Yes |Total Packets Transmitted |Count |Average |Average_Total Packets Transmitted. Supported for: Linux. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric). |Computer, ObjectName, InstanceName, CounterPath, SourceSystem | -|Average_Total Rx Errors |Yes |Total Rx Errors |Count |Average |Average_Total Rx Errors. Supported for: Linux. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric). |Computer, ObjectName, InstanceName, CounterPath, SourceSystem | -|Average_Total Tx Errors |Yes |Total Tx Errors |Count |Average |Average_Total Tx Errors. Supported for: Linux. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric). |Computer, ObjectName, InstanceName, CounterPath, SourceSystem | -|Average_Uptime |Yes |Uptime |Count |Average |Average_Uptime. Supported for: Linux. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric). |Computer, ObjectName, InstanceName, CounterPath, SourceSystem | -|Average_Used MBytes Swap Space |Yes |Used MBytes Swap Space |Count |Average |. Supported for: Linux. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric). |Computer, ObjectName, InstanceName, CounterPath, SourceSystem | -|Average_Used Memory kBytes |Yes |Used Memory kBytes |Count |Average |Average_Used Memory kBytes. Supported for: Linux. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric). |Computer, ObjectName, InstanceName, CounterPath, SourceSystem | -|Average_Used Memory MBytes |Yes |Used Memory MBytes |Count |Average |Average_Used Memory MBytes. Supported for: Linux. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric). |Computer, ObjectName, InstanceName, CounterPath, SourceSystem | -|Average_Users |Yes |Users |Count |Average |Average_Users. Supported for: Linux. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric). |Computer, ObjectName, InstanceName, CounterPath, SourceSystem | -|Average_Virtual Shared Memory |Yes |Virtual Shared Memory |Count |Average |Average_Virtual Shared Memory. Supported for: Linux. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric). |Computer, ObjectName, InstanceName, CounterPath, SourceSystem | -|Event |Yes |Event |Count |Average |Event. Supported for: Windows. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric). |Source, EventLog, Computer, EventCategory, EventLevel, EventLevelName, EventID | -|Heartbeat |Yes |Heartbeat |Count |Total |Heartbeat. Supported for: Linux, Windows. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric). |Computer, OSType, Version, SourceComputerId | -|Query Count |No |Query Count |Count |Count |Total number of user queries for this workspace. |IsUserQuery | -|Query Failure Count |No |Query Failure Count |Count |Count |Total number of failed user queries for this workspace. |IsUserQuery | -|Update |Yes |Update |Count |Average |Update. Supported for: Windows. Part of [metric alerts for logs feature](https://aka.ms/am-log-to-metric). |Computer, Product, Classification, UpdateState, Optional, Approved | --## Microsoft.Orbital/contactProfiles -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|ContactFailure |Yes |Contact Failure Count |Count |Count |Denotes the number of failed Contacts for a specific Contact Profile |No Dimensions | -|ContactSuccess |Yes |Contact Success Count |Count |Count |Denotes the number of successful Contacts for a specific Contact Profile |No Dimensions | --## Microsoft.Orbital/l2Connections -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|InEdgeSiteBitsRate |Yes |In Edge Site Bit Rate |BitsPerSecond |Average |Ingress Edge Site Bit Rate for the L2 connection |No Dimensions | -|InEdgeSiteBroadcastPkts |Yes |In Edge Site Broadcast Packet Count |Count |Average |Ingress Edge Site Broadcast Packet Count for the L2 connection |No Dimensions | -|InEdgeSiteBytes |Yes |In Edge Site Byte Count |Count |Average |Ingress Edge Site Byte Count for the L2 connection |No Dimensions | -|InEdgeSiteDiscards |Yes |In Edge Site Packet Discard Count |Count |Average |Ingress Edge Site Packet Discard Count for the L2 connection |No Dimensions | -|InEdgeSiteMulticastPkts |Yes |In Edge Site Multicast Packet Count |Count |Average |Ingress Edge Site Multicast Packet Count for the L2 connection |No Dimensions | -|InEdgeSitePktErrors |Yes |In Edge Site Packet Error Count |Count |Average |Ingress Edge Site Packet Error Count for the L2 connection |No Dimensions | -|InEdgeSitePktsRate |Yes |In Edge Site Packet Rate |CountPerSecond |Average |Ingress Edge Site Packet Rate for the L2 connection |No Dimensions | -|InEdgeSiteUnicastPkts |Yes |In Edge Site Unicast Packet Count |Count |Average |Ingress Edge Site Unicast Packet Count for the L2 connection |No Dimensions | -|InGroundStationBitsRate |Yes |In Ground Station Bit Rate |BitsPerSecond |Average |Ingress Ground Station Bit Rate for the L2 connection |No Dimensions | -|InGroundStationBroadcastPkts |Yes |In Ground Station Broadcast Packet Count |Count |Average |Ingress Ground Station Broadcast Packet Count for the L2 connection |No Dimensions | -|InGroundStationBytes |Yes |In Ground Station Byte Count |Count |Average |Ingress Ground Station Byte Count for the L2 connection |No Dimensions | -|InGroundStationDiscards |Yes |In Ground Station Packet Discard Count |Count |Average |Ingress Ground Station Packet Discard Count for the L2 connection |No Dimensions | -|InGroundStationMulticastPkts |Yes |In Ground Station Multicast Packet Count |Count |Average |Ingress Ground Station Multicast Packet Count for the L2 connection |No Dimensions | -|InGroundStationPktErrors |Yes |In Ground Station Packet Error Count |Count |Average |Ingress Ground Station Packet Error Count for the L2 connection |No Dimensions | -|InGroundStationPktsRate |Yes |In Ground Station Packet Rate |CountPerSecond |Average |Ingress Ground Station Packet Rate for the L2 connection |No Dimensions | -|InGroundStationUnicastPkts |Yes |In Ground Station Unicast Packet Count |Count |Average |Ingress Ground Station Unicast Packet Count for the L2 connection |No Dimensions | -|OutEdgeSiteBitsRate |Yes |Out Edge Site Bit Rate |BitsPerSecond |Average |Egress Edge Site Bit Rate for the L2 connection |No Dimensions | -|OutEdgeSiteBroadcastPkts |Yes |Out Edge Site Broadcast Packet Count |Count |Average |Egress Edge Site Broadcast Packet Count for the L2 connection |No Dimensions | -|OutEdgeSiteBytes |Yes |Out Edge Site Byte Count |Count |Average |Egress Edge Site Byte Count for the L2 connection |No Dimensions | -|OutEdgeSiteDiscards |Yes |Out Edge Site Packet Discard Count |Count |Average |Egress Edge Site Packet Discard Count for the L2 connection |No Dimensions | -|OutEdgeSiteMulticastPkts |Yes |Out Edge Site Multicast Packet Count |Count |Average |Egress Edge Site Multicast Packet Count for the L2 connection |No Dimensions | -|OutEdgeSitePktErrors |Yes |Out Edge Site Packet Error Count |Count |Average |Egress Edge Site Packet Error Count for the L2 connection |No Dimensions | -|OutEdgeSitePktsRate |Yes |Out Edge Site Packet Rate |CountPerSecond |Average |Egress Edge Site Packet Rate for the L2 connection |No Dimensions | -|OutEdgeSiteUnicastPkts |Yes |Out Edge Site Unicast Packet Count |Count |Average |Egress Edge Site Unicast Packet Count for the L2 connection |No Dimensions | -|OutGroundStationBitsRate |Yes |Out Ground Station Bit Rate |BitsPerSecond |Average |Egress Ground Station Bit Rate for the L2 connection |No Dimensions | -|OutGroundStationBroadcastPkts |Yes |Out Ground Station Broadcast Packet Count |Count |Average |Egress Ground Station Broadcast Packet Count for the L2 connection |No Dimensions | -|OutGroundStationBytes |Yes |Out Ground Station Byte Count |Count |Average |Egress Ground Station Byte Count for the L2 connection |No Dimensions | -|OutGroundStationDiscards |Yes |Out Ground Station Packet Discard Count |Count |Average |Egress Ground Station Packet Discard Count for the L2 connection |No Dimensions | -|OutGroundStationMulticastPkts |Yes |Out Ground Station Multicast Packet Count |Count |Average |Egress Ground Station Multicast Packet Count for the L2 connection |No Dimensions | -|OutGroundStationPktErrors |Yes |Out Ground Station Packet Error Count |Count |Average |Egress Ground Station Packet Error Count for the L2 connection |No Dimensions | -|OutGroundStationPktsRate |Yes |Out Ground Station Packet Rate |CountPerSecond |Average |Egress Ground Station Packet Rate for the L2 connection |No Dimensions | -|OutGroundStationUnicastPkts |Yes |Out Ground Station Unicast Packet Count |Count |Average |Egress Ground Station Unicast Packet Count for the L2 connection |No Dimensions | --## Microsoft.Orbital/spacecrafts -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|ContactFailure |Yes |Contact Failure Count |Count |Count |Denotes the number of failed Contacts for a specific Spacecraft |No Dimensions | -|ContactSuccess |Yes |Contact Success Count |Count |Count |Denotes the number of successful Contacts for a specific Spacecraft |No Dimensions | --## Microsoft.Peering/peerings -<!-- Data source : arm--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|AverageCustomerPrefixLatency |Yes |Average Customer Prefix Latency |Milliseconds |Average |Average of median Customer prefix latency |RegisteredAsnName | -|EgressTrafficRate |Yes |Egress Traffic Rate |BitsPerSecond |Average |Egress traffic rate in bits per second |ConnectionId, SessionIp, TrafficClass | -|FlapCounts |Yes |Connection Flap Events Count |Count |Sum |Flap Events Count in all the connection |ConnectionId, SessionIp | -|IngressTrafficRate |Yes |Ingress Traffic Rate |BitsPerSecond |Average |Ingress traffic rate in bits per second |ConnectionId, SessionIp, TrafficClass | -|PacketDropRate |Yes |Packets Drop Rate |BitsPerSecond |Average |Packets Drop rate in bits per second |ConnectionId, SessionIp, TrafficClass | -|RegisteredPrefixLatency |Yes |Prefix Latency |Milliseconds |Average |Median prefix latency |RegisteredPrefixName | -|SessionAvailability |Yes |Session Availability |Count |Average |Availability of the peering session |ConnectionId, SessionIp | --## Microsoft.Peering/peeringServices -<!-- Data source : arm--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|RoundTripTime |Yes |Round Trip Time |Milliseconds |Average |Average round trip time |ConnectionMonitorTestName | --## Microsoft.PlayFab/titles -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|PlayerLoggedInCount |Yes |PlayerLoggedInCount |Count |Count |Number of logins by any player in a given title |TitleId | --## Microsoft.PowerBIDedicated/capacities -<!-- Data source : arm--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|cpu_metric |Yes |CPU (Gen2) |Percent |Average |CPU Utilization. Supported only for Power BI Embedded Generation 2 resources. |No Dimensions | -|overload_metric |Yes |Overload (Gen2) |Count |Average |Resource Overload, 1 if resource is overloaded, otherwise 0. Supported only for Power BI Embedded Generation 2 resources. |No Dimensions | --## microsoft.purview/accounts -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|DataMapCapacityUnits |Yes |Data Map Capacity Units |Count |Total |Indicates Data Map Capacity Units. |No Dimensions | -|DataMapStorageSize |Yes |Data Map Storage Size |Bytes |Total |Indicates the data map storage size. |No Dimensions | -|ScanCancelled |Yes |Scan Cancelled |Count |Total |Indicates the number of scans cancelled. |No Dimensions | -|ScanCompleted |Yes |Scan Completed |Count |Total |Indicates the number of scans completed successfully. |No Dimensions | -|ScanFailed |Yes |Scan Failed |Count |Total |Indicates the number of scans failed. |No Dimensions | -|ScanTimeTaken |Yes |Scan time taken |Seconds |Total |Indicates the total scan time in seconds. |No Dimensions | --## Microsoft.RecoveryServices/Vaults -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|BackupHealthEvent |Yes |Backup Health Events (preview) |Count |Count |The count of health events pertaining to backup job health |dataSourceURL, backupInstanceUrl, dataSourceType, healthStatus, backupInstanceName | -|RestoreHealthEvent |Yes |Restore Health Events (preview) |Count |Count |The count of health events pertaining to restore job health |dataSourceURL, backupInstanceUrl, dataSourceType, healthStatus, backupInstanceName | --## Microsoft.Relay/namespaces -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|ActiveConnections |No |ActiveConnections |Count |Total |Total ActiveConnections for Microsoft.Relay. |EntityName | -|ActiveListeners |No |ActiveListeners |Count |Total |Total ActiveListeners for Microsoft.Relay. |EntityName | -|BytesTransferred |Yes |BytesTransferred |Bytes |Total |Total BytesTransferred for Microsoft.Relay. |EntityName | -|ListenerConnections-ClientError |No |ListenerConnections-ClientError |Count |Total |ClientError on ListenerConnections for Microsoft.Relay. |EntityName, OperationResult | -|ListenerConnections-ServerError |No |ListenerConnections-ServerError |Count |Total |ServerError on ListenerConnections for Microsoft.Relay. |EntityName, OperationResult | -|ListenerConnections-Success |No |ListenerConnections-Success |Count |Total |Successful ListenerConnections for Microsoft.Relay. |EntityName, OperationResult | -|ListenerConnections-TotalRequests |No |ListenerConnections-TotalRequests |Count |Total |Total ListenerConnections for Microsoft.Relay. |EntityName | -|ListenerDisconnects |No |ListenerDisconnects |Count |Total |Total ListenerDisconnects for Microsoft.Relay. |EntityName | -|SenderConnections-ClientError |No |SenderConnections-ClientError |Count |Total |ClientError on SenderConnections for Microsoft.Relay. |EntityName, OperationResult | -|SenderConnections-ServerError |No |SenderConnections-ServerError |Count |Total |ServerError on SenderConnections for Microsoft.Relay. |EntityName, OperationResult | -|SenderConnections-Success |No |SenderConnections-Success |Count |Total |Successful SenderConnections for Microsoft.Relay. |EntityName, OperationResult | -|SenderConnections-TotalRequests |No |SenderConnections-TotalRequests |Count |Total |Total SenderConnections requests for Microsoft.Relay. |EntityName | -|SenderDisconnects |No |SenderDisconnects |Count |Total |Total SenderDisconnects for Microsoft.Relay. |EntityName | --## microsoft.resources/subscriptions -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|Latency |No |Latency |Seconds |Average |Latency data for all requests to Azure Resource Manager |IsCustomerOriginated, Method, Namespace, RequestRegion, ResourceType, StatusCode, StatusCodeClass, Microsoft.SubscriptionId | -|Traffic |No |Traffic |Count |Count |Traffic data for all requests to Azure Resource Manager |IsCustomerOriginated, Method, Namespace, RequestRegion, ResourceType, StatusCode, StatusCodeClass, Microsoft.SubscriptionId | --## Microsoft.Search/searchServices -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|DocumentsProcessedCount |Yes |Document processed count |Count |Total |Number of documents processed |DataSourceName, Failed, IndexerName, IndexName, SkillsetName | -|SearchLatency |Yes |Search Latency |Seconds |Average |Average search latency for the search service |No Dimensions | -|SearchQueriesPerSecond |Yes |Search queries per second |CountPerSecond |Average |Search queries per second for the search service |No Dimensions | -|SkillExecutionCount |Yes |Skill execution invocation count |Count |Total |Number of skill executions |DataSourceName, Failed, IndexerName, SkillName, SkillsetName, SkillType | -|ThrottledSearchQueriesPercentage |Yes |Throttled search queries percentage |Percent |Average |Percentage of search queries that were throttled for the search service |No Dimensions | --## microsoft.securitydetonation/chambers -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|CapacityUtilization |No |Capacity Utilization |Percent |Maximum |The percentage of the allocated capacity the resource is actively using. |Region | -|CpuUtilization |No |CPU Utilization |Percent |Average |The percentage of the CPU that is being utilized across the resource. |Region | -|CreateSubmissionApiResult |No |CreateSubmission Api Results |Count |Count |The total number of CreateSubmission API requests, with return code. |OperationName, ServiceTypeName, Region, HttpReturnCode | -|PercentFreeDiskSpace |No |Available Disk Space |Percent |Average |The percent amount of available disk space across the resource. |Region | -|SubmissionDuration |No |Submission Duration |MilliSeconds |Maximum |The submission duration (processing time), from creation to completion. |Region | -|SubmissionsCompleted |No |Completed Submissions / Hr |Count |Maximum |The number of completed submissions / Hr. |Region | -|SubmissionsFailed |No |Failed Submissions / Hr |Count |Maximum |The number of failed submissions / Hr. |Region | -|SubmissionsOutstanding |No |Outstanding Submissions |Count |Average |The average number of outstanding submissions that are queued for processing. |Region | -|SubmissionsSucceeded |No |Successful Submissions / Hr |Count |Maximum |The number of successful submissions / Hr. |Region | --## Microsoft.SecurityDetonation/SecurityDetonationChambers -<!-- Data source : arm--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|% Processor Time |Yes |% CPU |Percent |Average |Percent CPU utilization |No Dimensions | --## Microsoft.ServiceBus/Namespaces -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|AbandonMessage |Yes |Abandoned Messages |Count |Total |Count of messages abandoned on a Queue/Topic. |EntityName | -|ActiveConnections |No |ActiveConnections |Count |Total |Total Active Connections for Microsoft.ServiceBus. |No Dimensions | -|ActiveMessages |No |Count of active messages in a Queue/Topic. |Count |Average |Count of active messages in a Queue/Topic. |EntityName | -|CompleteMessage |Yes |Completed Messages |Count |Total |Count of messages completed on a Queue/Topic. |EntityName | -|ConnectionsClosed |No |Connections Closed. |Count |Average |Connections Closed for Microsoft.ServiceBus. |EntityName | -|ConnectionsOpened |No |Connections Opened. |Count |Average |Connections Opened for Microsoft.ServiceBus. |EntityName | -|CPUXNS |No |CPU (Deprecated) |Percent |Maximum |Service bus premium namespace CPU usage metric. This metric is depricated. Please use the CPU metric (NamespaceCpuUsage) instead. |Replica | -|DeadletteredMessages |No |Count of dead-lettered messages in a Queue/Topic. |Count |Average |Count of dead-lettered messages in a Queue/Topic. |EntityName | -|IncomingMessages |Yes |Incoming Messages |Count |Total |Incoming Messages for Microsoft.ServiceBus. |EntityName | -|IncomingRequests |Yes |Incoming Requests |Count |Total |Incoming Requests for Microsoft.ServiceBus. |EntityName | -|Messages |No |Count of messages in a Queue/Topic. |Count |Average |Count of messages in a Queue/Topic. |EntityName | -|NamespaceCpuUsage |No |CPU |Percent |Maximum |Service bus premium namespace CPU usage metric. |Replica | -|NamespaceMemoryUsage |No |Memory Usage |Percent |Maximum |Service bus premium namespace memory usage metric. |Replica | -|OutgoingMessages |Yes |Outgoing Messages |Count |Total |Outgoing Messages for Microsoft.ServiceBus. |EntityName | -|PendingCheckpointOperationCount |No |Pending Checkpoint Operations Count. |Count |Total |Pending Checkpoint Operations Count. |No Dimensions | -|ScheduledMessages |No |Count of scheduled messages in a Queue/Topic. |Count |Average |Count of scheduled messages in a Queue/Topic. |EntityName | -|ServerErrors |No |Server Errors. |Count |Total |Server Errors for Microsoft.ServiceBus. |EntityName, OperationResult | -|ServerSendLatency |Yes |Server Send Latency. |MilliSeconds |Average |Latency of Send Message operations for Service Bus resources. |EntityName | -|Size |No |Size |Bytes |Average |Size of an Queue/Topic in Bytes. |EntityName | -|SuccessfulRequests |No |Successful Requests |Count |Total |Total successful requests for a namespace |EntityName, OperationResult | -|ThrottledRequests |No |Throttled Requests. |Count |Total |Throttled Requests for Microsoft.ServiceBus. |EntityName, OperationResult, MessagingErrorSubCode | -|UserErrors |No |User Errors. |Count |Total |User Errors for Microsoft.ServiceBus. |EntityName, OperationResult | -|WSXNS |No |Memory Usage (Deprecated) |Percent |Maximum |Service bus premium namespace memory usage metric. This metric is deprecated. Please use the Memory Usage (NamespaceMemoryUsage) metric instead. |Replica | --## Microsoft.ServiceNetworking/trafficControllers -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|BackendConnectionTimeouts |Yes |Backend Connection Timeouts |Count |Total |Count of requests that timed out waiting for a response from the backend target (includes all retry requests initiated from Application Gateway for Containers to the backend target) |Microsoft.regionName, BackendService | -|BackendHealthyTargets |Yes |Backend Healthy Targets |Count |Average |Count of healthy backend targets |Microsoft.regionName, BackendService | -|BackendHTTPResponseStatus |Yes |Backend HTTP Response Status |Count |Total |HTTP response status returned by the backend target to Application Gateway for Containers |Microsoft.regionName, BackendService, HttpResponseCode | -|ClientConnectionIdleTimeouts |Yes |Total Connection Idle Timeouts |Count |Total |Count of connections closed, between client and Application Gateway for Containers frontend, due to exceeding idle timeout |Microsoft.regionName, Frontend | -|ConnectionTimeouts |Yes |Connection Timeouts |Count |Total |Count of connections closed due to timeout between clients and Application Gateway for Containers |Microsoft.regionName, Frontend | -|HTTPResponseStatus |Yes |HTTP Response Status |Count |Total |HTTP response status returned by Application Gateway for Containers |Microsoft.regionName, Frontend, HttpResponseCode | -|TotalRequests |Yes |Total Requests |Count |Total |Count of requests Application Gateway for Containers has served |Microsoft.regionName, Frontend | --## Microsoft.SignalRService/SignalR -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|ConnectionCloseCount |Yes |Connection Close Count |Count |Total |The count of connections closed by various reasons. |Endpoint, ConnectionCloseCategory | -|ConnectionCount |Yes |Connection Count |Count |Maximum |The amount of user connection. |Endpoint | -|ConnectionOpenCount |Yes |Connection Open Count |Count |Total |The count of new connections opened. |Endpoint | -|ConnectionQuotaUtilization |Yes |Connection Quota Utilization |Percent |Maximum |The percentage of connection connected relative to connection quota. |No Dimensions | -|InboundTraffic |Yes |Inbound Traffic |Bytes |Total |The inbound traffic of service |No Dimensions | -|MessageCount |Yes |Message Count |Count |Total |The total amount of messages. |No Dimensions | -|OutboundTraffic |Yes |Outbound Traffic |Bytes |Total |The outbound traffic of service |No Dimensions | -|ServerLoad |No |Server Load |Percent |Maximum |SignalR server load. |No Dimensions | -|SystemErrors |Yes |System Errors |Percent |Maximum |The percentage of system errors |No Dimensions | -|UserErrors |Yes |User Errors |Percent |Maximum |The percentage of user errors |No Dimensions | --## Microsoft.SignalRService/SignalR/replicas -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|ConnectionCloseCount |Yes |Connection Close Count |Count |Total |The count of connections closed by various reasons. |Endpoint, ConnectionCloseCategory | -|ConnectionCount |Yes |Connection Count |Count |Maximum |The amount of user connection. |Endpoint | -|ConnectionOpenCount |Yes |Connection Open Count |Count |Total |The count of new connections opened. |Endpoint | -|ConnectionQuotaUtilization |Yes |Connection Quota Utilization |Percent |Maximum |The percentage of connection connected relative to connection quota. |No Dimensions | -|InboundTraffic |Yes |Inbound Traffic |Bytes |Total |The inbound traffic of service |No Dimensions | -|MessageCount |Yes |Message Count |Count |Total |The total amount of messages. |No Dimensions | -|OutboundTraffic |Yes |Outbound Traffic |Bytes |Total |The outbound traffic of service |No Dimensions | -|ServerLoad |No |Server Load |Percent |Maximum |SignalR server load. |No Dimensions | -|SystemErrors |Yes |System Errors |Percent |Maximum |The percentage of system errors |No Dimensions | -|UserErrors |Yes |User Errors |Percent |Maximum |The percentage of user errors |No Dimensions | --## Microsoft.SignalRService/WebPubSub -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|ConnectionCloseCount |Yes |Connection Close Count |Count |Total |The count of connections closed by various reasons. |ConnectionCloseCategory | -|ConnectionOpenCount |Yes |Connection Open Count |Count |Total |The count of new connections opened. |No Dimensions | -|ConnectionQuotaUtilization |Yes |Connection Quota Utilization |Percent |Maximum |The percentage of connection connected relative to connection quota. |No Dimensions | -|InboundTraffic |Yes |Inbound Traffic |Bytes |Total |The traffic originating from outside to inside of the service. It is aggregated by adding all the bytes of the traffic. |No Dimensions | -|OutboundTraffic |Yes |Outbound Traffic |Bytes |Total |The traffic originating from inside to outside of the service. It is aggregated by adding all the bytes of the traffic. |No Dimensions | -|ServerLoad |No |Server Load |Percent |Maximum |SignalR server load. |No Dimensions | -|TotalConnectionCount |Yes |Connection Count |Count |Maximum |The number of user connections established to the service. It is aggregated by adding all the online connections. |No Dimensions | --## Microsoft.SignalRService/WebPubSub/replicas -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|ConnectionCloseCount |Yes |Connection Close Count |Count |Total |The count of connections closed by various reasons. |ConnectionCloseCategory | -|ConnectionOpenCount |Yes |Connection Open Count |Count |Total |The count of new connections opened. |No Dimensions | -|ConnectionQuotaUtilization |Yes |Connection Quota Utilization |Percent |Maximum |The percentage of connection connected relative to connection quota. |No Dimensions | -|InboundTraffic |Yes |Inbound Traffic |Bytes |Total |The traffic originating from outside to inside of the service. It is aggregated by adding all the bytes of the traffic. |No Dimensions | -|OutboundTraffic |Yes |Outbound Traffic |Bytes |Total |The traffic originating from inside to outside of the service. It is aggregated by adding all the bytes of the traffic. |No Dimensions | -|ServerLoad |No |Server Load |Percent |Maximum |WebPubSub server load. |No Dimensions | -|TotalConnectionCount |Yes |Connection Count |Count |Maximum |The number of user connections established to the service. It is aggregated by adding all the online connections. |No Dimensions | --## microsoft.singularity/accounts -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|GpuUtilizationPercentage |Yes |GpuUtilizationPercentage |Percent |Average |GPU utilization percentage |accountname, ClusterName, Environment, instance, jobContainerId, jobInstanceId, jobname, Region | --## Microsoft.Sql/managedInstances -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|avg_cpu_percent |Yes |Average CPU percentage |Percent |Average |Average CPU percentage |No Dimensions | -|io_bytes_read |Yes |IO bytes read |Bytes |Average |IO bytes read |No Dimensions | -|io_bytes_written |Yes |IO bytes written |Bytes |Average |IO bytes written |No Dimensions | -|io_requests |Yes |IO requests count |Count |Average |IO requests count |No Dimensions | -|reserved_storage_mb |Yes |Storage space reserved |Count |Average |Storage space reserved |No Dimensions | -|storage_space_used_mb |Yes |Storage space used |Count |Average |Storage space used |No Dimensions | -|virtual_core_count |Yes |Virtual core count |Count |Average |Virtual core count |No Dimensions | --## Microsoft.Sql/servers/databases -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|active_queries |Yes |Active queries |Count |Total |Active queries across all workload groups. Applies only to data warehouses. |No Dimensions | -|allocated_data_storage |Yes |Data space allocated |Bytes |Average |Allocated data storage. Not applicable to data warehouses. |No Dimensions | -|app_cpu_billed |Yes |App CPU billed |Count |Total |App CPU billed. Applies to serverless databases. |No Dimensions | -|app_cpu_billed_ha_replicas |Yes |App CPU billed HA replicas |Count |Total |Sum of app CPU billed across all HA replicas associated with the primary replica or a named replica. |No Dimensions | -|app_cpu_percent |Yes |App CPU percentage |Percent |Average |App CPU percentage. Applies to serverless databases. |No Dimensions | -|app_memory_percent |Yes |App memory percentage |Percent |Average |App memory percentage. Applies to serverless databases. |No Dimensions | -|base_blob_size_bytes |Yes |Data storage size |Bytes |Maximum |Data storage size. Applies to Hyperscale databases. |No Dimensions | -|blocked_by_firewall |Yes |Blocked by Firewall |Count |Total |Blocked by Firewall |No Dimensions | -|cache_hit_percent |Yes |Cache hit percentage |Percent |Maximum |Cache hit percentage. Applies only to data warehouses. |No Dimensions | -|cache_used_percent |Yes |Cache used percentage |Percent |Maximum |Cache used percentage. Applies only to data warehouses. |No Dimensions | -|connection_failed |Yes |Failed Connections : System Errors |Count |Total |Failed Connections |Error | -|connection_failed_user_error |Yes |Failed Connections : User Errors |Count |Total |Failed Connections : User Errors |Error | -|connection_successful |Yes |Successful Connections |Count |Total |Successful Connections |SslProtocol | -|cpu_limit |Yes |CPU limit |Count |Average |CPU limit. Applies to vCore-based databases. |No Dimensions | -|cpu_percent |Yes |CPU percentage |Percent |Average |CPU percentage |No Dimensions | -|cpu_used |Yes |CPU used |Count |Average |CPU used. Applies to vCore-based databases. |No Dimensions | -|deadlock |Yes |Deadlocks |Count |Total |Deadlocks. Not applicable to data warehouses. |No Dimensions | -|diff_backup_size_bytes |Yes |Differential backup storage size |Bytes |Maximum |Cumulative differential backup storage size. Applies to vCore-based databases. Not applicable to Hyperscale databases. |No Dimensions | -|dtu_consumption_percent |Yes |DTU percentage |Percent |Average |DTU Percentage. Applies to DTU-based databases. |No Dimensions | -|dtu_limit |Yes |DTU Limit |Count |Average |DTU Limit. Applies to DTU-based databases. |No Dimensions | -|dtu_used |Yes |DTU used |Count |Average |DTU used. Applies to DTU-based databases. |No Dimensions | -|dwu_consumption_percent |Yes |DWU percentage |Percent |Maximum |DWU percentage. Applies only to data warehouses. |No Dimensions | -|dwu_limit |Yes |DWU limit |Count |Maximum |DWU limit. Applies only to data warehouses. |No Dimensions | -|dwu_used |Yes |DWU used |Count |Maximum |DWU used. Applies only to data warehouses. |No Dimensions | -|free_amount_consumed |Yes |Free amount consumed |Count |Maximum |Free amount of vCore seconds consumed this month. Applies only to free database offer. |No Dimensions | -|free_amount_remaining |Yes |Free amount remaining |Count |Minimum |Free amount of vCore seconds remaining this month. Applies only to free database offer. |No Dimensions | -|full_backup_size_bytes |Yes |Full backup storage size |Bytes |Maximum |Cumulative full backup storage size. Applies to vCore-based databases. Not applicable to Hyperscale databases. |No Dimensions | -|ledger_digest_upload_failed |Yes |Failed Ledger Digest Uploads |Count |Count |Ledger digests that failed to be uploaded. |No Dimensions | -|ledger_digest_upload_success |Yes |Successful Ledger Digest Uploads |Count |Count |Ledger digests that were successfully uploaded. |No Dimensions | -|local_tempdb_usage_percent |Yes |Local tempdb percentage |Percent |Average |Local tempdb percentage. Applies only to data warehouses. |No Dimensions | -|log_backup_size_bytes |Yes |Log backup storage size |Bytes |Maximum |Cumulative log backup storage size. Applies to vCore-based and Hyperscale databases. |No Dimensions | -|log_write_percent |Yes |Log IO percentage |Percent |Average |Log IO percentage. Not applicable to data warehouses. |No Dimensions | -|memory_usage_percent |Yes |Memory percentage |Percent |Maximum |Memory percentage. Applies only to data warehouses. |No Dimensions | -|physical_data_read_percent |Yes |Data IO percentage |Percent |Average |Data IO percentage |No Dimensions | -|queued_queries |Yes |Queued queries |Count |Total |Queued queries across all workload groups. Applies only to data warehouses. |No Dimensions | -|sessions_count |Yes |Sessions count |Count |Average |Number of active sessions. Not applicable to Synapse DW Analytics. |No Dimensions | -|sessions_percent |Yes |Sessions percentage |Percent |Average |Sessions percentage. Not applicable to data warehouses. |No Dimensions | -|snapshot_backup_size_bytes |Yes |Data backup storage size |Bytes |Maximum |Cumulative data backup storage size. Applies to Hyperscale databases. |No Dimensions | -|sql_instance_cpu_percent |Yes |SQL instance CPU percent |Percent |Maximum |CPU usage by all user and system workloads. Not applicable to data warehouses. |No Dimensions | -|sql_instance_memory_percent |Yes |SQL instance memory percent |Percent |Maximum |Memory usage by the database engine instance. Not applicable to data warehouses. |No Dimensions | -|sqlserver_process_core_percent |Yes |SQL Server process core percent |Percent |Maximum |CPU usage as a percentage of the SQL DB process. Not applicable to data warehouses. (This metric is equivalent to sql_instance_cpu_percent, and will be removed in the future.) |No Dimensions | -|sqlserver_process_memory_percent |Yes |SQL Server process memory percent |Percent |Maximum |Memory usage as a percentage of the SQL DB process. Not applicable to data warehouses. (This metric is equivalent to sql_instance_memory_percent, and will be removed in the future.) |No Dimensions | -|storage |Yes |Data space used |Bytes |Maximum |Data space used. Not applicable to data warehouses. |No Dimensions | -|storage_percent |Yes |Data space used percent |Percent |Maximum |Data space used percent. Not applicable to data warehouses or hyperscale databases. |No Dimensions | -|tempdb_data_size |Yes |Tempdb Data File Size Kilobytes |Count |Maximum |Space used in tempdb data files in kilobytes. Not applicable to data warehouses. |No Dimensions | -|tempdb_log_size |Yes |Tempdb Log File Size Kilobytes |Count |Maximum |Space used in tempdb transaction log file in kilobytes. Not applicable to data warehouses. |No Dimensions | -|tempdb_log_used_percent |Yes |Tempdb Percent Log Used |Percent |Maximum |Space used percentage in tempdb transaction log file. Not applicable to data warehouses. |No Dimensions | -|wlg_active_queries |Yes |Workload group active queries |Count |Total |Active queries within the workload group. Applies only to data warehouses. |WorkloadGroupName, IsUserDefined | -|wlg_active_queries_timeouts |Yes |Workload group query timeouts |Count |Total |Queries that have timed out for the workload group. Applies only to data warehouses. |WorkloadGroupName, IsUserDefined | -|wlg_allocation_relative_to_system_percent |Yes |Workload group allocation by system percent |Percent |Maximum |Allocated percentage of resources relative to the entire system per workload group. Applies only to data warehouses. |WorkloadGroupName, IsUserDefined | -|wlg_allocation_relative_to_wlg_effective_cap_percent |Yes |Workload group allocation by cap resource percent |Percent |Maximum |Allocated percentage of resources relative to the specified cap resources per workload group. Applies only to data warehouses. |WorkloadGroupName, IsUserDefined | -|wlg_effective_cap_resource_percent |Yes |Effective cap resource percent |Percent |Maximum |A hard limit on the percentage of resources allowed for the workload group, taking into account Effective Min Resource Percentage allocated for other workload groups. Applies only to data warehouses. |WorkloadGroupName, IsUserDefined | -|wlg_effective_min_resource_percent |Yes |Effective min resource percent |Percent |Maximum |Minimum percentage of resources reserved and isolated for the workload group, taking into account the service level minimum. Applies only to data warehouses. |WorkloadGroupName, IsUserDefined | -|wlg_queued_queries |Yes |Workload group queued queries |Count |Total |Queued queries within the workload group. Applies only to data warehouses. |WorkloadGroupName, IsUserDefined | -|workers_percent |Yes |Workers percentage |Percent |Average |Workers percentage. Not applicable to data warehouses. |No Dimensions | -|xtp_storage_percent |Yes |In-Memory OLTP storage percent |Percent |Average |In-Memory OLTP storage percent. Not applicable to data warehouses. |No Dimensions | --## Microsoft.Sql/servers/elasticpools -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|allocated_data_storage |Yes |Data space allocated |Bytes |Average |Data space allocated. Not applicable to hyperscale |No Dimensions | -|allocated_data_storage_percent |Yes |Data space allocated percent |Percent |Maximum |Data space allocated percent. Not applicable to hyperscale |No Dimensions | -|app_cpu_billed |Yes |App CPU billed |Count |Total |App CPU billed. Applies to serverless elastic pools. |No Dimensions | -|app_cpu_percent |Yes |App CPU percentage |Percent |Average |App CPU percentage. Applies to serverless elastic pools. |No Dimensions | -|app_memory_percent |Yes |App memory percentage |Percent |Average |App memory percentage. Applies to serverless elastic pools. |No Dimensions | -|cpu_limit |Yes |CPU limit |Count |Average |CPU limit. Applies to vCore-based elastic pools. |No Dimensions | -|cpu_percent |Yes |CPU percentage |Percent |Average |CPU percentage |No Dimensions | -|cpu_used |Yes |CPU used |Count |Average |CPU used. Applies to vCore-based elastic pools. |No Dimensions | -|dtu_consumption_percent |Yes |DTU percentage |Percent |Average |DTU Percentage. Applies to DTU-based elastic pools. |No Dimensions | -|eDTU_limit |Yes |eDTU limit |Count |Average |eDTU limit. Applies to DTU-based elastic pools. |No Dimensions | -|eDTU_used |Yes |eDTU used |Count |Average |eDTU used. Applies to DTU-based elastic pools. |No Dimensions | -|log_write_percent |Yes |Log IO percentage |Percent |Average |Log IO percentage |No Dimensions | -|physical_data_read_percent |Yes |Data IO percentage |Percent |Average |Data IO percentage |No Dimensions | -|sessions_count |Yes |Sessions Count |Count |Average |Number of active sessions |No Dimensions | -|sessions_percent |Yes |Sessions percentage |Percent |Average |Sessions percentage |No Dimensions | -|sql_instance_cpu_percent |Yes |SQL instance CPU percent |Percent |Maximum |CPU usage by all user and system workloads. Applies to elastic pools. |No Dimensions | -|sql_instance_memory_percent |Yes |SQL instance memory percent |Percent |Maximum |Memory usage by the database engine instance. Applies to elastic pools. |No Dimensions | -|sqlserver_process_core_percent |Yes |SQL Server process core percent |Percent |Maximum |CPU usage as a percentage of the SQL DB process. Applies to elastic pools. (This metric is equivalent to sql_instance_cpu_percent, and will be removed in the future.) |No Dimensions | -|sqlserver_process_memory_percent |Yes |SQL Server process memory percent |Percent |Maximum |Memory usage as a percentage of the SQL DB process. Applies to elastic pools. (This metric is equivalent to sql_instance_memory_percent, and will be removed in the future.) |No Dimensions | -|storage_limit |Yes |Data max size |Bytes |Average |Data max size. Not applicable to hyperscale |No Dimensions | -|storage_percent |Yes |Data space used percent |Percent |Average |Data space used percent. Not applicable to hyperscale |No Dimensions | -|storage_used |Yes |Data space used |Bytes |Average |Data space used. Not applicable to hyperscale |No Dimensions | -|tempdb_data_size |Yes |Tempdb Data File Size Kilobytes |Count |Maximum |Space used in tempdb data files in kilobytes. |No Dimensions | -|tempdb_log_size |Yes |Tempdb Log File Size Kilobytes |Count |Maximum |Space used in tempdb transaction log file in kilobytes. |No Dimensions | -|tempdb_log_used_percent |Yes |Tempdb Percent Log Used |Percent |Maximum |Space used percentage in tempdb transaction log file |No Dimensions | -|workers_percent |Yes |Workers percentage |Percent |Average |Workers percentage |No Dimensions | -|xtp_storage_percent |Yes |In-Memory OLTP storage percent |Percent |Average |In-Memory OLTP storage percent. Not applicable to hyperscale |No Dimensions | --## Microsoft.Sql/servers/jobAgents -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|elastic_jobs_failed |Yes |Elastic Jobs Executions Failed |Count |Total |Number of job executions that failed while trying to execute on target |No Dimensions | -|elastic_jobs_successful |Yes |Elastic Jobs Executions Successful |Count |Total |Number of job executions that were able to successfully execute on target |No Dimensions | -|elastic_jobs_timeout |Yes |Elastic Jobs Executions Timed Out |Count |Total |Number of job executions that expired before execution was able to finish on target. |No Dimensions | --## Microsoft.Storage/storageAccounts -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|Availability |Yes |Availability |Percent |Average |The percentage of availability for the storage service or the specified API operation. Availability is calculated by taking the TotalBillableRequests value and dividing it by the number of applicable requests, including those that produced unexpected errors. All unexpected errors result in reduced availability for the storage service or the specified API operation. |GeoType, ApiName, Authentication | -|Egress |Yes |Egress |Bytes |Total |The amount of egress data. This number includes egress to external client from Azure Storage as well as egress within Azure. As a result, this number does not reflect billable egress. |GeoType, ApiName, Authentication | -|Ingress |Yes |Ingress |Bytes |Total |The amount of ingress data, in bytes. This number includes ingress from an external client into Azure Storage as well as ingress within Azure. |GeoType, ApiName, Authentication | -|SuccessE2ELatency |Yes |Success E2E Latency |MilliSeconds |Average |The average end-to-end latency of successful requests made to a storage service or the specified API operation, in milliseconds. This value includes the required processing time within Azure Storage to read the request, send the response, and receive acknowledgment of the response. |GeoType, ApiName, Authentication | -|SuccessServerLatency |Yes |Success Server Latency |MilliSeconds |Average |The average time used to process a successful request by Azure Storage. This value does not include the network latency specified in SuccessE2ELatency. |GeoType, ApiName, Authentication | -|Transactions |Yes |Transactions |Count |Total |The number of requests made to a storage service or the specified API operation. This number includes successful and failed requests, as well as requests which produced errors. Use ResponseType dimension for the number of different type of response. |ResponseType, GeoType, ApiName, Authentication, TransactionType | -|UsedCapacity |No |Used capacity |Bytes |Average |The amount of storage used by the storage account. For standard storage accounts, it's the sum of capacity used by blob, table, file, and queue. For premium storage accounts and Blob storage accounts, it is the same as BlobCapacity or FileCapacity. |No Dimensions | --## Microsoft.Storage/storageAccounts/blobServices -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|Availability |Yes |Availability |Percent |Average |The percentage of availability for the storage service or the specified API operation. Availability is calculated by taking the TotalBillableRequests value and dividing it by the number of applicable requests, including those that produced unexpected errors. All unexpected errors result in reduced availability for the storage service or the specified API operation. |GeoType, ApiName, Authentication | -|BlobCapacity |No |Blob Capacity |Bytes |Average |The amount of storage used by the storage account's Blob service in bytes. |BlobType, Tier | -|BlobCount |No |Blob Count |Count |Average |The number of blob objects stored in the storage account. |BlobType, Tier | -|BlobProvisionedSize |No |Blob Provisioned Size |Bytes |Average |The amount of storage provisioned in the storage account's Blob service in bytes. |BlobType, Tier | -|ContainerCount |Yes |Blob Container Count |Count |Average |The number of containers in the storage account. |No Dimensions | -|Egress |Yes |Egress |Bytes |Total |The amount of egress data. This number includes egress to external client from Azure Storage as well as egress within Azure. As a result, this number does not reflect billable egress. |GeoType, ApiName, Authentication | -|IndexCapacity |No |Index Capacity |Bytes |Average |The amount of storage used by Azure Data Lake Storage Gen2 hierarchical index. |No Dimensions | -|Ingress |Yes |Ingress |Bytes |Total |The amount of ingress data, in bytes. This number includes ingress from an external client into Azure Storage as well as ingress within Azure. |GeoType, ApiName, Authentication | -|SuccessE2ELatency |Yes |Success E2E Latency |MilliSeconds |Average |The average end-to-end latency of successful requests made to a storage service or the specified API operation, in milliseconds. This value includes the required processing time within Azure Storage to read the request, send the response, and receive acknowledgment of the response. |GeoType, ApiName, Authentication | -|SuccessServerLatency |Yes |Success Server Latency |MilliSeconds |Average |The average time used to process a successful request by Azure Storage. This value does not include the network latency specified in SuccessE2ELatency. |GeoType, ApiName, Authentication | -|Transactions |Yes |Transactions |Count |Total |The number of requests made to a storage service or the specified API operation. This number includes successful and failed requests, as well as requests which produced errors. Use ResponseType dimension for the number of different type of response. |ResponseType, GeoType, ApiName, Authentication, TransactionType | --## Microsoft.Storage/storageAccounts/fileServices -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|Availability |Yes |Availability |Percent |Average |The percentage of availability for the storage service or the specified API operation. Availability is calculated by taking the TotalBillableRequests value and dividing it by the number of applicable requests, including those that produced unexpected errors. All unexpected errors result in reduced availability for the storage service or the specified API operation. |GeoType, ApiName, Authentication, FileShare | -|Egress |Yes |Egress |Bytes |Total |The amount of egress data. This number includes egress to external client from Azure Storage as well as egress within Azure. As a result, this number does not reflect billable egress. |GeoType, ApiName, Authentication, FileShare | -|FileCapacity |No |File Capacity |Bytes |Average |The amount of File storage used by the storage account. |FileShare, Tier | -|FileCount |No |File Count |Count |Average |The number of files in the storage account. |FileShare, Tier | -|FileShareCapacityQuota |No |File Share Capacity Quota |Bytes |Average |The upper limit on the amount of storage that can be used by Azure Files Service in bytes. |FileShare | -|FileShareCount |No |File Share Count |Count |Average |The number of file shares in the storage account. |No Dimensions | -|FileShareProvisionedIOPS |No |File Share Provisioned IOPS |CountPerSecond |Average |The baseline number of provisioned IOPS for the premium file share in the premium files storage account. This number is calculated based on the provisioned size (quota) of the share capacity. |FileShare | -|FileShareSnapshotCount |No |File Share Snapshot Count |Count |Average |The number of snapshots present on the share in storage account's Files Service. |FileShare | -|FileShareSnapshotSize |No |File Share Snapshot Size |Bytes |Average |The amount of storage used by the snapshots in storage account's File service in bytes. |FileShare | -|Ingress |Yes |Ingress |Bytes |Total |The amount of ingress data, in bytes. This number includes ingress from an external client into Azure Storage as well as ingress within Azure. |GeoType, ApiName, Authentication, FileShare | -|SuccessE2ELatency |Yes |Success E2E Latency |MilliSeconds |Average |The average end-to-end latency of successful requests made to a storage service or the specified API operation, in milliseconds. This value includes the required processing time within Azure Storage to read the request, send the response, and receive acknowledgment of the response. |GeoType, ApiName, Authentication, FileShare | -|SuccessServerLatency |Yes |Success Server Latency |MilliSeconds |Average |The average time used to process a successful request by Azure Storage. This value does not include the network latency specified in SuccessE2ELatency. |GeoType, ApiName, Authentication, FileShare | -|Transactions |Yes |Transactions |Count |Total |The number of requests made to a storage service or the specified API operation. This number includes successful and failed requests, as well as requests which produced errors. Use ResponseType dimension for the number of different type of response. |ResponseType, GeoType, ApiName, Authentication, FileShare, TransactionType | --## Microsoft.Storage/storageAccounts/objectReplicationPolicies -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|PendingBytesForReplication |No |Pending Bytes for Replication (PREVIEW) |Bytes |Average |The size in bytes of the blob object pending for replication, please note, this metric is in preview and is subject to change before becoming generally available |TimeBucket | -|PendingOperationsForReplication |No |Pending Operations for Replication (PREVIEW) |Count |Average |The count of pending operations for replication, please note, this metric is in preview and is subject to change before becoming generally available |TimeBucket | --## Microsoft.Storage/storageAccounts/queueServices -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|Availability |Yes |Availability |Percent |Average |The percentage of availability for the storage service or the specified API operation. Availability is calculated by taking the TotalBillableRequests value and dividing it by the number of applicable requests, including those that produced unexpected errors. All unexpected errors result in reduced availability for the storage service or the specified API operation. |GeoType, ApiName, Authentication | -|Egress |Yes |Egress |Bytes |Total |The amount of egress data. This number includes egress to external client from Azure Storage as well as egress within Azure. As a result, this number does not reflect billable egress. |GeoType, ApiName, Authentication | -|Ingress |Yes |Ingress |Bytes |Total |The amount of ingress data, in bytes. This number includes ingress from an external client into Azure Storage as well as ingress within Azure. |GeoType, ApiName, Authentication | -|QueueCapacity |Yes |Queue Capacity |Bytes |Average |The amount of Queue storage used by the storage account. |No Dimensions | -|QueueCount |Yes |Queue Count |Count |Average |The number of queues in the storage account. |No Dimensions | -|QueueMessageCount |Yes |Queue Message Count |Count |Average |The number of unexpired queue messages in the storage account. |No Dimensions | -|SuccessE2ELatency |Yes |Success E2E Latency |MilliSeconds |Average |The average end-to-end latency of successful requests made to a storage service or the specified API operation, in milliseconds. This value includes the required processing time within Azure Storage to read the request, send the response, and receive acknowledgment of the response. |GeoType, ApiName, Authentication | -|SuccessServerLatency |Yes |Success Server Latency |MilliSeconds |Average |The average time used to process a successful request by Azure Storage. This value does not include the network latency specified in SuccessE2ELatency. |GeoType, ApiName, Authentication | -|Transactions |Yes |Transactions |Count |Total |The number of requests made to a storage service or the specified API operation. This number includes successful and failed requests, as well as requests which produced errors. Use ResponseType dimension for the number of different type of response. |ResponseType, GeoType, ApiName, Authentication, TransactionType | --## Microsoft.Storage/storageAccounts/storageTasks -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|ObjectsOperatedCount |Yes |Objects operated count |Count |Total |The number of objects operated in storage task |AccountName, TaskAssignmentId | -|ObjectsOperationFailedCount |Yes |Objects failed count |Count |Total |The number of objects failed in storage task |AccountName, TaskAssignmentId | -|ObjectsTargetedCount |Yes |Objects targed count |Count |Total |The number of objects targeted in storage task |AccountName, TaskAssignmentId | --## Microsoft.Storage/storageAccounts/tableServices -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|Availability |Yes |Availability |Percent |Average |The percentage of availability for the storage service or the specified API operation. Availability is calculated by taking the TotalBillableRequests value and dividing it by the number of applicable requests, including those that produced unexpected errors. All unexpected errors result in reduced availability for the storage service or the specified API operation. |GeoType, ApiName, Authentication | -|Egress |Yes |Egress |Bytes |Total |The amount of egress data. This number includes egress to external client from Azure Storage as well as egress within Azure. As a result, this number does not reflect billable egress. |GeoType, ApiName, Authentication | -|Ingress |Yes |Ingress |Bytes |Total |The amount of ingress data, in bytes. This number includes ingress from an external client into Azure Storage as well as ingress within Azure. |GeoType, ApiName, Authentication | -|SuccessE2ELatency |Yes |Success E2E Latency |MilliSeconds |Average |The average end-to-end latency of successful requests made to a storage service or the specified API operation, in milliseconds. This value includes the required processing time within Azure Storage to read the request, send the response, and receive acknowledgment of the response. |GeoType, ApiName, Authentication | -|SuccessServerLatency |Yes |Success Server Latency |MilliSeconds |Average |The average time used to process a successful request by Azure Storage. This value does not include the network latency specified in SuccessE2ELatency. |GeoType, ApiName, Authentication | -|TableCapacity |Yes |Table Capacity |Bytes |Average |The amount of Table storage used by the storage account. |No Dimensions | -|TableCount |Yes |Table Count |Count |Average |The number of tables in the storage account. |No Dimensions | -|TableEntityCount |Yes |Table Entity Count |Count |Average |The number of table entities in the storage account. |No Dimensions | -|Transactions |Yes |Transactions |Count |Total |The number of requests made to a storage service or the specified API operation. This number includes successful and failed requests, as well as requests which produced errors. Use ResponseType dimension for the number of different type of response. |ResponseType, GeoType, ApiName, Authentication, TransactionType | --## Microsoft.Storage/storageTasks -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|ObjectsOperatedCount |Yes |Objects operated count |Count |Total |The number of objects operated in storage task |AccountName, TaskAssignmentId | -|ObjectsOperationFailedCount |Yes |Objects failed count |Count |Total |The number of objects failed in storage task |AccountName, TaskAssignmentId | -|ObjectsTargetedCount |Yes |Objects targed count |Count |Total |The number of objects targeted in storage task |AccountName, TaskAssignmentId | --## Microsoft.StorageCache/amlFilesystems -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|ClientReadOps |No |Client Read Ops |Count |Average |Number of client read ops performed. |ostnum | -|ClientReadThroughput |No |Client Read Throughput |BytesPerSecond |Average |Client read data transfer rate. |ostnum | -|ClientWriteOps |No |Client Write Ops |Count |Average |Number of client write ops performed. |ostnum | -|ClientWriteThroughput |No |Client Write Throughput |BytesPerSecond |Average |Client write data transfer rate. |ostnum | -|MDTBytesAvailable |No |MDT Bytes Available |Bytes |Average |Number of bytes marked as available on the MDT. |mdtnum | -|MDTBytesTotal |No |MDT Bytes Total |Bytes |Average |Total number of bytes supported on the MDT. |mdtnum | -|MDTBytesUsed |No |MDT Bytes Used |Bytes |Average |Number of bytes available for use minus the number of bytes marked as free on the MDT. |mdtnum | -|MDTClientLatency |No |MDT Client Latency |MilliSeconds |Average |Client latency for all operations to MDTs. |mdtnum, operation | -|MDTClientOps |No |Client MDT Ops |Count |Average |Number of client MDT metadata ops performed. |mdtnum, operation | -|MDTConnectedClients |No |MDT Connected Clients |Count |Average |Number of client connections (exports) to the MDT |mdtnum | -|MDTFilesFree |No |MDT Files Free |Count |Average |Count of free files (inodes) on the MDT. |mdtnum | -|MDTFilesTotal |No |MDT Files Total |Count |Average |Total number of files supported on the MDT. |mdtnum | -|MDTFilesUsed |No |MDT Files Used |Count |Average |Number of total supported files minus the number of free files on the MDT. |mdtnum | -|OSTBytesAvailable |No |OST Bytes Available |Bytes |Average |Number of bytes marked as available on the OST. |ostnum | -|OSTBytesTotal |No |OST Bytes Total |Bytes |Average |Total number of bytes supported on the OST. |ostnum | -|OSTBytesUsed |No |OST Bytes Used |Bytes |Average |Number of bytes available for use minus the number of bytes marked as free on the OST. |ostnum | -|OSTClientLatency |No |OST Client Latency |MilliSeconds |Average |Client latency for all operations to OSTs. |ostnum, operation | -|OSTClientOps |No |Client OST Ops |Count |Average |Number of client OST metadata ops performed. |ostnum, operation | -|OSTConnectedClients |No |OST Connected Clients |Count |Average |Number of client connections (exports) to the OST |ostnum | -|OSTFilesFree |No |OST Files Free |Count |Average |Count of free files (inodes) on the OST. |ostnum | -|OSTFilesTotal |No |OST Files Total |Count |Average |Total number of files supported on the OST. |ostnum | -|OSTFilesUsed |No |OST Files Used |Count |Average |Number of total supported files minus the number of free files on the OST. |ostnum | --## Microsoft.StorageCache/caches -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|ClientIOPS |Yes |Total Client IOPS |Count |Average |The rate of client file operations processed by the Cache. |No Dimensions | -|ClientLatency |Yes |Average Client Latency |MilliSeconds |Average |Average latency of client file operations to the Cache. |No Dimensions | -|ClientLockIOPS |Yes |Client Lock IOPS |CountPerSecond |Average |Client file locking operations per second. |No Dimensions | -|ClientMetadataReadIOPS |Yes |Client Metadata Read IOPS |CountPerSecond |Average |The rate of client file operations sent to the Cache, excluding data reads, that do not modify persistent state. |No Dimensions | -|ClientMetadataWriteIOPS |Yes |Client Metadata Write IOPS |CountPerSecond |Average |The rate of client file operations sent to the Cache, excluding data writes, that modify persistent state. |No Dimensions | -|ClientReadIOPS |Yes |Client Read IOPS |CountPerSecond |Average |Client read operations per second. |No Dimensions | -|ClientReadThroughput |Yes |Average Cache Read Throughput |BytesPerSecond |Average |Client read data transfer rate. |No Dimensions | -|ClientStatus |Yes |Client Status |Count |Total |Client connection information. |ClientSource, CacheAddress, ClientAddress, Protocol, ConnectionType | -|ClientWriteIOPS |Yes |Client Write IOPS |CountPerSecond |Average |Client write operations per second. |No Dimensions | -|ClientWriteThroughput |Yes |Average Cache Write Throughput |BytesPerSecond |Average |Client write data transfer rate. |No Dimensions | -|FileOps |Yes |File Operations |CountPerSecond |Average |Number of file operations per second. |SourceFile, Rank, FileType | -|FileReads |Yes |File Reads |BytesPerSecond |Average |Number of bytes per second read from a file. |SourceFile, Rank, FileType | -|FileUpdates |Yes |File Updates |CountPerSecond |Average |Number of directory updates and metadata operations per second. |SourceFile, Rank, FileType | -|FileWrites |Yes |File Writes |BytesPerSecond |Average |Number of bytes per second written to a file. |SourceFile, Rank, FileType | -|StorageTargetAccessErrors |Yes |Storage Target Access Errors Received |Count |Total |The rate of access error responses received by the cache from a specific StorageTarget. For more details, see https://www.rfc-editor.org/rfc/rfc1813#section-2.6 (NFS3ERR_ACCES). |StorageTarget | -|StorageTargetAsyncWriteThroughput |Yes |StorageTarget Asynchronous Write Throughput |BytesPerSecond |Average |The rate the Cache asynchronously writes data to a particular StorageTarget. These are opportunistic writes that do not cause clients to block. |StorageTarget | -|StorageTargetBlocksRecycled |Yes |Storage Target Blocks Recycled |Count |Average |Total number of 16k cache blocks recycled (freed) per Storage Target. |StorageTarget | -|StorageTargetFileTooLargeErrors |Yes |Storage Target File Too Large Errors Received |Count |Total |The rate of file too large error responses received by the cache from a specific StorageTarget. For more details, see https://www.rfc-editor.org/rfc/rfc1813#section-2.6 (NFS3ERR_FBIG). |StorageTarget | -|StorageTargetFillThroughput |Yes |StorageTarget Fill Throughput |BytesPerSecond |Average |The rate the Cache reads data from the StorageTarget to handle a cache miss. |StorageTarget | -|StorageTargetFlushFailureErrors |Yes |Storage Target Total Flush Failures |Count |Total |The rate of file flush request failures reported by the writeback state machine for a specific StorageTarget. |StorageTarget | -|StorageTargetFreeReadSpace |Yes |Storage Target Free Read Space |Bytes |Average |Read space available for caching files associated with a storage target. |StorageTarget | -|StorageTargetFreeWriteSpace |Yes |Storage Target Free Write Space |Bytes |Average |Write space available for changed files associated with a storage target. |StorageTarget | -|StorageTargetHealth |Yes |Storage Target Health |Count |Average |Boolean results of connectivity test between the Cache and Storage Targets. |No Dimensions | -|StorageTargetIOPS |Yes |Total StorageTarget IOPS |Count |Average |The rate of all file operations the Cache sends to a particular StorageTarget. |StorageTarget | -|StorageTargetLatency |Yes |StorageTarget Latency |MilliSeconds |Average |The average round trip latency of all the file operations the Cache sends to a partricular StorageTarget. |StorageTarget | -|StorageTargetMetadataReadIOPS |Yes |StorageTarget Metadata Read IOPS |CountPerSecond |Average |The rate of file operations that do not modify persistent state, and excluding the read operation, that the Cache sends to a particular StorageTarget. |StorageTarget | -|StorageTargetMetadataWriteIOPS |Yes |StorageTarget Metadata Write IOPS |CountPerSecond |Average |The rate of file operations that do modify persistent state and excluding the write operation, that the Cache sends to a particular StorageTarget. |StorageTarget | -|StorageTargetNoSpaceErrors |Yes |Storage Target No Space Errors Received |Count |Total |The rate of no space available error responses received by the cache from a specific StorageTarget. For more details, see https://www.rfc-editor.org/rfc/rfc1813#section-2.6 (NFS3ERR_NOSPC). |StorageTarget | -|StorageTargetPermissionErrors |Yes |Storage Target Permission Errors Received |Count |Total |The rate of permission error responses received by the cache from a specific StorageTarget. For more details, see https://www.rfc-editor.org/rfc/rfc1813#section-2.6 (NFS3ERR_PERM). |StorageTarget | -|StorageTargetQuotaLimitErrors |Yes |Storage Target Quota Limit Errors Received |Count |Total |The rate of quota limit error responses received by the cache from a specific StorageTarget. For more details, see https://www.rfc-editor.org/rfc/rfc1813#section-2.6 (NFS3ERR_DQUOT). |StorageTarget | -|StorageTargetReadAheadThroughput |Yes |StorageTarget Read Ahead Throughput |BytesPerSecond |Average |The rate the Cache opportunisticly reads data from the StorageTarget. |StorageTarget | -|StorageTargetReadIOPS |Yes |StorageTarget Read IOPS |CountPerSecond |Average |The rate of file read operations the Cache sends to a particular StorageTarget. |StorageTarget | -|StorageTargetReadOnlyErrors |Yes |Storage Target Read-Only Filesystem Errors Received |Count |Total |The rate of read-only filesystem error responses received by the cache from a specific StorageTarget. For more details, see https://www.rfc-editor.org/rfc/rfc1813#section-2.6 (NFS3ERR_ROFS). |StorageTarget | -|StorageTargetRecycleRate |Yes |Storage Target Recycle Rate |BytesPerSecond |Average |Cache space recycle rate associated with a storage target in the HPC Cache. This is the rate at which existing data is cleared from the cache to make room for new data. |StorageTarget | -|StorageTargetRequestTooSmallErrors |Yes |Storage Target Request Too Small Errors Received |Count |Total |The rate of request too small error responses received by the cache from a specific StorageTarget. For more details, see https://www.rfc-editor.org/rfc/rfc1813#section-2.6 (NFS3ERR_TOOSMALL). |StorageTarget | -|StorageTargetRetryableFlushErrors |Yes |Storage Target Retryable Flush Request Errors |Count |Total |The rate of retryable file flush errors reported by the writeback state machine for a specific StorageTarget. |StorageTarget | -|StorageTargetSpaceAllocation |Yes |Storage Target Space Allocation |Bytes |Average |Total space (read and write) allocated for a storage target. |StorageTarget | -|StorageTargetSyncWriteThroughput |Yes |StorageTarget Synchronous Write Throughput |BytesPerSecond |Average |The rate the Cache synchronously writes data to a particular StorageTarget. These are writes that do cause clients to block. |StorageTarget | -|StorageTargetTotalCacheOps |Yes |Storage Target Total Cache Ops |Count |Total |The rate of operations the cache is servicing for the namespace represented by a specific StorageTarget. |StorageTarget | -|StorageTargetTotalReadSpace |Yes |Storage Target Total Read Space |Bytes |Average |Total read space allocated for caching files associated with a storage target. |StorageTarget | -|StorageTargetTotalReadThroughput |Yes |StorageTarget Total Read Throughput |BytesPerSecond |Average |The total rate that the Cache reads data from a particular StorageTarget. |StorageTarget | -|StorageTargetTotalWriteSpace |Yes |Storage Target Total Write Space |Bytes |Average |Total write space allocated for changed files associated with a storage target. |StorageTarget | -|StorageTargetTotalWriteThroughput |Yes |StorageTarget Total Write Throughput |BytesPerSecond |Average |The total rate that the Cache writes data to a particular StorageTarget. |StorageTarget | -|StorageTargetUnrecoverableFlushErrors |Yes |Storage Target Uncoverable Flush Request Errors |Count |Total |The rate of unrecoverable file flush errors reported by the writeback state machine for a specific StorageTarget. |StorageTarget | -|StorageTargetUpdateFoundAsyncCacheOps |Yes |Storage Target Update Found Asynchronous Verification Cache Ops |Count |Total |The rate of file updates discovered by asynchronous verification operations sent by the cache to a specific StorageTarget. |StorageTarget | -|StorageTargetUpdateFoundSyncCacheOps |Yes |Storage Target Update Found Synchronous Verification Cache Ops |Count |Total |The rate of file updates discovered by synchronous verification operations sent by the cache to a specific StorageTarget. |StorageTarget | -|StorageTargetUsedReadSpace |Yes |Storage Target Used Read Space |Bytes |Average |Read space used by cached files associated with a storage target. |StorageTarget | -|StorageTargetUsedWriteSpace |Yes |Storage Target Used Write Space |Bytes |Average |Write space used by changed files associated with a storage target. |StorageTarget | -|StorageTargetVerificationAsyncCacheOps |Yes |Storage Target Asynchronous Verification Cache Ops |Count |Total |The rate of asynchronous verification operations sent by the cache to a specific StorageTarget. |StorageTarget | -|StorageTargetVerificationSyncCacheOps |Yes |Storage Target Synchronous Verification Cache Ops |Count |Total |The rate of synchronous verification operations sent by the cache to a specific StorageTarget. |StorageTarget | -|StorageTargetWriteIOPS |Yes |StorageTarget Write IOPS |Count |Average |The rate of the file write operations the Cache sends to a particular StorageTarget. |StorageTarget | -|TotalBlocksRecycled |Yes |Total Blocks Recycled |Count |Average |Total number of 16k cache blocks recycled (freed) for the HPC Cache. |No Dimensions | -|TotalFreeReadSpace |Yes |Free Read Space |Bytes |Average |Total space available for caching read files. |No Dimensions | -|TotalFreeWriteSpace |Yes |Free Write Read Space |Bytes |Average |Total write space available to store changed data in the cache. |No Dimensions | -|TotalRecycleRate |Yes |Recycle Rate |BytesPerSecond |Average |Total cache space recycle rate in the HPC Cache. This is the rate at which existing data is cleared from the cache to make room for new data. |No Dimensions | -|TotalUsedReadSpace |Yes |Used Read Space |Bytes |Average |Total read space used by changed files for the HPC Cache. |No Dimensions | -|TotalUsedWriteSpace |Yes |Used Write Space |Bytes |Average |Total write space used by changed files for the HPC Cache. |No Dimensions | -|Uptime |Yes |Uptime |Count |Average |Boolean results of connectivity test between the Cache and monitoring system. |No Dimensions | --## Microsoft.StorageMover/storageMovers -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|JobRunScanThroughputItems |Yes |Job Run Scan Throughput Items |CountPerSecond |Average |Job Run scan throughput in items/sec |JobRunName | -|JobRunTransferThroughputBytes |Yes |Job Run Transfer Throughput Bytes |BytesPerSecond |Average |Job Run transfer throughput in bytes/sec |JobRunName | -|JobRunTransferThroughputItems |Yes |Job Run Transfer Throughput Items |CountPerSecond |Average |Job Run transfer throughput in items/sec |JobRunName | --## Microsoft.StorageSync/storageSyncServices -<!-- Data source : arm--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|ServerSyncSessionResult |Yes |Sync Session Result |Count |Average |Metric that logs a value of 1 each time the Server Endpoint successfully completes a Sync Session with the Cloud Endpoint |SyncGroupName, ServerEndpointName, SyncDirection | -|StorageSyncBatchTransferredFileBytes |Yes |Bytes synced |Bytes |Total |Total file size transferred for Sync Sessions |SyncGroupName, ServerEndpointName, SyncDirection | -|StorageSyncComputedCacheHitRate |Yes |Cloud tiering cache hit rate |Percent |Average |Percentage of bytes that were served from the cache |SyncGroupName, ServerName, ServerEndpointName | -|StorageSyncDataSizeByAccessPattern |No |Cache data size by last access time |Bytes |Average |Size of data by last access time |SyncGroupName, ServerName, ServerEndpointName, LastAccessTime | -|StorageSyncIncrementalTieredDataSizeBytes |Yes |Cloud tiering size of data tiered by last maintenance job |Bytes |Total |Size of data tiered during last maintenance job |SyncGroupName, ServerName, ServerEndpointName, TieringReason | -|StorageSyncRecallComputedSuccessRate |Yes |Cloud tiering recall success rate |Percent |Average |Percentage of all recalls that were successful |SyncGroupName, ServerName, ServerEndpointName | -|StorageSyncRecalledNetworkBytesByApplication |Yes |Cloud tiering recall size by application |Bytes |Total |Size of data recalled by application |SyncGroupName, ServerName, ApplicationName | -|StorageSyncRecalledTotalNetworkBytes |Yes |Cloud tiering recall size |Bytes |Total |Size of data recalled |SyncGroupName, ServerName, ServerEndpointName | -|StorageSyncRecallThroughputBytesPerSecond |Yes |Cloud tiering recall throughput |BytesPerSecond |Average |Size of data recall throughput |SyncGroupName, ServerName, ServerEndpointName | -|StorageSyncServerHeartbeat |Yes |Server Online Status |Count |Maximum |Metric that logs a value of 1 each time the resigtered server successfully records a heartbeat with the Cloud Endpoint |ServerName | -|StorageSyncSyncSessionAppliedFilesCount |Yes |Files Synced |Count |Total |Count of Files synced |SyncGroupName, ServerEndpointName, SyncDirection | -|StorageSyncSyncSessionPerItemErrorsCount |Yes |Files not syncing |Count |Average |Count of files failed to sync |SyncGroupName, ServerEndpointName, SyncDirection | -|StorageSyncTieredDataSizeBytes |Yes |Cloud tiering size of data tiered |Bytes |Average |Size of data tiered to Azure file share |SyncGroupName, ServerName, ServerEndpointName | -|StorageSyncTieringCacheSizeBytes |Yes |Server cache size |Bytes |Average |Size of data cached on the server |SyncGroupName, ServerName, ServerEndpointName | --## Microsoft.StreamAnalytics/streamingjobs -<!-- Data source : arm--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|AMLCalloutFailedRequests |Yes |Failed Function Requests |Count |Total |Failed Function Requests |LogicalName, PartitionId, ProcessorInstance, NodeName | -|AMLCalloutInputEvents |Yes |Function Events |Count |Total |Function Events |LogicalName, PartitionId, ProcessorInstance, NodeName | -|AMLCalloutRequests |Yes |Function Requests |Count |Total |Function Requests |LogicalName, PartitionId, ProcessorInstance, NodeName | -|ConversionErrors |Yes |Data Conversion Errors |Count |Total |Data Conversion Errors |LogicalName, PartitionId, ProcessorInstance, NodeName | -|DeserializationError |Yes |Input Deserialization Errors |Count |Total |Input Deserialization Errors |LogicalName, PartitionId, ProcessorInstance, NodeName | -|DroppedOrAdjustedEvents |Yes |Out of order Events |Count |Total |Out of order Events |LogicalName, PartitionId, ProcessorInstance, NodeName | -|EarlyInputEvents |Yes |Early Input Events |Count |Total |Early Input Events |LogicalName, PartitionId, ProcessorInstance, NodeName | -|Errors |Yes |Runtime Errors |Count |Total |Runtime Errors |LogicalName, PartitionId, ProcessorInstance, NodeName | -|InputEventBytes |Yes |Input Event Bytes |Bytes |Total |Input Event Bytes |LogicalName, PartitionId, ProcessorInstance, NodeName | -|InputEvents |Yes |Input Events |Count |Total |Input Events |LogicalName, PartitionId, ProcessorInstance, NodeName | -|InputEventsSourcesBacklogged |Yes |Backlogged Input Events |Count |Maximum |Backlogged Input Events |LogicalName, PartitionId, ProcessorInstance, NodeName | -|InputEventsSourcesPerSecond |Yes |Input Sources Received |Count |Total |Input Sources Received |LogicalName, PartitionId, ProcessorInstance, NodeName | -|LateInputEvents |Yes |Late Input Events |Count |Total |Late Input Events |LogicalName, PartitionId, ProcessorInstance, NodeName | -|OutputEvents |Yes |Output Events |Count |Total |Output Events |LogicalName, PartitionId, ProcessorInstance, NodeName | -|OutputWatermarkDelaySeconds |Yes |Watermark Delay |Seconds |Maximum |Watermark Delay |LogicalName, PartitionId, ProcessorInstance, NodeName | -|ProcessCPUUsagePercentage |Yes |CPU % Utilization |Percent |Maximum |CPU % Utilization |LogicalName, PartitionId, ProcessorInstance, NodeName | -|ResourceUtilization |Yes |SU (Memory) % Utilization |Percent |Maximum |SU (Memory) % Utilization |LogicalName, PartitionId, ProcessorInstance, NodeName | --## Microsoft.Synapse/workspaces -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|BuiltinSqlPoolDataProcessedBytes |No |Data processed (bytes) |Bytes |Total |Amount of data processed by queries |No Dimensions | -|BuiltinSqlPoolLoginAttempts |No |Login attempts |Count |Total |Count of login attempts that succeded or failed |Result | -|BuiltinSqlPoolRequestsEnded |No |Requests ended |Count |Total |Count of Requests that succeeded, failed, or were cancelled |Result | -|IntegrationActivityRunsEnded |No |Activity runs ended |Count |Total |Count of integration activities that succeeded, failed, or were cancelled |Result, FailureType, Activity, ActivityType, Pipeline | -|IntegrationLinkConnectionEvents |No |Link connection events |Count |Total |Number of Synapse Link connection events including start, stop and failure. |EventType, LinkConnectionName | -|IntegrationLinkProcessedChangedRows |No |Link processed rows |Count |Total |Changed row count processed by Synapse Link. |TableName, LinkConnectionName | -|IntegrationLinkProcessedDataVolume |No |Link processed data volume (bytes) |Bytes |Total |Data volume in bytes processed by Synapse Link. |TableName, LinkTableStatus, LinkConnectionName | -|IntegrationLinkProcessingLatencyInSeconds |No |Link latency in seconds |Count |Maximum |Synapse Link data processing latency in seconds. |LinkConnectionName | -|IntegrationLinkTableEvents |No |Link table events |Count |Total |Number of Synapse Link table events including snapshot, removal and failure. |TableName, EventType, LinkConnectionName | -|IntegrationPipelineRunsEnded |No |Pipeline runs ended |Count |Total |Count of integration pipeline runs that succeeded, failed, or were cancelled |Result, FailureType, Pipeline | -|IntegrationTriggerRunsEnded |No |Trigger Runs ended |Count |Total |Count of integration triggers that succeeded, failed, or were cancelled |Result, FailureType, Trigger | -|SQLStreamingBackloggedInputEventSources |No |Backlogged input events (preview) |Count |Total |This is a preview metric available in East US, West Europe. Number of input events sources backlogged. |SQLPoolName, SQLDatabaseName, JobName, LogicalName, PartitionId, ProcessorInstance | -|SQLStreamingConversionErrors |No |Data conversion errors (preview) |Count |Total |This is a preview metric available in East US, West Europe. Number of output events that could not be converted to the expected output schema. Error policy can be changed to 'Drop' to drop events that encounter this scenario. |SQLPoolName, SQLDatabaseName, JobName, LogicalName, PartitionId, ProcessorInstance | -|SQLStreamingDeserializationError |No |Input deserialization errors (preview) |Count |Total |This is a preview metric available in East US, West Europe. Number of input events that could not be deserialized. |SQLPoolName, SQLDatabaseName, JobName, LogicalName, PartitionId, ProcessorInstance | -|SQLStreamingEarlyInputEvents |No |Early input events (preview) |Count |Total |This is a preview metric available in East US, West Europe. Number of input events which application time is considered early compared to arrival time, according to early arrival policy. |SQLPoolName, SQLDatabaseName, JobName, LogicalName, PartitionId, ProcessorInstance | -|SQLStreamingInputEventBytes |No |Input event bytes (preview) |Count |Total |This is a preview metric available in East US, West Europe. Amount of data received by the streaming job, in bytes. This can be used to validate that events are being sent to the input source. |SQLPoolName, SQLDatabaseName, JobName, LogicalName, PartitionId, ProcessorInstance | -|SQLStreamingInputEvents |No |Input events (preview) |Count |Total |This is a preview metric available in East US, West Europe. Number of input events. |SQLPoolName, SQLDatabaseName, JobName, LogicalName, PartitionId, ProcessorInstance | -|SQLStreamingInputEventsSourcesPerSecond |No |Input sources received (preview) |Count |Total |This is a preview metric available in East US, West Europe. Number of input events sources per second. |SQLPoolName, SQLDatabaseName, JobName, LogicalName, PartitionId, ProcessorInstance | -|SQLStreamingLateInputEvents |No |Late input events (preview) |Count |Total |This is a preview metric available in East US, West Europe. Number of input events which application time is considered late compared to arrival time, according to late arrival policy. |SQLPoolName, SQLDatabaseName, JobName, LogicalName, PartitionId, ProcessorInstance | -|SQLStreamingOutOfOrderEvents |No |Out of order events (preview) |Count |Total |This is a preview metric available in East US, West Europe. Number of Event Hub Events (serialized messages) received by the Event Hub Input Adapter, received out of order that were either dropped or given an adjusted timestamp, based on the Event Ordering Policy. |SQLPoolName, SQLDatabaseName, JobName, LogicalName, PartitionId, ProcessorInstance | -|SQLStreamingOutputEvents |No |Output events (preview) |Count |Total |This is a preview metric available in East US, West Europe. Number of output events. |SQLPoolName, SQLDatabaseName, JobName, LogicalName, PartitionId, ProcessorInstance | -|SQLStreamingOutputWatermarkDelaySeconds |No |Watermark delay (preview) |Count |Maximum |This is a preview metric available in East US, West Europe. Output watermark delay in seconds. |SQLPoolName, SQLDatabaseName, JobName, LogicalName, PartitionId, ProcessorInstance | -|SQLStreamingResourceUtilization |No |Resource % utilization (preview) |Percent |Maximum |This is a preview metric available in East US, West Europe. Resource utilization expressed as a percentage. High utilization indicates that the job is using close to the maximum allocated resources. |SQLPoolName, SQLDatabaseName, JobName, LogicalName, PartitionId, ProcessorInstance | -|SQLStreamingRuntimeErrors |No |Runtime errors (preview) |Count |Total |This is a preview metric available in East US, West Europe. Total number of errors related to query processing (excluding errors found while ingesting events or outputting results). |SQLPoolName, SQLDatabaseName, JobName, LogicalName, PartitionId, ProcessorInstance | --## Microsoft.Synapse/workspaces/bigDataPools -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|BigDataPoolAllocatedCores |No |vCores allocated |Count |Maximum |Allocated vCores for an Apache Spark Pool |SubmitterId | -|BigDataPoolAllocatedMemory |No |Memory allocated (GB) |Count |Maximum |Allocated Memory for Apach Spark Pool (GB) |SubmitterId | -|BigDataPoolApplicationsActive |No |Active Apache Spark applications |Count |Maximum |Total Active Apache Spark Pool Applications |JobState | -|BigDataPoolApplicationsEnded |No |Ended Apache Spark applications |Count |Total |Count of Apache Spark pool applications ended |JobType, JobResult | --## Microsoft.Synapse/workspaces/kustoPools -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|BatchBlobCount |Yes |Batch Blob Count |Count |Average |Number of data sources in an aggregated batch for ingestion. |Database | -|BatchDuration |Yes |Batch Duration |Seconds |Average |The duration of the aggregation phase in the ingestion flow. |Database | -|BatchesProcessed |Yes |Batches Processed |Count |Total |Number of batches aggregated for ingestion. Batching Type: whether the batch reached batching time, data size or number of files limit set by batching policy |Database, SealReason | -|BatchSize |Yes |Batch Size |Bytes |Average |Uncompressed expected data size in an aggregated batch for ingestion. |Database | -|BlobsDropped |Yes |Blobs Dropped |Count |Total |Number of blobs permanently rejected by a component. |Database, ComponentType, ComponentName | -|BlobsProcessed |Yes |Blobs Processed |Count |Total |Number of blobs processed by a component. |Database, ComponentType, ComponentName | -|BlobsReceived |Yes |Blobs Received |Count |Total |Number of blobs received from input stream by a component. |Database, ComponentType, ComponentName | -|CacheUtilization |Yes |Cache utilization (deprecated) |Percent |Average |Utilization level in the cluster scope. The metric is deprecated and presented for backward compatibility only, you should use the 'Cache utilization factor' metric instead. |No Dimensions | -|CacheUtilizationFactor |Yes |Cache utilization factor |Percent |Average |Percentage of utilized disk space dedicated for hot cache in the cluster. 100% means that the disk space assigned to hot data is optimally utilized. No action is needed in terms of the cache size. More than 100% means that the cluster's disk space is not large enough to accommodate the hot data, as defined by your caching policies. To ensure that sufficient space is available for all the hot data, the amount of hot data needs to be reduced or the cluster needs to be scaled out. Enabling auto scale is recommended. |No Dimensions | -|ContinuousExportMaxLatenessMinutes |Yes |Continuous Export Max Lateness |Count |Maximum |The lateness (in minutes) reported by the continuous export jobs in the cluster |No Dimensions | -|ContinuousExportNumOfRecordsExported |Yes |Continuous export - num of exported records |Count |Total |Number of records exported, fired for every storage artifact written during the export operation |ContinuousExportName, Database | -|ContinuousExportPendingCount |Yes |Continuous Export Pending Count |Count |Maximum |The number of pending continuous export jobs ready for execution |No Dimensions | -|ContinuousExportResult |Yes |Continuous Export Result |Count |Count |Indicates whether Continuous Export succeeded or failed |ContinuousExportName, Result, Database | -|CPU |Yes |CPU |Percent |Average |CPU utilization level |No Dimensions | -|DiscoveryLatency |Yes |Discovery Latency |Seconds |Average |Reported by data connections (if exist). Time in seconds from when a message is enqueued or event is created until it is discovered by data connection. This time is not included in the Azure Data Explorer total ingestion duration. |ComponentType, ComponentName | -|EventsDropped |Yes |Events Dropped |Count |Total |Number of events dropped permanently by data connection. An Ingestion result metric with a failure reason will be sent. |ComponentType, ComponentName | -|EventsProcessed |Yes |Events Processed |Count |Total |Number of events processed by the cluster |ComponentType, ComponentName | -|EventsProcessedForEventHubs |Yes |Events Processed (for Event/IoT Hubs) |Count |Total |Number of events processed by the cluster when ingesting from Event/IoT Hub |EventStatus | -|EventsReceived |Yes |Events Received |Count |Total |Number of events received by data connection. |ComponentType, ComponentName | -|ExportUtilization |Yes |Export Utilization |Percent |Maximum |Export utilization |No Dimensions | -|FollowerLatency |Yes |FollowerLatency |MilliSeconds |Average |The follower databases synchronize changes in the leader databases. Because of the synchronization, there's a data lag of a few seconds to a few minutes in data availability.This metric measures the length of the time lag. The time lag depends on the overall size of the leader database metadata.This is a cluster level metrics: the followers catch metadata of all databases that are followed. This metric represents the latency of the process. |State, RoleInstance | -|IngestionLatencyInSeconds |Yes |Ingestion Latency |Seconds |Average |Latency of data ingested, from the time the data was received in the cluster until it's ready for query. The ingestion latency period depends on the ingestion scenario. |No Dimensions | -|IngestionResult |Yes |Ingestion result |Count |Total |Total number of sources that either failed or succeeded to be ingested. Splitting the metric by status, you can get detailed information about the status of the ingestion operations. |IngestionResultDetails, FailureKind | -|IngestionUtilization |Yes |Ingestion utilization |Percent |Average |Ratio of used ingestion slots in the cluster |No Dimensions | -|IngestionVolumeInMB |Yes |Ingestion Volume |Bytes |Total |Overall volume of ingested data to the cluster |Database | -|InstanceCount |Yes |Instance Count |Count |Average |Total instance count |No Dimensions | -|KeepAlive |Yes |Keep alive |Count |Average |Sanity check indicates the cluster responds to queries |No Dimensions | -|MaterializedViewAgeMinutes |Yes |Materialized View Age |Count |Average |The materialized view age in minutes |Database, MaterializedViewName | -|MaterializedViewAgeSeconds |Yes |Materialized View Age |Seconds |Average |The materialized view age in seconds |Database, MaterializedViewName | -|MaterializedViewDataLoss |Yes |Materialized View Data Loss |Count |Maximum |Indicates potential data loss in materialized view |Database, MaterializedViewName, Kind | -|MaterializedViewExtentsRebuild |Yes |Materialized View Extents Rebuild |Count |Average |Number of extents rebuild |Database, MaterializedViewName | -|MaterializedViewHealth |Yes |Materialized View Health |Count |Average |The health of the materialized view (1 for healthy, 0 for non-healthy) |Database, MaterializedViewName | -|MaterializedViewRecordsInDelta |Yes |Materialized View Records In Delta |Count |Average |The number of records in the non-materialized part of the view |Database, MaterializedViewName | -|MaterializedViewResult |Yes |Materialized View Result |Count |Average |The result of the materialization process |Database, MaterializedViewName, Result | -|QueryDuration |Yes |Query duration |MilliSeconds |Average |Queries duration in seconds |QueryStatus | -|QueryResult |No |Query Result |Count |Count |Total number of queries. |QueryStatus | -|QueueLength |Yes |Queue Length |Count |Average |Number of pending messages in a component's queue. |ComponentType | -|QueueOldestMessage |Yes |Queue Oldest Message |Count |Average |Time in seconds from when the oldest message in queue was inserted. |ComponentType | -|ReceivedDataSizeBytes |Yes |Received Data Size Bytes |Bytes |Average |Size of data received by data connection. This is the size of the data stream, or of raw data size if provided. |ComponentType, ComponentName | -|StageLatency |Yes |Stage Latency |Seconds |Average |Cumulative time from when a message is discovered until it is received by the reporting component for processing (discovery time is set when message is enqueued for ingestion queue, or when discovered by data connection). |Database, ComponentType | -|StreamingIngestDataRate |Yes |Streaming Ingest Data Rate |Bytes |Average |Streaming ingest data rate |No Dimensions | -|StreamingIngestDuration |Yes |Streaming Ingest Duration |MilliSeconds |Average |Streaming ingest duration in milliseconds |No Dimensions | -|StreamingIngestResults |Yes |Streaming Ingest Result |Count |Count |Streaming ingest result |Result | -|TotalNumberOfConcurrentQueries |Yes |Total number of concurrent queries |Count |Maximum |Total number of concurrent queries |No Dimensions | -|TotalNumberOfExtents |Yes |Total number of extents |Count |Average |Total number of data extents |No Dimensions | -|TotalNumberOfThrottledCommands |Yes |Total number of throttled commands |Count |Total |Total number of throttled commands |CommandType | -|TotalNumberOfThrottledQueries |Yes |Total number of throttled queries |Count |Maximum |Total number of throttled queries |No Dimensions | -|WeakConsistencyLatency |Yes |Weak consistency latency |Seconds |Average |The max latency between the previous metadata sync and the next one (in DB/node scope) |Database, RoleInstance | --## Microsoft.Synapse/workspaces/scopePools -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|ScopePoolJobPNMetric |Yes |PN duration of SCOPE job |Milliseconds |Average |PN (process node) duration (Milliseconds) used by each SCOPE job |JobType, JobResult | -|ScopePoolJobQueuedDurationMetric |Yes |Queued duration of SCOPE job |Milliseconds |Average |Queued duration (Milliseconds) used by each SCOPE job |JobType | -|ScopePoolJobRunningDurationMetric |Yes |Running duration of SCOPE job |Milliseconds |Average |Running duration (Milliseconds) used by each SCOPE job |JobType, JobResult | --## Microsoft.Synapse/workspaces/sqlPools -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|ActiveQueries |No |Active queries |Count |Total |The active queries. Using this metric unfiltered and unsplit displays all active queries running on the system |IsUserDefined | -|AdaptiveCacheHitPercent |No |Adaptive cache hit percentage |Percent |Maximum |Measures how well workloads are utilizing the adaptive cache. Use this metric with the cache hit percentage metric to determine whether to scale for additional capacity or rerun workloads to hydrate the cache |No Dimensions | -|AdaptiveCacheUsedPercent |No |Adaptive cache used percentage |Percent |Maximum |Measures how well workloads are utilizing the adaptive cache. Use this metric with the cache used percentage metric to determine whether to scale for additional capacity or rerun workloads to hydrate the cache |No Dimensions | -|Connections |Yes |Connections |Count |Total |Count of Total logins to the SQL pool |Result | -|ConnectionsBlockedByFirewall |No |Connections blocked by firewall |Count |Total |Count of connections blocked by firewall rules. Revisit access control policies for your SQL pool and monitor these connections if the count is high |No Dimensions | -|CPUPercent |No |CPU used percentage |Percent |Maximum |CPU utilization across all nodes in the SQL pool |No Dimensions | -|DWULimit |No |DWU limit |Count |Maximum |Service level objective of the SQL pool |No Dimensions | -|DWUUsed |No |DWU used |Count |Maximum |Represents a high-level representation of usage across the SQL pool. Measured by DWU limit * DWU percentage |No Dimensions | -|DWUUsedPercent |No |DWU used percentage |Percent |Maximum |Represents a high-level representation of usage across the SQL pool. Measured by taking the maximum between CPU percentage and Data IO percentage |No Dimensions | -|LocalTempDBUsedPercent |No |Local tempdb used percentage |Percent |Maximum |Local tempdb utilization across all compute nodes - values are emitted every five minute |No Dimensions | -|MemoryUsedPercent |No |Memory used percentage |Percent |Maximum |Memory utilization across all nodes in the SQL pool |No Dimensions | -|QueuedQueries |No |Queued queries |Count |Total |Cumulative count of requests queued after the max concurrency limit was reached |IsUserDefined | -|WLGActiveQueries |No |Workload group active queries |Count |Total |The active queries within the workload group. Using this metric unfiltered and unsplit displays all active queries running on the system |IsUserDefined, WorkloadGroup | -|WLGActiveQueriesTimeouts |No |Workload group query timeouts |Count |Total |Queries for the workload group that have timed out. Query timeouts reported by this metric are only once the query has started executing (it does not include wait time due to locking or resource waits) |IsUserDefined, WorkloadGroup | -|WLGAllocationByEffectiveCapResourcePercent |No |Workload group allocation by max resource percent |Percent |Maximum |Displays the percentage allocation of resources relative to the Effective cap resource percent per workload group. This metric provides the effective utilization of the workload group |IsUserDefined, WorkloadGroup | -|WLGAllocationBySystemPercent |No |Workload group allocation by system percent |Percent |Maximum |The percentage allocation of resources relative to the entire system |IsUserDefined, WorkloadGroup | -|WLGEffectiveCapResourcePercent |No |Effective cap resource percent |Percent |Maximum |The effective cap resource percent for the workload group. If there are other workload groups with min_percentage_resource > 0, the effective_cap_percentage_resource is lowered proportionally |IsUserDefined, WorkloadGroup | -|WLGEffectiveMinResourcePercent |No |Effective min resource percent |Percent |Maximum |The effective min resource percentage setting allowed considering the service level and the workload group settings. The effective min_percentage_resource can be adjusted higher on lower service levels |IsUserDefined, WorkloadGroup | -|WLGQueuedQueries |No |Workload group queued queries |Count |Total |Cumulative count of requests queued after the max concurrency limit was reached |IsUserDefined, WorkloadGroup | --## Microsoft.TimeSeriesInsights/environments -<!-- Data source : arm--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|IngressReceivedBytes |Yes |Ingress Received Bytes |Bytes |Total |Count of bytes read from all event sources |No Dimensions | -|IngressReceivedInvalidMessages |Yes |Ingress Received Invalid Messages |Count |Total |Count of invalid messages read from all Event hub or IoT hub event sources |No Dimensions | -|IngressReceivedMessages |Yes |Ingress Received Messages |Count |Total |Count of messages read from all Event hub or IoT hub event sources |No Dimensions | -|IngressReceivedMessagesCountLag |Yes |Ingress Received Messages Count Lag |Count |Average |Difference between the sequence number of last enqueued message in the event source partition and sequence number of messages being processed in Ingress |No Dimensions | -|IngressReceivedMessagesTimeLag |Yes |Ingress Received Messages Time Lag |Seconds |Maximum |Difference between the time that the message is enqueued in the event source and the time it is processed in Ingress |No Dimensions | -|IngressStoredBytes |Yes |Ingress Stored Bytes |Bytes |Total |Total size of events successfully processed and available for query |No Dimensions | -|IngressStoredEvents |Yes |Ingress Stored Events |Count |Total |Count of flattened events successfully processed and available for query |No Dimensions | -|WarmStorageMaxProperties |Yes |Warm Storage Max Properties |Count |Maximum |Maximum number of properties used allowed by the environment for S1/S2 SKU and maximum number of properties allowed by Warm Store for PAYG SKU |No Dimensions | -|WarmStorageUsedProperties |Yes |Warm Storage Used Properties |Count |Maximum |Number of properties used by the environment for S1/S2 SKU and number of properties used by Warm Store for PAYG SKU |No Dimensions | --## Microsoft.TimeSeriesInsights/environments/eventsources -<!-- Data source : arm--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|IngressReceivedBytes |Yes |Ingress Received Bytes |Bytes |Total |Count of bytes read from the event source |No Dimensions | -|IngressReceivedInvalidMessages |Yes |Ingress Received Invalid Messages |Count |Total |Count of invalid messages read from the event source |No Dimensions | -|IngressReceivedMessages |Yes |Ingress Received Messages |Count |Total |Count of messages read from the event source |No Dimensions | -|IngressReceivedMessagesCountLag |Yes |Ingress Received Messages Count Lag |Count |Average |Difference between the sequence number of last enqueued message in the event source partition and sequence number of messages being processed in Ingress |No Dimensions | -|IngressReceivedMessagesTimeLag |Yes |Ingress Received Messages Time Lag |Seconds |Maximum |Difference between the time that the message is enqueued in the event source and the time it is processed in Ingress |No Dimensions | -|IngressStoredBytes |Yes |Ingress Stored Bytes |Bytes |Total |Total size of events successfully processed and available for query |No Dimensions | -|IngressStoredEvents |Yes |Ingress Stored Events |Count |Total |Count of flattened events successfully processed and available for query |No Dimensions | -|WarmStorageMaxProperties |Yes |Warm Storage Max Properties |Count |Maximum |Maximum number of properties used allowed by the environment for S1/S2 SKU and maximum number of properties allowed by Warm Store for PAYG SKU |No Dimensions | -|WarmStorageUsedProperties |Yes |Warm Storage Used Properties |Count |Maximum |Number of properties used by the environment for S1/S2 SKU and number of properties used by Warm Store for PAYG SKU |No Dimensions | --## Microsoft.VoiceServices/CommunicationsGateways -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|ActiveCallFailures |No |Active Call Failures |Percent |Average |Percentage of active call failures |Region | -|ActiveCalls |No |Active Calls |Count |Average |Count of the total number of active calls (signaling sessions) |Region | -|ActiveEmergencyCalls |No |Active Emergency Calls |Count |Average |Count of the total number of active emergency calls |Region | --## Microsoft.Web/containerapps -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|Replicas |Yes |Replica Count |Count |Maximum |Number of replicas count of container app |revisionName, deploymentName | -|Requests |Yes |Requests |Count |Total |Requests processed |revisionName, podName, statusCodeCategory, statusCode | -|RestartCount |Yes |Replica Restart Count |Count |Maximum |Restart count of container app replicas |revisionName, podName | -|RxBytes |Yes |Network In Bytes |Bytes |Total |Network received bytes |revisionName, podName | -|TxBytes |Yes |Network Out Bytes |Bytes |Total |Network transmitted bytes |revisionName, podName | -|UsageNanoCores |Yes |CPU Usage Nanocores |NanoCores |Average |CPU consumed by the container app, in nano cores. 1,000,000,000 nano cores = 1 core |revisionName, podName | -|WorkingSetBytes |Yes |Memory Working Set Bytes |Bytes |Average |Container App working set memory used in bytes. |revisionName, podName | --## Microsoft.Web/hostingEnvironments -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|ActiveRequests |Yes |Active Requests (deprecated) |Count |Total |Number of requests being actively handled by the App Service Environment at any given time |Instance | -|AverageResponseTime |Yes |Average Response Time (deprecated) |Seconds |Average |Average time taken for the ASE to serve requests |Instance | -|BytesReceived |Yes |Data In |Bytes |Total |Incoming bandwidth used across all front end instances |Instance | -|BytesSent |Yes |Data Out |Bytes |Total |Outgoing bandwidth used across all front end instances |Instance | -|CpuPercentage |Yes |CPU Percentage |Percent |Average |CPU used across all front end instances |Instance | -|DiskQueueLength |Yes |Disk Queue Length |Count |Average |Number of both read and write requests that were queued on storage |Instance | -|Http101 |Yes |Http 101 |Count |Total |Number of requests resulting in an HTTP 101 status code |Instance | -|Http2xx |Yes |Http 2xx |Count |Total |Number of requests resulting in an HTTP status code ≥ 200 but < 300 |Instance | -|Http3xx |Yes |Http 3xx |Count |Total |Number of requests resulting in an HTTP status code ≥ 300 but < 400 |Instance | -|Http401 |Yes |Http 401 |Count |Total |Number of requests resulting in an HTTP 401 status code |Instance | -|Http403 |Yes |Http 403 |Count |Total |Number of requests resulting in an HTTP 403 status code |Instance | -|Http404 |Yes |Http 404 |Count |Total |Number of requests resulting in an HTTP 404 status code |Instance | -|Http406 |Yes |Http 406 |Count |Total |Number of requests resulting in an HTTP 406 status code |Instance | -|Http4xx |Yes |Http 4xx |Count |Total |Number of requests resulting in an HTTP status code ≥ 400 but < 500 |Instance | -|Http5xx |Yes |Http Server Errors |Count |Total |Number of requests resulting in an HTTP status code ≥ 500 but < 600 |Instance | -|HttpQueueLength |Yes |Http Queue Length |Count |Average |Number of HTTP requests that had to sit on the queue before being fulfilled |Instance | -|HttpResponseTime |Yes |Response Time |Seconds |Average |Time taken for the ASE to serve requests |Instance | -|LargeAppServicePlanInstances |Yes |Large App Service Plan Workers |Count |Average |Number of large App Service Plan worker instances |No Dimensions | -|MediumAppServicePlanInstances |Yes |Medium App Service Plan Workers |Count |Average |Number of medium App Service Plan worker instances |No Dimensions | -|MemoryPercentage |Yes |Memory Percentage |Percent |Average |Memory used across all front end instances |Instance | -|Requests |Yes |Requests |Count |Total |Number of web requests served |Instance | -|SmallAppServicePlanInstances |Yes |Small App Service Plan Workers |Count |Average |Number of small App Service Plan worker instances |No Dimensions | -|TotalFrontEnds |Yes |Total Front Ends |Count |Average |Number of front end instances |No Dimensions | --## Microsoft.Web/hostingenvironments/multirolepools -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|ActiveRequests |Yes |Active Requests (deprecated) |Count |Total |Active Requests |Instance | -|AverageResponseTime |Yes |Average Response Time (deprecated) |Seconds |Average |The average time taken for the front end to serve requests, in seconds. |Instance | -|BytesReceived |Yes |Data In |Bytes |Total |The average incoming bandwidth used across all front ends, in MiB. |Instance | -|BytesSent |Yes |Data Out |Bytes |Total |The average incoming bandwidth used across all front end, in MiB. |Instance | -|CpuPercentage |Yes |CPU Percentage |Percent |Average |The average CPU used across all instances of front end. |Instance | -|DiskQueueLength |Yes |Disk Queue Length |Count |Average |The average number of both read and write requests that were queued on storage. A high disk queue length is an indication of an app that might be slowing down because of excessive disk I/O. |Instance | -|Http101 |Yes |Http 101 |Count |Total |The count of requests resulting in an HTTP status code 101. |Instance | -|Http2xx |Yes |Http 2xx |Count |Total |The count of requests resulting in an HTTP status code ≥ 200 but < 300. |Instance | -|Http3xx |Yes |Http 3xx |Count |Total |The count of requests resulting in an HTTP status code ≥ 300 but < 400. |Instance | -|Http401 |Yes |Http 401 |Count |Total |The count of requests resulting in HTTP 401 status code. |Instance | -|Http403 |Yes |Http 403 |Count |Total |The count of requests resulting in HTTP 403 status code. |Instance | -|Http404 |Yes |Http 404 |Count |Total |The count of requests resulting in HTTP 404 status code. |Instance | -|Http406 |Yes |Http 406 |Count |Total |The count of requests resulting in HTTP 406 status code. |Instance | -|Http4xx |Yes |Http 4xx |Count |Total |The count of requests resulting in an HTTP status code ≥ 400 but < 500. |Instance | -|Http5xx |Yes |Http Server Errors |Count |Total |The count of requests resulting in an HTTP status code ≥ 500 but < 600. |Instance | -|HttpQueueLength |Yes |Http Queue Length |Count |Average |The average number of HTTP requests that had to sit on the queue before being fulfilled. A high or increasing HTTP Queue length is a symptom of a plan under heavy load. |Instance | -|HttpResponseTime |Yes |Response Time |Seconds |Average |The time taken for the front end to serve requests, in seconds. |Instance | -|LargeAppServicePlanInstances |Yes |Large App Service Plan Workers |Count |Average |Large App Service Plan Workers |No Dimensions | -|MediumAppServicePlanInstances |Yes |Medium App Service Plan Workers |Count |Average |Medium App Service Plan Workers |No Dimensions | -|MemoryPercentage |Yes |Memory Percentage |Percent |Average |The average memory used across all instances of front end. |Instance | -|Requests |Yes |Requests |Count |Total |The total number of requests regardless of their resulting HTTP status code. |Instance | -|SmallAppServicePlanInstances |Yes |Small App Service Plan Workers |Count |Average |Small App Service Plan Workers |No Dimensions | -|TotalFrontEnds |Yes |Total Front Ends |Count |Average |Total Front Ends |No Dimensions | --## Microsoft.Web/hostingenvironments/workerpools -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|CpuPercentage |Yes |CPU Percentage |Percent |Average |The average CPU used across all instances of the worker pool. |Instance | -|MemoryPercentage |Yes |Memory Percentage |Percent |Average |The average memory used across all instances of the worker pool. |Instance | -|WorkersAvailable |Yes |Available Workers |Count |Average |Available Workers |No Dimensions | -|WorkersTotal |Yes |Total Workers |Count |Average |Total Workers |No Dimensions | -|WorkersUsed |Yes |Used Workers |Count |Average |Used Workers |No Dimensions | --## Microsoft.Web/serverfarms -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|BytesReceived |Yes |Data In |Bytes |Total |The average incoming bandwidth used across all instances of the plan. |Instance | -|BytesSent |Yes |Data Out |Bytes |Total |The average outgoing bandwidth used across all instances of the plan. |Instance | -|CpuPercentage |Yes |CPU Percentage |Percent |Average |The average CPU used across all instances of the plan. |Instance | -|DiskQueueLength |Yes |Disk Queue Length |Count |Average |The average number of both read and write requests that were queued on storage. A high disk queue length is an indication of an app that might be slowing down because of excessive disk I/O. |Instance | -|HttpQueueLength |Yes |Http Queue Length |Count |Average |The average number of HTTP requests that had to sit on the queue before being fulfilled. A high or increasing HTTP Queue length is a symptom of a plan under heavy load. |Instance | -|MemoryPercentage |Yes |Memory Percentage |Percent |Average |The average memory used across all instances of the plan. |Instance | -|SocketInboundAll |Yes |Socket Count for Inbound Requests |Count |Average |The average number of sockets used for incoming HTTP requests across all the instances of the plan. |Instance | -|SocketLoopback |Yes |Socket Count for Loopback Connections |Count |Average |The average number of sockets used for loopback connections across all the instances of the plan. |Instance | -|SocketOutboundAll |Yes |Socket Count of Outbound Requests |Count |Average |The average number of sockets used for outbound connections across all the instances of the plan irrespective of their TCP states. Having too many outbound connections can cause connectivity errors. |Instance | -|SocketOutboundEstablished |Yes |Established Socket Count for Outbound Requests |Count |Average |The average number of sockets in ESTABLISHED state used for outbound connections across all the instances of the plan. |Instance | -|SocketOutboundTimeWait |Yes |Time Wait Socket Count for Outbound Requests |Count |Average |The average number of sockets in TIME_WAIT state used for outbound connections across all the instances of the plan. High or increasing outbound socket counts in TIME_WAIT state can cause connectivity errors. |Instance | -|TcpCloseWait |Yes |TCP Close Wait |Count |Average |The average number of sockets in CLOSE_WAIT state across all the instances of the plan. |Instance | -|TcpClosing |Yes |TCP Closing |Count |Average |The average number of sockets in CLOSING state across all the instances of the plan. |Instance | -|TcpEstablished |Yes |TCP Established |Count |Average |The average number of sockets in ESTABLISHED state across all the instances of the plan. |Instance | -|TcpFinWait1 |Yes |TCP Fin Wait 1 |Count |Average |The average number of sockets in FIN_WAIT_1 state across all the instances of the plan. |Instance | -|TcpFinWait2 |Yes |TCP Fin Wait 2 |Count |Average |The average number of sockets in FIN_WAIT_2 state across all the instances of the plan. |Instance | -|TcpLastAck |Yes |TCP Last Ack |Count |Average |The average number of sockets in LAST_ACK state across all the instances of the plan. |Instance | -|TcpSynReceived |Yes |TCP Syn Received |Count |Average |The average number of sockets in SYN_RCVD state across all the instances of the plan. |Instance | -|TcpSynSent |Yes |TCP Syn Sent |Count |Average |The average number of sockets in SYN_SENT state across all the instances of the plan. |Instance | -|TcpTimeWait |Yes |TCP Time Wait |Count |Average |The average number of sockets in TIME_WAIT state across all the instances of the plan. |Instance | --## Microsoft.Web/sites -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|AppConnections |Yes |Connections |Count |Average |The number of bound sockets existing in the sandbox (w3wp.exe and its child processes). A bound socket is created by calling bind()/connect() APIs and remains until said socket is closed with CloseHandle()/closesocket(). For WebApps and FunctionApps. |Instance | -|AverageMemoryWorkingSet |Yes |Average memory working set |Bytes |Average |The average amount of memory used by the app, in megabytes (MiB). For WebApps and FunctionApps. |Instance | -|AverageResponseTime |Yes |Average Response Time (deprecated) |Seconds |Average |The average time taken for the app to serve requests, in seconds. For WebApps and FunctionApps. |Instance | -|BytesReceived |Yes |Data In |Bytes |Total |The amount of incoming bandwidth consumed by the app, in MiB. For WebApps and FunctionApps. |Instance | -|BytesSent |Yes |Data Out |Bytes |Total |The amount of outgoing bandwidth consumed by the app, in MiB. For WebApps and FunctionApps. |Instance | -|CpuTime |Yes |CPU Time |Seconds |Total |The amount of CPU consumed by the app, in seconds. For more information about this metric. Please see https://aka.ms/website-monitor-cpu-time-vs-cpu-percentage (CPU time vs CPU percentage). For WebApps only. |Instance | -|CurrentAssemblies |Yes |Current Assemblies |Count |Average |The current number of Assemblies loaded across all AppDomains in this application. For WebApps and FunctionApps. |Instance | -|FileSystemUsage |Yes |File System Usage |Bytes |Average |Percentage of filesystem quota consumed by the app. For WebApps and FunctionApps. |No Dimensions | -|FunctionExecutionCount |Yes |Function Execution Count |Count |Total |Function Execution Count. For FunctionApps only. |Instance | -|FunctionExecutionUnits |Yes |Function Execution Units |Count |Total |Function Execution Units. For FunctionApps only. |Instance | -|Gen0Collections |Yes |Gen 0 Garbage Collections |Count |Total |The number of times the generation 0 objects are garbage collected since the start of the app process. Higher generation GCs include all lower generation GCs. For WebApps and FunctionApps. |Instance | -|Gen1Collections |Yes |Gen 1 Garbage Collections |Count |Total |The number of times the generation 1 objects are garbage collected since the start of the app process. Higher generation GCs include all lower generation GCs. For WebApps and FunctionApps. |Instance | -|Gen2Collections |Yes |Gen 2 Garbage Collections |Count |Total |The number of times the generation 2 objects are garbage collected since the start of the app process. For WebApps and FunctionApps. |Instance | -|Handles |Yes |Handle Count |Count |Average |The total number of handles currently open by the app process. For WebApps and FunctionApps. |Instance | -|HealthCheckStatus |Yes |Health check status |Count |Average |Health check status. For WebApps and FunctionApps. |Instance | -|Http101 |Yes |Http 101 |Count |Total |The count of requests resulting in an HTTP status code 101. For WebApps and FunctionApps. |Instance | -|Http2xx |Yes |Http 2xx |Count |Total |The count of requests resulting in an HTTP status code >= 200 but < 300. For WebApps and FunctionApps. |Instance | -|Http3xx |Yes |Http 3xx |Count |Total |The count of requests resulting in an HTTP status code >= 300 but < 400. For WebApps and FunctionApps. |Instance | -|Http401 |Yes |Http 401 |Count |Total |The count of requests resulting in HTTP 401 status code. For WebApps and FunctionApps. |Instance | -|Http403 |Yes |Http 403 |Count |Total |The count of requests resulting in HTTP 403 status code. For WebApps and FunctionApps. |Instance | -|Http404 |Yes |Http 404 |Count |Total |The count of requests resulting in HTTP 404 status code. For WebApps and FunctionApps. |Instance | -|Http406 |Yes |Http 406 |Count |Total |The count of requests resulting in HTTP 406 status code. For WebApps and FunctionApps. |Instance | -|Http4xx |Yes |Http 4xx |Count |Total |The count of requests resulting in an HTTP status code >= 400 but < 500. For WebApps and FunctionApps. |Instance | -|Http5xx |Yes |Http Server Errors |Count |Total |The count of requests resulting in an HTTP status code >= 500 but < 600. For WebApps and FunctionApps. |Instance | -|HttpResponseTime |Yes |Response Time |Seconds |Average |The time taken for the app to serve requests, in seconds. For WebApps and FunctionApps. |Instance | -|IoOtherBytesPerSecond |Yes |IO Other Bytes Per Second |BytesPerSecond |Total |The rate at which the app process is issuing bytes to I/O operations that don't involve data, such as control operations. For WebApps and FunctionApps. |Instance | -|IoOtherOperationsPerSecond |Yes |IO Other Operations Per Second |BytesPerSecond |Total |The rate at which the app process is issuing I/O operations that aren't read or write operations. For WebApps and FunctionApps. |Instance | -|IoReadBytesPerSecond |Yes |IO Read Bytes Per Second |BytesPerSecond |Total |The rate at which the app process is reading bytes from I/O operations. For WebApps and FunctionApps. |Instance | -|IoReadOperationsPerSecond |Yes |IO Read Operations Per Second |BytesPerSecond |Total |The rate at which the app process is issuing read I/O operations. For WebApps and FunctionApps. |Instance | -|IoWriteBytesPerSecond |Yes |IO Write Bytes Per Second |BytesPerSecond |Total |The rate at which the app process is writing bytes to I/O operations. For WebApps and FunctionApps. |Instance | -|IoWriteOperationsPerSecond |Yes |IO Write Operations Per Second |BytesPerSecond |Total |The rate at which the app process is issuing write I/O operations. For WebApps and FunctionApps. |Instance | -|MemoryWorkingSet |Yes |Memory working set |Bytes |Average |The current amount of memory used by the app, in MiB. For WebApps and FunctionApps. |Instance | -|PrivateBytes |Yes |Private Bytes |Bytes |Average |Private Bytes is the current size, in bytes, of memory that the app process has allocated that can't be shared with other processes. For WebApps and FunctionApps. |Instance | -|Requests |Yes |Requests |Count |Total |The total number of requests regardless of their resulting HTTP status code. For WebApps and FunctionApps. |Instance | -|RequestsInApplicationQueue |Yes |Requests In Application Queue |Count |Average |The number of requests in the application request queue. For WebApps and FunctionApps. |Instance | -|Threads |Yes |Thread Count |Count |Average |The number of threads currently active in the app process. For WebApps and FunctionApps. |Instance | -|TotalAppDomains |Yes |Total App Domains |Count |Average |The current number of AppDomains loaded in this application. For WebApps and FunctionApps. |Instance | -|TotalAppDomainsUnloaded |Yes |Total App Domains Unloaded |Count |Average |The total number of AppDomains unloaded since the start of the application. For WebApps and FunctionApps. |Instance | -|WorkflowActionsCompleted |Yes |Workflow Action Completed Count |Count |Total |Workflow Action Completed Count. For LogicApps only. |workflowName, status | -|WorkflowJobExecutionDelay |Yes |Workflow Job Execution Delay |Seconds |Average |Workflow Job Execution Delay. For LogicApps only. |workflowName | -|WorkflowJobExecutionDuration |Yes |Workflow Job Execution Duration |Seconds |Average |Workflow Job Execution Duration. For LogicApps only. |workflowName | -|WorkflowRunsCompleted |Yes |Workflow Runs Completed Count |Count |Total |Workflow Runs Completed Count. For LogicApps only. |workflowName, status | -|WorkflowRunsDispatched |Yes |Workflow Runs dispatched Count |Count |Total |Workflow Runs Dispatched Count. For LogicApps only. |workflowName | -|WorkflowRunsStarted |Yes |Workflow Runs Started Count |Count |Total |Workflow Runs Started Count. For LogicApps only. |workflowName | -|WorkflowTriggersCompleted |Yes |Workflow Triggers Completed Count |Count |Total |Workflow Triggers Completed Count. For LogicApps only. |workflowName, status | --## Microsoft.Web/sites/slots -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|AppConnections |Yes |Connections |Count |Average |The number of bound sockets existing in the sandbox (w3wp.exe and its child processes). A bound socket is created by calling bind()/connect() APIs and remains until said socket is closed with CloseHandle()/closesocket(). |Instance | -|AverageMemoryWorkingSet |Yes |Average memory working set |Bytes |Average |The average amount of memory used by the app, in megabytes (MiB). |Instance | -|AverageResponseTime |Yes |Average Response Time (deprecated) |Seconds |Average |The average time taken for the app to serve requests, in seconds. |Instance | -|BytesReceived |Yes |Data In |Bytes |Total |The amount of incoming bandwidth consumed by the app, in MiB. |Instance | -|BytesSent |Yes |Data Out |Bytes |Total |The amount of outgoing bandwidth consumed by the app, in MiB. |Instance | -|CpuTime |Yes |CPU Time |Seconds |Total |The amount of CPU consumed by the app, in seconds. For more information about this metric. Please see https://aka.ms/website-monitor-cpu-time-vs-cpu-percentage (CPU time vs CPU percentage). |Instance | -|CurrentAssemblies |Yes |Current Assemblies |Count |Average |The current number of Assemblies loaded across all AppDomains in this application. |Instance | -|FileSystemUsage |Yes |File System Usage |Bytes |Average |Percentage of filesystem quota consumed by the app. |No Dimensions | -|FunctionExecutionCount |Yes |Function Execution Count |Count |Total |Function Execution Count |Instance | -|FunctionExecutionUnits |Yes |Function Execution Units |Count |Total |Function Execution Units |Instance | -|Gen0Collections |Yes |Gen 0 Garbage Collections |Count |Total |The number of times the generation 0 objects are garbage collected since the start of the app process. Higher generation GCs include all lower generation GCs. |Instance | -|Gen1Collections |Yes |Gen 1 Garbage Collections |Count |Total |The number of times the generation 1 objects are garbage collected since the start of the app process. Higher generation GCs include all lower generation GCs. |Instance | -|Gen2Collections |Yes |Gen 2 Garbage Collections |Count |Total |The number of times the generation 2 objects are garbage collected since the start of the app process. |Instance | -|Handles |Yes |Handle Count |Count |Average |The total number of handles currently open by the app process. |Instance | -|HealthCheckStatus |Yes |Health check status |Count |Average |Health check status |Instance | -|Http101 |Yes |Http 101 |Count |Total |The count of requests resulting in an HTTP status code 101. |Instance | -|Http2xx |Yes |Http 2xx |Count |Total |The count of requests resulting in an HTTP status code >= 200 but < 300. |Instance | -|Http3xx |Yes |Http 3xx |Count |Total |The count of requests resulting in an HTTP status code >= 300 but < 400. |Instance | -|Http401 |Yes |Http 401 |Count |Total |The count of requests resulting in HTTP 401 status code. |Instance | -|Http403 |Yes |Http 403 |Count |Total |The count of requests resulting in HTTP 403 status code. |Instance | -|Http404 |Yes |Http 404 |Count |Total |The count of requests resulting in HTTP 404 status code. |Instance | -|Http406 |Yes |Http 406 |Count |Total |The count of requests resulting in HTTP 406 status code. |Instance | -|Http4xx |Yes |Http 4xx |Count |Total |The count of requests resulting in an HTTP status code >= 400 but < 500. |Instance | -|Http5xx |Yes |Http Server Errors |Count |Total |The count of requests resulting in an HTTP status code >= 500 but < 600. |Instance | -|HttpResponseTime |Yes |Response Time |Seconds |Average |The time taken for the app to serve requests, in seconds. |Instance | -|IoOtherBytesPerSecond |Yes |IO Other Bytes Per Second |BytesPerSecond |Total |The rate at which the app process is issuing bytes to I/O operations that don't involve data, such as control operations. |Instance | -|IoOtherOperationsPerSecond |Yes |IO Other Operations Per Second |BytesPerSecond |Total |The rate at which the app process is issuing I/O operations that aren't read or write operations. |Instance | -|IoReadBytesPerSecond |Yes |IO Read Bytes Per Second |BytesPerSecond |Total |The rate at which the app process is reading bytes from I/O operations. |Instance | -|IoReadOperationsPerSecond |Yes |IO Read Operations Per Second |BytesPerSecond |Total |The rate at which the app process is issuing read I/O operations. |Instance | -|IoWriteBytesPerSecond |Yes |IO Write Bytes Per Second |BytesPerSecond |Total |The rate at which the app process is writing bytes to I/O operations. |Instance | -|IoWriteOperationsPerSecond |Yes |IO Write Operations Per Second |BytesPerSecond |Total |The rate at which the app process is issuing write I/O operations. |Instance | -|MemoryWorkingSet |Yes |Memory working set |Bytes |Average |The current amount of memory used by the app, in MiB. |Instance | -|PrivateBytes |Yes |Private Bytes |Bytes |Average |Private Bytes is the current size, in bytes, of memory that the app process has allocated that can't be shared with other processes. |Instance | -|Requests |Yes |Requests |Count |Total |The total number of requests regardless of their resulting HTTP status code. |Instance | -|RequestsInApplicationQueue |Yes |Requests In Application Queue |Count |Average |The number of requests in the application request queue. |Instance | -|Threads |Yes |Thread Count |Count |Average |The number of threads currently active in the app process. |Instance | -|TotalAppDomains |Yes |Total App Domains |Count |Average |The current number of AppDomains loaded in this application. |Instance | -|TotalAppDomainsUnloaded |Yes |Total App Domains Unloaded |Count |Average |The total number of AppDomains unloaded since the start of the application. |Instance | --## NGINX.NGINXPLUS/nginxDeployments -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|nginx |Yes |nginx |Count |Total |The NGINX metric. |No Dimensions | --## Wandisco.Fusion/migrators -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|BytesPerSecond |Yes |Bytes per Second. |BytesPerSecond |Average |Throughput speed of Bytes/second being utilised for a migrator. |No Dimensions | -|DirectoriesCreatedCount |Yes |Directories Created Count |Count |Total |This provides a running view of how many directories have been created as part of a migration. |No Dimensions | -|FileMigrationCount |Yes |Files Migration Count |Count |Total |This provides a running total of how many files have been migrated. |No Dimensions | -|InitialScanDataMigratedInBytes |Yes |Initial Scan Data Migrated in Bytes |Bytes |Total |This provides the view of the total bytes which have been transferred in a new migrator as a result of the initial scan of the On-Premises file system. Any data which is added to the migration after the initial scan migration, is NOT included in this metric. |No Dimensions | -|LiveDataMigratedInBytes |Yes |Live Data Migrated in Bytes |Bytes |Total |Provides a running total of LiveData which has been changed due to Client activity, since the migration started. |No Dimensions | -|MigratorCPULoad |Yes |Migrator CPU Load |Percent |Average |CPU consumption by the migrator process. |No Dimensions | -|NumberOfExcludedPaths |Yes |Number of Excluded Paths |Count |Total |Provides a running count of the paths which have been excluded from the migration due to Exclusion Rules. |No Dimensions | -|NumberOfFailedPaths |Yes |Number of Failed Paths |Count |Total |A count of which paths have failed to migrate. |No Dimensions | -|SystemCPULoad |Yes |System CPU Load |Percent |Average |Total CPU consumption. |No Dimensions | -|TotalMigratedDataInBytes |Yes |Total Migrated Data in Bytes |Bytes |Total |This provides a view of the successfully migrated Bytes for a given migrator |No Dimensions | -|TotalTransactions |Yes |Total Transactions |Count |Total |This provides a running total of the Data Transactions for which the user could be billed. |No Dimensions | --## Wandisco.Fusion/migrators/dataTransferAgents -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|BytesPerSecond |Yes |Bytes per Second. |BytesPerSecond |Average |Throughput speed of Bytes/second being utilised for a DTA. |No Dimensions | -|DtaCPULoad |Yes |DTA CPU Load |Percent |Average |CPU consumption by the DTA process. |No Dimensions | -|FileMigrationCount |Yes |Files Migration Count |Count |Total |This provides a running total of how many files have been migrated. |No Dimensions | -|MigratedDataInBytes |Yes |Migrated Data in Bytes |Bytes |Total |This provides a view of the successfully migrated Bytes for a given DTA |No Dimensions | -|NumberOfFailedPaths |Yes |Number of Failed Paths |Count |Total |A count of which paths have failed to migrate. |No Dimensions | -|SystemCPULoad |Yes |System CPU Load |Percent |Average |Total CPU consumption. |No Dimensions | --## Wandisco.Fusion/migrators/liveDataMigrations -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|BytesMigratedByMigration |Yes |Bytes Migrated by Migration |Bytes |Total |Provides a detailed view of a migration's Bytes Transferred |No Dimensions | -|DataTransactionsByMigration |Yes |Data Transactions by Migration |Count |Total |Provides a detailed view of a migration's Data Transactions |No Dimensions | -|DirectoriesCreatedCount |Yes |Directories Created Count |Count |Total |This provides a running view of how many directories have been created as part of a migration. |No Dimensions | -|FileMigrationCount |Yes |Files Migration Count |Count |Total |This provides a running total of how many files have been migrated. |No Dimensions | -|InitialScanDataMigratedInBytes |Yes |Initial Scan Data Migrated in Bytes |Bytes |Total |This provides the view of the total bytes which have been transferred in a new migrator as a result of the initial scan of the On-Premises file system. Any data which is added to the migration after the initial scan migration, is NOT included in this metric. |No Dimensions | -|LiveDataMigratedInBytes |Yes |Live Data Migrated in Bytes |Bytes |Total |Provides a running total of LiveData which has been changed due to Client activity, since the migration started. |No Dimensions | -|NumberOfExcludedPaths |Yes |Number of Excluded Paths |Count |Total |Provides a running count of the paths which have been excluded from the migration due to Exclusion Rules. |No Dimensions | -|NumberOfFailedPaths |Yes |Number of Failed Paths |Count |Total |A count of which paths have failed to migrate. |No Dimensions | -|TotalBytesTransferred |Yes |Total Bytes Transferred |Bytes |Total |This metric covers how many bytes have been transferred (does not reflect how many have successfully migrated, only how much has been transferred). |No Dimensions | --## Wandisco.Fusion/migrators/metadataMigrations -<!-- Data source : naam--> --|Metric|Exportable via Diagnostic Settings?|Metric Display Name|Unit|Aggregation Type|Description|Dimensions| -|||||||| -|LiveHiveAddedAfterScan |Yes |Hive Items Added After Scan |Count |Total |Provides a running total of how many items have been added after the initial scan. |No Dimensions | -|LiveHiveDiscoveredItems |Yes |Discovered Hive Items |Count |Total |Provides a running total of how many items have been discovered. |No Dimensions | -|LiveHiveInitiallyDiscoveredItems |Yes |Initially Discovered Hive Items |Count |Total |This provides the view of the total items discovered as a result of the initial scan of the On-Premises file system. Any items that are discovered after the initial scan, are NOT included in this metric. |No Dimensions | -|LiveHiveInitiallyMigratedItems |Yes |Initially Migrated Hive Items |Count |Total |This provides the view of the total items migrated as a result of the initial scan of the On-Premises file system. Any items that are added after the initial scan, are NOT included in this metric. |No Dimensions | -|LiveHiveMigratedItems |Yes |Migrated Hive Items |Count |Total |Provides a running total of how many items have been migrated. |No Dimensions | ---## Next steps --- [Read about metrics in Azure Monitor](../data-platform.md)-- [Create alerts on metrics](../alerts/alerts-overview.md)-- [Export metrics to storage, Event Hub, or Log Analytics](../essentials/platform-logs-overview.md)---<!--Gen Date: Tue Jul 18 2023 10:25:51 GMT+0300 (Israel Daylight Time)--> |
| azure-monitor | Resource Logs Categories | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/essentials/resource-logs-categories.md | - Title: Supported categories for Azure Monitor resource logs -description: Understand the supported services and event schemas for Azure Monitor resource logs. -- Previously updated : 07/18/2023------# Supported categories for Azure Monitor resource logs --> [!NOTE] -> This list is largely auto-generated. Any modification made to this list via GitHub might be written over without warning. Contact the author of this article for details on how to make permanent updates. --[Azure Monitor resource logs](../essentials/platform-logs-overview.md) are logs emitted by Azure services that describe the operation of those services or resources. All resource logs available through Azure Monitor share a common top-level schema. Each service has the flexibility to emit unique properties for its own events. --Resource logs were previously known as diagnostic logs. The name was changed in October 2019 as the types of logs gathered by Azure Monitor shifted to include more than just the Azure resource. --A combination of the resource type (available in the `resourceId` property) and the category uniquely identifies a schema. There's a common schema for all resource logs with service-specific fields then added for different log categories. For more information, see [Common and service-specific schema for Azure resource logs](./resource-logs-schema.md). --## Costs --[Azure Monitor Log Analytics](https://azure.microsoft.com/pricing/details/monitor/), [Azure Storage](https://azure.microsoft.com/product-categories/storage/), [Azure Event Hubs](https://azure.microsoft.com/pricing/details/event-hubs/), and partners who integrate directly with Azure Monitor (for example, [Datadog](../../partner-solutions/datadog/overview.md)) have costs associated with ingesting data and storing data. Check the pricing pages linked in the previous sentence to understand the costs for those services. Resource logs are just one type of data that you can send to those locations. --In addition, there might be costs to export some categories of resource logs to those locations. Logs with possible export costs are listed in the table in the next section. For more information on export pricing, see the **Platform Logs** section on the [Azure Monitor pricing page](https://azure.microsoft.com/pricing/details/monitor/). --## Supported log categories per resource type --Following is a list of the types of logs available for each resource type. --Some categories might be supported only for specific types of resources. See the resource-specific documentation if you feel you're missing a resource. For example, Microsoft.Sql/servers/databases categories aren't available for all types of databases. For more information, see [information on SQL Database diagnostic logging](/azure/azure-sql/database/metrics-diagnostic-telemetry-logging-streaming-export-configure). --If you think something is missing, you can open a GitHub comment at the bottom of this article. --## Microsoft.AAD/DomainServices -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|AccountLogon |AccountLogon |No | -|AccountManagement |AccountManagement |No | -|DetailTracking |DetailTracking |No | -|DirectoryServiceAccess |DirectoryServiceAccess |No | -|DNSServerAuditsDynamicUpdates |DNSServerAuditsDynamicUpdates - Preview |Yes | -|DNSServerAuditsGeneral |DNSServerAuditsGeneral - Preview |Yes | -|LogonLogoff |LogonLogoff |No | -|ObjectAccess |ObjectAccess |No | -|PolicyChange |PolicyChange |No | -|PrivilegeUse |PrivilegeUse |No | -|SystemSecurity |SystemSecurity |No | --## microsoft.aadiam/tenants -<!-- Data source : arm--> --|Category|Category Display Name|Costs To Export| -|||| -|Signin |Signin |Yes | --## Microsoft.AgFoodPlatform/farmBeats -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|ApplicationAuditLogs |Application Audit Logs |Yes | -|FarmManagementLogs |Farm Management Logs |Yes | -|FarmOperationLogs |Farm Operation Logs |Yes | -|InsightLogs |Insight Logs |Yes | -|JobProcessedLogs |Job Processed Logs |Yes | -|ModelInferenceLogs |Model Inference Logs |Yes | -|ProviderAuthLogs |Provider Auth Logs |Yes | -|SatelliteLogs |Satellite Logs |Yes | -|SensorManagementLogs |Sensor Management Logs |Yes | -|WeatherLogs |Weather Logs |Yes | --## Microsoft.AnalysisServices/servers -<!-- Data source : arm--> --|Category|Category Display Name|Costs To Export| -|||| -|Engine |Engine |No | -|Service |Service |No | --## Microsoft.ApiManagement/service -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|GatewayLogs |Logs related to ApiManagement Gateway |No | -|WebSocketConnectionLogs |Logs related to Websocket Connections |Yes | --## Microsoft.App/managedEnvironments -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|AppEnvSpringAppConsoleLogs |Spring App console logs |Yes | -|ContainerAppConsoleLogs |Container App console logs |Yes | -|ContainerAppSystemLogs |Container App system logs |Yes | --## Microsoft.AppConfiguration/configurationStores -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|Audit |Audit |Yes | -|HttpRequest |HTTP Requests |Yes | --## Microsoft.AppPlatform/Spring -<!-- Data source : arm--> --|Category|Category Display Name|Costs To Export| -|||| -|ApplicationConsole |Application Console |No | -|BuildLogs |Build Logs |Yes | -|ContainerEventLogs |Container Event Logs |Yes | -|IngressLogs |Ingress Logs |Yes | -|SystemLogs |System Logs |No | --## Microsoft.Attestation/attestationProviders -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|AuditEvent |AuditEvent message log category. |No | -|NotProcessed |Requests which could not be processed. |Yes | -|Operational |Operational message log category. |Yes | --## Microsoft.Automation/automationAccounts -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|AuditEvent |AuditEvent |Yes | -|DscNodeStatus |DscNodeStatus |No | -|JobLogs |JobLogs |No | -|JobStreams |JobStreams |No | --## Microsoft.AutonomousDevelopmentPlatform/accounts -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|Audit |Audit |Yes | -|Operational |Operational |Yes | -|Request |Request |Yes | --## Microsoft.AutonomousDevelopmentPlatform/workspaces -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|Audit |Audit |Yes | -|Operational |Operational |Yes | -|Request |Request |Yes | --## microsoft.avs/privateClouds -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|vmwaresyslog |VMware Syslog |Yes | --## Microsoft.AzureDataTransfer/connections/flows -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|OperationalLogs |Operational Logs |Yes | --## microsoft.azuresphere/catalogs -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|AuditLogs |Audit Logs |Yes | -|DeviceEvents |Device Events |Yes | --## Microsoft.Batch/batchaccounts -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|AuditLog |Audit Logs |Yes | -|ServiceLog |Service Logs |No | -|ServiceLogs |Service Logs |Yes | --## microsoft.botservice/botservices -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|BotRequest |Requests from the channels to the bot |Yes | --## Microsoft.Cache/redis -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|ConnectedClientList |Connected client list |Yes | --## Microsoft.Cache/redisEnterprise/databases -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|ConnectionEvents |Connection events (New Connection/Authentication/Disconnection) |Yes | --## Microsoft.Cdn/cdnwebapplicationfirewallpolicies -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|WebApplicationFirewallLogs |Web Appliation Firewall Logs |No | --## Microsoft.Cdn/profiles -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|AzureCdnAccessLog |Azure Cdn Access Log |No | -|FrontDoorAccessLog |FrontDoor Access Log |Yes | -|FrontDoorHealthProbeLog |FrontDoor Health Probe Log |Yes | -|FrontDoorWebApplicationFirewallLog |FrontDoor WebApplicationFirewall Log |Yes | --## Microsoft.Cdn/profiles/endpoints -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|CoreAnalytics |Gets the metrics of the endpoint, e.g., bandwidth, egress, etc. |No | --## Microsoft.Chaos/experiments -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|ExperimentOrchestration |Experiment Orchestration Events |Yes | --## Microsoft.ClassicNetwork/networksecuritygroups -<!-- Data source : arm--> --|Category|Category Display Name|Costs To Export| -|||| -|Network Security Group Rule Flow Event |Network Security Group Rule Flow Event |No | --## Microsoft.Cloudtest/hostedpools -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|ProvisioningScriptLogs |Provisioning Script Logs |Yes | --## Microsoft.CodeSigning/codesigningaccounts -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|SignTransactions |Sign Transactions |Yes | --## Microsoft.CognitiveServices/accounts -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|Audit |Audit Logs |No | -|RequestResponse |Request and Response Logs |No | -|Trace |Trace Logs |No | --## Microsoft.Communication/CommunicationServices -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|AuthOperational |Operational Authentication Logs |Yes | -|CallAutomationMediaSummary |Call Automation Events Summary Logs |Yes | -|CallAutomationOperational |Operational Call Automation Logs |Yes | -|CallDiagnostics |Call Diagnostics Logs |Yes | -|CallRecordingOperational |Operational Call Recording Logs |Yes | -|CallRecordingSummary |Call Recording Summary Logs |Yes | -|CallSummary |Call Summary Logs |Yes | -|CallSurvey |Call Survey Logs |Yes | -|ChatOperational |Operational Chat Logs |No | -|EmailSendMailOperational |Email Service Send Mail Logs |Yes | -|EmailStatusUpdateOperational |Email Service Delivery Status Update Logs |Yes | -|EmailUserEngagementOperational |Email Service User Engagement Logs |Yes | -|JobRouterOperational |Operational Job Router Logs |Yes | -|NetworkTraversalDiagnostics |Network Traversal Relay Diagnostic Logs |Yes | -|NetworkTraversalOperational |Operational Network Traversal Logs |Yes | -|RoomsOperational |Operational Rooms Logs |Yes | -|SMSOperational |Operational SMS Logs |No | -|Usage |Usage Records |No | --## Microsoft.Compute/virtualMachines -<!-- Data source : arm--> --|Category|Category Display Name|Costs To Export| -|||| -|SoftwareUpdateProfile |SoftwareUpdateProfile |Yes | -|SoftwareUpdates |SoftwareUpdates |Yes | --## Microsoft.ConfidentialLedger/ManagedCCF -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|applicationlogs |CCF Application Logs |Yes | --## Microsoft.ConfidentialLedger/ManagedCCFs -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|applicationlogs |CCF Application Logs |Yes | --## Microsoft.ConnectedCache/CacheNodes -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|Events |Events |Yes | --## Microsoft.ConnectedCache/ispCustomers -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|Events |Events |Yes | --## Microsoft.ConnectedVehicle/platformAccounts -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|Audit |MCVP Audit Logs |Yes | -|Logs |MCVP Logs |Yes | --## Microsoft.ContainerInstance/containerGroups -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|ContainerEvent |Container events |Yes | -|ContainerInstanceLog |Standard output logs |Yes | --## Microsoft.ContainerRegistry/registries -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|ContainerRegistryLoginEvents |Login Events |No | -|ContainerRegistryRepositoryEvents |RepositoryEvent logs |No | --## Microsoft.ContainerService/fleets -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|cloud-controller-manager |Kubernetes Cloud Controller Manager |Yes | -|guard |guard |Yes | -|kube-apiserver |Kubernetes API Server |Yes | -|kube-audit |Kubernetes Audit |Yes | -|kube-audit-admin |Kubernetes Audit Admin Logs |Yes | -|kube-controller-manager |Kubernetes Controller Manager |Yes | -|kube-scheduler |Kubernetes Scheduler |Yes | --## Microsoft.ContainerService/managedClusters -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|cloud-controller-manager |Kubernetes Cloud Controller Manager |Yes | -|cluster-autoscaler |Kubernetes Cluster Autoscaler |No | -|csi-azuredisk-controller |csi-azuredisk-controller |Yes | -|csi-azurefile-controller |csi-azurefile-controller |Yes | -|csi-snapshot-controller |csi-snapshot-controller |Yes | -|guard |guard |No | -|kube-apiserver |Kubernetes API Server |No | -|kube-audit |Kubernetes Audit |No | -|kube-audit-admin |Kubernetes Audit Admin Logs |No | -|kube-controller-manager |Kubernetes Controller Manager |No | -|kube-scheduler |Kubernetes Scheduler |No | --## Microsoft.CustomProviders/resourceproviders -<!-- Data source : arm--> --|Category|Category Display Name|Costs To Export| -|||| -|AuditLogs |Audit logs for MiniRP calls |No | --## Microsoft.D365CustomerInsights/instances -<!-- Data source : arm--> --|Category|Category Display Name|Costs To Export| -|||| -|Audit |Audit events |No | -|Operational |Operational events |No | --## Microsoft.Dashboard/grafana -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|GrafanaLoginEvents |Grafana Login Events |Yes | --## Microsoft.Databricks/workspaces -<!-- Data source : arm--> --|Category|Category Display Name|Costs To Export| -|||| -|accounts |Databricks Accounts |No | -|capsule8Dataplane |Databricks Capsule8 Container Security Scanning Reports |Yes | -|clamAVScan |Databricks Clam AV Scan |Yes | -|clusterLibraries |Databricks Cluster Libraries |Yes | -|clusters |Databricks Clusters |No | -|databrickssql |Databricks DatabricksSQL |Yes | -|dbfs |Databricks File System |No | -|deltaPipelines |Databricks Delta Pipelines |Yes | -|featureStore |Databricks Feature Store |Yes | -|genie |Databricks Genie |Yes | -|gitCredentials |Databricks Git Credentials |Yes | -|globalInitScripts |Databricks Global Init Scripts |Yes | -|iamRole |Databricks IAM Role |Yes | -|instancePools |Instance Pools |No | -|jobs |Databricks Jobs |No | -|mlflowAcledArtifact |Databricks MLFlow Acled Artifact |Yes | -|mlflowExperiment |Databricks MLFlow Experiment |Yes | -|modelRegistry |Databricks Model Registry |Yes | -|notebook |Databricks Notebook |No | -|partnerHub |Databricks Partner Hub |Yes | -|RemoteHistoryService |Databricks Remote History Service |Yes | -|repos |Databricks Repos |Yes | -|secrets |Databricks Secrets |No | -|serverlessRealTimeInference |Databricks Serverless Real-Time Inference |Yes | -|sqlanalytics |Databricks SQL Analytics |Yes | -|sqlPermissions |Databricks SQLPermissions |No | -|ssh |Databricks SSH |No | -|unityCatalog |Databricks Unity Catalog |Yes | -|webTerminal |Databricks Web Terminal |Yes | -|workspace |Databricks Workspace |No | --## Microsoft.DataCollaboration/workspaces -<!-- Data source : arm--> --|Category|Category Display Name|Costs To Export| -|||| -|CollaborationAudit |Collaboration Audit |Yes | -|Computations |Computations |Yes | -|DataAssets |Data Assets |No | -|Pipelines |Pipelines |No | -|Pipelines |Pipelines |No | -|Proposals |Proposals |No | -|Scripts |Scripts |No | --## Microsoft.DataFactory/factories -<!-- Data source : arm--> --|Category|Category Display Name|Costs To Export| -|||| -|ActivityRuns |Pipeline activity runs log |No | -|AirflowDagProcessingLogs |Airflow dag processing logs |Yes | -|AirflowSchedulerLogs |Airflow scheduler logs |Yes | -|AirflowTaskLogs |Airflow task execution logs |Yes | -|AirflowWebLogs |Airflow web logs |Yes | -|AirflowWorkerLogs |Airflow worker logs |Yes | -|PipelineRuns |Pipeline runs log |No | -|SandboxActivityRuns |Sandbox Activity runs log |Yes | -|SandboxPipelineRuns |Sandbox Pipeline runs log |Yes | -|SSISIntegrationRuntimeLogs |SSIS integration runtime logs |No | -|SSISPackageEventMessageContext |SSIS package event message context |No | -|SSISPackageEventMessages |SSIS package event messages |No | -|SSISPackageExecutableStatistics |SSIS package executable statistics |No | -|SSISPackageExecutionComponentPhases |SSIS package execution component phases |No | -|SSISPackageExecutionDataStatistics |SSIS package exeution data statistics |No | -|TriggerRuns |Trigger runs log |No | --## Microsoft.DataLakeAnalytics/accounts -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|Audit |Audit Logs |No | -|ConfigurationChange |Configuration Change Event Logs |Yes | -|JobEvent |Job Event Logs |Yes | -|JobInfo |Job Info Logs |Yes | -|Requests |Request Logs |No | --## Microsoft.DataLakeStore/accounts -<!-- Data source : arm--> --|Category|Category Display Name|Costs To Export| -|||| -|Audit |Audit Logs |No | -|Requests |Request Logs |No | --## Microsoft.DataProtection/BackupVaults -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|AddonAzureBackupJobs |Addon Azure Backup Job Data |Yes | -|AddonAzureBackupPolicy |Addon Azure Backup Policy Data |Yes | -|AddonAzureBackupProtectedInstance |Addon Azure Backup Protected Instance Data |Yes | -|CoreAzureBackup |Core Azure Backup Data |Yes | --## Microsoft.DataShare/accounts -<!-- Data source : arm--> --|Category|Category Display Name|Costs To Export| -|||| -|ReceivedShareSnapshots |Received Share Snapshots |No | -|SentShareSnapshots |Sent Share Snapshots |No | -|Shares |Shares |No | -|ShareSubscriptions |Share Subscriptions |No | --## Microsoft.DBforMariaDB/servers -<!-- Data source : arm--> --|Category|Category Display Name|Costs To Export| -|||| -|MySqlAuditLogs |MariaDB Audit Logs |No | -|MySqlSlowLogs |MariaDB Server Logs |No | --## Microsoft.DBforMySQL/flexibleServers -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|MySqlAuditLogs |MySQL Audit Logs |No | -|MySqlSlowLogs |MySQL Slow Logs |No | --## Microsoft.DBforMySQL/servers -<!-- Data source : arm--> --|Category|Category Display Name|Costs To Export| -|||| -|MySqlAuditLogs |MySQL Audit Logs |No | -|MySqlSlowLogs |MySQL Server Logs |No | --## Microsoft.DBforPostgreSQL/flexibleServers -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|PostgreSQLFlexDatabaseXacts |PostgreSQL remaining transactions |Yes | -|PostgreSQLFlexQueryStoreRuntime |PostgreSQL Query Store Runtime |Yes | -|PostgreSQLFlexQueryStoreWaitStats |PostgreSQL Query Store Wait Statistics |Yes | -|PostgreSQLFlexSessions |PostgreSQL Sessions data |Yes | -|PostgreSQLFlexTableStats |PostgreSQL Autovacuum and schema statistics |Yes | -|PostgreSQLLogs |PostgreSQL Server Logs |No | --## Microsoft.DBForPostgreSQL/serverGroupsv2 -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|PostgreSQLLogs |PostgreSQL Server Logs |Yes | --## Microsoft.DBforPostgreSQL/servers -<!-- Data source : arm--> --|Category|Category Display Name|Costs To Export| -|||| -|PostgreSQLLogs |PostgreSQL Server Logs |No | -|QueryStoreRuntimeStatistics |PostgreSQL Query Store Runtime Statistics |No | -|QueryStoreWaitStatistics |PostgreSQL Query Store Wait Statistics |No | --## Microsoft.DBforPostgreSQL/serversv2 -<!-- Data source : arm--> --|Category|Category Display Name|Costs To Export| -|||| -|PostgreSQLLogs |PostgreSQL Server Logs |No | --## Microsoft.DesktopVirtualization/applicationgroups -<!-- Data source : arm--> --|Category|Category Display Name|Costs To Export| -|||| -|Checkpoint |Checkpoint |No | -|Error |Error |No | -|Management |Management |No | --## Microsoft.DesktopVirtualization/hostpools -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|AgentHealthStatus |AgentHealthStatus |No | -|AutoscaleEvaluationPooled |Autoscale logs for pooled host pools - private preview [Microsoft internal only] |Yes | -|Checkpoint |Checkpoint |No | -|Connection |Connection |No | -|ConnectionGraphicsData |Connection Graphics Data Logs Preview |Yes | -|Error |Error |No | -|HostRegistration |HostRegistration |No | -|Management |Management |No | -|NetworkData |Network Data Logs |Yes | -|SessionHostManagement |Session Host Management Activity Logs |Yes | --## Microsoft.DesktopVirtualization/scalingplans -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|Autoscale |Autoscale logs |Yes | --## Microsoft.DesktopVirtualization/workspaces -<!-- Data source : arm--> --|Category|Category Display Name|Costs To Export| -|||| -|Checkpoint |Checkpoint |No | -|Error |Error |No | -|Feed |Feed |No | -|Management |Management |No | --## Microsoft.DevCenter/devcenters -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|DataplaneAuditEvent |Dataplane audit logs |Yes | -|ResourceOperation |Resource Operations |Yes | --## Microsoft.Devices/IotHubs -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|C2DCommands |C2D Commands |No | -|C2DTwinOperations |C2D Twin Operations |No | -|Configurations |Configurations |No | -|Connections |Connections |No | -|D2CTwinOperations |D2CTwinOperations |No | -|DeviceIdentityOperations |Device Identity Operations |No | -|DeviceStreams |Device Streams (Preview) |No | -|DeviceTelemetry |Device Telemetry |No | -|DirectMethods |Direct Methods |No | -|DistributedTracing |Distributed Tracing (Preview) |No | -|FileUploadOperations |File Upload Operations |No | -|JobsOperations |Jobs Operations |No | -|Routes |Routes |No | -|TwinQueries |Twin Queries |No | --## Microsoft.Devices/provisioningServices -<!-- Data source : arm--> --|Category|Category Display Name|Costs To Export| -|||| -|DeviceOperations |Device Operations |No | -|ServiceOperations |Service Operations |No | --## Microsoft.DigitalTwins/digitalTwinsInstances -<!-- Data source : arm--> --|Category|Category Display Name|Costs To Export| -|||| -|DataHistoryOperation |DataHistoryOperation |Yes | -|DigitalTwinsOperation |DigitalTwinsOperation |No | -|EventRoutesOperation |EventRoutesOperation |No | -|ModelsOperation |ModelsOperation |No | -|QueryOperation |QueryOperation |No | -|ResourceProviderOperation |ResourceProviderOperation |Yes | --## Microsoft.DocumentDB/cassandraClusters -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|CassandraAudit |CassandraAudit |Yes | -|CassandraLogs |CassandraLogs |Yes | --## Microsoft.DocumentDB/DatabaseAccounts -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|CassandraRequests |CassandraRequests |No | -|ControlPlaneRequests |ControlPlaneRequests |No | -|DataPlaneRequests |DataPlaneRequests |No | -|GremlinRequests |GremlinRequests |No | -|MongoRequests |MongoRequests |No | -|PartitionKeyRUConsumption |PartitionKeyRUConsumption |No | -|PartitionKeyStatistics |PartitionKeyStatistics |No | -|QueryRuntimeStatistics |QueryRuntimeStatistics |No | -|TableApiRequests |TableApiRequests |Yes | --## Microsoft.EventGrid/domains -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|DataPlaneRequests |Data plane operations logs |Yes | -|DeliveryFailures |Delivery Failure Logs |No | -|PublishFailures |Publish Failure Logs |No | --## Microsoft.EventGrid/partnerNamespaces -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|DataPlaneRequests |Data plane operations logs |Yes | -|PublishFailures |Publish Failure Logs |No | --## Microsoft.EventGrid/partnerTopics -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|DeliveryFailures |Delivery Failure Logs |No | --## Microsoft.EventGrid/systemTopics -<!-- Data source : arm--> --|Category|Category Display Name|Costs To Export| -|||| -|DeliveryFailures |Delivery Failure Logs |No | --## Microsoft.EventGrid/topics -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|DataPlaneRequests |Data plane operations logs |Yes | -|DeliveryFailures |Delivery Failure Logs |No | -|PublishFailures |Publish Failure Logs |No | --## Microsoft.EventHub/Namespaces -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|ApplicationMetricsLogs |Application Metrics Logs |Yes | -|ArchiveLogs |Archive Logs |No | -|AutoScaleLogs |Auto Scale Logs |No | -|CustomerManagedKeyUserLogs |Customer Managed Key Logs |No | -|EventHubVNetConnectionEvent |VNet/IP Filtering Connection Logs |No | -|KafkaCoordinatorLogs |Kafka Coordinator Logs |No | -|KafkaUserErrorLogs |Kafka User Error Logs |No | -|OperationalLogs |Operational Logs |No | -|RuntimeAuditLogs |Runtime Audit Logs |Yes | --## Microsoft.HealthcareApis/services -<!-- Data source : arm--> --|Category|Category Display Name|Costs To Export| -|||| -|AuditLogs |Audit logs |No | -|DiagnosticLogs |Diagnostic logs |Yes | --## Microsoft.HealthcareApis/workspaces/dicomservices -<!-- Data source : arm--> --|Category|Category Display Name|Costs To Export| -|||| -|AuditLogs |Audit logs |Yes | -|DiagnosticLogs |Diagnostic logs |Yes | --## Microsoft.HealthcareApis/workspaces/fhirservices -<!-- Data source : arm--> --|Category|Category Display Name|Costs To Export| -|||| -|AuditLogs |FHIR Audit logs |Yes | --## Microsoft.HealthcareApis/workspaces/iotconnectors -<!-- Data source : arm--> --|Category|Category Display Name|Costs To Export| -|||| -|DiagnosticLogs |Diagnostic logs |Yes | --## microsoft.insights/autoscalesettings -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|AutoscaleEvaluations |Autoscale Evaluations |No | -|AutoscaleScaleActions |Autoscale Scale Actions |No | --## microsoft.insights/components -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|AppAvailabilityResults |Availability results |No | -|AppBrowserTimings |Browser timings |No | -|AppDependencies |Dependencies |No | -|AppEvents |Events |No | -|AppExceptions |Exceptions |No | -|AppMetrics |Metrics |No | -|AppPageViews |Page views |No | -|AppPerformanceCounters |Performance counters |No | -|AppRequests |Requests |No | -|AppSystemEvents |System events |No | -|AppTraces |Traces |No | --## Microsoft.Insights/datacollectionrules -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|LogErrors |Log Errors |Yes | -|LogTroubleshooting |Log Troubleshooting |Yes | --## microsoft.keyvault/managedhsms -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|AuditEvent |Audit Event |No | --## Microsoft.KeyVault/vaults -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|AuditEvent |Audit Logs |No | -|AzurePolicyEvaluationDetails |Azure Policy Evaluation Details |Yes | --## Microsoft.Kusto/clusters -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|Command |Command |No | -|FailedIngestion |Failed ingestion |No | -|IngestionBatching |Ingestion batching |No | -|Journal |Journal |Yes | -|Query |Query |No | -|SucceededIngestion |Succeeded ingestion |No | -|TableDetails |Table details |No | -|TableUsageStatistics |Table usage statistics |No | --## microsoft.loadtestservice/loadtests -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|OperationLogs |Azure Load Testing Operations |Yes | --## Microsoft.Logic/IntegrationAccounts -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|IntegrationAccountTrackingEvents |Integration Account track events |No | --## Microsoft.Logic/Workflows -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|WorkflowRuntime |Workflow runtime diagnostic events |No | --## Microsoft.MachineLearningServices/registries -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|RegistryAssetReadEvent |Registry Asset Read Event |Yes | -|RegistryAssetWriteEvent |Registry Asset Write Event |Yes | --## Microsoft.MachineLearningServices/workspaces -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|AmlComputeClusterEvent |AmlComputeClusterEvent |No | -|AmlComputeClusterNodeEvent |AmlComputeClusterNodeEvent |Yes | -|AmlComputeCpuGpuUtilization |AmlComputeCpuGpuUtilization |No | -|AmlComputeJobEvent |AmlComputeJobEvent |No | -|AmlRunStatusChangedEvent |AmlRunStatusChangedEvent |No | -|ComputeInstanceEvent |ComputeInstanceEvent |Yes | -|DataLabelChangeEvent |DataLabelChangeEvent |Yes | -|DataLabelReadEvent |DataLabelReadEvent |Yes | -|DataSetChangeEvent |DataSetChangeEvent |Yes | -|DataSetReadEvent |DataSetReadEvent |Yes | -|DataStoreChangeEvent |DataStoreChangeEvent |Yes | -|DataStoreReadEvent |DataStoreReadEvent |Yes | -|DeploymentEventACI |DeploymentEventACI |Yes | -|DeploymentEventAKS |DeploymentEventAKS |Yes | -|DeploymentReadEvent |DeploymentReadEvent |Yes | -|EnvironmentChangeEvent |EnvironmentChangeEvent |Yes | -|EnvironmentReadEvent |EnvironmentReadEvent |Yes | -|InferencingOperationACI |InferencingOperationACI |Yes | -|InferencingOperationAKS |InferencingOperationAKS |Yes | -|ModelsActionEvent |ModelsActionEvent |Yes | -|ModelsChangeEvent |ModelsChangeEvent |Yes | -|ModelsReadEvent |ModelsReadEvent |Yes | -|PipelineChangeEvent |PipelineChangeEvent |Yes | -|PipelineReadEvent |PipelineReadEvent |Yes | -|RunEvent |RunEvent |Yes | -|RunReadEvent |RunReadEvent |Yes | --## Microsoft.MachineLearningServices/workspaces/onlineEndpoints -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|AmlOnlineEndpointConsoleLog |AmlOnlineEndpointConsoleLog |Yes | -|AmlOnlineEndpointEventLog |AmlOnlineEndpointEventLog |Yes | -|AmlOnlineEndpointTrafficLog |AmlOnlineEndpointTrafficLog |Yes | --## Microsoft.ManagedNetworkFabric/networkDevices -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|BfdStateUpdates |Bi-Directional Forwarding Detection Updates |Yes | -|ComponentStateUpdates |Component State Updates |Yes | -|InterfaceStateUpdates |Interface State Updates |Yes | -|InterfaceVxlanUpdates |Interface Vxlan Updates |Yes | -|NetworkInstanceBgpNeighborUpdates |BGP Neighbor Updates |Yes | -|NetworkInstanceUpdates |Network Instance Updates |Yes | -|SystemStateMessageUpdates |System State Message Updates |Yes | --## Microsoft.Media/mediaservices -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|KeyDeliveryRequests |Key Delivery Requests |No | -|MediaAccount |Media Account Health Status |Yes | --## Microsoft.Media/mediaservices/liveEvents -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|LiveEventState |Live Event Operations |Yes | --## Microsoft.Media/mediaservices/streamingEndpoints -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|StreamingEndpointRequests |Streaming Endpoint Requests |Yes | --## Microsoft.Media/videoanalyzers -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|Audit |Audit Logs |Yes | -|Diagnostics |Diagnostics Logs |Yes | -|Operational |Operational Logs |Yes | --## Microsoft.NetApp/netAppAccounts/capacityPools -<!-- Data source : arm--> --|Category|Category Display Name|Costs To Export| -|||| -|Autoscale |Capacity Pool Autoscaled |Yes | --## Microsoft.NetApp/netAppAccounts/capacityPools/volumes -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|ANFFileAccess |ANF File Access |Yes | --## Microsoft.Network/applicationgateways -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|ApplicationGatewayAccessLog |Application Gateway Access Log |No | -|ApplicationGatewayFirewallLog |Application Gateway Firewall Log |No | -|ApplicationGatewayPerformanceLog |Application Gateway Performance Log |No | --## Microsoft.Network/azureFirewalls -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|AZFWApplicationRule |Azure Firewall Application Rule |Yes | -|AZFWApplicationRuleAggregation |Azure Firewall Network Rule Aggregation (Policy Analytics) |Yes | -|AZFWDnsQuery |Azure Firewall DNS query |Yes | -|AZFWFatFlow |Azure Firewall Fat Flow Log |Yes | -|AZFWFlowTrace |Azure Firewall Flow Trace Log |Yes | -|AZFWFqdnResolveFailure |Azure Firewall FQDN Resolution Failure |Yes | -|AZFWIdpsSignature |Azure Firewall IDPS Signature |Yes | -|AZFWNatRule |Azure Firewall Nat Rule |Yes | -|AZFWNatRuleAggregation |Azure Firewall Nat Rule Aggregation (Policy Analytics) |Yes | -|AZFWNetworkRule |Azure Firewall Network Rule |Yes | -|AZFWNetworkRuleAggregation |Azure Firewall Application Rule Aggregation (Policy Analytics) |Yes | -|AZFWThreatIntel |Azure Firewall Threat Intelligence |Yes | -|AzureFirewallApplicationRule |Azure Firewall Application Rule (Legacy Azure Diagnostics) |No | -|AzureFirewallDnsProxy |Azure Firewall DNS Proxy (Legacy Azure Diagnostics) |No | -|AzureFirewallNetworkRule |Azure Firewall Network Rule (Legacy Azure Diagnostics) |No | --## microsoft.network/bastionHosts -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|BastionAuditLogs |Bastion Audit Logs |No | --## Microsoft.Network/expressRouteCircuits -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|PeeringRouteLog |Peering Route Table Logs |No | --## Microsoft.Network/frontdoors -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|FrontdoorAccessLog |Frontdoor Access Log |No | -|FrontdoorWebApplicationFirewallLog |Frontdoor Web Application Firewall Log |No | --## Microsoft.Network/loadBalancers -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|LoadBalancerAlertEvent |Load Balancer Alert Events |No | -|LoadBalancerProbeHealthStatus |Load Balancer Probe Health Status |No | --## Microsoft.Network/networkManagers -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|NetworkGroupMembershipChange |Network Group Membership Change |Yes | --## Microsoft.Network/networksecuritygroups -<!-- Data source : arm--> --|Category|Category Display Name|Costs To Export| -|||| -|NetworkSecurityGroupEvent |Network Security Group Event |No | -|NetworkSecurityGroupFlowEvent |Network Security Group Rule Flow Event |No | -|NetworkSecurityGroupRuleCounter |Network Security Group Rule Counter |No | --## Microsoft.Network/networkSecurityPerimeters -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|NspCrossPerimeterInboundAllowed |Cross perimeter inbound access allowed by perimeter link. |Yes | -|NspCrossPerimeterOutboundAllowed |Cross perimeter outbound access allowed by perimeter link. |Yes | -|NspIntraPerimeterInboundAllowed |Inbound access allowed within same perimeter. |Yes | -|NspIntraPerimeterOutboundAllowed |Outbound attempted to same perimeter. NOTE: To be deprecated in future. |Yes | -|NspOutboundAttempt |Outbound attempted to same or different perimeter. |Yes | -|NspPrivateInboundAllowed |Private endpoint traffic allowed. |Yes | -|NspPublicInboundPerimeterRulesAllowed |Public inbound access allowed by NSP access rules. |Yes | -|NspPublicInboundPerimeterRulesDenied |Public inbound access denied by NSP access rules. |Yes | -|NspPublicInboundResourceRulesAllowed |Public inbound access allowed by PaaS resource rules. |Yes | -|NspPublicInboundResourceRulesDenied |Public inbound access denied by PaaS resource rules. |Yes | -|NspPublicOutboundPerimeterRulesAllowed |Public outbound access allowed by NSP access rules. |Yes | -|NspPublicOutboundPerimeterRulesDenied |Public outbound access denied by NSP access rules. |Yes | -|NspPublicOutboundResourceRulesAllowed |Public outbound access allowed by PaaS resource rules. |Yes | -|NspPublicOutboundResourceRulesDenied |Public outbound access denied by PaaS resource rules |Yes | --## Microsoft.Network/networkSecurityPerimeters/profiles -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|NSPInboundAccessAllowed |NSP Inbound Access Allowed. |Yes | -|NSPInboundAccessDenied |NSP Inbound Access Denied. |Yes | -|NSPOutboundAccessAllowed |NSP Outbound Access Allowed. |Yes | -|NSPOutboundAccessDenied |NSP Outbound Access Denied. |Yes | --## microsoft.network/p2svpngateways -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|GatewayDiagnosticLog |Gateway Diagnostic Logs |No | -|IKEDiagnosticLog |IKE Diagnostic Logs |No | -|P2SDiagnosticLog |P2S Diagnostic Logs |No | --## Microsoft.Network/publicIPAddresses -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|DDoSMitigationFlowLogs |Flow logs of DDoS mitigation decisions |No | -|DDoSMitigationReports |Reports of DDoS mitigations |No | -|DDoSProtectionNotifications |DDoS protection notifications |No | --## Microsoft.Network/trafficManagerProfiles -<!-- Data source : arm--> --|Category|Category Display Name|Costs To Export| -|||| -|ProbeHealthStatusEvents |Traffic Manager Probe Health Results Event |No | --## microsoft.network/virtualnetworkgateways -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|GatewayDiagnosticLog |Gateway Diagnostic Logs |No | -|IKEDiagnosticLog |IKE Diagnostic Logs |No | -|P2SDiagnosticLog |P2S Diagnostic Logs |No | -|RouteDiagnosticLog |Route Diagnostic Logs |No | -|TunnelDiagnosticLog |Tunnel Diagnostic Logs |No | --## Microsoft.Network/virtualNetworks -<!-- Data source : arm--> --|Category|Category Display Name|Costs To Export| -|||| -|VMProtectionAlerts |VM protection alerts |No | --## microsoft.network/vpngateways -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|GatewayDiagnosticLog |Gateway Diagnostic Logs |No | -|IKEDiagnosticLog |IKE Diagnostic Logs |No | -|RouteDiagnosticLog |Route Diagnostic Logs |No | -|TunnelDiagnosticLog |Tunnel Diagnostic Logs |No | --## Microsoft.NetworkCloud/bareMetalMachines -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|DefenderSecurity |Security - Defender |Yes | -|SecurityCritical |Security - Critical |Yes | -|SecurityDebug |Security - Debug |Yes | -|SecurityError |Security - Error |Yes | -|SecurityInfo |Security - Info |Yes | -|SecurityNotice |Security - Notice |Yes | -|SecurityWarning |Security - Warning |Yes | -|SyslogCritical |System - Critical |Yes | -|SyslogDebug |System - Debug |Yes | -|SyslogError |System - Error |Yes | -|SyslogInfo |System - Info |Yes | -|SyslogNotice |System - Notice |Yes | -|SyslogWarning |System - Warning |Yes | --## Microsoft.NetworkCloud/clusters -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|CustomerContainerLogs |Kubernetes Logs |Yes | -|VMOrchestrationLogs |VM Orchestration Logs |Yes | --## Microsoft.NetworkCloud/storageAppliances -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|StorageApplianceAlert |Storage Appliance alerts |Yes | -|StorageApplianceAudit |Storage Appliance logs |Yes | --## Microsoft.NetworkFunction/azureTrafficCollectors -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|ExpressRouteCircuitIpfix |Express Route Circuit IPFIX Flow Records |Yes | --## Microsoft.NotificationHubs/namespaces -<!-- Data source : arm--> --|Category|Category Display Name|Costs To Export| -|||| -|OperationalLogs |Operational Logs |No | --## MICROSOFT.OPENENERGYPLATFORM/ENERGYSERVICES -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|AirFlowTaskLogs |Air Flow Task Logs |Yes | -|AuditEvent |Audit Event |Yes | -|CRSCatalogLogs |CRS Catalog Service Logs |Yes | -|CRSConversionLogs |CRS Conversion Service Logs |Yes | -|DatasetLogs |Dataset Service Logs |Yes | -|ElasticOperatorLogs |Elastic Operator Logs |Yes | -|ElasticsearchLogs |Elasticsearch Logs |Yes | -|EntitlementsLogs |Entitlements Service Logs |Yes | -|FileLogs |File Service Logs |Yes | -|IndexerLogs |Indexer Service Logs |Yes | -|LegalLogs |Legal Service Logs |Yes | -|NotificationLogs |Notification Service Logs |Yes | -|PartitionLogs |Partition Service Logs |Yes | -|PDSBackendLogs |PDSBackend Service Logs |Yes | -|PDSFrontendLogs |PDSFrontend Service Logs |Yes | -|RegisterLogs |Register Service Logs |Yes | -|SchemaLogs |Schema Service Logs |Yes | -|SearchLogs |Search Service Logs |Yes | -|StorageLogs |Storage Service Logs |Yes | -|UnitLogs |Unit Service Logs |Yes | -|WellDeliveryLogs |WellDelivery Service Logs |Yes | -|WorkflowLogs |Workflow Service Logs |Yes | --## Microsoft.OpenLogisticsPlatform/Workspaces -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|SupplyChainEntityOperations |Supply Chain Entity Operations |Yes | -|SupplyChainEventLogs |Supply Chain Event logs |Yes | --## Microsoft.OperationalInsights/workspaces -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|Audit |Audit |No | --## Microsoft.PlayFab/titles -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|AuditLogs |AuditLogs |Yes | --## Microsoft.PowerBI/tenants -<!-- Data source : arm--> --|Category|Category Display Name|Costs To Export| -|||| -|Engine |Engine |No | --## Microsoft.PowerBI/tenants/workspaces -<!-- Data source : arm--> --|Category|Category Display Name|Costs To Export| -|||| -|Engine |Engine |No | --## Microsoft.PowerBIDedicated/capacities -<!-- Data source : arm--> --|Category|Category Display Name|Costs To Export| -|||| -|Engine |Engine |No | --## microsoft.purview/accounts -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|DataSensitivityLogEvent |DataSensitivity |Yes | -|ScanStatusLogEvent |ScanStatus |No | -|Security |PurviewAccountAuditEvents |Yes | --## Microsoft.RecoveryServices/Vaults -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|AddonAzureBackupAlerts |Addon Azure Backup Alert Data |No | -|AddonAzureBackupJobs |Addon Azure Backup Job Data |No | -|AddonAzureBackupPolicy |Addon Azure Backup Policy Data |No | -|AddonAzureBackupProtectedInstance |Addon Azure Backup Protected Instance Data |No | -|AddonAzureBackupStorage |Addon Azure Backup Storage Data |No | -|ASRReplicatedItems |Azure Site Recovery Replicated Items Details |Yes | -|AzureBackupReport |Azure Backup Reporting Data |No | -|AzureSiteRecoveryEvents |Azure Site Recovery Events |No | -|AzureSiteRecoveryJobs |Azure Site Recovery Jobs |No | -|AzureSiteRecoveryProtectedDiskDataChurn |Azure Site Recovery Protected Disk Data Churn |No | -|AzureSiteRecoveryRecoveryPoints |Azure Site Recovery Recovery Points |No | -|AzureSiteRecoveryReplicatedItems |Azure Site Recovery Replicated Items |No | -|AzureSiteRecoveryReplicationDataUploadRate |Azure Site Recovery Replication Data Upload Rate |No | -|AzureSiteRecoveryReplicationStats |Azure Site Recovery Replication Stats |No | -|CoreAzureBackup |Core Azure Backup Data |No | --## Microsoft.Relay/namespaces -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|HybridConnectionsEvent |HybridConnections Events |No | -|HybridConnectionsLogs |HybridConnectionsLogs |Yes | -|VNetAndIPFilteringLogs |VNet/IP Filtering Connection Logs |Yes | --## Microsoft.Search/searchServices -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|OperationLogs |Operation Logs |No | --## Microsoft.Security/antiMalwareSettings -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|ScanResults |AntimalwareScanResults |Yes | --## Microsoft.Security/defenderForStorageSettings -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|ScanResults |AntimalwareScanResults |Yes | --## microsoft.securityinsights/settings -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|Analytics |Analytics |Yes | -|Automation |Automation |Yes | -|DataConnectors |Data Collection - Connectors |Yes | --## Microsoft.ServiceBus/Namespaces -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|ApplicationMetricsLogs |Application Metrics Logs(Unused) |Yes | -|OperationalLogs |Operational Logs |No | -|RuntimeAuditLogs |Runtime Audit Logs |Yes | -|VNetAndIPFilteringLogs |VNet/IP Filtering Connection Logs |No | --## Microsoft.ServiceNetworking/trafficControllers -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|TrafficControllerAccessLog |Application Gateway for Containers Access Log |Yes | --## Microsoft.SignalRService/SignalR -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|AllLogs |Azure SignalR Service Logs. |No | --## Microsoft.SignalRService/SignalR/replicas -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|AllLogs |Azure SignalR Service Logs. |Yes | --## Microsoft.SignalRService/WebPubSub -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|ConnectivityLogs |Connectivity logs for Azure Web PubSub Service. |Yes | -|HttpRequestLogs |Http Request logs for Azure Web PubSub Service. |Yes | -|MessagingLogs |Messaging logs for Azure Web PubSub Service. |Yes | --## Microsoft.SignalRService/WebPubSub/replicas -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|ConnectivityLogs |Connectivity logs for Azure Web PubSub Service. |Yes | -|HttpRequestLogs |Http Request logs for Azure Web PubSub Service. |Yes | -|MessagingLogs |Messaging logs for Azure Web PubSub Service. |Yes | --## microsoft.singularity/accounts -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|Activity |Activity Logs |Yes | -|Execution |Execution Logs |Yes | --## Microsoft.Sql/managedInstances -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|DevOpsOperationsAudit |Devops operations Audit Logs |No | -|ResourceUsageStats |Resource Usage Statistics |No | -|SQLSecurityAuditEvents |SQL Security Audit Event |No | --## Microsoft.Sql/managedInstances/databases -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|Errors |Errors |No | -|QueryStoreRuntimeStatistics |Query Store Runtime Statistics |No | -|QueryStoreWaitStatistics |Query Store Wait Statistics |No | -|SQLInsights |SQL Insights |No | --## Microsoft.Sql/servers/databases -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|AutomaticTuning |Automatic tuning |No | -|Blocks |Blocks |No | -|DatabaseWaitStatistics |Database Wait Statistics |No | -|Deadlocks |Deadlocks |No | -|DevOpsOperationsAudit |Devops operations Audit Logs |No | -|DmsWorkers |Dms Workers |No | -|Errors |Errors |No | -|ExecRequests |Exec Requests |No | -|QueryStoreRuntimeStatistics |Query Store Runtime Statistics |No | -|QueryStoreWaitStatistics |Query Store Wait Statistics |No | -|RequestSteps |Request Steps |No | -|SQLInsights |SQL Insights |No | -|SqlRequests |Sql Requests |No | -|SQLSecurityAuditEvents |SQL Security Audit Event |No | -|Timeouts |Timeouts |No | -|Waits |Waits |No | --## Microsoft.Storage/storageAccounts/blobServices -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|StorageDelete |StorageDelete |Yes | -|StorageRead |StorageRead |Yes | -|StorageWrite |StorageWrite |Yes | --## Microsoft.Storage/storageAccounts/fileServices -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|StorageDelete |StorageDelete |Yes | -|StorageRead |StorageRead |Yes | -|StorageWrite |StorageWrite |Yes | --## Microsoft.Storage/storageAccounts/queueServices -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|StorageDelete |StorageDelete |Yes | -|StorageRead |StorageRead |Yes | -|StorageWrite |StorageWrite |Yes | --## Microsoft.Storage/storageAccounts/tableServices -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|StorageDelete |StorageDelete |Yes | -|StorageRead |StorageRead |Yes | -|StorageWrite |StorageWrite |Yes | --## Microsoft.StorageCache/amlFilesystems -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|AmlfsAuditEvent |Azure Managed Lustre audit event |Yes | --## Microsoft.StorageCache/caches -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|AscCacheOperationEvent |HPC Cache operation event |Yes | -|AscUpgradeEvent |HPC Cache upgrade event |Yes | -|AscWarningEvent |HPC Cache warning |Yes | --## Microsoft.StorageMover/storageMovers -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|CopyLogsFailed |Copy logs - Failed |Yes | -|JobRunLogs |Job run logs |Yes | --## Microsoft.StreamAnalytics/streamingjobs -<!-- Data source : arm--> --|Category|Category Display Name|Costs To Export| -|||| -|Authoring |Authoring |No | -|Execution |Execution |No | --## Microsoft.Synapse/workspaces -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|BuiltinSqlReqsEnded |Built-in Sql Pool Requests Ended |No | -|GatewayApiRequests |Synapse Gateway Api Requests |No | -|IntegrationActivityRuns |Integration Activity Runs |Yes | -|IntegrationPipelineRuns |Integration Pipeline Runs |Yes | -|IntegrationTriggerRuns |Integration Trigger Runs |Yes | -|SQLSecurityAuditEvents |SQL Security Audit Event |No | -|SynapseLinkEvent |Synapse Link Event |Yes | -|SynapseRbacOperations |Synapse RBAC Operations |No | --## Microsoft.Synapse/workspaces/bigDataPools -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|BigDataPoolAppEvents |Big Data Pool Applications Execution Metrics |Yes | -|BigDataPoolAppsEnded |Big Data Pool Applications Ended |No | -|BigDataPoolBlockManagerEvents |Big Data Pool Block Manager Events |Yes | -|BigDataPoolDriverLogs |Big Data Pool Driver Logs |Yes | -|BigDataPoolEnvironmentEvents |Big Data Pool Environment Events |Yes | -|BigDataPoolExecutorEvents |Big Data Pool Executor Events |Yes | -|BigDataPoolExecutorLogs |Big Data Pool Executor Logs |Yes | -|BigDataPoolJobEvents |Big Data Pool Job Events |Yes | -|BigDataPoolSqlExecutionEvents |Big Data Pool Sql Execution Events |Yes | -|BigDataPoolStageEvents |Big Data Pool Stage Events |Yes | -|BigDataPoolTaskEvents |Big Data Pool Task Events |Yes | --## Microsoft.Synapse/workspaces/kustoPools -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|Command |Command |Yes | -|FailedIngestion |Failed ingestion |Yes | -|IngestionBatching |Ingestion batching |Yes | -|Journal |Journal |Yes | -|Query |Query |Yes | -|SucceededIngestion |Succeeded ingestion |Yes | -|TableDetails |Table details |Yes | -|TableUsageStatistics |Table usage statistics |Yes | --## Microsoft.Synapse/workspaces/scopePools -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|ScopePoolScopeJobsEnded |Scope Pool Scope Jobs Ended |Yes | -|ScopePoolScopeJobsStateChange |Scope Pool Scope Jobs State Change |Yes | --## Microsoft.Synapse/workspaces/sqlPools -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|DmsWorkers |Dms Workers |No | -|ExecRequests |Exec Requests |No | -|RequestSteps |Request Steps |No | -|SqlRequests |Sql Requests |No | -|SQLSecurityAuditEvents |Sql Security Audit Event |No | -|Waits |Waits |No | --## Microsoft.TimeSeriesInsights/environments -<!-- Data source : arm--> --|Category|Category Display Name|Costs To Export| -|||| -|Ingress |Ingress |No | -|Management |Management |No | --## Microsoft.TimeSeriesInsights/environments/eventsources -<!-- Data source : arm--> --|Category|Category Display Name|Costs To Export| -|||| -|Ingress |Ingress |No | -|Management |Management |No | --## microsoft.videoindexer/accounts -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|Audit |Audit |Yes | -|IndexingLogs |Indexing Logs |Yes | --## Microsoft.Web/hostingEnvironments -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|AppServiceEnvironmentPlatformLogs |App Service Environment Platform Logs |No | --## Microsoft.Web/sites -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|AppServiceAntivirusScanAuditLogs |Report Antivirus Audit Logs |No | -|AppServiceAppLogs |App Service Application Logs |No | -|AppServiceAuditLogs |Access Audit Logs |No | -|AppServiceConsoleLogs |App Service Console Logs |No | -|AppServiceFileAuditLogs |Site Content Change Audit Logs |No | -|AppServiceHTTPLogs |HTTP logs |No | -|AppServiceIPSecAuditLogs |IPSecurity Audit logs |No | -|AppServicePlatformLogs |App Service Platform logs |No | -|FunctionAppLogs |Function Application Logs |No | -|WorkflowRuntime |Workflow Runtime Logs |Yes | --## Microsoft.Web/sites/slots -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|AppServiceAntivirusScanAuditLogs |Report Antivirus Audit Logs |No | -|AppServiceAppLogs |App Service Application Logs |No | -|AppServiceAuditLogs |Access Audit Logs |No | -|AppServiceConsoleLogs |App Service Console Logs |No | -|AppServiceFileAuditLogs |Site Content Change Audit Logs |No | -|AppServiceHTTPLogs |HTTP logs |No | -|AppServiceIPSecAuditLogs |IPSecurity Audit logs |No | -|AppServicePlatformLogs |App Service Platform logs |No | -|FunctionAppLogs |Function Application Logs |No | --## microsoft.workloads/sapvirtualinstances -<!-- Data source : naam--> --|Category|Category Display Name|Costs To Export| -|||| -|ChangeDetection |Change Detection |Yes | ---## Next Steps --* [Learn more about resource logs](../essentials/platform-logs-overview.md) -* [Stream resource resource logs to **Event Hubs**](./resource-logs.md#send-to-azure-event-hubs) -* [Change resource log diagnostic settings using the Azure Monitor REST API](/rest/api/monitor/diagnosticsettings) -* [Analyze logs from Azure storage with Log Analytics](./resource-logs.md#send-to-log-analytics-workspace) ---<!--Gen Date: Tue Jul 18 2023 10:25:51 GMT+0300 (Israel Daylight Time)--> |
| azure-monitor | Aiops Machine Learning | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/logs/aiops-machine-learning.md | Azure Monitor also provides tools that let you create your own machine learning This article describes Azure Monitor's built-in AIOps capabilities and explains how you can create and run customized machine learning models and build an automated machine learning pipeline on data in Azure Monitor Logs. -## Built-in Azure Monitor AIOps capabilities +## Built-in Azure Monitor AIOps and machine learning capabilities -|Monitoring scenario|AIOps capability|Description| +|Monitoring scenario|Capability|Description| |-|-|-| |Log monitoring|[Log Analytics Workspace Insights](../logs/log-analytics-workspace-insights-overview.md) | A curated monitoring experience that provides a unified view of your Log Analytics workspaces and uses machine learning to detect ingestion anomalies. | ||[Kusto Query Language (KQL) time series analysis and machine learning functions](../logs/kql-machine-learning-azure-monitor.md)| Easy-to-use tools for generating time series data, detecting anomalies, forecasting, and performing root cause analysis directly in Azure Monitor Logs without requiring in-depth knowledge of data science and programming languages. Ingesting scored results to a Log Analytics workspace lets you use the data to g Learn more about: - [Azure Monitor Logs](../logs/data-platform-logs.md).-- [Azure Monitor Insights and curated visualizations](../insights/insights-overview.md).+- [Azure Monitor Insights and curated visualizations](../insights/insights-overview.md). |
| azure-monitor | Basic Logs Configure | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/logs/basic-logs-configure.md | Update-AzOperationalInsightsTable -ResourceGroupName RG-NAME -WorkspaceName WOR These tables currently support Basic logs: +All custom tables created with or migrated to the [data collection rule (DCR)-based logs ingestion API.](logs-ingestion-api-overview.md). + | Service | Table | |:|:| | Active Directory | [AADDomainServicesDNSAuditsGeneral](/azure/azure-monitor/reference/tables/AADDomainServicesDNSAuditsGeneral)<br> [AADDomainServicesDNSAuditsDynamicUpdates](/azure/azure-monitor/reference/tables/AADDomainServicesDNSAuditsDynamicUpdates) | | API Management | [ApiManagementGatewayLogs](/azure/azure-monitor/reference/tables/ApiManagementGatewayLogs)<br>[ApiManagementWebSocketConnectionLogs](/azure/azure-monitor/reference/tables/ApiManagementWebSocketConnectionLogs) | | Application Insights | [AppTraces](/azure/azure-monitor/reference/tables/apptraces) |+| Bare Metal Machines | [NCBMSystemLogs](/azure/azure-monitor/reference/tables/NCBMSystemLogs)<br>[NCBMSecurityLogs](/azure/azure-monitor/reference/tables/NCBMSecurityLogs) | | Chaos Experiments | [ChaosStudioExperimentEventLogs](/azure/azure-monitor/reference/tables/ChaosStudioExperimentEventLogs) | | Cloud HSM | [CHSMManagementAuditLogs](/azure/azure-monitor/reference/tables/CHSMManagementAuditLogs) | | Container Apps | [ContainerAppConsoleLogs](/azure/azure-monitor/reference/tables/containerappconsoleLogs) | These tables currently support Basic logs: | Container Apps Environments | [AppEnvSpringAppConsoleLogs](/azure/azure-monitor/reference/tables/AppEnvSpringAppConsoleLogs) | | Communication Services | [ACSCallAutomationIncomingOperations](/azure/azure-monitor/reference/tables/ACSCallAutomationIncomingOperations)<br>[ACSCallAutomationMediaSummary](/azure/azure-monitor/reference/tables/ACSCallAutomationMediaSummary)<br>[ACSCallRecordingIncomingOperations](/azure/azure-monitor/reference/tables/ACSCallRecordingIncomingOperations)<br>[ACSCallRecordingSummary](/azure/azure-monitor/reference/tables/ACSCallRecordingSummary)<br>[ACSCallSummary](/azure/azure-monitor/reference/tables/ACSCallSummary)<br>[ACSRoomsIncomingOperations](/azure/azure-monitor/reference/tables/acsroomsincomingoperations) | | Confidential Ledgers | [CCFApplicationLogs](/azure/azure-monitor/reference/tables/CCFApplicationLogs) |-| Custom log tables | All custom tables created with or migrated to the [data collection rule (DCR)-based logs ingestion API.](logs-ingestion-api-overview.md) | | Data Manager for Energy | [OEPDataplaneLogs](/azure/azure-monitor/reference/tables/OEPDataplaneLogs) | | Dedicated SQL Pool | [SynapseSqlPoolSqlRequests](/azure/azure-monitor/reference/tables/synapsesqlpoolsqlrequests)<br>[SynapseSqlPoolRequestSteps](/azure/azure-monitor/reference/tables/synapsesqlpoolrequeststeps)<br>[SynapseSqlPoolExecRequests](/azure/azure-monitor/reference/tables/synapsesqlpoolexecrequests)<br>[SynapseSqlPoolDmsWorkers](/azure/azure-monitor/reference/tables/synapsesqlpooldmsworkers)<br>[SynapseSqlPoolWaits](/azure/azure-monitor/reference/tables/synapsesqlpoolwaits) | | Dev Center | [DevCenterDiagnosticLogs](/azure/azure-monitor/reference/tables/DevCenterDiagnosticLogs) | These tables currently support Basic logs: | Firewalls | [AZFWFlowTrace](/azure/azure-monitor/reference/tables/AZFWFlowTrace) | | Health Care APIs | [AHDSMedTechDiagnosticLogs](/azure/azure-monitor/reference/tables/AHDSMedTechDiagnosticLogs)<br>[AHDSDicomDiagnosticLogs](/azure/azure-monitor/reference/tables/AHDSDicomDiagnosticLogs)<br>[AHDSDicomAuditLogs](/azure/azure-monitor/reference/tables/AHDSDicomAuditLogs) | | Key Vault | [AZKVAuditLogs](/azure/azure-monitor/reference/tables/AZKVAuditLogs)<br>[AZKVPolicyEvaluationDetailsLogs](/azure/azure-monitor/reference/tables/AZKVPolicyEvaluationDetailsLogs) |-| Kubernetes services | [AKSAudit](/azure/azure-monitor/reference/tables/AKSAudit)<br>[AKSAuditAdmin](/azure/azure-monitor/reference/tables/AKSAuditAdmin)<br>[AKSControlPlane](/azure/azure-monitor/reference/tables/AKSControlPlane) | +| Kubernetes services | [AKSAudit](/azure/azure-monitor/reference/tables/AKSAudit)<br>[AKSAuditAdmin](/azure/azure-monitor/reference/tables/AKSAuditAdmin)<br>[AKSControlPlane](/azure/azure-monitor/reference/tables/AKSControlPlane) | +| Managed Lustre | [AFSAuditLogs](/azure/azure-monitor/reference/tables/AFSAuditLogs) | | Media Services | [AMSLiveEventOperations](/azure/azure-monitor/reference/tables/AMSLiveEventOperations)<br>[AMSKeyDeliveryRequests](/azure/azure-monitor/reference/tables/AMSKeyDeliveryRequests)<br>[AMSMediaAccountHealth](/azure/azure-monitor/reference/tables/AMSMediaAccountHealth)<br>[AMSStreamingEndpointRequests](/azure/azure-monitor/reference/tables/AMSStreamingEndpointRequests) |+| Nexus Clusters | [NCCKubernetesLogs](/azure/azure-monitor/reference/tables/NCCKubernetesLogs)<br>[NCCVMOrchestrationLogs](/azure/azure-monitor/reference/tables/NCCVMOrchestrationLogs) | +| Nexus Storage Appliances | [NCSStorageLogs](/azure/azure-monitor/reference/tables/NCSStorageLogs)<br>[NCSStorageAlerts](/azure/azure-monitor/reference/tables/NCSStorageAlerts) | | Redis Cache Enterprise | [REDConnectionEvents](/azure/azure-monitor/reference/tables/REDConnectionEvents) | | Relays | [AZMSHybridConnectionsEvents](/azure/azure-monitor/reference/tables/AZMSHybridConnectionsEvents) | | Service Bus | [AZMSApplicationMetricLogs](/azure/azure-monitor/reference/tables/AZMSApplicationMetricLogs)<br>[AZMSOperationalLogs](/azure/azure-monitor/reference/tables/AZMSOperationalLogs)<br>[AZMSRunTimeAuditLogs](/azure/azure-monitor/reference/tables/AZMSRunTimeAuditLogs)<br>[AZMSVNetConnectionEvents](/azure/azure-monitor/reference/tables/AZMSVNetConnectionEvents) | |
| azure-monitor | Set Up Logs Ingestion Api Prerequisites | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/logs/set-up-logs-ingestion-api-prerequisites.md | $VerbosePreference = "SilentlyContinue" # "Continue" - [Learn more about data collection rules](../essentials/data-collection-rule-overview.md) - [Learn more about writing transformation queries](../essentials//data-collection-transformations.md)- |
| azure-netapp-files | Azure Netapp Files Metrics | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-netapp-files/azure-netapp-files-metrics.md | -You can find metrics for a capacity pool or volume by selecting the **capacity pool** or **volume**. Then select **Metric** to view the available metrics: +## Ways to access metrics -[  ](../media/azure-netapp-files/metrics-navigate-volume.png#lightbox) +Azure NetApp Files metrics are natively integrated into Azure monitor. From within the Azure portal, you can find metrics for Azure NetApp Files capacity pools and volumes from two locations: +- From Azure monitor, select **Metrics**, select a capacity pool or volume. Then select **Metric** to view the available metrics: + + :::image type="content" source="../media/azure-netapp-files/metrics-select-pool-volume.png" alt-text="Screenshot that shows how to access Azure NetApp Files metrics for capacity pools or volumes." lightbox="../media/azure-netapp-files/metrics-select-pool-volume.png"::: + +- From the Azure NetApp Files capacity pool or volume, select **Metrics**. Then select **Metric** to view the available metrics: + + :::image type="content" source="../media/azure-netapp-files/metrics-navigate-volume.png" alt-text="Snapshot that shows how to navigate to the Metric pull-down." lightbox="../media/azure-netapp-files/metrics-navigate-volume.png"::: + ## <a name="capacity_pools"></a>Usage metrics for capacity pools - *Pool Allocated Size* |
| azure-netapp-files | Data Protection Disaster Recovery Options | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-netapp-files/data-protection-disaster-recovery-options.md | + + Title: Understand data protection and disaster recovery options in Azure NetApp Files +description: Learn about data protection and disaster recovery options available in Azure NetApp Files, including snapshots, backups, cross-zone replication, and cross-region replication. ++documentationcenter: '' +++editor: '' ++ms.assetid: +++ na + Last updated : 07/11/2023+++# Understand data protection and disaster recovery options in Azure NetApp Files ++Learn about the different data protection and disaster recovery features in Azure NetApp Files to understand what solutions best serve your needs. ++## Snapshots ++The foundation of data protection solutions including volume restores and clones and cross-region replication, Azure NetApp Files snapshot technology delivers stability, scalability, and swift recoverability without impacting performance. ++### Benefits ++- Efficient and frequent primary data protection for fast recovery from data corruption or loss +- Revert a complete volume to a point-in-time snapshot in seconds +- Restore a snapshot to new volume (clone) in seconds to test or develop with current data +- Application-consistent snapshots with [AzAcSnap integration](azacsnap-introduction.md) and third party backup tools ++To learn more, see [How Azure NetApp Files Snapshots work](snapshots-introduction.md) and [Ways to restore data from snapshots](snapshots-introduction.md#ways-to-restore-data-from-snapshots). To create a Snapshot policy, see [Manage Snapshot policies in Azure NetApp Files](snapshots-manage-policy.md). ++## Backups ++Azure NetApp Files supports a fully managed backup solution for long-term recovery, archive, and compliance. Backups can be restored to new volumes in the same region as the backup. Backups created by Azure NetApp Files are stored in Azure storage, independent of volume snapshots that are available for near-term recovery or cloning. ++### Benefits ++- Increased productivity, reliably integrated service that is easy to manage and can be set once +- Application-consistent backups with [AzAcSnap integration](azacsnap-introduction.md) +- Retain daily, weekly, monthly backups for extended periods of time on cost-efficient cloud storage without media management ++To learn more, see [How snapshots can be vaulted for long-term retention and cost savings](snapshots-introduction.md#how-snapshots-can-be-vaulted-for-long-term-retention-and-cost-savings). To get started with backups, see [Configure policy-based backups for Azure NetApp Files](backup-configure-policy-based.md). ++## Cross-region replication ++Using snapshot technology, you can replicate your Azure NetApp Files across designated Azure regions to protect your data from unforeseeable regional failures. Cross-region replication minimizes data transfer costs, replicating only changed blocks across regions while also enabling a lower restore point objective. ++### Benefits ++- Provides disaster recovery across regions +- Data availability and redundancy for remote data processing and user access +- Efficient storage-based data replication without load on compute infrastructure ++To learn more, see [How volumes and snapshots are replicated cross-region for DR](snapshots-introduction.md#how-volumes-and-snapshots-are-replicated-cross-region-for-dr). To get started with cross-region replication, see [Create cross-region replication for Azure NetApp Files](cross-region-replication-create-peering.md). ++## Cross-zone replication ++Cross-zone replication leverages [availability zones](use-availability-zones.md) and the same replication engine as cross-region replication. This technology creating a fast and cost-effective solution for you to asynchronously replicate volumes from availability zone to another without the need for host-based data replication. ++### Benefits ++- Data availability and redundancy across zones within regions +- Bring data into same zone as compute for lowest latency-envelope +- Efficient storage-based data replication without load on compute infrastructure +- Lower TCO due to absence of data transfer fees ++To learn more, see [Understand cross-zone replication](cross-zone-replication-introduction.md). To get started with cross-zone replication, see [Create cross-zone replication relationships for Azure NetApp Files](create-cross-zone-replication.md). ++## Choose a data protection solution ++Choosing the best data protection option for your Azure NetApp Files deployment depends on your configuration and needs. The following table can help you choose the best option for your use case. ++| Use case | In-region solution | Cross-region solution | +| | | | +| Ad hoc backup | On-demand snapshots | - | +| Application consistent data protection | AzAcSnap | - | +| Data corruption and ransomware protection | Scheduled snapshots | Cross-region replication | +| Disaster recovery | - | Cross-region replication | +Fast data recovery (whole volume) | Revert volume from snapshot | Revert volume from snapshot | +| Feed current production data to test or development environment | Restore snapshot to new volume (clone) | Restore snapshot to new volume (clone) | +| High availability and resiliency | Cross-zone replication | - | +| Long-term data protection (greater than one week) | Azure NetApp Files backup | Azure NetApp Files backup | +| Move volume to different zone | Cross-zone replication | - | +| Primary data protection (up to one week) | Scheduled snapshots | - | +| Remote data access | - | Cross-region replication | +| Selective (single-file) restore | Single-file snapshot restore | Single-file snapshot restore | +| Selective (single-file) restore from backup | Restore backup to new volume | - | ++## Next steps ++* [How Azure NetApp Files snapshots work](snapshots-introduction.md) +* [Understand Azure NetApp Files backup](backup-introduction.md) +* [Understand cross-region replication](cross-region-replication-introduction.md) +* [Understand cross-zone replication](cross-zone-replication-introduction.md) +* [What is Azure Application Consistent Snapshot tool](azacsnap-introduction.md) +* [Restore individual files using single-file snapshot restore](snapshots-restore-file-single.md) +* [Restore a snapshot to a new volume](snapshots-restore-new-volume.md) +* [Restore a volume using snapshot revert](snapshots-revert-volume.md) |
| azure-netapp-files | Manage Availability Zone Volume Placement | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-netapp-files/manage-availability-zone-volume-placement.md | ms.assetid: na+ Last updated 01/13/2023 |
| azure-relay | Service Bus Relay Rest Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-relay/service-bus-relay-rest-tutorial.md | As with the previous steps, there's little difference between implementing a RES This content configures a service that uses the previously defined default `webHttpRelayBinding`. It also uses the default `sbTokenProvider`, which is defined in the next step. -1. After the `<services>` element, create a `<behaviors>` element with the following content, replacing `SAS_KEY` with the Shared Access Signature (SAS) key. To obtain an SAS key from the [Azure portal][Azure portal], see [Get management credentials](service-bus-relay-tutorial.md#get-management-credentials). +1. After the `<services>` element, create a `<behaviors>` element with the following content, replacing `SAS_KEY` with the Shared Access Signature (SAS) key. To obtain an SAS key from the [Azure portal], see [Get management credentials](service-bus-relay-tutorial.md#get-management-credentials). ```xml <behaviors> |
| azure-resource-manager | Publish Managed Identity | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-resource-manager/managed-applications/publish-managed-identity.md | Title: Managed app with managed identity description: Configure an Azure Managed Application with managed identity for linking to existing resources, managing Azure resources, and providing operational identity for Activity Log. Previously updated : 05/01/2023 Last updated : 07/19/2023 -Learn how to configure a managed application to contain a managed identity. A managed identity can be used to allow the customer to grant the managed application access to existing resources. The identity is managed by the Azure platform and doesn't require you to provision or rotate any secrets. For more about managed identities in Azure Active Directory (Azure AD), see [Managed identities for Azure resources](../../active-directory/managed-identities-azure-resources/overview.md). +Learn how to configure a managed application to contain a managed identity. A managed identity can be used to allow the customer to grant the managed application access to existing resources. The Azure platform manages the identity and doesn't require you to provision or rotate any secrets. For more about managed identities in Azure Active Directory (Azure AD), see [Managed identities for Azure resources](../../active-directory/managed-identities-azure-resources/overview.md). Your application can be granted two types of identities: Creating a managed application with a managed identity requires another property ```json {-"identity": { - "type": "SystemAssigned, UserAssigned", - "userAssignedIdentities": { - "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testRG/providers/Microsoft.ManagedIdentity/userassignedidentites/myuserassignedidentity": {} + "identity": { + "type": "SystemAssigned, UserAssigned", + "userAssignedIdentities": { + "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testRG/providers/Microsoft.ManagedIdentity/userassignedidentites/myuserassignedidentity": {} + } } } ``` -There are two common ways to create a managed application with **identity**: [createUiDefinition.json](./create-uidefinition-overview.md) and [Azure Resource Manager templates](../templates/syntax.md). For simple single create scenarios, _createUiDefinition_ should be used to enable managed identity, because it provides a richer experience. However, when dealing with advanced or complex systems that require automated or multiple managed application deployments, templates can be used. +There are two common ways to create a managed application with `identity`: [createUiDefinition.json](./create-uidefinition-overview.md) and [Azure Resource Manager templates](../templates/syntax.md). For simple single create scenarios, _createUiDefinition_ should be used to enable managed identity, because it provides a richer experience. However, when dealing with advanced or complex systems that require automated or multiple managed application deployments, templates can be used. ### Using createUiDefinition Managed identity can also be used to deploy a managed application that requires ### Authoring the createUiDefinition with a linked resource -When linking the deployment of the managed application to existing resources, both the existing Azure resource and a user-assigned managed identity with the applicable role assignment on that resource must be provided. +When you link the deployment of the managed application to existing resources, both the existing Azure resource and a user-assigned managed identity with the applicable role assignment on that resource must be provided. A sample _createUiDefinition.json_ that requires two inputs: a network interface resource ID and a user assigned managed identity resource ID. |
| azure-resource-manager | Azure Services Resource Providers | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-resource-manager/management/azure-services-resource-providers.md | The resources providers that are marked with **- registered** are registered by | Microsoft.ClassicSubscription - [registered](#registration) | Classic deployment model | | Microsoft.CognitiveServices | [Cognitive Services](../../ai-services/index.yml) | | Microsoft.Commerce - [registered](#registration) | core |+| Microsoft.Communication | [Azure Communication Services](../../communication-services/overview.md) | | Microsoft.Compute | [Virtual Machines](../../virtual-machines/index.yml)<br />[Virtual Machine Scale Sets](../../virtual-machine-scale-sets/index.yml) | | Microsoft.Consumption - [registered](#registration) | [Cost Management](/azure/cost-management/) | | Microsoft.ContainerInstance | [Container Instances](../../container-instances/index.yml) | |
| azure-resource-manager | Manage Resources Portal | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-resource-manager/management/manage-resources-portal.md | Title: Manage resources - Azure portal description: Use the Azure portal and Azure Resource Manager to manage your resources. Shows how to deploy and delete resources. Previously updated : 02/11/2019 Last updated : 06/17/2023 # Manage Azure resources by using the Azure portal |
| azure-video-indexer | Emotions Detection | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-video-indexer/emotions-detection.md | -Emotions detection is an Azure AI Video Indexer AI feature that automatically detects emotions in video's transcript lines. Each sentence can either be detected as "Anger", "Fear", "Joy", "Sad", or none of the above if no other emotion was detected. +Emotions detection is an Azure AI Video Indexer AI feature that automatically detects emotions in video's transcript lines. Each sentence can either be detected as: -The model works on text only (labeling emotions in video transcripts.) This model doesn't infer the emotional state of people, may not perform where input is ambiguous or unclear, like sarcastic remarks. Thus, the model shouldn't be used for things like assessing employee performance or the emotional state of a person. +- *Anger*, +- *Fear*, +- *Joy*, +- *Sad* -## Prerequisites +Or, none of the above if no other emotion was detected. -Review [Transparency Note overview](/legal/azure-video-indexer/transparency-note?context=/azure/azure-video-indexer/context/context) +The model works on text only (labeling emotions in video transcripts.) This model doesn't infer the emotional state of people, may not perform where input is ambiguous or unclear, like sarcastic remarks. Thus, the model shouldn't be used for things like assessing employee performance or the emotional state of a person. ## General principles There are many things you need to consider when deciding how to use and implement an AI-powered feature: - Will this feature perform well in my scenario? Before deploying emotions detection into your scenario, test how it performs using real-life data and make sure it can deliver the accuracy you need. -- Are we equipped to identify and respond to errors? AI-powered products and features won't be 100% accurate, so consider how you'll identify and respond to any errors that may occur. +- Are we equipped to identify and respond to errors? AI-powered products and features aren't 100% accurate, consider how you identify and respond to any errors that may occur. ++## Transparency Notes ++### General ++Review [Transparency Note overview](/legal/azure-video-indexer/transparency-note?context=/azure/azure-video-indexer/context/context) ++### Emotion detection specific ++Introduction: This model is designed to help detect emotions in the transcript of a video. However, it isn't suitable for making assessments about an individual's emotional state, their ability, or their overall performance. ++Use cases: This emotion detection model is intended to help determine the sentiment behind sentences in the videoΓÇÖs transcript. However, it only works on the text itself, and may not perform well for sarcastic input or in cases where input may be ambiguous or unclear. It should not be used for assessing employee performance or the emotional state of any other person. ++Information requirements: To increase the accuracy of this model, it is recommended that input data be in a clear and unambiguous format. Users should also note that this model does not have context about input data, which can impact its accuracy. ++Limitations: This model can produce both false positives and false negatives. To reduce the likelihood of either, users are advised to follow best practices for input data and preprocessing, and to interpret outputs in the context of other relevant information. Interpretation: The outputs of this model should not be used to make assessments about an individual's emotional state or other human characteristics. This model is supported in English and may not function properly with non-English inputs. Not English inputs are being translated to English before entering the model, therefore may produce less accurate results. ++## Additional notes for emotion detection instructions ++1. Specify examples of intended use cases and specify use cases for which emotion detection isn't designed or tested, including evaluating employee performance, making assessments about a person, their emotional state, or their ability, or monitoring individuals or employees. +2. Requirements for input data and best practices to increase reliability, and a statement about situations in which the model does not perform well such as for sarcasm. +3. Best practices to reduce false positive and false negative results. +4. Information about how to interpret outputs, emphasizing that output isn't to be used for assessments of people. +5. Disclosure that the system does not have any context about input data. +6. Information about supported and unsupported languages, and how the feature functions with non-English inputs. ## View the insight |
| azure-video-indexer | Insights Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-video-indexer/insights-overview.md | When a video is indexed, Azure AI Video Indexer analyzes the video and audio con Read details about the following insights here: - [Audio effects detection](audio-effects-detection-overview.md)+- [Emotion detection](emotions-detection.md) - [Faces detection](face-detection.md) - [OCR](ocr.md) - [Keywords extraction](keywords.md) |
| azure-vmware | Integrate Azure Native Services | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-vmware/integrate-azure-native-services.md | The following conditions are necessary to enable guest management on a VM. 4. Replace username with the appropriate user-name. If your VM template already has these changes incorporated, you won't need to do the steps for the VM created from that template. ### Install extensions-1. Go to **Azure** portal. +1. Sign in to the [Azure portal](https://portal.azure.com). 1. Find the Arc-enabled Azure VMware Solution VM that you want to install an extension on and select the VM name. 1. Navigate to **Extensions** in the left navigation, select **Add**. 1. Select the extension you want to install. |
| backup | Backup Azure Arm Userestapi Backupazurevms | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-arm-userestapi-backupazurevms.md | description: In this article, learn how to configure, initiate, and manage backu Last updated 08/03/2018 ms.assetid: b80b3a41-87bf-49ca-8ef2-68e43c04c1a3--++ # Back up an Azure VM using Azure Backup via REST API |
| backup | Backup Azure Arm Userestapi Createorupdatepolicy | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-arm-userestapi-createorupdatepolicy.md | |
| backup | Backup Azure Arm Userestapi Createorupdatevault | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-arm-userestapi-createorupdatevault.md | description: In this article, learn how to manage backup and restore operations Last updated 08/21/2018 ms.assetid: e54750b4-4518-4262-8f23-ca2f0c7c0439--++ # Create Azure Recovery Services vault using REST API |
| backup | Backup Azure Arm Userestapi Managejobs | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-arm-userestapi-managejobs.md | description: In this article, learn how to track and manage backup and restore j Last updated 08/03/2018 ms.assetid: b234533e-ac51-4482-9452-d97444f98b38--++ # Track backup and restore jobs using REST API |
| backup | Backup Azure Arm Userestapi Restoreazurevms | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-arm-userestapi-restoreazurevms.md | description: In this article, learn how to manage restore operations of Azure Vi Last updated 08/26/2021 ms.assetid: b8487516-7ac5-4435-9680-674d9ecf5642--++ # Restore Azure Virtual machines using REST API |
| backup | Backup Azure Arm Vms Prepare | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-arm-vms-prepare.md | description: Describes how to back up Azure VMs in a Recovery Services vault usi Last updated 09/29/2022 --++ + # Back up Azure VMs in a Recovery Services vault This article describes how to back up Azure VMs in a Recovery Services vault, using the [Azure Backup](backup-overview.md) service. |
| backup | Backup Azure Auto Enable Backup | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-auto-enable-backup.md | description: 'An article describing how to use Azure Policy to auto-enable backu Last updated 10/17/2022 --++ # Auto-Enable Backup on VM Creation using Azure Policy |
| backup | Backup Azure Backup Cloud As Tape | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-backup-cloud-as-tape.md | Title: How to replace your tape infrastructure description: Learn how Azure Backup provides tape-like semantics that enable you to back up and restore data in Azure Last updated 04/30/2017--++ + # Move your long-term storage from tape to the Azure cloud Azure Backup and System Center Data Protection Manager customers can: |
| backup | Backup Azure Backup Exchange Server | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-backup-exchange-server.md | description: Learn how to back up an Exchange server to Azure Backup using Syste Last updated 01/31/2019--++ + # Back up an Exchange server to Azure Backup with System Center 2012 R2 DPM This article describes how to configure a System Center 2012 R2 Data Protection Manager (DPM) server to back up a Microsoft Exchange server to Azure Backup. |
| backup | Backup Azure Backup Import Export | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-backup-import-export.md | description: Learn how you can use Azure Backup to send data off the network by Last updated 12/05/2022--++ + # Offline seeding for MARS using customer-owned disks with Azure Import/Export This article describes how to send the initial full backup data from MARS to Azure using customer-owned disks instead of sending it via the network. Learn about [sending the initial full backup data from DPM/MABS to Azure using customer-owned disks](backup-azure-backup-server-import-export.md). |
| backup | Backup Azure Backup Server Import Export | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-backup-server-import-export.md | description: With Azure Backup, you can send data off the network by using the A Last updated 12/05/2022 --++ + # Offline seeding for DPM/MABS using customer-owned disks with Azure Import/Export This article describes how to send the initial full backup data from DPM/MABS to Azure using customer-owned disks instead of sending it via the network. Learn about [sending the initial full backup data from MARS to Azure using customer-owned disks](backup-azure-backup-import-export.md). |
| backup | Backup Azure Backup Server Vmware | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-backup-server-vmware.md | Title: Back up VMware VMs with Azure Backup Server description: In this article, learn how to use Azure Backup Server to back up VMware VMs running on a VMware vCenter/ESXi server. Last updated 03/03/2023--++ |
| backup | Backup Azure Backup Sharepoint Mabs | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-backup-sharepoint-mabs.md | |
| backup | Backup Azure Backup Sharepoint | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-backup-sharepoint.md | |
| backup | Backup Azure Backup Sql | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-backup-sql.md | description: An introduction to backing up SQL Server databases by using the Azu Last updated 01/17/2023 --++ |
| backup | Backup Azure Data Protection Use Rest Api Backup Postgresql | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-data-protection-use-rest-api-backup-postgresql.md | |
| backup | Backup Azure Data Protection Use Rest Api Create Update Postgresql Policy | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-data-protection-use-rest-api-create-update-postgresql-policy.md | description: In this article, you'll learn how to create and manage backup polic Last updated 01/24/2022 ms.assetid: 759ee63f-148b-464c-bfc4-c9e640b7da6b--++ # Create Azure Data Protection backup policies for Azure PostgreSQL databases using REST API |
| backup | Backup Azure Database Postgresql Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-database-postgresql-overview.md | description: An overview on Azure Database for PostgreSQL backup Last updated 01/24/2022 --++ # About Azure Database for PostgreSQL backup |
| backup | Backup Azure Database Postgresql Support Matrix | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-database-postgresql-support-matrix.md | |
| backup | Backup Azure Database Postgresql Troubleshoot | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-database-postgresql-troubleshoot.md | description: Troubleshooting information for backing up Azure Database for Postg Last updated 06/07/2022 --++ # Troubleshoot PostgreSQL database backup using Azure Backup |
| backup | Backup Azure Database Postgresql | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-database-postgresql.md | description: Learn about Azure Database for PostgreSQL backup with long-term ret Last updated 03/23/2023 --++ # Azure Database for PostgreSQL backup with long-term retention |
| backup | Backup Azure Dataprotection Use Rest Api Backup Blobs | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-dataprotection-use-rest-api-backup-blobs.md | Last updated 10/31/2022 ms.assetid: 7c244b94-d736-40a8-b94d-c72077080bbe --++ # Back up blobs in a storage account using Azure Data Protection via REST API |
| backup | Backup Azure Dataprotection Use Rest Api Backup Disks | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-dataprotection-use-rest-api-backup-disks.md | description: In this article, learn how to configure, initiate, and manage backu Last updated 05/30/2023 ms.assetid: 6050a941-89d7-4b27-9976-69898cc34cde--++ |
| backup | Backup Azure Dataprotection Use Rest Api Create Update Backup Vault | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-dataprotection-use-rest-api-create-update-backup-vault.md | description: In this article, learn how to create a policy to back up blobs in a Last updated 07/09/2021 ms.assetid: 93861379-5bec-4ed5-95d2-46f534a115fd--++ + # Create Azure Backup vault using REST API Azure Backup's new Data Protection platform provides enhanced capabilities for backup and restore for newer workloads such as blobs in storage accounts, managed disk and PostgreSQL server's PaaS platform. It aims to minimize management overhead while making it easy for organizing backups. A 'Backup vault' is the cornerstone of the Data protection platform and this is different from the 'Recovery Services' vault. |
| backup | Backup Azure Dataprotection Use Rest Api Create Update Blob Policy | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-dataprotection-use-rest-api-create-update-blob-policy.md | Last updated 10/28/2022 ms.assetid: 472d6a4f-7914-454b-b8e4-062e8b556de3 --++ + # Create Azure Data Protection backup policies for blobs using REST API Azure Backup policy typically governs the retention and schedule of your backups. As operational backup for blobs is continuous in nature, you don't need a schedule to perform backups. The policy is essentially needed to specify the retention period. You can reuse the backup policy to configure backup for multiple storage accounts to a vault. |
| backup | Backup Azure Dataprotection Use Rest Api Create Update Disk Policy | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-dataprotection-use-rest-api-create-update-disk-policy.md | |
| backup | Backup Azure Dataprotection Use Rest Api Restore Blobs | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-dataprotection-use-rest-api-restore-blobs.md | description: In this article, learn how to restore blobs of a storage account us Last updated 07/09/2021 ms.assetid: 9b8d21e6-3e23-4345-bb2b-e21040996afd--++ # Restore Azure blobs to point-in-time using Azure Data Protection REST API |
| backup | Backup Azure Dataprotection Use Rest Api Restore Disks | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-dataprotection-use-rest-api-restore-disks.md | |
| backup | Backup Azure Delete Vault | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-delete-vault.md | |
| backup | Backup Azure Diagnostic Events | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-diagnostic-events.md | Title: Use diagnostics settings for Recovery Services vaults description: 'This article describes how to use the old and new diagnostics events for Azure Backup.' Last updated 04/18/2023--++ |
| backup | Backup Azure Diagnostics Mode Data Model | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-diagnostics-mode-data-model.md | |
| backup | Backup Azure Dpm Introduction | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-dpm-introduction.md | description: In this article, learn how to prepare for System Center Data Protec Last updated 10/21/2020 --++ + # Prepare to back up workloads to Azure with System Center DPM This article explains how to prepare for System Center Data Protection Manager (DPM) backups to Azure, using the Azure Backup service. |
| backup | Backup Azure Encrypted Vm Troubleshoot | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-encrypted-vm-troubleshoot.md | Title: Troubleshoot encrypted Azure VM backup errors description: Describes how to troubleshoot common errors that might occur when you use Azure Backup to back up an encrypted VM. Last updated 11/9/2021--++ # Troubleshoot backup failures on encrypted Azure virtual machines |
| backup | Backup Azure Enhanced Soft Delete About | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-enhanced-soft-delete-about.md | |
| backup | Backup Azure Enhanced Soft Delete Configure Manage | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-enhanced-soft-delete-configure-manage.md | description: This article describes about how to configure and manage enhanced s Last updated 06/12/2023 --++ # Configure and manage enhanced soft delete in Azure Backup (preview) |
| backup | Backup Azure Exchange Mabs | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-exchange-mabs.md | description: Learn how to back up an Exchange server to Azure Backup using Azure Last updated 03/24/2017--++ # Back up an Exchange server to Azure with Azure Backup Server |
| backup | Backup Azure File Share Rest Api | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-file-share-rest-api.md | Title: Back up Azure file shares with REST API description: Learn how to use REST API to back up Azure file shares in the Recovery Services vault Last updated 02/16/2020--++ # Backup Azure file share using Azure Backup via REST API |
| backup | Backup Azure Files | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-files.md | |
| backup | Backup Azure Immutable Vault Concept | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-immutable-vault-concept.md | |
| backup | Backup Azure Immutable Vault How To Manage | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-immutable-vault-how-to-manage.md | description: This article explains how to manage Azure Backup Immutable vault op Last updated 05/25/2023--++ # Manage Azure Backup Immutable vault operations |
| backup | Backup Azure Integrate Microsoft Defender Using Logic Apps | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-integrate-microsoft-defender-using-logic-apps.md | |
| backup | Backup Azure Linux App Consistent | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-linux-app-consistent.md | Title: Application-consistent backups of Linux VMs description: Create application-consistent backups of your Linux virtual machines to Azure. This article explains configuring the script framework to back up Azure-deployed Linux VMs. This article also includes troubleshooting information. Last updated 01/12/2018--++ # Application-consistent backup of Azure Linux VMs |
| backup | Backup Azure Linux Database Consistent Enhanced Pre Post | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-linux-database-consistent-enhanced-pre-post.md | Title: Database consistent snapshots using enhanced pre-post script framework description: Learn how Azure Backup allows you to take database consistent snapshots, leveraging Azure VM backup and using packaged pre-post scripts Last updated 09/16/2021 --++ # Enhanced pre-post scripts for database consistent snapshot |
| backup | Backup Azure Mabs Troubleshoot | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-mabs-troubleshoot.md | |
| backup | Backup Azure Manage Mars | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-manage-mars.md | |
| backup | Backup Azure Manage Vms | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-manage-vms.md | description: Learn how to manage and monitor Azure VM backups by using the Azure Last updated 07/05/2022 --++ # Manage Azure VM backups with Azure Backup service |
| backup | Backup Azure Manage Windows Server | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-manage-windows-server.md | Title: Manage Azure Recovery Services vaults and servers description: In this article, learn how to use the Recovery Services vault Overview dashboard to monitor and manage your Recovery Services vaults. Last updated 07/08/2019--++ # Monitor and manage Recovery Services vaults |
| backup | Backup Azure Mars Troubleshoot | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-mars-troubleshoot.md | description: In this article, learn how to troubleshoot the installation and reg Last updated 12/05/2022 --++ # Troubleshoot the Microsoft Azure Recovery Services (MARS) agent |
| backup | Backup Azure Microsoft Azure Backup | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-microsoft-azure-backup.md | description: In this article, learn how to prepare your environment to protect a Last updated 04/27/2023 --++ # Install and upgrade Azure Backup Server |
| backup | Backup Azure Monitoring Built In Monitor | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-monitoring-built-in-monitor.md | |
| backup | Backup Azure Monitoring Use Azuremonitor | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-monitoring-use-azuremonitor.md | description: Monitor Azure Backup workloads and create custom alerts by using Az Last updated 04/18/2023 ms.assetid: 01169af5-7eb0-4cb0-bbdb-c58ac71bf48b--++ # Monitor at scale by using Azure Monitor |
| backup | Backup Azure Move Recovery Services Vault | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-move-recovery-services-vault.md | Last updated 02/11/2022 --++ # Move a Recovery Services vault across Azure subscriptions and resource groups |
| backup | Backup Azure Policy Supported Skus | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-policy-supported-skus.md | description: 'An article describing the supported VM SKUs (by Publisher, Image O Last updated 04/08/2022 --++ # Supported VM SKUs for Azure Policy |
| backup | Backup Azure Private Endpoints Concept | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-private-endpoints-concept.md | description: This article explains about the concept of private endpoints for Az Last updated 05/24/2023--++ # Overview and concepts of private endpoints (v2 experience) for Azure Backup |
| backup | Backup Azure Private Endpoints Configure Manage | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-private-endpoints-configure-manage.md | description: This article explains how to configure and manage private endpoints Last updated 04/26/2023--++ # Create and use private endpoints (v2 experience) for Azure Backup |
| backup | Backup Azure Recovery Services Vault Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-recovery-services-vault-overview.md | description: An overview of Recovery Services vaults. Last updated 01/24/2023 --++ # Recovery Services vaults overview |
| backup | Backup Azure Reports Data Model | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-reports-data-model.md | description: This data model is in reference to the Resource Specific Mode of se Last updated 04/18/2023 --++ # Data Model for Azure Backup Diagnostics Events |
| backup | Backup Azure Reserved Pricing Optimize Cost | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-reserved-pricing-optimize-cost.md | description: This article explains about how to optimize costs for Azure Backup Last updated 09/03/2022--++ # Optimize costs for Azure Backup Storage with reserved capacity |
| backup | Backup Azure Reserved Pricing Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-reserved-pricing-overview.md | description: This article explains about how reservation discounts are applied t Last updated 09/09/2022--++ # Understand how reservation discounts are applied to Azure Backup storage |
| backup | Backup Azure Restore Files From Vm | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-restore-files-from-vm.md | |
| backup | Backup Azure Restore Key Secret | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-restore-key-secret.md | description: Learn how to restore Key Vault key and secret in Azure Backup using Last updated 02/28/2023 --++ # Restore Key Vault key and secret for encrypted VMs using Azure Backup |
| backup | Backup Azure Restore System State | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-restore-system-state.md | description: Step-by-step explanation for restoring Windows Server System State Last updated 12/09/2022 --++ # Restore System State to Windows Server |
| backup | Backup Azure Restore Windows Server | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-restore-windows-server.md | Title: Restore files to Windows Server using the MARS Agent description: In this article, learn how to restore data stored in Azure to a Windows server or Windows computer with the Microsoft Azure Recovery Services (MARS) Agent. Last updated 09/07/2018--++ # Restore files to Windows Server using the MARS Agent |
| backup | Backup Azure Sap Hana Database | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-sap-hana-database.md | description: In this article, learn how to back up an SAP HANA database to Azure Last updated 05/24/2023 --++ # Back up SAP HANA databases in Azure VMs |
| backup | Backup Azure Scdpm Troubleshooting | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-scdpm-troubleshooting.md | description: In this article, discover solutions for issues that you might encou Last updated 10/21/2022 --++ # Troubleshoot System Center Data Protection Manager |
| backup | Backup Azure Security Feature Cloud | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-security-feature-cloud.md | |
| backup | Backup Azure Security Feature | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-security-feature.md | |
| backup | Backup Azure Sql Automation | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-sql-automation.md | Last updated 07/15/2022 ms.assetid: 57854626-91f9-4677-b6a2-5d12b6a866e1 --++ # Back up and restore SQL databases in Azure VMs with PowerShell |
| backup | Backup Azure Sql Backup Cli | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-sql-backup-cli.md | |
| backup | Backup Azure Sql Database | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-sql-database.md | Title: Back up SQL Server databases to Azure description: This article explains how to back up SQL Server to Azure. The article also explains SQL Server recovery. Last updated 08/11/2022--++ # About SQL Server Backup in Azure VMs |
| backup | Backup Azure Sql Mabs | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-sql-mabs.md | Title: Back up SQL Server by using Azure Backup Server description: In this article, learn the configuration to back up SQL Server databases by using Microsoft Azure Backup Server (MABS). Last updated 03/01/2023--++ |
| backup | Backup Azure Sql Manage Cli | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-sql-manage-cli.md | |
| backup | Backup Azure Sql Vm Rest Api | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-sql-vm-rest-api.md | description: Learn how to use REST API to back up SQL server databases in Azure Last updated 08/11/2022 --++ # Back up SQL server databases in Azure VMs using Azure Backup via REST API |
| backup | Backup Azure System State Troubleshoot | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-system-state-troubleshoot.md | description: In this article, learn how to troubleshoot issues in System State B Last updated 07/22/2019--++ # Troubleshoot System State Backup |
| backup | Backup Azure System State | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-system-state.md | Title: Back up Windows system state to Azure description: Learn how to back up the system state of Windows Server computers to Azure. Last updated 01/20/2023--++ |
| backup | Backup Azure Troubleshoot Blob Backup | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-troubleshoot-blob-backup.md | |
| backup | Backup Azure Troubleshoot Slow Backup Performance Issue | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-troubleshoot-slow-backup-performance-issue.md | |
| backup | Backup Azure Troubleshoot Vm Backup Fails Snapshot Timeout | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-troubleshoot-vm-backup-fails-snapshot-timeout.md | |
| backup | Backup Azure Vm File Recovery Troubleshoot | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-vm-file-recovery-troubleshoot.md | Title: Troubleshoot Azure VM file recovery description: Troubleshoot issues when recovering files and folders from an Azure VM backup. Last updated 07/12/2020--++ # Troubleshoot issues in file recovery of an Azure VM backup |
| backup | Backup Azure Vms Automation | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-vms-automation.md | |
| backup | Backup Azure Vms Encryption | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-vms-encryption.md | description: Describes how to back up and restore encrypted Azure VMs with the A Last updated 12/14/2022 --++ # Back up and restore encrypted Azure virtual machines |
| backup | Backup Azure Vms Enhanced Policy | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-vms-enhanced-policy.md | Last updated 05/15/2023 --++ # Back up an Azure VM using Enhanced policy |
| backup | Backup Azure Vms First Look Arm | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-vms-first-look-arm.md | Title: Back up an Azure VM from the VM settings description: In this article, learn how to back up either a singular Azure VM or multiple Azure VMs with the Azure Backup service. Last updated 06/24/2023--++ # Back up an Azure VM from the VM settings |
| backup | Backup Azure Vms Introduction | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-vms-introduction.md | Title: About Azure VM backup description: In this article, learn how the Azure Backup service backs up Azure Virtual machines, and how to follow best practices. Last updated 02/27/2023--++ # An overview of Azure VM backup |
| backup | Backup Azure Vms Troubleshoot | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-vms-troubleshoot.md | Title: Troubleshoot backup errors with Azure VMs description: In this article, learn how to troubleshoot errors encountered with backup and restore of Azure virtual machines. Previously updated : 12/23/2022 Last updated : 07/20/2023 --++ # Troubleshooting backup failures on Azure virtual machines Error message: Snapshot operation failed because VSS writers were in a bad state This error occurs because the VSS writers were in a bad state. Azure Backup extensions interact with VSS Writers to take snapshots of the disks. To resolve this issue, follow these steps: -Step 1: Restart VSS writers that are in a bad state. +**Step 1**: Check the **Free Disk Space**, **VM resources as RAM and page file**, and **CPU utilization percentage**. ++- Increase the VM size to increase vCPUs and RAM space. +- Increase the disk size if the free disk space is low. ++**Step 2**: Restart VSS writers that are in a bad state. * From an elevated command prompt, run `vssadmin list writers`. * The output contains all VSS writers and their state. For every VSS writer with a state that's not **[1] Stable**, restart the respective VSS writer's service. Step 1: Restart VSS writers that are in a bad state. > [!NOTE] > Restarting some services can have an impact on your production environment. Ensure the approval process is followed and the service is restarted at the scheduled downtime. -Step 2: If restarting the VSS writers did not resolve the issue, then run the following command from an elevated command-prompt (as an administrator) to prevent the threads from being created for blob-snapshots. +**Step 3**: If restarting the VSS writers did not resolve the issue, then run the following command from an elevated command-prompt (as an administrator) to prevent the threads from being created for blob-snapshots. ```console REG ADD "HKLM\SOFTWARE\Microsoft\BcdrAgentPersistentKeys" /v SnapshotWithoutThreads /t REG_SZ /d True /f ``` -Step 3: If steps 1 and 2 did not resolve the issue, then the failure could be due to VSS writers timing out due to limited IOPS.<br> +**Step 4**: If steps 1 and 2 did not resolve the issue, then the failure could be due to VSS writers timing out due to limited IOPS.<br> To verify, navigate to ***System and Event Viewer Application logs*** and check for the following error message:<br> *The shadow copy provider timed out while holding writes to the volume being shadow copied. This is probably due to excessive activity on the volume by an application or a system service. Try again later when activity on the volume is reduced.*<br> |
| backup | Backup Blobs Storage Account Cli | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-blobs-storage-account-cli.md | description: Learn how to back up Azure Blobs using Azure CLI. Last updated 08/06/2021--++ # Back up Azure Blobs in a storage account using Azure CLI |
| backup | Backup Blobs Storage Account Ps | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-blobs-storage-account-ps.md | description: Learn how to back up all Azure blobs within a storage account using Last updated 08/06/2021--++ # Back up all Azure blobs in a storage account using Azure PowerShell |
| backup | Backup Center Actions | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-center-actions.md | description: This article explains how to perform actions using Backup center Last updated 12/08/2022 --++ # Perform actions using Backup center |
| backup | Backup Center Govern Environment | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-center-govern-environment.md | Title: Govern your backup estate using Backup Center description: Learn how to govern your Azure environment to ensure that all your resources are compliant from a backup perspective with Backup Center. Last updated 09/01/2020--++ # Govern your backup estate using Backup Center |
| backup | Backup Center Monitor Operate | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-center-monitor-operate.md | description: This article explains how to monitor and operate backups and disast Last updated 12/08/2022 --++ # Monitor and operate backups and disaster recovery using Backup center |
| backup | Backup Center Obtain Insights | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-center-obtain-insights.md | Title: Obtain insights using Backup center description: Learn how to analyze historical trends and gain deeper insights on your backups with Backup center. Last updated 10/19/2021--++ # Obtain Insights using Backup center |
| backup | Backup Center Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-center-overview.md | |
| backup | Backup Center Support Matrix | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-center-support-matrix.md | description: This article summarizes the scenarios that Backup center supports f Last updated 03/31/2023 --++ # Support matrix for Backup center |
| backup | Backup Client Automation | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-client-automation.md | description: In this article, learn how to use PowerShell to set up Azure Backup Last updated 08/24/2021 --++ # Deploy and manage backup to Azure for Windows Server/Windows Client using PowerShell |
| backup | Backup Create Recovery Services Vault | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-create-recovery-services-vault.md | description: Learn how to create and configure Recovery Services vaults, and how Last updated 04/06/2023 --++ # Create and configure a Recovery Services vault |
| backup | Backup Dpm Automation | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-dpm-automation.md | description: Learn how to deploy and manage Azure Backup for Data Protection Man Last updated 01/23/2017 --++ # Deploy and manage backup to Azure for Data Protection Manager (DPM) servers using PowerShell |
| backup | Backup During Vm Creation | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-during-vm-creation.md | description: Describes how to enable backup when you create an Azure VM with Azu Last updated 07/19/2022 --++ # Enable backup when you create an Azure VM |
| backup | Backup Encryption | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-encryption.md | |
| backup | Backup Instant Restore Capability | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-instant-restore-capability.md | description: Azure Instant Restore Capability and FAQs for VM backup stack, Reso Last updated 04/23/2019--++ # Get improved backup and restore performance with Azure Backup Instant Restore capability |
| backup | Backup Mabs Add Storage | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-mabs-add-storage.md | description: Learn about the new features in Azure Backup Server. This article d Last updated 03/01/2023 --++ # Add storage to Azure Backup Server |
| backup | Backup Mabs Files Applications Azure Stack | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-mabs-files-applications-azure-stack.md | description: Use Azure Backup to back up and recover Azure Stack files and appli Last updated 11/11/2021 --++ # Back up files and applications on Azure Stack |
| backup | Backup Mabs Install Azure Stack | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-mabs-install-azure-stack.md | Title: Install Azure Backup Server on Azure Stack description: In this article, learn how to use Azure Backup Server to protect or back up workloads in Azure Stack. Last updated 04/20/2023--++ # Install Azure Backup Server on Azure Stack |
| backup | Backup Mabs Protection Matrix | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-mabs-protection-matrix.md | description: This article provides a support matrix listing all workloads, data Last updated 04/20/2023 --++ # MABS (Azure Backup Server) V4 (and later) protection matrix |
| backup | Backup Mabs Release Notes V3 | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-mabs-release-notes-v3.md | description: This article provides the information about the known issues and wo Last updated 04/20/2023 ms.asset: 0c4127f2-d936-48ef-b430-a9198e425d81--++ # Release notes for Microsoft Azure Backup Server |
| backup | Backup Mabs Sharepoint Azure Stack | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-mabs-sharepoint-azure-stack.md | |
| backup | Backup Mabs Sql Azure Stack | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-mabs-sql-azure-stack.md | Title: Back up SQL Server workloads on Azure Stack description: In this article, learn how to configure Microsoft Azure Backup Server (MABS) to protect SQL Server databases on Azure Stack. Last updated 01/18/2023--++ |
| backup | Backup Mabs System State And Bmr | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-mabs-system-state-and-bmr.md | Title: System state and bare-metal recovery protection description: Use Azure Backup Server to back up your system state and provide bare-metal recovery (BMR) protection. Last updated 05/15/2017--++ # Back up system state and restore to bare metal by using Azure Backup Server |
| backup | Backup Mabs Unattended Install | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-mabs-unattended-install.md | Title: Silent installation of Azure Backup Server V4 description: Use a PowerShell script to silently install Azure Backup Server V4. This kind of installation is also called an unattended installation. Last updated 11/13/2018--++ # Run an unattended installation of Azure Backup Server |
| backup | Backup Mabs Whats New Mabs | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-mabs-whats-new-mabs.md | Title: What's new in Microsoft Azure Backup Server description: Microsoft Azure Backup Server gives you enhanced backup capabilities for protecting VMs, files and folders, workloads, and more. Last updated 04/25/2023--++ |
| backup | Backup Managed Disks Cli | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-managed-disks-cli.md | description: Learn how to back up Azure Managed Disks using Azure CLI. Last updated 09/17/2021--++ # Back up Azure Managed Disks using Azure CLI |
| backup | Backup Managed Disks Ps | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-managed-disks-ps.md | description: Learn how to back up Azure Managed Disks using Azure PowerShell. Last updated 09/17/2021 --++ # Back up Azure Managed Disks using Azure PowerShell |
| backup | Backup Managed Disks | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-managed-disks.md | description: Learn how to back up Azure Managed Disks from the Azure portal. Last updated 11/03/2022 --++ # Back up Azure Managed Disks To configure disk backup, follow these steps: >[!Note] >While the portal allows you to select multiple disks and configure backup, each disk is an individual backup instance. Currently, Azure Disk Backup only supports backup of individual disks. Point-in-time backup of multiple disks attached to a virtual machine isn't supported. >- >In the Azure portal, you can only select disks within the same subscription. If you have several disks to be backed up or if the disks reside in different subscriptions, you can use scripts ([PowerShell](./backup-managed-disks-ps.md)/[CLI](./backup-managed-disks-cli.md)) to automate. + >In the Azure portal, you can only select disks within the same subscription. If you have several disks to be backed up or if the disks reside in different subscriptions, you can use scripts ([PowerShell](./backup-managed-disks-ps.md)/[CLI](./backup-managed-disks-cli.md)) to automate. > >See the [support matrix](./disk-backup-support-matrix.md) for more information on the Azure Disk backup region availability, supported scenarios, and limitations. |
| backup | Backup Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-overview.md | description: Provides an overview of the Azure Backup service, and how it contri Last updated 04/01/2023 --++ # What is the Azure Backup service? |
| backup | Backup Postgresql Cli | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-postgresql-cli.md | |
| backup | Backup Postgresql Ps | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-postgresql-ps.md | |
| backup | Backup Rbac Rs Vault | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-rbac-rs-vault.md | |
| backup | Backup Release Notes Archived | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-release-notes-archived.md | description: Learn about past features releases in Azure Backup. Last updated 01/27/2022 --++ # Archived release notes in Azure Backup |
| backup | Backup Reports Email | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-reports-email.md | Title: Email Azure Backup Reports description: Create automated tasks to receive periodic reports via email Last updated 04/17/2023- -++ # Email Azure Backup Reports |
| backup | Backup Reports System Functions | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-reports-system-functions.md | Title: System functions on Azure Monitor Logs description: Write custom queries on Azure Monitor Logs using system functions Last updated 04/18/2023--++ # System functions on Azure Monitor Logs |
| backup | Backup Rm Template Samples | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-rm-template-samples.md | |
| backup | Backup Sql Server Azure Troubleshoot | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-sql-server-azure-troubleshoot.md | |
| backup | Backup Sql Server Database Azure Vms | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-sql-server-database-azure-vms.md | description: In this article, learn how to back up SQL Server databases on Azure Last updated 05/24/2023 --++ # Back up multiple SQL Server VMs from the Recovery Services vault |
| backup | Backup Sql Server On Availability Groups | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-sql-server-on-availability-groups.md | Title: Back up SQL Server always on availability groups description: In this article, learn how to back up SQL Server on availability groups. Last updated 08/11/2022--++ # Back up SQL Server always on availability groups |
| backup | Backup Sql Server Vm From Vm Pane | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-sql-server-vm-from-vm-pane.md | Title: Back up a SQL Server VM from the VM pane description: In this article, learn how to back up SQL Server databases on Azure virtual machines from the VM pane. Last updated 08/11/2022--++ # Back up a SQL Server from the VM pane |
| backup | Backup Support Automation | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-support-automation.md | description: This article summarizes automation tasks related to Azure Backup su Last updated 11/04/2022 --++ # Support matrix for automation in Azure Backup |
| backup | Backup Support Matrix Iaas | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-support-matrix-iaas.md | Last updated 07/05/2023 --++ # Support matrix for Azure VM backups |
| backup | Backup Support Matrix Mabs Dpm | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-support-matrix-mabs-dpm.md | Title: MABS & System Center DPM support matrix description: This article summarizes Azure Backup support when you use Microsoft Azure Backup Server (MABS) or System Center DPM to back up on-premises and Azure VM resources. Last updated 04/20/2023 --++ # Support matrix for backup with Microsoft Azure Backup Server or System Center DPM |
| backup | Backup Support Matrix Mars Agent | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-support-matrix-mars-agent.md | description: This article summarizes Azure Backup support when you back up machi Last updated 12/28/2022 --++ # Support matrix for backup with the Microsoft Azure Recovery Services (MARS) agent |
| backup | Backup Support Matrix | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-support-matrix.md | |
| backup | Backup The Mabs Server | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-the-mabs-server.md | Title: Back up the MABS server description: Learn how to back up the Microsoft Azure Backup Server (MABS). Last updated 09/24/2020--++ # Back up the MABS server |
| backup | Backup Vault Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-vault-overview.md | |
| backup | Backup Windows With Mars Agent | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-windows-with-mars-agent.md | Title: Back up Windows machines by using the MARS agent description: Use the Microsoft Azure Recovery Services (MARS) agent to back up Windows machines. Last updated 06/23/2023--++ |
| backup | Blob Backup Configure Manage | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/blob-backup-configure-manage.md | description: Learn how to configure and manage operational and vaulted backups f Last updated 05/02/2023 --++ # Configure and manage backup for Azure Blobs using Azure Backup |
| backup | Blob Backup Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/blob-backup-overview.md | description: Learn about Azure Blobs backup. Last updated 03/10/2023 --++ # Overview of Azure Blob backup |
| backup | Blob Backup Support Matrix | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/blob-backup-support-matrix.md | |
| backup | Blob Restore | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/blob-restore.md | Title: Restore Azure Blobs description: Learn how to restore Azure Blobs. Last updated 04/11/2023--++ # Restore Azure Blobs |
| backup | Compliance Offerings | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/compliance-offerings.md | |
| backup | Configure Reports | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/configure-reports.md | description: Configure and view reports for Azure Backup by using Log Analytics Last updated 04/18/2023 --++ # Configure Azure Backup reports |
| backup | Create Manage Azure Services Using Azure Command Line Interface | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/create-manage-azure-services-using-azure-command-line-interface.md | description: Use Azure CLI to create and manage Azure services for Azure Backup. Last updated 05/21/2021--++ # Create and manage Azure Backup services using Azure CLI |
| backup | Create Manage Backup Vault | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/create-manage-backup-vault.md | |
| backup | Disk Backup Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/disk-backup-overview.md | description: Learn about the Azure Disk backup solution. Last updated 03/10/2022 --++ # Overview of Azure Disk Backup |
| backup | Disk Backup Support Matrix | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/disk-backup-support-matrix.md | |
| backup | Disk Backup Troubleshoot | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/disk-backup-troubleshoot.md | Title: Troubleshooting backup failures in Azure Disk Backup description: Learn how to troubleshoot backup failures in Azure Disk Backup Last updated 06/08/2021--++ # Troubleshooting backup failures in Azure Disk Backup |
| backup | Enable Multi User Authorization Quickstart | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/enable-multi-user-authorization-quickstart.md | description: In this quickstart, learn how to use Multi-user authorization to pr Last updated 05/05/2022 --++ # Quickstart: Enable protection using Multi-user authorization on Recovery Services vault in Azure Backup |
| backup | Encryption At Rest With Cmk | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/encryption-at-rest-with-cmk.md | description: Learn how Azure Backup allows you to encrypt your backup data using Last updated 01/13/2023 - -++ # Encryption of backup data using customer-managed keys |
| backup | Guidance Best Practices | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/guidance-best-practices.md | |
| backup | Install Mars Agent | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/install-mars-agent.md | description: Learn how to install the Microsoft Azure Recovery Services (MARS) a Last updated 11/15/2022 --+++ # Install the Azure Backup MARS agent |
| backup | Manage Afs Backup Cli | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/manage-afs-backup-cli.md | description: Learn how to use the Azure CLI to manage and monitor Azure file sha Last updated 02/09/2022--+++ # Manage Azure file share backups with the Azure CLI |
| backup | Manage Afs Backup | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/manage-afs-backup.md | description: This article describes common tasks for managing and monitoring the Last updated 11/03/2021 --+++ # Manage Azure file share backups |
| backup | Manage Afs Powershell | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/manage-afs-powershell.md | description: Learn how to use PowerShell to manage and monitor Azure file shares Last updated 1/27/2020 --++ # Manage Azure file share backups with PowerShell |
| backup | Manage Azure Database Postgresql | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/manage-azure-database-postgresql.md | description: Learn about managing Azure Database for PostgreSQL server. Last updated 01/24/2022 --++ # Manage Azure Database for PostgreSQL server |
| backup | Manage Azure File Share Rest Api | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/manage-azure-file-share-rest-api.md | Title: Manage Azure File share backup with REST API description: Learn how to use REST API to manage and monitor Azure file shares that are backed up by Azure Backup. Last updated 02/17/2020--++ # Manage Azure File share backup with REST API |
| backup | Manage Azure Managed Disks | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/manage-azure-managed-disks.md | Title: Manage Azure Managed Disks description: Learn about managing Azure Managed Disk from the Azure portal. Last updated 03/27/2023--++ |
| backup | Manage Azure Sql Vm Rest Api | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/manage-azure-sql-vm-rest-api.md | description: Learn how to use REST API to manage and monitor SQL server database Last updated 08/11/2022 --+++ # Manage SQL server databases in Azure VMs with REST API |
| backup | Manage Monitor Sql Database Backup | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/manage-monitor-sql-database-backup.md | description: This article describes how to manage and monitor SQL Server databas Last updated 09/14/2022 --++ # Manage and monitor backed up SQL Server databases |
| backup | Manage Recovery Points | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/manage-recovery-points.md | Title: Manage recovery points description: Learn how the Azure Backup service manages recovery points for virtual machines Last updated 06/17/2021--++ # Manage recovery points |
| backup | Manage Telemetry | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/manage-telemetry.md | Title: Manage telemetry settings in Microsoft Azure Backup Server (MABS) description: This article provides information about how to manage the telemetry settings in MABS. Last updated 07/27/2021 --++ # Manage telemetry settings |
| backup | Metrics Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/metrics-overview.md | description: In this article, learn about the metrics available for Azure Backup Last updated 07/13/2022 --++ # Monitor the health of your backups using Azure Backup Metrics (preview) |
| backup | Microsoft Azure Backup Server Protection V3 Ur1 | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/microsoft-azure-backup-server-protection-v3-ur1.md | description: This article provides a support matrix listing all workloads, data Last updated 08/08/2022 --++ # MABS (Azure Backup Server) V3 UR1 (and later) protection matrix |
| backup | Microsoft Azure Backup Server Protection V3 | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/microsoft-azure-backup-server-protection-v3.md | description: This article provides a protection matrix listing all workloads, da Last updated 04/20/2023 --++ # Azure Backup Server V3 RTM protection matrix |
| backup | Modify Vm Policy Cli | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/modify-vm-policy-cli.md | description: Learn how to update the existing VM backup policy using Azure CLI. Last updated 12/31/2020--++ # Update the existing VM backup policy using CLI |
| backup | Monitor Azure Backup With Backup Explorer | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/monitor-azure-backup-with-backup-explorer.md | Title: Monitor your backups with Backup Explorer description: This article describes how to use Backup Explorer to perform real-time monitoring of backups across vaults, subscriptions, regions, and tenants. Last updated 02/03/2020--++ # Monitor your backups with Backup Explorer |
| backup | Monitoring And Alerts Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/monitoring-and-alerts-overview.md | description: Learn about different monitoring and reporting solutions provided b Last updated 10/21/2022 --++ # Monitoring and reporting solutions for Azure Backup |
| backup | Move To Azure Monitor Alerts | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/move-to-azure-monitor-alerts.md | description: This article describes the new and improved alerting capabilities v Last updated 03/31/2023 --++ # Switch to Azure Monitor based alerts for Azure Backup |
| backup | Multi User Authorization Concept | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/multi-user-authorization-concept.md | description: An overview of Multi-user authorization using Resource Guard. Last updated 09/15/2022 --++ # Multi-user authorization using Resource Guard |
| backup | Multi User Authorization Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/multi-user-authorization-tutorial.md | description: In this tutorial, you'll learn about how create a resource guard an Last updated 05/05/2022 --++ # Tutorial: Create a Resource Guard and enable Multi-user authorization in Azure Backup |
| backup | Multi User Authorization | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/multi-user-authorization.md | zone_pivot_groups: backup-vaults-recovery-services-vault-backup-vault Last updated 11/08/2022 --++ # Configure Multi-user authorization using Resource Guard in Azure Backup |
| backup | Offline Backup Azure Data Box Dpm Mabs | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/offline-backup-azure-data-box-dpm-mabs.md | description: You can use Azure Data Box to seed initial Backup data offline from Last updated 08/04/2022 --++ # Offline seeding using Azure Data Box for DPM and MABS |
| backup | Offline Backup Azure Data Box | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/offline-backup-azure-data-box.md | Title: Offline backup by using Azure Data Box description: Learn how you can use Azure Data Box to seed large initial backup data offline from the MARS Agent to a Recovery Services vault. Last updated 1/23/2023--++ |
| backup | Offline Backup Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/offline-backup-overview.md | description: Learn about the components of offline backup. They include offline Last updated 1/28/2020 --++ # Overview of offline backup |
| backup | Offline Backup Server Previous Versions | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/offline-backup-server-previous-versions.md | Title: Offline backup for Data Protection Manager (DPM) and Microsoft Azure Back description: With Azure Backup, you can send data off the network by using the Azure Import/Export service. This article explains the offline backup workflow for previous versions of DPM and Azure Backup Server. Last updated 01/23/2023--++ |
| backup | Policy Reference | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/policy-reference.md | description: Lists Azure Policy built-in policy definitions for Azure Backup. Th Last updated 07/18/2023 --++ # Azure Policy built-in definitions for Azure Backup |
| backup | Powershell Backup Samples | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/powershell-backup-samples.md | description: This article provides links to PowerShell script samples that use A Last updated 06/23/2021 --++ # Azure Backup PowerShell samples |
| backup | Pre Backup Post Backup Scripts | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/pre-backup-post-backup-scripts.md | Title: Using Pre-Backup and Post-Backup Scripts description: This article contains the procedure to specify pre-backup and post-backup scripts. Azure Backup Server (MABS). Last updated 07/06/2021--++ # Using pre-backup and post-backup scripts |
| backup | Private Endpoints Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/private-endpoints-overview.md | |
| backup | Private Endpoints | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/private-endpoints.md | |
| backup | Query Backups Using Azure Resource Graph | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/query-backups-using-azure-resource-graph.md | Title: Query your backups using Azure Resource Graph (ARG) description: Learn more about querying information on backup for your Azure resources using Azure Resource Group (ARG). Last updated 05/21/2021--++ # Query your backups using Azure Resource Graph (ARG) |
| backup | Quick Backup Hana Cli | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/quick-backup-hana-cli.md | |
| backup | Quick Backup Postgresql Database Portal | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/quick-backup-postgresql-database-portal.md | |
| backup | Quick Backup Vm Bicep Template | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/quick-backup-vm-bicep-template.md | Last updated 11/17/2021 --++ # Back up a virtual machine in Azure with a Bicep template |
| backup | Quick Backup Vm Cli | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/quick-backup-vm-cli.md | |
| backup | Quick Backup Vm Portal | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/quick-backup-vm-portal.md | |
| backup | Quick Backup Vm Powershell | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/quick-backup-vm-powershell.md | ms.devlang: azurecli Last updated 04/16/2019 --++ # Back up a virtual machine in Azure with PowerShell |
| backup | Quick Backup Vm Template | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/quick-backup-vm-template.md | |
| backup | Quick Restore Hana Cli | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/quick-restore-hana-cli.md | |
| backup | Restore Afs Cli | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/restore-afs-cli.md | description: Learn how to use the Azure CLI to restore backed-up Azure file shar Last updated 01/16/2020--++ # Restore Azure file shares with the Azure CLI |
| backup | Restore Afs Powershell | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/restore-afs-powershell.md | description: In this article, learn how to restore Azure Files using the Azure B Last updated 1/27/2020 --++ # Restore Azure Files with PowerShell |
| backup | Restore Afs | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/restore-afs.md | |
| backup | Restore All Files Volume Mars | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/restore-all-files-volume-mars.md | Title: Restore all files in a volume with MARS description: Learn how to restore all the files in a volume using the MARS Agent. Last updated 01/17/2021--++ # Restore all the files in a volume using the MARS Agent |
| backup | Restore Azure Backup Server Vmware | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/restore-azure-backup-server-vmware.md | Title: Restore VMware VMs with Azure Backup Server description: Use Azure Backup Server (MABS) to restore VMware VMs running on a VMware vCenter/ESXi server. Last updated 03/01/2023--++ # Restore VMware virtual machines |
| backup | Restore Azure Database Postgresql | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/restore-azure-database-postgresql.md | |
| backup | Restore Azure Encrypted Virtual Machines | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/restore-azure-encrypted-virtual-machines.md | Title: Restore encrypted Azure VMs description: Describes how to restore encrypted Azure VMs with the Azure Backup service. Last updated 12/07/2022--++ # Restore encrypted Azure virtual machines |
| backup | Restore Azure File Share Rest Api | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/restore-azure-file-share-rest-api.md | Title: Restore Azure file shares with REST API description: Learn how to use REST API to restore Azure file shares or specific files from a restore point created by Azure Backup Last updated 02/17/2020--++ # Restore Azure File Shares using REST API |
| backup | Restore Azure Sql Vm Rest Api | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/restore-azure-sql-vm-rest-api.md | description: Learn how to use REST API to restore SQL server databases in Azure Last updated 08/11/2022 --++ # Restore SQL Server databases in Azure VMs with REST API |
| backup | Restore Blobs Storage Account Cli | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/restore-blobs-storage-account-cli.md | description: Learn how to restore Azure Blobs to any point-in-time using Azure C Last updated 06/18/2021--++ # Restore Azure Blobs to point-in-time using Azure CLI |
| backup | Restore Blobs Storage Account Ps | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/restore-blobs-storage-account-ps.md | description: Learn how to restore Azure blobs to any point-in-time using Azure P Last updated 05/05/2021--++ # Restore Azure blobs to point-in-time using Azure PowerShell |
| backup | Restore Managed Disks Cli | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/restore-managed-disks-cli.md | description: Learn how to restore Azure Managed Disks using Azure CLI. Last updated 06/18/2021--++ # Restore Azure Managed Disks using Azure CLI |
| backup | Restore Managed Disks Ps | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/restore-managed-disks-ps.md | description: Learn how to restore Azure Managed Disks using Azure PowerShell. Last updated 03/26/2021--++ # Restore Azure Managed Disks using Azure PowerShell |
| backup | Restore Managed Disks | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/restore-managed-disks.md | Title: Restore Azure Managed Disks description: Learn how to restore Azure Managed Disks from the Azure portal. Last updated 01/07/2021--++ # Restore Azure Managed Disks |
| backup | Restore Postgresql Database Cli | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/restore-postgresql-database-cli.md | |
| backup | Restore Postgresql Database Ps | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/restore-postgresql-database-ps.md | |
| backup | Restore Postgresql Database Use Rest Api | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/restore-postgresql-database-use-rest-api.md | description: Learn how to restore Azure PostGreSQL databases using Azure Data Pr Last updated 01/24/2022 --++ # Restore Azure PostgreSQL databases using Azure data protection REST API |
| backup | Sap Hana Database About | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/sap-hana-database-about.md | |
| backup | Sap Hana Database Instance Troubleshoot | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/sap-hana-database-instance-troubleshoot.md | |
| backup | Sap Hana Database Instances Backup | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/sap-hana-database-instances-backup.md | |
| backup | Sap Hana Database Instances Restore | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/sap-hana-database-instances-restore.md | |
| backup | Sap Hana Database Manage | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/sap-hana-database-manage.md | |
| backup | Security Controls Policy | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/security-controls-policy.md | Last updated 07/06/2023 --++ # Azure Policy Regulatory Compliance controls for Azure Backup |
| backup | Security Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/security-overview.md | Title: Overview of security features description: Learn about security capabilities in Azure Backup that help you protect your backup data and meet the security needs of your business. Last updated 03/31/2023--++ # Overview of security features in Azure Backup |
| backup | Selective Disk Backup Restore | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/selective-disk-backup-restore.md | |
| backup | Soft Delete Azure File Share | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/soft-delete-azure-file-share.md | description: Learn how to soft delete can protect your Azure File Shares from ac Last updated 02/02/2020 --++ # Accidental delete protection for Azure file shares using Azure Backup |
| backup | Soft Delete Sql Saphana In Azure Vm | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/soft-delete-sql-saphana-in-azure-vm.md | description: Learn how soft delete for SQL server in Azure VM and SAP HANA in Az Last updated 04/27/2020 --++ # Soft delete for SQL server in Azure VM and SAP HANA in Azure VM workloads |
| backup | Soft Delete Virtual Machines | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/soft-delete-virtual-machines.md | |
| backup | Transport Layer Security | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/transport-layer-security.md | Title: Transport Layer Security in Azure Backup description: Learn how to enable Azure Backup to use the encryption protocol Transport Layer Security (TLS) to keep data secure when being transferred over a network. Last updated 09/20/2022--++ # Transport Layer Security in Azure Backup |
| backup | Troubleshoot Archive Tier | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/troubleshoot-archive-tier.md | description: Learn to troubleshoot Archive Tier errors for Azure Backup. Last updated 10/23/2021 --++ # Troubleshooting recovery point archive using Archive Tier |
| backup | Troubleshoot Azure Files | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/troubleshoot-azure-files.md | Title: Troubleshoot Azure file share backup description: This article is troubleshooting information about issues occurring when protecting your Azure file shares. Last updated 06/14/2023 --++ # Troubleshoot problems while backing up Azure file shares |
| backup | Tutorial Backup Azure Vm | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/tutorial-backup-azure-vm.md | description: This tutorial details backing up multiple Azure VMs to a Recovery S Last updated 03/05/2019 --++ + # Back up Azure VMs with PowerShell [!INCLUDE [updated-for-az](../../includes/updated-for-az.md)] |
| backup | Tutorial Backup Restore Files Windows Server | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/tutorial-backup-restore-files-windows-server.md | description: In this tutorial, learn how to use the Microsoft Azure Recovery Ser Last updated 02/14/2018 --++ # Recover files from Azure to a Windows Server |
| backup | Tutorial Backup Sap Hana Db | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/tutorial-backup-sap-hana-db.md | description: In this tutorial, learn how to back up SAP HANA databases running o Last updated 05/16/2022 --++ # Tutorial: Back up SAP HANA databases in an Azure VM |
| backup | Tutorial Backup Vm At Scale | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/tutorial-backup-vm-at-scale.md | Last updated 02/27/2023 --++ # Use Azure portal to back up multiple virtual machines |
| backup | Tutorial Backup Windows Server To Azure | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/tutorial-backup-windows-server-to-azure.md | |
| backup | Tutorial Postgresql Backup | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/tutorial-postgresql-backup.md | description: Learn about how to back up Azure Database for PostgreSQL server to Last updated 02/25/2022 --++ # Back up Azure Database for PostgreSQL server |
| backup | Tutorial Restore Disk | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/tutorial-restore-disk.md | |
| backup | Tutorial Restore Files | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/tutorial-restore-files.md | description: Learn how to perform file-level restores on an Azure VM with Backup Last updated 01/31/2019 --++ # Restore files to a virtual machine in Azure |
| backup | Tutorial Sap Hana Backup Cli | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/tutorial-sap-hana-backup-cli.md | |
| backup | Tutorial Sap Hana Manage Cli | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/tutorial-sap-hana-manage-cli.md | description: In this tutorial, learn how to manage backed-up SAP HANA databases Last updated 08/11/2022 --++ # Tutorial: Manage SAP HANA databases in an Azure VM using Azure CLI |
| backup | Tutorial Sql Backup | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/tutorial-sql-backup.md | description: In this tutorial, learn how to back up a SQL Server database runnin Last updated 08/09/2022 --++ + # Back up a SQL Server database in an Azure VM This tutorial shows you how to back up a SQL Server database running on an Azure VM to an Azure Backup Recovery Services vault. In this article, you learn how to: |
| backup | Upgrade Mars Agent | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/upgrade-mars-agent.md | |
| backup | Use Archive Tier Support | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/use-archive-tier-support.md | Last updated 10/03/2022 zone_pivot_groups: backup-client-portaltier-powershelltier-clitier --++ # Use Archive tier support |
| backup | Use Restapi Update Vault Properties | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/use-restapi-update-vault-properties.md | description: In this article, learn how to update vault's configuration using RE Last updated 12/06/2019 ms.assetid: 9aafa5a0-1e57-4644-bf79-97124db27aa2--++ # Update Azure Recovery Services vault configurations using REST API |
| backup | Whats New | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/whats-new.md | description: Learn about new features in Azure Backup. Last updated 07/14/2023 --++ # What's new in Azure Backup |
| baremetal-infrastructure | Concepts Baremetal Infrastructure Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/baremetal-infrastructure/concepts-baremetal-infrastructure-overview.md | Title: What is BareMetal Infrastructure on Azure?++ description: Provides an overview of the BareMetal Infrastructure on Azure. BareMetal Infrastructure offers these benefits: - Certified hardware for specialized workloads - SAP (Refer to [SAP Note #1928533](https://launchpad.support.sap.com/#/notes/1928533). You'll need an SAP account for access.)- - Oracle (You'll need an Oracle account for access.) - Non-hypervised BareMetal instance, single tenant ownership - Low latency between Azure hosted application VMs to BareMetal instances (0.35 ms) - All Flash SSD and NVMe |
| baremetal-infrastructure | Connect Baremetal Infrastructure | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/baremetal-infrastructure/connect-baremetal-infrastructure.md | Also on the right side, you'll find the [Azure proximity placement group's](../v ### [Azure CLI](#tab/azure-cli) -To see details of a BareMetal instance, run the [az baremetalinstance show](/cli/azure/baremetalinstance#az-baremetalinstance-show) command: +To see these details of a BareMetal instance, run the [az baremetalinstance show](/cli/azure/baremetalinstance#az-baremetalinstance-show) command: ```azurecli az baremetalinstance show --resource-group DSM05A-T550 --instance-name orcllabdsm01 |
| bastion | Connect Ip Address | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/bastion/connect-ip-address.md | You can connect to VMs using a specified IP address with native client via SSH, **SSH:** ```azurecli- az network bastion ssh --name "<BastionName>" --resource-group "<ResourceGroupName>" --target-ip-addres "<VMIPAddress>" --auth-type "ssh-key" --username "<Username>" --ssh-key "<Filepath>" + az network bastion ssh --name "<BastionName>" --resource-group "<ResourceGroupName>" --target-ip-address "<VMIPAddress>" --auth-type "ssh-key" --username "<Username>" --ssh-key "<Filepath>" ``` **Tunnel:** |
| bastion | Troubleshoot | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/bastion/troubleshoot.md | This article shows you how to troubleshoot Azure Bastion. ## <a name="nsg"></a>Unable to create an NSG on AzureBastionSubnet -**Q:** When I try to create an NSG on the Azure Bastion subnet, I get the following error: *'Network security group \<NSG name\> does not have necessary rules for Azure Bastion Subnet AzureBastionSubnet"*. +**Q:** When I try to create an NSG on the Azure Bastion subnet, I get the following error: *'Network security group \<NSG name\> doesn't have necessary rules for Azure Bastion Subnet AzureBastionSubnet"*. -**A:** If you create and apply an NSG to *AzureBastionSubnet*, make sure you have added the required rules to the NSG. For a list of required rules, see [Working with NSG access and Azure Bastion](./bastion-nsg.md). If you do not add these rules, the NSG creation/update will fail. +**A:** If you create and apply an NSG to *AzureBastionSubnet*, make sure you have added the required rules to the NSG. For a list of required rules, see [Working with NSG access and Azure Bastion](./bastion-nsg.md). If you don't add these rules, the NSG creation/update will fail. An example of the NSG rules is available for reference in the [quickstart template](https://azure.microsoft.com/resources/templates/azure-bastion-nsg/). For more information, see [NSG guidance for Azure Bastion](bastion-nsg.md). For more information, see [NSG guidance for Azure Bastion](bastion-nsg.md). **Q:** When I try to browse my SSH key file, I get the following error: *'SSH Private key must start with --BEGIN RSA/DSA/OPENSSH PRIVATE KEY-- and ends with --END RSA/DSA/OPENSSH PRIVATE KEY--'*. -**A:** Azure Bastion supports RSA, DSA, and OPENSSH private keys, at this point in time. Make sure that you browse a key file that is RSA, DSA, or OPENSSH private key for SSH, with public key provisioned on the target VM. +**A:** Azure Bastion currently supports RSA, DSA, and OPENSSH private keys. Make sure that you browse a key file that is RSA, DSA, or OPENSSH private key for SSH, with public key provisioned on the target VM. As an example, you can use the following command to create a new RSA SSH key: The key's randomart image is: ## <a name="domain"></a>Unable to sign in to my Windows domain-joined virtual machine -**Q:** I am unable to connect to my Windows virtual machine that is domain-joined. +**Q:** I'm unable to connect to my Windows virtual machine that is domain-joined. -**A:** Azure Bastion supports domain-joined VM sign-in for username-password based domain sign-in only. When specifying the domain credentials in the Azure portal, use the UPN (username@domain) format instead of *domain\username* format to sign in. This is supported for domain-joined or hybrid-joined (both domain-joined as well as Azure AD-joined) virtual machines. It is not supported for Azure AD-joined-only virtual machines. +**A:** Azure Bastion supports domain-joined VM sign-in for username-password based domain sign-in only. When specifying the domain credentials in the Azure portal, use the UPN (username@domain) format instead of *domain\username* format to sign in. This is supported for domain-joined or hybrid-joined (both domain-joined and Azure AD-joined) virtual machines. It isn't supported for Azure AD-joined-only virtual machines. ## <a name="connectivity"></a> Unable to connect to virtual machine -**Q:** I am unable to connect to my virtual machine (and I'm not experiencing the problems above). +**Q:** I'm unable to connect to my virtual machine (and I'm not experiencing the problems above). -**A:** You can troubleshoot your connectivity issues by navigating to the **Connection Troubleshoot** tab (in the **Monitoring** section) of your Azure Bastion resource in the Azure portal. Network Watcher Connection Troubleshoot provides the capability to check a direct TCP connection from a virtual machine (VM) to a VM, fully qualified domain name (FQDN), URI, or IPv4 address. To start, choose a source to start the connection from, and the destination you wish to connect to and select "Check". [Learn more](../network-watcher/network-watcher-connectivity-overview.md). +**A:** You can troubleshoot your connectivity issues by navigating to the **Connection Troubleshoot** tab (in the **Monitoring** section) of your Azure Bastion resource in the Azure portal. Network Watcher Connection Troubleshoot provides the capability to check a direct TCP connection from a virtual machine (VM) to a VM, fully qualified domain name (FQDN), URI, or IPv4 address. To start, choose a source to start the connection from, and the destination you wish to connect to and select "Check". For more information, see [Connection Troubleshoot](../network-watcher/network-watcher-connectivity-overview.md). ## <a name="filetransfer"></a>File transfer issues **Q:** Is file transfer supported with Azure Bastion? -**A:** File transfer is not supported at this time. We are working on adding support. +**A:** File transfer isn't supported at this time. We're working on adding support. ## <a name="blackscreen"></a>Black screen in the Azure portal -**Q:** When I try to connect using Azure Bastion, I can't connect to the target VM and I get a black screen in the Azure portal. +**Q:** When I try to connect using Azure Bastion, I can't connect to the target VM, and I get a black screen in the Azure portal. -**A:** This happens when there is either a network connectivity issue between your web browser and Azure Bastion (your client Internet firewall may be blocking WebSockets traffic or similar), or between the Azure Bastion and your target VM. Most cases include an NSG applied either to AzureBastionSubnet, or on your target VM subnet that is blocking the RDP/SSH traffic in your virtual network. Allow WebSockets traffic on your client internet firewall, and check the NSGs on your target VM subnet. +**A:** This happens when there's either a network connectivity issue between your web browser and Azure Bastion (your client Internet firewall may be blocking WebSockets traffic or similar), or between the Azure Bastion and your target VM. Most cases include an NSG applied either to AzureBastionSubnet, or on your target VM subnet that is blocking the RDP/SSH traffic in your virtual network. Allow WebSockets traffic on your client internet firewall, and check the NSGs on your target VM subnet. See [Unable to connect to virtual machine](#connectivity) to learn how to use **Connection Troubleshoot** to troubleshoot your connectivity issues. ## Next steps |
| chaos-studio | Chaos Studio Bicep | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/chaos-studio/chaos-studio-bicep.md | |
| cloud-services | Cloud Services How To Manage Portal | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cloud-services/cloud-services-how-to-manage-portal.md | For more information about how to scale your cloud service, see [Configure auto- ## Update a cloud service role or deployment If you need to update the application code for your cloud service, use **Update** on the cloud service blade. You can update a single role or all roles. To update, you can upload a new service package or service configuration file. -1. In the [Azure portal][Azure portal], select the cloud service you want to update. This step opens the cloud service instance blade. +1. In the [Azure portal], select the cloud service you want to update. This step opens the cloud service instance blade. 2. On the blade, select **Update**. When you decide to deploy a new release of a cloud service, stage and test your You can swap deployments from the **Cloud Services** page or the dashboard. -1. In the [Azure portal][Azure portal], select the cloud service you want to update. This step opens the cloud service instance blade. +1. In the [Azure portal], select the cloud service you want to update. This step opens the cloud service instance blade. 2. On the blade, select **Swap**. To save compute costs, you can delete the staging deployment after you verify th Use the following procedure to delete a deployment or your cloud service. -1. In the [Azure portal][Azure portal], select the cloud service you want to delete. This step opens the cloud service instance blade. +1. In the [Azure portal], select the cloud service you want to delete. This step opens the cloud service instance blade. 2. On the blade, select **Delete**. The **Overview** blade has a status bar at the top. When you select the bar, a n  ---[Azure portal]: https://portal.azure.com - ## Next steps+ * [General configuration of your cloud service](cloud-services-how-to-configure-portal.md). * Learn how to [deploy a cloud service](cloud-services-how-to-create-deploy-portal.md). * Configure a [custom domain name](cloud-services-custom-domain-name-portal.md). * Configure [TLS/SSL certificates](cloud-services-configure-ssl-certificate-portal.md).++[Azure portal]: https://portal.azure.com |
| cloud-services | Cloud Services Python How To Use Service Management | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cloud-services/cloud-services-python-how-to-use-service-management.md | -This guide shows you how to programmatically perform common service management tasks from Python. The **ServiceManagementService** class in the [Azure SDK for Python](https://github.com/Azure/azure-sdk-for-python) supports programmatic access to much of the service management-related functionality that is available in the [Azure portal][management-portal]. You can use this functionality to create, update, and delete cloud services, deployments, data management services, and virtual machines. This functionality can be useful in building applications that need programmatic access to service management. +This guide shows you how to programmatically perform common service management tasks from Python. The **ServiceManagementService** class in the [Azure SDK for Python](https://github.com/Azure/azure-sdk-for-python) supports programmatic access to much of the service management-related functionality that is available in the [Azure portal]. You can use this functionality to create, update, and delete cloud services, deployments, data management services, and virtual machines. This functionality can be useful in building applications that need programmatic access to service management. ## <a name="WhatIs"> </a>What is service management?-The Azure Service Management API provides programmatic access to much of the service management functionality available through the [Azure portal][management-portal]. You can use the Azure SDK for Python to manage your cloud services and storage accounts. +The Azure Service Management API provides programmatic access to much of the service management functionality available through the [Azure portal]. You can use the Azure SDK for Python to manage your cloud services and storage accounts. To use the Service Management API, you need to [create an Azure account](https://azure.microsoft.com/pricing/free-trial/). The Azure SDK for Python wraps the [Service Management API][svc-mgmt-rest-api], All the features described in this article are available in the `azure-servicemanagement-legacy` package, which you can install by using pip. For more information about installation (for example, if you're new to Python), see [Install Python and the Azure SDK](/azure/developer/python/sdk/azure-sdk-install). ## <a name="Connect"> </a>Connect to service management-To connect to the service management endpoint, you need your Azure subscription ID and a valid management certificate. You can obtain your subscription ID through the [Azure portal][management-portal]. +To connect to the service management endpoint, you need your Azure subscription ID and a valid management certificate. You can obtain your subscription ID through the [Azure portal]. > [!NOTE] > You now can use certificates created with OpenSSL when running on Windows. Python 2.7.4 or later is required. We recommend that you use OpenSSL instead of .pfx, because support for .pfx certificates is likely to be removed in the future. openssl x509 -inform pem -in mycert.pem -outform der -out mycert.cer For more information about Azure certificates, see [Certificates overview for Azure Cloud Services](cloud-services-certs-create.md). For a complete description of OpenSSL parameters, see the documentation at [https://www.openssl.org/docs/apps/openssl.html](https://www.openssl.org/docs/apps/openssl.html). -After you create these files, upload the `.cer` file to Azure. In the [Azure portal][management-portal], on the **Settings** tab, select **Upload**. Note where you saved the `.pem` file. +After you create these files, upload the `.cer` file to Azure. In the [Azure portal], on the **Settings** tab, select **Upload**. Note where you saved the `.pem` file. After you obtain your subscription ID, create a certificate, and upload the `.cer` file to Azure, connect to the Azure management endpoint. Connect by passing the subscription ID and the path to the `.pem` file to **ServiceManagementService**. makecert -sky exchange -r -n "CN=AzureCertificate" -pe -a sha1 -len 2048 -ss My The command creates the `.cer` file and installs it in the **Personal** certificate store. For more information, see [Certificates overview for Azure Cloud Services](cloud-services-certs-create.md). -After you create the certificate, upload the `.cer` file to Azure. In the [Azure portal][management-portal], on the **Settings** tab, select **Upload**. +After you create the certificate, upload the `.cer` file to Azure. In the [Azure portal], on the **Settings** tab, select **Upload**. After you obtain your subscription ID, create a certificate, and upload the `.cer` file to Azure, connect to the Azure management endpoint. Connect by passing the subscription ID and the location of the certificate in your **Personal** certificate store to **ServiceManagementService** (again, replace *AzureCertificate* with the name of your certificate). For more information, see the [Python Developer Center](https://azure.microsoft. [Create a virtual machine]: #CreateVM [Delete a virtual machine]: #DeleteVM [Next steps]: #NextSteps-[management-portal]: https://portal.azure.com/ +[Azure portal]: https://portal.azure.com [svc-mgmt-rest-api]: /previous-versions/azure/ee460799(v=azure.100)-- [cloud service]:/azure/cloud-services/ |
| cloud-shell | Quickstart Deploy Vnet | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cloud-shell/quickstart-deploy-vnet.md | description: This article provides step-by-step instructions to deploy Azure Clo ms.contributor: jahelmic Last updated 06/29/2023 + Title: Deploy Azure Cloud Shell in a VNET with quickstart templates |
| communication-services | Router Logs | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/communication-services/concepts/analytics/logs/router-logs.md | + + Title: Azure Communication Services ΓÇô Job Router Operational logs ++description: Learn about logging for Azure Communication Services Job Router. +++ Last updated : 07/07/2023 ++++ ++# Azure Communication Services Job Router logs ++Azure Communication Services offers logging capabilities that you can use to monitor and debug your Communication Services solution. You configure these capabilities through the Azure portal. ++The content in this article refers to logs enabled through [Azure Monitor](../../../../azure-monitor/overview.md) (see also [FAQ](../../../../azure-monitor/faq.yml)). To enable these logs for Communication Services, see [Enable logging in diagnostic settings](../enable-logging.md). ++## Resource log categories ++Communication Services offers the following types of logs that you can enable: ++* **Job Router incoming operations logs**: Provide information about incoming requests for Job Router operations. Every entry corresponds to the result of an api request to Job Router APIs, such as UpsertJob, ListClassificationPolicies, DeleteWorker, and AcceptJobOffer. ++### ACSJobRouterIncomingOperations logs ++Here are the properties: ++| Property | Description | +| -- | | +| `TimeGenerated` | The time stamp (UTC) of when the log was generated. | +| `Level` | The severity level of the operation. | +| `CorrelationId` | The ID for correlated events. Can be used to identify correlated events between multiple tables. | +| `OperationName` | The operation associated with log records. | +| `OperationVersion` | The API version associated with the operation or version of the operation (if there is no API version). | +| `URI` | The URI of the request. | +| `ResultSignature` | The substatus of the operation. If this operation corresponds to a REST API call, this field is the HTTP status code of the corresponding REST call. | +| `ResultType` | The status of the operation. | +| `ResultDescription` | The static text description of this operation. | +| `DurationMs` | The duration of the operation in milliseconds. | +| `CallerIpAddress` | The caller IP address, if the operation corresponds to an API call that comes from an entity with a publicly available IP address. | +| `SdkType` | The SDK type used in the request. | +| `SdkVersion` | The SDK version. | +| `EntityId` | The Entity ID for the request. | +| `EntityType` | The Entity Type for the request. | ++Here's an example: ++```json +"properties" +{ + "TimeGenerated": "2023-07-07T21:32:10.5497170Z", + "Level": "Informational", + "OperationName": "DeleteQueue", + "OperationVersion": "2022-07-18-preview", + "ResultType": "Succeeded", + "ResultSignature": "204", + "ResultDescription": "No Content", + "DurationMs": "73.3857", + "CallerIpAddress": "147.243.150.109", + "CorrelationId": "6b300c18827245e3b43d3c0179d75af3", + "URI": "https://jobrouter-test-resource.communication.azure.com/routing/queues/328135a9-6c1f-49eb-af32-0a477af97999?api-version=2022-07-18-preview", + "SdkType": "dotnet", + "EntityId": "328135a9-6c1f-49eb-af32-0a477af97999", + "EntityType": "Queues" +} +``` |
| communication-services | Concepts | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/communication-services/concepts/chat/concepts.md | The Chat APIs provide an **auto-scaling** service for persistently stored text a - **Service & Bot Extensibility** - REST APIs and server SDKs allow services to send and receive messages. It is easy to add bots with [Azure Bot Framework integration](../../quickstarts/chat/quickstart-botframework-integration.md). - ## Chat overview Chat conversations happen within **chat threads**. Chat threads have the following properties: For customers that use Virtual appointments, refer to our Teams Interoperability There are two core parts to chat architecture: 1) Trusted Service and 2) Client Application. - **Trusted service:** To properly manage a chat session, you need a service that helps you connect to Communication Services by using your resource connection string. This service is responsible for creating chat threads, adding and removing participants, and issuing access tokens to users. More information about access tokens can be found in our [access tokens](../../quickstarts/identity/access-tokens.md) quickstart.+ - **Client app:** The client application connects to your trusted service and receives the access tokens that are used by users to connect directly to Communication Services. After creating the chat thread and adding users as participants, they can use the client application to connect to the chat thread and send messages. Real-time notifications in your client application can be used to subscribe to message & thread updates from other participants. ## Message types As part of message history, Chat shares user-generated messages and system-generated messages. System messages are generated when a chat thread is updated and identify when a participant was added or removed or when the chat thread topic was updated. When you call `List Messages` or `Get Messages` on a chat thread, the result contains both kind of messages in chronological order. -For user-generated messages, the message type can be set in `SendMessageOptions` when sending a message to chat thread. If no value is provided, Communication Services will default to `text` type. Setting this value is important when sending HTML. When `html` is specified, Communication Services sanitize the content to ensure that it's rendered safely on client devices. +For user-generated messages, the message type can be set in `SendMessageOptions` when sending a message to chat thread. If no value is provided, Communication Services defaults to `text` type. Setting this value is important when sending HTML. When `html` is specified, Communication Services sanitize the content to ensure that it's rendered safely on client devices. - `text`: A plain text message composed and sent by a user as part of a chat thread. - `html`: A formatted message using html, composed and sent by a user as part of chat thread. Types of system messages: ## Real-time notifications JavaScript Chat SDK supports real-time notifications. This feature lets clients listen to Communication Services for real-time updates and incoming messages to a chat thread without having to poll the APIs. -Use an Event Grid resource to subscribe to chat related events (post operation) which can be plugged into your custom application notification service. You will need to validate(../../how-tos/event-grid/view-events-request-bin.md) and locally test events(../../how-tos/event-grid/local-testing-event-grid.md) once you set up the event grid resource to ensure that events are being sent. The client app can subscribe to following events: - `chatMessageReceived` - when a new message is sent to a chat thread by a participant. The client app can subscribe to following events: - `chatMessageDeleted` - when a message is deleted in a chat thread. - `typingIndicatorReceived` - when another participant sends a typing indicator to the chat thread. - `readReceiptReceived` - when another participant sends a read receipt for a message they have read.+ - `chatThreadCreated` - when a Communication Services user creates a chat thread. + - `chatThreadDeleted` - when a Communication Services user deletes a chat thread. - `chatThreadPropertiesUpdated` - when chat thread properties are updated; currently, only updating the topic for the thread is supported. - `participantsAdded` - when a user is added as a chat thread participant. - `participantsRemoved` - when an existing participant is removed from the chat thread. The client app can subscribe to following events: > [!NOTE] > Real time notifications are not to be used with server applications. -For more information, see [Server Events](../../../event-grid/event-schema-communication-services.md?bc=/azure/bread/toc.json&toc=/azure/communication-services/toc.json). +## Server events ++This feature lets server applications listen to events such as when a message is sent and when a participant is joining or leaving the chat. Server applications can react to these events, adding/removing participants to the chat, archiving chats, performing analysis, and many other scenarios for orchestration. To see what kinds of chat events can be used by developers, see [Server Events](../../../event-grid/event-schema-communication-services.md?bc=/azure/bread/toc.json&toc=/azure/communication-services/toc.json). ## Push notifications Android and iOS Chat SDKs support push notifications. To send push notifications IOS and Android SDK support the below event: - `chatMessageReceived` - when a new message is sent to a chat thread by a participant. -Android SDK supports additional events: +Android SDK supports extra events: - `chatMessageEdited` - when a message is edited in a chat thread. - `chatMessageDeleted` - when a message is deleted in a chat thread. - `chatThreadCreated` - when a Communication Services user creates a chat thread. |
| communication-services | Sdk Features | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/communication-services/concepts/chat/sdk-features.md | Azure Communication Services Chat SDKs can be used to add rich, real-time chat t ## Chat SDK capabilities -The following list presents the set of features that are currently available in the Communication Services chat SDKs. +The following table presents the set of features that are currently available in the Communication Services chat SDKs. | Group of features | Capability | Azure CLI | JavaScript | Java | .NET | Python | iOS | Android | |--|-|||--|-|--|-|-| The following list presents the set of features that are currently available in | | Update the content of your sent message | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | | | Delete a message you previously sent | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | | | Read receipts for messages that have been read by other participants in a chat | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | -| | Get notified when participants are actively typing a message in a chat thread | ❌ | ✔️ | ❌ | ❌ | ❌ | ✔️ | ✔️ | +| | Get notified when participants are actively typing a message in a chat thread | ❌ | ✔️ | ❌ | ❌ | ❌ | ✔️ | ✔️ | | | Get all messages in a chat thread | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | | | Send Unicode emojis as part of message content | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | | | Add metadata to chat messages | ❌ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | | | Add display name to typing indicator notification | ❌ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | |Real-time notifications (enabled by proprietary signaling package**)| Chat clients can subscribe to get real-time updates for incoming messages and other operations occurring in a chat thread. To see a list of supported updates for real-time notifications, see [Chat concepts](concepts.md#real-time-notifications) | ❌ | ✔️ | ❌ | ❌ | ❌ | ✔️ | ✔️ | |Mobile push notifications with Notification Hub | The Chat SDK provides APIs allowing clients to be notified for incoming messages and other operations occurring in a chat thread by connecting an Azure Notification Hub to your Communication Services resource. In situations where your mobile app is not running in the foreground, patterns are available to [fire pop-up notifications](../notifications.md) ("toasts") to inform end-users, see [Chat concepts](concepts.md#push-notifications). | ❌ | ❌ | ❌ | ❌ | ❌ | ✔️ | ✔️ | -| Server Events with Event Grid | Use the chat events available in Azure Event Grid to plug custom notification services or post that event to a webhook to execute business logic like updating CRM records after a chat is finished | ❌ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | | Reporting </br>(This info is available under Monitoring tab for your Communication Services resource on Azure portal) | Understand API traffic from your chat app by monitoring the published metrics in Azure Metrics Explorer and set alerts to detect abnormalities | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | | | Monitor and debug your Communication Services solution by enabling diagnostic logging for your resource | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | -**The proprietary signaling package is implemented using web sockets. It will fallback to long polling if web sockets are unsupported. +> [!NOTE] +>The proprietary signaling package is implemented using web sockets. It will fallback to long polling if web sockets are unsupported. ## JavaScript Chat SDK support by OS and browser -The following table represents the set of supported browsers and versions which are currently available. +The following table represents the set of supported browsers and versions, which are currently available. | | Windows | macOS | Ubuntu | Linux | Android | iOS | iPad OS| |--|-|--|-||||-| | **Chat SDK** | Firefox*, Chrome*, new Edge | Firefox*, Chrome*, Safari* | Chrome* | Chrome* | Chrome* | Safari* | Safari* | -*Note that the latest version is supported in addition to the previous two releases.<br/> +> [!NOTE] +> The latest version is supported in addition to the previous two releases. ## Next steps |
| communication-services | Metrics | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/communication-services/concepts/metrics.md | More information on supported aggregation types and time series aggregations can - **Operation** - All operations or routes that can be called on the Azure Communication Services Chat gateway. - **Status Code** - The status code response sent after the request.-- **StatusSubClass** - The status code series sent after the response. +- **StatusSubClass** - The status code series sent after the response. ++### Chat API request metric operations ++The following operations are available on Chat API request metrics: ++| Operation / Route | Description | +| -- | - | +| GetChatMessage | Gets a message by message ID. | +| ListChatMessages | Gets a list of chat messages from a thread. | +| SendChatMessage | Sends a chat message to a thread. | +| UpdateChatMessage | Updates a chat message. | +| DeleteChatMessage | Deletes a chat message. | +| GetChatThread | Gets a chat thread. | +| ListChatThreads | Gets the list of chat threads of a user. | +| UpdateChatThread | Updates a chat thread's properties. | +| CreateChatThread | Creates a chat thread. | +| DeleteChatThread | Deletes a thread. | +| GetReadReceipts | Gets read receipts for a thread. | +| SendReadReceipt | Sends a read receipt event to a thread, on behalf of a user. | +| SendTypingIndicator | Posts a typing event to a thread, on behalf of a user. | +| ListChatThreadParticipants | Gets the members of a thread. | +| AddChatThreadParticipants | Adds thread members to a thread. If members already exist, no change occurs. | +| RemoveChatThreadParticipant | Remove a member from a thread. | +++If a request is made to an operation that isn't recognized, you receive a "Bad Route" value response. ++### SMS API requests ++The following operations are available on SMS API request metrics: ++| Operation / Route | Description | +| -- | - | +| SMSMessageSent | Sends an SMS message. | +| SMSDeliveryReportsReceived | Gets SMS Delivery Reports | +| SMSMessagesReceived | Gets SMS messages. | +++### Authentication API requests ++The following operations are available on Authentication API request metrics: ++| Operation / Route | Description | +| -- | - | +| CreateIdentity | Creates an identity representing a single user. | +| DeleteIdentity | Deletes an identity. | +| CreateToken | Creates an access token. | +| RevokeToken | Revokes all access tokens created for an identity before a time given. | +| ExchangeTeamsUserAccessToken | Exchange an Azure Active Directory (Azure AD) access token of a Teams user for a new Communication Identity access token with a matching expiration time.| +++### Call Automation API requests ++The following operations are available on Call Automation API request metrics: ++| Operation / Route | Description | +| -- | - | +| Create Call | Create an outbound call to user. +| Answer Call | Answer an inbound call. | +| Redirect Call | Redirect an inbound call to another user. | +| Reject Call | Reject an inbound call. | +| Transfer Call To Participant | Transfer 1:1 call to another user. | +| Play | Play audio to call participants. | +| PlayPrompt | Play a prompt to users as part of the Recognize action. | +| Recognize | Recognize user input from call participants. | +| Add Participants | Add a participant to a call. | +| Remove Participants | Remove a participant from a call. | +| HangUp Call | Hang up your call leg. | +| Terminate Call | End the call for all participants. | +| Get Call | Get details about a call. | +| Get Participant | Get details on a call participant. | +| Get Participants | Get all participants in a call. | +| Delete Call | Delete a call. | +| Cancel All Media Operations | Cancel all ongoing or queued media operations in a call. | ++### Job Router API requests ++The following operations are available on Job Router API request metrics: ++| Operation / Route | Description | +| -- | - | +| UpsertClassificationPolicy | Creates or updates a classification policy. +| GetClassificationPolicy | Retrieves an existing classification policy by ID. | +| ListClassificationPolicies | Retrieves existing classification policies | +| DeleteDistributionPolicy | Delete a classification policy by ID. | +| UpsertDistributionPolicy | Creates or updates a distribution policy. +| GetDistributionPolicy | Retrieves an existing distribution policy by ID. | +| ListDistributionPolicies | Retrieves existing distribution policies | +| DeleteDistributionPolicy | Delete a distribution policy by ID. | +| UpsertExceptionPolicy | Creates or updates an exception policy. | +| GetExceptionPolicy | Retrieves an existing exception policy by ID. | +| ListExceptionPolicies | Retrieves existing exception policies | +| DeleteExceptionPolicy | Delete an exception policy by ID. | +| UpsertQueue| Creates or updates a queue. +| GetQueue | Retrieves an existing queue by ID. | +| GetQueues | Retrieves existing queues | +| DeleteQueue | Delete a queue by ID. | +| GetQueueStatistics | Retrieves a queue's statistics. | +| UpsertJob | Creates or updates a job. +| GetJob | Retrieves an existing job by ID. | +| GetJobs | Retrieves existing jobs | +| DeleteJob | Delete a queue policy by ID. | +| ReclassifyJob | Reclassify a job. +| CancelJob | Submits request to cancel an existing job by ID while supplying free-form cancellation reason. | +| CompleteJob | Completes an assigned job. | +| CloseJob | Closes a completed job. | +| AcceptJobOffer | Accepts an offer to work on a job and returns a 409/Conflict if another agent accepted the job already. | +| DeclineJobOffer| Declines an offer to work on a job. | +| UpsertWorker | Creates or updates a worker. +| GetWorker | Retrieves an existing worker by ID. | +| GetWorkers | Retrieves existing workers. | +| DeleteWorker | Deletes a worker and all of its traces. | ++### Network Traversal API requests ++The following operations are available on Network Traversal API request metrics: ++| Operation / Route | Description | +| -- | - | +| IssueRelayConfiguration | Issue configuration for an STUN/TURN server. | +++### Rooms API requests ++The following operations are available on Rooms API request metrics: ++| Operation / Route | Description | +| -- | - | +| CreateRoom | Creates a Room. | +| DeleteRoom | Deletes a Room. | +| GetRoom | Gets a Room by Room ID. | +| PatchRoom | Updates a Room by Room ID. | +| ListRooms | Lists all the Rooms for an ACS Resource. | +| AddParticipants | Adds participants to a Room.| +| RemoveParticipants | Removes participants from a Room. | +| GetParticipants | Gets list of participants for a Room. | +| UpdateParticipants | Updates list of participants for a Room. | + ## Next steps |
| communication-services | Reference | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/communication-services/concepts/reference.md | For each area, we have external pages to track and review our SDKs. You can cons | Common | [npm](https://www.npmjs.com/package/@azure/communication-common) | [NuGet](https://www.nuget.org/packages/Azure.Communication.Common/) | N/A | [Maven](https://search.maven.org/search?q=a:azure-communication-common) | [GitHub](https://github.com/Azure/azure-sdk-for-ios/releases) | [Maven](https://search.maven.org/artifact/com.azure.android/azure-communication-common) | - | | Email | [npm](https://www.npmjs.com/package/@azure/communication-email) | [NuGet](https://www.nuget.org/packages/Azure.Communication.Email) | [PyPi](https://pypi.org/project/azure-communication-email/) | [Maven](https://search.maven.org/artifact/com.azure/azure-communication-email) | - | - | - | | Identity | [npm](https://www.npmjs.com/package/@azure/communication-identity) | [NuGet](https://www.nuget.org/packages/Azure.Communication.Identity) | [PyPi](https://pypi.org/project/azure-communication-identity/) | [Maven](https://search.maven.org/search?q=a:azure-communication-identity) | - | - | - |+| Job Router | [npm](https://www.npmjs.com/package/@azure/communication-job-router) | [NuGet](https://www.nuget.org/packages/Azure.Communication.JobRouter) | [PyPi](https://pypi.org/project/azure-communication-jobrouter/) | [Maven](https://search.maven.org/search?q=a:azure-communication-jobrouter) | - | - | - | | Network Traversal | [npm](https://www.npmjs.com/package/@azure/communication-network-traversal) | [NuGet](https://www.nuget.org/packages/Azure.Communication.NetworkTraversal) | [PyPi](https://pypi.org/project/azure-communication-networktraversal/) | [Maven](https://search.maven.org/search?q=a:azure-communication-networktraversal) | - | - | - | | Phone numbers | [npm](https://www.npmjs.com/package/@azure/communication-phone-numbers) | [NuGet](https://www.nuget.org/packages/Azure.Communication.phonenumbers) | [PyPi](https://pypi.org/project/azure-communication-phonenumbers/) | [Maven](https://search.maven.org/search?q=a:azure-communication-phonenumbers) | - | - | - | | Signaling | [npm](https://www.npmjs.com/package/@azure/communication-signaling) | - | | - | - | - | - | For each area, we have external pages to track and review our SDKs. You can cons ## Class/method documentation Additionally, the class/reference information for each SDK can be found below:+ - [JavaScript](https://azure.github.io/azure-sdk-for-js/communication.html) - [.NET](https://azure.github.io/azure-sdk-for-net/communication.html) - [Java](http://azure.github.io/azure-sdk-for-java/communication.html) |
| communication-services | Classification Concepts | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/communication-services/concepts/router/classification-concepts.md | Once a Job has been classified, it can be reclassified in the following ways: 2. You can update the Classification Policy ID of a Job, which causes Job Router to process the existing Job against the new policy. 3. An Exception Policy **trigger** can take the **action** of requesting a Job be reclassified. -> [!NOTE] -> The Job Router SDK includes an `UpdateJobLabels` method which simply updates the labels without causing the Job Router to execute the reclassification process. - <!-- LINKS --> [subscribe_events]: ../../how-tos/router-sdk/subscribe-events.md [job_classified_event]: ../../how-tos/router-sdk/subscribe-events.md#microsoftcommunicationrouterjobclassified |
| communication-services | Concepts | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/communication-services/concepts/router/concepts.md | -# Job Router key concepts +# Job Router overview -Azure Communication Services Job Router solves the problem of matching supply with demand. +Azure Communication Services Job Router is a robust tool designed to optimize the management of customer interactions across various communication applications. Accessible via a suite of SDKs and APIs, Job Router directs each customer interaction, or "job," to the most suitable agent or automated service, or "worker," based on a mix of pre-defined and runtime rules and policies. This ensures a timely and effective response to every customer's needs, leading to improved customer satisfaction, increased productivity, and more efficient use of resources. -A real-world example of this is matching call center agents (supply) to incoming support calls (demand). +At its core, Job Router operates on a set of key concepts that together create a seamless and efficient communication management system. These include Job, Worker, Queue, Channel, Offer, and Distribution Policy. Whether it's managing high volumes of customer interactions in a contact center, routing customer queries to the right department in a large organization, or efficiently handling customer service requests in a retail business, Job Router can do it all. It ensures that every customer interaction is handled by the most suitable agent or automated service, leading to business efficiency. -## Job -A Job is a unit of work (demand), which must be routed to an available Worker (supply). +Job Router is agnostic to any Azure Communication Services channel primitive helping developers to build a comprehensive omnichannel communication solution. With Job Router, businesses can ensure that every customer interaction is handled efficiently, at the right time and in the right channel. ++## Key Concepts -A real-world example is an incoming call or chat in the context of a call center. +### Job ++A Job is a unit of work (demand), which must be routed to an available Worker (supply). +An actual instance would be an incoming call or chat in the context of a call center, customer engagement or customer support. -### Job lifecycle +#### Job lifecycle 1. Your application submits a Job via the Job Router SDK. 1. (Optional) If you specified a [Classification Policy](#classification-policy), the Job is classified and a [JobClassified Event][job_classified_event] is sent via Event Grid. A real-world example is an incoming call or chat in the context of a call center 1. Your application can accept the [Offer](#offer) via the SDK and the Job will be removed from the queue and an [OfferAccepted Event][offer_accepted_event] will be sent that contains an `assignmentId`. 1. Once the Worker has completed the Job, the SDK can be used to complete and close it, using the `assignmentId`. This will free the Worker up to take on the next Job. -## Worker +### Worker A Worker is the supply available to handle a Job. When you use the SDK to register a Worker to receive jobs, you can specify: A Worker is the supply available to handle a Job. When you use the SDK to regist - The number of concurrent jobs per [Channel](#channel) that the Worker can handle. - A set of [Labels](#labels) that can be used to group and [select](#label-selectors) workers. -A real-world example is an agent in a call center. +A concrete example of a worker would be a human agent in a customer interaction or contact center scenario. -## Queue +### Queue A Queue is an ordered list of jobs, that are waiting to be served to a worker. Workers register with a queue to receive work from it. -A real-world example is a call queue in a call center. +To illustrate the concept of a queue let's use a contact center scenario, imagine a situation where multiple callers are placed on hold until a representative, with the right skills, becomes available to handle their calls. -## Channel +### Channel -A Channel is a grouping of jobs by some type. When a worker registers to receive work, they must also specify for which channels they can handle work, and how much of each can they handle concurrently. Channels are just a string discriminator and aren't explicitly created. +A Channel is a grouping of jobs by some type. When a worker registers to receive work, they must also specify for which channels they can handle work, and how much of each can they handle concurrently. Channels are just a string discriminator and aren't explicitly created. A channel could be `voice calls` or `chats`. -Real-world examples are `voice calls` or `chats` in a call center. +By assigning jobs to different channels, it becomes possible to streamline workflows and allocate resources efficiently based on the specific needs or requirements associated with each channel. -## Offer +### Offer An Offer is extended by Job Router to a worker to handle a particular job when it determines a match. You can either accept or decline the offer with the JobRouter SDK. If you ignore the offer, it expires according to the time to live configured on the Distribution Policy. -A real-world example is the ringing of an agent in a call center. +The ringing serves as a tangible example of an offer extended to a worker, and it's an indicator that an interaction is about to take place, signaling the agent to answer the call promptly and engage in a conversation with the customer. -### Offer acceptance flow +#### Offer acceptance flow 1. When Job Router finds a matching Worker for a Job, it creates an Offer and sends an [OfferIssued Event][offer_issued_event] via [Event Grid][subscribe_events]. 1. The Offer is accepted via the Job Router API. A real-world example is the ringing of an agent in a call center. 1. Job Router sends an [OfferAccepted Event][offer_accepted_event]. 1. Any existing offers to other workers for this same job will be revoked and an [OfferRevoked Event][offer_revoked_event] will be sent. -### Offer decline flow +#### Offer decline flow 1. When Job Router finds a matching Worker for a Job, it creates an Offer and sends an [OfferIssued Event][offer_issued_event] via [Event Grid][subscribe_events]. 1. The Offer is declined via the Job Router API. A real-world example is the ringing of an agent in a call center. 1. Job Router sends an [OfferDeclined Event][offer_declined_event]. 1. Job Router won't reoffer the declined Offer to the worker unless they deregister and re-register. -### Offer expiry flow +#### Offer expiry flow 1. When Job Router finds a matching Worker for a Job, it creates an Offer and sends an [OfferIssued Event][offer_issued_event] via [Event Grid][subscribe_events].-1. The Offer is not accepted or declined within the TTL period defined by the Distribution Policy. +1. The Offer is not accepted or declined within the ExpiresAfter period defined by the Distribution Policy. 1. Job Router will expire the Offer and an [OfferExpired Event][offer_expired_event] will be sent. 1. The worker is considered unavailable and will be automatically deregistered. 1. A [WorkerDeregistered Event][worker_deregistered_event] will be sent. -## Distribution Policy +### Distribution Policy A Distribution Policy is a configuration set that controls how jobs in a queue are distributed to workers registered with that queue. This configuration includes: This configuration includes: - The distribution mode, which define the order in which workers are picked when there are multiple available. - How many concurrent offers can there be for a given job. -### Distribution modes +#### Distribution modes The three types of modes are The three types of modes are - **Longest Idle**: The worker that has not been working on a job for the longest. - **Best Worker**: The workers that are best able to handle the job are picked first. The logic to rank Workers can be customized, with an expression or Azure function to compare two workers. [See example][worker-scoring] -## Labels +### Labels You can attach labels to workers, jobs, and queues. Labels are key value pairs that can be of `string`, `number`, or `boolean` data types. A real-world example is the skill level of a particular worker or the team or geographic location. -## Label selectors +### Label selectors Label selectors can be attached to a job in order to target a subset of workers on the queue. -A real-world example is a condition on an incoming call that the agent must have a minimum level of knowledge of a particular product. +As an example, in the context of a chat channel, consider a real-world scenario where an incoming chat message is subjected to a condition. This condition specifies that the assigned agent must have a minimum level of expertise or knowledge concerning a particular product. This example highlights how label selectors, similar to filters, can be employed to target a subset of agents within the chat channel who possess the required proficiency in the designated product. -## Classification policy +### Classification policy A classification policy can be used to programmatically select a queue, determine job priority, or attach worker label selectors to a job. -## Exception policy +### Exception policy An exception policy controls the behavior of a Job based on a trigger and executes a desired action. The exception policy is attached to a Queue so it can control the behavior of Jobs in the Queue. -## Next steps +### Next steps ++- Let's get started with Job Router, check out the [Job Router Quickstart](../../quickstarts/router/get-started-router.md) ++#### Learn more about these key Job Router concepts - [How jobs are matched to workers](matching-concepts.md)+- [How worker capacity is configured](worker-capacity-concepts.md) - [Router Rule concepts](router-rule-concepts.md) - [Classification concepts](classification-concepts.md) - [Distribution modes](distribution-concepts.md) - [Exception Policies](exception-policy.md)-- [Quickstart guide](../../quickstarts/router/get-started-router.md)++#### Check out our How To Guides + - [Manage queues](../../how-tos/router-sdk/manage-queue.md) - [How to classify a Job](../../how-tos/router-sdk/job-classification.md) - [Target a preferred worker](../../how-tos/router-sdk/preferred-worker.md) - [Escalate a Job](../../how-tos/router-sdk/escalate-job.md)+- [Accept or decline a Job](../../how-tos/router-sdk/accept-decline-offer.md) - [Subscribe to events](../../how-tos/router-sdk/subscribe-events.md)+- [Scheduling a job](../../how-tos/router-sdk/scheduled-jobs.md) +- [How to get estimated wait time and job position](../../how-tos/router-sdk/estimated-wait-time.md) +- [Customize workers scoring](../../how-tos/router-sdk/customize-worker-scoring.md) +- [Use Azure Function rule engine](../../how-tos/router-sdk/azure-function.md) <!-- LINKS -->-[azure_sub]: https://azure.microsoft.com/free/dotnet/ -[cla]: https://cla.microsoft.com -[nuget]: https://www.nuget.org/ -[netstandars2mappings]: https://github.com/dotnet/standard/blob/master/docs/versions.md -[useraccesstokens]: ../../quickstarts/identity/access-tokens.md?pivots=programming-language-csharp -[communication_resource_docs]: ../../quickstarts/create-communication-resource.md?pivots=platform-azp&tabs=windows -[communication_resource_create_portal]: ../../quickstarts/create-communication-resource.md?pivots=platform-azp&tabs=windows -[communication_resource_create_power_shell]: /powershell/module/az.communication/new-azcommunicationservice -[communication_resource_create_net]: ../../quickstarts/create-communication-resource.md?pivots=platform-net&tabs=windows [subscribe_events]: ../../how-tos/router-sdk/subscribe-events.md-[worker_registered_event]: ../../how-tos/router-sdk/subscribe-events.md#microsoftcommunicationrouterworkerregistered [worker_deregistered_event]: ../../how-tos/router-sdk/subscribe-events.md#microsoftcommunicationrouterworkerderegistered [job_classified_event]: ../../how-tos/router-sdk/subscribe-events.md#microsoftcommunicationrouterjobclassified [job_queued_event]: ../../how-tos/router-sdk/subscribe-events.md#microsoftcommunicationrouterjobqueued An exception policy controls the behavior of a Job based on a trigger and execut [offer_declined_event]: ../../how-tos/router-sdk/subscribe-events.md#microsoftcommunicationrouterworkerofferdeclined [offer_expired_event]: ../../how-tos/router-sdk/subscribe-events.md#microsoftcommunicationrouterworkerofferexpired [offer_revoked_event]: ../../how-tos/router-sdk/subscribe-events.md#microsoftcommunicationrouterworkerofferrevoked-[worker-scoring]: ../../how-tos/router-sdk/customize-worker-scoring.md +[worker-scoring]: ../../how-tos/router-sdk/customize-worker-scoring.md |
| communication-services | Distribution Concepts | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/communication-services/concepts/router/distribution-concepts.md | -``` +```text Worker A: TotalCapacity = 5 ConsumedScore = 3 (Currently handling 3 chats) Workers would be matched in order: D, C, A, B Worker D has the lowest load ratio (0), so Worker D will be offered the job first. Workers A and C are tied with the same load ratio (0.6). However, Worker C has been available for a longer time (7 minutes ago) than Worker A (5 minutes ago), so Worker C will be matched before Worker A. Finally, Worker B will be matched last since Worker B has the highest load ratio (0.75). ## Best worker mode-The workers that are best able to handle the job are picked first. The logic to rank Workers can be customized, with an expression or Azure function to compare two workers by specifying a Scoring Rule. [See example][worker-scoring] ++The workers that are best able to handle the job are picked first. The logic to rank Workers can be customized, with an expression or Azure function to compare two workers by specifying a Scoring Rule. [See example](../../how-tos/router-sdk/customize-worker-scoring.md) When a Scoring Rule isn't provided, this distribution mode will use the default scoring method instead, which evaluates workers based on how the job's labels and selectors match with the worker's labels. The algorithms are outlined below. ### Default label matching+ For calculating a score based on the job's labels, we increment the `Match Score` by 1 for every worker label that matches a corresponding label on the job and then divide by the total number of labels on the job. Therefore, the more labels that matched, the higher a worker's `Match Score`. The final `Match Score` will always be a value between 0 and 1. -##### Example +#### Example + Job 1:+ ```json { "labels": { Job 1: ``` Worker A:+ ```json { "labels": { Worker A: ``` Worker B:+ ```json { "labels": { Worker B: ``` Worker C:+ ```json { "labels": { Worker C: ``` Calculation:+ ``` Worker A's match score = 1 (for matching english language label) + 1 (for matching department sales label) / 2 (total number of labels) = 1 Worker B's match score = 1 (for matching english language label) / 2 (total number of labels) = 0.5 Worker C's match score = 1 (for matching english language label) / 2 (total numb Worker A would be matched first. Next, Worker B or Worker C would be matched, depending on who was available for a longer time, since the match score is tied. ### Default worker selector matching+ In the case where the job also contains worker selectors, we'll calculate the `Match Score` based on the `LabelOperator` of that worker selector. #### Equal/notEqual label operators+ If the worker selector has the `LabelOperator` `Equal` or `NotEqual`, we increment the score by 1 for each job label that matches that worker selector, in a similar manner as the `Label Matching` above. ##### Example+ Job 2:+ ```json { "workerSelectors": [ Job 2: ``` Worker D:+ ```json { "labels": { Worker D: ``` Worker E:+ ```json { "labels": { Worker E: ``` Worker F:+ ```json { "labels": { Worker F: ``` Calculation:-``` ++```text Worker D's match score = 1 (for matching department selector) / 2 (total number of worker selectors) = 0.5 Worker E's match score = 1 (for matching department selector) + 1 (for matching segment not equal to vip) / 2 (total number of worker selectors) = 1 Worker F's match score = 1 (for segment not equal to vip) / 2 (total number of labels) = 0.5 Worker F's match score = 1 (for segment not equal to vip) / 2 (total number of l Worker E would be matched first. Next, Worker D or Worker F would be matched, depending on who was available for a longer time, since the match score is tied. #### Other label operators+ For worker selectors using operators that compare by magnitude (`GreaterThan`/`GreaterThanEqual`/`LessThan`/`LessThanEqual`), we'll increment the worker's `Match Score` by an amount calculated using the logistic function (See Fig 1). The calculation is based on how much the worker's label value exceeds the worker selector's value or a lesser amount if it doesn't exceed the worker selector's value. Therefore, the more worker selector values the worker exceeds, and the greater the degree to which it does so, the higher a worker's score will be. :::image type="content" source="../media/router/distribution-concepts/logistic-function.png" alt-text="Diagram that shows logistic function."::: For worker selectors using operators that compare by magnitude (`GreaterThan`/`G Fig 1. Logistic function The following function is used for GreaterThan or GreaterThanEqual operators:-``` ++```text MatchScore(x) = 1 / (1 + e^(-x)) where x = (labelValue - selectorValue) / selectorValue ``` The following function is used for LessThan or LessThanEqual operators: -``` +```text MatchScore(x) = 1 / (1 + e^(-x)) where x = (selectorValue - labelValue) / selectorValue ``` #### Example+ Job 3:+ ```json { "workerSelectors": [ Job 3: ``` Worker G:+ ```json { "labels": { { "language": "french" },- { "sales", 10 }, - { "cost", 10 } + { "sales": 10 }, + { "cost": 10 } } } ``` Worker H:+ ```json { "labels": { { "language": "french" },- { "sales", 15 }, - { "cost", 10 } + { "sales": 15 }, + { "cost": 10 } } } ``` Worker I:+ ```json { "labels": { { "language": "french" },- { "sales", 10 }, - { "cost", 9 } + { "sales": 10 }, + { "cost": 9 } } } ``` Calculation:-``` ++```text Worker G's match score = (1 + 1 / (1 + e^-((10 - 10) / 10)) + 1 / (1 + e^-((10 - 10) / 10))) / 3 = 0.667 Worker H's match score = (1 + 1 / (1 + e^-((15 - 10) / 10)) + 1 / (1 + e^-((10 - 10) / 10))) / 3 = 0.707 Worker I's match score = (1 + 1 / (1 + e^-((10 - 10) / 10)) + 1 / (1 + e^-((10 - 9) / 10))) / 3 = 0.675 |
| communication-services | Exception Policy | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/communication-services/concepts/router/exception-policy.md | Last updated 01/28/2022 -zone_pivot_groups: acs-js-csharp +zone_pivot_groups: acs-js-csharp-java-python # Exception Policy -An Exception Policy is a set of rules that defines what actions to execute when a condition is triggered. You can save these policies inside Job Router and the attach them to one or more Queues. +An Exception Policy is a set of rules that defines what actions to execute when a condition is triggered. You can save these policies inside Job Router and then attach them to one or more Queues. ## Triggers When these triggers are fired, they'll execute one or more actions and send an [ ## Examples -In the following example, we configure an Exception Policy that will cancel a job before it joins a queue with a length greater than 100. +In the following example, we configure an exception policy that will cancel a job before it joins a queue with a length greater than 100. ::: zone pivot="programming-language-csharp" ```csharp-await routerClient.CreateExceptionPolicyAsync( - new CreateExceptionPolicyOptions( - exceptionPolicyId: "policy-1", - exceptionRules: new List<ExceptionRule> +await administrationClient.CreateExceptionPolicyAsync(new CreateExceptionPolicyOptions( + exceptionPolicyId: "policy1", + exceptionRules: new Dictionary<string, ExceptionRule> + { + ["rule1"] = new ( + trigger: new QueueLengthExceptionTrigger(threshold: 100), + actions: new Dictionary<string, ExceptionAction?> {- new ExceptionRule( - id: "rule-1", - trigger: new QueueLengthExceptionTrigger(threshold: 100), - actions: new List<ExceptionAction> - { - new CancelExceptionAction("cancel-action") - }) + ["cancelAction"] = new CancelExceptionAction() })- { - Name = "My exception policy" - } -); + }) { Name = "Max Queue Length Policy" }); ``` ::: zone-end await routerClient.CreateExceptionPolicyAsync( ::: zone pivot="programming-language-javascript" ```typescript-await client.upsertExceptionPolicy({ - id: "policy-1", - name: "My Exception Policy", - exceptionRules: [ - { - id: "rule-1", - trigger: { kind: "queue-length", threshold: 100 }, - actions: [ - { kind: "cancel", id: "cancel-action" } - ] - } - ] - }); +await administrationClient.createExceptionPolicy("policy1", { + name: "Max Queue Length Policy", + exceptionRules: { + rule1: { + trigger: { kind: "queue-length", threshold: 100 }, + actions: { cancelAction: { kind: "cancel" }} + } + } +}); +``` ++++```python +administration_client.create_exception_policy( + exception_policy_id = "policy1", + exception_policy = ExceptionPolicy( + name = "Max Queue Length Policy", + exception_rules = { + "rule1": ExceptionRule( + trigger = QueueLengthExceptionTrigger(threshold = 100), + actions = { "cancelAction": CancelExceptionAction() } + ) + } + ) +) +``` ++++```java +administrationClient.createExceptionPolicy(new CreateExceptionPolicyOptions("policy1", + Map.of("rule1", new ExceptionRule() + .setTrigger(new QueueLengthExceptionTrigger().setThreshold(1)) + .setActions(Map.of("cancelAction", new CancelExceptionAction()))) +).setName("Max Queue Length Policy")); ``` ::: zone-end await client.upsertExceptionPolicy({ In the following example, we configure an Exception Policy with rules that will: - Set the job priority to 10 after it has been waiting in the queue for 1 minute.-- Move the job to `queue-2` after it has been waiting for 5 minutes.+- Move the job to `queue2` after it has been waiting for 5 minutes. ::: zone pivot="programming-language-csharp" ```csharp-await routerClient.CreateExceptionPolicyAsync( - new CreateExceptionPolicyOptions( - exceptionPolicyId: "policy-1", - exceptionRules: new List<ExceptionRule> +await administrationClient.CreateExceptionPolicyAsync(new CreateExceptionPolicyOptions( + exceptionPolicyId: "policy2", + exceptionRules: new Dictionary<string, ExceptionRule> + { + ["rule1"] = new ( + trigger: new WaitTimeExceptionTrigger(threshold: TimeSpan.FromMinutes(1)), + actions: new Dictionary<string, ExceptionAction?> {- new ExceptionRule( - id: "rule-1", - trigger: new WaitTimeExceptionTrigger(TimeSpan.FromMinutes(1)), - actions: new List<ExceptionAction> - { - new ManualReclassifyExceptionAction(id: "action1", priority: 10) - }), - new ExceptionRule( - id: "rule-2", - trigger: new WaitTimeExceptionTrigger(TimeSpan.FromMinutes(5)), - actions: new List<ExceptionAction> - { - new ManualReclassifyExceptionAction(id: "action2", queueId: "queue-2") - }) + ["increasePriority"] = new ManualReclassifyExceptionAction { Priority = 10 } + }), + ["rule2"] = new( + trigger: new WaitTimeExceptionTrigger(threshold: TimeSpan.FromMinutes(5)), + actions: new Dictionary<string, ExceptionAction?> + { + ["changeQueue"] = new ManualReclassifyExceptionAction { QueueId = "queue2" } })- { - Name = "My Exception Policy" - } -); + }) { Name = "Escalation Policy" }); ``` ::: zone-end await routerClient.CreateExceptionPolicyAsync( ::: zone pivot="programming-language-javascript" ```typescript-await client.upsertExceptionPolicy({ - id: "policy-1", - name: "My Exception Policy", - exceptionRules: [ - { - id: "rule-1", - trigger: { kind: "wait-time", threshold: "00:01:00" }, - actions: [ - { kind: "manual-reclassify", id: "action1", priority: 10 } - ] - }, - { - id: "rule-2", - trigger: { kind: "wait-time", threshold: "00:05:00" }, - actions: [ - { kind: "manual-reclassify", id: "action2", queueId: "queue-2" } - ] - } - ] - }); +await administrationClient.createExceptionPolicy("policy2", { + name: "Escalation Policy", + rule1: { + trigger: { kind: "wait-time", thresholdSeconds: "60" }, + actions: { "increasePriority": { kind: "manual-reclassify", priority: 10 }} + }, + rule2: { + trigger: { kind: "wait-time", thresholdSeconds: "300" }, + actions: { "changeQueue": { kind: "manual-reclassify", queueId: "queue2" }} + } +}); +``` ++++```python +administration_client.create_exception_policy( + exception_policy_id = "policy2", + exception_policy = ExceptionPolicy( + name = "Escalation Policy", + exception_rules = { + "rule1": ExceptionRule( + trigger = WaitTimeExceptionTrigger(threshold_seconds = 60), + actions = { "increasePriority": ManualReclassifyExceptionAction(priority = 10) } + ), + "rule2": ExceptionRule( + trigger = WaitTimeExceptionTrigger(threshold_seconds = 60), + actions = { "changeQueue": ManualReclassifyExceptionAction(queue_id = "queue2") } + ) + } + ) +) +``` ++++```java +administrationClient.createExceptionPolicy(new CreateExceptionPolicyOptions("policy2", Map.of( + "rule1", new ExceptionRule() + .setTrigger(new WaitTimeExceptionTrigger().setThresholdSeconds(60)) + .setActions(Map.of("increasePriority", new ManualReclassifyExceptionAction().setPriority(10))), + "rule2", new ExceptionRule() + .setTrigger(new WaitTimeExceptionTrigger().setThresholdSeconds(300)) + .setActions(Map.of("changeQueue", new ManualReclassifyExceptionAction().setQueueId("queue2")))) +).setName("Escalation Policy")); ``` ::: zone-end |
| communication-services | Matching Concepts | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/communication-services/concepts/router/matching-concepts.md | Title: Job Matching + Title: How jobs are matched to workers description: Learn about the Azure Communication Services Job Router distribution concepts. Last updated 01/26/2022 -zone_pivot_groups: acs-js-csharp +zone_pivot_groups: acs-js-csharp-java-python # How jobs are matched to workers This document describes the registration of workers, the submission of jobs and how they're matched to each other. In the following example we register a worker to ::: zone pivot="programming-language-csharp" ```csharp-var worker = await client.CreateWorkerAsync( - new CreateWorkerOptions( - workerId: "worker-1", - totalCapacity: 2) +await client.CreateWorkerAsync(new CreateWorkerOptions(workerId: "worker-1", totalCapacity: 2) +{ + QueueIds = { ["queue1"] = new RouterQueueAssignment(), ["queue2"] = new RouterQueueAssignment() }, + ChannelConfigurations = + { + ["voice"] = new ChannelConfiguration(capacityCostPerJob: 2), + ["chat"] = new ChannelConfiguration(capacityCostPerJob: 1) + }, + Labels = {- QueueIds = new Dictionary<string, QueueAssignment>() - { - ["queue-1"] = new QueueAssignment(), - ["queue-2"] = new QueueAssignment() - }, - ChannelConfigurations = new Dictionary<string, ChannelConfiguration>() - { - ["voice"] = new ChannelConfiguration(2), - ["chat"] = new ChannelConfiguration(1) - }, - Labels = new Dictionary<string, LabelValue>() - { - ["Skill"] = new LabelValue(11), - ["English"] = new LabelValue(true), - ["French"] = new LabelValue(false), - ["Vendor"] = new LabelValue("Acme") - }, + ["Skill"] = new LabelValue(11), + ["English"] = new LabelValue(true), + ["French"] = new LabelValue(false), + ["Vendor"] = new LabelValue("Acme") }-); +}); ``` ::: zone-end var worker = await client.CreateWorkerAsync( ::: zone pivot="programming-language-javascript" ```typescript-let worker = await client.registerWorker({ - id: "worker-1", - queueAssignments: [ - { queueId: "queue-1" }, - { queueId: "queue-2" } - ], +await client.createWorker("worker-1", { totalCapacity: 2,- channelConfigurations: [ - { channelId: "voice", capacityCostPerJob: 2 }, - { channelId: "chat", capacityCostPerJob: 1 } - ], + queueAssignments: { queue1: {}, queue2: {} }, + channelConfigurations: { + voice: { capacityCostPerJob: 2 }, + chat: { capacityCostPerJob: 1 }, + }, labels: { Skill: 11, English: true, let worker = await client.registerWorker({ ::: zone-end ++```python +client.create_worker(worker_id = "worker-1", router_worker = RouterWorker( + total_capacity = 2, + queue_assignments = { + "queue2": QueueAssignment() + }, + channel_configurations = { + "voice": ChannelConfiguration(capacity_cost_per_job = 2), + "chat": ChannelConfiguration(capacity_cost_per_job = 1) + }, + labels = { + "Skill": 11, + "English": True, + "French": False, + "Vendor": "Acme" + } +)) +``` ++++```java +client.createWorker(new CreateWorkerOptions("worker-1", 2) + .setQueueAssignments(Map.of( + "queue1", new QueueAssignment(), + "queue2", new QueueAssignment())) + .setChannelConfigurations(Map.of( + "voice", new ChannelConfiguration().setCapacityCostPerJob(2), + "chat", new ChannelConfiguration().setCapacityCostPerJob(1))) + .setLabels(Map.of( + "Skill", new LabelValue(11), + "English", new LabelValue(true), + "French", new LabelValue(false), + "Vendor", new LabelValue("Acme")))); +``` ++ > [!NOTE] > If a worker is registered and idle for more than 7 days, it'll be automatically deregistered and you'll receive a `WorkerDeregistered` event from EventGrid. let worker = await client.registerWorker({ In the following example, we'll submit a job that -- Goes directly to `queue-1`.+- Goes directly to `queue1`. - For the `chat` channel.-- With a label selector that specifies that any worker servicing this job must have a label of `English` set to `true`.-- With a label selector that specifies that any worker servicing this job must have a label of `Skill` greater than `10` and this condition will expire after one minute.+- With a worker selector that specifies that any worker servicing this job must have a label of `English` set to `true`. +- With a worker selector that specifies that any worker servicing this job must have a label of `Skill` greater than `10` and this condition will expire after one minute. - With a label of `name` set to `John`. ::: zone pivot="programming-language-csharp" ```csharp-var job = await client.CreateJobAsync( - channelId: "chat", - queueId: "queue-1", - workerSelectors: new List<LabelSelector> +await client.CreateJobAsync(new CreateJobOptions("job1", "chat", "queue1") +{ + RequestedWorkerSelectors = {- new LabelSelector( - key: "English", - @operator: LabelOperator.Equal, - value: true), - new LabelSelector( - key: "Skill", - @operator: LabelOperator.GreaterThan, - value: 10, - ttl: TimeSpan.FromMinutes(1)), + new RouterWorkerSelector(key: "English", labelOperator: LabelOperator.Equal, value: new LabelValue(true)), + new RouterWorkerSelector(key: "Skill", labelOperator: LabelOperator.GreaterThan, value: new LabelValue(10)) + { ExpiresAfter = TimeSpan.FromMinutes(5) } },- labels: new LabelCollection() - { - ["name"] = "John" - }); + Labels = { ["name"] = new LabelValue("John") } +}); ``` ::: zone-end var job = await client.CreateJobAsync( ::: zone pivot="programming-language-javascript" ```typescript-let job = await client.createJob({ - channelId: "chat", - queueId: "queue-1", - workerSelectors: [ - { key: "English", operator: "equal", value: true }, - { key: "Skill", operator: "greaterThanEqual", value: 10, ttl: "00:01:00" }, - ], - labels: { - name: "John" - }, +await client.createJob("job1", { + channelId: "chat", + queueId: "queue1", + requestedWorkerSelectors: [ + { key: "English", labelOperator: "equal", value: true }, + { key: "Skill", labelOperator: "greaterThan", value: 10, expiresAfterSeconds: 60 }, + ], + labels: { + name: "John" + } }); ``` ::: zone-end -Job Router will now try to match this job to an available worker listening on `queue-1` for the `chat` channel, with `English` set to `true` and `Skill` greater than `10`. ++```python +client.create_job(job_id = "job1", router_job = RouterJob( + channel_id = "chat", + queue_id = "queue1", + requested_worker_selectors = [ + RouterWorkerSelector( + key = "English", + label_operator = LabelOperator.EQUAL, + value = True + ), + RouterWorkerSelector( + key = "Skill", + label_operator = LabelOperator.GREATER_THAN, + value = True + ) + ], + labels = { "name": "John" } +)) +``` ++++```java +client.createJob(new CreateJobOptions("job1", "chat", "queue1") + .setRequestedWorkerSelectors(List.of( + new RouterWorkerSelector() + .setKey("English") + .setLabelOperator(LabelOperator.EQUAL) + .setValue(new LabelValue(true)), + new RouterWorkerSelector() + .setKey("Skill") + .setLabelOperator(LabelOperator.GREATER_THAN) + .setValue(new LabelValue(10)))) + .setLabels(Map.of("name", new LabelValue("John")))); +``` +++Job Router will now try to match this job to an available worker listening on `queue1` for the `chat` channel, with `English` set to `true` and `Skill` greater than `10`. Once a match is made, an offer is created. The distribution policy that is attached to the queue will control how many active offers there can be for a job and how long each offer is valid. [You'll receive][subscribe_events] an [OfferIssued Event][offer_issued_event] which would look like this: ```json Once a match is made, an offer is created. The distribution policy that is attac "workerId": "worker-1", "jobId": "7f1df17b-570b-4ae5-9cf5-fe6ff64cc712", "channelId": "chat",- "queueId": "queue-1", + "queueId": "queue1", "offerId": "525fec06-ab81-4e60-b780-f364ed96ade1", "offerTimeUtc": "2021-06-23T02:43:30.3847144Z", "expiryTimeUtc": "2021-06-23T02:44:30.3847674Z", |
| communication-services | Metrics | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/communication-services/concepts/router/metrics.md | + + Title: Job Router metrics definitions for Azure Communication Service ++description: This document covers definitions of job router metrics available in the Azure portal. ++++ Last updated : 06/23/2023++++ ++# Job Router metrics overview ++## Where to find metrics ++Primitives in Azure Communication Services emit metrics for API requests. These metrics can be found in the Metrics tab under your Azure Communication Services resource. You can also create permanent dashboards using the workbooks tab under your Azure Communication Services resource. ++## Metric definitions ++All API request metrics contain four dimensions that you can use to filter your metrics data. These dimensions can be aggregated together using the `Count` aggregation. ++More information on supported aggregation types and time series aggregations can be found [Advanced features of Azure Metrics Explorer](../../../azure-monitor/essentials/metrics-charts.md#aggregation). ++- **Operation** - All operations or routes that can be called on the Azure Communication Services Chat gateway. ++- **API Version** ΓÇô The version of the API used in the API request. ++- **Status Code** - The status code response sent after the request. ++- **StatusSubClass** - The status code series sent after the response. ++### Job Router API requests ++The following operations are available on Job Router API request metrics: ++| Operation / Route | Description | +| -- | - | +| UpsertClassificationPolicy | Creates or updates a classification policy | +| GetClassificationPolicy | Retrieves an existing classification policy by ID | +| ListClassificationPolicies | Retrieves existing classification policies | +| DeleteDistributionPolicy | Delete a classification policy by ID| +| UpsertDistributionPolicy | Creates or updates a distribution policy | +| GetDistributionPolicy | Retrieves an existing distribution policy by ID | +| ListDistributionPolicies | Retrieves existing distribution policies | +| DeleteDistributionPolicy | Delete a distribution policy by ID | +| UpsertExceptionPolicy | Creates or updates an exception policy | +| GetExceptionPolicy | Retrieves an existing exception policy by ID | +| ListExceptionPolicies | Retrieves existing exception policies | +| DeleteExceptionPolicy | Delete an exception policy by ID | +| UpsertQueue| Creates or updates a queue | +| GetQueue | Retrieves an existing queue by ID | +| GetQueues | Retrieves existing queues | +| DeleteQueue | Delete a queue by ID | +| GetQueueStatistics | Retrieves a queue's statistics | +| UpsertJob | Creates or updates a job | +| GetJob | Retrieves an existing job by ID | +| GetJobs | Retrieves existing jobs | +| DeleteJob | Delete a queue policy by ID | +| ReclassifyJob | Reclassify a job | +| CancelJob | Submits request to cancel an existing job by ID while supplying free-form cancellation reason | +| CompleteJob | Completes an assigned job | +| CloseJob | Closes a completed job | +| AcceptJobOffer | Accepts an offer to work on a job and returns a 409/Conflict if another agent accepted the job already | +| DeclineJobOffer| Declines an offer to work on a job | +| UpsertWorker | Creates or updates a worker | +| GetWorker | Retrieves an existing worker by ID | +| GetWorkers | Retrieves existing workers | +| DeleteWorker | Deletes a worker and all of its traces | ++ :::image type="content" source="./media/acs-router-api-requests.png" alt-text="Diagram that shows the Job Router API requests." lightbox="./media/acs-router-api-requests.png"::: ++## Next steps ++- Learn more about [Data Platform Metrics](../../../azure-monitor/essentials/data-platform-metrics.md). |
| communication-services | Router Rule Concepts | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/communication-services/concepts/router/router-rule-concepts.md | Last updated 10/14/2021 -zone_pivot_groups: acs-js-csharp +zone_pivot_groups: acs-js-csharp-java-python # Job Router rule engines Job Router can use one or more rule engines to process data and make decisions about your Jobs and Workers. This document covers what the rule engines do and why you may want to apply them in your implementation. The following rule engine types exist in Job Router to provide flexibility in ho ### Example: Use a static rule to set the priority of a job -In this example a `StaticRule`, which is a subtype of `RouterRule` can be used to set the priority of all Jobs, which use this classification policy. +In this example a `StaticRouterRule`, which is a subtype of `RouterRule` can be used to set the priority of all Jobs, which use this classification policy. ::: zone pivot="programming-language-csharp" ```csharp-await routerAdministration.CreateClassificationPolicyAsync( +await administrationClient.CreateClassificationPolicyAsync( new CreateClassificationPolicyOptions(classificationPolicyId: "my-policy-id") {- PrioritizationRule = new StaticRule(new LabelValue(5)) + PrioritizationRule = new StaticRouterRule(new LabelValue(5)) }); ``` await routerAdministration.CreateClassificationPolicyAsync( ::: zone pivot="programming-language-javascript" ```typescript-await client.upsertClassificationPolicy({ - id: "my-policy-id", - prioritizationRule: { - kind: "static-rule", - value: 5 - } +await administrationClient.createClassificationPolicy("my-policy-id", { + prioritizationRule: { kind: "static-rule", value: 5 } }); ``` ::: zone-end ++```python +administration_client.create_classification_policy( + classification_policy_id = "my-policy-id", + classification_policy = ClassificationPolicy(prioritization_rule = StaticRouterRule(value = 5))) +``` ++++```java +administrationClient.createClassificationPolicy(new CreateClassificationPolicyOptions("my-policy-id") + .setPrioritizationRule(new StaticRouterRule(new LabelValue(5)))); +``` ++ ### Example: Use an expression rule to set the priority of a job -In this example a `ExpressionRule`, which is a subtype of `RouterRule` can be used to set the priority of all Jobs, which use this classification policy. +In this example an `ExpressionRouterRule` which is a subtype of `RouterRule`, evaluates a PowerFX expression to set the priority of all jobs that use this classification policy. ::: zone pivot="programming-language-csharp" ```csharp-await routerAdministration.CreateClassificationPolicyAsync( +await administrationClient.CreateClassificationPolicyAsync( new CreateClassificationPolicyOptions(classificationPolicyId: "my-policy-id") {- PrioritizationRule = new ExpressionRule("If(job.Escalated = true, 10, 5)") // this will check whether the job has a label "Escalated" set to "true" + PrioritizationRule = new ExpressionRouterRule(expression: "If(job.Escalated = true, 10, 5)") // this will check whether the job has a label "Escalated" set to "true" }); ``` await routerAdministration.CreateClassificationPolicyAsync( ::: zone pivot="programming-language-javascript" ```typescript-await client.upsertClassificationPolicy({ - id: "my-policy-id", +await administrationClient.createClassificationPolicy("my-policy-id", { prioritizationRule: { kind: "expression-rule", expression: "If(job.Escalated = true, 10, 5)" }-}); + }); +``` ++++```python +administration_client.create_classification_policy( + classification_policy_id = "my-policy-id", + classification_policy = ClassificationPolicy( + prioritization_rule = ExpressionRouterRule(expression = "If(job.Urgent = true, 10, 5)"))) +``` ++++```java +administrationClient.createClassificationPolicy( + new CreateClassificationPolicyOptions("my-policy-id") + .setPrioritizationRule(new ExpressionRouterRule("If(job.Urgent = true, 10, 5)"))); ``` ::: zone-end |
| communication-services | Worker Capacity Concepts | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/communication-services/concepts/router/worker-capacity-concepts.md | + + Title: Worker capacity ++description: Learn about the Azure Communication Services Job Router worker capacity concepts. +++++ Last updated : 06/08/2023++++zone_pivot_groups: acs-js-csharp-java-python +++# Job Router worker capacity +++When configuring workers, we want to provide a way to specify how many jobs a worker can handle at a time from various channels. This configuration can be done by specifying the total capacity of the worker and assigning a cost per job for each channel. ++## Example: Worker that can handle one voice job or up to five chat jobs ++In this example, we configure a worker with total capacity of 100 and set the voice channel to consume 100 capacity per job and the chat channel to consume 20 capacity per job. This configuration means that the worker can handle one voice job at a time or up to five chat jobs at the same time. If the worker is handling one or more chat jobs, then the worker cannot take any voice jobs until those chat jobs are completed. If the worker is handling a voice job, then the worker cannot take any chat jobs until the voice job is completed. +++```csharp +var worker = await client.CreateWorkerAsync( + new CreateWorkerOptions(workerId: "worker1", totalCapacity: 100) + { + QueueIds = { ["queue1"] = new RouterQueueAssignment() }, + ChannelConfigurations = + { + ["voice"] = new ChannelConfiguration(capacityCostPerJob: 100), + ["chat"] = new ChannelConfiguration(capacityCostPerJob: 20) + } + }); +``` ++++```typescript +await client.createWorker("worker1", { + totalCapacity: 100, + queueAssignments: { queue1: {} }, + channelConfigurations: { + voice: { capacityCostPerJob: 100 }, + chat: { capacityCostPerJob: 20 }, + } +}); +``` ++++```python +client.create_worker(worker_id = "worker1", router_worker = RouterWorker( + total_capacity = 100, + queue_assignments = { + "queue1": {} + }, + channel_configurations = { + "voice": ChannelConfiguration(capacity_cost_per_job = 100), + "chat": ChannelConfiguration(capacity_cost_per_job = 20) + } +)) +``` ++++```java +client.createWorker(new CreateWorkerOptions("worker1", 100) + .setQueueAssignments(Map.of("queue1", new RouterQueueAssignment())) + .setChannelConfigurations(Map.of( + "voice", new ChannelConfiguration().setCapacityCostPerJob(100), + "chat", new ChannelConfiguration().setCapacityCostPerJob(20)))) +``` +++## Example: Worker that can handle one voice jobs and up to two chat jobs and two email jobs at the same time ++In this example, a worker is configured with total capacity of 100. Next, the voice channel is set to consume 60 capacity per job and the chat and email channels to consume 10 capacity per job each with a `maxNumberOfJobs` set to two. This configuration means that the worker can handle one voice job at a time and up to two chat jobs and up to two email jobs at the same time. Since the chat and email channels are configured with a `maxNumberOfJobs` of two, those channels consume up to a maximum of 40 capacity in total. Therefore, the worker can always handle up to one voice job. The voice channel takes "priority" over the other channels. +++```csharp +var worker = await client.CreateWorkerAsync( + new CreateWorkerOptions(workerId: "worker1", totalCapacity: 100) + { + QueueIds = { ["queue1"] = new RouterQueueAssignment() }, + ChannelConfigurations = + { + ["voice"] = new ChannelConfiguration(capacityCostPerJob: 60), + ["chat"] = new ChannelConfiguration(capacityCostPerJob: 10) { MaxNumberOfJobs = 2}, + ["email"] = new ChannelConfiguration(capacityCostPerJob: 10) { MaxNumberOfJobs = 2} + } + }); +``` ++++```typescript +await client.createWorker("worker1", { + totalCapacity: 100, + queueAssignments: { queue1: {} }, + channelConfigurations: { + voice: { capacityCostPerJob: 60 }, + chat: { capacityCostPerJob: 10, maxNumberOfJobs: 2 }, + email: { capacityCostPerJob: 10, maxNumberOfJobs: 2 } + } +}); +``` ++++```python +client.create_worker(worker_id = "worker1", router_worker = RouterWorker( + total_capacity = 100, + queue_assignments = { + "queue1": {} + }, + channel_configurations = { + "voice": ChannelConfiguration(capacity_cost_per_job = 60), + "chat": ChannelConfiguration(capacity_cost_per_job = 10, max_number_of_jobs = 2), + "email": ChannelConfiguration(capacity_cost_per_job = 10, max_number_of_jobs = 2) + } +)) +``` ++++```java +client.createWorker(new CreateWorkerOptions("worker1", 100) + .setQueueAssignments(Map.of("queue1", new RouterQueueAssignment())) + .setChannelConfigurations(Map.of( + "voice", new ChannelConfiguration().setCapacityCostPerJob(60), + "chat", new ChannelConfiguration().setCapacityCostPerJob(10).setMaxNumberOfJobs(2), + "email", new ChannelConfiguration().setCapacityCostPerJob(10).setMaxNumberOfJobs(2)))) +``` +++## Next steps ++- [Getting started with Job Router](../../quickstarts/router/get-started-router.md) |
| communication-services | Sdk Options | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/communication-services/concepts/sdk-options.md | Development of Calling and Chat applications can be accelerated by the [Azure C | Email | [REST](/rest/api/communication/Email) | Service|Send and get status on Email messages| | Chat | [REST](/rest/api/communication/) with proprietary signaling | Client & Service | Add real-time text chat to your applications | | Calling | Proprietary transport | Client | Voice, video, screen-sharing, and other real-time communication |-| Call Automation | [REST](/rest/api/communication/callautomation/call-connection) | Service| Build customized calling workflows for PSTN and VoIP calls| +| Call Automation | [REST](/rest/api/communication/callautomation/call-connection) | Service | Build customized calling workflows for PSTN and VoIP calls | +| Job Router | [REST](/rest/api/communication/jobrouter/job-router) | Service | Optimize the management of customer interactions across various applications | | Network Traversal | [REST](./network-traversal.md)| Service| Access TURN servers for low-level data transport | | UI Library | N/A | Client | Production-ready UI components for chat and calling apps | Publishing locations for individual SDK packages are detailed below. | Email| [npm](https://www.npmjs.com/package/@azure/communication-email) | [NuGet](https://www.NuGet.org/packages/Azure.Communication.Email)| [PyPi](https://pypi.org/project/azure-communication-email/) | [Maven](https://search.maven.org/artifact/com.azure/azure-communication-email) | -| -| -| | Calling| [npm](https://www.npmjs.com/package/@azure/communication-calling) | [NuGet](https://www.nuget.org/packages/Azure.Communication.Calling.WindowsClient) | -| - | [GitHub](https://github.com/Azure/Communication/releases) | [Maven](https://search.maven.org/artifact/com.azure.android/azure-communication-calling/)| -| |Call Automation|[npm](https://www.npmjs.com/package/@azure/communication-call-automation)|[NuGet](https://www.NuGet.org/packages/Azure.Communication.CallAutomation/)|[PyPi](https://pypi.org/project/azure-communication-callautomation/)|[Maven](https://search.maven.org/artifact/com.azure/azure-communication-callautomation)+|Job Router|[npm](https://www.npmjs.com/package/@azure/communication-job-router)|[NuGet](https://www.NuGet.org/packages/Azure.Communication.JobRouter/)|[PyPi](https://pypi.org/project/azure-communication-jobrouter/)|[Maven](https://search.maven.org/artifact/com.azure/azure-communication-jobrouter) |Network Traversal| [npm](https://www.npmjs.com/package/@azure/communication-network-traversal)|[NuGet](https://www.NuGet.org/packages/Azure.Communication.NetworkTraversal/) | [PyPi](https://pypi.org/project/azure-communication-networktraversal/) | [Maven](https://search.maven.org/search?q=a:azure-communication-networktraversal) | -|- | - | | UI Library| [npm](https://www.npmjs.com/package/@azure/communication-react) | - | - | - | [GitHub](https://github.com/Azure/communication-ui-library-ios) | [GitHub](https://github.com/Azure/communication-ui-library-android) | [GitHub](https://github.com/Azure/communication-ui-library), [Storybook](https://azure.github.io/communication-ui-library/?path=/story/overview--page) | | Reference Documentation | [docs](https://azure.github.io/azure-sdk-for-js/communication.html) | [docs](https://azure.github.io/azure-sdk-for-net/communication.html)| -| [docs](http://azure.github.io/azure-sdk-for-java/communication.html) | [docs](/objectivec/communication-services/calling/)| [docs](/java/api/com.azure.android.communication.calling)| -| For more information, see the following SDK overviews: - [Calling SDK Overview](../concepts/voice-video-calling/calling-sdk-features.md) - [Call Automation SDK Overview](../concepts/call-automation/call-automation.md)+- [Job Router SDK Overview](../concepts/router/concepts.md) - [Chat SDK Overview](../concepts/chat/sdk-features.md) - [SMS SDK Overview](../concepts/sms/sdk-features.md) - [Email SDK Overview](../concepts/email/sdk-features.md) |
| communication-services | Troubleshooting Info | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/communication-services/concepts/troubleshooting-info.md | const callClient = new CallClient({ logger }); ``` You can use AzureLogger to redirect the logging output from Azure SDKs by overriding the `AzureLogger.log` method:-This value may be useful if you want to redirect logs to a location other than console. -+You can log to the browser console, a file, buffer, send to our own service, etc... If you are going to send logs over +the network to your own service, do not send a request per log line because this will affect browser performance. Instead, accumulate logs lines and send them in batches. ```javascript-// redirect log output +// Redirect log output AzureLogger.log = (...args) => {- console.log(...args); // to console, file, buffer, REST API, etc... + // To console, file, buffer, REST API, etc... + console.log(...args); }; ``` |
| communication-services | Play Action | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/communication-services/how-tos/call-automation/play-action.md | |
| communication-services | Recognize Action | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/communication-services/how-tos/call-automation/recognize-action.md | |
| communication-services | Secure Webhook Endpoint | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/communication-services/how-tos/call-automation/secure-webhook-endpoint.md | |
| communication-services | Accept Decline Offer | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/communication-services/how-tos/router-sdk/accept-decline-offer.md | +zone_pivot_groups: acs-js-csharp-java-python #Customer intent: As a developer, I want to accept/decline job offers when they come in. # Discover how to accept or decline Job Router job offers + This guide lays out the steps you need to take to observe a Job Router offer. It also outlines how to accept or decline job offers. ## Prerequisites This guide lays out the steps you need to take to observe a Job Router offer. It - A deployed Azure Communication Services resource. [Create a Communication Services resource](../../quickstarts/create-communication-resource.md). - Optional: Complete the quickstart to [get started with Job Router](../../quickstarts/router/get-started-router.md). -## Observe worker offer-issued events +## Accept job offers ++After you create a job, observe the [worker offer-issued event](subscribe-events.md#microsoftcommunicationrouterworkerofferissued), which contains the worker ID and the job offer ID. The worker can accept job offers by using the SDK. Once the offer is accepted, the job will be assigned to the worker. -After you create a job, observe the [worker offer-issued event](subscribe-events.md#microsoftcommunicationrouterworkerofferissued), which contains the worker ID and the job offer ID: ```csharp-var workerId = event.data.workerId; -var offerId = event.data.offerId; -Console.WriteLine($"Job Offer ID: {offerId} offered to worker {workerId} "); - +// Event handler logic omitted +await client.AcceptJobOfferAsync(offerIssuedEvent.Data.WorkerId, offerIssuedEvent.Data.OfferId); ``` -## Accept job offers -The worker can accept job offers by using the SDK: -```csharp -var result = await client.AcceptJobOfferAsync(workerId, offerId); +```typescript +// Event handler logic omitted +await client.acceptJobOffer(offerIssuedEvent.data.workerId, offerIssuedEvent.data.offerId); +``` ++++```python +# Event handler logic omitted +client.accept_job_offer(offerIssuedEvent.data.worker_id, offerIssuedEvent.data.offer_id) +``` ++ +```java +// Event handler logic omitted +client.acceptJobOffer(offerIssuedEvent.getData().getWorkerId(), offerIssuedEvent.getData().getOfferId()); ``` + ## Decline job offers -The worker can decline job offers by using the SDK: +The worker can decline job offers by using the SDK. Once the offer is declined, the job will be offered to the next available worker. The same job will not be offered to the worker that declined the job unless the worker is deregistered and registered again. + ```csharp-var result = await client.DeclineJobOfferAsync(workerId, offerId); +// Event handler logic omitted +await client.DeclineJobOfferAsync(new DeclineJobOfferOptions( + workerId: offerIssuedEvent.Data.WorkerId, + offerId: offerIssuedEvent.Data.OfferId)); +``` +++```typescript +// Event handler logic omitted +await client.declineJobOffer(offerIssuedEvent.data.workerId, offerIssuedEvent.data.offerId); ``` +++```python +# Event handler logic omitted +client.decline_job_offer(offerIssuedEvent.data.worker_id, offerIssuedEvent.data.offer_id) +``` ++++```java +// Event handler logic omitted +client.declineJobOffer( + new DeclineJobOfferOptions(offerIssuedEvent.getData().getWorkerId(), offerIssuedEvent.getData().getOfferId())); +``` +++### Retry offer after some time ++In some scenarios, a worker may want to automatically retry an offer after some time. For example, a worker may want to retry an offer after 5 minutes. To do this, the worker can use the SDK to decline the offer and specify the `retryOfferAfterUtc` property. +++```csharp +// Event handler logic omitted +await client.DeclineJobOfferAsync(new DeclineJobOfferOptions( + workerId: offerIssuedEvent.Data.WorkerId, + offerId: offerIssuedEvent.Data.OfferId) +{ + RetryOfferAt = DateTimeOffset.UtcNow.AddMinutes(5) +}); +``` ++++```typescript +// Event handler logic omitted +await client.declineJobOffer(offerIssuedEvent.data.workerId, offerIssuedEvent.data.offerId, { + retryOfferAt: new Date(Date.now() + 5 * 60 * 1000) +}); +``` ++++```python +# Event handler logic omitted +client.decline_job_offer( + worker_id = offerIssuedEvent.data.worker_id, + offer_id = offerIssuedEvent.data.offer_id, + retry_offer_at = datetime.utcnow() + timedelta(minutes = 5)) +``` ++++```java +// Event handler logic omitted +client.declineJobOffer( + new DeclineJobOfferOptions(offerIssuedEvent.getData().getWorkerId(), offerIssuedEvent.getData().getOfferId()) + .setRetryOfferAt(OffsetDateTime.now().plusMinutes(5))); +``` ++ ## Next steps - Review how to [manage a Job Router queue](manage-queue.md). |
| communication-services | Azure Function | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/communication-services/how-tos/router-sdk/azure-function.md | public static class GetPriority Inspect your deployed function in the Azure portal and locate the function Uri and authentication key. Then use the SDK to configure a policy that uses a rule engine to point to that function. ```csharp-await client.CreateClassificationPolicyAsync( - options: new CreateClassificationPolicyOptions("policy-1") - { - PrioritizationRule = new FunctionRule("<insert function uri>", new FunctionRuleCredential("<insert function key>")) - } -); +await administrationClient.CreateClassificationPolicyAsync( + new CreateClassificationPolicyOptions("policy-1") { + PrioritizationRule = new FunctionRouterRule(new Uri("<insert function uri>")) { + Credential = new FunctionRouterRuleCredential("<insert function key>") + }}); ``` When a new job is submitted or updated, this function will be called to determine the priority of the job. When a new job is submitted or updated, this function will be called to determin ## Errors If the Azure Function fails or returns a non-200 code, the job will move to the `ClassificationFailed` state and you'll receive a `JobClassificationFailedEvent` from Event Grid containing details of the error.++## Next steps ++- [How to customize how workers are ranked for the best worker distribution mode](customize-worker-scoring.md) |
| communication-services | Customize Worker Scoring | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/communication-services/how-tos/router-sdk/customize-worker-scoring.md | Title: Azure Function Rule concepts for Azure Communication Services + Title: How to customize how workers are ranked for the best worker distribution mode description: Learn how to customize how workers are ranked for the best worker mode We want to distribute offers among their workers associated with a queue. The wo - ["English"] >= 7 - ["ChatSupport"] = true - ["XboxSupport"] = true-- Job currently is in a state of '**Queued**'; enqueued in *Xbox Hardware Support Queue* waiting to be matched to a worker.+- Job currently is in a state of '**Queued**'; enqueued in _Xbox Hardware Support Queue_ waiting to be matched to a worker. - Multiple workers become available simultaneously. - **Worker 1** has been created with the following **labels** - ["HighPrioritySupport"] = true We would like the following behavior when scoring workers to select which worker The decision flow (as shown above) is as follows: - If a job is **NOT HighPriority**:- - Workers with label: **["Support_XBOX"] = true**; get a score of *100* - - Otherwise, get a score of *1* + - Workers with label: **["Support_XBOX"] = true**; get a score of _100_ + - Otherwise, get a score of _1_ - If a job is **HighPriority**:- - Workers with label: **["HighPrioritySupport"] = false**; get a score of *1* + - Workers with label: **["HighPrioritySupport"] = false**; get a score of _1_ - Otherwise, if **["HighPrioritySupport"] = true**:- - Does Worker specialize in console type -> Does worker have label: **["Support_<**jobLabels.ConsoleType**>"] = true**? If true, worker gets score of *200* - - Otherwise, get a score of *100* + - Does Worker specialize in console type -> Does worker have label: **["Support_<**jobLabels.ConsoleType**>"] = true**? If true, worker gets score of _200_ + - Otherwise, get a score of _100_ ## Creating an Azure function Sample input for **Worker 1** "key": "English", "operator": "GreaterThanEqual", "value": 7,- "ttl": null + "expiresAfterSeconds": null }, { "key": "ChatSupport", "operator": "Equal", "value": true,- "ttl": null + "expiresAfterSeconds": null }, { "key": "XboxSupport", "operator": "Equal", "value": true,- "ttl": null + "expiresAfterSeconds": null } ], "worker": { With the aforementioned implementation, for the given job we'll get the followin Now that the Azure function app is ready, let us create an instance of **BestWorkerDistribution** mode using Router SDK. ```csharp- // -- initialize router client - // Setup Distribution Policy - var bestWorkerDistributionMode = new BestWorkerMode( - scoringRule: new AzureFunctionRule( - functionAppUrl: "<insert function url>"); -- var distributionPolicy = await client.SetDistributionPolicyAsync( - id: "BestWorkerDistributionMode", - mode: bestWorkerDistributionMode, - name: "XBox hardware support distribution", - offerTTL: TimeSpan.FromMinutes(5)); -- // Setup Queue - var queue = await client.SetQueueAsync( - id: "XBox_Hardware_Support_Q", - distributionPolicyId: distributionPolicy.Value.Id, - name: "XBox Hardware Support Queue"); -- // Setup Channel - var channel = await client.SetChannelAsync("Xbox_Chat_Channel"); -- // Create workers -- var worker1Labels = new LabelCollection() - { - ["HighPrioritySupport"] = true, - ["HardwareSupport"] = true, - ["Support_XBOX_SERIES_X"] = true, - ["English"] = 10, - ["ChatSupport"] = true, - ["XboxSupport"] = true - }; - var worker1 = await client.RegisterWorkerAsync( - id: "Worker_1", - totalCapacity: 100, - queueIds: new[] {queue.Value.Id}, - labels: worker1Labels, - channelConfigurations: new[] {new ChannelConfiguration(channel.Value.Id, 10)}); -- var worker2Labels = new LabelCollection() +var administrationClient = new JobRouterAdministrationClient("<YOUR_ACS_CONNECTION_STRING>"); ++// Setup Distribution Policy +var distributionPolicy = await administrationClient.CreateDistributionPolicyAsync( + new CreateDistributionPolicyOptions( + distributionPolicyId: "BestWorkerDistributionMode", + offerExpiresAfter: TimeSpan.FromMinutes(5), + mode: new BestWorkerMode(scoringRule: new FunctionRouterRule(new Uri("<insert function url>"))) + ) { Name = "XBox hardware support distribution" }); ++// Setup Queue +var queue = await administrationClient.CreateQueueAsync( + new CreateQueueOptions( + queueId: "XBox_Hardware_Support_Q", + distributionPolicyId: distributionPolicy.Value.Id + ) { Name = "XBox Hardware Support Queue" }); ++// Create workers +var worker1 = await client.CreateWorkerAsync(new CreateWorkerOptions(workerId: "Worker_1", totalCapacity: 100) {- ["HighPrioritySupport"] = true, - ["HardwareSupport"] = true, - ["Support_XBOX_SERIES_X"] = true, - ["Support_XBOX_SERIES_S"] = true, - ["English"] = 8, - ["ChatSupport"] = true, - ["XboxSupport"] = true - }; - var worker2 = await client.RegisterWorkerAsync( - id: "Worker_2", - totalCapacity: 100, - queueIds: new[] { queue.Value.Id }, - labels: worker2Labels, - channelConfigurations: new[] { new ChannelConfiguration(channel.Value.Id, 10) }); -- var worker3Labels = new LabelCollection() + QueueIds = { [queue.Value.Id] = new RouterQueueAssignment() }, + ChannelConfigurations = { ["Xbox_Chat_Channel"] = new ChannelConfiguration(capacityCostPerJob: 10) }, + Labels = + { + ["English"] = new LabelValue(10), + ["HighPrioritySupport"] = new LabelValue(true), + ["HardwareSupport"] = new LabelValue(true), + ["Support_XBOX_SERIES_X"] = new LabelValue(true), + ["ChatSupport"] = new LabelValue(true), + ["XboxSupport"] = new LabelValue(true) + } + }); ++var worker2 = await client.CreateWorkerAsync(new CreateWorkerOptions(workerId: "Worker_2", totalCapacity: 100) {- ["HighPrioritySupport"] = false, - ["HardwareSupport"] = true, - ["Support_XBOX"] = true, - ["English"] = 7, - ["ChatSupport"] = true, - ["XboxSupport"] = true - }; - var worker3 = await client.RegisterWorkerAsync( - id: "Worker_3", - totalCapacity: 100, - queueIds: new[] { queue.Value.Id }, - labels: worker3Labels, - channelConfigurations: new[] { new ChannelConfiguration(channel.Value.Id, 10) }); -- // Create Job - var jobLabels = new LabelCollection() + QueueIds = { [queue.Value.Id] = new RouterQueueAssignment() }, + ChannelConfigurations = { ["Xbox_Chat_Channel"] = new ChannelConfiguration(capacityCostPerJob: 10) }, + Labels = + { + ["English"] = new LabelValue(8), + ["HighPrioritySupport"] = new LabelValue(true), + ["HardwareSupport"] = new LabelValue(true), + ["Support_XBOX_SERIES_X"] = new LabelValue(true), + ["ChatSupport"] = new LabelValue(true), + ["XboxSupport"] = new LabelValue(true) + } + }); ++var worker3 = await client.CreateWorkerAsync(new CreateWorkerOptions(workerId: "Worker_3", totalCapacity: 100) {- ["CommunicationType"] = "Chat", - ["IssueType"] = "XboxSupport", - ["Language"] = "en", - ["HighPriority"] = true, - ["SubIssueType"] = "ConsoleMalfunction", - ["ConsoleType"] = "XBOX_SERIES_X", - ["Model"] = "XBOX_SERIES_X_1TB" - }; - var workerSelectors = new List<LabelSelector>() + QueueIds = { [queue.Value.Id] = new RouterQueueAssignment() }, + ChannelConfigurations = { ["Xbox_Chat_Channel"] = new ChannelConfiguration(capacityCostPerJob: 10) }, + Labels = + { + ["English"] = new LabelValue(7), + ["HighPrioritySupport"] = new LabelValue(true), + ["HardwareSupport"] = new LabelValue(true), + ["Support_XBOX_SERIES_X"] = new LabelValue(true), + ["ChatSupport"] = new LabelValue(true), + ["XboxSupport"] = new LabelValue(true) + } + }); ++// Create Job +var job = await client.CreateJobAsync( + new CreateJobOptions(jobId: "job1", channelId: "Xbox_Chat_Channel", queueId: queue.Value.Id) {- new LabelSelector("English", LabelOperator.GreaterThanEqual, 7), - new LabelSelector("ChatSupport", LabelOperator.Equal, true), - new LabelSelector("XboxSupport", LabelOperator.Equal, true) - }; - var job = await client.CreateJobAsync( - channelId: channel.Value.Id, - queueId: queue.Value.Id, - priority: 100, - channelReference: "ChatChannel", - labels: jobLabels, - workerSelectors: workerSelectors); -- var getJob = await client.GetJobAsync(job.Value.Id); - Console.WriteLine(getJob.Value.Assignments.Select(assignment => assignment.Value.WorkerId).First()); + Priority = 100, + ChannelReference = "ChatChannel", + RequestedWorkerSelectors = + { + new RouterWorkerSelector(key: "English", labelOperator: LabelOperator.GreaterThanEqual, value: new LabelValue(7)), + new RouterWorkerSelector(key: "ChatSupport", labelOperator: LabelOperator.Equal, value: new LabelValue(true)), + new RouterWorkerSelector(key: "XboxSupport", labelOperator: LabelOperator.Equal, value: new LabelValue(true)) + }, + Labels = + { + ["CommunicationType"] = new LabelValue("Chat"), + ["IssueType"] = new LabelValue("XboxSupport"), + ["Language"] = new LabelValue("en"), + ["HighPriority"] = new LabelValue(true), + ["SubIssueType"] = new LabelValue("ConsoleMalfunction"), + ["ConsoleType"] = new LabelValue("XBOX_SERIES_X"), + ["Model"] = new LabelValue("XBOX_SERIES_X_1TB") + } + }); ++// Wait a few seconds and see which worker was matched +await Task.Delay(TimeSpan.FromSeconds(5)); +var getJob = await client.GetJobAsync(job.Value.Id); +Console.WriteLine(getJob.Value.Assignments.Select(assignment => assignment.Value.WorkerId).First()); ``` Output |
| communication-services | Escalate Job | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/communication-services/how-tos/router-sdk/escalate-job.md | +zone_pivot_groups: acs-js-csharp-java-python #Customer intent: As a developer, I want to manage the behavior of my jobs in a queue. # Escalate a job + This guide shows you how to escalate a Job in a Queue by using an Exception Policy. ## Prerequisites -- An Azure account with an active subscription. [Create an account for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F). +- An Azure account with an active subscription. [Create an account for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F). - A deployed Communication Services resource. [Create a Communication Services resource](../../quickstarts/create-communication-resource.md). - Optional: Complete the quickstart to [get started with Job Router](../../quickstarts/router/get-started-router.md) - Optional: Review the [Job classification how-to guide](job-classification.md) ## Escalation Overview -Escalation can take the form of several different behaviors including moving a Job to a different Queue and/or specifying a higher priority. Jobs with a higher priority will be distributed to Workers before Jobs with a lower priority. For this how-to guide, we will use an Escalation Policy and a Classification Policy to achieve this goal. +Escalation can take the form of several different behaviors including moving a Job to a different Queue and/or specifying a higher priority. Jobs with a higher priority are distributed to Workers before jobs with a lower priority. For this how-to guide, we use a Classification Policy and an Exception Policy and to achieve this goal. ++## Classification policy configuration ++Create a Classification Policy to handle the new label added to the Job. This policy evaluates the `Escalated` label and assigns the Job to either Queue. The policy also uses the [Rules Engine](../../concepts/router/router-rule-concepts.md) to increase the priority of the Job from `1` to `10`. +++```csharp +var classificationPolicy = await administrationClient.CreateClassificationPolicyAsync( + new CreateClassificationPolicyOptions(classificationPolicyId: "Classify_XBOX_Voice_Jobs") + { + Name = "Classify XBOX Voice Jobs", + QueueSelectors = + { + new ConditionalQueueSelectorAttachment( + condition: new ExpressionRouterRule("job.Escalated = true"), + labelSelectors: new List<RouterQueueSelector> + { + new (key: "Id", labelOperator: LabelOperator.Equal, value: new LabelValue("XBOX_Escalation_Queue")) + }) + }, + PrioritizationRule = new ExpressionRouterRule("If(job.Escalated = true, 10, 1)"), + }); +``` ++++```typescript +var classificationPolicy = await administrationClient.createClassificationPolicy("Classify_XBOX_Voice_Jobs", { + name: "Classify XBOX Voice Jobs", + queueSelectors: [{ + kind: "conditional", + condition: { + kind: "expression-rule", + expression: 'job.Escalated = true' + }, + labelSelectors: [{ + key: "Id", + labelOperator: "equal", + value: "XBOX_Escalation_Queue" + }] + }], + prioritizationRule: { + kind: "expression-rule", + expression: "If(job.Escalated = true, 10, 1)" + }}); +``` ++++```python +classification_policy: ClassificationPolicy = administration_client.create_classification_policy( + classification_policy_id = "Classify_XBOX_Voice_Jobs", + classification_policy = ClassificationPolicy( + name = "Classify XBOX Voice Jobs", + queue_selectors = [ + ConditionalQueueSelectorAttachment( + condition = ExpressionRouterRule(expression = 'job.Escalated = true'), + label_selectors = [ + RouterQueueSelector(key = "Id", label_operator = LabelOperator.EQUAL, value = "XBOX_Escalation_Queue") + ] + ) + ], + prioritization_rule = ExpressionRouterRule(expression = "If(job.Escalated = true, 10, 1)"))) +``` ++++```java +ClassificationPolicy classificationPolicy = administrationClient.createClassificationPolicy( + new CreateClassificationPolicyOptions("Classify_XBOX_Voice_Jobs") + .setName("Classify XBOX Voice Jobs") + .setQueueSelectors(List.of(new ConditionalQueueSelectorAttachment() + .setCondition(new ExpressionRouterRule().setExpression("job.Escalated = true")) + .setLabelSelectors(List.of( + new RouterQueueSelector().setKey("Id").setLabelOperator(LabelOperator.EQUAL).setValue("XBOX_Escalation_Queue")) + ))) + .setPrioritizationRule(new ExpressionRouterRule().setExpression("If(job.Escalated = true, 10, 1)"))); +``` + ## Exception policy configuration -Create an exception policy, which you will attach to the regular queue, which is triggered by time and takes the action of the Job being reclassified. +Create an exception policy attached to the queue, which is time triggered and takes the action of the Job being reclassified. + ```csharp-// create the exception policy -await routerClient.CreateExceptionPolicyAsync( - new CreateExceptionPolicyOptions( - exceptionPolicyId: "Escalate_XBOX_Policy", - exceptionRules: new Dictionary<string, ExceptionRule>() +var exceptionPolicy = await administrationClient.CreateExceptionPolicyAsync(new CreateExceptionPolicyOptions( + exceptionPolicyId: "Escalate_XBOX_Policy", + exceptionRules: new Dictionary<string, ExceptionRule> + { + ["Escalated_Rule"] = new( + trigger: new WaitTimeExceptionTrigger(TimeSpan.FromMinutes(5)), + actions: new Dictionary<string, ExceptionAction?> {- { - ["Escalated_Rule"] = new ExceptionRule(new WaitTimeExceptionTrigger(300), - new Dictionary<string, ExceptionAction>() - { - "EscalateReclassifyExceptionAction" = new ReclassifyExceptionAction( - classificationPolicyId: "<classification policy id>", - labelsToUpsert: new Dictionary<string, LabelValue>() - { - ["Escalated"] = new LabelValue(true), - }) - }) - } + ["EscalateReclassifyExceptionAction"] = + new ReclassifyExceptionAction(classificationPolicyId: classificationPolicy.Value.Id) + { + LabelsToUpsert = { ["Escalated"] = new LabelValue(true) } + } }- )) - { - Name = "My exception policy" + ) + }) { Name = "Add escalated label and reclassify XBOX Job requests after 5 minutes" }); +``` ++++```typescript +await administrationClient.createExceptionPolicy("Escalate_XBOX_Policy", { + name: "Add escalated label and reclassify XBOX Job requests after 5 minutes", + exceptionRules: { + Escalated_Rule: { + trigger: { kind: "wait-time", thresholdSeconds: 5 * 60 }, + actions: { EscalateReclassifyExceptionAction: { + kind: "reclassify", classificationPolicyId: classificationPolicy.id, labelsToUpsert: { Escalated: true } + }} + } }-); +}); ``` -## Classification policy configuration -Create a Classification Policy to handle the new label added to the Job. This policy will evaluate the `Escalated` label and assign the Job to either Queue. The policy will also use the [RulesEngine](../../concepts/router/router-rule-concepts.md) to increase the priority of the Job from `1` to `10`. -```csharp -await routerAdministrationClient.CreateClassificationPolicyAsync( - options: new CreateClassificationPolicyOptions("Classify_XBOX_Voice_Jobs") - { - Name = "Classify XBOX Voice Jobs", - PrioritizationRule = new ExpressionRule("If(job.Escalated = true, 10, 1)"), - QueueSelectors = new List<QueueSelectorAttachment>() - { - new ConditionalQueueSelectorAttachment( - condition: new ExpressionRule("If(job.Escalated = true, true, false)"), - labelSelectors: new List<QueueSelector>() - { - new QueueSelector("Id", LabelOperator.Equal, new LabelValue("XBOX_Escalation_Queue")) - }), - new ConditionalQueueSelectorAttachment( - condition: new ExpressionRule("If(job.Escalated = false, true, false)"), - labelSelectors: new List<QueueSelector>() - { - new QueueSelector("Id", LabelOperator.Equal, new LabelValue("XBOX_Queue")) - }) - }, - FallbackQueueId = "Default" - }); +```python +administration_client.create_exception_policy( + exception_policy_id = "Escalate_XBOX_Policy", + exception_policy = ExceptionPolicy( + name = "Add escalated label and reclassify XBOX Job requests after 5 minutes", + exception_rules = { + "Escalated_Rule": ExceptionRule( + trigger = WaitTimeExceptionTrigger(threshold_seconds = 5 * 60), + actions = { "EscalateReclassifyExceptionAction": ReclassifyExceptionAction( + classification_policy_id = classification_policy.id, + labels_to_upsert = { "Escalated": True } + )} + ) + } + ) +) ``` +++```java +administrationClient.createExceptionPolicy(new CreateExceptionPolicyOptions("Escalate_XBOX_Policy", + Map.of("Escalated_Rule", new ExceptionRule() + .setTrigger(new WaitTimeExceptionTrigger().setThresholdSeconds(5 * 60)) + .setActions(Map.of("EscalateReclassifyExceptionAction", new ReclassifyExceptionAction() + .setClassificationPolicyId(classificationPolicy.getId()) + .setLabelsToUpsert(Map.of("Escalated", new LabelValue(true)))))) +).setName("Add escalated label and reclassify XBOX Job requests after 5 minutes")); +``` ++ ## Queue configuration -Create the necessary Queues for regular and escalated Jobs and assign the Exception Policy to the regular Queue. +Create the necessary Queues for regular and escalated Jobs and assigns the Exception Policy to the regular Queue. > [!NOTE] > This step assumes you have created a distribution policy already with the name of `Round_Robin_Policy`. + ```csharp-// create a queue for regular Jobs and attach the exception policy -await routerAdministrationClient.CreateQueueAsync( - options: new CreateQueueOptions("XBOX_Queue", "Round_Robin_Policy") +var defaultQueue = await administrationClient.CreateQueueAsync( + new CreateQueueOptions(queueId: "XBOX_Queue", distributionPolicyId: "Round_Robin_Policy") { Name = "XBOX Queue",- ExceptionPolicyId = "XBOX_Escalate_Policy" + ExceptionPolicyId = exceptionPolicy.Value.Id }); -// create a queue for escalated Jobs -await routerAdministrationClient.CreateQueueAsync( - options: new CreateQueueOptions("XBOX_Escalation_Queue", "Round_Robin_Policy") +var escalationQueue = await administrationClient.CreateQueueAsync( + new CreateQueueOptions(queueId: "XBOX_Escalation_Queue", distributionPolicyId: "Round_Robin_Policy") {- Name = "XBOX Escalation Queue", + Name = "XBOX Escalation Queue" }); ``` +++```typescript +await administrationClient.createQueue("XBOX_Queue", { + distributionPolicyId: "Round_Robin_Policy", + exceptionPolicyId: exceptionPolicy.id, + name: "XBOX Queue" +}); ++await administrationClient.createQueue("XBOX_Escalation_Queue", { + distributionPolicyId: "Round_Robin_Policy", + name: "XBOX Escalation Queue" +}); +``` ++++```python +administration_client.create_queue( + queue_id = "XBOX_Queue", + queue = RouterQueue( + distribution_policy_id = "Round_Robin_Policy", + exception_policy_id = exception_policy.id, + name = "XBOX Queue")) ++administration_client.create_queue( + queue_id = "XBOX_Escalation_Queue", + queue = RouterQueue( + distribution_policy_id = "Round_Robin_Policy", + name = "XBOX Escalation Queue")) +``` ++++```java +administrationClient.createQueue(new CreateQueueOptions("XBOX_Queue", "Round_Robin_Policy") + .setExceptionPolicyId(exceptionPolicy.getId()) + .setName("XBOX Queue")); ++administrationClient.createQueue(new CreateQueueOptions("XBOX_Escalation_Queue", "Round_Robin_Policy") + .setName("XBOX Escalation Queue")); +``` ++ ## Job lifecycle -When you submit the Job, specify the Classification Policy ID as follows. For this particular example, the requirement would be to find a worker with a label called `XBOX_Hardware`, which has a value greater than or equal to the number `7`. +When you submit the Job, it is added to the queue `XBOX_Queue` with the `voice` channel. For this particular example, the requirement is to find a worker with a label called `XBOX_Hardware`, which has a value greater than or equal to the number `7`. + ```csharp-await routerClient.CreateJobAsync( - options: new CreateJobWithClassificationPolicyOptions( - jobId: "<jobId>", - channelId: ManagedChannels.AcsVoiceChannel, - classificationPolicyId: "Classify_XBOX_Voice_Jobs") +await client.CreateJobAsync(new CreateJobOptions(jobId: "job1", channelId: "voice", queueId: defaultQueue.Value.Id) +{ + RequestedWorkerSelectors = new List<RouterWorkerSelector> {- RequestedWorkerSelectors = new List<WorkerSelector> - { - new WorkerSelector(key: "XBOX_Hardware", labelOperator: LabelOperator.GreaterThanEqual, value: new LabelValue(7)) - } - }); -); + new(key: "XBOX_Hardware", labelOperator: LabelOperator.GreaterThanEqual, value: new LabelValue(7)) + } +}); ``` -The following lifecycle steps will be taken once the configuration is complete and the Job is ready to be submitted: +++```typescript +await client.createJob("job1", { + channelId: "voice", + queueId: defaultQueue.id, + requestedWorkerSelectors: [{ key: "XBOX_Hardware", labelOperator: "GreaterThanEqual", value: 7 }] +}); +``` ++++```python +administration_client.create_job( + job_id = "job1", + router_job = RouterJob( + channel_id = "voice", + queue_id = default_queue.id, + requested_worker_selectors = [ + RouterWorkerSelector(key = "XBOX_Hardware", label_operator = LabelOperator.GreaterThanEqual, value = 7) + ])) +``` ++++```java +administrationClient.createJob(new CreateJobOptions("job1", "voice", defaultQueue.getId()) + .setRequestedWorkerSelectors(List.of(new RouterWorkerSelector() + .setKey("XBOX_Hardware") + .setLabelOperator(LabelOperator.GREATER_THAN_EQUAL) + .setValue(new LabelValue(7))))); +``` +++The following lifecycle steps occur once the configuration is complete and the Job is submitted: -1. The Job is sent to Job Router and since a Classification Policy is attached, it will be evaluated and produce both a `RouterJobReceived` and a `RouterJobClassified`. -2. Next, the 5-minute timer begins and will eventually be triggered if no Worker can be assigned. Assuming no Workers are registered, resulting in a `RouterJobExceptionTriggered` and another `RouterJobClassified`. -3. At this point, the Job will be in the `XBOX_Escalation_Queue` and the priority will be set to `10`. +1. The Job is sent to Job Router and produces the `RouterJobReceived` and `RouterJobQueued` events. +2. Next, the 5-minute timer begins and triggers if no matching worker is assigned. After 5 minutes, Job Router emits a `RouterJobExceptionTriggered` and another `RouterJobQueued` event. +3. At this point, the Job moves to the `XBOX_Escalation_Queue` and the priority is set to `10`. |
| communication-services | Estimated Wait Time | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/communication-services/how-tos/router-sdk/estimated-wait-time.md | + + Title: Estimated wait time and position of a Job in queue ++description: Use Azure Communication Services SDKs to get estimated wait time and position for a job in a queue ++++ Last updated : 06/08/2023++zone_pivot_groups: acs-js-csharp-java-python ++#Customer intent: As a developer, I want to target a specific worker +++# How to get estimated wait time and job position +++In the context of a call center, customers might want to know how long they need to wait before they're connected to an agent. As such, Job Router can calculate the estimated wait time or position of a job in a queue. ++## Prerequisites ++- An Azure account with an active subscription. [Create an account for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F). +- A deployed Communication Services resource. [Create a Communication Services resource](../../quickstarts/create-communication-resource.md). +- Optional: Complete the quickstart to [get started with Job Router](../../quickstarts/router/get-started-router.md) +- Optional: Complete the how-to [accept job offers](../../how-tos/router-sdk/accept-decline-offer.md) ++## Get estimated wait time and length of a queue ++Estimated wait time for a queue with is retrieved by calling `GetQueueStatisticsAsync` and checking the `EstimatedWaitTimeMinutes` property. The estimated wait time is grouped by job priority. Job Router also returns the length of the queue and the longest waiting job in the queue. +++```csharp +var queueStatistics = await client.GetQueueStatisticsAsync(queueId: "queue1"); +Console.WriteLine($"Queue statistics: {JsonSerializer.Serialize(queueStatistics.Value)}"); +``` ++++```typescript +var queueStatistics = await client.getQueueStatistics("queue1"); +console.log(`Queue statistics: ${JSON.stringify(queueStatistics)}`); +``` ++++```python +queue_statistics = client.get_queue_statistics(queue_id = "queue1") +print("Queue statistics: " + queue_statistics) +``` ++++```java +var queueStatistics = client.getQueueStatistics("queue1"); +System.out.println("Queue statistics: " + new GsonBuilder().toJson(queueStatistics)); +``` +++Executing the above code should print a message similar to the following snippet (Note: the `EstimatedWaitTimeMinutes` property is grouped by job priority): ++```json +Queue statistics: { "QueueId":"queue1", "Length": 15, "EstimatedWaitTimeMinutes": { "1": 10 }, "LongestJobWaitTimeMinutes": 4.724 } +``` ++## Get estimated wait time and position of a job in a queue ++Estimated wait time for a job with ID `job1` is retrieved by calling `GetQueuePositionAsync` and checking the `EstimatedWaitTimeMinutes` property. Job Router also returns the position of the job in the queue. +++```csharp +var queuePositionDetails = await client.GetQueuePositionAsync(jobId: "job1"); +Console.WriteLine($"Queue position details: {JsonSerializer.Serialize(queuePositionDetails.Value)}"); +``` ++++```typescript +var queuePositionDetails = await client.getQueuePosition("job1"); +console.log(`Queue position details: ${JSON.stringify(queuePositionDetails)}`); +``` ++++```python +queue_position_details = client.get_queue_position(job_id = "job1") +print("Queue position details: " + queue_position_details) +``` ++++```java +var queuePositionDetails = client.getQueuePosition("job1"); +System.out.println("Queue position details: " + new GsonBuilder().toJson(queuePositionDetails)); +``` +++Executing the above code should print a message similar to the following snippet: ++```json +Queue position details: { "JobId": "job1", "Position": 4, "QueueId": "queue1", "QueueLength":15, "EstimatedWaitTimeMinutes": 5 } +``` |
| communication-services | Job Classification | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/communication-services/how-tos/router-sdk/job-classification.md | -zone_pivot_groups: acs-js-csharp +zone_pivot_groups: acs-js-csharp-java-python + #Customer intent: As a developer, I want Job Router to classify my Job for me. # Classifying a job + Learn to use a classification policy in Job Router to dynamically resolve the queue and priority while also attaching worker selectors to a Job. ## Prerequisites -- An Azure account with an active subscription. [Create an account for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F). +- An Azure account with an active subscription. [Create an account for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F). - A deployed Communication Services resource. [Create a Communication Services resource](../../quickstarts/create-communication-resource.md). - Optional: Complete the quickstart to [get started with Job Router](../../quickstarts/router/get-started-router.md) ## Create a classification policy -The following example will leverage [PowerFx Expressions](https://powerapps.microsoft.com/en-us/blog/what-is-microsoft-power-fx/) to select both the queue and priority. The expression will attempt to match the Job label called `Region` equal to `NA` resulting in the Job being put in the `XBOX_NA_QUEUE` if found, otherwise the `XBOX_DEFAULT_QUEUE`. If the `XBOX_DEFAULT_QUEUE` was also not found, then the job will automatically be sent to the fallback queue `DEFAULT_QUEUE` as defined by `fallbackQueueId`. Additionally, the priority will be `10` if a label called `Hardware_VIP` was matched, otherwise it will be `1`. +The following example will leverage [PowerFx Expressions](https://powerapps.microsoft.com/blog/what-is-microsoft-power-fx/) to select both the queue and priority. The expression will attempt to match the Job label called `Region` equal to `NA` resulting in the Job being put in the `XBOX_NA_QUEUE`. Otherwise, the job will be sent to the fallback queue `XBOX_DEFAULT_QUEUE` as defined by `fallbackQueueId`. Additionally, the priority will be `10` if a label called `Hardware_VIP` was matched, otherwise it will be `1`. ::: zone pivot="programming-language-csharp" ```csharp-await routerAdministrationClient.CreateClassificationPolicyAsync( - options: new CreateClassificationPolicyOptions("XBOX_NA_QUEUE_Priority_1_10") +var classificationPolicy = await administrationClient.CreateClassificationPolicyAsync( + new CreateClassificationPolicyOptions(classificationPolicyId: "XBOX_NA_QUEUE_Priority_1_10") { Name = "Select XBOX Queue and set priority to 1 or 10",- PrioritizationRule = new ExpressionRule("If(job.Hardware_VIP = true, 10, 1)"), - QueueSelectors = new List<QueueSelectorAttachment>() + QueueSelectors = {- new ConditionalQueueSelectorAttachment( - condition: new ExpressionRule("If(job.Region = \"NA\", true, false)"), - labelSelectors: new List<QueueSelector>() - { - new QueueSelector("Id", LabelOperator.Equal, new LabelValue("XBOX_NA_QUEUE")) - }), - new ConditionalQueueSelectorAttachment( - condition: new ExpressionRule("If(job.Region != \"NA\", true, false)"), - labelSelectors: new List<QueueSelector>() + new ConditionalQueueSelectorAttachment(condition: new ExpressionRouterRule("job.Region = \"NA\""), + queueSelectors: new List<RouterQueueSelector> {- new QueueSelector("Id", LabelOperator.Equal, new LabelValue("XBOX_DEFAULT_QUEUE")) + new(key: "Id", labelOperator: LabelOperator.Equal, value: new LabelValue("XBOX_NA_QUEUE")) })- } + }, + FallbackQueueId = "XBOX_DEFAULT_QUEUE", + PrioritizationRule = new ExpressionRouterRule("If(job.Hardware_VIP = true, 10, 1)"), }); ``` await routerAdministrationClient.CreateClassificationPolicyAsync( ::: zone pivot="programming-language-javascript" ```typescript-await client.upsertClassificationPolicy({ - id: "XBOX_NA_QUEUE_Priority_1_10", - fallbackQueueId: "DEFAULT_QUEUE", - queueSelector: { - kind: "queue-id", - rule: { - kind: "expression-rule", - expression: "If(job.Region = \"NA\", \"XBOX_NA_QUEUE\", \"XBOX_DEFAULT_QUEUE\")" - } - }, - prioritizationRule: { +var classificationPolicy = await administrationClient.createClassificationPolicy("XBOX_NA_QUEUE_Priority_1_10", { + name: "Select XBOX Queue and set priority to 1 or 10", + queueSelectors: [{ + kind: "conditional", + condition: { kind: "expression-rule",- expression: "If(job.Hardware_VIP = true, 10, 1)" - } + expression: 'job.Region = "NA"' + }, + queueSelectors: [{ + key: "Id", + labelOperator: "equal", + value: "XBOX_NA_QUEUE" + }] + }], + fallbackQueueId: "XBOX_DEFAULT_QUEUE", + prioritizationRule: { + kind: "expression-rule", + expression: "If(job.Hardware_VIP = true, 10, 1)" + }}); +``` ++++```python +classification_policy: ClassificationPolicy = administration_client.create_classification_policy( + classification_policy_id = "XBOX_NA_QUEUE_Priority_1_10", + classification_policy = ClassificationPolicy( + name = "Select XBOX Queue and set priority to 1 or 10", + queue_selectors = [ + ConditionalQueueSelectorAttachment( + condition = ExpressionRouterRule(expression = 'job.Region = "NA"'), + queue_selectors = [ + RouterQueueSelector(key = "Id", label_operator = LabelOperator.EQUAL, value = "XBOX_NA_QUEUE") + ] + ) + ], + fallback_queue_id = "XBOX_DEFAULT_QUEUE", + prioritization_rule = ExpressionRouterRule(expression = "If(job.Hardware_VIP = true, 10, 1)"))) +``` ++++```java +ClassificationPolicy classificationPolicy = administrationClient.createClassificationPolicy( + new CreateClassificationPolicyOptions("XBOX_NA_QUEUE_Priority_1_10") + .setName("Select XBOX Queue and set priority to 1 or 10") + .setQueueSelectors(List.of(new ConditionalQueueSelectorAttachment() + .setCondition(new ExpressionRouterRule().setExpression("job.Region = \"NA\"")) + .setQueueSelectors(List.of( + new RouterQueueSelector().setKey("Id").setLabelOperator(LabelOperator.EQUAL).setValue("XBOX_NA_QUEUE")) + ))) + .setFallbackQueueId("XBOX_DEFAULT_QUEUE") + .setPrioritizationRule(new ExpressionRouterRule().setExpression("If(job.Hardware_VIP = true, 10, 1)"))); ``` ::: zone-end The following example will cause the classification policy to evaluate the Job l ::: zone pivot="programming-language-csharp" ```csharp-var job = await routerClient.CreateJobAsync( - options: new CreateJobWithClassificationPolicyOptions( - jobId: "<job id>", - channelId: "voice", - classificationPolicyId: "XBOX_NA_QUEUE_Priority_1_10") +await client.CreateJobWithClassificationPolicyAsync(new CreateJobWithClassificationPolicyOptions( + jobId: "job1", + channelId: "voice", + classificationPolicyId: classificationPolicy.Value.Id) +{ + Labels = {- Labels = new Dictionary<string, LabelValue>() - { - {"Region", new LabelValue("NA")}, - {"Caller_Id", new LabelValue("tel:7805551212")}, - {"Caller_NPA_NXX", new LabelValue("780555")}, - {"XBOX_Hardware", new LabelValue(7)} - } - }); + ["Region"] = new LabelValue("NA"), + ["Caller_Id"] = new LabelValue("7805551212"), + ["Caller_NPA_NXX"] = new LabelValue("780555"), + ["XBOX_Hardware"] = new LabelValue(7) + } +}); ``` ::: zone-end var job = await routerClient.CreateJobAsync( ::: zone pivot="programming-language-javascript" ```typescript-await client.createJob({ +await client.createJob("job1", { channelId: "voice",- classificationPolicyId: : "XBOX_NA_QUEUE_Priority_1_10", + classificationPolicyId: "XBOX_NA_QUEUE_Priority_1_10", labels: { Region: "NA",- Caller_Id: "tel:7805551212", + Caller_Id: "7805551212", Caller_NPA_NXX: "780555", XBOX_Hardware: 7 }, await client.createJob({ ::: zone-end ++```python +client.create_job(job_id = "job1", router_job = RouterJob( + channel_id = "voice", + classification_policy_id = "XBOX_NA_QUEUE_Priority_1_10", + labels = { + "Region": "NA", + "Caller_Id": "7805551212", + "Caller_NPA_NXX": "780555", + "XBOX_Hardware": 7 + } +)) +``` ++++```java +client.createJob(new CreateJobWithClassificationPolicyOptions("job1", "voice", "XBOX_NA_QUEUE_Priority_1_10") + .setLabels(Map.of( + "Region", new LabelValue("NA"), + "Caller_Id": new LabelValue("7805551212"), + "Caller_NPA_NXX": new LabelValue("780555"), + "XBOX_Hardware": new LabelValue(7) + ))); +``` ++ ## Attaching Worker Selectors You can use the classification policy to attach additional worker selectors to a job. In this example, the Classification Policy is configured with a static attachmen ::: zone pivot="programming-language-csharp" ```csharp-await routerAdministrationClient.CreateClassificationPolicyAsync( - options: new CreateClassificationPolicyOptions("policy-1") +await administrationClient.CreateClassificationPolicyAsync( + new CreateClassificationPolicyOptions("policy-1") {- WorkerSelectors = new List<WorkerSelectorAttachment>() + WorkerSelectors = {- new StaticWorkerSelectorAttachment(new WorkerSelector("Foo", LabelOperator.Equal, new LabelValue("Bar"))) + new StaticWorkerSelectorAttachment(new RouterWorkerSelector( + key: "Foo", labelOperator: LabelOperator.Equal, value: new LabelValue("Bar"))) } }); ``` await routerAdministrationClient.CreateClassificationPolicyAsync( ::: zone pivot="programming-language-javascript" ```typescript-await client.upsertClassificationPolicy( - id: "policy-1", - workerSelectors: [ - { - kind: "static", - labelSelector: { key: "foo", operator: "equal", value: "bar" } - } - ] -); +await administrationClient.createClassificationPolicy("policy-1", { + workerSelectors: [{ + kind: "static", + workerSelector: { key: "Foo", labelOperator: "equal", value: "Bar" } + }] +}); +``` ++++```python +administration_client.create_classification_policy( + classification_policy_id = "policy-1", + classification_policy = ClassificationPolicy( + worker_selectors = [ + StaticWorkerSelectorAttachment( + worker_selector = RouterWorkerSelector(key = "Foo", label_operator = LabelOperator.EQUAL, value = "Bar") + ) + ])) +``` ++++```java +administrationClient.createClassificationPolicy(new CreateClassificationPolicyOptions("policy-1") + .setWorkerSelectors(List.of(new StaticWorkerSelectorAttachment() + .setWorkerSelector(new RouterWorkerSelector().setKey("Foo").setLabelOperator(LabelOperator.EQUAL).setValue("Bar"))))); ``` ::: zone-end In this example, the Classification Policy is configured with a conditional atta ::: zone pivot="programming-language-csharp" ```csharp-await routerAdministrationClient.CreateClassificationPolicyAsync( - options: new CreateClassificationPolicyOptions("policy-1") +await administrationClient.CreateClassificationPolicyAsync( + new CreateClassificationPolicyOptions("policy-1") {- WorkerSelectors = new List<WorkerSelectorAttachment>() + WorkerSelectors = {- new ConditionalWorkerSelectorAttachment( - condition: new ExpressionRule("job.Urgent = true")), - labelSelectors: new List<WorkerSelector>() + new ConditionalRouterWorkerSelectorAttachment( + condition: new ExpressionRouterRule("job.Urgent = true"), + workerSelectors: new List<RouterWorkerSelector> {- new WorkerSelector("Foo", LabelOperator.Equal, "Bar") + new(key: "Foo", labelOperator: LabelOperator.Equal, value: new LabelValue("Bar")) }) } }); await routerAdministrationClient.CreateClassificationPolicyAsync( ::: zone pivot="programming-language-javascript" ```typescript-await client.upsertClassificationPolicy( - id: "policy-1", - workerSelectors: [ - { - kind: "conditional", - condition: { - kind: "expression-rule", - expression: "job.Urgent = true" - }, - labelSelectors: [ - { key: "Foo", operator: "equal", value: "Bar" } - ] - } - ] -); +await administrationClient.createClassificationPolicy("policy-1", { + workerSelectors: [{ + kind: "conditional", + condition: { kind: "expression-rule", expression: "job.Urgent = true" }, + workerSelectors: [{ key: "Foo", labelOperator: "equal", value: "Bar" }] + }] +}); ++``` ++++```python +administration_client.create_classification_policy( + classification_policy_id = "policy-1", + classification_policy = ClassificationPolicy( + worker_selectors = [ + ConditionalWorkerSelectorAttachment( + condition = ExpressionRouterRule(expression = "job.Urgent = true"), + worker_selectors = [ + RouterWorkerSelector(key = "Foo", label_operator = LabelOperator.EQUAL, value = "Bar") + ] + ) + ])) +``` ++++```java +administrationClient.createClassificationPolicy(new CreateClassificationPolicyOptions("policy-1") + .setWorkerSelectors(List.of(new ConditionalRouterWorkerSelectorAttachment() + .setCondition(new ExpressionRouterRule().setExpression("job.Urgent = true")) + .setWorkerSelectors(List.of(new RouterWorkerSelector().setKey("Foo").setLabelOperator(LabelOperator.EQUAL).setValue("Bar")))))); ``` ::: zone-end In this example, the Classification Policy is configured to attach a worker sele ::: zone pivot="programming-language-csharp" ```csharp-await routerAdministrationClient.CreateClassificationPolicyAsync( - options: new CreateClassificationPolicyOptions("policy-1") +await administrationClient.CreateClassificationPolicyAsync( + new CreateClassificationPolicyOptions("policy-1") {- WorkerSelectors = new List<WorkerSelectorAttachment>() + WorkerSelectors = {- new PassThroughQueueSelectorAttachment("Foo", LabelOperator.Equal) + new PassThroughWorkerSelectorAttachment(key: "Foo", labelOperator: LabelOperator.Equal) } }); ``` await routerAdministrationClient.CreateClassificationPolicyAsync( ::: zone pivot="programming-language-javascript" ```typescript-await client.upsertClassificationPolicy( - id: "policy-1", +await administrationClient.createClassificationPolicy("policy-1", { workerSelectors: [ { kind: "pass-through", key: "Foo",- operator: "equal" + labelOperator: "equal" } ]-); +}); +``` ++++```python +administration_client.create_classification_policy( + classification_policy_id = "policy-1", + classification_policy = ClassificationPolicy( + worker_selectors = [ + PassThroughWorkerSelectorAttachment( + key = "Foo", label_operator = LabelOperator.EQUAL, value = "Bar") + ])) +``` ++++```java +administrationClient.createClassificationPolicy(new CreateClassificationPolicyOptions("policy-1") + .setWorkerSelectors(List.of(new PassThroughWorkerSelectorAttachment() + .setKey("Foo").setLabelOperator(LabelOperator.EQUAL)))); ``` ::: zone-end In this example, the Classification Policy is configured with a weighted allocat ::: zone pivot="programming-language-csharp" ```csharp-await routerAdministrationClient.CreateClassificationPolicyAsync( - options: new CreateClassificationPolicyOptions("policy-1") +await administrationClient.CreateClassificationPolicyAsync(new CreateClassificationPolicyOptions("policy-1") {- WorkerSelectors = new List<WorkerSelectorAttachment>() + WorkerSelectors = {- new WeightedAllocationWorkerSelectorAttachment( - new List<WorkerWeightedAllocation>() + new WeightedAllocationWorkerSelectorAttachment(new List<WorkerWeightedAllocation> + { + new (weight: 0.3, workerSelectors: new List<RouterWorkerSelector> + { + new (key: "Vendor", labelOperator: LabelOperator.Equal, value: new LabelValue("A")) + }), + new (weight: 0.7, workerSelectors: new List<RouterWorkerSelector> {- new WorkerWeightedAllocation(0.3, - new List<WorkerSelector>() - { - new WorkerSelector("Vendor", LabelOperator.Equal, "A") - }), - new WorkerWeightedAllocation(0.7, - new List<WorkerSelector>() - { - new WorkerSelector("Vendor", LabelOperator.Equal, "B") - }) + new (key: "Vendor", labelOperator: LabelOperator.Equal, value: new LabelValue("B")) })+ }) } }); ``` await routerAdministrationClient.CreateClassificationPolicyAsync( ::: zone pivot="programming-language-javascript" ```typescript+await administrationClient.createClassificationPolicy("policy-1", { + workerSelectors: [{ + kind: "weighted-allocation-worker-selector", + allocations: [ + { + weight: 0.3, + workerSelectors: [{ key: "Vendor", labelOperator: "equal", value: "A" }] + }, + { + weight: 0.7, + workerSelectors: [{ key: "Vendor", labelOperator: "equal", value: "B" }] + }] + }] +}); +``` -await client.upsertClassificationPolicy( - id: "policy-1", - workerSelectors: [ - { - kind: "weighted-allocation", - allocations: [ - { - weight: 0.3, - labelSelectors: [{ key: "Vendor", operator: "equal", value: "A" }] - }, - { - weight: 0.7, - labelSelectors: [{ key: "Vendor", operator: "equal", value: "B" }] - } - ] - } - ] -); +++```python +administration_client.create_classification_policy( + classification_policy_id = "policy-1", + classification_policy = ClassificationPolicy( + worker_selectors = [ + WeightedAllocationWorkerSelectorAttachment(allocations = [ + WorkerWeightedAllocation(weight = 0.3, worker_selectors = [ + RouterWorkerSelector(key = "Vendor", label_operator = LabelOperator.EQUAL, value = "A") + ]), + WorkerWeightedAllocation(weight = 0.7, worker_selectors = [ + RouterWorkerSelector(key = "Vendor", label_operator = LabelOperator.EQUAL, value = "B") + ]) + ]) + ])) +``` ++++```java +administrationClient.createClassificationPolicy(new CreateClassificationPolicyOptions("policy-1") + .setWorkerSelectors(List.of(new WeightedAllocationWorkerSelectorAttachment() + .setAllocations(List.of(new WorkerWeightedAllocation().setWeight(0.3).setWorkerSelectors(List.of( + new RouterWorkerSelector().setKey("Vendor").setLabelOperator(LabelOperator.EQUAL).setValue("A"), + new RouterWorkerSelector().setKey("Vendor").setLabelOperator(LabelOperator.EQUAL).setValue("B") + ))))))); ``` ::: zone-end ## Reclassify a job after submission -Once the Job Router has received, and classified a Job using a policy, you have the option of reclassifying it using the SDK. The following example illustrates one way to increase the priority of the Job, simply by specifying the **Job ID**, calling the `ReclassifyJobAsync` method. +Once the Job Router has received, and classified a Job using a policy, you have the option of reclassifying it using the SDK. The following example illustrates one way to increase the priority of the Job to `10`, simply by specifying the **Job ID**, calling the `UpdateJobAsync` method, and updating the classificationPolicyId and including the `Hardware_VIP` label. ::: zone pivot="programming-language-csharp" ```csharp-var reclassifiedJob = await routerClient.ReclassifyJobAsync("<job id>"); +await client.UpdateJobAsync(new UpdateJobOptions("job1") { + ClassificationPolicyId = classificationPolicy.Value.Id, + Labels = { ["Hardware_VIP"] = new LabelValue(true) }}); ``` ::: zone-end var reclassifiedJob = await routerClient.ReclassifyJobAsync("<job id>"); ::: zone pivot="programming-language-javascript" ```typescript-await client.reclassifyJob("<jobId>"); +await client.updateJob("job1", { + classificationPolicyId: classificationPolicy.Value.Id, + labels: { Hardware_VIP: true }}); +``` ++++```python +client.update_job(job_id = "job1", + classification_policy_id = classification_policy.id, + labels = { "Hardware_VIP": True } +) +``` ++++```java +client.updateJob(new UpdateJobOptions("job1") + .setClassificationPolicyId(classificationPolicy.getId()) + .setLabels(Map.of("Hardware_VIP", new LabelValue(true)))); ``` ::: zone-end |
| communication-services | Manage Queue | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/communication-services/how-tos/router-sdk/manage-queue.md | +zone_pivot_groups: acs-js-csharp-java-python #Customer intent: As a developer, I want to manage the behavior of my jobs in a queue. # Manage a queue + This guide outlines the steps to create and manage a Job Router queue. ## Prerequisites -- An Azure account with an active subscription. [Create an account for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F). +- An Azure account with an active subscription. [Create an account for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F). - A deployed Communication Services resource. [Create a Communication Services resource](../../quickstarts/create-communication-resource.md). - Optional: Complete the quickstart to [get started with Job Router](../../quickstarts/router/get-started-router.md) -## Create a queue +## Create a distribution policy and a queue To create a simple queue in Job Router, use the SDK to specify the **queue ID**, **name**, and a **distribution policy ID**. The distribution policy must be created in advance as the Job Router will validate its existence upon creation of the queue. In the following example, a distribution policy is created to control how Job offers are generated for Workers. + ```csharp var distributionPolicy = await administrationClient.CreateDistributionPolicyAsync( new CreateDistributionPolicyOptions( distributionPolicyId: "Longest_Idle_45s_Min1Max10",- offerTtl: TimeSpan.FromSeconds(45), - mode: new LongestIdleMode( - minConcurrentOffers: 1, - maxConcurrentOffers: 10) + offerExpiresAfter: TimeSpan.FromSeconds(45), + mode: new LongestIdleMode { MinConcurrentOffers = 1, MaxConcurrentOffers = 10 }) {- Name = "Longest Idle matching with a 45s offer expiration; min 1, max 10 offers" - } -); + Name = "Longest Idle matching with a 45s offer expiration; min 1, max 10 offers", + }); var queue = await administrationClient.CreateQueueAsync(- options: new CreateQueueOptions("XBOX_DEFAULT_QUEUE", "Longest_Idle_45s_Min1Max10") + new CreateQueueOptions( + queueId: "XBOX_DEFAULT_QUEUE", + distributionPolicyId: distributionPolicy.Value.Id) { Name = "XBOX Default Queue"- } -); + }); ```++++```typescript +const distributionPolicy = await administrationClient.createDistributionPolicy("Longest_Idle_45s_Min1Max10", { + offerExpiresAfterSeconds: 45, + mode: { + kind: "longest-idle", + minConcurrentOffers: 1, + maxConcurrentOffers: 10 + }, + name: "Longest Idle matching with a 45s offer expiration; min 1, max 10 offers" +}); ++const queue = await administrationClient.createQueue("XBOX_DEFAULT_QUEUE", { + name: "XBOX Default Queue", + distributionPolicyId: distributionPolicy.id +}); +``` ++++```python +distribution_policy = administration_client.create_distribution_policy( + distribution_policy_id = "Longest_Idle_45s_Min1Max10", + distribution_policy = DistributionPolicy( + offer_expires_after = timedelta(seconds = 45), + mode = LongestIdleMode(min_concurrent_offers = 1, max_concurrent_offers = 10), + name = "Longest Idle matching with a 45s offer expiration; min 1, max 10 offers" + )) ++queue = administration_client.create_queue( + queue_id = "XBOX_DEFAULT_QUEUE", + queue = RouterQueue( + name = "XBOX Default Queue", + distribution_policy_id = distribution_policy.id + )) +``` ++++```java +DistributionPolicy distributionPolicy = administrationClient.createDistributionPolicy(new CreateDistributionPolicyOptions( + "Longest_Idle_45s_Min1Max10", + Duration.ofSeconds(45), + new LongestIdleMode().setMinConcurrentOffers(1).setMaxConcurrentOffers(10)) + .setName("Longest Idle matching with a 45s offer expiration; min 1, max 10 offers")); +``` ++ ## Update a queue -The Job Router SDK will update an existing queue when the `UpdateQueue` or `UpdateQueueAsync` method is called. +The Job Router SDK will update an existing queue when the `UpdateQueueAsync` method is called. + ```csharp-var queue = await administrationClient.UpdateQueueAsync( - options: new UpdateQueueOptions("XBOX_DEFAULT_QUEUE") - { - Name = "XBOX Default Queue", - DistributionPolicyId = "Longest_Idle_45s_Min1Max10", - Labels = new Dictionary<string, LabelValue>() - { - ["Additional-Queue-Label"] = new LabelValue("ChatQueue") - } - }); -); +await administrationClient.UpdateQueueAsync(new UpdateQueueOptions(queue.Value.Id) +{ + Name = "XBOX Updated Queue", + Labels = { ["Additional-Queue-Label"] = new LabelValue("ChatQueue") } +}); +``` ++++```typescript +await administrationClient.updateQueue(queue.id, { + name: "XBOX Updated Queue", + labels: { "Additional-Queue-Label": "ChatQueue" } +}); ``` +++```python +administration_client.update_queue( + queue_id = queue.id, + queue = RouterQueue( + name = "XBOX Updated Queue", + labels = { "Additional-Queue-Label": "ChatQueue" } + )) +``` ++++```java +administrationClient.updateQueue(new UpdateQueueOptions(queue.getId()) + .setName("XBOX Updated Queue") + .setLabels(Map.of("Additional-Queue-Label", new LabelValue("ChatQueue")))); +``` ++ ## Delete a queue -To delete a queue using the Job Router SDK call the `DeleteQueue` or `DeleteQueueAsync` method passing the **queue ID**. +To delete a queue using the Job Router SDK, call the `DeleteQueue` method passing the **queue ID**. + ```csharp-var result = await client.DeleteQueueAsync("XBOX_DEFAULT_QUEUE"); +await administrationClient.DeleteQueueAsync(queue.Value.Id); ``` +++```typescript +await administrationClient.deleteQueue(queue.id); +``` ++++```python +administration_client.delete_queue(queue.id) +``` ++++```java +administrationClient.deleteQueue(queue.getId()); +``` ++ > [!NOTE]-> To delete a queue you must make sure there are no active jobs assigned to it. Additionally, make sure there are no references to the queue in any classification policies or rules that use an expression to select the queue by ID using a string value. +> To delete a queue you must make sure there are no active jobs assigned to it. Additionally, make sure there are no references to the queue in any classification policies. |
| communication-services | Preferred Worker | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/communication-services/how-tos/router-sdk/preferred-worker.md | -zone_pivot_groups: acs-js-csharp +zone_pivot_groups: acs-js-csharp-java-python + #Customer intent: As a developer, I want to target a specific worker # Target a Preferred Worker -In the context of a call center, customers might be assigned an account manager or have a relationship with a specific worker. In that event, you might want to route a specific job to a specific worker if possible. ++In the context of a call center, customers might be assigned an account manager or have a relationship with a specific worker. As such, You'd want to route a specific job to a specific worker if possible. ## Prerequisites -- An Azure account with an active subscription. [Create an account for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F). -- A deployed Azure Communication Services resource. [Create a Communication Services resource](../../quickstarts/create-communication-resource.md).+- An Azure account with an active subscription. [Create an account for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F). +- A deployed Communication Services resource. [Create a Communication Services resource](../../quickstarts/create-communication-resource.md). - Optional: Complete the quickstart to [get started with Job Router](../../quickstarts/router/get-started-router.md) ## Setup worker selectors Every worker automatically has an `Id` label. You can apply worker selectors to the job, to target a specific worker. -In the following example, a job is created that targets a specific worker. If that worker does not accept the job within the time to live(TTL) of 1 minute, the condition for the specific worker is no longer valid and the job can go to any worker. +In the following example, a job is created that targets a specific worker. If that worker does not accept the job within the offer expiry duration of 1 minute, the condition for the specific worker is no longer be valid and the job could go to any worker. ::: zone pivot="programming-language-csharp" ```csharp-await routerClient.CreateJobAsync( - options: new CreateJobOptions( - jobId: "<job id>", - channelId: "<channel id>", - queueId: "<queue id>") +await client.CreateJobAsync( + new CreateJobOptions(jobId: "job1", channelId: "Xbox_Chat_Channel", queueId: queue.Value.Id) {- RequestedWorkerSelectors = new List<WorkerSelector>() - { - new WorkerSelector("Id", LabelOperator.Equal, "<preferred worker id>", TimeSpan.FromMinutes(1)) - } + RequestedWorkerSelectors = + { + new RouterWorkerSelector(key: "Id", labelOperator: LabelOperator.Equal, value: new LabelValue("<preferred_worker_id>")) { + Expedite = true, + ExpireAfterSeconds = 45 + } + } }); ``` await routerClient.CreateJobAsync( ::: zone pivot="programming-language-javascript" ```typescript-await client.createJob({ - channelId: "<channel id>", - queueId: "<queue id>", - workerSelectors: [ +await client.createJob("job1", { + channelId: "Xbox_Chat_Channel", + queueId: queue.id, + requestedWorkerSelectors: [ { key: "Id",- operator: "equal", + labelOperator: "equal", value: "<preferred worker id>",- ttl: "00:01:00" + expireAfterSeconds: 45 } ] }); await client.createJob({ ::: zone-end ++```python +client.create_job(job_id = "job1", router_job = RouterJob( + channel_id = "Xbox_Chat_Channel", + queue_id = queue1.id, + requested_worker_selectors = [ + RouterWorkerSelector( + key = "Id", + label_operator = LabelOperator.EQUAL, + value = "<preferred worker id>", + expire_after_seconds = 45 + ) + ] +)) +``` ++++```java +client.createJob(new CreateJobOptions("job1", "Xbox_Chat_Channel", queue.getId()) + .setRequestedWorkerSelectors(List.of(new RouterWorkerSelector().setKey("Id") + .setLabelOperator(LabelOperator.EQUAL) + .setValue(new LabelValue("<preferred_worker_id>")) + .setExpireAfterSeconds(45.0) + .setExpedite(true)))); +``` ++ > [!TIP] > You could also use any custom label that is unique to each worker. |
| communication-services | Scheduled Jobs | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/communication-services/how-tos/router-sdk/scheduled-jobs.md | + + Title: Create a scheduled job for Azure Communication Services ++description: Use Azure Communication Services Job Router SDK to create a scheduled job +++++ Last updated : 06/07/2023++++zone_pivot_groups: acs-js-csharp-java-python ++#Customer intent: As a developer, I want to create a scheduled job +++# Scheduling a job +++In the context of a call center, customers may want to receive a scheduled callback at a later time. As such, you will need to create a scheduled job in Job Router. ++## Prerequisites ++- An Azure account with an active subscription. [Create an account for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F). +- A deployed Communication Services resource. [Create a Communication Services resource](../../quickstarts/create-communication-resource.md). +- A Job Router queue with queueId `Callback` has been [created](manage-queue.md). +- A Job Router worker with channel capacity on the `Voice` channel has been [created](../../concepts/router/matching-concepts.md). +- Subscribe to the [JobWaitingForActivation event](subscribe-events.md#microsoftcommunicationrouterjobwaitingforactivation) +- Optional: Complete the quickstart to [get started with Job Router](../../quickstarts/router/get-started-router.md) ++## Create a job using the ScheduleAndSuspendMode ++In the following example, a job is created that will be scheduled 3 minutes from now by setting the `MatchingMode` to `ScheduleAndSuspendMode` with a `scheduleAt` parameter. This assumes that you've already [created a queue](manage-queue.md) with the queueId `Callback` and that there is an active [worker registered](../../concepts/router/matching-concepts.md) to the queue with available capacity on the `Voice` channel. +++```csharp +await client.CreateJobAsync(new CreateJobOptions(jobId: "job1", channelId: "Voice", queueId: "Callback") +{ + MatchingMode = new ScheduleAndSuspendMode(scheduleAt: DateTimeOffset.UtcNow.Add(TimeSpan.FromMinutes(3))) +}); +``` ++++```typescript +await client.createJob("job1", { + channelId: "Voice", + queueId: "Callback", + matchingMode: { + modeType: "scheduleAndSuspendMode", + scheduleAndSuspendMode: { + scheduleAt: new Date(Date.now() + 3 * 60000) + } + } +}); +``` ++++```python +client.create_job(job_id = "job1", router_job = RouterJob( + channel_id = "Voice", + queue_id = "Callback", + matching_mode = JobMatchingMode( + mode_type = "scheduleAndSuspendMode", + schedule_and_suspend_mode = ScheduleAndSuspendMode(scheduled_at = datetime.utcnow() + timedelta(minutes = 3))))) +``` ++++```java +client.createJob(new CreateJobOptions("job1", "Voice", "Callback") + .setMatchingMode(new ScheduleAndSuspendMode(OffsetDateTime.now().plusMinutes(3)))); +``` +++## Wait for the scheduled time to be reached, then queue the job ++When the scheduled time has been reached, Job Router will emit a [RouterJobWaitingForActivation event](subscribe-events.md#microsoftcommunicationrouterjobwaitingforactivation). If this event has been subscribed, the event can be parsed into a variable called `eventGridEvent`. At this time, some required actions may be performed, before enabling the job to be matched to a worker. For example, in the context of the contact center, such an action could be making an outbound call and waiting for the customer to accept the callback. Once the required actions are complete, the job can be queued by calling the `UpdateJobAsync` method with the `MatchingMode` set to `QueueAndMatchMode` and priority set to `100` to quickly find an eligible worker. +++```csharp +// Event Grid Event Handler code omitted +if (eventGridEvent.EventType == "Microsoft.Communication.RouterJobWaitingForActivation") +{ + // Perform required actions here ++ await client.UpdateJobAsync(new UpdateJobOptions(jobId: eventGridEvent.Data.JobId) + { + MatchingMode = new QueueAndMatchMode(), + Priority = 100 + }); +} +``` ++++```typescript +// Event Grid Event Handler code omitted +if (eventGridEvent.EventType == "Microsoft.Communication.RouterJobWaitingForActivation") +{ + // Perform required actions here ++ await client.updateJob(eventGridEvent.data.jobId, { + matchingMode: { modeType: "queueAndMatchMode", queueAndMatchMode: {} }, + priority: 100 + }); +} +``` ++++```python +# Event Grid Event Handler code omitted +if (eventGridEvent.event_type == "Microsoft.Communication.RouterJobWaitingForActivation") +{ + # Perform required actions here ++ client.update_job(job_id = eventGridEvent.data.job_id, + matching_mode = JobMatchingMode(mode_type = queueAndMatchMode, queue_and_match_mode = {}), + priority = 100) +} +``` ++++```java +// Event Grid Event Handler code omitted +if (eventGridEvent.EventType == "Microsoft.Communication.RouterJobWaitingForActivation") +{ + // Perform required actions here ++ client.updateJob(new UpdateJobOptions(eventGridEvent.Data.JobId) + .setMatchingMode(new QueueAndMatchMode()) + .setPriority(100)); +} +``` +++## Next steps ++- Learn how to [accept the Job Router offer](accept-decline-offer.md) that will be issued once a matching worker has been found for the job. |
| communication-services | Subscribe Events | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/communication-services/how-tos/router-sdk/subscribe-events.md | +- An Azure account with an active subscription. [Create an account for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F). - A deployed Communication Services resource. [Create a Communication Services resource](../../quickstarts/create-communication-resource.md). - Optional: Complete the quickstart to [get started with Job Router](../../quickstarts/router/get-started-router.md) ## Create an Event Grid subscription -> [!NOTE] -> Since Job Router is still in preview, the events are not included in the portal UI. You have to use an Azure Resource Manager (ARM) template to create a subscription that references them. - This template deploys an Event Grid subscription on a Storage Queue for Job Router events. If the storage account, queue or system topic doesn't exist, they'll be created as well. dotnet run ## Events Catalog +## Router Events + | Events | Subdomain | Description | ||::| - | | [`RouterJobReceived`](#microsoftcommunicationrouterjobreceived) | `Job` | A new job was created for routing | dotnet run | [`RouterJobCancelled`](#microsoftcommunicationrouterjobcancelled) | `Job` | A job was canceled | | [`RouterJobExceptionTriggered`](#microsoftcommunicationrouterjobexceptiontriggered) | `Job` | A job exception has been triggered | | [`RouterJobWorkerSelectorsExpired`](#microsoftcommunicationrouterjobworkerselectorsexpired) | `Job` | One or more worker selectors on a job have expired |+| [`RouterJobUnassigned`](#microsoftcommunicationrouterjobunassigned) | `Job` | An already assigned job has been unassigned from a worker | +| [`RouterJobWaitingForActivation`](#microsoftcommunicationrouterjobwaitingforactivation) | `Job` | A scheduled job's requested scheduled time has arrived, Router is waiting on contoso to act on the job | +| [`RouterJobSchedulingFailed`](#microsoftcommunicationrouterjobschedulingfailed) | `Job` | A scheduled job was requested however, Router failed to create one | +| [`RouterJobDeleted`](#microsoftcommunicationrouterjobdeleted) | `Job` | A job has been deleted | | [`RouterWorkerOfferIssued`](#microsoftcommunicationrouterworkerofferissued) | `Worker` | A job was offered to a worker | | [`RouterWorkerOfferAccepted`](#microsoftcommunicationrouterworkerofferaccepted) | `Worker` | An offer to a worker was accepted | | [`RouterWorkerOfferDeclined`](#microsoftcommunicationrouterworkerofferdeclined) | `Worker` | An offer to a worker was declined | | [`RouterWorkerOfferRevoked`](#microsoftcommunicationrouterworkerofferrevoked) | `Worker` | An offer to a worker was revoked | | [`RouterWorkerOfferExpired`](#microsoftcommunicationrouterworkerofferexpired) | `Worker` | An offer to a worker has expired |-| [`RouterWorkerRegistered`](#microsoftcommunicationrouterworkerregistered) | `Worker` | A worker has been registered | -| [`RouterWorkerDeregistered`](#microsoftcommunicationrouterworkerderegistered) | `Worker` | A worker has been deregistered | --## Router Events +| [`RouterWorkerRegistered`](#microsoftcommunicationrouterworkerregistered) | `Worker` | A worker has been registered (status changed from inactive/draining to active) | +| [`RouterWorkerDeregistered`](#microsoftcommunicationrouterworkerderegistered) | `Worker` | A worker has been deregistered (status changed from active to inactive/draining) | +| [`RouterWorkerDeleted`](#microsoftcommunicationrouterworkerdeleted) | `Worker` | A worker has been deleted | ### Microsoft.Communication.RouterJobReceived dotnet run "value": 5, "ttl": "P3Y6M4DT12H30M5S" }- ] + ], + "scheduledTimeUtc": "3/28/2007 7:13:50 PM +00:00", + "unavailableForMatching": false }, "eventType": "Microsoft.Communication.RouterJobReceived", "dataVersion": "1.0", dotnet run } ``` -**Attribute list** +#### Attribute list -| Attribute | Type | Nullable |Description | Notes | +| Attribute | Type | Nullable | Description | Notes | |: |:--:|:-:|-|-| | jobId| `string` | ❌ | | channelReference | `string` | ❌ |-| jobStatus| `enum` | ❌ | Possible values <ul> <li>PendingClassification</li><li>Queued</li> </ul> | When a this event is sent out, classification process is yet to have been executed or job was created with an associated queueId. +| jobStatus| `enum` | ❌ | Possible values PendingClassification, Queued | When this event is sent out, classification process is yet to have been executed or job was created with an associated queueId. |channelId | `string` | ❌ | | classificationPolicyId | `string` | ✔️ | | `null` when `queueId` is specified for a job | queueId | `string` | ✔️ | | `null` when `classificationPolicyId` is specified for a job dotnet run | labels | `Dictionary<string, object>` | ✔️ | | Based on user input | tags | `Dictionary<string, object>` | ✔️ | | Based on user input | requestedWorkerSelectors | `List<WorkerSelector>` | ✔️ | | Based on user input+| scheduledTimeUtc | `DateTimeOffset` | ✔️ | | Based on user input +| unavailableForMatching | `bool` | ✔️ | | Based on user input ### Microsoft.Communication.RouterJobClassified dotnet run } ``` -**Attribute list** +#### Attribute list -| Attribute | Type | Nullable |Description | Notes | +| Attribute | Type | Nullable | Description | Notes | |: |:--:|:-:|-|-| | queueInfo | `QueueInfo` | ❌ | | jobId| `string` | ❌ | dotnet run } ``` -**Attribute list** +#### Attribute list | Attribute | Type | Nullable |Description | Notes | |: |:--:|:-:|-|-| dotnet run } ``` -**Attribute list** +#### Attribute list | Attribute | Type | Nullable |Description | Notes | |: |:--:|:-:|-|-| dotnet run } ``` -**Attribute list** +#### Attribute list | Attribute | Type | Nullable |Description | Notes | |: |:--:|:-:|-|-| dotnet run } ``` -**Attribute list** +#### Attribute list | Attribute | Type | Nullable |Description | Notes | |: |:--:|:-:|-|-| dotnet run } ``` -**Attribute list** +#### Attribute list | Attribute | Type | Nullable |Description | Notes | |: |:--:|:-:|-|-| dotnet run } ``` -**Attribute list** +#### Attribute list | Attribute | Type | Nullable |Description | Notes | |: |:--:|:-:|-|-| dotnet run } ``` -**Attribute list** +#### Attribute list | Attribute | Type | Nullable |Description | Notes | |: |:--:|:-:|-|-| dotnet run | requestedWorkerSelectorsExpired | `List<WorkerSelector>` | ✔️ | | Based on user input while creating a job | attachedWorkerSelectorsExpired | `List<WorkerSelector>` | ✔️ | | List of worker selectors attached by a classification policy +### Microsoft.Communication.RouterJobUnassigned ++[Back to Event Catalog](#events-catalog) ++```json +{ + "id": "acdf8fa5-8ab4-4a65-874a-c1d2a4a97f2e", + "topic": "/subscriptions/{subscription-id}/resourceGroups/{group-name}/providers/Microsoft.Communication/communicationServices/{communication-services-resource-name}", + "subject": "job/{job-id}/channel/{channel-id}/assignment/{assignment-id}", + "data": { + "jobId": "7f1df17b-570b-4ae5-9cf5-fe6ff64cc712", + "assignmentId": "", + "workerId": "", + "channelId": "FooVoiceChannelId", + "channelReference": "test-abc", + "queueId": "queue-id", + "labels": { + "Locale": "en-us", + "Segment": "Enterprise", + "Token": "FooToken" + }, + "tags": { + "Locale": "en-us", + "Segment": "Enterprise", + "Token": "FooToken" + } + }, + "eventType": "Microsoft.Communication.RouterJobUnassigned", + "dataVersion": "1.0", + "metadataVersion": "1", + "eventTime": "2022-02-17T00:55:25.1736293Z" +} +``` ++#### Attribute list ++| Attribute | Type | Nullable |Description | Notes | +|: |:--:|:-:|-|-| +| jobId| `string` | ❌ | +| assignmentId | `string` | ❌ | +| workerId | `string` | ❌ | +| channelId | `string` | ❌ | +| channelReference | `string` | ❌ | +| queueId | `string` | ✔️ | | `null` when `classificationPolicyId` is specified for a job +| labels | `Dictionary<string, object>` | ✔️ | | Based on user input +| tags | `Dictionary<string, object>` | ✔️ | | Based on user input ++### Microsoft.Communication.RouterJobWaitingForActivation ++[Back to Event Catalog](#events-catalog) ++```json +{ + "id": "acdf8fa5-8ab4-4a65-874a-c1d2a4a97f2e", + "topic": "/subscriptions/{subscription-id}/resourceGroups/{group-name}/providers/Microsoft.Communication/communicationServices/{communication-services-resource-name}", + "subject": "job/{job-id}/channel/{channel-id}", + "data": { + "jobId": "7f1df17b-570b-4ae5-9cf5-fe6ff64cc712", + "channelId": "FooVoiceChannelId", + "channelReference": "test-abc", + "queueId": "queue-id", + "priority": 1, + "labels": { + "Locale": "en-us", + "Segment": "Enterprise", + "Token": "FooToken" + }, + "tags": { + "Locale": "en-us", + "Segment": "Enterprise", + "Token": "FooToken" + }, + "requestedWorkerSelectors": [ + { + "key": "string", + "labelOperator": "equal", + "value": 5, + "ttl": "P3Y6M4DT12H30M5S" + } + ], + "attachedWorkerSelectors": [ + { + "key": "string", + "labelOperator": "equal", + "value": 5, + "ttl": "P3Y6M4DT12H30M5S" + } + ], + "scheduledTimeUtc": "2022-02-17T00:55:25.1736293Z", + "unavailableForMatching": false + }, + "eventType": "Microsoft.Communication.RouterJobWaitingForActivation", + "dataVersion": "1.0", + "metadataVersion": "1", + "eventTime": "2022-02-17T00:55:25.1736293Z" +} +``` ++#### Attribute list ++| Attribute | Type | Nullable |Description | Notes | +|: |:--:|:-:|-|-| +| jobId| `string` | ❌ | +| channelId | `string` | ❌ | +| channelReference | `string` | ❌ | +| queueId | `string` | ✔️ | | `null` when `classificationPolicyId` is specified for a job +| labels | `Dictionary<string, object>` | ✔️ | | Based on user input +| tags | `Dictionary<string, object>` | ✔️ | | Based on user input +| requestedWorkerSelectorsExpired | `List<WorkerSelector>` | ✔️ | | Based on user input while creating a job +| attachedWorkerSelectorsExpired | `List<WorkerSelector>` | ✔️ | | List of worker selectors attached by a classification policy +| scheduledTimeUtc | `DateTimeOffset` |✔️ | | Based on user input while creating a job +| unavailableForMatching | `bool` |✔️ | | Based on user input while creating a job +| priority| `int` | ❌ | | Based on user input while creating a job ++### Microsoft.Communication.RouterJobSchedulingFailed ++[Back to Event Catalog](#events-catalog) ++```json +{ + "id": "acdf8fa5-8ab4-4a65-874a-c1d2a4a97f2e", + "topic": "/subscriptions/{subscription-id}/resourceGroups/{group-name}/providers/Microsoft.Communication/communicationServices/{communication-services-resource-name}", + "subject": "job/{job-id}/channel/{channel-id}", + "data": { + "jobId": "7f1df17b-570b-4ae5-9cf5-fe6ff64cc712", + "channelId": "FooVoiceChannelId", + "channelReference": "test-abc", + "queueId": "queue-id", + "priority": 1, + "labels": { + "Locale": "en-us", + "Segment": "Enterprise", + "Token": "FooToken" + }, + "tags": { + "Locale": "en-us", + "Segment": "Enterprise", + "Token": "FooToken" + }, + "requestedWorkerSelectors": [ + { + "key": "string", + "labelOperator": "equal", + "value": 5, + "ttl": "P3Y6M4DT12H30M5S" + } + ], + "attachedWorkerSelectors": [ + { + "key": "string", + "labelOperator": "equal", + "value": 5, + "ttl": "P3Y6M4DT12H30M5S" + } + ], + "scheduledTimeUtc": "2022-02-17T00:55:25.1736293Z", + "failureReason": "Error" + }, + "eventType": "Microsoft.Communication.RouterJobSchedulingFailed", + "dataVersion": "1.0", + "metadataVersion": "1", + "eventTime": "2022-02-17T00:55:25.1736293Z" +} +``` ++#### Attribute list ++| Attribute | Type | Nullable |Description | Notes | +|: |:--:|:-:|-|-| +| jobId| `string` | ❌ | +| channelId | `string` | ❌ | +| channelReference | `string` | ❌ | +| queueId | `string` | ✔️ | | `null` when `classificationPolicyId` is specified for a job +| labels | `Dictionary<string, object>` | ✔️ | | Based on user input +| tags | `Dictionary<string, object>` | ✔️ | | Based on user input +| requestedWorkerSelectorsExpired | `List<WorkerSelector>` | ✔️ | | Based on user input while creating a job +| attachedWorkerSelectorsExpired | `List<WorkerSelector>` | ✔️ | | List of worker selectors attached by a classification policy +| scheduledTimeUtc | `DateTimeOffset` |✔️ | | Based on user input while creating a job +| failureReason | `string` |✔️ | | System determined +| priority| `int` |❌ | | Based on user input while creating a job ++### Microsoft.Communication.RouterJobDeleted ++[Back to Event Catalog](#events-catalog) ++```json +{ + "id": "acdf8fa5-8ab4-4a65-874a-c1d2a4a97f2e", + "topic": "/subscriptions/{subscription-id}/resourceGroups/{group-name}/providers/Microsoft.Communication/communicationServices/{communication-services-resource-name}", + "subject": "job/{job-id}/channel/{channel-id}", + "data": { + "jobId": "7f1df17b-570b-4ae5-9cf5-fe6ff64cc712", + "channelReference": "test-abc", + "channelId": "FooVoiceChannelId", + "labels": { + "Locale": "en-us", + "Segment": "Enterprise", + "Token": "FooToken" + }, + "tags": { + "Locale": "en-us", + "Segment": "Enterprise", + "Token": "FooToken" + }, + "queueId": "" + }, + "eventType": "Microsoft.Communication.RouterJobDeleted", + "dataVersion": "1.0", + "metadataVersion": "1", + "eventTime": "2022-02-17T00:55:25.1736293Z" +} +``` ++#### Attribute list ++| Attribute | Type | Nullable |Description | Notes | +|: |:--:|:-:|-|-| +| jobId| `string` | ❌ | + ## Worker Events ### Microsoft.Communication.RouterWorkerOfferIssued dotnet run } ``` -**Attribute list** +#### Attribute list | Attribute | Type | Nullable |Description | Notes | |: |:--:|:-:|-|-| dotnet run } ``` -**Attribute list** +#### Attribute list | Attribute | Type | Nullable |Description | Notes | |: |:--:|:-:|-|-| dotnet run } ``` -**Attribute list** +#### Attribute list | Attribute | Type | Nullable |Description | Notes | |: |:--:|:-:|-|-| dotnet run } ``` -**Attribute list** +#### Attribute list | Attribute | Type | Nullable |Description | Notes | |: |:--:|:-:|-|-| dotnet run } ``` -**Attribute list** +#### Attribute list | Attribute | Type | Nullable |Description | Notes | |: |:--:|:-:|-|-| dotnet run "channelConfigurations": [ { "channelId": "FooVoiceChannelId",- "capacityCostPerJob": 10 + "capacityCostPerJob": 10, + "maxNumberOfJobs": 5 }- ] + ], + "tags": { + "Locale": "en-us", + "Segment": "Enterprise", + "Token": "FooToken" + } }, "eventType": "Microsoft.Communication.RouterWorkerRegistered", "dataVersion": "1.0", dotnet run } ``` -**Attribute list** +#### Attribute list -| Attribute | Type | Nullable |Description | Notes | +| Attribute | Type | Nullable | Description | Notes | |: |:--:|:-:|-|-| | workerId | `string` | ❌ | | totalCapacity | `int` | ❌ |-| queueAssignments| `List<QueueInfo>` | ❌ | -| labels| `Dictionary<string, object>` | ✔️ | | Based on user input | +| queueAssignments | `List<QueueInfo>` | ❌ | +| labels | `Dictionary<string, object>` | ✔️ | | Based on user input | channelConfigurations| `List<ChannelConfiguration>` | ❌ |+| tags | `Dictionary<string, object>` | ✔️ | | Based on user input ### Microsoft.Communication.RouterWorkerDeregistered dotnet run "topic": "/subscriptions/{subscription-id}/resourceGroups/{group-name}/providers/Microsoft.Communication/communicationServices/{communication-services-resource-name}", "subject": "worker/{worker-id}", "data": {- "workerId": "worker3", + "workerId": "worker3" }, "eventType": "Microsoft.Communication.RouterWorkerDeregistered", "dataVersion": "1.0", dotnet run } ``` -**Attribute list** +#### Attribute list | Attribute | Type | Nullable |Description | Notes | |: |:--:|:-:|-|-| | workerId | `string` | ❌ | +### Microsoft.Communication.RouterWorkerDeleted ++[Back to Event Catalog](#events-catalog) ++```json +{ + "id": "1027db4a-17fe-4a7f-ae67-276c3120a29f", + "topic": "/subscriptions/{subscription-id}/resourceGroups/{group-name}/providers/Microsoft.Communication/communicationServices/{communication-services-resource-name}", + "subject": "worker/{worker-id}", + "data": { + "workerId": "worker3", + "totalCapacity": 100, + "queueAssignments": [ + { + "id": "MyQueueId2", + "name": "Queue 3", + "labels": { + "Language": "en", + "Product": "Office", + "Geo": "NA" + } + } + ], + "labels": { + "x": "111", + "y": "111" + }, + "channelConfigurations": [ + { + "channelId": "FooVoiceChannelId", + "capacityCostPerJob": 10, + "maxNumberOfJobs": 5 + } + ], + "tags": { + "Locale": "en-us", + "Segment": "Enterprise", + "Token": "FooToken" + } + }, + "eventType": "Microsoft.Communication.RouterWorkerDeleted", + "dataVersion": "1.0", + "metadataVersion": "1", + "eventTime": "2022-02-17T00:55:25.1736293Z" +} +``` ++#### Attribute list ++| Attribute | Type | Nullable | Description | Notes | +|: |:--:|:-:|-|-| +| workerId | `string` | ❌ | +| totalCapacity | `int` | ❌ | +| queueAssignments | `List<QueueInfo>` | ❌ | +| labels | `Dictionary<string, object>` | ✔️ | | Based on user input +| channelConfigurations| `List<ChannelConfiguration>` | ❌ | +| tags | `Dictionary<string, object>` | ✔️ | | Based on user input ++## Model Definitions ++### QueueInfo ++```csharp +public class QueueInfo +{ + public string Id { get; set; } + public string Name { get; set; } + public Dictionary<string, object>? Labels { get; set; } +} +``` ++### CommunicationError ++```csharp +public class CommunicationError +{ + public string? Code { get; init; } + public string Message { get; init; } + public string? Target { get; init; } + public CommunicationError? InnerError { get; init; } + public IEnumerable<CommunicationError>? Details { get; init; } +} +``` ++### ChannelConfiguration ++```csharp +public class ChannelConfiguration +{ + public string ChannelId { get; set; } + public int CapacityCostPerJob { get; set; } + public int? MaxNumberOfJobs { get; set; } +} +``` ++### WorkerSelector ++```csharp +public class WorkerSelector +{ + public string Key { get; set; } + public LabelOperator LabelOperator { get; set; } + public object Value { get; set; } + public double? TTLSeconds { get; set; } + public WorkerSelectorState State { get; set; } + public DateTimeOffset? ExpireTime { get; set; } +} ++public enum WorkerSelectorState +{ + Active = 0, + Expired = 1 +} ++public enum LabelOperator +{ + Equal, + NotEqual, + LessThan, + LessThanEqual, + GreaterThan, + GreaterThanEqual, +} +``` + <!-- LINKS --> [event-grid-overview]: ../../../event-grid/overview.md-[filter-events]: ../../../event-grid/how-to-filter-events.md |
| communication-services | Quickstart Make An Outbound Call | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/communication-services/quickstarts/call-automation/quickstart-make-an-outbound-call.md | Last updated 06/19/2023 -+ zone_pivot_groups: acs-js-csharp-java-python |
| communication-services | Create Communication Resource | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/communication-services/quickstarts/create-communication-resource.md | ms.devlang: azurecli # Quickstart: Create and manage Communication Services resources -Get started with Azure Communication Services by provisioning your first Communication Services resource. Communication Services resources can be provisioned through the [Azure portal](https://portal.azure.com) or with the .NET management SDK. The management SDK and the Azure portal allow you to create, configure, update and delete your resources and interface with [Azure Resource Manager](../../azure-resource-manager/management/overview.md), Azure's deployment and management service. All functionality available in the SDKs is available in the Azure portal. -<br/> -<br/> ->[!VIDEO https://www.youtube.com/embed/3In3o5DhOHU] +Get started with Azure Communication Services by provisioning your first Communication Services resource. Communication Services resources can be provisioned through the [Azure portal](https://portal.azure.com) or with the .NET management SDK. The management SDK and the Azure portal allow you to create, configure, update and delete your resources and interface with [Azure Resource Manager](../../azure-resource-manager/management/overview.md), Azure's deployment and management service. All functionality available in the SDKs is available in the Azure portal. +>[!VIDEO https://www.youtube.com/embed/3In3o5DhOHU] -> [!WARNING] +> [!WARNING] > Note that it is not possible to create a resource group at the same time as a resource for Azure Communication Services. When creating a resource, a resource group that has been created already, must be used. - ::: zone pivot="platform-azp" [!INCLUDE [Azure portal](./includes/create-resource-azp.md)] ::: zone-end Get started with Azure Communication Services by provisioning your first Communi [!INCLUDE [PowerShell](./includes/create-resource-powershell.md)] ::: zone-end - ## Access your connection strings and service endpoints Connection strings allow the Communication Services SDKs to connect and authenticate to Azure. You can access your Communication Services connection strings and service endpoints from the Azure portal or programmatically with Azure Resource Manager APIs. After navigating to your Communication Services resource, select **Keys** from t :::image type="content" source="./media/key.png" alt-text="Screenshot of Communication Services Key page."::: ### Access your connection strings and service endpoints using Azure CLI-You can also access key information using Azure CLI, like your resource group or the keys for a specific resource. ++You can also access key information using Azure CLI, like your resource group or the keys for a specific resource. Install [Azure CLI](/cli/azure/install-azure-cli-windows?tabs=azure-cli) and use the following command to login. You'll need to provide your credentials to connect with your Azure account.+ ```azurepowershell-interactive az login ``` Now you can access important information about your resources.+ ```azurepowershell-interactive az communication list --resource-group "<resourceGroup>" az communication list-key --name "<acsResourceName>" --resource-group "<resource ``` If you would like to select a specific subscription, you can also specify the ```--subscription``` flag and provide the subscription ID.+ ```azurepowershell-interactive az communication list --resource-group "<resourceGroup>" --subscription "<subscriptionId>" If you want to clean up and remove a Communication Services subscription, you ca az communication delete --name "acsResourceName" --resource-group "resourceGroup" ``` -[Deleting the resource group](../../azure-resource-manager/management/manage-resource-groups-portal.md#delete-resource-groups) also deletes any other resources associated with it. +[Deleting the resource group](../../azure-resource-manager/management/manage-resource-groups-portal.md#delete-resource-groups) also deletes any other resources associated with it. -If you have any phone numbers assigned to your resource upon resource deletion, the phone numbers will be released from your resource automatically at the same time. +If you have any phone numbers assigned to your resource upon resource deletion, the phone numbers will be released from your resource automatically at the same time. -> [!Note] +> [!NOTE] > Resource deletion is **permanent** and no data, including event grid filters, phone numbers, or other data tied to your resource, can be recovered if you delete the resource. ## Next steps If you have any phone numbers assigned to your resource upon resource deletion, In this quickstart you learned how to: > [!div class="checklist"]+> > * Create a Communication Services resource > * Configure resource geography and tags > * Access the keys for that resource |
| communication-services | Get Started Router | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/communication-services/quickstarts/router/get-started-router.md | +zone_pivot_groups: acs-js-csharp-java-python # Quickstart: Submit a job for queuing and routing -Get started with Azure Communication Services Job Router by setting up your client. Then can configure core functionality such as queues, policies, workers, and Jobs. To learn more about Job Router concepts, visit [Job Router conceptual documentation](../../concepts/router/concepts.md) +Get started with Azure Communication Services Job Router by setting up your client, then configuring core functionality such as queues, policies, workers, and Jobs. To learn more about Job Router concepts, visit [Job Router conceptual documentation](../../concepts/router/concepts.md) -## Prerequisites -- An Azure account with an active subscription. [Create an account for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F).-- An active Communication Services resource and connection string. [Create a Communication Services resource](../create-communication-resource.md).+Get started with Azure Communication Services Job Router by setting up your client, then configuring core functionality such as queues, policies, workers, and Jobs. To learn more about Job Router concepts, visit [Job Router conceptual documentation](../../concepts/router/concepts.md) -## Setting up -### Create a new C# application -In a console window (such as cmd, PowerShell, or Bash), use the `dotnet new` command to create a new console app with the name `JobRouterQuickstart`. This command creates a simple "Hello World" C# project with a single source file: **Program.cs**. -```console -dotnet new console -o JobRouterQuickstart -``` +Get started with Azure Communication Services Job Router by setting up your client, then configuring core functionality such as queues, policies, workers, and Jobs. To learn more about Job Router concepts, visit [Job Router conceptual documentation](../../concepts/router/concepts.md) -Change your directory to the newly created app folder and use the `dotnet build` command to compile your application. -```console -cd JobRouterQuickstart -dotnet build -``` -### Install the package +Get started with Azure Communication Services Job Router by setting up your client, then configuring core functionality such as queues, policies, workers, and Jobs. To learn more about Job Router concepts, visit [Job Router conceptual documentation](../../concepts/router/concepts.md) -During private preview, please download the SDK from [GitHub](https://github.com/Azure/communication-preview/releases/tag/communication-job-router-net-v1.0.0-alpha.20211012.1). -> [!NOTE] -> You must be a member of the private preview group to download the SDKs. --Add the following `using` directives to the top of **Program.cs** to include the JobRouter namespaces. --```csharp -using Azure.Communication.JobRouter; -using Azure.Communication.JobRouter.Models; -``` --Update `Main` function signature to be `async` and return a `Task`. --```csharp -static async Task Main(string[] args) -{ - ... -} -``` --## Authenticate the Job Router clients --Job Router clients can be authenticated using your connection string acquired from an Azure Communication Services resource in the Azure portal. --```csharp -// Get a connection string to our Azure Communication Services resource. -var connectionString = "your_connection_string"; -var routerClient = new RouterClient(connectionString); -var routerAdministrationClient = new RouterAdministrationClient(connectionString); -``` --## Create a distribution policy -Job Router uses a distribution policy to decide how Workers will be notified of available Jobs and the time to live for the notifications, known as **Offers**. Create the policy by specifying the **ID**, a **name**, an **offerTTL**, and a distribution **mode**. --```csharp -var distributionPolicy = await routerAdministrationClient.CreateDistributionPolicyAsync( - new CreateDistributionPolicyOptions( - distributionPolicyId: "distribution-policy-1", - offerTtl: TimeSpan.FromMinutes(1), - mode: new LongestIdleMode()) - { - Name = "My distribution policy" - } -); -``` --## Create a queue --Create the Queue by specifying an **ID**, **name**, and provide the **Distribution Policy** object's ID you created above. --```csharp -var queue = await routerAdministrationClient.CreateQueueAsync( - options: new CreateQueueOptions("queue-1", distributionPolicy.Value.Id) - { - Name = "My job queue" - } -); -``` --## Submit a job --Now, we can submit a job directly to that queue, with a worker selector that requires the worker to have the label `Some-Skill` greater than 10. --```csharp -var job = await routerClient.CreateJobAsync( - options: new CreateJobOptions( - jobId: jobId, - channelId: "my-channel", - queueId: queue.Value.Id) - { - Priority = 1, - RequestedWorkerSelectors = new List<WorkerSelector> - { - new WorkerSelector( - key: "Some-Skill", - labelOperator: LabelOperator.GreaterThan, - value: 10) - } - } -); -``` --## Create a worker --Now, we create a worker to receive work from that queue, with a label of `Some-Skill` equal to 11 and capacity on `my-channel`. In order for the worker to receive offers make sure that the property **AvailableForOffers** is set to **true**. --```csharp -var worker = await routerClient.CreateWorkerAsync( - new CreateWorkerOptions( - workerId: "worker-1", - totalCapacity: 1) - { - QueueIds = new Dictionary<string, QueueAssignment>() - { - [queue.Value.Id] = new QueueAssignment() - }, - ChannelConfigurations = new Dictionary<string, ChannelConfiguration>() - { - ["my-channel"] = new ChannelConfiguration(1) - }, - Labels = new Dictionary<string, LabelValue>() - { - ["Some-Skill"] = new LabelValue(11) - }, - AvailableForOffers = true - } -); -``` --### Offer --We should get a [RouterWorkerOfferIssued][offer_issued_event] from our [Event Grid subscription][subscribe_events]. -However, we could also wait a few seconds and then query the worker directly against the JobRouter API to see if an offer was issued to it. --```csharp -await Task.Delay(TimeSpan.FromSeconds(2)); -var result = await routerClient.GetWorkerAsync(worker.Value.Id); -foreach (var offer in result.Value.Offers) -{ - Console.WriteLine($"Worker {worker.Value.Id} has an active offer for job {offer.JobId}"); -} -``` --Run the application using `dotnet run` and observe the results. --```console -dotnet run ---Worker worker-1 has an active offer for job 6b83c5ad-5a92-4aa8-b986-3989c791be91 -``` --> [!NOTE] -> Running the application more than once will cause a new Job to be placed in the queue each time. This can cause the Worker to be offered a Job other than the one created when you run the above code. Since this can skew your request, considering removing Jobs in the queue each time. Refer to the SDK documentation for managing a Queue or a Job. +Get started with Azure Communication Services Job Router by setting up your client, then configuring core functionality such as queues, policies, workers, and Jobs. To learn more about Job Router concepts, visit [Job Router conceptual documentation](../../concepts/router/concepts.md) + <!-- LINKS --> [subscribe_events]: ../../how-tos/router-sdk/subscribe-events.md |
| communication-services | Number Lookup | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/communication-services/quickstarts/telephony/number-lookup.md | internal class Program ### Authenticate the client -Phone Number clients can be authenticated using connection string acquired from an Azure Communication Services resource in the [Azure portal][azure_portal]. +Phone Number clients can be authenticated using connection string acquired from an Azure Communication Services resource in the [Azure portal](https://portal.azure.com). It's recommended to use a `COMMUNICATION_SERVICES_CONNECTION_STRING` environment variable to avoid putting your connection string in plain text within your code. ```csharp |
| communication-services | Get Started Call Recording | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/communication-services/quickstarts/voice-video-calling/get-started-call-recording.md | |
| communication-services | Get Started Video Effects | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/communication-services/quickstarts/voice-video-calling/get-started-video-effects.md | Last updated 01/09/2023 -zone_pivot_groups: acs-plat-web-android-windows +zone_pivot_groups: acs-plat-web-ios-android-windows |
| communications-gateway | Prepare For Live Traffic | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/communications-gateway/prepare-for-live-traffic.md | In some parts of this article, the steps you must take depend on whether your de ## 1. Connect Azure Communications Gateway to your networks +1. Exchange TLS certificate information with your onboarding team. + 1. Azure Communications Gateway is preconfigured to support the DigiCert Global Root G2 certificate and the Baltimore CyberTrust Root certificate as root certificate authority (CA) certificates. If the certificate that your network presents to Azure Communications Gateway uses a different root CA certificate, provide your onboarding team with this root CA certificate. + 1. The root CA certificate for Azure Communications Gateway's certificate is the DigiCert Global Root G2 certificate. If your network doesn't have this root certificate, download it from https://www.digicert.com/kb/digicert-root-certificates.htm and install it in your network. 1. Configure your infrastructure to meet the call routing requirements described in [Reliability in Azure Communications Gateway](reliability-communications-gateway.md). 1. Configure your network devices to send and receive SIP traffic from Azure Communications Gateway. You might need to configure SBCs, softswitches and access control lists (ACLs). To find the hostnames to use for SIP traffic: 1. Go to the **Overview** page for your Azure Communications Gateway resource.- 1. In each **Service Location** section, find the **Hostname** field. + 1. In each **Service Location** section, find the **Hostname** field. You need to validate TLS connections against this hostname to ensure secure connections. 1. If your Azure Communications Gateway includes integrated MCP, configure the connection to MCP: 1. Go to the **Overview** page for your Azure Communications Gateway resource. 1. In each **Service Location** section, find the **MCP hostname** field. |
| communications-gateway | Security | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/communications-gateway/security.md | Azure Communications Gateway stores all data at rest securely, including any cus ## Encryption in transit -All traffic handled by Azure Communications Gateway is encrypted. This encryption is used between Azure Communications Gateway components and towards Microsoft Teams. +All traffic handled by Azure Communications Gateway is encrypted. This encryption is used between Azure Communications Gateway components and towards Microsoft Phone System. + * SIP and HTTP traffic is encrypted using TLS. * Media traffic is encrypted using SRTP. When encrypting traffic to send to your network, Azure Communications Gateway prefers TLSv1.3. It falls back to TLSv1.2 if necessary. +### TLS certificates for SIP ++Azure Communications Gateway uses mutual TLS for SIP, meaning that both the client and the server for the connection verify each other. ++You must manage the certificates that your network presents to Azure Communications Gateway. By default, Azure Communications Gateway supports the DigiCert Global Root G2 certificate and the Baltimore CyberTrust Root certificate as root certificate authority (CA) certificates. If the certificate that your network presents to Azure Communications Gateway uses a different root CA certificate, you must provide this certificate to your onboarding team when you [prepare for live traffic](prepare-for-live-traffic.md#1-connect-azure-communications-gateway-to-your-networks). ++We manage the certificate that Azure Communications Gateway uses to connect to your network and Microsoft Phone System. Azure Communications Gateway's certificate uses the DigiCert Global Root G2 certificate as the root CA certificate. If your network doesn't already support this certificate as a root CA certificate, you must download and install this certificate when you [prepare for live traffic](prepare-for-live-traffic.md#1-connect-azure-communications-gateway-to-your-networks). ++### Cipher suites for SIP and RTP + The following cipher suites are used for encrypting SIP and RTP. -### Ciphers used with TLSv1.2 +#### Ciphers used with TLSv1.2 * TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 * TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 The following cipher suites are used for encrypting SIP and RTP. * TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 * TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 -### Ciphers used with TLSv1.3 +#### Ciphers used with TLSv1.3 * TLS_AES_256_GCM_SHA384 * TLS_AES_128_GCM_SHA256 -### Ciphers used with SRTP +#### Ciphers used with SRTP * AES_CM_128_HMAC_SHA1_80 |
| connectors | Enable Stateful Affinity Built In Connectors | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/connectors/enable-stateful-affinity-built-in-connectors.md | |
| container-apps | Authentication Openid | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/container-apps/authentication-openid.md | Use the following guides for details on working with authenticated users. > [!div class="nextstepaction"] > [Authentication and authorization overview](authentication.md)++<!-- URLs. --> +[Azure portal]: https://portal.azure.com/ |
| container-apps | Blue Green Deployment | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/container-apps/blue-green-deployment.md | description: Minimize downtime and reduce the risks associated with new releases -+ Last updated 06/23/2023 |
| container-apps | Tutorial Ci Cd Runners Jobs | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/container-apps/tutorial-ci-cd-runners-jobs.md | description: Learn to create self-hosted CI/CD runners and agents with jobs in A + Last updated 06/01/2023 |
| container-apps | Tutorial Dev Services Kafka | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/container-apps/tutorial-dev-services-kafka.md | description: Create and use an Apache Kafka service for development + Last updated 06/16/2023 |
| container-apps | Tutorial Dev Services Postgresql | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/container-apps/tutorial-dev-services-postgresql.md | description: Create and use a PostgreSQL service for development + Last updated 06/06/2023 |
| container-instances | Container Instances Container Group Automatic Ssl | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/container-instances/container-instances-container-group-automatic-ssl.md | description: This guide describes how Caddy can be used as a reverse proxy to en + Last updated 06/12/2023 To see the certificate details, click on "Connection is secure" followed by "cer - [Caddy documentation](https://caddyserver.com/docs/) - [GitHub aci-helloworld](https://github.com/Azure-Samples/aci-helloworld) - [YAML reference: Azure Container Instances](container-instances-reference-yaml.md)-- [Secure your codeless REST API with automatic HTTPS using Data API builder and Caddy](https://www.azureblue.io/secure-your-codeless-rest-api-with-automatic-https-using-data-api-builder-and-caddy/)+- [Secure your codeless REST API with automatic HTTPS using Data API builder and Caddy](https://www.azureblue.io/secure-your-codeless-rest-api-with-automatic-https-using-data-api-builder-and-caddy/) |
| container-instances | Container Instances Egress Ip Address | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/container-instances/container-instances-egress-ip-address.md | View the container logs to confirm the IP address is the same as the public IP a ```azurecli az container logs \- --resource-group $RESOURCE_GROUP_NAME \ + --sed 's/$RESOURCE_GROUP_NAME/$resourceGroup/g' --name testegress ``` |
| container-instances | Container Instances Environment Variables | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/container-instances/container-instances-environment-variables.md | Task-based scenarios, such as batch processing a large dataset with several cont [azure-instance-log]: /powershell/module/az.containerinstance/get-azcontainerinstancelog [azure-powershell-install]: /powershell/azure/install-Az-ps [new-Azcontainergroup]: /powershell/module/az.containerinstance/new-azcontainergroup-[portal]: https://portal.azure.com |
| container-instances | Container Instances Start Command | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/container-instances/container-instances-start-command.md | Task-based scenarios, such as batch processing a large dataset with several cont [az-container-logs]: /cli/azure/container#az_container_logs [az-container-show]: /cli/azure/container#az_container_show [new-azurermcontainergroup]: /powershell/module/azurerm.containerinstance/new-azurermcontainergroup-[portal]: https://portal.azure.com |
| container-instances | Container Instances Volume Azure Files | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/container-instances/container-instances-volume-azure-files.md | az container show --resource-group $ACI_PERS_RESOURCE_GROUP \ --name hellofiles --query ipAddress.fqdn --output tsv ``` -After saving text using the app, you can use the [Azure portal][portal] or a tool like the [Microsoft Azure Storage Explorer][storage-explorer] to retrieve and inspect the file or files written to the file share. +After saving text using the app, you can use the [Azure portal](https://portal.azure.com) or a tool like the [Microsoft Azure Storage Explorer][storage-explorer] to retrieve and inspect the file or files written to the file share. ## Deploy container and mount volume - YAML Learn how to mount other volume types in Azure Container Instances: <!-- LINKS - External --> [aci-hellofiles]: https://hub.docker.com/_/microsoft-azuredocs-aci-hellofiles -[portal]: https://portal.azure.com [storage-explorer]: https://storageexplorer.com <!-- LINKS - Internal --> |
| container-registry | Container Registry Access Selected Networks | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/container-registry/container-registry-access-selected-networks.md | To allow the AKS cluster to access the registry, you have these options: [az-acr-update]: /cli/azure/acr#az_acr_update [quickstart-portal]: container-registry-get-started-portal.md [quickstart-cli]: container-registry-get-started-azure-cli.md-[azure-portal]: https://portal.azure.com [acr-access-selected-networks]: ./media/container-registry-access-selected-networks/acr-access-selected-networks.png [acr-access-disabled]: ./media/container-registry-access-selected-networks/acr-access-disabled.png |
| container-registry | Container Registry Best Practices | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/container-registry/container-registry-best-practices.md | For recommendations to improve the security posture of your container registries [az-acr-repository-delete]: /cli/azure/acr/repository#az_acr_repository_delete [az-acr-show-usage]: /cli/azure/acr#az_acr_show_usage [azure-cli]: /cli/azure-[azure-portal]: https://portal.azure.com [container-registry-geo-replication]: container-registry-geo-replication.md [container-registry-skus]: container-registry-skus.md |
| container-registry | Container Registry Delete | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/container-registry/container-registry-delete.md | For more information about image storage in Azure Container Registry, see [Conta <!-- LINKS - External --> [docker-manifest-inspect]: https://docs.docker.com/edge/engine/reference/commandline/manifest/#manifest-inspect-[portal]: https://portal.azure.com <!-- LINKS - Internal --> [az-acr-repository-delete]: /cli/azure/acr/repository#az_acr_repository_delete |
| container-registry | Container Registry Private Link | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/container-registry/container-registry-private-link.md | Requests to token server over private endpoint connection doesn't require the da [az-network-nic-show]: /cli/azure/network/nic#az_network_nic_show [quickstart-portal]: container-registry-get-started-portal.md [quickstart-cli]: container-registry-get-started-azure-cli.md-[azure-portal]: https://portal.azure.com [outbound-connection]: /azure/firewall/rule-processing#outbound-connectivity |
| container-registry | Container Registry Repositories | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/container-registry/container-registry-repositories.md | docker push myregistry.azurecr.io/samples/nginx To view a repository: -1. Sign in to the [Azure portal][portal] +1. Sign in to the [Azure portal](https://portal.azure.com) 1. Select the **Azure Container Registry** to which you pushed the Nginx image 1. Select **Repositories** to see a list of the repositories that contain the images in the registry 1. Select a repository to see the image tags within that repository Now that you know the basics of viewing and working with repositories in the por <!-- LINKS - External --> [docker-install]: https://docs.docker.com/engine/installation/ [docker-push]: https://docs.docker.com/engine/reference/commandline/push/-[portal]: https://portal.azure.com |
| container-registry | Container Registry Storage | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/container-registry/container-registry-storage.md | For more information about Basic, Standard, and Premium container registries, se <!-- IMAGES --> <!-- LINKS - External -->-[portal]: https://portal.azure.com [pricing]: https://aka.ms/acr/pricing <!-- LINKS - Internal --> |
| container-registry | Container Registry Vnet | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/container-registry/container-registry-vnet.md | az group delete --name myResourceGroup [az-network-vnet-list]: /cli/azure/network/vnet/#az_network_vnet_list [quickstart-portal]: container-registry-get-started-portal.md [quickstart-cli]: container-registry-get-started-azure-cli.md-[azure-portal]: https://portal.azure.com |
| container-registry | Quickstart Client Libraries | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/container-registry/quickstart-client-libraries.md | |
| cosmos-db | Cmk Troubleshooting Guide | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/cmk-troubleshooting-guide.md | You see the error message when the Key Vault DNS name can't be resolved. The err ### Troubleshooting -If the Key Vault has been recently deleted, you need to restore it. If not, wait upwards of two hours for the account to become available again. If none of these solutions unblock the account, contact customer service. +If the Key Vault has been recently deleted, you need to restore it. If not, wait upwards of two hours for the account to become available again. If none of these solutions unblock the account, contact customer service. |
| cosmos-db | Cosmos Db Vs Mongodb Atlas | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/mongodb/cosmos-db-vs-mongodb-atlas.md | Last updated 06/03/2023 | MongoDB wire protocol | Yes | Yes | | Compatible with MongoDB tools and drivers | Yes | Yes | | Global Distribution | Yes, [globally distributed](../distribute-data-globally.md) with automatic and fast data replication across any number of Azure regions | Yes, globally distributed with manual and scheduled data replication across any number of cloud providers or regions |+| SLA covers cloud platform | Yes | "Services, hardware, or software provided by a third party, such as cloud platform services on which MongoDB Atlas runs are not covered" | | 99.999% availability SLA | [Yes](../high-availability.md) | No | | Instantaneous Scaling | Yes, [database instantaneously scales](../provision-throughput-autoscale.md) with zero performance impact on your applications | No, requires 1+ hours to vertically scale up and 24+ hours to vertically scale down. Performance impact during scale up may be noticeable | | True active-active clusters | Yes, with [multi-primary writes](./how-to-configure-multi-region-write.md). Data for the same shard can be written to multiple regions | No |-| Vector Search for AI applications | Yes, with [Azure Cosmos DB for MongoDB vCore Vector Search](./vcore/vector-search.md) | No | +| Vector Search for AI applications | Yes, with [Azure Cosmos DB for MongoDB vCore Vector Search](./vcore/vector-search.md) | Yes | | Integrated text search, geospatial processing | Yes | Yes | | Free tier | [1,000 request units (RUs) and 25 GB storage forever](../try-free.md). Prevents you from exceeding limits if you want | Yes, with 512 MB storage | | Live migration | Yes | Yes | |
| cosmos-db | Throughput | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/scripts/powershell/cassandra/throughput.md | |
| cosmos-db | Throughput | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/scripts/powershell/gremlin/throughput.md | |
| cosmos-db | Throughput | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/scripts/powershell/mongodb/throughput.md | |
| cosmos-db | Throughput | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/scripts/powershell/nosql/throughput.md | |
| cosmos-db | Autoscale | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/scripts/powershell/table/autoscale.md | |
| cosmos-db | Create | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/scripts/powershell/table/create.md | |
| cosmos-db | Throughput | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/scripts/powershell/table/throughput.md | |
| cost-management-billing | Tutorial Acm Create Budgets | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cost-management-billing/costs/tutorial-acm-create-budgets.md | |
| cost-management-billing | Reservation Exchange Policy Changes | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cost-management-billing/reservations/reservation-exchange-policy-changes.md | Exchanges will be unavailable for all compute reservations - Azure Reserved Virt Microsoft launched Azure savings plan for compute and it's designed to help you save broadly on predictable compute usage. The savings plan provides more flexibility needed to accommodate changes such as virtual machine series and regions. With savings plans providing the flexibility automatically, weΓÇÖre adjusting our reservations exchange policy. +>[!NOTE] +>Exchanges are changing only for the reservations explicitly mentioned previously. If you have any other type of reservation, then the policy change doesn't affect you. For example, if you have a reservation for Azure VMware Solution, then the policy change doesn't affect it. However, after January 1, 2024, if you exchange a reservation for a type affected by the policy change, the new reservation will be affected by the no-exchange policy. + You can continue to use instance size flexibility for VM sizes, but Microsoft is ending exchanges for regions and instance series for these Azure compute reservations. The current cancellation policy for reserved instances isn't changing. The total canceled commitment can't exceed 50,000 USD in a 12-month rolling window for a billing profile or single enrollment. |
| data-factory | Control Flow Execute Data Flow Activity | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/data-factory/control-flow-execute-data-flow-activity.md | Use the Data Flow activity to transform and move data via mapping data flows. If To use a Data Flow activity in a pipeline, complete the following steps: 1. Search for _Data Flow_ in the pipeline Activities pane, and drag a Data Flow activity to the pipeline canvas.-1. Select the new Data Flow activity on the canvas if it is not already selected, and its **Settings** tab, to edit its details. +1. Select the new Data Flow activity on the canvas if it isn't already selected, and its **Settings** tab, to edit its details. :::image type="content" source="media/control-flow-execute-data-flow-activity/data-flow-activity.png" alt-text="Shows the UI for a Data Flow activity.":::-1. Checkpoint key is used to set the checkpoint when data flow is used for changed data capture. You can overwrite it. Data flow activities use a guid value as checkpoint key instead of ΓÇ£pipeline name + activity nameΓÇ¥ so that it can always keep tracking customerΓÇÖs change data capture state even thereΓÇÖs any renaming actions. All existing data flow activity will use the old pattern key for backward compatibility. Checkpoint key option after publishing a new data flow activity with change data capture enabled data flow resource is shown as below. +1. Checkpoint key is used to set the checkpoint when data flow is used for changed data capture. You can overwrite it. Data flow activities use a guid value as checkpoint key instead of ΓÇ£pipeline name + activity nameΓÇ¥ so that it can always keep tracking customerΓÇÖs change data capture state even thereΓÇÖs any renaming actions. All existing data flow activity uses the old pattern key for backward compatibility. Checkpoint key option after publishing a new data flow activity with change data capture enabled data flow resource is shown as below. :::image type="content" source="media/control-flow-execute-data-flow-activity/data-flow-activity-checkpoint.png" alt-text="Shows the UI for a Data Flow activity with checkpoint key."::: 3. Select an existing data flow or create a new one using the New button. Select other options as required to complete your configuration. To use a Data Flow activity in a pipeline, complete the following steps: Property | Description | Allowed values | Required -- | -- | -- | -- dataflow | The reference to the Data Flow being executed | DataFlowReference | Yes-integrationRuntime | The compute environment the data flow runs on. If not specified, the auto-resolve Azure integration runtime will be used. | IntegrationRuntimeReference | No -compute.coreCount | The number of cores used in the spark cluster. Can only be specified if the auto-resolve Azure Integration runtime is used | 8, 16, 32, 48, 80, 144, 272 | No -compute.computeType | The type of compute used in the spark cluster. Can only be specified if the auto-resolve Azure Integration runtime is used | "General", "MemoryOptimized" | No +integrationRuntime | The compute environment the data flow runs on. If not specified, the autoresolve Azure integration runtime is used. | IntegrationRuntimeReference | No +compute.coreCount | The number of cores used in the spark cluster. Can only be specified if the autoresolve Azure Integration runtime is used | 8, 16, 32, 48, 80, 144, 272 | No +compute.computeType | The type of compute used in the spark cluster. Can only be specified if the autoresolve Azure Integration runtime is used | "General", "MemoryOptimized" | No staging.linkedService | If you're using an Azure Synapse Analytics source or sink, specify the storage account used for PolyBase staging.<br/><br/>If your Azure Storage is configured with VNet service endpoint, you must use managed identity authentication with "allow trusted Microsoft service" enabled on storage account, refer to [Impact of using VNet Service Endpoints with Azure storage](/azure/azure-sql/database/vnet-service-endpoint-rule-overview#impact-of-using-virtual-network-service-endpoints-with-azure-storage). Also learn the needed configurations for [Azure Blob](connector-azure-blob-storage.md#managed-identity) and [Azure Data Lake Storage Gen2](connector-azure-data-lake-storage.md#managed-identity) respectively.<br/> | LinkedServiceReference | Only if the data flow reads or writes to an Azure Synapse Analytics staging.folderPath | If you're using an Azure Synapse Analytics source or sink, the folder path in blob storage account used for PolyBase staging | String | Only if the data flow reads or writes to Azure Synapse Analytics traceLevel | Set logging level of your data flow activity execution | Fine, Coarse, None | No The Core Count and Compute Type properties can be set dynamically to adjust to t :::image type="content" source="media/data-flow/dyna1.png" alt-text="Dynamic Data Flow"::: -[Here is a brief video tutorial explaining this technique](https://www.youtube.com/watch?v=jWSkJdtiJNM) +[Here's a brief video tutorial explaining this technique](https://www.youtube.com/watch?v=jWSkJdtiJNM) ### Data Flow integration runtime -Choose which Integration Runtime to use for your Data Flow activity execution. By default, the service will use the auto-resolve Azure Integration runtime with four worker cores. This IR has a general purpose compute type and runs in the same region as your service instance. For operationalized pipelines, it is highly recommended that you create your own Azure Integration Runtimes that define specific regions, compute type, core counts, and TTL for your data flow activity execution. +Choose which Integration Runtime to use for your Data Flow activity execution. By default, the service uses the autoresolve Azure Integration runtime with four worker cores. This IR has a general purpose compute type and runs in the same region as your service instance. For operationalized pipelines, it's highly recommended that you create your own Azure Integration Runtimes that define specific regions, compute type, core counts, and TTL for your data flow activity execution. -A minimum compute type of General Purpose with an 8+8 (16 total v-cores) configuration and a 10-minute Time to live (TTL) is the minimum recommendation for most production workloads. By setting a small TTL, the Azure IR can maintain a warm cluster that will not incur the several minutes of start time for a cold cluster. For more information, see [Azure integration runtime](concepts-integration-runtime.md). +A minimum compute type of General Purpose with an 8+8 (16 total v-cores) configuration and a 10-minute Time to live (TTL) is the minimum recommendation for most production workloads. By setting a small TTL, the Azure IR can maintain a warm cluster that won't incur the several minutes of start time for a cold cluster. For more information, see [Azure integration runtime](concepts-integration-runtime.md). :::image type="content" source="media/data-flow/ir-new.png" alt-text="Azure Integration Runtime"::: If you're using an Azure Synapse Analytics as a sink or source, you must choose ## Checkpoint key -When using the change capture option for data flow sources, ADF will maintain and manage the checkpoint for you automatically. The default checkpoint key is a hash of the data flow name and the pipeline name. If you are using a dynamic pattern for your source tables or folders, you may wish to override this hash and set your own checkpoint key value here. The [naming rule](naming-rules.md) of your own checkpoint key is same as linked services, datasets, pipelines and data flows. +When using the change capture option for data flow sources, ADF maintains and manages the checkpoint for you automatically. The default checkpoint key is a hash of the data flow name and the pipeline name. If you're using a dynamic pattern for your source tables or folders, you may wish to override this hash and set your own checkpoint key value here. ## Logging level -If you do not require every pipeline execution of your data flow activities to fully log all verbose telemetry logs, you can optionally set your logging level to "Basic" or "None". When executing your data flows in "Verbose" mode (default), you are requesting the service to fully log activity at each individual partition level during your data transformation. This can be an expensive operation, so only enabling verbose when troubleshooting can improve your overall data flow and pipeline performance. "Basic" mode will only log transformation durations while "None" will only provide a summary of durations. +If you don't require every pipeline execution of your data flow activities to fully log all verbose telemetry logs, you can optionally set your logging level to "Basic" or "None". When executing your data flows in "Verbose" mode (default), you're requesting the service to fully log activity at each individual partition level during your data transformation. This can be an expensive operation, so only enabling verbose when troubleshooting can improve your overall data flow and pipeline performance. "Basic" mode only logs transformation durations while "None" only provides a summary of durations. :::image type="content" source="media/data-flow/logging.png" alt-text="Logging level"::: ## Sink properties -The grouping feature in data flows allow you to both set the order of execution of your sinks as well as to group sinks together using the same group number. To help manage groups, you can ask the service to run sinks, in the same group, in parallel. You can also set the sink group to continue even after one of the sinks encounters an error. +The grouping feature in data flows allows you to both set the order of execution of your sinks as well as to group sinks together using the same group number. To help manage groups, you can ask the service to run sinks, in the same group, in parallel. You can also set the sink group to continue even after one of the sinks encounters an error. The default behavior of data flow sinks is to execute each sink sequentially, in a serial manner, and to fail the data flow when an error is encountered in the sink. Additionally, all sinks are defaulted to the same group unless you go into the data flow properties and set different priorities for the sinks. If your data flow is parameterized, set the dynamic values of the data flow para ### Parameterized compute properties. -You can parameterize the core count or compute type if you use the auto-resolve Azure Integration runtime and specify values for compute.coreCount and compute.computeType. +You can parameterize the core count or compute type if you use the autoresolve Azure Integration runtime and specify values for compute.coreCount and compute.computeType. :::image type="content" source="media/data-flow/parameterize-compute.png" alt-text="Execute Data Flow Parameter Example"::: For example, to get to number of rows written to a sink named 'sink1' in an acti To get the number of rows read from a source named 'source1' that was used in that sink, use `@activity('dataflowActivity').output.runStatus.metrics.sink1.sources.source1.rowsRead`. > [!NOTE]-> If a sink has zero rows written, it will not show up in metrics. Existence can be verified using the `contains` function. For example, `contains(activity('dataflowActivity').output.runStatus.metrics, 'sink1')` will check whether any rows were written to sink1. +> If a sink has zero rows written, it won't show up in metrics. Existence can be verified using the `contains` function. For example, `contains(activity('dataflowActivity').output.runStatus.metrics, 'sink1')` checks whether any rows were written to sink1. ## Next steps |
| data-factory | Control Flow Expression Language Functions | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/data-factory/control-flow-expression-language-functions.md | rand(<minValue>, <maxValue>) | Return value | Type | Description | | | - | -- |-| <*random-result*> | Integer | The random integer returned from the specified range | +| <*random-result*> | Integer | The random integer returned from the specified range. Note that every invocation of ```rand()``` will produce a unique result, meaning that the value you observe in output monitoring may not be the same at actual run time. | |||| *Example* |
| data-factory | Monitor Managed Virtual Network Integration Runtime | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/data-factory/monitor-managed-virtual-network-integration-runtime.md | + + Title: Monitor managed virtual network integration runtime in Azure Data Factory +description: Learn how to monitor managed virtual network integration runtime in Azure Data Factory. +++ Last updated : 07/19/2023++++++# Enhanced monitoring with Managed Virtual Network Integration Runtime +Azure Data Factory Managed Virtual Network is a feature that allows you to securely connect your data sources to a virtual network managed by Azure Data Factory service. By using this capability, you can establish a private and isolated environment for your data integration and orchestration processes. By using Azure Data Factory Managed Virtual Network, you can combine the power of Azure Data Factory's data integration and orchestration capabilities with the security and flexibility provided by Azure virtual networks. It empowers you to build robust, scalable, and secure data integration pipelines that seamlessly connect to your network resources, whether they're on-premises or in the cloud. +One common pain point of managed compute is the lack of visibility into the performance and health especially within a managed virtual network environment. Without proper monitoring, identifying and resolving issues becomes challenging, leading to potential delays, errors, and performance degradation. +By using our new enhanced monitoring feature, users can gain valuable insights into their data integration processes, leading to improved efficiency, better resource utilization, and enhanced overall performance. With proactive monitoring and timely alerts, users can proactively address issues, optimize workflows, and ensure the smooth execution of their data integration pipelines within the managed virtual network environment. ++## New metrics +The introduction of the new metrics in the Managed Virtual Network Integration Runtime feature significantly enhances the visibility and monitoring capabilities within virtual network environments. These new metrics have been designed to address the pain point of limited monitoring, providing users with valuable insights into the performance and health of their data integration workflows. +Azure Data Factory provides three distinct types of compute pools, each tailored to handle specific activity execution requirements. These compute pools offer flexibility and scalability to accommodate diverse workloads and ensure optimal resource allocation: + - Compute for Copy activity + - Compute for Pipeline activity such as Lookup + - Compute for External activity such as Databricks notebook ++To ensure consistent and comprehensive monitoring across all compute pools, we have implemented the same sets of monitoring metrics. + - Capacity Utilization + - Available Capacity Percentage + - Waiting Queue Length ++Regardless of the type of compute pool being used, users can access and analyze a standardized set of metrics to gain insights into the performance and health of their data integration activities. ++|Metric|Unit|Description| +||-|--| +|Copy capacity utilization of MVNet integration runtime|Percent|The maximum percentage of DIU utilization for managed vNet Integration runtime time-to-live copy activities within 1-minute window.| +|Copy available capacity percentage of MVNet integration runtime|Percent|The maximum percentage of available DIU for managed vNet Integration runtime time-to-live copy activities within 1-minute window.| +|Copy waiting queue length of MVNet integration runtime|Count|The waiting queue length of managed vNet Integration runtime time-to-live copy activities within 1-minute window.| +|Pipeline capacity utilization of MVNet integration runtime|Percent|The maximum percentage of DIU utilization for managed vNet Integration runtime pipeline activities within 1-minute window.| +|Pipeline available capacity percentage of MVNet integration runtime|Percent|The maximum percentage of available DIU for managed vNet Integration runtime pipeline activities within 1-minute window.| +|Pipeline waiting queue length of MVNet integration runtime|Count|The waiting queue length of managed vNet Integration runtime pipeline activities within 1-minute window.| +|External capacity utilization of MVNet integration runtime|Percent|The maximum percentage of DIU utilization for managed vNet Integration runtime external activities within 1-minute window.| +|External available capacity percentage of MVNet integration runtime|Percent|The maximum percentage of available DIU for managed vNet Integration runtime external activities within 1-minute window.| +|External waiting queue length of MVNet integration runtime|Count|The waiting queue length of managed vNet Integration runtime external activities within 1-minute window.| ++## Using metrics for performance optimization +By using these metrics, you can seamlessly track and assess the performance and robustness of your integration runtime within a managed virtual network. Moreover, you can uncover potential areas for continuous improvement by optimizing the compute settings and workflow to maximize efficiency. ++To provide further clarity on the practical application of these metrics, here are a few example scenarios: ++### Balanced +If you observe that the Capacity Utilization is below 100% and the Available Capacity Percentage is high, it indicates that the compute resources you have reserved are being efficiently utilized. Additionally, if the Waiting Queue Length remains consistently low or experiences occasional short spikes, it's advisable to queue other activities until the Capacity Utilization reaches 100%. This ensures optimal utilization of resources and helps maintain a smooth workflow with minimal delays. +++### Performance-oriented +If you observe that the Capacity Utilization is consistently low, and the Waiting Queue Length remains consistently low or experiences occasional short spikes, it indicates that the compute resources you have reserved are higher than the actual demand for activities. In such cases, regardless of whether the Available Capacity Percentage is high or low, it's recommended to reduce the allocated compute resources to lower your costs. By rightsizing the compute to match the actual workload requirements, you can optimize your resource utilization and achieve cost savings without compromising the efficiency of your operations. +++### Cost-oriented +If you notice that all metrics, including Capacity Utilization, Available Capacity Percentage, and Waiting Queue Length, are high, it suggests that the compute resources you have reserved are insufficient for your activities. In this scenario, it's recommended to increase the allocated compute resources to reduce queue time. By adding more compute capacity, you can ensure that your activities have sufficient resources to execute efficiently, minimizing any delays caused by a crowded queue. +++### Intermittent activity execution +If you notice that the Available Capacity Percentage fluctuates between low and high within a specific time period, it's likely due to the intermittent execution of your activities, where the Time-To-Live (TTL) period you have configured is shorter than the interval between your activities. This can have a significant impact on the performance of your workflow and can increase costs, as we charge for the warm-up time of the compute for up to 2 minutes. +To address this issue, there are two possible solutions. First, you can queue more activities to maintain a consistent workload and utilize the available compute resources more effectively. By keeping the compute continuously engaged, you can avoid the warm-up time and achieve better performance. +Alternatively, you can consider enlarging the TTL period to align with the interval between your activities. This ensures that the compute resources remain available for a longer duration, reducing the frequency of warm-up periods and optimizing cost-efficiency. +By implementing either of these solutions, you can enhance the performance of your workflow, minimize cost implications, and ensure a smoother execution of your intermittent activities. +++## Next steps +Advance to the following tutorial to learn about Managed Virtual Network: [Managed virtual network and managed private endpoints](managed-virtual-network-private-endpoint.md). |
| data-factory | Data Factory Map Reduce | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/data-factory/v1/data-factory-map-reduce.md | You can use MapReduce activity to run Spark programs on your HDInsight Spark clu [adfgetstartedmonitoring]:data-factory-copy-data-from-azure-blob-storage-to-sql-database.md#monitor-pipelines [Developer Reference]: /previous-versions/azure/dn834987(v=azure.100)-[Azure Portal]: https://portal.azure.com ## See Also * [Hive Activity](data-factory-hive-activity.md) |
| data-factory | Data Factory Troubleshoot | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/data-factory/v1/data-factory-troubleshoot.md | See [Monitor Data Factory pipelines using Azure PowerShell](data-factory-monitor [cmdlet-reference]: /powershell/resourcemanager/Azurerm.DataFactories/v2.2.0/Azurerm.DataFactories [json-scripting-reference]: /previous-versions/azure/dn835050(v=azure.100) -[azure-portal]: https://portal.azure.com/ - [image-data-factory-troubleshoot-with-error-link]: ./media/data-factory-troubleshoot/DataFactoryWithErrorLink.png [image-data-factory-troubleshoot-datasets-with-errors-blade]: ./media/data-factory-troubleshoot/DatasetsWithErrorsBlade.png |
| data-factory | Data Factory Use Custom Activities | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/data-factory/v1/data-factory-use-custom-activities.md | In this step, you create datasets to represent input and output data. ``` 2 occurrences(s) of the search term "Microsoft" were found in the file inputfolder/2016-11-16-00/file.txt. ```-6. Use the [Azure portal][azure-preview-portal] or Azure PowerShell cmdlets to monitor your data factory, pipelines, and data sets. You can see messages from the **ActivityLogger** in the code for the custom activity in the logs (specifically user-0.log) that you can download from the portal or using cmdlets. +6. Use the [Azure portal](https://portal.azure.com) or Azure PowerShell cmdlets to monitor your data factory, pipelines, and data sets. You can see messages from the **ActivityLogger** in the code for the custom activity in the logs (specifically user-0.log) that you can download from the portal or using cmdlets. ![download logs from custom activity][image-data-factory-download-logs-from-custom-activity] The [Azure Data Factory - local environment](https://github.com/gbrueckl/Azure.D [nuget-package]: https://go.microsoft.com/fwlink/?LinkId=517478 [adf-developer-reference]: /previous-versions/azure/dn834987(v=azure.100)-[azure-preview-portal]: https://portal.azure.com/ [adfgetstarted]: data-factory-copy-data-from-azure-blob-storage-to-sql-database.md [hivewalkthrough]: data-factory-data-transformation-activities.md |
| defender-for-cloud | Adaptive Application Controls | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/adaptive-application-controls.md | Title: Adaptive application controls in Microsoft Defender for Cloud + Title: Adaptive application controls description: This document helps you use adaptive application control in Microsoft Defender for Cloud to create an allowlist of applications running for Azure machines. |
| defender-for-cloud | Adaptive Network Hardening | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/adaptive-network-hardening.md | Title: Adaptive network hardening in Microsoft Defender for Cloud + Title: Adaptive network hardening description: Learn how to use actual traffic patterns to harden your network security groups (NSG) rules and further improve your security posture. |
| defender-for-cloud | Alert Validation | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/alert-validation.md | Title: Alert validation in Microsoft Defender for Cloud + Title: Alert validation description: Learn how to validate that your security alerts are correctly configured in Microsoft Defender for Cloud Last updated 06/27/2023 |
| defender-for-cloud | Alerts Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/alerts-overview.md | Title: Security alerts and incidents in Microsoft Defender for Cloud + Title: Security alerts and incidents description: Learn how Microsoft Defender for Cloud generates security alerts and correlates them into incidents. |
| defender-for-cloud | Alerts Reference | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/alerts-reference.md | Title: Reference table for all security alerts in Microsoft Defender for Cloud + Title: Reference table for all security alerts description: This article lists the security alerts visible in Microsoft Defender for Cloud Last updated 05/31/2023 |
| defender-for-cloud | Alerts Suppression Rules | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/alerts-suppression-rules.md | Title: Suppressing false positives or other unwanted security alerts - Microsoft Defender for Cloud + Title: Suppressing false positives or other unwanted security alerts description: This article explains how to use Microsoft Defender for Cloud's suppression rules to hide unwanted security alerts, such as false positives Last updated 01/09/2023 |
| defender-for-cloud | Asset Inventory | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/asset-inventory.md | Title: Using the asset inventory to view your security posture with Microsoft Defender for Cloud + Title: Using the asset inventory to view your security posture description: Learn about Microsoft Defender for Cloud's asset management experience providing full visibility over all your Defender for Cloud monitored resources. Last updated 06/14/2023 |
| defender-for-cloud | Attack Path Reference | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/attack-path-reference.md | Title: Reference list of attack paths and cloud security graph components- description: This article lists Microsoft Defender for Cloud's list of attack paths based on resource. |
| defender-for-cloud | Auto Deploy Azure Monitoring Agent | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/auto-deploy-azure-monitoring-agent.md | Title: Deploy the Azure Monitor Agent with Microsoft Defender for Cloud + Title: Deploy the Azure Monitor Agent description: Learn how to deploy the Azure Monitor Agent on your Azure, multicloud, and on-premises servers to support Microsoft Defender for Cloud protections. |
| defender-for-cloud | Concept Agentless Containers | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/concept-agentless-containers.md | Title: Agentless Container Posture for Microsoft Defender for Cloud + Title: Agentless Container Posture description: Learn how Agentless Container Posture offers discovery, visibility, and vulnerability assessment for Containers without installing an agent on your machines. |
| defender-for-cloud | Concept Attack Path | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/concept-attack-path.md | Title: Identify and analyze risks across your environment description: Learn how to prioritize remediation of cloud misconfigurations and vulnerabilities based on risk. - + attack path. Last updated 05/07/2023 |
| defender-for-cloud | Concept Credential Scanner Rules | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/concept-credential-scanner-rules.md | Title: Credential scanner rules-+ description: Learn more about the Defender for DevOps credential scanner's rules, descriptions and the supported file types in Defender for Cloud. Last updated 01/31/2023 |
| defender-for-cloud | Concept Data Security Posture Prepare | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/concept-data-security-posture-prepare.md | Title: Support and prerequisites for data-aware security posture - Microsoft Defender for Cloud + Title: Support and prerequisites for data-aware security posture description: Learn about the requirements for data-aware security posture in Microsoft Defender for Cloud |
| defender-for-cloud | Concept Data Security Posture | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/concept-data-security-posture.md | Title: Data-aware security posture in Microsoft Defender for Cloud + Title: Data-aware security posture description: Learn how Defender for Cloud helps improve data security posture in a multicloud environment. |
| defender-for-cloud | Concept Defender For Cosmos | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/concept-defender-for-cosmos.md | Title: Overview of Defender for Azure Cosmos DB description: Learn about the benefits and features of Microsoft Defender for Azure Cosmos DB.- |
| defender-for-cloud | Concept Easm | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/concept-easm.md | Title: External attack surface management (EASM) description: Learn how to gain comprehensive visibility and insights over external facing organizational assets and their digital footprint with Defender EASM.- Last updated 03/05/2023 |
| defender-for-cloud | Concept Gcp Connector | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/concept-gcp-connector.md | Title: Defender for Cloud's GCP connector description: Learn how the GCP connector works on Microsoft Defender for Cloud.-+ Last updated 06/29/2023 |
| defender-for-cloud | Concept Regulatory Compliance | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/concept-regulatory-compliance.md | Title: Regulatory compliance Microsoft cloud security benchmark description: Learn about the Microsoft cloud security benchmark and the benefits it can bring to your compliance standards across your multicloud environments.- Last updated 01/10/2023 |
| defender-for-cloud | Configure Email Notifications | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/configure-email-notifications.md | Title: Configure email notifications for Microsoft Defender for Cloud alerts + Title: Configure email notifications for alerts description: Learn how to fine-tune the Microsoft Defender for Cloud security alert emails. |
| defender-for-cloud | Connect Azure Subscription | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/connect-azure-subscription.md | Title: Connect your Azure subscriptions to Microsoft Defender for Cloud + Title: Connect your Azure subscriptions description: Learn how to connect your Azure subscriptions to Microsoft Defender for Cloud Last updated 07/10/2023 |
| defender-for-cloud | Continuous Export | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/continuous-export.md | Title: Continuous export can send Microsoft Defender for Cloud's alerts and recommendations to Log Analytics or Azure Event Hubs + Title: Continuous export of alerts and recommendations to Log Analytics or Azure Event Hubs description: Learn how to configure continuous export of security alerts and recommendations to Log Analytics or Azure Event Hubs |
| defender-for-cloud | Create Custom Recommendations | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/create-custom-recommendations.md | Title: Create Custom Recommendations in Microsoft Defender for Cloud + Title: Create Custom Recommendations description: This article explains how to create custom recommendations in Microsoft Defender for Cloud to secure your environment based on your organization's internal needs and requirements. |
| defender-for-cloud | Cross Tenant Management | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/cross-tenant-management.md | Title: Cross-tenant management in Microsoft Defender for Cloud + Title: Cross-tenant management description: Learn how to set up cross-tenant management to manage the security posture of multiple tenants in Defender for Cloud using Azure Lighthouse. documentationcenter: na ms.assetid: 7d51291a-4b00-4e68-b872-0808b60e6d9c |
| defender-for-cloud | Custom Dashboards Azure Workbooks | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/custom-dashboards-azure-workbooks.md | Title: Workbooks gallery in Microsoft Defender for Cloud + Title: Workbooks gallery description: Learn how to create rich, interactive reports of your Microsoft Defender for Cloud data with the integrated Azure Monitor Workbooks gallery |
| defender-for-cloud | Custom Security Policies | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/custom-security-policies.md | Title: Create custom Azure security policies in Microsoft Defender for Cloud + Title: Create custom Azure security policies description: Azure custom policy definitions monitored by Microsoft Defender for Cloud. |
| defender-for-cloud | Data Security Posture Enable | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/data-security-posture-enable.md | Title: Enable data-aware security posture for Azure datastores - Microsoft Defender for Cloud + Title: Enable data-aware security posture for Azure datastores description: Learn how to enable data-aware security posture in Defender for Cloud |
| defender-for-cloud | Data Security Review Risks | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/data-security-review-risks.md | Title: Explore risks to sensitive data in Microsoft Defender for Cloud + Title: Explore risks to sensitive data description: Learn how to use attack paths and security explorer to find and remediate sensitive data risks. |
| defender-for-cloud | Data Sensitivity Settings | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/data-sensitivity-settings.md | Title: Customize data sensitivity settings in Microsoft Defender for Cloud + Title: Customize data sensitivity settings description: Learn how to customize data sensitivity settings in Defender for Cloud |
| defender-for-cloud | Defender For Apis Deploy | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/defender-for-apis-deploy.md | Title: Protect your APIs with Defender for APIs in Defender for Cloud (Preview) + Title: Protect your APIs with Defender for APIs (Preview) description: Learn about deploying the Defender for APIs plan in Defender for Cloud |
| defender-for-cloud | Defender For Apis Introduction | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/defender-for-apis-introduction.md | Title: Overview of the Microsoft Defender for APIs plan in Microsoft Defender for Cloud + Title: Overview of the Microsoft Defender for APIs plan description: Learn about the benefits of the Microsoft Defender for APIs plan in Microsoft Defender for Cloud Last updated 04/05/2023 |
| defender-for-cloud | Defender For Apis Manage | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/defender-for-apis-manage.md | Title: Manage the Defender for APIs plan in Microsoft Defender for Cloud + Title: Manage the Defender for APIs plan description: Manage your Defender for APIs deployment in Microsoft Defender for Cloud |
| defender-for-cloud | Defender For Apis Posture | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/defender-for-apis-posture.md | Title: Investigate your API security findings and posture in Microsoft Defender for Cloud + Title: Investigate your API security findings and posture description: Learn how to analyze your API security alerts and posture in Microsoft Defender for Cloud |
| defender-for-cloud | Defender For Apis Prepare | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/defender-for-apis-prepare.md | Title: Support and prerequisites for deploying the Defender for APIs plan in Microsoft Defender for Cloud + Title: Support and prerequisites for deploying the Defender for APIs plan description: Learn about the requirements for Defender for APIs deployment in Microsoft Defender for Cloud |
| defender-for-cloud | Defender For Cloud Glossary | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/defender-for-cloud-glossary.md | Title: Defender for Cloud glossary description: The glossary provides a brief description of important Defender for Cloud platform terms and concepts. Previously updated : 02/13/2023 Last updated : 07/18/2023 This glossary provides a brief description of important terms and concepts for t ## A -| Term | Description | Learn more | -|--|--|--| -|**AAC**|Adaptive application controls are an intelligent and automated solution for defining allowlists of known-safe applications for your machines. |[Adaptive Application Controls](adaptive-application-controls.md) -|**AAD**| Azure Active Directory (Azure AD) is a cloud-based identity and access management service.| [Adaptive Application Controls](../active-directory/fundamentals/active-directory-whatis.md) -| **ACR Tasks** | A suite of features within Azure container registry | [Frequently asked questions - Azure Container Registry](../container-registry/container-registry-faq.yml) | -|**Adaptive network hardening**|Adaptive network hardening provides recommendations to further harden the [network security groups (NSG)](../virtual-network/network-security-groups-overview.md) rules.|[What is Adaptive Network Hardening?](../defender-for-cloud/adaptive-network-hardening.md#what-is-adaptive-network-hardening) | -|**ADO**|Azure DevOps provides developer services for allowing teams to plan work, collaborate on code development, and build and deploy applications.|[What is Azure DevOps?](/azure/devops/user-guide/what-is-azure-devops) | -|**AKS**| Azure Kubernetes Service, Microsoft's managed service for developing, deploying, and managing containerized applications.| [Kubernetes Concepts](/azure-stack/aks-hci/kubernetes-concepts)| -|**Alerts**| Alerts defend your workloads in real-time so you can react immediately and prevent security events from developing.|[Security alerts and incidents](alerts-overview.md)| -|**ANH** | Adaptive network hardening| [Improve your network security posture with adaptive network hardening](adaptive-network-hardening.md) -|**APT** | Advanced Persistent Threats | [Video: Understanding APTs](/events/teched-2012/sia303)| -| **Arc-enabled Kubernetes**| Azure Arc-enabled Kubernetes allows you to attach and configure Kubernetes clusters running anywhere. You can connect your clusters running on other public cloud providers or clusters running on your on-premises data center.|[What is Azure Arc-enabled Logic Apps? (Preview)](../logic-apps/azure-arc-enabled-logic-apps-overview.md) -|**ARG**| Azure Resource Graph-an Azure service designed to extend Azure Resource Management by providing resource exploration with the ability to query at scale across a given set of subscriptions so that you can effectively govern your environment.| [Azure Resource Graph Overview](../governance/resource-graph/overview.md)| -|**ARM**| Azure Resource Manager-the deployment and management service for Azure.| [Azure Resource Manager Overview](../azure-resource-manager/management/overview.md)| -|**ASB**| Azure Security Benchmark provides recommendations on how you can secure your cloud solutions on Azure.| [Azure Security Benchmark](/security/benchmark/azure/baselines/security-center-security-baseline) | -|**Attack Path Analysis**| A graph-based algorithm that scans the cloud security graph, exposes attack paths and suggests recommendations as to how best remediate issues that will break the attack path and prevent successful breach.| [What is attack path analysis?](concept-attack-path.md#what-is-attack-path-analysis) | -|**Auto-provisioning**| To make sure that your server resources are secure, Microsoft Defender for Cloud uses agents installed on your servers to send information about your servers to Microsoft Defender for Cloud for analysis. You can use auto provisioning to quietly deploy the Azure Monitor Agent on your servers.| [Configure auto provision](../iot-dps/quick-setup-auto-provision.md)| +### **AAC** +Adaptive application controls are an intelligent and automated solution for defining allowlists of known-safe applications for your machines. See [Adaptive Application Controls](adaptive-application-controls.md). +### **AAD** +Azure Active Directory (Azure AD) is a cloud-based identity and access management service. See [Adaptive Application Controls](../active-directory/fundamentals/active-directory-whatis.md). +### **ACR Tasks** +A suite of features within Azure container registry. See [Frequently asked questions - Azure Container Registry](../container-registry/container-registry-faq.yml). +### **Adaptive network hardening** +Adaptive network hardening provides recommendations to further harden the [network security groups (NSG)](../virtual-network/network-security-groups-overview.md) rules. See [What is Adaptive Network Hardening?](../defender-for-cloud/adaptive-network-hardening.md#what-is-adaptive-network-hardening). +### **ADO** +Azure DevOps provides developer services for allowing teams to plan work, collaborate on code development, and build and deploy applications. See [What is Azure DevOps?](/azure/devops/user-guide/what-is-azure-devops) +### **AKS** +Azure Kubernetes Service, Microsoft's managed service for developing, deploying, and managing containerized applications. See [Kubernetes concepts](/azure-stack/aks-hci/kubernetes-concepts). +### **Alerts** +Alerts defend your workloads in real-time so you can react immediately and prevent security events from developing. See [Security alerts and incidents](alerts-overview.md). +### **ANH** +Adaptive network hardening. Learn how to [improve your network security posture with adaptive network hardening](adaptive-network-hardening.md). +### **APT** +Advanced Persistent Threats See the [video: Understanding APTs](/events/teched-2012/sia303). +### **Arc-enabled Kubernetes** +Azure Arc-enabled Kubernetes allows you to attach and configure Kubernetes clusters running anywhere. You can connect your clusters running on other public cloud providers or clusters running on your on-premises data center. See [What is Azure Arc-enabled Logic Apps? (Preview)](../logic-apps/azure-arc-enabled-logic-apps-overview.md). +### **ARG** +Azure Resource Graph-an Azure service designed to extend Azure Resource Management by providing resource exploration with the ability to query at scale across a given set of subscriptions so that you can effectively govern your environment. See [Azure Resource Graph Overview](../governance/resource-graph/overview.md). +### **ARM** +Azure Resource Manager-the deployment and management service for Azure. See [Azure Resource Manager overview](../azure-resource-manager/management/overview.md). +### **ASB** +Azure Security Benchmark provides recommendations on how you can secure your cloud solutions on Azure. See [Azure Security Benchmark](/security/benchmark/azure/baselines/security-center-security-baseline). +### **Attack Path Analysis** +A graph-based algorithm that scans the cloud security graph, exposes attack paths and suggests recommendations as to how best remediate issues that will break the attack path and prevent successful breach. See [What is attack path analysis?](concept-attack-path.md#what-is-attack-path-analysis). +### **Auto-provisioning** +To make sure that your server resources are secure, Microsoft Defender for Cloud uses agents installed on your servers to send information about your servers to Microsoft Defender for Cloud for analysis. You can use auto provisioning to deploy the Azure Monitor Agent on your servers. Learn how to [configure auto provision](../iot-dps/quick-setup-auto-provision.md). ## B -| Term | Description | Learn more | -|--|--|--| -|**Bicep**| Bicep is a domain-specific language (DSL) that uses declarative syntax to deploy Azure resources. It provides concise syntax, reliable type safety, and support for code reuse.| [Bicep tutorial](../azure-resource-manager/bicep/quickstart-create-bicep-use-visual-studio-code.md)| -|**Blob storage**| Azure Blob Storage is the high scale object storage service for Azure and a key building block for data storage in Azure.| [what is Azure blob storage?](../storage/blobs/storage-blobs-introduction.md)| +### **Bicep** +Bicep is a domain-specific language (DSL) that uses declarative syntax to deploy Azure resources. It provides concise syntax, reliable type safety, and support for code reuse. See [Bicep tutorial](../azure-resource-manager/bicep/quickstart-create-bicep-use-visual-studio-code.md). +### **Blob storage** +Azure Blob Storage is the high scale object storage service for Azure and a key building block for data storage in Azure. See [what is Azure blob storage?](../storage/blobs/storage-blobs-introduction.md). ## C -| Term | Description | Learn more | -|--|--|--| -|**Cacls** | Change access control list, Microsoft Windows native command-line utility often used for modifying the security permission on folders and files.| [Access control lists](/windows/win32/secauthz/access-control-lists) | -|**CIS Benchmark** | (Kubernetes) Center for Internet Security benchmark| [CIS](../aks/cis-kubernetes.md)| -|**Cloud security graph** | The cloud security graph is a graph-based context engine that exists within Defender for Cloud. The cloud security graph collects data from your multicloud environment and other data sources| [What is the cloud security graph?](concept-attack-path.md#what-is-cloud-security-graph)| -|**CORS**| Cross origin resource sharing, an HTTP feature that enables a web application running under one domain to access resources in another domain.| [CORS](/rest/api/storageservices/cross-origin-resource-sharing--cors--support-for-the-azure-storage-services)| -|**CNAPP**|Cloud Native Application Protection Platform|[Build cloud native applications in Azure](https://azure.microsoft.com/solutions/cloud-native-apps/)| -|**CNCF**|Cloud Native Computing Foundation|[Build CNCF projects by using Azure Kubernetes service](/azure/architecture/example-scenario/apps/build-cncf-incubated-graduated-projects-aks)| -|**CSPM**|Cloud Security Posture Management| [Cloud Security Posture Management (CSPM)](concept-cloud-security-posture-management.md)| -|**CWPP** | Cloud Workload Protection Platform | [CWPP](./overview-page.md)| +### **Cacls** +Change access control list, Microsoft Windows native command-line utility often used for modifying the security permission on folders and files. See [Access control lists](/windows/win32/secauthz/access-control-lists). +### **CIS Benchmark** +(Kubernetes) Center for Internet Security benchmark. See [CIS](../aks/cis-kubernetes.md). +### **Cloud security graph** +The cloud security graph is a graph-based context engine that exists within Defender for Cloud. The cloud security graph collects data from your multicloud environment and other data sources. See [What is the cloud security graph?](concept-attack-path.md#what-is-cloud-security-graph). +### **CORS** +Cross origin resource sharing, an HTTP feature that enables a web application running under one domain to access resources in another domain. See [CORS](/rest/api/storageservices/cross-origin-resource-sharing--cors--support-for-the-azure-storage-services). +### **CNAPP** +Cloud Native Application Protection Platform. See [Build cloud native applications in Azure](https://azure.microsoft.com/solutions/cloud-native-apps/). +### **CNCF** +Cloud Native Computing Foundation. Learn how to [build CNCF projects by using Azure Kubernetes service](/azure/architecture/example-scenario/apps/build-cncf-incubated-graduated-projects-aks). +### **CSPM** +Cloud Security Posture Management. See [Cloud Security Posture Management (CSPM)](concept-cloud-security-posture-management.md). +### **CWPP** +Cloud Workload Protection Platform. See [CWPP](./overview-page.md). ## D -| Term | Description | Learn more | -|--|--|--| -| **DDOS Attack** | Distributed denial-of-service, a type of attack where an attacker sends more requests to an application than the application is capable of handling.| [DDOS FAQs](../ddos-protection/ddos-faq.yml)| +### Data Aware Security Posture +Data-aware security posture automatically discovers datastores containing sensitive data, and helps reduce risk of data breaches. Learn about [data-aware security posture](concept-data-security-posture.md). +### **DDOS Attack** +Distributed denial-of-service, a type of attack where an attacker sends more requests to an application than the application is capable of handling. See [DDOS FAQs](../ddos-protection/ddos-faq.yml). ## E -| Term | Description | Learn more | -|--|--|--| -|**EASM**| External Attack Surface Management|[EASM Overview](how-to-manage-attack-path.md#external-attack-surface-management-easm)| -|**EDR**| Endpoint Detection and Response|[Microsoft Defender for Endpoint](integration-defender-for-endpoint.md)| -|**EKS**| Amazon Elastic Kubernetes Service, Amazon's managed service for running Kubernetes on AWS without needing to install, operate, and maintain your own Kubernetes control plane or nodes.|[EKS](https://aws.amazon.com/eks/)| -|**eBPF**|Extended Berkley Packet Filter |[What is eBPF?](https://ebpf.io/)| +### **EASM** +External Attack Surface Management. See [EASM Overview](how-to-manage-attack-path.md#external-attack-surface-management-easm). +### **EDR** +Endpoint Detection and Response. See [Microsoft Defender for Endpoint](integration-defender-for-endpoint.md). +### **EKS** +Amazon Elastic Kubernetes Service, Amazon's managed service for running Kubernetes on AWS without needing to install, operate, and maintain your own Kubernetes control plane or nodes. See[EKS](https://aws.amazon.com/eks/). +### **eBPF** +Extended Berkley Packet Filter [What is eBPF?](https://ebpf.io/) ## F -| Term | Description | Learn more | -|--|--|--| -|**FIM**| File Integrity Monitoring | ([File Integrity Monitoring in Microsoft Defender for Cloud](file-integrity-monitoring-overview.md)| -**FTP** | File Transfer Protocol | [Deploy content using FTP](../app-service/deploy-ftp.md?tabs=portal)| +### **FIM** +File Integrity Monitoring. Learn about ([file Integrity Monitoring in Microsoft Defender for Cloud](file-integrity-monitoring-overview.md). +### **FTP** +File Transfer Protocol. Learn how to [Deploy content using FTP](../app-service/deploy-ftp.md). ## G -| Term | Description | Learn more | -|--|--|--| -|**GCP**| Google Cloud Platform | [Onboard a GPC Project](../active-directory/cloud-infrastructure-entitlement-management/onboard-gcp.md)| -|**GKE**| Google Kubernetes Engine, Google's managed environment for deploying, managing, and scaling applications using GCP infrastructure.|[Deploy a Kubernetes workload using GPU sharing on your Azure Stack Edge Pro](../databox-online/azure-stack-edge-gpu-deploy-kubernetes-gpu-sharing.md)| -|**Governance**| A set of rules and policies adopted by companies that run services in the cloud. The goal of cloud governance is to enhance data security, manage risk, and enable the smooth operation of cloud systems.|[Governance Overview](governance-rules.md)| +### **GCP** +Google Cloud Platform. Learn how to [onboard a GPC Project](../active-directory/cloud-infrastructure-entitlement-management/onboard-gcp.md). +### **GKE** +Google Kubernetes Engine, Google's managed environment for deploying, managing, and scaling applications using GCP infrastructure.|[Deploy a Kubernetes workload using GPU sharing on your Azure Stack Edge Pro](../databox-online/azure-stack-edge-gpu-deploy-kubernetes-gpu-sharing.md). +### **Governance** +A set of rules and policies adopted by companies that run services in the cloud. The goal of cloud governance is to enhance data security, manage risk, and enable the smooth operation of cloud systems.[Governance Overview](governance-rules.md). ## I -| Term | Description | Learn more | -|--|--|--| -| **IaaS** | Infrastructure as a service, a type of cloud computing service that offers essential compute, storage, and networking resources on demand, on a pay-as-you-go basis. |[What is IaaS?](https://azure.microsoft.com/resources/cloud-computing-dictionary/what-is-iaas/) -| **IAM** | Identity and Access management |[Introduction to IAM](https://www.microsoft.com/security/business/security-101/what-is-identity-access-management-iam)| +### **IaaS** +Infrastructure as a service, a type of cloud computing service that offers essential compute, storage, and networking resources on demand, on a pay-as-you-go basis. [What is IaaS?](https://azure.microsoft.com/resources/cloud-computing-dictionary/what-is-iaas/). +### **IAM** +Identity and Access management. [Introduction to IAM](https://www.microsoft.com/security/business/security-101/what-is-identity-access-management-iam). ## J -| Term | Description | Learn more | -|--|--|--| -| **JIT** | Just-in-Time VM access |[Understanding just-in-time (JIT) VM access](just-in-time-access-overview.md)| +### **JIT** +Just-in-Time VM access. [Understanding just-in-time (JIT) VM access](just-in-time-access-overview.md). ## K -| Term | Description | Learn more | -|--|--|--| -|**Kill Chain**|The series of steps that describe the progression of a cyberattack from reconnaissance to data exfiltration. Defender for Cloud's supported kill chain intents are based on the MITRE ATT&CK matrix. | [MITRE Attack Matrix](https://attack.mitre.org/matrices/enterprise/)| -|**KQL**|Kusto Query Language-a tool to explore your data and discover patterns, identify anomalies and outliers, create statistical modeling, and more.| [KQL Overview](/azure/data-explorer/kusto/query/)| +### **Kill Chain** +The series of steps that describe the progression of a cyberattack from reconnaissance to data exfiltration. Defender for Cloud's supported kill chain intents are based on the MITRE ATT&CK matrix. [MITRE Attack Matrix](https://attack.mitre.org/matrices/enterprise/). +### **KQL** +Kusto Query Language - a tool to explore your data and discover patterns, identify anomalies and outliers, create statistical modeling, and more. [KQL Overview](/azure/data-explorer/kusto/query/). ## L -| Term | Description | Learn more | -|--|--|--| -|**LSA**| Local Security Authority| [Secure and use policies on virtual machines in Azure](../virtual-machines/security-policy.md)| +### **LSA** +Local Security Authority. Learn about [secure and use policies on virtual machines in Azure](../virtual-machines/security-policy.md). ## M -| Term | Description | Learn more | -|--|--|--| -|**MCSB**| Microsoft Cloud Security Benchmark | [MCSB in Defender for Cloud](concept-regulatory-compliance.md#microsoft-cloud-security-benchmark-in-defender-for-cloud)| -|**MDC**| Microsoft Defender for Cloud is a Cloud Security Posture Management (CSPM) and Cloud Workload Protection Platform (CWPP) for all of your Azure, on-premises, and multicloud (Amazon AWS and Google GCP) resources. | [What is Microsoft Defender for Cloud?](defender-for-cloud-introduction.md)| -|**MDE**| Microsoft Defender for Endpoint is an enterprise endpoint security platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats.|[Protect your endpoints with Defender for Cloud's integrated EDR solution: Microsoft Defender for Endpoint](integration-defender-for-endpoint.md)| -|**MFA**|multi factor authentication, a process in which users are prompted during the sign-in process for an extra form of identification, such as a code on their cellphone or a fingerprint scan.|[How it works: Azure Multi Factor Authentication](../active-directory/authentication/concept-mfa-howitworks.md)| -|**MITRE ATT&CK**| A globally accessible knowledge base of adversary tactics and techniques based on real-world observations.|[MITRE ATT&CK](https://attack.mitre.org/)| -|**MMA**| Microsoft Monitoring Agent, also known as Log Analytics Agent|[Log Analytics Agent Overview](../azure-monitor/agents/log-analytics-agent.md)| +### **MCSB** +Microsoft Cloud Security Benchmark. See [MCSB in Defender for Cloud](concept-regulatory-compliance.md#microsoft-cloud-security-benchmark-in-defender-for-cloud). +### **MDC** +Microsoft Defender for Cloud is a Cloud Security Posture Management (CSPM) and Cloud Workload Protection Platform (CWPP) for all of your Azure, on-premises, and multicloud (Amazon AWS and Google GCP) resources. [What is Microsoft Defender for Cloud?](defender-for-cloud-introduction.md). +### **MDE** +Microsoft Defender for Endpoint is an enterprise endpoint security platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats. [Protect your endpoints with Defender for Cloud's integrated EDR solution: Microsoft Defender for Endpoint](integration-defender-for-endpoint.md). +### **MDVM** +Microsoft Defender Vulnerability Management. Learn how to [enable vulnerability scanning with Microsoft Defender Vulnerability Management](deploy-vulnerability-assessment-defender-vulnerability-management.md). ++### **MFA** +Multi-factor authentication, a process in which users are prompted during the sign-in process for an extra form of identification, such as a code on their cellphone or a fingerprint scan.[How it works: Azure Multi Factor Authentication](../active-directory/authentication/concept-mfa-howitworks.md). +### **MITRE ATT&CK** +A globally accessible knowledge base of adversary tactics and techniques based on real-world observations. [MITRE ATT&CK](https://attack.mitre.org/). +### **MMA** +Microsoft Monitoring Agent, also known as Log Analytics Agent|[Log Analytics Agent Overview](../azure-monitor/agents/log-analytics-agent.md). ## N -| Term | Description | Learn more | -|--|--|--| -|**NGAV**| Next Generation Anti-Virus | -**NIST** | National Institute of Standards and Technology|[National Institute of Standards and Technology](https://www.nist.gov/) -|**NSG**| Network Security Group |[network security groups (NSGs)](../virtual-network/network-security-groups-overview.md)| +### **NGAV** +Next Generation Anti-Virus +### **NIST** +National Institute of Standards and Technology. See [National Institute of Standards and Technology](https://www.nist.gov/). +### **NSG** +Network Security Group. Learn about [network security groups (NSGs)](../virtual-network/network-security-groups-overview.md). ## P -| Term | Description | Learn more | -|--|--|--| -|**PaaS**| Platform as a service (PaaS) is a complete development and deployment environment in the cloud, with resources that enable you to deliver everything from simple cloud-based apps to sophisticated, cloud-enabled enterprise applications. |[What is PaaS?](https://azure.microsoft.com/resources/cloud-computing-dictionary/what-is-paas/) +### **PaaS** +Platform as a service (PaaS) is a complete development and deployment environment in the cloud, with resources that enable you to deliver everything from simple cloud-based apps to sophisticated, cloud-enabled enterprise applications. [What is PaaS?](https://azure.microsoft.com/resources/cloud-computing-dictionary/what-is-paas/). ## R -| Term | Description | Learn more | -|--|--|--| -|**RaMP**| Rapid Modernization Plan, guidance based on initiatives, giving you a set of deployment paths to more quickly implement key layers of protection.|[Zero Trust Rapid Modernization Plan](../security/fundamentals/zero-trust.md)| -|**RBAC**| Azure role-based access control (Azure RBAC) helps you manage who has access to Azure resources, what they can do with those resources, and what areas they have access to. | [RBAC Overview](../role-based-access-control/overview.md)| -|**RDP** | Remote Desktop Protocol (RDP) is a sophisticated technology that uses various techniques to perfect the server's remote graphics' delivery to the client device.| [RDP Bandwidth Requirements](../virtual-desktop/rdp-bandwidth.md)| -|**Recommendations**|Recommendations secure your workloads with step-by-step actions that protect your workloads from known security risks.| [What are security policies, initiatives, and recommendations?](security-policy-concept.md)| -|**Regulatory Compliance** | Regulatory compliance refers to the discipline and process of ensuring that a company follows the laws enforced by governing bodies in their geography or rules required | [Regulatory Compliance Overview](/azure/cloud-adoption-framework/govern/policy-compliance/regulatory-compliance) | +### **RaMP** +Rapid Modernization Plan, guidance based on initiatives, giving you a set of deployment paths to more quickly implement key layers of protection. Learn about [Zero Trust Rapid Modernization Plan](../security/fundamentals/zero-trust.md). +### **RBAC** +Azure role-based access control (Azure RBAC) helps you manage who has access to Azure resources, what they can do with those resources, and what areas they have access to. [RBAC Overview](../role-based-access-control/overview.md). +### **RDP** +Remote Desktop Protocol (RDP) is a sophisticated technology that uses various techniques to perfect the server's remote graphics' delivery to the client device. [RDP Bandwidth Requirements](../virtual-desktop/rdp-bandwidth.md). +### **Recommendations** +Recommendations secure your workloads with step-by-step actions that protect your workloads from known security risks. [What are security policies, initiatives, and recommendations?](security-policy-concept.md). +### **Regulatory Compliance** +Regulatory compliance refers to the discipline and process of ensuring that a company follows the laws enforced by governing bodies in their geography or rules required. [Regulatory Compliance Overview](/azure/cloud-adoption-framework/govern/policy-compliance/regulatory-compliance). ## S -| Term | Description | Learn more | -|--|--|--| -|**SAS**| Shared access signature that provides secure delegated access to resources in your storage account.|[Storage SAS Overview](/azure/storage/common/storage-sas-overview)| -|**SaaS**| Software as a service (SaaS) allows users to connect to and use cloud-based apps over the Internet. Common examples are email, calendaring, and office tools (such as Microsoft Office 365). SaaS provides a complete software solution that you purchase on a pay-as-you-go basis from a cloud service provider.|[What is SaaS?](https://azure.microsoft.com/resources/cloud-computing-dictionary/what-is-saas/)| -|**Secure Score**|Defender for Cloud continually assesses your cross-cloud resources for security issues. It then aggregates all the findings into a single score that represents your current security situation: the higher the score, the lower the identified risk level.|[Security posture for Microsoft Defender for Cloud](secure-score-security-controls.md)| -|**Security Alerts**|Security alerts are the notifications generated by Defender for Cloud and Defender for Cloud plans when threats are identified in your cloud, hybrid, or on-premises environment.|[What are security alerts?](../defender-for-cloud/alerts-overview.md#what-are-security-alerts)| -|**Security Initiative** | A collection of Azure Policy Definitions, or rules, that are grouped together towards a specific goal or purpose. | [What are security policies, initiatives, and recommendations?](security-policy-concept.md) -|**Security Policy**| An Azure rule about specific security conditions that you want controlled.|[Understanding Security Policies](security-policy-concept.md)| -|**SIEM**| Security Information and Event Management.| [What is SIEM?](https://www.microsoft.com/security/business/security-101/what-is-siem?rtc=1)| -|**SOAR**| Security Orchestration Automated Response, a collection of software tools designed to collect data about security threats from multiple sources and respond to low-level security events without human assistance.| [SOAR](../sentinel/automation.md)| +### **SAS** +Shared access signature that provides secure delegated access to resources in your storage account.[Storage SAS Overview](/azure/storage/common/storage-sas-overview). +### **SaaS** +Software as a service (SaaS) allows users to connect to and use cloud-based apps over the Internet. Common examples are email, calendaring, and office tools (such as Microsoft Office 365). SaaS provides a complete software solution that you purchase on a pay-as-you-go basis from a cloud service provider.[What is SaaS?](https://azure.microsoft.com/resources/cloud-computing-dictionary/what-is-saas/). +### **Secure Score** +Defender for Cloud continually assesses your cross-cloud resources for security issues. It then aggregates all the findings into a single score that represents your current security situation: the higher the score, the lower the identified risk level. Learn more about [security posture for Microsoft Defender for Cloud](secure-score-security-controls.md). +### **Security Alerts** +Security alerts are the notifications generated by Defender for Cloud and Defender for Cloud plans when threats are identified in your cloud, hybrid, or on-premises environment.[What are security alerts?](../defender-for-cloud/alerts-overview.md#what-are-security-alerts) +### **Security Initiative** +A collection of Azure Policy Definitions, or rules, that are grouped together towards a specific goal or purpose. [What are security policies, initiatives, and recommendations?](security-policy-concept.md) +### **Security Policy** +An Azure rule about specific security conditions that you want controlled.[Understanding Security Policies](security-policy-concept.md). +### **SIEM** +Security Information and Event Management. [What is SIEM?](https://www.microsoft.com/security/business/security-101/what-is-siem?rtc=1) +### **SOAR** +Security Orchestration Automated Response, a collection of software tools designed to collect data about security threats from multiple sources and respond to low-level security events without human assistance. Learn more about [SOAR](../sentinel/automation.md). ## T -| Term | Description | Learn more | -|--|--|--| -|**TVM**|Threat and Vulnerability Management, a built-in module in Microsoft Defender for Endpoint that can discover vulnerabilities and misconfigurations in near real time and prioritize vulnerabilities based on the threat landscape and detections in your organization.|[Investigate weaknesses with Microsoft Defender for Endpoint's threat and vulnerability management](deploy-vulnerability-assessment-defender-vulnerability-management.md) +### **TVM** +Threat and Vulnerability Management, a built-in module in Microsoft Defender for Endpoint that can discover vulnerabilities and misconfigurations in near real time and prioritize vulnerabilities based on the threat landscape and detections in your organization.[Investigate weaknesses with Microsoft Defender for Endpoint's threat and vulnerability management](deploy-vulnerability-assessment-defender-vulnerability-management.md). ++## W ++### **WAF** +Web Application Firewall (WAF) provides centralized protection of your web applications from common exploits and vulnerabilities. Learn more about [WAF](../web-application-firewall/overview.md). ## Z -| Term | Description | Learn more | -|--|--|--| -|**Zero-Trust**|A new security model that assumes breach and verifies each request as though it originated from an uncontrolled network.|[Zero-Trust Security](../security/fundamentals/zero-trust.md)| +### **Zero-Trust** +A new security model that assumes breach and verifies each request as though it originated from an uncontrolled network. Learn more about [Zero-Trust Security](../security/fundamentals/zero-trust.md). ## Next Steps |
| defender-for-cloud | Defender For Cloud Introduction | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/defender-for-cloud-introduction.md | Title: What is Microsoft Defender for Cloud?-+ description: Use Microsoft Defender for Cloud to protect your Azure, hybrid, and multicloud resources and workloads. Last updated 05/21/2023 |
| defender-for-cloud | Defender For Containers Architecture | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/defender-for-containers-architecture.md | Title: Container security architecture in Microsoft Defender for Cloud + Title: Container security architecture description: Learn about the architecture of Microsoft Defender for Containers for each container platform |
| defender-for-cloud | Defender For Containers Enable | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/defender-for-containers-enable.md | Title: How to enable Microsoft Defender for Containers in Microsoft Defender for Cloud + Title: How to enable Microsoft Defender for Containers description: Enable the container protections of Microsoft Defender for Containers |
| defender-for-cloud | Defender For Containers Introduction | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/defender-for-containers-introduction.md | Title: Container security with Microsoft Defender for Cloud + Title: Container security description: Learn about Microsoft Defender for Containers |
| defender-for-cloud | Defender For Containers Vulnerability Assessment Azure | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/defender-for-containers-vulnerability-assessment-azure.md | Title: Identify vulnerabilities in Azure Container Registry with Microsoft Defender for Cloud + Title: Identify vulnerabilities in Azure Container Registry description: Learn how to use Defender for Containers to scan images in your Azure Container Registry to find vulnerabilities. |
| defender-for-cloud | Defender For Containers Vulnerability Assessment Elastic | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/defender-for-containers-vulnerability-assessment-elastic.md | Title: Identify vulnerabilities in Amazon AWS Elastic Container Registry with Microsoft Defender for Cloud + Title: Identify vulnerabilities in Amazon AWS Elastic Container Registry description: Learn how to use Defender for Containers to scan images in your Amazon AWS Elastic Container Registry (ECR) to find vulnerabilities. |
| defender-for-cloud | Defender For Databases Enable Cosmos Protections | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/defender-for-databases-enable-cosmos-protections.md | Title: Enable Microsoft Defender for Azure Cosmos DB description: Learn how to enable enhanced security features in Microsoft Defender for Azure Cosmos DB.- |
| defender-for-cloud | Defender For Dns Alerts | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/defender-for-dns-alerts.md | Title: Respond to Microsoft Defender for DNS alerts - Microsoft Defender for Cloud + Title: Respond to Microsoft Defender for DNS alerts description: Learn best practices for responding to alerts that indicate security risks in DNS services. Last updated 6/21/2022 |
| defender-for-cloud | Defender For Sql Scan Results | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/defender-for-sql-scan-results.md | Title: How to consume and export scan results description: Learn how to consume and export Defender for SQL's scan results.-+ Last updated 06/04/2023 |
| defender-for-cloud | Defender For Storage Classic Enable | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/defender-for-storage-classic-enable.md | Title: Enable and configure Microsoft Defender for Storage (classic) - Microsoft Defender for Cloud + Title: Enable and configure Microsoft Defender for Storage (classic) description: Learn about how to enable and configure Microsoft Defender for Storage (classic). Last updated 06/15/2023 |
| defender-for-cloud | Defender For Storage Classic Migrate | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/defender-for-storage-classic-migrate.md | Title: Migrate from Defender for Storage (classic) - Microsoft Defender for Cloud + Title: Migrate from Defender for Storage (classic) description: Learn about how to migrate from Defender for Storage (classic) to the new Defender for Storage plan to take advantage of its enhanced capabilities and pricing. Last updated 03/16/2023 |
| defender-for-cloud | Defender For Storage Classic | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/defender-for-storage-classic.md | Title: Microsoft Defender for Storage (classic) - Microsoft Defender for Cloud + Title: Microsoft Defender for Storage (classic) description: Learn about the benefits and features of Microsoft Defender for Storage (classic). Last updated 06/15/2023 |
| defender-for-cloud | Defender For Storage Configure Malware Scan | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/defender-for-storage-configure-malware-scan.md | Title: Setting up response to Malware Scanning - Microsoft Defender for Cloud + Title: Setting up response to Malware Scanning description: Learn about how to configure response to malware scanning to prevent harmful files from being uploaded to Azure Storage. Last updated 03/16/2023 |
| defender-for-cloud | Defender For Storage Data Sensitivity | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/defender-for-storage-data-sensitivity.md | Title: Detect threats to sensitive data - Microsoft Defender for Cloud + Title: Detect threats to sensitive data description: Learn about using security alerts to protect your sensitive data from exposure. Last updated 03/16/2023 |
| defender-for-cloud | Defender For Storage Introduction | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/defender-for-storage-introduction.md | Title: Microsoft Defender for Storage - the benefits and features-+ description: Learn about the benefits and features of Microsoft Defender for Storage. Last updated 06/15/2023 |
| defender-for-cloud | Defender For Storage Malware Scan | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/defender-for-storage-malware-scan.md | Title: Malware Scanning in Defender for Storage - Microsoft Defender for Cloud + Title: Malware Scanning in Defender for Storage description: Learn about the benefits and features of malware scanning in Microsoft Defender for Storage. Last updated 03/16/2023 |
| defender-for-cloud | Defender For Storage Test | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/defender-for-storage-test.md | Title: Test the Defender for Storage data security features - Microsoft Defender for Cloud + Title: Test the Defender for Storage data security features description: Learn how to test the Malware Scanning, sensitive data threat detection, and activity monitoring provided by Defender for Storage. |
| defender-for-cloud | Defender For Storage Threats Alerts | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/defender-for-storage-threats-alerts.md | Title: List of security threats and security alerts - Microsoft Defender for Cloud + Title: List of security threats and security alerts description: Learn about the security threats and alerts Microsoft Defender for Storage provides to detect and respond to potential security risks. Last updated 03/16/2023 |
| defender-for-cloud | Detect Exposed Secrets | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/detect-exposed-secrets.md | Title: Detect exposed secrets in code-+ description: Prevent passwords and other secrets that may be stored in your code from being accessed by outside individuals by using Defender for Cloud's secret scanning for Defender for DevOps. |
| defender-for-cloud | Disable Vulnerability Findings Containers | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/disable-vulnerability-findings-containers.md | Title: Disable vulnerability assessment findings on Container registry images and running images in Microsoft Defender for Cloud + Title: Disable vulnerability assessment findings on Container registry images and running images description: Microsoft Defender for Cloud includes a fully integrated agentless vulnerability assessment solution powered by MDVM (Microsoft Defender Vulnerability Management). Last updated 07/09/2023 |
| defender-for-cloud | Enable Vulnerability Assessment Agentless | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/enable-vulnerability-assessment-agentless.md | Title: Enable agentless vulnerability scanning - Microsoft Defender for Cloud + Title: Enable agentless vulnerability scanning description: Find installed software and software vulnerabilities on your Azure machines and AWS machines without installing an agent. |
| defender-for-cloud | Endpoint Protection Recommendations Technical | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/endpoint-protection-recommendations-technical.md | Title: Endpoint protection recommendations in Microsoft Defender for Cloud + Title: Endpoint protection recommendations description: How the endpoint protection solutions are discovered and identified as healthy. |
| defender-for-cloud | Episode Eighteen | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/episode-eighteen.md | Title: Defender for Azure Cosmos DB | Defender for Cloud in the Field-+ description: Learn about Defender for Cloud integration with Azure Cosmos DB. Last updated 04/27/2023 |
| defender-for-cloud | Episode Fifteen | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/episode-fifteen.md | Title: Remediate security recommendations with governance-+ description: Learn about the new governance feature in Defender for Cloud, and how to drive security posture improvement. Last updated 04/27/2023 |
| defender-for-cloud | Episode Four | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/episode-four.md | Title: Security posture management improvements in Microsoft Defender for Cloud + Title: Security posture management improvements description: Learn how to manage your security posture with Microsoft Defender for Cloud. Last updated 04/27/2023 |
| defender-for-cloud | Episode Fourteen | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/episode-fourteen.md | Title: Defender for Servers deployment in AWS and GCP-+ description: Learn about the capabilities available for Defender for Servers deployment within AWS and GCP. Last updated 04/27/2023 |
| defender-for-cloud | Episode Nineteen | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/episode-nineteen.md | Title: Defender for DevOps | Defender for Cloud in the Field-+ description: Learn about Defender for Cloud integration with Defender for DevOps. Last updated 04/27/2023 |
| defender-for-cloud | Episode One | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/episode-one.md | Title: New AWS connector in Microsoft Defender for Cloud + Title: New AWS connector description: Learn all about the new AWS connector in Microsoft Defender for Cloud. Last updated 04/27/2023 |
| defender-for-cloud | Episode Seven | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/episode-seven.md | Title: New GCP connector in Microsoft Defender for Cloud + Title: New GCP connector description: Learn all about the new GCP connector in Microsoft Defender for Cloud. Last updated 04/27/2023 |
| defender-for-cloud | Episode Seventeen | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/episode-seventeen.md | Title: Defender for Cloud integration with Microsoft Entra | Defender for Cloud in the Field-+ description: Learn about Defender for Cloud integration with Microsoft Entra. Last updated 04/27/2023 |
| defender-for-cloud | Episode Six | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/episode-six.md | Title: Lessons learned from the field with Microsoft Defender for Cloud + Title: Lessons learned from the field description: Learn how Microsoft Defender for Cloud is used to fill the gap between cloud security posture management and cloud workload protection. Last updated 04/27/2023 |
| defender-for-cloud | Episode Sixteen | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/episode-sixteen.md | Title: Defender for Servers integration with Microsoft Defender for Endpoint-+ description: Learn about the integration between Defender for Servers and Microsoft Defender for Endpoint Last updated 04/27/2023 |
| defender-for-cloud | Episode Thirty Four | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/episode-thirty-four.md | Title: Understanding the DevOps Threat Matrix | Defender for Cloud in the Field -+ description: Learn about the DevOps Threat Matrix Last updated 06/21/2023 |
| defender-for-cloud | Episode Thirty One | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/episode-thirty-one.md | Title: Understanding data aware security posture capability | Defender for Cloud in the field -+ description: Learn about data aware security posture capabilities in Defender CSPM Last updated 05/16/2023 |
| defender-for-cloud | Episode Thirty Three | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/episode-thirty-three.md | Title: Agentless Container Posture Management | Defender for Cloud in the field -+ description: Learn about Agentless Container Posture Management Last updated 06/13/2023 |
| defender-for-cloud | Episode Thirty Two | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/episode-thirty-two.md | Title: API Security with Defender for APIs | Defender for Cloud in the field -+ description: Learn about API security with Defender for APIs Last updated 06/08/2023 |
| defender-for-cloud | Episode Thirty | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/episode-thirty.md | Title: New Custom Recommendations for AWS and GCP | Defender for Cloud in the field -+ description: Learn about new custom recommendations for AWS and GCP in Defender for Cloud Last updated 05/14/2023 |
| defender-for-cloud | Episode Twenty Eight | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/episode-twenty-eight.md | Title: Zero Trust and Defender for Cloud | Defender for Cloud in the Field -+ description: Learn about Zero Trust best practices and Zero Trust visibility and analytics tools Last updated 04/27/2023 |
| defender-for-cloud | Episode Twenty Five | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/episode-twenty-five.md | Title: AWS ECR coverage in Defender for Containers | Defender for Cloud in the field-+ description: Learn about AWS ECR coverage in Defender for Containers Last updated 04/27/2023 |
| defender-for-cloud | Episode Twenty Four | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/episode-twenty-four.md | Title: Enhancements in Defender for SQL vulnerability assessment | Defender for Cloud in the field-+ description: Learn about Enhancements in Defender for SQL Vulnerability Assessment Last updated 04/27/2023 |
| defender-for-cloud | Episode Twenty Nine | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/episode-twenty-nine.md | Title: Security policy enhancements in Defender for Cloud | Defender for Cloud in the field -+ description: Learn about security policy enhancements and dashboard in Defender for Cloud Last updated 04/27/2023 |
| defender-for-cloud | Episode Twenty One | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/episode-twenty-one.md | Title: Latest updates in the regulatory compliance dashboard | Defender for Cloud in the Field-+ description: Learn about the latest updates in the regulatory compliance dashboard Last updated 04/27/2023 |
| defender-for-cloud | Episode Twenty Seven | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/episode-twenty-seven.md | Title: Demystifying Defender for Servers | Defender for Cloud in the field-+ description: Learn about different deployment options in Defender for Servers Last updated 04/27/2023 |
| defender-for-cloud | Episode Twenty Six | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/episode-twenty-six.md | Title: Governance capability improvements in Defender for Cloud | Defender for Cloud in the field-+ description: Learn about the need for governance and new at scale governance capability Last updated 04/27/2023 |
| defender-for-cloud | Episode Twenty Three | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/episode-twenty-three.md | Title: Defender Threat Intelligence | Defender for Cloud in the field-+ description: Learn about Microsoft Defender Threat Intelligence (Defender TI) Last updated 04/27/2023 |
| defender-for-cloud | Episode Twenty Two | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/episode-twenty-two.md | Title: Defender EASM | Defender for Cloud in the field-+ description: Learn about Microsoft Defender External Attack Surface Management (Defender EASM) Last updated 04/27/2023 |
| defender-for-cloud | Episode Twenty | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/episode-twenty.md | Title: Cloud security explorer and attack path analysis | Defender for Cloud in the Field-+ description: Learn about cloud security explorer and attack path analysis. Last updated 04/27/2023 |
| defender-for-cloud | Episode Two | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/episode-two.md | Title: Integrate Azure Purview with Microsoft Defender for Cloud + Title: Integrate Azure Purview description: Learn how to integrate Azure Purview with Microsoft Defender for Cloud. Last updated 04/27/2023 |
| defender-for-cloud | Governance Rules | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/governance-rules.md | Title: Driving your organization to remediate security issues with recommendation governance in Microsoft Defender for Cloud + Title: Driving your organization to remediate security issues with recommendation governance description: Learn how to assign owners and due dates to security recommendations and create rules to automatically assign owners and due dates |
| defender-for-cloud | How To Manage Attack Path | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/how-to-manage-attack-path.md | Title: Identify and remediate attack paths-+ description: Learn how to manage your attack path analysis and build queries to locate vulnerabilities in your multicloud environment. |
| defender-for-cloud | How To Manage Aws Assessments Standards | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/how-to-manage-aws-assessments-standards.md | Title: Manage AWS assessments and standards-+ description: Learn how to create custom security assessments and standards for your AWS environment. Last updated 03/09/2023 |
| defender-for-cloud | How To Manage Cloud Security Explorer | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/how-to-manage-cloud-security-explorer.md | Title: Build queries with cloud security explorer-+ description: Learn how to build queries in cloud security explorer to find vulnerabilities that exist on your multicloud environment. |
| defender-for-cloud | How To Manage Gcp Assessments Standards | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/how-to-manage-gcp-assessments-standards.md | Title: Manage GCP assessments and standards-+ description: Learn how to create standards for your GCP environment. Last updated 03/08/2023 |
| defender-for-cloud | How To Use The Classic Connector | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/how-to-use-the-classic-connector.md | Title: Manage classic cloud connectors-+ description: Learn how to manage AWS and GCP classic connectors and remove them from your subscription. Last updated 06/29/2023 |
| defender-for-cloud | Iac Vulnerabilities | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/iac-vulnerabilities.md | Title: Discover misconfigurations in Infrastructure as Code-+ description: Learn how to use Defender for DevOps to discover misconfigurations in Infrastructure as Code (IaC) Last updated 01/24/2023 |
| defender-for-cloud | Implement Security Recommendations | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/implement-security-recommendations.md | Title: Implement security recommendations in Microsoft Defender for Cloud + Title: Implement security recommendations description: This article explains how to respond to recommendations in Microsoft Defender for Cloud to protect your resources and satisfy security policies. |
| defender-for-cloud | Incidents Reference | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/incidents-reference.md | Title: Reference table for all incidents in Microsoft Defender for Cloud + Title: Reference table for all incidents description: This article lists the incidents visible in Microsoft Defender for Cloud Last updated 06/07/2023 |
| defender-for-cloud | Incidents | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/incidents.md | Title: Manage security incidents in Microsoft Defender for Cloud + Title: Manage security incidents description: This document helps you to use Microsoft Defender for Cloud to manage security incidents. |
| defender-for-cloud | Information Protection | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/information-protection.md | Title: Prioritize security actions by data sensitivity - Microsoft Defender for Cloud + Title: Prioritize security actions by data sensitivity description: Use Microsoft Purview's data sensitivity classifications in Microsoft Defender for Cloud |
| defender-for-cloud | Integration Defender For Endpoint | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/integration-defender-for-endpoint.md | Title: Using Microsoft Defender for Endpoint in Microsoft Defender for Cloud to protect native, on-premises, and AWS machines. + Title: Using Microsoft Defender for Endpoint to protect native, on-premises, and AWS machines. description: Learn about deploying Microsoft Defender for Endpoint from Microsoft Defender for Cloud to protect Azure, hybrid, and multicloud machines. |
| defender-for-cloud | Investigate Resource Health | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/investigate-resource-health.md | Title: 'Tutorial: Investigate the health of your resources - Microsoft Defender for Cloud' + Title: Tutorial - Investigate the health of your resources description: 'Tutorial: Learn how to investigate the health of your resources using Microsoft Defender for Cloud.' Last updated 01/24/2023 |
| defender-for-cloud | Just In Time Access Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/just-in-time-access-overview.md | Title: Understand just-in-time virtual machine access in Microsoft Defender for Cloud + Title: Understand just-in-time virtual machine access description: This document explains how just-in-time VM access in Microsoft Defender for Cloud helps you control access to your Azure virtual machines Last updated 06/29/2023 |
| defender-for-cloud | Kubernetes Workload Protections | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/kubernetes-workload-protections.md | Microsoft Defender for Cloud includes a bundle of recommendations that are avail ## Prerequisites -- Add the [Required FQDN/application rules for Azure policy](../aks/outbound-rules-control-egress.md#azure-policy).+- Add the [Required FQDN/application rules for Azure policy](../aks/outbound-rules-control-egress.md#azure-policy). - (For non AKS clusters) [Connect an existing Kubernetes cluster to Azure Arc](../azure-arc/kubernetes/quickstart-connect-cluster.md). ## Enable Kubernetes data plane hardening You can enable the Azure policy for Kubernetes by one of two ways:+ - Enable for all current and future clusters using plan/connector settings- - [Enabling for Azure subscriptions or on-premises](#enabling-for-azure-subscriptions-or-on-premises) - - [Enabling for GCP projects](#enabling-for-gcp-projects) -- [Enable for existing clusters using recommendations (specific clusters or all clusters)](#manually-deploy-the-add-on-to-clusters-using-recommendations-on-specific-clusters). + - [Enabling for Azure subscriptions or on-premises](#enabling-for-azure-subscriptions-or-on-premises) + - [Enabling for GCP projects](#enabling-for-gcp-projects) +- [Enable for existing clusters using recommendations (specific clusters or all clusters)](#manually-deploy-the-add-on-to-clusters-using-recommendations-on-specific-clusters). ### Enable for all current and future clusters using plan/connector settings - > [!NOTE] > When you enable this setting, the Azure Policy for Kubernetes pods are installed on the cluster. Doing so allocates a small amount of CPU and memory for the pods to use. This allocation might reach maximum capacity, but it doesn't affect the rest of the CPU and memory on the resource. When you enable Microsoft Defender for Containers, the "Azure Policy for Kuberne If you disabled the "Azure Policy for Kubernetes" settings under the containers plan, you can follow the below steps to enable it across all clusters in your subscription: -1. Sign in to the [Azure portal](https://portal.azure.com). +1. Sign in to the [Azure portal](https://portal.azure.com). 1. Navigate to **Microsoft Defender for Cloud** > **Environment settings**. If you disabled the "Azure Policy for Kubernetes" settings under the containers :::image type="content" source="media/kubernetes-workload-protections/toggle-on-extensions.png" alt-text="Screenshot showing the toggles used to enable or disable the extensions." lightbox="media/kubernetes-workload-protections/toggle-on-extensions.png"::: -#### Enabling for GCP projects +#### Enabling for GCP projects When you enable Microsoft Defender for Containers on a GCP connector, the "Azure Policy Extension for Azure Arc" setting is enabled by default for the Google Kubernetes Engine in the relevant project. If you disable the setting on initial configuration you can enable it afterwards manually. -If you disabled the "Azure Policy Extension for Azure Arc" settings under the GCP connector, you can follow the below steps to [enable it on your GCP connector](https://learn.microsoft.com/azure/defender-for-cloud/defender-for-containers-enable?tabs=aks-deploy-portal%2Ck8s-deploy-asc%2Ck8s-verify-asc%2Ck8s-remove-arc%2Caks-removeprofile-api&pivots=defender-for-container-gke#protect-google-kubernetes-engine-gke-clusters). +If you disabled the "Azure Policy Extension for Azure Arc" settings under the GCP connector, you can follow the below steps to [enable it on your GCP connector](defender-for-containers-enable.md?tabs=aks-deploy-portal%2Ck8s-deploy-asc%2Ck8s-verify-asc%2Ck8s-remove-arc%2Caks-removeprofile-api&pivots=defender-for-container-gke&preserve-view=true#protect-google-kubernetes-engine-gke-clusters). ### Manually deploy the add-on to clusters using recommendations on specific clusters You can manually configure the Kubernetes data plane hardening add-on, or extension on specific cluster through the Recommendations page using the following recommendations: -- **Azure Recommendations** - `"Azure Policy add-on for Kubernetes should be installed and enabled on your clusters"`, or `"Azure policy extension for Kubernetes should be installed and enabled on your clusters"`. +- **Azure Recommendations** - `"Azure Policy add-on for Kubernetes should be installed and enabled on your clusters"`, or `"Azure policy extension for Kubernetes should be installed and enabled on your clusters"`. - **GCP Recommendation** - `"GKE clusters should have Microsoft Defender's extension for Azure Arc installed"`. - **AWS Recommendation** - `"EKS clusters should have Microsoft Defender's extension for Azure Arc installed"`. Once enabled, the hardening recommendation becomes available (some of the recommendations require another configuration to work). -> [!NOTE] +> [!NOTE] > For AWS it isn't possible to do onboarding at scale using the connector, but it can be installed on all clusters or specific clusters using the recommendation ["EKS clusters should have Microsoft Defender's extension for Azure Arc installed"](https://portal.azure.com/#blade/Microsoft_Azure_Security/RecommendationsBlade/assessmentKey/38307993-84fb-4636-8ce7-3a64466bb5cc). - **To deploy the add-on to specified clusters**: 1. From the recommendations page, search for the relevant recommendation: - **Azure** - `Azure Kubernetes Service clusters should have the Azure Policy add-on for Kubernetes installed` or `Azure policy extension for Kubernetes should be installed and enabled on your clusters` - **AWS** - `EKS clusters should have Microsoft Defender's extension for Azure Arc installed` - **GCP** - `GKE clusters should have Microsoft Defender's extension for Azure Arc installed`- + :::image type="content" source="./media/kubernetes-workload-protections/azure-kubernetes-service-clusters-recommendation.png" alt-text="Screenshot showing the Azure Kubernetes service clusters recommendation." lightbox="media/kubernetes-workload-protections/azure-kubernetes-service-clusters-recommendation.png"::: > [!TIP] Once enabled, the hardening recommendation becomes available (some of the recomm Approximately 30 minutes after the add-on installation completes, Defender for Cloud shows the clusters’ health status for the following recommendations, each in the relevant security control as shown: > [!NOTE]-> If you're installing the add-on/extension for the first time, these recommendations will appear as new additions in the list of recommendations. +> If you're installing the add-on/extension for the first time, these recommendations will appear as new additions in the list of recommendations. > [!TIP] > Some recommendations have parameters that must be customized via Azure Policy to use them effectively. For example, to benefit from the recommendation **Container images should be deployed only from trusted registries**, you'll have to define your trusted registries. If you don't enter the necessary parameters for the recommendations that require configuration, your workloads will be shown as unhealthy. Approximately 30 minutes after the add-on installation completes, Defender for C | Privileged containers should be avoided | Manage access and permissions | No | | Running containers as root user should be avoided | Manage access and permissions | No | - For recommendations with parameters that need to be customized, you need to set the parameters: **To set the parameters**:- -1. Sign in to the [Azure portal](https://portal.azure.com). ++1. Sign in to the [Azure portal](https://portal.azure.com). 1. Navigate to **Microsoft Defender for Cloud** > **Environment settings**. 1. Select the relevant subscription. 1. From Defender for Cloud's menu, select **Security policy**.- + 1. Select the relevant assignment. The default assignment is `ASC default`.- + 1. Open the **Parameters** tab and modify the values as required. :::image type="content" source="media/kubernetes-workload-protections/containers-parameter-requires-configuration.png" alt-text="Screenshot showing where to modify the parameters for one of the recommendations in the Kubernetes data plane hardening protection bundle." lightbox="media/kubernetes-workload-protections/containers-parameter-requires-configuration.png"::: 1. Select **Review + save**.- + 1. Select **Save**. **To enforce any of the recommendations**: For recommendations with parameters that need to be customized, you need to set :::image type="content" source="./media/defender-for-kubernetes-usage/enforce-workload-protection-example.png" alt-text="Screenshot showing the Deny option for Azure Policy parameter." lightbox="media/defender-for-kubernetes-usage/enforce-workload-protection-example.png"::: - The pane to set the scope opens. + The pane to set the scope opens. 1. Set the scope and select **Change to deny**. For recommendations with parameters that need to be customized, you need to set 1. Open Defender for Cloud's [asset inventory](asset-inventory.md) page and set the resource type filter to **Kubernetes services**. -1. Select a cluster to investigate and review the available recommendations available for it. +1. Select a cluster to investigate and review the available recommendations available for it. When you view a recommendation from the workload protection set, the number of affected pods ("Kubernetes components") is listed alongside the cluster. For a list of the specific pods, select the cluster and then select **Take action**. **To test the enforcement, use the two Kubernetes deployments below**: When you view a recommendation from the workload protection set, the number of a Deploy the example .yaml files as-is, or use them as a reference to remediate your own workload. - ## Healthy deployment example .yaml file ```yml spec: ## Next steps -In this article, you learned how to configure Kubernetes data plane hardening. +In this article, you learned how to configure Kubernetes data plane hardening. -For related material, see the following pages: +For related material, see the following pages: - [Defender for Cloud recommendations for compute](recommendations-reference.md#recs-compute) - [Alerts for AKS cluster level](alerts-reference.md#alerts-k8scluster) |
| defender-for-cloud | Management Groups Roles | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/management-groups-roles.md | Title: Organize subscriptions into management groups and assign roles to users for Microsoft Defender for Cloud + Title: Organize subscriptions into management groups and assign roles to users description: Learn how to organize your Azure subscriptions into management groups in Microsoft Defender for Cloud and assign roles to users in your organization Last updated 01/24/2023 |
| defender-for-cloud | Managing And Responding Alerts | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/managing-and-responding-alerts.md | Title: Manage security alerts in Microsoft Defender for Cloud + Title: Manage security alerts description: This document helps you to use Microsoft Defender for Cloud capabilities to manage and respond to security alerts. |
| defender-for-cloud | Multi Factor Authentication Enforcement | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/multi-factor-authentication-enforcement.md | Title: Microsoft Defender for Cloud's security recommendations for MFA + Title: Security recommendations for multi-factor authentication description: Learn how to enforce multi-factor authentication for your Azure subscriptions using Microsoft Defender for Cloud Last updated 06/28/2023 |
| defender-for-cloud | Onboard Management Group | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/onboard-management-group.md | Title: Onboard a management group to Microsoft Defender for Cloud + Title: Onboard a management group description: Learn how to use a supplied Azure Policy definition to enable Microsoft Defender for Cloud for all the subscriptions in a management group. Last updated 02/21/2023 |
| defender-for-cloud | Other Threat Protections | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/other-threat-protections.md | Title: Other threat protections from Microsoft Defender for Cloud + Title: Other threat protections description: Learn about the threat protections available from Microsoft Defender for Cloud Last updated 05/22/2023 |
| defender-for-cloud | Overview Page | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/overview-page.md | Title: Microsoft Defender for Cloud's main dashboard or 'overview' page + Title: Main overview page description: Learn about the features of the Defender for Cloud overview page Last updated 03/08/2023 |
| defender-for-cloud | Partner Integration | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/partner-integration.md | Title: Integrate security solutions in Microsoft Defender for Cloud + Title: Integrate security solutions description: Learn about how Microsoft Defender for Cloud integrates with partners to enhance the overall security of your Azure resources. |
| defender-for-cloud | Permissions | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/permissions.md | Title: User roles and permissions in Microsoft Defender for Cloud + Title: User roles and permissions description: This article explains how Microsoft Defender for Cloud uses role-based access control to assign permissions to users and identify the permitted actions for each role. |
| defender-for-cloud | Plan Defender For Servers Select Plan | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/plan-defender-for-servers-select-plan.md | Title: Select a Defender for Servers plan in Microsoft Defender for Cloud + Title: Select a Defender for Servers plan description: Select a Microsoft Defender for Servers plan in Microsoft Defender for Cloud to protect Azure, AWS, and GCP servers and on-premises machines. |
| defender-for-cloud | Plan Multicloud Security Automate Connector Deployment | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/plan-multicloud-security-automate-connector-deployment.md | Title: Defender for Cloud planning multicloud security automating connector deployment + Title: Planning multicloud security automating connector deployment description: Learn about automating connector deployment when planning multicloud deployment with Microsoft Defender for Cloud. |
| defender-for-cloud | Plan Multicloud Security Define Adoption Strategy | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/plan-multicloud-security-define-adoption-strategy.md | Title: Defender for Cloud Planning multicloud security defining adoption strategy lifecycle strategy guidance + Title: Planning multicloud security defining adoption strategy lifecycle strategy guidance description: Learn about defining broad requirements for business needs and ownership in multicloud environment with Microsoft Defender for Cloud. |
| defender-for-cloud | Plan Multicloud Security Determine Access Control Requirements | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/plan-multicloud-security-determine-access-control-requirements.md | Title: Defender for Cloud Planning multicloud security determine access control requirements guidance + Title: Planning multicloud security determine access control requirements guidance description: Learn about determining access control requirements to meet business goals in multicloud environment with Microsoft Defender for Cloud. |
| defender-for-cloud | Plan Multicloud Security Determine Business Needs | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/plan-multicloud-security-determine-business-needs.md | Title: Defender for Cloud Planning multicloud security determining business needs guidance + Title: Planning multicloud security determining business needs guidance description: Learn about determining business needs to meet business goals in multicloud environment with Microsoft Defender for Cloud. |
| defender-for-cloud | Plan Multicloud Security Determine Compliance Requirements | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/plan-multicloud-security-determine-compliance-requirements.md | Title: Defender for Cloud Planning multicloud security compliance requirements guidance AWS standards GCP standards + Title: Planning multicloud security compliance requirements guidance AWS standards GCP standards description: Learn about determining compliance requirements in multicloud environment with Microsoft Defender for Cloud. |
| defender-for-cloud | Plan Multicloud Security Determine Data Residency Requirements | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/plan-multicloud-security-determine-data-residency-requirements.md | Title: Defender for Cloud Planning multicloud security determine data residency requirements GDPR agent considerations guidance + Title: Planning multicloud security determine data residency requirements GDPR agent considerations guidance description: Learn about determining data residency requirements when planning multicloud deployment with Microsoft Defender for Cloud. |
| defender-for-cloud | Plan Multicloud Security Determine Multicloud Dependencies | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/plan-multicloud-security-determine-multicloud-dependencies.md | Title: Defender for Cloud Planning multicloud security determine multicloud dependencies CSPM CWPP guidance cloud workload protection + Title: Planning multicloud security determine multicloud dependencies CSPM CWPP guidance cloud workload protection description: Learn about determining multicloud dependencies when planning multicloud deployment with Microsoft Defender for Cloud. |
| defender-for-cloud | Plan Multicloud Security Determine Ownership Requirements | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/plan-multicloud-security-determine-ownership-requirements.md | Title: Defender for Cloud Planning multicloud security determine ownership requirements security functions team alignment best practices guidance + Title: Planning multicloud security determine ownership requirements security functions team alignment best practices guidance description: Learn about determining ownership requirements when planning multicloud deployment with Microsoft Defender for Cloud. |
| defender-for-cloud | Plan Multicloud Security Get Started | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/plan-multicloud-security-get-started.md | Title: Defender for Cloud Planning multicloud security get started guidance before you begin cloud solution + Title: Planning multicloud security get started guidance before you begin cloud solution description: Learn about designing a solution for securing and protecting your multicloud environment with Microsoft Defender for Cloud. |
| defender-for-cloud | Policy Reference | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/policy-reference.md | Title: Built-in policy definitions for Microsoft Defender for Cloud + Title: Built-in policy definitions description: Lists Azure Policy built-in policy definitions for Microsoft Defender for Cloud. These built-in policy definitions provide common approaches to managing your Azure resources. Last updated 07/18/2023 |
| defender-for-cloud | Powershell Onboarding | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/powershell-onboarding.md | Title: Onboard to Microsoft Defender for Cloud with PowerShell + Title: Onboard with PowerShell description: This document walks you through the process of enabling Microsoft Defender for Cloud with PowerShell cmdlets. Last updated 01/24/2023 |
| defender-for-cloud | Prevent Misconfigurations | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/prevent-misconfigurations.md | Title: How to prevent misconfigurations with Microsoft Defender for Cloud + Title: How to prevent misconfigurations description: Learn how to use Defender for Cloud's 'Enforce' and 'Deny' options on the recommendations details pages Last updated 01/08/2023 |
| defender-for-cloud | Privacy | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/privacy.md | Title: Manage user data in Microsoft Defender for Cloud + Title: Manage user data description: Learn how to manage the user data in Microsoft Defender for Cloud. Managing user data includes the ability to access, delete, or export data. Last updated 01/08/2023 |
| defender-for-cloud | Protect Network Resources | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/protect-network-resources.md | Title: Protecting your network resources in Microsoft Defender for Cloud + Title: Protecting your network resources description: This document addresses recommendations in Microsoft Defender for Cloud that help you protect your Azure network resources and stay in compliance with security policies. Last updated 10/23/2022 |
| defender-for-cloud | Quickstart Onboard Aws | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/quickstart-onboard-aws.md | Title: Connect your AWS account to Microsoft Defender for Cloud + Title: Connect your AWS account description: Defend your AWS resources by using Microsoft Defender for Cloud. Last updated 06/28/2023 |
| defender-for-cloud | Quickstart Onboard Devops | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/quickstart-onboard-devops.md | Title: 'Quickstart: Connect your Azure DevOps repositories to Microsoft Defender for Cloud' + Title: Connect your Azure DevOps repositories description: Learn how to connect your Azure DevOps repositories to Defender for Cloud. Last updated 01/24/2023 |
| defender-for-cloud | Quickstart Onboard Gcp | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/quickstart-onboard-gcp.md | Title: Connect your GCP project to Microsoft Defender for Cloud + Title: Connect your GCP project description: Defend your GCP resources by using Microsoft Defender for Cloud. Last updated 06/28/2023 |
| defender-for-cloud | Quickstart Onboard Github | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/quickstart-onboard-github.md | Title: 'Quickstart: Connect your GitHub repositories to Microsoft Defender for Cloud' + Title: Connect your GitHub repositories description: Learn how to connect your GitHub repositories to Defender for Cloud. Last updated 01/24/2023 |
| defender-for-cloud | Quickstart Onboard Machines | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/quickstart-onboard-machines.md | Title: Connect on-premises machines to Defender for Cloud + Title: Connect on-premises machines description: Learn how to connect your non-Azure machines to Microsoft Defender for Cloud. Last updated 06/29/2023 |
| defender-for-cloud | Recommendations Reference Aws | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/recommendations-reference-aws.md | Title: Reference table for all Microsoft Defender for Cloud recommendations for AWS resources + Title: Reference table for all recommendations for AWS resources description: This article lists Microsoft Defender for Cloud's security recommendations that help you harden and protect your AWS resources. Last updated 06/27/2023 |
| defender-for-cloud | Recommendations Reference Gcp | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/recommendations-reference-gcp.md | Title: Reference table for all Microsoft Defender for Cloud recommendations for GCP resources + Title: Reference table for all recommendations for GCP resources description: This article lists Microsoft Defender for Cloud's security recommendations that help you harden and protect your GCP resources. Last updated 06/27/2023 |
| defender-for-cloud | Recommendations Reference | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/recommendations-reference.md | Title: Reference table for all Microsoft Defender for Cloud recommendations + Title: Reference table for all recommendations description: This article lists Microsoft Defender for Cloud's security recommendations that help you harden and protect your resources. |
| defender-for-cloud | Regulatory Compliance Dashboard | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/regulatory-compliance-dashboard.md | Title: 'Tutorial: Regulatory compliance checks - Microsoft Defender for Cloud' + Title: Regulatory compliance checks description: 'Tutorial: Learn how to Improve your regulatory compliance using Microsoft Defender for Cloud.' Last updated 06/18/2023 |
| defender-for-cloud | Release Notes Archive | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/release-notes-archive.md | Title: Archive of what's new in Microsoft Defender for Cloud + Title: Archive of what's new description: A description of what's new and changed in Microsoft Defender for Cloud from six months ago and earlier. |
| defender-for-cloud | Release Notes | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/release-notes.md | Title: Release notes for Microsoft Defender for Cloud + Title: Release notes description: This page is updated frequently with the latest updates in Defender for Cloud. Last updated 07/18/2023 |
| defender-for-cloud | Remediate Vulnerability Findings Vm | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/remediate-vulnerability-findings-vm.md | Title: View findings from vulnerability assessment solutions in Microsoft Defender for Cloud + Title: View findings from vulnerability assessment solutions description: Microsoft Defender for Cloud includes a fully integrated vulnerability assessment solution from Qualys. Learn more about this Defender for Cloud extension on this page. |
| defender-for-cloud | Resource Graph Samples | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/resource-graph-samples.md | Title: Azure Resource Graph sample queries for Microsoft Defender for Cloud + Title: Azure Resource Graph sample queries description: Sample Azure Resource Graph queries for Microsoft Defender for Cloud showing use of resource types and tables to access Microsoft Defender for Cloud related resources and properties. Last updated 02/14/2023 |
| defender-for-cloud | Review Security Recommendations | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/review-security-recommendations.md | Title: Improving your security posture with recommendations in Microsoft Defender for Cloud + Title: Improving your security posture with recommendations description: This document walks you through how to identify security recommendations that will help you improve your security posture. Last updated 01/10/2023 |
| defender-for-cloud | Secret Scanning | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/secret-scanning.md | Title: Manage secrets with agentless secret scanning in Microsoft Defender for Cloud + Title: Manage secrets with agentless secret scanning description: Learn how to scan your servers for secrets with Defender for Server's agentless secret scanning. Last updated 07/18/2023 |
| defender-for-cloud | Secure Score Access And Track | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/secure-score-access-and-track.md | Title: Tracking your secure score in Microsoft Defender for Cloud + Title: Tracking your secure score description: Learn about the multiple ways to access and track your secure score in Microsoft Defender for Cloud. Last updated 01/09/2023 |
| defender-for-cloud | Security Policy Concept | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/security-policy-concept.md | Title: Understanding security policies, initiatives, and recommendations in Microsoft Defender for Cloud + Title: Understanding security policies, initiatives, and recommendations description: Learn about security policies, initiatives, and recommendations in Microsoft Defender for Cloud. |
| defender-for-cloud | Sql Azure Vulnerability Assessment Enable | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/sql-azure-vulnerability-assessment-enable.md | Title: Enable vulnerability assessment on your Azure SQL databases using Microsoft Defender for Cloud + Title: Enable vulnerability assessment on your Azure SQL databases description: Learn how to enable SQL vulnerability assessment on Azure SQL Database, Azure SQL Managed Instance, and Azure Synapse Analytics. |
| defender-for-cloud | Sql Azure Vulnerability Assessment Find | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/sql-azure-vulnerability-assessment-find.md | Title: Find vulnerabilities in your Azure SQL databases using Microsoft Defender for Cloud + Title: Find vulnerabilities in your Azure SQL databases description: Learn how to find software vulnerabilities with the express configuration on Azure SQL Database, Azure SQL Managed Instance, and Azure Synapse Analytics. |
| defender-for-cloud | Sql Azure Vulnerability Assessment Manage | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/sql-azure-vulnerability-assessment-manage.md | Title: Manage vulnerability findings in your Azure SQL databases using Microsoft Defender for Cloud + Title: Manage vulnerability findings in your Azure SQL databases description: Learn how to remediate software vulnerabilities and disable findings with the express configuration on Azure SQL Database, Azure SQL Managed Instance, and Azure Synapse Analytics. |
| defender-for-cloud | Sql Azure Vulnerability Assessment Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/sql-azure-vulnerability-assessment-overview.md | Title: Scan your Azure SQL databases for vulnerabilities using Microsoft Defender for Cloud + Title: Scan your Azure SQL databases for vulnerabilities description: Learn how to configure SQL vulnerability assessment and interpret the assessment reports on Azure SQL Database, Azure SQL Managed Instance, and Azure Synapse Analytics. |
| defender-for-cloud | Sql Azure Vulnerability Assessment Rules Changelog | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/sql-azure-vulnerability-assessment-rules-changelog.md | Title: SQL vulnerability assessment rules changelog for Microsoft Defender for Cloud + Title: SQL vulnerability assessment rules changelog description: Changelog for SQL vulnerability assessment rules with SQL Server, Azure SQL Database, Azure SQL Managed Instance, and Azure Synapse Analytics |
| defender-for-cloud | Sql Azure Vulnerability Assessment Rules | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/sql-azure-vulnerability-assessment-rules.md | Title: SQL vulnerability assessment rules reference for Microsoft Defender for Cloud + Title: SQL vulnerability assessment rules reference description: List of rule titles and descriptions for SQL Server, Azure SQL Database, Azure SQL Managed Instance, and Azure Synapse Analytics |
| defender-for-cloud | Sql Information Protection Policy | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/sql-information-protection-policy.md | Title: SQL information protection policy in Microsoft Defender for Cloud + Title: SQL information protection policy description: Learn how to customize information protection policies in Microsoft Defender for Cloud. |
| defender-for-cloud | Support Agentless Containers Posture | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/support-agentless-containers-posture.md | Title: Support and prerequisites for agentless container posture - Microsoft Defender for Cloud + Title: Support and prerequisites for agentless container posture description: Learn about the requirements for agentless container posture in Microsoft Defender for Cloud |
| defender-for-cloud | Support Matrix Cloud Environment | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/support-matrix-cloud-environment.md | Title: Microsoft Defender for Cloud support across Azure clouds + Title: Support across Azure clouds description: Review Defender for Cloud features and plans supported across different clouds Last updated 05/01/2023 |
| defender-for-cloud | Support Matrix Defender For Cloud | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/support-matrix-defender-for-cloud.md | Title: Microsoft Defender for Cloud interoperability with Azure services, Azure clouds, and client operating systems + Title: Interoperability with Azure services, Azure clouds, and client operating systems description: Learn about the Azure cloud environments where Defender for Cloud can be used, the Azure services that Defender for Cloud protects, and the client operating systems that Defender for Cloud supports. |
| defender-for-cloud | Support Matrix Defender For Containers | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/support-matrix-defender-for-containers.md | Title: Support for the Defender for Containers plan in Microsoft Defender for Cloud + Title: Support for the Defender for Containers plan description: Review support requirements for the Defender for Containers plan in Microsoft Defender for Cloud. |
| defender-for-cloud | Support Matrix Defender For Servers | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/support-matrix-defender-for-servers.md | Title: Support for the Defender for Servers plan in Microsoft Defender for Cloud + Title: Support for the Defender for Servers plan description: Review support requirements for the Defender for Servers plan in Microsoft Defender for Cloud. |
| defender-for-cloud | Tenant Wide Permissions Management | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/tenant-wide-permissions-management.md | Title: Grant and request tenant-wide permissions in Microsoft Defender for Cloud + Title: Grant and request tenant-wide permissions description: Learn how to manage tenant-wide permissions in Microsoft Defender for Cloud Last updated 01/08/2023 |
| defender-for-cloud | Threat Intelligence Reports | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/threat-intelligence-reports.md | Title: Microsoft Defender for Cloud threat intelligence report + Title: Threat intelligence report description: This page helps you to use Microsoft Defender for Cloud threat intelligence reports during an investigation to find more information about security alerts Last updated 01/08/2023 |
| defender-for-cloud | Troubleshooting Guide | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/troubleshooting-guide.md | Title: Microsoft Defender for Cloud troubleshooting guide + Title: Troubleshooting guide description: This guide is for IT professionals, security analysts, and cloud admins who need to troubleshoot Microsoft Defender for Cloud related issues. |
| defender-for-cloud | Tutorial Enable App Service Plan | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/tutorial-enable-app-service-plan.md | Title: Protect your applications with the App Service plan - Microsoft Defender for Cloud- + Title: Protect your applications with the App Service plan + description: Learn how to enable the App Service plan on your Azure subscription for Microsoft Defender for Cloud. Last updated 06/29/2023 |
| defender-for-cloud | Tutorial Enable Container Aws | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/tutorial-enable-container-aws.md | Title: Protect your Amazon Web Service (AWS) accounts containers with Defender for Containers - Microsoft Defender for Cloud- + Title: Protect your Amazon Web Service (AWS) accounts containers with Defender for Containers description: Learn how to enable the Defender for Containers plan on your Amazon Web Service (AWS) accounts for Microsoft Defender for Cloud. Last updated 06/29/2023 |
| defender-for-cloud | Tutorial Enable Container Gcp | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/tutorial-enable-container-gcp.md | Title: Protect your Google Cloud Platform (GCP) project containers with Defender for Containers - Microsoft Defender for Cloud- + Title: Protect your Google Cloud Platform (GCP) project containers with Defender for Containers description: Learn how to enable the Defender for Containers plan on your Google Cloud Platform (GCP) project for Microsoft Defender for Cloud. Last updated 06/29/2023 |
| defender-for-cloud | Tutorial Enable Containers Arc | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/tutorial-enable-containers-arc.md | Title: Protect your on-premises Kubernetes clusters with Defender for Containers - Microsoft Defender for Cloud- + Title: Protect your on-premises Kubernetes clusters with Defender for Containers description: Learn how to enable the Defender for Containers plan on your on-premises devices for Microsoft Defender for Cloud. Last updated 06/27/2023 |
| defender-for-cloud | Tutorial Enable Containers Azure | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/tutorial-enable-containers-azure.md | Title: Protect your Azure containers with the Defender for Containers plan on your Azure subscription - Microsoft Defender for Cloud- + Title: Protect your Azure containers with the Defender for Containers plan on your Azure subscription description: Learn how to enable the Defender for Containers plan on your Azure subscription for Microsoft Defender for Cloud. Last updated 06/29/2023 |
| defender-for-cloud | Tutorial Enable Cspm Plan | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/tutorial-enable-cspm-plan.md | Title: Protect your resources with Defender CSPM plan on your subscription - Microsoft Defender for Cloud- + Title: Protect your resources with Defender CSPM plan on your subscription description: Learn how to enable Defender CSPM on your Azure subscription for Microsoft Defender for Cloud. Last updated 06/27/2023 |
| defender-for-cloud | Tutorial Enable Databases Plan | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/tutorial-enable-databases-plan.md | Title: Protect your databases with Defender for Databases - Microsoft Defender for Cloud- + Title: Protect your databases with Defender for Databases description: Learn how to enable the Databases plan on your Azure subscription for Microsoft Defender for Cloud. Last updated 06/29/2023 |
| defender-for-cloud | Tutorial Enable Dns Plan | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/tutorial-enable-dns-plan.md | Title: Protect your Domain Name System (DNS) with the Defender for DNS plan - Microsoft Defender for Cloud- + Title: Protect your Domain Name System (DNS) with the Defender for DNS plan description: Learn how to enable the Defender for DNS plan on your Azure subscription for Microsoft Defender for Cloud. Last updated 06/29/2023 |
| defender-for-cloud | Tutorial Enable Key Vault Plan | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/tutorial-enable-key-vault-plan.md | Title: Protect your key vaults with the Defender for Key Vault plan - Microsoft Defender for Cloud- + Title: Protect your key vaults with the Defender for Key Vault plan description: Learn how to enable the Defender for Key Vault plan on your Azure subscription for Microsoft Defender for Cloud. Last updated 06/29/2023 |
| defender-for-cloud | Tutorial Enable Resource Manager Plan | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/tutorial-enable-resource-manager-plan.md | Title: Protect your resources with the Resource Manager plan - Microsoft Defender for Cloud- + Title: Protect your resources with the Resource Manager plan description: Learn how to enable the Defender for Resource Manager plan on your Azure subscription for Microsoft Defender for Cloud. Last updated 06/29/2023 |
| defender-for-cloud | Tutorial Enable Servers Plan | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/tutorial-enable-servers-plan.md | Title: Protect your servers with Defender for Servers - Microsoft Defender for Cloud- + Title: Protect your servers with Defender for Servers description: Learn how to enable the Defender for Servers on your Azure subscription for Microsoft Defender for Cloud. Last updated 06/29/2023 |
| defender-for-cloud | Tutorial Enable Storage Plan | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/tutorial-enable-storage-plan.md | Title: Protect your storage accounts with the Defender for Storage plan - Microsoft Defender for Cloud- + Title: Protect your storage accounts with the Defender for Storage plan description: Learn how to enable the Defender for Storage on your Azure subscription for Microsoft Defender for Cloud. Last updated 06/29/2023 |
| defender-for-cloud | Tutorial Security Incident | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/tutorial-security-incident.md | Title: 'Tutorial: Alert response tutorial - Microsoft Defender for Cloud' + Title: Alert response tutorial description: In this tutorial, you'll learn how to triage security alerts and determine the root cause & scope of an alert. ms.assetid: 181e3695-cbb8-4b4e-96e9-c4396754862f |
| defender-for-cloud | Upcoming Changes | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/upcoming-changes.md | Title: Important changes coming to Microsoft Defender for Cloud + Title: Important upcoming changes description: Upcoming changes to Microsoft Defender for Cloud that you might need to be aware of and for which you might need to plan Last updated 06/21/2023 Last updated 06/21/2023 On this page, you can learn about changes that are planned for Defender for Cloud. It describes planned modifications to the product that might affect things like your secure score or workflows. +> [!TIP] +> Get notified when this page is updated by copying and pasting the following URL into your feed reader: +> +> `https://aka.ms/mdc/upcoming-rss` + If you're looking for the latest release notes, you can find them in the [What's new in Microsoft Defender for Cloud](release-notes.md). ## Planned changes | Planned change | Estimated date for change | |--|--|-| [Replacing the "Key Vaults should have purge protection enabled" recommendation with combined recommendation "Key Vaults should have deletion protection enabled"](#replacing-the-key-vaults-should-have-purge-protection-enabled-recommendation-with-combined-recommendation-key-vaults-should-have-deletion-protection-enabled) | June 2023 +| [Replacing the "Key Vaults should have purge protection enabled" recommendation with combined recommendation "Key Vaults should have deletion protection enabled"](#replacing-the-key-vaults-should-have-purge-protection-enabled-recommendation-with-combined-recommendation-key-vaults-should-have-deletion-protection-enabled) | June 2023| | [Changes to the Defender for DevOps recommendations environment source and resource ID](#changes-to-the-defender-for-devops-recommendations-environment-source-and-resource-id) | July 2023 | | [DevOps Resource Deduplication for Defender for DevOps](#devops-resource-deduplication-for-defender-for-devops) | July 2023 | | [General availability release of agentless container posture in Defender CSPM](#general-availability-ga-release-of-agentless-container-posture-in-defender-cspm) | July 2023 |-| [Business model and pricing updates for Defender for Cloud plans](#business-model-and-pricing-updates-for-defender-for-cloud-plans) | July 2023 | +| [Business model and pricing updates for Defender for Cloud plans](#business-model-and-pricing-updates-for-defender-for-cloud-plans) | August 2023 | | [Change to the Log Analytics daily cap](#change-to-the-log-analytics-daily-cap) | September 2023 | -### Replacing the "Key Vaults should have purge protection enabled" recommendation with combined recommendation "Key Vaults should have deletion protection enabled". +### Replacing the "Key Vaults should have purge protection enabled" recommendation with combined recommendation "Key Vaults should have deletion protection enabled" **Estimated date for change: June 2023** -The `Key Vaults should have purge protection enabled` recommendation is deprecated from the (regulatory compliance dashboard/Azure security benchmark initiative) and replaced with a new combined recommendation `Key Vaults should have deletion protection enabled`. +The `Key Vaults should have purge protection enabled` recommendation is deprecated from the (regulatory compliance dashboard/Azure security benchmark initiative) and replaced with a new combined recommendation `Key Vaults should have deletion protection enabled`. | Recommendation name | Description | Effect(s) | Version | |--|--|--|--| See the [full index of Azure Policy built-in policy definitions for Key Vault](. The Security DevOps recommendations will be updated to align with the overall Microsoft Defender for Cloud features and experience. Affected recommendations will point to a new recommendation source environment and have an updated resource ID. - Security DevOps recommendations impacted:-- Code repositories should have code scanning findings resolved (preview)-- Code repositories should have secret scanning findings resolved (preview)-- Code repositories should have dependency vulnerability scanning findings resolved (preview)-- Code repositories should have infrastructure as code scanning findings resolved (preview)-- GitHub repositories should have code scanning enabled (preview)-- GitHub repositories should have Dependabot scanning enabled (preview)-- GitHub repositories should have secret scanning enabled (preview) -The recommendation environment source will be updated from `Azure` to `AzureDevOps` or `GitHub`. +- Code repositories should have code scanning findings resolved (preview) +- Code repositories should have secret scanning findings resolved (preview) +- Code repositories should have dependency vulnerability scanning findings resolved (preview) +- Code repositories should have infrastructure as code scanning findings resolved (preview) +- GitHub repositories should have code scanning enabled (preview) +- GitHub repositories should have Dependabot scanning enabled (preview) +- GitHub repositories should have secret scanning enabled (preview) ++The recommendation environment source will be updated from `Azure` to `AzureDevOps` or `GitHub`. The format for resource IDs will be changed from: To: `Microsoft.Security/securityConnectors/devops/gitHubOwners/repos` As a part of the migration, source code management system specific recommendations will be created for security findings:-- GitHub repositories should have code scanning findings resolved (preview)-- GitHub repositories should have secret scanning findings resolved (preview)-- GitHub repositories should have dependency vulnerability scanning findings resolved (preview)-- GitHub repositories should have infrastructure as code scanning findings resolved (preview)-- GitHub repositories should have code scanning enabled (preview)-- GitHub repositories should have Dependabot scanning enabled (preview)-- GitHub repositories should have secret scanning enabled (preview)-- Azure DevOps repositories should have code scanning findings resolved (preview)-- Azure DevOps repositories should have secret scanning findings resolved (preview)-- Azure DevOps repositories should have infrastructure as code scanning findings resolved (preview) -Customers that rely on the `resourceID` to query DevOps recommendation data will be affected. For example, Azure Resource Graph queries, workbooks queries, API calls to Microsoft Defender for Cloud. +- GitHub repositories should have code scanning findings resolved (preview) +- GitHub repositories should have secret scanning findings resolved (preview) +- GitHub repositories should have dependency vulnerability scanning findings resolved (preview) +- GitHub repositories should have infrastructure as code scanning findings resolved (preview) +- GitHub repositories should have code scanning enabled (preview) +- GitHub repositories should have Dependabot scanning enabled (preview) +- GitHub repositories should have secret scanning enabled (preview) +- Azure DevOps repositories should have code scanning findings resolved (preview) +- Azure DevOps repositories should have secret scanning findings resolved (preview) +- Azure DevOps repositories should have infrastructure as code scanning findings resolved (preview) ++Customers that rely on the `resourceID` to query DevOps recommendation data will be affected. For example, Azure Resource Graph queries, workbooks queries, API calls to Microsoft Defender for Cloud. -Queries will need to be updated to include both the old and new `resourceID` to show both, for example, total over time. +Queries will need to be updated to include both the old and new `resourceID` to show both, for example, total over time. Additionally, customers that have created custom queries using the DevOps workbook will need to update the assessment keys for the impacted DevOps security recommendations. The recommendations page's experience will have minimal impact and deprecated as **Estimated date for change: July 2023** -To improve the Defender for DevOps user experience and enable further integration with Defender for Cloud's rich set of capabilities, Defender for DevOps will no longer support duplicate instances of a DevOps organization to be onboarded to an Azure tenant. +To improve the Defender for DevOps user experience and enable further integration with Defender for Cloud's rich set of capabilities, Defender for DevOps will no longer support duplicate instances of a DevOps organization to be onboarded to an Azure tenant. -If you don't have an instance of a DevOps organization onboarded more than once to your organization, no further action is required. If you do have more than one instance of a DevOps organization onboarded to your tenant, the subscription owner will be notified and will need to delete the DevOps Connector(s) they don't want to keep by navigating to Defender for Cloud Environment Settings. +If you don't have an instance of a DevOps organization onboarded more than once to your organization, no further action is required. If you do have more than one instance of a DevOps organization onboarded to your tenant, the subscription owner will be notified and will need to delete the DevOps Connector(s) they don't want to keep by navigating to Defender for Cloud Environment Settings. Customers will have until July 31, 2023 to resolve this issue. After this date, only the most recent DevOps Connector created where an instance of the DevOps organization exists will remain onboarded to Defender for DevOps. For example, if Organization Contoso exists in both connectorA and connectorB, and connectorB was created after connectorA, then connectorA will be removed from Defender for DevOps. Learn more about [Agentless Containers Posture in Defender CSPM](concept-agentle ### Business model and pricing updates for Defender for Cloud plans -**Estimated date for change: July 2023** +**Estimated date for change: August 2023** ++Microsoft Defender for Cloud has three plans that offer service layer protection: -Microsoft Defender for Cloud has three plans that offer service layer protection: +- Defender for Key Vault -- Defender for Key Vault +- Defender for Azure Resource Manager -- Defender for Azure Resource Manager +- Defender for DNS -- Defender for DNS +These plans are transitioning to a new business model with different pricing and packaging to address customer feedback regarding spending predictability and simplifying the overall cost structure. -These plans are transitioning to a new business model with different pricing and packaging to address customer feedback regarding spending predictability and simplifying the overall cost structure. +**Business model and pricing changes summary**: -**Business model and pricing changes summary**: - -Existing customers of Defender for Key-Vault, Defender for Azure Resource Manager, and Defender for DNS will keep their current business model and pricing unless they actively choose to switch to the new business model and price. - -- **Defender for Azure Resource Manager**: This plan will have a fixed price per subscription per month. Customers will have the option to switch to the new business model by selecting the Defender for Azure Resource Manager new per-subscription model. +Existing customers of Defender for Key-Vault, Defender for Azure Resource Manager, and Defender for DNS will keep their current business model and pricing unless they actively choose to switch to the new business model and price. -- **Defender for Key Vault**: This plan will have a fixed price per vault at per month with no overage charge. Customers will have the option to switch to the new business model by selecting the Defender for Key Vault new per-vault model +- **Defender for Azure Resource Manager**: This plan will have a fixed price per subscription per month. Customers will have the option to switch to the new business model by selecting the Defender for Azure Resource Manager new per-subscription model. -- **Defender for DNS**: Defender for Servers Plan 2 customers will gain access to Defender for DNS value as part of Defender for Servers Plan 2 at no extra cost. Customers that have both Defender for Server Plan 2 and Defender for DNS will no longer be charged for Defender for DNS. Defender for DNS will no longer be available as a standalone plan. +- **Defender for Key Vault**: This plan will have a fixed price per vault at per month with no overage charge. Customers will have the option to switch to the new business model by selecting the Defender for Key Vault new per-vault model -For more information on all of these plans, check out the [Defender for Cloud pricing page](https://azure.microsoft.com/pricing/details/defender-for-cloud/?v=17.23h) +- **Defender for DNS**: Defender for Servers Plan 2 customers will gain access to Defender for DNS value as part of Defender for Servers Plan 2 at no extra cost. Customers that have both Defender for Server Plan 2 and Defender for DNS will no longer be charged for Defender for DNS. Defender for DNS will no longer be available as a standalone plan. ++For more information on all of these plans, check out the [Defender for Cloud pricing page](https://azure.microsoft.com/pricing/details/defender-for-cloud/?v=17.23h) ### Change to the Log Analytics daily cap Azure monitor offers the capability to [set a daily cap](../azure-monitor/logs/daily-cap.md) on the data that is ingested on your Log analytics workspaces. However, Defender for Cloud security events are currently not supported in those exclusions. -Starting on September 18, 2023 the Log Analytics Daily Cap will no longer exclude the below set of data types: +Starting on September 18, 2023 the Log Analytics Daily Cap will no longer exclude the below set of data types: - WindowsEvent - SecurityAlert Starting on September 18, 2023 the Log Analytics Daily Cap will no longer exclud - SysmonEvent - ProtectionStatus - Update-- UpdateSummary +- UpdateSummary - CommonSecurityLog - Syslog Learn more about [workspaces with Microsoft Defender for Cloud](../azure-monitor ## Next steps For all recent changes to Defender for Cloud, see [What's new in Microsoft Defender for Cloud?](release-notes.md).+ |
| defender-for-cloud | Update Regulatory Compliance Packages | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/update-regulatory-compliance-packages.md | Title: The regulatory compliance dashboard in Microsoft Defender for Cloud + Title: The regulatory compliance dashboard description: Learn how to add and remove regulatory standards from the regulatory compliance dashboard in Defender for Cloud Last updated 06/18/2023 |
| defender-for-cloud | View And Remediate Vulnerabilities For Images Running On Aks | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/view-and-remediate-vulnerabilities-for-images-running-on-aks.md | Title: How-to view and remediate runtime threat findings on Microsoft Defender for Cloud + Title: How-to view and remediate runtime threat findings description: Learn how to view and remediate runtime threat findings |
| defender-for-cloud | View And Remediate Vulnerability Assessment Findings | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/view-and-remediate-vulnerability-assessment-findings.md | Title: How-to view and remediate vulnerability assessment findings for registry images on Microsoft Defender for Cloud + Title: How-to view and remediate vulnerability assessment findings for registry images description: Learn how to view and remediate vulnerability assessment findings for registry images |
| defender-for-cloud | Windows Admin Center Integration | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/windows-admin-center-integration.md | Title: How to protect Windows Admin Center servers with Microsoft Defender for Cloud + Title: How to protect Windows Admin Center servers description: This article explains how to integrate Microsoft Defender for Cloud with Windows Admin Center Last updated 01/08/2023 |
| defender-for-cloud | Workflow Automation | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/workflow-automation.md | Title: Workflow automation in Microsoft Defender for Cloud + Title: Workflow automation description: Learn how to create and automate workflows in Microsoft Defender for Cloud |
| defender-for-cloud | Workload Protections Dashboard | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/workload-protections-dashboard.md | Title: Microsoft Defender for Cloud's workload protection dashboard and its features + Title: Workload protection dashboard and its features description: Learn about the features of Microsoft Defender for Cloud's workload protection dashboard Last updated 01/09/2023 |
| defender-for-iot | Detect Windows Endpoints Script | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-iot/organizations/detect-windows-endpoints-script.md | After [downloading and running](#download-and-run-the-script) the script, then [ 1. Your devices applications report is shown in the **My reports** area. -Based on this information, the Windows device installed applications CVE list will be displayed in Azure if the sensor is cloud-connected. - ## Next steps For more information, see [Detect Windows workstations and servers with a local script](detect-windows-endpoints-script.md) and [Import extra data for detected OT devices](how-to-import-device-information.md). |
| defender-for-iot | Ot Appliance Sizing | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-iot/organizations/ot-appliance-sizing.md | -You can use [physical](ot-pre-configured-appliances.md) or [virtual](ot-virtual-appliances.md) appliances, or use the supplied specifications to purchase hardware on your own. For more information, see [Microsoft Defender for IoT - OT monitoring appliance reference | Microsoft Learn](/azure/defender-for-iot/organizations/appliance-catalog/). Results depend on hardware and resources available to the monitoring sensor. +You can use [physical](ot-pre-configured-appliances.md) or [virtual](ot-virtual-appliances.md) appliances, or use the supplied specifications to purchase hardware on your own. For more information, see [Microsoft Defender for IoT - OT monitoring appliance reference | Microsoft Learn](appliance-catalog/index.yml). Results depend on hardware and resources available to the monitoring sensor. :::image type="content" source="media/deployment-paths/progress-plan-and-prepare.png" alt-text="Diagram of a progress bar with Plan and prepare highlighted." border="false" lightbox="media/deployment-paths/progress-plan-and-prepare.png"::: |
| digital-twins | Concepts Data Ingress Egress | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/digital-twins/concepts-data-ingress-egress.md | You can also integrate Azure Digital Twins into a [Microsoft Power Platform](/po You may want to send Azure Digital Twins data to other downstream services for storage or additional processing. -There are two main egress options in Azure Digital Twins. Digital twin data can be sent to most Azure services using *endpoints*. Or, if your destination is [Azure Data Explorer](/azure/data-explorer/data-explorer-overview), you can use *data history* to automatically send graph updates to an Azure Data Explorer cluster, where they are stored as historical data and can be queried as such. --In order for Azure Digital Twins to send data to other Azure services via endpoints or data history, the receiving service must have either public network access enabled or the Trusted Microsoft Service option enabled. For data history, the data history connection must be configured with public network access enabled on the Event Hub and Azure Data Explorer instances. Once data history is configured, the Event Hub and Azure Data Explorer firewall and security settings will need to be configured manually. --Once the connection is set up, Azure Digital Twins implements *at least once* delivery for data emitted to egress services. --The rest of this section describes the two egress options in more detail. +There are two main egress options in Azure Digital Twins. Digital twin data can be sent to most Azure services using *endpoints*. Or, if your destination is [Azure Data Explorer](/azure/data-explorer/data-explorer-overview), you can use *data history* to automatically send graph updates to an Azure Data Explorer cluster, where they are stored as historical data and can be queried as such. The subsections below describe the two egress options in more detail. ### Endpoints You can also use data history in combination with [Azure Synapse Analytics](../s * Combine information technology (IT) data from ERP or CRM systems (like Dynamics 365, SAP, or Salesforce) with operational technology (OT) data from IoT devices and production management systems. For an example that illustrates how a company might combine this data, see the following blog post: [Integrating IT and OT Data with Azure Digital Twins, Azure Data Explorer, and Azure Synapse](https://techcommunity.microsoft.com/t5/internet-of-things-blog/integrating-it-and-ot-data-with-azure-digital-twins-azure-data/ba-p/3401981). * Integrate with the Azure AI and Cognitive Services [Multivariate Anomaly Detector](../ai-services/anomaly-detector/overview.md), to quickly connect your Azure Digital Twins data with a downstream AI/machine learning solution that specializes in anomaly detection. The [Azure Digital Twins Multivariate Anomaly Detection Toolkit](/samples/azure-samples/digital-twins-mvad-integration/adt-mvad-integration/) is a sample project that provides a workflow for training multiple Multivariate Anomaly Detector models for several scenario analyses, based on historical digital twin data. It then leverages the trained models to detect abnormal operations and anomalies in modeled Azure Digital Twins environments, in near real-time. +### Security and delivery details ++In order for Azure Digital Twins to send data to other Azure services via endpoints or data history, the receiving service must have either public network access enabled or the Trusted Microsoft Service option enabled. For data history, the data history connection must be configured with public network access enabled on the Event Hub and Azure Data Explorer instances. Once data history is configured, the Event Hub and Azure Data Explorer firewall and security settings will need to be configured manually. ++Once the connection is set up, Azure Digital Twins implements *at least once* delivery for data emitted to egress services. ++If the event hub, Event Grid, or Service Bus topic used for your endpoint is unavailable and the message can't be delivered, Azure Digital Twins will try to resend the message for at least 20 minutes and for up to 24 hours. + ## Next steps Learn more about endpoints and routing events to external |
| dns | Dns Private Resolver Get Started Powershell | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/dns/dns-private-resolver-get-started-powershell.md | description: In this quickstart, you learn how to create and manage your first p Previously updated : 09/27/2022 Last updated : 07/19/2023 Install the Az.DnsResolver module. Install-Module Az.DnsResolver ``` -Confirm that the Az.DnsResolver module was installed. The current version of this module is 0.2.0. +Confirm that the Az.DnsResolver module was installed. The current version of this module is 0.2.1. ```Azure PowerShell Get-InstalledModule -Name Az.DnsResolver Create a DNS resolver in the virtual network that you created. New-AzDnsResolver -Name mydnsresolver -ResourceGroupName myresourcegroup -Location westcentralus -VirtualNetworkId "/subscriptions/<your subs id>/resourceGroups/myresourcegroup/providers/Microsoft.Network/virtualNetworks/myvnet" ``` -Verify that the DNS resolver was created successfully and the state is connected (optional). +Verify that the DNS resolver was created successfully and the state is connected (optional). In output, the **dnsResolverState** is **Connected**. ```Azure PowerShell $dnsResolver = Get-AzDnsResolver -Name mydnsresolver -ResourceGroupName myresourcegroup $virtualNetwork | Set-AzVirtualNetwork Create an inbound endpoint to enable name resolution from on-premises or another private location using an IP address that is part of your private virtual network address space. +> [!TIP] +> Using PowerShell, you can specify the inbound endpoint IP address to be dynamic or static.<br> +> If the endpoint IP address is specified as dynamic, the address does not change unless the endpoint is deleted and reprovisioned. Typically the same IP address will be assigned again during reprovisioning.<br> +> If the endpoint IP address is static, it can be specified and reused if the endpoint is reprovisioned. The IP address that you choose can't be a [reserved IP address in the subnet](../virtual-network/virtual-networks-faq.md#are-there-any-restrictions-on-using-ip-addresses-within-these-subnets). ++The following commands provision a dynamic IP address: ```Azure PowerShell $ipconfig = New-AzDnsResolverIPConfigurationObject -PrivateIPAllocationMethod Dynamic -SubnetId /subscriptions/<your sub id>/resourceGroups/myresourcegroup/providers/Microsoft.Network/virtualNetworks/myvnet/subnets/snet-inbound New-AzDnsResolverInboundEndpoint -DnsResolverName mydnsresolver -Name myinboundendpoint -ResourceGroupName myresourcegroup -Location westcentralus -IpConfiguration $ipconfig ``` +Use the following commands to specify a static IP address. Do not use both the dynamic and static sets of commands. ++You must specify an IP address in the subnet that was created previously. The IP address that you choose can't be a [reserved IP address in the subnet](../virtual-network/virtual-networks-faq.md#are-there-any-restrictions-on-using-ip-addresses-within-these-subnets). ++The following commands provision a static IP address: +```Azure PowerShell +$ipconfig = New-AzDnsResolverIPConfigurationObject -PrivateIPAddress 10.0.0.4 -PrivateIPAllocationMethod Static -SubnetId /subscriptions/<your sub id>/resourceGroups/myresourcegroup/providers/Microsoft.Network/virtualNetworks/myvnet/subnets/snet-inbound +New-AzDnsResolverInboundEndpoint -DnsResolverName mydnsresolver -Name myinboundendpoint -ResourceGroupName myresourcegroup -Location westcentralus -IpConfiguration $ipconfig +``` + ### Confirm your inbound endpoint Confirm that the inbound endpoint was created and allocated an IP address within the assigned subnet. |
| dns | Dns Private Resolver Get Started Template | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/dns/dns-private-resolver-get-started-template.md | Title: 'Quickstart: Create an Azure DNS Private Resolver - Azure Resource Manage description: Learn how to create Azure DNS Private Resolver. This article is a step-by-step quickstart to create and manage your first Azure DNS Private Resolver using Azure Resource Manager template (ARM template). -- Previously updated : 10/07/2022++ Last updated : 07/17/2023 |
| dns | Dns Private Resolver Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/dns/dns-private-resolver-overview.md | An inbound endpoint enables name resolution from on-premises or other private lo The inbound endpoint requires a subnet in the VNet where itΓÇÖs provisioned. The subnet can only be delegated to **Microsoft.Network/dnsResolvers** and can't be used for other services. DNS queries received by the inbound endpoint ingress to Azure. You can resolve names in scenarios where you have Private DNS zones, including VMs that are using auto registration, or Private Link enabled services. > [!NOTE]-> The IP address assigned to an inbound endpoint is not a static IP address that you can choose. Typically, the fifth IP address in the subnet is assigned. However, if the inbound endpoint is reprovisioned, this IP address might change. The IP address does not change unless the inbound endpoint is reprovisioned. +> The IP address assigned to an inbound endpoint can be static if you use [PowerShell to provison the endpoint](dns-private-resolver-get-started-powershell.md#create-the-inbound-endpoint). The IP address that you choose can't be a [reserved IP address in the subnet](../virtual-network/virtual-networks-faq.md#are-there-any-restrictions-on-using-ip-addresses-within-these-subnets). If you use another method to provision the inbound endpoint, then typically the fifth IP address in the subnet is dynamically assigned. If the inbound endpoint is reprovisioned, this IP address might change, but normally the 5th IP address in the subnet is used again. The IP address does not change unless the inbound endpoint is reprovisioned. ## Outbound endpoints |
| dns | Private Resolver Endpoints Rulesets | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/dns/private-resolver-endpoints-rulesets.md | The IP address associated with an inbound endpoint is always part of the private  > [!NOTE]-> The IP address assigned to an inbound endpoint is not a static IP address that you can choose. Typically, the fifth IP address in the subnet is assigned. However, if the inbound endpoint is reprovisioned, this IP address might change. The IP address does not change unless the inbound endpoint is reprovisioned. +> The IP address assigned to an inbound endpoint can be static if you use [PowerShell to provison the endpoint](dns-private-resolver-get-started-powershell.md#create-the-inbound-endpoint). The IP address that you choose can't be a [reserved IP address in the subnet](../virtual-network/virtual-networks-faq.md#are-there-any-restrictions-on-using-ip-addresses-within-these-subnets). If you use another method to provision the inbound endpoint, then typically the fifth IP address in the subnet is assigned. If the inbound endpoint is reprovisioned, this IP address might change, but normally the 5th IP address in the subnet is used again. The IP address does not change unless the inbound endpoint is reprovisioned. ## Outbound endpoints |
| event-grid | Communication Services Router Events | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/event-grid/communication-services-router-events.md | + + Title: Azure Communication Services - Job Router events +description: This article describes how to use Azure Communication Services as an Event Grid event source for Job Router events. + Last updated : 07/12/2023+++++# Azure Communication Services - Job Router events ++This article provides the properties and schema for communication services job router events. For an introduction to event schemas, see [Azure Event Grid event schema](event-schema.md). These events are emitted for Azure Communication Services throughout the job and worker lifecycles. ++## Events types ++Azure Communication Services emits the following job router event types: ++| Events | Subdomain | Description | +||::| - | +| [`RouterJobReceived`](#microsoftcommunicationrouterjobreceived) | `Job` | A new job was created for routing | +| [`RouterJobClassified`](#microsoftcommunicationrouterjobclassified)| `Job` | The classification policy was applied to a job | +| [`RouterJobQueued`](#microsoftcommunicationrouterjobqueued) | `Job` | A job has been successfully enqueued | +| [`RouterJobClassificationFailed`](#microsoftcommunicationrouterjobclassificationfailed) | `Job` | Router failed to classify job using classification policy | +| [`RouterJobCompleted`](#microsoftcommunicationrouterjobcompleted) | `Job` | A job was completed and enters wrap-up | +| [`RouterJobClosed`](#microsoftcommunicationrouterjobclosed) | `Job` | A job was closed and wrap-up is finished | +| [`RouterJobCancelled`](#microsoftcommunicationrouterjobcancelled) | `Job` | A job was canceled | +| [`RouterJobExceptionTriggered`](#microsoftcommunicationrouterjobexceptiontriggered) | `Job` | A job exception has been triggered | +| [`RouterJobWorkerSelectorsExpired`](#microsoftcommunicationrouterjobworkerselectorsexpired) | `Job` | One or more worker selectors on a job have expired | +| [`RouterJobUnassigned`](#microsoftcommunicationrouterjobunassigned) | `Job` | An already assigned job has been unassigned from a worker | +| [`RouterJobWaitingForActivation`](#microsoftcommunicationrouterjobwaitingforactivation) | `Job` | A scheduled job's requested scheduled time has arrived, Router is waiting on contoso to act on the job | +| [`RouterJobSchedulingFailed`](#microsoftcommunicationrouterjobschedulingfailed) | `Job` | A scheduled job was requested however, Router failed to create one | +| [`RouterJobDeleted`](#microsoftcommunicationrouterjobdeleted) | `Job` | A job has been deleted | +| [`RouterWorkerOfferIssued`](#microsoftcommunicationrouterworkerofferissued) | `Worker` | A job was offered to a worker | +| [`RouterWorkerOfferAccepted`](#microsoftcommunicationrouterworkerofferaccepted) | `Worker` | An offer to a worker was accepted | +| [`RouterWorkerOfferDeclined`](#microsoftcommunicationrouterworkerofferdeclined) | `Worker` | An offer to a worker was declined | +| [`RouterWorkerOfferRevoked`](#microsoftcommunicationrouterworkerofferrevoked) | `Worker` | An offer to a worker was revoked | +| [`RouterWorkerOfferExpired`](#microsoftcommunicationrouterworkerofferexpired) | `Worker` | An offer to a worker has expired | +| [`RouterWorkerRegistered`](#microsoftcommunicationrouterworkerregistered) | `Worker` | A worker has been registered (status changed from inactive/draining to active) | +| [`RouterWorkerDeregistered`](#microsoftcommunicationrouterworkerderegistered) | `Worker` | A worker has been deregistered (status changed from active to inactive/draining) | +| [`RouterWorkerDeleted`](#microsoftcommunicationrouterworkerdeleted) | `Worker` | A worker has been deleted | ++## Event responses ++When an event is triggered, the Event Grid service sends data about that event to subscribing endpoints. ++This section contains an example of what that data would look like for each event. ++### Microsoft.Communication.RouterJobReceived ++[Back to Event Catalog](#events-types) ++```json +{ + "id": "acdf8fa5-8ab4-4a65-874a-c1d2a4a97f2e", + "topic": "/subscriptions/{subscription-id}/resourceGroups/{group-name}/providers/Microsoft.Communication/communicationServices/{communication-services-resource-name}", + "subject": "job/{job-id}/channel/{channel-id}", + "data": { + "jobId": "7f1df17b-570b-4ae5-9cf5-fe6ff64cc712", + "channelReference": "test-abc", + "jobStatus": "PendingClassification", + "channelId": "FooVoiceChannelId", + "classificationPolicyId": "test-policy", + "queueId": "queue-id", + "priority": 0, + "labels": { + "Locale": "en-us", + "Segment": "Enterprise", + "Token": "FooToken" + }, + "tags": { + "Locale": "en-us", + "Segment": "Enterprise", + "Token": "FooToken" + }, + "requestedWorkerSelectors": [ + { + "key": "string", + "labelOperator": "equal", + "value": 5, + "ttl": "P3Y6M4DT12H30M5S" + } + ], + "scheduledTimeUtc": "3/28/2007 7:13:50 PM +00:00", + "unavailableForMatching": false + }, + "eventType": "Microsoft.Communication.RouterJobReceived", + "dataVersion": "1.0", + "metadataVersion": "1", + "eventTime": "2022-02-17T00:55:25.1736293Z" +} +``` ++#### Attribute list ++| Attribute | Type | Nullable |Description | Notes | +|: |:--:|:-:|-|-| +| jobId| `string` | ❌ | +| channelReference | `string` | ❌ | +| jobStatus| `enum` | ❌ | Possible values PendingClassification, Queued | When this event is sent out, classification process is yet to have been executed or job was created with an associated queueId. +|channelId | `string` | ❌ | +| classificationPolicyId | `string` | ✔️ | | `null` when `queueId` is specified for a job +| queueId | `string` | ✔️ | | `null` when `classificationPolicyId` is specified for a job +| priority | `int` | ✔️ | | Null when `classificationPolicyId` is specified. Non-null value in case of direct queue assignment. +| labels | `Dictionary<string, object>` | ✔️ | | Based on user input +| tags | `Dictionary<string, object>` | ✔️ | | Based on user input +| requestedWorkerSelectors | `List<WorkerSelector>` | ✔️ | | Based on user input +| scheduledTimeUtc | `DateTimeOffset` | ✔️ | | Based on user input +| unavailableForMatching | `bool` | ✔️ | | Based on user input ++### Microsoft.Communication.RouterJobClassified ++[Back to Event Catalog](#events-types) ++```json +{ + "id": "b6d8687a-5a1a-42ae-b8b5-ff7ec338c872", + "topic": "/subscriptions/{subscription-id}/resourceGroups/{group-name}/providers/Microsoft.Communication/communicationServices/{communication-services-resource-name}", + "subject": "job/{job-id}/channel/{channel-id}/queue/{queue-id}", + "data": { + "queueInfo": { + "id": "625fec06-ab81-4e60-b780-f364ed96ade1", + "name": "Queue 1", + "labels": { + "Language": "en", + "Product": "Office", + "Geo": "NA" + } + }, + "jobId": "7f1df17b-570b-4ae5-9cf5-fe6ff64cc712", + "channelReference": "test-abc", + "channelId": "FooVoiceChannelId", + "classificationPolicyId": "test-policy", + "queueId": "625fec06-ab81-4e60-b780-f364ed96ade1", + "priority": 5, + "labels": { + "Locale": "en-us", + "Segment": "Enterprise", + "Token": "FooToken" + }, + "tags": { + "Locale": "en-us", + "Segment": "Enterprise", + "Token": "FooToken" + }, + "attachedWorkerSelectors": [ + { + "key": "string", + "labelOperator": "equal", + "value": 5, + "ttl": "P3Y6M4DT12H30M5S" + } + ] + }, + "eventType": "Microsoft.Communication.RouterJobClassified", + "dataVersion": "1.0", + "metadataVersion": "1", + "eventTime": "2022-02-17T00:55:25.1736293Z" +} +``` ++#### Attribute list ++| Attribute | Type | Nullable |Description | Notes | +|: |:--:|:-:|-|-| +| queueInfo | `QueueInfo` | ❌ | +| jobId| `string` | ❌ | +| channelReference | `string` | ❌ | +|channelId | `string` | ❌ | +| classificationPolicyId | `string` | ❌ | | +| queueId | `string` | ✔️ | | `null` when `classificationPolicy` is not used for queue selection +| priority | `int` | ✔️ | | `null` when `classificationPolicy` is not used for applying priority on job +| labels | `Dictionary<string, object>` | ✔️ | | Based on user input +| tags | `Dictionary<string, object>` | ✔️ | | Based on user input +| attachedWorkerSelectors | `List<WorkerSelector>` | ✔️ | | List of worker selectors attached by a classification policy ++### Microsoft.Communication.RouterJobQueued ++[Back to Event Catalog](#events-types) ++```json +{ + "id": "b6d8687a-5a1a-42ae-b8b5-ff7ec338c872", + "topic": "/subscriptions/{subscription-id}/resourceGroups/{group-name}/providers/Microsoft.Communication/communicationServices/{communication-services-resource-name}", + "subject": "job/{job-id}/channel/{channel-id}/queue/{queue-id}", + "data": { + "jobId": "7f1df17b-570b-4ae5-9cf5-fe6ff64cc712", + "channelReference": "test-abc", + "channelId": "FooVoiceChannelId", + "queueId": "625fec06-ab81-4e60-b780-f364ed96ade1", + "priority": 1, + "labels": { + "Locale": "en-us", + "Segment": "Enterprise", + "Token": "FooToken" + }, + "tags": { + "Locale": "en-us", + "Segment": "Enterprise", + "Token": "FooToken" + }, + "requestedWorkerSelectors": [ + { + "key": "string", + "labelOperator": "equal", + "value": 5, + "ttl": "P3Y6M4DT12H30M5S" + } + ], + "attachedWorkerSelectors": [ + { + "key": "string", + "labelOperator": "equal", + "value": 5, + "ttl": "P3Y6M4DT12H30M5S" + } + ] + }, + "eventType": "Microsoft.Communication.RouterJobQueued", + "dataVersion": "1.0", + "metadataVersion": "1", + "eventTime": "2022-02-17T00:55:25.1736293Z" +} +``` ++#### Attribute list ++| Attribute | Type | Nullable |Description | Notes | +|: |:--:|:-:|-|-| +| jobId| `string` | ❌ | +| channelReference | `string` | ✔️ | +|channelId | `string` | ❌ | +| queueId | `string` | ❌ | | +| priority | `int` | ❌ | +| labels | `Dictionary<string, object>` | ✔️ | | Based on user input +| tags | `Dictionary<string, object>` | ✔️ | | Based on user input +| requestedWorkerSelectors | `List<WorkerSelector>` | ✔️ | | Based on user input while creating job +| attachedWorkerSelectors | `List<WorkerSelector>` | ✔️ | | List of worker selectors attached by a classification policy ++### Microsoft.Communication.RouterJobClassificationFailed ++[Back to Event Catalog](#events-types) ++```json +{ + "id": "b6d8687a-5a1a-42ae-b8b5-ff7ec338c872", + "topic": "/subscriptions/{subscription-id}/resourceGroups/{group-name}/providers/Microsoft.Communication/communicationServices/{communication-services-resource-name}", + "subject": "job/{job-id}/channel/{channel-id}/classificationpolicy/{classificationpolicy-id}", + "data": { + "errors": [ + { + "code": null, + "message": "Classification failed due to <reason>", + "target": null, + "innerError": null, + "details": null + } + ], + "jobId": "7f1df17b-570b-4ae5-9cf5-fe6ff64cc712", + "channelReference": "test-abc", + "channelId": "FooVoiceChannelId", + "classificationPolicyId": "test-policy", + "labels": { + "Locale": "en-us", + "Segment": "Enterprise", + "Token": "FooToken" + }, + "tags": { + "Locale": "en-us", + "Segment": "Enterprise", + "Token": "FooToken" + } + }, + "eventType": "Microsoft.Communication.RouterJobClassificationFailed", + "dataVersion": "1.0", + "metadataVersion": "1", + "eventTime": "2022-02-17T00:55:25.1736293Z" +} +``` ++#### Attribute list ++| Attribute | Type | Nullable |Description | Notes | +|: |:--:|:-:|-|-| +| errors| `List<CommunicationError>` | ❌ | +| jobId| `string` | ❌ | +| channelReference | `string` | ❌ | +|channelId | `string` | ❌ | +| classificationPolicyId | `string` | ❌ | | +| labels | `Dictionary<string, object>` | ✔️ | | Based on user input +| tags | `Dictionary<string, object>` | ✔️ | | Based on user input ++### Microsoft.Communication.RouterJobCompleted ++[Back to Event Catalog](#events-types) ++```json +{ + "id": "b6d8687a-5a1a-42ae-b8b5-ff7ec338c872", + "topic": "/subscriptions/{subscription-id}/resourceGroups/{group-name}/providers/Microsoft.Communication/communicationServices/{communication-services-resource-name}", + "subject": "job/{job-id}/channel/{channel-id}/assignment/{assignment-id}", + "data": { + "jobId": "7f1df17b-570b-4ae5-9cf5-fe6ff64cc712", + "channelReference": "test-abc", + "channelId": "FooVoiceChannelId", + "queueId": "queue-id", + "assignmentId": "6f1df17b-570b-4ae5-9cf5-fe6ff64cc712", + "labels": { + "Locale": "en-us", + "Segment": "Enterprise", + "Token": "FooToken" + }, + "tags": { + "Locale": "en-us", + "Segment": "Enterprise", + "Token": "FooToken" + }, + "workerId": "e3a3f2f9-3582-4bfe-9c5a-aa57831a0f88" + }, + "eventType": "Microsoft.Communication.RouterJobCompleted", + "dataVersion": "1.0", + "metadataVersion": "1", + "eventTime": "2022-02-17T00:55:25.1736293Z" +} +``` ++#### Attribute list ++| Attribute | Type | Nullable |Description | Notes | +|: |:--:|:-:|-|-| +| jobId| `string` | ❌ | +| channelReference | `string` | ❌ | +|channelId | `string` | ❌ | +| queueId | `string` | ❌ | | +| labels | `Dictionary<string, object>` | ✔️ | | Based on user input +| tags | `Dictionary<string, object>` | ✔️ | | Based on user input +| assignmentId| `string` | ❌ | | +| workerId | `string` | ❌ | | ++### Microsoft.Communication.RouterJobClosed ++[Back to Event Catalog](#events-types) ++```json +{ + "id": "b6d8687a-5a1a-42ae-b8b5-ff7ec338c872", + "topic": "/subscriptions/{subscription-id}/resourceGroups/{group-name}/providers/Microsoft.Communication/communicationServices/{communication-services-resource-name}", + "subject": "job/{job-id}/channel/{channel-id}/assignment/{assignment-id}", + "data": { + "jobId": "7f1df17b-570b-4ae5-9cf5-fe6ff64cc712", + "channelReference": "test-abc", + "channelId": "FooVoiceChannelId", + "queueId": "", + "dispositionCode": "", + "workerId": "", + "assignmentId": "", + "labels": { + "Locale": "en-us", + "Segment": "Enterprise", + "Token": "FooToken" + }, + "tags": { + "Locale": "en-us", + "Segment": "Enterprise", + "Token": "FooToken" + } + }, + "eventType": "Microsoft.Communication.RouterJobClosed", + "dataVersion": "1.0", + "metadataVersion": "1", + "eventTime": "2022-02-17T00:55:25.1736293Z" +} +``` ++#### Attribute list ++| Attribute | Type | Nullable |Description | Notes | +|: |:--:|:-:|-|-| +| jobId| `string` | ❌ | +| channelReference | `string` | ❌ | +|channelId | `string` | ❌ | +| queueId | `string` | ❌ | | +| labels | `Dictionary<string, object>` | ✔️ | | Based on user input +| tags | `Dictionary<string, object>` | ✔️ | | Based on user input +| dispositionCode| `string` | ✔️ | | Based on user input +| workerId | `string` | ❌ | | +| assignmentId | `string` | ❌ | | ++### Microsoft.Communication.RouterJobCancelled ++[Back to Event Catalog](#events-types) ++```json +{ + "id": "b6d8687a-5a1a-42ae-b8b5-ff7ec338c872", + "topic": "/subscriptions/{subscription-id}/resourceGroups/{group-name}/providers/Microsoft.Communication/communicationServices/{communication-services-resource-name}", + "subject": "job/{job-id}/channel/{channel-id}/disposition/{disposition-code}", + "data": { + "note": "Cancelled due to <reason>", + "dispositionCode": "100", + "jobId": "7f1df17b-570b-4ae5-9cf5-fe6ff64cc712", + "channelReference": "test-abc", + "channelId": "FooVoiceChannelId", + "labels": { + "Locale": "en-us", + "Segment": "Enterprise", + "Token": "FooToken" + }, + "tags": { + "Locale": "en-us", + "Segment": "Enterprise", + "Token": "FooToken" + }, + "queueId": "" + }, + "eventType": "Microsoft.Communication.RouterJobCancelled", + "dataVersion": "1.0", + "metadataVersion": "1", + "eventTime": "2022-02-17T00:55:25.1736293Z" +} +``` ++#### Attribute list ++| Attribute | Type | Nullable |Description | Notes | +|: |:--:|:-:|-|-| +| note| `string` | ✔️ | | Based on user input +| dispositionCode| `string` | ❌ | +| jobId| `string` | ❌ | +| channelReference | `string` | ❌ | +|channelId | `string` | ❌ | +| labels | `Dictionary<string, object>` | ✔️ | | Based on user input +| tags | `Dictionary<string, object>` | ✔️ | | Based on user input +| queueId | `string` | ✔️ | | ++### Microsoft.Communication.RouterJobExceptionTriggered ++[Back to Event Catalog](#events-types) ++```json +{ + "id": "1027db4a-17fe-4a7f-ae67-276c3120a29f", + "topic": "/subscriptions/{subscription-id}/resourceGroups/{group-name}/providers/Microsoft.Communication/communicationServices/{communication-services-resource-name}", + "subject": "job/{job-id}/channel/{channel-id}/exceptionrule/{rulekey}", + "data": { + "ruleKey": "r100", + "exceptionRuleId": "7f1df17b-570b-4ae5-9cf5-fe6ff64cc712", + "jobId": "7f1df17b-570b-4ae5-9cf5-fe6ff64cc712", + "channelReference": "test-abc", + "channelId": "FooVoiceChannelId", + "labels": { + "Locale": "en-us", + "Segment": "Enterprise", + "Token": "FooToken" + }, + "tags": { + "Locale": "en-us", + "Segment": "Enterprise", + "Token": "FooToken" + } + }, + "eventType": "Microsoft.Communication.RouterJobExceptionTriggered", + "dataVersion": "1.0", + "metadataVersion": "1", + "eventTime": "2022-02-17T00:55:25.1736293Z" +} +``` ++#### Attribute list ++| Attribute | Type | Nullable |Description | Notes | +|: |:--:|:-:|-|-| +| ruleKey | `string` | ❌ | | +| exceptionRuleId| `string` | ❌ | +| jobId| `string` | ❌ | +| channelReference | `string` | ❌ | +| channelId | `string` | ❌ | +| labels | `Dictionary<string, object>` | ✔️ | | Based on user input +| tags | `Dictionary<string, object>` | ✔️ | | Based on user input ++### Microsoft.Communication.RouterJobWorkerSelectorsExpired ++[Back to Event Catalog](#events-types) ++```json +{ + "id": "b6d8687a-5a1a-42ae-b8b5-ff7ec338c872", + "topic": "/subscriptions/{subscription-id}/resourceGroups/{group-name}/providers/Microsoft.Communication/communicationServices/{communication-services-resource-name}", + "subject": "job/{job-id}/channel/{channel-id}/queue/{queue-id}", + "data": { + "jobId": "7f1df17b-570b-4ae5-9cf5-fe6ff64cc712", + "channelReference": "test-abc", + "channelId": "FooVoiceChannelId", + "queueId": "625fec06-ab81-4e60-b780-f364ed96ade1", + "labels": { + "Locale": "en-us", + "Segment": "Enterprise", + "Token": "FooToken" + }, + "tags": { + "Locale": "en-us", + "Segment": "Enterprise", + "Token": "FooToken" + }, + "requestedWorkerSelectorsExpired": [ + { + "key": "string", + "labelOperator": "equal", + "value": 5, + "ttl": "P3Y6M4DT12H30M5S" + } + ], + "attachedWorkerSelectorsExpired": [ + { + "key": "string", + "labelOperator": "equal", + "value": 5, + "ttl": "P3Y6M4DT12H30M5S" + } + ] + }, + "eventType": "Microsoft.Communication.RouterJobWorkerSelectorsExpired", + "dataVersion": "1.0", + "metadataVersion": "1", + "eventTime": "2022-02-17T00:55:25.1736293Z" +} +``` ++#### Attribute list ++| Attribute | Type | Nullable |Description | Notes | +|: |:--:|:-:|-|-| +| jobId| `string` | ❌ | +| channelReference | `string` | ✔️ | +| queueId | `string` | ❌ | | +| channelId | `string` | ❌ | +| labels | `Dictionary<string, object>` | ✔️ | | Based on user input +| tags | `Dictionary<string, object>` | ✔️ | | Based on user input +| requestedWorkerSelectorsExpired | `List<WorkerSelector>` | ✔️ | | Based on user input while creating a job +| attachedWorkerSelectorsExpired | `List<WorkerSelector>` | ✔️ | | List of worker selectors attached by a classification policy ++### Microsoft.Communication.RouterJobUnassigned ++[Back to Event Catalog](#events-types) ++```json +{ + "id": "acdf8fa5-8ab4-4a65-874a-c1d2a4a97f2e", + "topic": "/subscriptions/{subscription-id}/resourceGroups/{group-name}/providers/Microsoft.Communication/communicationServices/{communication-services-resource-name}", + "subject": "job/{job-id}/channel/{channel-id}/assignment/{assignment-id}", + "data": { + "jobId": "7f1df17b-570b-4ae5-9cf5-fe6ff64cc712", + "assignmentId": "", + "workerId": "", + "channelId": "FooVoiceChannelId", + "channelReference": "test-abc", + "queueId": "queue-id", + "labels": { + "Locale": "en-us", + "Segment": "Enterprise", + "Token": "FooToken" + }, + "tags": { + "Locale": "en-us", + "Segment": "Enterprise", + "Token": "FooToken" + } + }, + "eventType": "Microsoft.Communication.RouterJobUnassigned", + "dataVersion": "1.0", + "metadataVersion": "1", + "eventTime": "2022-02-17T00:55:25.1736293Z" +} +``` ++#### Attribute list ++| Attribute | Type | Nullable |Description | Notes | +|: |:--:|:-:|-|-| +| jobId| `string` | ❌ | +| assignmentId | `string` | ❌ | +| workerId | `string` | ❌ | +| channelId | `string` | ❌ | +| channelReference | `string` | ❌ | +| queueId | `string` | ✔️ | | `null` when `classificationPolicyId` is specified for a job +| labels | `Dictionary<string, object>` | ✔️ | | Based on user input +| tags | `Dictionary<string, object>` | ✔️ | | Based on user input ++### Microsoft.Communication.RouterJobWaitingForActivation ++[Back to Event Catalog](#events-types) ++```json +{ + "id": "acdf8fa5-8ab4-4a65-874a-c1d2a4a97f2e", + "topic": "/subscriptions/{subscription-id}/resourceGroups/{group-name}/providers/Microsoft.Communication/communicationServices/{communication-services-resource-name}", + "subject": "job/{job-id}/channel/{channel-id}", + "data": { + "jobId": "7f1df17b-570b-4ae5-9cf5-fe6ff64cc712", + "channelId": "FooVoiceChannelId", + "channelReference": "test-abc", + "queueId": "queue-id", + "priority": 1, + "labels": { + "Locale": "en-us", + "Segment": "Enterprise", + "Token": "FooToken" + }, + "tags": { + "Locale": "en-us", + "Segment": "Enterprise", + "Token": "FooToken" + }, + "requestedWorkerSelectors": [ + { + "key": "string", + "labelOperator": "equal", + "value": 5, + "ttl": "P3Y6M4DT12H30M5S" + } + ], + "attachedWorkerSelectors": [ + { + "key": "string", + "labelOperator": "equal", + "value": 5, + "ttl": "P3Y6M4DT12H30M5S" + } + ], + "scheduledTimeUtc": "2022-02-17T00:55:25.1736293Z", + "unavailableForMatching": false + }, + "eventType": "Microsoft.Communication.RouterJobWaitingForActivation", + "dataVersion": "1.0", + "metadataVersion": "1", + "eventTime": "2022-02-17T00:55:25.1736293Z" +} +``` ++#### Attribute list ++| Attribute | Type | Nullable |Description | Notes | +|: |:--:|:-:|-|-| +| jobId| `string` | ❌ | +| channelId | `string` | ❌ | +| channelReference | `string` | ❌ | +| queueId | `string` | ✔️ | | `null` when `classificationPolicyId` is specified for a job +| labels | `Dictionary<string, object>` | ✔️ | | Based on user input +| tags | `Dictionary<string, object>` | ✔️ | | Based on user input +| requestedWorkerSelectorsExpired | `List<WorkerSelector>` | ✔️ | | Based on user input while creating a job +| attachedWorkerSelectorsExpired | `List<WorkerSelector>` | ✔️ | | List of worker selectors attached by a classification policy +| scheduledTimeUtc | `DateTimeOffset` |✔️ | | Based on user input while creating a job +| unavailableForMatching | `bool` |✔️ | | Based on user input while creating a job +| priority| `int` | ❌ | | Based on user input while creating a job ++### Microsoft.Communication.RouterJobSchedulingFailed ++[Back to Event Catalog](#events-types) ++```json +{ + "id": "acdf8fa5-8ab4-4a65-874a-c1d2a4a97f2e", + "topic": "/subscriptions/{subscription-id}/resourceGroups/{group-name}/providers/Microsoft.Communication/communicationServices/{communication-services-resource-name}", + "subject": "job/{job-id}/channel/{channel-id}", + "data": { + "jobId": "7f1df17b-570b-4ae5-9cf5-fe6ff64cc712", + "channelId": "FooVoiceChannelId", + "channelReference": "test-abc", + "queueId": "queue-id", + "priority": 1, + "labels": { + "Locale": "en-us", + "Segment": "Enterprise", + "Token": "FooToken" + }, + "tags": { + "Locale": "en-us", + "Segment": "Enterprise", + "Token": "FooToken" + }, + "requestedWorkerSelectors": [ + { + "key": "string", + "labelOperator": "equal", + "value": 5, + "ttl": "P3Y6M4DT12H30M5S" + } + ], + "attachedWorkerSelectors": [ + { + "key": "string", + "labelOperator": "equal", + "value": 5, + "ttl": "P3Y6M4DT12H30M5S" + } + ], + "scheduledTimeUtc": "2022-02-17T00:55:25.1736293Z", + "failureReason": "Error" + }, + "eventType": "Microsoft.Communication.RouterJobSchedulingFailed", + "dataVersion": "1.0", + "metadataVersion": "1", + "eventTime": "2022-02-17T00:55:25.1736293Z" +} +``` ++#### Attribute list ++| Attribute | Type | Nullable |Description | Notes | +|: |:--:|:-:|-|-| +| jobId| `string` | ❌ | +| channelId | `string` | ❌ | +| channelReference | `string` | ❌ | +| queueId | `string` | ✔️ | | `null` when `classificationPolicyId` is specified for a job +| labels | `Dictionary<string, object>` | ✔️ | | Based on user input +| tags | `Dictionary<string, object>` | ✔️ | | Based on user input +| requestedWorkerSelectorsExpired | `List<WorkerSelector>` | ✔️ | | Based on user input while creating a job +| attachedWorkerSelectorsExpired | `List<WorkerSelector>` | ✔️ | | List of worker selectors attached by a classification policy +| scheduledTimeUtc | `DateTimeOffset` |✔️ | | Based on user input while creating a job +| failureReason | `string` |✔️ | | System determined +| priority| `int` |❌ | | Based on user input while creating a job ++### Microsoft.Communication.RouterJobDeleted ++[Back to Event Catalog](#events-types) ++```json +{ + "id": "acdf8fa5-8ab4-4a65-874a-c1d2a4a97f2e", + "topic": "/subscriptions/{subscription-id}/resourceGroups/{group-name}/providers/Microsoft.Communication/communicationServices/{communication-services-resource-name}", + "subject": "job/{job-id}/channel/{channel-id}", + "data": { + "jobId": "7f1df17b-570b-4ae5-9cf5-fe6ff64cc712", + "channelReference": "test-abc", + "channelId": "FooVoiceChannelId", + "labels": { + "Locale": "en-us", + "Segment": "Enterprise", + "Token": "FooToken" + }, + "tags": { + "Locale": "en-us", + "Segment": "Enterprise", + "Token": "FooToken" + }, + "queueId": "" + }, + "eventType": "Microsoft.Communication.RouterJobDeleted", + "dataVersion": "1.0", + "metadataVersion": "1", + "eventTime": "2022-02-17T00:55:25.1736293Z" +} +``` ++#### Attribute list ++| Attribute | Type | Nullable |Description | Notes | +|: |:--:|:-:|-|-| +| jobId| `string` | ❌ | ++## Worker Events ++### Microsoft.Communication.RouterWorkerOfferIssued ++[Back to Event Catalog](#events-types) ++```json +{ + "id": "1027db4a-17fe-4a7f-ae67-276c3120a29f", + "topic": "/subscriptions/{subscription-id}/resourceGroups/{group-name}/providers/Microsoft.Communication/communicationServices/{communication-services-resource-name}", + "subject": "worker/{worker-id}/job/{job-id}", + "data": { + "workerId": "w100", + "jobId": "7f1df17b-570b-4ae5-9cf5-fe6ff64cc712", + "channelReference": "test-abc", + "channelId": "FooVoiceChannelId", + "queueId": "625fec06-ab81-4e60-b780-f364ed96ade1", + "offerId": "525fec06-ab81-4e60-b780-f364ed96ade1", + "offerTimeUtc": "2021-06-23T02:43:30.3847144Z", + "expiryTimeUtc": "2021-06-23T02:44:30.3847674Z", + "jobPriority": 5, + "jobLabels": { + "Locale": "en-us", + "Segment": "Enterprise", + "Token": "FooToken" + }, + "jobTags": { + "Locale": "en-us", + "Segment": "Enterprise", + "Token": "FooToken" + } + }, + "eventType": "Microsoft.Communication.RouterWorkerOfferIssued", + "dataVersion": "1.0", + "metadataVersion": "1", + "eventTime": "2022-02-17T00:55:25.1736293Z" +} +``` ++#### Attribute list ++| Attribute | Type | Nullable |Description | Notes | +|: |:--:|:-:|-|-| +| workerId | `string` | ❌ | +| jobId| `string` | ❌ | +| channelReference | `string` | ❌ | +|channelId | `string` | ❌ | +| queueId | `string` | ❌ | +| offerId| `string` | ❌ | +| offerTimeUtc | `DateTimeOffset` | ❌ | +| expiryTimeUtc| `DateTimeOffset` | ❌ | +| jobPriority| `int` | ❌ | +| jobLabels | `Dictionary<string, object>` | ✔️ | | Based on user input +| jobTags | `Dictionary<string, object>` | ✔️ | | Based on user input ++### Microsoft.Communication.RouterWorkerOfferAccepted ++[Back to Event Catalog](#events-types) ++```json +{ + "id": "1027db4a-17fe-4a7f-ae67-276c3120a29f", + "topic": "/subscriptions/{subscription-id}/resourceGroups/{group-name}/providers/Microsoft.Communication/communicationServices/{communication-services-resource-name}", + "subject": "worker/{worker-id}/job/{job-id}", + "data": { + "workerId": "w100", + "jobId": "7f1df17b-570b-4ae5-9cf5-fe6ff64cc712", + "jobPriority": 5, + "jobLabels": { + "Locale": "en-us", + "Segment": "Enterprise", + "Token": "FooToken" + }, + "jobTags": { + "Locale": "en-us", + "Segment": "Enterprise", + "Token": "FooToken" + }, + "channelReference": "test-abc", + "channelId": "FooVoiceChannelId", + "queueId": "625fec06-ab81-4e60-b780-f364ed96ade1", + "offerId": "565fec06-ab81-4e60-b780-f364ed96ade1", + "assignmentId": "765fec06-ab81-4e60-b780-f364ed96ade1" + }, + "eventType": "Microsoft.Communication.RouterWorkerOfferAccepted", + "dataVersion": "1.0", + "metadataVersion": "1", + "eventTime": "2022-02-17T00:55:25.1736293Z" +} +``` ++#### Attribute list ++| Attribute | Type | Nullable |Description | Notes | +|: |:--:|:-:|-|-| +| workerId | `string` | ❌ | +| jobId| `string` | ❌ | +| jobPriority| `int` | ❌ | +| jobLabels | `Dictionary<string, object>` | ✔️ | | Based on user input +| jobTags | `Dictionary<string, object>` | ✔️ | | Based on user input +| channelReference | `string` | ❌ | +|channelId | `string` | ❌ | +| queueId | `string` | ❌ | +| offerId | `string` | ❌ | +| assignmentId | `string` | ❌ | ++### Microsoft.Communication.RouterWorkerOfferDeclined ++[Back to Event Catalog](#events-types) ++```json +{ + "id": "1027db4a-17fe-4a7f-ae67-276c3120a29f", + "topic": "/subscriptions/{subscription-id}/resourceGroups/{group-name}/providers/Microsoft.Communication/communicationServices/{communication-services-resource-name}", + "subject": "worker/{worker-id}/job/{job-id}", + "data": { + "workerId": "w100", + "jobId": "7f1df17b-570b-4ae5-9cf5-fe6ff64cc712", + "channelReference": "test-abc", + "channelId": "FooVoiceChannelId", + "queueId": "625fec06-ab81-4e60-b780-f364ed96ade1", + "offerId": "565fec06-ab81-4e60-b780-f364ed96ade1", + }, + "eventType": "Microsoft.Communication.RouterWorkerOfferDeclined", + "dataVersion": "1.0", + "metadataVersion": "1", + "eventTime": "2022-02-17T00:55:25.1736293Z" +} +``` ++#### Attribute list ++| Attribute | Type | Nullable |Description | Notes | +|: |:--:|:-:|-|-| +| workerId | `string` | ❌ | +| jobId| `string` | ❌ | +| channelReference | `string` | ❌ | +|channelId | `string` | ❌ | +| queueId | `string` | ❌ | +| offerId | `string` | ❌ | ++### Microsoft.Communication.RouterWorkerOfferRevoked ++[Back to Event Catalog](#events-types) ++```json +{ + "id": "1027db4a-17fe-4a7f-ae67-276c3120a29f", + "topic": "/subscriptions/{subscription-id}/resourceGroups/{group-name}/providers/Microsoft.Communication/communicationServices/{communication-services-resource-name}", + "subject": "worker/{worker-id}/job/{job-id}", + "data": { + "offerId": "565fec06-ab81-4e60-b780-f364ed96ade1", + "workerId": "w100", + "jobId": "7f1df17b-570b-4ae5-9cf5-fe6ff64cc712", + "channelReference": "test-abc", + "channelId": "FooVoiceChannelId", + "queueId": "625fec06-ab81-4e60-b780-f364ed96ade1" + }, + "eventType": "Microsoft.Communication.RouterWorkerOfferRevoked", + "dataVersion": "1.0", + "metadataVersion": "1", + "eventTime": "2022-02-17T00:55:25.1736293Z" +} +``` ++#### Attribute list ++| Attribute | Type | Nullable |Description | Notes | +|: |:--:|:-:|-|-| +| offerId | `string` | ❌ | +| workerId | `string` | ❌ | +| jobId| `string` | ❌ | +| channelReference | `string` | ❌ | +|channelId | `string` | ❌ | +| queueId | `string` | ❌ | ++### Microsoft.Communication.RouterWorkerOfferExpired ++[Back to Event Catalog](#events-types) ++```json +{ + "id": "1027db4a-17fe-4a7f-ae67-276c3120a29f", + "topic": "/subscriptions/{subscription-id}/resourceGroups/{group-name}/providers/Microsoft.Communication/communicationServices/{communication-services-resource-name}", + "subject": "worker/{worker-id}/job/{job-id}", + "data": { + "offerId": "565fec06-ab81-4e60-b780-f364ed96ade1", + "workerId": "w100", + "jobId": "7f1df17b-570b-4ae5-9cf5-fe6ff64cc712", + "channelReference": "test-abc", + "channelId": "FooVoiceChannelId", + "queueId": "625fec06-ab81-4e60-b780-f364ed96ade1" + }, + "eventType": "Microsoft.Communication.RouterWorkerOfferExpired", + "dataVersion": "1.0", + "metadataVersion": "1", + "eventTime": "2022-02-17T00:55:25.1736293Z" +} +``` ++#### Attribute list ++| Attribute | Type | Nullable |Description | Notes | +|: |:--:|:-:|-|-| +| workerId | `string` | ❌ | +| offerId | `string` | ❌ | +| jobId| `string` | ❌ | +| channelReference | `string` | ❌ | +|channelId | `string` | ❌ | +| queueId | `string` | ❌ | ++### Microsoft.Communication.RouterWorkerRegistered ++[Back to Event Catalog](#events-types) ++```json +{ + "id": "1027db4a-17fe-4a7f-ae67-276c3120a29f", + "topic": "/subscriptions/{subscription-id}/resourceGroups/{group-name}/providers/Microsoft.Communication/communicationServices/{communication-services-resource-name}", + "subject": "worker/{worker-id}", + "data": { + "workerId": "worker3", + "totalCapacity": 100, + "queueAssignments": [ + { + "id": "MyQueueId2", + "name": "Queue 3", + "labels": { + "Language": "en", + "Product": "Office", + "Geo": "NA" + } + } + ], + "labels": { + "x": "111", + "y": "111" + }, + "channelConfigurations": [ + { + "channelId": "FooVoiceChannelId", + "capacityCostPerJob": 10, + "maxNumberOfJobs": 5 + } + ], + "tags": { + "Locale": "en-us", + "Segment": "Enterprise", + "Token": "FooToken" + } + }, + "eventType": "Microsoft.Communication.RouterWorkerRegistered", + "dataVersion": "1.0", + "metadataVersion": "1", + "eventTime": "2022-02-17T00:55:25.1736293Z" +} +``` ++#### Attribute list ++| Attribute | Type | Nullable | Description | Notes | +|: |:--:|:-:|-|-| +| workerId | `string` | ❌ | +| totalCapacity | `int` | ❌ | +| queueAssignments | `List<QueueInfo>` | ❌ | +| labels | `Dictionary<string, object>` | ✔️ | | Based on user input +| channelConfigurations| `List<ChannelConfiguration>` | ❌ | +| tags | `Dictionary<string, object>` | ✔️ | | Based on user input ++### Microsoft.Communication.RouterWorkerDeregistered ++[Back to Event Catalog](#events-types) ++```json +{ + "id": "1027db4a-17fe-4a7f-ae67-276c3120a29f", + "topic": "/subscriptions/{subscription-id}/resourceGroups/{group-name}/providers/Microsoft.Communication/communicationServices/{communication-services-resource-name}", + "subject": "worker/{worker-id}", + "data": { + "workerId": "worker3" + }, + "eventType": "Microsoft.Communication.RouterWorkerDeregistered", + "dataVersion": "1.0", + "metadataVersion": "1", + "eventTime": "2022-02-17T00:55:25.1736293Z" +} +``` ++#### Attribute list ++| Attribute | Type | Nullable |Description | Notes | +|: |:--:|:-:|-|-| +| workerId | `string` | ❌ | ++### Microsoft.Communication.RouterWorkerDeleted ++[Back to Event Catalog](#events-types) ++```json +{ + "id": "1027db4a-17fe-4a7f-ae67-276c3120a29f", + "topic": "/subscriptions/{subscription-id}/resourceGroups/{group-name}/providers/Microsoft.Communication/communicationServices/{communication-services-resource-name}", + "subject": "worker/{worker-id}", + "data": { + "workerId": "worker3", + "totalCapacity": 100, + "queueAssignments": [ + { + "id": "MyQueueId2", + "name": "Queue 3", + "labels": { + "Language": "en", + "Product": "Office", + "Geo": "NA" + } + } + ], + "labels": { + "x": "111", + "y": "111" + }, + "channelConfigurations": [ + { + "channelId": "FooVoiceChannelId", + "capacityCostPerJob": 10, + "maxNumberOfJobs": 5 + } + ], + "tags": { + "Locale": "en-us", + "Segment": "Enterprise", + "Token": "FooToken" + } + }, + "eventType": "Microsoft.Communication.RouterWorkerDeleted", + "dataVersion": "1.0", + "metadataVersion": "1", + "eventTime": "2022-02-17T00:55:25.1736293Z" +} +``` ++#### Attribute list ++| Attribute | Type | Nullable | Description | Notes | +|: |:--:|:-:|-|-| +| workerId | `string` | ❌ | +| totalCapacity | `int` | ❌ | +| queueAssignments | `List<QueueInfo>` | ❌ | +| labels | `Dictionary<string, object>` | ✔️ | | Based on user input +| channelConfigurations| `List<ChannelConfiguration>` | ❌ | +| tags | `Dictionary<string, object>` | ✔️ | | Based on user input ++## Model Definitions ++### QueueInfo ++```csharp +public class QueueInfo +{ + public string Id { get; set; } + public string Name { get; set; } + public Dictionary<string, object>? Labels { get; set; } +} +``` ++### CommunicationError ++```csharp +public class CommunicationError +{ + public string? Code { get; init; } + public string Message { get; init; } + public string? Target { get; init; } + public CommunicationError? InnerError { get; init; } + public IEnumerable<CommunicationError>? Details { get; init; } +} +``` ++### ChannelConfiguration ++```csharp +public class ChannelConfiguration +{ + public string ChannelId { get; set; } + public int CapacityCostPerJob { get; set; } + public int? MaxNumberOfJobs { get; set; } +} +``` ++### WorkerSelector ++```csharp +public class WorkerSelector +{ + public string Key { get; set; } + public LabelOperator LabelOperator { get; set; } + public object Value { get; set; } + public double? TTLSeconds { get; set; } + public WorkerSelectorState State { get; set; } + public DateTimeOffset? ExpireTime { get; set; } +} ++public enum WorkerSelectorState +{ + Active = 0, + Expired = 1 +} ++public enum LabelOperator +{ + Equal, + NotEqual, + LessThan, + LessThanEqual, + GreaterThan, + GreaterThanEqual, +} +``` |
| event-grid | Event Schema Communication Services | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/event-grid/event-schema-communication-services.md | Azure Communication Services emits the following event types: * [Voice and Video Calling Events](./communication-services-voice-video-events.md) * [Presence Events](./communication-services-presence-events.md) * [Email Events](./communication-services-email-events.md)+* [Job Router Events](./communication-services-router-events.md) You can use the Azure portal or Azure CLI to subscribe to events emitted by your Communication Services resource. |
| event-hubs | Configure Event Hub Properties | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/event-hubs/configure-event-hub-properties.md | Title: Configure properties for an Azure event hub description: Learn how to configure status, partition count, cleanup policy, and retention time for an event hub -+ Last updated 06/19/2023 |
| event-hubs | Event Hubs Capture Python | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/event-hubs/event-hubs-capture-python.md | In this example, the captured data is stored in Azure Blob storage. The script i Check out [Python samples on GitHub](https://github.com/Azure/azure-sdk-for-python/tree/master/sdk/eventhub/azure-eventhub/samples). -[Azure portal]: https://portal.azure.com/ [Overview of Event Hubs Capture]: event-hubs-capture-overview.md [1]: ./media/event-hubs-archive-python/event-hubs-python1.png [About Azure storage accounts]:../storage/common/storage-create-storage-account.md |
| event-hubs | Event Hubs Create | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/event-hubs/event-hubs-create.md | In this article, you created a resource group, an Event Hubs namespace, and an e - [Apache Storm (receive only)](event-hubs-storm-getstarted-receive.md) -[Azure portal]: https://portal.azure.com/ [3]: ./media/event-hubs-quickstart-portal/sender1.png [4]: ./media/event-hubs-quickstart-portal/receiver1.png |
| expressroute | About Public Peering | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/expressroute/about-public-peering.md | description: Learn about and manage Azure public peering + Last updated 06/30/2023 Next step, [Link a virtual network to an ExpressRoute circuit](expressroute-howt * For more information about ExpressRoute workflows, see [ExpressRoute workflows](expressroute-workflows.md). * For more information about circuit peering, see [ExpressRoute circuits and routing domains](expressroute-circuit-peerings.md).-* For more information about working with virtual networks, see [Virtual network overview](../virtual-network/virtual-networks-overview.md). +* For more information about working with virtual networks, see [Virtual network overview](../virtual-network/virtual-networks-overview.md). |
| expressroute | Expressroute Faqs | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/expressroute/expressroute-faqs.md | Yes. ExpressRoute premium charges apply on top of ExpressRoute circuit charges a ### What is ExpressRoute Local? -ExpressRoute Local is a SKU of ExpressRoute circuit, in addition to the Standard SKU and the Premium SKU. A key feature of Local is that a Local circuit at an ExpressRoute peering location gives you access only to one or two Azure regions in or near the same metro. In contrast, a Standard circuit gives you access to all Azure regions in a geopolitical area and a Premium circuit to all Azure regions globally. Specifically, with a Local SKU you can only advertise routes over Microsoft and private peering from the corresponding local region of the ExpressRoute circuit. You won't receive routes for other regions different than the defined local region. +ExpressRoute Local is a SKU of ExpressRoute circuit, in addition to the Standard SKU and the Premium SKU. A key feature of Local is that a Local circuit at an ExpressRoute peering location gives you access only to one or two Azure regions in or near the same metro.* In contrast, a Standard circuit gives you access to all Azure regions in a geopolitical area and a Premium circuit to all Azure regions globally. Specifically, with a Local SKU you can only advertise routes over Microsoft and private peering from the corresponding local region of the ExpressRoute circuit. You won't receive routes for other regions different than the defined local region. ExpressRoute Local may not be available for an ExpressRoute Location. For peering location and supported Azure local region, see [locations and connectivity providers](expressroute-locations-providers.md#partners). + > [!NOTE] + > *This limitation does not exist for ExpressRoute Local in Virtual WAN. + ### What are the benefits of ExpressRoute Local? While you need to pay egress data transfer for your Standard or Premium ExpressRoute circuit, you don't pay egress data transfer separately for your ExpressRoute Local circuit. In other words, the price of ExpressRoute Local includes data transfer fees. ExpressRoute Local is an economical solution if you have massive amount of data to transfer and want to have your data over a private connection to an ExpressRoute peering location near your desired Azure regions. |
| expressroute | Expressroute Howto Coexist Resource Manager | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/expressroute/expressroute-howto-coexist-resource-manager.md | description: Configure ExpressRoute and a site-to-site VPN connection that can c + Last updated 06/15/2023 |
| expressroute | Expressroute Troubleshooting Arp Resource Manager | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/expressroute/expressroute-troubleshooting-arp-resource-manager.md | description: This page provides instructions on getting the Address Resolution P + Last updated 06/30/2023 - # Getting ARP tables in the Resource Manager deployment model Age InterfaceProperty IpAddress MacAddress * Get route table to determine which prefixes are advertised across ExpressRoute. * Validate data transfer by reviewing bytes in / out. * Open a support ticket with [Microsoft support](https://portal.azure.com/?#blade/Microsoft_Azure_Support/HelpAndSupportBlade) if you're still experiencing issues.- |
| external-attack-surface-management | Host Asset Filters | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/external-attack-surface-management/host-asset-filters.md | The following filters require that the user manually enters the value with which | Port State | Indicates the status of the observed port. | Open, Filtered | `Equals` `In` | | Port | Any ports detected on the asset. | 443, 80 | `Equals` `Not Equals` `In` `Not In` | | ASN | Autonomous System Number is a network identification for transporting data on the Internet between Internet routers. An ASN is associated to any public IP blocks tied to it where hosts are located. | 12345 | `Equals` `Not Equals` `In` `Not In` `Empty` `Not Empty` |-| Affected CVSS Score | Searches for assets with a CVE that matches a specific numerical score or range of scores. | Numerical (1-10) | `Equals` `Not Equals` `In` `Not In` `Greater Than or Equal To` `Less Than or Equal To` `Between` `Empty` `Not Empty` | -| Affected CVSS v3 Score | Searches for assets with a CVE v3 that matches a specific numerical score or range of scores. | Numerical (1-10) | | +| Affected CVSS Score | Searches for assets with a CVE that matches a specific numerical score or range of scores. | Numerical (1-10), supports decimal values (e.g. 8.6). | `Equals` `Not Equals` `In` `Not In` `Greater Than or Equal To` `Less Than or Equal To` `Between` `Empty` `Not Empty` | +| Affected CVSS v3 Score | Searches for assets with a CVE v3 that matches a specific numerical score or range of scores. | Numerical (1-10), supports decimal values (e.g. 8.6). | | | Attribute Type | Services running on the asset. These services can include IP addresses trackers. | address, AdblockPlusAcceptableAdsSignature | `Equals` `Not Equals` `Starts with` `Does not start with` `In` `Not in` `Starts with in` `Does not start with in` `Contains` `Does Not Contain` `Contains In` `Does Not Contain In` `Empty` `Not Empty` | | Attribute Type & Value | The attribute type and value within a single field. | address 192.168.92.73 | | | Attribute Value | The values for any attributes found on the asset. | 192.168.92.73 | | |
| external-attack-surface-management | Ip Address Asset Filters | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/external-attack-surface-management/ip-address-asset-filters.md | Title: IP address asset filters -description: This article outlines the filter functionality available in Microsoft Defender External Attack Surface Management for IP address assets specifically, includiung operators and applicable field values. +description: This article outlines the filter functionality available in Microsoft Defender External Attack Surface Management for IP address assets specifically, including operators and applicable field values. These filters specifically apply to IP address assets. Use these filters when se ## Defined value filters -The following filters provide a drop-down list of options to select. The available values are pre-defined. +The following filters provide a drop-down list of options to select. The available values are predefined. | Filter name | Description | Value format | Applicable operators | |-|-|||-| IPv4 | Indicates that the host resolves to a 32-bit number notated in four octets (e.g. 192.168.92.73). | true / false | `Equals` `Not Equals` | +| IPv4 | Indicates that the host resolves to a 32-bit number notated in four octets (for example, 192.168.92.73). | true / false | `Equals` `Not Equals` | | IPv6 | Indicates that the host resolves to an IP comprised of 128-bit hexadecimal digits noted in eight four-digit groups. | true / false | | | Is Mail Server Record | Indicates that the host powers a mail server. | true / false | | | Is Name Server Record | Indicates that the host powers a name server. | true / false | | The following filters require that the user manually enters the value with which | Port State | Indicates the status of the observed port. | Open, Filtered | `Equals` `In` | | Port | Any ports detected on the asset. | 443, 80 | `Equals` `Not Equals` `In` `Not In` | | ASN | Autonomous System Number is a network identification for transporting data on the Internet between Internet routers. An ASN will have associated public IP blocks tied to it where hosts are located. | 12345 | `Equals` `Not Equals` `In` `Not In` `Empty` `Not Empty` |-| Banner | A banner is a text displayed by a host that provides details such as the type and version of software running on the system or server. | We recommend using the ΓÇ£matchesΓÇ¥ operator to search for HTML banners by keyword (e.g. ΓÇ£HTTP/1.1ΓÇ¥) | `Matches` `Does not match` `Matches in` `Does not match in` `Empty` `Not empty` | -| Affected CVSS Score | Searches for assets with a CVE that matches a specific numerical score or range of scores. | Numerical (1-10) | `Equals` `Not Equals` `In` `Not In` `Greater Than or Equal To` `Less Than or Equal To` `Between` `Empty` `Not Empty` | -| Affected CVSS v3 Score | Searches for assets with a CVE v3 that matches a specific numerical score or range of scores. | Numerical (1-10) | | +| Banner | A banner is a text displayed by a host that provides details such as the type and version of software running on the system or server. | We recommend using the ΓÇ£matchesΓÇ¥ operator to search for HTML banners by keyword (for example, ΓÇ£HTTP/1.1ΓÇ¥) | `Matches` `Does not match` `Matches in` `Does not match in` `Empty` `Not empty` | +| Affected CVSS Score | Searches for assets with a CVE that matches a specific numerical score or range of scores. | Numerical (1-10), supports decimal values (for example, 8.6). | `Equals` `Not Equals` `In` `Not In` `Greater Than or Equal To` `Less Than or Equal To` `Between` `Empty` `Not Empty` | +| Affected CVSS v3 Score | Searches for assets with a CVE v3 that matches a specific numerical score or range of scores. | Numerical (1-10), supports decimal values (for example, 8.6). | | | Attribute Type | Additional services running on the asset. This can include IP addresses trackers. | address, AdblockPlusAcceptableAdsSignature | `Equals` `Not Equals` `Starts with` `Does not start with` `In` `Not in` `Starts with in` `Does not start with in` `Contains` `Does Not Contain` `Contains In` `Does Not Contain In` `Empty` `Not Empty` | | Attribute Type & Value | The attribute type and value within a single field. | address 192.168.92.73 | | | Attribute Value | The values for any attributes found on the asset. | 192.168.92.73 | | |
| external-attack-surface-management | Labeling Inventory Assets | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/external-attack-surface-management/labeling-inventory-assets.md | Last updated 3/1/2022 -# Modify inventory assets +# Asset modification overview -This article outlines how to modify inventory assets. You can change the state of an asset or apply labels to help provide context and use inventory data. This article describes how to modify a single asset or multiple assets and track any updates with the Task Manager. +This article outlines how to modify inventory assets. You can change the state of an asset, assign an external ID or apply labels to help provide context and use inventory data. This article describes these modification options, and outlines how to update assets and track any updates with the Task Manager. -## Label assets +### Label assets Labels help you organize your attack surface and apply business context in a customizable way. You can apply any text label to a subset of assets to group assets and make better use of your inventory. Customers commonly categorize assets that: Labels help you organize your attack surface and apply business context in a cus - Are affected by a specific vulnerability that requires mitigation. - Relate to a particular brand owned by the organization. - Were added to your inventory within a specific time range.+ -Labels are freeform text fields, so you can create a label for any use case that applies to your organization. +Labels are free form text fields, so you can create a label for any use case that applies to your organization. [](media/labels-1a.png#lightbox) -## Apply labels and modify asset states -You can apply labels or modify asset states from both the inventory list and asset details pages. You can make changes to a single asset from the asset details page. You can make changes to multiple assets from the inventory list page. The following sections describe how to apply changes from the two inventory views depending on your use case. +### Change the state of an asset ++Users can also change the state of an asset. States help categorize your inventory based on their role in your organization. Users can switch between the following states: +- **Approved Inventory**: A part of your owned attack surface; an item that you are directly responsible for. +- **Dependency**: Infrastructure that is owned by a third party but is part of your attack surface because it directly supports the operation of your owned assets. For example, you might depend on an IT provider to host your web content. While the domain, hostname, and pages would be part of your ΓÇ£Approved Inventory,ΓÇ¥ you may wish to treat the IP Address running the host as a ΓÇ£Dependency.ΓÇ¥ +- **Monitor Only**: An asset that is relevant to your attack surface but is neither directly controlled nor a technical dependency. For example, independent franchisees or assets belonging to related companies might be labeled as ΓÇ£Monitor OnlyΓÇ¥ rather than ΓÇ£Approved InventoryΓÇ¥ to separate the groups for reporting purposes. +- **Candidate**: An asset that has some relationship to your organization's known seed assets but does not have a strong enough connection to immediately label it as ΓÇ£Approved Inventory.ΓÇ¥ These candidate assets must be manually reviewed to determine ownership. +- **Requires Investigation**: A state similar to the ΓÇ£CandidateΓÇ¥ states, but this value is applied to assets that require manual investigation to validate. This is determined based on our internally generated confidence scores that assess the strength of detected connections between assets. It does not indicate the infrastructure's exact relationship to the organization as much as it denotes that this asset has been flagged as requiring additional review to determine how it should be categorized. +++### Apply an External ID ++Users can also apply an external ID to an asset. This is useful in situations when you employ multiple solutions for asset tracking, remediation activities or ownership monitoring; seeing any external IDs within Defender EASM helps you align this disparate asset information. External ID values can be numeric or alphanumeric and must be entered in text format. External IDs are also displayed within the Asset Details section. +++## How to modify assets ++You can modify assets from both the inventory list and asset details pages. You can make changes to a single asset from the asset details page. You can make changes to a single asset or multiple assets from the inventory list page. The following sections describe how to apply changes from the two inventory views depending on your use case. ### Inventory list page -You should modify assets from the inventory list page if you want to update numerous assets at once. You can refine your asset list based on filter parameters. This process helps you to identify assets that should be categorized with the label or state change that you want. To modify assets from this page: +You should modify assets from the inventory list page if you want to update numerous assets at once. You can refine your asset list based on filter parameters. This process helps you to identify assets that should be categorized with the label, external ID or state change that you want. To modify assets from this page: 1. On the leftmost pane of your Microsoft Defender External Attack Surface Management (Defender EASM) resource, select **Inventory**. -1. Apply filters to produce your intended results. In this example, we're looking for domains that expire within 30 days that require renewal. The applied label helps you more quickly access any expiring domains to simplify the remediation process. You can apply as many filters as necessary to obtain the specific results that are needed. For more information on filters, see [Inventory filters overview](inventory-filters.md). +2. Apply filters to produce your intended results. In this example, we're looking for domains that expire within 30 days that require renewal. The applied label helps you more quickly access any expiring domains to simplify the remediation process. You can apply as many filters as necessary to obtain the specific results that are needed. For more information on filters, see [Inventory filters overview](inventory-filters.md).  -1. After your inventory list is filtered, select the dropdown by the checkbox next to the **Asset** table header. This dropdown gives you the option to select all results that match your query or the results on that specific page (up to 25). The **None** option clears all assets. You can also choose to select only specific results on the page by selecting the individual check marks next to each asset. +3. After your inventory list is filtered, select the dropdown by the checkbox next to the **Asset** table header. This dropdown gives you the option to select all results that match your query or the results on that specific page (up to 25). The **None** option clears all assets. You can also choose to select only specific results on the page by selecting the individual check marks next to each asset.  -1. Select **Modify assets**. +4. Select **Modify assets**. -1. On the **Modify Assets** pane that opens on the right side of your screen, you can quickly change the state of the selected assets. For this example, you create a new label. Select **Create a new label**. +5. On the **Modify Assets** pane that opens on the right side of your screen, you can quickly change the state of the selected assets. For this example, you create a new label. Select **Create a new label**. -1. Determine the label name and display text values. The label name can't be changed after you initially create the label, but the display text can be edited at a later time. The label name is used to query for the label in the product interface or via API, so edits are disabled to ensure these queries work properly. To edit a label name, you need to delete the original label and create a new one. +6. Determine the label name and display text values. The label name can't be changed after you initially create the label, but the display text can be edited at a later time. The label name is used to query for the label in the product interface or via API, so edits are disabled to ensure these queries work properly. To edit a label name, you need to delete the original label and create a new one. Select a color for your new label and select **Add**. This action takes you back to the **Modify Assets** screen.  -1. Apply your new label to the assets. Click inside the **Add labels** text box to view a full list of available labels. Or you can type inside the box to search by keyword. After you select the labels you want to apply, select **Update**. +7. Apply your new label to the assets. Click inside the **Add labels** text box to view a full list of available labels. Or you can type inside the box to search by keyword. After you select the labels you want to apply, select **Update**.  -1. Allow a few moments for the labels to be applied. After the process is finished, you see a "Completed" notification. The page automatically refreshes and displays your asset list with the labels visible. A banner at the top of the screen confirms that your labels were applied. +8. Allow a few moments for the labels to be applied. After the process is finished, you see a "Completed" notification. The page automatically refreshes and displays your asset list with the labels visible. A banner at the top of the screen confirms that your labels were applied. [](media/labels-6.png#lightbox) + ### Asset details page You can also modify a single asset from the asset details page. This option is ideal for situations when assets need to be thoroughly reviewed before a label or state change is applied. 1. On the leftmost pane of your Defender EASM resource, select **Inventory**. -1. Select the specific asset you want to modify to open the asset details page. +2. Select the specific asset you want to modify to open the asset details page. -1. On this page, select **Modify asset**. +3. On this page, select **Modify asset**.  -1. Follow steps 5 to 7 in the "Inventory list page" section. +4. Follow steps 5 to 7 in the "Inventory list page" section. ++5. The asset details page refreshes and displays the newly applied label or state change. A banner indicates that the asset was successfully updated. -1. The asset details page refreshes and displays the newly applied label or state change. A banner indicates that the asset was successfully updated. ## Modify, remove, or delete labels To modify the label itself or delete a label from the system: This page displays all the labels within your Defender EASM inventory. Labels on this page might exist in the system but not be actively applied to any assets. You can also add new labels from this page. -1. To edit a label, select the pencil icon in the **Actions** column of the label you want to edit. A pane opens on the right side of your screen where you can modify the name or color of a label. Select **Update**. +2. To edit a label, select the pencil icon in the **Actions** column of the label you want to edit. A pane opens on the right side of your screen where you can modify the name or color of a label. Select **Update**. -1. To remove a label, select the trash can icon from the **Actions** column of the label you want to delete. Select **Remove Label**. +3. To remove a label, select the trash can icon from the **Actions** column of the label you want to delete. Select **Remove Label**.  The **Labels** page automatically refreshes. The label is removed from the list and also removed from any assets that had the label applied. A banner confirms the removal. + ## Task Manager and notifications After a task is submitted, a notification confirms that the update is in progress. From any page in Azure, select the notification (bell) icon to see more information about recent tasks. The Defender EASM system can take seconds to update a handful of assets or minut  -1. This page displays all your recent tasks and their status. Tasks are listed as **Completed**, **Failed**, or **In Progress**. A completion percentage and progress bar also appear. To see more details about a specific task, select the task name. A pane opens on the right side of your screen that provides more information. +2. This page displays all your recent tasks and their status. Tasks are listed as **Completed**, **Failed**, or **In Progress**. A completion percentage and progress bar also appear. To see more details about a specific task, select the task name. A pane opens on the right side of your screen that provides more information. ++3. Select **Refresh** to see the latest status of all items in the Task Manager. -1. Select **Refresh** to see the latest status of all items in the Task Manager. ## Filter for labels After you label assets in your inventory, you can use inventory filters to retri 1. On the leftmost pane of your Defender EASM resource, select **Inventory**. -1. Select **Add filter**. +2. Select **Add filter**. -1. Select **Labels** from the **Filter** dropdown list. Select an operator and choose a label from the dropdown list of options. The following example shows how to search for a single label. You can use the **In** operator to search for multiple labels. For more information on filters, see the [inventory filters overview](inventory-filters.md). +3. Select **Labels** from the **Filter** dropdown list. Select an operator and choose a label from the dropdown list of options. The following example shows how to search for a single label. You can use the **In** operator to search for multiple labels. For more information on filters, see the [inventory filters overview](inventory-filters.md).  -1. Select **Apply**. The inventory list page reloads and displays all assets that match your criteria. +4. Select **Apply**. The inventory list page reloads and displays all assets that match your criteria. ## Next steps |
| external-attack-surface-management | Page Asset Filters | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/external-attack-surface-management/page-asset-filters.md | The following filters provide a drop-down list of options to select. The availab | Filter name | Description | Value format example | Applicable operators | ||-|-|--|-| IPv4 | Indicates that the host resolves to a 32-bit number notated in four octets (e.g. 192.168.92.73). | true / false | `Equals` `Not Equals` | +| IPv4 | Indicates that the host resolves to a 32-bit number notated in four octets (for example, 192.168.92.73). | true / false | `Equals` `Not Equals` | | IPv6 | Indicates that the host resolves to an IP comprised of 128-bit hexadecimal digits noted in eight 4-digit groups. | true / false | | | Live | Indicates if the page is hosting live web content. | true / false | | | Parked Domain | Indicates whether a domain is registered but not connected to an online service (website, email hosting). | true / false | | The following filters provide a drop-down list of options to select. The availab ## Free form filters -The following filters require that the user manually enters the value with which they want to search. This list is organized by the number of applicable operators for each filter, then alphabetically. Please note that many of these values are case-sensitive. +The following filters require that the user manually enters the value with which they want to search. This list is organized according to the number of applicable operators for each filter, then alphabetically. Note that many of these values are case-sensitive. | Filter name | Description | Value format | Applicable operators | |-|-|-|-| | ASN | Autonomous System Number is a network identification for transporting data on the Internet between Internet routers. An ASN will have associated public IP blocks tied to it where hosts are located. | 12345 | `Equals` `Not Equals` `In` `Not In` `Empty` `Not Empty` |-| Affected CVSS Score | Searches for assets with a CVE that matches a specific numerical score or range of scores. | Numerical (1-10) | `Equals` `Not Equals` `In` `Not In` `Greater Than or Equal To` `Less Than or Equal To` `Between` `Empty` `Not Empty` | -| Affected CVSS v3 Score | Searches for assets with a CVE v3 that matches a specific numerical score or range of scores. | Numerical (1-10) | | +| Affected CVSS Score | Searches for assets with a CVE that matches a specific numerical score or range of scores. | Numerical (1-10), supports decimal values (for example, 8.6). | `Equals` `Not Equals` `In` `Not In` `Greater Than or Equal To` `Less Than or Equal To` `Between` `Empty` `Not Empty` | +| Affected CVSS v3 Score | Searches for assets with a CVE v3 that matches a specific numerical score or range of scores. | Numerical (1-10), supports decimal values (for example, 8.6). | | | Final Response Code | The final response code associated to the final URL. | 200 | | | Response Code | Other detected responses codes when attempting to access the asset. | 400 | | | Attribute Type | Additional services running on the asset. This can include IP addresses trackers. | address, AdblockPlusAcceptableAdsSignature | `Equals` `Not Equals` `Starts with` `Does not start with` `In` `Not in` `Starts with in` `Does not start with in` `Contains` `Does Not Contain` `Contains In` `Does Not Contain In` `Empty` `Not Empty` | The following filters require that the user manually enters the value with which | State/Province Code | The state or province code associated with the state of origin. | WA | | | Web Component Type | The infrastructure type of a detected component. | Hosting Provider, DDOS Protection, Service, Server | | | Domain | The parent domain of the page. | contoso.com | `Equals` `Not Equals` `Starts with` `Does not start with` `Matches` `Does Not Match` `In` `Not in` `Starts with in` `Does not start with in` `Matches in` `Does not match in` `Contains` `Does Not Contain` `Contains In` `Does Not Contain In` `Empty` `Not Empty` |-| Error | Error message when retrieving a page. | It's recommended that users use the ΓÇ£containsΓÇ¥ operator to find errors that match a specific keyword (e.g. ΓÇ¥script errorΓÇ¥). | | +| Error | Error message when retrieving a page. | It's recommended that users use the ΓÇ£containsΓÇ¥ operator to find errors that match a specific keyword (for example, ΓÇ¥script errorΓÇ¥). | | | Final URL | The final URL that is presented via the page URL. This value will be the same as the Page name unless there were detected redirects. | https://contoso.com/mainpage.html | | | Framework | Framework services running on the asset. | PHP, J2EE, Java | | | Host | Any host(s) associated with the asset. | host1.contoso.com | | |
| external-attack-surface-management | Understanding Asset Details | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/external-attack-surface-management/understanding-asset-details.md | For more information, see [Understanding inventory assets](understanding-invento You can view the asset details page for any asset by selecting its name from your inventory list. On the left pane of this page, you can view an asset summary that provides key information about that particular asset. This section primarily includes data that applies to all asset types, although more fields are available in some cases. For more information on the metadata provided for each asset type in the summary section, see the following chart. - + ### General information This section includes high-level information that's key to understanding your as | Asset name | The name of an asset. | All | | UUID | This 128-bit label represents the universally unique identifier (UUID) for the asset. | All | | Added to inventory | The date that an asset was added to inventory, whether it was automatically added to the **Approved Inventory** state or it's in another state like **Candidate**. | All |+| Last updated | The date that a manual user last updated the asset (for example, by making a state change or asset removal). | All | +| External ID | A manually added External ID value. | All | | Status | The status of the asset within the RiskIQ system. Options include **Approved Inventory**, **Candidate**, **Dependencies**, or **Requires Investigation**. | All | | First seen (Global Security Graph) | The date that Microsoft first scanned the asset and added it to the comprehensive Global Security Graph. | All | | Last seen (Global Security Graph) | The date that Microsoft most recently scanned the asset. | All | | Discovered on | Indicates the creation date of the discovery group that detected the asset. | All |-| Last updated | The date that a manual user last updated the asset (for example, by making a state change or asset removal). | All | | Country | The country of origin detected for this asset. | All | | State/Province | The state or province of origin detected for this asset. | All | | City | The city of origin detected for this asset. | All | |
| external-attack-surface-management | Using And Managing Discovery | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/external-attack-surface-management/using-and-managing-discovery.md | Select any discovery group to view more information, edit the group, or kickstar ### Run history -The discovery group details page contains the run history for the group. This section displays key information about each discovery run that was performed on the specific group of seeds. The **Status** column indicates whether the run is **In Progress**, **Complete**, or **Failed**. This section also includes **started** and **completed** timestamps and counts of the total number of assets versus new assets discovered. +The discovery group details page contains the run history for the group. This section displays key information about each discovery run that was performed on the specific group of seeds. The **Status** column indicates whether the run is **In Progress**, **Complete**, or **Failed**. This section also includes **started** and **completed** timestamps and a count of all new assets added to your inventory after that particular discovery run. This count includes all assets brought into inventory, regardless of state or billable status. Run history is organized by the seed assets that were scanned during the discovery run. To see a list of the applicable seeds, select **Details**. A pane opens on the right of your screen that lists all the seeds and exclusions by kind and name. ### View seeds and exclusions |
| firewall | Premium Certificates | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/firewall/premium-certificates.md | Azure Firewall Premium can intercept outbound HTTP/S traffic and auto-generate a Ensure your CA certificate complies with the following requirements: -- When deployed as a Key Vault secret, you must use Password-less PFX (Pkcs12) with a certificate and a private key.+- When deployed as a Key Vault secret, you must use Password-less PFX (PKCS12) with a certificate and a private key. PEM certificates are not supported. - It must be a single certificate, and shouldnΓÇÖt include the entire chain of certificates. |
| firewall | Premium Deploy Certificates Enterprise Ca | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/firewall/premium-deploy-certificates-enterprise-ca.md | To use an Enterprise CA to generate a certificate to use with Azure Firewall Pre - an Active Directory Forest - an Active Directory Certification Services Root CA with Web Enrollment enabled - an Azure Firewall Premium with Premium tier Firewall Policy -- an Azure Key Vault +- an [Azure Key Vault](premium-certificates.md#azure-key-vault) - a Managed Identity with Read permissions to **Certificates and Secrets** defined in the Key Vault Access Policy ## Request and export a certificate |
| frontdoor | Front Door Rules Engine | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/frontdoor/front-door-rules-engine.md | A rule set is a customized rules engine that groups a combination of rules into ## Architecture -Rule sets handle requests at the Front Door edge. When a request arrives at your Front Door endpoint, WAF is processed first, followed by the settings configured in route. Those settings include the rule set associated to the route. Rule sets are processed in the order the appear under the routing configuration. Rules in a rule set also get process in the order they appear. In order for all the actions in each rule to run, all the match conditions within a rule has to be met. If a request doesn't match any of the conditions in your rule set configuration, then only the default route settings get applied. +Rule sets handle requests at the Front Door edge. When a request arrives at your Front Door endpoint, WAF is processed first, followed by the settings configured in route. Those settings include the rule set associated to the route. Rule sets are processed in the order they appear under the routing configuration. Rules in a rule set also get processed in the order they appear. In order for all the actions in each rule to run, all the match conditions within a rule have to be met. If a request doesn't match any of the conditions in your rule set configuration, then only the default route settings get applied. If the **Stop evaluating remaining rules** is selected, then any remaining rule sets associated with the route don't get ran. In Azure Front Door (classic) you can create Rules engine configurations of many - Learn how to [create an Azure Front Door (classic) profile](quickstart-create-front-door.md). - Learn about [Azure Front Door (classic) routing architecture](front-door-routing-architecture.md). |
| frontdoor | Front Door Tutorial Rules Engine | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/frontdoor/front-door-tutorial-rules-engine.md | -# Customer intent: As an IT admin, I want to learn about Front Door and how to configure Rules Engine feature via the Azure portal or Azure CLI. +# Customer intent: As an IT admin, I want to learn about Front Door and how to configure Rules Engine feature via the Azure portal or Azure CLI. # Tutorial: Configure your rules engine |
| frontdoor | Migrate Tier Powershell | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/frontdoor/migrate-tier-powershell.md | description: This article provides step-by-step instructions on how to migrate f + Last updated 06/05/2023 |
| frontdoor | Tier Upgrade Powershell | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/frontdoor/tier-upgrade-powershell.md | description: This article shows you how to upgrade from an Azure Front Door Stan + Last updated 06/05/2023 |
| global-secure-access | How To Compliant Network | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/global-secure-access/how-to-compliant-network.md | To enable the required setting to allow the compliant network check, an administ 1. Sign in to the **Microsoft Entra admin center** as a Global Secure Access Administrator. 1. Select the toggle to **Enable Global Secure Access signaling in Conditional Access**. 1. Browse to **Microsoft Entra ID Conditional Access** > **Named locations**.- 1. Confirm you have a location called **All Network Access locations of my tenant** with location type **Network Access**. Organizations can optionally mark this location as trusted. + 1. Confirm you have a location called **All Compliant Network locations** with location type **Network Access**. Organizations can optionally mark this location as trusted. :::image type="content" source="media/how-to-compliant-network/toggle-enable-signaling-in-conditional-access.png" alt-text="Screenshot showing the toggle to enable signaling in Conditional Access."::: The following example shows a Conditional Access policy that requires Exchange O 1. Set **Configure** to **Yes** 1. Under **Include**, select **Any location**. 1. Under **Exclude**, select **Selected locations**- 1. Select the **All Network Access locations of my tenant** location. + 1. Select the **All Compliant Network locations** location. 1. Select **Select**. 1. Under **Access controls**: 1. **Grant**, select **Block Access**, and select **Select**. |
| global-secure-access | How To Configure Per App Access | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/global-secure-access/how-to-configure-per-app-access.md | To configure Per-App Access, you need to have a connector group with at least on To summarize, the overall process is as follows: -1. Create an App Proxy connector group, if you don't already have one. +1. Create a connector group with at least one active App Proxy connector, if you don't already have one. If you already have a connector group, make sure you're on the latest version. 1. Create a Global Secure Access app. 1. Assign users and groups to the app. 1. Configure Conditional Access policies. To configure a Global Secure Access app, you must have a connector group with at If you don't already have a connector set up, see [Configure connectors](how-to-configure-connectors.md). +> [!NOTE] +> If you've previously installed a connector, reinstall it to get the latest version. When upgrading, uninstall the existing connector and delete any related folders. +> +> The minimum version of connector required for Private Access is **1.5.3417.0**. ## Create a Global Secure Access application To create a new app, you provide a name, select a connector group, and then add application segments. App segments include the fully qualified domain names (FQDNs) and IP addresses you want to tunnel through the service. You can complete all three steps at the same time, or you can add them after the initial setup is complete. |
| global-secure-access | How To Configure Quick Access | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/global-secure-access/how-to-configure-quick-access.md | To configure Quick Access, you need to have a connector group with at least one To summarize, the overall process is as follows: -1. Create a connector group with at least one active App Proxy connector, if you don't already have one. +1. Create a connector group with at least one active App Proxy connector, if you don't already have one. If you already have a connector group, make sure you're on the latest version. 1. Configure Quick Access, which creates a new enterprise app. 1. Assign users and groups to the app. 1. Configure Conditional Access policies. To configure Quick Access, you must have a connector group with at least one act If you don't already have a connector group set up, see [Configure connectors for Quick Access](how-to-configure-connectors.md). +> [!NOTE] +> If you've previously installed a connector, reinstall it to get the latest version. When upgrading, uninstall the existing connector and delete any related folders. +> +> The minimum version of connector required for Private Access is **1.5.3417.0**. ++ ## Configure Quick Access On the Quick Access page, you provide a name for the Quick Access app, select a connector group, and add application segments, which include FQDNs and IP addresses. You can complete all three steps at the same time, or you can add the application segments after the initial setup is complete. |
| global-secure-access | How To Manage Private Access Profile | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/global-secure-access/how-to-manage-private-access-profile.md | Details of your Quick Access and enterprise apps for Private Access are displaye ## Linked Conditional Access policies -[Conditional Access policies](../active-directory/conditional-access/overview.md) are created and applied to the traffic forwarding profile in the Conditional Access area of Microsoft Entra ID. For example, you can create a policy that requires multifactor authentication to access private resources. +Conditional Access policies for Private Access are configured at the application level for each app. Conditional Access policies can be created and applied to the application from two places: -If you see "None" in the **Linked Conditional Access policies** section, there isn't a Conditional Access policy linked to the traffic forwarding profile. To create a Conditional Access policy, see [Universal Conditional Access through Global Secure Access](how-to-target-resource-microsoft-365-profile.md). +- Go to **Global Secure Access (preview)** > **Applications** > **Enterprise applications**. Select an application and then select **Conditional Access** from the side menu. +- Go to **Microsoft Entra ID** > **Protection** > **Conditional Access** > **Policies**. Select **+ Create new policy**. - +For more information, see [Apply Conditional Access policies to Private Access apps](how-to-target-resource-private-access-apps.md). ### Edit an existing Conditional Access policy |
| governance | Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/governance/management-groups/overview.md | policies, and compliance for those subscriptions. _Management groups_ provide a above subscriptions. You organize subscriptions into management groups; the governance conditions you apply cascade by inheritance to all associated subscriptions. -Management groups give you -enterprise-grade management at scale no matter what type of subscriptions you might have. -However, all subscriptions within a single management group must trust the same Azure Active Directory (Azure AD) -tenant. +Management groups give you enterprise-grade management at scale, no matter what type of subscriptions you might have. +However, all subscriptions within a single management group must trust the same Azure Active Directory (Azure AD) tenant. -For example, you can apply policies to a management group that limits the regions available for -virtual machine (VM) creation. This policy would be applied to all nested management groups, -subscriptions, and resources, and allow VM creation only in authorized regions. +For example, you can apply policies to a management group that limits the regions available for virtual machine (VM) creation. This policy would be applied to all nested management groups, subscriptions, and resources and allow VM creation only in authorized regions. ## Hierarchy of management groups and subscriptions into a hierarchy for unified policy and access management. The following diagram creating a hierarchy for governance using management groups. :::image type="complex" source="../media/mg-org.png" alt-text="Diagram of a sample management group hierarchy." border="false":::- Diagram of a root management group holding both management groups and subscriptions. Some child management groups hold management groups, some hold subscriptions, and some hold both. One of the examples in the sample hierarchy is four levels of management groups with the child level being all subscriptions. + Diagram of a root management group holding both management groups and subscriptions. Some child management groups hold management groups, some hold subscriptions, and some hold both. One of the examples in the sample hierarchy is four levels of management groups, with the child level being all subscriptions. :::image-end::: -You can create a hierarchy that applies a policy, for example, which limits VM locations to the -West US region in the management group called "Corp". This policy will inherit onto all the Enterprise -Agreement (EA) subscriptions that are descendants of that management group and will apply to all VMs -under those subscriptions. This security policy cannot be altered by the resource or subscription -owner allowing for improved governance. +You can create a hierarchy that applies a policy, for example, which limits VM locations to the West US region in the management group called "Corp". This policy will inherit all the Enterprise Agreement (EA) subscriptions that are descendants of that management group and will apply to all VMs under those subscriptions. This security policy cannot be altered by the resource or subscription +owner, allowing for improved governance. > [!NOTE] > Management groups aren't currently supported in Cost Management features for Microsoft Customer Agreement (MCA) subscriptions. fold up to it. This root management group allows for global policies and Azure r be applied at the directory level. The [Azure AD Global Administrator needs to elevate themselves](../../role-based-access-control/elevate-access-global-admin.md) to the User Access Administrator role of this root group initially. After elevating access, the administrator can-assign any Azure role to other directory users or groups to manage the hierarchy. As administrator, -you can assign your own account as owner of the root management group. +assign any Azure role to other directory users or groups to manage the hierarchy. As an administrator, +you can assign your account as the owner of the root management group. ### Important facts about the root management group you can assign your own account as owner of the root management group. [Change the name of a management group](manage.md#change-the-name-of-a-management-group) to update the name of a management group. - The root management group can't be moved or deleted, unlike other management groups.-- All subscriptions and management groups fold up to the one root management group within the+- All subscriptions and management groups fold up into one root management group within the directory. - All resources in the directory fold up to the root management group for global management. - New subscriptions are automatically defaulted to the root management group when created. Azure management groups support resource accesses and role definitions. These permissions are inherited to child resources that exist in the hierarchy. Any Azure role can be assigned to a management group that will inherit down the hierarchy to the resources. For example, the Azure role VM contributor can be assigned to a-management group. This role has no action on the management group, but will inherit to all VMs under +management group. This role has no action on the management group but will inherit to all VMs under that management group. The following chart shows the list of roles and the supported actions on management groups. |
| governance | Pciv3_2_1_2018_Audit Pci Dss 3 2 1 | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/governance/policy/samples/PCIv3_2_1_2018_audit.md pci-dss-3-2-1.md | - Title: Regulatory Compliance details for PCI v3.2.1:2018 PCI DSS 3.2.1 -description: Details of the PCI v3.2.1:2018 PCI DSS 3.2.1 Regulatory Compliance built-in initiative. Each control is mapped to one or more Azure Policy definitions that assist with assessment. Previously updated : 07/06/2023----# Details of the PCI v3.2.1:2018 PCI DSS 3.2.1 Regulatory Compliance built-in initiative --The following article details how the Azure Policy Regulatory Compliance built-in initiative -definition maps to **compliance domains** and **controls** in PCI v3.2.1:2018 PCI DSS 3.2.1. -For more information about this compliance standard, see -[PCI v3.2.1:2018 PCI DSS 3.2.1](https://www.commerce.uwo.ca/pdf/PCI_DSS_v3-2-1.pdf https://www.pcisecuritystandards.org/documents/PCI_DSS-QRG-v3_2_1.pdf). To understand -_Ownership_, see [Azure Policy policy definition](../concepts/definition-structure.md#type) and -[Shared responsibility in the cloud](../../../security/fundamentals/shared-responsibility.md). --The following mappings are to the **PCI v3.2.1:2018 PCI DSS 3.2.1** controls. Many of the controls -are implemented with an [Azure Policy](../overview.md) initiative definition. To review the complete -initiative definition, open **Policy** in the Azure portal and select the **Definitions** page. -Then, find and select the **PCI v3.2.1:2018** Regulatory Compliance built-in -initiative definition. --> [!IMPORTANT] -> Each control below is associated with one or more [Azure Policy](../overview.md) definitions. -> These policies may help you [assess compliance](../how-to/get-compliance-data.md) with the -> control; however, there often is not a one-to-one or complete match between a control and one or -> more policies. As such, **Compliant** in Azure Policy refers only to the policy definitions -> themselves; this doesn't ensure you're fully compliant with all requirements of a control. In -> addition, the compliance standard includes controls that aren't addressed by any Azure Policy -> definitions at this time. Therefore, compliance in Azure Policy is only a partial view of your -> overall compliance status. The associations between compliance domains, controls, and Azure Policy -> definitions for this compliance standard may change over time. To view the change history, see the -> [GitHub Commit History](https://github.com/Azure/azure-policy/commits/master/built-in-policies/policySetDefinitions/Regulatory%20Compliance/ Regulatory%20Compliance/PCIv3_2_1_2018_audit.json PCIv3_2_1_2018_audit.json). --## Requirement 1 --### PCI DSS requirement 1.3.2 --**ID**: PCI DSS v3.2.1 1.3.2 -**Ownership**: customer --|Name<br /><sub>(Azure portal)</sub> |Description |Effect(s) |Version<br /><sub>(GitHub)</sub> | -||||| -|[All network ports should be restricted on network security groups associated to your virtual machine](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F9daedab3-fb2d-461e-b861-71790eead4f6) |Azure Security Center has identified some of your network security groups' inbound rules to be too permissive. Inbound rules should not allow access from 'Any' or 'Internet' ranges. This can potentially enable attackers to target your resources. |AuditIfNotExists, Disabled |[3.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_UnprotectedEndpoints_Audit.json) | -|[Storage accounts should restrict network access](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F34c877ad-507e-4c82-993e-3452a6e0ad3c) |Network access to storage accounts should be restricted. Configure network rules so only applications from allowed networks can access the storage account. To allow connections from specific internet or on-premises clients, access can be granted to traffic from specific Azure virtual networks or to public internet IP address ranges |Audit, Deny, Disabled |[1.1.1](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Storage/Storage_NetworkAcls_Audit.json) | --### PCI DSS requirement 1.3.4 --**ID**: PCI DSS v3.2.1 1.3.4 -**Ownership**: customer --|Name<br /><sub>(Azure portal)</sub> |Description |Effect(s) |Version<br /><sub>(GitHub)</sub> | -||||| -|[All network ports should be restricted on network security groups associated to your virtual machine](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F9daedab3-fb2d-461e-b861-71790eead4f6) |Azure Security Center has identified some of your network security groups' inbound rules to be too permissive. Inbound rules should not allow access from 'Any' or 'Internet' ranges. This can potentially enable attackers to target your resources. |AuditIfNotExists, Disabled |[3.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_UnprotectedEndpoints_Audit.json) | -|[Storage accounts should restrict network access](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F34c877ad-507e-4c82-993e-3452a6e0ad3c) |Network access to storage accounts should be restricted. Configure network rules so only applications from allowed networks can access the storage account. To allow connections from specific internet or on-premises clients, access can be granted to traffic from specific Azure virtual networks or to public internet IP address ranges |Audit, Deny, Disabled |[1.1.1](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Storage/Storage_NetworkAcls_Audit.json) | --### PCI DSS requirement 1.3.4 --**ID**: PCI DSS v3.2.1 1.3.4 -**Ownership**: customer --|Name<br /><sub>(Azure portal)</sub> |Description |Effect(s) |Version<br /><sub>(GitHub)</sub> | -||||| -|[Audit diagnostic setting for selected resource types](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F7f89b1eb-583c-429a-8828-af049802c1d9) |Audit diagnostic setting for selected resource types. Be sure to select only resource types which support diagnostics settings. |AuditIfNotExists |[2.0.1](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/DiagnosticSettingsForTypes_Audit.json) | -|[Auditing on SQL server should be enabled](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2Fa6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9) |Auditing on your SQL Server should be enabled to track database activities across all databases on the server and save them in an audit log. |AuditIfNotExists, Disabled |[2.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlServerAuditing_Audit.json) | -|[Storage accounts should be migrated to new Azure Resource Manager resources](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F37e0d2fe-28a5-43d6-a273-67d37d1f5606) |Use new Azure Resource Manager for your storage accounts to provide security enhancements such as: stronger access control (RBAC), better auditing, Azure Resource Manager based deployment and governance, access to managed identities, access to key vault for secrets, Azure AD-based authentication and support for tags and resource groups for easier security management |Audit, Deny, Disabled |[1.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Storage/Classic_AuditForClassicStorages_Audit.json) | -|[Virtual machines should be migrated to new Azure Resource Manager resources](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F1d84d5fb-01f6-4d12-ba4f-4a26081d403d) |Use new Azure Resource Manager for your virtual machines to provide security enhancements such as: stronger access control (RBAC), better auditing, Azure Resource Manager based deployment and governance, access to managed identities, access to key vault for secrets, Azure AD-based authentication and support for tags and resource groups for easier security management |Audit, Deny, Disabled |[1.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Compute/ClassicCompute_Audit.json) | --## Requirement 10 --### PCI DSS requirement 10.5.4 --**ID**: PCI DSS v3.2.1 10.5.4 -**Ownership**: shared --|Name<br /><sub>(Azure portal)</sub> |Description |Effect(s) |Version<br /><sub>(GitHub)</sub> | -||||| -|[Audit diagnostic setting for selected resource types](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F7f89b1eb-583c-429a-8828-af049802c1d9) |Audit diagnostic setting for selected resource types. Be sure to select only resource types which support diagnostics settings. |AuditIfNotExists |[2.0.1](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/DiagnosticSettingsForTypes_Audit.json) | -|[Auditing on SQL server should be enabled](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2Fa6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9) |Auditing on your SQL Server should be enabled to track database activities across all databases on the server and save them in an audit log. |AuditIfNotExists, Disabled |[2.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlServerAuditing_Audit.json) | -|[Storage accounts should be migrated to new Azure Resource Manager resources](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F37e0d2fe-28a5-43d6-a273-67d37d1f5606) |Use new Azure Resource Manager for your storage accounts to provide security enhancements such as: stronger access control (RBAC), better auditing, Azure Resource Manager based deployment and governance, access to managed identities, access to key vault for secrets, Azure AD-based authentication and support for tags and resource groups for easier security management |Audit, Deny, Disabled |[1.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Storage/Classic_AuditForClassicStorages_Audit.json) | -|[Virtual machines should be migrated to new Azure Resource Manager resources](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F1d84d5fb-01f6-4d12-ba4f-4a26081d403d) |Use new Azure Resource Manager for your virtual machines to provide security enhancements such as: stronger access control (RBAC), better auditing, Azure Resource Manager based deployment and governance, access to managed identities, access to key vault for secrets, Azure AD-based authentication and support for tags and resource groups for easier security management |Audit, Deny, Disabled |[1.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Compute/ClassicCompute_Audit.json) | --## Requirement 11 --### PCI DSS requirement 11.2.1 --**ID**: PCI DSS v3.2.1 11.2.1 -**Ownership**: shared --|Name<br /><sub>(Azure portal)</sub> |Description |Effect(s) |Version<br /><sub>(GitHub)</sub> | -||||| -|[A vulnerability assessment solution should be enabled on your virtual machines](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F501541f7-f7e7-4cd6-868c-4190fdad3ac9) |Audits virtual machines to detect whether they are running a supported vulnerability assessment solution. A core component of every cyber risk and security program is the identification and analysis of vulnerabilities. Azure Security Center's standard pricing tier includes vulnerability scanning for your virtual machines at no extra cost. Additionally, Security Center can automatically deploy this tool for you. |AuditIfNotExists, Disabled |[3.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_ServerVulnerabilityAssessment_Audit.json) | -|[Monitor missing Endpoint Protection in Azure Security Center](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2Faf6cd1bd-1635-48cb-bde7-5b15693900b9) |Servers without an installed Endpoint Protection agent will be monitored by Azure Security Center as recommendations |AuditIfNotExists, Disabled |[3.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_MissingEndpointProtection_Audit.json) | -|[SQL databases should have vulnerability findings resolved](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2Ffeedbf84-6b99-488c-acc2-71c829aa5ffc) |Monitor vulnerability assessment scan results and recommendations for how to remediate database vulnerabilities. |AuditIfNotExists, Disabled |[4.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_SQLDbVulnerabilities_Audit.json) | -|[System updates should be installed on your machines](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F86b3d65f-7626-441e-b690-81a8b71cff60) |Missing security system updates on your servers will be monitored by Azure Security Center as recommendations |AuditIfNotExists, Disabled |[4.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_MissingSystemUpdates_Audit.json) | -|[Vulnerabilities in security configuration on your machines should be remediated](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2Fe1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15) |Servers which do not satisfy the configured baseline will be monitored by Azure Security Center as recommendations |AuditIfNotExists, Disabled |[3.1.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_OSVulnerabilities_Audit.json) | --## Requirement 3 --### PCI DSS requirement 3.2 --**ID**: PCI DSS v3.2.1 3.2 -**Ownership**: customer --|Name<br /><sub>(Azure portal)</sub> |Description |Effect(s) |Version<br /><sub>(GitHub)</sub> | -||||| -|[Accounts with owner permissions on Azure resources should be MFA enabled](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2Fe3e008c3-56b9-4133-8fd7-d3347377402a) |Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with owner permissions to prevent a breach of accounts or resources. |AuditIfNotExists, Disabled |[1.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableMFAForAccountsWithOwnerPermissions_Audit.json) | -|[Accounts with write permissions on Azure resources should be MFA enabled](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F931e118d-50a1-4457-a5e4-78550e086c52) |Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with write privileges to prevent a breach of accounts or resources. |AuditIfNotExists, Disabled |[1.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableMFAForAccountsWithWritePermissions_Audit.json) | -|[An Azure Active Directory administrator should be provisioned for SQL servers](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F1f314764-cb73-4fc9-b863-8eca98ac36e9) |Audit provisioning of an Azure Active Directory administrator for your SQL server to enable Azure AD authentication. Azure AD authentication enables simplified permission management and centralized identity management of database users and other Microsoft services |AuditIfNotExists, Disabled |[1.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SQL_DB_AuditServerADAdmins_Audit.json) | -|[Audit usage of custom RBAC roles](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2Fa451c1ef-c6ca-483d-87ed-f49761e3ffb5) |Audit built-in roles such as 'Owner, Contributer, Reader' instead of custom RBAC roles, which are error prone. Using custom roles is treated as an exception and requires a rigorous review and threat modeling |Audit, Disabled |[1.0.1](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/General/Subscription_AuditCustomRBACRoles_Audit.json) | -|[Guest accounts with owner permissions on Azure resources should be removed](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F339353f6-2387-4a45-abe4-7f529d121046) |External accounts with owner permissions should be removed from your subscription in order to prevent unmonitored access. |AuditIfNotExists, Disabled |[1.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveGuestAccountsWithOwnerPermissions_Audit.json) | -|[Guest accounts with read permissions on Azure resources should be removed](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2Fe9ac8f8e-ce22-4355-8f04-99b911d6be52) |External accounts with read privileges should be removed from your subscription in order to prevent unmonitored access. |AuditIfNotExists, Disabled |[1.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveGuestAccountsWithReadPermissions_Audit.json) | -|[Guest accounts with write permissions on Azure resources should be removed](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F94e1c2ac-cbbe-4cac-a2b5-389c812dee87) |External accounts with write privileges should be removed from your subscription in order to prevent unmonitored access. |AuditIfNotExists, Disabled |[1.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveGuestAccountsWithWritePermissions_Audit.json) | --### PCI DSS requirement 3.4 --**ID**: PCI DSS v3.2.1 3.4 -**Ownership**: customer --|Name<br /><sub>(Azure portal)</sub> |Description |Effect(s) |Version<br /><sub>(GitHub)</sub> | -||||| -|[App Service apps should only be accessible over HTTPS](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2Fa4af4a39-4135-47fb-b175-47fbdf85311d) |Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. |Audit, Disabled, Deny |[4.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppServiceWebapp_AuditHTTP_Audit.json) | -|[Automation account variables should be encrypted](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F3657f5a0-770e-44a3-b44e-9431ba1e9735) |It is important to enable encryption of Automation account variable assets when storing sensitive data |Audit, Deny, Disabled |[1.1.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Automation/Automation_AuditUnencryptedVars_Audit.json) | -|[Function apps should only be accessible over HTTPS](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab) |Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. |Audit, Disabled, Deny |[5.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppServiceFunctionApp_AuditHTTP_Audit.json) | -|[Only secure connections to your Azure Cache for Redis should be enabled](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F22bee202-a82f-4305-9a2a-6d7f44d4dedb) |Audit enabling of only connections via SSL to Azure Cache for Redis. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking |Audit, Deny, Disabled |[1.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Cache/RedisCache_AuditSSLPort_Audit.json) | -|[Secure transfer to storage accounts should be enabled](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F404c3081-a854-4457-ae30-26a93ef643f9) |Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking |Audit, Deny, Disabled |[2.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Storage/Storage_AuditForHTTPSEnabled_Audit.json) | -|[Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F617c02be-7f02-4efd-8836-3180d47b6c68) |Service Fabric provides three levels of protection (None, Sign and EncryptAndSign) for node-to-node communication using a primary cluster certificate. Set the protection level to ensure that all node-to-node messages are encrypted and digitally signed |Audit, Deny, Disabled |[1.1.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Service%20Fabric/ServiceFabric_AuditClusterProtectionLevel_Audit.json) | -|[Transparent Data Encryption on SQL databases should be enabled](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F17k78e20-9358-41c9-923c-fb736d382a12) |Transparent data encryption should be enabled to protect data-at-rest and meet compliance requirements |AuditIfNotExists, Disabled |[2.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlDBEncryption_Audit.json) | -|[Virtual machines should encrypt temp disks, caches, and data flows between Compute and Storage resources](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F0961003e-5a0a-4549-abde-af6a37f2724d) |By default, a virtual machine's OS and data disks are encrypted-at-rest using platform-managed keys. Temp disks, data caches and data flowing between compute and storage aren't encrypted. Disregard this recommendation if: 1. using encryption-at-host, or 2. server-side encryption on Managed Disks meets your security requirements. Learn more in: Server-side encryption of Azure Disk Storage: [https://aka.ms/disksse,](https://aka.ms/disksse,) Different disk encryption offerings: [https://aka.ms/diskencryptioncomparison](https://aka.ms/diskencryptioncomparison) |AuditIfNotExists, Disabled |[2.0.3](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_UnencryptedVMDisks_Audit.json) | --## Requirement 4 --### PCI DSS requirement 4.1 --**ID**: PCI DSS v3.2.1 4.1 -**Ownership**: customer --|Name<br /><sub>(Azure portal)</sub> |Description |Effect(s) |Version<br /><sub>(GitHub)</sub> | -||||| -|[App Service apps should only be accessible over HTTPS](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2Fa4af4a39-4135-47fb-b175-47fbdf85311d) |Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. |Audit, Disabled, Deny |[4.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppServiceWebapp_AuditHTTP_Audit.json) | -|[Automation account variables should be encrypted](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F3657f5a0-770e-44a3-b44e-9431ba1e9735) |It is important to enable encryption of Automation account variable assets when storing sensitive data |Audit, Deny, Disabled |[1.1.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Automation/Automation_AuditUnencryptedVars_Audit.json) | -|[Function apps should only be accessible over HTTPS](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab) |Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. |Audit, Disabled, Deny |[5.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppServiceFunctionApp_AuditHTTP_Audit.json) | -|[Only secure connections to your Azure Cache for Redis should be enabled](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F22bee202-a82f-4305-9a2a-6d7f44d4dedb) |Audit enabling of only connections via SSL to Azure Cache for Redis. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking |Audit, Deny, Disabled |[1.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Cache/RedisCache_AuditSSLPort_Audit.json) | -|[Secure transfer to storage accounts should be enabled](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F404c3081-a854-4457-ae30-26a93ef643f9) |Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking |Audit, Deny, Disabled |[2.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Storage/Storage_AuditForHTTPSEnabled_Audit.json) | -|[Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F617c02be-7f02-4efd-8836-3180d47b6c68) |Service Fabric provides three levels of protection (None, Sign and EncryptAndSign) for node-to-node communication using a primary cluster certificate. Set the protection level to ensure that all node-to-node messages are encrypted and digitally signed |Audit, Deny, Disabled |[1.1.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Service%20Fabric/ServiceFabric_AuditClusterProtectionLevel_Audit.json) | -|[Transparent Data Encryption on SQL databases should be enabled](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F17k78e20-9358-41c9-923c-fb736d382a12) |Transparent data encryption should be enabled to protect data-at-rest and meet compliance requirements |AuditIfNotExists, Disabled |[2.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlDBEncryption_Audit.json) | -|[Virtual machines should encrypt temp disks, caches, and data flows between Compute and Storage resources](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F0961003e-5a0a-4549-abde-af6a37f2724d) |By default, a virtual machine's OS and data disks are encrypted-at-rest using platform-managed keys. Temp disks, data caches and data flowing between compute and storage aren't encrypted. Disregard this recommendation if: 1. using encryption-at-host, or 2. server-side encryption on Managed Disks meets your security requirements. Learn more in: Server-side encryption of Azure Disk Storage: [https://aka.ms/disksse,](https://aka.ms/disksse,) Different disk encryption offerings: [https://aka.ms/diskencryptioncomparison](https://aka.ms/diskencryptioncomparison) |AuditIfNotExists, Disabled |[2.0.3](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_UnencryptedVMDisks_Audit.json) | --## Requirement 5 --### PCI DSS requirement 5.1 --**ID**: PCI DSS v3.2.1 5.1 -**Ownership**: shared --|Name<br /><sub>(Azure portal)</sub> |Description |Effect(s) |Version<br /><sub>(GitHub)</sub> | -||||| -|[A vulnerability assessment solution should be enabled on your virtual machines](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F501541f7-f7e7-4cd6-868c-4190fdad3ac9) |Audits virtual machines to detect whether they are running a supported vulnerability assessment solution. A core component of every cyber risk and security program is the identification and analysis of vulnerabilities. Azure Security Center's standard pricing tier includes vulnerability scanning for your virtual machines at no extra cost. Additionally, Security Center can automatically deploy this tool for you. |AuditIfNotExists, Disabled |[3.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_ServerVulnerabilityAssessment_Audit.json) | -|[Monitor missing Endpoint Protection in Azure Security Center](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2Faf6cd1bd-1635-48cb-bde7-5b15693900b9) |Servers without an installed Endpoint Protection agent will be monitored by Azure Security Center as recommendations |AuditIfNotExists, Disabled |[3.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_MissingEndpointProtection_Audit.json) | -|[SQL databases should have vulnerability findings resolved](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2Ffeedbf84-6b99-488c-acc2-71c829aa5ffc) |Monitor vulnerability assessment scan results and recommendations for how to remediate database vulnerabilities. |AuditIfNotExists, Disabled |[4.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_SQLDbVulnerabilities_Audit.json) | -|[System updates should be installed on your machines](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F86b3d65f-7626-441e-b690-81a8b71cff60) |Missing security system updates on your servers will be monitored by Azure Security Center as recommendations |AuditIfNotExists, Disabled |[4.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_MissingSystemUpdates_Audit.json) | -|[Vulnerabilities in security configuration on your machines should be remediated](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2Fe1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15) |Servers which do not satisfy the configured baseline will be monitored by Azure Security Center as recommendations |AuditIfNotExists, Disabled |[3.1.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_OSVulnerabilities_Audit.json) | --## Requirement 6 --### PCI DSS requirement 6.2 --**ID**: PCI DSS v3.2.1 6.2 -**Ownership**: shared --|Name<br /><sub>(Azure portal)</sub> |Description |Effect(s) |Version<br /><sub>(GitHub)</sub> | -||||| -|[A vulnerability assessment solution should be enabled on your virtual machines](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F501541f7-f7e7-4cd6-868c-4190fdad3ac9) |Audits virtual machines to detect whether they are running a supported vulnerability assessment solution. A core component of every cyber risk and security program is the identification and analysis of vulnerabilities. Azure Security Center's standard pricing tier includes vulnerability scanning for your virtual machines at no extra cost. Additionally, Security Center can automatically deploy this tool for you. |AuditIfNotExists, Disabled |[3.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_ServerVulnerabilityAssessment_Audit.json) | -|[Monitor missing Endpoint Protection in Azure Security Center](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2Faf6cd1bd-1635-48cb-bde7-5b15693900b9) |Servers without an installed Endpoint Protection agent will be monitored by Azure Security Center as recommendations |AuditIfNotExists, Disabled |[3.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_MissingEndpointProtection_Audit.json) | -|[SQL databases should have vulnerability findings resolved](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2Ffeedbf84-6b99-488c-acc2-71c829aa5ffc) |Monitor vulnerability assessment scan results and recommendations for how to remediate database vulnerabilities. |AuditIfNotExists, Disabled |[4.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_SQLDbVulnerabilities_Audit.json) | -|[System updates should be installed on your machines](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F86b3d65f-7626-441e-b690-81a8b71cff60) |Missing security system updates on your servers will be monitored by Azure Security Center as recommendations |AuditIfNotExists, Disabled |[4.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_MissingSystemUpdates_Audit.json) | -|[Vulnerabilities in security configuration on your machines should be remediated](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2Fe1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15) |Servers which do not satisfy the configured baseline will be monitored by Azure Security Center as recommendations |AuditIfNotExists, Disabled |[3.1.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_OSVulnerabilities_Audit.json) | --### PCI DSS requirement 6.5.3 --**ID**: PCI DSS v3.2.1 6.5.3 -**Ownership**: shared --|Name<br /><sub>(Azure portal)</sub> |Description |Effect(s) |Version<br /><sub>(GitHub)</sub> | -||||| -|[App Service apps should only be accessible over HTTPS](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2Fa4af4a39-4135-47fb-b175-47fbdf85311d) |Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. |Audit, Disabled, Deny |[4.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppServiceWebapp_AuditHTTP_Audit.json) | -|[Automation account variables should be encrypted](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F3657f5a0-770e-44a3-b44e-9431ba1e9735) |It is important to enable encryption of Automation account variable assets when storing sensitive data |Audit, Deny, Disabled |[1.1.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Automation/Automation_AuditUnencryptedVars_Audit.json) | -|[Function apps should only be accessible over HTTPS](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab) |Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. |Audit, Disabled, Deny |[5.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppServiceFunctionApp_AuditHTTP_Audit.json) | -|[Only secure connections to your Azure Cache for Redis should be enabled](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F22bee202-a82f-4305-9a2a-6d7f44d4dedb) |Audit enabling of only connections via SSL to Azure Cache for Redis. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking |Audit, Deny, Disabled |[1.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Cache/RedisCache_AuditSSLPort_Audit.json) | -|[Secure transfer to storage accounts should be enabled](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F404c3081-a854-4457-ae30-26a93ef643f9) |Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking |Audit, Deny, Disabled |[2.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Storage/Storage_AuditForHTTPSEnabled_Audit.json) | -|[Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F617c02be-7f02-4efd-8836-3180d47b6c68) |Service Fabric provides three levels of protection (None, Sign and EncryptAndSign) for node-to-node communication using a primary cluster certificate. Set the protection level to ensure that all node-to-node messages are encrypted and digitally signed |Audit, Deny, Disabled |[1.1.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Service%20Fabric/ServiceFabric_AuditClusterProtectionLevel_Audit.json) | -|[Transparent Data Encryption on SQL databases should be enabled](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F17k78e20-9358-41c9-923c-fb736d382a12) |Transparent data encryption should be enabled to protect data-at-rest and meet compliance requirements |AuditIfNotExists, Disabled |[2.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlDBEncryption_Audit.json) | -|[Virtual machines should encrypt temp disks, caches, and data flows between Compute and Storage resources](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F0961003e-5a0a-4549-abde-af6a37f2724d) |By default, a virtual machine's OS and data disks are encrypted-at-rest using platform-managed keys. Temp disks, data caches and data flowing between compute and storage aren't encrypted. Disregard this recommendation if: 1. using encryption-at-host, or 2. server-side encryption on Managed Disks meets your security requirements. Learn more in: Server-side encryption of Azure Disk Storage: [https://aka.ms/disksse,](https://aka.ms/disksse,) Different disk encryption offerings: [https://aka.ms/diskencryptioncomparison](https://aka.ms/diskencryptioncomparison) |AuditIfNotExists, Disabled |[2.0.3](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_UnencryptedVMDisks_Audit.json) | --### PCI DSS requirement 6.6 --**ID**: PCI DSS v3.2.1 6.6 -**Ownership**: shared --|Name<br /><sub>(Azure portal)</sub> |Description |Effect(s) |Version<br /><sub>(GitHub)</sub> | -||||| -|[A vulnerability assessment solution should be enabled on your virtual machines](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F501541f7-f7e7-4cd6-868c-4190fdad3ac9) |Audits virtual machines to detect whether they are running a supported vulnerability assessment solution. A core component of every cyber risk and security program is the identification and analysis of vulnerabilities. Azure Security Center's standard pricing tier includes vulnerability scanning for your virtual machines at no extra cost. Additionally, Security Center can automatically deploy this tool for you. |AuditIfNotExists, Disabled |[3.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_ServerVulnerabilityAssessment_Audit.json) | -|[Monitor missing Endpoint Protection in Azure Security Center](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2Faf6cd1bd-1635-48cb-bde7-5b15693900b9) |Servers without an installed Endpoint Protection agent will be monitored by Azure Security Center as recommendations |AuditIfNotExists, Disabled |[3.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_MissingEndpointProtection_Audit.json) | -|[SQL databases should have vulnerability findings resolved](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2Ffeedbf84-6b99-488c-acc2-71c829aa5ffc) |Monitor vulnerability assessment scan results and recommendations for how to remediate database vulnerabilities. |AuditIfNotExists, Disabled |[4.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_SQLDbVulnerabilities_Audit.json) | -|[System updates should be installed on your machines](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F86b3d65f-7626-441e-b690-81a8b71cff60) |Missing security system updates on your servers will be monitored by Azure Security Center as recommendations |AuditIfNotExists, Disabled |[4.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_MissingSystemUpdates_Audit.json) | -|[Vulnerabilities in security configuration on your machines should be remediated](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2Fe1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15) |Servers which do not satisfy the configured baseline will be monitored by Azure Security Center as recommendations |AuditIfNotExists, Disabled |[3.1.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_OSVulnerabilities_Audit.json) | --## Requirement 7 --### PCI DSS requirement 7.1.1 --**ID**: PCI DSS v3.2.1 7.1.1 -**Ownership**: customer --|Name<br /><sub>(Azure portal)</sub> |Description |Effect(s) |Version<br /><sub>(GitHub)</sub> | -||||| -|[A maximum of 3 owners should be designated for your subscription](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F4f11b553-d42e-4e3a-89be-32ca364cad4c) |It is recommended to designate up to 3 subscription owners in order to reduce the potential for breach by a compromised owner. |AuditIfNotExists, Disabled |[3.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_DesignateLessThanXOwners_Audit.json) | -|[There should be more than one owner assigned to your subscription](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F09024ccc-0c5f-475e-9457-b7c0d9ed487b) |It is recommended to designate more than one subscription owner in order to have administrator access redundancy. |AuditIfNotExists, Disabled |[3.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_DesignateMoreThanOneOwner_Audit.json) | --### PCI DSS requirement 7.1.2 --**ID**: PCI DSS v3.2.1 7.1.2 -**Ownership**: shared --|Name<br /><sub>(Azure portal)</sub> |Description |Effect(s) |Version<br /><sub>(GitHub)</sub> | -||||| -|[A maximum of 3 owners should be designated for your subscription](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F4f11b553-d42e-4e3a-89be-32ca364cad4c) |It is recommended to designate up to 3 subscription owners in order to reduce the potential for breach by a compromised owner. |AuditIfNotExists, Disabled |[3.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_DesignateLessThanXOwners_Audit.json) | -|[There should be more than one owner assigned to your subscription](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F09024ccc-0c5f-475e-9457-b7c0d9ed487b) |It is recommended to designate more than one subscription owner in order to have administrator access redundancy. |AuditIfNotExists, Disabled |[3.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_DesignateMoreThanOneOwner_Audit.json) | --### PCI DSS requirement 7.1.3 --**ID**: PCI DSS v3.2.1 7.1.3 -**Ownership**: customer --|Name<br /><sub>(Azure portal)</sub> |Description |Effect(s) |Version<br /><sub>(GitHub)</sub> | -||||| -|[A maximum of 3 owners should be designated for your subscription](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F4f11b553-d42e-4e3a-89be-32ca364cad4c) |It is recommended to designate up to 3 subscription owners in order to reduce the potential for breach by a compromised owner. |AuditIfNotExists, Disabled |[3.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_DesignateLessThanXOwners_Audit.json) | -|[There should be more than one owner assigned to your subscription](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F09024ccc-0c5f-475e-9457-b7c0d9ed487b) |It is recommended to designate more than one subscription owner in order to have administrator access redundancy. |AuditIfNotExists, Disabled |[3.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_DesignateMoreThanOneOwner_Audit.json) | --### PCI DSS requirement 7.2.1 --**ID**: PCI DSS v3.2.1 7.2.1 -**Ownership**: customer --|Name<br /><sub>(Azure portal)</sub> |Description |Effect(s) |Version<br /><sub>(GitHub)</sub> | -||||| -|[Accounts with owner permissions on Azure resources should be MFA enabled](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2Fe3e008c3-56b9-4133-8fd7-d3347377402a) |Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with owner permissions to prevent a breach of accounts or resources. |AuditIfNotExists, Disabled |[1.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableMFAForAccountsWithOwnerPermissions_Audit.json) | -|[Accounts with write permissions on Azure resources should be MFA enabled](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F931e118d-50a1-4457-a5e4-78550e086c52) |Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with write privileges to prevent a breach of accounts or resources. |AuditIfNotExists, Disabled |[1.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableMFAForAccountsWithWritePermissions_Audit.json) | -|[An Azure Active Directory administrator should be provisioned for SQL servers](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F1f314764-cb73-4fc9-b863-8eca98ac36e9) |Audit provisioning of an Azure Active Directory administrator for your SQL server to enable Azure AD authentication. Azure AD authentication enables simplified permission management and centralized identity management of database users and other Microsoft services |AuditIfNotExists, Disabled |[1.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SQL_DB_AuditServerADAdmins_Audit.json) | -|[Audit usage of custom RBAC roles](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2Fa451c1ef-c6ca-483d-87ed-f49761e3ffb5) |Audit built-in roles such as 'Owner, Contributer, Reader' instead of custom RBAC roles, which are error prone. Using custom roles is treated as an exception and requires a rigorous review and threat modeling |Audit, Disabled |[1.0.1](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/General/Subscription_AuditCustomRBACRoles_Audit.json) | -|[Guest accounts with owner permissions on Azure resources should be removed](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F339353f6-2387-4a45-abe4-7f529d121046) |External accounts with owner permissions should be removed from your subscription in order to prevent unmonitored access. |AuditIfNotExists, Disabled |[1.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveGuestAccountsWithOwnerPermissions_Audit.json) | -|[Guest accounts with read permissions on Azure resources should be removed](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2Fe9ac8f8e-ce22-4355-8f04-99b911d6be52) |External accounts with read privileges should be removed from your subscription in order to prevent unmonitored access. |AuditIfNotExists, Disabled |[1.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveGuestAccountsWithReadPermissions_Audit.json) | -|[Guest accounts with write permissions on Azure resources should be removed](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F94e1c2ac-cbbe-4cac-a2b5-389c812dee87) |External accounts with write privileges should be removed from your subscription in order to prevent unmonitored access. |AuditIfNotExists, Disabled |[1.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveGuestAccountsWithWritePermissions_Audit.json) | --## Requirement 8 --### PCI DSS requirement 8.1.2 --**ID**: PCI DSS v3.2.1 8.1.2 -**Ownership**: customer --|Name<br /><sub>(Azure portal)</sub> |Description |Effect(s) |Version<br /><sub>(GitHub)</sub> | -||||| -|[Blocked accounts with owner permissions on Azure resources should be removed](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F0cfea604-3201-4e14-88fc-fae4c427a6c5) |Deprecated accounts with owner permissions should be removed from your subscription. Deprecated accounts are accounts that have been blocked from signing in. |AuditIfNotExists, Disabled |[1.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveBlockedAccountsWithOwnerPermissions_Audit.json) | -|[Blocked accounts with read and write permissions on Azure resources should be removed](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F8d7e1fde-fe26-4b5f-8108-f8e432cbc2be) |Deprecated accounts should be removed from your subscriptions. Deprecated accounts are accounts that have been blocked from signing in. |AuditIfNotExists, Disabled |[1.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveBlockedAccountsWithReadWritePermissions_Audit.json) | -|[Guest accounts with owner permissions on Azure resources should be removed](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F339353f6-2387-4a45-abe4-7f529d121046) |External accounts with owner permissions should be removed from your subscription in order to prevent unmonitored access. |AuditIfNotExists, Disabled |[1.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveGuestAccountsWithOwnerPermissions_Audit.json) | -|[Guest accounts with read permissions on Azure resources should be removed](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2Fe9ac8f8e-ce22-4355-8f04-99b911d6be52) |External accounts with read privileges should be removed from your subscription in order to prevent unmonitored access. |AuditIfNotExists, Disabled |[1.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveGuestAccountsWithReadPermissions_Audit.json) | -|[Guest accounts with write permissions on Azure resources should be removed](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F94e1c2ac-cbbe-4cac-a2b5-389c812dee87) |External accounts with write privileges should be removed from your subscription in order to prevent unmonitored access. |AuditIfNotExists, Disabled |[1.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveGuestAccountsWithWritePermissions_Audit.json) | --### PCI DSS requirement 8.1.3 --**ID**: PCI DSS v3.2.1 8.1.3 -**Ownership**: customer --|Name<br /><sub>(Azure portal)</sub> |Description |Effect(s) |Version<br /><sub>(GitHub)</sub> | -||||| -|[Blocked accounts with owner permissions on Azure resources should be removed](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F0cfea604-3201-4e14-88fc-fae4c427a6c5) |Deprecated accounts with owner permissions should be removed from your subscription. Deprecated accounts are accounts that have been blocked from signing in. |AuditIfNotExists, Disabled |[1.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveBlockedAccountsWithOwnerPermissions_Audit.json) | -|[Blocked accounts with read and write permissions on Azure resources should be removed](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F8d7e1fde-fe26-4b5f-8108-f8e432cbc2be) |Deprecated accounts should be removed from your subscriptions. Deprecated accounts are accounts that have been blocked from signing in. |AuditIfNotExists, Disabled |[1.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveBlockedAccountsWithReadWritePermissions_Audit.json) | --### PCI DSS requirement 8.1.5 --**ID**: PCI DSS v3.2.1 8.1.5 -**Ownership**: shared --|Name<br /><sub>(Azure portal)</sub> |Description |Effect(s) |Version<br /><sub>(GitHub)</sub> | -||||| -|[Blocked accounts with owner permissions on Azure resources should be removed](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F0cfea604-3201-4e14-88fc-fae4c427a6c5) |Deprecated accounts with owner permissions should be removed from your subscription. Deprecated accounts are accounts that have been blocked from signing in. |AuditIfNotExists, Disabled |[1.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveBlockedAccountsWithOwnerPermissions_Audit.json) | -|[Blocked accounts with read and write permissions on Azure resources should be removed](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F8d7e1fde-fe26-4b5f-8108-f8e432cbc2be) |Deprecated accounts should be removed from your subscriptions. Deprecated accounts are accounts that have been blocked from signing in. |AuditIfNotExists, Disabled |[1.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveBlockedAccountsWithReadWritePermissions_Audit.json) | -|[Guest accounts with owner permissions on Azure resources should be removed](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F339353f6-2387-4a45-abe4-7f529d121046) |External accounts with owner permissions should be removed from your subscription in order to prevent unmonitored access. |AuditIfNotExists, Disabled |[1.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveGuestAccountsWithOwnerPermissions_Audit.json) | -|[Guest accounts with read permissions on Azure resources should be removed](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2Fe9ac8f8e-ce22-4355-8f04-99b911d6be52) |External accounts with read privileges should be removed from your subscription in order to prevent unmonitored access. |AuditIfNotExists, Disabled |[1.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveGuestAccountsWithReadPermissions_Audit.json) | -|[Guest accounts with write permissions on Azure resources should be removed](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F94e1c2ac-cbbe-4cac-a2b5-389c812dee87) |External accounts with write privileges should be removed from your subscription in order to prevent unmonitored access. |AuditIfNotExists, Disabled |[1.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveGuestAccountsWithWritePermissions_Audit.json) | --### PCI DSS requirement 8.2.3 --**ID**: PCI DSS v3.2.1 8.2.3 -**Ownership**: customer --|Name<br /><sub>(Azure portal)</sub> |Description |Effect(s) |Version<br /><sub>(GitHub)</sub> | -||||| -|[Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F3cf2ab00-13f1-4d0c-8971-2ac904541a7e) |This policy adds a system-assigned managed identity to virtual machines hosted in Azure that are supported by Guest Configuration but do not have any managed identities. A system-assigned managed identity is a prerequisite for all Guest Configuration assignments and must be added to machines before using any Guest Configuration policy definitions. For more information on Guest Configuration, visit [https://aka.ms/gcpol](https://aka.ms/gcpol). |modify |[4.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_AddSystemIdentityWhenNone_Prerequisite.json) | -|[Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F497dff13-db2a-4c0f-8603-28fa3b331ab6) |This policy adds a system-assigned managed identity to virtual machines hosted in Azure that are supported by Guest Configuration and have at least one user-assigned identity but do not have a system-assigned managed identity. A system-assigned managed identity is a prerequisite for all Guest Configuration assignments and must be added to machines before using any Guest Configuration policy definitions. For more information on Guest Configuration, visit [https://aka.ms/gcpol](https://aka.ms/gcpol). |modify |[4.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_AddSystemIdentityWhenUser_Prerequisite.json) | -|[Audit Windows machines that allow re-use of the passwords after the specified number of unique passwords](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F5b054a0d-39e2-4d53-bea3-9734cad2c69b) |Requires that prerequisites are deployed to the policy assignment scope. For details, visit [https://aka.ms/gcpol](https://aka.ms/gcpol). Machines are non-compliant if Windows machines that allow re-use of the passwords after the specified number of unique passwords. Default value for unique passwords is 24 |AuditIfNotExists, Disabled |[2.1.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsPasswordEnforce_AINE.json) | -|[Audit Windows machines that do not have the maximum password age set to specified number of days](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F4ceb8dc2-559c-478b-a15b-733fbf1e3738) |Requires that prerequisites are deployed to the policy assignment scope. For details, visit [https://aka.ms/gcpol](https://aka.ms/gcpol). Machines are non-compliant if Windows machines that do not have the maximum password age set to specified number of days. Default value for maximum password age is 70 days |AuditIfNotExists, Disabled |[2.1.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsMaximumPassword_AINE.json) | -|[Audit Windows machines that do not restrict the minimum password length to specified number of characters](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2Fa2d0e922-65d0-40c4-8f87-ea6da2d307a2) |Requires that prerequisites are deployed to the policy assignment scope. For details, visit [https://aka.ms/gcpol](https://aka.ms/gcpol). Machines are non-compliant if Windows machines that do not restrict the minimum password length to specified number of characters. Default value for minimum password length is 14 characters |AuditIfNotExists, Disabled |[2.1.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsPasswordLength_AINE.json) | -|[Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F385f5831-96d4-41db-9a3c-cd3af78aaae6) |This policy deploys the Windows Guest Configuration extension to Windows virtual machines hosted in Azure that are supported by Guest Configuration. The Windows Guest Configuration extension is a prerequisite for all Windows Guest Configuration assignments and must be deployed to machines before using any Windows Guest Configuration policy definition. For more information on Guest Configuration, visit [https://aka.ms/gcpol](https://aka.ms/gcpol). |deployIfNotExists |[1.2.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_DeployExtensionWindows_Prerequisite.json) | --### PCI DSS requirement 8.2.5 --**ID**: PCI DSS v3.2.1 8.2.5 -**Ownership**: customer --|Name<br /><sub>(Azure portal)</sub> |Description |Effect(s) |Version<br /><sub>(GitHub)</sub> | -||||| -|[Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F3cf2ab00-13f1-4d0c-8971-2ac904541a7e) |This policy adds a system-assigned managed identity to virtual machines hosted in Azure that are supported by Guest Configuration but do not have any managed identities. A system-assigned managed identity is a prerequisite for all Guest Configuration assignments and must be added to machines before using any Guest Configuration policy definitions. For more information on Guest Configuration, visit [https://aka.ms/gcpol](https://aka.ms/gcpol). |modify |[4.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_AddSystemIdentityWhenNone_Prerequisite.json) | -|[Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F497dff13-db2a-4c0f-8603-28fa3b331ab6) |This policy adds a system-assigned managed identity to virtual machines hosted in Azure that are supported by Guest Configuration and have at least one user-assigned identity but do not have a system-assigned managed identity. A system-assigned managed identity is a prerequisite for all Guest Configuration assignments and must be added to machines before using any Guest Configuration policy definitions. For more information on Guest Configuration, visit [https://aka.ms/gcpol](https://aka.ms/gcpol). |modify |[4.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_AddSystemIdentityWhenUser_Prerequisite.json) | -|[Audit Windows machines that allow re-use of the passwords after the specified number of unique passwords](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F5b054a0d-39e2-4d53-bea3-9734cad2c69b) |Requires that prerequisites are deployed to the policy assignment scope. For details, visit [https://aka.ms/gcpol](https://aka.ms/gcpol). Machines are non-compliant if Windows machines that allow re-use of the passwords after the specified number of unique passwords. Default value for unique passwords is 24 |AuditIfNotExists, Disabled |[2.1.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsPasswordEnforce_AINE.json) | -|[Audit Windows machines that do not have the maximum password age set to specified number of days](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F4ceb8dc2-559c-478b-a15b-733fbf1e3738) |Requires that prerequisites are deployed to the policy assignment scope. For details, visit [https://aka.ms/gcpol](https://aka.ms/gcpol). Machines are non-compliant if Windows machines that do not have the maximum password age set to specified number of days. Default value for maximum password age is 70 days |AuditIfNotExists, Disabled |[2.1.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsMaximumPassword_AINE.json) | -|[Audit Windows machines that do not restrict the minimum password length to specified number of characters](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2Fa2d0e922-65d0-40c4-8f87-ea6da2d307a2) |Requires that prerequisites are deployed to the policy assignment scope. For details, visit [https://aka.ms/gcpol](https://aka.ms/gcpol). Machines are non-compliant if Windows machines that do not restrict the minimum password length to specified number of characters. Default value for minimum password length is 14 characters |AuditIfNotExists, Disabled |[2.1.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsPasswordLength_AINE.json) | -|[Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F385f5831-96d4-41db-9a3c-cd3af78aaae6) |This policy deploys the Windows Guest Configuration extension to Windows virtual machines hosted in Azure that are supported by Guest Configuration. The Windows Guest Configuration extension is a prerequisite for all Windows Guest Configuration assignments and must be deployed to machines before using any Windows Guest Configuration policy definition. For more information on Guest Configuration, visit [https://aka.ms/gcpol](https://aka.ms/gcpol). |deployIfNotExists |[1.2.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_DeployExtensionWindows_Prerequisite.json) | --### PCI DSS requirement 8.3.1 --**ID**: PCI DSS v3.2.1 8.3.1 -**Ownership**: shared --|Name<br /><sub>(Azure portal)</sub> |Description |Effect(s) |Version<br /><sub>(GitHub)</sub> | -||||| -|[Accounts with owner permissions on Azure resources should be MFA enabled](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2Fe3e008c3-56b9-4133-8fd7-d3347377402a) |Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with owner permissions to prevent a breach of accounts or resources. |AuditIfNotExists, Disabled |[1.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableMFAForAccountsWithOwnerPermissions_Audit.json) | -|[Accounts with write permissions on Azure resources should be MFA enabled](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F931e118d-50a1-4457-a5e4-78550e086c52) |Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with write privileges to prevent a breach of accounts or resources. |AuditIfNotExists, Disabled |[1.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableMFAForAccountsWithWritePermissions_Audit.json) | -|[An Azure Active Directory administrator should be provisioned for SQL servers](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F1f314764-cb73-4fc9-b863-8eca98ac36e9) |Audit provisioning of an Azure Active Directory administrator for your SQL server to enable Azure AD authentication. Azure AD authentication enables simplified permission management and centralized identity management of database users and other Microsoft services |AuditIfNotExists, Disabled |[1.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SQL_DB_AuditServerADAdmins_Audit.json) | -|[Audit usage of custom RBAC roles](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2Fa451c1ef-c6ca-483d-87ed-f49761e3ffb5) |Audit built-in roles such as 'Owner, Contributer, Reader' instead of custom RBAC roles, which are error prone. Using custom roles is treated as an exception and requires a rigorous review and threat modeling |Audit, Disabled |[1.0.1](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/General/Subscription_AuditCustomRBACRoles_Audit.json) | -|[Guest accounts with owner permissions on Azure resources should be removed](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F339353f6-2387-4a45-abe4-7f529d121046) |External accounts with owner permissions should be removed from your subscription in order to prevent unmonitored access. |AuditIfNotExists, Disabled |[1.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveGuestAccountsWithOwnerPermissions_Audit.json) | -|[Guest accounts with read permissions on Azure resources should be removed](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2Fe9ac8f8e-ce22-4355-8f04-99b911d6be52) |External accounts with read privileges should be removed from your subscription in order to prevent unmonitored access. |AuditIfNotExists, Disabled |[1.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveGuestAccountsWithReadPermissions_Audit.json) | -|[Guest accounts with write permissions on Azure resources should be removed](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F94e1c2ac-cbbe-4cac-a2b5-389c812dee87) |External accounts with write privileges should be removed from your subscription in order to prevent unmonitored access. |AuditIfNotExists, Disabled |[1.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveGuestAccountsWithWritePermissions_Audit.json) | --## Next steps --Additional articles about Azure Policy: --- [Regulatory Compliance](../concepts/regulatory-compliance.md) overview.-- See the [initiative definition structure](../concepts/initiative-definition-structure.md).-- Review other examples at [Azure Policy samples](./index.md).-- Review [Understanding policy effects](../concepts/effects.md).-- Learn how to [remediate non-compliant resources](../how-to/remediate-resources.md). |
| hdinsight | Apache Hadoop Dotnet Csharp Mapreduce Streaming | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/hdinsight/hadoop/apache-hadoop-dotnet-csharp-mapreduce-streaming.md | Title: Use C# with MapReduce on Hadoop in HDInsight - Azure description: Learn how to use C# to create MapReduce solutions with Apache Hadoop in Azure HDInsight. -+ Last updated 08/23/2022 |
| hdinsight | Apache Hadoop Linux Create Cluster Get Started Portal | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/hdinsight/hadoop/apache-hadoop-linux-create-cluster-get-started-portal.md | If you don't have an Azure subscription, [create a free account](https://azure.m In this section, you create a Hadoop cluster in HDInsight using the Azure portal. -1. Sign in to the [Azure portal](https://portal.azure.com). +1. Sign in to the [Azure portal](https://portal.azure.com). 1. From the top menu, select **+ Create a resource**. |
| hdinsight | Apache Hadoop Use Hive Powershell | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/hdinsight/hadoop/apache-hadoop-use-hive-powershell.md | Title: Use Apache Hive with PowerShell in HDInsight - Azure description: Use PowerShell to run Apache Hive queries in Apache Hadoop in Azure HDInsight -+ Last updated 08/30/2022 |
| hdinsight | Apache Hadoop Use Mapreduce Powershell | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/hdinsight/hadoop/apache-hadoop-use-mapreduce-powershell.md | Title: Use MapReduce and PowerShell with Apache Hadoop - Azure HDInsight description: Learn how to use PowerShell to remotely run MapReduce jobs with Apache Hadoop on HDInsight. -+ Last updated 05/26/2023 |
| hdinsight | Hdinsight Hadoop Customize Cluster Linux | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/hdinsight/hdinsight-hadoop-customize-cluster-linux.md | Title: Customize Azure HDInsight clusters by using script actions description: Add custom components to HDInsight clusters by using script actions. Script actions are Bash scripts that can be used to customize the cluster configuration. Or add additional services and utilities like Hue, Solr, or R. -+ Last updated 06/08/2022 |
| healthcare-apis | How To Use Mapping Debugger | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/healthcare-apis/iot/how-to-use-mapping-debugger.md | -In this article, learn how to use the MedTech service Mapping debugger. The Mapping debugger is a self-service tool that is used for creating, updating, and troubleshooting the MedTech service device and FHIR destination mappings. The Mapping debugger enables you to easily view and make inline adjustments in real-time, without ever having to leave the Azure portal. The Mapping debugger can also be used for uploading test device messages to see how they'll look after being processed into normalized messages and transformed into FHIR Observations. +In this article, learn how to use the MedTech service Mapping debugger. The Mapping debugger is a self-service tool that is used for creating, updating, and troubleshooting the MedTech service [device](overview-of-device-mapping.md) and [FHIR destination](overview-of-fhir-destination-mapping.md) mappings. The Mapping debugger enables you to easily view and make inline adjustments in real-time, without ever having to leave the Azure portal. The Mapping debugger can also be used for uploading test device messages to see how they'll look after being processed into normalized messages and transformed into FHIR Observations. > [!TIP] > To learn about how the MedTech service transforms and persists device message data into the FHIR service see, [Overview of the MedTech service device data processing stages](overview-of-device-data-processing-stages.md). The following video presents an overview of the Mapping debugger: ## How to troubleshoot the device and FHIR destination mappings using the Mapping debugger +For this troubleshooting example, we're using a test device message that is [messaged routed](../../iot-hub/iot-hub-devguide-messages-d2c.md) from an [Azure IoT Hub](../../iot-hub/iot-concepts-and-iot-hub.md) and a [device mapping](overview-of-device-mapping.md) that uses [IotJsonPathContent templates](how-to-use-iotjsonpathcontent-templates.md). + 1. If there are errors with the device or FHIR destination mappings, the Mapping debugger displays the issues. In this example, we can see that there are error *warnings* at **Line 12** in the **Device mapping** and at **Line 20** in the **FHIR destination mapping**. :::image type="content" source="media\how-to-use-mapping-debugger\mapping-debugger-with-errors.png" alt-text="Screenshot of the Mapping debugger with device and FHIR destination mappings warnings." lightbox="media\how-to-use-mapping-debugger\mapping-debugger-with-errors.png"::: The following video presents an overview of the Mapping debugger: :::image type="content" source="media\how-to-use-mapping-debugger\mapping-debugger-select-test-device-message-manual.png" alt-text="Screenshot of the Mapping debugger and Select a file box." lightbox="media\how-to-use-mapping-debugger\mapping-debugger-select-test-device-message-manual.png"::: -3. Copy/paste or type the test device message into the **Upload test device message** box. The **Validation** box may still be *red* if the either of the mappings has an error/warning. As long as **No errors** is green, the test device message is valid. Select the **X** in the right corner to close the **Upload test device message** box. +3. Copy/paste or type the test device message into the **Upload test device message** box. The **Validation** box may still be *red* if the either of the mappings has an error/warning. As long as **No errors** is *green*, the test device message is valid with the provided device and FHIR destination mappings. ++ > [!NOTE] + >The Mapping debugger also displays [enrichments](../../iot-hub/iot-hub-message-enrichments-overview.md) performed on the test device message if it has been [messaged routed](../../iot-hub/iot-hub-devguide-messages-d2c.md) from an [Azure IoT Hub](../../iot-hub/iot-concepts-and-iot-hub.md) (for example: the addition of the **Body**, **Properties**, and **SystemProperties** elements). :::image type="content" source="media\how-to-use-mapping-debugger\mapping-debugger-input-test-device-message.png" alt-text="Screenshot of the Enter manually box with a validated test device message in the box." lightbox="media\how-to-use-mapping-debugger\mapping-debugger-input-test-device-message.png"::: -4. Once a conforming test device message is uploaded, the **View normalized message** and **View FHIR observation** buttons become available so that you may view the sample outputs of the normalization and FHIR transformation stages. These sample outputs can be used to validate your device and FHIR destination mappings are properly configured for processing device messages according to your requirement. + Select the **X** in the right corner to close the **Upload test device message** box. ++4. Once a valid test device message is uploaded, the **View normalized message** and **View FHIR observation** buttons become available so that you may view the sample outputs of the normalization and FHIR transformation stages. These sample outputs can be used to validate your device and FHIR destination mappings are properly configured for processing device messages according to your requirements. :::image type="content" source="media\how-to-use-mapping-debugger\mapping-debugger-normalized-and-FHIR-selections-available.png" alt-text="Screenshot View normalized message and View FHIR observation available." lightbox="media\how-to-use-mapping-debugger\mapping-debugger-normalized-and-FHIR-selections-available.png"::: The following video presents an overview of the Mapping debugger: ## Next steps -In this article, you were provided with an overview and learned about how to use the Mapping debugger to edit/troubleshoot the MedTech service device and FHIR destination mappings. +In this article, you were provided with an overview and learned about how to use the Mapping debugger to edit and troubleshoot the MedTech service device and FHIR destination mappings. To learn how to troubleshoot MedTech service deployment errors, see |
| iot-dps | How To Control Access | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/iot-dps/how-to-control-access.md | Azure IoT Hub Device Provisioning Service grants access to endpoints by verifyin You can grant [permissions](#device-provisioning-service-permissions) in the following ways: -* **Shared access authorization policies**. Shared access policies can grant any combination of [permissions](#device-provisioning-service-permissions). You can define policies in the [Azure portal][lnk-management-portal], or programmatically by using the [Device Provisioning Service REST APIs][lnk-resource-provider-apis]. A newly created provisioning service has the following default policy: +* **Shared access authorization policies**. Shared access policies can grant any combination of [permissions](#device-provisioning-service-permissions). You can define policies in the [Azure portal](https://portal.azure.com), or programmatically by using the [Device Provisioning Service REST APIs][lnk-resource-provider-apis]. A newly created provisioning service has the following default policy: * **provisioningserviceowner**: Policy with all permissions. See [permissions](#device-provisioning-service-permissions) for detailed information. The following table lists the permissions you can use to control access to your [img-add-shared-access-policy]: ./media/how-to-control-access/how-to-add-shared-access-policy.PNG [lnk-sdks]: ../iot-hub/iot-hub-devguide-sdks.md-[lnk-management-portal]: https://portal.azure.com [lnk-azure-resource-manager]: ../azure-resource-manager/management/overview.md [lnk-resource-provider-apis]: /rest/api/iot-dps/ |
| iot-hub | Iot Hub Device Management Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/iot-hub/iot-hub-device-management-overview.md | Device Update for IoT Hub offers optimized update deployment and streamlined ope * At-a-glance update compliance and status views across heterogenous device fleets * Support for resilient device updates (A/B) to deliver seamless rollback * Content caching and disconnected device support, including those devices that are in nested configurations, through built-in Microsoft Connected Cache and integration with Azure IoT Edge-* Subscription and role-based access controls available through the Azure.com portal +* Subscription and role-based access controls available via the [Azure portal](https://portal.azure.com) * Comprehensive cloud-to-edge security features and privacy controls For more information, see [Device Update for IoT Hub](../iot-hub-device-update/index.yml). |
| iot-hub | Iot Hub Rm Template Powershell | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/iot-hub/iot-hub-rm-template-powershell.md | To explore more capabilities of IoT Hub, see: <!-- Links --> [lnk-free-trial]: https://azure.microsoft.com/pricing/free-trial/-[lnk-azure-portal]: https://portal.azure.com/ [lnk-status]: https://azure.microsoft.com/status/ [lnk-powershell-install]: /powershell/azure/install-Az-ps [lnk-rest-api]: /rest/api/iothub/iothubresource |
| load-balancer | Quickstart Load Balancer Standard Public Portal | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/load-balancer/quickstart-load-balancer-standard-public-portal.md | In this section, you'll create a virtual network, subnet, and Azure Bastion host | Azure Bastion name | Enter **myBastionHost** | > [!IMPORTANT]- > [!INCLUDE [Pricing](../../includes/bastion-pricing.md)] - > - 1. Select the **IP addresses** tab or select the **Next: IP addresses** button at the bottom of the page. 1. In the **IP addresses** tab, select **Add an IP address space**, and enter this information: |
| logic-apps | Create Run Custom Code Functions | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/logic-apps/create-run-custom-code-functions.md | The following example shows how the `Run` method signature appears: ## Next steps -[Create Standard workflows with Visual Studio Code](create-single-tenant-workflows-visual-studio-code.md) +[Create Standard workflows with Visual Studio Code](create-single-tenant-workflows-visual-studio-code.md) |
| machine-learning | Concept Model Monitoring | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/machine-learning/concept-model-monitoring.md | Azure Machine Learning model monitoring (preview) supports the following list of | Data drift | Data drift tracks changes in the distribution of a model's input data by comparing it to the model's training data or recent past production data. | Jensen-Shannon Distance, Population Stability Index, Normalized Wasserstein Distance, Two-Sample Kolmogorov-Smirnov Test, Pearson's Chi-Squared Test | Classification (tabular data), Regression (tabular data) | Production data - model inputs | Recent past production data or training data | | Prediction drift | Prediction drift tracks changes in the distribution of a model's prediction outputs by comparing it to validation or test labeled data or recent past production data. | Jensen-Shannon Distance, Population Stability Index, Normalized Wasserstein Distance, Chebyshev Distance, Two-Sample Kolmogorov-Smirnov Test, Pearson's Chi-Squared Test | Classification (tabular data), Regression (tabular data) | Production data - model outputs | Recent past production data or validation data | | Data quality | Data quality tracks the data integrity of a model's input by comparing it to the model's training data or recent past production data. The data quality checks include checking for null values, type mismatch, or out-of-bounds of values. | Null value rate, data type error rate, out-of-bounds rate | Classification (tabular data), Regression (tabular data) | production data - model inputs | Recent past production data or training data |-| Feature attribution drift | Feature attribution drift tracks the importance or contributions of features to prediction outputs in production by comparing it to feature importance at training time | Normalized discounted cumulative gain | Classification (tabular data), Regression (tabular data) | Production data | Training data | +| Feature attribution drift | Feature attribution drift tracks the importance or contributions of features to prediction outputs in production by comparing it to feature importance at training time | Normalized discounted cumulative gain | Classification (tabular data), Regression (tabular data) | Production data - model inputs & outputs (*see the following note*) | Training data (required) | +> [!NOTE] +> For 'feature attribution drift' signal (during Preview), the user must create a custom data asset of type 'uri_folder' that contains joined inputs and outputs (Model Data Collector can be leveraged). Additionally, 'target_column_name' is also a required field, which specifies the prediction column in your training dataset. + ## How model monitoring works in Azure Machine Learning Azure Machine Learning acquires monitoring signals by performing statistical computations on production inference data and reference data. This reference data can include the model's training data or validation data, while the production inference data refers to the model's input and output data collected in production. Each machine learning model and its use cases are unique. Therefore, model monit - [Perform continuous model monitoring in Azure Machine Learning](how-to-monitor-model-performance.md) - [Model data collection](concept-data-collection.md)-- [Collect production inference data](how-to-collect-production-data.md)+- [Collect production inference data](how-to-collect-production-data.md) |
| machine-learning | How To Assign Roles | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/machine-learning/how-to-assign-roles.md | The following table is a summary of Azure Machine Learning activities and the pe | Scoring against a deployed AKS endpoint | Not required | Not required | Owner, contributor, or custom role allowing: `"/workspaces/services/aks/score/action", "/workspaces/services/aks/listkeys/action"` (when you are not using Azure Active Directory auth) OR `"/workspaces/read"` (when you are using token auth) | | Accessing storage using interactive notebooks | Not required | Not required | Owner, contributor, or custom role allowing: `"/workspaces/computes/read", "/workspaces/notebooks/samples/read", "/workspaces/notebooks/storage/*", "/workspaces/listStorageAccountKeys/action", "/workspaces/listNotebookAccessToken/read"`| | Create new custom role | Owner, contributor, or custom role allowing `Microsoft.Authorization/roleDefinitions/write` | Not required | Owner, contributor, or custom role allowing: `/workspaces/computes/write` |-| Create/manage online endpoints and deployments | Not required | Not required | Owner, contributor, or custom role allowing `Microsoft.MachineLearningServices/workspaces/onlineEndpoints/*` | +| Create/manage online endpoints and deployments | Not required | Not required | Owner, contributor, or custom role allowing `Microsoft.MachineLearningServices/workspaces/onlineEndpoints/*`. If you use studio to create/manage online endpoints/deployments, you will need an additional permission "Microsoft.Resources/deployments/write" from the resource group owner. | | Retrieve authentication credentials for online endpoints | Not required | Not required | Owner, contributor, or custom role allowing `Microsoft.MachineLearningServices/workspaces/onlineEndpoints/token/action` and `Microsoft.MachineLearningServices/workspaces/onlineEndpoints/listkeys/action`. 1: If you receive a failure when trying to create a workspace for the first time, make sure that your role allows `Microsoft.MachineLearningServices/register/action`. This action allows you to register the Azure Machine Learning resource provider with your Azure subscription. Here are a few things to be aware of while you use Azure role-based access contr - To perform quota operations in a workspace, you need subscription level permissions. This means setting either subscription level quota or workspace level quota for your managed compute resources can only happen if you have write permissions at the subscription scope. +- In order to deploy on studio, you need "Microsoft.Resources/deployments/write" AND "Microsoft.MachineLearningServices/workspaces/onlineEndpoints/deployments/write". For SDK/CLI deployments, you need "Microsoft.MachineLearningServices/workspaces/onlineEndpoints/deployments/write". Contact your workspace/resource group owner for the additional permissions. + - When there are two role assignments to the same Azure Active Directory user with conflicting sections of Actions/NotActions, your operations listed in NotActions from one role might not take effect if they are also listed as Actions in another role. To learn more about how Azure parses role assignments, read [How Azure RBAC determines if a user has access to a resource](/azure/role-based-access-control/overview#how-azure-rbac-determines-if-a-user-has-access-to-a-resource) [!INCLUDE [network-rbac](includes/network-rbac.md)] |
| machine-learning | How To Collect Production Data | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/machine-learning/how-to-collect-production-data.md | First, you'll need to add custom logging code to your scoring script (`score.py` global inputs_collector, outputs_collector inputs_collector = Collector(name='model_inputs') outputs_collector = Collector(name='model_outputs')+ inputs_outputs_collector = Collector(name='model_inputs_outputs') ``` By default, Azure Machine Learning raises an exception if there's a failure during data collection. Optionally, you can use the `on_error` parameter to specify a function to run if logging failure happens. For instance, using the `on_error` parameter in the following code, Azure Machine Learning logs the error rather than throwing an exception: def init(): # instantiate collectors with appropriate names, make sure align with deployment spec inputs_collector = Collector(name='model_inputs') outputs_collector = Collector(name='model_outputs')+ inputs_outputs_collector = Collector(name='model_inputs_outputs') #note: this is used to enable Feature Attribution Drift def run(data): # json data: { "data" : { "col1": [1,2,3], "col2": [2,3,4] } } def run(data): # collect outputs data, pass in correlation_context so inputs and outputs data can be correlated later outputs_collector.collect(output_df, context)++ # create a dataframe with inputs/outputs joined - this creates a URI folder (not mltable) + # input_output_df = input_df.merge(output_df, context) + input_output_df = input_df.join(output_df) ++ # collect both your inputs and output + inputs_outputs_collector.collect(input_output_df, context) return output_df.to_dict() |
| machine-learning | How To Connection | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/machine-learning/how-to-connection.md | ml_client.connections.create_or_update(workspace_connection=wps_connection) ## Next steps - [Import data assets](how-to-import-data-assets.md)-- [Schedule data import jobs](how-to-schedule-data-import.md)+- [Schedule data import jobs](how-to-schedule-data-import.md) |
| machine-learning | How To Create Data Assets | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/machine-learning/how-to-create-data-assets.md | ml_client.jobs.create_or_update(job) - [Access data in a job](how-to-read-write-data-v2.md#access-data-in-a-job) - [Working with tables in Azure Machine Learning](how-to-mltable.md)-- [Access data from Azure cloud storage during interactive development](how-to-access-data-interactive.md)+- [Access data from Azure cloud storage during interactive development](how-to-access-data-interactive.md) |
| machine-learning | How To Datastore | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/machine-learning/how-to-datastore.md | az ml datastore create --file my_adls_datastore.yml - [Access data in a job](how-to-read-write-data-v2.md#access-data-in-a-job) - [Create and manage data assets](how-to-create-data-assets.md#create-and-manage-data-assets) - [Import data assets (preview)](how-to-import-data-assets.md#import-data-assets-preview)-- [Data administration](how-to-administrate-data-authentication.md#data-administration)+- [Data administration](how-to-administrate-data-authentication.md#data-administration) |
| machine-learning | How To Managed Network | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/machine-learning/how-to-managed-network.md | To enable the [serverless spark jobs](how-to-submit-spark-jobs.md) for the manag # [Azure portal](#tab/portal) - Create a new compute instance or compute cluster, which also creates the managed virtual network. + Use the __Azure CLI__ or __Python SDK__ tabs to learn how to manually provision the managed VNet with serverless spark support. |
| machine-learning | How To Mltable | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/machine-learning/how-to-mltable.md | You can also load the data into your job. - [Access data in a job](how-to-read-write-data-v2.md#access-data-in-a-job) - [Create and manage data assets](how-to-create-data-assets.md#create-and-manage-data-assets) - [Import data assets (preview)](how-to-import-data-assets.md#import-data-assets-preview)-- [Data administration](how-to-administrate-data-authentication.md#data-administration)+- [Data administration](how-to-administrate-data-authentication.md#data-administration) |
| machine-learning | How To Monitor Model Performance | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/machine-learning/how-to-monitor-model-performance.md | Before following the steps in this article, make sure you have the following pre > > Model monitoring jobs are scheduled to run on serverless Spark compute pool with `Standard_E4s_v3` VM instance type support only. More VM instance type support will come in the future roadmap. -## Set up out-of-box model monitoring +## Set up out-of-the-box model monitoring If you deploy your model to production in an Azure Machine Learning online endpoint, Azure Machine Learning collects production inference data automatically and uses it for continuous monitoring. You can use Azure CLI, the Python SDK, or Azure Machine Learning studio for out- * smart defaults for metrics and thresholds. * A monitoring job is scheduled to run daily at 3:15am (for this example) to acquire monitoring signals and evaluate each metric result against its corresponding threshold. By default, when any threshold is exceeded, an alert email is sent to the user who set up the monitoring. +## Configure feature importance ++For feature importance to be enabled with any of your signals (such as data drift or data quality,) you need to provide both the 'baseline_dataset' (typically training) dataset and 'target_column_name' fields. # [Azure CLI](#tab/azure-cli) Azure Machine Learning model monitoring uses `az ml schedule` for model monitori az ml schedule create -f ./out-of-box-monitoring.yaml ``` -The following YAML contains the definition for out-of-box model monitoring. +The following YAML contains the definition for out-of-the-box model monitoring. ```yaml # out-of-box-monitoring.yaml create_monitor: # [Python](#tab/python) -You can use the following code to set up out-of-box model monitoring: +You can use the following code to set up out-of-the-box model monitoring: ```python create_monitor: dataset: input_dataset: path: azureml:my_model_production_data:1- type: mltable - dataset_context: model_inputs + type: uri_folder + dataset_context: model_inputs_outputs baseline_dataset: input_dataset: path: azureml:my_model_training_data:1 type: mltable- dataset_context: model_inputs + dataset_context: training target_column_name: fraud_detected model_type: classification # if no metric_thresholds defined, use the default metric_thresholds metric_thresholds:- threshold: 0.05 + threshold: 0.9 alert_notification: emails: advanced_data_quality = DataQualitySignal( monitor_target_data = TargetDataset( dataset=MonitorInputData( input_dataset=Input(- type="mltable", - path="azureml:my_model_production_data:1" + type="uri_folder", + path="azureml:endpoint_name-deployment_name-model_inputs_outputs:1" ),- dataset_context=MonitorDatasetContext.MODEL_INPUTS, + dataset_context=MonitorDatasetContext.MODEL_INPUTS_OUTPUTS, ) ) monitor_baseline_data = MonitorInputData( monitor_baseline_data = MonitorInputData( target_column_name="fraud_detected", dataset_context=MonitorDatasetContext.TRAINING, )-metric_thresholds = FeatureAttributionDriftMetricThreshold(threshold=0.05) +metric_thresholds = FeatureAttributionDriftMetricThreshold(threshold=0.9) feature_attribution_drift = FeatureAttributionDriftSignal( target_dataset=monitor_target_data, created_monitor = poller.result() # [Studio](#tab/azure-studio) -1. Complete the entires on the basic settings page as described in the [Set up out-of-box model monitoring](#set-up-out-of-box-model-monitoring) section. +1. Complete the entires on the basic settings page as described in the [Set up out-of-box model monitoring](#set-up-out-of-the-box-model-monitoring) section. 1. Select **More options** to open the advanced setup wizard. 1. In the "Configure dataset" section, add a dataset to be used as the comparison baseline. We recommend using the model training data as the comparison baseline for data drift and data quality, and using the model validation data as the comparison baseline for prediction drift. created_monitor = poller.result() 1. Select **Add** to add another signal. 1. In the "Add Signal" screen, select the **Feature Attribution Drift** panel.-1. Enter a name for Feature Attribution Drift signal. +1. Enter a name for Feature Attribution Drift signal. Feature attribution drift currently requires a few additional steps: +1. Configure your data assets for Feature Attribution Drift + 1. In your model creation wizard, add your custom data asset from your [custom data collection](how-to-collect-production-data.md) called 'model inputs and outputs' which combines your joined model inputs and data assets as a separate data context. + + :::image type="content" source="media/how-to-monitor-models/feature-attribution-drift-inputs-outputs.png" alt-text="Screenshot showing how to configure a custom data asset with inputs and outputs joined." lightbox="media/how-to-monitor-models/feature-attribution-drift-inputs-outputs.png"::: + + 1. Specify your training reference dataset that will be used in the feature attribution drift component, and select your 'target column name' field, which is required to enable feature importance. + 1. Confirm your parameters are correct 1. Adjust the data window size according to your business case.-1. Select the training data as the baseline dataset. -1. Select the target column name. 1. Adjust the threshold according to your need. 1. Select **Save** to return to the "Select monitoring signals" section. 1. If you're done with editing or adding signals, select **Next**. created_monitor = poller.result() :::image type="content" source="media/how-to-monitor-models/model-monitoring-advanced-config-add-signal.png" alt-text="Screenshot showing settings for adding signals." lightbox="media/how-to-monitor-models/model-monitoring-advanced-config-add-signal.png"::: 1. In the "Notification" screen, enable alert notification for each signal.-1. (Optional) Enable "Azure Monitor" for all metrics to be sent to Azure Monitor. 1. Select **Next**. :::image type="content" source="media/how-to-monitor-models/model-monitoring-advanced-config-notification.png" alt-text="Screenshot of settings on the notification screen." lightbox="media/how-to-monitor-models/model-monitoring-advanced-config-notification.png"::: |
| machine-learning | How To Schedule Data Import | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/machine-learning/how-to-schedule-data-import.md | There are currently three action rules related to schedules, and you can configu ## Next steps * Learn more about the [CLI (v2) data import schedule YAML schema](./reference-yaml-schedule-data-import.md).-* Learn how to [manage imported data assets](how-to-manage-imported-data-assets.md). +* Learn how to [manage imported data assets](how-to-manage-imported-data-assets.md). |
| machine-learning | Get Started Prompt Flow | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/machine-learning/prompt-flow/get-started-prompt-flow.md | For each LLM node, you need to select a connection to set your LLM API keys. For this example, the API type should be **completion**. -Then depending on the connection type you selected, you need to select a deployment or a model. If you use AzureOpenAI connection, you need to select a deployment in drop-down (If you don't have a deployment, create one in AzureOPenAI portal by following [Create a resource and deploy a model using Azure OpenAI](../../cognitive-services/openai/how-to/create-resource.md?pivots=web-portal#deploy-a-model)). If you use OpenAI connection, you need to select a model. +Then depending on the connection type you selected, you need to select a deployment or a model. If you use AzureOpenAI connection, you need to select a deployment in drop-down (If you don't have a deployment, create one in AzureOpenAI portal by following [Create a resource and deploy a model using Azure OpenAI](../../cognitive-services/openai/how-to/create-resource.md?pivots=web-portal#deploy-a-model)). If you use OpenAI connection, you need to select a model. We have two LLM nodes (summarize_text_content and classify_with_llm) in the flow, so you need to set up for each respectively. |
| machine-learning | How To Deploy For Real Time Inference | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/machine-learning/prompt-flow/how-to-deploy-for-real-time-inference.md | If the checkbox is selected, the first row of your input data will be used as sa ### Outputs -In this step, you can view all flow outputs, and specify which outputs will be included in the response of the endpoint you deploy. +In this step, you can view all flow outputs, and specify which outputs will be included in the response of the endpoint you deploy. By default all flow outputs are selected. :::image type="content" source="./media/how-to-deploy-for-real-time-inference/deploy-wizard-outputs.png" alt-text="Screenshot of the outputs step in the deploy wizard." lightbox = "./media/how-to-deploy-for-real-time-inference/deploy-wizard-outputs.png"::: For **System-assigned** identity: |Resource|Role|Why it's needed| |||| |Azure Machine Learning Workspace|**AzureML Data Scientist** role **OR** a customized role with ΓÇ£Microsoft.MachineLearningServices/workspaces/connections/listsecrets/actionΓÇ¥ | Get workspace connections. |-|(Optional) Workspace default storage|* Storage Blob Data Contributor<br> * Storage Table Data Contributor| Enable tracing data including node level outputs/trace/logs when performing inference. Currently it's not required.| + For **User-assigned** identity: For **User-assigned** identity: |Workspace container registry |Acr pull |Pull container image | |Workspace default storage| Storage Blob Data Reader| Load model from storage | |(Optional) Azure Machine Learning Workspace|Workspace metrics writer| After you deploy then endpoint, if you want to monitor the endpoint related metrics like CPU/GPU/Disk/Memory utilization, you need to give this permission to the identity.|-|(Optional) Workspace default storage|Storage Blob Data Contributor<br> Storage Table Data Contributor| Enable tracing data including node level outputs/trace/logs when performing inference. Currently it's not required.| + To grant permissions to the endpoint identity, there are two ways: |
| machine-learning | Tutorial Pipeline Python Sdk | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/machine-learning/tutorial-pipeline-python-sdk.md | ml_client = MLClient( If you have been following along with the other tutorials in this series and already registered the data, you can fetch the same dataset from the workspace using `credit_dataset = ml_client.data.get("<DATA ASSET NAME>", version='<VERSION>')`. Then you may skip this section. To learn about data more in depth or if you would rather complete the data tutorial first, see [Upload, access and explore your data in Azure Machine Learning](tutorial-explore-data.md). -* Azure Machine Learning uses a `Data` object to register a reusable definition of data, and consume data within a pipeline. In the next section, you consume some data from web url as one example. Data from other sources can be created as well. `Data` assets from other sources can be created as well. +* Azure Machine Learning uses a `Data` object to register a reusable definition of data, and consume data within a pipeline. In the next section, you consume some data from web url as one example. `Data` assets from other sources can be created as well. |
| machine-learning | How To Debug Pipelines | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/machine-learning/v1/how-to-debug-pipelines.md | |
| managed-grafana | How To Smtp Settings | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/managed-grafana/how-to-smtp-settings.md | To follow the steps in this guide, you must have: ## Enable and configure SMTP settings -To activate SMTP settings, enable email notifications and configure an email contact point in Azure Managed Grafana, follow the steps below. +Follow these steps to activate SMTP settings, enable email notifications and configure an email contact point in Azure Managed Grafana. ### [Portal](#tab/azure-portal) To activate SMTP settings, enable email notifications and configure an email con | From Address | user@domain.com | Enter the email address used when sending out emails. | | From Name | Azure Managed Grafana Notification | Enter the name used when sending out emails. Default is "Azure Managed Grafana Notification" if parameter isn't given or empty. | | Skip Verify | Disable |This setting controls whether a client verifies the server's certificate chain and host name. If **Skip Verify** is **Enable**, client accepts any certificate presented by the server and any host name in that certificate. In this mode, TLS is susceptible to machine-in-the-middle attacks unless custom verification is used. Default is **Disable** (toggled off). [More information](https://pkg.go.dev/crypto/tls#Config). |- | StartTLS Policy | OpportunisticStartTLS | There are 3 options. [More information](https://pkg.go.dev/github.com/go-mail/mail#StartTLSPolicy).<br><ul><li>**OpportunisticStartTLS** means that SMTP transactions are encrypted if STARTTLS is supported by the SMTP server. Otherwise, messages are sent in the clear. This is the default setting.</li><li>**MandatoryStartTLS** means that SMTP transactions must be encrypted. SMTP transactions are aborted unless STARTTLS is supported by the SMTP server.</li><li>**NoStartTLS** means encryption is disabled and messages are sent in the clear.</li></ul> | + | StartTLS Policy | OpportunisticStartTLS | There are three options. [More information](https://pkg.go.dev/github.com/go-mail/mail#StartTLSPolicy).<br><ul><li>**OpportunisticStartTLS** means that SMTP transactions are encrypted if STARTTLS is supported by the SMTP server. Otherwise, messages are sent in the clear. It's the default setting.</li><li>**MandatoryStartTLS** means that SMTP transactions must be encrypted. SMTP transactions are aborted unless STARTTLS is supported by the SMTP server.</li><li>**NoStartTLS** means encryption is disabled and messages are sent in the clear.</li></ul> | 1. Select **Save** to save the SMTP settings. Updating may take a couple of minutes. To activate SMTP settings, enable email notifications and configure an email con ### [Azure CLI](#tab/azure-cli) 1. Azure Managed Grafana CLI extension 1.1 or above is required to enable or update SMTP settings. To update your extension, run `az extension update --name amg`.-1. Run the [az grafana update](/cli/azure/grafana#az-grafana-update) command to configure SMTP settings for a given Azure Managed Grafana instance. When doing this, replace the placeholders below with information from your own instance. +1. Run the [az grafana update](/cli/azure/grafana#az-grafana-update) command to configure SMTP settings for a given Azure Managed Grafana instance. Replace the placeholders with information from your own instance. ```azurecli az grafana update --resource-group <resource-group> \ To activate SMTP settings, enable email notifications and configure an email con | `--host` | test.sendgrid.net:587 | Enter the SMTP server hostname with port. | | `--user` | admin | Enter the name of the user of the SMTP authentication. | | `--password` | password | Enter password of the SMTP authentication. If the password contains "#" or ";" wrap it within triple quotes. |- | `--start-tls-policy` | OpportunisticStartTLS | The StartTLSPolicy setting of the SMTP configuration. There are 3 options. [More information](https://pkg.go.dev/github.com/go-mail/mail#StartTLSPolicy).<br><ul><li>**OpportunisticStartTLS** means that SMTP transactions are encrypted if STARTTLS is supported by the SMTP server. Otherwise, messages are sent in the clear. This is the default setting.</li><li>**MandatoryStartTLS** means that SMTP transactions must be encrypted. SMTP transactions are aborted unless STARTTLS is supported by the SMTP server.</li><li>**NoStartTLS** means encryption is disabled and messages are sent in the clear.</li></ul> | + | `--start-tls-policy` | OpportunisticStartTLS | The StartTLSPolicy setting of the SMTP configuration. There are three options. [More information](https://pkg.go.dev/github.com/go-mail/mail#StartTLSPolicy).<br><ul><li>**OpportunisticStartTLS** means that SMTP transactions are encrypted if STARTTLS is supported by the SMTP server. Otherwise, messages are sent in the clear. This is the default setting.</li><li>**MandatoryStartTLS** means that SMTP transactions must be encrypted. SMTP transactions are aborted unless STARTTLS is supported by the SMTP server.</li><li>**NoStartTLS** means encryption is disabled and messages are sent in the clear.</li></ul> | | `--skip-verify` | false |This setting controls whether a client verifies the server's certificate chain and host name. If **--skip-verify** is **true**, client accepts any certificate presented by the server and any host name in that certificate. In this mode, TLS is susceptible to machine-in-the-middle attacks unless custom verification is used. Default is **false**. [More information](https://pkg.go.dev/crypto/tls#Config). | To activate SMTP settings, enable email notifications and configure an email con > Here are some tips for properly configuring SMTP: >- When using a business email account such as Office 365, you may need to contact your email administrator to enable SMTP AUTH (for example, [enable-smtp-auth-for-specific-mailboxes](/exchange/clients-and-mobile-in-exchange-online/authenticated-client-smtp-submission#enable-smtp-auth-for-specific-mailboxes)). You should be able to create an app password afterwards and use it as the SMTP *password* setting. >- When using a personal email account such as Outlook or Gmail, you should create an app password and use it as the SMTP *password* setting. Note that your account won't work for email notification if it's configured with multi-factor authentication.+>- It's recommended that you verify the SMTP configurations to be working as expected before applying them to your Managed Grafana workspace. For example, you can use an open source tool such as [swaks (Swiss Army Knife for SMTP)](https://github.com/jetmore/swaks) to send a test email using the SMTP configurations by running the following command in a terminal window: +> ```bash +> # fill in all the empty values for the following parameters +> host="" # SMTP host name with port separated by a ":", e.g. smtp.office365.com:587 +> user="" # email address, e.g. team1@microsoft.com +> password="" # password +> fromAddress="" # source email address (usually the same as user above), e.g. team1@contoso.com +> toAddress="" # destination email address, e.g. team2@contoso.com +> ehlo="" # grafana endpoint, e.g. team1-ftbghja6ekeybng8.wcus.grafana.azure.com +> +> header="Subject:Test" +> body="Testing!" +> +> # test SMTP connection by sending an email +> swaks --auth -tls \ +> --server $host \ +> --auth-user $user \ +> --auth-password $password \ +> --from $fromAddress \ +> --to $toAddress \ +> --ehlo $ehlo \ +> --header $header \ +> --body $body +> ``` ## Configure Grafana contact points and send a test email Configuring Grafana contact points is done in the Grafana portal: 1. Add or update the **Name**, and **Contact point type**. 1. Enter a destination email under **Addresses**, and select **Test**. 1. Select **Send test notification** to send the notification with the predefined test message or select **Custom** to first edit the message.- 1. A notification "Test alert sent" is displayed, meaning that the email setup has been successfully configured. The test email has been sent to the provided email address. In case of misconfiguration, an error message will be displayed instead. + 1. A notification "Test alert sent" is displayed, meaning that the email setup has been successfully configured. The test email has been sent to the provided email address. If there is a misconfiguration, an error message is shown instead. ## Disable SMTP settings -To disable SMTP settings, follow the steps below. +To disable SMTP settings, follow these steps. ### [Portal](#tab/azure-portal) To disable SMTP settings, follow the steps below. ### [Azure CLI](#tab/azure-cli) 1. Azure Managed Grafana CLI extension 1.1 or above is required to disable SMTP settings. To update your extension, run `az extension update --name amg`.-1. Run the [az grafana update](/cli/azure/grafana#az-grafana-update) command to configure SMTP settings for a given Azure Managed Grafana instance. Replace the placeholders below with information from your own instance. +1. Run the [az grafana update](/cli/azure/grafana#az-grafana-update) command to configure SMTP settings for a given Azure Managed Grafana instance. Replace the placeholders with information from your own instance. ```azurecli az grafana update --resource-group <resource-group> \ To disable SMTP settings, follow the steps below. Within the Grafana portal, you can find a list of all Grafana alerting error messages that occurred in **Alerting > Notifications**. -Below are some common error messages you may encounter: +The following are some common error messages you may encounter: - "Authentication failed: The provided authorization grant is invalid, expired, or revoked". Grafana couldn't connect to the SMTP server. Check if the password entered in the SMTP settings in the Azure portal is correct.-- "Failed to sent test alert.: SMTP not configured". SMTP is disabled. Open the Azure Managed Grafana instance in the Azure portal and enable SMTP settings.--## Known limitation --Due to limitation on alerting high availability configuration in Azure Managed Grafana, there could be duplicate email notifications delivered for a single firing alert. +- "Failed to sent test alert: SMTP not configured". SMTP is disabled. Open the Azure Managed Grafana instance in the Azure portal and enable SMTP settings. ## Next steps |
| migrate | How To Discover Applications | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/migrate/how-to-discover-applications.md | The software inventory is exported and downloaded in Excel format. The **Softwar ## Discover SQL Server instances and databases -- Software inventory also identifies the SQL Server instances running in your VMware, Microsoft Hyper-V and Physical/ Bare-metal environments as well as IaaS services of other public cloud.+- Software inventory also identifies the SQL Server instances running in your VMware, Microsoft Hyper-V, and Physical/ Bare-metal environments as well as IaaS services of other public cloud. - If you haven't provided Windows authentication or SQL Server authentication credentials on the appliance configuration manager, then add the credentials so that the appliance can use them to connect to respective SQL Server instances. > [!NOTE] Once connected, the appliance gathers configuration and performance data of SQL - User can add both domain and non-domain credentials on appliance. Make sure that the account used has local admin privileges on source servers. Azure Migrate automatically maps credentials to the respective servers, so one doesnΓÇÖt have to map them manually. Most importantly, these credentials are never sent to Microsoft and remain on the appliance running in source environment. - After the appliance is connected, it gathers configuration data for IIS web server and ASP.NET web apps. Web apps configuration data is updated once every 24 hours. -> [!Note] -> Currently the discovery of ASP.NET web apps is only available with appliance used for discovery of servers running in your VMware environment. ## Next steps |
| mysql | Concepts Supported Versions | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/mysql/flexible-server/concepts-supported-versions.md | Refer to the MySQL [release notes](https://dev.mysql.com/doc/relnotes/mysql/5.7/ ## MySQL Version 8 -Bug fix release: 8.0.31 +Bug fix release: 8.0.32 -Refer to the MySQL [release notes](https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-31.html) to learn more about improvements and fixes in this version. +Refer to the MySQL [release notes](https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-32.html) to learn more about improvements and fixes in this version. The service performs automated patching of the underlying hardware, OS, and database engine. The patching includes security and software updates. For MySQL engine, minor version upgrades are also included as part of the planned maintenance release. Users can configure the patching schedule to be system managed or define their custom schedule. During the maintenance schedule, the patch is applied and server may require a restart as part of the patching process to complete the update. With the custom schedule, users can make their patching cycle predictable and choose a maintenance window with minimum impact to the business. In general, the service follows monthly release schedule as part of the continuous integration and release. |
| mysql | How To Networking Private Link Azure Cli | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/mysql/flexible-server/how-to-networking-private-link-azure-cli.md | |
| mysql | Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/mysql/flexible-server/overview.md | For more information, see [Read Replica concepts](concepts-read-replicas.md). ## Setup Hybrid or Multi-Cloud Data synchronization with Data-in replication -Data-in replication allows you to synchronize data from an external MySQL server into the Azure Database for MySQL Flexible service. The external server can be on-premises, in virtual machines, Azure Database for MySQL Single Server, or a database service hosted by other cloud providers. Data-in replication is based on the binary log (binlog) file position-based. The main scenarios to consider about using Data-in replication are: +Data-in replication allows you to synchronize data from an external MySQL server into the Azure Database for MySQL Flexible Server. The external server can be on-premises, in virtual machines, Azure Database for MySQL Single Server, or a database service hosted by other cloud providers. Data-in replication is based on the binary log (binlog) file position-based. The main scenarios to consider about using Data-in replication are: * Hybrid Data Synchronization * Multi-Cloud Synchronization * [Minimal downtime migration to Flexible Server](../../mysql/howto-migrate-single-flexible-minimum-downtime.md) |
| mysql | Whats New | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/mysql/flexible-server/whats-new.md | This article summarizes new releases and features in Azure Database for MySQL - - **On-Demand Backup for Azure Database for MySQL - Flexible Server** - The on-Demand backup feature allows customers to trigger On-Demand backups of their production workload, in addition to the automated backups taken by Azure Database for MySQL Flexible service, and store it in alignment with the server's backup retention policy. These backups can be used as the fastest restore point to perform a point-in-time restore for faster and more predictable restore times. [**Learn more**](how-to-trigger-on-demand-backup.md#trigger-on-demand-backup) + The on-Demand backup feature allows customers to trigger On-Demand backups of their production workload, in addition to the automated backups taken by Azure Database for MySQL Flexible Server, and store it in alignment with the server's backup retention policy. These backups can be used as the fastest restore point to perform a point-in-time restore for faster and more predictable restore times. [**Learn more**](how-to-trigger-on-demand-backup.md#trigger-on-demand-backup) - **Business Critical tier now supports Ev5 compute series** |
| mysql | Quickstart Create Mysql Server Database Using Arm Template | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/mysql/single-server/quickstart-create-mysql-server-database-using-arm-template.md | More Azure Database for MySQL template samples can be found in the [quickstart t Select the following link to deploy the Azure Database for MySQL server template in the Azure portal: -[:::image type="content" source="../../media/template-deployments/deploy-to-azure.svg" alt-text="Deploy to Azure in portal":::](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.dbformysql%2Fmanaged-mysql-with-vnet%2Fazuredeploy.json) +[:::image type="content" source="../../media/template-deployments/deploy-to-azure.svg" alt-text="Deploy to Azure via the Azure portal":::](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.dbformysql%2Fmanaged-mysql-with-vnet%2Fazuredeploy.json) On the **Deploy Azure Database for MySQL with VNet** page: |
| network-watcher | Connection Monitor Create Using Template | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/network-watcher/connection-monitor-create-using-template.md | |
| network-watcher | Network Watcher Connectivity Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/network-watcher/network-watcher-connectivity-overview.md | Connection troubleshoot reduces the Mean Time To Resolution (MTTR) by providing Connection troubleshoot provides the capability to check TCP or ICMP connections from any of these Azure resources: - Virtual machines+- Virtual machine scale sets - Azure Bastion instances - Application gateways (except v1) Connection troubleshoot returns fault types about the connection. The following ### Next steps - To learn how to use connection troubleshoot to test and troubleshoot connections, see [Troubleshoot connections with Azure Network Watcher using the Azure portal](network-watcher-connectivity-portal.md).-- To learn more about Network Watcher and its other capabilities, see [What is Azure Network Watcher?](network-watcher-monitoring-overview.md).+- To learn more about Network Watcher and its other capabilities, see [What is Azure Network Watcher?](network-watcher-monitoring-overview.md). |
| networking | Connectivity Interoperability Configuration | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/networking/connectivity-interoperability-configuration.md | -This article describes the configuration details of the [test setup](./connectivty-interoperability-preface.md). The test setup helps you analyze how Azure networking services interoperate at the control plane level and data plane level. +This article describes the configuration details of the test setup. The test setup helps you analyze how Azure networking services interoperate at the control plane level and data plane level. ## Spoke virtual network connectivity by using virtual network peering For more information, see [What is VPN Gateway?](../vpn-gateway/vpn-gateway-abou ## Next steps -Learn about [control plane analysis](./connectivty-interoperability-control-plane.md) of the test setup and the views of different virtual networks or VLANs in the topology. --Learn about [data plane analysis](./connectivty-interoperability-data-plane.md) of the test setup and Azure network monitoring feature views. - See the [ExpressRoute FAQ](../expressroute/expressroute-faqs.md) to: - Learn how many ExpressRoute circuits you can connect to an ExpressRoute gateway. - Learn how many ExpressRoute gateways you can connect to an ExpressRoute circuit. -- Learn about other scale limits of ExpressRoute.+- Learn about other scale limits of ExpressRoute. |
| networking | Connectivity Interoperability Control Plane | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/networking/connectivity-interoperability-control-plane.md | -This article describes the control plane analysis of the [test setup](./connectivty-interoperability-preface.md). You can also review the [test setup configuration](./connectivty-interoperability-configuration.md) and the [data plane analysis](./connectivty-interoperability-data-plane.md) of the test setup. +This article describes the control plane analysis of the test setup. You can also review the test setup configuration and the data plane analysis of the test setup. Control plane analysis essentially examines routes that are exchanged between networks within a topology. Control plane analysis can help you understand how different networks view the topology. See the [ExpressRoute FAQ](../expressroute/expressroute-faqs.md) to: - Learn how many ExpressRoute gateways you can connect to an ExpressRoute circuit. -- Learn about other scale limits of ExpressRoute.+- Learn about other scale limits of ExpressRoute. |
| networking | Connectivity Interoperability Data Plane | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/networking/connectivity-interoperability-data-plane.md | -This article describes the data plane analysis of the [test setup](./connectivty-interoperability-preface.md). You can also review the [test setup configuration](./connectivty-interoperability-configuration.md) and the [control plane analysis](./connectivty-interoperability-control-plane.md) of the test setup. +This article describes the control plane analysis of the test setup. You can also review the test setup configuration and the data plane analysis of the test setup. Data plane analysis examines the path taken by packets that traverse from one local network (LAN or virtual network) to another within a topology. The data path between two local networks isn't necessarily symmetrical. Therefore, in this article, we analyze a forwarding path from a local network to another network that's separate from the reverse path. Trace complete. ### Path to on-premises Location 2 -As we discuss in the [control plane analysis](./connectivty-interoperability-control-plane.md), the on-premises Location 1 has no visibility to on-premises Location 2 per the network configuration. The following ping results confirm: +As we discuss in the control plane analysis, the on-premises Location 1 has no visibility to on-premises Location 2 per the network configuration. The following ping results confirm: ```console C:\Users\rb>ping 10.1.31.10 Trace complete. ### Path to the branch virtual network, on-premises Location 1, and the remote virtual network -As we discuss in the [control plane analysis](./connectivty-interoperability-control-plane.md), the on-premises Location 1 has no visibility to the branch virtual network, to on-premises Location 1, or to the remote virtual network per the network configuration. +As we discuss in the control plane analysis, the on-premises Location 1 has no visibility to the branch virtual network, to on-premises Location 1, or to the remote virtual network per the network configuration. ## Data path from the remote virtual network Trace complete. ### Path to the branch virtual network and on-premises Location 2 -As we discuss in the [control plane analysis](./connectivty-interoperability-control-plane.md), the remote virtual network has no visibility to the branch virtual network or to on-premises Location 2 per the network configuration. +As we discuss in the control plane analysis, the remote virtual network has no visibility to the branch virtual network or to on-premises Location 2 per the network configuration. ### Path to on-premises Location 1 See the [ExpressRoute FAQ](../expressroute/expressroute-faqs.md) to: - Learn how many ExpressRoute gateways you can connect to an ExpressRoute circuit. -- Learn about other scale limits of ExpressRoute.+- Learn about other scale limits of ExpressRoute. |
| networking | Connectivity Interoperability Preface | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/networking/connectivity-interoperability-preface.md | For more information, see [What is VPN Gateway?](../vpn-gateway/vpn-gateway-abou ## Next steps -Learn about [configuration details](connectivty-interoperability-configuration.md) for the test topology. --Learn about [control plane analysis](connectivty-interoperability-control-plane.md) of the test setup and the views of different virtual networks or VLANs in the topology. --Learn about the [data plane analysis](connectivty-interoperability-data-plane.md) of the test setup and Azure network monitoring feature views. - See the [ExpressRoute FAQ](../expressroute/expressroute-faqs.md) to: - Learn how many ExpressRoute circuits you can connect to an ExpressRoute gateway. - Learn how many ExpressRoute gateways you can connect to an ExpressRoute circuit. -- Learn about other scale limits of ExpressRoute.+- Learn about other scale limits of ExpressRoute. |
| notification-hubs | Notification Hubs Baidu China Android Notifications Get Started | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/notification-hubs/notification-hubs-baidu-china-android-notifications-get-started.md | Make a note of the `DefaultListenSharedAccessSignature` and `DefaultFullSharedAc Set the value of the `API_KEY` string with the API_KEY from the Baidu Cloud Project. - Set the value of the `NotificationHubName` string with your notification hub name from the [Azure portal]; and then `NotificationHubConnectionString` with `DefaultListenSharedAccessSignature` from the [Azure portal]. + Set the value of the `NotificationHubName` string with your notification hub name from the [Azure portal] and then `NotificationHubConnectionString` with `DefaultListenSharedAccessSignature` from the [Azure portal]. 11. Open MainActivity.java, and add the following to the onCreate method: Make a note of the `DefaultListenSharedAccessSignature` and `DefaultFullSharedAc ## Send notifications to your app -You can quickly test receiving notifications from the [Azure portal]: use the **Send** button in the notification hub configuration screen, as shown in the following screens: +You can quickly test receiving notifications from the [Azure portal] via the **Send** button in the notification hub configuration screen, as shown in the following screens:   To test this app with the emulator, on the Android Studio top toolbar, click **R The app retrieves the `userId` and `channelId` from the Baidu Push notification service and registers with the notification hub. -To send a test notification, you can use the debug tab of the [Azure portal]. If you built the .NET console application for Visual Studio, just press the F5 key in Visual Studio to run the application. The application sends a notification that appears in the top notification area of your device or emulator. +To send a test notification, you can use the debug tab of the [Azure portal](https://portal.azure.com). If you built the .NET console application for Visual Studio, just press the F5 key in Visual Studio to run the application. The application sends a notification that appears in the top notification area of your device or emulator. <!-- URLs. --> [Mobile Services Android SDK]: https://go.microsoft.com/fwLink/?LinkID=280126&clcid=0x409 |
| notification-hubs | Notification Hubs High Availability | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/notification-hubs/notification-hubs-high-availability.md | Notification Hubs provides metadata disaster recovery coverage through cross-reg Cross-region disaster recovery options can be modified at any time. -Use the [Azure portal][] to edit an existing namespace. +Use the [Azure portal] to edit an existing namespace. #### Existing namespaces -1. Sign in to the [Azure portal][]. +1. Sign in to the [Azure portal]. 1. Select **All services** on the left menu. 1. Select **Notification Hub Namespaces** in the **Internet of Things** section. 1. On the **Notification Hub Namespaces** page, select the namespace for which you want to modify the disaster recovery settings. Use the [Azure portal quickstart][] procedure to set up a new namespace with ava - [Azure availability zones](/azure/availability-zones/az-overview) - [Azure services that support availability zones](/azure/availability-zones/az-region) - [Azure Notification Hubs]: notification-hubs-push-notification-overview.md - [Notification Hubs SLA]: https://azure.microsoft.com/support/legal/sla/notification-hubs/ - [Azure paired regions]: /azure/availability-zones/cross-region-replication-azure#azure-cross-region-replication-pairings-for-all-geographies - [availability zones]: /azure/availability-zones/az-overview - [Notification Hubs Pricing]: https://azure.microsoft.com/pricing/details/notification-hubs/ - [Azure portal]: https://portal.azure.com/ - [Azure portal quickstart]: create-notification-hub-portal.md - [sample code]: https://github.com/Azure/azure-notificationhubs-dotnet/tree/main/Samples/RedundantHubSample +[Azure Notification Hubs]: notification-hubs-push-notification-overview.md +[Notification Hubs SLA]: https://azure.microsoft.com/support/legal/sla/notification-hubs/ +[Azure paired regions]: /azure/availability-zones/cross-region-replication-azure#azure-cross-region-replication-pairings-for-all-geographies +[availability zones]: /azure/availability-zones/az-overview +[Notification Hubs Pricing]: https://azure.microsoft.com/pricing/details/notification-hubs/ +[Azure portal]: https://portal.azure.com/ +[Azure portal quickstart]: create-notification-hub-portal.md +[sample code]: https://github.com/Azure/azure-notificationhubs-dotnet/tree/main/Samples/RedundantHubSample |
| openshift | Howto Deploy Java Jboss Enterprise Application Platform App | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/openshift/howto-deploy-java-jboss-enterprise-application-platform-app.md | |
| operator-nexus | Howto Baremetal Bmc Ssh | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/operator-nexus/howto-baremetal-bmc-ssh.md | |
| operator-nexus | Howto Baremetal Bmm Ssh | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/operator-nexus/howto-baremetal-bmm-ssh.md | |
| operator-nexus | Howto Baremetal Functions | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/operator-nexus/howto-baremetal-functions.md | |
| operator-nexus | Howto Cluster Manager | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/operator-nexus/howto-cluster-manager.md | Last updated 01/23/2023 # ms.prod: used for on prem applications + # Cluster |
| operator-nexus | Howto Cluster Metrics Configuration Management | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/operator-nexus/howto-cluster-metrics-configuration-management.md | az networkcloud cluster metricsconfiguration delete \ ``` Specifying `--no-wait --debug` options in az command results in the execution of this command asynchronously. For more information, see [how to track asynchronous operations](howto-track-async-operations-cli.md).-- |
| operator-nexus | Howto Cluster Runtime Upgrade | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/operator-nexus/howto-cluster-runtime-upgrade.md | description: Learn to execute a cluster runtime upgrade for Operator Nexus -+ Last updated 06/06/2023 # |
| operator-nexus | Howto Kubernetes Service Load Balancer | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/operator-nexus/howto-kubernetes-service-load-balancer.md | This command assigns an IP address to the service from the IP pool `pool-2`. Adj > The IP address pool name is case-sensitive. Make sure to use the correct case when specifying the pool name. ## Next steps-You can try deploying a network function (NF) within your Nexus Kubernetes cluster utilizing the newly configured load balancer. This configuration allows you to test the load balancing capabilities and observe how traffic is distributed among the instances of your NF. +You can try deploying a network function (NF) within your Nexus Kubernetes cluster utilizing the newly configured load balancer. This configuration allows you to test the load balancing capabilities and observe how traffic is distributed among the instances of your NF. |
| operator-nexus | Quickstarts Kubernetes Cluster Deployment Arm | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/operator-nexus/quickstarts-kubernetes-cluster-deployment-arm.md | Once you have reviewed and saved the template file named ```kubernetes-add-agent ## Next steps [!INCLUDE [quickstart-nextsteps](./includes/kubernetes-cluster/quickstart-nextsteps.md)]- |
| operator-nexus | Quickstarts Kubernetes Cluster Deployment Bicep | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/operator-nexus/quickstarts-kubernetes-cluster-deployment-bicep.md | Once you have reviewed and saved the template file named ```kubernetes-add-agent ## Next steps |
| operator-nexus | Quickstarts Kubernetes Cluster Deployment Cli | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/operator-nexus/quickstarts-kubernetes-cluster-deployment-cli.md | |
| operator-nexus | Quickstarts Tenant Workload Deployment | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/operator-nexus/quickstarts-tenant-workload-deployment.md | |
| postgresql | Azure Pipelines Deploy Database Task | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/postgresql/flexible-server/azure-pipelines-deploy-database-task.md | You can see the full list of all the task inputs when using Azure CLI task with | :- | :-| | azureSubscription| (Required) Provide the Azure Resource Manager subscription for the deployment. This parameter is shown only when the selected task version is 0.* as Azure CLI task v1.0 supports only Azure Resource Manager subscriptions. | |scriptType| (Required) Provide the type of script. Supported scripts are PowerShell, PowerShell Core, Bat, Shell, and script. When running on a **Linux agent**, select one of the following: ```bash``` or ```pscore``` . When running **Windows agent**, select one of the following: ```batch```,```ps``` and ```pscore```. |-|sriptLocation| (Required) Provide the path to script, for example real file path or use ```Inline script``` when providing the scripts inline. The default value is ```scriptPath```. | +|scriptLocation| (Required) Provide the path to script, for example real file path or use ```Inline script``` when providing the scripts inline. The default value is ```scriptPath```. | |scriptPath| (Required) Fully qualified path of the script(.ps1 or .bat or .cmd when using Windows-based agent else <code>.ps1 </code> or <code>.sh </code> when using linux-based agent) or a path relative to the default working directory. | |inlineScript|(Required) You can write your scripts inline here. When using Windows agent, use PowerShell or PowerShell Core or batch scripting whereas use PowerShell Core or shell scripting when using Linux-based agents. For batch files use the prefix \"call\" before every Azure command. You can also pass predefined and custom variables to this script using arguments. <br/>Example for PowerShell/PowerShellCore/shell:``` az --version az account show``` <br/>Example for batch: ``` call az --version call az account show```. | | arguments| (Optional) Provide all the arguments passed to the script. For examples ```-SERVERNAME mydemoserver```. | |
| postgresql | Concepts High Availability | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/postgresql/flexible-server/concepts-high-availability.md | In both the failover modes, once the replication is severed, the standby server In all cases, you must observe any downtime from your application/client side. Your application will be able to reconnect after a failover as soon as the DNS is updated. We take care of a few more aspects including LSN comparisons between primary and standby before fencing the writes. But with unplanned failovers, the time taken for the standby can be longer than 2 minutes in some cases due to the volume of logs to recover before opening for read/write. -## HA status +## Monitoring for high availability -The health of primary and standby servers are continuously monitored and appropriate actions are taken to remediate issues including triggering a failover to the standby server. The high availability statuses are listed below: +The health of primary and standby servers are continuously monitored and appropriate actions are taken to remediate issues including triggering a failover to the standby server. Following is the list of high availability statuses that are reported on the overview page: | **Status** | **Description** | | - | | Here are some failure scenarios that require user action to recover: - Learn how to [manage high availability](./how-to-manage-high-availability-portal.md) - Learn about [backup and recovery](./concepts-backup-restore.md) + |
| postgresql | Concepts Major Version Upgrade | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/postgresql/flexible-server/concepts-major-version-upgrade.md | -Azure Database for PostgreSQL Flexible Server supports PostgreSQL versions 11, 12, 13, 14 and 15(preview). Postgres community releases a new major version containing new features about once a year. Additionally, major version receives periodic bug fixes in the form of minor releases. Minor version upgrades include changes that are backward-compatible with existing applications. Azure Database for PostgreSQL Flexible Service periodically updates the minor versions during customerΓÇÖs maintenance window. Major version upgrades are more complicated than minor version upgrades as they can include internal changes and new features that may not be backward-compatible with existing applications. ++Azure Database for PostgreSQL Flexible Server supports PostgreSQL versions 11, 12, 13, 14 and 15. Postgres community releases a new major version containing new features about once a year. Additionally, major version receives periodic bug fixes in the form of minor releases. Minor version upgrades include changes that are backward-compatible with existing applications. Azure Database for PostgreSQL Flexible Server periodically updates the minor versions during customerΓÇÖs maintenance window. Major version upgrades are more complicated than minor version upgrades as they can include internal changes and new features that may not be backward-compatible with existing applications. Azure Database for PostgreSQL Flexible Server Postgres has now introduced in-place major version upgrade feature that performs an in-place upgrade of the server with just a click. In-place major version upgrade simplifies the upgrade process minimizing the disruption to users and applications accessing the server. In-place upgrades are a simpler way to upgrade the major version of the instance, as they retain the server name and other settings of the current server after the upgrade, and don't require data migration or changes to the application connection strings. In-place upgrades are faster and involve shorter downtime than data migration. |
| postgresql | Create Automation Tasks | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/postgresql/flexible-server/create-automation-tasks.md | Last updated 07/13/2023 # Manage Azure Database for PostgreSQL - Flexible Server using automation tasks (preview) + > [!IMPORTANT] > This capability is in preview and is subject to the > [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/). Creating an automation task doesn't immediately incur charges. Underneath, an au * An Azure account and subscription. * Azure Database for PostgreSQL Flexible Server that you want to manage. -## Create an automation task +## Create an automation task to stop server 1. In the [Azure portal](https://portal.azure.com), find the PostgreSQL Flexible Server resource that you want to manage. 1. On the resource navigation menu, in the **Automation** section, select **Tasks (preview)**. The task you've created, which is automatically live and running, will appear on  +## Create an automation task to start server ++You can apply the same steps outlined above to create a seperate automation tasks for starting of the PostgreSQL Flexible Server at a specific time. Here's how: ++1. Follow the same steps as outlined in the "Create an automation task" section until you reach the "Select a template" stage. +1. Here, instead of selecting the task for "Stop PostgreSQL Flexible Server," you will select the template for "Start PostgreSQL Flexible Server." +1. Proceed to fill in the rest of the required details as described in the subsequent steps, defining the specific schedule at which you want the server to start in the 'Configure' section. + ## Review task history To view a task's history of runs along with their status: |
| postgresql | How To Manage Server Cli | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/postgresql/flexible-server/how-to-manage-server-cli.md | az account set --subscription <subscription id> ## Scale compute and storage +> [!IMPORTANT] +> To scale the storage or compute, you must have at minimum READ permission on the owning resource group. + You can easily scale up your compute tier, vCores, and storage by using the following command. For a list of all the server operations you can run, see the [az postgres flexible-server](/cli/azure/postgres/flexible-server) overview. ```azurecli-interactive |
| postgresql | Release Notes Api | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/postgresql/flexible-server/release-notes-api.md | Last updated 06/06/2023 [!INCLUDE [applies-to-postgresql-flexible-server](../includes/applies-to-postgresql-flexible-server.md)] -This page provides latest news and updates regarding the recommended API versions to be used. The API versions that are not listed here might be supported, but will be retired soon. +This page provides latest news and updates regarding the recommended API versions to be used. **The API versions that are not listed here might be supported, but will be retired soon.** The documentation for the latest Stable API version is available [here](/rest/api/postgresql/). ## API Releases +> [!NOTE] +> Every Stable and Preview API version is cummulative. This means that it includes the previous features in addition to the features included under the Comments column. + | API Version | Stable/Preview | Comments | | | | | | 2023-03-01-preview | Preview | New GA version features (2022-12-01) +<br>Geo + CMK<br>Storage auto growth<br>IOPS scaling<br>New location capability api<br>Azure Defender<br>Server Logs<br>Migrations<br> |-| 2022-12-01 | Stable (GA) | Earlier GA features +<br>AAD<br>CMK<br>Backups<br>Administrators<br>Replicas<br>GeoRestore<br>MVU<br> | +| [2022-12-01](/rest/api/postgresql/) | Stable (GA) | Earlier GA features +<br>AAD<br>CMK<br>Backups<br>Administrators<br>Replicas<br>GeoRestore<br>MVU<br> | | 2022-05-01-preview | Preview | CheckMigrationNameAvailability<br>Migrations<br> | | 2021-06-01 | Stable (GA) | Earlier GA features +<br>Server CRUD<br>CheckNameAvailability<br>Configurations (Server parameters)<br>Database<br>Firewall rules<br>Private<br>DNS zone suffix<br>PITR<br>Server Restart<br>Server Start<br>Server Stop<br>Maintenance window<br>Virtual network subnet usage<br> | |
| postgresql | Release Notes | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/postgresql/flexible-server/release-notes.md | This page provides latest news and updates regarding feature additions, engine v ## Release: July 2023 * Support for [minor versions](./concepts-supported-versions.md) 15.3 (preview), 14.8, 13.11, 12.15, 11.20 <sup>$</sup> * General Availability of PostgreSQL 15 for Azure Database for PostgreSQL ΓÇô Flexible Server.+* Public preview of [Automation Tasks](./create-automation-tasks.md) for Azure Database for PostgreSQL ΓÇô Flexible Server. ## Release: June 2023 * Support for [minor versions](./concepts-supported-versions.md) 15.2 (preview), 14.7, 13.10, 12.14, 11.19 <sup>$</sup> This page provides latest news and updates regarding feature additions, engine v ## Release: March 2023 * General availability of [Read Replica](concepts-read-replicas.md) for Azure Database for PostgreSQL ΓÇô Flexible Server. * Public preview of [PgBouncer Metrics](./concepts-monitoring.md#pgbouncer-metrics) for Azure Database for PostgreSQL ΓÇô Flexible Server.-* General availability of [Azure Monitor workbooks](./concepts-workbooks.md) for Azure Database for PostgreSQL ΓÇô Flexible Server. +* General availability of [Azure Monitor workbooks](./concepts-workbooks.md) for Azure Database for PostgreSQL ΓÇô Flexible Server ## Release: February 2023 * Public preview of [Autovacuum Metrics](./concepts-monitoring.md#autovacuum-metrics) for Azure Database for PostgreSQL ΓÇô Flexible Server. |
| private-link | Tutorial Private Endpoint Storage Portal | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/private-link/tutorial-private-endpoint-storage-portal.md | |
| private-link | Tutorial Private Endpoint Webapp Portal | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/private-link/tutorial-private-endpoint-webapp-portal.md | - Title: 'Tutorial: Connect to a web app using an Azure Private endpoint'- -description: Get started with this tutorial using Azure Private endpoint to connect to a webapp privately. ---- Previously updated : 06/22/2022----# Tutorial: Connect to a web app using an Azure Private Endpoint --Azure Private endpoint is the fundamental building block for Private Link in Azure. It enables Azure resources, like virtual machines (VMs), to privately and securely communicate with Private Link resources such as a web app. --In this tutorial, you learn how to: --> [!div class="checklist"] -> * Create a virtual network and bastion host. -> * Create a virtual machine. -> * Create a web app. -> * Create a private endpoint. -> * Test connectivity to the web app private endpoint. --If you don't have an Azure subscription, create a [free account](https://azure.microsoft.com/free/?WT.mc_id=A261C142F) before you begin. --> [!Note] -> Private Endpoint is available in public regions for PremiumV2-tier, PremiumV3-tier Windows web apps, Linux web apps, and the Azure Functions Premium plan (sometimes referred to as the Elastic Premium plan). --## Prerequisites --* An Azure subscription --## Sign in to Azure --Sign in to the [Azure portal](https://portal.azure.com). --## Create a virtual network and bastion host --In this section, you'll create a virtual network, subnet, and bastion host. --The bastion host will be used to connect securely to the virtual machine for testing the private endpoint. --1. On the upper-left side of the screen, select **Create a resource > Networking > Virtual network** or search for **Virtual network** in the search box. --2. In **Create virtual network**, enter or select this information in the **Basics** tab: -- | Setting | Value | - ||--| - | **Project Details** | | - | Subscription | Select your Azure subscription. | - | Resource Group | Select **Create new**. </br> Enter **myResourceGroup** in **Name**. </br> Select **OK**. | - | **Instance details** | | - | Name | Enter **myVNet**. | - | Region | Select **East US**. | --3. Select the **IP Addresses** tab or select the **Next: IP Addresses** button at the bottom of the page. --4. In the **IP Addresses** tab, enter this information: -- | Setting | Value | - |--|-| - | IPv4 address space | Enter **10.1.0.0/16**. | --5. Under **Subnet name**, select the word **default**. --6. In **Edit subnet**, enter this information: -- | Setting | Value | - |--|-| - | Subnet name | Enter **mySubnet**. | - | Subnet address range | Enter **10.1.0.0/24**. | --7. Select **Save**. --8. Select the **Security** tab. --9. Under **BastionHost**, select **Enable**. Enter this information: -- | Setting | Value | - |--|-| - | Bastion name | Enter **myBastionHost**. | - | AzureBastionSubnet address space | Enter **10.1.1.0/24**. | - | Public IP Address | Select **Create new**. </br> For **Name**, enter **myBastionIP**. </br> Select **OK**. | --8. Select the **Review + create** tab or select the **Review + create** button. --9. Select **Create**. --## Create a virtual machine --In this section, you'll create a virtual machine that will be used to test the private endpoint. --1. On the upper-left side of the portal, select **Create a resource** > **Compute** > **Virtual machine** or search for **Virtual machine** in the search box. - -2. In **Create a virtual machine**, type or select the values in the **Basics** tab: -- | Setting | Value | - |--|-| - | **Project Details** | | - | Subscription | Select your Azure subscription. | - | Resource Group | Select **myResourceGroup**. | - | **Instance details** | | - | Virtual machine name | Enter **myVM**. | - | Region | Select **(US) East US**. | - | Availability Options | Select **No infrastructure redundancy required**. | - | Security type | Select **Standard**. | - | Image | Select **Windows Server 2019 Datacenter - Gen2**. | - | Azure Spot instance | Select **No**. | - | Size | Choose VM size or take default setting. | - | **Administrator account** | | - | Username | Enter a username. | - | Password | Enter a password. | - | Confirm password | Reenter password. | --3. Select the **Networking** tab, or select **Next: Disks**, then **Next: Networking**. - -4. In the Networking tab, select this information: -- | Setting | Value | - |-|-| - | **Network interface** | | - | Virtual network | Select **myVNet**. | - | Subnet | Select **mySubnet**. | - | Public IP | Select **None**. | - | NIC network security group | Select **Basic**. | - | Public inbound ports | Select **None**. | - -5. Select **Review + create**. - -6. Review the settings, and then select **Create**. ---## Create a web app --In this section, you'll create a web app. --1. In the left-hand menu, select **Create a resource** > **Web** > **Web App**, or search for **Web App** in the search box. --2. In the **Basics** tab of **Create Web App** enter or select the following information: -- | Setting | Value | - |--|-| - | **Project Details** | | - | Subscription | Select your Azure subscription. | - | Resource Group | Select **myResourceGroup**. | - | **Instance details** | | - | Name | Enter **mywebapp**. If the name is unavailable, enter a unique name. | - | Publish | Select **Code**. | - | Runtime stack | Select **.NET Core 3.1 (LTS)**. | - | Operating System | Select **Windows**. | - | Region | Select **East US**. | - | **App Service Plan** | | - | Windows Plan (East US) | Select **Create new**. </br> Enter **myServicePlan** in **Name**. </br> Select **OK**. | - | Sku and size | Select **Change size**. </br> Select **P2V2** in the **Spec Picker** page. </br> Select **Apply**. | - | **Zone redundancy** | | - | Zone redundancy | Select **Disabled**. | - -3. Select **Review + create**. --4. Select **Create**. -- :::image type="content" source="./media/tutorial-private-endpoint-webapp-portal/create-web-app-inline.png" alt-text="Screenshot of Create Web App page showing the settings used in the Basics tab to create the web app." lightbox="./media/tutorial-private-endpoint-webapp-portal/create-web-app-expanded.png"::: --## Create private endpoint --1. In the left-hand menu, select **All Resources** > **mywebapp** or the name you chose during web app creation. --2. In the web app overview, select **Settings** > **Networking**. --3. In **Networking**, select **Private endpoints**. --4. Select **+ Add** in the **Private Endpoint connections** page. --5. Enter or select the following information in the **Add Private Endpoint** page: -- | Setting | Value | - | - | -- | - | Name | Enter **mywebappendpoint**. | - | Subscription | Select your Azure subscription. | - | Virtual network | Select **myVNet**. | - | Subnet | Select **mySubnet**. | - | Integrate with private DNS zone | Select **Yes**. | --6. Select **OK**. -- :::image type="content" source="./media/tutorial-private-endpoint-webapp-portal/add-private-endpoint-inline.png" alt-text="Screenshot of Add Private Endpoint page showing the settings used to create the private endpoint." lightbox="./media/tutorial-private-endpoint-webapp-portal/add-private-endpoint-expanded.png"::: --## Test connectivity to private endpoint --In this section, you'll use the virtual machine you created in the previous step to connect to the web app across the private endpoint. --1. Select **Resource groups** in the left-hand navigation pane. --2. Select **myResourceGroup**. --3. Select **myVM**. --4. On the overview page for **myVM**, select **Connect** then **Bastion**. --5. Enter the username and password that you entered during the virtual machine creation. --6. Select **Connect** button. --7. Open Windows PowerShell on the server after you connect. --8. Enter `nslookup <webapp-name>.azurewebsites.net`. Replace **\<webapp-name>** with the name of the web app you created in the previous steps. You'll receive a message similar to what is displayed below: -- ```powershell - Server: UnKnown - Address: 168.63.129.16 -- Non-authoritative answer: - Name: mywebapp.privatelink.azurewebsites.net - Address: 10.1.0.5 - Aliases: mywebapp.azurewebsites.net - ``` -- A private IP address of **10.1.0.5** is returned for the web app name. This address is in **mySubnet** subnet of **myVNet** virtual network you created previously. --9. Open Internet Explorer, and enter the URL of your web app, `https://<webapp-name>.azurewebsites.net`. --10. Verify you receive the default web app page. -- :::image type="content" source="./media/tutorial-private-endpoint-webapp-portal/web-app-default-page.png" alt-text="Screenshot of Internet Explorer showing default web app page." border="true"::: --11. Close the connection to **myVM**. --12. Open a web browser on your local computer and enter the URL of your web app, `https://<webapp-name>.azurewebsites.net`. --13. Verify that you receive a **403** page. This page indicates that the web app isn't accessible externally. -- :::image type="content" source="./media/tutorial-private-endpoint-webapp-portal/web-app-ext-403.png" alt-text="Screenshot of web browser showing a blue page with Error 403 for external web app address." border="true"::: --## Clean up resources --If you're not going to continue to use this application, delete the virtual network, virtual machine, and web app with the following steps: --1. From the left-hand menu, select **Resource groups**. --2. Select **myResourceGroup**. --3. Select **Delete resource group**. --4. Enter **myResourceGroup** in **TYPE THE RESOURCE GROUP NAME**. --5. Select **Delete**. --## Next steps --Learn how to connect to an Azure SQL server using an Azure Private Endpoint: -> [!div class="nextstepaction"] -> [Connect to Azure SQL server using Private Endpoint](tutorial-private-endpoint-sql-portal.md) |
| purview | Concept Best Practices Glossary | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/purview/concept-best-practices-glossary.md | Microsoft Purview supports having multiple business glossaries managed within Mi - Other bulk edit operations can be performed by using the Atlas API. An example would be using the API to add descriptions or other custom properties to assets in bulk programmatically. ## Next steps-- [Import and export glossary terms](./how-to-import-export-glossary.md)-- [Create and manage glossary terms](./how-to-create-manage-glossary-term.md)++- [Import and export glossary terms](./how-to-import-export-glossary.md) +- [Best practices for describing data with terms, tags, managed attributes, and business assets](concept-best-practices-annotating-data.md) +- [Create and manage glossaries](how-to-create-manage-glossary.md) +- [Create and manage terms](how-to-create-manage-glossary-term.md) +- [Manage term templates](how-to-manage-term-templates.md) +- [Browse the data catalog in Microsoft Purview](how-to-browse-catalog.md) |
| purview | Concept Business Glossary | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/purview/concept-business-glossary.md | Microsoft Purview supports these out-of-the-box attributes for any business glos - Definition - Stewards - Experts-- Acronym-- Synonyms-- Related terms - Resources-- Parent term These attributes can't be edited or deleted, but only the Name is mandatory to create a glossary term. However, these attributes aren't sufficient to completely define a term in an organization. To solve this problem, Microsoft Purview provides a feature where you can define custom attributes for your glossary. +## Relationships between terms ++Microsoft Purview supports these out-of-the-box relationships for terms: ++- Parent/child term +- Acronym +- Synonyms +- Related terms ++**Relationship definitions in the glossary are bi-directional:** Every relationship between terms is a two-way relationship. This means that if term A is related to term B, then term B is also related to term A. ++Anytime you populate a relationship in one direction, Purview automatically adds the reverse relationship for you. For example, if you add term A as a synonym for term B, Purview automatically adds term B as a synonym for term A. + ## Term templates Term Templates provides glossary custom attributes to be logically grouped together in catalog. The feature allows you to group all the relevant custom attributes together in a template and then apply the template while creating the glossary term. For example, all finance- related custom attributes like cost center, profit center, accounting code can be grouped in a term template Finance Template and the Finance template can be used to create financial glossary terms. Sensitivity labels are a type of annotation that allows you to classify and prot ## Next steps -- [Manage Term Templates](how-to-manage-term-templates.md)+- [Create and manage glossaries](how-to-create-manage-glossary.md) +- [Create and manage terms](how-to-create-manage-glossary-term.md) +- [Manage term templates](how-to-manage-term-templates.md) +- [Best practices for describing data with terms, tags, managed attributes, and business assets](concept-best-practices-annotating-data.md) - [Browse the data catalog in Microsoft Purview](how-to-browse-catalog.md) |
| purview | How To Create Manage Glossary Term | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/purview/how-to-create-manage-glossary-term.md | To create a glossary term, follow these steps: 1. On the **Business glossary** page, select the glossary you would like to create the new term for, then select **+ New term**. A term can only be added to one glossary at a time. > [!NOTE]- > For more information about creating and managing glossaries see the [manage glossaries page.](how-to-create-manage-glossary.md) + > Each glossary supports a maximum of 100,000 terms. For more information about creating and managing glossaries see the [manage glossaries page.](how-to-create-manage-glossary.md) A pane opens with the **System default** template selected. Choose the template, or templates, that you want to use to create a glossary term, and then select **Continue**. Selecting multiple templates will allow you to use the custom attributes from those templates. To create a glossary term, follow these steps: 1. Add **Resources** and **Acronym** information. If the term is part of a hierarchy, you can add parent terms at **Parent** on the **Overview** tab. -1. Add **Synonyms** and **Related terms** information on the **Related** tab, and then select **Apply**. +1. To establish relationships with other terms, add **Synonyms** and **Related terms** information on the **Related** tab, and then select **Apply**. :::image type="content" source="media/how-to-create-import-export-glossary/related-tab.png" alt-text="Screenshot of tab for related terms and the box for adding synonyms." border="true"::: + 1. Optionally, select the **Contacts** tab to add experts and stewards to your term. 1. Select **Create** to create your term. |
| purview | How To Manage Quotas | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/purview/how-to-manage-quotas.md | This article highlights the limits that currently exist in the Microsoft Purview |Maximum length of an asset name and classification name|4 KB|4 KB| |Maximum length of asset property name and value|32 KB|32 KB| |Maximum length of classification attribute name and value|32 KB|32 KB|-|Maximum number of glossary terms, per account|100K|100K| +|Maximum number of glossary terms, per glossary|100K|100K| |Maximum number of self-service policies, per account|3K|3K| \* Self-hosted integration runtime scenarios aren't included in the limits defined in the above table. |
| role-based-access-control | Rbac And Directory Admin Roles | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/role-based-access-control/rbac-and-directory-admin-roles.md | At a high level, Azure roles control permissions to manage Azure resources, whil | Manage access to Azure resources | Manage access to Azure Active Directory resources | | Supports custom roles | Supports custom roles | | Scope can be specified at multiple levels (management group, subscription, resource group, resource) | [Scope](../active-directory/roles/custom-overview.md#scope) can be specified at the tenant level (organization-wide), administrative unit, or on an individual object (for example, a specific application) |-| Role information can be accessed in Azure portal, Azure CLI, Azure PowerShell, Azure Resource Manager templates, REST API | Role information can be accessed in Azure admin portal, Microsoft 365 admin center, Microsoft Graph, AzureAD PowerShell | +| Role information can be accessed in Azure portal, Azure CLI, Azure PowerShell, Azure Resource Manager templates, REST API | Role information can be accessed in the Azure admin portal, Microsoft 365 admin center, Microsoft Graph, AzureAD PowerShell | ### Do Azure roles and Azure AD roles overlap? |
| sap | Dbms Guide Maxdb | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/sap/workloads/dbms-guide-maxdb.md | -[azure-portal]:https://portal.azure.com [azure-ps]:/powershell/azure/ [azure-quickstart-templates-github]:https://github.com/Azure/azure-quickstart-templates [azure-script-ps]:https://go.microsoft.com/fwlink/p/?LinkID=395017 |
| sap | High Availability Guide Suse Pacemaker | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/sap/workloads/high-availability-guide-suse-pacemaker.md | |
| search | Search Get Started Semantic | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/search/search-get-started-semantic.md | |
| search | Search Get Started Text | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/search/search-get-started-text.md | |
| search | Search Get Started Vector | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/search/search-get-started-vector.md | api-key: {{admin-api-key}} -0.00086512347 ], "fields": "contentVector",- "select": "title, content, category" "k": 10 }, ],+ "select": "title, content, category", "filter": "category eq 'Databases'" } ``` |
| sentinel | Connect Services Windows Based | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/sentinel/connect-services-windows-based.md | Title: Connect Microsoft Sentinel to other Microsoft services with a Windows age description: Learn how to connect Microsoft Sentinel to Microsoft services with Windows agent-based connections. Previously updated : 02/24/2023 Last updated : 07/18/2023 This article presents information that is common to the group of Windows agent-b [!INCLUDE [reference-to-feature-availability](includes/reference-to-feature-availability.md)] -The [Windows DNS Events via AMA connector (Preview)](connect-dns-ama.md) also uses the Azure Monitor Agent. This connector streams and filter events from Windows Domain Name System (DNS) server logs. - ## Azure Monitor Agent Some connectors based on the Azure Monitor Agent (AMA) are currently in **PREVIEW**. See the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for additional legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability. -The Azure Monitor Agent is currently supported only for Windows Security Events and Windows Forwarded Events. +The Azure Monitor Agent is currently supported only for Windows Security Events, Windows Forwarded Events, and Windows DNS Events. The [Azure Monitor agent](../azure-monitor/agents/azure-monitor-agent-overview.md) uses **Data collection rules (DCRs)** to define the data to collect from each agent. Data collection rules offer you two distinct advantages: For more information, see [Gather insights about your DNS infrastructure with th For more information, see: - [Microsoft Sentinel solutions catalog](sentinel-solutions-catalog.md)-- [Threat intelligence integration in Microsoft Sentinel](threat-intelligence-integration.md)+- [Threat intelligence integration in Microsoft Sentinel](threat-intelligence-integration.md) |
| sentinel | Geographical Availability Data Residency | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/sentinel/geographical-availability-data-residency.md | Microsoft Sentinel can run on workspaces in the following regions: |North America |South America |Asia |Europe |Australia |Africa | |||||||-|**US**<br><br>ΓÇó Central US<br>ΓÇó Central US EUAP<br>ΓÇó East US<br>ΓÇó East US 2<br>ΓÇó East US 2 EUAP<br>ΓÇó North Central US<br>ΓÇó South Central US<br>ΓÇó West US<br>ΓÇó West US 2<br>ΓÇó West US 3<br>ΓÇó West Central US<br>ΓÇó USNat East<br>ΓÇó USNat West<br>ΓÇó USSec East<br>ΓÇó USSec West<br><br>**Azure government**<br><br>ΓÇó USGov Non-Regional<br>ΓÇó USGov Arizona<br>ΓÇó USGov Texas<br>ΓÇó USGov Virginia<br><br>**Canada**<br><br>ΓÇó Canada Central |ΓÇó Brazil South<br>ΓÇó Brazil Southeast |ΓÇó East Asia<br>ΓÇó Southeast Asia<br>ΓÇó Qatar Central<br><br>**Japan**<br><br>ΓÇó Japan East<br>ΓÇó Japan West<br><br>**China 21Vianet**<br><br>ΓÇó China East 2<br><br>**India**<br><br>ΓÇó Central India<br>ΓÇó South India<br>ΓÇó West India<br>ΓÇó Jio India West<br>ΓÇó Jio India Central<br><br>**Korea**<br><br>ΓÇó Korea Central<br>ΓÇó Korea South<br><br>**Malaysia**<br><br>ΓÇó Malaysia South<br><br>**UAE**<br><br>ΓÇó UAE Central<br>ΓÇó UAE North |ΓÇó North Europe<br>ΓÇó West Europe<br><br>**France**<br><br>ΓÇó France Central<br>ΓÇó France South<br><br>**Germany**<br><br>ΓÇó Germany West Central<br>ΓÇó Germany North<br><br>**Norway**<br><br>ΓÇó Norway East<br>ΓÇó Norway West<br><br>**Switzerland**<br><br>ΓÇó Switzerland North<br>ΓÇó Switzerland West<br><br>**UK**<br><br>ΓÇó UK South<br>ΓÇó UK West |ΓÇó Australia Central<br>Australia Central 2<br>ΓÇó Australia East<br>ΓÇó Australia Southeast |ΓÇó South Africa North<br>ΓÇó South Africa West | +|**US**<br><br>ΓÇó Central US<br>ΓÇó Central US EUAP<br>ΓÇó East US<br>ΓÇó East US 2<br>ΓÇó East US 2 EUAP<br>ΓÇó North Central US<br>ΓÇó South Central US<br>ΓÇó West US<br>ΓÇó West US 2<br>ΓÇó West US 3<br>ΓÇó West Central US<br>ΓÇó USNat East<br>ΓÇó USNat West<br>ΓÇó USSec East<br>ΓÇó USSec West<br><br>**Azure government**<br><br>ΓÇó USGov Non-Regional<br>ΓÇó USGov Arizona<br>ΓÇó USGov Texas<br>ΓÇó USGov Virginia<br><br>**Canada**<br><br>ΓÇó Canada Central<br>ΓÇó Canada East |ΓÇó Brazil South<br>ΓÇó Brazil Southeast |ΓÇó East Asia<br>ΓÇó Southeast Asia<br>ΓÇó Qatar Central<br><br>**Japan**<br><br>ΓÇó Japan East<br>ΓÇó Japan West<br><br>**China 21Vianet**<br><br>ΓÇó China East 2<br><br>**India**<br><br>ΓÇó Central India<br>ΓÇó South India<br>ΓÇó West India<br>ΓÇó Jio India West<br>ΓÇó Jio India Central<br><br>**Korea**<br><br>ΓÇó Korea Central<br>ΓÇó Korea South<br><br>**Malaysia**<br><br>ΓÇó Malaysia South<br><br>**UAE**<br><br>ΓÇó UAE Central<br>ΓÇó UAE North |ΓÇó North Europe<br>ΓÇó West Europe<br><br>**France**<br><br>ΓÇó France Central<br>ΓÇó France South<br><br>**Germany**<br><br>ΓÇó Germany West Central<br>ΓÇó Germany North<br><br>**Norway**<br><br>ΓÇó Norway East<br>ΓÇó Norway West<br><br>**Switzerland**<br><br>ΓÇó Switzerland North<br>ΓÇó Switzerland West<br><br>**UK**<br><br>ΓÇó UK South<br>ΓÇó UK West |ΓÇó Australia Central<br>Australia Central 2<br>ΓÇó Australia East<br>ΓÇó Australia Southeast |ΓÇó South Africa North<br>ΓÇó South Africa West | |
| service-bus-messaging | Service Bus Amqp Dotnet | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/service-bus-messaging/service-bus-amqp-dotnet.md | For example, `Endpoint=sb://[namespace].servicebus.windows.net/;SharedAccessKeyName=RootManageSharedAccessKey;SharedAccessKey=[SAS key];TransportType=Amqp` -Where `namespace` and `SAS key` are obtained from the [Azure portal][Azure portal] when you create a Service Bus namespace. For more information, see [Create a Service Bus namespace using the Azure portal][Create a Service Bus namespace using the Azure portal]. +Where `namespace` and `SAS key` are obtained from the [Azure portal] when you create a Service Bus namespace. For more information, see [Create a Service Bus namespace using the Azure portal][Create a Service Bus namespace using the Azure portal]. ### AMQP over WebSockets To use AMQP over WebSockets, set `TransportType` in the connection string to `AmqpWebSockets`. For example: `Endpoint=sb://[namespace].servicebus.windows.net/;SharedAccessKeyName=RootManageSharedAccessKey;SharedAccessKey=[SAS key];TransportType=AmqpWebSockets`. |
| service-bus-messaging | Service Bus Azure And Service Bus Queues Compared Contrasted | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/service-bus-messaging/service-bus-azure-and-service-bus-queues-compared-contrasted.md | This section compares Storage queues and Service Bus queues from the perspective ### Additional information * Service Bus enforces queue size limits. The maximum queue size is specified when creating a queue. It can be between 1 GB and 80 GB. If the queue's size reaches this limit, additional incoming messages will be rejected and the caller receives an exception. For more information about quotas in Service Bus, see [Service Bus Quotas](service-bus-quotas.md).-* In the Standard messaging tier, you can create Service Bus queues and topics in 1 (default), 2, 3, 4, or 5-GB sizes. When enabling partitioning in the Standard tier, Service Bus creates 16 copies (16 partitions) of the entity, each of the same size specified. As such, if you create a queue that's 5 GB in size, with 16 partitions the maximum queue size becomes (5 * 16) = 80 GB. You can see the maximum size of your partitioned queue or topic in the [Azure portal][Azure portal]. +* In the Standard messaging tier, you can create Service Bus queues and topics in 1 (default), 2, 3, 4, or 5-GB sizes. When enabling partitioning in the Standard tier, Service Bus creates 16 copies (16 partitions) of the entity, each of the same size specified. As such, if you create a queue that's 5 GB in size, with 16 partitions the maximum queue size becomes (5 * 16) = 80 GB. You can see the maximum size of your partitioned queue or topic in the [Azure portal]. * With Storage queues, if the content of the message isn't XML-safe, then it must be **Base64** encoded. If you **Base64**-encode the message, the user payload can be up to 48 KB, instead of 64 KB. * With Service Bus queues, each message stored in a queue is composed of two parts: a header and a body. The total size of the message can't exceed the maximum message size supported by the service tier. * When clients communicate with Service Bus queues over the TCP protocol, the maximum number of concurrent connections to a single Service Bus queue is limited to 100. This number is shared between senders and receivers. If this quota is reached, requests for additional connections will be rejected and an exception will be received by the calling code. This limit isn't imposed on clients connecting to the queues using REST-based API.-* If you require more than 10,000 queues in a single Service Bus namespace, you can contact the Azure support team and request an increase. To scale beyond 10,000 queues with Service Bus, you can also create additional namespaces using the [Azure portal][Azure portal]. +* If you require more than 10,000 queues in a single Service Bus namespace, you can contact the Azure support team and request an increase. To scale beyond 10,000 queues with Service Bus, you can also create additional namespaces using the [Azure portal]. ## Management and operations This section compares the management features provided by Storage queues and Service Bus queues. |
| service-bus-messaging | Service Bus Quickstart Portal | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/service-bus-messaging/service-bus-quickstart-portal.md | -This quickstart shows you how to create a Service Bus namespace and a queue using the [Azure portal][Azure portal]. It also shows you how to get authorization credentials that a client application can use to send/receive messages to/from the queue. ++This quickstart shows you how to create a Service Bus namespace and a queue using the [Azure portal]. It also shows you how to get authorization credentials that a client application can use to send/receive messages to/from the queue. [!INCLUDE [howto-service-bus-queues](../../includes/howto-service-bus-queues.md)] |
| service-bus-messaging | Service Bus Sas | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/service-bus-messaging/service-bus-sas.md | The 'Manage' right includes the 'Send' and 'Receive' rights. A namespace or entity policy can hold up to 12 Shared Access Authorization rules, providing room for three sets of rules, each covering the basic rights and the combination of Send and Listen. This limit is per entity, meaning the namespace and each entity can have up to 12 Shared Access Authorization rules. This limit underlines that the SAS policy store isn't intended to be a user or service account store. If your application needs to grant access to Service Bus based on user or service identities, it should implement a security token service that issues SAS tokens after an authentication and access check. -An authorization rule is assigned a *Primary Key* and a *Secondary Key*. These keys are cryptographically strong keys. Don't lose them or leak them - they'll always be available in the [Azure portal][Azure portal]. You can use either of the generated keys, and you can regenerate them at any time. If you regenerate or change a key in the policy, all previously issued tokens based on that key become instantly invalid. However, ongoing connections created based on such tokens will continue to work until the token expires. +An authorization rule is assigned a *Primary Key* and a *Secondary Key*. These keys are cryptographically strong keys. Don't lose them or leak them - they'll always be available in the [Azure portal]. You can use either of the generated keys, and you can regenerate them at any time. If you regenerate or change a key in the policy, all previously issued tokens based on that key become instantly invalid. However, ongoing connections created based on such tokens will continue to work until the token expires. When you create a Service Bus namespace, a policy rule named **RootManageSharedAccessKey** is automatically created for the namespace. This policy has Manage permissions for the entire namespace. It's recommended that you treat this rule like an administrative **root** account and don't use it in your application. You can create more policy rules in the **Configure** tab for the namespace in the portal, via PowerShell or Azure CLI. |
| service-fabric | Service Fabric Cluster Creation Setup Aad | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/service-fabric/service-fabric-cluster-creation-setup-aad.md | After setting up Azure Active Directory applications and setting roles for users <!-- Links --> [azure-cli]: /cli/azure/get-started-with-azure-cli-[azure-portal]: https://portal.azure.com/ [service-fabric-cluster-security]: service-fabric-cluster-security.md [active-directory-howto-tenant]:../active-directory/develop/quickstart-create-new-tenant.md [service-fabric-visualizing-your-cluster]: service-fabric-visualizing-your-cluster.md |
| service-fabric | Service Fabric Cluster Creation Setup Azure Ad Via Portal | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/service-fabric/service-fabric-cluster-creation-setup-azure-ad-via-portal.md | After you set up Azure Active Directory applications and set roles for users, [c <!-- Links --> [azure-cli]: /cli/azure/get-started-with-azure-cli-[azure-portal]: https://portal.azure.com/ [service-fabric-cluster-security]: service-fabric-cluster-security.md [active-directory-howto-tenant]:../active-directory/develop/quickstart-create-new-tenant.md [service-fabric-visualizing-your-cluster]: service-fabric-visualizing-your-cluster.md |
| service-fabric | Service Fabric Cluster Creation Via Portal | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/service-fabric/service-fabric-cluster-creation-via-portal.md | Creating a production cluster to meet your application needs involves some plann ### Search for the Service Fabric cluster resource -Sign in to the [Azure portal][azure-portal]. +Sign in to the [Azure portal](https://portal.azure.com). Click **Create a resource** to add a new resource template. Search for the Service Fabric Cluster template in the **Marketplace** under **Everything**. Select **Service Fabric Cluster** from the list. At this point, you have a secure cluster using certificates for management authe <!-- Links --> [azure-powershell]: /powershell/azure/-[azure-portal]: https://portal.azure.com/ [key-vault-get-started]: ../key-vault/general/overview.md [create-cluster-arm]: service-fabric-cluster-creation-via-arm.md [service-fabric-cluster-security]: service-fabric-cluster-security.md |
| service-fabric | Service Fabric Host App In A Container | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/service-fabric/service-fabric-host-app-in-a-container.md | In the next part of the tutorial, learn how to [Deploy a container application w [link-servicefabric-create-secure-clusters]: service-fabric-cluster-creation-via-arm.md [link-visualstudio-cd-extension]: https://aka.ms/cd4vs [link-servicefabric-containers]: service-fabric-get-started-containers.md-[link-azure-portal]: https://portal.azure.com [link-sf-clustertemplate]: https://aka.ms/securepreviewonelineclustertemplate [link-azure-pricing-calculator]: https://azure.microsoft.com/pricing/calculator/ [link-azure-subscription]: https://azure.microsoft.com/free/ |
| service-fabric | Service Fabric Quickstart Containers | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/service-fabric/service-fabric-quickstart-containers.md | |
| site-recovery | Failover Failback Overview Modernized | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/site-recovery/failover-failback-overview-modernized.md | After failover to Azure, the replicated Azure VMs are in an unprotected state. - After machines are replicating from Azure to on-premises, you can run a failover from Azure to your on-premises site. - After machines are running on-premises again, you can enable replication so that they replicate to Azure for disaster recovery. - Only disks replicated from on-premises to Azure will be replicated back from Azure during re-protect operation. Newly added disks to failed over Azure VM will not be replicated to on-premises machine. +- An appliance can have up to 60 disks attached to it. If the VMs being failed back have more than a collective total of 60 disks, or if you're failing back large volumes of traffic, create a separate appliance for failback. **Planned failover works as follows**: |
| site-recovery | Site Recovery Failover To Azure Troubleshoot | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/site-recovery/site-recovery-failover-to-azure-troubleshoot.md | This is normally not a cause for concern and can usually be ignored for unplanne ## Unable to select the Datastore -This issue is indicated when you're unable to see the datastore in Azure the portal when trying to reprotect the virtual machine that has experienced a failover. This is because the Master target isn't recognized as a virtual machine under vCenters added to Azure Site Recovery. +This issue is indicated when you're unable to see the datastore in the Azure portal when trying to reprotect the virtual machine that has experienced a failover. This is because the Master target isn't recognized as a virtual machine under vCenters added to Azure Site Recovery. For more information about reprotecting a virtual machine, see [Reprotect and fail back machines to an on-premises site after failover to Azure](vmware-azure-reprotect.md). |
| spring-apps | Breaking Changes | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/spring-apps/breaking-changes.md | |
| spring-apps | Concept App Status | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/spring-apps/concept-app-status.md | |
| spring-apps | Concept Manage Monitor App Spring Boot Actuator | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/spring-apps/concept-manage-monitor-app-spring-boot-actuator.md | |
| spring-apps | Concept Metrics | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/spring-apps/concept-metrics.md | |
| spring-apps | Concept Outbound Type | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/spring-apps/concept-outbound-type.md | |
| spring-apps | Concept Security Controls | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/spring-apps/concept-security-controls.md | |
| spring-apps | Concept Zero Downtime Deployment | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/spring-apps/concept-zero-downtime-deployment.md | |
| spring-apps | Concepts Blue Green Deployment Strategies | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/spring-apps/concepts-blue-green-deployment-strategies.md | |
| spring-apps | Cost Management | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/spring-apps/cost-management.md | |
| spring-apps | Diagnostic Services | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/spring-apps/diagnostic-services.md | |
| spring-apps | How To Access App From Internet Virtual Network | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/spring-apps/how-to-access-app-from-internet-virtual-network.md | |
| spring-apps | How To Configure Palo Alto | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/spring-apps/how-to-configure-palo-alto.md | |
| spring-apps | How To Deploy Powershell | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/spring-apps/how-to-deploy-powershell.md | |
| spring-apps | How To Dump Jvm Options | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/spring-apps/how-to-dump-jvm-options.md | |
| spring-apps | How To Elastic Diagnostic Settings | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/spring-apps/how-to-elastic-diagnostic-settings.md | |
| spring-apps | How To Enterprise Deploy Polyglot Apps | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/spring-apps/how-to-enterprise-deploy-polyglot-apps.md | |
| spring-apps | How To Enterprise Marketplace Offer | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/spring-apps/how-to-enterprise-marketplace-offer.md | |
| spring-apps | How To Integrate Azure Load Balancers | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/spring-apps/how-to-integrate-azure-load-balancers.md | |
| spring-apps | How To Intellij Deploy Apps | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/spring-apps/how-to-intellij-deploy-apps.md | |
| spring-apps | How To Outbound Public Ip | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/spring-apps/how-to-outbound-public-ip.md | |
| spring-apps | How To Scale Manual | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/spring-apps/how-to-scale-manual.md | |
| spring-apps | How To Self Diagnose Running In Vnet | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/spring-apps/how-to-self-diagnose-running-in-vnet.md | |
| spring-apps | How To Self Diagnose Solve | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/spring-apps/how-to-self-diagnose-solve.md | |
| spring-apps | How To Set Up Sso With Azure Ad | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/spring-apps/how-to-set-up-sso-with-azure-ad.md | |
| spring-apps | How To Setup Autoscale | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/spring-apps/how-to-setup-autoscale.md | |
| spring-apps | How To Troubleshoot Enterprise Spring Cloud Gateway | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/spring-apps/how-to-troubleshoot-enterprise-spring-cloud-gateway.md | |
| spring-apps | How To Use Managed Identities | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/spring-apps/how-to-use-managed-identities.md | |
| spring-apps | How To Use Tls Certificate | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/spring-apps/how-to-use-tls-certificate.md | |
| spring-apps | Monitor App Lifecycle Events | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/spring-apps/monitor-app-lifecycle-events.md | |
| spring-apps | Monitor Apps By Application Live View | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/spring-apps/monitor-apps-by-application-live-view.md | |
| spring-apps | Policy Reference | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/spring-apps/policy-reference.md | |
| spring-apps | Quickstart Access Standard Consumption Within Virtual Network | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/spring-apps/quickstart-access-standard-consumption-within-virtual-network.md | |
| spring-apps | Quickstart Analyze Logs And Metrics Standard Consumption | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/spring-apps/quickstart-analyze-logs-and-metrics-standard-consumption.md | |
| spring-apps | Quickstart Automate Deployments Github Actions Enterprise | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/spring-apps/quickstart-automate-deployments-github-actions-enterprise.md | |
| spring-apps | Quickstart Deploy Infrastructure Vnet Azure Cli | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/spring-apps/quickstart-deploy-infrastructure-vnet-azure-cli.md | |
| spring-apps | Quickstart Deploy Infrastructure Vnet Bicep | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/spring-apps/quickstart-deploy-infrastructure-vnet-bicep.md | description: This quickstart shows you how to use Bicep to deploy an Azure Sprin -+ Last updated 05/31/2022 |
| spring-apps | Quickstart Deploy Infrastructure Vnet Terraform | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/spring-apps/quickstart-deploy-infrastructure-vnet-terraform.md | description: This quickstart shows you how to use Terraform to deploy an Azure S -+ Last updated 05/31/2022 |
| spring-apps | Quickstart Deploy Infrastructure Vnet | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/spring-apps/quickstart-deploy-infrastructure-vnet.md | |
| spring-apps | Quickstart Deploy Microservice Apps | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/spring-apps/quickstart-deploy-microservice-apps.md | |
| spring-apps | Quickstart Provision Service Instance | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/spring-apps/quickstart-provision-service-instance.md | |
| spring-apps | Quickstart Provision Standard Consumption App Environment With Virtual Network | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/spring-apps/quickstart-provision-standard-consumption-app-environment-with-virtual-network.md | |
| spring-apps | Quickstart Sample App Acme Fitness Store Introduction | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/spring-apps/quickstart-sample-app-acme-fitness-store-introduction.md | |
| spring-apps | Quickstart Setup Log Analytics | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/spring-apps/quickstart-setup-log-analytics.md | |
| spring-apps | Quickstart Standard Consumption Config Server | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/spring-apps/quickstart-standard-consumption-config-server.md | |
| spring-apps | Quickstart Standard Consumption Custom Domain | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/spring-apps/quickstart-standard-consumption-custom-domain.md | |
| spring-apps | Quickstart Standard Consumption Eureka Server | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/spring-apps/quickstart-standard-consumption-eureka-server.md | |
| spring-apps | Quotas | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/spring-apps/quotas.md | |
| spring-apps | Reference Architecture | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/spring-apps/reference-architecture.md | |
| spring-apps | Resources | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/spring-apps/resources.md | |
| spring-apps | Secure Communications End To End | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/spring-apps/secure-communications-end-to-end.md | |
| spring-apps | Security Controls Policy | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/spring-apps/security-controls-policy.md | |
| spring-apps | Standard Consumption Customer Responsibilities | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/spring-apps/standard-consumption-customer-responsibilities.md | |
| spring-apps | Troubleshoot Build Exit Code | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/spring-apps/troubleshoot-build-exit-code.md | |
| spring-apps | Troubleshoot Exit Code | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/spring-apps/troubleshoot-exit-code.md | |
| spring-apps | Troubleshooting Vnet | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/spring-apps/troubleshooting-vnet.md | |
| spring-apps | Tutorial Alerts Action Groups | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/spring-apps/tutorial-alerts-action-groups.md | |
| spring-apps | Vmware Tanzu Components | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/spring-apps/vmware-tanzu-components.md | |
| spring-apps | Vnet Customer Responsibilities | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/spring-apps/vnet-customer-responsibilities.md | |
| spring-apps | Whats New | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/spring-apps/whats-new.md | |
| storage | Sas Service Create Java Container | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/storage/blobs/sas-service-create-java-container.md | To learn more about using the Azure Blob Storage client library for Java, see th ### See also - [Grant limited access to Azure Storage resources using shared access signatures (SAS)](../common/storage-sas-overview.md)-- [Create a service SAS](/rest/api/storageservices/create-service-sas)+- [Create a service SAS](/rest/api/storageservices/create-service-sas) |
| storage | Sas Service Create Java | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/storage/blobs/sas-service-create-java.md | |
| storage | Storage Blob Container User Delegation Sas Create Java | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/storage/blobs/storage-blob-container-user-delegation-sas-create-java.md | Last updated 06/12/2023 ms.devlang: java-+ # Create a user delegation SAS for a container with Java |
| storage | Storage Blob Dotnet Get Started | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/storage/blobs/storage-blob-dotnet-get-started.md | To learn more about generating and managing SAS tokens, see the following articl - [Create a service SAS for a blob with .NET](sas-service-create-dotnet.md) - [Create a user delegation SAS for a container with .NET](storage-blob-container-user-delegation-sas-create-dotnet.md) - [Create a user delegation SAS for a blob with .NET](storage-blob-user-delegation-sas-create-dotnet.md)-- + ## [Account key](#tab/account-key) Create a [StorageSharedKeyCredential](/dotnet/api/azure.storage.storagesharedkeycredential) by using the storage account name and account key. Then use that object to initialize a [BlobServiceClient](/dotnet/api/azure.storage.blobs.blobserviceclient). |
| storage | Storage Blob User Delegation Sas Create Java | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/storage/blobs/storage-blob-user-delegation-sas-create-java.md | Last updated 06/12/2023 ms.devlang: java-+ # Create a user delegation SAS for a blob with Java |
| storage | Upgrade To Data Lake Storage Gen2 How To | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/storage/blobs/upgrade-to-data-lake-storage-gen2-how-to.md | The following features are supported for Data Lake Storage Gen2 accounts, but ar - Blob snapshots - Encryption scopes - Immutable storage+- Last access time tracking for lifecycle management - Soft delete for blobs - Soft delete for containers |
| storage | Storage Account Sas Create Java | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/storage/common/storage-account-sas-create-java.md | |
| storage | File Sync Share To Share Migration | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/storage/file-sync/file-sync-share-to-share-migration.md | + + Title: Migrate files from one SMB Azure file share to another when using Azure File Sync +description: Learn how to migrate files from one SMB Azure file share to another when using Azure File Sync, even if the file shares are in different storage accounts. ++ Last updated : 07/11/2023+++++# Migrate files from one Azure file share to another when using Azure File Sync ++This article describes how to migrate files from one SMB Azure file share to another when using Azure File Sync, even if the file shares are in different storage accounts. This process is different depending on whether you have cloud tiering enabled or not. ++You can check the status of cloud tiering from the Azure portal under server endpoint properties. If cloud tiering is off, see [Migrate files when cloud tiering is off](#migrate-files-when-cloud-tiering-is-off). If cloud tiering is on, see [Migrate files when cloud tiering is on](#migrate-files-when-cloud-tiering-is-on). ++## Migrate files when cloud tiering is off ++If you're not using cloud tiering, then all your data is local on your Azure File Sync server, and you can use Azure File Sync to upload the data to another share. ++The following instructions assume you have one Azure File Sync server in your sync group. If you have more than one Azure File Sync server connected to the existing share, you should [removing all the other server endpoints](file-sync-server-endpoint-delete.md) first. Perform the full migration on one endpoint, and then reconnect the other server endpoints to the new sync group. ++1. Make sure that cloud tiering is off on the server endpoint. You can check and change the status from the Azure portal under server endpoint properties. ++1. If you've tiered a small amount of data to the cloud (<1 TiB), run the `Invoke-StorageSyncFileRecall` cmdlet with retries to sync the tiered files back down (see [How to manage tiered files](file-sync-how-to-manage-tiered-files.md)). Because there could be an active cloud tiering session when you first run this cmdlet, it's a good idea to run it twice to ensure that all files are fully recalled and local on the server before you continue. ++1. [Create a new SMB Azure file share](../files/storage-how-to-create-file-share.md) as the target. ++1. [Create a new sync group](file-sync-deployment-guide.md#create-a-sync-group-and-a-cloud-endpoint) and associate the cloud endpoint to the Azure file share you created. The sync group must be in a storage sync service in the same region as the new target Azure file share. ++Now you have two options: You can either sync your data to the new Azure file share [using the same local file server](#connect-to-the-new-azure-file-share-using-the-same-local-file-server) (recommended), or [move to a new Azure File Sync server](#move-to-a-new-azure-file-sync-server). ++### Connect to the new Azure file share using the same local file server ++If you plan to use the same local file server, follow these instructions. ++1. [Remove the existing sever endpoint](file-sync-server-endpoint-delete.md). This will keep all the data, but will remove the association with the existing sync group and existing file share. ++1. If the new sync group isn't in the same storage sync service, you'll need to [unregister the server](file-sync-server-registration.md#registerunregister-a-server-with-storage-sync-service) from that storage sync service and register it with the new service. Keep in mind that a server can only be registered with one storage sync service. ++1. [Create a new server endpoint](file-sync-server-endpoint-create.md#create-a-server-endpoint) in the sync group you created and connect it to the same local data. +++### Move to a new Azure File Sync server ++If you want to move to a new local file server, you can use [Storage Migration Service](/windows-server/storage/storage-migration-service/overview) (SMS) to: ++- Copy over all your share-level permissions +- Make several passes to catch up with changes that happened during migration +- Orchestrate the cutover to the new server ++All you need to do is set up a new on-premises file server, and then connect the new server to Azure File Sync and the new cloud endpoint. Then use SMS to migrate from the source server to the target server. ++Optionally, you can manually copy the source share to another share on the existing file server. ++## Migrate files when cloud tiering is on ++If you're using the cloud tiering feature of Azure File Sync, we recommend copying the data from within Azure to prevent unnecessary cloud recalls through the source. The process will differ slightly depending on whether you're migrating within the same region or across regions. ++An Azure File Sync registered server can only join one storage sync service, and the storage sync service must be in the same region as the share. Therefore, if you're moving between regions, you'll need to migrate to a new Azure File Sync server connected to the target share. If you're moving within the same region, you can use the existing AFS server. ++### Migrate within the same region ++Follow these instructions if cloud tiering is on and you're migrating within the same region. You can use your existing Azure File Sync server (see diagram), or optionally create a new server if you're concerned about impacting the existing share. +++1. Deploy a Windows VM in the same Azure region as the source share. To ensure good performance we recommend a multi-core VM type with at least 56 GiB of memory and premium storage, such as **standard_DS5_v2**. ++1. Create a new target sync group in the same storage sync service. Don't connect your local Azure File Sync server to the new sync group yet. ++1. In your Azure IaaS VM, use different disks for source and target. Use one small disk for your source data connected to the existing sync group and one larger disk that can hold your entire data set. ++1. Connect Azure File Sync to the original sync group. Enable cloud tiering on this server endpoint, because you'll pull data out of it as your source. ++1. Set up the target file share as the cloud endpoint of the new sync group. Connect the VM as a server endpoint for the target share, and set the on-premises path to T:\target. ++You can now start the [initial copy](#initial-copy). ++### Migrate across regions ++Follow these instructions if cloud tiering is on and you're migrating to a file share in another Azure region. To migrate across regions, you need to migrate to a new Azure File Sync server connected to the target share (see diagram). +++1. Create a new storage sync service in the target region and a new sync group attached to your target share. The sync group must be in the same region as the file share and sync service. ++1. Create a new on-premises Azure File Sync file server. Don't connect your new target server to the sync group yet. ++1. Deploy a source Azure File Sync VM with a small disk for your source data. Connect Azure File Sync to the existing sync group. Enable cloud tiering on this server endpoint, because you'll pull data out of it as your source. ++1. In the same region, deploy a target Azure File Sync VM. Use one larger disk that can hold your entire data set. Mount a drive to the source share on the source Azure File Sync VM. ++1. Set up the target file share as the cloud endpoint of the new sync group. Connect the VM as a server endpoint for the target share, and set the on-premises path to T:\target. ++You can now start the [initial copy](#initial-copy). ++## Initial copy ++Use Robocopy, a tool that's built into Windows, to copy the files from source to target. ++1. Run this command at the Windows command prompt: + + ```console + robocopy <source> <target> /mir /copyall /mt:16 /DCOPY:DAT + ``` + + If your source share was mounted as s:\ and target was t:\ then the command looks like this: + + ```console + robocopy s:\ t:\ /mir /copyall /mt:16 /DCOPY:DAT + ``` ++1. Connect the on-premises Azure File Sync server to the new sync group so the namespace metadata can sync. Be sure to use the same root folder name as the existing share. For example, if your current cache location is D:\cache, use T:\cache for the new server endpoint. If you're using the existing Azure File Sync server (for migrations within the same region), place the local cache on a separate volume from the existing endpoint. Using the same volume is okay as long as the directory isn't the same directory or a sub-directory of the server endpoint that's connected to the source share. Enable cloud tiering on this endpoint so that none of the data will automatically download to the on-premises server. ++1. Wait for the initial Robocopy run to complete successfully and for the sync from source to target to complete. We recommend waiting for one additional hour to make sure all remaining changes are synced to Azure. To check that all changes have been synced to the cloud, see [How do I monitor the progress of a current sync session?](/troubleshoot/azure/azure-storage/file-sync-troubleshoot-sync-errors?tabs=portal1%2Cazure-portal#how-do-i-monitor-the-progress-of-a-current-sync-session) ++## Connect the on-premises server to the new sync group ++Configure your new target with a high free space policy at first, because you'll be copying in the latest changes and need to ensure that you have enough room. ++Once the server is connected to the sync group, allow some time for it to sync the namespace data. ++## Sync final changes ++Before syncing the final changes, turn off SMB sharing for the existing share or at least make it read-only. After turning off SMB sharing, wait one hour to make sure all remaining changes are synced to Azure. ++If you have connectivity between the source file share and the target, you can Robocopy recent changes over to the target: ++```console +robocopy s:\ t:\ /mir /copyall /mt:16 /DCOPY:DAT /XD S:\$RECYCLE.BIN /XD "S:\System Volume Information" +``` ++If you can't copy the latest changes directly to the new file share, run the Robocopy mirror command again on the IaaS VM. This will sync over all the changes that happened since the initial run, skipping anything that's already copied over. ++```console +robocopy s:\ t:\target /mir /copyall /mt:16 /DCOPY:DAT +``` ++Once your IaaS VM sync completes, the local target agent will also be up to date. ++## Enable sharing on the new server endpoint ++If you're migrating to a new Azure File Sync server, you should rename the old server to a random name, then rename the new server to the same name as the old server. This way, the file share URL will be the same for your end users. ++Enable the new share T:\cache. All the same file ACLs will be there. You'll need to recreate any share-level permissions that existed on the old share. ++## Remove the old server endpoint and sync group ++Once you've confirmed everything is working correctly with the new sync group, you can deprovision the old sync group. [Remove the server endpoints](file-sync-server-endpoint-delete.md) first. You don't need to recall all the data to the old server before removing the server endpoint. ++## See also ++- [Migrate to Azure file shares using RoboCopy](../files/storage-files-migration-robocopy.md) +- [Troubleshoot Azure File Sync](/troubleshoot/azure/azure-storage/file-sync-troubleshoot) |
| storage | Files Smb Protocol | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/storage/files/files-smb-protocol.md | |
| storage | Migrate Files Between Shares | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/storage/files/migrate-files-between-shares.md | + + Title: Migrate files between SMB Azure file shares +description: Learn how to migrate files from one SMB Azure file share to another using common migration tools. ++ Last updated : 07/11/2023+++++# Migrate files between SMB Azure file shares ++This article describes how to migrate files from one SMB Azure file share to another. One common reason to do this is if you need to migrate from a standard file share to a premium file share to get increased performance for your application workload. ++> [!WARNING] +> If you're using Azure File Sync, the migration process is different than described in this article. Instead, see [Migrate files from one Azure file share to another when using Azure File Sync](../file-sync/file-sync-share-to-share-migration.md). ++## Applies to +| File share type | SMB | NFS | +|-|:-:|:-:| +| Standard file shares (GPv2), LRS/ZRS |  |  | +| Standard file shares (GPv2), GRS/GZRS |  |  | +| Premium file shares (FileStorage), LRS/ZRS |  |  | ++## Migrate using Robocopy ++Follow these steps to migrate using Robocopy, a command-line file copy utility that's built into Windows. ++1. Deploy a Windows virtual machine (VM) in Azure in the same region as your source file share. Keeping the data and networking in Azure will be fast and avoid outbound data transfer charges. For optimal performance, we recommend a multi-core VM type with at least 56 GiB of memory, for example **Standard_DS5_v2**. ++1. Mount both the source and target file shares to the VM. Mount them using the storage account key to make sure the VM has access to all the files. ++1. Run this command at the Windows command prompt: + + ```console + robocopy <source> <target> /mir /copyall /mt:16 /DCOPY:DAT + ``` + + If your source share was mounted as s:\ and target was t:\ the command looks like this: + + ```console + robocopy s:\ t:\ /mir /copyall /mt:16 /DCOPY:DAT + ``` + + You can run the command while your source is still online, but be aware that any I/O will work against the throttle limits on your existing share. ++1. After the initial run completes, disconnect your application from the existing share and run the same robocopy command again. This will copy over all the changes that happened since the initial run, skipping any file data that has already copied over. ++1. After the command completes for the second time, you can redirect your application to the new share. +++## See also ++- [Migrate to Azure file shares using RoboCopy](storage-files-migration-robocopy.md) +- [Migrate files from one Azure file share to another when using Azure File Sync](../file-sync/file-sync-share-to-share-migration.md) |
| storage | Storage Files Active Directory Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/storage/files/storage-files-active-directory-overview.md | description: Azure Files supports identity-based authentication over SMB (Server Previously updated : 06/26/2023 Last updated : 07/18/2023 Azure Files supports identity-based authentication over SMB through the followin ## Restrictions - None of the authentication methods support assigning share-level permissions to computer accounts (machine accounts) using Azure RBAC, because computer accounts can't be synced to an identity in Azure AD. If you want to allow a computer account to access Azure file shares using identity-based authentication, [use a default share-level permission](storage-files-identity-ad-ds-assign-permissions.md#share-level-permissions-for-all-authenticated-identities) or consider using a service logon account instead.-- Neither on-premises AD DS authentication nor Azure AD DS authentication is supported against Azure AD-joined devices or Azure AD-registered devices. - Identity-based authentication isn't supported with Network File System (NFS) shares. ## Common use cases |
| storsimple | Storsimple Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/storsimple/storsimple-overview.md | ms.assetid: 7144d218-db21-4495-88fb-e3b24bbe45d1 NA-+ Last updated 07/10/2023 |
| stream-analytics | App Insights Export Sql Stream Analytics | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/stream-analytics/app-insights-export-sql-stream-analytics.md | To get started: ## Create storage in Azure Continuous export always outputs data to an Azure Storage account, so you need to create the storage first. -1. Create a storage account in your subscription in the [Azure portal][portal]. +1. Create a storage account in your subscription in the [Azure portal](https://portal.azure.com).  2. Create a container Continuous export always outputs data to an Azure Storage account, so you need t The events are written to blob files in JSON format. Each file may contain one or more events. So we'd like to read the event data and filter out the fields we want. There are all kinds of things we could do with the data, but our plan today is to use Stream Analytics to move the data to SQL Database. That will make it easy to run lots of interesting queries. ## Create an Azure SQL Database-Once again starting from your subscription in [Azure portal][portal], create the database (and a new server, unless you've already got one) to which you'll write the data. +Once again starting from your subscription in [Azure portal](https://portal.azure.com), create the database (and a new server, unless you've already got one) to which you'll write the data.  FROM [dbo].[PageViewsTable] [diagnostic]: ../azure-monitor/app/diagnostic-search.md [export]: /previous-versions/azure/azure-monitor/app/export-telemetry [metrics]: ../azure-monitor/essentials/metrics-charts.md-[portal]: https://portal.azure.com/ [start]: ../azure-monitor/app/app-insights-overview.md- |
| time-series-insights | Time Series Insights Customer Data Requests | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/time-series-insights/time-series-insights-customer-data-requests.md | Azure Time Series Insights is a managed cloud service with storage, analytics, a [!INCLUDE [gdpr-intro-sentence](../../includes/gdpr-intro-sentence.md)] -To view, export, and delete personal data that may be subject to a data subject request, an Azure Time Series Insights tenant administrator can use either the Azure portal or the REST APIs. Using the Azure portal to service data subject requests, provides a less complex method to perform these operations that most users prefer. +To view, export, and delete personal data that may be subject to a data subject request, an Azure Time Series Insights tenant administrator can use either the Azure portal or the REST APIs. Using the Azure portal to service data subject requests, provides a less complex method to perform these operations that most users prefer. ## Identifying customer data |
| update-center | Scheduled Patching | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/update-center/scheduled-patching.md | To view the current compliance state of your existing resources: ## Check your scheduled patching run You can check the deployment status and history of your maintenance configuration runs from the Update management center portal. Follow [Update deployment history by maintenance run ID](./manage-multiple-machines.md#update-deployment-history-by-maintenance-run-id). --## Limitations and known issues --The known issues and limitations of scheduled patching are: --1. For concurrent/conflicting schedule, only one schedule will be triggered. The other schedule will be triggered once a schedule is finished. -1. If a machine is newly created, the schedule might have 15 minutes of schedule trigger delay in case of Azure VMs. - ## Next steps * To view update assessment and deployment logs generated by update management center (preview), see [query logs](query-logs.md). |
| update-center | Troubleshoot | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/update-center/troubleshoot.md | -This article describes the errors that might occur when you deploy or use update management center (preview) and how to resolve them. +This article describes the errors that might occur when you deploy or use update management center (preview), how to resolve them and the known issues and limitations of scheduled patching. + ## General troubleshooting To review the logs related to all actions performed by the extension, on Windows * `cmd_execution_<numeric>_stdout.txt`: There is a wrapper above the patch action, which is used to manage the extension and invoke specific patch operation. This log contains details about the wrapper. For Auto-Patching, the log has details on whether the specific patch operation was invoked. * `cmd_excution_<numeric>_stderr.txt` -## Known issues +## Known issues in schedule patching ++- For concurrent/conflicting schedule, only one schedule will be triggered. The other schedule will be triggered once a schedule is finished. +- If a machine is newly created, the schedule might have 15 minutes of schedule trigger delay in case of Azure VMs. +- Policy definition *[Preview]: Schedule recurring updates using Update Management Center* with version 1.0.0-preview successfully remediates resources however, it will always show them as non-compliant. The current value of the existence condition is a placeholder that will always evaluate to false. ### Scenario: Unable to apply patches for the shutdown machines More details can be found by reviewing the logs in the file path provided in the Setting a longer time range for maximum duration when triggering an [on-demand update deployment](deploy-updates.md) helps avoid the problem. +++ ## Next steps * To learn more about Azure Update management center (preview), see the [Overview](overview.md). |
| virtual-desktop | Azure Stack Hci | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/virtual-desktop/azure-stack-hci.md | Last updated 06/12/2023 -+ # Set up Azure Virtual Desktop for Azure Stack HCI (preview) |
| virtual-machines | Disks Convert Types | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/virtual-machines/disks-convert-types.md | Title: Convert managed disks storage between different disk types description: How to convert Azure managed disks between the different disks types by using Azure PowerShell, Azure CLI, or the Azure portal. + Last updated 06/21/2023 The following steps assume you already have a snapshot. To learn how to create o ## Next steps -Make a read-only copy of a VM by using a [snapshot](snapshot-copy-managed-disk.md). +Make a read-only copy of a VM by using a [snapshot](snapshot-copy-managed-disk.md). |
| virtual-machines | Hpccompute Gpu Linux | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/virtual-machines/extensions/hpccompute-gpu-linux.md | -Instructions on manual installation of the drivers and the current supported versions are available. For more information, see [Azure N-series GPU driver setup for Linux](../linux/n-series-driver-setup.md). +Instructions on manual installation of the drivers and the current supported versions are available. For more information including secure boot enabled setting, see [Azure N-series GPU driver setup for Linux](../linux/n-series-driver-setup.md). An extension is also available to install NVIDIA GPU drivers on [Windows N-series VMs](hpccompute-gpu-windows.md). +> [!NOTE] +> With Secure Boot enabled, all OS boot components (boot loader, kernel, kernel drivers) must be signed by trusted publishers (key trusted by the system). Both Windows and select Linux distributions support Secure Boot. + ## Prerequisites ### Operating system This extension supports the following OS distros, depending on driver support fo | Distribution | Version | |||-| Linux: Ubuntu | 18.04 LTS, 20.04 LTS | -| Linux: Red Hat Enterprise Linux | 7.3, 7.4, 7.5, 7.6, 7.7, 7.8 | -| Linux: CentOS | 7.3, 7.4, 7.5, 7.6, 7.7, 7.8 | +| Linux: Ubuntu | 20.04 LTS, 22.04 LTS | +| Linux: Red Hat Enterprise Linux | 7.9, 8.8, 9.2 | +| Linux: CentOS | 7 | > [!NOTE] > The latest supported CUDA drivers for NC-series VMs are currently 470.82.01. Later driver versions aren't supported on the K80 cards in NC. While the extension is being updated with this end of support for NC, install CUDA drivers manually for K80 cards on the NC-series. |
| virtual-machines | Network Watcher Update | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/virtual-machines/extensions/network-watcher-update.md | To update your extension, you need to know your extension version. You can check your extension version by using the Azure portal, the Azure CLI, or PowerShell. -#### Use the Azure portal +#### Use the Azure portal 1. Go to the **Extensions** pane of your VM in the Azure portal. 1. Select the **AzureNetworkWatcher** extension to see the details pane. If you have auto-upgrade set to true for the Network Watcher extension, reboot y ## Support -If you need more help at any point in this article, see the Network Watcher extension documentation for [Linux](./network-watcher-linux.md) or [Windows](./network-watcher-windows.md). You can also contact the Azure experts on the [MSDN Azure and Stack Overflow forums](https://azure.microsoft.com/support/forums/). Alternatively, file an Azure support incident. Go to the [Azure support site](https://azure.microsoft.com/support/options/), and select **Get support**. For information about using Azure Support, read the [Microsoft Azure support FAQ](https://azure.microsoft.com/support/faq/). +If you need more help at any point in this article, see the Network Watcher extension documentation for [Linux](./network-watcher-linux.md) or [Windows](./network-watcher-windows.md). You can also contact the Azure experts on the [MSDN Azure and Stack Overflow forums](https://azure.microsoft.com/support/forums/). Alternatively, file an Azure support incident. Go to the [Azure support site](https://azure.microsoft.com/support/options/), and select **Get support**. For information about using Azure Support, read the [Microsoft Azure support FAQ](https://azure.microsoft.com/support/faq/). |
| virtual-machines | Network Watcher Windows | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/virtual-machines/extensions/network-watcher-windows.md | |
| virtual-machines | Tenable | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/virtual-machines/extensions/tenable.md | + + Title: Tenable One-Click Nessus Extension for Azure VMs +description: Deploy the Tenable One-Click Nessus Agent to a virtual machine using the Tenable One-Click Nessus VM Extension. +++++ Last updated : 07/18/2023++# Tenable One-Click Nessus Agent ++Tenable now supports a One-Click deployment of Nessus Agents via Microsoft's Azure portal. This solution provides an easy way to install the latest version of Nessus Agent on Azure virtual machines (VM) (whether Linux or Windows) by either clicking on an icon within the Azure portal or by writing a few lines of PowerShell script. ++## Prerequisites ++* A Tenable Vulnerability Management (Tenable.io), or Nessus Manager, account. ++* A Microsoft Azure account with one (or more) Windows or Linux VMs. ++### Supported Platforms ++Azure VM running any of the following: ++* CentOS 7 (x86_64) ++* Debian 11 (x86_64) ++* Oracle Linux 7 and 8 (x86_64) ++* Red Hat ES 7, 8 and 9 (x86_64) ++* Rocky Linux 9 (x86_64) ++* Ubuntu 18.04, 20.04 and 22.04 (x86_64) ++* Red Hat ES 8 and 9 (ARM64) ++* Windows 10 and 11 (x86_64) ++* Windows Server 2012 and 2012 R2 (x86_64) ++* Windows Server 2016, 2019 and 2022 (x86_64) ++## Deploy with the Tenable User Interface (UI) ++1. Select one of your VMs. ++2. In the left column click **Extensions + applications**. ++3. Click **+ Add**. ++4. In the gallery, scroll down to **N** (for Nessus Agent) or type **nessus** in the search bar. ++5. Select the **Nessus Agent** tile and click **Next**. ++6. Enter configuration parameters in the Tenable user interface. ++7. Click **Review + create**. +++## Deploy From Command-line ++There is also a command-line interface available through PowerShell. ++For example, you can type: ++```PS> $publisherName="Tenable.NessusAgent" +PS> $typeName="Linux" (or $typeName="Windows") +PS> $name = $publisherName + "." + $typeName +PS> $version="1.0" +PS> $Settings = @{"nessusManagerApp" = "IO"; "nessusAgentName" = "NA_name1"; "nessusAgentGroup" = "GROUP1"} +PS> $ProtectedSettings = @{"nessusLinkingKey" = "abcd1234vxyz5678abcd1234vxyz5678abcd1234vxyz5678abcd1234vxyz5678"} +PS> Set-AzVMExtension -ResourceGroupName "EXAMPLE-resource-group" -Location "East US 2" -VMName "canary-example" -Name $name -Publisher $publisherName -ExtensionType $typeName -TypeHandlerVersion $version -Settings $Settings -ProtectedSettings $ProtectedSettings +``` ++Lines 1-4 identify the One-Click agent extension. ++Lines 5-6 in the PowerShell example are equivalent to Step 6 in the UI procedure. This is where the user enters their configuration parameters for their Nessus Agent install. +++### Nessus Linking Key ++The most important field is the Nessus Linking Key (**nessusLinkingKey**, required). It is always required. This document explains where to find it: [Retrieve the Tenable Nessus Agent Linking Key (Tenable Nessus Agent 10.4)](https://docs.tenable.com/nessusagent/Content/RetrieveLinkingKey.htm). In the PowerShell interface, specify nessusLinkingKey under `-ProtectedSettings` so that it will be encrypted by Azure. All other fields are passed unencrypted through -Settings. ++You can choose whether to link with Nessus Manager or Tenable.io. In the command-line interface, this is done by setting `nessusManagerApp` (**nessusManagerApp**, required) to `cloud`, or to `local`. Those are the only two choices. ++If you choose Nessus Manager, you must provide the Nessus Manager host (**nessusManagerHost**) and port number (**nessusManagerPort**). The extension accepts an IP address or fully qualified domain name. ++If you choose Tenable.io, then there is an optional field called **tenableIoNetwork**. ++The Agent Name (**nessusAgentName**, optional) and Agent Group (**nessusAgentGroup**, optional) (actually ΓÇ£groupsΓÇ¥, a comma-delimited list of group names) are always optional. ++Parameter names: ++```"nessusLinkingKey" + "nessusManagerApp" + "nessusManagerHost" + "nessusManagerPort" + "tenableIoNetwork" + "nessusAgentName" + "nessusAgentGroup" +``` +Parameter descriptions: ++"nessusLinkingKey" is called "--key" in this doc ++"nessusManagerApp" is unique to our VM extension ++"nessusManagerHost" equals "--host" ++"nessusManagerPort" equals "--port" ++"tenableIoNetwork" is "--network" ++"nessusAgentName" is "--name" ++"nessusAgentGroup" is "--groups" ++For more definitions of these parameters, see [Nessuscli Agent](https://docs.tenable.com/nessus/Content/NessusCLIAgent.htm). +++### Support ++If you need more help at any point in this article, you can contact the Azure experts on the MSDN Azure and Stack Overflow forums. Alternatively, you can file an Azure support incident. Go to the Azure support site and select Get support. For information about using Azure Support, read the Microsoft Azure support FAQ. If you experience issues with the extension, contact Tenable support. |
| virtual-machines | Image Builder Triggers How To | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/virtual-machines/image-builder-triggers-how-to.md | |
| virtual-machines | Time Sync | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/virtual-machines/linux/time-sync.md | ntp: ## template:jinja driftfile /var/lib/chrony/chrony.drift logdir /var/log/chrony- maxupdateskey 100.0 + maxupdateskew 100.0 refclock PHC /dev/ptp_hyperv poll 3 dpoll -2 makestep 1.0 -1 ``` |
| virtual-machines | Reliability Virtual Machines | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/virtual-machines/reliability-virtual-machines.md | For an architectural overview of reliability in Azure, see [Azure reliability](/ ||:::image type="icon" source="../reliability/media/icon-recommendation-high.svg"::: |[VM-2: Deploy VMs across availability zones or use VMSS Flex with zones](#-vm-2-deploy-vms-across-availability-zones-or-use-vmss-flex-with-zones) | ||:::image type="icon" source="../reliability/media/icon-recommendation-high.svg":::|[VM-3: Migrate VMs using availability sets to VMSS Flex](#-vm-3-migrate-vms-using-availability-sets-to-vmss-flex) | ||:::image type="icon" source="../reliability/media/icon-recommendation-high.svg"::: |[VM-5: Use managed disks for VM disks](#-vm-5-use-managed-disks-for-vm-disks)|-|[**Disaster Recovery**](#disaster-recovery)| :::image type="icon" source="../reliability/media/icon-recommendation-medium.svg"::: |[VM-4: If Availability Set is required, then put each application tier into a separate Availability Set](#-vm-4-replicate-vms-using-azure-site-recovery) | +|[**Disaster Recovery**](#disaster-recovery)| :::image type="icon" source="../reliability/media/icon-recommendation-medium.svg"::: |[ VM-4: Replicate VMs using Azure Site Recovery](#-vm-4-replicate-vms-using-azure-site-recovery) | ||:::image type="icon" source="../reliability/media/icon-recommendation-medium.svg"::: |[VM-7: Backup data on your VMs with Azure Backup service](#-vm-7-backup-data-on-your-vms-with-azure-backup-service) | |[**Performance**](#performance) |:::image type="icon" source="../reliability/media/icon-recommendation-low.svg"::: | [VM-6: Host application and database data on a data disk](#-vm-6-host-application-and-database-data-on-a-data-disk)| ||:::image type="icon" source="../reliability/media/icon-recommendation-high.svg"::: | [VM-8: Production VMs should be using SSD disks](#-vm-8-production-vms-should-be-using-ssd-disks)| |
| virtual-network-manager | Concept Connectivity Configuration | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/virtual-network-manager/concept-connectivity-configuration.md | A mesh network is a topology in which all the virtual networks in the [network g :::image type="content" source="./media/concept-configuration-types/mesh-topology.png" alt-text="Diagram of a mesh network topology."::: -### <a name="connectedgroup"></a> Connected group +### Connected group When you create a mesh topology, a new connectivity construct is created called *Connected group*. Virtual networks in a connected group can communicate to each other just like if you were to connect virtual networks together manually. When you look at the effective routes for a network interface, you'll see a next hop type of **ConnectedGroup**. Virtual networks connected together in a connected group don't have a peering configuration listed under *Peerings* for the virtual network. In this configuration, you have settings you can enable such as *direct connecti ### Direct connectivity -Enabling *Direct connectivity* creates an overlay of a [*connected group*](#connectedgroup) on top of your hub and spoke topology, which contains spoke virtual networks of a given group. Direct connectivity allows a spoke VNet to talk directly to other VNets in its spoke group, but not to VNets in other spokes. +Enabling *Direct connectivity* creates an overlay of a [*connected group*](#connected-group) on top of your hub and spoke topology, which contains spoke virtual networks of a given group. Direct connectivity allows a spoke VNet to talk directly to other VNets in its spoke group, but not to VNets in other spokes. For example, you create two network groups. You enable direct connectivity for the *Production* network group but not for the *Test* network group. This set up only allows virtual networks in the *Production* network group to communicate with one another but not the ones in the *Test* network group. Enabling direct connectivity between spokes virtual networks can be helpful when #### Global mesh -Like mesh, these spoke connected groups can be configured as regional or global. Global mesh is required when you want your spoke virtual networks to communicate with each other across regions. This connectivity is limited to virtual network in the same network group. To enable connectivity for virtual networks across regions, you need to **Enable mesh connectivity across regions** for the network group. Connections created between spokes virtual networks are in a [*Connected group*](#connectedgroup). +Like mesh, these spoke connected groups can be configured as regional or global. Global mesh is required when you want your spoke virtual networks to communicate with each other across regions. This connectivity is limited to virtual network in the same network group. To enable connectivity for virtual networks across regions, you need to **Enable mesh connectivity across regions** for the network group. Connections created between spokes virtual networks are in a [*Connected group*](#connected-group). #### Use hub as a gateway |
| virtual-network-manager | Concept Limitations | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/virtual-network-manager/concept-limitations.md | + + Title: 'Limitations with Azure Virtual Network Manager' +description: Learn about current limitations when using Azure Virtual Network Manager to manage virtual networks. ++++ Last updated : 07/18/2023++#CustomerIntent: As a network administration, I want undertand the limitations in Azure Virtual Network Manager so that I can properly deploy a virtual manager in my environment. +++# Limitations with Azure Virtual Network Manager ++This article provides an overview of the current limitations when using [Azure Virtual Network Manager](overview.md) to manage virtual networks. As a network administrator, it's important to understand these limitations in order to properly deploy an Azure Virtual Network Manager features in your environment. The article covers various limitations related to Azure Virtual Network Manager, including the maximum number of virtual networks, overlapping IP spaces, and policy compliance evaluation cycle. ++> [!IMPORTANT] +> Azure Virtual Network Manager is generally available for Virtual Network Manager and hub and spoke connectivity configurations. +> +> Mesh connectivity configurations and security admin rules remain in public preview. +> This preview version is provided without a service level agreement, and it's not recommended for production workloads. Certain features might not be supported or might have constrained capabilities. +> For more information, see [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/). ++## General limitations ++* [Cross-tenant support](concept-cross-tenant.md) is only available when virtual networks are assigned to network groups with static membership. ++* Customers with more than 15,000 Azure subscriptions can apply Azure Virtual Network Policy only at the [subscription and resource group scopes](concept-network-manager-scope.md). Management groups can't be applied over the 15 k subscription limit. + * If this is your scenario, you would need to create assignments at lower level management group scope that have less than 15,000 subscriptions. ++* Virtual networks can't be added to a network group when the Azure Virtual Network Manager custom policy `enforcementMode` element is set to `Disabled`. ++* Azure Virtual Network Manager policies don't support the standard policy compliance evaluation cycle. For more information, see [Evaluation triggers](../governance/policy/how-to/get-compliance-data.md#evaluation-triggers). ++## Connected group limitations ++* A connected group can have up to 250 virtual networks. Virtual networks in a [mesh topology](concept-connectivity-configuration.md#mesh-network-topology) are in a [connected group](concept-connectivity-configuration.md#connected-group), therefore a mesh configuration has a limit of 250 virtual networks. +* The current preview of connected group has a limitation where traffic from a connected group can't communicate with a private endpoint in this connected group if it has a network security group enabled on it. However, this limitation will be removed once the feature is generally available. +* You can have network groups with or without [direct connectivity](concept-connectivity-configuration.md#direct-connectivity) enabled in the same [hub-and-spoke configuration](concept-connectivity-configuration.md#hub-and-spoke-topology), as long as the total number of virtual networks peered to the hub **doesn't exceed 500** virtual networks. + * If the network group peered with the hub **has direct connectivity enabled**, these virtual networks are in a *connected group*, therefore the network group has a limit of **250** virtual networks. + * If the network group peered with the hub **doesn't have direct connectivity enabled**, the network group can have up to the total limit for a hub-and-spoke topology. +* A virtual network can be part of up to two connected groups. For example, a virtual network: ++ - Can be part of two mesh configurations. + - Can be part of a mesh topology and a network group that has direct connectivity enabled in a hub-and-spoke topology. + - Can be part of two network groups with direct connectivity enabled in the same or different hub-and-spoke configuration. ++* You can have virtual networks with overlapping IP spaces in the same connected group. However, communication to an overlapped IP address is dropped. ++## Security admin rule limitations ++* The maximum number of IP prefixes in all [security admin rules](concept-security-admins.md) combined is 1000. ++* The maximum number of admin rules in one level of Azure Virtual Network Manager is 100. ++## Related content ++- [Frequently asked questions](faq.md) + |
| virtual-network | Virtual Network Troubleshoot Connectivity Problem Between Vms | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/virtual-network/virtual-network-troubleshoot-connectivity-problem-between-vms.md | Title: Troubleshooting connectivity problems between Azure VMs -description: Learn how to troubleshoot and resolve the connectivity problems that you might experience between Azure VMs. +description: Learn how to troubleshoot and resolve the connectivity problems that you might experience between Azure virtual machines (VMs). -tags: azure-resource-manager - Previously updated : 10/30/2018 Last updated : 07/19/2023 You might experience connectivity problems between Azure virtual machines (VMs). ## Symptom -One Azure VM cannot connect to another Azure VM. +One Azure VM can't connect to another Azure VM. ## Troubleshooting guidance One Azure VM cannot connect to another Azure VM. 6. [Check whether traffic is blocked by ACLs for the classic VM](#step-6-check-whether-traffic-is-blocked-by-acls-for-the-classic-vm) 7. [Check whether the endpoint is created for the classic VM](#step-7-check-whether-the-endpoint-is-created-for-the-classic-vm) 8. [Try to connect to a VM network share](#step-8-try-to-connect-to-a-vm-network-share)-9. [Check Inter-Vnet connectivity](#step-9-check-inter-vnet-connectivity) +9. [Check Inter-VNet connectivity](#step-9-check-inter-vnet-connectivity) ## Troubleshooting steps For more information, see [Add network interfaces to or remove from virtual mach ### Step 2: Check whether network traffic is blocked by NSG or UDR -Use [Network Watcher IP Flow Verify](../network-watcher/network-watcher-ip-flow-verify-overview.md) and [NSG Flow Logging](../network-watcher/network-watcher-nsg-flow-logging-overview.md) to determine whether there is a Network Security Group (NSG) or User-Defined Route (UDR) that is interfering with traffic flow. +Use [Network Watcher IP Flow Verify](../network-watcher/network-watcher-ip-flow-verify-overview.md) and [Connection troubleshoot](../network-watcher/network-watcher-connectivity-overview.md) to determine whether there's a Network Security Group (NSG) or User-Defined Route (UDR) that is interfering with traffic flow. ### Step 3: Check whether network traffic is blocked by VM firewall netstat ΓÇôano netstat -l ``` -- Run the **telnet** command on the virtual machine itself to test the port. If the test fails, the application or service is not configured to listen on that port.+- Run the **telnet** command on the virtual machine itself to test the port. If the test fails, the application or service isn't configured to listen on that port. ### Step 5: Check whether the problem is caused by SNAT All VMs that you create in Azure by using the classic deployment model can autom ### Step 8: Try to connect to a VM network share -If you cannot connect to a VM network share, the problem may be caused by unavailable NICs in the VM. To delete the unavailable NICs, see [How to delete the unavailable NICs](/troubleshoot/azure/virtual-machines/reset-network-interface#delete-the-unavailable-nics) +If you can't connect to a VM network share, the problem may be caused by unavailable NICs in the VM. To delete the unavailable NICs, see [How to delete the unavailable NICs](/troubleshoot/azure/virtual-machines/reset-network-interface#delete-the-unavailable-nics) -### Step 9: Check Inter-Vnet connectivity +### Step 9: Check Inter-VNet connectivity -Use [Network Watcher IP Flow Verify](../network-watcher/network-watcher-ip-flow-verify-overview.md) and [NSG Flow Logging](../network-watcher/network-watcher-nsg-flow-logging-overview.md) to determine whether there is a NSG or UDR that is interfering with traffic flow. You can also verify your Inter-Vnet configuration [here](https://support.microsoft.com/en-us/help/4032151/configuring-and-validating-vnet-or-vpn-connections). +Use [Network Watcher IP Flow Verify](../network-watcher/network-watcher-ip-flow-verify-overview.md) and [NSG Flow Logging](../network-watcher/network-watcher-nsg-flow-logging-overview.md) to determine whether there's an NSG or UDR that is interfering with traffic flow. You can also verify your Inter-VNet configuration [here](https://support.microsoft.com/en-us/help/4032151/configuring-and-validating-vnet-or-vpn-connections). ### Need help? Contact support. If you still need help, [contact support](https://portal.azure.com/?#blade/Microsoft_Azure_Support/HelpAndSupportBlade) to get your issue resolved quickly. |
| virtual-wan | About Virtual Hub Routing | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/virtual-wan/about-virtual-hub-routing.md | You can set up the routing configuration for a virtual network connection during ### <a name="association"></a>Association -Each connection is associated to one route table. Associating a connection to a route table allows the traffic to be sent to the destination indicated as routes in the route table. The routing configuration of the connection will show the associated route table. Multiple connections can be associated to the same route table. All VPN, ExpressRoute, and User VPN connections are associated to the same (default) route table. +Each connection is associated to one route table. Associating a connection to a route table allows the traffic (from that connection) to be sent to the destination indicated as routes in the route table. The routing configuration of the connection will show the associated route table. Multiple connections can be associated to the same route table. All VPN, ExpressRoute, and User VPN connections are associated to the same (default) route table. By default, all connections are associated to a **Default route table** in a virtual hub. Each virtual hub has its own Default route table, which can be edited to add a static route(s). Routes added statically take precedence over dynamically learned routes for the same prefixes. Labels provide a mechanism to logically group route tables. This is especially h ### <a name="static"></a>Configuring static routes in a virtual network connection -Configuring static routes provides a mechanism to steer traffic through a next hop IP, which could be of a Network Virtual Appliance (NVA) provisioned in a Spoke VNet attached to a virtual hub. The static route is composed of a route name, list of destination prefixes, and a next hop IP. +Configuring static routes provides a mechanism to steer traffic from the hub through a next hop IP, which could be of a Network Virtual Appliance (NVA) provisioned in a Spoke VNet attached to a virtual hub. The static route is composed of a route name, list of destination prefixes, and a next hop IP. ## <a name="route"></a>Route tables for pre-existing routes |
| virtual-wan | Hub Settings | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/virtual-wan/hub-settings.md | By default, the virtual hub router is automatically configured to deploy with a When you deploy a new virtual hub, you can specify additional routing infrastructure units to increase the default virtual hub capacity in increments of 1 Gbps and 1000 VMs. This feature gives you the ability to secure upfront capacity without having to wait for the virtual hub to scale out when more throughput is needed. The scale unit on which the virtual hub is created becomes the minimum capacity. Creating a virtual hub without a gateway takes about 5 - 7 minutes while creating a virtual hub and a gateway can take about 30 minutes to complete. You can view routing infrastructure units, router Gbps, and number of VMs supported, in the Azure portal **Virtual hub** pages for **Create virtual hub** and **Edit virtual hub**. +When increasing the virtual hub capacity, the virtual hub router will continue to support traffic at its current capacity until the scale out is complete. Scaling out the virtual hub router may take up to 25 minutes. + ### Configure virtual hub capacity Capacity is configured on the **Basics** tab **Virtual hub capacity** setting when you create your virtual hub. |
| virtual-wan | Manage Secure Access Resources Spoke P2s | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/virtual-wan/manage-secure-access-resources-spoke-p2s.md | Once you complete these steps, you will have created an architecture that allows 1. Under Security, select **Azure Firewall policies**. 1. Select **Create Azure Firewall Policy**. 1. Under **Policy details**, type in a name and select the region your virtual hub is deployed in.-1. Select **Next: DNS Settings (preview)**. +1. Select **Next: DNS Settings**. 1. Select **Next: Rules**. 1. On the **Rules** tab, select **Add a rule collection**. 1. Provide a name for the collection. Set the type as **Network**. Add a priority value **100**. |
| virtual-wan | Scenario Isolate Virtual Networks Branches | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/virtual-wan/scenario-isolate-virtual-networks-branches.md | For more information about virtual hub routing, see [About virtual hub routing]( ## <a name="design"></a>Design -In order to figure out how many route tables will be needed, you can build a connectivity matrix. For this scenario it will look like the following, where each cell represents whether a source (row) can communicate to a destination (column): +In order to figure out how many route tables are needed, you can build a connectivity matrix. For this scenario it looks like the following, where each cell represents whether a source (row) can communicate to a destination (column): | From | To:| *Blue VNets* | *Red VNets* | *Red Branches*| *Blue Branches*| ||||||| In order to figure out how many route tables will be needed, you can build a con Each of the cells in the previous table describes whether a Virtual WAN connection (the "From" side of the flow, the row headers) communicates with a destination (the "To" side of the flow, the column headers in italics). **Direct** implies the traffic flows directly through Virtual WAN while **AzFW** implies that the traffic is inspected by Azure Firewall before being forwarded to the destination. A blank entry means that flow is blocked in the setup. -In this case, the two route tables for the VNets are required to achieve the goal of VNet isolation without Azure Firewall in the path. We will call these routes tables **RT_BLUE** and **RT_RED**. +There are four connectivity patterns in this matrix. However, since branches in Virtual WAN must be associated to the default route table, we only need 1 connectivity profile for branches (we will forward traffic from the branches to Azure Firewall to achieve custom routing for branches). As a result, we need three route tables: one for Blue VNets, one for Red VNets, and 1 for branches. The two custom route tables for the VNets are required to achieve the goal of VNet isolation without Azure Firewall in the path. We will call these routes tables **RT_BLUE** and **RT_RED**. In addition, branches must always be associated to the **Default** Route Table. To ensure that traffic to and from the branches is inspected by Azure Firewall, we add static routes in the **Default**, **RT_RED** and **RT_BLUE** route tables pointing traffic to Azure Firewall and set up Network Rules to allow desired traffic. We also ensure that the branches do **not** propagate to **RT_BLUE** and **RT_RED**. As a result, this is the final design: * **ALLOW RULE** **Source Prefix**: Blue Branch Address Prefixes **Destination Prefix**: Blue VNet Prefixes * **ALLOW RULE** **Source Prefix**: Red Branch Address Prefixes **Destination Prefix**: Red VNet Prefixes -> [!NOTE] -> Since all branches need to be associated to the Default route table, as well as to propagate to the same set of routing tables, all branches will have the same connectivity profile. In other words, the Red/Blue concept for VNets cannot be applied to branches. However, to achieve custom routing for branches, we can forward traffic from the branches to Azure Firewall. > [!NOTE]-> Azure Firewall by default denies traffic in a zero-trust model. If there is no explicit **ALLOW** rule that matches the inspected packet, Azure Firewall will drop the packet. +> Azure Firewall by default denies traffic in a zero-trust model. If there is no explicit **ALLOW** rule that matches the inspected packet, Azure Firewall drops the packet. For more information about virtual hub routing, see [About virtual hub routing](about-virtual-hub-routing.md). For more information about virtual hub routing, see [About virtual hub routing]( ## <a name="architecture"></a>Workflow -In **Figure 1**, there are Blue and Red VNets, as well as branches that can access either Blue or Red VNets. +In **Figure 1**, there are Blue and Red VNets and branches that can access either Blue or Red VNets. * Blue-connected VNets can reach each other and can reach all blue branches (VPN/ER/P2S) connections. In the diagram, the blue branch is the Site-to-site VPN site. * Red-connected VNets can reach each other and can reach all red branches (VPN/ER/P2S) connections. In the diagram, the red branch is the Point-to-site VPN users. Consider the following steps when setting up routing. * **Propagation**: Select all Blue VNets. 3. Repeat the same steps for **RT_RED** route table for Red VNets. 4. Provision an Azure Firewall in Virtual WAN. For more information about Azure Firewall in the Virtual WAN hub, see [Configuring Azure Firewall in Virtual WAN hub](howto-firewall.md).-5. Add a static route to the **Default** Route Table of the Virtual Hub directing all traffic destined for the VNet address spaces (both blue and red) to Azure Firewall. This step ensures any packets from your branches will be sent to Azure Firewall for inspection. +5. Add a static route to the **Default** Route Table of the Virtual Hub directing all traffic destined for the VNet address spaces (both blue and red) to Azure Firewall. This step ensures any packets from your branches are sent to Azure Firewall for inspection. * Example: **Destination Prefix**: 10.0.0.0/8 **Next Hop**: Azure Firewall >[!NOTE]- > This step can also be done via Firewall Manager by selecting the "Secure Private Traffic" option. This will add a route for all RFC1918 private IP addresses applicable to VNets and branches. You will need to manually add in any branches or virtual networks that are not compliant with RFC1918. + > This step can also be done via Firewall Manager by selecting the "Secure Private Traffic" option. This adds a route for all RFC1918 private IP addresses applicable to VNets and branches. You'll need to manually add in any branches or virtual networks that aren't compliant with RFC1918. -6. Add a static route to **RT_RED** and **RT_BLUE** directing all traffic to Azure Firewall. This step ensures VNets will not be able to access branches directly. This step cannot be done via Firewall Manager because these Virtual Networks are not associated with the Default Route Table. +6. Add a static route to **RT_RED** and **RT_BLUE** directing all traffic to Azure Firewall. This step ensures VNets won't be able to access branches directly. This step can't be done via Firewall Manager because these Virtual Networks aren't associated with the Default Route Table. * Example: **Destination Prefix**: 0.0.0.0/0 **Next Hop**: Azure Firewall > [!NOTE]- > Routing is performed using Longest Prefix Match (LPM). As a result, the 0.0.0.0/0 static routes will **NOT** be preferred over the exact prefixes that exist in **BLUE_RT** and **RED_RT**. As a result, intra-VNet traffic will not be inspected by Azure Firewall. + > Routing is performed using Longest Prefix Match (LPM). As a result, the 0.0.0.0/0 static routes will **NOT** be preferred over the exact prefixes that exist in **BLUE_RT** and **RED_RT**. As a result, intra-VNet traffic won't be inspected by Azure Firewall. -This will result in the routing configuration changes as seen in the figure below. +This results in the routing configuration changes as seen in the figure below. **Figure 1** [  ](./media/routing-scenarios/custom-branch-vnet/custom-branch.png#lightbox) |