-* [Azure Key Vault insights](../../azure-monitor/insights/key-vault-insights-overview.md)

-Organizations need to ensure that the credentials for emergency access accounts are kept secure and known only to individuals who are authorized to use them. Some customers use a smartcard and others use passwords. A password for an emergency access account is usually separated into two or three parts, written on separate pieces of paper, and stored in secure, fireproof safes that are in secure, separate locations.

-You can create an AKS cluster using a system-assigned managed identity by running the following CLI command.

- --network-plugin $PLUGIN \

-> [!NOTE]

-> For creating and using your own VNet and route table where the resources are outside of the worker node resource group, the CLI will add the role assignment automatically. If you are using an ARM template or other client, you need to use the Principal ID of the cluster managed identity to perform a [role assignment.][add role to identity]

->

-> If you are not using the CLI but using your own VNet or route table which are outside of the worker node resource group, it's recommended to use [user-assigned control plane identity][Create an AKS cluster with user-assigned identities]. For system-assigned control plane identity, we cannot get the identity ID before creating cluster, which causes delay for role assignment to take effect.

- --network-plugin $PLUGIN \

-> [!NOTE]

-> For creating and using your own VNet and route table where the resources are outside of the worker node resource group, the CLI will add the role assignment automatically. If you are using an ARM template or other client, you need to use the Principal ID of the cluster managed identity to perform a [role assignment.][add role to identity]

-zone_pivot_groups: app-service-platform-windows-linux

-[Azure App Service](overview.md) provides a highly scalable, self-patching web hosting service using the Windows operating system. This tutorial shows how to create a PHP app in Azure and connect it to a MySQL database. When you're finished, you'll have a [Laravel](https://laravel.com/) app running on Azure App Service on Windows.

-[Azure App Service](overview.md) provides a highly scalable, self-patching web hosting service using the Linux operating system. This tutorial shows how to create a PHP app in Azure and connect it to a MySQL database. When you're finished, you'll have a [Laravel](https://laravel.com/) app running on Azure App Service on Linux.

-> * Create a MySQL database in Azure

-> * Connect a PHP app to MySQL

-> * Deploy the app to Azure

-> * Update the data model and redeploy the app

-## Prerequisites

-To complete this tutorial:

-## Prepare local MySQL

-In this step, you create a database in your local MySQL server for your use in this tutorial.

-### Connect to local MySQL server

-In a local terminal window, connect to your local MySQL server. You can use this terminal window to run all the commands in this tutorial.

-mysql -u root -p

-If you're prompted for a password, enter the password for the `root` account. If you don't remember your root account password, see [MySQL: How to Reset the Root Password](https://dev.mysql.com/doc/refman/5.7/en/resetting-permissions.html).

-If your command runs successfully, then your MySQL server is running. If not, ensure that your local MySQL server is started by following the [MySQL post-installation steps](https://dev.mysql.com/doc/refman/5.7/en/postinstallation.html).

-### Create a database locally

-1. At the `mysql` prompt, create a database.

- ```sql

- CREATE DATABASE sampledb;

- ```

-1. Exit your server connection by typing `quit`.

- ```sql

- quit

- ```

-<a name="step2"></a>

-## Create a PHP app locally

-In this step, you get a Laravel sample application, configure its database connection, and run it locally.

-### Clone the sample

-1. `cd` to a working directory.

-1. Clone the sample repository and change to the repository root.

- ```terminal

- git clone https://github.com/Azure-Samples/laravel-tasks

- cd laravel-tasks

- ```

-1. Install the required packages.

- ```

-### Configure MySQL connection

-In the repository root, create a file named *.env*. Copy the following variables into the *.env* file. Replace the _&lt;root_password>_ placeholder with the MySQL root user's password.

-```txt

-APP_ENV=local

-APP_DEBUG=true

-APP_KEY=

-DB_CONNECTION=mysql

-DB_HOST=127.0.0.1

-DB_DATABASE=sampledb

-DB_USERNAME=root

-DB_PASSWORD=<root_password>

-```

-For information on how Laravel uses the _.env_ file, see [Laravel Environment Configuration](https://laravel.com/docs/8.x#environment-based-configuration).

-### Run the sample locally

-1. Run [Laravel database migrations](https://laravel.com/docs/8.x/migrations) to create the tables the application needs. To see which tables are created in the migrations, look in the _database/migrations_ directory in the Git repository.

- ```terminal

- ```

-1. Generate a new Laravel application key.

- ```terminal

- ```

-1. Run the application.

- ```terminal

-1. Go to `http://localhost:8000` in a browser. Add a few tasks in the page.

- 

-1. To stop PHP, enter `Ctrl + C` in the terminal.

-## Deploy Laravel sample to App Service

-### Deploy sample code

-1. In the root directory of the respository, add a file called *.deployment*. This file tells App Service to run a custom deployment script during build automation. Copy the following text into it as its content:

- ```

- [config]

- command = bash deploy.sh

- ```

- > [!NOTE]

- > The deployment process installs [Composer](https://getcomposer.org/) packages at the end. App Service on Windows does not run these automations during default deployment, so this sample repository has two additional files in its root directory to enable it:

- >

- > - `deploy.sh` - The custom deployment script. If you review the file, you see that it runs `php composer.phar install`.

- > - `composer.phar` - The Composer package manager.

- >

- > You can use this approach to add any step to your [Git-based](deploy-local-git.md) or [ZIP](deploy-zip.md) deployment to App Service. For more information, see [Custom Deployment Script](https://github.com/projectkudu/kudu/wiki/Custom-Deployment-Script).

- >

-

-1. From the command line, sign in to Azure using the [`az login`](/cli/azure#az_login) command.

- ```azurecli

- az login

- ```

-1. Deploy the code in your local folder using the [`az webapp up`](/cli/azure/webapp#az_webapp_up) command. Replace *\<app-name>* with a unique name for your app.

- ::: zone pivot="platform-windows"

-

- ```azurecli

- az webapp up --resource-group myResourceGroup --name <app-name> --location "West Europe" --sku FREE --runtime "php|7.4" --os-type=windows

- ```

-

- ::: zone-end

-

- ::: zone pivot="platform-linux"

-

- ```azurecli

- az webapp up --resource-group myResourceGroup --name <app-name> --location "West Europe" --sku FREE --runtime "php|7.4" --os-type=linux

- ```

-

- ::: zone-end

- [!include [az webapp up command note](../../includes/app-service-web-az-webapp-up-note.md)]

-### Configure Laravel environment variables

-Laravel needs an application key in App Service. You can configure it with app settings.

-1. Use `php artisan` to generate a new application key without saving it to _.env_.

- ```terminal

- php artisan key:generate --show

- ```

-1. Set the application key in the App Service app by using the [`az webapp config appsettings set`](/cli/azure/webapp/config/appsettings#az-webapp-config-appsettings-set) command. Replace the placeholders _&lt;app-name>_ and _&lt;outputofphpartisankey:generate>_.

- ```azurecli-interactive

- az webapp config appsettings set --settings APP_KEY="<output_of_php_artisan_key:generate>" APP_DEBUG="true"

- ```

- `APP_DEBUG="true"` tells Laravel to return debugging information when the deployed app encounters errors. When running a production application, set it to `false`, which is more secure.

-### Set the virtual application path

-Set the virtual application path for the app. This step is required because the [Laravel application lifecycle](https://laravel.com/docs/8.x/lifecycle#lifecycle-overview) begins in the _public_ directory instead of the application's root directory. Other PHP frameworks whose lifecycle start in the root directory can work without manual configuration of the virtual application path.

-Set the virtual application path by using the [`az resource update`](/cli/azure/resource#az-resource-update) command. Replace the _&lt;app-name>_ placeholder.

-```azurecli-interactive

-az resource update --name web --resource-group myResourceGroup --namespace Microsoft.Web --resource-type config --parent sites/<app_name> --set properties.virtualApplications[0].physicalPath="site\wwwroot\public" --api-version 2015-06-01

-```

-By default, Azure App Service points the root virtual application path (_/_) to the root directory of the deployed application files (_sites\wwwroot_).

-[Laravel application lifecycle](https://laravel.com/docs/8.x/lifecycle#lifecycle-overview) begins in the _public_ directory instead of the application's root directory. The default PHP Docker image for App Service uses Apache, and it doesn't let you customize the `DocumentRoot` for Laravel. But you can use `.htaccess` to rewrite all requests to point to _/public_ instead of the root directory. In the repository root, an `.htaccess` is added already for this purpose. With it, your Laravel application is ready to be deployed.

-For more information, see [Change site root](configure-language-php.md#change-site-root).

-If you browse to `https://<app-name>.azurewebsites.net` now and see a `Whoops, looks like something went wrong` message, then you have configured your App Service app properly and it's running in Azure. It just doesn't have database connectivity yet. In the next step, you create a MySQL database in [Azure Database for MySQL](../mysql/index.yml).

-## Create MySQL in Azure

-1. Create a MySQL server in Azure with the [`az mysql server create`](/cli/azure/mysql/server#az-mysql-server-create) command.

- In the following command, substitute a unique server name for the *\<mysql-server-name>* placeholder, a user name for the *\<admin-user>*, and a password for the *\<admin-password>* placeholder. The server name is used as part of your MySQL endpoint (`https://<mysql-server-name>.mysql.database.azure.com`), so the name needs to be unique across all servers in Azure. For details on selecting MySQL DB SKU, see [Create an Azure Database for MySQL server](../mysql/quickstart-create-mysql-server-database-using-azure-cli.md#create-an-azure-database-for-mysql-server).

- ```azurecli-interactive

- az mysql server create --resource-group myResourceGroup --name <mysql-server-name> --location "West Europe" --admin-user <admin-user> --admin-password <admin-password> --sku-name B_Gen5_1

- ```

-1. Create a database called `sampledb` by using the [`az mysql db create`](/cli/azure/mysql/db#az-mysql-db-create) command.

- ```azurecli-interactive

- az mysql db create --resource-group myResourceGroup --server-name <mysql-server-name> --name sampledb

- ```

-## Connect the app to the database

-Configure the connection between your app and the SQL database by using the [az webapp connection create mysql](/cli/azure/webapp/connection/create#az-webapp-connection-create-mysql) command. `--target-resource-group` is the resource group that contains the MySQL database.

-```azurecli-interactive

-az webapp connection create mysql --resource-group myResourceGroup --name <app-name> --target-resource-group myResourceGroup --server <mysql-server-name> --database sampledb --connection my_laravel_db --client-type php

-```

-```azurecli-interactive

-az webapp connection create mysql --resource-group myResourceGroup --name <app-name> --target-resource-group myResourceGroup --server <mysql-server-name> --database sampledb --connection my_laravel_db

-```

-When prompted, provide the administrator username and password for the MySQL database.

-> [!NOTE]

-> The CLI command does everything the app needs to successfully connect to the database, including:

->

-> - In your App Service app, adds [six app settings](../service-connector/how-to-integrate-mysql.md#php-mysqli-secret--connection-string) with the names `AZURE_MYSQL_<setting>`, which your code can use for its database connection. If the app setting names are already in use, the `AZURE_MYSQL_<connection-name>_<setting>` format is used instead.

-> - In your MySQL database server, allows Azure services to access the MySQL database server.

-## Generate the database schema

-<a name="devconfig"></a>

-1. Allow access to the Azure database from your local computer by using the [az mysql server firewall-rule create](/cli/azure/mysql/server/firewall-rule#az-mysql-server-firewall-rule-create) and replacing *\<your-ip-address>* with [your local IPv4 IP address](https://www.whatsmyip.org/).

- ```azurecli-interactive

- az mysql server firewall-rule create --name AllowLocalClient --server <mysql-server-name> --resource-group myResourceGroup --start-ip-address=<your-ip-address> --end-ip-address=<your-ip-address>

- ```

- > [!TIP]

- > Once the firewall rule for your local computer is enabled, you can connect to the server like any MySQL server with the `mysql` client. For example:

- > ```terminal

- > mysql -u <admin-user>@<mysql-server-name> -h <mysql-server-name>.mysql.database.azure.com -P 3306 -p

- > ```

-1. Generate the environment variables from the [service connector you created earlier](#connect-the-app-to-the-database) by running the [`az webapp connection list-configuration`](/cli/azure/webapp/connection/create#az-webapp-connection-create-mysql) command.

- ::: zone pivot="platform-windows"

- ```powershell

- $Settings = az webapp connection list-configuration --resource-group myResourceGroup --name <app-name> --connection my_laravel_db --query configurations | ConvertFrom-Json

- foreach ($s in $Settings) { New-Item -Path Env:$($s.name) -Value $s.value}

- ```

-

- > [!TIP]

- > These commands are equivalent to setting the database variables manually like this:

- >

- > ```powershell

- > New-Item -Path Env:AZURE_MYSQL_DBNAME -Value ...

- > New-Item -Path Env:AZURE_MYSQL_HOST -Value ...

- > New-Item -Path Env:AZURE_MYSQL_PORT -Value ...

- > New-Item -Path Env:AZURE_MYSQL_FLAG -Value ...

- > New-Item -Path Env:AZURE_MYSQL_USERNAME -Value ...

- > New-Item -Path Env:AZURE_MYSQL_PASSWORD -Value ...

- > ```

- ::: zone-end

-

- ::: zone pivot="platform-linux"

-

- ```bash

- export $(az webapp connection list-configuration --resource-group myResourceGroup --name <app-name> --connection my_laravel_db --query "configurations[].[name,value] | [*].join('=',@)" --output tsv)

- ```

- > [!TIP]

- > The [JMESPath query](https://jmespath.org/) in `--query` and the `--output tsv` formatting let you feed the output directly into the `export` command. It's equivalent to setting the database variables manually like this:

- >

- > ```powershell

- > export AZURE_MYSQL_DBNAME=...

- > export AZURE_MYSQL_HOST=...

- > export AZURE_MYSQL_PORT=...

- > export AZURE_MYSQL_FLAG=...

- > export AZURE_MYSQL_USERNAME=...

- > export AZURE_MYSQL_PASSWORD=...

- > ```

- <!-- export $(az webapp connection list-configuration -g myResourceGroup -n <app-name> --connection my-laravel-db | jq -r '.configurations[] | "\(.name)=\(.value)"')

- -->

- ::: zone-end

-1. Open _config/database.php_ and find the `mysql` section. It's already set up to retrieve connection secrets from environment variables.

- ```php

- 'mysql' => [

- 'driver' => 'mysql',

- 'url' => env('DATABASE_URL'),

- 'host' => env('DB_HOST', '127.0.0.1'),

- 'port' => env('DB_PORT', '3306'),

- 'database' => env('DB_DATABASE', 'forge'),

- 'username' => env('DB_USERNAME', 'forge'),

- 'password' => env('DB_PASSWORD', ''),

- ...

- ],

- ```

- Change the default environment variables to the ones that the service connector created:

- ```php

- 'mysql' => [

- 'driver' => 'mysql',

- 'url' => env('DATABASE_URL'),

- 'host' => env('AZURE_MYSQL_HOST', '127.0.0.1'),

- 'port' => env('AZURE_MYSQL_PORT', '3306'),

- 'database' => env('AZURE_MYSQL_DBNAME', 'forge'),

- 'username' => env('AZURE_MYSQL_USERNAME', 'forge'),

- 'password' => env('AZURE_MYSQL_PASSWORD', ''),

- ...

- ],

- ```

- > [!TIP]

- > PHP uses the [getenv](https://www.php.net/manual/en/function.getenv.php) method to access the settings. the Laravel code uses an [env](https://laravel.com/docs/8.x/helpers#method-env) wrapper over the PHP `getenv`.

-1. By default, Azure Database for MySQL enforces TLS connections from clients. To connect to your MySQL database in Azure, you must use the [_.pem_ certificate supplied by Azure Database for MySQL](../mysql/single-server/how-to-configure-ssl.md). The certificate `BaltimoreCyberTrustRoot.crt.pem` is provided in the sample repository for convenience in this tutorial. At the bottom of the `mysql` section in _config/database.php_, change the `options` parameter to the following code:

- ```php

- 'options' => extension_loaded('pdo_mysql') ? array_filter([

- PDO::MYSQL_ATTR_SSL_KEY => '/ssl/BaltimoreCyberTrustRoot.crt.pem',

- ]) : [],

- ```

-1. Your sample app is now configured to connect to the Azure MySQL database. Run Laravel database migrations again to create the tables and run the sample app.

- ```bash

- php artisan migrate

- php artisan serve

- ```

-1. Go to `http://localhost:8000`. If the page loads without errors, the PHP application is connecting to the MySQL database in Azure.

-1. Add a few tasks in the page.

- 

-1. To stop PHP, enter `Ctrl + C` in the terminal.

-## Deploy changes to Azure

-1. Deploy your code changes by running `az webapp up` again.

- ::: zone pivot="platform-windows"

-

- ```azurecli

- az webapp up --os-type=windows

- ```

-

- ::: zone-end

-

- ::: zone pivot="platform-linux"

-

- ```azurecli

- az webapp up --runtime "php|7.4" --os-type=linux

- ```

-

- > [!NOTE]

- > `--runtime` is still needed for deployment with `az webapp up`. Otherwise, the runtime is detected to be Node.js due to the presence of *package.json*.

- ::: zone-end

-1. Browse to `http://<app-name>.azurewebsites.net` and add a few tasks to the list.

- :::image type="content" source="./media/tutorial-php-mysql-app/php-mysql-in-azure.png" alt-text="Screenshot of the Azure app example titled Task List showing new tasks added.":::

-Congratulations, you're running a data-driven PHP app in Azure App Service.

-## Stream diagnostic logs

-While the PHP application runs in Azure App Service, you can get the console logs piped to your terminal. That way, you can get the same diagnostic messages to help you debug application errors.

-To start log streaming, use the [`az webapp log tail`](/cli/azure/webapp/log#az-webapp-log-tail) command.

-```azurecli-interactive

-az webapp log tail

-Once log streaming has started, refresh the Azure app in the browser to get some web traffic. You can now see console logs piped to the terminal. If you don't see console logs immediately, check again in 30 seconds.

-To stop log streaming at any time, enter `Ctrl`+`C`.

-> [!NOTE]

-> You can also inspect the log files from the browser at `https://<app-name>.scm.azurewebsites.net/api/logs/docker`.

-> [!TIP]

-> A PHP application can use the standard [error_log()](https://php.net/manual/function.error-log.php) to output to the console. The sample application uses this approach in _app/Http/routes.php_.

->

-> As a web framework, [Laravel uses Monolog](https://laravel.com/docs/8.x/logging) as the logging provider. To see how to get Monolog to output messages to the console, see [PHP: How to use monolog to log to console (php://out)](https://stackoverflow.com/questions/25787258/php-how-to-use-monolog-to-log-to-console-php-out).

->

-> * Create a MySQL database in Azure

-> * Connect a PHP app to MySQL

-> * Deploy the app to Azure

-> * Update the data model and redeploy the app

- -BackendHttpSettings $poolSettings

-Form Recognizer uses the [prebuilt-layout model](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-v3-0-preview-2/operations/AnalyzeDocument) API to learn the expected sizes and positions of typeface and handwritten text elements and extract tables. Then it uses user-specified labels to learn the key/value associations and tables in the documents. We recommend that you use five manually labeled forms of the same type (same structure) to get started with training a new model. Then, add more labeled data, as needed, to improve the model accuracy. Form Recognizer enables training a model to extract key-value pairs and tables using supervised learning capabilities.

-To make an [**Analyze document**](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-v3-0-preview-2/operations/AnalyzeDocument) request, use a unique model name in the request parameters.

-* Explore our [**REST API (preview)**](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-v3-0-preview-2/operations/AnalyzeDocument) to learn more about the preview version and new capabilities.

- > [Form Recognizer API v3.0](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-v3-0-preview-2/operations/AnalyzeDocument)

-|Custom model| <ul><li>[Form Recognizer Studio](https://formrecognizer.appliedai.azure.com/studio/customform/projects)</li><li>[REST API](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-v3-0-preview-2/operations/AnalyzeDocument)</li><li>[C# SDK](quickstarts/try-v3-csharp-sdk.md)</li><li>[Python SDK](quickstarts/try-v3-python-sdk.md)</li></ul>|***custom-model-id***|

-|[v3.0 Studio quickstart](quickstarts/try-v3-form-recognizer-studio.md) |[Form Recognizer v3.0 API 2022-06-30](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-v3-0-preview-2/operations/AnalyzeDocument)|

-* For best results, provide one clear photo or high-quality scan per document.

-* Supported file formats: JPEG/JPG, PNG, BMP, TIFF, and PDF (text-embedded or scanned). Text-embedded PDFs are best to eliminate the possibility of error in character extraction and location.

-* For PDF and TIFF, up to 2000 pages can be processed (with a free tier subscription, only the first two pages are processed).

-* The file size must be less than 500 MB for paid (S0) tier and 4 MB for free (F0) tier.

-* Image dimensions must be between 50 x 50 pixels and 10,000 x 10,000 pixels.

-* PDF dimensions are up to 17 x 17 inches, corresponding to Legal or A3 paper size, or smaller.

-* The total size of the training data is 500 pages or less.

-* If your PDFs are password-locked, you must remove the lock before submission.

-* Explore our [**REST API (preview)**](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-v3-0-preview-2/operations/AnalyzeDocument) to learn more about the preview version and new capabilities.

-* For best results, provide one clear photo or high-quality scan per document.

-* Supported file formats: JPEG/JPG, PNG, BMP, TIFF, and PDF (text-embedded or scanned). Text-embedded PDFs are best to eliminate the possibility of error in character extraction and location.

-* For PDF and TIFF, up to 2000 pages can be processed (with a free tier subscription, only the first two pages are processed).

-* The file size must be less than 500 MB for paid (S0) tier and 4 MB for free (F0) tier.

-* Image dimensions must be between 50 x 50 pixels and 10,000 x 10,000 pixels.

-* PDF dimensions are up to 17 x 17 inches, corresponding to Legal or A3 paper size, or smaller.

-* The total size of the training data is 500 pages or less.

-* If your PDFs are password-locked, you must remove the lock before submission.

-* Explore our [**REST API (preview)**](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-v3-0-preview-2/operations/AnalyzeDocument) to learn more about the preview version and new capabilities.

-* For best results, provide one clear photo or high-quality scan per document.

-* Supported file formats: JPEG/JPG, PNG, BMP, TIFF, and PDF (text-embedded or scanned). Text-embedded PDFs are best to eliminate the possibility of error in character extraction and location.

-* For PDF and TIFF, up to 2000 pages can be processed (with a free tier subscription, only the first two pages are processed).

-* The file size must be less than 500 MB for paid (S0) tier and 4 MB for free (F0) tier.

-* Image dimensions must be between 50 x 50 pixels and 10,000 x 10,000 pixels.

-* PDF dimensions are up to 17 x 17 inches, corresponding to Legal or A3 paper size, or smaller.

-* The total size of the training data is 500 pages or less.

-* If your PDFs are password-locked, you must remove the lock before submission.

-The paragraph roles are best used with unstructured documents. PAragraph roles help analyze the structure of the extracted content for better semantic search and analysis.

-* For best results, provide one clear photo or high-quality scan per document.

-* Supported file formats: JPEG/JPG, PNG, BMP, TIFF, and PDF (text-embedded or scanned).

-* For PDF and TIFF, up to 2000 pages can be processed (with a free tier subscription, only the first two pages are processed).

-* The file size must be less than 500 MB for paid (S0) tier and 4 MB for free (F0) tier.

-* Image dimensions must be between 50 x 50 pixels and 10,000 x 10,000 pixels.

-* The minimum height of the text to be extracted is 12 pixels for a 1024 X 768 image. This dimension corresponds to about eight font point text at 150 DPI.

-* For best results, provide one clear photo or high-quality scan per document.

-* Supported file formats: JPEG/JPG, PNG, BMP, TIFF, and PDF (text-embedded or scanned). Additionally, the Read API supports Microsoft Word (DOCX), Excel (XLS), PowerPoint (PPT), and HTML files.

-* For PDF and TIFF, up to 2000 pages can be processed (with a free tier subscription, only the first two pages are processed).

-* The file size must be less than 500 MB for paid (S0) tier and 4 MB for free (F0) tier.

-* Image dimensions must be between 50 x 50 pixels and 10,000 x 10,000 pixels.

-* The total size of the training data is 500 pages or less.

-* If your PDFs are password-locked, you must remove the lock before submission.

-* Supported file formats: These include JPEG/JPG, PNG, BMP, TIFF, PDF (text-embedded or scanned). Additionally, the newest API version `2022-06-30-preview` supports Microsoft Word (DOCX), Excel (XLS), PowerPoint (PPT), and HTML files.

-* For PDF and TIFF, up to 2000 pages can be processed (with a free tier subscription, only the first two pages are processed).

-* The file size must be less than 500 MB for paid (S0) tier and 4 MB for free (F0) tier.

-* Image dimensions must be between 50 x 50 pixels and 10,000 x 10,000 pixels.

-* The minimum height of the text to be extracted is 12 pixels for a 1024X768 image. This dimension corresponds to about eight font point text at 150 DPI.

-> [Form Recognizer API v3.0](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-v3-0-preview-2/operations/AnalyzeDocument)

-* For best results, provide one clear photo or high-quality scan per document.

-* Supported file formats: JPEG/JPG, PNG, BMP, TIFF, and PDF (text-embedded or scanned). Text-embedded PDFs are best to eliminate the possibility of error in character extraction and location.

-* For PDF and TIFF, up to 2000 pages can be processed (with a free tier subscription, only the first two pages are processed).

-* The file size must be less than 500 MB for paid (S0) tier and 4 MB for free (F0) tier.

-* Image dimensions must be between 50 x 50 pixels and 10,000 x 10,000 pixels.

-* PDF dimensions are up to 17 x 17 inches, corresponding to Legal or A3 paper size, or smaller.

-* The total size of the training data is 500 pages or less.

-* If your PDFs are password-locked, you must remove the lock before submission.

-* Explore our [**REST API (preview)**](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-v3-0-preview-2/operations/AnalyzeDocument) to learn more about the preview version and new capabilities.

-|**W-2 model**|<ul><li> [**Form Recognizer Studio**](https://formrecognizer.appliedai.azure.com)</li><li>[**REST API**](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-v3-0-preview-2/operations/AnalyzeDocument)</li><li>[**C# SDK**](quickstarts/try-v3-csharp-sdk.md#prebuilt-model)</li><li>[**Python SDK**](quickstarts/try-v3-python-sdk.md#prebuilt-model)</li><li>[**Java SDK**](quickstarts/try-v3-java-sdk.md#prebuilt-model)</li><li>[**JavaScript SDK**](quickstarts/try-v3-javascript-sdk.md#prebuilt-model)</li></ul>|**prebuilt-tax.us.w2**|

-* For best results, provide one clear photo or high-quality scan per document.

-* Supported file formats: JPEG/JPG, PNG, BMP, TIFF, and PDF (text-embedded or scanned). Text-embedded PDFs are best to eliminate the possibility of error in character extraction and location.

-* For PDF and TIFF, up to 2000 pages can be processed (with a free tier subscription, only the first two pages are processed).

-* The file size must be less than 500 MB for paid (S0) tier and 4 MB for free (F0) tier.

-* Image dimensions must be between 50 x 50 pixels and 10,000 x 10,000 pixels.

-* PDF dimensions are up to 17 x 17 inches, corresponding to Legal or A3 paper size, or smaller.

-* The total size of the training data is 500 pages or less.

-* If your PDFs are password-locked, you must remove the lock before submission.

-* Explore our [**REST API (preview)**](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-v3-0-preview-2/operations/AnalyzeDocument) to learn more about the preview version and new capabilities.

-|[🆕 **W-2 Form**](concept-w2.md) | Extract information reported in each box on a W-2 form.|<ul ><li>[**Form Recognizer Studio**](https://formrecognizer.appliedai.azure.com/studio/prebuilt?formType=tax.us.w2)<li>[**REST API**](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-v3-0-preview-2/operations/AnalyzeDocument)</li><li>[**C# SDK**](quickstarts/try-v3-csharp-sdk.md#prebuilt-model)</li><li>[**Python SDK**](quickstarts/try-v3-python-sdk.md#prebuilt-model)</li><li>[**Java SDK**](quickstarts/try-v3-java-sdk.md#prebuilt-model)</li><li>[**JavaScript**](quickstarts/try-v3-javascript-sdk.md#prebuilt-model)</li></ul> |

-> [REST API preview (v3.0) reference documentation](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-v3-0-preview-2/operations/AnalyzeDocument)

-| [Azure Monitor: Log Analytics](../azure-monitor/logs/availability-zones.md) |  |

-1. Open *Startup.cs*, and update the `ConfigureAppConfiguration` method.

- The `ConfigureRefresh` method registers a setting to be checked for changes whenever a refresh is triggered within the application, which you will do in the later step when adding `_configurationRefresher.TryRefreshAsync()`. The `refreshAll` parameter instructs the App Configuration provider to reload the entire configuration whenever a change is detected in the registered setting.

- All settings registered for refresh have a default cache expiration of 30 seconds. It can be updated by calling the `AzureAppConfigurationRefreshOptions.SetCacheExpiration` method.

- // Load all keys that start with `TestApp:`

- .Select("TestApp:*")

- // Configure to reload configuration if the registered sentinel key is modified

- .ConfigureRefresh(refreshOptions =>

- refreshOptions.Register("TestApp:Settings:Sentinel", refreshAll: true));

- > [!TIP]

- > When you are updating multiple key-values in App Configuration, you would normally don't want your application to reload configuration before all changes are made. You can register a *sentinel key* and only update it when all other configuration changes are completed. This helps to ensure the consistency of configuration in your application.

- Update the constructor to obtain the instance of `IConfigurationRefresherProvider` through dependency injection, from which you can obtain the instance of `IConfigurationRefresher`.

-> [Managed identity integration](./howto-integrate-azure-managed-service-identity.md)

-This project will use [dependency injection in .NET Azure Functions](../azure-functions/functions-dotnet-dependency-injection.md) and add Azure App Configuration as an extra configuration source.

- - [Microsoft.Extensions.Configuration.AzureAppConfiguration](https://www.nuget.org/packages/Microsoft.Extensions.Configuration.AzureAppConfiguration/) version 4.1.0 or later

- - [Microsoft.Azure.Functions.Extensions](https://www.nuget.org/packages/Microsoft.Azure.Functions.Extensions/) version 1.1.0 or later

-2. Add a new file, *Startup.cs*, with the following code. It defines a class named `Startup` that implements the `FunctionsStartup` abstract class. An assembly attribute is used to specify the type name used during Azure Functions startup.

-3. Open *Function1.cs*, and add the following namespace.

- Add a constructor used to obtain an instance of `IConfiguration` through dependency injection.

- $TOKEN=(kubectl get secret demo-user-secret -o jsonpath='{$.data.token}' | base64 -d | sed $'s/$/\\\n/g')

- The *Custom locations* feature provides a way for tenant or cluster administrators to configure their Azure Arc-enabled Kubernetes clusters as target locations for deploying instances of Azure offerings. Examples of Azure offerings that can be deployed on top of custom locations include databases, such as Azure Arc-enabled SQL Managed Instance and Azure Arc-enabled PostgreSQL Hyperscale, or application instances, such as App Services, Functions, Event Grid, Logic Apps, and API Management.

-A custom location has a one-to-one mapping to a namespace within the Azure Arc-enabled Kubernetes cluster. The custom location Azure resource combined with Azure RBAC can be used to grant granular permissions to application developers or database admins, enabling them to deploy resources such as databases or application instances on top of Arc-enabled Kubernetes clusters in a multi-tenant manner.

- - `customlocation` (version 0.1.3 or later)

- If you have already installed the `connectedk8s`, `k8s-extension`, and `customlocation` extensions, update to the **latest version** using the following command:

-If you are signed in to Azure CLI as an Azure AD user, to enable this feature on your cluster, execute the following command:

-This is because a service principal doesn't have permissions to get information of the application used by the Azure Arc service. To avoid this error, execute the following steps:

-1. Sign in to Azure CLI using your user account. Fetch the Object ID of the Azure AD application used by Azure Arc service:

- ```azurecli

- az ad sp show --id bc313c14-388c-4e7d-a58e-70017303ee3b --query objectId -o tsv

- ```

-1. Sign in to Azure CLI using the service principal. Use the `<objectId>` value from above step to enable custom locations feature on the cluster:

- az connectedk8s enable-features -n <cluster-name> -g <resource-group-name> --custom-locations-oid <objectId> --features cluster-connect custom-locations

- :::image type="content" source="./media/private-link-security/find-scope.png" alt-text="Find Private Link Scope" border="true":::

-1. Pick a Subscription and Resource Group.

-1. Give the Azure Arc Private Link Scope a name. It's best to use a meaningful and clear name.

- You can optionally require every Azure Arc-enabled machine or server associated with this Azure Arc Private Link Scope to send data to the service through the private endpoint. If you select **Enable public network access**, machines or servers associated with this Azure Arc Private Link Scope can communicate with the service over both private or public networks. You can change this setting after creating the scope if you change your mind.

- :::image type="content" source="./media/private-link-security/create-private-link-scope.png" alt-text="Create Private Link Scope" border="true":::

-## Create a private endpoint

- e. Select **Create**.

- :::image type="content" source="./media/private-link-security/dns-configuration.png" alt-text="DNS configuration details" border="true":::

- :::image type="content" source="./media/private-link-security/select-servers-private-link-scope.png" alt-text="Selecting Azure Arc resources" border="true":::

-You can also use the [Azure Key Vault solution in Azure Monitor](../azure-monitor/insights/key-vault-insights-overview.md) to review Key Vault logs. To use this solution, you need to enable logging of Key Vault diagnostics and direct the diagnostics to a Log Analytics workspace. With this solution, it isn't necessary to write logs to Azure Blob storage.

-This article provides details on installing the Log Analytics agent on Linux computers using the following methods:

-* [Install the agent for Linux using a wrapper-script](#install-the-agent-using-wrapper-script) hosted on GitHub. This is the recommended method to install and upgrade the agent when the computer has connectivity with the Internet, directly or through a proxy server.

-* [Manually download and install](#install-the-agent-manually) the agent. This is required when the Linux computer doesn't have access to the Internet and will be communicating with Azure Monitor or Azure Automation through the [Log Analytics gateway](./gateway.md).

-The installation methods described in this article are typically used for virtual machines on-premises or in other clouds. See [Installation options](./log-analytics-agent.md#installation-options) for more efficient options you can use for Azure virtual machines.

-## Supported operating systems

->Running the Log Analytics Linux Agent in containers is not supported. If you need to monitor containers, please leverage the [Container Monitoring solution](../containers/containers.md) for Docker hosts or [Container insights](../containers/container-insights-overview.md) for Kubernetes.

-## Supported Linux hardening

-## Agent prerequisites

-## Network requirements

-## Workspace ID and key

-After installing the Log Analytics agent for Linux packages, the following system-wide configuration changes are also applied. These artifacts are removed when the omsagent package is uninstalled.

-## Install the agent using wrapper script

-2. To configure the Linux computer to connect to Log Analytics workspace in Azure Government cloud, run the following command providing the workspace ID and primary key copied earlier. The following command downloads the agent, validates its checksum, and installs it.

-2. Restart the agent by running the following command:

-## Install the agent manually

-2. Install the bundle by using the `--install` argument. To onboard to a Log Analytics workspace during installation, provide the `-w <WorkspaceID>` and `-s <workspaceKey>` parameters copied earlier.

- >You need to use the `--upgrade` argument if any dependent packages such as omi, scx, omsconfig or their older versions are installed, as would be the case if the system Center Operations Manager agent for Linux is already installed.

-> [!NOTE]

-> Because the [Container Monitoring solution](../containers/containers.md) is being retired, the following documentation uses the optional setting --skip-docker-provider-install to disable the Container Monitoring data collection.

- ```

- sudo sh ./omsagent-*.universal.x64.sh --install -w <workspace id> -s <shared key> --skip-docker-provider-install

- ```

-3. To configure the Linux agent to install and connect to a Log Analytics workspace through a Log Analytics gateway, run the following command providing the proxy, workspace ID, and workspace key parameters. This configuration can be specified on the command line by including `-p [protocol://][user:password@]proxyhost[:port]`. The *proxyhost* property accepts a fully qualified domain name or IP address of the Log Analytics gateway server.

-4. To configure the Linux computer to connect to a Log Analytics workspace in Azure Government cloud, run the following command providing the workspace ID and primary key copied earlier.

-If you want to install the agent packages and configure it to report to a specific Log Analytics workspace at a later time, run the following command:

-If you want to extract the agent packages from the bundle without installing the agent, run the following command:

-* Manual installation using the [setup wizard](#install-agent-using-setup-wizard) or [command line](#install-agent-using-command-line)

-* [Azure Automation Desired State Configuration (DSC)](#install-agent-using-dsc-in-azure-automation)

-## Supported operating systems

-## Network requirements

-For the network requirements for the Windows agent, see [Log Analytics agent overview](./log-analytics-agent.md#network-requirements).

-## Configure agent to use TLS 1.2

-[TLS 1.2](/windows-server/security/tls/tls-registry-settings#tls-12) protocol ensures the security of data in transit for communication between the Windows agent and the Log Analytics service. If you're installing on an [operating system without TLS 1.2 enabled by default](../logs/data-security.md#sending-data-securely-using-tls-12), configure TLS 1.2 by following these steps:

-## Workspace ID and key

-## Install agent using setup wizard

-The following steps install and configure the Log Analytics agent in Azure and Azure Government cloud by using the setup wizard for the agent on your computer. If you want to learn how to configure the agent to also report to a System Center Operations Manager management group, see [Deploy the Operations Manager agent with the Agent Setup Wizard](/system-center/scom/manage-deploy-windows-agent-manually#to-deploy-the-operations-manager-agent-with-the-agent-setup-wizard).

-1. In your Log Analytics workspace, from the **Windows Servers** page you navigated to earlier, select the appropriate **Download Windows Agent** version to download depending on the processor architecture of the Windows operating system.

-1. Run setup to install the agent on your computer.

-1. On the **Welcome** page, select **Next**.

-1. On the **License Terms** page, read the license and then select **I Agree**.

-1. On the **Destination Folder** page, change or keep the default installation folder and then select **Next**.

-1. On the **Agent Setup Options** page, choose to connect the agent to Azure Log Analytics and then select **Next**.

-1. On the **Azure Log Analytics** page:

- 1. Paste the **Workspace ID** and **Workspace Key (Primary Key)** that you copied earlier. If the computer should report to a Log Analytics workspace in Azure Government cloud, select **Azure US Government** from the **Azure Cloud** dropdown list.

- 1. If the computer needs to communicate through a proxy server to the Log Analytics service, select **Advanced** and provide the URL and port number of the proxy server. If your proxy server requires authentication, enter the username and password to authenticate with the proxy server and then select **Next**.

-1. Select **Next** after you've finished providing the necessary configuration settings.<br><br> <br><br>

-1. On the **Ready to Install** page, review your choices and then select **Install**.

-1. On the **Configuration completed successfully** page, select **Finish**.

-When setup is finished, the **Microsoft Monitoring Agent** appears in **Control Panel**. To confirm it's reporting to Log Analytics, review [Verify agent connectivity to Log Analytics](#verify-agent-connectivity-to-azure-monitor).

-## Install agent using command line

-The downloaded file for the agent is a self-contained installation package. The setup program for the agent and supporting files are contained in the package and need to be extracted to properly install by using the command line shown in the following examples.

-## Install agent using DSC in Azure Automation

-You can use the following script example to install the agent by using Azure Automation DSC. If you don't have an Automation account, see [Get started with Azure Automation](../../automation/index.yml) to understand requirements and steps for creating an Automation account required before you use Automation DSC. If you aren't familiar with Automation DSC, see [Getting started with Automation DSC](../../automation/automation-dsc-getting-started.md).

->This procedure and script example doesn't support upgrading the agent already deployed to a Windows computer.

-The 32-bit and 64-bit versions of the agent package have different product codes, and new versions released also have a unique value. The product code is a GUID that's the principal identification of an application or product and is represented by the Windows Installer **ProductCode** property. The `ProductId` value in the **MMAgent.ps1** script has to match the product code from the 32-bit or 64-bit agent installer package.

-To retrieve the product code from the agent installer package directly, you can use Orca.exe from the [Windows SDK Components for Windows Installer Developers](/windows/win32/msi/platform-sdk-components-for-windows-installer-developers) that's a component of the Windows Software Development Kit. Or you can use PowerShell by following an [example script](https://www.scconfigmgr.com/2014/08/22/how-to-get-msi-file-information-with-powershell/) written by a Microsoft Valuable Professional. For either approach, you first need to extract the **MOMagent.msi** file from the MMASetup installation package. For instructions, see the first step in the section [Install agent using command line](#install-agent-using-command-line).

-1. Import the xPSDesiredStateConfiguration DSC Module from [https://www.powershellgallery.com/packages/xPSDesiredStateConfiguration](https://www.powershellgallery.com/packages/xPSDesiredStateConfiguration) into Azure Automation.

-1. Create Azure Automation variable assets for *OPSINSIGHTS_WS_ID* and *OPSINSIGHTS_WS_KEY*. Set *OPSINSIGHTS_WS_ID* to your Log Analytics workspace ID. Set *OPSINSIGHTS_WS_KEY* to the primary key of your workspace.

-1. Copy the script and save it as **MMAgent.ps1**.

-

- ```powershell

- Configuration MMAgent

- {

- $OIPackageLocalPath = "C:\Deploy\MMASetup-AMD64.exe"

- $OPSINSIGHTS_WS_ID = Get-AutomationVariable -Name "OPSINSIGHTS_WS_ID"

- $OPSINSIGHTS_WS_KEY = Get-AutomationVariable -Name "OPSINSIGHTS_WS_KEY"

-

- Import-DscResource -ModuleName xPSDesiredStateConfiguration

- Import-DscResource -ModuleName PSDesiredStateConfiguration

-

- Node OMSnode {

- Service OIService

- {

- Name = "HealthService"

- State = "Running"

- DependsOn = "[Package]OI"

- }

-

- xRemoteFile OIPackage {

- Uri = "https://go.microsoft.com/fwlink/?LinkId=828603"

- DestinationPath = $OIPackageLocalPath

- }

-

- Package OI {

- Ensure = "Present"

- Path = $OIPackageLocalPath

- Name = "Microsoft Monitoring Agent"

- ProductId = "8A7F2C51-4C7D-4BFD-9014-91D11F24AAE2"

- Arguments = '/C:"setup.exe /qn NOAPM=1 ADD_OPINSIGHTS_WORKSPACE=1 OPINSIGHTS_WORKSPACE_ID=' + $OPSINSIGHTS_WS_ID + ' OPINSIGHTS_WORKSPACE_KEY=' + $OPSINSIGHTS_WS_KEY + ' AcceptEndUserLicenseAgreement=1"'

- DependsOn = "[xRemoteFile]OIPackage"

- }

-

- ```

-Each agent must have network connectivity to the gateway so that agents can automatically transfer data to and from the gateway. Avoid installing the gateway on a domain controller. Linux computers that are behind a gateway server cannot use the [wrapper script installation](../agents/agent-linux.md#install-the-agent-using-wrapper-script) method to install the Log Analytics agent for Linux. The agent must be downloaded manually, copied to the computer, and installed manually because the gateway only supports communicating with the Azure services mentioned earlier.

-3. To connect an Log Analytics gateway server with the Microsoft Monitoring Agent installed, right-click the cluster's IP address, and then click **Add Host to Cluster**.

-There are multiple methods to install the Log Analytics agent and connect your machine to Azure Monitor depending on your requirements. The following sections list the possible methods for different types of virtual machine.

-> This solution is deprecated. [We now recommend using Key Vault insights](./key-vault-insights-overview.md).

-This article includes sample [Azure Resource Manager templates](../../azure-resource-manager/templates/syntax.md) to enable SQL Insights (preview) for monitoring SQL running in Azure. See the [SQL Insights (preview) documentation](sql-insights-overview.md) for details on the offering and versions of SQL we support. Each sample includes a template file and a parameters file with sample values to provide to the template.

-* [Learn more about SQL Insights (preview)](sql-insights-overview.md).

-

-

-Create Access Policy in Key Vault to grants permissions to your cluster. These permissions are used by the underlay cluster storage. Open your Key Vault in Azure portal and click *Access Policies* then *+ Add Access Policy* to create a policy with these settings:

- - System assigned managed identity - enter the cluster name or cluster principal ID

- - User assigned managed identity - enter the identity name

-

-The *Get* permission is required to verify that your Key Vault is configured as recoverable to protect your key and the access to your Azure Monitor data.

-

- | [Azure Key Vault Insights (preview)](./insights/key-vault-insights-overview.md) | GA | [Yes](https://portal.azure.com/#blade/Microsoft_Azure_Monitoring/AzureMonitoringBrowseBlade/keyvaultsInsights) | Provides comprehensive monitoring of your key vaults by delivering a unified view of your Key Vault requests, performance, failures, and latency. |

- | [Azure SQL insights (preview)](./insights/sql-insights-overview.md) | Preview | [Yes](https://portal.azure.com/#blade/Microsoft_Azure_Monitoring/AzureMonitoringBrowseBlade/sqlWorkloadInsights) | A comprehensive interface for monitoring any product in the Azure SQL family. SQL insights uses dynamic management views to expose the data you need to monitor health, diagnose problems, and tune performance. Note: If you are just setting up SQL monitoring, use this instead of the SQL Analytics solution. |

- | [Azure Key Vault](../key-vault/index.yml) | Microsoft.KeyVault/managedHSMs | [**Yes**](./essentials/metrics-supported.md#microsoftkeyvaultmanagedhsms) | [**Yes**](./essentials/resource-logs-categories.md#microsoftkeyvaultmanagedhsms) | [Azure Key Vault Insights (preview)](./insights/key-vault-insights-overview.md) | |

- | [Azure Key Vault](../key-vault/index.yml) | Microsoft.KeyVault/vaults | [**Yes**](./essentials/metrics-supported.md#microsoftkeyvaultvaults) | [**Yes**](./essentials/resource-logs-categories.md#microsoftkeyvaultvaults) | [Azure Key Vault Insights (preview)](./insights/key-vault-insights-overview.md) | |

- | [Azure SQL Managed Instance](/azure/azure-sql/database/monitoring-tuning-index) | Microsoft.Sql/managedInstances | [**Yes**](./essentials/metrics-supported.md#microsoftsqlmanagedinstances) | [**Yes**](./essentials/resource-logs-categories.md#microsoftsqlmanagedinstances) | [Azure SQL Insights (preview)](./insights/sql-insights-overview.md) | |

- | [Azure SQL Database](/azure/azure-sql/database/index) | Microsoft.Sql/servers/databases | [**Yes**](./essentials/metrics-supported.md#microsoftsqlserversdatabases) | No | [Azure SQL Insights (preview)](./insights/sql-insights-overview.md) | |

- | [Azure SQL Database](/azure/azure-sql/database/index) | Microsoft.Sql/servers/elasticpools | [**Yes**](./essentials/metrics-supported.md#microsoftsqlserverselasticpools) | No | [Azure SQL Insights (preview)](./insights/sql-insights-overview.md) | |

-1. [Add a parameters](workbooks-create-workbook.md#add-a-parameter-to-a-workbook), make it a [time range parameter](workbooks-time.md), and name it **TimeRange**.

-1. [Create a new empty workbook](workbooks-create-workbook.md) and [add a parameter component](workbooks-create-workbook.md#add-a-parameter-to-a-workbook).

-description: Learn how to create a workbook in Azure Workbooks.

-# Create an Azure workbook

-This article describes how to create a new workbook and how to add elements to your Azure workbook.

-## Create a new workbook

-To create a new workbook:

-1. On the **Azure Workbooks** page, select an empty template or select **New**.

- - [Text](#add-text)

- - [Queries](#add-queries)

- - [Parameters](#add-parameters)

- - [Metric charts](#add-metric-charts)

- - [Links](#add-links)

- - [Groups](#add-groups)

-## Add text

-You can include text blocks in your workbooks. For example, the text can be human analysis of the telemetry, information to help users interpret the data, and section headings.

- :::image type="content" source="media/workbooks-create-workbook/workbooks-text-example.png" alt-text="Screenshot that shows adding text to a workbook.":::

-Text is added through a Markdown control that you use to add your content. You can use the full formatting capabilities of Markdown like different heading and font styles, hyperlinks, and tables. By using Markdown, you can create rich Word- or portal-like reports or analytic narratives. Text can contain parameter values in the Markdown text. Those parameter references are updated as the parameters change.

-Edit mode:

- :::image type="content" source="media/workbooks-create-workbook/workbooks-text-control-edit-mode.png" alt-text="Screenshot that shows adding text to a workbook in edit mode.":::

-Preview mode:

- :::image type="content" source="media/workbooks-create-workbook/workbooks-text-control-edit-mode-preview.png" alt-text="Screenshot that shows adding text to a workbook in preview mode.":::

-### Add text to a workbook

-1. Make sure you're in edit mode by selecting **Edit**.

-1. Add text by doing one of these steps:

- * Select **Add** > **Add text** below an existing element or at the bottom of the workbook.

- * Select the ellipsis (...) to the right of the **Edit** button next to one of the elements in the workbook. Then select **Add** > **Add text**.

-1. Enter Markdown text in the editor field.

-1. Use the **Text Style** option to switch between plain Markdown and Markdown wrapped with the Azure portal's standard info, warning, success, and error styling.

- > Use this [Markdown cheat sheet](https://github.com/adam-p/markdown-here/wiki/Markdown-Cheatsheet) to see the different formatting options.

-1. Use the **Preview** tab to see how your content will look. The preview shows the content inside a scrollable area to limit its size. At runtime, the Markdown content expands to fill whatever space it needs, without a scrollbar.

-These text styles are available.

-|plain| No formatting is applied. |

-|info| The portal's info style, with an `ℹ` or similar icon and blue background. |

-|error| The portal's error style, with an `❌` or similar icon and red background. |

-|success| The portal's success style, with a `Γ£ö` or similar icon and green background. |

-|upsell| The portal's upsell style, with a `🚀` or similar icon and purple background. |

-|warning| The portal's warning style, with a `ΓÜá` or similar icon and blue background. |

-You can also choose a text parameter as the source of the style. The parameter value must be one of the preceding text values. The absence of a value or any unrecognized value is treated as plain style.

-Info style example:

- :::image type="content" source="media/workbooks-create-workbook/workbooks-text-control-edit-mode-preview.png" alt-text="Screenshot that shows adding text to a workbook in preview mode showing info style.":::

-Warning style example:

- :::image type="content" source="media/workbooks-create-workbook/workbooks-text-example-warning.png" alt-text="Screenshot that shows a text visualization in warning style.":::

-## Add queries

-You can query any of the supported workbook [data sources](workbooks-data-sources.md).

-### Add a query to a workbook

-1. Make sure you're in edit mode by selecting **Edit**.

-1. Add a query by doing one of these steps:

- - Select **Add** > **Add query** below an existing element or at the bottom of the workbook.

- - Select the ellipsis (...) to the right of the **Edit** button next to one of the elements in the workbook. Then select **Add** > **Add query**.

-1. In the query section, enter your query, or select from a list of sample queries by selecting **Samples**. Then edit the query to your liking.

-1. When you're sure you have the query you want in your workbook, select **Done Editing**.

-## Add parameters

-This section discusses how to add parameters.

-### Best practices for using resource-centric log queries

-This video shows you how to use resource-level logs queries in Azure Workbooks. It also has tips and tricks on how to enable advanced scenarios and improve performance.

-> [!VIDEO https://www.youtube.com/embed/8CvjM0VvOA80]

-#### Use a dynamic resource type parameter

-Dynamic resource type parameters use dynamic scopes for more efficient querying. The following snippet uses this heuristic:

-1. **Individual resources**: If the count of selected resource is less than or equal to 5

-1. **Resource groups**: If the number of resources is over 5 but the number of resource groups the resources belong to is less than or equal to 3

-1. **Subscriptions**: Otherwise

- ```

- Resources

- | take 1

- | project x = dynamic(["microsoft.compute/virtualmachines", "microsoft.compute/virtualmachinescalesets", "microsoft.resources/resourcegroups", "microsoft.resources/subscriptions"])

- | mvexpand x to typeof(string)

- | extend jkey = 1

- | join kind = inner (Resources

- | where id in~ ({VirtualMachines})

- | summarize Subs = dcount(subscriptionId), resourceGroups = dcount(resourceGroup), resourceCount = count()

- | extend jkey = 1) on jkey

- | project x, label = 'x',

- selected = case(

- x in ('microsoft.compute/virtualmachinescalesets', 'microsoft.compute/virtualmachines') and resourceCount <= 5, true,

- x == 'microsoft.resources/resourcegroups' and resourceGroups <= 3 and resourceCount > 5, true,

- x == 'microsoft.resources/subscriptions' and resourceGroups > 3 and resourceCount > 5, true,

- false)

- ```

-#### Use a static resource scope for querying multiple resource types

-```json

-[

- { "value":"microsoft.compute/virtualmachines", "label":"Virtual machine", "selected":true },

- { "value":"microsoft.compute/virtualmachinescaleset", "label":"Virtual machine scale set", "selected":true }

-]

-```

-#### Use resource parameters grouped by resource type

-```

-Resources

-| where type =~ 'microsoft.compute/virtualmachines' or type =~ 'microsoft.compute/virtualmachinescalesets'

-| where resourceGroup in~({ResourceGroups})

-| project value = id, label = id, selected = false,

- group = iff(type =~ 'microsoft.compute/virtualmachines', 'Virtual machines', 'Virtual machine scale sets')

-```

-## Add a parameter

-You can control how your parameter controls are presented to consumers with workbooks. Examples include text box versus dropdown list, single- versus multi-select, or values from text, JSON, KQL, or Azure Resource Graph.

-### Add a parameter to a workbook

-1. Make sure you're in edit mode by selecting **Edit**.

-1. Add a parameter by doing one of these steps:

- - Select **Add** > **Add parameter** below an existing element or at the bottom of the workbook.

- - Select the ellipsis (...) to the right of the **Edit** button next to one of the elements in the workbook. Then select **Add** > **Add parameter**.

-1. In the new parameter pane that appears, enter values for these fields:

- - **Parameter name**: Parameter names can't include spaces or special characters.

- - **Display name**: Display names can include spaces, special characters, and emojis.

- - **Parameter type**:

- - **Required**:

-1. Select **Done Editing**.

- :::image type="content" source="media/workbooks-parameters/workbooks-time-settings.png" alt-text="Screenshot that shows the creation of a time range parameter.":::

-## Add metric charts

-Most Azure resources emit metric data about state and health, such as CPU utilization, storage availability, count of database transactions, and failing app requests. You can create visualizations of this metric data as time-series charts in workbooks.

-The following example shows the number of transactions in a storage account over the prior hour. This information allows you to see the transaction trend and look for anomalies in behavior.

- :::image type="content" source="media/workbooks-create-workbook/workbooks-metric-chart-storage-area.png" alt-text="Screenshot that shows a metric area chart for storage transactions in a workbook.":::

-### Add a metric chart to a workbook

-1. Make sure you're in edit mode by selecting **Edit**.

-1. Add a metric chart by doing one of these steps:

- - Select **Add** > **Add metric** below an existing element or at the bottom of the workbook.

- - Select the ellipsis (...) to the right of the **Edit** button next to one of the elements in the workbook. Then select **Add** > **Add metric**.

-1. Set parameters such as time range, split by, visualization, size, and color palette, if needed.

-Example of a metric chart in edit mode:

-| Parameter | Description | Examples |

-| Resource type| The resource type to target. | Storage or Virtual Machine |

-| Resources| A set of resources to get the metrics value from. | MyStorage1 |

-| Namespace | The namespace with the metric. | Storage > Blob |

-| Metric| The metric to visualize. | Storage > Blob > Transactions |

-| Aggregation | The aggregation function to apply to the metric. | Sum, count, average |

-| Time range | The time window to view the metric in. | Last hour, last 24 hours |

-| Visualization | The visualization to use. | Area, bar, line, scatter, grid |

-| Split by| Optionally split the metric on a dimension. | Transactions by geo type |

-| Size | The vertical size of the control. | Small, medium, or large |

-| Color palette | The color palette to use in the chart. It's ignored if the **Split by** parameter is used. | Blue, green, red |

-Examples of metric charts are shown.

-#### Transactions split by API name as a line chart

- :::image type="content" source="media/workbooks-create-workbook/workbooks-metric-chart-storage-split-line.png" alt-text="Screenshot that shows a metric line chart for storage transactions split by API name.":::

-#### Transactions split by response type as a large bar chart

- :::image type="content" source="media/workbooks-create-workbook/workbooks-metric-chart-storage-bar-large.png" alt-text="Screenshot that shows a large metric bar chart for storage transactions split by response type.":::

-#### Average latency as a scatter chart

- :::image type="content" source="media/workbooks-create-workbook/workbooks-metric-chart-storage-scatter.png" alt-text="Screenshot that shows a metric scatter chart for storage latency.":::

-## Add links

-You can use links to create links to other views, workbooks, and other components inside a workbook, or to create tabbed views within a workbook. The links can be styled as hyperlinks, buttons, and tabs.

-#### Link element styles

-|Bullet List | :::image type="content" source="media/workbooks-create-workbook/workbooks-link-style-bullet.png" alt-text="Screenshot that shows a bullet-style workbook link."::: | The default, links, appears as a bulleted list of links, one on each line. The **Text before link** and **Text after link** fields can be used to add more text before or after the link components. |

-|List |:::image type="content" source="media/workbooks-create-workbook/workbooks-link-style-list.png" alt-text="Screenshot that shows a list-style workbook link."::: | Links appear as a list of links, with no bullets. |

-|Paragraph | :::image type="content" source="media/workbooks-create-workbook/workbooks-link-style-paragraph.png" alt-text="Screenshot that shows a paragraph-style workbook link."::: |Links appear as a paragraph of links, wrapped like a paragraph of text. |

-|Navigation | :::image type="content" source="media/workbooks-create-workbook/workbooks-link-style-navigation.png" alt-text="Screenshot that shows a navigation-style workbook link."::: | Links appear as links with vertical dividers, or pipes, between each link. |

-|Tabs | :::image type="content" source="media/workbooks-create-workbook/workbooks-link-style-tabs.png" alt-text="Screenshot that shows a tabs-style workbook link."::: |Links appear as tabs. Each link appears as a tab. No link styling options apply to individual links. To configure tabs, see the [Use tabs](#use-tabs) section. |

-|Toolbar | :::image type="content" source="media/workbooks-create-workbook/workbooks-link-style-toolbar.png" alt-text="Screenshot that shows a toolbar-style workbook link."::: | Links appear as an Azure portal-styled toolbar, with icons and text. Each link appears as a toolbar button. To configure toolbars, see the [Use toolbars](#use-toolbars) section. |

-#### Link styles

-| Link | By default, links appear as a hyperlink. URL links can only be link style. |

-| Button (primary) | The link appears as a "primary" button in the portal, usually a blue color. |

-| Button (secondary) | The links appear as a "secondary" button in the portal, usually a "transparent" color, a white button in light themes, and a dark gray button in dark themes. |

-If required parameters are used in button text, tooltip text, or value fields, and the required parameter is unset when you use buttons, the button is disabled. You can use this capability, for example, to disable buttons when no value is selected in another parameter or control.

-Links can use all the link actions available in [link actions](workbooks-link-actions.md), and they have two more available actions.

-|Set a parameter value | A parameter can be set to a value when you select a link, button, or tab. Tabs are often configured to set a parameter to a value, which hides and shows other parts of the workbook based on that value.|

-|Scroll to a step| When you select a link, the workbook moves focus and scrolls to make another component visible. This action can be used to create a "table of contents" or a "go back to the top"-style experience. |

-### Use tabs

-Most of the time, tab links are combined with the **Set a parameter value** action. This example shows the links step configured to create two tabs, where selecting either tab sets a **selectedTab** parameter to a different value. The example also shows a third tab being edited to show the parameter name and parameter value placeholders.

- :::image type="content" source="media/workbooks-create-workbook/workbooks-creating-tabs.png" alt-text="Screenshot that shows creating tabs in workbooks.":::

-You can then add other components in the workbook that are conditionally visible if the **selectedTab** parameter value is **1** by using the advanced settings.

- :::image type="content" source="media/workbooks-create-workbook/workbooks-selected-tab.png" alt-text="Screenshot that shows conditionally visible tab in workbooks.":::

-The first tab is selected by default, initially setting **selectedTab** to **1** and making that component visible. Selecting the second tab changes the value of the parameter to **2**, and different content is displayed.

- :::image type="content" source="media/workbooks-create-workbook/workbooks-selected-tab2.png" alt-text="Screenshot that shows workbooks with content displayed when the selected tab is 2.":::

-A sample workbook with the preceding tabs is available in [sample Azure workbooks with links](workbooks-sample-links.md#sample-workbook-with-links).

-### Use toolbars

-Use the toolbar style to have your links appear styled as a toolbar. In toolbar style, you must fill in fields for:

-If any required parameters are used in button text, tooltip text, or value fields, and the required parameter is unset, the toolbar button will be disabled. For example, this functionality can be used to disable toolbar buttons when no value is selected in another parameter/control.

-A sample workbook with toolbars, global parameters, and Azure Resource Manager actions is available in [sample workbooks with links](workbooks-sample-links.md#sample-workbook-with-toolbar-links).

-## Add groups

-You can logically group a set of components by using a group component in a workbook.

- - **Layout**: When you want components to be organized vertically, you can create a group of components that will all stack up and set the styling of the group to be a percentage width instead of setting percentage width on all the individual components.

- - **Visibility**: When you want several components to hide or show together, you can set the visibility of the entire group of components, instead of setting visibility settings on each individual component. This functionality can be useful in templates that use tabs. You can use a group as the content of the tab, and the entire group can be hidden or shown based on a parameter set by the selected tab.

- - **Performance**: When you have a large template with many sections or tabs, you can convert each section into its own subtemplate. You can use groups to load all the subtemplates within the top-level template. The content of the subtemplates won't load or run until a user makes those groups visible. Learn more about [how to split a large template into many templates](#split-a-large-template-into-many-templates).

-1. Make sure you're in edit mode by selecting **Edit**.

-1. Add a group by doing one of these steps:

- - Select **Add** > **Add group** below an existing element or at the bottom of the workbook.

- - Select the ellipsis (...) to the right of the **Edit** button next to one of the elements in the workbook. Then select **Add** > **Add group**.

- :::image type="content" source="media/workbooks-create-workbook/workbooks-add-group.png" alt-text="Screenshot that shows adding a group to a workbook. ":::

-1. Select components for your group.

-1. Select **Done Editing.**

- This group is in read mode with two components inside: a text component and a query component.

- :::image type="content" source="media/workbooks-create-workbook/workbooks-groups-view.png" alt-text="Screenshot that shows a group in read mode in a workbook.":::

- In edit mode, you can see those two components are actually inside a group component. In the following screenshot, the group is in edit mode. The group contains two components inside the dashed area. Each component can be in edit or read mode, independent of each other. For example, the text step is in edit mode while the query step is in read mode.

-A group is treated as a new scope in the workbook. Any parameters created in the group are only visible inside the group. This is also true for merge. You can only see data inside the group or at the parent level.

-Lazy loading is the default. In lazy loading, the group is only loaded when the component is visible. This functionality allows a group to be used by tab components. If the tab is never selected, the group never becomes visible, so the content isn't loaded.

-For groups created from a template, the content of the template isn't retrieved and the components in the group aren't created until the group becomes visible. Users see progress spinners for the whole group while the content is retrieved.

-In this mode, a button is displayed where the group would be. No content is retrieved or created until the user explicitly selects the button to load the content. This functionality is useful in scenarios where the content might be expensive to compute or rarely used. You can specify the text to appear on the button.

-This screenshot shows explicit load settings with a configured **Load More** button:

- :::image type="content" source="media/workbooks-create-workbook/workbooks-groups-explicitly-loaded.png" alt-text="Screenshot that shows explicit load settings for a group in the workbook.":::

-This screenshot shows the group before being loaded in the workbook:

- :::image type="content" source="media/workbooks-create-workbook/workbooks-groups-explicitly-loaded-before.png" alt-text="Screenshot that shows an explicit group before being loaded in the workbook.":::

-This screenshot shows the group after being loaded in the workbook:

- :::image type="content" source="media/workbooks-create-workbook/workbooks-groups-explicitly-loaded-after.png" alt-text="Screenshot that shows an explicit group after being loaded in the workbook.":::

-In **Always** mode, the content of the group is always loaded and created as soon as the workbook loads. This functionality is most frequently used when you're using a group only for layout purposes, where the content is always visible.

-### Use templates inside a group

-When a group is configured to load from a template, by default, that content is loaded in lazy mode. It only loads when the group is visible.

-When a template is loaded into a group, the workbook attempts to merge any parameters declared in the template with parameters that already exist in the group. Any parameters that already exist in the workbook with identical names are merged out of the template being loaded. If all parameters in a parameter component are merged out, the entire parameters component disappears.

-Suppose you have a template that has two parameters at the top, a time range parameter and a text parameter named **Filter**:

- :::image type="content" source="media/workbooks-create-workbook/workbooks-groups-top-level-params.png" alt-text="Screenshot that shows top-level parameters in a workbook.":::

-Then a group component loads a second template that has its own two parameters and a text component, where the parameters are named the same:

- :::image type="content" source="media/workbooks-create-workbook/workbooks-groups-merged-away.png" alt-text="Screenshot that shows a workbook template with top-level parameters.":::

-When the second template is loaded into the group, the duplicate parameters are merged out. Because all the parameters are merged away, the inner parameters component is also merged out. The result is that the group contains only the text component.

-Suppose you have a template that has two parameters at the top, a time range parameter and a text parameter named **FilterB** ():

- :::image type="content" source="media/workbooks-create-workbook/workbooks-groups-wont-merge-away.png" alt-text="Screenshot that shows a group component with the result of parameters merged away.":::

-When the group's component's template is loaded, the **TimeRange** parameter is merged out of the group. The workbook contains the initial parameters component with **TimeRange** and **Filter**, and the group's parameter only includes **FilterB**.

- :::image type="content" source="media/workbooks-create-workbook/workbooks-groups-wont-merge-away-result.png" alt-text="Screenshot that shows a workbook group where parameters won't merge away.":::

-If the loaded template had contained **TimeRange** and **Filter** (instead of **FilterB**), the resulting workbook would have a parameters component and a group with only the text component remaining.

-### Split a large template into many templates

-To improve performance, it's helpful to break up a large template into multiple smaller templates that load some content in lazy mode or on demand by the user. This arrangement makes the initial load faster because the top-level template can be much smaller.

-When you split a template into parts, you need to split the template into many templates (subtemplates) that all work individually. If the top-level template has a **TimeRange** parameter that other components use, the subtemplate also needs to have a parameters component that defines a parameter with the same exact name. The subtemplates work independently and can load inside larger templates in groups.

-1. Create a new empty group near the top of the workbook, after the shared parameters. This new group eventually becomes a subtemplate.

-1. Create a copy of the shared parameters component. Then use **move into group** to move the copy into the group created in step 1. This parameter allows the subtemplate to work independently of the outer template and is merged out when it's loaded inside the outer template.

- > Subtemplates don't technically need to have the parameters that get merged out if you never plan on the subtemplates being visible by themselves. If the subtemplates don't have the parameters, they'll be hard to edit or debug if you need to do so later.

-1. Move each component in the workbook you want to be in the subtemplate into the group created in step 1.

-1. If the individual components moved in step 3 had conditional visibilities, that will become the visibility of the outer group (like used in tabs). Remove them from the components inside the group and add that visibility setting to the group itself. Save here to avoid losing changes. You can also export and save a copy of the JSON content.

-1. If you want that group to be loaded from a template, you can use **Edit** in the group. This action opens only the content of that group as a workbook in a new window. You can then save it as appropriate and close this workbook view. Don't close the browser. Only close that view to go back to the previous workbook where you were editing.

-1. You can then change the group component to load from a template and set the template ID field to the workbook/template you created in step 5. To work with workbook IDs, the source needs to be the full Azure Resource ID of a shared workbook. Select **Load** and the content of that group is now loaded from that subtemplate instead of being saved inside this outer workbook.

-## Next steps

-[Common Azure Workbooks use cases](workbooks-commonly-used-components.md)

-description: Simplify complex reporting with prebuilt and custom parameterized Azure Workbooks built from multiple data sources.

-Workbooks allow querying logs from the following sources:

-* Azure Monitor Logs (Application Insights Resources and Log Analytics Workspaces.)

-* Resource-centric data (Activity logs)

-Workbook authors can use KQL queries that transform the underlying resource data to select a result set that can visualized as text, charts, or grids.

-

-Workbook authors can easily query across multiple resources creating a truly unified rich reporting experience.

-Azure resources emit [metrics](../essentials/data-platform-metrics.md) that can be accessed via workbooks. Metrics can be accessed in workbooks through a specialized control that allows you to specify the target resources, the desired metrics, and their aggregation. This data can then be plotted in charts or grids.

-

-

-Workbooks support querying for resources and their metadata using Azure Resource Graph (ARG). This functionality is primarily used to build custom query scopes for reports. The resource scope is expressed via a KQL-subset that ARG supports ΓÇô which is often sufficient for common use cases.

-To make a query control use this data source, use the Query type drop-down to choose Azure Resource Graph and select the subscriptions to target. Use the Query control to add the ARG KQL-subset that selects an interesting resource subset.

-

-Workbook supports Azure Resource Manager REST operations. This allows the ability to query management.azure.com endpoint without the need to provide your own authorization header token.

-To make a query control use this data source, use the Data source drop-down to choose Azure Resource Manager. Provide the appropriate parameters such as Http method, url path, headers, url parameters and/or body.

-For the **Cluster Name** field, you should add the region name following the cluster name. For example: *mycluster.westeurope*.

-

-The JSON provider allows you to create a query result from static JSON content. It is most commonly used in Parameters to create dropdown parameters of static values. Simple JSON arrays or objects will automatically be converted into grid rows and columns. For more specific behaviors, you can use the Results tab and JSONPath settings to configure columns.

-> Do not include any sensitive information in any fields (headers, parameters, body, url), since they will be visible to all of the Workbook users.

-Merging data from different sources can enhance the insights experience. An example is augmenting active alert information with related metric data. This allows users to see not just the effect (an active alert), but also potential causes (for example, high CPU usage). The monitoring domain has numerous such correlatable data sources that are often critical to the triage and diagnostic workflow.

-Workbooks allow not just the querying of different data sources, but also provides simple controls that allow you to merge or join the data to provide rich insights. The **merge** control is the way to achieve it.

-### Combining alerting data with Log Analytics VM performance data

-The example below combines alerting data with Log Analytics VM performance data to get a rich insights grid.

-

-### Using merge control to combine Azure Resource Graph and Log Analytics data

-Here is a tutorial on using the merge control to combine Azure Resource Graph and Log Analytics data:

-Workbooks support getting data from any external source. If your data lives outside Azure you can bring it to Workbooks by using this data source type.

-To make a query control use this data source, use the **Data source** drop-down to choose **Custom Endpoint**. Provide the appropriate parameters such as **Http method**, **url**, **headers**, **url parameters**, and/or **body**. Make sure your data source supports [CORS](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS) otherwise the request will fail.

-To avoid automatically making calls to untrusted hosts when using templates, the user needs to mark the used hosts as trusted. This can be done by either selecting the **Add as trusted** button, or by adding it as a trusted host in Workbook settings. These settings will be saved in [browsers that support IndexDb with web workers](https://caniuse.com/#feat=indexeddb).

-Azure Monitor has functionality that proactively monitors the availability and performance of Windows or Linux guest operating systems. Azure Monitor models key components and their relationships, criteria for how to measure the health of those components, and which components alert you when an unhealthy condition is detected. Workbooks allow users to use this information to create rich interactive reports.

-To make a query control use this data source, use the **Query type** drop-down to choose Workload Health and select subscription, resource group or VM resources to target. Use the health filter drop downs to select an interesting subset of health incidents for your analytic needs.

-

-Workbooks support getting Azure resource health and combining it with other data sources to create rich, interactive health reports

-To make a query control use this data source, use the **Query type** drop-down to choose Azure health and select the resources to target. Use the health filter drop downs to select an interesting subset of resource issues for your analytic needs.

-

-The Azure RBAC provider allows you to check permissions on resources. It is most commonly used in parameter to check if the correct RBAC are set up. A use case would be to create a parameter to check deployment permission and then notify the user if they don't have deployment permission. Simple JSON arrays or objects will automatically be converted into grid rows and columns or text with a 'hasPermission' column with either true or false. The permission is checked on each resource and then either 'or' or 'and' to get the result. The [operations or actions](../../role-based-access-control/resource-provider-operations.md) can be a string or an array.

-To make a query control using [Application Change Analysis](../app/change-analysis.md) as the data source, use the **Data source** drop-down and choose *Change Analysis (preview)* and select a single resource. Changes for up to the last 14 days can be shown. The *Level* drop-down can be used to filter between "Important", "Normal", and "Noisy" changes, and this drop down supports workbook parameters of type [drop down](workbooks-dropdowns.md).

-> 

-description: Learn how to perform the commonly used tasks in Workbooks.

-This article describes how to access Azure Workbooks and the common tasks used to work with Workbooks.

-You can access Workbooks in a few ways:

- :::image type="content" source="./media/workbooks-overview/workbooks-menu.png" alt-text="Screenshot of Workbooks icon in the menu.":::

- :::image type="content" source="media/workbooks-overview/workbooks-log-analytics-icon.png" alt-text="Screenshot of Workbooks icon on Log analytics workspace page.":::

-The gallery opens. Select a saved workbook or a template from the gallery, or search for the name in the search bar.

-The workbook will autofill to the same settings as the LA workspace, with the same subscription, resource group, however, users may change these report settings. Workbooks are shared resources that require write access to the parent resource group to be saved.

-Once you start creating your own workbook template, you may want to share it with the wider community. To learn more, and to explore other templates that aren't part of the default Azure Monitor gallery, visit our [GitHub repository](https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/README.md). To browse existing workbooks, visit the [Workbook library](https://github.com/microsoft/Application-Insights-Workbooks/tree/master/Workbooks) on GitHub.

-Use the pin button next to a text, query, or metrics components in a workbook can be pinned by using the pin button on those items while the workbook is in pin mode, or if the workbook author has enabled settings for that element to make the pin icon visible.

-To access pin mode, select **Edit** to enter editing mode, and select the blue pin icon in the top bar. An individual pin icon will then appear above each corresponding workbook part's *Edit* box on the right-hand side of your screen.

-> The state of the workbook is saved at the time of the pin, and pinned workbooks on a dashboard will not update if the underlying workbook is modified. In order to update a pinned workbook part, you will need to delete and re-pin that part.

-Pinned workbook query parts will respect the dashboard's time range if the pinned item is configured to use a *Time Range* parameter. The dashboard's time range value will be used as the time range parameter's value, and any change of the dashboard time range will cause the pinned item to update. If a pinned part is using the dashboard's time range, you will see the subtitle of the pinned part update to show the dashboard's time range whenever the time range changes.

-Additionally, pinned workbook parts using a time range parameter will auto refresh at a rate determined by the dashboard's time range. The last time the query ran will appear in the subtitle of the pinned part.

-If a pinned component has an explicitly set time range (does not use a time range parameter), that time range will always be used for the dashboard, regardless of the dashboard's settings. The subtitle of the pinned part will not show the dashboard's time range, and the query will not auto-refresh on the dashboard. The subtitle will show the last time the query executed.

-> Queries using the *merge* data source are not currently supported when pinning to dashboards.

-## Auto-Refresh

-Clicking on the Auto-Refresh button opens a list of intervals to let the user pick up the interval. The Workbook will keep refreshing after the selected time interval.

-* Auto-Refresh only refreshes when the Workbook is in read mode. If a user sets an interval of say 5 minutes and after 4 minutes switches to edit mode then there is no refreshing when the user is still in edit mode. But if the user comes back to read mode, the interval of 5 minutes resets and the Workbook will be refreshed after 5 minutes.

-* Clicking on the Refresh button on Read mode also reset the interval. Say a user sets the interval to 5 minutes and after 3 minutes, the user clicks on the refresh button to manually refresh the Workbook, then the Auto-refresh interval resets and the Workbook will be auto refreshed after 5 minutes.

-* This setting is not saved with Workbook. Every time a user opens a Workbook, the Auto-refresh is Off initially and needs to be set again.

-* Switching Workbooks, going out of gallery will clear the Auto refresh interval.

-## Next Steps

-Workbooks provide a flexible canvas for data analysis and the creation of rich visual reports within the Azure portal. They allow you to tap into multiple data sources from across Azure, and combine them into unified interactive experiences. Workbooks let you combine multiple kinds of visualizations and analyses, making them great for free-form exploration.

-Workbooks combine text,ΓÇ»[log queries](/azure/data-explorer/kusto/query/), metrics, and parameters into rich interactive reports.

-## The Gallery

-The gallery opens listing all the saved workbooks and templates for your workspace, allowing you to easily organize, sort, and manage workbooks of all types.

-| All | Shows the top four items for each type - workbooks, public templates, and my templates. Workbooks are sorted by modified date so you will see the most recent eight modified workbooks.|

-Workbooks can query data from multiple Azure sources. You can transform this data to provide insights into the availability, performance, usage, and overall health of the underlying components. For example:

-See [this article](workbooks-data-sources.md) for detailed information about the supported data sources.

-Workbooks provide a rich set of capabilities for visualizing your data. Each data source and result set support visualizations that are most useful for that data. See [this article](workbooks-visualizations.md) for detailed information about the visualizations.

-Users must have the appropriate permissions to access to view or edit a workbook. Workbook permissions are based on the permissions the user has for the resources included in the workbooks.

-Standard Azure roles that provide the access to workbooks are:

-

-ΓÇ£Workbooks ContributorΓÇ¥ adds ΓÇ£workbooks/writeΓÇ¥ privileges to an object to save shared workbooks.

-For custom roles, you must add `microsoft.insights/workbooks/write` to the user's permissions in order to be able to edit and save a workbook. For more details, see the [Workbook Contributor](../../role-based-access-control/built-in-roles.md#monitoring-contributor) role.

-These rendering options can be used with grids, tiles, and graphs to produce the visualizations in optimal format.

-| Column Renderer | Explanation | More Options |

-| Automatic | The default - uses the most appropriate renderer based on the column type. | |

-| Right Aligned| Renders the column values as right-aligned text. | |

-| Date/Time| Renders a readable date time string. | |

-| Composite bar| Renders a composite bar using the specified columns in that row. Refer [Composite Bar](workbooks-composite-bar.md) for details. | Columns with corresponding colors to render the bar and a label to display at the top of the bar. |

-|Spark bars| Renders a spark bar in the cell based on the values of a dynamic array in the cell. For example, the Trend column from the screenshot at the top. | Color palette and min/max value used for scaling. |

-| Link | Renders a link that when clicked or performs a configurable action. Use this setting if you **only** want the item to be a link. Any of the other types of renderers can also be a link by using the **Make this item a link** setting. For more information, see [Link Actions](#link-actions). | |

-| Resource| Renders a friendly resource name and link based on a resource ID. | Option to show the resource type icon |

-| Resource group | Renders a friendly resource group name and link based on a resource group ID. If the value of the cell is not a resource group, it will be converted to one. | Option to show the resource group icon |

-|Subscription| Renders a friendly subscription name and link based on a subscription ID. if the value of the cell is not a subscription, it will be converted to one. | Option to show the subscription icon. |

-|Hidden| Hides the column in the grid. Useful when the default query returns more columns than needed but a project-away is not desired | |

-If the **Link** renderer is selected or the **Make this item a link** checkbox is selected, the author can configure a link action to occur when the user selects the cell to taking the user to another view with context coming from the cell, or to open up a url. See link renderer actions for more details.

-## Using thresholds with links

-The instructions below will show you how to use thresholds with links to assign icons and open different workbooks. Each link in the grid will open up a different workbook template for that Application Insights resource.

-1. Switch the workbook to edit mode by selecting **Edit** toolbar item.

-1. Select **Add** then **Add query**.

-1. Change the **Data source** to "JSON" and **Visualization** to "Grid".

-1. Enter this query.

-1. Run query.

-1. Select "name" from **Columns**.

-1. Under **Column renderer**, choose "Thresholds".

-1. Enter and choose the following **Threshold Settings**.

- Keep the default row as is. You may enter whatever text you like. The Text column takes a String format as an input and populates it with the column value and unit if specified. For example, if warning is the column value the text can be "{0} {1} link!", it will be displayed as "warning link!".

- 

-1. Select the **Make this item a link** box.

- - Under **View to open**, choose **Workbook (Template)**.

- - Under **Link value comes from**, choose **link**.

- - Select the **Open link in Context Blade** box.

- - Choose the following settings in **Workbook Link Settings**

- - Under **Template Id comes from**, choose **Column**.

- - Under **Column** choose **link**.

- 

-1. Select **link** from **Columns**. Under **Settings**, next to **Column renderer**, select **(Hide column)**.

-1. To change the display name of the **name** column, select the **Labels** tab. On the row with **name** as its **Column ID**, under **Column Label** enter the name you want displayed.

- 

-description: Learn about the types of visualizations you can use to create rich visual reports with Azure workbooks.

-Workbooks provide a rich set of capabilities for visualizing Azure Monitor data. The exact set of capabilities depends on the data sources and result sets, but authors can expect them to converge over time. These controls allow authors to present their analysis in rich, interactive reports.

- * [Honey comb](#honey-comb)

-> Each visualization and data source may have its own [limits](workbooks-limits.md).

-### [Honey comb](workbooks-honey-comb.md)

-Use [SQL Insights (preview)](../insights/sql-insights-overview.md) to monitor SQL Server running on your virtual machines.

-| [Troubleshoot SQL Insights (preview)](insights/sql-insights-troubleshoot.md) | Added known issue for OS computer name. |

-Typical storage performance considerations, including read and write mix, the transfer size, random or sequential patterns, and many other factors will contribute to the total performance delivered.

-The maximum empirical throughput that has been observed in testing is 4,500 MiB/s. At the Premium storage tier, an automatic QoS volume quota of 70.31 TiB will provision a throughput limit that is high enough to achieve this level of performance.

-## Before you begin

-* You must have already set up a capacity pool. See [Create a capacity pool](azure-netapp-files-set-up-capacity-pool.md).

-* A subnet must be delegated to Azure NetApp Files. See [Delegate a subnet to Azure NetApp Files](azure-netapp-files-delegate-subnet.md).

-* You can configure only one Active Directory (AD) connection per subscription and per region.

- Azure NetApp Files doesn't support multiple AD connections in a single *region*, even if the AD connections are in different NetApp accounts. However, you can have multiple AD connections in a single subscription if the AD connections are in different regions. If you need multiple AD connections in a single region, you can use separate subscriptions to do so.

- The AD connection is visible only through the NetApp account it's created in. However, you can enable the Shared AD feature to allow NetApp accounts that are under the same subscription and same region to use an AD server created in one of the NetApp accounts. See [Map multiple NetApp accounts in the same subscription and region to an AD connection](#shared_ad). When you enable this feature, the AD connection becomes visible in all NetApp accounts that are under the same subscription and same region.

-* The admin account you use must have the capability to create machine accounts in the organizational unit (OU) path that you'll specify.

-* The admin account you use must have the capability to create machine accounts in the organizational unit (OU) path that you'll specify. In some cases, `msDS-SupportedEncryptionTypes` write permission is required to set account attributes within AD.

-* Group Managed Service Accounts (GMSA) can't be used with the Active Directory connection user account.

-* If you change the password of the Active Directory user account that is used in Azure NetApp Files, be sure to update the password configured in the [Active Directory Connections](#create-an-active-directory-connection). Otherwise, you won't be able to create new volumes, and your access to existing volumes might also be affected depending on the setup.

-* Before you can remove an Active Directory connection from your NetApp account, you need to first remove all volumes associated with it.

-* Proper ports must be open on the applicable Windows Active Directory (AD) server.

- The required ports are as follows:

- | Service | Port | Protocol |

- |--|--||

- | AD Web Services | 9389 | TCP |

- | DNS | 53 | TCP |

- | DNS | 53 | UDP |

- | ICMPv4 | N/A | Echo Reply |

- | Kerberos | 464 | TCP |

- | Kerberos | 464 | UDP |

- | Kerberos | 88 | TCP |

- | Kerberos | 88 | UDP |

- | LDAP | 389 | TCP |

- | LDAP | 389 | UDP |

- | LDAP | 3268 | TCP |

- | NetBIOS name | 138 | UDP |

- | SAM/LSA | 445 | TCP |

- | SAM/LSA | 445 | UDP |

- | w32time | 123 | UDP |

-* The site topology for the targeted Active Directory Domain Services must adhere to the guidelines, in particular the Azure VNet where Azure NetApp Files is deployed.

- The address space for the virtual network where Azure NetApp Files is deployed must be added to a new or existing Active Directory site (where a domain controller reachable by Azure NetApp Files is).

-* The specified DNS servers must be reachable from the [delegated subnet](./azure-netapp-files-delegate-subnet.md) of Azure NetApp Files.

- See [Guidelines for Azure NetApp Files network planning](./azure-netapp-files-network-topologies.md) for supported network topologies.

- The Network Security Groups (NSGs) and firewalls must have appropriately configured rules to allow for Active Directory and DNS traffic requests.

-* The Azure NetApp Files delegated subnet must be able to reach all Active Directory Domain Services (AD DS) domain controllers in the domain, including all local and remote domain controllers. Otherwise, service interruption can occur.

- If you have domain controllers that are unreachable by the Azure NetApp Files delegated subnet, you can specify an Active Directory site during creation of the Active Directory connection. Azure NetApp Files needs to communicate only with domain controllers in the site where the Azure NetApp Files delegated subnet address space is.

- See [Designing the site topology](/windows-server/identity/ad-ds/plan/designing-the-site-topology) about AD sites and services.

-* Avoid configuring overlapping subnets in the AD machine. Even if the site name is defined in the Active Directory connections, overlapping subnets might result in the wrong site being discovered, thus affecting the service. It might also affect new volume creation or AD modification.

-

-* You can enable AES encryption for AD Authentication by checking the **AES Encryption** box in the [Join Active Directory](#create-an-active-directory-connection) window. Azure NetApp Files supports DES, Kerberos AES 128, and Kerberos AES 256 encryption types (from the least secure to the most secure). If you enable AES encryption, the user credentials used to join Active Directory must have the highest corresponding account option enabled that matches the capabilities enabled for your Active Directory.

- For example, if your Active Directory has only the AES-128 capability, you must enable the AES-128 account option for the user credentials. If your Active Directory has the AES-256 capability, you must enable the AES-256 account option (which also supports AES-128). If your Active Directory doesn't have any Kerberos encryption capability, Azure NetApp Files uses DES by default.

- You can enable the account options in the properties of the Active Directory Users and Computers Microsoft Management Console (MMC):

- 

-* Azure NetApp Files supports [LDAP signing](/troubleshoot/windows-server/identity/enable-ldap-signing-in-windows-server), which enables secure transmission of LDAP traffic between the Azure NetApp Files service and the targeted [Active Directory domain controllers](/windows-server/identity/ad-ds/get-started/virtual-dc/active-directory-domain-services-overview). If you're following the guidance of Microsoft Advisory [ADV190023](https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV190023) for LDAP signing, then you should enable the LDAP signing feature in Azure NetApp Files by checking the **LDAP Signing** box in the [Join Active Directory](#create-an-active-directory-connection) window.

- [LDAP channel binding](https://support.microsoft.com/help/4034879/how-to-add-the-ldapenforcechannelbinding-registry-entry) configuration alone has no effect on the Azure NetApp Files service. However, if you use both LDAP channel binding and secure LDAP (for example, LDAPS or `start_tls`), then the SMB volume creation will fail.

-* Azure NetApp Files will attempt to add an A/PTR record in DNS for AD integrated DNS servers. Add a reverse lookup zone if one is missing under Reverse Lookup Zones on AD server. For non-AD integrated DNS, you should add a DNS A/PTR record to enable Azure NetApp Files to function by using a ΓÇ£friendly name".

-* The following table describes the Time to Live (TTL) settings for the LDAP cache. You need to wait until the cache is refreshed before trying to access a file or directory through a client. Otherwise, an access or permission denied message appears on the client.

- | Error condition | Resolution |

- |-|-|

- | Cache | Default Timeout |

- | Group membership list | 24-hour TTL |

- | Unix groups | 24-hour TTL, 1-minute negative TTL |

- | Unix users | 24-hour TTL, 1-minute negative TTL |

- Caches have a specific timeout period called *Time to Live*. After the timeout period, entries age out so that stale entries don't linger. The *negative TTL* value is where a lookup that has failed resides to help avoid performance issues due to LDAP queries for objects that might not exist.

-* Azure NetApp Files doesn't support the use of Active Directory Domain Services Read-Only Domain Controllers (RODC). To ensure that Azure NetApp Files doesn't try to use an RODC domain controller, configure the **AD Site** field of the Azure NetApp Files Active Directory connection with an Active Directory site that doesn't contain any RODC domain controllers.

-## Decide which Domain Services to use

-Azure NetApp Files supports both [Active Directory Domain Services](/windows-server/identity/ad-ds/plan/understanding-active-directory-site-topology) (AD DS) and Azure Active Directory Domain Services (AADDS) for AD connections. Before you create an AD connection, you need to decide whether to use AD DS or AADDS.

-For more information, see [Compare self-managed Active Directory Domain Services, Azure Active Directory, and managed Azure Active Directory Domain Services](../active-directory-domain-services/compare-identity-solutions.md).

-### Active Directory Domain Services

-You can use your preferred [Active Directory Sites and Services](/windows-server/identity/ad-ds/plan/understanding-active-directory-site-topology) scope for Azure NetApp Files. This option enables reads and writes to Active Directory Domain Services (AD DS) domain controllers that are [accessible by Azure NetApp Files](azure-netapp-files-network-topologies.md). It also prevents the service from communicating with domain controllers that aren't in the specified Active Directory Sites and Services site.

-To find your site name when you use AD DS, you can contact the administrative group in your organization that is responsible for Active Directory Domain Services. The example below shows the Active Directory Sites and Services plugin where the site name is displayed:

-

-When you configure an AD connection for Azure NetApp Files, you specify the site name in scope for the **AD Site Name** field.

-### Azure Active Directory Domain Services

-For Azure Active Directory Domain Services (AADDS) configuration and guidance, see [Azure AD Domain Services documentation](../active-directory-domain-services/index.yml).

-Additional AADDS considerations apply for Azure NetApp Files:

-* Ensure the VNet or subnet where AADDS is deployed is in the same Azure region as the Azure NetApp Files deployment.

-* If you use another VNet in the region where Azure NetApp Files is deployed, you should create a peering between the two VNets.

-* Azure NetApp Files supports `user` and `resource forest` types.

-* For synchronization type, you can select `All` or `Scoped`.

- If you select `Scoped`, ensure the correct Azure AD group is selected for accessing SMB shares. If you're uncertain, you can use the `All` synchronization type.

-* If you use AADDS with a dual-protocol volume, you must be in a custom OU in order to apply POSIX attributes. See [Manage LDAP POSIX Attributes](create-volumes-dual-protocol.md#manage-ldap-posix-attributes) for details.

-When you create an Active Directory connection, note the following specifics for AADDS:

-* You can find information for **Primary DNS**, **Secondary DNS**, and **AD DNS Domain Name** in the AADDS menu.

-For DNS servers, two IP addresses will be used for configuring the Active Directory connection.

-* The **organizational unit path** is `OU=AADDC Computers`.

-This setting is configured in the **Active Directory Connections** under **NetApp Account**:

- 

-* **Username** credentials can be any user that is a member of the Azure AD group **Azure AD DC Administrators**.

-## Create an Active Directory connection

-1. From your NetApp account, select **Active Directory connections**, then select **Join**.

- Azure NetApp Files supports only one Active Directory connection within the same region and the same subscription. If Active Directory is already configured by another NetApp account in the same subscription and region, you can't configure and join a different Active Directory from your NetApp account. However, you can enable the Shared AD feature to allow an Active Directory configuration to be shared by multiple NetApp accounts within the same subscription and the same region. See [Map multiple NetApp accounts in the same subscription and region to an AD connection](#shared_ad).

- 

-2. In the Join Active Directory window, provide the following information, based on the Domain Services you want to use:

- For information specific to the Domain Services you use, see [Decide which Domain Services to use](#decide-which-domain-services-to-use).

- * **Primary DNS**

- This is the DNS that is required for the Active Directory domain join and SMB authentication operations.

- * **Secondary DNS**

- This is the secondary DNS server for ensuring redundant name services.

- * **AD DNS Domain Name**

- This is the domain name of your Active Directory Domain Services that you want to join.

- * **AD Site Name**

- This is the site name that the domain controller discovery will be limited to. This should match the site name in Active Directory Sites and Services.

- > [!IMPORTANT]

- > Without an AD Site Name specified, service disruption may occur. Without an AD Site Name specified, the Azure NetApp Files service may attempt to authenticate with a domain controller beyond what your network topology allows and result in a service disruption. See [Understanding Active Directory Site Topology | Microsoft Docs](/windows-server/identity/ad-ds/plan/understanding-active-directory-site-topology) for more information.

- * **SMB server (computer account) prefix**

- This is the naming prefix for the machine account in Active Directory that Azure NetApp Files will use for creation of new accounts.

- For example, if the naming standard that your organization uses for file servers is NAS-01, NAS-02..., NAS-045, then you would enter "NAS" for the prefix.

- The service will create additional machine accounts in Active Directory as needed.

- > [!IMPORTANT]

- > Renaming the SMB server prefix after you create the Active Directory connection is disruptive. You will need to re-mount existing SMB shares after renaming the SMB server prefix.

- * **Organizational unit path**

- This is the LDAP path for the organizational unit (OU) where SMB server machine accounts will be created. That is, OU=second level, OU=first level.

- If you're using Azure NetApp Files with Azure Active Directory Domain Services, the organizational unit path is `OU=AADDC Computers` when you configure Active Directory for your NetApp account.

- 

- * <a name="aes-encryption"></a>**AES Encryption**

- Select this checkbox if you want to enable AES encryption for AD authentication or if you require [encryption for SMB volumes](azure-netapp-files-create-volumes-smb.md#add-an-smb-volume).

-

- See [Requirements for Active Directory connections](#requirements-for-active-directory-connections) for requirements.

-

- 

- * <a name="ldap-signing"></a>**LDAP Signing**

- Select this checkbox to enable LDAP signing. This functionality enables secure LDAP lookups between the Azure NetApp Files service and the user-specified [Active Directory Domain Services domain controllers](/windows/win32/ad/active-directory-domain-services). For more information, see [ADV190023 | Microsoft Guidance for Enabling LDAP Channel Binding and LDAP Signing](https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV190023).

- 

- * **LDAP over TLS**

- See [Enable Active Directory Domain Services (AD DS) LDAP authentication for NFS volumes](configure-ldap-over-tls.md) for information about this option.

- * **LDAP Search Scope**, **User DN**, **Group DN**, and **Group Membership Filter**

- See [Configure AD DS LDAP with extended groups for NFS volume access](configure-ldap-extended-groups.md#ldap-search-scope) for information about these options.

- You can grant security privilege (`SeSecurityPrivilege`) to AD users or groups that require elevated privilege to access the Azure NetApp Files volumes. The specified AD users or groups will be allowed to perform certain actions on Azure NetApp Files SMB shares that require security privilege not assigned by default to domain users.

- For example, user accounts used for installing SQL Server in certain scenarios must (temporarily) be granted elevated security privilege. If you're using a non-administrator (domain) account to install SQL Server and the account doesn't have the security privilege assigned, you should add security privilege to the account.

- > [!IMPORTANT]

- > Using the **Security privilege users** feature requires that you submit a waitlist request through the **[Azure NetApp Files SMB Continuous Availability Shares Public Preview waitlist submission page](https://aka.ms/anfsmbcasharespreviewsignup)**. Wait for an official confirmation email from the Azure NetApp Files team before using this feature.

- >

- > Using this feature is optional and supported only for SQL Server. The domain account used for installing SQL Server must already exist before you add it to the **Security privilege users** field. When you add the SQL Server installer's account to **Security privilege users**, the Azure NetApp Files service might validate the account by contacting the domain controller. The command might fail if it cannot contact the domain controller.

- 

- * <a name="backup-policy-users"></a>**Backup policy users**

- You can grant additional security privileges to AD users or groups that require elevated backup privileges to access the Azure NetApp Files volumes. The specified AD user accounts or groups will have elevated NTFS permissions at the file or folder level. For example, you can specify a non-privileged service account used for backing up, restoring, or migrating data to an SMB file share in Azure NetApp Files.

- The following privileges apply when you use the **Backup policy users** setting:

- | Privilege | Description |

- |||

- | `SeBackupPrivilege` | Back up files and directories, overriding any ACLs. |

- | `SeRestorePrivilege` | Restore files and directories, overriding any ACLs. <br> Set any valid user or group SID as the file owner. |

- | `SeChangeNotifyPrivilege` | Bypass traverse checking. <br> Users with this privilege aren't required to have traverse (`x`) permissions to traverse folders or symlinks. |

- 

- You can grant additional security privileges to AD users or groups that require even more elevated privileges to access the Azure NetApp Files volumes. The specified accounts will have further elevated permissions at the file or folder level.

- | `SeChangeNotifyPrivilege` | Bypass traverse checking. <br> Users with this privilege aren't required to have traverse (`x`) permissions to traverse folders or symlinks. |

- 

- 

- 

-You can mount Azure NetApp Files NFS volumes on AVS Windows VMs or Linux VMs. You can map Azure NetApp Files SMB shares on AVS Windows VMs. For more information, see [Azure NetApp Files with Azure VMware Solution]( ../azure-vmware/netapp-files-with-azure-vmware-solution.md).

-* [Create and manage Active Directory connections](create-active-directory-connections.md)

- "use-stable-resource-identifier": {

- }

-### ExpressRoute limits

-### Virtual Network Gateway limits

-### NAT Gateway limits

-### Virtual WAN limits

-### Application Gateway limits

-The following table applies to v1, v2, Standard, and WAF SKUs unless otherwise stated.

-### Azure Bastion limits

-### Azure DNS limits

-### Azure Firewall limits

-### Azure Front Door (classic) limits

-# Azure Video Indexer concepts

-## Audio/video/combined insights

-When you upload your videos to Azure Video Indexer, it analyses both visuals and audio by running different AI models. As Azure Video Indexer analyzes your video, the insights that are extracted by the AI models. For more information, see [overview](video-indexer-overview.md).

-The confidence score indicates the confidence in an insight. It is a number between 0.0 and 1.0. The higher the score- the greater the confidence in the answer. For example,

-## Project and editor

-The [Azure Video Indexer](https://www.videoindexer.ai/) website enables you to use your video's deep insights to: find the right media content, locate the parts that youΓÇÖre interested in, and use the results to create an entirely new project. Once created, the project can be rendered and downloaded from Azure Video Indexer and be used in your own editing applications or downstream workflows.

-Some scenarios where you may find this feature useful are:

-* Creating movie highlights for trailers.

-* Using old clips of videos in news casts.

-* Creating shorter content for social media.

-For more information, see [Use editor to create projects](use-editor-create-project.md).

-## time range vs. adjusted time range

-TimeRange is the time range in the original video. AdjustedTimeRange is the time range relative to the current playlist. Since you can create a playlist from different lines of different videos, you can take a 1-hour video and use just 1 line from it, for example, 10:00-10:15. In that case, you will have a playlist with 1 line, where the time range is 10:00-10:15 but the adjustedTimeRange is 00:00-00:15.

-## Insights

-Insights contain an aggregated view of the data: faces, topics, emotions. Azure Video Indexer analyzes the video and audio content by running 30+ AI models, generating rich insights. Below is an illustration of the audio and video analysis performed by Azure Video Indexer in the background.

-> [!div class="mx-imgBorder"]

-> :::image type="content" source="./media/video-indexer-overview/model-chart.png" alt-text="Diagram of Azure Video Indexer flow.":::

-

-* *Deep search*: Use the insights extracted from the video to enhance the search experience across a video library. For example, indexing spoken words and faces can enable the search experience of finding moments in a video where a person spoke certain words or when two people were seen together. Search based on such insights from videos is applicable to news agencies, educational institutes, broadcasters, entertainment content owners, enterprise LOB apps, and in general to any industry that has a video library that users need to search against.

-* *Content creation*: Create trailers, highlight reels, social media content, or news clips based on the insights Azure Video Indexer extracts from your content. Keyframes, scenes markers, and timestamps of the people and label appearances make the creation process smoother and easier, enabling you to easily get to the parts of the video you need when creating content.

-* *Accessibility*: Whether you want to make your content available for people with disabilities or if you want your content to be distributed to different regions using different languages, you can use the transcription and translation provided by Azure Video Indexer in multiple languages.

-* *Monetization*: Azure Video Indexer can help increase the value of videos. For example, industries that rely on ad revenue (news media, social media, and so on) can deliver relevant ads by using the extracted insights as additional signals to the ad server.

-* *Content moderation*: Use textual and visual content moderation models to keep your users safe from inappropriate content and validate that the content you publish matches your organization's values. You can automatically block certain videos or alert your users about the content.

-* *Recommendations*: Video insights can be used to improve user engagement by highlighting the relevant video moments to users. By tagging each video with additional metadata, you can recommend to users the most relevant videos and highlight the parts of the video that will match their needs.

-* **Observed People Tracking** (preview): detects observed people in videos and provides information such as the location of the person in the video frame (using bounding boxes) and the exact timestamp (start, end) and confidence when a person appears. For more information, see [Trace observed people in a video](observed-people-tracing.md).

-You can use Azure storage services in workloads running in your private cloud. The Azure storage services include Storage Accounts, Table Storage, and Blob Storage. The connection of workloads to Azure storage services doesn't traverse the internet. This connectivity provides more security and enables you to use SLA-based Azure storage services in your private cloud workloads. You can also connect Azure disk pools or Azure NetApp Files to expand the storage capacity. This functionality is in preview.

-| Resource Type | Target name | Suggested role assignment |

-az rest --method get --url "https://management.azure.com/{experimentId}/start?api-version={apiVersion}" --resource "https://management.azure.com"

-| {executionDetailsId} | Execution Id of an experiment execution | Can be found in the [Chaos Studio Experiment Portal Blade](https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/Microsoft.chaos%2Fchaosexperiments) |

- "value": "eastus"

-* [Question answering](../language-service/question-answering/overview.md) is now [generally available](https://techcommunity.microsoft.com/t5/ai-cognitive-services-blog/question-answering-feature-is-generally-available/ba-p/2899497) as a feature within [Azure Cognitive Service for Language](https://ms.portal.azure.com/?quickstart=true#create/Microsoft.CognitiveServicesTextAnalytics).

-1. [Create a project](how-to-custom-speech-create-project.md) and choose a model. Use a <a href="https://ms.portal.azure.com/#create/Microsoft.CognitiveServicesSpeechServices" title="Create a Speech resource" target="_blank">Speech resource</a> that you create in the Azure portal.

-```azurecli

-```azurecli

-```azurecli

-```azurecli

-```azurecli

-```azurecli

-```azurecli

-```azurecli

-```azurecli

-```azurecli

-```azurecli

-```azurecli

-```azurecli

-```azurecli

-```azurecli

-```azurecli

-```azurecli

-```azurecli

-```azurecli

-```azurecli

-```azurecli

-```azurecli

-```azurecli

-```azurecli

-```azurecli

-| Chinese (Mandarin, Simplified) | `zh-CN` | Male | `zh-CN-YunhaoNeural` ^New | Optimized for promoting a product or service, 1 new multiple style available [using SSML](speech-synthesis-markup.md#adjust-speaking-styles) |

-| Chinese (Mandarin, Simplified) | `zh-CN` | Male | `zh-CN-YunjianNeural` ^New | Optimized for broadcasting sports event, 2 new multiple styles available [using SSML](speech-synthesis-markup.md#adjust-speaking-styles) |

-|zh-CN-YunjianNeural ^{Public preview}|`narration-relaxed`, `sports-commentary` ^{Public preview}, `sports-commentary-excited` ^{Public preview}|Supported||

-|zh-CN-YunhaoNeural ^{Public preview}|`general`, `advertisement-upbeat` ^{Public preview}|Supported||

-|zh-CN-YunfengNeural ^{Public preview}|`calm`, `angry`, ` disgruntled`, `cheerful`, `fearful`, `sad`, `serious`, `depressed`|Supported||

-* Speech SDK 1.22.0 and Speech CLI 1.22.0 were released in June 2022. See details below.

-* A [Translator](https://ms.portal.azure.com/#create/Microsoft.CognitiveServicesTextTranslation) resource.

-* See **[Use Cognitive Services as containers](cognitive-services-container-support.md)** to understand how to use Cognitive Services on-prem.

-Personalizer uses [vowpalwabbit](https://github.com/VowpalWabbit) to train and score the events. Refer to the [vowpalwabbit documentation](https://github.com/VowpalWabbit/vowpal_wabbit/wiki/Command-line-arguments) on how to edit the learning settings using vowpalwabbit. Once you have the correct command line arguments, save the command to a file with the following format (replace the arguments property value with the desired command) and upload the file to import learning settings in the **Model and Learning Settings** pane in the Azure portal for your Personalizer resource.

-Due to the nature of **real-world** Reinforcement Learning, a Personalizer model can only be trained in a production environment. When deploying a new use case, the Personalizer model isn't performing efficiently because it takes time for the model to be sufficiently trained. **Apprentice mode** is a learning behavior that eases this situation and allows you to gain confidence in the model ΓÇô without the developer changing any code.

-Similar to how an apprentice learns a craft from an expert, and with experience can get better; Apprentice mode is a _behavior_ that lets Personalizer learn by observing the results obtained from existing application logic.

-Personalizer trains by mimicking the same output as the application. As more events flow, Personalizer can _catch up_ to the existing application without impacting the existing logic and outcomes. Metrics, available from the Azure portal and the API, help you understand the performance as the model learns.

-Once Personalizer has learned and attained a certain level of understanding, the developer can change the behavior from Apprentice mode to Online mode. At that time, Personalizer starts influencing the actions in the Rank API.

-Apprentice mode gives you trust in the Personalizer service and its machine learning capabilities, and provides reassurance that the service is sent information that can be learned from ΓÇô without risking online traffic.

-* Mitigating **Cold Starts**: Apprentice mode helps manage and assess the cost of a "new" model's learning time - when it isn't returning the best action and not achieved a satisfactory level of effectiveness of around 60-80%.

-* **Validating Action and Context Features**: Features sent in actions and context may be inadequate or inaccurate - too little, too much, incorrect, or too specific to train Personalizer to attain the ideal effectiveness rate. Use [feature evaluations](concept-feature-evaluation.md) to find and fix issues with features.

-* You're implementing Personalizer in a new use case.

-* You've significantly changed the features you send in Context or Actions.

-* You've significantly changed when and how you calculate rewards.

-Apprentice mode isn't an effective way of measuring the impact Personalizer is having on reward scores. To measure how effective Personalizer is at choosing the best possible action for each Rank call, use [Offline evaluations](concepts-offline-evaluation.md).

-Apprentice mode is useful for developers, data scientists and business decision makers:

-* **Developers** can use Apprentice mode to make sure the Rank and Reward APIs are being used correctly in the application, and that features being sent to Personalizer from the application contains no bugs, or non-relevant features such as a timestamp or UserID element.

-* **Data scientists** can use Apprentice mode to validate that the features are effective to train the Personalizer models, that the reward wait times arenΓÇÖt too long or short.

-* **Business Decision Makers** can use Apprentice mode to assess the potential of Personalizer to improve results (i.e. rewards) compared to existing business logic. This allows them to make an informed decision impacting user experience, where real revenue and user satisfaction are at stake.

-|Impact on User Experience|You can use existing user behavior to train Personalizer by letting it observe (not affect) what your **default action** would have been and the reward it obtained. This means your usersΓÇÖ experience and the business results from them wonΓÇÖt be impacted.|Display top action returned from Rank call to affect user behavior.|

-|Learning speed|Personalizer will learn more slowly when in Apprentice mode than when learning in Online mode. Apprentice mode can only learn by observing the rewards obtained by your **default action**, which limits the speed of learning, as no exploration can be performed.|Learns faster because it can both exploit the current model and explore for new trends.|

-|Learning effectiveness "Ceiling"|Personalizer can approximate, very rarely match, and never exceed the performance of your base business logic (the reward total achieved by the **default action** of each Rank call). This approximation ceiling is reduced by exploration. For example, with exploration at 20% it's very unlikely apprentice mode performance will exceed 80%, and 60% is a reasonable target at which to graduate to online mode.|Personalizer should exceed applications baseline, and over time where it stalls you should conduct on offline evaluation and feature evaluation to continue to get improvements to the model. |

-|Rank API value for rewardActionId|The users' experience doesnΓÇÖt get impacted, as _rewardActionId_ is always the first action you send in the Rank request. In other words, the Rank API does nothing visible for your application during Apprentice mode. Reward APIs in your application shouldn't change how it uses the Reward API between one mode and another.|Users' experience will be changed by the _rewardActionId_ that Personalizer chooses for your application. |

-|Evaluations|Personalizer keeps a comparison of the reward totals that your default business logic is getting, and the reward totals Personalizer would be getting if in Online mode at that point. A comparison is available in the Azure portal for that resource|Evaluate PersonalizerΓÇÖs effectiveness by running [Offline evaluations](concepts-offline-evaluation.md), which let you compare the total rewards Personalizer has achieved against the potential rewards of the applicationΓÇÖs baseline.|

-A note about apprentice mode's effectiveness:

-* Personalizer's effectiveness in Apprentice mode will rarely achieve near 100% of the application's baseline; and never exceed it.

-* Best practices would be not to try to get to 100% attainment; but a range of 60% ΓÇô 80% should be targeted depending on the use case.

-Apprentice Mode attempts to train the Personalizer model by attempting to imitate your existing algorithm that chooses baseline items, using the features present in your context and actions used in Rank calls and the feedback from Reward calls. The following factors will affect if, or when, Personalizer Apprentice learns enough matched rewards.

-In some scenarios such as news or entertainment, the baseline item could be manually assigned by an editorial team. This means humans are using their knowledge about the broader world, and understanding of what may be appealing content, to choose specific articles or media out of a pool, and flagging them as "preferred" or "hero" articles. Because these editors aren't an algorithm, and the factors considered by editors can be nuanced and not included as features of the context and actions, Apprentice mode is unlikely to be able to predict the next baseline action. In these situations you can:

-* Test Personalizer in Online Mode: Apprentice mode not predicting baselines doesn't imply Personalizer can't achieve as-good or even better results. Consider putting Personalizer in Online Mode for a period of time or in an A/B test if you have the infrastructure, and then run an Offline Evaluation to assess the difference.

-If apprentice mode is learning and attaining Matched rewards above zero but seems to be growing slowly (not getting to 60% to 80% matched rewards within two weeks), it's possible that the challenge is having too little data. Taking the following steps could accelerate the learning.

-1. Adding more events with positive rewards over time: Apprentice mode will perform better in use cases where your application gets more than 100 positive rewards per day. For example, if a website rewarding a click has 2% clickthrough, it should be having at least 5,000 visits per day to have noticeable learning.

-2. Try a reward score that is simpler and happens more frequently. For example going from "Did users finish reading the article" to "Did users start reading the article".

-3. Adding differentiating features: You can do a visual inspection of the actions in a Rank call and their features. Does the baseline action have features that are differentiated from other actions? If they look mostly the same, add more features that will make them less similar.

-4. Reducing Actions per Event: Personalizer will use the Explore % setting to discover preferences and trends. When a Rank call has more actions, the chance of an Action being chosen for exploration becomes lower. Reduce the number of actions sent in each Rank call to a smaller number, to less than 10. This can be a temporary adjustment to show that Apprentice Mode has the right data to match rewards.

-If you have a significant amount of historical data, youΓÇÖd like to use to train Personalizer, you can use Apprentice mode to replay the data through Personalizer.

-When training from historical data, it's recommended that the data sent in (features for context and actions, their layout in the JSON used for Rank requests, and the calculation of reward in this training data set), matches the data (features and calculation of reward) available from the existing application.

-It's only useful to do A/B tests of Personalizer treatments once it has been validated and is learning in Online mode. In Apprentice mode, only the **default action** is used, which means all users would effectively see the control experience.

-1. If you don't return the reward within the configured **Reward wait time**, the default reward will be used instead.

-Display personalized content in this quickstart with the Personalizer service.

-Get started with the Personalizer client library. Follow these steps to install the package and try out the example code for basic tasks.

- * Rank API - Selects the best item, from actions, based on real-time information you provide about content and context.

- * Reward API - You determine the reward score based on your business needs, then send it to Personalizer with this API. That score can be a single value such as 1 for good, and 0 for bad, or an algorithm you create based on your business needs.

-If you want to clean up and remove a Cognitive Services subscription, you can delete the resource or resource group. Deleting the resource group also deletes any other resources associated with it.

-Azure Personalizer is a cloud-based service that helps your applications choose the best content item to show your users. You can use the Personalizer service to determine what product to suggest to shoppers or to figure out the optimal position for an advertisement. After the content is shown to the user, your application monitors the user's reaction and reports a reward score back to the Personalizer service. This ensures continuous improvement of the machine learning model, and Personalizer's ability to select the best content item based on the contextual information it receives.

-> [!TIP]

-> Content is any unit of information, such as text, images, URL, emails, or anything else that you want to select from and show to your users.

-This documentation contains the following article types:

-* [**Quickstarts**](quickstart-personalizer-sdk.md) are getting-started instructions to guide you through making requests to the service.

-* [**How-to guides**](how-to-settings.md) contain instructions for using the service in more specific or customized ways.

-* [**Concepts**](how-personalizer-works.md) provide in-depth explanations of the service functionality and features.

-* [**Tutorials**](tutorial-use-personalizer-web-app.md) are longer guides that show you how to use the service as a component in broader business solutions.

-Before you get started, try out [Personalizer with this interactive demo](https://personalizerdevdemo.azurewebsites.net/).

-## How does Personalizer select the best content item?

-Personalizer uses **reinforcement learning** to select the best item (_action_) based on collective behavior and reward scores across all users. Actions are the content items, such as news articles, specific movies, or products.

-The **Rank** call takes the action item, along with features of the action, and context features to select the top action item:

-* **Actions with features** - content items with features specific to each item

-* **Context features** - features of your users, their context or their environment when using your app

-The Rank call returns the ID of which content item, __action__, to show to the user, in the **Reward Action ID** field.

-The __action__ shown to the user is chosen with machine learning models, that try to maximize the total amount of rewards over time.

-### Sample scenarios

-Let's take a look at a few scenarios where Personalizer can be used to select the best content to render for a user.

-|Content type|Actions (with features)|Context features|Returned Reward Action ID<br>(display this content)|

-|--|--|--|--|

-|News list|a. `The president...` (national, politics, [text])<br>b. `Premier League ...` (global, sports, [text, image, video])<br> c. `Hurricane in the ...` (regional, weather, [text,image]|Device news is read from<br>Month, or season<br>|a `The president...`|

-|Movies list|1. `Star Wars` (1977, [action, adventure, fantasy], George Lucas)<br>2. `Hoop Dreams` (1994, [documentary, sports], Steve James<br>3. `Casablanca` (1942, [romance, drama, war], Michael Curtiz)|Device movie is watched from<br>screen size<br>Type of user<br>|3. `Casablanca`|

-|Products list|i. `Product A` (3 kg, $$$$, deliver in 24 hours)<br>ii. `Product B` (20 kg, $$, 2 week shipping with customs)<br>iii. `Product C` (3 kg, $$$, delivery in 48 hours)|Device shopping is read from<br>Spending tier of user<br>Month, or season|ii. `Product B`|

-Personalizer used reinforcement learning to select the single best action, known as _reward action ID_. The machine learning model uses:

-* A trained model - information previously received from the personalize service used to improve the machine learning model

-* Current data - specific actions with features and context features

-## When to use Personalizer

-Personalizer's **Rank** [API](https://go.microsoft.com/fwlink/?linkid=2092082) is called each time your application presents content. This is known as an **event**, noted with an _event ID_.

-Personalizer's **Reward** [API](https://westus2.dev.cognitive.microsoft.com/docs/services/personalizer-api/operations/Reward) can be called in real-time or delayed to better fit your infrastructure. You determine the reward score based on your business needs. The reward score is between 0 and 1. That can be a single value such as 1 for good, and 0 for bad, or a number produced by an algorithm you create considering your business goals and metrics.

-## Content requirements

-Use Personalizer when your content:

-* Has a limited set of actions or items (max of ~50) to select from in each personalization event. If you have a larger list, [use a recommendation engine](where-can-you-use-personalizer.md#how-to-use-personalizer-with-a-recommendation-solution) to reduce the list down to 50 items for each time you call Rank on the Personalizer service.

-* Has information describing the content you want ranked: _actions with features_ and _context features_.

-* Has a minimum of ~1k/day content-related events for Personalizer to be effective. If Personalizer doesn't receive the minimum traffic required, the service takes longer to determine the single best content item.

-Since Personalizer uses collective information in near real-time to return the single best content item, the service doesn't:

-* Persist and manage user profile information

-* Log individual users' preferences or history

-* Require cleaned and labeled content

-## How to design for and implement Personalizer

-1. [Design](concepts-features.md) and plan for content, **_actions_**, and **_context_**. Determine the reward algorithm for the **_reward_** score.

-1. Each [Personalizer Resource](how-to-settings.md) you create is considered one Learning Loop. The loop will receive the both the Rank and Reward calls for that content or user experience.

- |[Apprentice mode](concept-apprentice-mode.md) `E0`|Train the Personalizer model without impacting your existing application, then deploy to Online learning behavior to a production environment|

- |Standard, `S0`|Online learning behavior in a production environment|

- |Free, `F0`| Try Online learning behavior in a non-production environment|

- 1. Add a **Rank** call to Personalizer in your application, website, or system to determine best, single _content_ item before the content is shown to the user.

- 1. Display best, single _content_ item, which is the returned _reward action ID_, to user.

- 1. Apply _business logic_ to collected information about how the user behaved, to determine the **reward** score, such as:

- |User selected best, single _content_ item (reward action ID)|**1**|

- |User selected other content|**0**|

- |User paused, scrolling around indecisively, before selecting best, single _content_ item (reward action ID)|**0.5**|

- * Immediately after showing your content

- * Or sometime later in an offline system

- 1. [Evaluate your loop](concepts-offline-evaluation.md) with an offline evaluation after a period of use. An offline evaluation allows you to test and assess the effectiveness of the Personalizer Service without changing your code or affecting user experience.

-Learn what's new in the service. These items may include release notes, videos, blog posts, and other types of information. Bookmark this page to keep up-to-date with the service.

-description: Explore single-tenant and multi-tenant authentication use cases for customized Teams applications. Also learn about authentication artifacts.

-# Single-tenant and multi-tenant authentication for Teams

- This article gives you insight into the authentication process for single-tenant and multi-tenant, *Azure Active Directory* (Azure AD) applications. You can use authentication when you build customized Teams calling experiences with the *Calling software development kit* (SDK) that *Azure Communication Services* makes available. Use cases in this article also break down individual authentication artifacts.

-

-1. Get an access token for Alice: The customized Teams application performs control plane logic, using artifacts 'A1', 'A2' and 'A3'. This produces Azure Communication Services access token 'D' and gives Alice access. This access token can also be used for data plane actions in Azure Communication Services, like Calling.

-1. Call Bob: Alice makes a call to Teams user Bob, with Fabrikam's customized Teams app. The call takes place via the Calling SDK with an Azure Communication Services access token. Learn more about [developing custom Teams clients](../../quickstarts/voice-video-calling/get-started-with-voice-video-calling-custom-teams-client.md).

-The Contoso company has built a custom Teams calling application for external customers. This application uses custom authentication within Contoso's own infrastructure. Contoso uses a connection string to retrieve tokens from Fabrikam's customized Teams application.

-1. Authenticate Alice using the Fabrikam application: Alice is authenticated through Fabrikam's customized Teams application. A standard OAuth flow with Microsoft Authentication Library (MSAL) is used. If authentication is successful, the client application, the Contoso app in this case, receives an Azure AD access token with a value of 'A1' and an Object ID of an Azure AD user with a value of 'A2'. Token details are outlined below. Authentication from the developer perspective is explored in this [quickstart](../../quickstarts/manage-teams-identity.md).

-1. Call Bob: Alice makes a call to Teams user Bob, with Fabrikam's customized Teams app. The call takes place via the Calling SDK with an Azure Communication Services access token. Learn more about developing custom, Teams apps [in this quickstart](../../quickstarts/voice-video-calling/get-started-with-voice-video-calling-custom-teams-client.md).

-description: Learn the firewall configuration requirements that enable customized Teams calling experiences.

-# Firewall configuration for customized Teams calling experiences

-Microsoft Teams provides identities managed by Azure Active Directory and calling experiences controlled by Teams Admin Center and policies. Users might have assigned licenses to enable PSTN connectivity and advanced calling capabilities of Teams Phone System. Azure Communication Services are supporting Teams identities for managing Teams VoIP calls, Teams PSTN calls, and join Teams meetings. Developers might extend the Azure Communication Services with Graph API to provide contextual data from Microsoft 365 ecosystem. This page is providing inspiration on how to use existing Microsoft technologies to provide an end-to-end experience for calling scenarios with Teams users and Azure Communication Services calling SDKs.

-> [Issue a Teams access token](../quickstarts/manage-teams-identity.md)

-> [Start a call with Teams user as a Teams user](../quickstarts/voice-video-calling/get-started-with-voice-video-calling-custom-teams-client.md)

-Learn about [Teams interoperability](./teams-interop.md).

-|PSTN support| Not supported for Communication Services users in Teams meetings | Teams phone system, calling plan, direct routing, operator connect|

-> [!div class="nextstepaction"]

-> [Get access tokens for Guest/BYOI](../quickstarts/access-tokens.md)

-> [Join Teams meeting call as a Guest/BYOI](../quickstarts/voice-video-calling/get-started-teams-interop.md)

-> [Join Teams meeting chat as a Guest/BYOI](../quickstarts/chat/meeting-interop.md)

-> [Get access tokens for Teams users](../quickstarts/manage-teams-identity.md)

-> [Make a call as a Teams users to a Teams user](../quickstarts/voice-video-calling/get-started-with-voice-video-calling-custom-teams-client.md)

-description: Use Azure Communication Services SDKs to manage calls for customized Teams application.

-zone_pivot_groups: acs-csharp-java

-This quickstart will help you get started with Azure Communication Services Rooms. A `room` is a server-managed communications space for a known, fixed set of participants to collaborate for a pre-determined duration. The [rooms conceptual documentation](../../concepts/rooms/room-concept.md) covers more details and potential use cases for `rooms`.

-| `ValidFrom` | Earliest time a `room` can be used. |

-| `ValidUntil` | Latest time a `room` can be used. |

-| `Participants` | List of pre-existing participant IDs. |

-> - Join a room call

-<a id="create-manual"></a>

-## Azure Cosmos DB account for Gremlin with standard provisioned throughput

-This template will create an Azure Cosmos account for Gremlin API with a database and graph with standard (manual) throughput. This template is also available for one-click deploy from Azure Quickstart Templates Gallery.

-[:::image type="content" source="../../media/template-deployments/deploy-to-azure.svg" alt-text="Deploy to Azure":::](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.documentdb%2Fcosmosdb-gremlin%2Fazuredeploy.json)

-* [Troubleshoot common Azure Resource Manager deployment errors](../../azure-resource-manager/templates/common-deployment-errors.md)

-The concurrent updates of an item are subjected to the OCC by Azure Cosmos DBΓÇÖs communication protocol layer. For Azure Cosmos accounts configured for **single-region writes**, Azure Cosmos DB ensures that the client-side version of the item that you are updating (or deleting) is the same as the version of the item in the Azure Cosmos container. This ensures that your writes are protected from being overwritten accidentally by the writes of others and vice versa. In a multi-user environment, the optimistic concurrency control protects you from accidentally deleting or updating wrong version of an item. As such, items are protected against the infamous "lost update" or "lost delete" problems.

-In an Azure Cosmos account configured with **multi-region writes**, data can be committed independently into secondary regions if its `_etag` matches that of the data in the local region. Once new data is committed locally in a secondary region, it is then merged in the hub or primary region. If the conflict resolution policy merges the new data into the hub region, this data will then be replicated globally with the new `_etag`. If the conflict resolution policy rejects the new data, the secondary region will be rolled back to the original data and `_etag`.

-SQL API SDKs are available for a wide variety of platforms and programming languages. If you haven't worked

-var context = getContext();

-var container = context.getCollection();

-var response = context.getResponse();

-// item that was created

-var createdItem = response.getBody();

-// query for metadata document

-var filterQuery = 'SELECT * FROM root r WHERE r.id = "_metadata"';

-var accept = container.queryDocuments(container.getSelfLink(), filterQuery,

- updateMetadataCallback);

-if(!accept) throw "Unable to update metadata, abort";

-function updateMetadataCallback(err, items, responseOptions) {

- if(err) throw new Error("Error" + err.message);

- if(items.length != 1) throw 'Unable to find metadata document';

- var metadataItem = items[0];

- // update metadata

- metadataItem.createdItems += 1;

- metadataItem.createdNames += " " + createdItem.id;

- var accept = container.replaceDocument(metadataItem._self,

- metadataItem, function(err, itemReplaced) {

- if(err) throw "Unable to update metadata, abort";

- });

- if(!accept) throw "Unable to update metadata, abort";

- return;

-}

- if(income == undefined)

- throw 'no input';

- if (income < 1000)

- return income * 0.1;

- else if (income < 10000)

- return income * 0.2;

- else

- return income * 0.4;

- }

-If you have questions or need help, [create a support request](https://portal.azure.com/#blade/Microsoft_Azure_Support/HelpAndSupportBlade/newsupportrequest).

-[Package Configurations](/sql/integration-services/package-configurations)

-1. Access one of the `azuredefender-publisher-<XXX>` pods deployed in your Kubernetes cluster.

- kubectl exec -it azuredefender-publisher-xx-xxxxx -n <namespace> -- bash

- For AKS - `<namespace>` = `kube-system`<br>

- For ARC - `<namespace>` = `mdc`

-1. Select an executable, copy it to a convenient location and rename it to `./asc_alerttest_662jfi039n`. For example:

-`cp /bin/echo ./asc_alerttest_662jfi039n`.

-> [!INCLUDE [Legalese](../../includes/defender-for-cloud-preview-legal-text.md)]

-1. By default the **Servers** plan is set to **On**. This is necessary to extend Defender for server's coverage to your AWS EC2.

-1. By default the **Containers** plan is set to **On**. This is necessary to have Defender for Containers protect your AWS EKS clusters. Ensure you've fulfilled the [network requirements](./defender-for-containers-enable.md?pivots=defender-for-container-eks&source=docs&tabs=aks-deploy-portal%2ck8s-deploy-asc%2ck8s-verify-asc%2ck8s-remove-arc%2caks-removeprofile-api#network-requirements) for the Defender for Containers plan.

-1. (**Containers only**) Ensure you have fulfilled the [network requirements](defender-for-containers-enable.md?tabs=defender-for-container-gcp#network-requirements) for the Defender for Containers plan.

-For further information on installing and configuring the agent, see [Connect Windows machines](../azure-monitor/agents/agent-windows.md#install-agent-using-setup-wizard).

-## Additional information

-description: Describes how to use Azure Event Grid and Functions to migrate Event Hubs captured data to Azure Synapse Analytics.

-# Tutorial: Migrate captured Event Hubs Avro data to Azure Synapse Analytics using Event Grid and Azure Functions

-Azure Event Hubs [Capture](./event-hubs-capture-overview.md) enables you to automatically capture the streaming data in Event Hubs in an Azure Blob storage or Azure Data Lake Storage. This tutorial shows you how to migrate captured Event Hubs data from Storage to Azure Synapse Analytics by using an Azure function that's triggered by [Event Grid](../event-grid/overview.md).

-## Next steps

-You can use powerful data visualization tools with your data warehouse to achieve actionable insights.

-This article shows how to use [Power BI with Azure Synapse Analytics](/power-bi/connect-data/service-azure-sql-data-warehouse-with-direct-connect)

- :::image type="content" source="./media/how-to-configure-connection-monitor/copy-id-key.png" alt-text="Screenshot of workspace id and primary key.":::

- For Linux machines, the port number needs to be changed manually with the follow steps:

- * [Windows](../azure-monitor/agents/agent-windows.md#install-agent-using-setup-wizard)

-description: Use ScaleR and SparkR for data manipulation and model development with ML Services on Azure HDInsight

-# Combine ScaleR and SparkR in HDInsight

-This document shows how to predict flight arrival delays using a **ScaleR** logistic regression model. The example uses flight delay and weather data, joined using **SparkR**.

-Although both packages run on Apache Hadoop's Spark execution engine, they're blocked from in-memory data sharing as they each require their own respective Spark sessions. Until this issue is addressed in an upcoming version of ML Server, the workaround is to maintain non-overlapping Spark sessions, and to exchange data through intermediate files. The instructions here show that these requirements are straightforward to achieve.

-The code was originally written for ML Server running on Spark in an HDInsight cluster on Azure. But the concept of mixing the use of SparkR and ScaleR in one script is also valid in the context of on-premises environments.

-The steps in this document assume that you have an intermediate level of knowledge of R and R the [ScaleR](/machine-learning-server/r/concept-what-is-revoscaler) library of ML Server. You're introduced to [SparkR](https://spark.apache.org/docs/2.1.0/sparkr.html) while walking through this scenario.

-## The airline and weather datasets

-The flight data is available from the [U.S. government archives](https://www.transtats.bts.gov/DL_SelectFields.asp?Table_ID=236).

-The weather data can be downloaded as zip files in raw form, by month, from the [National Oceanic and Atmospheric Administration repository](https://www.ncdc.noaa.gov/orders/qclcd/). For this example, download the data for May 2007 ΓÇô December 2012. Use the hourly data files and `YYYYMMMstation.txt` file within each of the zips.

-## Setting up the Spark environment

-Use the following code to set up the Spark environment:

-```

-workDir <- '~'

-myNameNode <- 'default'

-myPort <- 0

-inputDataDir <- 'wasb://hdfs@myAzureAccount.blob.core.windows.net'

-hdfsFS <- RxHdfsFileSystem(hostName=myNameNode, port=myPort)

-# create a persistent Spark session to reduce startup times

-# (remember to stop it later!)

-

-sparkCC <- RxSpark(consoleOutput=TRUE, nameNode=myNameNode, port=myPort, persistentRun=TRUE)

-# create working directories

-rxHadoopMakeDir('/user')

-rxHadoopMakeDir('user/RevoShare')

-rxHadoopMakeDir('user/RevoShare/remoteuser')

-(dataDir <- '/share')

-rxHadoopMakeDir(dataDir)

-rxHadoopListFiles(dataDir)

-setwd(workDir)

-getwd()

-# version of rxRoc that runs in a local CC

-rxRoc <- function(...){

- rxSetComputeContext(RxLocalSeq())

- roc <- RevoScaleR::rxRoc(...)

- rxSetComputeContext(sparkCC)

- return(roc)

-}

-logmsg <- function(msg) { cat(format(Sys.time(), "%Y-%m-%d %H:%M:%S"),':',msg,'\n') }

-t0 <- proc.time()

-#..start

-logmsg('Start')

-(trackers <- system("mapred job -list-active-trackers", intern = TRUE))

-logmsg(paste('Number of task nodes=',length(trackers)))

-```

-Next, add `Spark_Home` to the search path for R packages. Adding it to the search path allows you to use SparkR, and initialize a SparkR session:

-```

-#..setup for use of SparkR

-logmsg('Initialize SparkR')

-.libPaths(c(file.path(Sys.getenv("SPARK_HOME"), "R", "lib"), .libPaths()))

-library(SparkR)

-sparkEnvir <- list(spark.executor.instances = '10',

- spark.yarn.executor.memoryOverhead = '8000')

-sc <- sparkR.init(

- sparkEnvir = sparkEnvir,

- sparkPackages = "com.databricks:spark-csv_2.10:1.3.0"

-)

-sqlContext <- sparkRSQL.init(sc)

-```

-## Preparing the weather data

-To prepare the weather data, subset it to the columns needed for modeling:

-Then add an airport code associated with the weather station and convert the measurements from local time to UTC.

-Begin by creating a file to map the weather station (WBAN) info to an airport code. The following code reads each of the hourly raw weather data files, subsets to the columns we need, merges the weather station-mapping file, adjusts the date times of measurements to UTC, and then writes out a new version of the file:

-```

-# Look up AirportID and Timezone for WBAN (weather station ID) and adjust time

-adjustTime <- function(dataList)

-{

- dataset0 <- as.data.frame(dataList)

-

- dataset1 <- base::merge(dataset0, wbanToAirIDAndTZDF1, by = "WBAN")

- if(nrow(dataset1) == 0) {

- dataset1 <- data.frame(

- Visibility = numeric(0),

- DryBulbCelsius = numeric(0),

- DewPointCelsius = numeric(0),

- RelativeHumidity = numeric(0),

- WindSpeed = numeric(0),

- Altimeter = numeric(0),

- AdjustedYear = numeric(0),

- AdjustedMonth = numeric(0),

- AdjustedDay = integer(0),

- AdjustedHour = integer(0),

- AirportID = integer(0)

- )

-

- return(dataset1)

- }

-

- Year <- as.integer(substr(dataset1$Date, 1, 4))

- Month <- as.integer(substr(dataset1$Date, 5, 6))

- Day <- as.integer(substr(dataset1$Date, 7, 8))

-

- Time <- dataset1$Time

- Hour <- ceiling(Time/100)

-

- Timezone <- as.integer(dataset1$TimeZone)

-

- adjustdate = as.POSIXlt(sprintf("%4d-%02d-%02d %02d:00:00", Year, Month, Day, Hour), tz = "UTC") + Timezone * 3600

- AdjustedYear = as.POSIXlt(adjustdate)$year + 1900

- AdjustedMonth = as.POSIXlt(adjustdate)$mon + 1

- AdjustedDay = as.POSIXlt(adjustdate)$mday

- AdjustedHour = as.POSIXlt(adjustdate)$hour

-

- AirportID = dataset1$AirportID

- Weather = dataset1[,c("Visibility", "DryBulbCelsius", "DewPointCelsius", "RelativeHumidity", "WindSpeed", "Altimeter")]

-

- data.set = data.frame(cbind(AdjustedYear, AdjustedMonth, AdjustedDay, AdjustedHour, AirportID, Weather))

-

- return(data.set)

-}

-wbanToAirIDAndTZDF <- read.csv("wban-to-airport-id-tz.csv")

-colInfo <- list(

- WBAN = list(type="integer"),

- Date = list(type="character"),

- Time = list(type="integer"),

- Visibility = list(type="numeric"),

- DryBulbCelsius = list(type="numeric"),

- DewPointCelsius = list(type="numeric"),

- RelativeHumidity = list(type="numeric"),

- WindSpeed = list(type="numeric"),

- Altimeter = list(type="numeric")

-)

-weatherDF <- RxTextData(file.path(inputDataDir, "WeatherRaw"), colInfo = colInfo)

-weatherDF1 <- RxTextData(file.path(inputDataDir, "Weather"), colInfo = colInfo,

- filesystem=hdfsFS)

-rxSetComputeContext("localpar")

-rxDataStep(weatherDF, outFile = weatherDF1, rowsPerRead = 50000, overwrite = T,

- transformFunc = adjustTime,

- transformObjects = list(wbanToAirIDAndTZDF1 = wbanToAirIDAndTZDF))

-```

-## Importing the airline and weather data to Spark DataFrames

-Now we use the SparkR [read.df()](https://spark.apache.org/docs/3.3.0/api/R/reference/read.df.html) function to import the weather and airline data to Spark DataFrames. This function, like many other Spark methods, is executed lazily, meaning that they're queued for execution but not executed until required.

-```

-airPath <- file.path(inputDataDir, "AirOnTime08to12CSV")

-weatherPath <- file.path(inputDataDir, "Weather") # pre-processed weather data

-rxHadoopListFiles(airPath)

-rxHadoopListFiles(weatherPath)

-# create a SparkR DataFrame for the airline data

-logmsg('create a SparkR DataFrame for the airline data')

-# use inferSchema = "false" for more robust parsing

-airDF <- read.df(sqlContext, airPath, source = "com.databricks.spark.csv",

- header = "true", inferSchema = "false")

-# Create a SparkR DataFrame for the weather data

-logmsg('create a SparkR DataFrame for the weather data')

-weatherDF <- read.df(sqlContext, weatherPath, source = "com.databricks.spark.csv",

- header = "true", inferSchema = "true")

-```

-## Data cleansing and transformation

-Next we do some cleanup on the airline data we've imported to rename columns. We only keep the variables needed, and round scheduled departure times down to the nearest hour to enable merging with the latest weather data at departure:

-```

-logmsg('clean the airline data')

-airDF <- rename(airDF,

- ArrDel15 = airDF$ARR_DEL15,

- Year = airDF$YEAR,

- Month = airDF$MONTH,

- DayofMonth = airDF$DAY_OF_MONTH,

- DayOfWeek = airDF$DAY_OF_WEEK,

- Carrier = airDF$UNIQUE_CARRIER,

- OriginAirportID = airDF$ORIGIN_AIRPORT_ID,

- DestAirportID = airDF$DEST_AIRPORT_ID,

- CRSDepTime = airDF$CRS_DEP_TIME,

- CRSArrTime = airDF$CRS_ARR_TIME

-)

-# Select desired columns from the flight data.

-varsToKeep <- c("ArrDel15", "Year", "Month", "DayofMonth", "DayOfWeek", "Carrier", "OriginAirportID", "DestAirportID", "CRSDepTime", "CRSArrTime")

-airDF <- select(airDF, varsToKeep)

-# Apply schema

-coltypes(airDF) <- c("character", "integer", "integer", "integer", "integer", "character", "integer", "integer", "integer", "integer")

-# Round down scheduled departure time to full hour.

-airDF$CRSDepTime <- floor(airDF$CRSDepTime / 100)

-```

-Now we perform similar operations on the weather data:

-```

-# Average weather readings by hour

-logmsg('clean the weather data')

-weatherDF <- agg(groupBy(weatherDF, "AdjustedYear", "AdjustedMonth", "AdjustedDay", "AdjustedHour", "AirportID"), Visibility="avg",

- DryBulbCelsius="avg", DewPointCelsius="avg", RelativeHumidity="avg", WindSpeed="avg", Altimeter="avg"

- )

-weatherDF <- rename(weatherDF,

- Visibility = weatherDF$'avg(Visibility)',

- DryBulbCelsius = weatherDF$'avg(DryBulbCelsius)',

- DewPointCelsius = weatherDF$'avg(DewPointCelsius)',

- RelativeHumidity = weatherDF$'avg(RelativeHumidity)',

- WindSpeed = weatherDF$'avg(WindSpeed)',

- Altimeter = weatherDF$'avg(Altimeter)'

-)

-```

-## Joining the weather and airline data

-We now use the SparkR [join()](https://spark.apache.org/docs/3.3.0/api/R/reference/join.html) function to do a left outer join of the airline and weather data by departure AirportID and datetime. The outer join allows us to retain all the airline data records even if there's no matching weather data. Following the join, we remove some redundant columns, and rename the kept columns to remove the incoming DataFrame prefix introduced by the join.

-```

-logmsg('Join airline data with weather at Origin Airport')

-joinedDF <- SparkR::join(

- airDF,

- weatherDF,

- airDF$OriginAirportID == weatherDF$AirportID &

- airDF$Year == weatherDF$AdjustedYear &

- airDF$Month == weatherDF$AdjustedMonth &

- airDF$DayofMonth == weatherDF$AdjustedDay &

- airDF$CRSDepTime == weatherDF$AdjustedHour,

- joinType = "left_outer"

-)

-# Remove redundant columns

-vars <- names(joinedDF)

-varsToDrop <- c('AdjustedYear', 'AdjustedMonth', 'AdjustedDay', 'AdjustedHour', 'AirportID')

-varsToKeep <- vars[!(vars %in% varsToDrop)]

-joinedDF1 <- select(joinedDF, varsToKeep)

-joinedDF2 <- rename(joinedDF1,

- VisibilityOrigin = joinedDF1$Visibility,

- DryBulbCelsiusOrigin = joinedDF1$DryBulbCelsius,

- DewPointCelsiusOrigin = joinedDF1$DewPointCelsius,

- RelativeHumidityOrigin = joinedDF1$RelativeHumidity,

- WindSpeedOrigin = joinedDF1$WindSpeed,

- AltimeterOrigin = joinedDF1$Altimeter

-)

-```

-In a similar fashion, we join the weather and airline data based on arrival AirportID and datetime:

-```

-logmsg('Join airline data with weather at Destination Airport')

-joinedDF3 <- SparkR::join(

- joinedDF2,

- weatherDF,

- airDF$DestAirportID == weatherDF$AirportID &

- airDF$Year == weatherDF$AdjustedYear &

- airDF$Month == weatherDF$AdjustedMonth &

- airDF$DayofMonth == weatherDF$AdjustedDay &

- airDF$CRSDepTime == weatherDF$AdjustedHour,

- joinType = "left_outer"

-)

-# Remove redundant columns

-vars <- names(joinedDF3)

-varsToDrop <- c('AdjustedYear', 'AdjustedMonth', 'AdjustedDay', 'AdjustedHour', 'AirportID')

-varsToKeep <- vars[!(vars %in% varsToDrop)]

-joinedDF4 <- select(joinedDF3, varsToKeep)

-joinedDF5 <- rename(joinedDF4,

- VisibilityDest = joinedDF4$Visibility,

- DryBulbCelsiusDest = joinedDF4$DryBulbCelsius,

- DewPointCelsiusDest = joinedDF4$DewPointCelsius,

- RelativeHumidityDest = joinedDF4$RelativeHumidity,

- WindSpeedDest = joinedDF4$WindSpeed,

- AltimeterDest = joinedDF4$Altimeter

- )

-```

-## Save results to CSV for exchange with ScaleR

-That completes the joins we need to do with SparkR. We save the data from the final Spark DataFrame "joinedDF5" to a CSV for input to ScaleR and then close out the SparkR session. We explicitly tell SparkR to save the resultant CSV in 80 separate partitions to enable sufficient parallelism in ScaleR processing:

-```

-logmsg('output the joined data from Spark to CSV')

-joinedDF5 <- repartition(joinedDF5, 80) # write.df below will produce this many CSVs

-# write result to directory of CSVs

-write.df(joinedDF5, file.path(dataDir, "joined5Csv"), "com.databricks.spark.csv", "overwrite", header = "true")

-# We can shut down the SparkR Spark context now

-sparkR.stop()

-# remove non-data files

-rxHadoopRemove(file.path(dataDir, "joined5Csv/_SUCCESS"))

-```

-## Import to XDF for use by ScaleR

-We could use the CSV file of joined airline and weather data as-is for modeling via a ScaleR text data source. But we import it to XDF first, since it's more efficient when running multiple operations on the dataset:

-```

-logmsg('Import the CSV to compressed, binary XDF format')

-# set the Spark compute context for ML Services

-rxSetComputeContext(sparkCC)

-rxGetComputeContext()

-colInfo <- list(

- ArrDel15 = list(type="numeric"),

- Year = list(type="factor"),

- Month = list(type="factor"),

- DayofMonth = list(type="factor"),

- DayOfWeek = list(type="factor"),

- Carrier = list(type="factor"),

- OriginAirportID = list(type="factor"),

- DestAirportID = list(type="factor"),

- RelativeHumidityOrigin = list(type="numeric"),

- AltimeterOrigin = list(type="numeric"),

- DryBulbCelsiusOrigin = list(type="numeric"),

- WindSpeedOrigin = list(type="numeric"),

- VisibilityOrigin = list(type="numeric"),

- DewPointCelsiusOrigin = list(type="numeric"),

- RelativeHumidityDest = list(type="numeric"),

- AltimeterDest = list(type="numeric"),

- DryBulbCelsiusDest = list(type="numeric"),

- WindSpeedDest = list(type="numeric"),

- VisibilityDest = list(type="numeric"),

- DewPointCelsiusDest = list(type="numeric")

-)

-joinedDF5Txt <- RxTextData(file.path(dataDir, "joined5Csv"),

- colInfo = colInfo, fileSystem = hdfsFS)

-rxGetInfo(joinedDF5Txt)

-destData <- RxXdfData(file.path(dataDir, "joined5XDF"), fileSystem = hdfsFS)

-rxImport(inData = joinedDF5Txt, destData, overwrite = TRUE)

-rxGetInfo(destData, getVarInfo = T)

-# File name: /user/RevoShare/dev/delayDataLarge/joined5XDF

-# Number of composite data files: 80

-# Number of observations: 148619655

-# Number of variables: 22

-# Number of blocks: 320

-# Compression type: zlib

-# Variable information:

-# Var 1: ArrDel15, Type: numeric, Low/High: (0.0000, 1.0000)

-# Var 2: Year

-# 26 factor levels: 1987 1988 1989 1990 1991 ... 2008 2009 2010 2011 2012

-# Var 3: Month

-# 12 factor levels: 10 11 12 1 2 ... 5 6 7 8 9

-# Var 4: DayofMonth

-# 31 factor levels: 1 3 4 5 7 ... 29 30 2 18 31

-# Var 5: DayOfWeek

-# 7 factor levels: 4 6 7 1 3 2 5

-# Var 6: Carrier

-# 30 factor levels: PI UA US AA DL ... HA F9 YV 9E VX

-# Var 7: OriginAirportID

-# 374 factor levels: 15249 12264 11042 15412 13930 ... 13341 10559 14314 11711 10558

-# Var 8: DestAirportID

-# 378 factor levels: 13303 14492 10721 11057 13198 ... 14802 11711 11931 12899 10559

-# Var 9: CRSDepTime, Type: integer, Low/High: (0, 24)

-# Var 10: CRSArrTime, Type: integer, Low/High: (0, 2400)

-# Var 11: RelativeHumidityOrigin, Type: numeric, Low/High: (0.0000, 100.0000)

-# Var 12: AltimeterOrigin, Type: numeric, Low/High: (28.1700, 31.1600)

-# Var 13: DryBulbCelsiusOrigin, Type: numeric, Low/High: (-46.1000, 47.8000)

-# Var 14: WindSpeedOrigin, Type: numeric, Low/High: (0.0000, 81.0000)

-# Var 15: VisibilityOrigin, Type: numeric, Low/High: (0.0000, 90.0000)

-# Var 16: DewPointCelsiusOrigin, Type: numeric, Low/High: (-41.7000, 29.0000)

-# Var 17: RelativeHumidityDest, Type: numeric, Low/High: (0.0000, 100.0000)

-# Var 18: AltimeterDest, Type: numeric, Low/High: (28.1700, 31.1600)

-# Var 19: DryBulbCelsiusDest, Type: numeric, Low/High: (-46.1000, 53.9000)

-# Var 20: WindSpeedDest, Type: numeric, Low/High: (0.0000, 136.0000)

-# Var 21: VisibilityDest, Type: numeric, Low/High: (0.0000, 88.0000)

-# Var 22: DewPointCelsiusDest, Type: numeric, Low/High: (-43.0000, 29.0000)

-finalData <- RxXdfData(file.path(dataDir, "joined5XDF"), fileSystem = hdfsFS)

-```

-## Splitting data for training and test

-We use rxDataStep to split out the 2012 data for testing and keep the rest for training:

-```

-# split out the training data

-logmsg('split out training data as all data except year 2012')

-trainDS <- RxXdfData( file.path(dataDir, "finalDataTrain" ),fileSystem = hdfsFS)

-rxDataStep( inData = finalData, outFile = trainDS,

- rowSelection = ( Year != 2012 ), overwrite = T )

-# split out the testing data

-logmsg('split out the test data for year 2012')

-testDS <- RxXdfData( file.path(dataDir, "finalDataTest" ), fileSystem = hdfsFS)

-rxDataStep( inData = finalData, outFile = testDS,

- rowSelection = ( Year == 2012 ), overwrite = T )

-rxGetInfo(trainDS)

-rxGetInfo(testDS)

-```

-## Train and test a logistic regression model

-Now we're ready to build a model. To see the influence of weather data on delay in the arrival time, we use ScaleR's logistic regression routine. We use it to model whether an arrival delay of greater than 15 minutes is influenced by the weather at the departure and arrival airports:

-```

-logmsg('train a logistic regression model for Arrival Delay > 15 minutes')

-formula <- as.formula(ArrDel15 ~ Year + Month + DayofMonth + DayOfWeek + Carrier +

- OriginAirportID + DestAirportID + CRSDepTime + CRSArrTime +

- RelativeHumidityOrigin + AltimeterOrigin + DryBulbCelsiusOrigin +

- WindSpeedOrigin + VisibilityOrigin + DewPointCelsiusOrigin +

- RelativeHumidityDest + AltimeterDest + DryBulbCelsiusDest +

- WindSpeedDest + VisibilityDest + DewPointCelsiusDest

- )

-# Use the scalable rxLogit() function but set max iterations to 3 for the purposes of

-# this exercise

-logitModel <- rxLogit(formula, data = trainDS, maxIterations = 3)

-base::summary(logitModel)

-```

-Now let's see how it does on the test data by making some predictions and looking at ROC and AUC.

-```

-# Predict over test data (Logistic Regression).

-logmsg('predict over the test data')

-logitPredict <- RxXdfData(file.path(dataDir, "logitPredict"), fileSystem = hdfsFS)

-# Use the scalable rxPredict() function

-rxPredict(logitModel, data = testDS, outData = logitPredict,

- extraVarsToWrite = c("ArrDel15"),

- type = 'response', overwrite = TRUE)

-# Calculate ROC and Area Under the Curve (AUC).

-logmsg('calculate the roc and auc')

-logitRoc <- rxRoc("ArrDel15", "ArrDel15_Pred", logitPredict)

-logitAuc <- rxAuc(logitRoc)

-head(logitAuc)

-logitAuc

-plot(logitRoc)

-```

-## Scoring elsewhere

-We can also use the model for scoring data on another platform. By saving it to an RDS file and then transferring and importing that RDS into a destination scoring environment such as Microsoft SQL Server R Services. It's important to ensure that the factor levels of the data to be scored match those on which the model was built. That match can be achieved by extracting and saving the column information associated with the modeling data via ScaleR's `rxCreateColInfo()` function and then applying that column information to the input data source for prediction. In the following code example, we save a few rows of the test dataset and extract and use the column information from this sample in the prediction script:

-```

-# save the model and a sample of the test dataset

-logmsg('save serialized version of the model and a sample of the test data')

-rxSetComputeContext('localpar')

-saveRDS(logitModel, file = "logitModel.rds")

-testDF <- head(testDS, 1000)

-saveRDS(testDF , file = "testDF.rds" )

-list.files()

-rxHadoopListFiles(file.path(inputDataDir,''))

-rxHadoopListFiles(dataDir)

-# stop the spark engine

-rxStopEngine(sparkCC)

-logmsg('Done.')

-elapsed <- (proc.time() - t0)[3]

-logmsg(paste('Elapsed time=',sprintf('%6.2f',elapsed),'(sec)\n\n'))

-```

-## Summary

-In this article, we've shown how it's possible to combine use of SparkR for data manipulation with ScaleR for model development in Hadoop Spark. This scenario requires that you maintain separate Spark sessions, only running one session at a time, and exchange data via CSV files. Although straightforward, this process should be even easier in an upcoming ML Services release, when SparkR and ScaleR can share a Spark session and so share Spark DataFrames.

-## Next steps and more information

-For more information on use of SparkR, see:

-This article focuses on alerts for Key Vault. For information about Key Vault insights, which combines both logs and metrics to provide a global monitoring solution, see [Monitoring your key vault with Key Vault insights](../../azure-monitor/insights/key-vault-insights-overview.md#introduction-to-key-vault-insights).

-For overview information about Key Vault, see [What is Azure Key Vault?](overview.md). For information about where Key Vault is available, see the [pricing page](https://azure.microsoft.com/pricing/details/key-vault/). For information about using [Azure Monitor for Key Vault](../../azure-monitor/insights/key-vault-insights-overview.md).

-For more information, including how to set this up, see [Azure Key Vault in Azure Monitor](../../azure-monitor/insights/key-vault-insights-overview.md).

-Key Vault insights provides comprehensive monitoring of your key vaults by delivering a unified view of your Key Vault requests, performance, failures, and latency. For full details, see [Monitoring your key vault service with Key Vault insights](../../azure-monitor/insights/key-vault-insights-overview.md).

-Azure Monitor for Key Vault is now in preview. Azure Monitor provides comprehensive monitoring of your key vaults by delivering a unified view of your Key Vault requests, performance, failures, and latency. For more information, see [Azure Monitor for Key Vault (preview).](../../azure-monitor/insights/key-vault-insights-overview.md).

-Azure Monitor for Key Vault is now in preview. Azure Monitor provides comprehensive monitoring of your key vaults by delivering a unified view of your Key Vault requests, performance, failures, and latency. For more information, see [Azure Monitor for Key Vault (preview).](../../azure-monitor/insights/key-vault-insights-overview.md).

-For more information, including how to set this up, see [Azure Key Vault in Azure Monitor](../../azure-monitor/insights/key-vault-insights-overview.md).

-> Check how to navigate to the run results from the [View run results](how-to-understand-automated-ml.md#view-run-results) section.

-| Experiment runs | Yes |

- | __Microsoft.DocumentDB/databaseAccounts__ | Azure CosmosDB instance that logs metadata for the workspace. |

-* The workspace mustn't be in use during the move operation. Verify that all experiment runs, data profiling runs, and labeling projects have completed. Also verify that inference endpoints aren't being invoked.

-2. Verify that the origin workspace isn't being used. Check that any experiment runs, data profiling runs, or labeling projects have completed. Also verify that inferencing endpoints aren't being invoked.

-One of the biggest benefits of using the Azure Machine Learning ecosystem is related to the archival of model and data insights in the Azure Machine Learning Run History (for quick reference in future). As a part of that infrastructure and to accompany machine learning models and their corresponding Responsible AI dashboards, we introduce the Responsible AI scorecard, a customizable report that you can easily configure, download, and share with your technical and non-technical stakeholders to educate them about your data and model health and compliance and build trust. This scorecard could also be used in audit reviews to inform the stakeholders about the characteristics of your model.

-1. Submit the pipeline run.

-Now that you have a published training pipeline, you can use it to retrain your model on new data. You can submit runs from a pipeline endpoint from the studio workspace or programmatically.

-### Submit runs by using the studio portal

-Use the following steps to submit a parameterized pipeline endpoint run from the studio portal:

-1. In the setup dialog box, you can specify the parameters values for the run. For this example, update the data path to train your model using a non-US dataset.

-

-### Submit runs by using code

-For how to publish and submit a run to pipeline endpoint using SDK, see [this article](how-to-deploy-pipelines.md).

-### Submit a pipeline run

-In this section, you'll set up a manual pipeline run and alter the pipeline parameter to score new data.

- The pipeline details page shows you a detailed run history and connection string information for your pipeline.

-You can find the REST endpoint of a pipeline endpoint in the run overview panel. By calling the endpoint, you're consuming its default published pipeline.

-When launching training runs on a [compute target](concept-compute-target.md), they are isolated from outside environments. The purpose of this design is to ensure reproducibility and portability of the experiment. If you run the same script twice, on the same or another compute target, you receive the same results. With this design, you can treat compute targets as stateless computation resources, each having no affinity to the jobs that are running after they are finished.

-Azure Machine Learning runs training scripts by copying the entire source directory. If you have sensitive data that you don't want to upload, use a [.ignore file](how-to-save-write-experiment-files.md#storage-limits-of-experiment-snapshots) or don't include it in the source directory. Instead, access your data using a [datastore](/python/api/azureml-core/azureml.data).

-For experiments, Azure Machine Learning automatically makes an experiment snapshot of your code based on the directory you suggest when you configure the run. This has a total limit of 300 MB and/or 2000 files. If you exceed this limit, you'll see the following error:

-Due to the isolation of training experiments, the changes to files that happen during runs are not necessarily persisted outside of your environment. If your script modifies the files local to compute, the changes are not persisted for your next experiment run, and they're not propagated back to the client machine automatically. Therefore, the changes made during the first experiment run don't and shouldn't affect those in the second.

-> Two folders, *outputs* and *logs*, receive special treatment by Azure Machine Learning. During training, when you write files to`./outputs` and`./logs` folders, the files will automatically upload to your run history, so that you have access to them once your run is finished.

-* **For output such as status messages or scoring results,** write files to the `./outputs` folder, so they are persisted as artifacts in run history. Be mindful of the number and size of files written to this folder, as latency may occur when the contents are uploaded to run history. If latency is a concern, writing files to a datastore is recommended.

-* **To save written file as logs in run history,** write files to `./logs` folder. The logs are uploaded in real time, so this method is suitable for streaming live updates from a remote run.

-# Configure and submit training runs

-In this article, you learn how to configure and submit Azure Machine Learning runs to train your models. Snippets of code explain the key parts of configuration and submission of a training script. Then use one of the [example notebooks](#notebooks) to find the full end-to-end working examples.

-All you need to do is define the environment for each compute target within a **script run configuration**. Then, when you want to run your training experiment on a different compute target, specify the run configuration for that compute.

-A [ScriptRunConfig](/python/api/azureml-core/azureml.core.scriptrunconfig) is used to configure the information necessary for submitting a training run as part of an experiment.

-The code pattern to submit a training run is the same for all types of compute targets:

-1. Submit the run

-1. Wait for the run to complete

-Create an [experiment](v1/concept-azure-machine-learning-architecture.md#experiments) in your workspace. An experiment is a light-weight container that helps to organize run submissions and keep track of code.

-You can either define your own environment, or use an Azure ML curated environment. [Curated environments](./how-to-use-environments.md#use-a-curated-environment) are predefined environments that are available in your workspace by default. These environments are backed by cached Docker images which reduces the run preparation cost. See [Azure Machine Learning Curated Environments](./resource-curated-environments.md) for the full list of available curated environments.

-## Create the script run configuration

-Now that you have a compute target (`my_compute_target`, see [Prerequisites](#prerequisites) and environment (`myenv`, see [Create an environment](#environment)), create a script run configuration that runs your training script (`train.py`) located in your `project_folder` directory:

-If you want to override the default maximum time allowed for the run, you can do so via the **`max_run_duration_seconds`** parameter. The system will attempt to automatically cancel the run if it takes longer than this value.

-> When you submit the training run, a snapshot of the directory that contains your training scripts is created and sent to the compute target. It is also stored as part of the experiment in your workspace. If you change files and submit the run again, only the changed files will be uploaded.

-> Two folders, *outputs* and *logs*, receive special treatment by Azure Machine Learning. During training, when you write files to folders named *outputs* and *logs* that are relative to the root directory (`./outputs` and `./logs`, respectively), the files will automatically upload to your run history so that you have access to them once your run is finished.

-> Similarly, you can write any logs from your training run to the `./logs` folder. To utilize Azure Machine Learning's [TensorBoard integration](https://github.com/Azure/MachineLearningNotebooks/blob/master/how-to-use-azureml/track-and-monitor-experiments/tensorboard/export-run-history-to-tensorboard/export-run-history-to-tensorboard.ipynb) make sure you write your TensorBoard logs to this folder. While your run is in progress, you will be able to launch TensorBoard and stream these logs. Later, you will also be able to restore the logs from any of your previous runs.

-> For example, to download a file written to the *outputs* folder to your local machine after your remote training run:

-When you start a training run where the source directory is a local Git repository, information about the repository is stored in the run history. For more information, see [Git integration for Azure Machine Learning](concept-train-model-git-integration.md).

-See these notebooks for examples of configuring runs for various training scenarios:

-* **Run fails with `jwt.exceptions.DecodeError`**: Exact error message: `jwt.exceptions.DecodeError: It is required that you pass in a value for the "algorithms" argument when calling decode()`.

- If you are running into this issue for local runs, check the version of PyJWT installed in your environment where you are starting runs. The supported versions of PyJWT are < 2.0.0. Uninstall PyJWT from the environment if the version is >= 2.0.0. You may check the version of PyJWT, uninstall and install the right version as follows:

- If you are submitting a user-created environment with your run, consider using the latest version of azureml-core in that environment. Versions >= 1.18.0 of azureml-core already pin PyJWT < 2.0.0. If you need to use a version of azureml-core < 1.18.0 in the environment you submit, make sure to specify PyJWT < 2.0.0 in your pip dependencies.

- * **ModuleErrors (No module named)**: If you are running into ModuleErrors while submitting experiments in Azure ML, the training script is expecting a package to be installed but it isn't added. Once you provide the package name, Azure ML installs the package in the environment used for your training run.

-* **NameError (Name not defined), AttributeError (Object has no attribute)**: This exception should come from your training scripts. You can look at the log files from Azure portal to get more information about the specific name not defined or attribute error. From the SDK, you can use `run.get_details()` to look at the error message. This will also list all the log files generated for your run. Please make sure to take a look at your training script and fix the error before resubmitting your run.

-* **Run or experiment deletion**: Experiments can be archived by using the [Experiment.archive](/python/api/azureml-core/azureml.core.experiment%28class%29#archive--)

- Permanent deletion of individual experiments or runs is not currently supported. For more information on deleting Workspace assets, see [Export or delete your Machine Learning service workspace data](how-to-export-delete-data.md).

-* **Metric Document is too large**: Azure Machine Learning has internal limits on the size of metric objects that can be logged at once from a training run. If you encounter a "Metric Document is too large" error when logging a list-valued metric, try splitting the list into smaller chunks, for example:

-In order to provision resources and run workloads on Azure, you have to sign in with your Azure account credentials. To assist with account management, Azure Machine Learning automatically installs the Azure Account extension. Visit the following site to [learn more about the Azure Account extension](https://marketplace.visualstudio.com/items?itemName=ms-vscode.azure-account).

-1. Select the run in your experiment you want to view.

- 

-> If you're looking for information on monitoring models deployed as web services, see [Collect model data](how-to-enable-data-collection.md) and [Monitor with Application Insights](how-to-enable-app-insights.md).

-git clone --depth 1 https://github.com/Azure/azureml-examples --branch

-Curated environments are Azure-defined collections of Python packages used in common ML workloads. Curated environments are available in your workspace by default. These environments are backed by cached Docker images, which reduce the run preparation overhead. The cards displayed in the "Curated environments" page show details of each environment. To learn more, see [curated environments in Azure Machine Learning](resource-curated-environments.md).

-To launch the job, choose **Create**. Once the job is created, Azure will show you the run details page, where you can monitor and manage your training job.

-To run a pipeline on a recurring basis, you'll create a schedule. A `Schedule` associates a pipeline, an experiment, and a trigger. The trigger can either be a`ScheduleRecurrence` that describes the wait between runs or a Datastore path that specifies a directory to watch for changes. In either case, you'll need the pipeline identifier and the name of the experiment in which to create the schedule.

-Create a `Schedule` that begins a run every 15 minutes:

-Pipelines that are triggered by file changes may be more efficient than time-based schedules. When you want to do something before a file is changed, or when a new file is added to a data directory, you can preprocess that file. You can monitor any changes to a datastore or changes within a specific directory within the datastore. If you monitor a specific directory, changes within subdirectories of that directory will _not_ trigger a run.

-In this page you can see summary information about all the pipelines in the Workspace: names, descriptions, status, and so forth. Drill in by clicking in your pipeline. On the resulting page, there are more details about your pipeline and you may drill down into individual runs.

-In this article, you used the Azure Machine Learning SDK for Python to schedule a pipeline in two different ways. One schedule recurs based on elapsed clock time. The other schedule runs if a file is modified on a specified `Datastore` or within a directory on that store. You saw how to use the portal to examine the pipeline and individual runs. You learned how to disable a schedule so that the pipeline stops running. Finally, you created an Azure Logic App to trigger a pipeline.

-For automated ML runs, you need to ensure the file datastore that connects to your AzureFile storage has the appropriate authentication credentials. Otherwise, the following message results. Learn how to [update your data access authentication credentials](how-to-train-with-datasets.md#azurefile-storage).

-When you try to create a new automated ML experiment via the **Edit and submit** button in the Azure Machine Learning studio, the data schema for the new experiment must match the schema of the data that was used in the original experiment. Otherwise, an error message similar to the following results. Learn more about how to [edit and submit experiments from the studio UI](how-to-use-automated-ml-for-ml-models.md#edit-and-submit-runs-preview).

-Find the image build log from the Azure Machine Learning portal (20\_image\_build\_log.txt) or from your Azure Container Registry task run logs.

-description: Learn how to view and evaluate charts and metrics for each of your automated machine learning experiment runs.

-In this article, learn how to evaluate and compare models trained by your automated machine learning (automated ML) experiment. Over the course of an automated ML experiment, many runs are created and each run creates a model. For each model, automated ML generates evaluation metrics and charts that help you measure the model's performance.

-## View run results

-After your automated ML experiment completes, a history of the runs can be found via:

- - A Jupyter notebook using the [RunDetails Jupyter widget](/python/api/azureml-widgets/azureml.widgets.rundetails)

-1. In the table at the bottom of the page, select an automated ML run.

-description: Learn how to set up AutoML training runs without a single line of code with Azure Machine Learning automated ML in the Azure Machine Learning studio.

-In this article, you learn how to set up AutoML training runs without a single line of code using Azure Machine Learning automated ML in the [Azure Machine Learning studio](overview-what-is-machine-learning-studio.md).

-1. Select **+ New automated ML run** and populate the form.

-1. On the **Configure run** form, select **Create new** and enter **Tutorial-automl-deploy** for the experiment name.

- Concurrency| *Max concurrent iterations*: Maximum number of pipelines (iterations) to test in the training job. The job will not run more than the specified number of iterations. Learn more about how automated ML performs [multiple child runs on clusters](how-to-configure-auto-train.md#multiple-child-runs-on-clusters).

- 1. Provide a test dataset (preview) to evaluate the recommended model that automated ML generates for you at the end of your experiment. When you provide test data, a test run is automatically triggered at the end of your experiment. This test run is only run on the best model that was recommended by automated ML. Learn how to get the [results of the remote test run](#view-remote-test-run-results-preview).

- * Test data is considered a separate from training and validation, so as to not bias the results of the test run of the recommended model. [Learn more about bias during model validation](concept-automated-ml.md#training-validation-and-test-data).

- * Forecasting runs do not support train/test split.

-The **Run Detail** screen opens to the **Details** tab. This screen shows you a summary of the experiment run including a status bar at the top next to the run number.

-

-### View training run details

-Drill down on any of the completed models to see training run details. On the **Model** tab view details like a model summary and the hyperparameters used for the selected model.

-## View remote test run results (preview)

-> * [Automated ML runs from local computes or Azure Databricks clusters](how-to-configure-auto-train.md#compute-to-run-experiment)

-To view the test run metrics of the recommended model,

-1. Select the run you want, and view the **Metrics** tab.

-1. On the **Datasets** page, select the **Explore** tab to view the predictions from the test run.

-The model test run generates the predictions.csv file that's stored in the default datastore created with the workspace. This datastore is visible to all users with the same subscription. Test runs are not recommended for scenarios if any of the information used for or created by the test run needs to remain private.

-1. Select an existing automated ML experiment run.

-1. Navigate to the **Models** tab of the run and select the completed model you want to test.

-1. On the **Test model** pane, select the compute cluster and a test dataset you want to use for your test run.

-1. Upon successful creation of model test run, the **Details** page displays a success message. Select the **Test results** tab to see the progress of the run.

-1. To view the results of the test run, open the **Details** page and follow the steps in the [view results of the remote test run](#view-remote-test-run-results-preview) section.

-1. Check the **Child runs** tab for the status.

-## Edit and submit runs (preview)

-The **Edit and submit** button opens the **Create a new Automated ML run** wizard with the data, compute and experiment settings pre-populated. You can go through each form and edit selections as needed for your new experiment.

- 1. After the experiment is complete, navigate to the parent run page by selecting **Run 1** at the top of the screen.

-* For definitions and examples of the performance charts and metrics provided for each run, see [Evaluate automated machine learning experiment results](how-to-understand-automated-ml.md).

-1. In the graph of the run, select the `batchscoring` step.

-To see a summary of all the submitted jobs for an endpoint, select the endpoint and then select the **Runs** tab.

-If you don't bring your own ACR, Azure Machine Learning service will create one for you when you perform an operation that needs one. For example, submit a training run to Machine Learning Compute, build an environment, or deploy a web service endpoint. The ACR created by the workspace will have admin user enabled, and you need to disable the admin user manually.

-Finally, when submitting a training run, specify the base image location in the [environment definition](how-to-use-environments.md#use-existing-environments).

-[MLflow](https://www.mlflow.org) is an open-source library for managing the life cycle of your machine learning experiments. MLFlow Tracking is a component of MLflow that logs and tracks your training run metrics and model artifacts. Learn more about [Azure Databricks and MLflow](/azure/databricks/applications/mlflow/).

-* [Track experiment runs with MLflow and Azure Machine Learning](how-to-use-mlflow.md).

-[MLflow](https://www.mlflow.org) is an open-source library for managing the lifecycle of your machine learning experiments. MLflow Tracking is a component of MLflow that logs and tracks your training run metrics and model artifacts, no matter your experiment's environment--locally on your computer, on a remote compute target, a virtual machine, or an [Azure Databricks cluster](how-to-use-mlflow-azure-databricks.md).

-> The information in this document is primarily for data scientists and developers who want to monitor the model training process. If you are an administrator interested in monitoring resource usage and events from Azure Machine Learning, such as quotas, completed training runs, or completed model deployments, see [Monitoring Azure Machine Learning](monitor-azure-machine-learning.md).

-### Start training run

-After you set the MLflow experiment name, you can start your training run with `start_run()`. Then use `log_metric()` to activate the MLflow logging API and begin logging your training run metrics.

-# Use MlFlow to retrieve the run that was just completed

-Register and track your models with the [Azure Machine Learning model registry](concept-model-management-and-deployment.md#register-package-and-deploy-models-from-anywhere), which supports the MLflow model registry. Azure Machine Learning models are aligned with the MLflow model schema making it easy to export and import these models across different workflows. The MLflow-related metadata, such as run ID, is also tracked with the registered model for traceability. Users can submit training runs, register, and deploy models produced from MLflow runs.

-To register and view a model from a run, use the following steps:

-1. Once a run is complete, call the [`register_model()`](https://mlflow.org/docs/latest/python_api/mlflow.html#mlflow.register_model) method.

- # the model folder produced from a run is registered. This includes the MLmodel file, model.pkl and the conda.yaml.

-1. Select MLmodel to see the MLmodel file generated by the run.

-Pipeline parameters are especially useful when resubmitting a pipeline run, [retraining models](how-to-retrain-designer.md), or [performing batch predictions](how-to-run-batch-predictions-designer.md).

-> * Trigger pipeline runs while adjusting pipeline parameters

-You can attach the same component parameters of duplicated components to the same pipeline parameter if you want to alter the value at one time when triggering the pipeline run.

-## Trigger a pipeline run with pipeline parameters

-In this section, you learn how to submit a pipeline run while setting pipeline parameters.

-### Resubmit a pipeline run

-After submitting a pipeline with pipeline parameters, you can resubmit a pipeline run with different parameters:

-1. Go to pipeline detail page. In the **Pipeline run overview** window, you can check current pipeline parameters and values.

-1. In the **Setup pipeline run**, specify your new pipeline parameters.

-> * Submit an experiment to start a run

-Create an [experiment](/python/api/azureml-core/azureml.core.experiment.experiment) to track your reinforcement learning run. In Azure Machine Learning, experiments are logical collections of related trials to organize run logs, history, outputs, and more.

-Azure Machine Learning uses estimator classes to encapsulate run configuration information. This lets you specify how to configure a script execution.

- # This will cut off the run after an hour

-## Submit a run

-Use the Azure Machine Learning Jupyter widget to see the status of your runs in real time. The widget shows two child runs: one for head and one for workers.

-1. Select the head run in the list of runs.

-Select **Click here to see the run in Azure Machine Learning studio** for additional run information in the studio. You can access this information while the run is in progress or after it completes.

-

-If you browse logs of the child run, you can see the evaluation results recorded in driver_log.txt file. You may need to wait several minutes before these metrics become available on the Run page.

-description: Learn how to pass secrets to training runs in secure fashion using the Azure Key Vault for your workspace.

-# Use authentication credential secrets in Azure Machine Learning training runs

-In this article, you learn how to use secrets in training runs securely. Authentication information such as your user name and password are secrets. For example, if you connect to an external database in order to query training data, you would need to pass your username and password to the remote run context. Coding such values into training scripts in cleartext is insecure as it would expose the secret.

-Instead, your Azure Machine Learning workspace has an associated resource called a [Azure Key Vault](../key-vault/general/overview.md). Use this Key Vault to pass secrets to remote runs securely through a set of APIs in the Azure Machine Learning Python SDK.

- 3. Submit a remote run.

- 4. Within the remote run, get the secret from Key Vault and use it.

-For runs submitted the [`Experiment.submit`](/python/api/azureml-core/azureml.core.experiment.experiment#submit-config--tags-none-kwargs-) , use the [`get_secret()`](/python/api/azureml-core/azureml.core.run.run#get-secret-name-) method with the [`Run`](/python/api/azureml-core/azureml.core.run%28class%29) class. Because a submitted run is aware of its workspace, this method shortcuts the Workspace instantiation and returns the secret value directly.

-# Code in submitted run

-To check details of the sweep step, double click the sweep step and navigate to the **child run** tab in the panel on the right.

-This will link you to the sweep job page as seen in the below screenshot. Navigate to **child run** tab, here you can see the metrics of all child runs and list of all child runs.

-If a child runs failed, select the name of that child run to enter detail page of that specific child run (see screenshot below). The useful debug information is under **Outputs + Logs**.

-This "data preparation" script doesn't do any real data transformation, but illustrates how to retrieve data, convert it to a spark dataframe, and how to do some basic Apache Spark manipulation. You can find the output in Azure Machine Learning Studio by opening the child run, choosing the **Outputs + logs** tab, and opening the `logs/azureml/driver/stdout` file, as shown in the following figure.

-The call to `pipeline.submit` creates, if necessary, an Experiment called `synapse-pipeline` and asynchronously begins a Run within it. Individual steps within the pipeline are run as Child Runs of this main run and can be monitored and reviewed in the Experiments page of Studio.

-* As a `DatasetConsumptionConfig` object through either the `inputs` or `arguments` parameter of your `ScriptRunConfig` object when submitting the experiment run.

-* Pass an `OutputFileDatasetConfig` object through either the `outputs` or `arguments` parameter when submitting an experiment run. `OutputFileDatasetConfig` objects can also be used to persist data between pipeline steps. See [Move data between ML pipeline steps.](how-to-move-data-in-out-of-pipelines.md)

-* Submit child run with an unregistered dataset in script. This results in an anonymous saved dataset.

-### Trace datasets in experiment runs

-For each Machine Learning experiment, you can easily trace the datasets used as input with the experiment `Run` object.

-## Submit a run and check results

-After you recreate your Studio (classic) experiment, it's time to submit a **pipeline run**.

-A pipeline run executes on a **compute target** attached to your workspace. You can set a default compute target for the entire pipeline, or you can specify compute targets on a per-module basis.

-Once you submit a run from a pipeline draft, it turns into a **pipeline run**. Each pipeline run is recorded and logged in Azure Machine Learning.

-Now that your compute target is set, you can submit a pipeline run:

- Experiments organize similar pipeline runs together. If you run a pipeline multiple times, you can select the same experiment for successive runs. This is useful for logging and tracking.

- The first run may take up to 20 minutes. Since the default compute settings have a minimum node size of 0, the designer must allocate resources after being idle. Successive runs take less time, since the nodes are already allocated. To speed up the running time, you can create a compute resources with a minimum node size of 1 or greater.

-After the run finishes, you can check the results of each module:

-1. After the run completes, at the top of the canvas, select **Create inference pipeline** > **Real-time inference pipeline**.

-1. After the run completes, at the top of the canvas, select **Create inference pipeline** > **Batch inference pipeline**.

-| `version` | string | Version of the model. If omitted, Azure ML will autogenerate a version. | |

-> Check how to navigate to the run results from the [View run results](../how-to-understand-automated-ml.md#view-run-results) section.

-### Get test run results

-You can get the predictions and metrics from the remote test run from the [Azure Machine Learning studio](../how-to-use-automated-ml-for-ml-models.md#view-remote-test-run-results-preview) or with the following code.

-The model test run generates the predictions.csv file that's stored in the default datastore created with the workspace. This datastore is visible to all users with the same subscription. Test runs are not recommended for scenarios if any of the information used for or created by the test run needs to remain private.

-To test other existing automated ML models created, best run or child run, use [`ModelProxy()`](/python/api/azureml-train-automl-client/azureml.train.automl.model_proxy.modelproxy) to test a model after the main AutoML run has completed. `ModelProxy()` already returns the predictions and metrics and does not require further processing to retrieve the outputs.

-The key vault administrator can also [enable logging of Key Vault audit events](../../azure-monitor/insights/key-vault-insights-overview.md), so they can be audited later.

-The key vault administrator can also [enable logging of Key Vault audit events](../../azure-monitor/insights/key-vault-insights-overview.md), so they can be audited later.

-Azure Route Server simplifies the exchange of routing information between any Network Virtual Appliance (NVA) that supports the Border Gateway Protocol (BGP) routing protocol and the Azure Software Defined Network (SDN) in the Azure Virtual Network (VNet) without the need to manually configure or maintain route tables. With the support for Next Hop IP in Azure Route Server, you can peer with NVAs deployed behind an Azure Internal Load Balancer (ILB). The internal load balancer lets you set up active-passive connectivity scenarios and leverage load balancing to improve connectivity performance.

-* You can peer multiple instances of your NVA with Azure Route Server. You can configure the BGP attributes in your NVA and, depending on your design (for example, active-active for performance or active-passive for resiliency), let Azure Route Server know which NVA instance is active or which one is passive.

-No, Azure Route Server doesn't support configuring a UDR on the RouteServerSubnet. It should be noted that Azure Route Server does not route any data traffic between NVAs and VMs.

-| Resource | Limit |

-|-|-|

-| Number of BGP peers supported | 8 |

-| Number of routes each BGP peer can advertise to Azure Route Server | 1000 |

-| Number of routes that Azure Route Server can advertise to ExpressRoute or VPN gateway | 200 |

-| Number of VMs in the virtual network (including peered virtual networks) that Azure Route Server can support | 2000 |

-The number of VMs that Azure Route Server can support is not a hard limit. This depends on how the Route Server infrastructure is deployed within an Azure Region.

-If your NVA advertises more routes than the limit, the BGP session will get dropped. In the event BGP session is dropped between the gateway and Azure Route Server, you'll lose connectivity from your on-premises network to Azure. For more information, see [Diagnose an Azure virtual machine routing problem](../virtual-network/diagnose-network-routing-problem.md).

-+ [Amazon Redshift](search-how-to-index-power-query-data-sources.md) (in preview)

-+ [Azure MySQL](search-howto-index-mysql.md) (in preview)

-+ [Elasticsearch](search-how-to-index-power-query-data-sources.md) (in preview)

-+ [PostgreSQL](search-how-to-index-power-query-data-sources.md) (in preview)

-+ [Salesforce Objects](search-how-to-index-power-query-data-sources.md) (in preview)

-+ [Salesforce Reports](search-how-to-index-power-query-data-sources.md) (in preview)

-+ [Smartsheet](search-how-to-index-power-query-data-sources.md) (in preview)

-+ [Snowflake](search-how-to-index-power-query-data-sources.md) (in preview)

-For more information on installing and configuring the agent for Windows, see [Connect Windows computers](../azure-monitor/agents/agent-windows.md#install-agent-using-setup-wizard).

-> For the Primary node type, you will not be able to go below 3 nodes for a Basic SKU cluster, and 5 nodes for a Standard SKU cluster.

-5) Adjust the `Node count` to the new value you want and select `Apply` at the bottom. In this screenshot, the value was `3` and adjusted to `5`.

-6) The `Provisioning state` will now show a status of `Updating` until complete. When complete, it will show `Succeeded` again.

-[adjust-node-count]: ./media/how-to-managed-cluster-modify-node-type/sfmc-adjust-node-counts.png

- 

- 

-1. In the vault, click **Diagnostic settings** > **Add diagnostic setting**.

-5. From the log list, select all the logs with the prefix **AzureSiteRecovery**. Then click **OK**.

-1. Go to the Log Analytics workspace and click on **Advanced Settings**.

-2. Click on **Connected Sources** page and further select **Windows Servers**.

-6. [Complete the agent installation](../azure-monitor/agents/agent-windows.md#install-agent-using-setup-wizard) by providing the obtained workspace ID and key.

-7. Once the installation is complete, go to Log Analytics workspace and click on **Advanced Settings**. Go to the **Data** page and further click on **Windows Performance Counters**.

-8. Click on **'+'** to add the following two counters with sample interval of 300 seconds:

-This query plots a trend graph for a specific disk **disk0** of a replicated item **win-9r7sfh9qlru**, that represents the data change rate (Write Bytes per Second), and data upload rate. You can find the disk name on **Disks** blade of the replicated item in the recovery services vault. Instance name to be used in the query is DNS name of the machine followed by _ and disk name as in this example.

- Set-AzSiteRecoveryVaultSettings -ARSVault $Vault

- `$Fabric = Get-AzSiteRecoveryFabric -FriendlyName <name of your configuration server>`

- `Remove-AzSiteRecoveryFabric -Fabric $Fabric [-Force]`

-> The **-Force** option in the Remove-AzSiteRecoveryFabric can be used to force the removal/deletion of the Configuration server.

- Set-AzSiteRecoveryVaultSettings -ARSVault $vault

- `$fabric = Get-AzSiteRecoveryFabric -FriendlyName <name of your configuration server>`

- `Remove-AzSiteRecoveryFabric -Fabric $fabric [-Force]`

-> You can use the **-Force** option in Remove-AzSiteRecoveryFabric for forced deletion of the configuration server.

-| [Storage Analytics metrics (classic)](../common/storage-analytics-metrics.md?toc=%2fazure%2fstorage%2fblobs%2ftoc.json) |  |  |  |  |

-| [Storage Analytics metrics (classic)](../common/storage-analytics-metrics.md?toc=%2fazure%2fstorage%2fblobs%2ftoc.json) |  |  |  |  |

-az extension add -name storage-preview

- $netBiosDomainName = $domainInformation.DnsRoot

-## Virtual machine restore points (preview)

-|Disk Size (GiB) |Maximum available IOPS |Maximum available throughput (MB/s) |

-|1-64 |3,000-80,000 (Increases by 500 IOPS per GiB) |125-1,200 (increases by 0.25 MB/s per set IOPS) |

-1. To use an SAP access control list (ACL) to restrict access by IP address, add the IP address of the **sapmon** collector VM to the ACL.

- - **Enterprise Agreement**: Outbound port 25 communication is allowed. You're able to send an outbound email directly from virtual machines to external email providers, with no restrictions from the Azure platform.

- - **Pay-as-you-go:** Outbound port 25 communication is blocked from all resources. If you need to send email from a virtual machine directly to external email providers (not using an authenticated SMTP relay), you can make a request to remove the restriction. Requests are reviewed and approved at Microsoft's discretion and are only granted after anti-fraud checks are performed. To make a request, open a support case with the issue type *Technical*, *Virtual Network Connectivity*, *Can't send e-mail (SMTP/Port 25)*. In your support case, include details about why your subscription needs to send email directly to mail providers, instead of going through an authenticated SMTP relay. If your subscription is exempted, only virtual machines created after the exemption date are able to communicate outbound over port 25.

- - **MSDN, Azure Pass, Azure in Open, Education, BizSpark, and Free trial**: Outbound port 25 communication is blocked from all resources. No requests to remove the restriction can be made, because requests aren't granted. If you need to send email from your virtual machine, you have to use an SMTP relay service.

- - **Cloud service provider**: Outbound port 25 communication may be blocked for Azure customers using a cloud service provider. In cases where a secure SMTP relay can't be used, you can create a support case with your cloud service provider, and request that the provider create an unblock case on your behalf.

- If Azure allows you to send email over port 25, Microsoft can't guarantee email providers will accept inbound email from your virtual machine. If a specific provider rejects mail from your virtual machine, work directly with the provider to resolve any message delivery or spam filtering issues, or use an authenticated SMTP relay service.