-With Azure Active Directory B2C (Azure AD B2C) [HTML templates](customize-ui-with-html.md), you can craft your users' identity experiences. Your HTML templates can contain only certain HTML tags and attributes. Basic HTML tags, such as &lt;b&gt;, &lt;i&gt;, &lt;u&gt;, &lt;h1&gt;, and &lt;hr&gt; are allowed. More advanced tags such as &lt;script&gt;, and &lt;iframe&gt; are removed for security reasons but the `<script>` tag should be added in the `<head>` tag.

-Azure OpenAI On Your Data Retrieval Augmented Generation (RAG) service that leverages both a search service (such as Azure AI Search) and generation (Azure OpenAI models) to let users get answers for their questions based on provided data.

-* If the ingestion is triggered by a [scheduled refresh](../concepts/use-your-data.md#schedule-automatic-index-refreshes), the ingestion process starts from step 7.

- 1. Uses a heuristic-based algorithm to perform chunking, honoring table layouts and other formatting elements in the chunk boundary to ensure the best chunking quality.

- 1. If you choose to enable vector search, Azure OpenAI uses the selected embedding deployment to vectorize the chunks internally.

-When you send API calls to chat with an Azure OpenAI model on your data, the service needs to retrieve the index fields during inference to perform fields mapping automatically if the fields mapping isn't explicitly set in the request. Therefore the service requires the Azure OpenAI identity to have the `Search Service Contributor` role for the search service even during inference.

-If an embedding deployment is provided in the inference request, the rewritten query will be vectorized by Azure OpenAI, and both query and vector are sent Azure AI Search for vector search.

-Azure OpenAI On Your Data lets you restrict the documents that can be used in responses for different users with Azure AI Search [security filters](/azure/search/search-security-trimming-for-azure-search-with-aad). When you enable document level access, the search results returned from Azure AI Search and used to generate a response will be trimmed based on user Microsoft Entra group membership. You can only enable document-level access on existing Azure AI Search indexes. To enable document-level access:

-1. Follow the steps in the [Azure AI Search documentation](/azure/search/search-security-trimming-for-azure-search-with-aad) to register your application and create users and groups.

-1. [Index your documents with their permitted groups](/azure/search/search-security-trimming-for-azure-search-with-aad#index-document-with-their-permitted-groups). Be sure that your new [security fields](/azure/search/search-security-trimming-for-azure-search#create-security-field) have the schema below:

-1. Make sure each sensitive document in the index has the value set correctly on this security field to indicate the permitted groups of the document.

-1. In [Azure OpenAI Studio](https://oai.azure.com/portal), add your data source. in the [index field mapping](../concepts/use-your-data.md#index-field-mapping) section, you can map zero or one value to the **permitted groups** field, as long as the schema is compatible. If the **Permitted groups** field isn't mapped, document level access won't be enabled.

-Once the Azure AI Search index is connected, your responses in the studio will have document access based on the Microsoft Entra permissions of the logged in user.

-Use the following sections to configure your resources for optimal secure usage. Even if you plan to only secure part of your resources, you still need to follow all the steps below.

-> [!TIP]

-> You can use the bash script available on [GitHub](https://github.com/microsoft/sample-app-aoai-chatGPT/blob/main/scripts/validate-oyd-vnet.sh) to validate your setup, and determine if all of the requirements listed here are being met.

-1. The first subnet is used for the private IPs of the three private endpoints.

-1. The second subnet is created automatically when you create the virtual network gateway.

-Note the Microsoft managed virtual network is created by Microsoft, and you cannot see it. The Microsoft managed virtual network is used by Azure OpenAI to securely access your Azure AI Search.

-If you created the Azure OpenAI via Azure portal, the [custom subdomain](/azure/ai-services/cognitive-services-custom-subdomains) should have been created already. The custom subdomain is required for Microsoft Entra ID based authentication, and private DNS zone.

-You can use basic pricing tier and higher for the configuration below. It's not necessary, but if you use the S2 pricing tier you will see [additional options](#create-shared-private-link) available for selection.

-As Azure OpenAI uses managed identity to access Azure AI Search, you need to enable role-based access control in your Azure AI Search. To do it on Azure portal, select **Both** in the **Keys** tab in the Azure portal.

-To enable role-based access control via the REST API, set `authOptions` as `aadOrApiKey`. For more information, see the [Azure AI Search RBAC article](/azure/search/search-security-rbac?tabs=config-svc-rest%2Croles-portal%2Ctest-portal%2Ccustom-role-portal%2Cdisable-keys-portal#configure-role-based-access-for-data-plane).

-```json

-"disableLocalAuth": false,

-"authOptions": {

- "aadOrApiKey": {

- "aadAuthFailureMode": "http401WithBearerChallenge"

- }

-}

-```

-> [!NOTE]

-> To allow access to your Azure AI Search resource from Azure OpenAI resource, you need to submit an [application form](https://aka.ms/applyacsvpnaoaioyd). The application will be reviewed in 5 business days and you will be contacted via email about the results. If you are eligible, we will provision the private endpoint in Microsoft managed virtual network, and send a private endpoint connection request to your search service, and you will need to approve the request.

-The private endpoint resource is provisioned in a Microsoft managed tenant, while the linked resource is in your tenant. You can't access the private endpoint resource by just clicking the **private endpoint** link (in blue font) in the **Private access** tab of the **Networking page**. Instead, click elsewhere on the row, then the **Approve** button above should be clickable.

-Learn more about the [manual approval workflow](/azure/private-link/private-endpoint-overview#access-to-a-private-link-resource-using-approval-workflow).

-With shared private link, [step eight](#data-ingestion-architecture) of the data ingestion architecture diagram is changed from **bypass trusted service** to **private endpoint**.

-The Azure AI Search shared private link you created is also in a Microsoft managed virtual network, not your virtual network. The difference compared to the other managed private endpoint created [earlier](#disable-public-network-access-1) is that the managed private endpoint `[1]` from Azure OpenAI to Azure Search is provisioned through the [form application](#disable-public-network-access-1), while the managed private endpoint `[2]` from Azure Search to Azure OpenAI is provisioned via Azure portal or REST API of Azure Search.

-To allow access to your Storage Account from Azure OpenAI and Azure AI Search, while the Storage Account has no public network access, you need to set up Storage Account to bypass your Azure OpenAI and Azure AI Search as [trusted services based on managed identity](/azure/storage/common/storage-network-security?tabs=azure-portal#trusted-access-based-on-a-managed-identity).

-> [Azure Open AI On Your Data](../../openai/concepts/use-your-data.md) utilizes large language models (LLMs) to produce similar results to QnA Maker. If you wish to migrate your QnA Maker project to Azure Open AI On Your Data, please check out our [guide](../How-To/migrate-to-openai.md).

-By setting a header `extra-parameters: allow`, the API will attempt to pass any unknown parameter directly to the underlying model. If the model can handle that parameter, the request completes.

-extra-parameters: allow

-> Alternatively, you can set `extra-parameters: drop` to drop any unknown parameter in the request. Use this capability in case you happen to be sending requests with extra parameters that you know the model won't support but you want the request to completes anyway. A typical example of this is indicating `seed` parameter.

-| extra-parameters | | string | The behavior of the API when extra parameters are indicated in the payload. Using `allow` makes the API to pass the parameter to the underlying model. Use this value when you want to pass parameters that you know the underlying model can support. Using `drop` makes the API to drop any unsupported parameter. Use this value when you need to use the same payload across different models, but one of the extra parameters may make a model to error out if not supported. Using `error` makes the API to reject any extra parameter in the payload. Only parameters specified in this API can be indicated, or a 400 error is returned. |

-| status | integer | The HTTP status code. |

-| extra-parameters | | string | The behavior of the API when extra parameters are indicated in the payload. Using `allow` makes the API to pass the parameter to the underlying model. Use this value when you want to pass parameters that you know the underlying model can support. Using `drop` makes the API to drop any unsupported parameter. Use this value when you need to use the same payload across different models, but one of the extra parameters may make a model to error out if not supported. Using `error` makes the API to reject any extra parameter in the payload. Only parameters specified in this API can be indicated, or a 400 error is returned. |

-| extra-parameters | | string | The behavior of the API when extra parameters are indicated in the payload. Using `allow` makes the API to pass the parameter to the underlying model. Use this value when you want to pass parameters that you know the underlying model can support. Using `drop` makes the API to drop any unsupported parameter. Use this value when you need to use the same payload across different models, but one of the extra parameters may make a model to error out if not supported. Using `error` makes the API to reject any extra parameter in the payload. Only parameters specified in this API can be indicated, or a 400 error is returned. |

-* You can delete system node pools if you have another system node pool to take its place in the AKS cluster. Otherwise, you cannot delete the system node pool.

- --generate-ssh-keys \

- az keyvault secret set --vault-name $AKV_NAME --name cert-chain --file <path/cert-chain.pem>

- apicID=$(az apic service show --name <apic-name> --resource-group <resource-group-name> \

- $apicID=$(az apic service show --name <apic-name> --resource-group <resource-group-name> `

- apicID=$(az apic service show --name <apic-name> --resource-group <resource-group-name> \

- $apicID=$(az apic service show --name <apic-name> --resource-group <resource-group-name> `

-* **Option 2** - Import APIs directly from API Management to your API center using the [az apic service import-from-apim](/cli/azure/apic/service#az-apic-service-import-from-apim) command.

-> [!VIDEO https://www.youtube.com/embed/SuGkhuBUV5k]

-The following example command exports the API with identifier *my-api* in the *myAPIManagement* instance of API. The API is exported in OpenApiJson format to a local OpenAPI definition file named *specificationFile.json*.

-az apic api register --resource-group myResourceGroup --service myAPICenter --api-location "/path/to/definitionFile.json"

- --resource-group myResourceGroup --service myAPICenter \

- --resource-group myResourceGroup --service myAPICenter `

-The following are steps to import APIs from your API Management instance to your API center using the [az apic service import-from-apim](/cli/azure/apic/service#az-apic-service-import-from-apim) command. This command is useful when you want to import multiple APIs from API Management to your API center, but you can also use it to import a single API.

-When you add APIs from an API Management instance to your API center using `az apic service import-from-apim`, the following happens automatically:

-Set the system-assigned identity in your API center using the following [az apic service update](/cli/azure/apic/service#az-apic-service-update) command. Substitute the names of your API center and resource group:

-az apic service update --name <api-center-name> --resource-group <resource-group-name> --identity '{"type": "SystemAssigned"}'

-1. Get the principal ID of the identity. For a system-assigned identity, use the [az apic service show](/cli/azure/apic/service#az-apic-service-show) command.

- apicObjID=$(az apic service show --name <api-center-name> \

- $apicObjID=$(az apic service show --name <api-center-name> `

-Use the [az apic service import-from-apim](/cli/azure/apic/service#az-apic-service-import-from-apim) command to import one or more APIs from your API Management instance to your API center.

-Use a wildcard (`*`) to specify all APIs from the API Management instance.

-1. Get the resource ID of your API Management instance using the [az apim show](/cli/azure/apim#az-apim-show) command.

- ```azurecli

- #! /bin/bash

- apimID=$(az apim show --name <apim-name> --resource-group <resource-group-name> --query id --output tsv)

- ```

- ```azurecli

- # PowerShell syntax

- $apimID=$(az apim show --name <apim-name> --resource-group <resource-group-name> --query id --output tsv)

- ```

-

-1. Use the `az apic service import-from-apim` command to import the APIs. Substitute the names of your API center and resource group, and use `*` to specify all APIs from the API Management instance.

- ```azurecli

- az apic service import-from-apim --service-name <api-center-name> --resource-group <resource-group-name> --source-resource-ids $apimID/apis/*

- ```

- > [!NOTE]

- > If your API Management instance has a large number of APIs, import to your API center might take some time.

-1. Get the resource ID of your API Management instance using the [az apim show](/cli/azure/apim#az-apim-show) command.

- ```azurecli

- #! /bin/bash

- apimID=$(az apim show --name <apim-name> --resource-group <resource-group-name> --query id --output tsv)

- ```

- ```azurecli

- # PowerShell syntax

- $apimID=$(az apim show --name <apim-name> --resource-group <resource-group-name> --query id --output tsv)

- ```

-

-1. Use the `az apic service import-from-apim` command to import the API. Substitute the names of your API center and resource group, and specify an API name from the API Management instance.

- ```azurecli

- az apic service import-from-apim --service-name <api-center-name> --resource-group <resource-group-name> --source-resource-ids $apimID/apis/<api-name>

- ```

-

- > [!NOTE]

- > Specify `<api-name>` using the API resource name in the API Management instance, not the display name. Example: `petstore-api` instead of `Petstore API`.

-> [!VIDEO https://www.youtube.com/embed/Dvar8Dg25s0]

- --service myAPICenter --api-id petstore-api \

- --service myAPICenter --api-id petstore-api \

- --service myAPICenter --api-id petstore-api \

- --resource-group myResourceGroup --service myAPICenter \

- --resource-group myResourceGroup --service myAPICenter \

- --service myAPICenter --api-location "/Path/to/specificationFile.json"

- --resource-group myResoureGroup --service myAPICenter \

-Create an API center using the [`az apic service create`](/cli/azure/apic/service#az-apic-service-create) command.

-az apic service create --name MyApiCenter --resource-group MyGroup --location westeurope

- "createdAt": "2024-04-22T21:40:35.2541624Z",

- "lastModifiedAt": "2024-04-22T21:40:35.2541624Z"

-|Migrate cannot be called on this ASE until the active upgrade has finished. |App Service Environments can't be migrated during platform upgrades. You can set your [upgrade preference](how-to-upgrade-preference.md) from the Azure portal. In some cases, an upgrade is initiated when visiting the migration page if your App Service Environment isn't on the current build. |Wait until the upgrade finishes and then migrate. |

-|Migrate cannot be called on this ASE until the active upgrade has finished. |App Service Environments can't be migrated during platform upgrades. You can set your [upgrade preference](how-to-upgrade-preference.md) from the Azure portal. In some cases, an upgrade is initiated when visiting the migration page if your App Service Environment isn't on the current build. |Wait until the upgrade finishes and then migrate. |

- | **Privacy protection** | Enabled by default. Privacy protection hides your domain registration contact information from the WHOIS database. Privacy protection is already included in the yearly domain registration fee. To opt out, select **Disable**. |

-description: Find terraform samples for some of the common App Service scenarios. Learn how to automate your App Service deployment or management tasks.

-The following table includes links to terraform scripts.

-1. Install open source Redis server to a client VM you can use for testing. The redis-benchmark utility is built into the open source Redis distribution. Follow the [Redis documentation](https://redis.io/docs/latest/operate/oss_and_stack/install/install-redis/) for instructions on how to install the open source image.

-The following tables show the maximum throughput values that were observed while testing various sizes of Standard, Premium, Enterprise, and Enterprise Flash caches. We used `redis-benchmark` from an IaaS Azure VM against the Azure Cache for Redis endpoint. The throughput numbers are only for GET commands. Typically, SET commands have a lower throughput. These numbers are optimized for throughput. Real-world throughput under acceptable latency conditions may be lower.

-| Instance | Size | vCPUs | Expected network bandwidth (Mbps)| GET requests per second without SSL (1-kB value size) | GET requests per second with SSL (1-kB value size) |

-| Instance | Size | vCPUs | Expected network bandwidth (Mbps)| GET requests per second without SSL (1-kB value size) | GET requests per second with SSL (1-kB value size) |

-The following tables show the GET requests per second at different capacities, using SSL and a 1-kB value size.

- - The Enterprise and Enterprise Flash tiers use Redis Enterprise rather than open source Redis. One of the advantages of these tiers is that the Redis server process can take advantage of multiple vCPUs. Because of that, both scaling up and scaling out in these tiers can be helpful in reducing server load. For more information, see [Best Practices for the Enterprise and Enterprise Flash tiers of Azure Cache for Redis](cache-best-practices-enterprise-tiers.md).

- - If the Redis server exceeds the available bandwidth, clients requests could time out because the server can't push data to the client fast enough. Check "Cache Read" and "Cache Write" metrics to see how much server-side bandwidth is being used. If your Redis server is exceeding available network bandwidth, you should consider scaling out or scaling up to a larger cache size with higher network bandwidth.

-No, some features can only be set when you create a cache in Premium tier, and are not available after scaling.

-These features cannot be added after you create the Premium cache:

-If a scaling operation fails, the service tries to revert the operation, and the cache will revert to the original size.

- Other clients may have different requirements. See [Do all Redis clients support clustering?](#do-all-redis-clients-support-clustering)

-The Redis clustering protocol requires each client to connect to each shard directly in clustering mode, and also defines new error responses such as 'MOVED' na 'CROSSSLOTS'. When you attempt to use a client library that doesn't support clustering, with a cluster mode cache, the result can be many [MOVED redirection exceptions](https://redis.io/topics/cluster-spec#moved-redirection), or just break your application, if you're doing cross-slot multi-key requests.

-Yes. First, ensure that your cache is in the Premium tier by scaling it up. Next, you can see the cluster configuration options, including an option to enable cluster. Change the cluster size after the cache is created, or after you have enabled clustering for the first time.

-OSS Cluster Mode is the same as clustering on the Premium tier and follows the open source clustering specification. Enterprise Cluster Mode can be less performant, but uses Redis Enterprise clustering, which doesn't require any client changes to use. For more information, see [Clustering on Enterprise](cache-best-practices-enterprise-tiers.md#clustering-on-enterprise).

-Unlike Basic, Standard, and Premium tier caches, Enterprise and Enterprise Flash caches can take advantage of multiple shards on a single node. For more information, see [Sharding and CPU utilization](cache-best-practices-enterprise-tiers.md#sharding-and-cpu-utilization).

-# Manage your function app

-In Azure Functions, a function app provides the execution context for your individual functions. Function app behaviors apply to all functions hosted by a given function app. All functions in a function app must be of the same [language](supported-languages.md).

-Individual functions in a function app are deployed together and are scaled together. All functions in the same function app share resources, per instance, as the function app scales.

-1. To begin, sign in to the [Azure portal] using your Azure account. In the search bar at the top of the portal, enter the name of your function app and select it from the list.

-2. Under **Settings** in the left pane, select **Configuration**.

- :::image type="content" source="./media/functions-how-to-use-azure-function-app-settings/azure-function-app-main.png" alt-text="Function app overview in the Azure portal":::

-You can navigate to everything you need to manage your function app from the overview page, in particular the **[Application settings](#settings)** and **[Platform features](#platform-features)**.

-You can create any number of application settings required by your function code. There are also predefined application settings used by Functions. To learn more, see the [App settings reference for Azure Functions](functions-app-settings.md).

-These settings are stored encrypted. To learn more, see [Application settings security](security-concepts.md#application-settings).

-Application settings can be managed from the [Azure portal](functions-how-to-use-azure-function-app-settings.md?tabs=portal#settings) and by using the [Azure CLI](functions-how-to-use-azure-function-app-settings.md?tabs=azurecli#settings) and [Azure PowerShell](functions-how-to-use-azure-function-app-settings.md?tabs=powershell#settings). You can also manage application settings from [Visual Studio Code](functions-develop-vs-code.md#application-settings-in-azure) and from [Visual Studio](functions-develop-vs.md#function-app-settings).

-### [Portal](#tab/portal)

-To find the application settings, see [Get started in the Azure portal](#get-started-in-the-azure-portal).

-The **Application settings** tab maintains settings that are used by your function app. You must select **Show values** to see the values in the portal.

-To add a setting in the portal, select **New application setting** and add the new key-value pair.

-

-The [`az functionapp config appsettings list`](/cli/azure/functionapp/config/appsettings#az-functionapp-config-appsettings-list) command returns the existing application settings, as in the following example:

-The [`Get-AzFunctionAppSetting`](/powershell/module/az.functions/get-azfunctionappsetting) cmdlet returns the existing application settings, as in the following example:

-When you develop a function app locally, you must maintain local copies of these values in the local.settings.json project file. To learn more, see [Local settings file](functions-develop-local.md#local-settings-file).

-Azure Functions supports deploying project code to your function app by using FTPS. Because this deployment method requires you to [sync triggers](functions-deployment-technologies.md#trigger-syncing), this method isn't recommended. To securely transfer project files, always use FTPS and not FTP.

-You can get the credentials required for FTPS deployment using one of these methods:

-### [Portal](#tab/portal)

-You can get the FTPS publishing credentials in the Azure portal by downloading the publishing profile for your function app.

-> The publishing profile contains important security credentials. You should always secure the downloaded file on your local computer.

-3. In the file, locate the `publishProfile` element with the attribute `publishMethod="FTP"`. In this element, the `publishUrl`, `userName`, and `userPWD` attributes contain the target URL and credentials for FTPS publishing.

-When you create a function app, you also create a hosting plan in which the app runs. A plan can have one or more function apps. The functionality, scaling, and pricing of your functions depend on the type of plan. To learn more, see [Azure Functions hosting options](functions-scale.md).

-You can determine the type of plan being used by your function app from the Azure portal, or by using the Azure CLI or Azure PowerShell APIs.

-| Plan type | Portal | Azure CLI/PowerShell |

-### [Portal](#tab/portal)

-To determine the type of plan used by your function app, see **App Service plan** in the **Overview** tab for the function app in the [Azure portal](https://portal.azure.com). To see the pricing tier, select the name of the **App Service Plan**, and then select **Properties** from the left pane.

-

-In the previous example replace `<RESOURCE_GROUP>` and `<FUNCTION_APP_NAME>` with the resource group and function app names, respective.

-In the previous example replace `<RESOURCE_GROUP>` and `<FUNCTION_APP_NAME>` with the resource group and function app names, respective.

-+ Direct migration to a Dedicated (App Service) plan isn't currently supported.

-+ Migration isn't supported on Linux.

-+ State and other app-specific content is maintained, since the same Azure Files share is used by the app both before and after migration.

-### [Portal](#tab/portal)

-### [Consumption-to-Premium](#tab/to-premium/portal)

-### [Premium-to-Consumption](#tab/to-consumption/portal)

-1. Run the [az functionapp create](/cli/azure/functionapp/plan#az-functionapp-plan-create) command as follows to create a new App Service plan (Elastic Premium) in the same region and resource group as your existing function app:

-1. When you no longer need the Consumption plan originally used by the app, delete your original plan after confirming you have successfully migrated to the new one. Run the [az functionapp plan list](/cli/azure/functionapp/plan#az-functionapp-plan-list) command as follows to get a list of all Consumption plans in your resource group:

-

- The Consumption plan name is the final segment of the fully-qualified resource ID that's returned.

-

-1. When you no longer need the Premium plan originally used by the app, delete your original plan after confirming you have successfully migrated to the new one. Until the Premium plan is deleted, you continue to be charged for it. Run the [az functionapp plan list](/cli/azure/functionapp/plan#az-functionapp-plan-list) command as follows to get a list of all Premium plans in your resource group:

-1. Run the [New-AzFunctionAppPlan](/powershell/module/az.functions/new-azfunctionappplan) command as follows to create a new App Service plan (Elastic Premium) in the same region and resource group as your existing function app:

-1. Run the [New-AzFunctionApp](/powershell/module/az.functions/new-azfunctionapp) command as follows to create a new function app (Consumption) in the same region and resource group as your existing function app. This command also creates a new Consumption plan in which the function app runs:

-

-HTTP triggered functions can generally be called by using a URL in the format: `https://<APP_NAME>.azurewebsites.net/api/<FUNCTION_NAME>`. When the authorization to your function is set a value other than `anonymous`, you must also provide an access key in your request. The access key can either be provided in the URL using the `?code=` query string or in the request header. To learn more, see [Function access keys](functions-bindings-http-webhook-trigger.md#authorization-keys). There are several ways to get your access keys.

-### [Portal](#tab/portal)

-1. In the left navigation under **Functions**, select **App keys**.

- This returns the host keys, which can be used to access any function in the app. It also returns the system key, which gives anyone administrator-level access to the all function app APIs.

-You can also practice least privilege by using the key just for the specific function key by selecting **Function keys** under **Developer** in your HTTP triggered function.

-Run the following script, the output of which is the [default (host) key](functions-bindings-http-webhook-trigger.md#authorization-scopes-function-level) that can be used to access any HTTP triggered function in the function app.

-In this script, replace `<SUBSCRIPTION_ID>` and `<APP_NAME>` with the ID of your subscription and your function app name, respective.

-You must consider these limitations when developing your functions in the [Azure portal](https://portal.azure.com):

-+ In-portal editing is currently only supported for functions that were created or last modified in the portal.

-+ In-portal editing is only supported for JavaScript, PowerShell, Python, and C# Script functions.

-+ In-portal editing isn't currently supported in the preview release of the [Flex Consumption plan](flex-consumption-plan.md#considerations).

-+ When you deploy code to a function app from outside the portal, you can no longer edit any of the code for that function app in the portal. In this case, just continue using [local development](functions-develop-local.md).

-When possible, you should develop your functions locally and publish your code project to a function app in Azure. For more information, see [Code and test Azure Functions locally](functions-develop-local.md).

-C# class library functions can include the NuGet packages for [binding extensions](functions-bindings-register.md) directly in the class library project. For other non-.NET languages and C# script, you should [use extension bundles](functions-bindings-register.md#extension-bundles). If you must manually install extensions, you can do so by [using Azure Functions Core Tools](./functions-core-tools-reference.md#func-extensions-install) locally. If you can't use extension bundles and are only able to work in the portal, you need to use [Advanced Tools (Kudu)](#kudu) to manually create the extensions.csproj file directly in the site. Make sure to first remove the `extensionBundle` element from the host.json file.

-This same process works for any other file you need to add to your app.

-> When possible, you shouldn't edit files directly in your function app in Azure. We recommend [downloading your app files locally](deployment-zip-push.md#download-your-function-app-files), using [Core Tools to install extensions](./functions-core-tools-reference.md#func-extensions-install) and other packages, validating your changes, and then [republishing your app using Core Tools](functions-run-local.md#publish) or one of the other [supported deployment methods](functions-deployment-technologies.md#deployment-methods).

-The Functions editor built into the Azure portal lets you update your function code and configuration files directly in the portal.

-1. Select your function app, then under **Functions** select **Functions**.

-1. Choose your file to edit and select **Save** when you're done.

-Files in the root of the app, such as function.proj or extensions.csproj need to be created and edited by using the [Advanced Tools (Kudu)](#kudu).

-1. Select your function app, then under **Development tools** select **Advanced tools** > **Go**.

-1. If prompted, sign-in to the SCM site with your Azure credentials.

-1. Name the file, such as `extensions.csproj` and press Enter.

-1. Select the edit button next to the new file, add or update code in the file, and select **Save**.

-1. For a project file like extensions.csproj, run the following command to rebuild the extensions project:

-Function apps run in, and are maintained by, the Azure App Service platform. As such, your function apps have access to most of the features of Azure's core web hosting platform. When working in the [Azure portal](https://portal.azure.com), the left pane is where you access the many features of the App Service platform that you can use in your function apps.

-The following matrix indicates portal feature support by hosting plan and operating system:

-| Feature | Consumption plan | Premium plan | Dedicated plan |

-

-The App Service editor is an advanced in-portal editor that you can use to modify JSON configuration files and code files alike. Choosing this option launches a separate browser tab with a basic editor. This enables you to integrate with the Git repository, run and debug code, and modify function app settings. This editor provides an enhanced development environment for your functions compared with the built-in function editor.

-We recommend that you consider developing your functions on your local computer. When you develop locally and publish to Azure, your project files are read-only in the portal. To learn more, see [Code and test Azure Functions locally](functions-develop-local.md).

-

-The in-portal console is an ideal developer tool when you prefer to interact with your function app from the command line. Common commands include directory and file creation and navigation, as well as executing batch files and scripts.

-

-The advanced tools for App Service (also known as Kudu) provide access to advanced administrative features of your function app. From Kudu, you manage system information, app settings, environment variables, site extensions, HTTP headers, and server variables. You can also launch **Kudu** by browsing to the SCM endpoint for your function app, like `https://<myfunctionapp>.scm.azurewebsites.net/`

-#### [Portal](#tab/portal)

-When you configure the **Allowed origins** list for your function app, the `Access-Control-Allow-Origin` header is automatically added to all responses from HTTP endpoints in your function app.

-

-The wildcard (\*) is ignored if there's another domain entry.

-

-When functions use an HTTP trigger, you can require calls to first be authenticated. App Service supports Microsoft Entra authentication and sign-in with social providers, such as Facebook, Microsoft, and Twitter. For details on configuring specific authentication providers, see [Azure App Service authentication overview](../app-service/overview-authentication-authorization.md).

-## Next steps

-+ [Configure Azure App Service Settings](../app-service/configure-common.md)

-[//]: # "DON'T change the format (column schema, etc.) of the below table without consulting glinuxagent alias. The [Azure Monitor Linux Agent Troubleshooting Tool](https://github.com/Azure/azure-linux-extensions/blob/master/AzureMonitorAgent/ama_tst/AMA-Troubleshooting-Tool.md) parses the below table at runtime to determine the latest version of AMA; altering the format could degrade some of the functions of the tool."

-| May 2024 |**Windows**<ul><li>Upgraded Fluent-bit version to 3.0.5. This resolves as security issue in fluent-bit (NVD - CVE-2024-4323 (nist.gov)</li><li>Disabled Fluent-bit logging that caused disk exhaustion issues for some customers. Example error is Fluentbit log with "[C:\projects\fluent-bit-2e87g\src\flb_scheduler.c:72 errno=0] No error" fills up the entire disk of the server.</li><li>Fixed AMA extension getting stuck in deletion state on some VMΓÇÖs that are using Arc. This is a reliability improvement.</li><li>Fixed AMA not using system proxy, this is a bug introduced in 1.26.0. This was caused by a new feature to use Arc agentΓÇÖs proxy settings. When the system proxy as set as None the proxy was broke in 1.26.</li><li>Fixed Windows Firewall Logs log file rollover issues</li></ul>**Linux**<ul><li>Comming Soon</ul></li>| 1.27.0 | |

-| April 2024 |**Windows**<ul><li>In preparation for the May 17 public preview of Firewall Logs the agent completed the addition of a profile filter for Domain, Public, and Private Logs. </li><li>AMA running on an Arc enabled server will default to using the Arc proxy setting if available.</li><li>The AMA VM extension proxy setting overrides the Arc defaults.</li><li>Bug fix in MSI installer: Symptom - If there are spaces in the fluent-bit config path, AMA was not recognizing the path properly. AMA now adds quotes to configuration path in fluent-bit.</li><li>Bug fix for Container Insights: Symptom - custom resource Id were not being honored.</li><li>Security issue fix: skip the deletion of files and directory whose path contains a redirection (via Junction point, Hard links, Mount point, OB Symlinks etc.).</li><li>Updating MetricExtension package to 2.2024.328.1744.</li></ul>**Linux**<ul><li>AMA 1.30 now available in Arc.</li><li>New distribution support Debian 12, RHEL CIS L2.</li><li>Fix for mdsd version 1.30.3 (in persistence mode) which converted positive integer float/double values (e.g. "3.0", "4.0") to type ulong which broke Azure stream analytics.</li></ul>| 1.26.0 | 1.31.1 |

-| March 2024 | **Known Issues** a change in 1.25.0 to the encoding of resource IDs in the request headers to the ingestion end point has disrupted SQL ATP. This is causing failures in alert notifications to the Microsoft Detection Center (MDC) and potentially affecting billing events. Symptom are not seeing expected alerts related to SQL security threats. 1.25.0 did not release to all data centers and it was not identified for auto update in any data center. Customers that did upgrade to 1.25.0 should role back to 1.24.0<br><br>**Windows**<ul><li>**Breaking Change from Public Preview to GA** Due to customer feedback, automatic parsing of JSON into column in your custom table in Log Analytic was added. You must take action to migrate your JSON DCR created prior to this release to prevent data loss. This is the last release of the JSON Log type in Public Preview an GA will be declared in a few weeks.</li><li>Fix AMA when resource ID contains non-ascii chars which is common when using some languages other than English. Errors would follow this pattern: … [HealthServiceCommon] [] [Error] … WinHttpAddRequestHeaders(x-ms-AzureResourceId: /subscriptions/{your subscription #} /resourceGroups/???????/providers/ … PostDataItems" failed with code 87(ERROR_INVALID_PARAMETER) </li></ul>**Linux**<ul><li>The AMA agent has been tested and thus supported on Debian 12 and RHEL9 CIS L2 distribution.</li></ul>| 1.25.0 | 1.31.0 |

-| February 2024 | **Known Issues**<ul><li>Occasional crash during startup in arm64 VMs. This is fixed in 1.30.3</li></uL>**Windows**<ul><li>Fix memory leak in Internet Information Service (IIS) log collection</li><li>Fix JSON parsing with Unicode characters for some ingestion endpoints</li><li>Allow Client installer to run on Azure Virtual Desktop (AVD) DevBox partner</li><li>Enable Transport Layer Security (TLS) 1.3 on supported Windows versions</li><li>Update MetricsExtension package to 2.2024.202.2043</li></ul>**Linux**<ul><li>Features<ul><li>Add EventTime to syslog for parity with OMS agent</li><li>Add more Common Event Format (CEF) format support</li><li>Add CPU quotas for Azure Monitor Agent (AMA)</li></ul><li>Fixes<ul><li>Handle truncation of large messages in syslog due to Transmission Control Protocol (TCP) framing issue</li><li>Set NO_PROXY for Instance Metadata Service (IMDS) endpoint in AMA Python wrapper</li><li>Fix a crash in syslog parsing</li><li>Add reasonable limits for metadata retries from IMDS</li><li>No longer reset /var/log/azure folder permissions</li></ul></ul> | 1.24.0 | 1.30.3<br>1.30.2 |

-> The JSON ingestion is in Preview at this time.

- - Do Not rename a file to a new name and then open a new file with the same name. This could cause data loss.

-Alert processing rules allow you to apply processing on fired alerts. Alert processing rules are different from alert rules. Alert rules generate new alerts, while alert processing rules modify the fired alerts as they're being fired.

-* Add the [Spring Cloud Azure Starter Monitor](https://mvnrepository.com/artifact/com.azure.spring/cloud-starter-azure-monitor) dependency.

-> - March 31, 2024 ΓÇô You will no longer be able to use the API (CLI, Powershell, or templates), or Azure portal to configure retention setting unless you're changing them to *0*. Existing retention rules will still be respected.

-|Alerts|[Create a metric alert with dynamic thresholds](alerts/alerts-dynamic-thresholds.md)|Clarify lookback period|

-|Alerts|[Action groups](alerts/action-groups.md)|Updated the desciption of action groups to clarify that you can use automatic workflows for any scenario, not only to let users know that alert has been raised.|

-Capacity pools must be at least 2 TiB and can be increased or decreased in 1-TiB intervals. Capacity pools contain volumes that range in size from a minimum of 100 GiB to a maximum of 100 TiB. Volumes are assigned quotas that are subtracted from the capacity poolΓÇÖs provisioned size. For an active volume, capacity consumption against the quota is based on logical (effective) capacity, being active filesystem data or snapshot data. See [How Azure NetApp Files snapshots work](snapshots-introduction.md) for details.

-keywords: portal

-In this topic, you learn about the different parts of the Azure portal.

-## Azure Home

-By default, the first thing you see after you [sign in to the portal](https://portal.azure.com) is **Azure Home**. This page compiles resources that help you get the most from your Azure subscription. We include links to free online courses, documentation, core services, and useful sites for staying current and managing change for your organization. For quick and easy access to work in progress, we also show a list of your most recently visited resources.

-The portal menu and page header are global elements that are always present in the Azure portal. These persistent features are the "shell" for the user interface associated with each individual service or feature. The header provides access to global controls. The working pane for a resource or service may also have a resource menu specific to that area.

-The figure below labels the basic elements of the Azure portal, each of which are described in the following table. In this example, the current focus is a virtual machine, but the same elements generally apply, no matter what type of resource or service you're working with.

-|Key|Description

-|1|**Page header**. Appears at the top of every portal page and holds global elements.|

-|2|**Global search**. Use the search bar to quickly find a specific resource, a service, or documentation.|

-|3|**Global controls**. Like all global elements, these controls persist across the portal. Global controls include Cloud Shell, Notifications, Settings, Support + Troubleshooting, and Feedback.|

-|4|**Your account**. View information about your account, switch directories, sign out, or sign in with a different account.|

-|5|**Portal menu**. This global element can help you to navigate between services. Sometimes referred to as the sidebar. (Items 10 and 11 in this list appear in this menu.)|

-|6|**Resource menu**. Many services include a resource menu to help you manage the service. You may see this element referred to as the service menu, or sometimes as the left pane. The commands you see are contextual to the resource or service that you're using.|

-|7|**Command bar**. These controls are contextual to your current focus.|

-|8|**Working pane**. Displays details about the resource that is currently in focus.|

-|9|**Breadcrumb**. You can use the breadcrumb links to move back a level in your workflow.|

-|10|**+ Create a resource**. Master control to create a new resource in the current subscription, available in the Azure portal menu. You can also find this option on the **Home** page.|

-|11|**Favorites**. Your favorites list in the Azure portal menu. To learn how to customize this list, see [Add, remove, and sort favorites](../azure-portal/azure-portal-add-remove-sort-favorites.md).|

-The Azure portal menu lets you quickly get to key functionality and resource types. You can [choose a default mode for the portal menu](set-preferences.md#set-menu-behavior): flyout or docked.

-If you choose docked mode for the portal menu, it will always be visible. You can collapse the menu to provide more working space.

-You can [customize the favorites list](azure-portal-add-remove-sort-favorites.md) that appears in the portal menu.

-Dashboards provide a focused view of the resources in your subscription that matter most to you. We've given you a default dashboard to get you started. You can customize this dashboard to bring the resources you use frequently into a single view.

-* Take the [Manage services with the Azure portal training module](/training/modules/tour-azure-portal/).

-* Stay connected on the go with the [Azure mobile app](https://azure.microsoft.com/features/azure-portal/mobile-app/).

-### Set menu behavior

-The **Menu behavior** section lets you choose how the default Azure portal menu behaves.

-If your admin has enabled an inactivity timeout policy, you can still set your own, as long as it's shorter than the directory-level setting. To do so, select **Override the directory inactivity timeout policy**, then enter a time interval for the **Override value**.

-To enable or disable pop-up notifications, select or clear **Enable pop-up notifications**.

-**True** if the item is found; otherwise, **False**.

-Returns **True** if the value is empty; otherwise, **False**.

-**True** if the last character or characters of the string match the value; otherwise, **False**.

-**True** if the first character or characters of the string match the value; otherwise, **False**.

-* If **baseUri** ends in a trailing slash, the result is simply

- **baseUri** followed by **relativeUri**.

-* If **baseUri** does not end in a trailing slash one of two things

- * If **baseUri** has no slashes at all (aside from the "//" near

- the front) the result is simply **baseUri** followed by **relativeUri**.

- * If **baseUri** has some slashes, but doesn't end with a slash,

- everything from the last slash onward is removed from **baseUri**

- and the result is **baseUri** followed by **relativeUri**.

-For complete details, the **baseUri** and **relativeUri** parameters are

-**True** if the item is found; otherwise, **False**.

-Returns **True** if the value is empty; otherwise, **False**.

-**True** if the last character or characters of the string match the value; otherwise, **False**.

-**True** if the first character or characters of the string match the value; otherwise, **False**.

-* If **baseUri** ends in a trailing slash, the result is **baseUri** followed by **relativeUri**.

-* If **baseUri** doesn't end in a trailing slash one of two things

- * If **baseUri** has no slashes at all (aside from the `//` near

- the front) the result is **baseUri** followed by **relativeUri**.

- * If **baseUri** has some slashes, but doesn't end with a slash,

- everything from the last slash onward is removed from **baseUri**

- and the result is **baseUri** followed by **relativeUri**.

-For complete details, the **baseUri** and **relativeUri** parameters are

-## Copilot for Call Diagnostics

-Artificial Intelligence can help app developers across every step of the development lifecycle: designing, building, and operating. Developers with [Microsoft Copilot in Azure (preview)](../../../copilot/overview.md) can use Copilot within Call Diagnostics to understand and resolve a variety of calling issues. For example, developers can ask Copilot questions, such as:

-

- - Your organization needs to manage access to [Microsoft Copilot in Azure (preview)](../../../copilot/overview.md). Once your organization has access to Copilot for Azure (preview), the Call Diagnostics interface will include the option to 'Diagnose with Copilot' in the Search, Overview, and Issues tabs.

- - Leverage Copilot for Call Diagnostics to improve call quality by detailing problems faced during Azure Communication Services calls. Giving Copilot detailed information from Call Diagnostics will help it enhance analysis, identify issues, and identify fixes. Be aware that this Copilot iteration lacks programmatic access to your call details.

-For details on how to use mTLS for environment level network encryption, see the [networking overview](./networking.md#mtls).

-## <a name="mtls"></a> Environment level network encryption (preview)

-Azure Container Apps supports environment level network encryption using mutual transport layer security (mTLS). When end-to-end encryption is required, mTLS encrypts data transmitted between applications within an environment.

-Applications within a Container Apps environment are automatically authenticated. However, the Container Apps runtime doesn't support authorization for access control between applications using the built-in mTLS.

-When your apps are communicating with a client outside of the environment, two-way authentication with mTLS is supported. To learn more, see [configure client certificates](client-certificate-authorization.md).

-> [!NOTE]

-> Enabling mTLS for your applications may increase response latency and reduce maximum throughput in high-load scenarios.

-You can enable mTLS using the following commands.

- --enable-mtls

- --enable-mtls

- "peerAuthentication":{

- "mtls": {

-| Does your client support mTLS? | Verify **Client certificate mode** is set to **Require** only if your client supports mTLS. For more information, see [Environment level network encryption.](./networking.md#mtls) |

-| [Public preview: environment level mTLS encryption](./networking.md#mtls) | When end-to-end encryption is required, mTLS will encrypt data transmitted between applications within an environment. |

-Use Microsoft Copilot for Azure (preview) to ask questions about your resources and to run Azure Monitor Investigator. You can ask to run an investigation on a resource to learn what happened, possible causes and how to start to troubleshoot the issue.

-description: AI agent key concepts and implementation of AI agent memory system.

-AI agents are designed to perform specific tasks, answer questions, and automate processes for users. These agents vary widely in complexity, ranging from simple chatbots, to copilots, to advanced AI assistants in the form of digital or robotic systems that can execute complex workflows autonomously. This article provides conceptual overviews and detailed implementation samples on AI agents.

-## What are AI Agents?

-Unlike standalone large language models (LLMs) or rule-based software/hardware systems, AI agent possesses the follow common features:

-> The usage of the term "memory" in the context of AI agent should not be confused with the concept of computer memory (like volatile, non-volatile, and persistent memory).

-Copilots are a type of AI agent designed to work alongside users rather than operate independently. Unlike fully automated agents, copilots provide suggestions and recommendations to assist users in completing tasks. For instance, when a user is writing an email, a copilot might suggest phrases, sentences, or paragraphs. The user might also ask the copilot to find relevant information in other emails or files to support the suggestion (see [retrieval-augmented generation](vector-database.md#retrieval-augmented-generation)). The user can accept, reject, or edit the suggested passages.

-You may configure the agents to perform each of the above steps with or without human approval.

-Currently, the prevailing strategy for achieving performant autonomous agents is through multi-agent systems. In multi-agent systems, multiple autonomous agents, whether in digital or robotic form, interact or work together to achieve individual or collective goals. Agents in the system can operate independently and possess their own knowledge or information. Each agent may also have the capability to perceive its environment, make decisions, and execute actions based on its objectives.

-Key characteristics of multi-agent systems:

-## Implement AI agent

-Complex reasoning and planning are the hallmark of advanced autonomous agents. Popular autonomous agent frameworks incorporate one or more of the following methodologies for reasoning and planning:

-[Self-ask](https://arxiv.org/abs/2210.03350)

-Improves on chain of thought by having the model explicitly asking itself (and answering) follow-up questions before answering the initial question.

-[Reason and Act (ReAct)](https://arxiv.org/abs/2210.03629)

-Use LLMs to generate both reasoning traces and task-specific actions in an interleaved manner. Reasoning traces help the model induce, track, and update action plans as well as handle exceptions, while actions allow it to interface with external sources, such as knowledge bases or environments, to gather additional information.

-[Plan and Solve](https://arxiv.org/abs/2305.04091)

-Devise a plan to divide the entire task into smaller subtasks, and then carry out the subtasks according to the plan. This mitigates the calculation errors, missing-step errors, and semantic misunderstanding errors that are often present in zero-shot chain-of-thought (CoT) prompting.

-[Reflection/Self-critique](https://arxiv.org/abs/2303.11366)

-Reflexion agents verbally reflect on task feedback signals, then maintain their own reflective text in an episodic memory buffer to induce better decision-making in subsequent trials.

-Various frameworks and tools can facilitate the development and deployment of AI agent.

-For tool usage and perception that do not require sophisticated planning and memory, some popular LLM orchestrator frameworks are LangChain, LlamaIndex, Prompt Flow, and Semantic Kernel.

-For advanced and autonomous planning and execution workflows, [AutoGen](https://microsoft.github.io/autogen/) propelled the multi-agent wave that began in late 2022. OpenAI's [Assistants API](https://platform.openai.com/docs/assistants/overview) allow their users to create agents natively within the GPT ecosystem. [LangChain Agents](https://python.langchain.com/v0.1/docs/modules/agents/) and [LlamaIndex Agents](https://docs.llamaindex.ai/en/stable/use_cases/agents/) also emerged around the same time.

-> See the implementation sample section at the end of this article for tutorial on building a simple multi-agent system using one of the popular frameworks and a unified agent memory system.

-The prevalent practice for experimenting with AI-enhanced applications in 2022 through 2024 has been using standalone database management systems for various data workflows or types. For example, an in-memory database for caching, a relational database for operational data (including tracing/activity logs and LLM conversation history), and a [pure vector database](vector-database.md#integrated-vector-database-vs-pure-vector-database) for embedding management.

-However, this practice of using a complex web of standalone databases can hurt AI agent's performance. Integrating all these disparate databases into a cohesive, interoperable, and resilient memory system for AI agent is a significant challenge in and of itself. Moreover, many of the frequently used database services are not optimal for the speed and scalability that AI agent systems need. These databases' individual weaknesses are exacerbated in multi-agent systems:

-In-memory databases are excellent for speed but may struggle with the large-scale data persistence that AI agent requires.

-Relational databases are not ideal for the varied modalities and fluid schemas of data handled by agents. Moreover, relational databases require manual efforts and even downtime to manage provisioning, partitioning, and sharding.

-Pure vector databases tend to be less effective for transactional operations, real-time updates, and distributed workloads. The popular pure vector databases nowadays typically offer

-The next section dives deeper into what makes a robust AI agent memory system.

-## Memory can make or break agents

-Just as efficient database management systems are critical to software applications' performances, it is critical to provide LLM-powered agents with relevant and useful information to guide their inference. Robust memory systems enable organizing and storing different kinds of information that the agents can retrieve at inference time.

-Currently, LLM-powered applications often use [retrieval-augmented generation](vector-database.md#retrieval-augmented-generation) that uses basic semantic search or vector search to retrieve passages or documents. [Vector search](vector-database.md#vector-search) can be useful for finding general information, but it may not capture the specific context, structure, or relationships that are relevant for a particular task or domain.

-For example, if the task is to write code, vector search may not be able to retrieve the syntax tree, file system layout, code summaries, or API signatures that are important for generating coherent and correct code. Similarly, if the task is to work with tabular data, vector search may not be able to retrieve the schema, the foreign keys, the stored procedures, or the reports that are useful for querying or analyzing the data.

-Weaving together [a web of standalone in-memory, relational, and vector databases](#ai-agent-memory-system) is not an optimal solution for the varied data types, either. This approach may work for prototypical agent systems; however, it adds complexity and performance bottlenecks that can hamper the performance of advanced autonomous agents.

-Therefore, a robust memory system should have the following characteristics:

-#### Multi-modal (Part I)

-AI agent memory systems should provide different collections that store metadata, relationships, entities, summaries, or other types of information that can be useful for different tasks and domains. These collections can be based on the structure and format of the data, such as documents, tables, or code, or they can be based on the content and meaning of the data, such as concepts, associations, or procedural steps.

-#### Operational

-Memory systems should provide different memory banks that store information that is relevant for the interaction with the user and the environment. Such information may include chat history, user preferences, sensory data, decisions made, facts learned, or other operational data that are updated with high frequency and at high volumes. These memory banks can help the agents remember short-term and long-term information, avoid repeating or contradicting themselves, and maintain task coherence. These requirements must hold true even if the agents perform a multitude of unrelated tasks in succession. In advanced cases, agents may also wargame numerous branch plans that diverge or converge at different points.

-#### Sharable but also separable

-At the macro level, memory systems should enable multiple AI agents to collaborate on a problem or process different aspects of the problem by providing shared memory that is accessible to all the agents. Shared memory can facilitate the exchange of information and the coordination of actions among the agents. At the same time, the memory system must allow agents to preserve their own persona and characteristics, such as their unique collections of prompts and memories.

-#### Multi-modal (Part II)

-Not only are memory systems critical to AI agents; they are also important for the humans who develop, maintain, and use these agents. For example, humans may need to supervise agents' planning and execution workflows in near real-time. While supervising, humans may interject with guidance or make in-line edits of agents' dialogues or monologues. Humans may also need to audit the reasoning and actions of agents to verify the validity of the final output. Human-agent interactions are likely in natural or programming languages, while agents "think," "learn," and "remember" through embeddings. This data modal difference poses another requirement on memory systems' consistency across data modalities.

-The above characteristics require AI agent memory systems to be highly scalable and swift. Painstakingly weaving together [a plethora of disparate in-memory, relational, and vector databases](#ai-agent-memory-system) may work for early-stage AI-enabled applications; however, this approach adds complexity and performance bottlenecks that can hamper the performance of advanced autonomous agents.

-In place of all the standalone databases, Azure Cosmos DB can serve as a unified solution for AI agent memory systems. Its robustness successfully [enabled OpenAI's ChatGPT service](https://www.youtube.com/watch?v=6IIUtEFKJec&t) to scale dynamically with high reliability and low maintenance. Powered by an atom-record-sequence engine, it is the world's first globally distributed [NoSQL](distributed-nosql.md), [relational](distributed-relational.md), and [vector database](vector-database.md) service that offers a serverless mode. AI agents built on top of Azure Cosmos DB enjoy speed, scale, and simplicity.

-#### Speed

-Azure Cosmos DB provides single-digit millisecond latency, making it highly suitable for processes requiring rapid data access and management, including caching (both traditional and [semantic caching](https://techcommunity.microsoft.com/t5/azure-architecture-blog/optimize-azure-openai-applications-with-semantic-caching/ba-p/4106867), transactions, and operational workloads. This low latency is crucial for AI agents that need to perform complex reasoning, make real-time decisions, and provide immediate responses. Moreover, its [use of state-of-the-art DiskANN algorithm](nosql/vector-search.md#enroll-in-the-vector-search-preview-feature) provides accurate and fast vector search with 95% less memory consumption.

-#### Scale

-Engineered for global distribution and horizontal scalability, and offering support for multi-region I/O and multitenancy, this service ensures that memory systems can expand seamlessly and keep up with rapidly growing agents and associated data. Its SLA-backed 99.999% availability guarantee (less than 5 minutes of downtime per year, contrasting 9 hours or more for pure vector database services) provides a solid foundation for mission-critical workloads. At the same time, its various service models like [Reserved Capacity](reserved-capacity.md) or Serverless drastically lower financial costs.

-#### Simplicity

-This service simplifies data management and architecture by integrating multiple database functionalities into a single, cohesive platform.

-Its integrated vector database capabilities can store, index, and query embeddings alongside the corresponding data in natural or programming languages, enabling greater data consistency, scale, and performance.

-Its flexibility easily supports the varied modalities and fluid schemas of the metadata, relationships, entities, summaries, chat history, user preferences, sensory data, decisions, facts learned, or other operational data involved in agent workflows. The database automatically indexes all data without requiring schema or index management, allowing AI agents to perform complex queries quickly and efficiently.

-Lastly, its fully managed service eliminates the overhead of database administration, including tasks such as scaling, patching, and backups. Thus, developers can focus on building and optimizing AI agents without worrying about the underlying data infrastructure.

-#### Advanced features

-Azure Cosmos DB incorporates advanced features such as change feed, which allows tracking and responding to changes in data in real-time. This capability is useful for AI agents that need to react to new information promptly.

-Additionally, the built-in support for multi-master writes enables high availability and resilience, ensuring continuous operation of AI agents even in the face of regional failures.

-The five available [consistency levels](consistency-levels.md) (from strong to eventual) can also cater to various distributed workloads depending on the scenario requirements.

-> [!TIP]

-> You may choose from two Azure Cosmos DB APIs to build your AI agent memory system: Azure Cosmos DB for NoSQL, and vCore-based Azure Cosmos DB for MongoDB. The former provides 99.999% availability and [three vector search algorithms](nosql/vector-search.md): IVF, HNSW, and the state-of-the-art DiskANN. The latter provides 99.995% availability and [two vector search algorithms](mongodb/vcore/vector-search.md): IVF and HNSW.

-> [!div class="nextstepaction"]

-> [Use the Azure Cosmos DB lifetime free tier](free-tier.md)

-This section explores the implementation of an autonomous agent to process traveler inquiries and bookings in a CruiseLine travel application.

-Chatbots have been a long-standing concept, but AI agents are advancing beyond basic human conversation to carry out tasks based on natural language, traditionally requiring coded logic. This AI travel agent uses the LangChain Agent framework for agent planning, tool usage, and perception. Its [unified memory system](#memory-can-make-or-break-agents) uses the [vector database](vector-database.md) and document store capabilities of Azure Cosmos DB to address traveler inquiries and facilitate trip bookings, ensuring [speed, scale, and simplicity](#building-a-robust-ai-agent-memory-system). It operates within a Python FastAPI backend and support user interactions through a React JS user interface.

-All of the code and sample datasets are available on [GitHub](https://github.com/jonathanscholtes/Travel-AI-Agent-React-FastAPI-and-Cosmos-DB-Vector-Store). In this repository, you can find the following folders:

-The GitHub repository contains a Python project located in the **loader** directory intended for loading the sample travel documents into Azure Cosmos DB. This section sets up the project to load the documents.

-### Set up the environment for loader

-Set up your Python virtual environment in the **loader** directory by running the following:

-Activate your environment and install dependencies in the **loader** directory:

-Create a file, named **.env** in the **loader** directory, to store the following environment variables.

- OPENAI_API_KEY="**Your Open AI Key**"

- MONGO_CONNECTION_STRING="mongodb+srv:**your connection string from Azure Cosmos DB**"

-### Load documents and vectors

-The Python file **main.py** serves as the central entry point for loading data into Azure Cosmos DB. This code processes the sample travel data from the GitHub repository, including information about ships and destinations. Additionally, it generates travel itinerary packages for each ship and destination, allowing travelers to book them using the AI agent. The CosmosDBLoader is responsible for creating collections, vector embeddings, and indexes in the Azure Cosmos DB instance.

-*main.py*

-# Create five itinerary pakages

-Load the documents, vectors and create indexes by simply executing the following command from the loader directory:

-Output:

-### Build travel AI agent with Python FastAPI

-The AI travel agent is hosted in a backend API using Python FastAPI, facilitating integration with the frontend user interface. The API project processes agent requests by [grounding](https://techcommunity.microsoft.com/t5/fasttrack-for-azure/grounding-llms/ba-p/3843857) the LLM prompts against the data layer, specifically the vectors and documents in Azure Cosmos DB. Furthermore, the agent makes use of various tools, particularly the Python functions provided at the API service layer. This article focuses on the code necessary for AI agents within the API code.

-Python version 3.11.4 was utilized for the development and testing of the API.

-Set up your python virtual environment in the **api** directory.

-Activate your environment and install dependencies using the requirements file in the **api** directory:

-Create a file, named **.env** in the **api** directory, to store your environment variables.

- OPENAI_API_KEY="**Your Open AI Key**"

- MONGO_CONNECTION_STRING="mongodb+srv:**your connection string from Azure Cosmos DB**"

-With the environment configured and variables set up, we are ready to initiate the FastAPI server. Run the following command from the **api** directory to initiate the server.

-The FastAPI server launches on the localhost loopback 127.0.0.1 port 8000 by default. You can access the Swagger documents using the following localhost address: http://127.0.0.1:8000/docs

-It is imperative for the Travel Agent to have the capability to reference previously provided information within the ongoing conversation. This ability is commonly known as "memory" in the context of LLMs, which should not be confused with the concept of computer memory (like volatile, non-volatile, and persistent memory).

-To achieve this objective, we use the chat message history, which is securely stored in our Azure Cosmos DB instance. Each chat session will have its history stored using a session ID to ensure that only messages from the current conversation session are accessible. This necessity is the reason behind the existence of a 'Get Session' method in our API. It is a placeholder method for managing web sessions in order to illustrate the use of chat message history.

-Click Try It out for /session/.

-For the AI Agent, we only need to simulate a session. Thus, the stubbed-out method merely returns a generated session ID for tracking message history. In a practical implementation, this session would be stored in Azure Cosmos DB and potentially in React JS localStorage.

-*web/session.py*

-Let us utilize the obtained session ID from the previous step to initiate a new dialogue with our AI agent to validate its functionality. We shall conduct our test by submitting the following phrase: "I want to take a relaxing vacation."

-Click Try It out for /agent/agent_chat.

-Example parameter

-The initial execution results in a recommendation for the Tranquil Breeze Cruise and the Fantasy Seas Adventure Cruise as they are anticipated to be the most 'relaxing' cruises available through the vector search. These documents have the highest score for ```similarity_search_with_score``` that is called in the data layer of our API, ```data.mongodb.travel.similarity_search()```.

-The similarity search scores are displayed as output from the API for debugging purposes.

-Output when calling ```data.mongodb.travel.similarity_search()```

-> If documents are not being returned for vector search modify the ```similarity_search_with_score``` limit or the score filter value as needed (```[doc for doc, score in docs if score >=.78]```). in ```data.mongodb.travel.similarity_search()```

-Calling the 'agent_chat' for the first time creates a new collection named 'history' in Azure Cosmos DB to store the conversation by session. This call enables the agent to access the stored chat message history as needed. Subsequent executions of 'agent_chat' with the same parameters produce varying results as it draws from memory.

-### Walkthrough of AI agent

-When integrating the AI Agent into the API, the web search components are responsible for initiating all requests. This is followed by the search service, and finally the data components. In our specific case, we utilize MongoDB data search, which connects to Azure Cosmos DB. The layers facilitate the exchange of Model components, with the AI Agent and AI Agent Tool code residing in the service layer. This approach was implemented to enable the seamless interchangeability of data sources and to extend the capabilities of the AI Agent with additional, more intricate functionalities or 'tools'.

-The service layer forms the cornerstone of our core business logic. In this particular scenario, the service layer plays a crucial role as the repository for the LangChain agent code, facilitating the seamless integration of user prompts with Azure Cosmos DB data, conversation memory, and agent functions for our AI Agent.

-The service layer employs a singleton pattern module for handling agent-related initializations in the **init.py** file.

-*service/init.py*

- #Answer should be embedded in html tags. Only answer questions related to cruise travel, If you can not answer respond with \"I am here to assist with your travel questions.\".

-The **init.py** file commences by initiating the loading of environment variables from a **.env** file utilizing the ```load_dotenv(override=False)``` method. Then, a global variable named ```agent_with_chat_history``` is instantiated for the agent, intended for use by our **TravelAgent.py**. The ```LLM_init()``` method is invoked during module initialization to configure our AI agent for conversation via the API web layer. The OpenAI Chat object is instantiated using the GPT-3.5 model, incorporating specific parameters such as model name and temperature. The chat object, tools list, and prompt template are combined to generate an ```AgentExecutor```, which operates as our AI Travel Agent. Lastly, the agent with history, ```agent_with_chat_history```, is established using ```RunnableWithMessageHistory``` with chat history (MongoDBChatMessageHistory), enabling it to maintain a complete conversation history via Azure Cosmos DB.

-The LLM prompt initially began with the simple statement "You are a helpful and friendly travel assistant for a cruise company." However, through testing, it was determined that more consistent results could be obtained by including the instruction "Answer travel questions to the best of your ability, providing only relevant information. To book a cruise, capturing the person's name is essential." The results are presented in HTML format to enhance the visual appeal within the web interface.

-[Tools](#what-are-ai-agents) are interfaces that an agent can use to interact with the world, often done through function calling.

-When creating an agent, it is essential to furnish it with a set of tools that it can utilize. The ```@tool``` decorator offers the most straightforward approach to defining a custom tool. By default, the decorator uses the function name as the tool name, although this can be replaced by providing a string as the first argument. Moreover, the decorator will utilize the function's docstring as the tool's description, thus requiring the provision of a docstring.

-*service/TravelAgentTools.py*

-In the **TravelAgentTools.py** file, three specific tools are defined. The first tool, ```vacation_lookup```, conducts a vector search against Azure Cosmos DB, using a ```similarity_search``` to retrieve relevant travel-related material. The second tool, ```itinerary_lookup```, retrieves cruise package details and schedules for a specified cruise ship. Lastly, ```book_cruise``` is responsible for booking a cruise package for a passenger. Specific instructions ("In order to book a cruise I need to know your name.") might be necessary to ensure the capture of the passenger's name and room number for booking the cruise package. This is in spite of including such instructions in the LLM prompt.

-The fundamental concept underlying agents is to utilize a language model for selecting a sequence of actions to execute.

-*service/TravelAgent.py*

-The **TravelAgent.py** file is straightforward, as ```agent_with_chat_history```, and its dependencies (tools, prompt, and LLM) are initialized and configured in the **init.py** file. In this file, the agent is called using the input received from the user, along with the session ID for conversation memory. Afterwards, ```PromptResponse``` (model/prompt) is returned with the agent's output and response time.

-### Integrate AI agent with React JS user interface

-With the successful loading of the data and accessibility of our AI Agent through our API, we can now complete the solution by establishing a web user interface using React JS for our travel website. By harnessing the capabilities of React JS, we can illustrate the seamless integration of our AI agent into a travel site, enhancing the user experience with a conversational travel assistant for inquiries and bookings.

-#### Set up the environment for React JS

-Install Node.js and the dependencies before testing out the React interface.

-Run the following command from the **web** directory to perform a clean install of project dependencies, this may take some time.

-Next, it is essential to create a file named **.env** within the **web** directory to facilitate the storage of environment variables. Then, you should include the following details in the newly created **.env** file.

-REACT_APP_API_HOST=http://127.0.0.1:8000

-Now, we have the ability to execute the following command from the **web** directory to initiate the React web user interface.

-Running the previous command launches the React JS web application.

-#### Walkthrough of React JS Web interface

-The web project of the GitHub repository is a straightforward application to facilitate user interaction with our AI agent. The primary components required to converse with the agent are ```TravelAgent.js``` and ```ChatLayout.js```. The **Main.js** file serves as the central module or user landing page.

-The Main component serves as the central manager of the application, acting as the designated entry point for routing. Within the render function, it produces JSX code to delineate the main page layout. This layout encompasses placeholder elements for the application such as logos and links, a section housing the travel agent component (further details to come), and a footer containing a sample disclaimer regarding the application's nature.

-*main.js*

-The Travel Agent component has a straightforward purpose ΓÇô capturing user inputs and displaying responses. It plays a key role in managing the integration with the backend AI Agent, primarily by capturing sessions and forwarding user prompts to our FastAPI service. The resulting responses are stored in an array for display, facilitated by the Chat Layout component.

-*TripPlanning/TravelAgent.js*

-Click on "Effortlessly plan your voyage" to launch the travel assistant.

-The Chat Layout component, as indicated by its name, oversees the arrangement of the chat. It systematically processes the chat messages and implements the designated formatting specified in the message JSON object.

-*TripPlanning/ChatLayout.py*

-User prompts are on the right side and colored blue, while the Travel AI Agent responses are on the left side and colored green. As you can see in the image below, the HTML formatted responses are accounted for in the conversation.

-When your AI agent is ready go to into production, you can use semantic caching to improve query performance by 80% and reduce LLM inference/API call costs. See this blog post for how to implement [semantic caching](https://stochasticcoder.com/2024/03/22/improve-llm-performance-using-semantic-cache-with-cosmos-db/).

-> [!NOTE]

-> If you would like to contribute to this article, feel free to click on the pencil button on the top right corner of the article. If you have any specific questions or comments on this article, you may reach out to cosmosdbgenai@microsoft.com

-### Next steps

-[30-day Free Trial without Azure subscription](https://azure.microsoft.com/try/cosmosdb/)

-[90-day Free Trial and up to $6,000 in throughput credits with Azure AI Advantage](ai-advantage.md)

-> [!div class="nextstepaction"]

-> [Use the Azure Cosmos DB lifetime free tier](free-tier.md)

-Distance functions are mathematical formulas used to measure the similarity or dissimilarity between vectors (see [vector search](vector-search-overview.md)). Common examples include Manhattan distance, Euclidean distance, cosine similarity, and dot product. These measurements are crucial for determining how closely related two pieces of data.

-Two popular vector search algorithms are k-Nearest Neighbors (kNN) and Approximate Nearest Neighbors (ANN, not to be confused with Artificial Neural Network). kNN is precise but computationally intensive, making it less suitable for large datasets. ANN, on the other hand, offers a balance between accuracy and efficiency, making it better suited for large-scale applications.

-Two popular types of vector search algorithms are [k-nearest neighbors (kNN) and approximate nearest neighbor (ANN)](knn-vs-ann.md). Some well-known vector search algorithms belonging to these categories include Inverted File (IVF), Hierarchical Navigable Small World (HNSW), and the state-of-the-art DiskANN.

-description: Learn how to move an Azure Cosmos DB account to another region.

-# Move an Azure Cosmos DB account to another region

-This article describes how to either:

-## Move data from one region to another

-Azure Cosmos DB supports data replication natively, so moving data from one region to another is simple. You can accomplish it by using the Azure portal, Azure PowerShell, or the Azure CLI. It involves the following steps:

-1. Add a new region to the account.

- To add a new region to an Azure Cosmos DB account, see [Add/remove regions to an Azure Cosmos DB account](how-to-manage-database-account.yml#add-remove-regions-from-your-database-account).

-1. Perform a manual failover to the new region.

- When the region that's being removed is currently the write region for the account, you'll need to start a failover to the new region added in the previous step. This is a zero-downtime operation. If you're moving a read region in a multiple-region account, you can skip this step.

-

- To start a failover, see [Perform manual failover on an Azure Cosmos DB account](how-to-manage-database-account.yml#perform-manual-failover-on-an-azure-cosmos-db-account).

-1. Remove the original region.

- To remove a region from an Azure Cosmos DB account, see [Add/remove regions from your Azure Cosmos DB account](how-to-manage-database-account.yml#add-remove-regions-from-your-database-account).

-> [!NOTE]

-> If you perform a failover operation or add/remove a new region while an [asynchronous throughput scaling operation](scaling-provisioned-throughput-best-practices.md#background-on-scaling-rus) is in progress, the throughput scale-up operation will be paused. It will resume automatically when the failover or add/remove region operation is complete.

-## Migrate Azure Cosmos DB account metadata

-Azure Cosmos DB does not natively support migrating account metadata from one region to another. To migrate both the account metadata and customer data from one region to another, you must create a new account in the desired region and then copy the data manually.

-> [!IMPORTANT]

-> It is not necessary to migrate the account metadata if the data is stored or moved to a different region. The region in which the account metadata resides has no impact on the performance, security or any other operational aspects of your Azure Cosmos DB account.

-A near-zero-downtime migration for the API for NoSQL requires the use of the [change feed](change-feed.md) or a tool that uses it.

-The following steps demonstrate how to migrate an Azure Cosmos DB account for the API for NoSQL and its data from one region to another:

-1. Create a new Azure Cosmos DB account in the desired region.

- To create a new account via the Azure portal, PowerShell, or the Azure CLI, see [Create an Azure Cosmos DB account](how-to-manage-database-account.yml#create-an-account).

-1. Create a new database and container.

- To create a new database and container, see [Create an Azure Cosmos DB container](how-to-create-container.md).

-1. Migrate data by using the Azure Cosmos DB Spark Connector live migration sample.

- To migrate data with near zero downtime, see [Live Migrate Azure Cosmos DB SQL API Containers data with Spark Connector](https://github.com/Azure/azure-sdk-for-java/tree/main/sdk/cosmos/azure-cosmos-spark_3_2-12/Samples/DatabricksLiveContainerMigration).

-1. Update the application connection string.

- With the Live Data Migration sample still running, update the connection information in the new deployment of your application. You can retrieve the endpoints and keys for your application from the Azure portal.

- :::image type="content" source="./media/secure-access-to-data/nosql-database-security-master-key-portal.png" alt-text="Access control in the Azure portal, demonstrating NoSQL database security.":::

-1. Redirect requests to the new application.

- After the new application is connected to Azure Cosmos DB, you can redirect client requests to your new deployment.

-1. Delete any resources that you no longer need.

- With requests now fully redirected to the new instance, you can delete the old Azure Cosmos DB account and stop the Live Data Migrator sample.

-## Next steps

-For more information and examples on how to manage the Azure Cosmos DB account as well as databases and containers, read the following articles:

-* [Manage an Azure Cosmos DB account](how-to-manage-database-account.yml)

-* [Change feed in Azure Cosmos DB](change-feed.md)

- --db <database-name> \

- --collection <collection-name> \

- --ssl \

- --uri <target-connection-string> \

- <dump-directory>/<database-name>/<collection-name>.bson

-| **`dataType`** | The data type of the vectors. `float32`, `float16`, `int8`, `uint8` values. Default value is `float32`. |

-Users with a Microsoft Customer Agreement must always [submit a request to set up pay by wire transfer](#submit-a-request-to-set-up-pay-by-wire-transfer) to Azure support to enable pay by wire transfer.

-Customers who have a Microsoft Online Services Program (pay-as-you-go) account can use the Azure portal to [request to pay by wire transfer](#request-to-pay-by-wire-transfer).

-> * For Microsoft Online Services Program accounts, if you switch to pay by wire transfer, you can't switch back to paying by credit or debit card.

-> * Currently, only customers in the United States can get automatically approved to change their payment method to wire transfer. Support for other regions is being evaluated.

-## Request to pay by wire transfer

-> [!NOTE]

-> - Currently only customers in the United States can get automatically approved to change their payment method to wire transfer and use the following procedure. Support for other regions is being evaluated. If you are not in the United States, you must [submit a request to set up pay by wire transfer](#submit-a-request-to-set-up-pay-by-wire-transfer) to change your payment method.

-> - After you're approved to pay by wire transfer, you can't switch back to credit card except for one-time payments.

-1. Sign in to the Azure portal.

- - If you have a pay-as-you-go subscription, navigate to **Subscriptions** and then select the one that you want to set up wire transfer for.

- - If you have a Microsoft Customer Agreement, navigate to **Cost Management + Billing** and then select **Billing profiles**. Select the billing profile that you want to set up wire transfer for.

-1. In the left menu, select **Payment methods**.

-1. On the Payment methods page, select **Pay by wire transfer**.

-1. On the **Pay by wire transfer** page, you see a message stating that you can request to use wire transfer instead of automatic payment using a credit or debit card. Select **Continue** to start the check.

-1. Depending on your approval status:

- - If you're automatically approved, the page shows a message stating that you're approved to pay by wire transfer. Enter your **Company name** and then select **Save**.

- - If the request couldn't be processed or if you're not approved, you need to follow the steps in the next section [Submit a request to set up pay by wire transfer](#submit-a-request-to-set-up-pay-by-wire-transfer).

-1. If you're approved, on the Payment methods page under **Other payment methods**, to the right of **Wire transfer**, select the ellipsis (**...**) symbol and then select **Make default**.

- You're all set to pay by wire transfer.

-The document shows you how to do the migration from Azure Data Catalog to Microsoft Purview.

- - The following algorithms are deemed as secure by OpenSSL, and will be sent along to the server for OAS (Oracle Advanced Security) data integrity.

- [strongType](./definition-structure.md#strongtype) configured parameter name and the value defines

-> [Resource Manager modes](./definition-structure.md#resource-manager-modes) definitions.

-description: This tutorial shows you how to register, provision, and connect an IoT Edge device to your IoT Central application.

-# Customer intent: As a solution developer, I want to learn how to connect an IoT Edge device to IoT Central and then configure views and forms so that I can interact with the device.

-# Tutorial: Connect an IoT Edge device to your Azure IoT Central application

-This tutorial shows you how to connect an IoT Edge device to your Azure IoT Central application. The IoT Edge device runs a module that sends temperature, pressure, and humidity telemetry to your application. You use a device template to enable views and forms that let you interact with the module on the IoT Edge device.

-In this tutorial, you learn how to:

-> [!div class="checklist"]

-> * Import an IoT Edge deployment manifest into your IoT Central application.

-> * Add an IoT Edge device that uses this deployment manifest to your application.

-> * Connect the IoT Edge device to your application.

-> * Monitor the IoT Edge runtime from your application.

-> * Add a device template with views and forms to your application.

-> * View the telemetry sent from the device in your application.

-## Prerequisites

-To complete the steps in this tutorial, you need:

-You also need to be able to upload configuration files to your IoT Central application from your local machine.

-## Import a deployment manifest

-A deployment manifest specifies the configuration of an IoT Edge device including the details of any custom modules the device should download and run. IoT Edge devices that connect to an IoT Central application download their deployment manifests from the application.

-To add a deployment manifest to IoT Central to use in this tutorial:

-1. Download and save the [EnvironmentalSensorManifest-1-4.json](https://raw.githubusercontent.com/Azure-Samples/iot-central-docs-samples/main/iotedge/EnvironmentalSensorManifest-1-4.json) deployment manifest to your local machine.

-1. In your IoT Central application, navigate to the **Edge manifests** page.

-1. Select **+ New**.

-1. On the **Customize** page, enter *Environmental Sensor* as the name and then upload the *EnvironmentalSensorManifest-1-4.json* file.

-1. After the manifest file is validated, select **Next**.

-1. The **Review and finish** page shows the modules defined in the manifest, including the **SimulatedTemperatureSensor** custom module. Select **Create**.

-The **Edge manifests** list now includes the **Environmental sensor** manifest:

-## Add an IoT Edge device

-Before the IoT Edge device can connect to your IoT Central application, you need to add it to the list of devices and get its credentials:

-1. In your IoT Central application, navigate to the **Devices** page.

-1. On the **Devices** page, make sure that **All devices** is selected. Then select **+ New**.

-1. On the **Create a new device** page:

- * Enter *Environmental sensor - 001* as the device name.

- * Enter *env-sens-001* as the device ID.

- * Make sure that the device template is **unassigned**.

- * Make sure that the device isn't simulated.

- * Set **Azure IoT Edge device** to **Yes**.

- * Select the **Environmental sensor** IoT Edge deployment manifest.

-1. Select **Create**.

-The list of devices on the **Devices** page now includes the **Environmental sensor - 001** device. The device status is **Registered**:

-Before you deploy the IoT Edge device, you need the:

-* **ID Scope** of your IoT Central application.

-* **Device ID** values for the IoT Edge device.

-* **Primary key** values for the IoT Edge device.

-To find these values, navigate to the **Environmental sensor - 001** device from the **Devices** page and select **Connect**. Make a note of these values before you continue.

-## Deploy the IoT Edge device

-In this tutorial, you deploy the IoT Edge runtime to a Linux virtual machine in Azure. To deploy and configure the virtual machine, select the following button:

-[](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure-Samples%2Fiot-central-docs-samples%2Fmain%2Fedge-vm-deploy-1-4%2FedgeDeploy.json)

-On the **Custom deployment** page, use the following values to complete the form:

-| Setting | Value |

-| - | -- |

-| `Resource group` | Create a new resource group with a name such as *MyIoTEdgeDevice_rg*. |

-| `Region` | Select a region close to you. |

-| `Dns Label Prefix` | A unique DNS prefix for your virtual machine. |

-| `Admin Username` | *AzureUser* |

-| `Admin Password` | A password of your choice to access the virtual machine. |

-| `Scope Id` | The ID scope you made a note of previously. |

-| `Device Id` | The device ID you made a note of previously. |

-| `Device Key` | The device key you made a note of previously. |

-Select **Review + create** and then **Create**. Wait for the deployment to finish before you continue.

-## Manage the IoT Edge device

-To verify the deployment of the IoT Edge device was successful:

-1. In your IoT Central application, navigate to the **Devices** page. Check the status of the **Environmental sensor - 001** device is **Provisioned**. You might need to wait for a few minutes while the device connects.

-1. Navigate to the **Environmental sensor - 001** device.

-1. On the **Modules** page, check the status of the three modules is **Running**.

-On the **Modules** page, you can view status information about the modules and perform actions such as viewing their logs and restarting them.

-## View raw data

-On the **Raw data** page for the **Environmental sensor - 001** device, you can see the telemetry it's sending and the property values it's reporting.

-At the moment, the IoT Edge device doesn't have a device template assigned, so all the data from the device is **Unmodeled**. Without a device template, there are no views or dashboards to display custom device information in the IoT Central application. However, you can use data export to forward the data to other services for analysis or storage.

-## Add a device template

-A deployment manifest can include definitions of properties exposed by a module. For example, the configuration in the deployment manifest for the **SimulatedTemperatureSensor** module includes the following:

-```json

-"SimulatedTemperatureSensor": {

- "properties.desired": {

- "SendData": true,

- "SendInterval": 10

- }

-}

-```

-The following steps show you how to add a device template for an IoT Edge device and the module property definitions from the deployment manifest:

-1. In your IoT Central application, navigate to the **Device templates** page and select **+ New**.

-1. On the **Select type** page, select **Azure IoT Edge**, and then **Next: Customize**.

-1. On the **Customize** page, enter *Environmental sensor* as the device template name. Select **Next: Review**.

-1. On the **Review** page, select **Create**.

-1. On the **Create a model** page, select **Custom model**.

-1. On the **Environmental sensor** page, select **Modules**, then **Import modules from manifest**.

-1. In the **Import modules** dialog, select the **Environmental sensor** deployment manifest, then **Import**.

-The device template now includes a module called **SimulatedTemperatureSensor**, with an interface called **management**. This interface includes definitions of the **SendData** and **SendInterval** properties from the deployment manifest.

-A deployment manifest can only define module properties, not commands or telemetry. To add the telemetry definitions to the device template:

-1. Download and save the [EnvironmentalSensorTelemetry.json](https://raw.githubusercontent.com/Azure-Samples/iot-central-docs-samples/main/iotedge/EnvironmentalSensorTelemetry.json) interface definition to your local machine.

-1. Navigate to the **SimulatedTemperatureSensor** module in the **Environmental sensor** device template.

-1. Select **Add inherited interface** (you might need to select **...** to see this option). Select **Import interface**. Then import the *EnvironmentalSensorTelemetry.json* file you previously downloaded.

-The module now includes a **telemetry** interface that defines **machine**, **ambient**, and **timeCreated** telemetry types:

-To add a view that plots telemetry from the device:

-1. In the **Environmental sensor** device template, select **Views**.

-1. On the **Select to add a new view** page, select **Visualizing the device**.

-1. Enter *Environmental telemetry* as the view name.

-1. Select **Start with devices**. Then add the following telemetry types:

- * **ambient/temperature**

- * **humidity**

- * **machine/temperature**

- * **pressure**

-1. Select **Add tile**, then **Save**.

-1. To publish the template, select **Publish**.

-## View telemetry and control module

-To view the telemetry from your device, you need to attach the device to the device template:

-1. Navigate to the **Devices** page and select the **Environmental sensor - 001** device.

-1. Select **Migrate**.

-1. In the **Migrate** dialog, select the **Environmental sensor** device template, and select **Migrate**.

-1. Navigate to the **Environmental sensor - 001** device and select the **Environmental telemetry** view.

-1. The line chart plots the four telemetry values you selected for the view:

- :::image type="content" source="media/tutorial-connect-iot-edge-device/environmental-telemetry-view.png" alt-text="Screenshot that shows the telemetry line charts.":::

-1. The **Raw data** page now includes columns for the **ambient**, **machine**, and **timeCreated** telemetry values.

-To control the module by using the properties defined in the deployment manifest, navigate to the **Environmental sensor - 001** device and select the **Manage** view.

-IoT Central created this view automatically from the **manage** interface in the **SimulatedTemperatureSensor** module. The **Raw data** page now includes columns for the **SendData** and **SendInterval** properties.

-## Clean up resources

-To remove the virtual machine that's running Azure IoT Edge, navigate to the Azure portal and delete the resource group you created previously. If you used the recommended name, your resource group is called **MyIoTEdgeDevice_rg**.

-## Next steps

-If you'd prefer to continue through the set of IoT Central tutorials and learn more about building an IoT Central solution, see:

-> [!div class="nextstepaction"]

-> [Create a gateway device template](./tutorial-define-gateway-device-type.md)

-## Next steps

-Now that you've learned how to use device groups in your Azure IoT Central application, here's the suggested next step:

-> [!div class="nextstepaction"]

-> [Connect an IoT Edge device to your Azure IoT Central application](tutorial-connect-iot-edge-device.md)

-| Operating System | AMD64 | ARM32v7 | ARM64 | End of support |

-> When a *Tier 1* operating system reaches its end of support date, it's removed from the *Tier 1* supported platform list. If you take no action, IoT Edge devices running on the unsupported operating system continue to work but ongoing security patches and bug fixes in the host packages for the operating system won't be available after the end of support date. To continue to receive support and security updates, we recommend that you update your host OS to a *Tier 1* supported platform.

-| Operating System | AMD64 | ARM32v7 | ARM64 | End of support |

-| Operating System | AMD64 | ARM32v7 | ARM64 | End of support |

-> When a *Tier 2* operating system reaches its end of support date, it's removed from the supported platform list. If you take no action, IoT Edge devices running on the unsupported operating system continue to work but ongoing security patches and bug fixes in the host packages for the operating system won't be available after the end of support date. To continue to receive support and security updates, we recommend that you update your host OS to a *Tier 1* supported platform.

-description: How to send cloud-to-device messages from a back-end app and receive them on a device app using the Azure IoT SDKs for iOS.

-ms.devland: swift

-# Send cloud-to-device messages with IoT Hub (iOS)

-Azure IoT Hub is a fully managed service that helps enable reliable and secure bi-directional communications between millions of devices and a solution back end.

-This article shows you how to:

-* Receive cloud-to-device (C2D) messages on a device

-At the end of this article, you run the following Swift iOS project:

-* **sample-device**: the sample app from the [Azure IoT Samples for IoS Platform repository](https://github.com/Azure-Samples/azure-iot-samples-ios), which connects to your IoT hub and receives cloud-to-device messages.

-> [!NOTE]

-> IoT Hub has SDK support for many device platforms and languages (including C, Java, Python, and JavaScript) through the [Azure IoT device SDKs](iot-hub-devguide-sdks.md).

-To learn more about cloud-to-device messages, see [Send cloud-to-device messages from an IoT hub](iot-hub-devguide-messages-c2d.md).

-## Prerequisites

-* An active IoT hub in Azure.

-* The code sample from the [Azure IoT Samples for IoS Platform repository](https://github.com/Azure-Samples/azure-iot-samples-ios).

-* The latest version of [XCode](https://developer.apple.com/xcode/), running the latest version of the iOS SDK. This article was tested with XCode 9.3 and iOS 11.3.

-* The latest version of [CocoaPods](https://guides.cocoapods.org/using/getting-started.html).

-* Make sure that port 8883 is open in your firewall. The device sample in this article uses MQTT protocol, which communicates over port 8883. This port may be blocked in some corporate and educational network environments. For more information and ways to work around this issue, see [Connecting to IoT Hub (MQTT)](../iot/iot-mqtt-connect-to-iot-hub.md#connecting-to-iot-hub).

-## Simulate an IoT device

-In this section, you simulate an iOS device running a Swift application to receive cloud-to-device messages from the IoT hub.

-### Install CocoaPods

-CocoaPods manages dependencies for iOS projects that use third-party libraries.

-In a terminal window, navigate to the folder containing the repository that you downloaded in the [prerequisites](#prerequisites). Then, navigate to the sample project:

-```sh

-cd quickstart/sample-device

-```

-Make sure that XCode is closed, then run the following command to install the CocoaPods that are declared in the **podfile** file:

-```sh

-pod install

-```

-Along with installing the pods required for your project, the installation command also created an XCode workspace file that is already configured to use the pods for dependencies.

-### Run the sample device application

-1. Retrieve the connection string for your device. You can copy this string from the [Azure portal](https://portal.azure.com) in the device details page, or retrieve it with the following CLI command:

- ```azurecli-interactive

- az iot hub device-identity connection-string show --hub-name {YourIoTHubName} --device-id {YourDeviceID} --output table

- ```

-2. Open the sample workspace in XCode.

- ```sh

- open "MQTT Client Sample.xcworkspace"

- ```

-3. Expand the **MQTT Client Sample** project and then folder of the same name.

-4. Open **ViewController.swift** for editing in XCode.

-5. Search for the **connectionString** variable and update the value with the device connection string that you copied in the first step.

-6. Save your changes.

-7. Run the project in the device emulator with the **Build and run** button or the key combo **command + r**.

- 

-## Send a cloud-to-device message

-You're now ready to receive cloud-to-device messages. Use the Azure portal to send a test cloud-to-device message to your simulated IoT device.

-1. In the **iOS App Sample** app running on the simulated IoT device, select **Start**. The application starts sending device-to-cloud messages, but also starts listening for cloud-to-device messages.

- 

-2. In the [Azure portal](https://portal.azure.com), navigate to your IoT hub.

-3. On the **Devices** page, select the device ID for your simulated IoT device.

-4. Select **Message to Device** to open the cloud-to-device message interface.

-5. Write a plaintext message in the **Message body** text box, then select **Send message**.

-6. Watch the app running on your simulated IoT device. It checks for messages from IoT Hub and prints the text from the most recent one on the screen. Your output should look like the following example:

- 

-## Next steps

-In this article, you learned how to send and receive cloud-to-device messages.

-* To learn more about cloud-to-device messages, see [Send cloud-to-device messages from an IoT hub](iot-hub-devguide-messages-c2d.md).

-* To learn more about IoT Hub message formats, see [Create and read IoT Hub messages](iot-hub-devguide-messages-construct.md).

-**For most Azure regions that are paired with another region**, the contents of your key vault are replicated both within the region and to the paired region. The paired region is usually at least 150 miles away, but within the same geography. This approach ensures high durability of your keys and secrets. For more information about Azure region pairs, see [Azure paired regions](../../reliability/cross-region-replication-azure.md). Two exceptions are the Brazil South region, which is paired to a region in another geography, and the West US 3 region. When you create key vaults in Brazil South or West US 3, they aren't replicated across regions.

-**For [Azure regions that don't have a pair](../../reliability/cross-region-replication-azure.md#regions-with-availability-zones-and-no-region-pair), as well as the Brazil South and West US 3 regions**, Azure Key Vault uses zone redundant storage (ZRS) to replicate your data three times within the region, across independent availability zones. For Azure Key Vault Premium, two of the three zones are used to replicate the hardware security module (HSM) keys. You can also use the [backup and restore](backup.md) feature to replicate the contents of your vault to another region of your choice.

-Version: `23.06.30`

-By setting a header `extra-parameters: allow`, the API will attempt to pass any unknown parameter directly to the underlying model. If the model can handle that parameter, the request completes.

-extra-parameters: allow

-> Alternatively, you can set `extra-parameters: drop` to drop any unknown parameter in the request. Use this capability in case you happen to be sending requests with extra parameters that you know the model won't support but you want the request to completes anyway. A typical example of this is indicating `seed` parameter.

-The Azure AI model inference API supports Azure AI Content Safety. When using deployments with Azure AI Content Safety on, inputs and outputs pass through an ensemble of classification models aimed at detecting and preventing the output of harmful content. The content filtering system detects and takes action on specific categories of potentially harmful content in both input prompts and output completions.

-The Azure AI Model Inference API is currently supported in models deployed as [Serverless API endpoints](how-to-deploy-models-serverless.md). Deploy any of the [supported models](#availability) to a new [Serverless API endpoints](how-to-deploy-models-serverless.md) to get started. Then you can consume the API in the following ways:

-# [Studio](#tab/azure-studio)

-You can use the Azure AI Model Inference API to run evaluations or while building with *Prompt flow*. Create a [Serverless Model connection](how-to-connect-models-serverless.md) to a *Serverless API endpoint* and consume its predictions. The Azure AI Model Inference API is used under the hood.

-Since the API is OpenAI-compatible, you can use any supported SDK that already supports Azure OpenAI. In the following example, we show how you can use LiteLLM with the common API:

-```python

-import litellm

-client = litellm.LiteLLM(

- base_url="https://<endpoint-name>.<region>.inference.ai.azure.com",

- api_key="<key>",

-)

-response = client.chat.completions.create(

- messages=[

- {

- "content": "Who is the most renowned French painter?",

- "role": "user"

- }

- ],

- model="azureai",

- custom_llm_provider="custom_openai",

-)

-print(response.choices[0].message.content)

-```

-Models deployed in Azure Machine Learning and Azure AI studio in Serverless API endpoints support the Azure AI Model Inference API. Each endpoint exposes the OpenAPI specification for the modalities the model support. Use the **Endpoint URI** and the **Key** to download the OpenAPI definition for the model. In the following example, we download it from a bash console. Replace `<TOKEN>` by the **Key** and `<ENDPOINT_URI>` for the **Endpoint URI**.

-```bash

-wget -d --header="Authorization: Bearer <TOKEN>" <ENDPOINT_URI>/swagger.json

-```

-Use the **Endpoint URI** and the **Key** to submit requests. The following example sends a request to a Cohere embedding model:

-```HTTP/1.1

-POST /embeddings?api-version=2024-04-01-preview

-Authorization: Bearer <bearer-token>

-Content-Type: application/json

-```

-```JSON

-{

- "input": [

- "Explain the theory of strings"

- ],

- "input_type": "query",

- "encoding_format": "float",

- "dimensions": 1024

-}

-```

-__Response__

-```json

-{

- "id": "ab1c2d34-5678-9efg-hi01-0123456789ea",

- "object": "list",

- "data": [

- {

- "index": 0,

- "object": "embedding",

- "embedding": [

- 0.001912117,

- 0.048706055,

- -0.06359863,

- //...

- -0.00044369698

- ]

- }

- ],

- "model": "",

- "usage": {

- "prompt_tokens": 7,

- "completion_tokens": 0,

- "total_tokens": 7

- }

-}

-```

- "response_format": "text"

-| [ChatCompletionResponseFormat](#chatcompletionresponseformat) | |

-| [Detail](#detail) | |

-| [FunctionObject](#functionobject) | |

-| [NotFoundError](#notfounderror) | |

-| [TooManyRequestsError](#toomanyrequestserror) | |

-| [UnauthorizedError](#unauthorizederror) | |

-| [UnprocessableContentError](#unprocessablecontenterror) | |

-| status | integer | The HTTP status code. |

-| status | integer | The HTTP status code. |

-| [CreateEmbeddingRequest](#createembeddingrequest) | Request for creating embeddings |

-| [CreateEmbeddingResponse](#createembeddingresponse) | Response from an embeddings request |

-| [Detail](#detail) | Details of the errors |

-| [NotFoundError](#notfounderror) | |

-| [TooManyRequestsError](#toomanyrequestserror) | |

-| [UnauthorizedError](#unauthorizederror) | |

-| [UnprocessableContentError](#unprocessablecontenterror) | |

-| total\_tokens | integer | The total number of tokens used by the request. |

-| 422 Unprocessable Entity | [UnprocessableContentError](#unprocessablecontenterror) | The request contains unprocessable content<br><br>Headers<br><br>x-ms-error-code: string |

-| [UnprocessableContentError](#unprocessablecontenterror) | |

-| total_tokens | integer | The total number of tokens used by the request. |

-|Creation of new servers using the Command Line Interface (CLI). | To Be Decided| September 2024|

-The cornerstone of Azure Database for MySQL flexible server is its ability to achieve the best performance for tier 1 workloads. This can be improved by enabling the server to automatically scale its database servers' performance (IO) seamlessly depending on the workload needs. This opt-in feature enables users to scale IOPS on demand without having to pre-provision a certain amount of IO per second. With the Autoscale IOPS featured enabled, you can now enjoy worry-free IO management in Azure Database for MySQL flexible server because the server scales IOPs up or down automatically depending on workload needs.

-Autoscale IOPS offer the flexibility to scale IOPS on demand, eliminating the need to pre-provision a specific amount of IO per second. By enabling Autoscale IOPS, your server will automatically adjust IOPS based on workload requirements. With the Autoscale IOPS featured enable, you can now enjoy worry free IO management in Azure Database for MySQL flexible server because the server scales IOPs up or down automatically depending on workload needs.

- - Monitoring page settings (Alerts, Metrics, and Diagnostic settings)

-[Azure Cosmos DB](../cosmos-db/how-to-move-regions.md?toc=/azure/operational-excellence/toc.json)|✅ | ✅| ❌ |

-In this article, you learn how to contact support when working with an Azure Native Dynatrace Service resource. Before contacting support, see [Fix common errors](#fix-common-errors).

-## Contact support

-To contact support about the Azure Native Dynatrace Service, select **New Support request** in the left pane. Select the link to the Dynatrace support website.

-## Fix common errors

-### Marketplace purchase errors

-

-### Unable to create Dynatrace resource

-### Logs not being emitted or limit reached issue

-### Single sign-on errors

-### Metrics checkbox disabled

-### Diagnostic settings are active even after disabling the Dynatrace resource or applying necessary tag rules

-### Free trial errors

-Try the troubleshooting information in this article first. If that doesn't work, contact New Relic support:

-1. In the Azure portal, go to the resource.

-1. On the left pane, under **Support + troubleshooting**, select **New Support Request**.

-1. Select the link to go to the [New Relic support website](https://support.newrelic.com/) and raise a request.

-## Fix common errors

-### Marketplace purchase errors

-### You can't create a New Relic resource

-### Logs aren't being sent to New Relic

-### You can't install or uninstall an extension on a virtual machine

-### Resource monitoring stopped working

-### Diagnostic settings are active even after disabling the New Relic resource or applying necessary tag rules

-Microsoft Cluster Server (MSCS) isn't supported.

-| [Back up and Restore](https://github.com/liamc) | Download the retrievable fields of an index to your local device and then upload the index and its content to a new search service. | [https://github.com/liamca/azure-search-backup-restore](https://github.com/liamca/azure-search-backup-restore) |

- - ignite-2023

-In Azure AI Search, query requests target the searchable text in a [**search index**](search-what-is-an-index.md).

-In this article, learn the steps for defining and publishing a search index. Creating an index establishes the physical data structures on your search service. Once the index definition exists, [**loading the index**](search-what-is-data-import.md) follows as a separate task.

-+ Write permissions. Permission can be granted through an [admin API key](search-security-api-keys.md) on the request. Alternatively, if you're using [role-based access control](search-security-rbac.md), send a request as a member of the Search Contributor role.

-+ An understanding of the data you want to index. Creating an index is a schema definition exercise, so you should have a clear idea of which source fields you want to make searchable, retrievable, filterable, facetable, and sortable (see the [schema checklist](#schema-checklist) for guidance).

- You must also have a unique field in source data that can be used as the [document key (or ID)](#document-keys) in the index.

-+ A stable index location. Moving an existing index to a different search service isn't supported out-of-the-box. Revisit application requirements and make sure that your existing search service, its capacity and location, are sufficient for your needs.

-+ Finally, all service tiers have [index limits](search-limits-quotas-capacity.md#index-limits) on the number of objects that you can create. For example, if you're experimenting on the Free tier, you can only have three indexes at any given time. Within the index itself, there are limits on the number of complex fields and collections.

-A search index has one required field: a document key. A document key is the unique identifier of a search document. In Azure AI Search, it must be a string, and it must originate from unique values in the data source that's providing the content to be indexed. A search service doesn't generate key values, but in some scenarios (such as the [Azure table indexer](search-howto-indexing-azure-tables.md)) it synthesizes existing values to create a unique key for the documents being indexed.

-1. Review [supported data types](/rest/api/searchservice/supported-data-types). The data type affects how the field is used. For example, numeric content is filterable but not full text searchable. The most common data type is `Edm.String` for searchable text, which is tokenized and queried using the full text search engine.

-1. Identify the fields in your data source that contribute searchable content in the index. Searchable content includes short or long strings that are queried using the full text search engine. If the content is verbose (small phrases or bigger chunks), experiment with different analyzers to see how the text is tokenized.

-1. Determine whether to use the default analyzer (`"analyzer": null`) or a different analyzer. [Analyzers](search-analyzers.md) are used to tokenize text fields during indexing and query execution.

-> Full text search is conducted over terms that are tokenized during indexing. If your queries fail to return the results you expect, [test for tokenization](/rest/api/searchservice/test-analyzer) to verify the string actually exists. You can try different analyzers on strings to see how tokens are produced for various analyzers.

-When you're ready to create the index, use a search client that can send the request. You can use the Azure portal or REST APIs for early development and proof-of-concept testing.

- + [**Import data wizard**](search-import-data-portal.md)

-[**Create Index (REST API)**](/rest/api/searchservice/create-index) is used to create an index. You need a REST client to connect to your search service and send requests. See [Quickstart: Text search using REST](search-get-started-rest.md) to get started.

-[**Create Index**](/rest/api/searchservice/create-index) creates the physical data structures (files and inverted indexes) on your search service. Once the index is created, your ability to effect changes using [**Update Index**](/rest/api/searchservice/update-index) is contingent upon whether your modifications invalidate those physical structures. Most field attributes can't be changed once the field is created in your index.

-+ [Add, Update or Delete Documents (REST)](/rest/api/searchservice/addupdate-or-delete-documents)

- - ignite-2023

-This article explains how to import, refresh, and manage content in a predefined search index. In Azure AI Search, a [search index is created first](search-how-to-create-search-index.md), with [data import](search-what-is-data-import.md) following as a second step. The exception is Import Data wizard and indexer pipelines, which create and load an index in one workflow.

-A search service imports and indexes text and vectors in JSON, used in full text search, vector search, hybrid search, and knowledge mining scenarios. Text content is obtainable from alphanumeric fields in the external data source, metadata that's useful in search scenarios, or enriched content created by a [skillset](cognitive-search-working-with-skillsets.md) (skills can extract or infer textual descriptions from images and unstructured content). Vector content is vectorized using an [external embedding model](vector-search-how-to-generate-embeddings.md) or [integrated vectorization (preview)](vector-search-integrated-vectorization.md).

-Once data is indexed, the physical data structures of the index are locked in. For guidance on what can and can't be changed, see [Drop and rebuild an index](search-howto-reindex.md).

-Indexing isn't a background process. A search service will balance indexing and query workloads, but if [query latency is too high](search-performance-analysis.md#impact-of-indexing-on-queries), you can either [add capacity](search-capacity-planning.md#adjust-capacity) or identify periods of low query activity for loading an index.

-## Load documents

-A search service accepts JSON documents that conform to the index schema.

-You can prepare these documents yourself, but if content resides in a [supported data source](search-indexer-overview.md#supported-data-sources), running an [indexer](search-indexer-overview.md) or the Import data wizard can automate document retrieval, JSON serialization, and indexing.

-### [**Azure portal**](#tab/portal)

-In the Azure portal, use the Import Data wizards to create and load indexes in a seamless workflow. If you want to load an existing index, choose an alternative approach.

-1. Sign in to the [Azure portal](https://portal.azure.com/) with your Azure account.

-1. [Find your search service](https://portal.azure.com/#blade/HubsExtension/BrowseResourceBlade/resourceType/Microsoft.Storage%2storageAccounts/) and on the Overview page, select **Import data** or **Import and vectorize data** on the command bar to create and populate a search index. You can follow these links to review the workflow: [Quickstart: Create an Azure AI Search index](search-get-started-portal.md) and [Quickstart: Integrated vectorization (preview)](search-get-started-portal-import-vectors.md).

-If indexers are already defined, you can [reset and run an indexer](search-howto-run-reset-indexers.md) from the Azure portal, which is useful if you're adding fields incrementally. Reset forces the indexer to start over, picking up all fields from all source documents.

-### [**REST**](#tab/import-rest)

-[Documents - Index (REST)](/rest/api/searchservice/documents) is the means by which you can import data into a search index. The @search.action parameter determines whether documents are added in full, or partially in terms of new or replacement values for specific fields.

-1. Formulate a POST call specifying the index name, the "docs/index" endpoint, and a request body that includes the @search.action parameter.

-1. [Look up the documents](/rest/api/searchservice/lookup-document) you just added as a validation step:

-### [**.NET SDK (C#)**](#tab/importcsharp)

-Azure AI Search supports the following APIs for simple and bulk document uploads into an index:

-+ [IndexDocumentsAsync (Azure SDK for .NET)](/dotnet/api/azure.search.documents.searchclient.indexdocumentsasync)

-## Delete orphan documents

-Azure AI Search supports document-level operations so that you can look up, update, and delete a specific document in isolation. The following example shows how to delete a document. In a search service, documents are unrelated so deleting one will have no impact on the rest of the index.

-1. Identify which field is the document key. In the portal, you can view the fields of each index. Document keys are string fields and are denoted with a key icon to make them easier to spot.

-1. Check the values of the document key field: `search=*&$select=HotelId`. A simple string is straightforward, but if the index uses a base-64 encoded field, or if search documents were generated from a `parsingMode` setting, you might be working with values that you aren't familiar with.

-1. [Look up the document](/rest/api/searchservice/lookup-document) to verify the value of the document ID and to review its content before deleting it. Specify the key or document ID in the request. The following examples illustrate a simple string for the [Hotels sample index](search-get-started-portal.md) and a base-64 encoded string for the metadata_storage_path key of the [cog-search-demo index](cognitive-search-tutorial-blob.md).

- ```http

- GET https://[service name].search.windows.net/indexes/hotel-sample-index/docs/1111?api-version=2023-11-01

- ```

- ```http

- GET https://[service name].search.windows.net/indexes/cog-search-demo/docs/aHR0cHM6Ly9oZWlkaWJsb2JzdG9yYWdlMi5ibG9iLmNvcmUud2luZG93cy5uZXQvY29nLXNlYXJjaC1kZW1vL2d1dGhyaWUuanBn0?api-version=2023-11-01

- ```

-1. [Delete the document](/rest/api/searchservice/addupdate-or-delete-documents) to remove it from the search index.

- ```http

- POST https://[service name].search.windows.net/indexes/hotels-sample-index/docs/index?api-version=2023-11-01

- Content-Type: application/json

- api-key: [admin key]

- {

- "value": [

- {

- "@search.action": "delete",

- "id": "1111"

- }

- ]

- }

- ```

-description: Re-index a search index to add or update the schema or delete obsolete documents using a full rebuild or partial indexing.

- - ignite-2023

-# Drop and rebuild an index in Azure AI Search

-This article explains how to drop and rebuild an Azure AI Search index. It explains the circumstances under which rebuilds are required, and provides recommendations for mitigating the effects of rebuilds on ongoing query requests. If you have to rebuild frequently, we recommend using [index aliases](search-how-to-alias.md) to make it easier to swap which index your application is pointing to.

-## Modifications requiring a rebuild

-The following table lists the modifications that require an index drop and rebuild.

-| Action | Description |

-|--|-|

-| Delete a field | To physically remove all traces of a field, you have to rebuild the index. When an immediate rebuild isn't practical, you can modify application code to redirect access away from an obsolete field or use the [searchFields](search-query-create.md#example-of-a-full-text-query-request) and [select](search-query-odata-select.md) query parameters to choose which fields are searched and returned. Physically, the field definition and contents remain in the index until the next rebuild, when you apply a schema that omits the field in question. |

-| Change a field definition | Revisions to a field name, data type, or specific [index attributes](/rest/api/searchservice/create-index) (searchable, filterable, sortable, facetable) require a full rebuild. |

-| Assign an analyzer to a field | [Analyzers](search-analyzers.md) are defined in an index, assigned to fields, and then invoked during indexing to inform how tokens are created. You can add a new analyzer definition to an index at any time, but you can only *assign* an analyzer when the field is created. This is true for both the **analyzer** and **indexAnalyzer** properties. The **searchAnalyzer** property is an exception (you can assign this property to an existing field). |

-| Update or delete an analyzer definition in an index | You can't delete or change an existing analyzer configuration (analyzer, tokenizer, token filter, or char filter) in the index unless you rebuild the entire index. |

-| Add a field to a suggester | If a field already exists and you want to add it to a [Suggesters](index-add-suggesters.md) construct, rebuild the index. |

-| Switch tiers | In-place upgrades aren't supported. If you require more capacity, create a new service and rebuild your indexes from scratch. To help automate this process, you can use the **index-backup-restore** sample code in this [Azure AI Search .NET sample repo](https://github.com/Azure-Samples/azure-search-dotnet-utilities). This app will back up your index to a series of JSON files, and then recreate the index in a search service you specify.|

-## Modifications with no rebuild requirement

-Many other modifications can be made without impacting existing physical structures. Specifically, the following changes don't require an index rebuild. For these changes, you can [update an existing index definition](/rest/api/searchservice/update-index) with your changes.

-+ Set the **retrievable** attribute on an existing field

-+ Update **searchAnalyzer** on a field having an existing **indexAnalyzer**

-When you add a new field, existing indexed documents are given a null value for the new field. On a future data refresh, values from external source data replace the nulls added by Azure AI Search. For more information on updating index content, see [Add, Update or Delete Documents](/rest/api/searchservice/addupdate-or-delete-documents).

-## How to rebuild an index

-During development, the index schema changes frequently. You can plan for it by creating indexes that can be deleted, recreated, and reloaded quickly with a small representative data set.

-For applications already in production, we recommend creating a new index that runs side by side an existing index to avoid query downtime. Your application code provides redirection to the new index.

-1. Check for space. Search services are subject to [maximum number of indexes](search-limits-quotas-capacity.md), varying by service tier. Make sure you have room for a second index.

-1. Determine whether a rebuild is required. If you're just adding fields, or changing some part of the index that is unrelated to fields, you might be able to simply [update the definition](/rest/api/searchservice/update-index) without deleting, recreating, and fully reloading it.

-1. [Get an index definition](/rest/api/searchservice/get-index) in case you need it for future reference.

-1. [Drop the existing index](/rest/api/searchservice/delete-index), assuming you aren't running new and old indexes side by side.

- Any queries targeting that index are immediately dropped. Remember that deleting an index is irreversible, destroying physical storage for the fields collection and other constructs. Pause to think about the implications before dropping it.

-1. [Create a revised index](/rest/api/searchservice/create-index), where the body of the request includes changed or modified field definitions.

-1. [Load the index with documents](/rest/api/searchservice/addupdate-or-delete-documents) from an external source.

-When you create the index, physical storage is allocated for each field in the index schema, with an inverted index created for each searchable field. Fields that aren't searchable can be used in filters or expressions, but don't have inverted indexes and aren't full-text or fuzzy searchable. On an index rebuild, these inverted indexes are deleted and recreated based on the index schema you provide.

-When you load the index, each field's inverted index is populated with all of the unique, tokenized words from each document, with a map to corresponding document IDs. For example, when indexing a hotels data set, an inverted index created for a City field might contain terms for Seattle, Portland, and so forth. Documents that include Seattle or Portland in the City field would have their document ID listed alongside the term. On any [Add, Update or Delete](/rest/api/searchservice/addupdate-or-delete-documents) operation, the terms and document ID list are updated accordingly.

-If you added or renamed a field, use [$select](search-query-odata-select.md) to return that field: `search=*&$select=document-id,my-new-field,some-old-field&$count=true`

-+ Owner, User Access Administrator, or a custom role with [Microsoft.Authorization/roleAssignments/write](/azure/templates/microsoft.authorization/roleassignments) permissions.

-+ **Owner**, **User Access Administrator**, or a custom role with [Microsoft.Authorization/roleAssignments/write](/azure/templates/microsoft.authorization/roleassignments) permissions.

-1. In a new text file in Visual Studio Code, paste in these variables:

-1. Paste in and then send a request that uses the variables you've specified. For the "Search Index Data Reader" role, you can send a query. You can use any [supported API version](/rest/api/searchservice/search-service-api-versions).

-1. In a new text file in Visual Studio Code, paste in these variables:

-1. Clone or create a role, or use JSON to specify the custom role (see the PowerShell tab for JSON syntax).

-1. Clone or create a role, or use JSON to specify the custom role (see the PowerShell tab for JSON syntax).

-By default, Azure AI Search is configured to allow connections over a public endpoint. Access to a search service *through* the public endpoint is protected by authentication and authorization protocols, but the endpoint itself is open to the internet at the network layer for data plane requests.

-If you aren't hosting a public web site, you might want to configure network access to automatically refuse requests unless they originate from an approved set of devices and cloud services. There are two mechanisms:

-+ Inbound rules listing the IP addresses, ranges, or subnets from which requests are admitted

-+ Exceptions to network rules, where requests are admitted with no checks, as long as the request originates from a [trusted service](#grant-access-to-trusted-azure-services)

-Network rules aren't required, but it's a security best practice to add them if you use Azure AI Search for surfacing private or internal corporate content.

-Network rules are scoped to data plane operations against the search service's public endpoint. Data plane operations include creating or querying indexes, and all other actions described by the [Search REST APIs](/rest/api/searchservice/). Control plane operations target service administration. Those operations specify resource provider endpoints, which are subject to the [network protections supported by Azure Resource Manager](/security/benchmark/azure/baselines/azure-resource-manager-security-baseline).

-This article explains how to configure network access to a search service's public endpoint. To block *all* data plane access to the public endpoint, use [private endpoints](service-create-private-endpoint.md) and an Azure virtual network.

-This article assumes the Azure portal to explain network access options. You can also use the [Management REST API](/rest/api/searchmanagement/), [Azure PowerShell](/powershell/module/az.search), or the [Azure CLI](/cli/azure/search).

-## Prerequisites

-+ A search service, any region, at the Basic tier or higher

-+ Owner or Contributor permissions

-+ Some workflows require access to a public endpoint. Specifically, the import wizards in the Azure portal, such as the [Import data wizard](search-get-started-portal.md) and [Import and vectorize data wizard](search-get-started-portal-import-vectors.md), connect to built-in (hosted) sample data and embedding models over the public endpoint. You can switch to code or script to complete the same tasks with firewall rules in place, but if you want to run the wizards, the public endpoint must be available. For more information, see [Secure connections in the import wizards](search-import-data-portal.md#secure-connections).

-1. Under **IP Firewall**, select **Add your client IP address** to create an inbound rule for the public IP address of your system. See [Allow access from the Azure portal IP address](#allow-access-from-the-azure-portal-ip-address) for details.

-Watch the following video for an overview and demo of SOC optimization in the Defender portal. If you just want a demo, jump to minute 8:14. <br>

-Data and metadata are continuously synchronized between the primary and secondary regions. If a region lags or is unavailable, it is possible to promote a secondary region as the primary. This promotion allows for the uninterrupted operation of workloads in the newly promoted region. Such a promotion may be necessitated by degradation of Service Bus or other services within your workload, particularly if you aim to run the various components together. Depending on the severity and impacted services, the promotion could either be planned or forced. In case of planned promotion in-flight messages are replicated before finalizing the promotion, while with forced promotion this is immediately executed.

-The Geo-Replication feature implements metadata and data replication in a primary-secondary replication model. At a given time thereΓÇÖs a single primary region, which is serving both producers and consumers. The secondaries act as hot stand-by regions, meaning that it is not possible to interact with these secondary regions. However, they run in the same configuration as the primary region, allowing for fast promotion, and meaning they your workloads can immediately continue running after promotion has been completed. The Geo-Replication feature is available for the [Premium tier](service-bus-premium-messaging.md).

-> In case a secondary region lags or becomes unavailable, the application will no longer be able to replicate to this region and will start throttling once the replication lag is reached. To continue using the namespace in the primary location, the afflicted secondary region can be removed. If no more secondary regions are configured, the namespace will continue without Geo-Replication enabled. It is possible to add additional secondary regions at any time.

-The following section is an overview to set up the Geo-Replication feature on a new namespace.

-A promotion is triggered manually by the customer (either explicitly through a command, or through client owned business logic that triggers the command) and never by Azure. It gives the customer full ownership and visibility for outage resolution on Azure's backbone. In the portal, click on the **Promote** icon, and follow the instructions in the pop-up blade to delete the region.

-When choosing **Planned** promotion, the service waits to catch up the replication lag before initiating the promotion. On the other hand, when choosing **Forced** promotion, the service immediately initiates the promotion. The namespace will be placed in read-only mode from the time that a promotion is requested, until the time that the promotion has completed. It is possible to do a forced promotion at any time after a planned promotion has been initiated. This puts the user in control to expedite the promotion, when a planned failover takes longer than desired.

-The Premium tier for Service Bus is priced per [Messaging Unit](service-bus-premium-messaging.md#how-many-messaging-units-are-needed). With the Geo-Replication feature, secondary regions run on the same number of MUs as the primary region, and the pricing is calculated over the total number of MUs. Additionally, there is a charge for based on the published bandwidth times the number of secondary regions. During the early public preview, this charge is waived.

- --scope "/subscriptions/<subscriptionId>/resourceGroups/<resource-group-name>/providers/Microsoft.CodeSigning/trustedSigningAccounts/<trustedsigning-account-name>/certificateProfiles/<profileName>"

-Multimedia redirection redirects media content from Azure Virtual Desktop to your local machine for faster processing and rendering. Both Microsoft Edge and Google Chrome support this feature when using the Windows Desktop client.

-Microsoft Teams live events aren't media-optimized for Azure Virtual Desktop and Windows 365 when using the native Teams app. However, if you use Teams live events with a browser that supports Teams live events and multimedia redirection, multimedia redirection is a workaround that provides smoother Teams live events playback on Azure Virtual Desktop. Multimedia redirection supports Enterprise Content Delivery Network (ECDN) for Teams live events.

-This article will show you how to use multimedia redirection for Azure Virtual Desktop with Microsoft Edge or Google Chrome browsers. For more information about how multimedia redirection works, see [Understanding multimedia redirection for Azure Virtual Desktop](multimedia-redirection-intro.md).

-Before you can use multimedia redirection on Azure Virtual Desktop, you'll need the following things:

-This article describes known issues and troubleshooting instructions for multimedia redirection for Azure Virtual Desktop.

-Azure standby pools is a feature for Virtual Machine Scale Sets with Flexible Orchestration that enables faster scaling out of resources by creating a pool of pre-provisioned virtual machines ready to service your workload.

-Standby pools is a powerful feature for accelerating your time to scale-out and reducing the management needed for provisioning virtual machine resources and getting them ready to service your workload. If your applications are latency sensitive or have long initialization steps, standby pools can help with reducing that time and managing the steps to make your virtual machines ready on your behalf.

-Standby pools is only supported on Virtual Machine Scale Sets with Flexible Orchestration.

-> [!CAUTION]

-> This article references CentOS, a Linux distribution that is End Of Life (EOL) status. Please consider your use and plan accordingly. For more information, see the [CentOS End Of Life guidance](~/articles/virtual-machines/workloads/centos/centos-end-of-life.md).

-If automatic VM guest patching is enabled on a VM, then the available *Critical* and *Security* patches are downloaded and applied automatically on the VM. This process kicks off automatically every month when new patches are released. Patch assessment and installation are automatic, and the process includes rebooting the VM as required.

-For IaaS VMs, customers can choose to configure VMs to enable automatic VM guest patching. This will limit the blast radius of VMs getting the updated patch and do an orchestrated update of the VMs. The service also provides [health monitoring](../virtual-machine-scale-sets/virtual-machine-scale-sets-health-extension.md) to detect issues any issues with the update.

-The patch installation process is orchestrated globally by Azure for all VMs that have automatic VM guest patching enabled. This orchestration follows availability-first principles across different levels of availability provided by Azure.

-The patches installed depend on the rollout stage for the VM. Every month, a new global rollout is started where all security and critical patches assessed for an individual VM are installed for that VM. The rollout is orchestrated across all Azure regions in batches (described in the availability-first patching section above).

-Please note that the platform will make periodic patching configuration calls to ensure alignment when model changes are detected on IaaS VMs or VMSS Flexible orchestration. Certain model changes such as, but not limited to, updating assessment mode, patch mode, and extension update may trigger a patching configuration call.

- "rebootSetting": "IfRequired",