-After the 7th failure, entry is flagged and no further retries are run.

-* Amazon Web Services (AWS) application does not support on-demand provisioning.

-## View a training video on configuring and onboarding an AWS account

-To view a video on how to configure and onboard AWS accounts in Permissions Management, select [Configure and onboard AWS accounts](https://www.youtube.com/watch?v=R6K21wiWYmE).

-## View a training video on enabling Permissions Management in your Azure AD tenant

-To view a video on how to enable Permissions Management in your Azure AD tenant, select [Enable Permissions Management in your Azure AD tenant](https://www.youtube.com/watch?v=-fkfeZyevoo).

-## View a training video on enabling Permissions Management

-## View a training video on configuring and onboarding a GCP account

-To view a video on how to configure and onboard GCP accounts in Permissions Management, select [Configure and onboard GCP accounts](https://www.youtube.com/watch?app=desktop&v=W3epcOaec28).

-The sign-in frequency setting works with 3rd party SAML applications and apps that have implemented OAuth2 or OIDC protocols, as long as they don't drop their own cookies and are redirected back to Azure AD for authentication on regular basis.

-Use the What-If tool to simulate a login from the user to the target application and other conditions based on how you configured your policy. The authentication session management controls show up in the result of the tool.

-| Power Apps | Microsoft Azure Management (portal and API) | Early-bound |

-Selecting the ellipsis on the right side of the policy in a sign-in event brings up policy details. This gives administrators additional information about why a policy was successfully applied or not.

-If the information in the event isn't enough to understand the sign-in results or adjust the policy to get desired results, the sign-in diagnostic tool can be used. The sign-in diagnostic can be found under **Basic info** > **Troubleshoot Event**. For more information about the sign-in diagnostic, see the article [What is the sign-in diagnostic in Azure AD](../reports-monitoring/overview-sign-in-diagnostics.md).

-| `x5t` | Base64url-encoded SHA-1 thumbprint of the X.509 certificate thumbprint. For example, given an X.509 certificate hash of `84E05C1D98BCE3A5421D225B140B36E86A3D5534` (Hex), the `x5t` claim would be `hOBcHZi846VCHSJbFAs26Go9VTQ=` (Base64url). |

- "TenantId": "common"

- // To call an API

- "ClientSecret": "[Copy the client secret added to the app from the Azure portal]",

- "ClientCertificates": [

- ]

- },

- "GraphBeta": {

- }

- "TenantId": "common"

- // To call an API

- "ClientCertificates": [

- ]

- // ...

- public void ConfigureServices(IServiceCollection services)

- {

- // ...

- services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)

- .AddMicrosoftIdentityWebApi(Configuration, Configuration.GetSection("AzureAd"))

- .EnableTokenAcquisitionToCallDownstreamApi()

- .AddInMemoryTokenCaches();

- // ...

- }

- // ...

- // ...

- public void ConfigureServices(IServiceCollection services)

- {

- // ...

- services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)

- .AddMicrosoftIdentityWebApi(Configuration, Configuration.GetSection("AzureAd"))

- .EnableTokenAcquisitionToCallDownstreamApi()

- .AddMicrosoftGraph(Configuration.GetSection("GraphBeta"))

- .AddInMemoryTokenCaches();

- // ...

- }

- // ...

- // ...

- public void ConfigureServices(IServiceCollection services)

- {

- // ...

- services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)

- .AddMicrosoftIdentityWebApi(Configuration, "AzureAd")

- .EnableTokenAcquisitionToCallDownstreamApi()

- .AddDownstreamWebApi("MyApi", Configuration.GetSection("GraphBeta"))

- .AddInMemoryTokenCaches();

- // ...

- }

- // ...

-The goal of Azure AD registered devices is to provide your users with support for bring your own device (BYOD) or mobile device scenarios. In these scenarios, a user can access your organizationΓÇÖs resources using a personal device.

-Learn more about how to [integrate your on-premises identities with Azure AD](whatis-hybrid-identity.md).

-Ensure that your directory has at least as many Azure AD Premium P2 licenses as you have employees that will be performing the following tasks:

- * To send service principle sign-in logs to the Log Analytics workspace, select the **ServicePrincipleSignInLogs** check box.

-1. Sign into [SAP Identity Provisioning admin console](https://ips-xlnk9v890j.dispatcher.us1.hana.ondemand.com/) with your administrator account and then select **Proxy Systems**.

-* [Learn how to review logs and get reports on provisioning activity](../app-provisioning/check-status-user-account-provisioning.md)

-> The OSM add-on installs version *1.0.0* of OSM on your cluster.

-> The OSM add-on installs version *1.0.0* of OSM on your cluster.

-> The OSM add-on installs version *1.0.0* of OSM on your cluster.

-The following identity providers are supported for public preview:

- > The c# script function code you just pasted simply logs a line to the functions logs, and returns the text "Hello World" with some dynamic data (the date and time).

-| telemetry.metrics.cloud | Whether or not to [enable emitting metrics to Azure Monitor](how-to-configure-cloud-metrics-logs.md). | No | `true` |

-| observability.opentelemetry.enabled | Whether or not to enable [emitting metrics to an OpenTelemetry collector](how-to-deploy-self-hosted-gateway-kubernetes-opentelemetry.md) on Kubernetes. | No | `false` |

-## Ciphers

-Microsoft Azure Attestation is a unified solution for remotely verifying the trustworthiness of a platform and integrity of the binaries running inside it. The service supports attestation of the platforms backed by Trusted Platform Modules (TPMs) alongside the ability to attest to the state of Trusted Execution Environments (TEEs) such as [Intel® Software Guard Extensions](https://www.intel.com/content/www/us/en/architecture-and-technology/software-guard-extensions.html) (SGX) enclaves, [Virtualization-based Security](/windows-hardware/design/device-experiences/oem-vbs) (VBS) enclaves, [Trusted Platform Modules (TPMs)](/windows/security/information-protection/tpm/trusted-platform-module-overview), [Trusted launch for Azure VMs](../virtual-machines/trusted-launch.md) and [Azure confidential VMs](../confidential-computing/confidential-vm-overview.md).

-[Intel® Software Guard Extensions](https://www.intel.com/content/www/us/en/architecture-and-technology/software-guard-extensions.html) (SGX) refers to hardware-grade isolation, which is supported on certain Intel CPUs models. SGX enables code to run in sanitized compartments known as SGX enclaves. Access and memory permissions are then managed by hardware to ensure a minimal attack surface with proper isolation.

-Intel® Xeon® Scalable processors only support [ECDSA-based attestation solutions](https://software.intel.com/content/www/us/en/develop/topics/software-guard-extensions/attestation-services.html#Elliptic%20Curve%20Digital%20Signature%20Algorithm%20(ECDSA)%20Attestation) for remotely attesting SGX enclaves. Utilizing ECDSA based attestation model, Azure Attestation supports validation of Intel® Xeon® E3 processors and Intel® Xeon® Scalable processor-based server platforms.

-[Trusted Platform Modules (TPM)](/windows/security/information-protection/tpm/trusted-platform-module-overview) based attestation is critical to provide proof of a platformsΓÇÖ state. TPM acts as the root of trust and the security coprocessor to provide cryptographic validity to the measurements(evidence). Devices with a TPM, can rely on attestation to prove that boot integrity is not compromised along with using the claims to detect feature states enablementΓÇÖs during boot.

-Azure customers can [prevent bootkit and rootkit infections](https://www.youtube.com/watch?v=CQqu_rTSi0Q) by enabling [Trusted launch](../virtual-machines/trusted-launch.md)) for their virtual machines (VMs). When the VM is Secure Boot and vTPM enabled with guest attestation extension installed, vTPM measurements get submitted to Azure Attestation periodically for monitoring of boot integrity. An attestation failure indicates potential malware, which is surfaced to customers via Microsoft Defender for Cloud, through Alerts and Recommendations.

-| [Azure Cache for Redis](../azure-cache-for-redis/cache-high-availability.md) |   |

- * OS

-## Version 1.15 - February 2022

-### Known issues

-### New features

- - Added TLS 1.2 check

- - Azure Arc network endpoints are now required, onboarding will abort if they are not accessible

- - New `--skip-network-check` flag to override the new network check behavior

- - On-demand network check now available using `azcmagent check`

-### Fixed

-If you expect your server to communicate with Azure through an Azure Arc Private Link Scope, use the `--use-private-link` parameter to run additional tests that verify the hostnames and IP addresses resolved for the Azure Arc services are private endpoints.

-`azcmagent check --location <regionName> --use-private-link --verbose`

-Azure Arc-enabled servers supports the installation of the Connected Machine agent on physical servers and virtual machines hosted outside of Azure. This includes support for virtual machines running on platforms like:

-Azure Arc-enabled servers does not support installing the agent on virtual machines running in Azure, or on virtual machines running on Azure Stack Hub or Azure Stack Edge, as they are already modeled as Azure VMs and able to be managed directly in Azure.

-> On Linux, Azure Arc-enabled servers installs several daemon processes. We only support using systemd to manage these processes. In some environments, systemd may not be installed or available, in which case Arc-enabled servers is not supported, even if the distribution is otherwise supported. These environments include **Windows Subsystem for Linux** (WSL) and most container-based systems, such as Kubernetes or Docker. The Azure Connected Machine agent can be installed on the node that runs the containers but not inside the containers themselves.

-> While Azure Arc-enabled servers supports Amazon Linux, the following features are not supported by this distribution:

-Azure Arc-enabled servers supports up to 5,000 machine instances in a resource group.

-Select **Activity log** to view actions done to your cache. You can also use filtering to expand this view to include other resources. For more information on working with audit logs, see [Audit operations with Resource Manager](../azure-monitor/essentials/activity-log.md). For more information on monitoring Azure Cache for Redis events, see [alerts](cache-how-to-monitor.md#alerts).

-When choosing a new memory reservation value (**maxmemory-reserved** or **maxfragmentationmemory-reserved**), consider how this change might affect a cache that is already running with large amounts of data in it. For instance, if you have a 53-GB cache with 49 GB of data, then change the reservation value to 8 GB, this change drops the max available memory for the system down to 45 GB. If either your current `used_memory` or your `used_memory_rss` values are higher than the new limit of 45 GB, then the system will have to evict data until both `used_memory` and `used_memory_rss` are below 45 GB. Eviction can increase server load and memory fragmentation. For more information on cache metrics such as `used_memory` and `used_memory_rss`, see [Available metrics and reporting intervals](cache-how-to-monitor.md#available-metrics-and-reporting-intervals).

-<a name="recommendations"></a>

-You can monitor these metrics on the [Monitoring charts](cache-how-to-monitor.md#monitoring-charts) and [Usage charts](cache-how-to-monitor.md#usage-charts) sections of the **Azure Cache for Redis** on the left.

-| Server load |[Usage charts - Redis Server Load](cache-how-to-monitor.md#usage-charts) |

-Select **Alert rules** to configure alerts based on Azure Cache for Redis metrics. For more information, see [Alerts](cache-how-to-monitor.md#alerts).

-By default, cache metrics in Azure Monitor are [stored for 30 days](../azure-monitor/essentials/data-platform-metrics.md) and then deleted. To persist your cache metrics for longer than 30 days, select **Diagnostics** to [configure the storage account](cache-how-to-monitor.md#export-cache-metrics) used to store cache diagnostics.

-Azure Cache for Redis uses [Azure Monitor](../azure-monitor/index.yml) to provide several options for monitoring your cache instances. These tools enable you to monitor the health of your Azure Cache for Redis instances and help you manage your caching applications.

-Metrics for Azure Cache for Redis instances are collected using the Redis [INFO](https://redis.io/commands/info) command. Metrics are collected approximately two times per minute and automatically stored for 30 days so they can be displayed in the metrics charts and evaluated by alert rules.

-To configure a different retention policy, see [Export cache metrics](#export-cache-metrics).

-For more information about the different INFO values used for each cache metric, see [Available metrics and reporting intervals](#available-metrics-and-reporting-intervals).

-To view cache metrics, [browse](cache-configure.md#configure-azure-cache-for-redis-settings) to your cache instance in the [Azure portal](https://portal.azure.com). Azure Cache for Redis provides some built-in charts on the left using **Overview** and **Redis metrics**. Each chart can be customized by adding or removing metrics and changing the reporting interval.

-## View pre-configured metrics charts

-On the left, **Overview** has the following pre-configured monitoring charts.

-### Monitoring charts

-The **Monitoring** sectionin **Overview** on the lefthas **Hits and Misses**, **Gets and Sets**, **Connections**, and **Total Commands** charts.

-### Usage charts

-The **Usage** sectionin **Overview** on the lefthas **Redis Server Load**, **Memory Usage**, **Network Bandwidth**, and **CPU Usage** charts, and also displays the **Pricing tier** for the cache instance.

-The **Pricing tier** displays the cache pricing tier, and can be used to [scale](cache-how-to-scale.md) the cache to a different pricing tier.

-## View metrics charts for all your caches with Azure Monitor for Azure Cache for Redis

-Use [Azure Monitor for Azure Cache for Redis](../azure-monitor/insights/redis-cache-insights-overview.md) (preview) for a view of the overall performance, failures, capacity, and operational health of all your Azure Cache for Redis resources. View metrics in a customizable, unified, and interactive experience that lets you drill down into details for individual resources. Azure Monitor for Azure Cache for Redis is based on the [workbooks feature of Azure Monitor](../azure-monitor/visualize/workbooks-overview.md) that provides rich visualizations for metrics and other data. To learn more, see the [Explore Azure Monitor for Azure Cache for Redis](../azure-monitor/insights/redis-cache-insights-overview.md) article.

-## View metrics with Azure Monitor metrics explorer

-For scenarios where you don't need the full flexibility of Azure Monitor for Azure Cache for Redis, you can instead view metrics and create custom charts using the Azure Monitor metrics explorer. Select **Metrics** from the **Resource menu**, and customize your chart using your preferred metrics, reporting interval, chart type, and more.

-In the left navigation pane of contoso55, Metrics is an option under Monitoring and is highlighted. On Metrics, is a list of metrics. Cache hits and Cache misses are selected.

-For more information on working with metrics using Azure Monitor, see [Overview of metrics in Microsoft Azure](../azure-monitor/data-platform.md).

-## Export cache metrics

-By default, cache metrics in Azure Monitor are [stored for 30 days](../azure-monitor/essentials/data-platform-metrics.md) and then deleted. To persist your cache metrics for longer than 30 days, you can [designate a storage account](../azure-monitor/essentials/resource-logs.md#send-to-azure-storage) and specify a **Retention (days)** policy for your cache metrics.

-To configure a storage account for your cache metrics:

-1. In the **Azure Cache for Redis** page, under the **Monitoring** heading, select **Diagnostics**.

-1. Select **Save**.

->In addition to archiving your cache metrics to storage, you can also [stream them to an Event hub or send them to Azure Monitor logs](../azure-monitor/essentials/rest-api-walkthrough.md#retrieve-metric-values).

-To access your metrics, you can view them in the Azure portal as previously described in this article. You can also access them using the [Azure Monitor Metrics REST API](../azure-monitor/essentials/stream-monitoring-data-event-hubs.md).

-## Available metrics and reporting intervals

-Cache metrics are reported using several reporting intervals, including **Past hour**, **Today**, **Past week**, and **Custom**. On the left, you find the **Metric** selection for each metrics chart displays the average, minimum, and maximum values for each metric in the chart, and some metrics display a total for the reporting interval.

-Each metric includes two versions. One metric measures performance for the entire cache, and for caches that use [clustering](cache-how-to-premium-clustering.md), a second version of the metric that includes `(Shard 0-9)` in the name measures performance for a single shard in a cache. For example if a cache has four shards, `Cache Hits` is the total number of hits for the entire cache, and `Cache Hits (Shard 3)` is just the hits for that shard of the cache.

-> [!NOTE]

-> When you're seeing the aggregation type :

->

-> - CountΓÇ¥ show 2, it indicates the metric received 2 data points for your time granularity (1 minute).

-> - ΓÇ£MaxΓÇ¥ shows the maximum value of a data point in the time granularity,

-> - ΓÇ£MinΓÇ¥ shows the minimum value of a data point in the time granularity,

-> - ΓÇ£AverageΓÇ¥ shows the average value of all data points in the time granularity.

-> - ΓÇ£SumΓÇ¥ shows the sum of all data points in the time granularity and may be misleading depending on the specific metric.

-> Under normal conditions, ΓÇ£AverageΓÇ¥ and ΓÇ£MaxΓÇ¥ will be very similar because only one node emits these metrics (the master node). In a scenario where the number of connected clients changes rapidly, ΓÇ£Max,ΓÇ¥ ΓÇ£Average,ΓÇ¥ and ΓÇ£MinΓÇ¥ would show very different values and this is also expected behavior.

->

-> Generally, ΓÇ£AverageΓÇ¥ will show you a smooth chart of your desired metric and reacts well to changes in time granularity. ΓÇ£MaxΓÇ¥ and ΓÇ£MinΓÇ¥ may hide large changes in the metric if the time granularity is large but can be used with a small time granularity to help pinpoint exact times when large changes occur in the metric.

->

-> ΓÇ£CountΓÇ¥ and ΓÇ£SumΓÇ¥ may be misleading for certain metrics (connected clients included).

->

-> Hence, we suggested you to have a look at the Average metrics and not the Sum metrics.

-> Even when the cache is idle with no connected active client applications, you may see some cache activity, such as connected clients, memory usage, and operations being performed. This activity is normal during the operation of an Azure Cache for Redis instance.

->

-| | |

-| Cache Latency (Preview) | The latency of the cache calculated using the internode latency of the cache. This metric is measured in microseconds, and has three dimensions: `Avg`, `Min`, and `Max`. The dimensions represent the average, minimum, and maximum latency of the cache during the specified reporting interval. |

-## Alerts

-To configure Alert rules for your cache, select **Alert rules** from the **Resource menu**.

- Once the cache is created, you connect to it and use it just like a non-clustered cache. Redis distributes the data throughout the Cache shards. If diagnostics is [enabled](cache-how-to-monitor.md#export-cache-metrics), metrics are captured separately for each shard and can be [viewed](cache-how-to-monitor.md) in Azure Cache for Redis on the left.

-Redis exposes two stats, `used_memory` and `used_memory_rss`, through the [INFO](https://redis.io/commands/info) command that can help you identify this issue. You can [view these metrics](cache-how-to-monitor.md#view-metrics-with-azure-monitor-metrics-explorer) using the portal.

-[Monitor metrics](cache-how-to-monitor.md#view-metrics-with-azure-monitor-metrics-explorer) such as server load. Watch for spikes in `Server Load` usage that correspond with timeouts. [Create alerts](cache-how-to-monitor.md#alerts) on metrics on server load to be notified early about potential impacts.

-The "Cache Read" and "Cache Write" metrics can be used to see how much server-side bandwidth is being used. You can [view these metrics](cache-how-to-monitor.md#view-metrics-with-azure-monitor-metrics-explorer) in the portal. [Create alerts](cache-how-to-monitor.md#alerts) on metrics like cache read or cache write to be notified early about potential impacts.

-For more information, see [Available metrics and reporting intervals](cache-how-to-monitor.md#available-metrics-and-reporting-intervals).

- [HttpTrigger(AuthorizationLevel.Anonymous, "post")]object message,

- new SignalRMessage

- Target = "newMessage",

- Arguments = new [] { message }

-The following example shows a SignalR trigger that reads a message string from one hub using a SignalR trigger and writes it to a second hub using an output binding. The *target* is the name of the method to be invoked on each client.

-The `MyConnectionInfo` and `MyMessage` classes are defined as follows:

- new SignalRMessage

- Target = "newMessage",

- Arguments = new [] { message }

-

- [HttpTrigger(AuthorizationLevel.Anonymous, "post")]object message,

- new SignalRMessage

-Not supported for isolated process.

- new SignalRMessage

- Target = "newMessage",

- Arguments = new [] { message }

-

-Example not available for isolated process.

- new SignalRMessage

- Target = "newMessage",

- Arguments = new [] { message }

-

-SignalR Service allows users to be added to groups. Messages can then be sent to a group. You can use the `SignalR` output binding to manage a user's group membership. The following example adds a user to a group.

-The following example removes a user from a group.

-```csharp

-[FunctionName("removeFromGroup")]

-public static Task RemoveFromGroup(

- [HttpTrigger(AuthorizationLevel.Anonymous, "post")]HttpRequest req,

- ClaimsPrincipal claimsPrincipal,

- [SignalR(HubName = "chat")]

- IAsyncCollector<SignalRGroupAction> signalRGroupActions)

-{

- var userIdClaim = claimsPrincipal.FindFirst(ClaimTypes.NameIdentifier);

- return signalRGroupActions.AddAsync(

- new SignalRGroupAction

- {

- UserId = userIdClaim.Value,

- GroupName = "myGroup",

- Action = GroupAction.Remove

- });

-}

-```

-Example not available for isolated process.

-SignalR Service allows users to be added to groups. Messages can then be sent to a group. You can use the `SignalR` output binding to manage a user's group membership. The following example adds a user to a group.

-

-SignalR Service allows users to be added to groups. Messages can then be sent to a group. You can use the `SignalR` output binding to manage a user's group membership.

-

-|[Wovenware CA, Inc.](https://www.wovenware.com)|

-| May 2022 | <ul><li>Fixed issue where agent stops functioning due to faulty XPath query. With this version, only query related Windows events will fail, other data types will continue to be collected</li><li>Collection of Windows network troubleshooting logs added to 'CollectAMAlogs.ps1' tool</li></ul> | 1.5.0.0 | Coming soon |

- - AMA uses Managed Identity or AAD tokens (for clients) which are much more secure than the legacy authentication methods.

- - Enabling/disabling of additional capabilities or services (Sentinel, Defender for Cloud, VM Insights, etc) is more transparent and controlled, using the extensibility architecture of AMA.

-description: Learn how to scale your resource by custom metric in Azure.

-# Get started with auto scale by custom metric in Azure

-This article describes how to scale your resource by a custom metric in Azure portal.

-Azure Monitor autoscale applies only to [Virtual Machine Scale Sets](https://azure.microsoft.com/services/virtual-machine-scale-sets/), [Cloud Services](https://azure.microsoft.com/services/cloud-services/), [App Service - Web Apps](https://azure.microsoft.com/services/app-service/web/), [Azure Data Explorer Cluster](https://azure.microsoft.com/services/data-explorer/) ,

-Integration Service Environment and [API Management services](../../api-management/api-management-key-concepts.md).

-## Lets get started

-This article assumes that you have a web app with application insights configured. If you don't have one already, you can [set up Application Insights for your ASP.NET website][1]

- ![Launch Azure Monitor][3]

- ![Discover auto scale in Azure monitor][4]

- > Note: The steps below use an app service plan associated with a web app that has app insights configured.

- ![Scale setting for new web app][5]

- ![Scale by custom metric][6]

- ![Scale based on cpu][7]

- > Note: In case there is a problem reading the resource metrics and the current capacity is below the default capacity, then to ensure the availability of the resource, Autoscale will scale out to the default value. If the current capacity is already higher than default capacity, Autoscale will not scale in.

-Congratulations. You now successfully created your scale setting to auto scale your web app based on a custom metric.

-> Note: The same steps are applicable to get started with a VMSS or cloud service role.

-<!--Reference-->

-[1]: ../app/asp-net.md

-[2]: https://portal.azure.com

-[3]: ./media/autoscale-custom-metric/azure-monitor-launch.png

-[4]: ./media/autoscale-custom-metric/discover-autoscale-azure-monitor.png

-[5]: ./media/autoscale-custom-metric/scale-setting-new-web-app.png

-[6]: ./media/autoscale-custom-metric/scale-by-custom-metric.png

-[7]: ./media/autoscale-custom-metric/autoscale-setting-custom-metrics-ai.png

-There can be cost implications with your workspace design, most notably when you combine different services such as operational data from Azure Monitor and security data from . See [Workspaces with Microsoft Sentinel](logs/cost-logs.md#workspaces-with-microsoft-sentinel) and [Workspaces with Microsoft Defender for Cloud](logs/cost-logs.md#workspaces-with-microsoft-defender-for-cloud) for a description of these implications and guidance on determining the most cost-effective solution for your environment.

-For a full list of the metric definitions that form these workbooks, check out the [article on available metrics and reporting intervals](../../azure-cache-for-redis/cache-how-to-monitor.md#available-metrics-and-reporting-intervals).

-All tables in your Log Analytics are Analytics tables, by default. You can configure particular tables to use Basic Logs. You can't configure a table for Basic Logs if Azure Monitor relies on that table for specific features.

- "query": "ContainerLog | where LogEntry has \"some value\"\n",

-In this example, the following steps facilitated the customization of an exported Azure Resource Manager template:

-1. Switch the workbook to edit mode by selecting the **Edit** toolbar item.

-1. Switch the workbook to edit mode by selecting the **Edit** toolbar item.

-1. Switch the workbook to edit mode by selecting *Edit* toolbar item.

-2. Select *Add* then *Add query*.

-|Pin |While in pin mode, you can select **Pin Workbook** to pin an item from this workbook to a dashboard. Select **Link to Workbook**, to pin a static link to this workbook on your dashboard. You can choose a specific item in your workbook to pin.|

-1. Follow the steps in the [Setting up interactivity on grid row click](#set-up-a-grid-row-click) section to set up two interactive controls.

- :::image type="content" source="media/workbooks-configurations/workbooks-conditional-visibility-visible.png" alt-text="Screenshot showing a workbook with a conditional item that is visible.":::

-The image below shows the hidden case where `ShowDetails` is `No`

-Query and metrics items can export parameters when a row or multiple rows are selected.

-1. In the query step displaying the grid, select **Advanced settings**.

-> For multi select, only unique values are exported. For example, you will not see output array values like " 1,1,2,1". The array output will be get "1,2".

-You can use links to create links to other views, workbooks, other items inside a workbook, or to create tabbed views within a workbook. The links can be styled as hyperlinks, buttons, and tabs.

-|Bullet List | :::image type="content" source="media/workbooks-create-workbook/workbooks-link-style-bullet.png" alt-text="Screenshot of bullet style workbook link."::: | The default, links, appears as a bulleted list of links, one on each line. The **Text before link** and **Text after link** fields can be used to add more text before or after the link items. |

-|Scroll to a step| When selecting a link, the workbook will move focus and scroll to make another step visible. This action can be used to create a "table of contents", or a "go back to the top" style experience. |

-Most of the time, tab links are combined with the **Set a parameter value** action. Here's an example showing the links step configured to create 2 tabs, where selecting either tab will set a **selectedTab** parameter to a different value (the example shows a third tab being edited to show the parameter name and parameter value placeholders):

-You can then add other items in the workbook that are conditionally visible if the **selectedTab** parameter value is "1" by using the advanced settings:

-The first tab is selected by default, initially setting **selectedTab** to 1, and making that step visible. Selecting the second tab will change the value of the parameter to "2", and different content will be displayed:

-A group item in a workbook allows you to logically group a set of steps in a workbook.

- - **Layout**: When you want items to be organized vertically, you can create a group of items that will all stack up and set the styling of the group to be a percentage width instead of setting percentage width on all the individual items.

- - **Visibility**: When you want several items to hide or show together, you can set the visibility of the entire group of items, instead of setting visibility settings on each individual item. This can be useful in templates that use tabs, as you can use a group as the content of the tab, and the entire group can be hidden/shown based on a parameter set by the selected tab.

- - **Performance**: When you have a large template with many sections or tabs, you can convert each section into its own subtemplate, and use groups to load all the subtemplates within the top-level template. The content of the subtemplates won't load or run until a user makes those groups visible. Learn more about [how to split a large template into many templates](#splitting-a-large-template-into-many-templates).

-1. Select items for your group.

- This is a group in read mode with two items inside: a text item and a query item.

- In edit mode, you can see those two items are actually inside a group item. In the screenshot below, the group is in edit mode. The group contains two items inside the dashed area. Each item can be in edit or read mode, independent of each other. For example, the text step is in edit mode while the query step is in read mode.

-Lazy loading is the default. In lazy loading, the group is only loaded when the item is visible. This allows a group to be used by tab items. If the tab is never selected, the group never becomes visible and therefore the content isn't loaded.

-For groups created from a template, the content of the template isn't retrieved and the items in the group aren't created until the group becomes visible. Users see progress spinners for the whole group while the content is retrieved.

-When a template is loaded into a group, the workbook attempts to merge any parameters declared in the template with parameters that already exist in the group. Any parameters that already exist in the workbook with identical names will be merged out of the template being loaded. If all parameters in a parameter step are merged out, the entire parameters step will disappear.

-Then a group item loads a second template that has its own two parameters and a text step, where the parameters are named the same:

-When the second template is loaded into the group, the duplicate parameters are merged out. Since all of the parameters are merged away, the inner parameters step is also merged out, resulting in the group containing only the text step.

- :::image type="content" source="media/workbooks-create-workbook/workbooks-groups-wont-merge-away.png" alt-text="Screenshot of a group item with the result of parameters merged away.":::

-When the group's item's template is loaded, the **TimeRange** parameter is merged out of the group. The workbook contains the initial parameters step with **TimeRange** and **Filter**, and the group's parameter only includes **FilterB**.

-If the loaded template had contained **TimeRange** and **Filter** (instead of **FilterB**), then the resulting workbook would have a parameters step and a group with only the text step remaining.

-When splitting a template into parts, you'll basically need to split the template into many templates (subtemplates) that all work individually. If the top-level template has a **TimeRange** parameter that other items use, the subtemplate will need to also have a parameters item that defines a parameter with same exact name. The subtemplates will work independently and can load inside larger templates in groups.

-To turn a larger template into multiple subtemplates:

-1. Create a new empty group near the top of the workbook, after the shared parameters. This new group will eventually become a subtemplate.

-1. Create a copy of the shared parameters step, and then use **move into group** to move the copy into the group created in step 1. This parameter allows the subtemplate to work independently of the outer template, and will get merged out when loaded inside the outer template.

- > Subtemplates don't technically need to have the parameters that get merged out if you never plan on the sub-templates being visible by themselves. However, if the sub-templates do not have the parameters, it will make them very hard to edit or debug if you need to do so later.

-1. Move each item in the workbook you want to be in the subtemplate into the group created in step 1.

-1. If the individual steps moved in step 3 had conditional visibilities, that will become the visibility of the outer group (like used in tabs). Remove them from the items inside the group and add that visibility setting to the group itself. Save here to avoid losing changes and/or export and save a copy of the json content.

-1. You can then change the group step to load from template and set the template ID field to the workbook/template you created in step 5. To work with workbooks IDs, the source needs to be the full Azure Resource ID of a shared workbook. Press *Load* and the content of that group will now be loaded from that subtemplate instead of saved inside this outer workbook.

-Use the pin button next to a text, query, or metrics steps in a workbook can be pinned by using the pin button on those items while the workbook is in pin mode, or if the workbook author has enabled settings for that element to make the pin icon visible.

-If a pinned step has an explicitly set time range (does not use a time range parameter), that time range will always be used for the dashboard, regardless of the dashboard's settings. The subtitle of the pinned part will not show the dashboard's time range, and the query will not auto-refresh on the dashboard. The subtitle will show the last time the query executed.

-1. Switch the workbook to edit mode by clicking on the **Edit** toolbar item.

-1. Switch the workbook to edit mode by clicking on the *Edit* toolbar item.

-|Grid|By default, grids only display the first 250 rows of data. This setting can be changed in the query step's advanced settings to display up to 10,000 rows. Any further items will be ignored, and a warning will be displayed.|

-|Tiles|Tiles is limited to displaying 100 tiles. Any further items will be ignored, and a warning will be displayed.|

-|Maps|Maps are limited to displaying 100 points. Any further items will be ignored, and a warning will be displayed.|

-Link actions can be accessed through Workbook link steps or through column settings of [grids](../visualize/workbooks-grid-visualizations.md), [titles](../visualize/workbooks-tile-visualizations.md), or [graphs](../visualize/workbooks-graph-visualizations.md).

-|Step| Use the value set in the current step of the workbook. This is common in query and metrics steps to set the workbook resources in the linked workbook to those used *in the query/metrics step*, not the current workbook. |

-1. Switch the workbook to edit mode by selecting on the **Edit** toolbar item.

-1. Switch the workbook to edit mode by selecting on the **Edit** toolbar item.

-1. Switch the workbook to edit mode by selecting on the **Edit** toolbar item.

-1. Switch the workbook to edit mode by selecting on the **Edit** toolbar item.

-

-1. Switch the workbook to edit mode by clicking on the **Edit** toolbar item.

-6. Select the **Done Editing** button to complete editing the step.

-The following text styles are available for text step:

-When deploying a local Bicep file to a resource group: the function returns the following format:

-When you deploy to an Azure subscription, management group, or tenant, the return object includes a `location` property. The location property is included when deploying a local Bicep file. The format is:

-Arrays start with a left bracket (`[`) and end with a right bracket (`]`). In Bicep, an array must be declared in multiple lines. Don't use commas between values.

-Objects start with a left brace (`{`) and end with a right brace (`}`). In Bicep, an object must be declared in multiple lines. Each property in an object consists of key and value. The key and value are separated by a colon (`:`). An object allows any property of any type. Don't use commas to between properties.

-param exampleObject object = {

-For more information about supported input and output options corresponding to the data source type, see [Azure Stream Analytics - Input Overview](../../stream-analytics/stream-analytics-add-inputs.md) and [Azure Stream Analytics - Outputs Overview](../../stream-analytics/stream-analytics-define-outputs.md) respectively.

-When creating an Azure Video Indexer account, you can choose a free trial account (where you get a certain number of free indexing minutes) or a paid option (where you're not limited by the quota). With a free trial, Azure Video Indexer provides up to 600 minutes of free indexing to users and up to 2400 minutes of free indexing to users that subscribe to the Azure Video Indexer API on the [developer portal](https://aka.ms/avam-dev-portal). With the paid options, Azure Video Indexer offers two types of accounts: classic accounts(General Availability), and ARM-based accounts(Public Preview). Main difference between the two is account management platform. While classic accounts are built on the API Management, ARM-based accounts management is built on Azure, enables to apply access control to all services with role-based access control (Azure RBAC) natively.

- :::image type="content" alt-text="Screenshot that shows how to select an event grid subscription." source="./media/create-account/event-grid.png":::

-> :::image type="content" source="./media/video-indexer-overview/model-chart.png" alt-text="Azure Video Indexer flow diagram":::

- * **People's detected clothing**: detects the clothing types of people appearing in the video and provides information such as long or short sleeves, long or short pants and skirt or dress. The detected clothing are associated with the people wearing it and the exact timestamp (start,end) along with a confidence level for the detection are provided.

-* Azure Video Indexer portal: An easy to use solution that lets you evaluate the product, manage the account, and customize models.

-The Distributed Firewall could be used to filter traffic to VMs. This feature is outside the scope of this document. For more information, see [NSX-T Distributed Firewall Administration Guide]( https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.1/administration/GUID-6AB240DB-949C-4E95-A9A7-4AC6EF5E3036.html)git status.

-The Azure VMware Solution private gives you the ability to deploy a vSphere cluster in Azure. For each private cloud created, there's one vSAN cluster by default. You can add, delete, and scale clusters. The minimum number of hosts per cluster is three. More hosts can be added one at a time, up to a maximum of 16 hosts per cluster. The maximum number of clusters per private cloud is four. The initial deployment of Azure VMware Solution has three hosts.

->You can always extend the cluster and add additional clusters later if you need to go beyond the initial deployment number.

-# Quickstart: Use Bicep to deploy Azure Web PubSub Service

-| Security | Delete Backup Data | - Azure Virtual Machine <br><br> - SQL in Azure VM (non-AG scenarios) <br><br> - SAP HANA in Azure VM <br><br> - Azure Backup Agent <br><br> - DPM <br><br> - Azure Backup Server <br><br> - Azure Database for PostgreSQL Server <br><br> - Azure Blobs <br><br> - Azure Managed Disks | This alert is fired when a user stops backup and deletes backup data (Note ΓÇô If soft-delete feature is disabled for the vault, Delete Backup Data alert is not received) |

- https://demoendpoint.azureedge.net/container1/demo.jpg/?sv=2017-07-29&ss=b&srt=c&sp=r&se=2027-12-19T17:35:58Z&st=2017-12-19T09:35:58Z&spr=https&sig=kquaXsAuCLXomN7R00b8CYM13UpDbAHcsRfGOW3Du1M%3D

-For more information about setting up token authentication, see [Securing Azure Content Delivery Network assets with token authentication](./cdn-token-auth.md).

-# Azure Certified Device - Edge Secured-core (Preview) #

-While in public preview, we are supporting a small number of partners to pre-validate devices against the Edge Secured-core program requirements. If you would like participate in the Edge Secured-core public preview, please contact iotcert@microsoft.com

-The `NetworkConfiguration` element of the service configuration file specifies Virtual Network and DNS values. These settings are optional for Cloud Services.

- set netfx="NDP472"

-

- set netfxregkey="0x70BF6"

-The new **multivariate anomaly detection** APIs further enable developers by easily integrating advanced AI for detecting anomalies from groups of metrics, without the need for machine learning knowledge or labeled data. Dependencies and inter-correlations between up to 300 different signals are now automatically counted as key factors. This new capability helps you to proactively protect your complex systems such as software applications, servers, factory machines, spacecraft, or even your business, from failures.

-## When to use **multivariate** versus **univariate**

-If your goal is to detect anomalies out of a normal pattern on each individual time series purely based on their own historical data, use univariate anomaly detection APIs. For example, you want to detect daily revenue anomalies based on revenue data itself, or you want to detect a CPU spike purely based on CPU data.

-If your goal is to detect system level anomalies from a group of time series data, use multivariate anomaly detection APIs. Particularly, when any individual time series won't tell you much, and you have to look at all signals (a group of time series) holistically to determine a system level issue. For example, you have an expensive physical asset like aircraft, equipment on an oil rig, or a satellite. Each of these assets has tens or hundreds of different types of sensors. You would have to look at all those time series signals from those sensors to decide whether there is system level issue.

-# What is Univariate Anomaly Detector?

-The Anomaly Detector API enables you to monitor and detect abnormalities in your time series data without having to know machine learning. The Anomaly Detector API's algorithms adapt by automatically identifying and applying the best-fitting models to your data, regardless of industry, scenario, or data volume. Using your time series data, the API determines boundaries for anomaly detection, expected values, and which data points are anomalies.

-

-Using the Anomaly Detector doesn't require any prior experience in machine learning, and the REST API enables you to easily integrate the service into your applications and processes.

-With the Anomaly Detector, you can automatically detect anomalies throughout your time series data, or as they occur in real-time.

-|Anomaly detection in real-time. | Detect anomalies in your streaming data by using previously seen data points to determine if your latest one is an anomaly. This operation generates a model using the data points you send, and determines if the target point is an anomaly. By calling the API with each new data point you generate, you can monitor your data as it's created. |

-|Detect anomalies throughout your data set as a batch. | Use your time series to detect any anomalies that might exist throughout your data. This operation generates a model using your entire time series data, with each point analyzed with the same model. |

-|Detect change points throughout your data set as a batch. | Use your time series to detect any trend change points that exist in your data. This operation generates a model using your entire time series data, with each point analyzed with the same model. |

-| Get additional information about your data. | Get useful details about your data and any observed anomalies, including expected values, anomaly boundaries, and positions. |

-| Adjust anomaly detection boundaries. | The Anomaly Detector API automatically creates boundaries for anomaly detection. Adjust these boundaries to increase or decrease the API's sensitivity to data anomalies, and better fit your data. |

-## Workflow

-The Anomaly Detector API is a RESTful web service, making it easy to call from any programming language that can make HTTP requests and parse JSON.

-After signing up:

-1. Take your time series data and convert it into a valid JSON format. Use [best practices](concepts/anomaly-detection-best-practices.md) when preparing your data to get the best results.

-1. Send a request to the Anomaly Detector API with your data.

-1. Process the API response by parsing the returned JSON message.

-## Algorithms

-* See the following technical blogs for information about the algorithms used:

- * [Introducing Azure Anomaly Detector API](https://techcommunity.microsoft.com/t5/AI-Customer-Engineering-Team/Introducing-Azure-Anomaly-Detector-API/ba-p/490162)

- * [Overview of SR-CNN algorithm in Azure Anomaly Detector](https://techcommunity.microsoft.com/t5/AI-Customer-Engineering-Team/Overview-of-SR-CNN-algorithm-in-Azure-Anomaly-Detector/ba-p/982798)

-You can read the paper [Time-Series Anomaly Detection Service at Microsoft](https://arxiv.org/abs/1906.03821) (accepted by KDD 2019) to learn more about the SR-CNN algorithms developed by Microsoft.

-> [!VIDEO https://www.youtube.com/embed/ERTaAnwCarM]

-## Deploy on premises using Docker containers

-[Use Anomaly Detector containers](anomaly-detector-container-howto.md) to deploy API features on-premises. Docker containers enable you to bring the service closer to your data for compliance, security, or other operational reasons.

-## Join the Anomaly Detector community

-* Join the [Anomaly Detector Advisors group on Microsoft Teams](https://aka.ms/AdAdvisorsJoin)

-* [Quickstart: Detect anomalies in your time series data using the Anomaly Detector](quickstarts/client-libraries.md)

-* The Anomaly Detector API [online demo](https://github.com/Azure-Samples/AnomalyDetector/tree/master/ipython-notebook)

-* The Anomaly Detector [REST API reference](https://aka.ms/anomaly-detector-rest-api-ref)

-The `video` renderer is shown in the following javascript excerpt. Using the Videos endpoint, all results are of type `Videos`. The `searchItemRenderers` are shown in the following code segment.

-* [node.js](quickstarts/nodejs.md)

-* [node.js](quickstarts/nodejs.md)

-* [node.js](quickstarts/nodejs.md)

-* **Precision** = `#True_Positive / (#True_Positive + #False_Positive)` = `2 / (2 + 1) = 0.67`

-* **Recall** = `#True_Positive / (#True_Positive + #False_Negatives)` = `2 / (2 + 1) = 0.67`

-* **F1 Score** = `2 * Precision * Recall / (Precision + Recall)` = `(2 * 0.67 * 0.67) / (0.67 + 0.67) = 0.67`

-# Raw Video

-In this quickstart, you'll learn how to implement raw media access using the Azure Communication Services Calling SDK for Android.

-The Azure Communication Services Calling SDK offers APIs allowing apps to generate their own video frames to send to remote participants.

-This quick start builds upon [QuickStart: Add 1:1 video calling to your app](./get-started-with-video-calling.md?pivots=platform-android) for Android.

-## Virtual Video Stream Overview

-Since the app will be generating the video frames, the app must inform the Azure Communication Services Calling SDK about the video formats the app is capable of generating. This is required to allow the Azure Communication Services Calling SDK to pick the best video format configuration given the network conditions at any giving time.

-The app must register a delegate to get notified about when it should start or stop producing video frames. The delegate event will inform the app which video format is more appropriate for the current network conditions.

-### Supported Video Resolutions

-| Aspect Ratio | Resolution | Maximum FPS |

-| :--: | :-: | :-: |

-| 16x9 | 1080p | 30 |

-| 16x9 | 720p | 30 |

-| 16x9 | 540p | 30 |

-| 16x9 | 480p | 30 |

-| 16x9 | 360p | 30 |

-| 16x9 | 270p | 15 |

-| 16x9 | 240p | 15 |

-| 16x9 | 180p | 15 |

-| 4x3 | VGA (640x480) | 30 |

-| 4x3 | 424x320 | 15 |

-| 4x3 | QVGA (320x240) | 15 |

-| 4x3 | 212x160 | 15 |

-The following is an overview of the steps required to create a virtual video stream.

-1. Create an array of `VideoFormat` with the video formats supported by the app. It is fine to have only one video format supported, but at least one of the provided video formats must be of the `VideoFrameKind::VideoSoftware` type. When multiple formats are provided, the order of the format in the list doesn't influence or prioritize which one will be used. The selected format is based on external factors like network bandwidth.

- ```java

- ArrayList<VideoFormat> videoFormats = new ArrayList<VideoFormat>();

- VideoFormat format = new VideoFormat();

- format.setWidth(1280);

- format.setHeight(720);

- format.setPixelFormat(PixelFormat.RGBA);

- format.setVideoFrameKind(VideoFrameKind.VIDEO_SOFTWARE);

- format.setFramesPerSecond(30);

- format.setStride1(1280 * 4); // It is times 4 because RGBA is a 32-bit format.

- videoFormats.add(format);

- ```

-2. Create `RawOutgoingVideoStreamOptions` and set `VideoFormats` with the previously created object.

- ```java

- RawOutgoingVideoStreamOptions rawOutgoingVideoStreamOptions = new RawOutgoingVideoStreamOptions();

- rawOutgoingVideoStreamOptions.setVideoFormats(videoFormats);

- ```

-3. Subscribe to `RawOutgoingVideoStreamOptions::addOnOutgoingVideoStreamStateChangedListener` delegate. This delegate will inform the state of the current stream, it's important that you don't send frames if the state is no equal to `OutgoingVideoStreamState.STARTED`.

- ```java

- private OutgoingVideoStreamState outgoingVideoStreamState;

- rawOutgoingVideoStreamOptions.addOnOutgoingVideoStreamStateChangedListener(event -> {

- outgoingVideoStreamState = event.getOutgoingVideoStreamState();

- });

- ```

-4. Make sure the `RawOutgoingVideoStreamOptions::addOnVideoFrameSenderChangedListener` delegate is defined. This delegate will inform its listener about events requiring the app to start or stop producing video frames. In this quick start, `mediaFrameSender` is used as trigger to let the app know when it's time to start generating frames. Feel free to use any mechanism in your app as a trigger.

- ```java

- private VideoFrameSender mediaFrameSender;

- rawOutgoingVideoStreamOptions.addOnVideoFrameSenderChangedListener(event -> {

- mediaFrameSender = event.getVideoFrameSender();

- });

- ```

-5. Create an instance of `VirtualRawOutgoingVideoStream` using the `RawOutgoingVideoStreamOptions` we created previously

- ```java

- private VirtualRawOutgoingVideoStream virtualRawOutgoingVideoStream;

- virtualRawOutgoingVideoStream = new VirtualRawOutgoingVideoStream(rawOutgoingVideoStreamOptions);

- ```

-7. Once outgoingVideoStreamState is equal to `OutgoingVideoStreamState.STARTED` create and instance of `FrameGenerator` class this will start a non-UI thread and will send frames, call `FrameGenerator.SetVideoFrameSender` each time we get an updated `VideoFrameSender` on the previous delegate, cast the `VideoFrameSender` to the appropriate type defined by the `VideoFrameKind` property of `VideoFormat`. For example, cast it to `SoftwareBasedVideoFrameSender` and then call the `send` method according to the number of planes defined by the VideoFormat.

-After that, create the ByteBuffer backing the video frame if needed. Then, update the content of the video frame. Finally, send the video frame to other participants with the `sendFrame` API.

- ```java

- public class FrameGenerator implements VideoFrameSenderChangedListener {

- private VideoFrameSender videoFrameSender;

- private Thread frameIteratorThread;

- private final Random random;

- private volatile boolean stopFrameIterator = false;

- public FrameGenerator() {

- random = new Random();

- }

- public void FrameIterator() {

- ByteBuffer plane = null;

- while (!stopFrameIterator && videoFrameSender != null) {

- plane = GenerateFrame(plane);

- }

- }

- private ByteBuffer GenerateFrame(ByteBuffer plane) {

- try {

- VideoFormat videoFormat = videoFrameSender.getVideoFormat();

- if (plane == null || videoFormat.getStride1() * videoFormat.getHeight() != plane.capacity()) {

- plane = ByteBuffer.allocateDirect(videoFormat.getStride1() * videoFormat.getHeight());

- plane.order(ByteOrder.nativeOrder());

- }

- int bandsCount = random.nextInt(15) + 1;

- int bandBegin = 0;

- int bandThickness = videoFormat.getHeight() * videoFormat.getStride1() / bandsCount;

- for (int i = 0; i < bandsCount; ++i) {

- byte greyValue = (byte) random.nextInt(254);

- java.util.Arrays.fill(plane.array(), bandBegin, bandBegin + bandThickness, greyValue);

- bandBegin += bandThickness;

- }

- if (videoFrameSender instanceof SoftwareBasedVideoFrameSender) {

- SoftwareBasedVideoFrameSender sender = (SoftwareBasedVideoFrameSender) videoFrameSender;

- long timeStamp = sender.getTimestampInTicks();

- sender.sendFrame(plane, timeStamp).get();

- } else {

- HardwareBasedVideoFrameSender sender = (HardwareBasedVideoFrameSender) videoFrameSender;

- int[] textureIds = new int[1];

- int targetId = GLES20.GL_TEXTURE_2D;

- GLES20.glEnable(targetId);

- GLES20.glGenTextures(1, textureIds, 0);

- GLES20.glActiveTexture(GLES20.GL_TEXTURE0);

- GLES20.glBindTexture(targetId, textureIds[0]);

- GLES20.glTexImage2D(targetId,

- 0,

- GLES20.GL_RGB,

- videoFormat.getWidth(),

- videoFormat.getHeight(),

- 0,

- GLES20.GL_RGB,

- GLES20.GL_UNSIGNED_BYTE,

- plane);

- long timeStamp = sender.getTimestampInTicks();

- sender.sendFrame(targetId, textureIds[0], timeStamp).get();

- }

- Thread.sleep((long) (1000.0f / videoFormat.getFramesPerSecond()));

- } catch (InterruptedException ex) {

- Log.d("FrameGenerator", String.format("FrameGenerator.GenerateFrame, %s", ex.getMessage()));

- } catch (ExecutionException ex2) {

-

- Log.d("FrameGenerator", String.format("FrameGenerator.GenerateFrame, %s", ex2.getMessage()));

- }

- return plane;

- }

- private void StartFrameIterator() {

- frameIteratorThread = new Thread(this::FrameIterator);

- frameIteratorThread.start();

- }

- public void StopFrameIterator() {

- try {

- if (frameIteratorThread != null) {

- stopFrameIterator = true;

- frameIteratorThread.join();

- frameIteratorThread = null;

- stopFrameIterator = false;

- }

- } catch (InterruptedException ex) {

- Log.d("FrameGenerator", String.format("FrameGenerator.StopFrameIterator, %s", ex.getMessage()));

- }

- }

- ```

-## Screen Share Video Stream Overview

-Repeat steps `1 to 4` from the previous VirtualRawOutgoingVideoStream tutorial.

-Since the Android system generates the frames, you must implement your own foreground service to capture the frames and send them through using our Azure Communication Services Calling API

-### Supported Video Resolutions

-| Aspect Ratio | Resolution | Maximum FPS |

-| :--: | :-: | :-: |

-| Anything | Anything | 30 |

-The following is an overview of the steps required to create a screen share video stream.

-1. Add this permission to your `Manifest.xml` file inside your Android project

- ```xml

- <uses-permission android:name="android.permission.FOREGROUND_SERVICE" />

- ```

-2. Create an instance of `ScreenShareRawOutgoingVideoStream` using the `RawOutgoingVideoStreamOptions` we created previously

- ```java

- private ScreenShareRawOutgoingVideoStream screenShareRawOutgoingVideoStream;

- screenShareRawOutgoingVideoStream = new ScreenShareRawOutgoingVideoStream(rawOutgoingVideoStreamOptions);

- ```

-3. Request needed permissions for screen capture on Android, once this method is called Android will call automatically `onActivityResult` containing the request code we've sent and the result of the operation, expect `Activity.RESULT_OK` if the permission has been provided by the user if so attach the screenShareRawOutgoingVideoStream to the call and start your own foreground service to capture the frames.

-

- ```java

- public void GetScreenSharePermissions() {

- try {

- MediaProjectionManager mediaProjectionManager = (MediaProjectionManager) getSystemService(Context.MEDIA_PROJECTION_SERVICE);

- startActivityForResult(mediaProjectionManager.createScreenCaptureIntent(), Constants.SCREEN_SHARE_REQUEST_INTENT_REQ_CODE);

- } catch (Exception e) {

- String error = "Could not start screen share due to failure to startActivityForResult for mediaProjectionManager screenCaptureIntent";

- Log.d("FrameGenerator", error);

- }

- }

- @Override

- protected void onActivityResult(int requestCode, int resultCode, Intent data) {

- super.onActivityResult(requestCode, resultCode, data);

- if (requestCode == Constants.SCREEN_SHARE_REQUEST_INTENT_REQ_CODE) {

- if (resultCode == Activity.RESULT_OK && data != null) {

- // Attach the screenShareRawOutgoingVideoStream to the call

- // Start your foreground service

- } else {

- String error = "user cancelled, did not give permission to capture screen";

- }

- }

- }

- ```

-4. Once you receive a frame on your foreground service send it through using the `VideoFrameSender` provided

- ````java

- public void onImageAvailable(ImageReader reader) {

- Image image = reader.acquireLatestImage();

- if (image != null) {

- final Image.Plane[] planes = image.getPlanes();

- if (planes.length > 0) {

- Image.Plane plane = planes[0];

- final ByteBuffer buffer = plane.getBuffer();

- try {

- SoftwareBasedVideoFrameSender sender = (SoftwareBasedVideoFrameSender) videoFrameSender;

- sender.sendFrame(buffer, sender.getTimestamp()).get();

- } catch (Exception ex) {

- Log.d("MainActivity", "MainActivity.onImageAvailable trace, failed to send Frame");

- }

- }

- image.close();

- }

- }

- ````

- 1. Create an account that will own the meetings and is branded appropriately. This is the account that will create the events and which will receive notifications for it. We recommend to not user a personal production account given the overhead it might incur in the form of remainders.

-2. Organizer logins to Contoso platform to create an event and generate a registration URL. To enable these capabilities developers should use:

-Through Azure Communication Services, developers can use SMS and Email capabilities to send remainders to attendees for the event they have registered. Communication can also include confirmation for the event as well as information for joining and participating.

->Azure Communication Services is a consumption-based service billed through Azure. For more information on pricing visit our resources.

-When initializing, code samples get the node certificate by querying Identity Service. After retrieving the node certificate, a code sample will query the ledger network to get a quote, which is then validated using the Host Verify binaries. If the verification succeeds, the code sample proceeds to ledger operations.

-Users can validate the authenticity of Azure confidential ledger nodes to confirm they are indeed interfacing with their ledgerΓÇÖs enclave. You can build trust in Azure confidential ledger nodes in a few ways, which can be stacked on one another to increase the overall level of confidence. As such, Steps 1-2 help build confidence in that Azure confidential ledger enclave as part of the initial TLS handshake and authentication within functional workflows. Beyond that, a persistent client connection is maintained between the user's client and the confidential ledger.

-4) Select **+ Create new registry**, or if you already have a registry you'd like to use, select that item and skip to step 7.

- --name helm/hello-world --detail

-description: This quickstart demonstrates how to connect an existing MongoDB app written in Node.js to Azure Cosmos DB.

-# Quickstart: Migrate an existing MongoDB Node.js web app to Azure Cosmos DB

-> [!div class="op_single_selector"]

-> * [.NET](create-mongodb-dotnet.md)

-> * [Python](create-mongodb-python.md)

-> * [Java](create-mongodb-java.md)

-> * [Node.js](create-mongodb-nodejs.md)

-> * [Golang](create-mongodb-go.md)

->

-In this quickstart, you create and manage an Azure Cosmos DB for Mongo DB API account by using the Azure Cloud Shell, and with a MEAN (MongoDB, Express, Angular, and Node.js) app cloned from GitHub. Azure Cosmos DB is a multi-model database service that lets you quickly create and query document, table, key-value, and graph databases with global distribution and horizontal scale capabilities.

-## Prerequisites

-## Clone the sample application

-Run the following commands to clone the sample repository. This sample repository contains the default [MEAN.js](https://meanjs.org/) application.

-1. Open a command prompt, create a new folder named git-samples, then close the command prompt.

- ```bash

- mkdir "C:\git-samples"

- ```

-2. Open a git terminal window, such as git bash, and use the `cd` command to change to the new folder to install the sample app.

- ```bash

- cd "C:\git-samples"

- ```

-3. Run the following command to clone the sample repository. This command creates a copy of the sample app on your computer.

- ```bash

- git clone https://github.com/prashanthmadi/mean

- ```

-## Run the application

-This MongoDB app written in Node.js connects to your Azure Cosmos DB database, which supports MongoDB client. In other words, it is transparent to the application that the data is stored in an Azure Cosmos DB database.

-Install the required packages and start the application.

-```bash

-cd mean

-npm install

-npm start

-```

-The application will try to connect to a MongoDB source and fail, go ahead and exit the application when the output returns "[MongoError: connect ECONNREFUSED 127.0.0.1:27017]".

-## Sign in to Azure

-If you are using an installed Azure CLI, sign in to your Azure subscription with the [az login](/cli/azure/reference-index#az-login) command and follow the on-screen directions. You can skip this step if you're using the Azure Cloud Shell.

-```azurecli

-az login

-```

-

-## Add the Azure Cosmos DB module

-If you are using an installed Azure CLI, check to see if the `cosmosdb` component is already installed by running the `az` command. If `cosmosdb` is in the list of base commands, proceed to the next command. You can skip this step if you're using the Azure Cloud Shell.

-If `cosmosdb` is not in the list of base commands, reinstall [Azure CLI](/cli/azure/install-azure-cli).

-## Create a resource group

-Create a [resource group](../../azure-resource-manager/management/overview.md) with the [az group create](/cli/azure/group#az-group-create). An Azure resource group is a logical container into which Azure resources like web apps, databases and storage accounts are deployed and managed.

-The following example creates a resource group in the West Europe region. Choose a unique name for the resource group.

-If you are using Azure Cloud Shell, select **Try It**, follow the onscreen prompts to login, then copy the command into the command prompt.

-```azurecli-interactive

-az group create --name myResourceGroup --location "West Europe"

-```

-## Create an Azure Cosmos DB account

-Create a Cosmos account with the [az cosmosdb create](/cli/azure/cosmosdb#az-cosmosdb-create) command.

-In the following command, please substitute your own unique Cosmos account name where you see the `<cosmosdb-name>` placeholder. This unique name will be used as part of your Cosmos DB endpoint (`https://<cosmosdb-name>.documents.azure.com/`), so the name needs to be unique across all Cosmos accounts in Azure.

-```azurecli-interactive

-az cosmosdb create --name <cosmosdb-name> --resource-group myResourceGroup --kind MongoDB

-```

-The `--kind MongoDB` parameter enables MongoDB client connections.

-When the Azure Cosmos DB account is created, the Azure CLI shows information similar to the following example.

-> [!NOTE]

-> This example uses JSON as the Azure CLI output format, which is the default. To use another output format, see [Output formats for Azure CLI commands](/cli/azure/format-output-azure-cli).

-```json

-{

- "databaseAccountOfferType": "Standard",

- "documentEndpoint": "https://<cosmosdb-name>.documents.azure.com:443/",

- "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroup/providers/Microsoft.Document

-DB/databaseAccounts/<cosmosdb-name>",

- "kind": "MongoDB",

- "location": "West Europe",

- "name": "<cosmosdb-name>",

- "readLocations": [

- {

- "documentEndpoint": "https://<cosmosdb-name>-westeurope.documents.azure.com:443/",

- "failoverPriority": 0,

- "id": "<cosmosdb-name>-westeurope",

- "locationName": "West Europe",

- "provisioningState": "Succeeded"

- }

- ],

- "resourceGroup": "myResourceGroup",

- "type": "Microsoft.DocumentDB/databaseAccounts",

- "writeLocations": [

- {

- "documentEndpoint": "https://<cosmosdb-name>-westeurope.documents.azure.com:443/",

- "failoverPriority": 0,

- "id": "<cosmosdb-name>-westeurope",

- "locationName": "West Europe",

- "provisioningState": "Succeeded"

- }

- ]

-}

-```

-## Connect your Node.js application to the database

-In this step, you connect your MEAN.js sample application to the Azure Cosmos DB database account you just created.

-<a name="devconfig"></a>

-## Configure the connection string in your Node.js application

-In your MEAN.js repository, open `config/env/local-development.js`.

-Replace the content of this file with the following code. Be sure to also replace the two `<cosmosdb-name>` placeholders with your Cosmos account name.

-```javascript

-'use strict';

-module.exports = {

- db: {

- uri: 'mongodb://<cosmosdb-name>:<primary_master_key>@<cosmosdb-name>.documents.azure.com:10255/mean-dev?ssl=true&sslverifycertificate=false'

- }

-};

-```

-## Retrieve the key

-In order to connect to a Cosmos database, you need the database key. Use the [az cosmosdb keys list](/cli/azure/cosmosdb/keys#az-cosmosdb-keys-list) command to retrieve the primary key.

-```azurecli-interactive

-az cosmosdb keys list --name <cosmosdb-name> --resource-group myResourceGroup --query "primaryMasterKey"

-```

-The Azure CLI outputs information similar to the following example.

-```json

-"RUayjYjixJDWG5xTqIiXjC..."

-```

-Copy the value of `primaryMasterKey`. Paste this over the `<primary_master_key>` in `local-development.js`.

-Save your changes.

-### Run the application again.

-Run `npm start` again.

-```bash

-npm start

-```

-A console message should now tell you that the development environment is up and running.

-Go to `http://localhost:3000` in a browser. Select **Sign Up** in the top menu and try to create two dummy users.

-The MEAN.js sample application stores user data in the database. If you are successful and MEAN.js automatically signs into the created user, then your Azure Cosmos DB connection is working.

-## View data in Data Explorer

-Data stored in a Cosmos database is available to view and query in the Azure portal.

-To view, query, and work with the user data created in the previous step, login to the [Azure portal](https://portal.azure.com) in your web browser.

-In the top Search box, enter **Azure Cosmos DB**. When your Cosmos account blade opens, select your Cosmos account. In the left navigation, select **Data Explorer**. Expand your collection in the Collections pane, and then you can view the documents in the collection, query the data, and even create and run stored procedures, triggers, and UDFs.

-## Deploy the Node.js application to Azure

-In this step, you deploy your Node.js application to Cosmos DB.

-You may have noticed that the configuration file that you changed earlier is for the development environment (`/config/env/local-development.js`). When you deploy your application to App Service, it will run in the production environment by default. So now, you need to make the same change to the respective configuration file.

-In your MEAN.js repository, open `config/env/production.js`.

-In the `db` object, replace the value of `uri` as show in the following example. Be sure to replace the placeholders as before.

-```javascript

-'mongodb://<cosmosdb-name>:<primary_master_key>@<cosmosdb-name>.documents.azure.com:10255/mean?ssl=true&sslverifycertificate=false',

-```

-> [!NOTE]

-> The `ssl=true` option is important because of Cosmos DB requirements. For more information, see [Connection string requirements](connect-mongodb-account.md#connection-string-requirements).

->

->

-In the terminal, commit all your changes into Git. You can copy both commands to run them together.

-```bash

-git add .

-git commit -m "configured MongoDB connection string"

-```

-## Clean up resources

-## Next steps

-In this quickstart, you learned how to create an Azure Cosmos DB MongoDB API account using the Azure Cloud Shell, and create and run a MEAN.js app to add users to the account. You can now import additional data to your Azure Cosmos DB account.

-Trying to do capacity planning for a migration to Azure Cosmos DB? You can use information about your existing database cluster for capacity planning.

- * If all you know is the number of vcores and servers in your existing database cluster, read about [estimating request units using vCores or vCPUs](../convert-vcore-to-request-unit.md)

- * If you know typical request rates for your current database workload, read about [estimating request units using Azure Cosmos DB capacity planner](estimate-ru-capacity-planner.md)

-> [!div class="nextstepaction"]

-> [Import MongoDB data into Azure Cosmos DB](../../dms/tutorial-mongodb-cosmos-db.md?toc=%2fazure%2fcosmos-db%2ftoc.json%253ftoc%253d%2fazure%2fcosmos-db%2ftoc.json)

-This section walks you through creating an Azure Cosmos account and setting up a project that uses the MongoDB npm package.

-Create a new JavaScript application in an empty folder using your preferred terminal. Use the [``npm init``](https://docs.npmjs.com/cli/v8/commands/npm-init) command to begin the prompts to create the `package.json` file. Accept the defaults for the prompts.

- Hierarchical diagram showing an Azure Cosmos D B account at the top. The account has two child database nodes. One of the database nodes includes two child collection nodes. The other database node includes a single child collection node. That single collection node has three child doc nodes.

-For this procedure, the database will not use sharding.

-1. From the project directory, create an *index.js* file. In your editor, add requires statements to reference the MongoDB and DotEnv npm packages.

-

-Use the [``MongoClient.connect``](https://mongodb.github.io/node-mongodb-native/4.5/classes/MongoClient.html#connect) method to connect to your Cosmos DB API for MongoDB resource. This method returns a reference to the database.

-Use the [``MongoClient.db``](https://mongodb.github.io/node-mongodb-native/4.5/classes/MongoClient.html#db) gets a reference to a database.

-You can chain the client, database, and collection together. This is more convenient if you need to access multiple databases or collections.

-* A *category* property. This can be used as the logical partition key.

-In Azure Cosmos DB, you can perform a less-expensive [point read](https://devblogs.microsoft.com/cosmosdb/point-reads-versus-queries/) operation by using both the unique identifier (``_id``) and partition key (``category``).

-#### [Azure CLI](#tab/azure-cli)

-#### [PowerShell](#tab/azure-powershell)

-#### [Portal](#tab/azure-portal)

- :::image type="content" source="media/get-credentials-portal/cosmos-keys-option.png" lightbox="media/get-credentials-portal/cosmos-keys-option.png" alt-text="Screenshot of an Azure Cosmos D B SQL A P I account page. The Keys option is highlighted in the navigation menu.":::

- :::image type="content" source="media/get-credentials-portal/cosmos-endpoint-key-credentials.png" lightbox="media/get-credentials-portal/cosmos-endpoint-key-credentials.png" alt-text="Screenshot of Keys page with various credentials for an Azure Cosmos D B SQL A P I account.":::

- Hierarchical diagram showing an Azure Cosmos D B account at the top. The account has two child database nodes. One of the database nodes includes two child container nodes. The other database node includes a single child container node. That single container node has three child item nodes.

- :::image type="content" source="media/create-account-portal/cosmos-api-choices.png" lightbox="media/create-account-portal/cosmos-api-choices.png" alt-text="Screenshot of select A P I option page for Azure Cosmos D B.":::

- :::image type="content" source="media/create-account-portal/cosmos-deployment-complete.png" lightbox="media/create-account-portal/cosmos-deployment-complete.png" alt-text="Screenshot of deployment page for Azure Cosmos D B SQL A P I resource.":::

- :::image type="content" source="media/get-credentials-portal/cosmos-keys-option.png" lightbox="media/get-credentials-portal/cosmos-keys-option.png" alt-text="Screenshot of an Azure Cosmos D B SQL A P I account page. The Keys option is highlighted in the navigation menu.":::

- :::image type="content" source="media/get-credentials-portal/cosmos-endpoint-key-credentials.png" lightbox="media/get-credentials-portal/cosmos-endpoint-key-credentials.png" alt-text="Screenshot of Keys page with various credentials for an Azure Cosmos D B SQL A P I account.":::

- Hierarchical diagram showing an Azure Cosmos D B account at the top. The account has two child database nodes. One of the database nodes includes two child container nodes. The other database node includes a single child container node. That single container node has three child item nodes.

-> * [.NET](quickstart-dotnet.md)

-> [Get started with Azure Cosmos DB SQL API and .NET >](how-to-dotnet-get-started.md)

-On 1 July 2022, Microsoft and other online merchants will no longer be storing credit card information. To comply with this regulation Microsoft will be removing all stored card details from Microsoft Azure. To avoid service interruption, you will need to add a payment method and make a one-time payment for all invoices.

-[Learn about the Reserve Bank of India directive; Restriction on storage of actual card data ](https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=12211)

-When an assertion fails, you can optionally direct those error rows to a file in Azure by using the "Errors" tab on the sink transformation.

-For assert failure rows, you can use the Assert transformation upstream in your data flow and then redirect failed assertions to an output file here in the sink errors tab.

-* When **Optimize write** is enabled, sink transformation dynamically optimizes partition sizes based on the actual data by attempting to write out 128 MB files for each table partition. This is an approximate size and can vary depending on dataset characteristics. Optimized writes improve the overall efficiency of the *writes and subsequent reads*. It organizes partitions such that the performance of subsequent reads will improve.

-description: Learn how an ISV can develop and install paid or licensed custom components for the Azure-SSIS integration runtime

-This article describes how an ISV can develop and install paid or licensed custom components for SQL Server Integration Services (SSIS) packages that run in Azure in the Azure-SSIS integration runtime.

-## The problem

-## The solution

-## Enable custom/3rd party data flow components

-To enable your custom/3rd party data flow components to access data on premises using self-hosted IR as a proxy for Azure-SSIS IR, follow these instructions:

-1. Install your custom/3rd party data flow components targeting SQL Server 2017 on Azure-SSIS IR via [standard/express custom setups](./how-to-configure-azure-ssis-ir-custom-setup.md).

-1. Create the following DTSPath registry keys on self-hosted IR if they donΓÇÖt exist already:

- 1. `Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\140\SSIS\Setup\DTSPath` set to `C:\Program Files\Microsoft SQL Server\140\DTS\`

- 1. `Computer\HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Microsoft SQL Server\140\SSIS\Setup\DTSPath` set to `C:\Program Files (x86)\Microsoft SQL Server\140\DTS\`

-

-1. Install your custom/3rd party data flow components targeting SQL Server 2017 on self-hosted IR under the DTSPath above and ensure that your installation process:

- 1. Creates `<DTSPath>`, `<DTSPath>/Connections`, `<DTSPath>/PipelineComponents`, and `<DTSPath>/UpgradeMappings` folders if they don't exist already.

-

- 1. Creates your own XML file for extension mappings in `<DTSPath>/UpgradeMappings` folder.

-

- 1. Installs all assemblies referenced by your custom/3rd party data flow component assemblies in the global assembly cache (GAC).

-Here are examples from our partners, [Theobald Software](https://kb.theobald-software.com/xtract-is/XIS-for-Azure-SHIR) and [Aecorsoft](https://www.aecorsoft.com/blog/2020/11/8/using-azure-data-factory-to-bring-sap-data-to-azure-via-self-hosted-ir-and-ssis-ir), who have adapted their data flow components to use our express custom setup and self-hosted IR as a proxy for Azure-SSIS IR.

-Your Azure Stack Edge devices may be equipped with 1 or 2 of Nvidia's Tesla T4 GPU. To deploy GPU-accelerated VM workloads on these devices, use GPU-optimized VM sizes. For example, the NC T4 v3-series should be used to deploy inference workloads featuring T4 GPUs. For more information, see [NC T4 v3-series VMs](../virtual-machines/nct4-v3-series.md).

-The **Defender profile (preview)** deployed to each node provides the runtime protections and collects signals from nodes using [eBPF technology](https://ebpf.io/).

-> [!NOTE]

-> Defender for Containers **Defender profile** is a preview feature.

-You can learn more by watching these video from the Defender for Cloud in the Field video series:

-| Release state: | General availability (GA)<br> Certain features are in preview, for a full list see the [availability](supported-machines-endpoint-solutions-clouds-containers.md) section. |

-No, AKS is a managed service, and manipulation of the IaaS resources isn't supported. The Log Analytics VM extension isn't needed and may result in additional charges.

-Host-level threat detection for your Linux AKS nodes is available if you enable [Microsoft Defender for Servers](defender-for-servers-introduction.md) and its Log Analytics agent. However, if your cluster is deployed on an Azure Kubernetes Service virtual machine scale set, the Log Analytics agent is not currently supported.

-Examples of security events that Microsoft Defender for Kubernetes monitors include:

-The new comprehensive Container security plan combines Kubernetes protection and container registry image scanning, and removes the previous dependency on the (paid) Defender for Servers plan. Pricing is dependant on your container architecture and coverage. For example, your price may change depending on the number of images in your Container Registry, or the number of Kubernetes nodes among other reasons.

-Your price is dependant on your container architecture and coverage. For example, your price may change depending on the number of images in your Container Registry, or the number of Kubernetes nodes among other reasons.

-| Release state: | ΓÇó Defender profile: Preview<br> ΓÇó Azure Policy add-on: Generally available (GA) | ΓÇó Defender extension: Preview<br> ΓÇó Azure Policy extension: Preview |

-Defender for Cloud's auto provisioning settings have a toggle for each type of supported extension. When you enable auto provisioning of an extension, you assign the appropriate **Deploy if not exists** policy. This policy type ensures the extension is provisioned on all existing and future resources of that type.

-Now, the new unified solution is available for all machines in both plans, for both Azure subscriptions and multi-cloud connectors. For Azure subscriptions with Servers plan 2 that enabled MDE integration *after* 06-20-2022, the unified solution is enabled by default for all machines Azure subscriptions with the Defender for Servers Plan 2 enabled with MDE integration *before* 06-20-2022 can now enable unified solution installation for Windows servers 2012R2 and 2016 through the dedicated button in the Integrations page:

-| **Unusual access denied - Unusual user accessing key vault denied**<br>(KV_UserAccessDeniedAnomaly) | A key vault access was attempted by a user that does not normally access it, this anomalous access pattern may be legitimate activity. Though this attempt was unsuccessful, it could be an indication of a possible attempt to gain access of key vault and the secrets contained within it. | Initial Access, Discovery | Low |

-When you [connect AWS accounts](quickstart-onboard-aws.md), JIT will automatically evaluate the network configuration of your instance's security groups and recommend which instances need protection for their exposed management ports. This is similar to how JIT works with Azure. When you onboard unprotected EC2 instances, JIT will block public access to the management ports and only open them with authorized requests for a limited time frame.

-### Devices monitored by Defender for IoT

- Calculate the approximate number of devices you'll be monitoring. Devices can be added in intervals of **100**, such as **100**, **200**, **300**. The numbers of monitored devices are called *committed devices*.

-For more information, see [Devices monitored by Defender for IoT](architecture.md#devices-monitored-by-defender-for-iot).

-For more information, see [Devices monitored by Defender for IoT](architecture.md#devices-monitored-by-defender-for-iot).

-### What's a device?

-### Calculate the number of devices you need to monitor

-**To calculate the number of devices you need to monitor**:

-Collect the total number of devices in your network and remove:

-For more information, see [What's a device?](#whats-a-device)

-This procedure describes how to add a Defender for IoT plan to an Azure subscription.

-| Inactive devices | Traffic wasn't detected on a device for more than 60 days. | **Delete** <br /> If this device isn't part of your network, remove it. <br /><br />**Dismiss** <br /> Remove the notification if the device is part of your network. If the device is inactive (for example, because it's mistakenly disconnected from the network), dismiss the notification and reconnect the device. |

- > The Defender for IoT appliance should be connected to a lower-level switch that sees the traffic between the ports on the switch.

-1. **Committed devices** - Provide the approximate number of network devices that will be monitored. You'll need this information when onboarding your subscription to Defender for IoT in the Azure portal. During the onboarding process, you'll be prompted to enter the number of devices in increments of 1000.

-| **Device inventories** | Defender for IoT considers any of the following as single and unique network devices:<br><br>- Managed or un-managed standalone IT/OT/IoT devices, with one or more NICs<br>- Devices with multiple backplane components, including all racks, slots, or modules<br>- Devices that provide network infrastructure, such as switches or routers with multiple NICs<br><br>Monitored devices are listed in the **Device inventory** pages on the Azure portal, sensor console, and the on-premises management console. Data integration features let you enhance device data with details from other enterprise resources, such as CMDBs, DNS, firewalls, and Web APIs. <br><br>The following items are not monitored as devices, and do not appear in the Defender for IoT device inventories: <br>- Public internet IP addresses<br>- Multi-cast groups<br>- Broadcast groups<br><br>Devices that are inactive for more than 60 days are classified as *inactive* inventory devices.<br>The data integration capabilities of the on-premises management console let you enhance the data in the device inventory with information from other enterprise resources. Example resources are CMDBs, DNS, firewalls, and Web APIs.| [**Device map**](#d)|

-**Sensor software version**: 22.2.3

-To update to version 22.2.3:

-For more information, see [Update Defender for IoT OT monitoring software](update-ot-software.md).

-Now, for locally-managed sensors, you can upload that diagnostic log directly on the Azure portal.

- Migration cutover can only be called after the full backup is restored and catches up with all log backups. If your production migration cutovers are affected, contact the [Azure DMS Feedback alias](mailto:dmsfeedback@microsoft.com).

-Select either all databases or specific databases that you want to migrate to Azure SQL Database. DMS provides you with the expected migration time for selected databases. If the migration downtimes are acceptable continue with the migration. If the migration downtimes are not acceptable, consider migrating to [SQL Managed Instance with near-zero downtime](tutorial-sql-server-managed-instance-online.md) or contacting the [DMS team](mailto:DMSFeedback@microsoft.com) for other options.

-# Webhook Event delivery

-Like many other services that support webhooks, Event Grid requires you to prove ownership of your Webhook endpoint before it starts delivering events to that endpoint. This requirement prevents a malicious user from flooding your endpoint with events. When you use any of the three Azure services listed below, the Azure infrastructure automatically handles this validation:

-## Endpoint validation with Event Grid events

- Starting with version 2018-05-01-preview, Event Grid supports a manual validation handshake. If you're creating an event subscription with an SDK or tool that uses API version 2018-05-01-preview or later, Event Grid sends a `validationUrl` property in the data portion of the subscription validation event. To complete the handshake, find that URL in the event data and do a GET request to it. You can use either a REST client or your web browser.

-You must return an **HTTP 200 OK** response status code. **HTTP 202 Accepted** isn't recognized as a valid Event Grid subscription validation response. The HTTP request must complete within 30 seconds. If the operation doesn't finish within 30 seconds, then the operation will be canceled and it may be reattempted after 5 seconds. If all the attempts fail, then it will be treated as validation handshake error.

-Or, you can manually validate the subscription by sending a GET request to the validation URL. The event subscription stays in a pending state until validated. The validation Url uses port 553. If your firewall rules block port 553 then rules may need to be updated for successful manual handshake.

-CloudEvents v1.0 implements its own [abuse protection semantics](webhook-event-delivery.md) using the **HTTP OPTIONS** method. You can read more about it [here](https://github.com/cloudevents/spec/blob/v1.0/http-webhook.md#4-abuse-protection). When using the CloudEvents schema for output, Event Grid uses with the CloudEvents v1.0 abuse protection in place of the Event Grid validation event mechanism.

-# Tutorial: Migrate captured Event Hubs data to Azure Synapse Analytics using Event Grid and Azure Functions

-## Managed Labs

-This tutorial shows how to use Azure Logic Apps to process Azure Health Data Services FHIR events. Logic Apps create and run automated workflows to process event data from other applications. You will learn how to register a FHIR event with your Logic App, meet a specified event criteria, and perform a service operation.

-(FHIR&#174;) is a registered trademark of HL7 and is used with the permission of HL7.

-# Deploy Events in the Azure portal

-FHIR&#174; is a registered trademark of [HL7](https://hl7.org/fhir/) and is used with the permission of HL7.

-# Disable Events and delete workspaces

-In this article, you'll learn how to disable Events and delete workspaces in Azure Health Data Services.

-## Disable Events

-To disable Events from sending event messages for a single Event Subscription, the Event Subscription must be deleted.

-(FHIR&#174;) is a registered trademark of HL7 and is used with the permission of HL7.

-(FHIR&#174;) is a registered trademark of HL7 and is used with the permission of HL7.

-> [!Note]

-(FHIR&#174;) is a registered trademark of HL7 and is used with the permission of HL7.

-No. The Azure Health Data Services Events feature only currently supports the Azure Health Data Services FHIR service.

-There are no extra charges for using Azure Health Data Services Events. However, applicable charges for the [Event Grid](https://azure.microsoft.com/pricing/details/event-grid/) might be assessed against your Azure subscription.

-Yes. We recommend that you use different subscribers for each individual FHIR accounts to process in isolated scopes.

-(FHIR&#174;) is a registered trademark of [HL7](https://hl7.org/fhir/) and is used with the permission of HL7.

-> Events currently supports only the following FHIR resource operations:

-(FHIR&#174;) is a registered trademark of [HL7](https://hl7.org/fhir/) and is used with the permission of HL7.

-Built on a platform that supports protected health information (PHI) and personal identifiable information (PII) data compliance with privacy, safety, and security in mind, the Events messages do not transmit sensitive data as part of the message payload.

->[Deploying Events in the Azure portal](./events-deploy-portal.md)

-(FHIR&#174;) is a registered trademark of [HL7](https://hl7.org/fhir/) and is used with the permission of HL7.

-> FHIR resource change data is only written and event messages are sent when the Events feature is turned on. The Event feature doesn't send messages on past FHIR resource changes or when the feature is turned off.

-* [How to deploy Events in the Azure portal](./events-deploy-portal.md)

-(FHIR&#174;) is a registered trademark of [HL7](https://hl7.org/fhir/) and is used with the permission of HL7.

-# Deploy the MedTech service in the Azure portal

- | `\*.data.mcr.microsoft.com` | 443 | Data endpoint providing content delivery. |

-The value provided as `responseTimeoutInSeconds` in the request is the amount of time that IoT Hub service must await for completion of a direct method execution on a device. Set this timeout to be at least as long as the expected execution time of a direct method by a device. If timeout is not provided, it the default value of 30 seconds is used. The minimum and maximum values for `responseTimeoutInSeconds` are 5 and 300 seconds, respectively.

-1. Under "Recent Services" click "Key Vault". Do not click an individual key vault.

-$secret = Get-AzKeyVaultSecret -VaultName <YourKeyVaultName> -Name <SecretName>

-$ssPtr = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($secret.SecretValue)

-try {

- $secretValueText = [System.Runtime.InteropServices.Marshal]::PtrToStringBSTR($ssPtr)

-} finally {

- [System.Runtime.InteropServices.Marshal]::ZeroFreeBSTR($ssPtr)

-}

-# Connect to your virtual network in Azure Lab Services

-This component is based LightGBM algorithm.

- header: all_files_have_same_headers

-Azure Machine Learning supports MLflow for model management. This represents a convenient way to support the entire model lifecycle for users familiar with the MLFlow client. The following article describes the different capabilities and how it compares with other options.

-| __\*.workspace.\<region\>.api.azureml.ms__<br>__\<region\>.experiments.azureml.net__<br>__\<region\>.api.azureml.ms__ | https:443 | Azure mahince learning service API.|**&check;**|**&check;**|

- |```sslCname``` |A SSL CName used by inference HTTPS endpoint. **Required** if ```allowInsecureConnections=True``` | N/A | Optional | Optional|

-> 1. Use the [endpoint YAML](https://github.com/Azure/azureml-examples/blob/main/cli/endpoints/online/managed/sample/endpoint.yml) to target Kubernetes instead of the managed endpoint YAML. You'll need to edit the YAML to change the value of `target` to the name of your registered compute target. You can use this [deployment.yaml](https://github.com/Azure/azureml-examples/blob/main/cli/endpoints/online/managed/sample/blue-deployment.yml) that has additional properties applicable to Kubernetes deployment.

-> The above is an example of inplace rolling update: i.e. the same deployment is updated with the new configuration, with 20% nodes at a time. If the deployment has 10 nodes, 2 nodes at a time will be updated. For production usage, you might want to consider [blue-green deployment](how-to-safely-rollout-managed-endpoints.md), which offers a safer alternative.

-To view metrics and set alerts based on your SLA, complete the steps that are described in [Monitor managed online endpoints](how-to-monitor-online-endpoints.md).

-> * [v2 (preview)](how-to-log-view-metrics.md)

-Log real-time information using [MLflow Tracking](https://www.mlflow.org/docs/latest/tracking.html). You can log models, metrics, and artifacts with MLflow as it supports local mode to cloud portability.

-> Unlike the Azure Machine Learning SDK v1, there is no logging functionality in the SDK v2 preview.

-* You must have the `aureml-core`, `mlflow`, and `azure-mlflow` packages installed. If you don't, use the following command to install them in your development environment:

- pip install azureml-core mlflow azureml-mlflow

-## Data types

-The following table describes how to log specific value types:

-|Log a numeric value (int or float) | `mlflow.log_metric('my_metric', 1)`| |

-|Log a boolean value | `mlflow.log_metric('my_metric', 0)`| 0 = True, 1 = False|

-|Log a string | `mlflow.log_text('foo', 'my_string')`| Logged as an artifact|

-|Log numpy metrics or PIL image objects|`mlflow.log_image(img, 'figure.png')`||

-|Log matlotlib plot or image file|` mlflow.log_figure(fig, "figure.png")`||

-## Log a training job with MLflow

-To set up for logging with MLflow, import `mlflow` and set the tracking URI:

-> [!TIP]

-> You do not need to set the tracking URI when using a notebook running on an Azure Machine Learning compute instance.

-from azureml.core import Workspace

-import mlflow

-ws = Workspace.from_config()

-# Set the tracking URI to the Azure ML backend

-# Not needed if running on Azure ML compute instance

-# or compute cluster

-mlflow.set_tracking_uri(ws.get_mlflow_tracking_uri())

-### Interactive jobs

-For example, the following code snippet demonstrates setting the tracking URI, creating an experiment, and then logging during a job

-from mlflow.tracking import MlflowClient

-# Create a new experiment if one doesn't already exist

-mlflow.create_experiment("mlflow-experiment")

-from mlflow.tracking import MlflowClient

-# Create a new experiment if one doesn't already exist

-mlflow.create_experiment("mlflow-experiment")

-### Remote runs

-For remote training runs, the tracking URI and experiment are set automatically. Otherwise, the options for logging the run are the same as for interactive logging:

-* Call `mlflow.start_run()`, log information, and then call `mlflow.end_run()`.

-* Use the context manager paradigm with `mlflow.start_run()`.

-* Call a logging API such as `mlflow.log_metric()`, which will start a run if one doesn't already exist.

-## Log a model

-To save the model from a training run, use the `log_model()` API for the framework you're working with. For example, [mlflow.sklearn.log_model()](https://mlflow.org/docs/latest/python_api/mlflow.sklearn.html#mlflow.sklearn.log_model). For frameworks that MLflow doesn't support, see [Convert custom models to MLflow](how-to-convert-custom-model-to-mlflow.md).

-tags = finished_mlflow_run.data.tags

-Use the following steps to view metrics for a managed endpoint or deployment:

-# Start, monitor, and track job history in studio

-workspace = '<AZUREML_WORKSPACE_NAME>'

-azureml_mlflow_uri = ml_client.workspaces.get(workspace).mlflow_tracking_uri

-aml_region = ""

-workspace = ""

-azureml_mlflow_uri = f"azureml://{aml_region}.api.azureml.ms/mlflow/v1.0/subscriptions/{subscription_id}/resourceGroups/{resource_group}/providers/Microsoft.MachineLearningServices/workspaces/{workspace}"

-## Automatic logging

-With Azure Machine Learning and MLFlow, users can log metrics, model parameters and model artifacts automatically when training a model. A [variety of popular machine learning libraries](https://mlflow.org/docs/latest/tracking.html#automatic-logging) are supported.

-To enable [automatic logging](https://mlflow.org/docs/latest/tracking.html#automatic-logging) insert the following code before your training code:

-```Python

-mlflow.autolog()

-```

-[Learn more about Automatic logging with MLflow](https://mlflow.org/docs/latest/python_api/mlflow.html#mlflow.autolog).

-The following MLflow methods are not fully supported with Azure Machine Learning.

-* `mlflow.tracking.MlflowClient.create_experiment() `

-* `mlflow.tracking.MlflowClient.rename_experiment()`

-* `mlflow.tracking.MlflowClient.search_runs()`

-* `mlflow.tracking.MlflowClient.download_artifacts()`

-* `mlflow.tracking.MlflowClient.rename_registered_model()`

-Select the tab for the *run-pytorch.py* script, then select **Save and run script in terminal** to re-run the *run-pytorch.py* script. Make sure you've saved your changes to `pytorch-aml-env.yml` first.

-| `x-ms-requestid` | A unique string value for tracking the request from the client, preferably a GUID. If this value isn't provided, one will be generated and provided in the response headers. |

-ms.tool: azure-cli

-In this article, you'll learn how to:

-> [!Note]

-keywords: mysql connection,connection string,connectivity issues,persistent error,connection error

-An Azure account with an active subscription.

-## Review the template

-An Azure Database for MySQL Flexible Server is the parent resource for one or more databases within a region. It provides the scope for management policies that apply to its databases: login, firewall, users, roles, configurations.

-Create a _mysql-flexible-server-template.json_ file and copy this JSON script into it.

- "$schema": "http://schema.management.azure.com/schemas/2014-04-01-preview/deploymentTemplate.json#",

- "contentVersion": "1.0.0.0",

- "parameters": {

- "administratorLogin": {

- "type": "String"

- },

- "administratorLoginPassword": {

- "type": "SecureString"

- },

- "location": {

- "type": "String"

- },

- "serverName": {

- "type": "String"

- },

- "serverEdition": {

- "type": "String"

- },

- "storageSizeMB": {

- "type": "Int"

- },

- "haEnabled": {

- "type": "string",

- "defaultValue": "Disabled"

- },

- "availabilityZone": {

- "type": "String"

- },

- "version": {

- "type": "String"

- },

- "tags": {

- "defaultValue": {},

- "type": "Object"

- "firewallRules": {

- "defaultValue": {},

- "type": "Object"

- "vnetData": {

- "defaultValue": {},

- "type": "Object"

- "backupRetentionDays": {

- "type": "Int"

- }

- },

- "variables": {

- "api": "2021-05-01",

- "firewallRules": "[parameters('firewallRules').rules]",

- "publicNetworkAccess": "[if(empty(parameters('vnetData')), 'Enabled', 'Disabled')]",

- "vnetDataSet": "[if(empty(parameters('vnetData')), json('{ \"subnetArmResourceId\": \"\" }'), parameters('vnetData'))]",

- "finalVnetData": "[json(concat('{ \"subnetArmResourceId\": \"', variables('vnetDataSet').subnetArmResourceId, '\"}'))]"

- },

- "resources": [

- {

- "type": "Microsoft.DBforMySQL/flexibleServers",

- "apiVersion": "[variables('api')]",

- "name": "[parameters('serverName')]",

- "location": "[parameters('location')]",

- "sku": {

- "name": "Standard_D4ds_v4",

- "tier": "[parameters('serverEdition')]"

- },

- "tags": "[parameters('tags')]",

- "properties": {

- "version": "[parameters('version')]",

- "administratorLogin": "[parameters('administratorLogin')]",

- "administratorLoginPassword": "[parameters('administratorLoginPassword')]",

- "publicNetworkAccess": "[variables('publicNetworkAccess')]",

- "DelegatedSubnetArguments": "[if(empty(parameters('vnetData')), json('null'), variables('finalVnetData'))]",

- "haEnabled": "[parameters('haEnabled')]",

- "storageProfile": {

- "storageMB": "[parameters('storageSizeMB')]",

- "backupRetentionDays": "[parameters('backupRetentionDays')]"

- },

- "availabilityZone": "[parameters('availabilityZone')]"

- }

- {

- "type": "Microsoft.Resources/deployments",

- "apiVersion": "2019-08-01",

- "name": "[concat('firewallRules-', copyIndex())]",

- "dependsOn": [

- "[concat('Microsoft.DBforMySQL/flexibleServers/', parameters('serverName'))]"

- ],

- "properties": {

- "mode": "Incremental",

- "template": {

- "$schema": "http://schema.management.azure.com/schemas/2014-04-01-preview/deploymentTemplate.json#",

- "contentVersion": "1.0.0.0",

- "resources": [

- {

- "type": "Microsoft.DBforMySQL/flexibleServers/firewallRules",

- "name": "[concat(parameters('serverName'),'/',variables('firewallRules')[copyIndex()].name)]",

- "apiVersion": "[variables('api')]",

- "properties": {

- "StartIpAddress": "[variables('firewallRules')[copyIndex()].startIPAddress]",

- "EndIpAddress": "[variables('firewallRules')[copyIndex()].endIPAddress]"

- ]

- },

- "copy": {

- "name": "firewallRulesIterator",

- "count": "[if(greater(length(variables('firewallRules')), 0), length(variables('firewallRules')), 1)]",

- "mode": "Serial"

- },

- "condition": "[greater(length(variables('firewallRules')), 0)]"

- }

- ]

-These resources are defined in the template:

-blob_sas_token = r"

-View the rest of the datasets in the [Open Datasets catalog](dataset-catalog.md).

-| Germany West Central | :heavy_check_mark: | :heavy_check_mark: | :x: |

-description: Provides an overview of Azure Database for PostgreSQL relational database service in the context of flexible server.

- |Ingestion |Managed Event Hubs Namespace |mypurview-ingestion-namespace |

-3. If Azure Private DNS Zones are used, make sure the required Azure DNS Zones are deployed and there is DNS (A) record for each private endpoint.

-5. If you have created your Microsoft Purview account after 18 August 2021, make sure you download and install the latest version of self-hosted integration runtime from [Microsoft download center](https://www.microsoft.com/download/details.aspx?id=39717).

-7. From self-hosted integration runtime, test network connectivity and name resolution to Microsoft Purview managed resources such as blob queue and Event Hub through port 443 and private IP addresses. (Replace the managed storage account and Event Hubs namespace with corresponding managed resource name assigned to your Microsoft Purview account).

- Example of successful outbound connection to Event Hub namespace through private IP address:

-9. If data sources are located in on-premises network, review your DNS forwarder configuration. Test name resolution from within the same network where data sources are located to self-hosted integration runtime, Microsoft Purview endpoints and managed resources. It is expected to obtain a valid private IP address from DNS query for each endpoint.

-This can be an indication of issues related to connectivity or name resolution between the VM running self-hosted integration runtime and Microsoft Purview's managed resources storage account or Event Hub.

-Not authorized to access this Microsoft Purview account. This Microsoft Purview account is behind a private endpoint. Please access the account from a client in the same virtual network (VNet) that has been configured for the Microsoft Purview account's private endpoint.

-In this case, to open the Microsoft Purview governance portal, either use a machine that is deployed in the same virtual network as the Microsoft Purview portal private endpoint or use a VM that is connected to your CorpNet in which hybrid connectivity is allowed.

-Federal Information Processing Standards (FIPS) defines a certain set of cryptographic algorithms that are allowed to be used. When FIPS mode is enabled on the machine, some cryptographic classes that the invoked processes depends on are blocked in some scenarios.

-Each Microsoft Purview account comes with a fully managed event hub, accessible via the Atlas Kafka endpoint found via the Azure portal > Microsoft Purview Account > Properties. Microsoft Purview events can be monitored by consuming messages from the event hub. External systems can also use the event hub to publish events to Microsoft Purview as they occur.

-If you need to use Microsoft Purview from inside your private network, it is recommended to use Azure Private Link Service with your Microsoft Purview accounts for partial or [end-to-end isolation](catalog-private-link-end-to-end.md) to connect to Microsoft Purview governance portal, access Microsoft Purview endpoints and to scan data sources.

-Adding a `CanNotDelete` or `ReadOnly` lock to Microsoft Purview account does not prevent deletion or modification operations inside Microsoft Purview data plane, however, it prevents any operations in control plane, such as deleting the Microsoft Purview account, deploying a private endpoint or configuration of diagnostic settings.

-Resource locks can be assigned to Microsoft Purview resource groups or resources, however, you cannot assign an Azure resource lock to Microsoft Purview Managed resources or managed Resource Group.

-If you have extended your Microsoft 365 sensitivity labels for assets and database columns in Microsoft Purview, you can keep track of highly valuable assets using Microsoft Defender for Cloud from inventory, alerts and recommendations based on assets detected sensitivity labels.

-Microsoft Purview is a data governance solution in cloud. You can register and scan different data sources from various data systems from your on-premises, Azure, or multi-cloud environments into Microsoft Purview. While data source is registered and scanned in Microsoft Purview, the actual data and data sources stay in their original locations, only metadata is extracted from data sources and stored in Microsoft Purview Data Map, which means you do not need to move data out of the region or their original location to extract the metadata into Microsoft Purview.

-When a Microsoft Purview account is deployed, in addition, a managed resource group is also deployed in your Azure subscription. A managed Azure Storage Account and a Managed Event Hubs are deployed inside this resource group. The managed storage account is used to ingest metadata from data sources during the scan. Since these resources are consumed by the Microsoft Purview they cannot be accessed by any other users or principals, except the Microsoft Purview account. This is because an Azure role-based access control (RBAC) deny assignment is added automatically for all principals to this resource group at the time of Microsoft Purview account deployment, preventing any CRUD operations on these resources if they are not initiated from Microsoft Purview.

- 1. A manual or automatic scan is initiated from the Microsoft Purview data map through the Azure integration runtime.

- 4. Metadata is sent to the Microsoft Purview data map.

- 1. A manual or automatic scan is triggered. Microsft Purview connects to Azure Key Vault to retrieve the credential to access a data source.

- 2. The scan is initiated from the Microsoft Purview data map through a self-hosted integration runtime.

- 5. Metadata is sent to the Microsoft Purview data map.

- If you need to extract metadata from data sources with sensitive data that cannot leave the boundary of your on-premises network, it is highly recommended to deploy the self-hosted integration runtime VM inside your corporate network, where data sources are located, to extract and process metadata in on-premises, and send only metadata to Microsoft Purview.

- 1. A manual or automatic scan is triggered. Microsft Purview connects to Azure Key Vault to retrieve the credential to access a data source.

- 5. Metadata is sent to the Microsoft Purview data map.

-For more information, see [Encrypt sensitive data at rest](/security/benchmark/azure/baselines/purview-security-baseline#dp-5-encrypt-sensitive-data-at-rest).

-To extract metadata from a data source system into Microsoft Purview Data Map, it is required to register and scan the data source systems in Microsoft Purview Data Map. To automate this process, we have made available [connectors](azure-purview-connector-overview.md) for different data source systems in Microsoft Purview to simplify the registration and scanning process.

-It is recommended prioritizing the use of the following credential options for scanning, when possible:

-As a general rule, you can use the following options to set up integration runtime and credentials to scan data source systems:

-For guidelines about pricing for these applications, select the links above.

- - When an account is provisioned, a storage account and event hub queue are created within the subscription in order to cater to secured scanning, which may be charged separately

-Many subscriptions have [Azure Policies](../governance/policy/overview.md) in place that restrict the creation of some resources. This is to maintain subscription security and cleanliness. However, Microsoft Purview accounts deploy two other Azure resources when they're created: an Azure Storage account, and an Event Hubs namespace. When you [create Microsoft Purview Account](create-catalog-portal.md), these resources will be deployed. They'll be managed by Azure, so you don't need to maintain them, but you'll need to deploy them. Existing policies may block this deployment, and you may receive an error when attempting to create a Microsoft Purview account.

-* The managed Storage account and Event Hubs resource created by Microsoft Purview. Microsoft Purview uses these resources to ingest the results of the scan, among many other things, so the self-hosted integration runtime need to be able to connect with these resources.

-This quickstart teaches you how to send and receive *Atlas Kafka* topics events. We will make use of *Azure Event Hubs* and the **Azure.Messaging.EventHubs** .NET library.

-Let's create a .NET Core console application that sends events to Purview via Event Hub Kafka topic, **ATLAS_HOOK**.

-2. Add constants to the `Program` class for the Event Hubs connection string and Event Hub name.

- You can get the Event Hub namespace associated with the Purview account by looking at the Atlas kafka endpoint primary/secondary connection strings. These can be found in **Properties** tab of your Purview account.

- :::image type="content" source="media/manage-eventhub-kafka-dotnet/properties.png" alt-text="A screenshot that show an Event Hubs Namespace.":::

-|3 |Define whether you plan to deploy a Microsoft Purview with a managed event hub | N/A |A managed event hub is created as part of Microsoft Purview account creation, see Microsoft Purview account creation. You can publish messages to the event hub kafka topic ATLAS_HOOK and Microsoft Purview will consume and process it. Microsoft Purview will notify entity changes to the event hub kafka topic ATLAS_ENTITIES and user can consume and process it. |

-| `defaultLanguageCode` | A string indicating the language to return. The service returns recognition results in a specified language. If this parameter isn't specified, the default value is "en". <br/><br/>Supported languages include all generally available languages documented under the [Cognitive Services Computer Vision language support documentation](../cognitive-services/computer-vision/language-support.md#image-analysis).|

-+ For the languages listed under the [Cognitive Services Computer Vision language support documentation](../cognitive-services/computer-vision/language-support.md#optical-character-recognition-ocr), the ["Read"](../cognitive-services/computer-vision/overview-ocr.md#read-api) API is used.

-| `detectOrientation` | Detects image orientation. Valid values are `true` or `false`. <br/><br/> This parameter only applies if the [legacy OCR](https://westus.dev.cognitive.microsoft.com/docs/services/computer-vision-v3-2/operations/56f91f2e778daf14a499f20d) API is used. |

-| `defaultLanguageCode` | Language code of the input text. Supported languages include all generally available languages documented under the [Cognitive Services Computer Vision language support documentation](../cognitive-services/computer-vision/language-support.md#optical-character-recognition-ocr) and `unk` (Unknown). <br/><br/> If the language code is unspecified or null, the language is set to English. If the language is explicitly set to `unk`, all languages found are auto-detected and returned. </p> |

-When you have critical applications and business processes relying on Azure resources, you want to monitor those resources for their availability, performance, and operation. This article describes the monitoring data generated by Azure Cognitive Search and how to analyze and alert on this data with Azure Monitor.

-## Monitor overview

-In Azure portal, the **Monitoring** tab in the **Overview** page for each Azure Cognitive Search service includes a brief summary of key metrics, including query volume, latency, and throttled queries. This data is collected automatically, and is available for analysis as soon as you create the resource.

-While these metrics are helpful, they are a subset of the monitoring and diagnostic data available for Azure Cognitive Search. You can enable additional types of data collection with some configuration. Additional data collection is supported through Azure Monitor.

-## What is Azure Monitor?

-Azure Cognitive Search creates monitoring data using [Azure Monitor](../azure-monitor/overview.md) which is a full stack monitoring service in Azure that provides a complete set of features to monitor your Azure resources.

-If you're not already familiar with monitoring Azure services, start with the article [Monitoring Azure resources with Azure Monitor](../azure-monitor/essentials/monitor-azure-resource.md) which describes the following concepts:

-* What Azure Monitor is and how it's integrated into the portal for other Azure services

-* The types of data collected by Azure Monitor for Azure resources

-* Azure Monitor tools used to collect and analyze data

-The following sections build on this article by describing the specific data gathered from Azure Cognitive Search and providing examples for configuring data collection and analyzing this data with Azure tools.

-## Monitoring data

-Azure Cognitive Search collects the same kinds of monitoring data as other Azure resources that are described in [Monitoring data from Azure resources](../azure-monitor/essentials/monitor-azure-resource.md). See the [data reference](monitor-azure-cognitive-search-data-reference.md) for detailed information on the metrics and logs metrics created by Azure Cognitive Search.

-In addition to the resource logs collected by Azure Monitor, you can also obtain system data from the search service itself, including statistics, counts, and status:

-The system information above information can also be read from the Azure portal. For REST calls, use an [admin API key](search-security-api-keys.md) and [Postman](search-get-started-rest.md) or another REST client.

-On Azure portal pages, check the Usage and Monitoring tabs for counts and metrics. Commands on the left-navigation provide access to configuration and data exploration pages.

- 

-> [!NOTE]

-> Cognitive Search does not monitor individual user access to search data (sometimes referred to as document-level or row-level access). Indexing and query requests originate from a client application that presents either an admin or query API key on the request.

-| [Immutable log storage](../../attestation/audit-logs.md) | GA | GA |

-* Tests on your endpoints to uncover the [Open Web Application Security Project (OWASP) top 10 vulnerabilities](https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project)

-| **EventSchemaVersion** | Mandatory | String | The version of the schema documented here is **0.1.3**. |

-Incidents are not created for alerts generated by Defender for IoT data by default.

-| **Multiple scans in the network** | Multiple scans on the network can be an indication of one of the following: <br><br>- A new device on the network <br>- New functionality of an existing device <br>- Misconfiguration of an application, such as due to a firmware update or re-installation <br>- Malicious activity on the network for reconnaissance |

-| **Excessive login attempts** | Excessive login attempts may indicate improper service configuration, human error, or malicious activity on the network, such as a cyber threat attempting to manipulate the SCADA network. |

-**Playbook name** AD4IoT-NewAssetServiceNowTicket

-## Create a Customized Builder to build apps

-Select **Add** to create a new builder. The image below shows the resources you should use to create the customized builder.

-> [!NOTE]

-> The bindings aren't allowed to create, edit, or delete when the parent builder is used in a deployment.

-> Ensure that you use a newly created Gen2 account that's empty. It's important that you don't migrate to a previously used Gen2 account.

-`DefaultEndpointsProtocol=https;AccountName=devstoreaccount1;AccountKey=Eby8vdM02xNOcqFlqUwJPLlmEtlCDXJ1OUzFT50uSRZ6IFsuFq2UVErCz4I6tq/K1SZFPTOtr/KBHBeksoGMGw==;BlobEndpoint=https://127.0.0.1:10000/devstoreaccount1;QueueEndpoint=https://127.0.0.1:10001/devstoreaccount1;TableEndpoint=https://127.0.0.1:10001/devstoreaccount1;`

-`DefaultEndpointsProtocol=https;AccountName=devstoreaccount1;AccountKey=Eby8vdM02xNOcqFlqUwJPLlmEtlCDXJ1OUzFT50uSRZ6IFsuFq2UVErCz4I6tq/K1SZFPTOtr/KBHBeksoGMGw==;TableEndpoint=https://127.0.0.1:10001/devstoreaccount1;`

-`DefaultEndpointsProtocol=https;AccountName=devstoreaccount1;AccountKey=Eby8vdM02xNOcqFlqUwJPLlmEtlCDXJ1OUzFT50uSRZ6IFsuFq2UVErCz4I6tq/K1SZFPTOtr/KBHBeksoGMGw==;BlobEndpoint=https://localhost:10000/devstoreaccount1;QueueEndpoint=https://localhost:10001/devstoreaccount1;TableEndpoint=https://localhost:10001/devstoreaccount1;`

- new Uri("https://127.0.0.1:10001/devstoreaccount1/table-name"), new DefaultAzureCredential()

- "DefaultEndpointsProtocol=https;AccountName=devstoreaccount1;AccountKey=Eby8vdM02xNOcqFlqUwJPLlmEtlCDXJ1OUzFT50uSRZ6IFsuFq2UVErCz4I6tq/K1SZFPTOtr/KBHBeksoGMGw==;TableEndpoint=https://127.0.0.1:10001/devstoreaccount1;", "table-name"

- new Uri("https://127.0.0.1:10001/devstoreaccount1/table-name"),

- smbPath=$(echo $httpEndpoint | cut -c7-$(expr length $httpEndpoint))

-smbPath=$(echo $httpEndpoint | cut -c7-$(expr length $httpEndpoint))$fileShareName

-smbPath=$(echo $httpEndpoint | cut -c7-$(expr length $httpEndpoint))$fileShareName

-smbPath=$(echo $httpEndpoint | cut -c7-$(expr length $httpEndpoint))$fileShareName

-smbPath=$(echo $httpEndpoint | cut -c7-$(expr length $httpEndpoint))$fileShareName

-The Azure portal's new getting started feature is a quick, easy way to install and configure Azure Virtual Desktop on your deployment.

-## Requirements

-You'll need to meet the following requirements to be able to use getting started:

- >[!NOTE]

- >The getting started feature doesn't currently support MSA, B2B, or guest accounts at this time.

- >[!NOTE]

- >The getting started feature doesn't currently support accounts with multi-factor authentication.

-If you're using the getting started feature in an environment with Active Directory Domain Services (AD DS), you'll also need to meet these requirements:

-If you're using the getting started feature in an environment without an identity provider, these are the extra requirements you should follow:

-## For subscriptions with Azure AD DS or AD DS

-Here's how to use the getting started feature in a subscription that already has Azure AD DS or AD DS:

-1. Open [the Azure portal](https://portal.azure.com).

-2. Sign in to Azure and open **Azure Virtual Desktop management**, then select the **Getting started** tab. This will open the landing page for the getting started feature.

-3. Select **Create**.

-4. In the **Basic** tab, select the following values:

- - For **Subscription**, go to **How is your subscription configured**, then select **Existing setup**.

- - In the **Location**, select the location where you'll deploy your resources.

- - For **Azure admin UPN**, enter the full user principal name (UPN) of the account with admin permissions in Azure AD and owner permissions in the subscription that you plan to use.

- - For **AD Domain join UPN** enter the full UPN of the account with permissions that you plan to use to join the VMs to your domain.

- - For **Identity**, select either **Azure AD DS** or **AD DS** depending on your environment. What you choose here will affect the input your VMs will need.

-5. In the **Virtual machines** tab, select the following values:

- - For **Do you want the users to share this machine?**, select one of the following options depending on your needs:

- - If you want to create a single-session or personal host pool, select **No**.

- - If you want to create a multi-session or pooled host pool, select **Yes (multi-session)**. This will also create an Azure Files storage account joined to either Azure AD DS or AD DS.

- - For **Image type**, select an image from the Azure image gallery, a custom image, or a VHD from a storage blob.

- - For **VM size**, select the size and SKU you want for the VMs you'll deploy.

- - For **Number of VMs**, select how many VMs you want to provision in the host pool.

- - If you're using an existing setup with AD DS, these options will appear:

- - For **Subnet**, select a subnet in the VNET. The subnet you choose must either be in the same location as the identity (AD DS or Azure AD DS) or peered to it.

- - For **Domain controller resource group**, select the resource group where the AD DS VM is either located or peered to. The resource group with the domain controller must be in the same subscription. The get started feature doesn't currently support peered subscriptions at this time.

- - For **Domain controller virtual machine**, enter the name of the VM running your deployment's AD DS.

- - If you want to open the Select Azure AD users or Users group, select the **Assign existing users** check box.

- - If you want to create a validation user account to test your deployment, select the **Create validation user** check box, then enter a username and password in the prompt that appears.

- >[!NOTE]

- >Getting started will create the validation user group in the "USERS" container. You must make sure your validation group is synced to Azure AD. If the sync doesn't work, then pre-create the AVDValidationUsers group in an organization unit that is being synced to Azure AD.

-## For subscriptions without Azure AD DS or AD DS

-This section will show you how to use the getting started feature for a subscription without Azure AD DS or AD DS. For reference, these subscriptions are sometimes called "empty" subscriptions.

-To deploy Azure Virtual Desktop on a subscription without Azure AD DS or AD DS:

-1. Open [the Azure portal](https://portal.azure.com).

-2. Sign in to Azure and open **Azure Virtual Desktop management**, then select the **Getting started** tab. This will open the landing page for the getting started feature.

-3. In the **Basic** tab, select the following values:

- - For **Subscription**, select the subscription you want to deploy Azure Virtual Desktop in.

- - For **How is your subscription configured**, select **Empty subscription**. An "empty" subscription is a subscription that doesn't already have Azure AD DS or AD DS deployed.

- - For **Resource group prefix**, enter the prefixes for the resource group you're going to create: *-prerequisite*, *-deployment*, and *-avd*.

- - In **Location**, enter the resource location you want to use for your deployment.

- - For **Azure admin UPN**, enter the full UPN of an account with admin permissions on Azure AD and owner permissions on the subscription.

- - For **AD Domain join UPN**, enter the full UPN for an account that will be added to **AAD DC Administrators** group.

- >[!NOTE]

- >The user name for AD Domain join UPN should be a unique one that doesn't already exist in Azure AD. The getting started feature doesn't currently support using existing Azure AD user names for accounts without Azure AD or AD DS.