-|||

-### Environment variables

-### Environment variables

-> New pricing is in effect for batch transcription by using [Speech to text REST API v3.2](./migrate-v3-1-to-v3-2.md). For more information, see the [pricing guide](https://azure.microsoft.com/pricing/details/cognitive-services/speech-services).

-To create a transcription, use the [Transcriptions_Create](/rest/api/speechtotext/transcriptions/create) operation of the [Speech to text REST API](rest-speech-to-text.md#batch-transcription). Construct the request body according to the following instructions:

-> You can also try the Batch Transcription API using Python on [GitHub](https://github.com/Azure-Samples/cognitive-services-speech-sdk/blob/master/samples/batch/python/python-client/main.py).

-spx batch transcription create --name "My Transcription" --language "en-US" --content https://crbn.us/hello.wav;https://crbn.us/whatstheweatherlike.wav

-spx batch transcription create --name "My Transcription" --language "en-US" --content https://crbn.us/hello.wav;https://crbn.us/whatstheweatherlike.wav --model "https://eastus.api.cognitive.microsoft.com/speechtotext/v3.2/models/base/5988d691-0893-472c-851e-8e36a0fe7aaf"

-Whisper models by batch transcription are supported in the Australia East, Central US, East US, North Central US, South Central US, Southeast Asia, and West Europe regions.

-You set the full model URI as shown in this example for the `eastus` region. Replace `YourSubscriptionKey` with your Speech resource key. Replace `eastus` if you're using a different region.

-spx batch transcription create --name "My Transcription" --language "en-US" --content https://crbn.us/hello.wav;https://crbn.us/whatstheweatherlike.wav --model "https://eastus.api.cognitive.microsoft.com/speechtotext/v3.2/models/base/e418c4a9-9937-4db7-b2c9-8afbff72d950" --api-version v3.2

-## Next steps

-[Custom neural voice](../custom-neural-voice.md) and custom text to speech avatar are separate features. You can use them independently or together. If you plan to also use [custom neural voice](../custom-neural-voice.md) with a text to speech avatar, you need to deploy or [copy](../professional-voice-train-voice.md#copy-your-voice-model-to-another-project) your custom neural voice model to one of the [avatar supported regions](./what-is-text-to-speech-avatar.md#available-locations).

-The training and validation data you use **must** be formatted as a JSON Lines (JSONL) document. For `Llama-3-80B-chat` the fine-tuning dataset must be formatted in the conversational format that is used by the Chat completions API.

-1. If this is your first time fine-tuning the model in the project, you have to subscribe your project for the particular offering (for example, Meta-Llama-3-70B) from Azure Marketplace. This step requires that your account has the Azure subscription permissions and resource group permissions listed in the prerequisites. Each project has its own subscription to the particular Azure Marketplace offering, which allows you to control and monitor spending. Select **Subscribe and fine-tune**.

- > Subscribing a project to a particular Azure Marketplace offering (in this case, Meta-Llama-3-70B) requires that your account has **Contributor** or **Owner** access at the subscription level where the project is created. Alternatively, your user account can be assigned a custom role that has the Azure subscription permissions and resource group permissions listed in the [prerequisites](#prerequisites).

-> This article is about App Service Environment v1. [App Service Environment v1 will be retired on 31 August 2024](https://azure.microsoft.com/updates/app-service-environment-version-1-and-version-2-will-be-retired-on-31-august-2024-4/). There's a new version of App Service Environment that is easier to use and runs on more powerful infrastructure. To learn more about the new version, start with the [Introduction to the App Service Environment](overview.md). If you're currently using App Service Environment v1, please follow the steps in [this article](upgrade-to-asev3.md) to migrate to the new version.

-> As of 29 January 2024, you can no longer create new App Service Environment v1 resources using any of the available methods including ARM/Bicep templates, Azure Portal, Azure CLI, or REST API. You must [migrate to App Service Environment v3](upgrade-to-asev3.md) before 31 August 2024 to prevent resource deletion and data loss.

-> This article is about App Service Environment v1. [App Service Environment v1 will be retired on 31 August 2024](https://azure.microsoft.com/updates/app-service-environment-version-1-and-version-2-will-be-retired-on-31-august-2024-4/). There's a new version of App Service Environment that is easier to use and runs on more powerful infrastructure. To learn more about the new version, start with the [Introduction to the App Service Environment](overview.md). If you're currently using App Service Environment v1, please follow the steps in [this article](upgrade-to-asev3.md) to migrate to the new version.

-> As of 29 January 2024, you can no longer create new App Service Environment v1 resources using any of the available methods including ARM/Bicep templates, Azure Portal, Azure CLI, or REST API. You must [migrate to App Service Environment v3](upgrade-to-asev3.md) before 31 August 2024 to prevent resource deletion and data loss.

-> This article is about App Service Environment v1. [App Service Environment v1 will be retired on 31 August 2024](https://azure.microsoft.com/updates/app-service-environment-version-1-and-version-2-will-be-retired-on-31-august-2024-4/). There's a new version of App Service Environment that is easier to use and runs on more powerful infrastructure. To learn more about the new version, start with the [Introduction to the App Service Environment](overview.md). If you're currently using App Service Environment v1, please follow the steps in [this article](upgrade-to-asev3.md) to migrate to the new version.

-> As of 29 January 2024, you can no longer create new App Service Environment v1 resources using any of the available methods including ARM/Bicep templates, Azure Portal, Azure CLI, or REST API. You must [migrate to App Service Environment v3](upgrade-to-asev3.md) before 31 August 2024 to prevent resource deletion and data loss.

-> This article is about App Service Environment v1. [App Service Environment v1 will be retired on 31 August 2024](https://azure.microsoft.com/updates/app-service-environment-version-1-and-version-2-will-be-retired-on-31-august-2024-4/). There's a new version of App Service Environment that is easier to use and runs on more powerful infrastructure. To learn more about the new version, start with the [Introduction to the App Service Environment](overview.md). If you're currently using App Service Environment v1, please follow the steps in [this article](upgrade-to-asev3.md) to migrate to the new version.

-> As of 29 January 2024, you can no longer create new App Service Environment v1 resources using any of the available methods including ARM/Bicep templates, Azure Portal, Azure CLI, or REST API. You must [migrate to App Service Environment v3](upgrade-to-asev3.md) before 31 August 2024 to prevent resource deletion and data loss.

-> This article is about App Service Environment v1. [App Service Environment v1 will be retired on 31 August 2024](https://azure.microsoft.com/updates/app-service-environment-version-1-and-version-2-will-be-retired-on-31-august-2024-4/). There's a new version of App Service Environment that is easier to use and runs on more powerful infrastructure. To learn more about the new version, start with the [Introduction to the App Service Environment](overview.md). If you're currently using App Service Environment v1, please follow the steps in [this article](upgrade-to-asev3.md) to migrate to the new version.

-> As of 29 January 2024, you can no longer create new App Service Environment v1 resources using any of the available methods including ARM/Bicep templates, Azure Portal, Azure CLI, or REST API. You must [migrate to App Service Environment v3](upgrade-to-asev3.md) before 31 August 2024 to prevent resource deletion and data loss.

-> This article is about App Service Environment v1. [App Service Environment v1 will be retired on 31 August 2024](https://azure.microsoft.com/updates/app-service-environment-version-1-and-version-2-will-be-retired-on-31-august-2024-4/). There's a new version of App Service Environment that is easier to use and runs on more powerful infrastructure. To learn more about the new version, start with the [Introduction to the App Service Environment](overview.md). If you're currently using App Service Environment v1, please follow the steps in [this article](upgrade-to-asev3.md) to migrate to the new version.

-> As of 29 January 2024, you can no longer create new App Service Environment v1 resources using any of the available methods including ARM/Bicep templates, Azure Portal, Azure CLI, or REST API. You must [migrate to App Service Environment v3](upgrade-to-asev3.md) before 31 August 2024 to prevent resource deletion and data loss.

-> This article is about App Service Environment v1. [App Service Environment v1 will be retired on 31 August 2024](https://azure.microsoft.com/updates/app-service-environment-version-1-and-version-2-will-be-retired-on-31-august-2024-4/). There's a new version of App Service Environment that is easier to use and runs on more powerful infrastructure. To learn more about the new version, start with the [Introduction to the App Service Environment](overview.md). If you're currently using App Service Environment v1, please follow the steps in [this article](upgrade-to-asev3.md) to migrate to the new version.

-> As of 29 January 2024, you can no longer create new App Service Environment v1 resources using any of the available methods including ARM/Bicep templates, Azure Portal, Azure CLI, or REST API. You must [migrate to App Service Environment v3](upgrade-to-asev3.md) before 31 August 2024 to prevent resource deletion and data loss.

-> This article is about App Service Environment v1. [App Service Environment v1 will be retired on 31 August 2024](https://azure.microsoft.com/updates/app-service-environment-version-1-and-version-2-will-be-retired-on-31-august-2024-4/). There's a new version of App Service Environment that is easier to use and runs on more powerful infrastructure. To learn more about the new version, start with the [Introduction to the App Service Environment](overview.md). If you're currently using App Service Environment v1, please follow the steps in [this article](upgrade-to-asev3.md) to migrate to the new version.

-> As of 29 January 2024, you can no longer create new App Service Environment v1 resources using any of the available methods including ARM/Bicep templates, Azure Portal, Azure CLI, or REST API. You must [migrate to App Service Environment v3](upgrade-to-asev3.md) before 31 August 2024 to prevent resource deletion and data loss.

-> This article is about App Service Environment v1. [App Service Environment v1 will be retired on 31 August 2024](https://azure.microsoft.com/updates/app-service-environment-version-1-and-version-2-will-be-retired-on-31-august-2024-4/). There's a new version of App Service Environment that is easier to use and runs on more powerful infrastructure. To learn more about the new version, start with the [Introduction to the App Service Environment](overview.md). If you're currently using App Service Environment v1, please follow the steps in [this article](upgrade-to-asev3.md) to migrate to the new version.

-> As of 29 January 2024, you can no longer create new App Service Environment v1 resources using any of the available methods including ARM/Bicep templates, Azure Portal, Azure CLI, or REST API. You must [migrate to App Service Environment v3](upgrade-to-asev3.md) before 31 August 2024 to prevent resource deletion and data loss.

-> This article is about App Service Environment v1. [App Service Environment v1 will be retired on 31 August 2024](https://azure.microsoft.com/updates/app-service-environment-version-1-and-version-2-will-be-retired-on-31-august-2024-4/). There's a new version of App Service Environment that is easier to use and runs on more powerful infrastructure. To learn more about the new version, start with the [Introduction to the App Service Environment](overview.md). If you're currently using App Service Environment v1, please follow the steps in [this article](upgrade-to-asev3.md) to migrate to the new version.

-> As of 29 January 2024, you can no longer create new App Service Environment v1 resources using any of the available methods including ARM/Bicep templates, Azure Portal, Azure CLI, or REST API. You must [migrate to App Service Environment v3](upgrade-to-asev3.md) before 31 August 2024 to prevent resource deletion and data loss.

-> This article is about App Service Environment v2 which is used with Isolated App Service plans. [App Service Environment v2 will be retired on 31 August 2024](https://azure.microsoft.com/updates/app-service-environment-version-1-and-version-2-will-be-retired-on-31-august-2024-4/). There's a new version of App Service Environment that is easier to use and runs on more powerful infrastructure. To learn more about the new version, start with the [Introduction to the App Service Environment](overview.md). If you're currently using App Service Environment v2, please follow the steps in [this article](upgrade-to-asev3.md) to migrate to the new version.

-> As of 29 January 2024, you can no longer create new App Service Environment v2 resources using any of the available methods including ARM/Bicep templates, Azure Portal, Azure CLI, or REST API. You must [migrate to App Service Environment v3](upgrade-to-asev3.md) before 31 August 2024 to prevent resource deletion and data loss.

-> This article is about App Service Environment v2 which is used with Isolated App Service plans. [App Service Environment v2 will be retired on 31 August 2024](https://azure.microsoft.com/updates/app-service-environment-version-1-and-version-2-will-be-retired-on-31-august-2024-4/). There's a new version of App Service Environment that is easier to use and runs on more powerful infrastructure. To learn more about the new version, start with the [Introduction to the App Service Environment](overview.md). If you're currently using App Service Environment v2, please follow the steps in [this article](upgrade-to-asev3.md) to migrate to the new version.

-> As of 29 January 2024, you can no longer create new App Service Environment v2 resources using any of the available methods including ARM/Bicep templates, Azure Portal, Azure CLI, or REST API. You must [migrate to App Service Environment v3](upgrade-to-asev3.md) before 31 August 2024 to prevent resource deletion and data loss.

-> This article is about App Service Environment v2 which is used with Isolated App Service plans. [App Service Environment v2 will be retired on 31 August 2024](https://azure.microsoft.com/updates/app-service-environment-version-1-and-version-2-will-be-retired-on-31-august-2024-4/). There's a new version of App Service Environment that is easier to use and runs on more powerful infrastructure. To learn more about the new version, start with the [Introduction to the App Service Environment](overview.md). If you're currently using App Service Environment v2, please follow the steps in [this article](upgrade-to-asev3.md) to migrate to the new version.

-> As of 29 January 2024, you can no longer create new App Service Environment v2 resources using any of the available methods including ARM/Bicep templates, Azure Portal, Azure CLI, or REST API. You must [migrate to App Service Environment v3](upgrade-to-asev3.md) before 31 August 2024 to prevent resource deletion and data loss.

-> This article is about App Service Environment v2 which is used with Isolated App Service plans. [App Service Environment v2 will be retired on 31 August 2024](https://azure.microsoft.com/updates/app-service-environment-version-1-and-version-2-will-be-retired-on-31-august-2024-4/). There's a new version of App Service Environment that is easier to use and runs on more powerful infrastructure. To learn more about the new version, start with the [Introduction to the App Service Environment](overview.md). If you're currently using App Service Environment v2, please follow the steps in [this article](upgrade-to-asev3.md) to migrate to the new version.

-> As of 29 January 2024, you can no longer create new App Service Environment v2 resources using any of the available methods including ARM/Bicep templates, Azure Portal, Azure CLI, or REST API. You must [migrate to App Service Environment v3](upgrade-to-asev3.md) before 31 August 2024 to prevent resource deletion and data loss.

-> This article is about App Service Environment v2 which is used with Isolated App Service plans. [App Service Environment v2 will be retired on 31 August 2024](https://azure.microsoft.com/updates/app-service-environment-version-1-and-version-2-will-be-retired-on-31-august-2024-4/). There's a new version of App Service Environment that is easier to use and runs on more powerful infrastructure. To learn more about the new version, start with the [Introduction to the App Service Environment](overview.md). If you're currently using App Service Environment v2, please follow the steps in [this article](upgrade-to-asev3.md) to migrate to the new version.

-> As of 29 January 2024, you can no longer create new App Service Environment v2 resources using any of the available methods including ARM/Bicep templates, Azure Portal, Azure CLI, or REST API. You must [migrate to App Service Environment v3](upgrade-to-asev3.md) before 31 August 2024 to prevent resource deletion and data loss.

-> This article is about App Service Environment v2 which is used with Isolated App Service plans. [App Service Environment v2 will be retired on 31 August 2024](https://azure.microsoft.com/updates/app-service-environment-version-1-and-version-2-will-be-retired-on-31-august-2024-4/). There's a new version of App Service Environment that is easier to use and runs on more powerful infrastructure. To learn more about the new version, start with the [Introduction to the App Service Environment](overview.md). If you're currently using App Service Environment v2, please follow the steps in [this article](upgrade-to-asev3.md) to migrate to the new version.

-> As of 29 January 2024, you can no longer create new App Service Environment v2 resources using any of the available methods including ARM/Bicep templates, Azure Portal, Azure CLI, or REST API. You must [migrate to App Service Environment v3](upgrade-to-asev3.md) before 31 August 2024 to prevent resource deletion and data loss.

-> This article is about App Service Environment v3, which is used with isolated v2 App Service plans.

-> This article is about App Service Environment v2 which is used with Isolated App Service plans. [App Service Environment v2 will be retired on 31 August 2024](https://azure.microsoft.com/updates/app-service-environment-version-1-and-version-2-will-be-retired-on-31-august-2024-4/). There's a new version of App Service Environment that is easier to use and runs on more powerful infrastructure. To learn more about the new version, start with the [Introduction to the App Service Environment](overview.md). If you're currently using App Service Environment v2, please follow the steps in [this article](upgrade-to-asev3.md) to migrate to the new version.

-> As of 29 January 2024, you can no longer create new App Service Environment v2 resources using any of the available methods including ARM/Bicep templates, Azure Portal, Azure CLI, or REST API. You must [migrate to App Service Environment v3](upgrade-to-asev3.md) before 31 August 2024 to prevent resource deletion and data loss.

-> This article is about App Service Environment v2 which is used with Isolated App Service plans. [App Service Environment v2 will be retired on 31 August 2024](https://azure.microsoft.com/updates/app-service-environment-version-1-and-version-2-will-be-retired-on-31-august-2024-4/). There's a new version of App Service Environment that is easier to use and runs on more powerful infrastructure. To learn more about the new version, start with the [Introduction to the App Service Environment](overview.md). If you're currently using App Service Environment v2, please follow the steps in [this article](upgrade-to-asev3.md) to migrate to the new version.

-> As of 29 January 2024, you can no longer create new App Service Environment v2 resources using any of the available methods including ARM/Bicep templates, Azure Portal, Azure CLI, or REST API. You must [migrate to App Service Environment v3](upgrade-to-asev3.md) before 31 August 2024 to prevent resource deletion and data loss.

-> This article is about App Service Environment v2 which is used with Isolated App Service plans. [App Service Environment v2 will be retired on 31 August 2024](https://azure.microsoft.com/updates/app-service-environment-version-1-and-version-2-will-be-retired-on-31-august-2024-4/). There's a new version of App Service Environment that is easier to use and runs on more powerful infrastructure. To learn more about the new version, start with the [Introduction to the App Service Environment](overview.md). If you're currently using App Service Environment v2, please follow the steps in [this article](upgrade-to-asev3.md) to migrate to the new version.

-> As of 29 January 2024, you can no longer create new App Service Environment v2 resources using any of the available methods including ARM/Bicep templates, Azure Portal, Azure CLI, or REST API. You must [migrate to App Service Environment v3](upgrade-to-asev3.md) before 31 August 2024 to prevent resource deletion and data loss.

-> This article is about the App Service Environment v3 which is used with Isolated v2 App Service plans

-> If you're currently using App Service Environment v1 or v2, you must migrate your workloads to [App Service Environment v3](overview.md). [App Service Environment v1 and v2 will be retired on 31 August 2024](https://azure.microsoft.com/updates/app-service-environment-v1-and-v2-retirement-announcement/). Failure to migrate by that date will result in loss of the environments, running applications, and all application data.

->At this time, the recommendation for all App Service Environment v1 and v2 users is to migrate to App Service Environment v3. If you'd like to explore the [public multi-tenant offering of App Service](../../app-service/overview.md), you can do so once your migration to App Service Environment v3 is complete. There are feature differences and functionality gaps between App Service Environment v3 and the public multi-tenant offering of App Service. Due to these differences, and with the retirement of App Service Environment v1 and v2 on 31 August 2024, we recommend migrating to App Service Environment v3.

->

-> As of [29 January 2024](https://azure.microsoft.com/updates/app-service-environment-version-1-and-version-2-will-be-retired-on-31-august-2024-4/), you can no longer create new App Service Environment v1 and v2 resources using any of the available methods including ARM/Bicep templates, Azure Portal, Azure CLI, or REST API.

-> This article is about App Service Environment v2 which is used with Isolated App Service plans. [App Service Environment v2 will be retired on 31 August 2024](https://azure.microsoft.com/updates/app-service-environment-version-1-and-version-2-will-be-retired-on-31-august-2024-4/). There's a new version of App Service Environment that is easier to use and runs on more powerful infrastructure. To learn more about the new version, start with the [Introduction to the App Service Environment](overview.md). If you're currently using App Service Environment v2, please follow the steps in [this article](upgrade-to-asev3.md) to migrate to the new version.

-> As of 29 January 2024, you can no longer create new App Service Environment v2 resources using any of the available methods including ARM/Bicep templates, Azure Portal, Azure CLI, or REST API. You must [migrate to App Service Environment v3](upgrade-to-asev3.md) before 31 August 2024 to prevent resource deletion and data loss.

-> App Service Environment v1 and v2 [will be retired on 31 August 2024](https://azure.microsoft.com/updates/app-service-environment-version-1-and-version-2-will-be-retired-on-31-august-2024-4/). After that date, those versions will no longer be supported and any remaining App Service Environment v1 and v2s and the applications running on them will be deleted.

-> There's a new version of App Service Environment that is easier to use and runs on more powerful infrastructure. To learn more about the new version, start with the [Introduction to the App Service Environment](overview.md). If you're currently using App Service Environment v1 or v2, please follow the steps in [this article](upgrade-to-asev3.md) to migrate to the new version.

-> As of 29 January 2024, you can no longer create new App Service Environment v1 or v2 resources using any of the available methods including ARM/Bicep templates, Azure Portal, Azure CLI, or REST API. You must [migrate to App Service Environment v3](upgrade-to-asev3.md) before 31 August 2024 to prevent resource deletion and data loss.

-> This article is about App Service Environment v2 which is used with Isolated App Service plans. [App Service Environment v2 will be retired on 31 August 2024](https://azure.microsoft.com/updates/app-service-environment-version-1-and-version-2-will-be-retired-on-31-august-2024-4/). There's a new version of App Service Environment that is easier to use and runs on more powerful infrastructure. To learn more about the new version, start with the [Introduction to the App Service Environment](overview.md). If you're currently using App Service Environment v2, please follow the steps in [this article](upgrade-to-asev3.md) to migrate to the new version.

-> As of 29 January 2024, you can no longer create new App Service Environment v2 resources using any of the available methods including ARM/Bicep templates, Azure Portal, Azure CLI, or REST API. You must [migrate to App Service Environment v3](upgrade-to-asev3.md) before 31 August 2024 to prevent resource deletion and data loss.

-# Quickstart: Deploy a Python (Django or Flask) web app to Azure App Service

-## Designated IPs used by Arc resource bridge

-When Arc resource bridge is deployed, there are designated IPs used exclusively by the appliance VM for the Kubernetes pods and services. These IPs can only be used for Arc resource bridge and canΓÇÖt be used by any other service. If another service already uses an IP address within these ranges, please submit a support ticket.

-| Service|Designated Arc resource bridge IPs|

-| -- | -- |

-|Arc resource bridge Kubernetes pods |10.244.0.0/16 |

-| Arc resource bridge Kubernetes services| 10.96.0.0/12 |

-> Redis data persistence is only available for Premium caches.

-Azure Maps Python SDK supports Python version 3.7 or later. For more information on future Python versions, see [Azure SDK for Python version support policy].

-## Fuzzy Search an Entity

-The following code snippet demonstrates how, in a simple console application, to import the `Azure.Maps.Search` package and perform a fuzzy search on ΓÇ£StarbucksΓÇ¥ near Seattle. This example uses subscription key credentials to authenticate MapsSearchClient. In `demo.py`:

-import os

-from azure.core.credentials import AzureKeyCredential

-from azure.maps.search import MapsSearchClient

-def fuzzy_search():

-ΓÇ» ΓÇ» # Use Azure Maps subscription key authentication

- subscription_key = os.getenv("SUBSCRIPTION_KEY")

-ΓÇ» ΓÇ» maps_search_client = MapsSearchClient(

-ΓÇ» ΓÇ» ΓÇ» ΓÇ» credential=AzureKeyCredential(subscription_key)

-ΓÇ» ΓÇ» )

-ΓÇ» ΓÇ» result = maps_search_client.fuzzy_search(

-ΓÇ» ΓÇ» ΓÇ» ΓÇ» query="Starbucks",

-ΓÇ» ΓÇ» ΓÇ» ΓÇ» coordinates=(47.61010, -122.34255)

-ΓÇ» ΓÇ» )

-

-ΓÇ» ΓÇ» # Print the search results

- if len(result.results) > 0:

- print("Starbucks search result nearby Seattle:")

- for result_item in result.results:

- print(f"* {result_item.address.street_number } {result_item.address.street_name }")

- print(f" {result_item.address.municipality } {result_item.address.country_code } {result_item.address.postal_code }")

- print(f" Coordinate: {result_item.position.lat}, {result_item.position.lon}")

-if __name__ == '__main__':

-ΓÇ» ΓÇ» fuzzy_search()

-```

-This sample code instantiates `AzureKeyCredential` with the Azure Maps subscription key, then uses it to instantiate the `MapsSearchClient` object. The methods provided by `MapsSearchClient` forward the request to the Azure Maps REST endpoints. In the end, the program iterates through the results and prints the address and coordinates for each result.

-After finishing the program, run `python demo.py` from the project folder in PowerShell:

-```powershell

-python demo.py

-```

-You should see a list of Starbucks address and coordinate results:

-```text

-* 1912 Pike Place

- Seattle US 98101

- Coordinate: 47.61016, -122.34248

-* 2118 Westlake Avenue

- Seattle US 98121

- Coordinate: 47.61731, -122.33782

-* 2601 Elliott Avenue

- Seattle US 98121

- Coordinate: 47.61426, -122.35261

-* 1730 Howell Street

- Seattle US 98101

- Coordinate: 47.61716, -122.3298

-* 220 1st Avenue South

- Seattle US 98104

- Coordinate: 47.60027, -122.3338

-* 400 Occidental Avenue South

- Seattle US 98104

- Coordinate: 47.5991, -122.33278

-* 1600 East Olive Way

- Seattle US 98102

- Coordinate: 47.61948, -122.32505

-* 500 Mercer Street

- Seattle US 98109

- Coordinate: 47.62501, -122.34687

-* 505 5Th Ave S

- Seattle US 98104

- Coordinate: 47.59768, -122.32849

-* 425 Queen Anne Avenue North

- Seattle US 98109

- Coordinate: 47.62301, -122.3571

-## Search an Address

-Call the `SearchAddress` method to get the coordinate of an address. Modify the Main program from the sample as follows:

-from azure.core.credentials import AzureKeyCredential

-from azure.maps.search import MapsSearchClient

-def search_address():

- subscription_key = os.getenv("SUBSCRIPTION_KEY")

-ΓÇ» ΓÇ» maps_search_client = MapsSearchClient(

- credential=AzureKeyCredential(subscription_key)

- )

-ΓÇ» result = maps_search_client.search_address(

- query="1301 Alaskan Way, Seattle, WA 98101, US"

- )

-

- # Print reuslts if any

- if len(result.results) > 0:

-ΓÇ» ΓÇ» print(f"Coordinate: {result.results[0].position.lat}, {result.results[0].position.lon}")

- else:

- print("No address found")

-if __name__ == '__main__':

-ΓÇ» ΓÇ» search_address()

-```

-The `SearchAddress` method returns results ordered by confidence score and prints the coordinates of the first result.

-## Batch reverse search

-Azure Maps Search also provides some batch query methods. These methods return long-running operations (LRO) objects. The requests might not return all the results immediately, so users can choose to wait until completion or query the result periodically. The following examples demonstrate how to call the batched reverse search method.

-Since these return LRO objects, you need the `asyncio` method included in the `aiohttp` package:

-```powershell

-pip install aiohttp

-```Python

-import asyncio

-from azure.core.credentials import AzureKeyCredential

-from azure.maps.search.aio import MapsSearchClient

-async def begin_reverse_search_address_batch():

- subscription_key = os.getenv("SUBSCRIPTION_KEY")

-ΓÇ» ΓÇ» maps_search_client = MapsSearchClient(AzureKeyCredential(subscription_key))

-ΓÇ» ΓÇ» async with maps_search_client:

-ΓÇ» ΓÇ» ΓÇ» ΓÇ» result = await maps_search_client.begin_reverse_search_address_batch(

-ΓÇ» ΓÇ» ΓÇ» ΓÇ» ΓÇ» ΓÇ» search_queries = [

-ΓÇ» ΓÇ» ΓÇ» ΓÇ» ΓÇ» ΓÇ» ΓÇ» ΓÇ» "148.858561,2.294911",

-ΓÇ» ΓÇ» ΓÇ» ΓÇ» ΓÇ» ΓÇ» ΓÇ» ΓÇ» "47.639765,-122.127896&radius=5000",

-ΓÇ» ΓÇ» ΓÇ» ΓÇ» ΓÇ» ΓÇ» ΓÇ» ΓÇ» "47.61559,-122.33817&radius=5000",

-ΓÇ» ΓÇ» ΓÇ» ΓÇ» ΓÇ» ΓÇ» ]

-ΓÇ» ΓÇ» ΓÇ» ΓÇ» )

-ΓÇ» ΓÇ» print(f"Batch_id: {result.batch_id}")

- # Special handle for Windows platform

- if os.name == 'nt':

-ΓÇ» ΓÇ» asyncio.set_event_loop_policy(asyncio.WindowsSelectorEventLoopPolicy())

-ΓÇ» ΓÇ» asyncio.run(begin_reverse_search_address_batch())

-In the above example, three queries are passed to the batched reverse search request. To get the LRO results, the request creates a batch request with a batch ID as result that can be used to fetch batch response later. The LRO results are cached on the server side for 14 days.

-The following example demonstrates the process of calling the batch ID and retrieving the operation results of the batch request:

-import asyncio

-from azure.maps.search.aio import MapsSearchClient

-async def begin_reverse_search_address_batch():

- subscription_key = os.getenv("SUBSCRIPTION_KEY")

-ΓÇ» ΓÇ» maps_search_client = MapsSearchClient(credential=AzureKeyCredential(subscription_key))

-ΓÇ» ΓÇ» async with maps_search_client:

-ΓÇ» ΓÇ» ΓÇ» ΓÇ» result = await maps_search_client.begin_reverse_search_address_batch(

-ΓÇ» ΓÇ» ΓÇ» ΓÇ» ΓÇ» ΓÇ» search_queries = [

-ΓÇ» ΓÇ» ΓÇ» ΓÇ» ΓÇ» ΓÇ» ΓÇ» ΓÇ» "148.858561,2.294911",

-ΓÇ» ΓÇ» ΓÇ» ΓÇ» ΓÇ» ΓÇ» ΓÇ» ΓÇ» "47.639765,-122.127896&radius=5000",

-ΓÇ» ΓÇ» ΓÇ» ΓÇ» ΓÇ» ΓÇ» ΓÇ» ΓÇ» "47.61559,-122.33817&radius=5000",

-ΓÇ» ΓÇ» ΓÇ» ΓÇ» ΓÇ» ΓÇ» ]

-ΓÇ» ΓÇ» ΓÇ» ΓÇ» )

-ΓÇ» ΓÇ» return result

-async def begin_reverse_search_address_batch_with_id(batch_id):

-ΓÇ» ΓÇ» subscription_key = os.getenv("SUBSCRIPTION_KEY")

-ΓÇ» ΓÇ» maps_search_client = MapsSearchClient(credential=AzureKeyCredential(subscription_key))

-ΓÇ» ΓÇ» async with maps_search_client:

-ΓÇ» ΓÇ» ΓÇ» ΓÇ» result = await maps_search_client.begin_reverse_search_address_batch(

-ΓÇ» ΓÇ» ΓÇ» ΓÇ» ΓÇ» ΓÇ» batch_id=batch_id,

-ΓÇ» ΓÇ» ΓÇ» ΓÇ» )

-ΓÇ» ΓÇ» responses = result._polling_method._initial_response.context.get('deserialized_data')

-ΓÇ» ΓÇ» summary = responses['summary']

- # Print Batch results

-ΓÇ» ΓÇ» idx = 1

- print(f"Total Batch Requests: {summary['totalRequests']}, Total Successful Results: {summary['successfulRequests']}")

- for items in responses.get('batchItems'):

- if items['statusCode'] == 200:

- print(f"Request {idx} result:")

- for address in items['response']['addresses']:

- print(f" {address['address']['freeformAddress']}")

- print(f"Error in request {idx}: {items['response']['error']['message']}")

- idx += 1

-async def main():

-ΓÇ» ΓÇ» result = await begin_reverse_search_address_batch()

-ΓÇ» ΓÇ» await begin_reverse_search_address_batch_with_id(result.batch_id)

-if __name__ == '__main__':

- # Special handle for Windows platform

- if os.name == 'nt':

- asyncio.set_event_loop_policy(asyncio.WindowsSelectorEventLoopPolicy())

-ΓÇ» ΓÇ» asyncio.run(main())

-Download the [latest release](https://aka.ms/azacsnapinstaller) of the installer and review how to [get started](azacsnap-get-started.md).

-| BCP001 | Error | The following token is not recognized: "{token}". |

-| BCP002 | Error | The multi-line comment at this location is not terminated. Terminate it with the */ character sequence. |

-| BCP003 | Error | The string at this location is not terminated. Terminate the string with a single quote character. |

-| BCP004 | Error | The string at this location is not terminated due to an unexpected new line character. |

-| BCP005 | Error | The string at this location is not terminated. Complete the escape sequence and terminate the string with a single unescaped quote character. |

-| BCP006 | Error | The specified escape sequence is not recognized. Only the following escape sequences are allowed: {ToQuotedString(escapeSequences)}. |

-| BCP007 | Error | This declaration type is not recognized. Specify a metadata, parameter, variable, resource, or output declaration. |

-| BCP018 | Error | Expected the "{character}" character at this location. |

-| BCP029 | Error | The resource type is not valid. Specify a valid resource type of format "\<types>@\<apiVersion>". |

-| BCP030 | Error | The output type is not valid. Please specify one of the following types: {ToQuotedString(validTypes)}. |

-| BCP031 | Error | The parameter type is not valid. Please specify one of the following types: {ToQuotedString(validTypes)}. |

-| <a id='BCP037' />[BCP037](./diagnostics/bcp037.md) | Error/Warning | The property \<property-name> is not allowed on objects of type \<type-definition>. |

-| <a id='BCP040' />[BCP040](./diagnostics/bcp040.md) | Error/Warning | String interpolation is not supported for keys on objects of type \<type-definition>. |

-| BCP041 | Error | Values of type "{valueType}" cannot be assigned to a variable. |

-| BCP043 | Error | This is not a valid expression. |

-| BCP044 | Error | Cannot apply operator "{operatorName}" to operand of type "{type}". |

-| BCP045 | Error | Cannot apply operator "{operatorName}" to operands of type "{type1}" and "{type2}".{(additionalInfo is null ? string.Empty : " " + additionalInfo)} |

-| BCP048 | Error | Cannot resolve function overload. For details, see the documentation. |

-| <a id='BCP052' />[BCP052](./diagnostics/bcp052.md) | Error/Warning | The type \<type-name> does not contain property \<property-name>. |

-| <a id='BCP053' />[BCP053](./diagnostics/bcp053.md) | Error/Warning | The type \<type-name> does not contain property \<property-name>. Available properties include \<property-names>. |

-| BCP054 | Error | The type "{type}" does not contain any properties. |

-| BCP055 | Error | Cannot access properties of type "{wrongType}". An "{LanguageConstants.Object}" type is required. |

-| BCP057 | Error | The name "{name}" does not exist in the current context. |

-| BCP059 | Error | The name "{name}" is not a function. |

-| BCP060 | Error | The "variables" function is not supported. Directly reference variables by their symbolic names. |

-| BCP061 | Error | The "parameters" function is not supported. Directly reference parameters by their symbolic names. |

-| BCP062 | Error | The referenced declaration with name "{name}" is not valid. |

-| BCP063 | Error | The name "{name}" is not a parameter, variable, resource or module. |

-| BCP065 | Error | Function "{functionName}" is not valid at this location. It can only be used as a parameter default value. |

-| BCP066 | Error | Function "{functionName}" is not valid at this location. It can only be used in resource declarations. |

-| BCP067 | Error | Cannot call functions on type "{wrongType}". An "{LanguageConstants.Object}" type is required. |

-| BCP069 | Error | The function "{function}" is not supported. Use the "{@operator}" operator instead. |

-| BCP070 | Error | Argument of type "{argumentType}" is not assignable to parameter of type "{parameterType}". |

-| <a id='BCP072' />[BCP072](./diagnostics/bcp072.md) | Error | This symbol cannot be referenced here. Only other parameters can be referenced in parameter default values. |

-| <a id='BCP073' />[BCP073](./diagnostics/bcp073.md) | Error/Warning | The property \<property-name> is read-only. Expressions cannot be assigned to read-only properties. |

-| BCP076 | Error | Cannot index over expression of type "{wrongType}". Arrays or objects are required. |

-| <a id='BCP077' />[BCP077](./diagnostics/bcp077.md) | Error/Warning | The property \<property-name> on type \<type-name> is write-only. Write-only properties cannot be accessed. |

-| BCP079 | Error | This expression is referencing its own declaration, which is not allowed. |

-| BCP081 | Warning | Resource type "{resourceTypeReference.FormatName()}" does not have types available. Bicep is unable to validate resource properties prior to deployment, but this will not block the resource from being deployed. |

-| BCP082 | Error | The name "{name}" does not exist in the current context. Did you mean "{suggestedName}"? |

-| <a id='BCP083' />[BCP083](./diagnostics/bcp083.md) | Error/Warning | The type \<type-definition> does not contain property \<property-name>. Did you mean \<property-name>? |

-| BCP084 | Error | The symbolic name "{name}" is reserved. Please use a different symbolic name. Reserved namespaces are {ToQuotedString(namespaces.OrderBy(ns => ns))}. |

-| BCP085 | Error | The specified file path contains one ore more invalid path characters. The following are not permitted: {ToQuotedString(forbiddenChars.OrderBy(x => x).Select(x => x.ToString()))}. |

-| BCP086 | Error | The specified file path ends with an invalid character. The following are not permitted: {ToQuotedString(forbiddenPathTerminatorChars.OrderBy(x => x).Select(x => x.ToString()))}. |

-| BCP087 | Error | Array and object literals are not allowed here. |

-| <a id='BCP089' />[BCP089](./diagnostics/bcp089.md) | Error/Warning | The property \<property-name> is not allowed on objects of type \<resource-type>. Did you mean \<property-name>? |

-| BCP092 | Error | String interpolation is not supported in file paths. |

-| BCP093 | Error | File path "{filePath}" could not be resolved relative to "{parentPath}". |

-| BCP094 | Error | This module references itself, which is not allowed. |

-| BCP100 | Error | The function "if" is not supported. Use the "?:\" (ternary conditional) operator instead, e.g. condition ? ValueIfTrue : ValueIfFalse |

-| BCP101 | Error | The "createArray" function is not supported. Construct an array literal using []. |

-| BCP102 | Error | The "createObject" function is not supported. Construct an object literal using {}. |

-| BCP103 | Error | The following token is not recognized: "{token}". Strings are defined using single quotes in bicep. |

-| BCP106 | Error | Expected a new line character at this location. Commas are not used as separator delimiters. |

-| BCP107 | Error | The function "{name}" does not exist in namespace "{namespaceType.Name}". |

-| BCP108 | Error | The function "{name}" does not exist in namespace "{namespaceType.Name}". Did you mean "{suggestedName}"? |

-| BCP109 | Error | The type "{type}" does not contain function "{name}". |

-| BCP110 | Error | The type "{type}" does not contain function "{name}". Did you mean "{suggestedName}"? |

-| BCP112 | Error | The "{LanguageConstants.TargetScopeKeyword}" cannot be declared multiple times in one file. |

-| BCP117 | Error | An empty indexer is not allowed. Specify a valid expression. |

-| BCP125 | Error | Function "{functionName}" cannot be used as a parameter decorator. |

-| BCP126 | Error | Function "{functionName}" cannot be used as a variable decorator. |

-| BCP127 | Error | Function "{functionName}" cannot be used as a resource decorator. |

-| BCP128 | Error | Function "{functionName}" cannot be used as a module decorator. |

-| BCP129 | Error | Function "{functionName}" cannot be used as an output decorator. |

-| BCP130 | Error | Decorators are not allowed here. |

-| BCP133 | Error | The unicode escape sequence is not valid. Valid unicode escape sequences range from \\u{0} to \\u{10FFFF}. |

-| BCP134 | Warning | Scope {ToQuotedString(LanguageConstants.GetResourceScopeDescriptions(suppliedScope))} is not valid for this module. Permitted scopes: {ToQuotedString(LanguageConstants.GetResourceScopeDescriptions(supportedScopes))}. |

-| BCP135 | Warning | Scope {ToQuotedString(LanguageConstants.GetResourceScopeDescriptions(suppliedScope))} is not valid for this resource type. Permitted scopes: {ToQuotedString(LanguageConstants.GetResourceScopeDescriptions(supportedScopes))}. |

-| BCP138 | Error | For-expressions are not supported in this context. For-expressions may be used as values of resource, module, variable, and output declarations, or values of resource and module properties. |

-| BCP140 | Error | The multi-line string at this location is not terminated. Terminate it with "'''. |

-| BCP141 | Error | The expression cannot be used as a decorator as it is not callable. |

-| BCP142 | Error | Property value for-expressions cannot be nested. |

-| BCP143 | Error | For-expressions cannot be used with properties whose names are also expressions. |

-| BCP144 | Error | Directly referencing a resource or module collection is not currently supported here. Apply an array indexer to the expression. |

-| BCP152 | Error | Function "{functionName}" cannot be used as a decorator. |

-| BCP157 | Error | The resource type cannot be determined due to an error in the containing resource. |

-| BCP158 | Error | Cannot access nested resources of type "{wrongType}". A resource type is required. |

-| BCP159 | Error | The resource "{resourceName}" does not contain a nested resource named "{identifierName}". Known nested resources are: {ToQuotedString(nestedResourceNames)}. |

-| BCP160 | Error | A nested resource cannot appear inside of a resource with a for-expression. |

-| BCP171 | Error | Resource type "{resourceType}" is not a valid child resource of parent "{parentResourceType}". |

-| BCP172 | Error | The resource type cannot be validated due to an error in parent resource "{resourceName}". |

-| BCP173 | Error | The property "{property}" cannot be used in an existing resource declaration. |

-| BCP174 | Warning | Type validation is not available for resource types declared containing a "/providers/" segment. Please instead use the "scope" property. |

-| BCP176 | Error | Values of the "any" type are not allowed here. |

-| BCP180 | Error | Function "{functionName}" is not valid at this location. It can only be used when directly assigning to a module parameter with a secure decorator. |

-| BCP186 | Error | Unable to parse literal JSON value. Please ensure that it is well-formed. |

-| BCP187 | Warning | The property "{property}" does not exist in the resource or type definition, although it might still be valid.{TypeInaccuracyClause} |

-| BCP188 | Error | The referenced ARM template has errors. Please see [https://aka.ms/arm-template](https://aka.ms/arm-template) for information on how to diagnose and fix the template. |

-| BCP189 | Error | (allowedSchemes.Contains(ArtifactReferenceSchemes.Local, StringComparer.Ordinal), allowedSchemes.Any(scheme => !string.Equals(scheme, ArtifactReferenceSchemes.Local, StringComparison.Ordinal))) switch { (false, false) => "Module references are not supported in this context.", (false, true) => $"The specified module reference scheme \"{badScheme}\" is not recognized. Specify a module reference using one of the following schemes: {FormatSchemes()}", (true, false) => $"The specified module reference scheme \"{badScheme}\" is not recognized. Specify a path to a local module file.", (true, true) => $"The specified module reference scheme \"{badScheme}\" is not recognized. Specify a path to a local module file or a module reference using one of the following schemes: {FormatSchemes()}"} |

-| BCP190 | Error | The artifact with reference "{artifactRef}" has not been restored. |

-| BCP192 | Error | Unable to restore the artifact with reference "{artifactRef}": {message} |

-| BCP195 | Error | {BuildInvalidOciArtifactReferenceClause(aliasName, badRef)} The artifact path segment "{badSegment}" is not valid. Each artifact name path segment must be a lowercase alphanumeric string optionally separated by a ".", "_", or \"-\"." |

-| BCP198 | Error | The tag "{badTag}" is not valid. Valid characters are alphanumeric, ".", "_", or "-" but the tag cannot begin with ".", "_", or "-". |

-| BCP204 | Error | Provider namespace "{identifier}" is not recognized. |

-| BCP205 | Error | Provider namespace "{identifier}" does not support configuration. |

-| BCP208 | Error | The specified namespace "{badNamespace}" is not recognized. Specify a resource reference using one of the following namespaces: {ToQuotedString(allowedNamespaces)}. |

-| BCP210 | Error | Resource type belonging to namespace "{childNamespace}" cannot have a parent resource type belonging to different namespace "{parentNamespace}". |

-| BCP212 | Error | The Template Spec module alias name "{aliasName}" does not exist in the {BuildBicepConfigurationClause(configFileUri)}. |

-| BCP213 | Error | The OCI artifact module alias name "{aliasName}" does not exist in the {BuildBicepConfigurationClause(configFileUri)}. |

-| BCP214 | Error | The Template Spec module alias "{aliasName}" in the {BuildBicepConfigurationClause(configFileUri)} is in valid. The "subscription" property cannot be null or undefined. |

-| BCP215 | Error | The Template Spec module alias "{aliasName}" in the {BuildBicepConfigurationClause(configFileUri)} is in valid. The "resourceGroup" property cannot be null or undefined. |

-| BCP216 | Error | The OCI artifact module alias "{aliasName}" in the {BuildBicepConfigurationClause(configFileUri)} is invalid. The "registry" property cannot be null or undefined. |

-| BCP217 | Error | {BuildInvalidTemplateSpecReferenceClause(aliasName, referenceValue)} The subscription ID "{subscriptionId}" is not a GUID. |

-| BCP219 | Error | {BuildInvalidTemplateSpecReferenceClause(aliasName, referenceValue)} The resource group name "{resourceGroupName}" is invalid. Valid characters are alphanumeric, unicode characters, ".", "_", "-", "(", or ")", but the resource group name cannot end with ".". |

-| BCP221 | Error | {BuildInvalidTemplateSpecReferenceClause(aliasName, referenceValue)} The Template Spec name "{templateSpecName}" is invalid. Valid characters are alphanumeric, ".", "_", "-", "(", or ")", but the Template Spec name cannot end with ".". |

-| BCP223 | Error | {BuildInvalidTemplateSpecReferenceClause(aliasName, referenceValue)} The Template Spec version "{templateSpecVersion}" is invalid. Valid characters are alphanumeric, ".", "_", "-", "(", or ")", but the Template Spec name cannot end with ".". |

-| BCP224 | Error | {BuildInvalidOciArtifactReferenceClause(aliasName, badRef)} The digest "{badDigest}" is not valid. The valid format is a string "sha256:" followed by exactly 64 lowercase hexadecimal digits. |

-| BCP225 | Warning | The discriminator property "{propertyName}" value cannot be determined at compilation time. Type checking for this object is disabled. |

-| BCP227 | Error | The type "{resourceType}" cannot be used as a parameter or output type. Extensibility types are currently not supported as parameters or outputs. |

-| BCP229 | Error | The parameter "{parameterName}" cannot be used as a resource scope or parent. Resources passed as parameters cannot be used as a scope or parent of a resource. |

-| BCP230 | Warning | The referenced module uses resource type "{resourceTypeReference.FormatName()}" which does not have types available. Bicep is unable to validate resource properties prior to deployment, but this will not block the resource from being deployed. |

-| BCP235 | Error | Specified JSONPath does not exist in the given file or is invalid. |

-| BCP239 | Error | Identifier "{name}" is a reserved Bicep symbol name and cannot be used in this context. |

-| BCP240 | Error | The "parent" property only permits direct references to resources. Expressions are not supported. |

-| BCP241 | Warning | The "{functionName}" function is deprecated and will be removed in a future release of Bicep. Please add a comment to https://github.com/Azure/bicep/issues/2017 if you believe this will impact your workflow. |

-| BCP247 | Error | Using lambda variables inside resource or module array access is not currently supported. Found the following lambda variable(s) being accessed: {ToQuotedString(variableNames)}. |

-| BCP248 | Error | Using lambda variables inside the "{functionName}" function is not currently supported. Found the following lambda variable(s) being accessed: {ToQuotedString(variableNames)}. |

-| BCP263 | Error | The file specified in the using declaration path does not exist |

-| BCP265 | Error | The name "{name}" is not a function. Did you mean "{knownFunctionNamespace}.{knownFunctionName}"? |

-| BCP268 | Error | Invalid identifier: "{name}". Metadata identifiers starting with '_' are reserved. Please use a different identifier. |

-| BCP269 | Error | Function "{functionName}" cannot be used as a metadata decorator. |

-| BCP272 | Error | Could not load the Bicep configuration file "{configurationPath}": {loadErrorMessage.TrimEnd('.')}. |

-| BCP278 | Error | This parameters file references itself, which is not allowed. |

-| BCP279 | Error | Expected a type at this location. Please specify a valid type expression or one of the following types: {ToQuotedString(LanguageConstants.DeclarationTypes.Keys)}. |

-| BCP285 | Error | The type expression could not be reduced to a literal value. |

-| BCP286 | Error | This union member is invalid because it cannot be assigned to the '{keystoneType}' type. |

-| BCP288 | Error | '{symbolName}' refers to a type but is being used as a value here. |

-| BCP289 | Error | The type definition is not valid. |

-| BCP294 | Error | Type unions must be reducible to a single ARM type (such as 'string', 'int', or 'bool'). |

-| BCP297 | Error | Function "{functionName}" cannot be used as a type decorator. |

-| BCP298 | Error | This type definition includes itself as required component, which creates a constraint that cannot be fulfilled. |

-| BCP300 | Error | Expected a type literal at this location. Please specify a concrete value or a reference to a literal type. |

-| BCP302 | Error | The name "{name}" is not a valid type. Please specify one of the following types: {ToQuotedString(validTypes)}. |

-| BCP307 | Error | The expression cannot be evaluated, because the identifier properties of the referenced existing resource including {ToQuotedString(runtimePropertyNames.OrderBy(x => x))} cannot be calculated at the start of the deployment. In this situation, {accessiblePropertyNamesClause}{accessibleFunctionNamesClause}. |

-| BCP309 | Error | Values of type "{flattenInputType.Name}" cannot be flattened because "{incompatibleType.Name}" is not an array type. |

-| BCP311 | Error | The provided index value of "{indexSought}" is not valid for type "{typeName}". Indexes for this type must be between 0 and {tupleLength - 1}. |

-| BCP318 | Warning | The value of type "{possiblyNullType}" may be null at the start of the deployment, which would cause this access expression (and the overall deployment with it) to fail. If you do not know whether the value will be null and the template would handle a null value for the overall expression, use a `.?` (safe dereference) operator to short-circuit the access expression if the base expression's value is null: {accessExpression.AsSafeAccess().ToString()}. If you know the value will not be null, use a non-null assertion operator to inform the compiler that the value will not be null: {SyntaxFactory.AsNonNullable(expression).ToString()}. |

-| BCP319 | Error | The type at "{errorSource}" could not be resolved by the ARM JSON template engine. Original error message: "{message}" |

-| BCP320 | Error | The properties of module output resources cannot be accessed directly. To use the properties of this resource, pass it as a resource-typed parameter to another module and access the parameter's properties therein. |

-| BCP321 | Warning | Expected a value of type "{expectedType}" but the provided value is of type "{actualType}". If you know the value will not be null, use a non-null assertion operator to inform the compiler that the value will not be null: {SyntaxFactory.AsNonNullable(expression).ToString()}. |

-| BCP326 | Error | Nullable-typed parameters may not be assigned default values. They have an implicit default of 'null' that cannot be overridden. |

-| BCP337 | Error | This declaration type is not valid for a Bicep Parameters file. Specify a "{LanguageConstants.UsingKeyword}", "{LanguageConstants.ParameterKeyword}" or "{LanguageConstants.VariableKeyword}" declaration. |

-| BCP342 | Error | User-defined types are not supported in user-defined function parameters or outputs. |

-| BCP350 | Error | Value of type "{valueType}" cannot be assigned to an assert. Asserts can take values of type 'bool' only. |

-| BCP351 | Error | Function "{functionName}" is not valid at this location. It can only be used when directly assigning to a parameter. |

-| BCP353 | Error | The {itemTypePluralName} {ToQuotedString(itemNames)} differ only in casing. The ARM deployments engine is not case sensitive and will not be able to distinguish between them. |

-| BCP360 | Error | The '{symbolName}' symbol was not found in (or was not exported by) the imported template. |

-| BCP368 | Error | The value of the "{targetName}" parameter cannot be known until the template deployment has started because it uses a reference to a secret value in Azure Key Vault. Expressions that refer to the "{targetName}" parameter may be used in {LanguageConstants.LanguageFileExtension} files but not in {LanguageConstants.ParamsFileExtension} files. |

-| BCP369 | Error | The value of the "{targetName}" parameter cannot be known until the template deployment has started because it uses the default value defined in the template. Expressions that refer to the "{targetName}" parameter may be used in {LanguageConstants.LanguageFileExtension} files but not in {LanguageConstants.ParamsFileExtension} files. |

-| BCP374 | Error | The imported model cannot be loaded with a wildcard because it contains the following duplicated exports: {ToQuotedString(ambiguousExportNames)}. |

-| BCP376 | Error | The "{name}" symbol cannot be imported because imports of kind {exportMetadataKind} are not supported in files of kind {sourceFileKind}. |

-| BCP378 | Error | The OCI artifact provider alias "{aliasName}" in the {BuildBicepConfigurationClause(configFileUri)} is invalid. The "registry" property cannot be null or undefined. |

-| BCP379 | Error | The OCI artifact provider alias name "{aliasName}" does not exist in the {BuildBicepConfigurationClause(configFileUri)}. |

-| BCP380 | Error | Artifacts of type: "{artifactType}" are not supported. |

-| BCP381 | Warning | Declaring provider namespaces with the "import" keyword has been deprecated. Please use the "provider" keyword instead. |

-| BCP383 | Error | The "{typeName}" type is not parameterizable. |

-| BCP388 | Error | Cannot access elements of type "{wrongType}" by index. A tuple type is required. |

-| BCP389 | Error | The type "{wrongType}" does not declare an additional properties type. |

-| BCP392 | Warning | "The supplied resource type identifier "{resourceTypeIdentifier}" was not recognized as a valid resource type name." |

-| BCP393 | Warning | "The type pointer segment "{unrecognizedSegment}" was not recognized. Supported pointer segments are: "properties", "items", "prefixItems", and "additionalProperties"." |

-| BCP394 | Error | Resource-derived type expressions must derefence a property within the resource body. Using the entire resource body type is not permitted. |

-| BCP395 | Error | Declaring provider namespaces using the '\<providerName>@\<version>' expression has been deprecated. Please use an identifier instead. |

-| BCP397 | Error | "Provider {name} is incorrectly configured in the {BuildBicepConfigurationClause(configFileUri)}. It is referenced in the "{RootConfiguration.ImplicitProvidersConfigurationKey}" section, but is missing corresponding configuration in the "{RootConfiguration.ProvidersConfigurationKey}" section." |

-| BCP398 | Error | "Provider {name} is incorrectly configured in the {BuildBicepConfigurationClause(configFileUri)}. It is configured as built-in in the "{RootConfiguration.ProvidersConfigurationKey}" section, but no built-in provider exists." |

-| BCP401 | Error | The spread operator \"{spread.Ellipsis.Text}\" is not permitted in this location. |

-| BCP406 | Error | The \"{LanguageConstants.ExtendsKeyword}\" keyword is not supported" |

-Reference the correct property name

-`The property <property-name> is not allowed on objects of type <resource-type>. Did you mean <property-name>?`

-In this article, you learn how to implement Microsoft Teams spotlight capability with Azure Communication Services Calling SDKs. This capability allows users in the call or meeting to pin and unpin videos for everyone.

-You can see Java metric names on Azure Monitor, but the data sets report as empty unless you use the `--enable-java-metrics` parameter to enable Java metrics.

-| `version` | string | Yes | The version of the `acr-task.yaml` file as parsed by the ACR Tasks service. While ACR Tasks strives to maintain backward compatibility, this value allows ACR Tasks to maintain compatibility within a defined version. If unspecified, defaults to the latest version. | No | None |

-* Classic Azure Monitoring integration isn't unavailable after October 15, 2021. You can't enable classic Azure Monitoring integration after that date.

-You can now create up to 20 IP addresses per Azure Red Hat OpenShift cluster load balancer. This feature was previously in preview but is now generally available. See [Configure multiple IP addresses per cluster load balancer](howto-multiple-ips.md) for details. Azure Red Hat OpenShift 4.x has a 250 pod-per-node limit and a 250 compute node limit.

-There's a change in the order of actions performed by Site Reliability Engineers of Azure RedHat OpenShift. To maintain the health of a cluster, a timely action is necessary if control plane resources are over-utilized. Now the control plane is resized proactively to maintain cluster health. After the resize of the control plane, a notification is sent out to you with the details of the changes made to the control plane. Make sure you have the quota available in your subscription for Site Reliability Engineers to perform this action.

-File caching for high-performance computing (HPC).

-Azure service: [Azure HPC Cache](/azure/hpc-cache/)

-> | Microsoft.StorageCache/register/action | Registers the subscription for the storage cache resource provider and enables creation of Azure HPC Cache resources |

-> | Microsoft.StorageCache/unregister/action | Azure HPC Cache resource provider |

-[1944799]:https://launchpad.support.sap.com/#/notes/1944799

-+ [Add search to a web site (JavaScript)](tutorial-javascript-search-query-integration.md#azure-function-suggestions-from-the-catalog) uses an open source Suggestions package for partial term completion in the client app.

-| [search-website](https://github.com/Azure-Samples/azure-search-dotnet-samples/tree/main/search-website-functions-v4) | [Tutorial: Add search to web apps](tutorial-csharp-overview.md) | Demonstrates an end-to-end search app that includes a rich client plus components for hosting the app and handling search requests.|

-| API reference | [@azure/search-documents](/javascript/api/@azure/search-documents/) |

-| Source code | [github.com/Azure/azure-sdk-for-js/tree/main/sdk/search/search-documents](https://github.com/Azure/azure-sdk-for-js/tree/main/sdk/search/search-documents) |

-| [indexers](https://github.com/Azure/azure-sdk-for-js/tree/main/sdk/search/search-documents/samples/v11/javascript) | Demonstrates how to create, update, get, list, reset, and delete [indexers](search-indexer-overview.md).|

-| [skillSet](https://github.com/Azure/azure-sdk-for-js/tree/main/sdk/search/search-documents/samples/v11/javascript) | Demonstrates how to create, update, get, list, and delete [skillsets](cognitive-search-working-with-skillsets.md) that are attached indexers, and that perform AI-based enrichment during indexing. |

-| [synonymMaps](https://github.com/Azure/azure-sdk-for-js/tree/main/sdk/search/search-documents/samples/v11/javascript) | Demonstrates how to create, update, get, list, and delete [synonym maps](search-synonyms.md). |

-| [VectorSearch](https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/search/search-documents/samples/v12-bet). |

-| [indexers](https://github.com/Azure/azure-sdk-for-js/tree/main/sdk/search/search-documents/samples/v11/typescript/src) | Demonstrates how to create, update, get, list, reset, and delete [indexers](search-indexer-overview.md).|

-| [skillSet](https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/search/search-documents/samples/v11/typescript/src/skillSetOperations.ts) | Demonstrates how to create, update, get, list, and delete [skillsets](cognitive-search-working-with-skillsets.md) that are attached indexers, and that perform AI-based enrichment during indexing. |

-| [synonymMaps](https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/search/search-documents/samples/v11/typescript/src/synonymMapOperations.ts) | Demonstrates how to create, update, get, list, and delete [synonym maps](search-synonyms.md). |

-| [VectorSearch](https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/search/search-documents/samples/v12/typescript/src/vectorSearch.ts) | Demonstrates how to index vectors and send a [vector query](vector-search-how-to-query.md). |

-| [search-website](https://github.com/Azure-Samples/azure-search-javascript-samples/tree/main/search-website-functions-v4) | Source code for [Tutorial: Add search to web apps](tutorial-javascript-overview.md). Demonstrates an end-to-end search app that includes a rich client plus components for hosting the app and handling search requests.|

-| [azure-search-vector-sample.js](https://github.com/Azure/azure-search-vector-samples/tree/main/demo-javascript/readme.md) | Vector search sample using the Azure SDK for JavaScript |

-| [azure-search-react-template](https://github.com/dereklegenzoff/azure-search-react-template) | React template for Azure AI Search (github.com) |

-| [search-website-functions-v4](https://github.com/Azure-Samples/azure-search-python-samples/tree/main/search-website-functions-v4) | Source code for [Tutorial: Add search to web apps](tutorial-python-overview.md). Demonstrates an end-to-end search app that includes a rich client plus components for hosting the app and handling search requests.|

-<!-- | [tutorial-ai-enrichment](https://github.com/Azure-Samples/azure-search-python-samples/tree/main/Tutorial-AI-Enrichment) | Source code for [Tutorial: Use Python and AI to generate searchable content from Azure blobs](cognitive-search-tutorial-blob-python.md). This article shows how to create a blob indexer with a cognitive skillset, where the skillset creates and transforms raw content to make it searchable or consumable. | -->

-+ [suggestions](https://www.npmjs.com/package/suggestions) appears in the [JavaScript tutorial](tutorial-javascript-overview.md) and code sample.

-> [Add search to a web site (JavaScript)](tutorial-javascript-search-query-integration.md#azure-function-suggestions-from-the-catalog)

-* [Python: Add search to web apps](tutorial-python-overview.md)

-* [JavaScript: Add search to web apps](tutorial-javascript-overview.md)

-> [Tutorial: Add search to web apps](tutorial-python-overview.md)

-1. [**Start with Import data wizard**](search-get-started-portal.md). Choose a built-in sample or a supported data source to create, load, and query an index in minutes.

-# Step 2 - Create and load Search Index with .NET

-* Create a search resource

-* Create a new index

-* Import data with .NET using the sample script and Azure SDK [Azure.Search.Documents](https://www.nuget.org/packages/Azure.Search.Documents/).

-## Create an Azure AI Search resource

-## Prepare the bulk import script for Search

-The script uses the Azure SDK for Azure AI Search:

-* [NuGet package Azure.Search.Documents](https://www.nuget.org/packages/Azure.Search.Documents/)

-* [Reference Documentation](/dotnet/api/overview/azure/search)

-1. In Visual Studio Code, open the `Program.cs` file in the subdirectory, `search-website-functions-v4/bulk-insert`, replace the following variables with your own values to authenticate with the Azure Search SDK:

- * YOUR-SEARCH-RESOURCE-NAME

- * YOUR-SEARCH-ADMIN-KEY

- :::code language="csharp" source="~/azure-search-dotnet-samples/search-website-functions-v4/bulk-insert/Program.cs" :::

-1. Open an integrated terminal in Visual Studio Code for the project directory's subdirectory, `search-website-functions-v4/bulk-insert`, then run the following command to install the dependencies.

-1. Continue using the integrated terminal in Visual Studio for the project directory's subdirectory, `search-website-functions-v4/bulk-insert`, to run the following bash command to run the `Program.cs` script:

-1. As the code runs, the console displays progress.

-1. When the upload is complete, the last statement printed to the console is "Finished bulk inserting book data".

-## Review the new Search Index

-## Copy your Search resource name

-description: Deploy search-enabled website with .NET apis to Azure Static web app.

-# Step 1 - Overview of adding search to a website with .NET

-The [sample code](https://github.com/Azure-Samples/azure-search-dotnet-samples/tree/main/search-website-functions-v4) includes the following folders:

-|Client|React app (presentation layer) to display books, with search. It calls the Azure Function app. |[/search-website-functions-v4/client](https://github.com/Azure-Samples/azure-search-dotnet-samples/tree/main/search-website-functions-v4/client)|

-|Server|Azure .NET Function app (business layer) - calls the Azure AI Search API using .NET SDK |[/search-website-functions-v4/api](https://github.com/Azure-Samples/azure-search-dotnet-samples/tree/main/search-website-functions-v4/api)|

-|Bulk insert|.NET file to create the index and add documents to it.|[/search-website-functions-v4/bulk-insert](https://github.com/Azure-Samples/azure-search-dotnet-samples/tree/main/search-website-functions-v4/bulk-insert)|

-Install the following software for your local development environment.

- - [Azure Static Web App](https://marketplace.visualstudio.com/items?itemName=ms-azuretools.vscode-azurestaticwebapps)

- - Use the integrated terminal for command line operations.

- - This tutorial doesn't run the Azure Function API locally but if you intend to run it locally, you need to install [azure-functions-core-tools](../azure-functions/functions-run-local.md?tabs=linux%2ccsharp%2cbash#install-the-azure-functions-core-tools).

-1. On GitHub, fork the [sample repository](https://github.com/Azure-Samples/azure-search-dotnet-samples).

- Complete the fork process in your web browser with your GitHub account. This tutorial uses your fork as part of the deployment to an Azure Static Web App.

- git clone https://github.com/YOUR-GITHUB-ALIAS/azure-search-dotnet-samples

- cd azure-search-dotnet-samples

-## Create a resource group for your Azure resources

-* [Create a Search Index and load with documents](tutorial-csharp-create-load-index.md)

-* [Deploy your Static Web App](tutorial-csharp-deploy-static-web-app.md)

-In the previous lessons, you added search to a Static Web App. This lesson highlights the essential steps that establish integration. If you're looking for a cheat sheet on how to integrate search into your web app, this article explains what you need to know.

-The application is available:

-* [Sample](https://github.com/azure-samples/azure-search-dotnet-samples/tree/main/search-website-functions-v4)

-* [Demo website - aka.ms/azs-good-books](https://aka.ms/azs-good-books)

-The Function app authenticates through the SDK to the cloud-based Azure AI Search API using your resource name, resource key, and index name. The secrets are stored in the Static Web App settings and pulled in to the Function as environment variables.

-The `Search` [API](https://github.com/Azure-Samples/azure-search-dotnet-samples/blob/main/search-website-functions-v4/api/Search.cs) takes a search term and searches across the documents in the Search Index, returning a list of matches.

-The Azure Function pulls in the Search configuration information, and fulfills the query.

-The `Suggest` [API](https://github.com/Azure-Samples/azure-search-dotnet-samples/blob/main/search-website-functions-v4/api/Suggest.cs) takes a search term while a user is typing and suggests search terms such as book titles and authors across the documents in the search index, returning a small list of matches.

-The search suggester, `sg`, is defined in the [schema file](https://github.com/Azure-Samples/azure-search-dotnet-samples/blob/main/search-website-functions-v4/bulk-insert/BookSearchIndex.cs) used during bulk upload.

-The `Lookup` [API](https://github.com/Azure-Samples/azure-search-dotnet-samples/blob/main/search-website-functions-v4/api/Lookup.cs) takes an ID and returns the document object from the Search Index.

-description: Create index and import CSV data into Search index with JavaScript using the npm SDK @azure/search-documents.

- - devx-track-js

- - devx-track-azurecli

- - devx-track-azurepowershell

- - ignite-2023

-# 2 - Create and load Search Index with JavaScript

-Continue to build your search-enabled website by following these steps:

-* Create a search resource

-* Create a new index

-* Import data with JavaScript using the [bulk_insert_books script](https://github.com/Azure-Samples/azure-search-javascript-samples/blob/main/search-website-functions-v4/bulk-insert/bulk_insert_books.js) and Azure SDK [@azure/search-documents](https://www.npmjs.com/package/@azure/search-documents).

-## Create an Azure AI Search resource

-## Prepare the bulk import script for Search

-The ESM script uses the Azure SDK for Azure AI Search:

-* [npm package @azure/search-documents](https://www.npmjs.com/package/@azure/search-documents)

-* [Reference Documentation](/javascript/api/overview/azure/search-documents-readme)

-1. In Visual Studio Code, open the `bulk_insert_books.js` file in the subdirectory, `search-website-functions-v4/bulk-insert`, replace the following variables with your own values to authenticate with the Azure Search SDK:

- * YOUR-SEARCH-RESOURCE-NAME

- * YOUR-SEARCH-ADMIN-KEY

- :::code language="javascript" source="~/azure-search-javascript-samples/search-website-functions-v4/bulk-insert/bulk_insert_books.js" :::

-1. Open an integrated terminal in Visual Studio for the project directory's subdirectory, `search-website-functions-v4/bulk-insert`, and run the following command to install the dependencies.

- ```bash

- npm install

- ```

-## Run the bulk import script for Search

-1. Continue using the integrated terminal in Visual Studio for the project directory's subdirectory, `search-website-functions-v4/bulk-insert`, to run the `bulk_insert_books.js` script:

- ```javascript

- npm start

- ```

-1. As the code runs, the console displays progress.

-1. When the upload is complete, the last statement printed to the console is "done".

-## Review the new search index

-## Rollback bulk import file changes

-## Copy your Search resource name

-## Next steps

-[Deploy your Static Web App](tutorial-javascript-deploy-static-web-app.md)

-description: Deploy search-enabled website to Azure Static Web Apps.

- - devx-track-js

- - ignite-2023

-# 3 - Deploy the search-enabled website

-## Next steps

-[Explore the JavaScript search code](tutorial-javascript-search-query-integration.md)

-description: Technical overview and setup for adding search to a website and deploying to an Azure Static Web Apps.

- - devx-track-js

- - ignite-2023

-# 1 - Overview of adding search to a website

-In this Azure AI Search tutorial, create a web app that searches through a catalog of books, and then deploy the website to an Azure Static Web Apps resource.

-This tutorial is for JavaScript developers who want to create a frontend client app that includes search interactions like faceted navigation, typeahead, and pagination. It also demonstrates the `@azure/search-documents` library in the Azure SDK for JavaScript for calls to Azure AI Search for indexing and query workflows on the backend.

-## What does the sample do?

-## How is the sample organized?

-The [sample code](https://github.com/Azure-Samples/azure-search-javascript-samples/tree/main/search-website-functions-v4) includes the following components:

-|App|Purpose|GitHub<br>Repository<br>Location|

-|--|--|--|

-|Client|React app (presentation layer) to display books, with search. It calls the Azure Function app. |[/search-website-functions-v4/client](https://github.com/Azure-Samples/azure-search-javascript-samples/tree/main/search-website-functions-v4/client)|

-|Server|Azure Function app (business layer) - calls the Azure AI Search API using JavaScript SDK |[/search-website-functions-v4/api](https://github.com/Azure-Samples/azure-search-javascript-samples/tree/main/search-website-functions-v4/api)|

-|Bulk insert|JavaScript file to create the index and add documents to it.|[/search-website-functions-v4/bulk-insert](https://github.com/Azure-Samples/azure-search-javascript-samples/tree/main/search-website-functions-v4/bulk-insert)|

-## Set up your development environment

-Install the following software in your local development environment.

- - Select latest runtime and version from this [list of supported language versions](../azure-functions/functions-versions.md?pivots=programming-language-javascript&tabs=azure-cli%2clinux%2cin-process%2cv4#languages).

- - If you have a different version of Node.js installed on your local computer, consider using [Node Version Manager](https://github.com/nvm-sh/nvm) (`nvm`) or a Docker container.

- - [Azure Static Web App](https://marketplace.visualstudio.com/items?itemName=ms-azuretools.vscode-azurestaticwebapps)

- - Use the integrated terminal for command line operations.

- - This tutorial doesn't run the Azure Function API locally. If you intend to run it locally, you need to install [azure-functions-core-tools](../azure-functions/functions-run-local.md?tabs=linux%2ccsharp%2cbash) globally with the following bash command:

-

- ```bash

- npm install -g azure-functions-core-tools@4

- ```

-## Fork and clone the search sample with git

-Forking the sample repository is critical to be able to deploy the Static Web App. The static web app determines the build actions and deployment content based on your own GitHub fork location. Code execution in the Static Web App is remote, with the static web app reading from the code in your forked sample.

-1. On GitHub, [fork the sample repository](https://github.com/Azure-Samples/azure-search-javascript-samples/fork).

- Complete the fork process in your web browser with your GitHub account. This tutorial uses your fork as part of the deployment to an Azure Static Web App.

-1. At a bash terminal, download your forked sample application to your local computer.

- Replace `YOUR-GITHUB-ALIAS` with your GitHub alias.

- ```bash

- git clone https://github.com/YOUR-GITHUB-ALIAS/azure-search-javascript-samples

- ```

-1. At the same bash terminal, go into your forked repository for this website search example:

- ```bash

- cd azure-search-javascript-samples

- ```

-1. Use the Visual Studio Code command, `code .` to open your forked repository. The remaining tasks are accomplished from Visual Studio Code, unless specified.

- ```bash

- code .

- ```

-## Create a resource group for your Azure resources

-## Next steps

-[Create a Search Index and load with documents](tutorial-javascript-create-load-index.md)

-description: Understand the JavaScript SDK Search integration queries used in the Search-enabled website with this cheat sheet.

- - devx-track-js

- - ignite-2023

-# 4 - Explore the JavaScript search code

-In the previous lessons, you added search to a static web app. This lesson highlights the essential steps that establish integration. If you're looking for a cheat sheet on how to integrate search into your JavaScript app, this article explains what you need to know.

-The source code is available in the [azure-search-javascript-samples](https://github.com/Azure-Samples/azure-search-javascript-samples/tree/main/search-website-functions-v4) GitHub repository.

-## Azure SDK @azure/search-documents

-The Function app uses the Azure SDK for Azure AI Search:

-* NPM: [@azure/search-documents](https://www.npmjs.com/package/@azure/search-documents)

-* Reference Documentation: [Client Library](/javascript/api/overview/azure/search-documents-readme)

-The Function app authenticates through the SDK to the cloud-based Azure AI Search API using your resource name, [API key](search-security-api-keys.md), and index name. The secrets are stored in the static web app settings and pulled in to the function as environment variables.

-## Configure secrets in a configuration file

-## Azure Function: Search the catalog

-The [Search API](https://github.com/Azure-Samples/azure-search-javascript-samples/blob/main/search-website-functions-v4/api/src/functions/search.js) takes a search term and searches across the documents in the search index, returning a list of matches.

-The Azure Function pulls in the search configuration information, and fulfills the query.

-## Client: Search from the catalog

-Call the Azure Function in the React client with the following code.

-## Client: Facets from the catalog

-This React component includes the search textbox and the [**facets**](search-faceted-navigation.md) associated with the search results. Facets need to be thought out and designed as part of the search schema when the search data is loaded. Then the facets are used in the search query, along with the search text, to provide the faceted navigation experience.

-## Client: Pagination from the catalog

-When the search results expand beyond a trivial few (8), the `@mui/material/TablePagination` component provides **pagination** across the results.

-When the user changes the page, that value is sent to the parent `Search.js` page from the `handleChangePage` function. The function sends a new request to the search API for the same query and the new page. The API response updates the facets, results, and pager components.

-## Azure Function: Suggestions from the catalog

-The [Suggest API](https://github.com/Azure-Samples/azure-search-javascript-samples/blob/main/search-website-functions-v4/api/src/functions/suggest.js) takes a search term while a user is typing and suggests search terms such as book titles and authors across the documents in the search index, returning a small list of matches.

-The search suggester, `sg`, is defined in the [schema file](https://github.com/Azure-Samples/azure-search-javascript-samples/blob/main/search-website-functions-v4/bulk-insert/good-books-index.json) used during bulk upload.

-## Client: Suggestions from the catalog

-The Suggest function API is called in the React app at `\src\components\SearchBar\SearchBar.js` as part of component initialization:

-This React component uses the `@mui/material/Autocomplete` component to provide a search textbox, which also supports displaying suggestions (using the `renderInput` function). Autocomplete starts after the first several characters are entered. As each new character is entered, it's sent as a query to the search engine. The results are displayed as a short list of suggestions.

-This autocomplete functionality is a common feature but this specific implementation has an additional use case. The customer can enter text and select from the suggestions _or_ submit their entered text. The input from the suggestion list as well as the input from the textbox must be tracked for changes, which impact how the form is rendered and what is sent to the **search** API when the form is submitted.

-If your use case for search allows your user to select only from the suggestions, that will reduce the scope of complexity of the control but limit the user experience.

-## Azure Function: Get specific document

-The [Lookup API](https://github.com/Azure-Samples/azure-search-javascript-samples/blob/main/search-website-functions-v4/api/src/functions/lookup.js) takes an ID and returns the document object from the search index.

-## Client: Get specific document

-This function API is called in the React app at `\src\pages\Details\Detail.js` as part of component initialization:

-If your client app can use pregenerated content, this page is a good candidate for autogeneration because the content is static, pulled directly from the search index.

-## Next steps

-In this tutorial series, you learned how to create and load a search index in JavaScript, and you built a web app that provides a search experience that includes a search bar, faceted navigation and filters, suggestions, pagination, and document lookup.

-As a next step, you can extend this sample in several directions:

-* Add [autocomplete](search-add-autocomplete-suggestions.md) for more typeahead.

-* Add or modify [facets](search-faceted-navigation.md) and [filters](search-filters.md).

-* Change the authentication and authorization model, using [Microsoft Entra ID](search-security-rbac.md) instead of [key-based authentication](search-security-api-keys.md).

-* Change the [indexing methodology](search-what-is-data-import.md). Instead of pushing JSON to a search index, preload a blob container with the good-books dataset and [set up a blob indexer](search-howto-indexing-azure-blob-storage.md) to ingest the data. Knowing how to work with indexers gives you more options for data ingestion and [content enrichment](cognitive-search-concept-intro.md) during indexing.

-description: Create index and import CSV data into Search index with Python using the PYPI package SDK azure-search-documents.

- - devx-track-python

- - devx-track-azurecli

- - ignite-2023

-# 2 - Create and load Search Index with Python

-Continue to build your search-enabled website by following these steps:

-* Create a search resource

-* Create a new index

-* Import data with Python using the [sample script](https://github.com/Azure-Samples/azure-search-python-samples/blob/main/search-website-functions-v4/bulk-upload/bulk-upload.py) and Azure SDK [azure-search-documents](https://pypi.org/project/azure-search-documents/).

-## Create an Azure AI Search resource

-## Prepare the bulk import script for Search

-The script uses the Azure SDK for Azure AI Search:

-* [PYPI package azure-search-documents](https://pypi.org/project/azure-search-documents/)

-* [Reference Documentation](/python/api/azure-search-documents)

-1. In Visual Studio Code, open the `bulk_upload.py` file in the subdirectory, `search-website-functions-v4/bulk-upload`, replace the following variables with your own values to authenticate with the Azure Search SDK:

- * YOUR-SEARCH-SERVICE-NAME

- * YOUR-SEARCH-SERVICE-ADMIN-API-KEY

- :::code language="python" source="~/azure-search-python-samples/search-website-functions-v4/bulk-upload/bulk-upload.py" :::

-1. Open an integrated terminal in Visual Studio for the project directory's subdirectory, `search-website-functions-v4/bulk-upload`, and run the following command to install the dependencies.

- # [macOS/Linux](#tab/linux-install)

-

- ```bash

- python3 -m pip install -r requirements.txt

- ```

-

- # [Windows](#tab/windows-install)

- ```bash

- py -m pip install -r requirements.txt

- ```

-## Run the bulk import script for Search

-1. Continue using the integrated terminal in Visual Studio for the project directory's subdirectory, `search-website-functions-v4/bulk-upload`, to run the following bash command to run the `bulk_upload.py` script:

- # [macOS/Linux](#tab/linux-run)

-

- ```bash

- python3 bulk-upload.py

- ```

-

- # [Windows](#tab/windows-run)

- ```bash

- py bulk-upload.py

- ```

-1. As the code runs, the console displays progress.

-1. When the upload is complete, the last statement printed to the console is "Done! Upload complete".

-## Review the new Search Index

-## Rollback bulk import file changes

-## Copy your Search resource name

-## Next steps

-[Deploy your Static Web App](tutorial-python-deploy-static-web-app.md)

-description: Deploy search-enabled Python website to Azure Static web app.

- - devx-track-python

- - ignite-2023

-# 3 - Deploy the search-enabled Python website

-## Next steps

-* [Understand Search integration for the search-enabled website](tutorial-python-search-query-integration.md)

-description: Technical overview and setup for adding search to a website with Python and deploying to Azure Static Web App.

- - devx-track-python

- - ignite-2023

-# 1 - Overview of adding search to a website with Python

-This tutorial builds a website to search through a catalog of books then deploys the website to an Azure Static Web App.

-## What does the sample do?

-## How is the sample organized?

-The [sample code](https://github.com/Azure-Samples/azure-search-python-samples/tree/main/search-website-functions-v4) includes the following:

-|App|Purpose|GitHub<br>Repository<br>Location|

-|--|--|--|

-|Client|React app (presentation layer) to display books, with search. It calls the Azure Function app. |[/search-website-functions-v4/client](https://github.com/Azure-Samples/azure-search-python-samples/tree/main/search-website-functions-v4/client)|

-|Server|Azure Function app (business layer) - calls the Azure AI Search API using Python SDK |[/search-website-functions-v4/api](https://github.com/Azure-Samples/azure-search-python-samples/tree/main/search-website-functions-v4/api)|

-|Bulk insert|Python file to create the index and add documents to it.|[/search-website-functions-v4/bulk-upload](https://github.com/Azure-Samples/azure-search-python-samples/tree/main/search-website-functions-v4/bulk-upload)|

-## Set up your development environment

-Install the following for your local development environment.

- - [Azure Static Web App](https://marketplace.visualstudio.com/items?itemName=ms-azuretools.vscode-azurestaticwebapps)

- - Use the integrated terminal for command line operations.

- - This tutorial doesn't run the Azure Function API locally but if you intend to run it locally, you need to install [azure-functions-core-tools](../azure-functions/functions-run-local.md?tabs=linux%2ccsharp%2cbash).

-## Fork and clone the search sample with git

-Forking the sample repository is critical to be able to deploy the static web app. The web apps determine the build actions and deployment content based on your own GitHub fork location. Code execution in the Static Web App is remote, with Azure static web apps reading from the code in your forked sample.

-1. On GitHub, fork the [sample repository](https://github.com/Azure-Samples/azure-search-python-samples).

- Complete the fork process in your web browser with your GitHub account. This tutorial uses your fork as part of the deployment to an Azure Static Web App.

-1. At a bash terminal, download the sample application to your local computer.

- Replace `YOUR-GITHUB-ALIAS` with your GitHub alias.

- ```bash

- git clone https://github.com/YOUR-GITHUB-ALIAS/azure-search-python-samples.git

- ```

-1. In Visual Studio Code, open your local folder of the cloned repository. The remaining tasks are accomplished from Visual Studio Code, unless specified.

-## Create a resource group for your Azure resources

-## Next steps

-* [Create a Search Index and load with documents](tutorial-python-create-load-index.md)

-* [Deploy your Static Web App](tutorial-python-deploy-static-web-app.md)

-description: Understand the Python SDK Search integration queries used in the Search-enabled website with this cheat sheet.

- - devx-track-python

- - ignite-2023

-# 4 - Explore the Python search code

-In the previous lessons, you added search to a Static Web App. This lesson highlights the essential steps that establish integration. If you're looking for a cheat sheet on how to integrate search into your Python app, this article explains what you need to know.

-The application is available:

-* [Sample](https://github.com/Azure-Samples/azure-search-python-samples/tree/main/search-website-functions-v4)

-* [Demo website - aka.ms/azs-good-books](https://aka.ms/azs-good-books)

-## Azure SDK azure-search-documents

-The Function app uses the Azure SDK for Azure AI Search:

-* [PYPI package azure-search-documents](https://pypi.org/project/azure-search-documents/)

-* [Reference Documentation](/python/api/azure-search-documents)

-The Function app authenticates through the SDK to the cloud-based Azure AI Search API using your resource name, API key, and index name. The secrets are stored in the Static Web App settings and pulled in to the Function as environment variables.

-## Configure secrets in a configuration file

-The Azure Function app settings environment variables are pulled in from a file, `__init__.py`, shared between the three API functions.

-## Azure Function: Search the catalog

-The Search [API](https://github.com/Azure-Samples/azure-search-python-samples/blob/main/search-website-functions-v4/api/search.py) takes a search term and searches across the documents in the Search Index, returning a list of matches.

-The Azure Function pulls in the search configuration information, and fulfills the query.

-## Client: Search from the catalog

-Call the Azure Function in the React client with the following code.

-## Azure Function: Suggestions from the catalog

-The `Suggest` [API](https://github.com/Azure-Samples/azure-search-python-samples/blob/main/search-website-functions-v4/api/suggest.py) takes a search term while a user is typing and suggests search terms such as book titles and authors across the documents in the search index, returning a small list of matches.

-The search suggester, `sg`, is defined in the [schema file](https://github.com/Azure-Samples/azure-search-python-samples/blob/main/search-website-functions-v4/bulk-upload/good-books-index.json) used during bulk upload.

-## Client: Suggestions from the catalog

-The Suggest function API is called in the React app at `client\src\components\SearchBar\SearchBar.js` as part of component initialization:

-## Azure Function: Get specific document

-The `Lookup` [API](https://github.com/Azure-Samples/azure-search-python-samples/blob/main/search-website-functions-v4/api/lookup.py) takes an ID and returns the document object from the Search Index.

-## Client: Get specific document

-This function API is called in the React app at `client\src\pages\Details\Detail.js` as part of component initialization:

-## Next steps

-* [Index Azure SQL data](search-indexer-tutorial.md)

-Bring high fidelity indicators of compromise (IOC) generated by Microsoft Defender Threat Intelligence (MDTI) into your Microsoft Sentinel workspace. The MDTI data connector ingests these IOCs with a simple one-click setup. Then monitor, alert and hunt based on the threat intelligence in the same way you utilize other feeds.

-> The Microsoft Defender Threat Intelligence data connector is currently in PREVIEW. See the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for additional legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.

-To import threat indicators into Microsoft Sentinel from MDTI, follow these steps:

- :::image type="content" source="mediti-data-connector-config.png":::

- :::image type="content" source="mediti-data-connector-connect.png":::

-You can find the new indicators in the **Threat intelligence** blade or directly in **Logs** by querying the **ThreatIntelligenceIndicator** table. For more information, see [Work with threat indicators](work-with-threat-indicators.md).

-Bring high fidelity indicators of compromise (IOC) generated by Microsoft Defender Threat Intelligence (MDTI) into your Microsoft Sentinel workspace. The MDTI data connector ingests these IOCs with a simple one-click setup. Then monitor, alert and hunt based on the threat intelligence in the same way you utilize other feeds.

-For more information on MDTI data connector, see [Enable MDTI data connector](connect-mdti-data-connector.md).

-Rolling back any upgrade to your application requires health failure detection prior to your Service Fabric cluster quorum committing the change; committed changes can only be rolled forward. Escalation engineerΓÇÖs through Customer Support Services, may be required to recover your cluster, if an unmonitored breaking certificate change has been introduced. [Service FabricΓÇÖs application upgrade](./service-fabric-application-upgrade.md) applies [Application upgrade parameters](./service-fabric-application-upgrade-parameters.md), and delivers zero downtime upgrade promise. Following our recommended application upgrade monitored mode, automatic progress through update domains is based upon health checks passing, rolling back automatically if updating a default service fails.

-If your cluster is still leveraging the classic Certificate Thumbprint property in your Resource Manager template, it's recommended you [Change cluster from certificate thumbprint to common name](./service-fabric-cluster-change-cert-thumbprint-to-cn.md), to leverage modern secrets management features.

-If you are interested in this scenario, we encourage you to get in contact either through the [Service Fabric GitHub Issues List](https://github.com/azure/service-fabric-issues) or through your support representative in order to obtain additional guidance. The Service Fabric team is working to provide additional clarity, guidance, and recommendations for this scenario.

-1. The Service Fabric cluster resource in Azure is regional today, as are the virtual machine scale sets that the cluster is built on. This means that in the event of a regional failure you may lose the ability to manage the cluster via the Azure Resource Manager or the Azure portal. This can happen even though the cluster remains running and you'd be able to interact with it directly. In addition, Azure today does not offer the ability to have a single virtual network that is usable across regions. This means that a multi-region cluster in Azure requires either [Public IP Addresses for each VM in the virtual machine scale sets](../virtual-machine-scale-sets/virtual-machine-scale-sets-networking.md#public-ipv4-per-virtual-machine) or [Azure VPN Gateways](../vpn-gateway/vpn-gateway-about-vpngateways.md). These networking choices have different impacts on costs, performance, and to some degree application design, so careful analysis and planning is required before standing up such an environment.

-2. The maintenance, management, and monitoring of these machines can become complicated, especially when spanned across _types_ of environments, such as between different cloud providers or between on-premises resources and Azure. Care must be taken to ensure that upgrades, monitoring, management, and diagnostics are understood for both the cluster and the applications before running production workloads in such an environment. If you already have experience solving these problems in Azure or within your own datacenters, then it is likely that those same solutions can be applied when building out or running your Service Fabric cluster.

-**Long Answer** - Although the large virtual machine scale sets allow you to scale a virtual machine scale set up to 1000 VM instances, it does so by the use of Placement Groups (PGs). Fault domains (FDs) and upgrade domains (UDs) are only consistent within a placement group Service fabric uses FDs and UDs to make placement decisions of your service replicas/Service instances. Since the FDs and UDs are comparable only within a placement group, SF cannot use it. For example, If VM1 in PG1 has a topology of FD=0 and VM9 in PG2 has a topology of FD=4, it does not mean that VM1 and VM2 are on two different Hardware Racks, hence SF cannot use the FD values in this case to make placement decisions.

-We want the cluster to be available in the face of simultaneous failure of two nodes. For a Service Fabric cluster to be available, the system services must be available. Stateful system services like naming service and failover manager service, that track what services have been deployed to the cluster and where they're currently hosted, depend on strong consistency. That strong consistency, in turn, depends on the ability to acquire a *quorum* for any given update to the state of those services, where a quorum represents a strict majority of the replicas (N/2 +1) for a given service. Thus if we want to be resilient against simultaneous loss of two nodes (thus simultaneous loss of two replicas of a system service), we must have ClusterSize - QuorumSize >= 2, which forces the minimum size to be five. To see that, consider the cluster has N nodes and there are N replicas of a system service -- one on each node. The quorum size for a system service is (N/2 + 1). The above inequality looks like N - (N/2 + 1) >= 2. There are two cases to consider: when N is even and when N is odd. If N is even, say N = 2\*m where m >= 1, the inequality looks like 2\*m - (2\*m/2 + 1) >= 2 or m >= 3. The minimum for N is 6 and that is achieved when m = 3. On the other hand, if N is odd, say N = 2\*m+1 where m >= 1, the inequality looks like 2\*m+1 - ( (2\*m+1)/2 + 1 ) >= 2 or 2\*m+1 - (m+1) >= 2 or m >= 2. The minimum for N is 5 and that is achieved when m = 2. Therefore, among all values of N that satisfy the inequality ClusterSize - QuorumSize >= 2, the minimum is 5.

-Note, in the above argument we have assumed that every node has a replica of a system service, thus the quorum size is computed based on the number of nodes in the cluster. However, by changing *TargetReplicaSetSize* we could make the quorum size less than (N/2+1) which might give the impression that we could have a cluster smaller than 5 nodes and still have 2 extra nodes above the quorum size. For example, in a 4 node cluster, if we set the TargetReplicaSetSize to 3, the quorum size based on TargetReplicaSetSize is (3/2 + 1) or 2, thus we have ClusterSize - QuorumSize = 4-2 >= 2. However, we cannot guarantee that the system service will be at or above quorum if we lose any pair of nodes simultaneously, it could be that the two nodes we lost were hosting two replicas, so the system service will go into quorum loss (having only a single replica left) and will become unavailable.

-**One node**: this option does not provide high availability since the loss of the single node for any reason means the loss of the entire cluster.

-**Two nodes**: a quorum for a service deployed across two nodes (N = 2) is 2 (2/2 + 1 = 2). When a single replica is lost, it is impossible to create a quorum. Since performing a service upgrade requires temporarily taking down a replica, this is not a useful configuration.

-In general, no. Service Fabric stores state on local, ephemeral disks, meaning that if the virtual machine is moved to a different host, the data does not move with it. In normal operation, that is not a problem as the new node is brought up to date by other nodes. However, if you stop all nodes and restart them later, there is a significant possibility that most of the nodes start on new hosts and make the system unable to recover.

-If you would like to create clusters for testing your application before it is deployed, we recommend that you dynamically create those clusters as part of your [continuous integration/continuous deployment pipeline](service-fabric-tutorial-deploy-app-with-cicd-vsts.md).

-While we're working on an improved experience, today, you are responsible for the upgrade. You must upgrade the OS image on the virtual machines of the cluster one VM at a time.

-Actors are designed to be independent units of state and compute, so it is not recommended to perform broad queries of actor state at runtime. If you have a need to query across the full set of actor state, you should consider either:

-Azure Service Fabric Resource Provider doesnΓÇÖt move or store customer data out of the region it is deployed in.

-| **Azure Container Storage** (preview) | Azure Container Storage (preview) is a volume management, deployment, and orchestration service that integrates with Kubernetes and is built natively for containers. | You want to dynamically and automatically provision persistent volumes to store data for stateful applications running on Kubernetes clusters. |

-5. Select "Save" to save the auto-shutdown configuration.

-To upload your VHD to Azure, you'll need to create an empty managed disk that is configured for this upload process. Before you create one, there's some additional information you should know about these disks.

-Before you can create an empty standard HDD for uploading, you'll need the file size of the VHD you want to upload, in bytes. To get that, you can use either `wc -c <yourFileName>.vhd` or `ls -al <yourFileName>.vhd`. This value is used when specifying the **--upload-size-bytes** parameter.

-If you're using Microsoft Entra ID to secure uploads, you'll need to [assign RBAC permissions](../../role-based-access-control/role-assignments-cli.md) to grant access to the disk and generate a writeable SAS.

-Now that you've created an empty managed disk that is configured for the upload process, you can upload a VHD to it. To upload a VHD to the disk, you'll need a writeable SAS, so that you can reference it as the destination for your upload.

-To generate a writable SAS of your empty managed disk, replace `<yourdiskname>`and `<yourresourcegroupname>`, then use the following command:

-This upload has the same throughput as the equivalent [standard HDD](../disks-types.md#standard-hdds). For example, if you have a size that equates to S4, you will have a throughput of up to 60 MiB/s. But, if you have a size that equates to S70, you will have a throughput of up to 500 MiB/s.

-After the upload is complete, and you no longer need to write any more data to the disk, revoke the SAS. Revoking the SAS will change the state of the managed disk and allow you to attach the disk to a VM.

-The following script will do this for you, the process is similar to the steps described earlier, with some differences since you're working with an existing disk.

-If you've additional questions, see the [uploading a managed disk](../faq-for-disks.yml#uploading-to-a-managed-disk) section in the FAQ.

-To improve the security of Linux virtual machines in Azure, you can integrate with Azure Active Directory authentication. Now you can use Azure AD as a core authentication platform. You can also SSH into the Linux VM by using Azure AD and OpenSSH certificate-based authentication. This functionality allows organizations to manage access to VMs with Azure role-based access control and Conditional Access policies.

-## Assign Azure AD RBAC for Azure AD login for Linux Virtual Machine

-Login to Azure Linux VMs with Azure AD supports exporting the OpenSSH certificate and configuration. That means you can use any SSH clients that support OpenSSH-based certificates to sign in through Azure AD. The following example exports the configuration for all IP addresses assigned to the VM:

-## Enable Azure AD login for a Linux Virtual Machine in Azure

-The following installs the extension to enable Azure AD login for a Linux VM. VM extensions are small applications that provide post-deployment configuration and automation tasks on Azure virtual machines.

-> 'DC' family VMs are specialized for confidential computing scenarios. If your workload doesn't require confidential compute and you're looking for general purpose VMs with similar specs, consider the [the standard D-family size series](./d-family.md).

-### DCsv2-series

-[View the full DCsv2-series page](./dcsv2-series.md).

-### DCsv3 and DCdsv3-series

-#### [DCsv3-series](#tab/dcsv3)

-[View the full DCsv3-series page](./dcsv3-series.md).

-#### [DCdsv3-series](#tab/dcdsv3)

-[View the full DCdsv3-series page](./dcdsv3-series.md).

-> 'EC' family VMs are specialized for confidential computing scenarios. If your workload doesn't require confidential compute and you're looking for memory-optimized VMs with similar specifications, consider the [standard E-family size series](./e-family.md).

-### Ecasv5 and Ecadsv5-series

-### Ecasccv5 and Ecadsccv5-series

-[View the full Ecasccv5 and Ecadsccv5-series page](../../ecasccv5-ecadsccv5-series.md).

-### Ecesv5 and Ecedsv5-series

-| [EC-family](./memory-optimized/ec-family.md) | E-family with confidential computing | [ECasv5 and ECadsv5-series](./memory-optimized/ec-family.md#ecasv5-and-ecadsv5-series)<br> [ECas_cc_v5 and ECads_cc_v5-series](./memory-optimized/ec-family.md#ecasccv5-and-ecadsccv5-series)<br> [ECesv5 and ECedsv5-series](./memory-optimized/ec-family.md#ecesv5-and-ecedsv5-series) |

-To generate a writable SAS of your empty managed disk, replace `<yourdiskname>`and `<yourresourcegroupname>`, then use the following commands:

-description: This article teaches you how to use the Azure CLI to restrict network access to Azure resources like Azure Storage and Azure SQL Database with virtual network service endpoints.

-# Customer intent: I want only resources in a virtual network subnet to access an Azure PaaS resource, such as an Azure Storage account.

-# Restrict network access to PaaS resources with virtual network service endpoints using the Azure CLI

-Virtual network service endpoints enable you to limit network access to some Azure service resources to a virtual network subnet. You can also remove internet access to the resources. Service endpoints provide direct connection from your virtual network to supported Azure services, allowing you to use your virtual network's private address space to access the Azure services. Traffic destined to Azure resources through service endpoints always stays on the Microsoft Azure backbone network. In this article, you learn how to:

-* Create a virtual network with one subnet

-* Add a subnet and enable a service endpoint

-* Create an Azure resource and allow network access to it from only a subnet

-* Deploy a virtual machine (VM) to each subnet

-* Confirm access to a resource from a subnet

-* Confirm access is denied to a resource from a subnet and the internet

-## Create a virtual network

-Before creating a virtual network, you have to create a resource group for the virtual network, and all other resources created in this article. Create a resource group with [az group create](/cli/azure/group). The following example creates a resource group named *test-rg* in the *eastus* location.

-```azurecli-interactive

-az group create \

- --name test-rg \

- --location eastus

-```

-Create a virtual network with one subnet with [az network vnet create](/cli/azure/network/vnet).

-```azurecli-interactive

-az network vnet create \

- --name vnet-1 \

- --resource-group test-rg \

- --address-prefix 10.0.0.0/16 \

- --subnet-name subnet-public \

- --subnet-prefix 10.0.0.0/24

-```

-## Enable a service endpoint

-You can enable service endpoints only for services that support service endpoints. View service endpoint-enabled services available in an Azure location with [az network vnet list-endpoint-services](/cli/azure/network/vnet). The following example returns a list of service-endpoint-enabled services available in the *eastus* region. The list of services returned will grow over time, as more Azure services become service endpoint enabled.

-```azurecli-interactive

-az network vnet list-endpoint-services \

- --location eastus \

- --out table

-```

-Create another subnet in the virtual network with [az network vnet subnet create](/cli/azure/network/vnet/subnet). In this example, a service endpoint for `Microsoft.Storage` is created for the subnet:

-```azurecli-interactive

-az network vnet subnet create \

- --vnet-name vnet-1 \

- --resource-group test-rg \

- --name subnet-private \

- --address-prefix 10.0.1.0/24 \

- --service-endpoints Microsoft.Storage

-```

-## Restrict network access for a subnet

-Create a network security group with [az network nsg create](/cli/azure/network/nsg). The following example creates a network security group named *nsg-private*.

-```azurecli-interactive

-az network nsg create \

- --resource-group test-rg \

- --name nsg-private

-```

-Associate the network security group to the *subnet-private* subnet with [az network vnet subnet update](/cli/azure/network/vnet/subnet). The following example associates the *nsg-private* network security group to the *subnet-private* subnet:

-```azurecli-interactive

-az network vnet subnet update \

- --vnet-name vnet-1 \

- --name subnet-private \

- --resource-group test-rg \

- --network-security-group nsg-private

-```

-Create security rules with [az network nsg rule create](/cli/azure/network/nsg/rule). The rule that follows allows outbound access to the public IP addresses assigned to the Azure Storage service:

-```azurecli-interactive

-az network nsg rule create \

- --resource-group test-rg \

- --nsg-name nsg-private \

- --name Allow-Storage-All \

- --access Allow \

- --protocol "*" \

- --direction Outbound \

- --priority 100 \

- --source-address-prefix "VirtualNetwork" \

- --source-port-range "*" \

- --destination-address-prefix "Storage" \

- --destination-port-range "*"

-```

-Each network security group contains several [default security rules](./network-security-groups-overview.md#default-security-rules). The rule that follows overrides a default security rule that allows outbound access to all public IP addresses. The `destination-address-prefix "Internet"` option denies outbound access to all public IP addresses. The previous rule overrides this rule, due to its higher priority, which allows access to the public IP addresses of Azure Storage.

-```azurecli-interactive

-az network nsg rule create \

- --resource-group test-rg \

- --nsg-name nsg-private \

- --name Deny-Internet-All \

- --access Deny \

- --protocol "*" \

- --direction Outbound \

- --priority 110 \

- --source-address-prefix "VirtualNetwork" \

- --source-port-range "*" \

- --destination-address-prefix "Internet" \

- --destination-port-range "*"

-```

-The following rule allows SSH traffic inbound to the subnet from anywhere. The rule overrides a default security rule that denies all inbound traffic from the internet. SSH is allowed to the subnet so that connectivity can be tested in a later step.

-```azurecli-interactive

-az network nsg rule create \

- --resource-group test-rg \

- --nsg-name nsg-private \

- --name Allow-SSH-All \

- --access Allow \

- --protocol Tcp \

- --direction Inbound \

- --priority 120 \

- --source-address-prefix "*" \

- --source-port-range "*" \

- --destination-address-prefix "VirtualNetwork" \

- --destination-port-range "22"

-```

-## Restrict network access to a resource

-The steps necessary to restrict network access to resources created through Azure services enabled for service endpoints varies across services. See the documentation for individual services for specific steps for each service. The remainder of this article includes steps to restrict network access for an Azure Storage account, as an example.

-### Create a storage account

-Create an Azure storage account with [az storage account create](/cli/azure/storage/account). Replace `<replace-with-your-unique-storage-account-name>` with a name that is unique across all Azure locations, between 3-24 characters in length, using only numbers and lower-case letters.

-```azurecli-interactive

-storageAcctName="<replace-with-your-unique-storage-account-name>"

-az storage account create \

- --name $storageAcctName \

- --resource-group test-rg \

- --sku Standard_LRS \

- --kind StorageV2

-```

-After the storage account is created, retrieve the connection string for the storage account into a variable with [az storage account show-connection-string](/cli/azure/storage/account). The connection string is used to create a file share in a later step.

-For the purposes of this tutorial, the connection string is used to connect to the storage account. Microsoft recommends that you use the most secure authentication flow available. The authentication flow described in this procedure requires a high degree of trust in the application, and carries risks that aren't present in other flows. You should only use this flow when other more secure flows, such as managed identities, aren't viable.

-For more information about connecting to a storage account using a managed identity, see [Use a managed identity to access Azure Storage](/entra/identity/managed-identities-azure-resources/tutorial-linux-managed-identities-vm-access?pivots=identity-linux-mi-vm-access-storage).

-```azurecli-interactive

-saConnectionString=$(az storage account show-connection-string \

- --name $storageAcctName \

- --resource-group test-rg \

- --query 'connectionString' \

- --out tsv)

-```

-<a name="account-key"></a>View the contents of the variable and note the value for **AccountKey** returned in the output, because it's used in a later step.

-```azurecli-interactive

-echo $saConnectionString

-```

-### Create a file share in the storage account

-Create a file share in the storage account with [az storage share create](/cli/azure/storage/share). In a later step, this file share is mounted to confirm network access to it.

-```azurecli-interactive

-az storage share create \

- --name file-share \

- --quota 2048 \

- --connection-string $saConnectionString >

-```

-### Deny all network access to a storage account

-By default, storage accounts accept network connections from clients in any network. To limit access to selected networks, change the default action to *Deny* with [az storage account update](/cli/azure/storage/account). Once network access is denied, the storage account isn't accessible from any network.

-```azurecli-interactive

-az storage account update \

- --name $storageAcctName \

- --resource-group test-rg \

- --default-action Deny

-```

-### Enable network access from a subnet

-Allow network access to the storage account from the *subnet-private* subnet with [az storage account network-rule add](/cli/azure/storage/account/network-rule).

-```azurecli-interactive

-az storage account network-rule add \

- --resource-group test-rg \

- --account-name $storageAcctName \

- --vnet-name vnet-1 \

- --subnet subnet-private

-```

-## Create virtual machines

-To test network access to a storage account, deploy a VM to each subnet.

-### Create the first virtual machine

-Create a VM in the *subnet-public* subnet with [az vm create](/cli/azure/vm). If SSH keys don't already exist in a default key location, the command creates them. To use a specific set of keys, use the `--ssh-key-value` option.

-```azurecli-interactive

-az vm create \

- --resource-group test-rg \

- --name vm-public \

- --image Ubuntu2204 \

- --vnet-name vnet-1 \

- --subnet subnet-public \

- --admin-username azureuser \

- --generate-ssh-keys

-```

-The VM takes a few minutes to create. After the VM is created, the Azure CLI shows information similar to the following example:

-```azurecli

-{

- "fqdns": "",

- "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Compute/virtualMachines/vm-public",

- "location": "eastus",

- "macAddress": "00-0D-3A-23-9A-49",

- "powerState": "VM running",

- "privateIpAddress": "10.0.0.4",

- "publicIpAddress": "203.0.113.24",

- "resourceGroup": "test-rg"

-}

-```

-### Create the second virtual machine

-```azurecli-interactive

-az vm create \

- --resource-group test-rg \

- --name vm-private \

- --image Ubuntu2204 \

- --vnet-name vnet-1 \

- --subnet subnet-private \

- --admin-username azureuser \

- --generate-ssh-keys

-```

-The VM takes a few minutes to create. After creation, take note of the **publicIpAddress** in the output returned. This address is used to access the VM from the internet in a later step.

-## Confirm access to storage account

-SSH into the *vm-private* VM.

-Run the following command to store the IP address of the VM as an environment variable:

-```bash

-export IP_ADDRESS=$(az vm show --show-details --resource-group test-rg --name vm-private --query publicIps --output tsv)

-```

-```bash

-ssh -o StrictHostKeyChecking=no azureuser@$IP_ADDRESS

-```

-Create a folder for a mount point:

-```bash

-sudo mkdir /mnt/file-share

-```

-Mount the Azure file share to the directory you created. Before running the following command, replace `<storage-account-name>` with the account name and `<storage-account-key>` with the key you retrieved in [Create a storage account](#create-a-storage-account).

-```bash

-sudo mount --types cifs //<storage-account-name>.file.core.windows.net/my-file-share /mnt/file-share --options vers=3.0,username=<storage-account-name>,password=<storage-account-key>,dir_mode=0777,file_mode=0777,serverino

-```

-You receive the `user@vm-private:~$` prompt. The Azure file share successfully mounted to */mnt/file-share*.

-Confirm that the VM has no outbound connectivity to any other public IP addresses:

-```bash

-ping bing.com -c 4

-```

-You receive no replies, because the network security group associated to the *subnet-private* subnet doesn't allow outbound access to public IP addresses other than the addresses assigned to the Azure Storage service.

-Exit the SSH session to the *vm-private* VM.

-## Confirm access is denied to storage account

-SSH into the *vm-public* VM.

-Run the following command to store the IP address of the VM as an environment variable:

-```bash

-export IP_ADDRESS=$(az vm show --show-details --resource-group test-rg --name vm-public --query publicIps --output tsv)

-```

-```bash

-ssh -o StrictHostKeyChecking=no azureuser@$IP_ADDRESS

-```

-Create a directory for a mount point:

-```bash

-sudo mkdir /mnt/file-share

-```

-Attempt to mount the Azure file share to the directory you created. This article assumes you deployed the latest version of Ubuntu. If you're using earlier versions of Ubuntu, see [Mount on Linux](../storage/files/storage-how-to-use-files-linux.md?toc=%2fazure%2fvirtual-network%2ftoc.json) for more instructions about mounting file shares. Before running the following command, replace `<storage-account-name>` with the account name and `<storage-account-key>` with the key you retrieved in [Create a storage account](#create-a-storage-account):

-```bash

-sudo mount --types cifs //storage-account-name>.file.core.windows.net/file-share /mnt/file-share --options vers=3.0,username=<storage-account-name>,password=<storage-account-key>,dir_mode=0777,file_mode=0777,serverino

-```

-Access is denied, and you receive a `mount error(13): Permission denied` error, because the *vm-public* VM is deployed within the *subnet-public* subnet. The *subnet-public* subnet doesn't have a service endpoint enabled for Azure Storage, and the storage account only allows network access from the *subnet-private* subnet, not the *subnet-public* subnet.

-Exit the SSH session to the *vm-public* VM.

-From your computer, attempt to view the shares in your storage account with [az storage share list](/cli/azure/storage/share). Replace `<account-name>` and `<account-key>` with the storage account name and key from [Create a storage account](#create-a-storage-account):

-```azurecli-interactive

-az storage share list \

- --account-name <account-name> \

- --account-key <account-key>

-```

-Access is denied and you receive a **This request isn't authorized to perform this operation** error, because your computer isn't in the *subnet-private* subnet of the *vnet-1* virtual network.

-## Clean up resources

-When no longer needed, use [az group delete](/cli/azure) to remove the resource group and all of the resources it contains.

-```azurecli-interactive

-az group delete \

- --name test-rg \

- --yes \

- --no-wait

-```

-## Next steps

-In this article, you enabled a service endpoint for a virtual network subnet. You learned that service endpoints can be enabled for resources deployed with multiple Azure services. You created an Azure Storage account and limited network access to the storage account to only resources within a virtual network subnet. To learn more about service endpoints, see [Service endpoints overview](virtual-network-service-endpoints-overview.md) and [Manage subnets](virtual-network-manage-subnet.md).

-If you have multiple virtual networks in your account, you might want to connect two virtual networks together so the resources within each virtual network can communicate with each other. To learn how, see [Connect virtual networks](tutorial-connect-virtual-networks-cli.md).

-description: In this article, you learn how to limit and restrict network access to Azure resources, such as Azure Storage and Azure SQL Database, with virtual network service endpoints using Azure PowerShell.

-# Customer intent: I want only resources in a virtual network subnet to access an Azure PaaS resource, such as an Azure Storage account.

-# Restrict network access to PaaS resources with virtual network service endpoints using PowerShell

-Virtual network service endpoints enable you to limit network access to some Azure service resources to a virtual network subnet. You can also remove internet access to the resources. Service endpoints provide direct connection from your virtual network to supported Azure services, allowing you to use your virtual network's private address space to access the Azure services. Traffic destined to Azure resources through service endpoints always stays on the Microsoft Azure backbone network. In this article, you learn how to:

-* Create a virtual network with one subnet

-* Add a subnet and enable a service endpoint

-* Create an Azure resource and allow network access to it from only a subnet

-* Deploy a virtual machine (VM) to each subnet

-* Confirm access to a resource from a subnet

-* Confirm access is denied to a resource from a subnet and the internet

-If you don't have an Azure subscription, create a [free account](https://azure.microsoft.com/free/?WT.mc_id=A261C142F) before you begin.

-If you choose to install and use PowerShell locally, this article requires the Azure PowerShell module version 1.0.0 or later. Run `Get-Module -ListAvailable Az` to find the installed version. If you need to upgrade, see [Install Azure PowerShell module](/powershell/azure/install-azure-powershell). If you are running PowerShell locally, you also need to run `Connect-AzAccount` to create a connection with Azure.

-## Create a virtual network

-Before creating a virtual network, you have to create a resource group for the virtual network, and all other resources created in this article. Create a resource group with [New-AzResourceGroup](/powershell/module/az.resources/new-azresourcegroup). The following example creates a resource group named *myResourceGroup*:

-```azurepowershell-interactive

-New-AzResourceGroup -ResourceGroupName myResourceGroup -Location EastUS

-```

-Create a virtual network with [New-AzVirtualNetwork](/powershell/module/az.network/new-azvirtualnetwork). The following example creates a virtual network named *myVirtualNetwork* with the address prefix *10.0.0.0/16*.

-```azurepowershell-interactive

-$virtualNetwork = New-AzVirtualNetwork `

- -ResourceGroupName myResourceGroup `

- -Location EastUS `

- -Name myVirtualNetwork `

- -AddressPrefix 10.0.0.0/16

-```

-Create a subnet configuration with [New-AzVirtualNetworkSubnetConfig](/powershell/module/az.network/new-azvirtualnetworksubnetconfig). The following example creates a subnet configuration for a subnet named *Public*:

-```azurepowershell-interactive

-$subnetConfigPublic = Add-AzVirtualNetworkSubnetConfig `

- -Name Public `

- -AddressPrefix 10.0.0.0/24 `

- -VirtualNetwork $virtualNetwork

-```

-Create the subnet in the virtual network by writing the subnet configuration to the virtual network with [Set-AzVirtualNetwork](/powershell/module/az.network/Set-azVirtualNetwork):

-```azurepowershell-interactive

-$virtualNetwork | Set-AzVirtualNetwork

-```

-## Enable a service endpoint

-You can enable service endpoints only for services that support service endpoints. View service endpoint-enabled services available in an Azure location with [Get-AzVirtualNetworkAvailableEndpointService](/powershell/module/az.network/get-azvirtualnetworkavailableendpointservice). The following example returns a list of service-endpoint-enabled services available in the *eastus* region. The list of services returned will grow over time as more Azure services become service endpoint enabled.

-```azurepowershell-interactive

-Get-AzVirtualNetworkAvailableEndpointService -Location eastus | Select Name

-```

-Create an additional subnet in the virtual network. In this example, a subnet named *Private* is created with a service endpoint for *Microsoft.Storage*:

-```azurepowershell-interactive

-$subnetConfigPrivate = Add-AzVirtualNetworkSubnetConfig `

- -Name Private `

- -AddressPrefix 10.0.1.0/24 `

- -VirtualNetwork $virtualNetwork `

- -ServiceEndpoint Microsoft.Storage

-$virtualNetwork | Set-AzVirtualNetwork

-```

-## Restrict network access for a subnet

-Create network security group security rules with [New-AzNetworkSecurityRuleConfig](/powershell/module/az.network/new-aznetworksecurityruleconfig). The following rule allows outbound access to the public IP addresses assigned to the Azure Storage service:

-```azurepowershell-interactive

-$rule1 = New-AzNetworkSecurityRuleConfig `

- -Name Allow-Storage-All `

- -Access Allow `

- -DestinationAddressPrefix Storage `

- -DestinationPortRange * `

- -Direction Outbound `

- -Priority 100 `

- -Protocol * `

- -SourceAddressPrefix VirtualNetwork `

- -SourcePortRange *

-```

-The following rule denies access to all public IP addresses. The previous rule overrides this rule, due to its higher priority, which allows access to the public IP addresses of Azure Storage.

-```azurepowershell-interactive

-$rule2 = New-AzNetworkSecurityRuleConfig `

- -Name Deny-Internet-All `

- -Access Deny `

- -DestinationAddressPrefix Internet `

- -DestinationPortRange * `

- -Direction Outbound `

- -Priority 110 `

- -Protocol * `

- -SourceAddressPrefix VirtualNetwork `

- -SourcePortRange *

-```

-The following rule allows Remote Desktop Protocol (RDP) traffic inbound to the subnet from anywhere. Remote desktop connections are allowed to the subnet, so that you can confirm network access to a resource in a later step.

-```azurepowershell-interactive

-$rule3 = New-AzNetworkSecurityRuleConfig `

- -Name Allow-RDP-All `

- -Access Allow `

- -DestinationAddressPrefix VirtualNetwork `

- -DestinationPortRange 3389 `

- -Direction Inbound `

- -Priority 120 `

- -Protocol * `

- -SourceAddressPrefix * `

- -SourcePortRange *

-```

-Create a network security group with [New-AzNetworkSecurityGroup](/powershell/module/az.network/new-aznetworksecuritygroup). The following example creates a network security group named *myNsgPrivate*.

-```azurepowershell-interactive

-$nsg = New-AzNetworkSecurityGroup `

- -ResourceGroupName myResourceGroup `

- -Location EastUS `

- -Name myNsgPrivate `

- -SecurityRules $rule1,$rule2,$rule3

-```

-Associate the network security group to the *Private* subnet with [Set-AzVirtualNetworkSubnetConfig](/powershell/module/az.network/set-azvirtualnetworksubnetconfig) and then write the subnet configuration to the virtual network. The following example associates the *myNsgPrivate* network security group to the *Private* subnet:

-```azurepowershell-interactive

-Set-AzVirtualNetworkSubnetConfig `

- -VirtualNetwork $VirtualNetwork `

- -Name Private `

- -AddressPrefix 10.0.1.0/24 `

- -ServiceEndpoint Microsoft.Storage `

- -NetworkSecurityGroup $nsg

-$virtualNetwork | Set-AzVirtualNetwork

-```

-## Restrict network access to a resource

-The steps necessary to restrict network access to resources created through Azure services enabled for service endpoints varies across services. See the documentation for individual services for specific steps for each service. The remainder of this article includes steps to restrict network access for an Azure Storage account, as an example.

-### Create a storage account

-Create an Azure storage account with [New-AzStorageAccount](/powershell/module/az.storage/new-azstorageaccount). Replace `<replace-with-your-unique-storage-account-name>` with a name that is unique across all Azure locations, between 3-24 characters in length, using only numbers and lower-case letters.

-```azurepowershell-interactive

-$storageAcctName = '<replace-with-your-unique-storage-account-name>'

-New-AzStorageAccount `

- -Location EastUS `

- -Name $storageAcctName `

- -ResourceGroupName myResourceGroup `

- -SkuName Standard_LRS `

- -Kind StorageV2

-```

-After the storage account is created, retrieve the key for the storage account into a variable with [Get-AzStorageAccountKey](/powershell/module/az.storage/get-azstorageaccountkey):

-```azurepowershell-interactive

-$storageAcctKey = (Get-AzStorageAccountKey `

- -ResourceGroupName myResourceGroup `

- -AccountName $storageAcctName).Value[0]

-```

-The key is used to create a file share in a later step. Enter `$storageAcctKey` and note the value, as you'll also need to manually enter it in a later step when you map the file share to a drive in a VM.

-### Create a file share in the storage account

-Create a context for your storage account and key with [New-AzStorageContext](/powershell/module/az.storage/new-AzStoragecontext). The context encapsulates the storage account name and account key:

-```azurepowershell-interactive

-$storageContext = New-AzStorageContext $storageAcctName $storageAcctKey

-```

-Create a file share with [New-AzStorageShare](/powershell/module/az.storage/new-azstorageshare):

-$share = New-AzStorageShare my-file-share -Context $storageContext

-### Deny all network access to a storage account

-By default, storage accounts accept network connections from clients in any network. To limit access to selected networks, change the default action to *Deny* with [Update-AzStorageAccountNetworkRuleSet](/powershell/module/az.storage/update-azstorageaccountnetworkruleset). Once network access is denied, the storage account is not accessible from any network.

-```azurepowershell-interactive

-Update-AzStorageAccountNetworkRuleSet `

- -ResourceGroupName "myresourcegroup" `

- -Name $storageAcctName `

- -DefaultAction Deny

-```

-### Enable network access from a subnet

-Retrieve the created virtual network with [Get-AzVirtualNetwork](/powershell/module/az.network/get-azvirtualnetwork) and then retrieve the private subnet object into a variable with [Get-AzVirtualNetworkSubnetConfig](/powershell/module/az.network/get-azvirtualnetworksubnetconfig):

-```azurepowershell-interactive

-$privateSubnet = Get-AzVirtualNetwork `

- -ResourceGroupName "myResourceGroup" `

- -Name "myVirtualNetwork" `

- | Get-AzVirtualNetworkSubnetConfig `

- -Name "Private"

-```

-Allow network access to the storage account from the *Private* subnet with [Add-AzStorageAccountNetworkRule](/powershell/module/az.network/add-aznetworksecurityruleconfig).

-```azurepowershell-interactive

-Add-AzStorageAccountNetworkRule `

- -ResourceGroupName "myresourcegroup" `

- -Name $storageAcctName `

- -VirtualNetworkResourceId $privateSubnet.Id

-```

-## Create virtual machines

-To test network access to a storage account, deploy a VM to each subnet.

-### Create the first virtual machine

-Create a virtual machine in the *Public* subnet with [New-AzVM](/powershell/module/az.compute/new-azvm). When running the command that follows, you are prompted for credentials. The values that you enter are configured as the user name and password for the VM. The `-AsJob` option creates the VM in the background, so that you can continue to the next step.

-```azurepowershell-interactive

-New-AzVm `

- -ResourceGroupName "myResourceGroup" `

- -Location "East US" `

- -VirtualNetworkName "myVirtualNetwork" `

- -SubnetName "Public" `

- -Name "myVmPublic" `

- -AsJob

-```

-Output similar to the following example output is returned:

-```powershell

-Id Name PSJobTypeName State HasMoreData Location Command

-1 Long Running... AzureLongRun... Running True localhost New-AzVM

-```

-### Create the second virtual machine

-Create a virtual machine in the *Private* subnet:

-```azurepowershell-interactive

-New-AzVm `

- -ResourceGroupName "myResourceGroup" `

- -Location "East US" `

- -VirtualNetworkName "myVirtualNetwork" `

- -SubnetName "Private" `

- -Name "myVmPrivate"

-```

-It takes a few minutes for Azure to create the VM. Do not continue to the next step until Azure finishes creating the VM and returns output to PowerShell.

-## Confirm access to storage account

-Use [Get-AzPublicIpAddress](/powershell/module/az.network/get-azpublicipaddress) to return the public IP address of a VM. The following example returns the public IP address of the *myVmPrivate* VM:

-```azurepowershell-interactive

-Get-AzPublicIpAddress `

- -Name myVmPrivate `

- -ResourceGroupName myResourceGroup `

- | Select IpAddress

-```

-Replace `<publicIpAddress>` in the following command, with the public IP address returned from the previous command, and then enter the following command:

-```powershell

-mstsc /v:<publicIpAddress>

-```

-A Remote Desktop Protocol (.rdp) file is created and downloaded to your computer. Open the downloaded rdp file. If prompted, select **Connect**. Enter the user name and password you specified when creating the VM. You may need to select **More choices**, then **Use a different account**, to specify the credentials you entered when you created the VM. Select **OK**. You may receive a certificate warning during the sign-in process. If you receive the warning, select **Yes** or **Continue**, to proceed with the connection.

-On the *myVmPrivate* VM, map the Azure file share to drive Z using PowerShell. Before running the commands that follow, replace `<storage-account-key>` and `<storage-account-name>` with values from you supplied or retrieved in [Create a storage account](#create-a-storage-account).

-```powershell

-$acctKey = ConvertTo-SecureString -String "<storage-account-key>" -AsPlainText -Force

-$credential = New-Object System.Management.Automation.PSCredential -ArgumentList "Azure\<storage-account-name>", $acctKey

-New-PSDrive -Name Z -PSProvider FileSystem -Root "\\<storage-account-name>.file.core.windows.net\my-file-share" -Credential $credential

-```

-PowerShell returns output similar to the following example output:

-```powershell

-Name Used (GB) Free (GB) Provider Root

-Z FileSystem \\vnt.file.core.windows.net\my-f...

-```

-The Azure file share successfully mapped to the Z drive.

-Confirm that the VM has no outbound connectivity to any other public IP addresses:

-```powershell

-ping bing.com

-```

-You receive no replies, because the network security group associated to the *Private* subnet does not allow outbound access to public IP addresses other than the addresses assigned to the Azure Storage service.

-Close the remote desktop session to the *myVmPrivate* VM.

-## Confirm access is denied to storage account

-Get the public IP address of the *myVmPublic* VM:

-```azurepowershell-interactive

-Get-AzPublicIpAddress `

- -Name myVmPublic `

- -ResourceGroupName myResourceGroup `

- | Select IpAddress

-```

-Replace `<publicIpAddress>` in the following command, with the public IP address returned from the previous command, and then enter the following command:

-```powershell

-mstsc /v:<publicIpAddress>

-```

-On the *myVmPublic* VM, attempt to map the Azure file share to drive Z. Before running the commands that follow, replace `<storage-account-key>` and `<storage-account-name>` with values from you supplied or retrieved in [Create a storage account](#create-a-storage-account).

-```powershell

-$acctKey = ConvertTo-SecureString -String "<storage-account-key>" -AsPlainText -Force

-$credential = New-Object System.Management.Automation.PSCredential -ArgumentList "Azure\<storage-account-name>", $acctKey

-New-PSDrive -Name Z -PSProvider FileSystem -Root "\\<storage-account-name>.file.core.windows.net\my-file-share" -Credential $credential

-```

-Access to the share is denied, and you receive a `New-PSDrive : Access is denied` error. Access is denied because the *myVmPublic* VM is deployed in the *Public* subnet. The *Public* subnet does not have a service endpoint enabled for Azure Storage, and the storage account only allows network access from the *Private* subnet, not the *Public* subnet.

-Close the remote desktop session to the *myVmPublic* VM.

-From your computer, attempt to view the file shares in the storage account with the following command:

-```powershell-interactive

-Get-AzStorageFile `

- -ShareName my-file-share `

- -Context $storageContext

-```

-Access is denied, and you receive a *Get-AzStorageFile : The remote server returned an error: (403) Forbidden. HTTP Status Code: 403 - HTTP Error Message: This request is not authorized to perform this operation* error, because your computer is not in the *Private* subnet of the *MyVirtualNetwork* virtual network.

-## Clean up resources

-When no longer needed, you can use [Remove-AzResourceGroup](/powershell/module/az.resources/remove-azresourcegroup) to remove the resource group and all of the resources it contains:

-```azurepowershell-interactive

-Remove-AzResourceGroup -Name myResourceGroup -Force

-```

-## Next steps

-In this article, you enabled a service endpoint for a virtual network subnet. You learned that service endpoints can be enabled for resources deployed with multiple Azure services. You created an Azure Storage account and limited network access to the storage account to only resources within a virtual network subnet. To learn more about service endpoints, see [Service endpoints overview](virtual-network-service-endpoints-overview.md) and [Manage subnets](virtual-network-manage-subnet.md).

-If you have multiple virtual networks in your account, you may want to connect two virtual networks together so the resources within each virtual network can communicate with each other. To learn how, see [Connect virtual networks](tutorial-connect-virtual-networks-powershell.md).

-This tutorial uses the Azure portal. You can also complete it using the [Azure CLI](tutorial-restrict-network-access-to-resources-cli.md) or [PowerShell](tutorial-restrict-network-access-to-resources-powershell.md).

-## Sign in to Azure

-Sign in to the [Azure portal](https://portal.azure.com).

-1. On the **Add subnet** page, enter or select the following information:

-1. In the **Basics** tab of **Create network security group**, enter or select the following information:

-### Create outbound NSG rules

- | Destination port ranges | Enter **445**. </br> SMB protocol is used to connect to a file share created in a later step. |

-### Associate the network security group to a subnet

-### Restrict network access to a subnet

-## Create virtual machines

-1. Repeat the steps in the previous section to create a second virtual machine. Replace the following values in **Create a virtual machine**:

-1. Copy the value of **key1**. You may need to select the **Show** button to display the key.

-1. Repeat the previous command to attempt to map the drive to the file share in the storage account. You may need to copy the storage account access key again for this procedure:

-### From a local machine:

-If you have multiple virtual networks in your account, you may want to establish connectivity between them so that resources can communicate with each other. To learn how to connect virtual networks, advance to the next tutorial.