Updates from: 08/02/2021 03:03:36
Service Microsoft Docs article Related commit history on GitHub Change details
active-directory Howto Conditional Access Policy Azure Management https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/conditional-access/howto-conditional-access-policy-azure-management.md
Organizations use a variety of Azure services and manage them from Azure Resourc
* Azure PowerShell * Azure CLI
-These tools can provide highly privileged access to resources, that can alter subscription-wide configurations, service settings, and subscription billing. To protect these privileged resources, Microsoft recommends requiring multi-factor authentication for any user accessing these resources.
+These tools can provide highly privileged access to resources, that can alter subscription-wide configurations, service settings, and subscription billing. To protect these privileged resources, Microsoft recommends requiring multi-factor authentication for any user accessing these resources. In Azure AD these tools are grouped together in a suite called [Microsoft Azure Management](concept-conditional-access-cloud-apps.md#microsoft-azure-management). For Azure Government, this should be the Azure Government Cloud Management API app.
## User exclusions
Conditional Access policies are powerful tools, we recommend excluding the follo
## Create a Conditional Access policy
-The following steps will help create a Conditional Access policy to require those with access to the [Microsoft Azure Management](concept-conditional-access-cloud-apps.md#microsoft-azure-management) app to perform multi-factor authentication.For Azure Government, this should be the Azure Government Cloud Management API app.
+The following steps will help create a Conditional Access policy to require those who access the [Microsoft Azure Management](concept-conditional-access-cloud-apps.md#microsoft-azure-management) suite to perform multi-factor authentication.
1. Sign in to the **Azure portal** as a global administrator, security administrator, or Conditional Access administrator. 1. Browse to **Azure Active Directory** > **Security** > **Conditional Access**.
active-directory Whats New Archive https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/fundamentals/whats-new-archive.md
Previously updated : 7/19/2021 Last updated : 7/30/2021
The What's new in Azure Active Directory? release notes provide information abou
+## January 2021
+
+### Secret token will be a mandatory field when configuring provisioning
+
+**Type:** Plan for change
+**Service category:** App Provisioning
+**Product capability:** Identity Lifecycle Management
+
+In the past, the secret token field could be kept empty when setting up provisioning on the custom / BYOA application. This function was intended to solely be used for testing. We'll update the UI to make the field required.
+
+Customers can work around this requirement for testing purposes by using a feature flag in the browser URL. [Learn more](../app-provisioning/use-scim-to-provision-users-and-groups.md#authorization-to-provisioning-connectors-in-the-application-gallery).
+
++
+### Public Preview - Customize and configure Android shared devices for frontline workers at scale
+
+**Type:** New feature
+**Service category:** Device Registration and Management
+**Product capability:** Identity Security & Protection
+
+Azure AD and Microsoft Endpoint Manager teams have combined to bring the capability to customize, scale, and secure your frontline worker devices.
+
+The following preview capabilities will allow you to:
+- Provision Android shared devices at scale with Microsoft Endpoint Manager
+- Secure your access for shift workers using device-based conditional access
+- Customize sign-in experiences for the shift workers with Managed Home Screen
+
+To learn more, refer to [Customize and configure shared devices for frontline workers at scale](https://techcommunity.microsoft.com/t5/azure-active-directory-identity/customize-and-configure-shared-devices-for-firstline-workers-at/ba-p/1751708).
+++
+### Public preview - Provisioning logs can now be downloaded as a CSV or JSON
+
+**Type:** New feature
+**Service category:** App Provisioning
+**Product capability:** Identity Lifecycle Management
+
+Customers can download the provisioning logs as a CSV or JSON file through the UI and via graph API. To learn more, refer to [Provisioning reports in the Azure Active Directory portal](../reports-monitoring/concept-provisioning-logs.md).
+++
+### Public preview - Assign cloud groups to Azure AD custom roles and admin unit scoped roles
+
+**Type:** New feature
+**Service category:** RBAC
+**Product capability:** Access Control
+
+Customers can assign a cloud group to Azure AD custom roles or an admin unit scoped role. To learn how to use this feature, refer to [Use cloud groups to manage role assignments in Azure Active Directory](../roles/groups-concept.md).
+++
+### General Availability - Azure AD Connect cloud sync (previously known as cloud provisioning)
+
+**Type:** New feature
+**Service category:** Azure AD Connect cloud sync
+**Product capability:** Identity Lifecycle Management
+
+Azure AD Connect cloud sync is now generally available to all customers.
+
+Azure AD Connect cloud moves the heavy lifting of transform logic to the cloud, reducing your on-premises footprint. Additionally, multiple light-weight agent deployments are available for higher sync availability. [Learn more](https://aka.ms/cloudsyncGA).
+
+
+### General Availability - Attack Simulation Administrator and Attack Payload Author built-in roles
+
+**Type:** New feature
+**Service category:** RBAC
+**Product capability:** Access Control
+
+Two new roles in Role-Based Access Control are available to assign to users, Attack simulation Administrator and Attack Payload author.
+
+Users in the [Attack Simulation Administrator](../roles/permissions-reference.md#attack-simulation-administrator) role have access for all simulations in the tenant and can:
+- create and manage all aspects of attack simulation creation
+- launch/scheduling of a simulation
+- review simulation results.
+
+Users in the [Attack Payload Author](../roles/permissions-reference.md#attack-payload-author) role can create attack payloads but not actually launch or schedule them. Attack payloads are then available to all administrators in the tenant who can use them to create a simulation.
+++
+### General Availability - Usage Summary Reports Reader built-in role
+
+**Type:** New feature
+**Service category:** RBAC
+**Product capability:** Access Control
+
+Users with the Usage Summary Reports Reader role can access tenant level aggregated data and associated insights in Microsoft 365 Admin Center for Usage and Productivity Score. However, they can't access any user level details or insights.
+
+In the Microsoft 365 Admin Center for the two reports, we differentiate between tenant level aggregated data and user level details. This role adds an extra layer of protection to individual user identifiable data. [Learn more](../roles/permissions-reference.md#usage-summary-reports-reader).
+++
+### General availability - Require App protection policy grant in Azure AD Conditional Access
+
+**Type:** New Feature
+**Service category:** Conditional Access
+**Product capability:** Identity Security & Protection
+
+Azure AD Conditional Access grant for "Require App Protection policy" is now GA.
+
+The policy provides the following capabilities:
+- Allows access only when using a mobile application that supports Intune App protection
+- Allows access only when a user has an Intune app protection policy delivered to the mobile application
+
+Learn more on how to set up a conditional access policy for app protection [here](../conditional-access/app-protection-based-conditional-access.md).
+
++
+### General availability - Email One-Time Passcode
+
+**Type:** New feature
+**Service category:** B2B
+**Product capability:** B2B/B2C
+
+Email OTP enables organizations around the world to collaborate with anyone by sending a link or invitation via email. Invited users can verify their identity with the one-time passcode sent to their email to access their partner's resources. [Learn more](../external-identities/one-time-passcode.md).
+
++
+ ### New provisioning connectors in the Azure AD Application Gallery - January 2021
+
+**Type:** New feature
+**Service category:** App Provisioning
+**Product capability:** 3rd Party Integration
+
+You can now automate creating, updating, and deleting user accounts for these newly integrated apps:
+- [Fortes Change Cloud](../saas-apps/fortes-change-cloud-provisioning-tutorial.md)
+- [Gtmhub](../saas-apps/gtmhub-provisioning-tutorial.md)
+- [monday.com](../saas-apps/mondaycom-provisioning-tutorial.md)
+- [Splashtop](../saas-apps/splashtop-provisioning-tutorial.md)
+- [Templafy OpenID Connect](../saas-apps/templafy-openid-connect-provisioning-tutorial.md)
+- [WEDO](../saas-apps/wedo-provisioning-tutorial.md)
+
+For more information, see [What is automated SaaS app user provisioning in Azure AD?](../app-provisioning/user-provisioning.md)
+++
+### New Federated Apps available in Azure AD Application gallery - January 2021
+
+**Type:** New feature
+**Service category:** Enterprise Apps
+**Product capability:** 3rd Party Integration
+
+In January 2021 we have added following 29 new applications in our App gallery with Federation support:
+
+[mySCView](https://dev.myscview.com/), [Talentech](https://talentech.com/contact/), [Bipsync](https://www.bipsync.com/), [OroTimesheet](https://app.orotimesheet.com/login.php), [Mio](https://app.m.io/auth/install/microsoft?scopetype=hub), [Sovelto Easy](https://login.soveltoeasy.fi/), [Supportbench](https://account.supportbench.net/agent/login/),[Bienvenue Formation](https://formation.bienvenue.pro/login), [AIDA Healthcare SSO](https://aidaforparents.com/login/organizations), [International SOS Assistance Products](../saas-apps/international-sos-assistance-products-tutorial.md), [NAVEX One](../saas-apps/navex-one-tutorial.md), [LabLog](../saas-apps/lablog-tutorial.md), [Oktopost SAML](../saas-apps/oktopost-saml-tutorial.md), [EPHOTO DAM](../saas-apps/ephoto-dam-tutorial.md), [Notion](../saas-apps/notion-tutorial.md), [Syndio](../saas-apps/syndio-tutorial.md), [Yello Enterprise](../saas-apps/yello-enterprise-tutorial.md), [Timeclock 365 SAML](../saas-apps/timeclock-365-saml-tutorial.md), [Nalco E-data](https://www.ecolab.com/), [Vacancy Filler](https://app.vacancy-filler.co.uk/VFMVC/Account/Login), [Synerise AI Growth Ecosystem](../saas-apps/synerise-ai-growth-ecosystem-tutorial.md), [Imperva Data Security](../saas-apps/imperva-data-security-tutorial.md), [Illusive Networks](../saas-apps/illusive-networks-tutorial.md), [Proware](../saas-apps/proware-tutorial.md), [Splan Visitor](../saas-apps/splan-visitor-tutorial.md), [Aruba User Experience Insight](../saas-apps/aruba-user-experience-insight-tutorial.md), [Contentsquare SSO](../saas-apps/contentsquare-sso-tutorial.md), [Perimeter 81](../saas-apps/perimeter-81-tutorial.md), [Burp Suite Enterprise Edition](../saas-apps/burp-suite-enterprise-edition-tutorial.md)
+
+You can also find the documentation of all the applications from here https://aka.ms/AppsTutorial
+
+For listing your application in the Azure AD app gallery, read the details here https://aka.ms/AzureADAppRequest
+++
+### Public preview - Second level manager can be set as alternate approver
+
+**Type:** Changed feature
+**Service category:** User Access Management
+**Product capability:** Entitlement Management
+
+An extra option when you select approvers is now available in Entitlement Management. If you select "Manager as approver" for the First Approver, you will have another option, "Second level manager as alternate approver", available to choose in the alternate approver field. If you select this option, you need to add a fallback approver to forward the request to in case the system can't find the second level manager. [Learn more](../governance/entitlement-management-access-package-approval-policy.md#alternate-approvers)
+
++
+### General availability - Navigate to Teams directly from My Access portal
+
+**Type:** Changed feature
+**Service category:** User Access Management
+**Product capability:** Entitlement Management
+
+You can now launch Teams directly from the My Access portal.
+
+To do so, sign-in to My Access (https://myaccess.microsoft.com/), navigate to "Access packages", then go to the "Active" tab to see all of the access packages you already have access to. When you expand the selected access package and hover on Teams, you can launch it by clicking on the "Open" button. [Learn more](../governance/entitlement-management-request-access.md).
+
++
+### Improved Logging & End-User Prompts for Risky Guest Users
+
+**Type:** Changed feature
+**Service category:** Identity Protection
+**Product capability:** Identity Security & Protection
+
+
+The Logging and End-User Prompts for Risky Guest Users have been updated. Learn more in [Identity Protection and B2B users](../identity-protection/concept-identity-protection-b2b.md).
+
++ ## December 2020 ### Public preview - Azure AD B2C Phone Sign-up and Sign-in using Built-in Policy
If your organization is using the Azure MFA SDK, you need to migrate by Septembe
**Product capability:** Identity Security & Protection
-User risk support in Azure AD Conditional Access policy allows you to create multiple user risk-based policies. Different minimum user risk levels can be required for different users and apps. Based on user risk, you can create policies to block access, require multi-factor authentication, secure password change, or redirect to Microsoft Cloud App Security to enforce session policy, such as additional auditing.
+User risk support in Azure AD Conditional Access policy allows you to create multiple user risk-based policies. Different minimum user risk levels can be required for different users and apps. Based on user risk, you can create policies to block access, require multifactor authentication, secure password change, or redirect to Microsoft Cloud App Security to enforce session policy, such as additional auditing.
The user risk condition requires Azure AD Premium P2 because it uses Azure Identity Protection, which is a P2 offering. for more information about conditional access, refer to [Azure AD Conditional Access documentation](../conditional-access/index.yml).
For more information, see [Validate a dynamic group membership rule (preview)](.
**Supporting security defaults for Azure AD improvement actions:** Microsoft Secure Score will be updating improvement actions to support [security defaults in Azure AD](./concept-fundamentals-security-defaults.md), which make it easier to help protect your organization with pre-configured security settings for common attacks. This will affect the following improvement actions: -- Ensure all users can complete multi-factor authentication for secure access
+- Ensure all users can complete multifactor authentication for secure access
- Require MFA for administrative roles - Enable policy to block legacy authentication
-**MFA improvement action updates:** To reflect the need for businesses to ensure the upmost security while applying policies that work with their business, Microsoft Secure Score has removed three improvement actions centered around multi-factor authentication and added two.
+**MFA improvement action updates:** To reflect the need for businesses to ensure the upmost security while applying policies that work with their business, Microsoft Secure Score has removed three improvement actions centered around multifactor authentication and added two.
Removed improvement actions: -- Register all users for multi-factor authentication
+- Register all users for multifactor authentication
- Require MFA for all users - Require MFA for Azure AD privileged roles Added improvement actions: -- Ensure all users can complete multi-factor authentication for secure access
+- Ensure all users can complete multifactor authentication for secure access
- Require MFA for administrative roles
-These new improvement actions require registering your users or admins for multi-factor authentication (MFA) across your directory and establishing the right set of policies that fit your organizational needs. The main goal is to have flexibility while ensuring all your users and admins can authenticate with multiple factors or risk-based identity verification prompts. That can take the form of having multiple policies that apply scoped decisions, or setting security defaults (as of March 16th) that let Microsoft decide when to challenge users for MFA. [Read more about what's new in Microsoft Secure Score](/microsoft-365/security/mtp/microsoft-secure-score#whats-new).
+These new improvement actions require registering your users or admins for multifactor authentication (MFA) across your directory and establishing the right set of policies that fit your organizational needs. The main goal is to have flexibility while ensuring all your users and admins can authenticate with multiple factors or risk-based identity verification prompts. That can take the form of having multiple policies that apply scoped decisions, or setting security defaults (as of March 16th) that let Microsoft decide when to challenge users for MFA. [Read more about what's new in Microsoft Secure Score](/microsoft-365/security/mtp/microsoft-secure-score#whats-new).
Custom controls will continue to be supported in preview alongside the new desig
**Service category:** MFA **Product capability:** Identity Security & Protection
-To reflect the need for businesses to ensure the upmost security while applying policies that work with their business, Microsoft Secure Score is removing three improvement actions centered around multi-factor authentication (MFA), and adding two.
+To reflect the need for businesses to ensure the upmost security while applying policies that work with their business, Microsoft Secure Score is removing three improvement actions centered around multifactor authentication (MFA), and adding two.
The following improvement actions will be removed:
If you're an existing customer, who activated MFA Server prior to July 1, 2019,
- Fixed other minor bugs.
-Starting July 1, 2019, Microsoft stopped offering MFA Server for new deployments. New customers who require multi-factor authentication should use cloud-based Azure AD Multi-Factor Authentication. For more information, see [Planning a cloud-based Azure AD Multi-Factor Authentication deployment](../authentication/howto-mfa-getstarted.md).
+Starting July 1, 2019, Microsoft stopped offering MFA Server for new deployments. New customers who require multifactor authentication should use cloud-based Azure AD Multi-Factor Authentication. For more information, see [Planning a cloud-based Azure AD Multi-Factor Authentication deployment](../authentication/howto-mfa-getstarted.md).
For more information about setting up your company branding, see [Add branding t
**Service category:** MFA **Product capability:** Identity Security & Protection
-As of July 1, 2019, Microsoft will no longer offer MFA Server for new deployments. New customers who want to require multi-factor authentication in their organization must now use cloud-based Azure AD Multi-Factor Authentication. Customers who activated MFA Server prior to July 1 won't see a change. You'll still be able to download the latest version, get future updates, and generate activation credentials.
+As of July 1, 2019, Microsoft will no longer offer MFA Server for new deployments. New customers who want to require multifactor authentication in their organization must now use cloud-based Azure AD Multi-Factor Authentication. Customers who activated MFA Server prior to July 1 won't see a change. You'll still be able to download the latest version, get future updates, and generate activation credentials.
For more information, see [Getting started with the Azure Active Directory Multi-factor Authentication Server](../authentication/howto-mfaserver-deploy.md). For more information about cloud-based Azure AD Multi-Factor Authentication, see [Planning a cloud-based Azure AD Multi-Factor Authentication deployment](../authentication/howto-mfa-getstarted.md).
To help address your feedback about visualizations with the Azure AD Activity lo
- **Sign-ins.** Provides details for apps and users, including sign-in location, the in-use operating system or browser client and version, and the number of successful or failed sign-ins. -- **Legacy authentication and Conditional Access.** Provides details for apps and users using legacy authentication, including Multi-Factor Authentication usage triggered by Conditional Access policies, apps using Conditional Access policies, and so on.
+- **Legacy authentication and Conditional Access.** Provides details for apps and users using legacy authentication, including multifactor authentication usage triggered by Conditional Access policies, apps using Conditional Access policies, and so on.
- **Sign-in failure analysis.** Helps you to determine if your sign-in errors are occurring due to a user action, policy issues, or your infrastructure.
For more information about listing your application in the Azure AD app gallery,
**Service category:** Privileged Identity Management **Product capability:** Privileged Identity Management
-If you are using Azure AD Privileged Identity Management for directory roles, you can now use PIM's time-bound access and assignment capabilities for Azure Resource roles such as Subscriptions, Resource Groups, Virtual Machines, and any other resource supported by Azure Resource Manager. Enforce Multi-Factor Authentication when activating roles Just-In-Time, and schedule activations in coordination with approved change windows. In addition, this release adds enhancements not available during public preview including an updated UI, approval workflows, and the ability to extend roles expiring soon and renew expired roles.
+If you are using Azure AD Privileged Identity Management for directory roles, you can now use PIM's time-bound access and assignment capabilities for Azure Resource roles such as Subscriptions, Resource Groups, Virtual Machines, and any other resource supported by Azure Resource Manager. Enforce multifactor authentication when activating roles Just-In-Time, and schedule activations in coordination with approved change windows. In addition, this release adds enhancements not available during public preview including an updated UI, approval workflows, and the ability to extend roles expiring soon and renew expired roles.
For more information, see [PIM for Azure resources (Preview)](../privileged-identity-management/azure-pim-resource-rbac.md)
For more information, see:
### Network Policy Server extension for Azure AD Multi-Factor Authentication **Type:** New feature
-**Service category:** Multi-factor authentication
+**Service category:** Multi-factor Authentication
**Product capability:** User authentication
-The Network Policy Server extension for Azure Active Directory (Azure AD) Multi-Factor Authentication adds cloud-based Multi-Factor Authentication capabilities to your authentication infrastructure by using your existing servers. With the Network Policy Server extension, you can add phone call, text message, or phone app verification to your existing authentication flow. You don't have to install, configure, and maintain new servers.
+The Network Policy Server extension for Azure Active Directory (Azure AD) Multi-Factor Authentication adds cloud-based multifactor authentication capabilities to your authentication infrastructure by using your existing servers. With the Network Policy Server extension, you can add phone call, text message, or phone app verification to your existing authentication flow. You don't have to install, configure, and maintain new servers.
This extension was created for organizations that want to protect virtual private network connections without deploying the Azure Active Directory Multi-factor Authentication Server. The Network Policy Server extension acts as an adapter between RADIUS and cloud-based Azure AD Multi-Factor Authentication to provide a second factor of authentication for federated or synced users.
For more information, see:
**Service category:** Conditional Access **Product capability:** Identity security and protection
-You now can use "OR" (require one of the selected controls) for Conditional Access controls. You can use this feature to create policies with "OR" between access controls. For example, you can use this feature to create a policy that requires a user to sign in by using Multi-Factor Authentication "OR" to be on a compliant device.
+You now can use "OR" (require one of the selected controls) for Conditional Access controls. You can use this feature to create policies with "OR" between access controls. For example, you can use this feature to create a policy that requires a user to sign in by using multifactor authentication "OR" to be on a compliant device.
For more information, see [Controls in Azure AD Conditional Access](../conditional-access/controls.md).
For more information, see [Controls in Azure AD Conditional Access](../condition
In Azure AD Identity Protection, all real-time risk detections that originated from the same IP address on a given day are now aggregated for each risk detection type. This change limits the volume of risk detections shown without any change in user security.
-The underlying real-time detection works each time the user signs in. If you have a sign-in risk security policy set up to Multi-Factor Authentication or block access, it is still triggered during each risky sign-in.
+The underlying real-time detection works each time the user signs in. If you have a sign-in risk security policy set up to multifactor authentication or block access, it is still triggered during each risky sign-in.
Due to a service issue, this functionality was temporarily disabled. The issue w
### New Multi-Factor Authentication features **Type:** New feature
-**Service category:** Multi-factor authentication
+**Service category:** Multi-factor Authentication
**Product capability:** Identity security and protection
-Azure Active Directory (Azure AD) Multi-factor authentication (MFA) is an essential part of protecting your organization. To make credentials more adaptive and the experience more seamless, the following features were added:
+Azure Active Directory (Azure AD) Multi-factor Authentication (MFA) is an essential part of protecting your organization. To make credentials more adaptive and the experience more seamless, the following features were added:
- Multi-factor challenge results are directly integrated into the Azure AD sign-in report, which includes programmatic access to MFA results. - The MFA configuration is more deeply integrated into the Azure AD configuration experience in the Azure portal.
active-directory Whats New https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/fundamentals/whats-new.md
Previously updated : 7/13/2021 Last updated : 7/30/2021
Azure AD receives improvements on an ongoing basis. To stay up to date with the
This page is updated monthly, so revisit it regularly. If you're looking for items older than six months, you can find them in [Archive for What's new in Azure Active Directory](whats-new-archive.md).
+## July 2021
+
+### New Google sign-in integration for Azure AD B2C and B2B self-service sign-up and invited external users will stop working starting July 12, 2021
+
+**Type:** Plan for change
+**Service category:** B2B
+**Product capability:** B2B/B2C
+
+
+Previously we announced that [the exception for Embedded WebViews for Gmail authentication will expire in the second half of 2021](https://www.yammer.com/cepartners/threads/1188371962232832).
+
+On July 7, 2021, we learned from Google that some of these restrictions will apply starting **July 12, 2021**. Azure AD B2B and B2C customers who set up a new Google ID sign-in in their custom or line of business applications to invite external users or enable self-service sign-up will have the restrictions applied immediately. As a result, end-users will be met with an error screen that blocks their Gmail sign-in if the authentication is not moved to a system webview. Please see the docs linked below for details.
+
+Most apps use system web-view by default, and will not be impacted by this change. This only applies to customers using embedded webviews (the non-default setting.) We advise customers to move their applicationΓÇÖs authentication to system browsers instead, prior to creating any new Google integrations. To learn how to move to system browsers for Gmail authentications, please read the Embedded vs System Web UI section in the [Using web browsers (MSAL.NET)](../develop/msal-net-web-browsers.md#embedded-vs-system-web-ui) documentation. All MSAL SDKs use the system web-view by default. [Learn more](../external-identities/google-federation.md#deprecation-of-web-view-sign-in-support).
+++
+### Google sign-in on embedded web-views expiring September 30, 2021
+
+**Type:** Plan for change
+**Service category:** B2B
+**Product capability:** B2B/B2C
+
+
+About two months ago we announced that the exception for Embedded WebViews for Gmail authentication will expire in the second half of 2021.
+
+Recently, Google has specified the date to be **September 30, 2021**.
+
+Rolling out globally beginning September 30, 2021, Azure AD B2B guests signing in with their Gmail accounts will now be prompted to enter a code in a separate browser window to finish signing in on Microsoft Teams mobile and desktop clients. This applies to invited guests as well as guests who signed up using Self-Service Sign-Up.
+
+Azure AD B2C customers who have set up embedded webview Gmail authentications in their custom/line of business apps or have existing Google integrations, will no longer be able to let their users sign in with Gmail accounts. To mitigate this, please make sure to modify your apps to use the system browser for sign-in. For more information, read the Embedded vs System Web UI section in the [Using web browsers (MSAL.NET)](../develop/msal-net-web-browsers.md#embedded-vs-system-web-ui) documentation. All MSAL SDKs use the system web-view by default.
+
+As the device login flow will start rolling out on September 30, 2021, it is likely that it may not be rolled out to your region yet (in which case, your end-users will be met with the error screen shown in the documentation until it gets deployed to your region.)
+
+For details on known impacted scenarios as well as what experience your users can expect, read [Add Google as an identity provider for B2B guest users](../external-identities/google-federation.md#deprecation-of-web-view-sign-in-support).
+++
+### Bug fixes in My Apps
+
+**Type:** Fixed
+**Service category:** My Apps
+**Product capability:** End User Experiences
+
+- Previously, the presence of the banner recommending the use of collections caused content to scroll behind the header. This issue has been resolved.
+- Previously, there was another issue when adding apps to a collection, the order of apps in All Apps collection would get randomly reordered. This issue has also been resolved.
+
+For more information on My Apps, read [Sign in and start apps from the My Apps portal](../user-help/my-apps-portal-end-user-access.md).
+++
+### Public preview - Application authentication method policies
+
+**Type:** New feature
+**Service category:** MS Graph
+**Product capability:** Developer Experience
+
+Application authentication method policies in MS Graph which allow IT admins to enforce lifetime on application password secret credential or block the use of secrets altogether. Policies can be enforced for an entire tenant as a default configuration and it can be scoped to specific applications or service principals. [Learn more](/graph/api/resources/policy-overview?view=graph-rest-1.0).
+
++
+### Public preview - Authentication Methods nudge to download Microsoft Authenticator
+
+**Type:** New feature
+**Service category:** Microsoft Authenticator App
+**Product capability:** User Authentication
+
+The Authenticator nudge policy helps admins to move their organizations to a more secure posture by prompting users to adopt the Microsoft Authenticator app. Prior to this feature, there was no way for an admin to push their users to set up the Authenticator app.
+
+The Nudge comes with the ability for an admin to scope users and groups by including and excluding them from the Nudge to ensure a smooth adoption across the organization. [Learn more](../authentication/how-to-nudge-authenticator-app.md)
+
++
+### Public preview - Separation of duties check
+
+**Type:** New feature
+**Service category:** User Access Management
+**Product capability:** Entitlement Management
+
+In Azure AD entitlement management, an administrator can define that an access package is incompatible with another access package or with a group. Users who have the incompatible memberships will be then unable to request additional access. [Learn more](../governance/entitlement-management-access-package-request-policy.md#prevent-requests-from-users-with-incompatible-access-preview).
+
++
+### Public preview - Identity Protection logs in Log Analytics, Storage Accounts, and Event Hubs
+
+**Type:** New feature
+**Service category:** Identity Protection
+**Product capability:** Identity Security & Protection
+
+You can now send the risky users and risk detections logs to Azure Monitor, Storage Accounts, or Log Analytics using the Diagnostic Settings in the Azure AD blade. [Learn more](../identity-protection/howto-export-risk-data.md).
+
++
+### Public preview - Application Proxy API addition for backend SSL certificate validation
+
+**Type:** New feature
+**Service category:** App Proxy
+**Product capability:** Access Control
+
+The onPremisesPublishing resource type now includes the property, "isBackendCertificateValidationEnabled" which indicates whether backend SSL certificate validation is enabled for the application. For all new Application Proxy apps, the property will be set to true by default. For all existing apps, the property will be set to false. For more information, read the [onPremisesPublishing resource type](/graph/api/resources/onpremisespublishing?view=graph-rest-beta) api.
+
++
+### General availability - Improved Authenticator setup experience for add Azure AD account in Microsoft Authenticator app by directly signing into the app.
+
+**Type:** New feature
+**Service category:** Microsoft Authenticator App
+**Product capability:** User Authentication
+
+Users can now use their existing authentication methods to directly sign into the Microsoft Authenticator app to set up their credential. Users don't need to scan a QR Code anymore and can use a Temporary Access Pass (TAP) or Password + SMS (or other authentication method) to configure their account in the Authenticator app.
+
+This improves the user credential provisioning process for the Microsoft Authenticator app and gives the end user a self-service method to provision the app. [Learn more](../user-help/user-help-auth-app-add-work-school-account.md#sign-in-with-your-credentials).
+
++
+### General availability - Set manager as reviewer in Azure AD entitlement management access packages
+
+**Type:** New feature
+**Service category:** User Access Management
+**Product capability:** Entitlement Management
+
+Access packages in Azure AD entitlement management now support setting the user's manager as the reviewer for regularly occurring access reviews. [Learn more](../governance/entitlement-management-access-reviews-create.md).
+++
+### General availability - Enable external users to self-service sign-up in AAD using MSA accounts
+
+**Type:** New feature
+**Service category:** B2B
+**Product capability:** B2B/B2C
+
+Users can now enable external users to self-service sign-up in Azure Active Directory using Microsoft accounts. [Learn more](../external-identities/microsoft-account.md).
+
+
+
+### General availability - External Identities Self-Service Sign-Up with Email One-time Passcode
+
+**Type:** New feature
+**Service category:** B2B
+**Product capability:** B2B/B2C
+
+
+Now users can enable external users to self-service sign-up in Azure Active Directory using their email and one-time passcode. [Learn more](../external-identities/one-time-passcode.md).
+
++
+### General availability - Anomalous token
+
+**Type:** New feature
+**Service category:** Identity Protection
+**Product capability:** Identity Security & Protection
+
+Anomalous token detection is now available in Identity Protection. This feature can detect that there are abnormal characteristics in the token such as time active and authentication from unfamiliar IP address. [Learn more](../identity-protection/concept-identity-protection-risks.md#sign-in-risk).
+
++
+### General availability - Register or join devices in Conditional Access
+
+**Type:** New feature
+**Service category:** Conditional Access
+**Product capability:** Identity Security & Protection
+
+The Register or join devices user action in Conditional access is now in general availability. This user action allows you to control Multi-factor Authentication (MFA) policies for Azure AD device registration.
+
+Currently, this user action only allows you to enable MFA as a control when users register or join devices to Azure AD. Other controls that are dependent on or not applicable to Azure AD device registration continue to be disabled with this user action. [Learn more](../conditional-access/concept-conditional-access-cloud-apps.md#user-actions).
+++
+### New provisioning connectors in the Azure AD Application Gallery - July 2021
+
+**Type:** New feature
+**Service category:** App Provisioning
+**Product capability:** 3rd Party Integration
+
+You can now automate creating, updating, and deleting user accounts for these newly integrated apps:
+
+- [Clebex](../saas-apps/clebex-provisioning-tutorial.md)
+- [Exium](../saas-apps/exium-provisioning-tutorial.md)
+- [SoSafe](../saas-apps/sosafe-provisioning-tutorial.md)
+- [Talentech](../saas-apps/talentech-provisioning-tutorial.md)
+- [Thrive LXP](../saas-apps/thrive-lxp-provisioning-tutorial.md)
+- [Vonage](../saas-apps/vonage-provisioning-tutorial.md)
+- [Zip](../saas-apps/zip-provisioning-tutorial.md)
+- [TimeClock 365](../saas-apps/timeclock-365-provisioning-tutorial.md)
+
+For more information about how to better secure your organization by using automated user account provisioning, read [Automate user provisioning to SaaS applications with Azure AD](../manage-apps/user-provisioning.md).
+++
+### Changes to security and Microsoft 365 group settings in Azure portal
+
+**Type:** Changed feature
+**Service category:** Group Management
+**Product capability:** Directory
+
+
+In the past, users could create security groups and Microsoft 365 groups in the Azure portal. Now users will have the ability to create groups across Azure portals, PowerShell, and API. Customers are required to verify and update the new settings have been configured for their organization. [Learn More](../enterprise-users/groups-self-service-management.md#group-settings).
+
++
+### "All Apps" collection has been renamed to "Apps"
+
+**Type:** Changed feature
+**Service category:** My Apps
+**Product capability:** End User Experiences
+
+In the My Apps portal, the collection that was called "All Apps" has been renamed to be called "Apps". As the product evolves, "Apps" is a more fitting name for this default collection. [Learn more](../manage-apps/my-apps-deployment-plan.md#plan-the-user-experience).
+
+
+
## June 2021 ### Context panes to display risk details in Identity Protection Reports
For the Risky users, Risky sign-ins, and Risk detections reports in Identity Pro
-### Public preview - create Azure AD access reviews of Service Principals that are assigned to privileged roles
+### Public preview - create Azure AD access reviews of Service Principals that are assigned to privileged roles
**Type:** New feature **Service category:** Access Reviews
For the Risky users, Risky sign-ins, and Risk detections reports in Identity Pro
-### Public preview - group owners in Azure AD can create and manage Azure AD access reviews for their groups
+### Public preview - group owners in Azure AD can create and manage Azure AD access reviews for their groups
**Type:** New feature **Service category:** Access Reviews
Now group owners in Azure AD can create and manage Azure AD access reviews on th
-### Public preview - customers can scope access reviews of privileged roles to just users with eligible or active access
+### Public preview - customers can scope access reviews of privileged roles to just users with eligible or active access
**Type:** New feature **Service category:** Access Reviews
When admins create access reviews of assignments to privileged roles, they can s
-### Public preview - Microsoft Graph APIs for Mobility (MDM/MAM) management policies
+### Public preview - Microsoft Graph APIs for Mobility (MDM/MAM) management policies
**Type:** New feature **Service category:** Other
Access packages in Entitlement Management now support multi-geo SharePoint site
-### [General Availability] Knowledge Admin and Knowledge Manager built-in roles
+### General availability - Knowledge Admin and Knowledge Manager built-in roles
**Type:** New feature **Service category:** RBAC
Starting October 1, 2021, Azure AD Identity Protection will no longer generate t
## May 2021
-### Public preview - Azure AD verifiable credentials
+### Public preview - Azure AD verifiable credentials
**Type:** New feature **Service category:** Other
Azure AD customers can now easily design and issue verifiable credentials. Verif
-### Public Preview - Device code flow now includes an app verification prompt
+### Public preview - Device code flow now includes an app verification prompt
**Type:** New feature **Service category:** User Authentication
To help prevent phishing attacks where an attacker tricks the user into signing
-### Public Preview - build and test expressions for user provisioning
+### Public preview - build and test expressions for user provisioning
**Type:** New feature **Service category:** App Provisioning
The expression builder allows you to create and test expressions, without having
-### Public preview - enhanced audit logs for Conditional Access policy changes
+### Public preview - enhanced audit logs for Conditional Access policy changes
**Type:** New feature **Service category:** Conditional Access
As well as showing who made a policy change and when, the audit logs will now al
-### Public preview - Sign-in logs include authentication methods used during sign-in
+### Public preview - Sign-in logs include authentication methods used during sign-in
**Type:** New feature **Service category:** MFA
To access these details, go to the Azure AD sign-in logs, select a sign-in, and
-### Public preview - PIM adds support for ABAC conditions in Azure Storage roles
+### Public preview - PIM adds support for ABAC conditions in Azure Storage roles
**Type:** New feature **Service category:** Privileged Identity Management
Additionally, to prevent admins from defining problematically named locations, e
-### General Availability - Restricted guest access permissions in Azure AD
+### General availability - Restricted guest access permissions in Azure AD
**Type:** New feature **Service category:** User Management
Users will no longer be limited to create security and Microsoft 365 groups only
-### Public Preview - External Identities Self-Service Sign-up in AAD using Email One-Time Passcode accounts
+### Public preview - External Identities Self-Service Sign-up in AAD using Email One-Time Passcode accounts
**Type:** New feature **Service category:** B2B
External users can now use Email One-Time Passcode accounts to sign up or sign i
-### General Availability - External Identities Self-Service Sign Up
+### General availability - External Identities Self-Service Sign Up
**Type:** New feature **Service category:** B2B
For more information, see [Enable support for TLS 1.2 in your environment for Az
-### Public Preview - Azure AD Entitlement management now supports multi-geo SharePoint Online
+### Public preview - Azure AD Entitlement management now supports multi-geo SharePoint Online
**Type:** New feature **Service category:** Other
For organizations using multi-geo SharePoint Online, you can now include sites f
-### Public Preview - Restore deleted apps from App registrations
+### Public preview - Restore deleted apps from App registrations
**Type:** New feature **Service category:** Other
Customers can now view, restore, and permanently remove deleted app registration
-### Public preview - New "User action" in Conditional Access for registering or joining devices
+### Public preview - New "User action" in Conditional Access for registering or joining devices
**Type:** New feature **Service category:** Conditional Access **Product capability:** Identity Security & Protection
- A new user action called "Register or join devices" in Conditional access is available. This user action allows you to control Multi-factor authentication (MFA) policies for Azure AD device registration.
+ A new user action called "Register or join devices" in Conditional access is available. This user action allows you to control Multi-factor Authentication (MFA) policies for Azure AD device registration.
Currently, this user action only allows you to enable MFA as a control when users register or join devices to Azure AD. Other controls that are dependent on or not applicable to Azure AD device registration are disabled with this user action. [Learn more](../conditional-access/concept-conditional-access-cloud-apps.md#user-actions).
-### Public Preview - Optimize connector groups to use the closest Application Proxy cloud service
+### Public preview - Optimize connector groups to use the closest Application Proxy cloud service
**Type:** New feature **Service category:** App Proxy
With this new capability, connector groups can be assigned to the closest region
-### Public Preview - External Identities Self-Service Sign-up in AAD using Email One-Time Passcode accounts
+### Public preview - External Identities Self-Service Sign-up in AAD using Email One-Time Passcode accounts
**Type:** New feature **Service category:** B2B
External users will now be able to use Email One-Time Passcode accounts to sign
-### Public Preview - Availability of AD FS Sign-Ins in Azure AD
+### Public preview - Availability of AD FS Sign-Ins in Azure AD
**Type:** New feature **Service category:** Authentications (Logins)
Staged rollout to cloud authentication is now generally available. The staged ro
-### General Availability - User Type attribute can now be updated in the Azure admin portal
+### General availability - User Type attribute can now be updated in the Azure admin portal
**Type:** New feature **Service category:** User Experience and Management
Customers can now update the user type of Azure AD users when they update their
-### General Availability - Replica Sets for Azure Active Directory Domain Services
+### General availability - Replica Sets for Azure Active Directory Domain Services
**Type:** New feature **Service category:** Azure AD Domain Services
To reduce the number of unnecessary Conditional Access prompts, Azure AD is chan
-### Public Preview - Use a Temporary Access Pass to register Passwordless credentials
+### Public preview - Use a Temporary Access Pass to register Passwordless credentials
**Type:** New feature **Service category:** MFA
Temporary Access Pass is a time-limited passcode that serves as strong credentia
-### Public preview - Keep me signed in (KMSI) in next generation of user flows
+### Public preview - Keep me signed in (KMSI) in next generation of user flows
**Type:** New feature **Service category:** B2C - Consumer Identity Management
The next generation of B2C user flows now supports the [keep me signed in (KMSI)
-### Public Preview - Reset redemption status for a guest user
+### Public preview - Reset redemption status for a guest user
**Type:** New feature **Service category:** B2B
Customers can now reinvite existing external guest users to reset their redempti
-### Public Preview - /synchronization (provisioning) APIs now support application permissions
+### Public preview - /synchronization (provisioning) APIs now support application permissions
**Type:** New feature **Service category:** App Provisioning
Customers can now use application.readwrite.ownedby as an application permission
-### General Availability - Authentication Policy Administrator built-in role
+### General availability - Authentication Policy Administrator built-in role
**Type:** New feature **Service category:** RBAC
Users can now create their own groupings of apps on the My Apps app launcher. Th
**Service category:** Microsoft Authenticator App **Product capability:** Identity Security & Protection
-Microsoft Authenticator provides multi-factor authentication (MFA) and account management capabilities, and now also will autofill passwords on sites and apps users visit on their mobile (iOS and Android).
+Microsoft Authenticator provides Multi-factor Authentication (MFA) and account management capabilities, and now also will autofill passwords on sites and apps users visit on their mobile (iOS and Android).
To use autofill on Authenticator, users need to add their personal Microsoft account to Authenticator and use it to sync their passwords. Work or school accounts cannot be used to sync passwords at this time. [Learn more](../user-help/user-help-auth-app-faq.md#autofill-for-it-admins).
Customers can now invite internal guests to use B2B collaboration instead of sen
-### General Availability - Domain Name Administrator built-in role
+### General availability - Domain Name Administrator built-in role
**Type:** New feature **Service category:** RBAC
For more information, read [Automate user provisioning to SaaS applications with
-### General Availability - 10 Azure Active Directory roles now renamed
+### General availability - 10 Azure Active Directory roles now renamed
**Type:** Changed feature **Service category:** RBAC
In the past, company logos weren't used on Azure Active Directory sign-in pages.
-### General Availability - Second level manager can be set as alternate approver
+### General availability - Second level manager can be set as alternate approver
**Type:** Changed feature **Service category:** User Access Management
The refreshed Authentication Methods Activity dashboard gives admins an overview
Refresh and session token lifetimes configurability in CTL are retired. Azure Active Directory no longer honors refresh and session token configuration in existing policies. [Learn more](../develop/active-directory-configurable-token-lifetimes.md#token-lifetime-policies-for-refresh-tokens-and-session-tokens).
-
-## January 2021
-
-### Secret token will be a mandatory field when configuring provisioning
-
-**Type:** Plan for change
-**Service category:** App Provisioning
-**Product capability:** Identity Lifecycle Management
-
-In the past, the secret token field could be kept empty when setting up provisioning on the custom / BYOA application. This function was intended to solely be used for testing. We'll update the UI to make the field required.
-
-Customers can work around this requirement for testing purposes by using a feature flag in the browser URL. [Learn more](../app-provisioning/use-scim-to-provision-users-and-groups.md#authorization-to-provisioning-connectors-in-the-application-gallery).
-
--
-### Public Preview - Customize and configure Android shared devices for frontline workers at scale
-
-**Type:** New feature
-**Service category:** Device Registration and Management
-**Product capability:** Identity Security & Protection
-
-Azure AD and Microsoft Endpoint Manager teams have combined to bring the capability to customize, scale, and secure your frontline worker devices.
-
-The following preview capabilities will allow you to:
-- Provision Android shared devices at scale with Microsoft Endpoint Manager-- Secure your access for shift workers using device-based conditional access-- Customize sign-in experiences for the shift workers with Managed Home Screen-
-To learn more, refer to [Customize and configure shared devices for frontline workers at scale](https://techcommunity.microsoft.com/t5/azure-active-directory-identity/customize-and-configure-shared-devices-for-firstline-workers-at/ba-p/1751708).
---
-### Public preview - Provisioning logs can now be downloaded as a CSV or JSON
-
-**Type:** New feature
-**Service category:** App Provisioning
-**Product capability:** Identity Lifecycle Management
-
-Customers can download the provisioning logs as a CSV or JSON file through the UI and via graph API. To learn more, refer to [Provisioning reports in the Azure Active Directory portal](../reports-monitoring/concept-provisioning-logs.md).
---
-### Public preview - Assign cloud groups to Azure AD custom roles and admin unit scoped roles
-
-**Type:** New feature
-**Service category:** RBAC
-**Product capability:** Access Control
-
-Customers can assign a cloud group to Azure AD custom roles or an admin unit scoped role. To learn how to use this feature, refer to [Use cloud groups to manage role assignments in Azure Active Directory](../roles/groups-concept.md).
---
-### General Availability - Azure AD Connect cloud sync (previously known as cloud provisioning)
-
-**Type:** New feature
-**Service category:** Azure AD Connect cloud sync
-**Product capability:** Identity Lifecycle Management
-
-Azure AD Connect cloud sync is now generally available to all customers.
-
-Azure AD Connect cloud moves the heavy lifting of transform logic to the cloud, reducing your on-premises footprint. Additionally, multiple light-weight agent deployments are available for higher sync availability. [Learn more](https://aka.ms/cloudsyncGA).
-
-
-### General Availability - Attack Simulation Administrator and Attack Payload Author built-in roles
-
-**Type:** New feature
-**Service category:** RBAC
-**Product capability:** Access Control
-
-Two new roles in Role-Based Access Control are available to assign to users, Attack simulation Administrator and Attack Payload author.
-
-Users in the [Attack Simulation Administrator](../roles/permissions-reference.md#attack-simulation-administrator) role have access for all simulations in the tenant and can:
-- create and manage all aspects of attack simulation creation-- launch/scheduling of a simulation-- review simulation results. -
-Users in the [Attack Payload Author](../roles/permissions-reference.md#attack-payload-author) role can create attack payloads but not actually launch or schedule them. Attack payloads are then available to all administrators in the tenant who can use them to create a simulation.
---
-### General Availability - Usage Summary Reports Reader built-in role
-
-**Type:** New feature
-**Service category:** RBAC
-**Product capability:** Access Control
-
-Users with the Usage Summary Reports Reader role can access tenant level aggregated data and associated insights in Microsoft 365 Admin Center for Usage and Productivity Score. However, they can't access any user level details or insights.
-
-In the Microsoft 365 Admin Center for the two reports, we differentiate between tenant level aggregated data and user level details. This role adds an extra layer of protection to individual user identifiable data. [Learn more](../roles/permissions-reference.md#usage-summary-reports-reader).
---
-### General availability - Require App protection policy grant in Azure AD Conditional Access
-
-**Type:** New Feature
-**Service category:** Conditional Access
-**Product capability:** Identity Security & Protection
-
-Azure AD Conditional Access grant for "Require App Protection policy" is now GA.
-
-The policy provides the following capabilities:
-- Allows access only when using a mobile application that supports Intune App protection-- Allows access only when a user has an Intune app protection policy delivered to the mobile application-
-Learn more on how to set up a conditional access policy for app protection [here](../conditional-access/app-protection-based-conditional-access.md).
-
--
-### General availability - Email One-Time Passcode
-
-**Type:** New feature
-**Service category:** B2B
-**Product capability:** B2B/B2C
-
-Email OTP enables organizations around the world to collaborate with anyone by sending a link or invitation via email. Invited users can verify their identity with the one-time passcode sent to their email to access their partner's resources. [Learn more](../external-identities/one-time-passcode.md).
-
--
- ### New provisioning connectors in the Azure AD Application Gallery - January 2021
-
-**Type:** New feature
-**Service category:** App Provisioning
-**Product capability:** 3rd Party Integration
-
-You can now automate creating, updating, and deleting user accounts for these newly integrated apps:
-- [Fortes Change Cloud](../saas-apps/fortes-change-cloud-provisioning-tutorial.md)-- [Gtmhub](../saas-apps/gtmhub-provisioning-tutorial.md)-- [monday.com](../saas-apps/mondaycom-provisioning-tutorial.md)-- [Splashtop](../saas-apps/splashtop-provisioning-tutorial.md)-- [Templafy OpenID Connect](../saas-apps/templafy-openid-connect-provisioning-tutorial.md)-- [WEDO](../saas-apps/wedo-provisioning-tutorial.md)-
-For more information, see [What is automated SaaS app user provisioning in Azure AD?](../app-provisioning/user-provisioning.md)
---
-### New Federated Apps available in Azure AD Application gallery - January 2021
-
-**Type:** New feature
-**Service category:** Enterprise Apps
-**Product capability:** 3rd Party Integration
-
-In January 2021 we have added following 29 new applications in our App gallery with Federation support:
-
-[mySCView](https://dev.myscview.com/), [Talentech](https://talentech.com/contact/), [Bipsync](https://www.bipsync.com/), [OroTimesheet](https://app.orotimesheet.com/login.php), [Mio](https://app.m.io/auth/install/microsoft?scopetype=hub), [Sovelto Easy](https://login.soveltoeasy.fi/), [Supportbench](https://account.supportbench.net/agent/login/),[Bienvenue Formation](https://formation.bienvenue.pro/login), [AIDA Healthcare SSO](https://aidaforparents.com/login/organizations), [International SOS Assistance Products](../saas-apps/international-sos-assistance-products-tutorial.md), [NAVEX One](../saas-apps/navex-one-tutorial.md), [LabLog](../saas-apps/lablog-tutorial.md), [Oktopost SAML](../saas-apps/oktopost-saml-tutorial.md), [EPHOTO DAM](../saas-apps/ephoto-dam-tutorial.md), [Notion](../saas-apps/notion-tutorial.md), [Syndio](../saas-apps/syndio-tutorial.md), [Yello Enterprise](../saas-apps/yello-enterprise-tutorial.md), [Timeclock 365 SAML](../saas-apps/timeclock-365-saml-tutorial.md), [Nalco E-data](https://www.ecolab.com/), [Vacancy Filler](https://app.vacancy-filler.co.uk/VFMVC/Account/Login), [Synerise AI Growth Ecosystem](../saas-apps/synerise-ai-growth-ecosystem-tutorial.md), [Imperva Data Security](../saas-apps/imperva-data-security-tutorial.md), [Illusive Networks](../saas-apps/illusive-networks-tutorial.md), [Proware](../saas-apps/proware-tutorial.md), [Splan Visitor](../saas-apps/splan-visitor-tutorial.md), [Aruba User Experience Insight](../saas-apps/aruba-user-experience-insight-tutorial.md), [Contentsquare SSO](../saas-apps/contentsquare-sso-tutorial.md), [Perimeter 81](../saas-apps/perimeter-81-tutorial.md), [Burp Suite Enterprise Edition](../saas-apps/burp-suite-enterprise-edition-tutorial.md)
-
-You can also find the documentation of all the applications from here https://aka.ms/AppsTutorial
-
-For listing your application in the Azure AD app gallery, read the details here https://aka.ms/AzureADAppRequest
---
-### Public preview - Second level manager can be set as alternate approver
-
-**Type:** Changed feature
-**Service category:** User Access Management
-**Product capability:** Entitlement Management
-
-An extra option when you select approvers is now available in Entitlement Management. If you select "Manager as approver" for the First Approver, you will have another option, "Second level manager as alternate approver", available to choose in the alternate approver field. If you select this option, you need to add a fallback approver to forward the request to in case the system can't find the second level manager. [Learn more](../governance/entitlement-management-access-package-approval-policy.md#alternate-approvers)
-
--
-### General availability - Navigate to Teams directly from My Access portal
-
-**Type:** Changed feature
-**Service category:** User Access Management
-**Product capability:** Entitlement Management
-
-You can now launch Teams directly from the My Access portal.
-
-To do so, sign-in to My Access (https://myaccess.microsoft.com/), navigate to "Access packages", then go to the "Active" tab to see all of the access packages you already have access to. When you expand the selected access package and hover on Teams, you can launch it by clicking on the "Open" button. [Learn more](../governance/entitlement-management-request-access.md).
-
--
-### Improved Logging & End-User Prompts for Risky Guest Users
-
-**Type:** Changed feature
-**Service category:** Identity Protection
-**Product capability:** Identity Security & Protection
-
-
-The Logging and End-User Prompts for Risky Guest Users have been updated. Learn more in [Identity Protection and B2B users](../identity-protection/concept-identity-protection-b2b.md).
-
-
aks Azure Files Volume https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/aks/azure-files-volume.md
Update your container spec to reference your *PersistentVolumeClaim* and update
claimName: azurefile ```
+As the pod spec can't be updated in place, use `kubectl` commands to delete, and then re-create the pod:
+
+```console
+kubectl delete pod mypod
+
+kubectl apply -f azure-files-pod.yaml
+```
+ ## Next steps For associated best practices, see [Best practices for storage and backups in AKS][operator-best-practices-storage].
app-service Intro https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/app-service/environment/intro.md
ms.assetid: 3c7eaefa-1850-4643-8540-428e8982b7cb Previously updated : 04/19/2018 Last updated : 07/28/2021
ASEs host applications from only one customer and do so in one of their VNets. C
## Dedicated environment ##
-An ASE is dedicated exclusively to a single subscription and can host 100 App Service Plan instances. The range can span 100 instances in a single App Service plan to 100 single-instance App Service plans, and everything in between.
+An ASE is dedicated environment that is exclusive to a single customer and can host 200 App Service plan total instances. A single Isolated SKU App Service plan can have up to 100 instances in it. When you add up all the instances from all of the App Service plans in that ASE, the total must be less than or equal to 200.
An ASE is composed of front ends and workers. Front ends are responsible for HTTP/HTTPS termination and automatic load balancing of app requests within an ASE. Front ends are automatically added as the App Service plans in the ASE are scaled out.
app-service Overview https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/app-service/environment/overview.md
The ASEv3 is available in the following regions.
|Normal and dedicated host ASEv3 regions| AZ ASEv3 regions| ||| |Australia East| Australia East|
-|Australia Southeast|Canada Central|
-|Brazil South |Central US|
-|Canada Central| East US|
-|Central India | East US 2|
-|Central US |France Central|
-|East Asia | Germany West Central|
-|East US | North Europe|
-|East US 2| South Central US|
-|France Central | Southeast Asia|
-|Germany West Central | UK South|
-|Korea Central | West Europe|
-|North Europe |West US 2|
-|Norway East | |
+|Australia Southeast|Brazil South|
+|Brazil South |Canada Central|
+|Canada Central|Central US|
+|Central India |East US|
+|Central US |East US 2|
+|East Asia | France Central|
+|East US | Germany West Central|
+|East US 2| North Europe|
+|France Central | South Central US|
+|Germany West Central | Southeast Asia|
+|Korea Central | UK South|
+|North Europe | West Europe|
+|Norway East | West US 2 |
|South Africa North| | |South Central US | | |Southeast Asia| |
azure-sql Active Geo Replication Security Configure https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-sql/database/active-geo-replication-security-configure.md
The last step is to go to the target server, or servers, and generate the logins
```sql CREATE LOGIN [<login name>]
-WITH PASSWORD = <login password>,
-SID = <desired login SID>
+WITH PASSWORD = '<login password>',
+SID = 0x1234 /*replace 0x1234 with the desired login SID*/
``` > [!NOTE] > If you want to grant user access to the secondary, but not to the primary, you can do that by altering the user login on the primary server by using the following syntax. > > ```sql
-> ALTER LOGIN <login name> DISABLE
+> ALTER LOGIN [<login name>] DISABLE
> ``` > > DISABLE doesnΓÇÖt change the password, so you can always enable it if needed.
azure-sql Auditing Overview https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-sql/database/auditing-overview.md
Previously updated : 07/22/2021 Last updated : 08/01/2021 # Auditing for Azure SQL Database and Azure Synapse Analytics
An auditing policy can be defined for a specific database or as a default [serve
- When using Azure AD Authentication, failed logins records will *not* appear in the SQL audit log. To view failed login audit records, you need to visit the [Azure Active Directory portal](../../active-directory/reports-monitoring/concept-sign-ins.md), which logs details of these events. - Logins are routed by the gateway to the specific instance where the database is located. In the case of AAD logins, the credentials are verified before attempting to use that user to login into the requested database. In the case of failure, the requested database is never accessed, so no auditing occurs. In the case of SQL logins, the credentials are verified on the requested data, so in this case they can be audited. Successful logins, which obviously reach the database, are audited in both cases. - After you've configured your auditing settings, you can turn on the new threat detection feature and configure emails to receive security alerts. When you use threat detection, you receive proactive alerts on anomalous database activities that can indicate potential security threats. For more information, see [Getting started with threat detection](threat-detection-overview.md).
+- After a database with auditing enabled is copied to another Azure SQL logical server, you may receive an email notifying you that the audit failed. This is a known issue and auditing should work as expected on the newly copied database.
## <a id="setup-auditing"></a>Set up auditing for your server
You can manage Azure SQL Database auditing using [Azure Resource Manager](../../
- Data Exposed episode [What's New in Azure SQL Auditing](https://channel9.msdn.com/Shows/Data-Exposed/Whats-New-in-Azure-SQL-Auditing) on Channel 9. - [Auditing for SQL Managed Instance](../managed-instance/auditing-configure.md)-- [Auditing for SQL Server](/sql/relational-databases/security/auditing/sql-server-audit-database-engine)
+- [Auditing for SQL Server](/sql/relational-databases/security/auditing/sql-server-audit-database-engine)
azure-sql Authentication Aad Configure https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-sql/database/authentication-aad-configure.md
Set-AzSqlServerActiveDirectoryAdministrator -ResourceGroupName "Group-23" -Serve
The **DisplayName** input parameter accepts either the Azure AD display name or the User Principal Name. For example, ``DisplayName="John Smith"`` and ``DisplayName="johns@contoso.com"``. For Azure AD groups only the Azure AD display name is supported. > [!NOTE]
-> The Azure PowerShell command ```Set-AzSqlServerActiveDirectoryAdministrator``` does not prevent you from provisioning Azure AD admins for unsupported users. An unsupported user can be provisioned, but can not connect to a database.
+> The Azure PowerShell command `Set-AzSqlServerActiveDirectoryAdministrator` does not prevent you from provisioning Azure AD admins for unsupported users. An unsupported user can be provisioned, but can not connect to a database.
The following example uses the optional **ObjectID**:
However, using Azure Active Directory authentication with SQL Database and Azure
To create an Azure AD-based contained database user (other than the server administrator that owns the database), connect to the database with an Azure AD identity, as a user with at least the **ALTER ANY USER** permission. Then use the following Transact-SQL syntax: ```sql
-CREATE USER <Azure_AD_principal_name> FROM EXTERNAL PROVIDER;
+CREATE USER [<Azure_AD_principal_name>] FROM EXTERNAL PROVIDER;
``` *Azure_AD_principal_name* can be the user principal name of an Azure AD user or the display name for an Azure AD group.
azure-sql Elastic Jobs Overview https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-sql/database/elastic-jobs-overview.md
Set the number of concurrent databases a job runs on by setting the `sp_add_jobs
### Idempotent scripts A job's T-SQL scripts must be [idempotent](https://en.wikipedia.org/wiki/Idempotence). **Idempotent** means that if the script succeeds, and it is run again, the same result occurs. A script may fail due to transient network issues. In that case, the job will automatically retry running the script a preset number of times before desisting. An idempotent script has the same result even if its been successfully run twice (or more).
-A simple tactic is to test for the existence of an object before creating it.
-
+A simple tactic is to test for the existence of an object before creating it. A hypothetical example is shown below:
```sql
-IF NOT EXISTS (some_object)
+IF NOT EXISTS (SELECT * FROM sys.objects WHERE [name] = N'some_object')
+ print 'Object does not exist'
-- Create the object
+ELSE
+ print 'Object exists'
-- If it exists, drop the object before recreating it. ``` Similarly, a script must be able to execute successfully by logically testing for and countering any conditions it finds. -- ## Next steps - [Create and manage Elastic Jobs using PowerShell](elastic-jobs-powershell-create.md)
azure-sql Elastic Query Horizontal Partitioning https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-sql/database/elastic-query-horizontal-partitioning.md
The credential is used by the elastic query to connect to your remote databases.
```sql CREATE MASTER KEY ENCRYPTION BY PASSWORD = 'password';
-CREATE DATABASE SCOPED CREDENTIAL <credential_name> WITH IDENTITY = '<username>',
-SECRET = '<password>'
-[;]
+CREATE DATABASE SCOPED CREDENTIAL [<credential_name>] WITH IDENTITY = '<username>',
+SECRET = '<password>';
``` > [!NOTE]
SECRET = '<password>'
Syntax:
-```sql
+```syntaxsql
<External_Data_Source> ::= CREATE EXTERNAL DATA SOURCE <data_source_name> WITH (TYPE = SHARD_MAP_MANAGER,
The same credentials are used to read the shard map and to access the data on th
Syntax:
-```sql
+```syntaxsql
CREATE EXTERNAL TABLE [ database_name . [ schema_name ] . | schema_name. ] table_name ( { <column_definition> } [ ,...n ]) { WITH ( <sharded_external_table_options> ) }
SELECT * from sys.external_tables;
To drop external tables:
-```sql
+```syntaxsql
DROP EXTERNAL TABLE [ database_name . [ schema_name ] . | schema_name. ] table_name[;] ```
azure-sql Elastic Query Vertical Partitioning https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-sql/database/elastic-query-vertical-partitioning.md
Last updated 01/25/2019
![Query across tables in different databases][1]
-Vertically-partitioned databases use different sets of tables on different databases. That means that the schema is different on different databases. For instance, all tables for inventory are on one database while all accounting-related tables are on a second database.
+Vertically partitioned databases use different sets of tables on different databases. That means that the schema is different on different databases. For instance, all tables for inventory are on one database while all accounting-related tables are on a second database.
## Prerequisites
The credential is used by the elastic query to connect to your remote databases.
```sql CREATE MASTER KEY ENCRYPTION BY PASSWORD = 'master_key_password';
-CREATE DATABASE SCOPED CREDENTIAL <credential_name> WITH IDENTITY = '<username>',
-SECRET = '<password>'
-[;]
+CREATE DATABASE SCOPED CREDENTIAL [<credential_name>] WITH IDENTITY = '<username>',
+SECRET = '<password>';
``` > [!NOTE]
SECRET = '<password>'
Syntax:
+```syntaxsql
<External_Data_Source> ::= CREATE EXTERNAL DATA SOURCE <data_source_name> WITH (TYPE = RDBMS,
CREATE EXTERNAL DATA SOURCE <data_source_name> WITH
DATABASE_NAME = ΓÇÿ<remote_database_name>ΓÇÖ, CREDENTIAL = <credential_name> ) [;]-
+```
> [!IMPORTANT] > The TYPE parameter must be set to **RDBMS**.
select * from sys.external_data_sources;
Syntax:
+```syntaxsql
CREATE EXTERNAL TABLE [ database_name . [ schema_name ] . | schema_name . ] table_name ( { <column_definition> } [ ,...n ]) { WITH ( <rdbms_external_table_options> ) }
CREATE EXTERNAL TABLE [ database_name . [ schema_name ] . | schema_name . ] tabl
DATA_SOURCE = <External_Data_Source>, [ SCHEMA_NAME = N'nonescaped_schema_name',] [ OBJECT_NAME = N'nonescaped_object_name',]
+```
### Example
Elastic query extends the existing external table syntax to define external tabl
Using an external data source as outlined in the previous section, the syntax to create external tables is as follows:
-The DATA_SOURCE clause defines the external data source (i.e. the remote database in case of vertical partitioning) that is used for the external table.
+The DATA_SOURCE clause defines the external data source (i.e. the remote database in vertical partitioning) that is used for the external table.
-The SCHEMA_NAME and OBJECT_NAME clauses provide the ability to map the external table definition to a table in a different schema on the remote database, or to a table with a different name, respectively. This is useful if you want to define an external table to a catalog view or DMV on your remote database - or any other situation where the remote table name is already taken locally.
+The SCHEMA_NAME and OBJECT_NAME clauses allow mapping the external table definition to a table in a different schema on the remote database, or to a table with a different name, respectively. This mapping is useful if you want to define an external table to a catalog view or DMV on your remote database - or any other situation where the remote table name is already taken locally.
The following DDL statement drops an existing external table definition from the local catalog. It does not impact the remote database.
The following DDL statement drops an existing external table definition from the
DROP EXTERNAL TABLE [ [ schema_name ] . | schema_name. ] table_name[;] ```
-**Permissions for CREATE/DROP EXTERNAL TABLE**: ALTER ANY EXTERNAL DATA SOURCE permissions are needed for external table DDL which is also needed to refer to the underlying data source.
+**Permissions for CREATE/DROP EXTERNAL TABLE**: ALTER ANY EXTERNAL DATA SOURCE permissions are needed for external table DDL, which is also needed to refer to the underlying data source.
## Security considerations
-Users with access to the external table automatically gain access to the underlying remote tables under the credential given in the external data source definition. You should carefully manage access to the external table in order to avoid undesired elevation of privileges through the credential of the external data source. Regular SQL permissions can be used to GRANT or REVOKE access to an external table just as though it were a regular table.
+Users with access to the external table automatically gain access to the underlying remote tables under the credential given in the external data source definition. Carefully manage access to the external table, in order to avoid undesired elevation of privileges through the credential of the external data source. Regular SQL permissions can be used to GRANT or REVOKE access to an external table just as though it were a regular table.
## Example: querying vertically partitioned databases
azure-sql Ledger How To Access Acl Digest https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-sql/database/ledger-how-to-access-acl-digest.md
Azure SQL Server calculates the digests of the [ledger databases](ledger-overvie
Use [SQL Server Management Studio](/sql/ssms/download-sql-server-management-studio-ssms) to run the following query. The output shows the endpoint of the Confidential Ledger instance where the digests are stored. ```sql
-SELECT * FROM sys.database_ledger_digest_locations WHERE path like '%.confidential-ledger.azure.com%
+SELECT * FROM sys.database_ledger_digest_locations WHERE path like '%.confidential-ledger.azure.com%'
``` ## 2. Determine the subledgerid
azure-sql Ledger How To Updatable Ledger Tables https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-sql/database/ledger-how-to-updatable-ledger-tables.md
We'll create an account balance table with the following schema.
FROM [Account].[Balance] GO
- SELECT * FROM <Your unique history table name>
+ SELECT * FROM [<Your unique history table name>]
GO SELECT * FROM Account.Balance_Ledger
azure-sql Manage Application Rolling Upgrade https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-sql/database/manage-application-rolling-upgrade.md
When the preparation steps are complete, the staging environment is ready for th
```sql -- Set the production database to read-only mode
-ALTER DATABASE <Prod_DB>
-SET (ALLOW_CONNECTIONS = NO)
+ALTER DATABASE [<Prod_DB>]
+SET READ_ONLY
``` 2. Terminate geo-replication by disconnecting the secondary (11). This action creates an independent but fully synchronized copy of the production database. This database will be upgraded. The following example uses Transact-SQL but [PowerShell](/powershell/module/az.sql/remove-azsqldatabasesecondary) is also available. ```sql -- Disconnect the secondary, terminating geo-replication
-ALTER DATABASE <Prod_DB>
-REMOVE SECONDARY ON SERVER <Partner-Server>
+ALTER DATABASE [<Prod_DB>]
+REMOVE SECONDARY ON SERVER [<Partner-Server>]
``` 3. Run the upgrade script against `contoso-1-staging.azurewebsites.net`, `contoso-dr-staging.azurewebsites.net`, and the staging primary database (12). The database changes will be replicated automatically to the staging secondary.
azure-sql Secure Database Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-sql/database/secure-database-tutorial.md
To add a user with Azure AD authentication:
1. In the query window, enter the following command and modify `<Azure_AD_principal_name>` to the principal name of the Azure AD user or the display name of the Azure AD group: ```sql
- CREATE USER <Azure_AD_principal_name> FROM EXTERNAL PROVIDER;
+ CREATE USER [<Azure_AD_principal_name>] FROM EXTERNAL PROVIDER;
``` > [!NOTE]
azure-sql Sql Data Sync Update Sync Schema https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-sql/database/sql-data-sync-update-sync-schema.md
CREATE TRIGGER SchemaChangesTrigger
ON SchemaChanges AFTER INSERT AS
-DECLARE \@lastAppliedId bigint
-DECLARE \@id bigint
-DECLARE \@sqlStmt nvarchar(max)
-SELECT TOP 1 \@lastAppliedId=LastAppliedId FROM SchemaChangeHistory
-SELECT TOP 1 \@id = id, \@SqlStmt = SqlStmt FROM SchemaChanges WHERE id \> \@lastAppliedId ORDER BY id
-IF (\@id = \@lastAppliedId + 1)
+DECLARE @lastAppliedId bigint
+DECLARE @id bigint
+DECLARE @sqlStmt nvarchar(max)
+SELECT TOP 1 @lastAppliedId=LastAppliedId FROM SchemaChangeHistory
+SELECT TOP 1 @id = id, @SqlStmt = SqlStmt FROM SchemaChanges WHERE id > @lastAppliedId ORDER BY id
+IF (@id = @lastAppliedId + 1)
BEGIN
- EXEC sp_executesql \@SqlStmt
- UPDATE SchemaChangeHistory SET LastAppliedId = \@id
+ EXEC sp_executesql @SqlStmt
+ UPDATE SchemaChangeHistory SET LastAppliedId = @id
WHILE (1 = 1) BEGIN
- SET \@id = \@id + 1
- IF exists (SELECT id FROM SchemaChanges WHERE ID = \@id)
+ SET @id = @id + 1
+ IF exists (SELECT id FROM SchemaChanges WHERE ID = @id)
BEGIN
- SELECT \@sqlStmt = SqlStmt FROM SchemaChanges WHERE ID = \@id
- EXEC sp_executesql \@SqlStmt
- UPDATE SchemaChangeHistory SET LastAppliedId = \@id
+ SELECT @sqlStmt = SqlStmt FROM SchemaChanges WHERE ID = @id
+ EXEC sp_executesql @SqlStmt
+ UPDATE SchemaChangeHistory SET LastAppliedId = @id
END ELSE BREAK;
azure-sql Temporal Tables Retention Policy https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-sql/database/temporal-tables-retention-policy.md
FROM sys.databases
Database flag **is_temporal_history_retention_enabled** is set to ON by default, but users can change it with ALTER DATABASE statement. It is also automatically set to OFF after [point in time restore](recovery-using-backups.md) operation. To enable temporal history retention cleanup for your database, execute the following statement: ```sql
-ALTER DATABASE <myDB>
+ALTER DATABASE [<myDB>]
SET TEMPORAL_HISTORY_RETENTION ON ```
Say that a temporal table has one MONTH retention period specified. If your data
If you want to activate temporal retention cleanup, run the following Transact-SQL statement after point in time restore: ```sql
-ALTER DATABASE <myDB>
+ALTER DATABASE [<myDB>]
SET TEMPORAL_HISTORY_RETENTION ON ```
azure-sql Troubleshoot Common Errors Issues https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-sql/database/troubleshoot-common-errors-issues.md
Typically, the service administrator can use the following steps to add the logi
5. In SSMS Object Explorer, expand **Databases**. 6. Select the database that you want to grant the user permission to. 7. Right-click **Security**, and then select **New**, **User**.
-8. In the generated script with placeholders, edit and run the following SQL query:
+8. In the generated script with placeholders (sample shown below), replace template parameters by following the steps [here](/sql/ssms/template/replace-template-parameters) and execute it:
```sql
- CREATE USER <user_name, sysname, user_name>
- FOR LOGIN <login_name, sysname, login_name>
- WITH DEFAULT_SCHEMA = <default_schema, sysname, dbo>;
+ CREATE USER [<user_name, sysname, user_name>]
+ FOR LOGIN [<login_name, sysname, login_name>]
+ WITH DEFAULT_SCHEMA = [<default_schema, sysname, dbo>];
GO -- Add user to the database owner role
azure-sql In Memory Oltp Configure https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-sql/in-memory-oltp-configure.md
To use this migration option:
7. Copy the data to your memory-optimized table by using INSERT...SELECT * INTO: ```sql
-INSERT INTO <new_memory_optimized_table>
- SELECT * FROM <old_disk_based_table>;
+INSERT INTO [<new_memory_optimized_table>]
+ SELECT * FROM [<old_disk_based_table>];
``` ## Step 5 (optional): Migrate stored procedures
cdn Cdn Standard Rules Engine Reference https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cdn/cdn-standard-rules-engine-reference.md
Previously updated : 08/04/2020 Last updated : 07/31/2021
Included in this limit is a default *global rule*. The global rule doesn't have
## Limits and pricing
-Each Azure CDN endpoint can have up to 25 rules. Each rule can have up to ten match conditions and five actions. Pricing for Rules Engine follows the below dimensions:
-- Rules: $1 per rule per month -- Requests Processed: $0.60 per million requests-- The first 5 rules will remain free
+See [CDN Scale limits](../azure-resource-manager/management/azure-subscription-service-limits.md#content-delivery-network-limits) for rules limit. For rule engine pricing, see [Content Delivery Network pricing](https://azure.microsoft.com/pricing/details/cdn/).
## Syntax
cosmos-db Sql Api Sdk Java Spring V3 https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cosmos-db/sql-api-sdk-java-spring-v3.md
You can use Spring Data Azure Cosmos DB in your [Azure Spring Cloud](https://azu
| Content | Link | ||| |**SDK download**| [Maven](https://mvnrepository.com/artifact/com.azure/azure-spring-data-cosmos) |
-|**API documentation** | [Java API reference documentation](/java/api/com.azure.spring.data.cosmos) |
+|**API documentation** | [Java API reference documentation](/java/api/overview/azure/spring-data-cosmos-readme?view=azure-java-stable) |
|**Contribute to SDK** | [Azure SDK for Java Central Repo on GitHub](https://github.com/Azure/azure-sdk-for-java/tree/master/sdk/cosmos/azure-spring-data-cosmos) | |**Get started** | [Quickstart: Build a Spring Data Azure Cosmos DB app to manage Azure Cosmos DB SQL API data](./create-sql-api-spring-data.md) <br> [GitHub repo with quickstart code](https://github.com/Azure-Samples/azure-spring-data-cosmos-java-sql-api-getting-started) | |**Basic code samples** | [Azure Cosmos DB: Spring Data Azure Cosmos DB examples for the SQL API](sql-api-spring-data-sdk-samples.md) <br> [GitHub repo with sample code](https://github.com/Azure-Samples/azure-spring-data-cosmos-java-sql-api-samples)|
Learn more about the [Spring Framework](https://spring.io/projects/spring-framew
Learn more about [Spring Boot](https://spring.io/projects/spring-boot).
-Learn more about [Spring Data](https://spring.io/projects/spring-data).
+Learn more about [Spring Data](https://spring.io/projects/spring-data).
cosmos-db Sql Query Group By https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cosmos-db/sql-query-group-by.md
Previously updated : 05/19/2020 Last updated : 07/30/2021
Additionally, cross-partition `GROUP BY` queries can have a maximum of 21 [aggre
## Examples
-These examples use the nutrition data set available through the [Azure Cosmos DB Query Playground](https://www.documentdb.com/sql/demo).
+These examples use a sample [nutrition data set](https://github.com/AzureCosmosDB/labs/blob/master/dotnet/setup/NutritionData.json).
-For example, here's a query which returns the total count of items in each foodGroup:
+Here's a query which returns the total count of items in each foodGroup:
```sql SELECT TOP 4 COUNT(1) AS foodGroupCount, f.foodGroup
cosmos-db Sql Query Subquery https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cosmos-db/sql-query-subquery.md
Previously updated : 12/02/2019 Last updated : 07/30/2021
A subquery is a query nested within another query. A subquery is also called an inner query or inner select. The statement that contains a subquery is typically called an outer query.
-This article describes SQL subqueries and their common use cases in Azure Cosmos DB. All sample queries in this doc can be run against a nutrition dataset that is preloaded on the [Azure Cosmos DB Query Playground](https://www.documentdb.com/sql/demo).
+This article describes SQL subqueries and their common use cases in Azure Cosmos DB. All sample queries in this doc can be run against [a sample nutrition dataset](https://github.com/AzureCosmosDB/labs/blob/master/dotnet/setup/NutritionData.json).
## Types of subqueries
event-grid Event Schema Key Vault https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/event-grid/event-schema-key-vault.md
An Azure Key Vault account generates the following event types:
| - | -- || | Microsoft.KeyVault.CertificateNewVersionCreated | Certificate New Version Created | Triggered when a new certificate or new certificate version is created. | | Microsoft.KeyVault.CertificateNearExpiry | Certificate Near Expiry | Triggered when the current version of certificate is about to expire. (The event is triggered 30 days before the expiration date.) |
-| Microsoft.KeyVault.CertificateExpired | Certificate Expired | Triggered when the certificate is expired. |
+| Microsoft.KeyVault.CertificateExpired | Certificate Expired | Triggered when the current version of a certificate is expired. |
| Microsoft.KeyVault.KeyNewVersionCreated | Key New Version Created | Triggered when a new key or new key version is created. | | Microsoft.KeyVault.KeyNearExpiry | Key Near Expiry | Triggered when the current version of a key is about to expire. (The event is triggered 30 days before the expiration date.) |
-| Microsoft.KeyVault.KeyExpired | Key Expired | Triggered when a key is expired. |
+| Microsoft.KeyVault.KeyExpired | Key Expired | Triggered when the current version of a key is expired. |
| Microsoft.KeyVault.SecretNewVersionCreated | Secret New Version Created | Triggered when a new secret or new secret version is created. | | Microsoft.KeyVault.SecretNearExpiry | Secret Near Expiry | Triggered when the current version of a secret is about to expire. (The event is triggered 30 days before the expiration date.) |
-| Microsoft.KeyVault.SecretExpired | Secret Expired | Triggered when a secret is expired. |
+| Microsoft.KeyVault.SecretExpired | Secret Expired | Triggered when the current version of a secret is expired. |
| Microsoft.KeyVault.VaultAccessPolicyChanged | Vault Access Policy Changed | Triggered when an access policy on Key Vault changed. It includes a scenario when Key Vault permission model is changed to/from Azure role-based access control. | ## Event examples
import-export Storage Import Export Contact Microsoft Support https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/import-export/storage-import-export-contact-microsoft-support.md
Previously updated : 01/14/2021 Last updated : 07/30/2021 + # Open a support ticket for an Import/Export job
-If you encounter any issues with your Import/Export service, you can create a service request for technical support. This article walks you through:
+If you come across any issues with your Import/Export service, you can create a service request for technical support.
-* How to create a support request.
-* How to manage a support request lifecycle from within the portal.
+This article walks you through:
+
+* How to create a support request
+* How to manage a support request lifecycle from within the portal
## Create a support request
-Perform the following steps to create a support request:
+Do the following steps to create a support request:
-1. Go to your import/export job. Navigate to **SUPPORT + TROUBLESHOOTING** section and then select **New support request**.
+1. Go to your Import/Export job. Under **Support + Troubleshooting**, select **New support request**.
- ![Basics](./media/storage-import-export-contact-microsoft-support/import-export-support1.png)
-
-2. In **New support request**, select **Basics**. In **Basics**, do the following steps:
-
- 1. From the **Issue type** dropdown list, select **Technical**.
- 2. Choose your **Subscription**.
- 3. Under **Service**, check **My Services**. From the dropdown list, you can select one of the options - **Storage Account Management**, **Blob**, or **File**.
- - If you choose **Storage Account Management**, select **Resource**, and **Support plan**.
- ![Choose Storage Account Management](./media/storage-import-export-contact-microsoft-support/import-export-support3.png)
- - If you choose **Blob**, select **Resource**, **Container names** (optional), and **Support plan**.
- ![Choose Blob](./media/storage-import-export-contact-microsoft-support/import-export-support2.png)
- - If you choose **File**, select **Resource**, **File share names** (optional), and **Support plan**
- ![Choose File](./media/storage-import-export-contact-microsoft-support/import-export-support4.png)
- 4. Select **Next**.
-
-3. In **New support request**, select **Step 2 Problem**. In **Problem**, do the following steps:
-
- 1. Choose the **Severity** as **C - Minimal impact**. Support will update it if needed.
- 2. Select the **Problem type** as **Data Migration**.
- 3. Choose the **Category** as **Import - Export**.
- 4. Provide a **Title** for the issue and more **Details**.
- 5. Provide the start date and time for the problem.
- 6. In the **File upload**, select the folder icon to browse any other files you want to upload.
- 7. Check **Share diagnostic information**.
- 8. Select **Next**.
-
- ![Problem](./media/storage-import-export-contact-microsoft-support/import-export-support5.png)
-
-4. In **New support request**, select **Step 3 Contact information**. In **Contact information**, do the following steps:
-
- 1. In the **Contact options**, provide your preferred contact method (phone or email) and the language. The response time is automatically selected based on your subscription plan.
- 2. In the Contact information, provide your name, email, optional contact, country/region. Select the **Save contact changes for future support requests** checkbox.
- 3. Select **Create**.
+ ![Basics](./media/storage-import-export-contact-microsoft-support/import-export-support-01.png)
- ![Contact information](./media/storage-import-export-contact-microsoft-support/import-export-support7.png)
+1. On the **Basics** tab, enter required basic information. Basic info about your Import/Export order is already filled in.
+
+ |Option|Description|
+ ||--|
+ |**Summary** | Briefly describe your issue.|
+ |**Issue type**|Select **Technical**.|
+ |**Subscription**|Select the subscription for the Import/Export order. |
+ |**Service**|Select **My services**.|
+ | **Service type**| Select **Azure Import/Export Service**.|
+ |**Resource**|Select the Import/Export order.|
+ |**Problem type**|Select a problem type from among the problem types for Import/Export orders.|
+ |**Problem subtype**|Select the appropriate subtype for the problem type.|
+
+ ![Screenshot showing info on the Basics screen for an Import/Export Service support request. The button that opens teh Solutions tab is highlighted.](./media/storage-import-export-contact-microsoft-support/import-export-support-02.png)
+
+ Select **Next: Solutions>>** to continue.
+
+1. The **Solutions** tab shows expert solutions for the problem you described. If you don't find the solution to your problem, select **Next: Details>>** to proceed with a support request.
+
+ ![Screenshot showing the Solutions tab for an Import/Export Service support request. The Solutions tab shows expert solutions for the selected problem. The button that opens the Solutions tab is highlighted.](./media/storage-import-export-contact-microsoft-support/import-export-support-03.png)
+
+1. Use the **Details** tab to provide info for a support ticket.
+
+ |Grouping|Options|
+ |--|-|
+ |**Problem details**|<ul><li>**When did the problem start?** Using your local time, enter the data and time when the problem started.</li><li>**Details**: Describe the problem you're experiencing.</li><li>**File upload**: You can attach one or more files if needed. Select the folder icon. Then browse to any files you want to upload.</li></ul>|
+ |**Share diagnostic information**|<ul><li>Select **No**. Azure support will ask you for more information if they need it.</li></ul>|
+ |**Support method**|<ul><li>Leave the **Severity** at **C - Minimal Impact**. Azure support will adjust the severity level based on the information you provided.</li><li>Otherwise, tell how you'd like to be contacted - by email or by phone, and in what language?</li></ul>|
+ |**Contact info**|<ul><li>You can edit your contact information if needed.</li></ul>|
+
+ ![Screenshot showing the Details tab for an Import/Export Service support request. The button that opens the Review Plus Create tab is highlighted.](./media/storage-import-export-contact-microsoft-support/import-export-support-04.png)
+
+ Select **Next: Review + create >>** to continue.
+
+1. Review your support request on the **Review + create** tab. Make any changes that are needed. Then select **Create**.
+
+ ![Screenshot showing the Review Plus Create tab for a new Azure support request. The Create button is highlighted.](./media/storage-import-export-contact-microsoft-support/import-export-support-05.png)
- Microsoft Support will use this information to reach out to you for further information, diagnosis, and resolution.
- After you've submitted your request, a Support engineer will contact you to continue with your request.
## Manage a support request
After creating a support ticket, you can manage the lifecycle of the ticket from
1. To get to the help and support page, navigate to **Browse > Help + support**.
- ![Screenshot shows the Help dialog box.](./media/storage-import-export-contact-microsoft-support/manage-support-ticket2.png)
+ ![Screenshot showing how to select "Help Plus Support" on the home page of the Azure portal.](./media/storage-import-export-contact-microsoft-support/manage-support-ticket-01.png)
2. A tabular listing of **Recent support requests** is displayed in **Help + support**.
- ![Screenshot shows the Help + support page with your support request in an open status.](./media/storage-import-export-contact-microsoft-support/manage-support-ticket1.png)
+ ![Screenshot showing the Azure "Help Plus Support" page with an Open support request highlighted.](./media/storage-import-export-contact-microsoft-support/manage-support-ticket-02.png)
3. Select and click a support request. You can view the status and the details for this request. Select **+ New message** if you want to follow up on this request.
- ![Screenshot shows New message selected for this request.](./media/storage-import-export-contact-microsoft-support/manage-support-ticket3.png)
+ ![Screenshot showing a New message selected for an Azure support request.](./media/storage-import-export-contact-microsoft-support/manage-support-ticket-03.png)
## Next steps
machine-learning How To Use Environments https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/machine-learning/how-to-use-environments.md
build = env.build_local(workspace=ws, useDocker=True, pushImageToWorkspaceAcr=Tr
> [!WARNING] > Changing the order of dependencies or channels in an environment will result in a new environment and will require a new image build. In addition, calling the `build()` method for an existing image will update its dependencies if there are new versions.
+### Utilize adminless Azure Container Registry (ACR) with VNet
+
+It is no longer required for users to have admin mode enabled on their workspace attached ACR in VNet scenarios. Ensure that the derived image build time on the compute is less than 1 hour to enable successful build. Once the image is pushed to the workspace ACR, this image can now only be accessed with a compute identity. For more information on set up, please see [here](https://docs.microsoft.com/azure/machine-learning/how-to-use-managed-identities).
+ ## Use environments for training To submit a training run, you need to combine your environment, [compute target](concept-compute-target.md), and your training Python script into a run configuration. This configuration is a wrapper object that's used for submitting runs.
service = Model.deploy(
Code examples in this article are also included in the [using environments notebook](https://github.com/Azure/MachineLearningNotebooks/blob/master/how-to-use-azureml/training/using-environments/using-environments.ipynb).
- To install a Conda environment as a kernel in a notebook, see [add a new Jupyter kernel](./how-to-access-terminal.md#add-new-kernels).
+To install a Conda environment as a kernel in a notebook, see [add a new Jupyter kernel](./how-to-access-terminal.md#add-new-kernels).
[Deploy a model using a custom Docker base image](./how-to-deploy-custom-container.md) demonstrates how to deploy a model using a custom Docker base image.
postgresql Concepts Version Policy https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/postgresql/concepts-version-policy.md
The table below provides the retirement details for PostgreSQL major versions. T
You may continue to run the retired version in Azure Database for PostgreSQL. However, please note the following restrictions after the retirement date for each PostgreSQL database version: - As the community will not be releasing any further bug fixes or security fixes, Azure Database for PostgreSQL will not patch the retired database engine for any bugs or security issues or otherwise take security measures with regard to the retired database engine. You may experience security vulnerabilities or other issues as a result. However, Azure will continue to perform periodic maintenance and patching for the host, OS, containers, and any other service-related components.-- If any support issue you may experience relates to the PostgreSQL database, we may not be able to provide you with support. In such cases, you will have to upgrade your database in order for us to provide you with any support.
+- If any support issue you may experience relates to the PostgreSQL engine itself, as the community no longer provides the patches, we may not be able to provide you with support. In such cases, you will have to upgrade your database to one of the supported versions.
- You will not be able to create new database servers for the retired version. However, you will be able to perform point-in-time recoveries and create read replicas for your existing servers. - New service capabilities developed by Azure Database for PostgreSQL may only be available to supported database server versions. - Uptime SLAs will apply solely to Azure Database for PostgreSQL service-related issues and not to any downtime caused by database engine-related bugs.
postgresql Concepts Backup Restore https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/postgresql/flexible-server/concepts-backup-restore.md
Previously updated : 09/22/2020 Last updated : 07/30/2021 # Backup and restore in Azure Database for PostgreSQL - Flexible Server
You can choose between a latest restore point and a custom restore point.
The estimated time to recover depends on several factors including database size, volume of transaction logs to process, the network bandwidth, and the total number of databases recovering in the same region at the same time. The overall recovery time usually takes from few minutes up to few hours.
+If you have configured your server within a VNET, you can restore to the same VNET or to a different VNET. However, you cannot restore to a public access. Similarly, if you configured your server with public access, you cannot restore to a private access.
+ > [!IMPORTANT] > Deleted servers **cannot** be restored. If you delete the server, all databases that belong to the server are also deleted and cannot be recovered. To protect server resources, post deployment, from accidental deletion or unexpected changes, administrators can leverage [management locks](../../azure-resource-manager/management/lock-resources.md).
After restoring the database, you can perform the following tasks to get your us
- If you had restored the database configured with high availability, and if you want to configure the restored server with high availability, you can then follow [the steps](./how-to-manage-high-availability-portal.md).
+## Frequently asked questions
+
+### Backup related questions
+
+* **How do Azure handles backup of my server?**
+
+ By default, Azure Database for PostgreSQL enables automated backups of your entire server (encompassing all databases created) with a default 7 days of retention period. A daily incremental snapshot of the database is performed. The logs (WAL) files are archived to Azure BLOB continuously.
+
+* **Can I configure these automatic backup to be retained for long term?**
+
+ No. Currently we only support a maximum of 35 days of retention. You can do manual backups and use that for long-term retention requirement.
+
+* **How do I do manual backup of my Postgres servers?**
+
+ You can manually take a backup is by using PostgreSQL tool pg_dump as documented [here](https://www.postgresql.org/docs/current/app-pgdump.html). For examples, you can refer to this [upgrade/migration documentation](../howto-migrate-using-dump-and-restore.md) that you can use for backups as well. If you wish to backup Azure Database for PostgreSQL to a Blob storage, refer to our tech community blog [Backup Azure Database for PostgreSQL to a Blob Storage](https://techcommunity.microsoft.com/t5/azure-database-for-postgresql/backup-azure-database-for-postgresql-to-a-blob-storage/ba-p/803343).
+
+* **What are the backup windows for my server? Can I customize it?**
+
+ Backup windows are inherently managed by Azure and cannot be customized. The first full snapshot backup is scheduled immediately after a server is created. Subsequent snapshot backups are incremental backups that occur once a day.
+
+* **Are my backups encrypted?**
+
+ Yes. All Azure Database for PostgreSQL data, backups and temporary files that are created during query execution are encrypted using AES 256-bit encryption. The storage encryption is always on and cannot be disabled.
+
+* **Can I restore a single/few database(s) in a server?**
+
+ Restoring a single/few database(s) or tables is not directly supported. However, you need to restore the entire server to a new server and then extract the table(s) or database(s) needed and import them to your server.
+
+* **Is my server available while the backup is in progress?**
+ Yes. Backups are online operations using snapshots. The snapshot operation only takes few seconds and doesnΓÇÖt interfere with production workloads ensuring high availability of the server.
+
+* **When setting up the maintenance window for the server do we need to account for backup window?**
+
+ No. Backups are triggered internally as part of the managed service and have no bearing to the Managed Maintenance Window.
+
+* **Where are my automated backups stored and how do I manage their retention?**
+
+ Azure Database for PostgreSQL automatically creates server backups and stores them automatically in zone-redundant storage in regions where multiple zones are supported or in locally redundant storage in regions that do not support multiple zones yet. These backup files cannot be exported. You can use backups to restore your server to a point-in-time only. The default backup retention period is seven days. You can optionally configure the backup retention up to 35 days.
+
+* **How are backups performed in a HA enabled servers?**
+
+ Flexible server's data volumes are backed up using Managed disk incremental snapshots from the primary server. The WAL backup is performed from either the primary server or the standby server.
+
+* **How can I validate backups are performed on my server?**
+
+ The best way to validate availability of valid backups is performing periodic point in time restores and ensuring backups are valid and restorable. Backup operations or files are not exposed to the end users.
+
+* **Where can I see the backup usage?**
+
+ In the Azure portal, under Monitoring, click Metrics, you can find ΓÇ£Backup Usage metricΓÇ¥ in which you can monitor the total backup usage.
+
+* **What happens to my backups if I delete my server?**
+
+ If you delete the server, all backups that belong to the server are also deleted and cannot be recovered. To protect server resources, post deployment, from accidental deletion or unexpected changes, administrators can leverage management locks.
+
+* **How are backups retained for stopped servers?**
+
+ No new backups are performed for stopped servers. All older backups (within the retention window) at the time of stopping the server are retained until the server is restarted post which backup retention for the active server is governed by itΓÇÖs backup retention window.
+
+* **How will I be charged and billed for my backups?**
+
+ Flexible server provides up to 100% of your provisioned server storage as backup storage at no additional cost. Any additional backup storage used is charged in GB per month as per the pricing model. Backup storage billing is also governed by the backup retention period selected and backup redundancy option chosen apart from the transactional activity on the server which impacts the total backup storage used directly.
+
+* **How will I be billed for a stopped server?**
+
+ While your server instance is stopped, no new backups are performed. You are charged for provisioned storage and backup storage (backups stored within your specified retention window). Free backup storage is limited to the size of your provisioned database and any excess backup data will be charged using the backup price.
+
+* **I configured my server with zone-redundant high availability. Do you take two backups and will I be charged twice?**
+
+ No. Irrespective of HA or non-HA servers, only one set of backup copy is maintained and you will be charged only once.
+
+### Restore related questions
+
+* **How do I restore my server?**
+
+ Azure supports Point In Time Restore (for all servers) allowing users to restore to latest or custom restore point using Azure portal, Azure CLI and API.
+
+ To restore your server from the backups taken manually using tools like pg_dump, you can first create a flexible server and restore your database(s) into the server using [pg_restore](https://www.postgresql.org/docs/current/app-pgrestore.html).
+
+* **Can I restore to another availability zone within the same region?**
+
+ Yes. If the region supports multiple availability zones, the backup is stored on ZRS account and allows you to restore to another zone.
+
+* **How long it takes to do a point in time restore? Why is my restore taking so much time?**
+
+ The data restore operation from snapshot does not depend of the size of data, however the recovery process timing which applies the logs (transaction activities to replay) could vary depending on the previous backup of the requested date/time and the amount of logs to process. This is applicable to both restoring within the same zone or to a different zone.
+
+* **If I restore my HA enabled server, do the restore server automatically configured with high availability?**
+
+ No. The server is restored as a single instance flexible server. After the restore is complete, you can optionally configure the server with high availability.
+
+* **I configured my server within a VNET. Can I restore to another VNET?**
+
+ Yes. At the time of restore, choose a different VNET to restore.
+
+* **Can I restore my public access server into a VNET or vice-versa?**
+
+ No. We currently do not support restoring servers across public and private access.
+
+* **How do I track my restore operation?**
+
+ Currently there is no way to track the restore operation. You may monitor the activity log to see if the operation is in progress or complete.
+ ## Next steps
postgresql Concepts Extensions https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/postgresql/flexible-server/concepts-extensions.md
Previously updated : 06/23/2021 Last updated : 07/30/2021 # PostgreSQL extensions in Azure Database for PostgreSQL - Flexible Server
The following extensions are available in Azure Database for PostgreSQL - Flexib
> |[pg_visibility](https://www.postgresql.org/docs/13/pgvisibility.html) | 1.2 | examine the visibility map (VM) and page-level visibility info| > |[pgaudit](https://www.pgaudit.org/) | 1.5 | provides auditing functionality| > |[pgcrypto](https://www.postgresql.org/docs/13/pgcrypto.html) | 1.3 | cryptographic functions|
+> |[pglogical](https://github.com/2ndQuadrant/pglogical) | 2.3.2 | Logical streaming replication |
> |[pgrowlocks](https://www.postgresql.org/docs/13/pgrowlocks.html) | 1.2 | show row-level locking information| > |[pgstattuple](https://www.postgresql.org/docs/13/pgstattuple.html) | 1.5 | show tuple-level statistics| > |[plpgsql](https://www.postgresql.org/docs/13/plpgsql.html) | 1.0 | PL/pgSQL procedural language|
The following extensions are available in Azure Database for PostgreSQL - Flexib
> |[pg_visibility](https://www.postgresql.org/docs/12/pgvisibility.html) | 1.2 | examine the visibility map (VM) and page-level visibility info| > |[pgaudit](https://www.pgaudit.org/) | 1.4 | provides auditing functionality| > |[pgcrypto](https://www.postgresql.org/docs/12/pgcrypto.html) | 1.3 | cryptographic functions|
+>|[pglogical](https://github.com/2ndQuadrant/pglogical) | 2.3.2 | Logical streaming replication |
> |[pgrowlocks](https://www.postgresql.org/docs/12/pgrowlocks.html) | 1.2 | show row-level locking information| > |[pgstattuple](https://www.postgresql.org/docs/12/pgstattuple.html) | 1.5 | show tuple-level statistics| > |[plpgsql](https://www.postgresql.org/docs/12/plpgsql.html) | 1.0 | PL/pgSQL procedural language|
The following extensions are available in Azure Database for PostgreSQL - Flexib
> |[pg_visibility](https://www.postgresql.org/docs/11/pgvisibility.html) | 1.2 | examine the visibility map (VM) and page-level visibility info| > |[pgaudit](https://www.pgaudit.org/) | 1.3.1 | provides auditing functionality| > |[pgcrypto](https://www.postgresql.org/docs/11/pgcrypto.html) | 1.3 | cryptographic functions|
+>|[pglogical](https://github.com/2ndQuadrant/pglogical) | 2.3.2 | Logical streaming replication |
> |[pgrowlocks](https://www.postgresql.org/docs/11/pgrowlocks.html) | 1.2 | show row-level locking information| > |[pgstattuple](https://www.postgresql.org/docs/11/pgstattuple.html) | 1.5 | show tuple-level statistics| > |[plpgsql](https://www.postgresql.org/docs/11/plpgsql.html) | 1.0 | PL/pgSQL procedural language|
postgresql Concepts High Availability https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/postgresql/flexible-server/concepts-high-availability.md
Previously updated : 06/07/2021 Last updated : 07/30/2021 # High availability concepts in Azure Database for PostgreSQL - Flexible Server
After the failover, while a new standby server is being provisioned, application
Flexible server provides two methods for you to perform on-demand failover to the standby server. These are useful if you want to test the failover time and downtime impact for your applications and if you want to failover to the preferred availability zone.
-* **Forced failover**: You can use this option to simulate an unplanned outage scenario. This triggers a fault in the primary server and brings the primary server down. Applications loses connectivity to the server. The failover workflow is triggered which initiates the standby promote operation. Once the standby is all caught up with all transactions, it is promoted to be the primary server. DNS records are updated and your application can connect to the promoted primary server. Your application can continue to write to the primary while a new standby server is established in the background.
+### Forced failover
-* **Planned failover**: This option is for failing over to the standby server with reduced downtime. The standby server is first prepared to make sure it is caught up with recent transactions. The standby is then promoted and the connections to the primary is severed. DNS record is updated and the applications can connect to the newly promoted server. Your application can continue to write to the primary while a new standby server is established in the background. As the application continues to write to the primary server while the standby is being prepared, this method of failover provides reduced downtime experience.
+You can use this feature to simulate an unplanned outage scenario while running your production workload and observe your application downtime. Alternatively, in rare case where your primary server becomes unresponsive for whatever reason, you may use this feature.
->[!NOTE]
-> It is recommended to perform planned failover during low activity period.
+This feature triggers brings the primary server down and initiates the failover workflow in which the standby promote operation is performed. Once the standby completes the recovery process till the last committed data, it is promoted to be the primary server. DNS records are updated and your application can connect to the promoted primary server. Your application can continue to write to the primary while a new standby server is established in the background. The following are the steps performed:
+
+ | **Step** | **Description** | **App downtime expected?** |
+ | - | | -- |
+ | 1 | Primary server is stopped shortly after the failover request is received. | Yes |
+ | 2 | Application encounters downtime as the primary server is down. | Yes |
+ | 3 | Internal monitoring system detects the failure and initiates a failover to the standby server. | Yes |
+ | 4 | Standby server enters recovery mode before being fully promoted as an independent server. | Yes |
+ | 5 | The failover process waits for the standby recovery to complete. | Yes |
+ | 6 | Once the server is up, DNS record is updated with the same hostname, but using the standby's IP address. | Yes |
+ | 7 | Application can reconnect to the new primary server and resume the operation. | No |
+ | 8 | A standby server in the preferred zone is established. | No |
+ | 9 | Standby server starts to recover logs (from Azure BLOB) that it missed during its establishment. | No |
+ | 10 | A steady-state between the primary and the standby server is established. | No |
+ | 11 | Forced failover process is complete. | No |
+
+Application downtime is expected to start after step #1 and persists until step #6 is completed. The rest of the steps happen in the background without impacting the application writes and commits.
+
+### Planned failover
+
+You can use this feature for failing over to the standby server with reduced downtime. For example, after an unplanned failover, your primary could be on a different availability zone than the application, and you want to bring the primary server back to the previous zone to co-locate with your application.
->[!IMPORTANT]
-> * Please do not perform immediate, back-to-back failovers. Wait for at least 15-20 minutes between failovers, which will also allow the new standby server to be fully established.
->
-> * The overall end-to-end operation time may be longer than the actual downtime experienced by the application. Please measure the downtime from the application perspective.
+When executing this feature, the standby server is first prepared to make sure it is caught up with recent transactions allowing the application to continue to perform read/writes. The standby is then promoted and the connections to the primary is severed. Your application can continue to write to the primary while a new standby server is established in the background. The following are the steps involved with planned failover.
-See [this guide](how-to-manage-high-availability-portal.md) for step-by-step instructions.
+| **Step** | **Description** | **App downtime expected?** |
+ | - | | -- |
+ | 1 | Wait for the standby server to have caught-up with primary. | No |
+ | 2 | Internal monitoring system initiates the failover workflow. | No |
+ | 3 | Application writes are blocked when the standby server is close to primary log sequence number (LSN). | Yes |
+ | 4 | Standby server is promoted to be an independent server. | Yes |
+ | 5 | DNS record is updated with the new standby server's IP address. | Yes |
+ | 6 | Application to reconnect and resume its read/write with new primary | No |
+ | 7 | A new standby server in another zone is established. | No |
+ | 8 | Standby server starts to recover logs (from Azure BLOB) that it missed during its establishment. | No |
+ | 9 | A steady-state between the primary and the standby server is established. | No |
+ | 10 | Planned failover process is complete. | No |
+Application downtime starts at step #3 and can resume operation post step #5. The rest of the steps happen in the background without impacting application writes and commits.
+### Considerations while performing on-demand failovers
-## Point-in-time restore
+* The overall end-to-end operation time may be seen longer than the actual downtime experienced by the application. **Please observe the downtime from the application perspective**.
+* Please do not perform immediate, back-to-back failovers. Wait for at least 15-20 minutes between failovers, which will allow the new standby server to be fully established.
+* For the planned failover with reduced downtime, it is recommended to perform during low activity period.
+
+See [this guide](how-to-manage-high-availability-portal.md) for managing high availability.
++
+## Point-in-time restore of HA servers
Flexible servers that are configured with high availability, log data is replicated in real time to the standby server. Any user errors on the primary server - such as an accidental drop of a table or incorrect data updates are replicated to the standby replica as well. So, you cannot use standby to recover from such logical errors. To recover from such errors, you have to perform point-in-time restore from the backup. Using flexible server's point-in-time restore capability, you can restore to the time before the error occurred. For databases configured with high availability, a new database server will be restored as a single zone flexible server with a new user-provided server name. You can use the restored server for few use cases:
-1. You can use the restored server for production usage and enable zone-redundant high availability.
-2. If you just want to restore an object, you can then export the object from the restored database server and import it to your production database server.
-3. If you want to clone your database server for testing and development purposes, or you want to restore for any other purposes, you can perform point-in-time restore.
+ 1. You can use the restored server for production usage and can optionally enable zone-redundant high availability.
+ 2. If you just want to restore an object, you can then export the object from the restored database server and import it to your production database server.
+ 3. If you want to clone your database server for testing and development purposes, or you want to restore for any other purposes, you can perform point-in-time restore.
## Zone redundant high availability - features -- Standby replica will be deployed in an exact VM configuration same as the primary server, including vCores, storage, network settings (VNET, Firewall), etc.
+* Standby replica will be deployed in an exact VM configuration same as the primary server, including vCores, storage, network settings (VNET, Firewall), etc.
-- You can add high availability for an existing database server.
+* You can add high availability for an existing database server.
-- You can remove standby replica by disabling high availability.
+* You can remove standby replica by disabling high availability.
-- You can only choose your availability zone for your primary database server. Standby zone is auto-selected.
+* You can only choose your availability zone for your primary database server. Standby zone is auto-selected.
-- Operations such as stop, start, and restart are performed on both primary and standby database servers at the same time.
+* Operations such as stop, start, and restart are performed on both primary and standby database servers at the same time.
-- Automatic backups are performed from the primary database server and stored in a zone redundant storage.
+* Automatic backups are performed from the primary database server and stored in a zone redundant storage.
-- Clients always connect to the end host name of the primary database server.
+* Clients always connect to the end host name of the primary database server.
-- Any changes to the server parameters are applied to the standby replica as well.
+* Any changes to the server parameters are applied to the standby replica as well.
-- Ability to restart the server to pick up any static server parameter changes.
+* Ability to restart the server to pick up any static server parameter changes.
-- Periodic maintenance activities such as minor version upgrades happen at the standby first and the service is failed over to reduce downtime.
+* Periodic maintenance activities such as minor version upgrades happen at the standby first and the service is failed over to reduce downtime.
## Zone redundant high availability - limitations -- High availability is not supported with burstable compute tier.-- High availability is supported only in regions where multiple zones are available.-- Due to synchronous replication to another availability zone, applications can experience elevated write and commit latency.
+* High availability is not supported with burstable compute tier.
+* High availability is supported only in regions where multiple zones are available.
+* Due to synchronous replication to another availability zone, applications can experience elevated write and commit latency.
+
+* Standby replica cannot be used for read queries.
+
+* Depending on the workload and activity on the primary server, the failover process might take longer than 120 seconds due to recovery involved at the standby replica before it can be promoted.
+
+* Restarting the primary database server also restarts standby replica.
+
+* Configuring additional read replicas are not supported.
+
+* Configuring customer initiated management tasks cannot be scheduled during managed maintenance window.
+
+* Planned events such as scale compute and scale storage happens in the standby first and then on the primary server. Currently the server does not failed over for these planned operations.
+
+* If logical decoding or logical replication is configured with a HA configured flexible server, in the event of a failover to the standby server, the logical replication slots are not copied over to the standby server.
+
+## Frequently asked questions
+
+### HA configuration questions
+
+* **Is zone redundant HA available in all regions?** <br>
+ Zone-redundant HA is available in regions that support multiple AZs in the region. For the latest region support, please see [this documentation](overview.md#azure-regions). We are continuously adding more regions and enabling multiple AZs.
+
+* **What mode of replication is between primary and standby servers?** <br>
+ Synchronous mode of replication is established between the primary and the standby server. Application writes and commits are acknowledged only after the Write Ahead Log (WAL) data is persisted on the standby site. This enables zero data loss in the event of a failover.
+
+* **Synchronous mode incurs latency. What kind of performance impact I can expect for my application?** <br>
+ Configuring in HA induces some latency to writes and commits. No impact to read queries. The performance impact varies depending on your workload. As a general guideline, writes and commit impact can be around 20-30% impact.
+
+* **Does the zone-redundant HA provides protection from planned and unplanned outages?** <br>
+ Yes. The main purpose of HA is to offer higher uptime to mitigate from any outages. In the event of an unplanned outage - including a fault in database, VM, physical node, data center, or at the AZ-level, the monitoring system automatically fails over the server to the standby. Similarly, during planned outages including minor version updates or infrastructure patching that happen during scheduled maintenance window, the updates are applied at the standby first and the service is failed over while the old primary goes through the update process. This reduces the overall downtime.
+
+* **Can I enable or disable HA any any point of time?** <br>
+
+ Yes. You can enable or disable zone-redundant HA at any time except when the server is in certain states like stopped, restarting, or already in the process of failing over.
+
+* **Can I choose the AZ for the standby?** <br>
+ No. Currently you cannot choose the AZ for the standby. We plan to add that capability in future.
+
+* **Can I configure HA between private (VNET) and public access?** <br>
+ No. You can either configure HA within a VNET (spanned across AZs within a region) or public access.
+
+* **Can I configure HA across regions?** <br>
+ No. HA is configured within a region, but across availability zones. In future, we are planning to offer read replicas that can be configured across regions for disaster recovery (DR) purposes. We will provide more details when the feature is enabled.
+
+* **Can I use logical replication with HA configured servers?** <br>
+ You can configure logical replication with HA. However, after a failover, the logical slot details are not copied over to the standby. Hence, there is currently limited support for this configuration.
+
+### Replication and failover related questions
+
+* **How does flexible server provide high availability in the event of a fault - like AZ fault?** <br>
+ When you enable your server with zone-redundant HA, a physical standby replica with the same compute and storage configuration as the primary is deployed automatically in a different availability zone than the primary. PostgreSQL streaming replication is established between the primary and standby servers.
+
+* **What is the typical failover process during an outage?** <br>
+ When the fault is detected by the monitoring system, it initiates a failover workflow that involves making sure the standby has applied all residual WAL files and fully caught up before opening that for read/write. Then DNS is updated with the IP address of the standby before the clients can reconnect to the server with the same endpoint (host name). A new standby is instantiated to keep the configuration in an highly available mode.
+
+* **What is the typical failover time and expected data loss during an outage?** <br>
+ In a typical case, failover time or the downtime experienced by the application perspective is between 60s-120s. This can be longer in cases where the outage incurred during long running transactions, index creation, or during heavy write activities - as the standby may take longer to complete the recovery process.
+
+ Since the replication happens in synchronous mode, no data loss is expected.
+
+* **Do you offer SLA for the failover time?** <br>
+ For the failover time, we provide guidelines on how long it typically takes for the operation. The official SLA will be provided for the overall uptime when we GA the service. No SLAs are offered during public preview.
-- Standby replica cannot be used for read queries.
+* **Does the application automatically connect to the server after the failover?** <br>
+ No. Applications should have retry mechanism to reconnect to the same endpoint (hostname).
-- Depending on the workload and activity on the primary server, the failover process might take longer than 120 seconds due to recovery involved at the standby replica before it can be promoted.
+* **How do I test the failover?** <br>
+ You can use **Forced failover** or **Planned failover** feature to test the failover. See **On-demand failover** section in this document for details.
-- Restarting the primary database server also restarts standby replica.
+* **How do I check the replication status?** <br>
+ On portal, from the overview page of the server shows the Zone redundant high availability status and the server status. You can also check the status and the AZs for primary and standby from the High Availability blade of the server portal.
-- Configuring additional read replicas are not supported.
+ From psql, you can run `select * from pg_stat_replication;` which shows the streaming status amongst other details.
-- Configuring customer initiated management tasks cannot be scheduled during managed maintenance window.
+* **Do you support read queries on the standby replica?** <br>
+ No. We do not support read queries on the standby replica.
-- Planned events such as scale compute and scale storage happens in the standby first and then on the primary server. Currently the server does not failed over for these planned operations.
+* **When I do point-in-time recovery (PITR), will it automatically configure the restored server in HA?** <br>
+ No. PITR server is restored as a standalone server. If you want to enable HA, you can do that after the restore is complete.
-- If logical decoding or logical replication is configured with a HA configured flexible server, in the event of a failover to the standby server, the logical replication slots are not copied over to the standby server. ## Next steps - Learn about [business continuity](./concepts-business-continuity.md) - Learn how to [manage high availability](./how-to-manage-high-availability-portal.md)-- Learn about [backup and recovery](./concepts-backup-restore.md)
+- Learn about [backup and recovery](./concepts-backup-restore.md)
postgresql Concepts Logical https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/postgresql/flexible-server/concepts-logical.md
Previously updated : 06/10/2021 Last updated : 07/30/2021 # Logical replication and logical decoding in Azure Database for PostgreSQL - Flexible Server
Last updated 06/10/2021
Azure Database for PostgreSQL - Flexible Server supports the following logical data extraction and replication methodologies: 1. **Logical replication** 1. Using PostgreSQL [native logical replication](https://www.postgresql.org/docs/12/logical-replication.html) to replicate data objects. Logical replication allows fine-grained control over the data replication, including table-level data replication.
- <! 2. Using [pglogical](https://github.com/2ndQuadrant/pglogical) extension that provides logical streaming replication and additional capabilities such as copying initial schema of the database, support for TRUNCATE, ability to replicate DDL etc. -->
+ 2. Using [pglogical](https://github.com/2ndQuadrant/pglogical) extension that provides logical streaming replication and additional capabilities such as copying initial schema of the database, support for TRUNCATE, ability to replicate DDL etc.
2. **Logical decoding** which is implemented by [decoding](https://www.postgresql.org/docs/12/logicaldecoding-explanation.html) the content of write-ahead log (WAL). ## Comparing logical replication and logical decoding
Logical decoding
* extracts changes across all tables in a database * cannot directly send data between PostgreSQL instances.
+>[!NOTE]
+> As at this time, Flexible server does not support cross-region read replicas. Depending on the type of workload, you may choose to use logical replication feature for cross-region disaster recovery (DR) purpose.
+ ## Pre-requisites for logical replication and logical decoding 1. Go to server parameters page on the portal. 2. Set the server parameter `wal_level` to `logical`.
-<!
-3. If you want to use pglogical extension, search for the `shared_preload_libaries` parameter, and select `pglogical` from the drop-down box. Also update `max_worker_processes` parameter value to at least 16. -->
-3. Save the changes and restart the server to apply the `wal_level` change.
-4. Confirm that your PostgreSQL instance allows network traffic from your connecting resource.
-5. Grant the admin user replication permissions.
+3. If you want to use pglogical extension, search for the `shared_preload_libaries` parameter, and select `pglogical` from the drop-down box.
+4. Update `max_worker_processes` parameter value to at least 16. Otherwise, you may run into issues like `WARNING: out of background worker slots`.
+5. Save the changes and restart the server to apply the `wal_level` change.
+6. Confirm that your PostgreSQL instance allows network traffic from your connecting resource.
+7. Grant the admin user replication permissions.
```SQL ALTER ROLE <adminname> WITH REPLICATION; ```
+8. You may want to make sure the role you are using has [privileges](https://www.postgresql.org/docs/current/sql-grant.html) on the schema that you are replicating. Otherwise, you may run into errors such as `Permission denied for schema`.
## Using logical replication and logical decoding
Here's some sample code you can use to try out logical replication.
Visit the PostgreSQL documentation to understand more about [logical replication](https://www.postgresql.org/docs/current/logical-replication.html).
-<!
### pglogical extension Here is an example of configuring pglogical at the provider database server and the subscriber. Please refer to pglogical extension documentation for more details. Also make sure you have performed pre-requisite tasks listed above.
Here is an example of configuring pglogical at the provider database server and
```SQL SELECT subscription_name, status FROM pglogical.show_subscription_status(); ```>+ ### Logical decoding Logical decoding can be consumed via the streaming protocol or SQL interface.
The 'active' column in the pg_replication_slots view will indicate whether there
```SQL SELECT * FROM pg_replication_slots; ```- [Set alerts](howto-alert-on-metrics.md) on the **Maximum Used Transaction IDs** and **Storage Used** flexible server metrics to notify you when the values increase past normal thresholds. ## Limitations
postgresql Concepts Pgbouncer https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/postgresql/flexible-server/concepts-pgbouncer.md
Previously updated : 04/20/2021 Last updated : 07/30/2021 # PgBouncer in Azure Database for PostgreSQL - Flexible Server
PgBouncer uses a more lightweight model that utilizes asynchronous I/O, and only
When enabled, PgBouncer runs on port 6432 on your database server. You can change your applicationΓÇÖs database connection configuration to use the same host name, but change the port to 6432 to start using PgBouncer and benefit from improved idle connection scaling. > [!Note]
-> PgBouncer is supported only on General Purpose and Memory Optimized compute tiers.
+> PgBouncer is supported on General Purpose and Memory Optimized compute tiers in both public access and private access networking.
## Enabling and configuring PgBouncer
You can configure PgBouncer, settings with these parameters:
| Parameter Name | Description | Default | |-|--|-| | pgbouncer.default_pool_size | Set this parameter value to the number of connections per user/database pair | 50 |
-| pgBouncer.max_client_conn | Set this parameter value to the highest number of client connections to PgBouncer that you want to support | 5000 |
+| pgBouncer.max_client_conn | Set this parameter value to the highest number of client connections to PgBouncer that you want to support . | 5000 |
| pgBouncer.pool_mode | Set this parameter value to TRANSACTION for transaction pooling (which is the recommended setting for most workloads). | TRANSACTION | | pgBouncer.min_pool_size | Add more server connections to pool if below this number. | 0 (Disabled) |
-| pgBouncer.stats_users | Optional. Set this parameter value to the name of an existing user, to be able to log in to the special PgBouncer statistics database (named ΓÇ£PgBouncerΓÇ¥) | |
+| pgbouncer.ignore_startup_parameters | Comma-separated list of parameters that PgBouncer can ignore. For example, you can let PgBouncer ignore `extra_float_digits` parameter.| |
+| pgbouncer.query_wait_timeout | Maximum time (in seconds) queries are allowed to spend waiting for execution. If the query is not assigned to a server during that time, the client is disconnected. | 120s |
+| pgBouncer.stats_users | Optional. Set this parameter value to the name of an existing user, to be able to log in to the special PgBouncer statistics database (named ΓÇ£PgBouncerΓÇ¥). | |
+
+For more details on the PgBouncer configurations, please see [pgbouncer.ini](https://www.pgbouncer.org/config.html).
> [!Note] > Upgrading of PgBouncer will be managed by Azure.
postgresql Release Notes https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/postgresql/flexible-server/release-notes.md
Previously updated : 06/23/2021 Last updated : 07/30/2021
This page provides latest news and updates regarding feature additions, engine v
> [!IMPORTANT] > Azure Database for PostgreSQL - Flexible Server is in preview
+## Release: July 2021
+
+* Support for [pglogical extension](concepts-logical.md) v2.3.2 with PostgreSQL 11,12, and 13.<sup>$</sup>
+* PgBouncer now includes `ignore_startup_parameters` to ignore certain client-side driver's parameters including `extra_float_digits`, and `pgbouncer.query_wait_timeout` parameters. <sup>$</sup>.
+* Support for `pg_stat_reset_shared('bgwriter');` and `pg_stat_reset_shared('archiver');` to reset the counters shown in the `pg_stat_bgwriter` and `pg_stat_archiver` views <sup>$</sup>.
+* * Several bug fixes, stability, and performance improvements<sup>$</sup>.
+
+<sup>**$**</sup> New servers get these features automatically. In your existing servers, these features are enabled during your server's future maintenance window.
+ ## Release: June 2021 * Support for [latest PostgreSQL minors](./concepts-supported-versions.md) 13.3, 12.7 and 11.12 with new server creates<sup>$</sup>.
This page provides latest news and updates regarding feature additions, engine v
* Support for lo extension. See the [extensions page](./concepts-extensions.md) for versions supported with each major version <sup>$</sup>. * Several bug fixes, stability, and performance improvements<sup>$</sup>.
-<sup>**$**</sup> Your existing servers will be automatically upgraded to the latest supported minor version and also new features are enabled during your server's future maintenance window.
+<sup>**$**</sup> New servers get these features automatically. Your existing servers will be automatically upgraded to the latest supported minor version and also new features are enabled during your server's future maintenance window.
## Release: May 2021
role-based-access-control Resource Provider Operations https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/role-based-access-control/resource-provider-operations.md
Azure service: [Virtual Machines](../virtual-machines/index.yml), [Virtual Machi
> | Microsoft.Compute/cloudServices/rebuild/action | Reimage all the role instances in a CloudService. | > | Microsoft.Compute/cloudServices/delete/action | Deletes role instances in a CloudService. | > | Microsoft.Compute/cloudServices/instanceView/read | Gets the status of a CloudService. |
+> | Microsoft.Compute/cloudServices/providers/Microsoft.Insights/diagnosticSettings/read | Gets the diagnostic setting for the CloudService. |
+> | Microsoft.Compute/cloudServices/providers/Microsoft.Insights/diagnosticSettings/write | Creates or updates the diagnostic setting for the CloudService. |
+> | Microsoft.Compute/cloudServices/providers/Microsoft.Insights/metricDefinitions/read | Gets the CloudService metrics definition |
> | Microsoft.Compute/cloudServices/roleInstances/delete | Deletes a RoleInstance from CloudService. | > | Microsoft.Compute/cloudServices/roleInstances/read | Gets a RoleInstance from CloudService. | > | Microsoft.Compute/cloudServices/roleInstances/restart/action | Restart a role instance of a CloudService |
Azure service: [Virtual Machines](../virtual-machines/index.yml), [Virtual Machi
> | Microsoft.Compute/cloudServices/roleInstances/instanceView/read | Gets the status of a role instance from a CloudService. | > | Microsoft.Compute/cloudServices/roles/read | Gets a role from a CloudService. | > | Microsoft.Compute/cloudServices/roles/write | Scale instances in a Role |
+> | Microsoft.Compute/cloudServices/roles/providers/Microsoft.Insights/diagnosticSettings/read | Gets the diagnostic setting for the CloudService Roles. |
+> | Microsoft.Compute/cloudServices/roles/providers/Microsoft.Insights/diagnosticSettings/write | Creates or updates the diagnostic setting for the CloudService Roles |
+> | Microsoft.Compute/cloudServices/roles/providers/Microsoft.Insights/metricDefinitions/read | Gets the CloudService Roles Metric Definitions |
> | Microsoft.Compute/cloudServices/updateDomains/read | Gets a list of all update domains in a CloudService. | > | Microsoft.Compute/diskAccesses/read | Get the properties of DiskAccess resource | > | Microsoft.Compute/diskAccesses/write | Create a new DiskAccess resource or update an existing one |
Azure service: [Virtual Machines](../virtual-machines/index.yml), [Virtual Machi
> | Microsoft.Compute/virtualMachines/patchAssessmentResults/latest/softwarePatches/read | Retrieves list of patches assessed during the last patch assessment operation | > | Microsoft.Compute/virtualMachines/patchInstallationResults/read | Retrieves the summary of the latest patch installation operation | > | Microsoft.Compute/virtualMachines/patchInstallationResults/softwarePatches/read | Retrieves list of patches attempted to be installed during the last patch installation operation |
+> | Microsoft.Compute/virtualMachines/providers/Microsoft.Insights/diagnosticSettings/read | Gets the diagnostic setting for the Virtual Machine. |
+> | Microsoft.Compute/virtualMachines/providers/Microsoft.Insights/diagnosticSettings/write | Creates or updates the diagnostic setting for the Virtual Machine. |
+> | Microsoft.Compute/virtualMachines/providers/Microsoft.Insights/logDefinitions/read | Gets the available logs for Virtual Machine. |
+> | Microsoft.Compute/virtualMachines/providers/Microsoft.Insights/metricDefinitions/read | Reads Virtual Machine Metric Definitions |
> | Microsoft.Compute/virtualMachines/runCommands/read | Get the properties of a virtual machine run command | > | Microsoft.Compute/virtualMachines/runCommands/write | Creates a new virtual machine run command or updates an existing one | > | Microsoft.Compute/virtualMachines/runCommands/delete | Deletes the virtual machine run command |
Azure service: [Virtual Machines](../virtual-machines/index.yml), [Virtual Machi
> | Microsoft.Compute/virtualMachineScaleSets/instanceView/read | Gets the instance view of the Virtual Machine Scale Set | > | Microsoft.Compute/virtualMachineScaleSets/networkInterfaces/read | Get properties of all network interfaces of a Virtual Machine Scale Set | > | Microsoft.Compute/virtualMachineScaleSets/osUpgradeHistory/read | Gets the history of OS upgrades for a Virtual Machine Scale Set |
+> | Microsoft.Compute/virtualMachineScaleSets/providers/Microsoft.Insights/diagnosticSettings/read | Gets the diagnostic setting for the Virtual Machine Scale Set. |
+> | Microsoft.Compute/virtualMachineScaleSets/providers/Microsoft.Insights/diagnosticSettings/write | Creates or updates the diagnostic setting for the Virtual Machine Scale set. |
+> | Microsoft.Compute/virtualMachineScaleSets/providers/Microsoft.Insights/logDefinitions/read | Gets the available logs for Virtual Machine Scale Sets. |
+> | Microsoft.Compute/virtualMachineScaleSets/providers/Microsoft.Insights/metricDefinitions/read | Reads Virtual Machine Scale Set Metric Definitions |
> | Microsoft.Compute/virtualMachineScaleSets/publicIPAddresses/read | Get properties of all public IP addresses of a Virtual Machine Scale Set | > | Microsoft.Compute/virtualMachineScaleSets/rollingUpgrades/read | Get latest Rolling Upgrade status for a Virtual Machine Scale Set | > | Microsoft.Compute/virtualMachineScaleSets/skus/read | Lists the valid SKUs for an existing Virtual Machine Scale Set |
Azure service: [Virtual Machines](../virtual-machines/index.yml), [Virtual Machi
> | Microsoft.Compute/virtualMachineScaleSets/virtualMachines/networkInterfaces/read | Get properties of one or all network interfaces of a virtual machine created using Virtual Machine Scale Set | > | Microsoft.Compute/virtualMachineScaleSets/virtualMachines/networkInterfaces/ipConfigurations/read | Get properties of one or all IP configurations of a network interface created using Virtual Machine Scale Set. IP configurations represent private IPs | > | Microsoft.Compute/virtualMachineScaleSets/virtualMachines/networkInterfaces/ipConfigurations/publicIPAddresses/read | Get properties of public IP address created using Virtual Machine Scale Set. Virtual Machine Scale Set can create at most one public IP per ipconfiguration (private IP) |
+> | Microsoft.Compute/virtualMachineScaleSets/virtualMachines/providers/Microsoft.Insights/metricDefinitions/read | Reads Virtual Machine in Scale Set Metric Definitions |
> | Microsoft.Compute/virtualMachineScaleSets/virtualMachines/runCommands/read | Get the properties of a run command for Virtual Machine in Virtual Machine Scale Set | > | Microsoft.Compute/virtualMachineScaleSets/virtualMachines/runCommands/write | Creates a new run command for Virtual Machine in Virtual Machine Scale Set or updates an existing one | > | Microsoft.Compute/virtualMachineScaleSets/virtualMachines/runCommands/delete | Deletes the run command for Virtual Machine in Virtual Machine Scale Set |
Azure service: [Content Delivery Network](../cdn/index.yml)
> | Microsoft.Cdn/cdnwebapplicationfirewallpolicies/read | | > | Microsoft.Cdn/cdnwebapplicationfirewallpolicies/write | | > | Microsoft.Cdn/cdnwebapplicationfirewallpolicies/delete | |
+> | Microsoft.Cdn/cdnwebapplicationfirewallpolicies/providers/Microsoft.Insights/diagnosticSettings/read | Gets the diagnostic settings for the resource |
+> | Microsoft.Cdn/cdnwebapplicationfirewallpolicies/providers/Microsoft.Insights/diagnosticSettings/write | Creates or updates the diagnostic settings for the resource |
+> | Microsoft.Cdn/cdnwebapplicationfirewallpolicies/providers/Microsoft.Insights/logDefinitions/read | Gets the available logs for Microsoft.Cdn/cdnwebapplicationfirewallpolicies |
+> | Microsoft.Cdn/cdnwebapplicationfirewallpolicies/providers/Microsoft.Insights/metricDefinitions/read | Gets the available metrics for Microsoft.Cdn |
> | Microsoft.Cdn/edgenodes/read | | > | Microsoft.Cdn/edgenodes/write | | > | Microsoft.Cdn/edgenodes/delete | |
Azure service: [Content Delivery Network](../cdn/index.yml)
> | Microsoft.Cdn/profiles/endpoints/origins/read | | > | Microsoft.Cdn/profiles/endpoints/origins/write | | > | Microsoft.Cdn/profiles/endpoints/origins/delete | |
+> | Microsoft.Cdn/profiles/endpoints/providers/Microsoft.Insights/diagnosticSettings/read | Gets the diagnostic settings for the resource |
+> | Microsoft.Cdn/profiles/endpoints/providers/Microsoft.Insights/diagnosticSettings/write | Creates or updates the diagnostic settings for the resource |
+> | Microsoft.Cdn/profiles/endpoints/providers/Microsoft.Insights/logDefinitions/read | Gets the available logs for Microsoft.Cdn/profiles/endpoints |
> | Microsoft.Cdn/profiles/getloganalyticslocations/read | | > | Microsoft.Cdn/profiles/getloganalyticsmetrics/read | | > | Microsoft.Cdn/profiles/getloganalyticsrankings/read | |
Azure service: [Content Delivery Network](../cdn/index.yml)
> | Microsoft.Cdn/profiles/origingroups/origins/read | | > | Microsoft.Cdn/profiles/origingroups/origins/write | | > | Microsoft.Cdn/profiles/origingroups/origins/delete | |
+> | Microsoft.Cdn/profiles/providers/Microsoft.Insights/diagnosticSettings/read | Gets the diagnostic settings for the resource |
+> | Microsoft.Cdn/profiles/providers/Microsoft.Insights/diagnosticSettings/write | Creates or updates the diagnostic settings for the resource |
+> | Microsoft.Cdn/profiles/providers/Microsoft.Insights/logDefinitions/read | Gets the available logs for Microsoft.Cdn/profiles |
+> | Microsoft.Cdn/profiles/providers/Microsoft.Insights/metricDefinitions/read | Gets the available metrics for Microsoft.Cdn |
> | Microsoft.Cdn/profiles/rulesets/read | | > | Microsoft.Cdn/profiles/rulesets/write | | > | Microsoft.Cdn/profiles/rulesets/delete | |
Azure service: [Application Gateway](../application-gateway/index.yml), [Azure B
> | Microsoft.Network/register/action | Registers the subscription | > | Microsoft.Network/unregister/action | Unregisters the subscription | > | Microsoft.Network/checkTrafficManagerNameAvailability/action | Checks the availability of a Traffic Manager Relative DNS name. |
+> | Microsoft.Network/internalNotify/action | DNS alias resource notification |
+> | Microsoft.Network/getDnsResourceReference/action | DNS alias resource dependency request |
> | Microsoft.Network/checkFrontDoorNameAvailability/action | Checks whether a Front Door name is available |
+> | Microsoft.Network/privateDnsZonesInternal/action | Executes Private DNS Zones Internal APIs |
> | Microsoft.Network/applicationGatewayAvailableRequestHeaders/read | Get Application Gateway available Request Headers | > | Microsoft.Network/applicationGatewayAvailableResponseHeaders/read | Get Application Gateway available Response Header | > | Microsoft.Network/applicationGatewayAvailableServerVariables/read | Get Application Gateway available Server Variables |
Azure service: [Application Gateway](../application-gateway/index.yml), [Azure B
> | Microsoft.Network/applicationGateways/delete | Deletes an application gateway | > | Microsoft.Network/applicationGateways/backendhealth/action | Gets an application gateway backend health | > | Microsoft.Network/applicationGateways/getBackendHealthOnDemand/action | Gets an application gateway backend health on demand for given http setting and backend pool |
+> | Microsoft.Network/applicationGateways/resolvePrivateLinkServiceId/action | Resolves privateLinkServiceId for application gateway private link resource |
> | Microsoft.Network/applicationGateways/start/action | Starts an application gateway | > | Microsoft.Network/applicationGateways/stop/action | Stops an application gateway | > | Microsoft.Network/applicationGateways/restart/action | Restarts an application gateway | > | Microsoft.Network/applicationGateways/migrateV1ToV2/action | Migrate Application Gateway from v1 sku to v2 sku | > | Microsoft.Network/applicationGateways/getMigrationStatus/action | Get Status Of Migrate Application Gateway From V1 sku To V2 sku |
+> | Microsoft.Network/applicationGateways/setSecurityCenterConfiguration/action | Sets Application Gateway Security Center Configuration |
+> | Microsoft.Network/applicationGateways/effectiveNetworkSecurityGroups/action | Get Route Table configured On Application Gateway |
+> | Microsoft.Network/applicationGateways/effectiveRouteTable/action | Get Route Table configured On Application Gateway |
> | Microsoft.Network/applicationGateways/backendAddressPools/join/action | Joins an application gateway backend address pool. Not Alertable. | > | Microsoft.Network/applicationGateways/privateEndpointConnections/read | Gets Application Gateway PrivateEndpoint Connections | > | Microsoft.Network/applicationGateways/privateEndpointConnections/write | Updates Application Gateway PrivateEndpoint Connection | > | Microsoft.Network/applicationGateways/privateEndpointConnections/delete | Deletes Application Gateway PrivateEndpoint Connection | > | Microsoft.Network/applicationGateways/privateLinkConfigurations/read | Gets Application Gateway Private Link Configurations | > | Microsoft.Network/applicationGateways/privateLinkResources/read | Gets ApplicationGateway PrivateLink Resources |
+> | Microsoft.Network/applicationGateways/providers/Microsoft.Insights/logDefinitions/read | Gets the events for Application Gateway |
+> | Microsoft.Network/applicationGateways/providers/Microsoft.Insights/metricDefinitions/read | Gets the available metrics for Application Gateway |
> | Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies/read | Gets an Application Gateway WAF policy | > | Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies/write | Creates an Application Gateway WAF policy or updates an Application Gateway WAF policy | > | Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies/delete | Deletes an Application Gateway WAF policy |
Azure service: [Application Gateway](../application-gateway/index.yml), [Azure B
> | Microsoft.Network/azureFirewalls/networkRuleCollections/read | Gets Azure Firewall NetworkRuleCollection | > | Microsoft.Network/azureFirewalls/networkRuleCollections/write | CreatesOrUpdates Azure Firewall NetworkRuleCollection | > | Microsoft.Network/azureFirewalls/networkRuleCollections/delete | Deletes Azure Firewall NetworkRuleCollection |
+> | Microsoft.Network/azurefirewalls/providers/Microsoft.Insights/logDefinitions/read | Gets the events for Azure Firewall |
+> | Microsoft.Network/azurefirewalls/providers/Microsoft.Insights/metricDefinitions/read | Gets the available metrics for Azure Firewall |
> | Microsoft.Network/azureWebCategories/read | Gets Azure WebCategories | > | Microsoft.Network/azureWebCategories/getwebcategory/action | Looks up WebCategory | > | Microsoft.Network/azureWebCategories/classifyUnknown/action | Classifies Unknown WebCategory |
Azure service: [Application Gateway](../application-gateway/index.yml), [Azure B
> | Microsoft.Network/bastionHosts/createShareableLinks/action | Creates shareable urls for the VMs under a bastion and returns the urls | > | Microsoft.Network/bastionHosts/deleteShareableLinks/action | Deletes shareable urls for the provided VMs under a bastion | > | Microsoft.Network/bastionHosts/deleteShareableLinksByToken/action | Deletes shareable urls for the provided tokens under a bastion |
+> | Microsoft.Network/bastionHosts/providers/Microsoft.Insights/diagnosticSettings/read | Gets the diagnostic setting for the resource |
+> | Microsoft.Network/bastionHosts/providers/Microsoft.Insights/diagnosticSettings/write | Creates or updates the diagnostic setting for the resource |
+> | Microsoft.Network/bastionHosts/providers/Microsoft.Insights/logDefinitions/read | Gets the available audit logs for Bastion Host |
> | Microsoft.Network/bgpServiceCommunities/read | Get Bgp Service Communities | > | Microsoft.Network/connections/read | Gets VirtualNetworkGatewayConnection | > | Microsoft.Network/connections/write | Creates or updates an existing VirtualNetworkGatewayConnection |
Azure service: [Application Gateway](../application-gateway/index.yml), [Azure B
> | Microsoft.Network/connections/stoppacketcapture/action | Stops a Virtual Network Gateway Connection Packet Capture. | > | Microsoft.Network/connections/getikesas/action | Lists IKE Security Associations for the connection | > | Microsoft.Network/connections/resetconnection/action | Resets connection for VNG |
+> | Microsoft.Network/connections/providers/Microsoft.Insights/diagnosticSettings/read | Gets diagnostic settings for Connections |
+> | Microsoft.Network/connections/providers/Microsoft.Insights/diagnosticSettings/write | Creates or updates diagnostic settings for Connections |
+> | Microsoft.Network/connections/providers/Microsoft.Insights/metricDefinitions/read | Gets the metric definitions for Connections |
> | Microsoft.Network/connections/sharedKey/read | Gets VirtualNetworkGatewayConnection SharedKey | > | Microsoft.Network/connections/sharedKey/write | Creates or updates an existing VirtualNetworkGatewayConnection SharedKey | > | Microsoft.Network/customIpPrefixes/read | Gets a Custom Ip Prefix Definition |
Azure service: [Application Gateway](../application-gateway/index.yml), [Azure B
> | Microsoft.Network/ddosProtectionPlans/write | Creates a DDoS Protection Plan or updates a DDoS Protection Plan | > | Microsoft.Network/ddosProtectionPlans/delete | Deletes a DDoS Protection Plan | > | Microsoft.Network/ddosProtectionPlans/join/action | Joins a DDoS Protection Plan. Not alertable. |
+> | Microsoft.Network/ddosProtectionPlans/ddosProtectionPlanProxies/read | Gets a DDoS Protection Plan Proxy definition |
+> | Microsoft.Network/ddosProtectionPlans/ddosProtectionPlanProxies/write | Creates a DDoS Protection Plan Proxy or updates and existing DDoS Protection Plan Proxy |
+> | Microsoft.Network/ddosProtectionPlans/ddosProtectionPlanProxies/delete | Deletes a DDoS Protection Plan Proxy |
> | Microsoft.Network/dnsForwardingRulesets/read | Gets a DNS Forwarding Ruleset, in JSON format | > | Microsoft.Network/dnsForwardingRulesets/write | Creates Or Updates a DNS Forwarding Ruleset | > | Microsoft.Network/dnsForwardingRulesets/delete | Deletes a DNS Forwarding Ruleset, in JSON format |
Azure service: [Application Gateway](../application-gateway/index.yml), [Azure B
> | Microsoft.Network/dnszones/NS/read | Gets DNS record set of type NS | > | Microsoft.Network/dnszones/NS/write | Creates or updates DNS record set of type NS | > | Microsoft.Network/dnszones/NS/delete | Deletes the DNS record set of type NS |
+> | Microsoft.Network/dnszones/providers/Microsoft.Insights/diagnosticSettings/read | Gets the DNS zone diagnostic settings |
+> | Microsoft.Network/dnszones/providers/Microsoft.Insights/diagnosticSettings/write | Creates or updates the DNS zone diagnostic settings |
+> | Microsoft.Network/dnszones/providers/Microsoft.Insights/metricDefinitions/read | Gets the DNS zone metric definitions |
> | Microsoft.Network/dnszones/PTR/read | Get the record set of type 'PTR', in JSON format. The record set contains a list of records as well as the TTL, tags, and etag. | > | Microsoft.Network/dnszones/PTR/write | Create or update a record set of type 'PTR' within a DNS zone. The records specified will replace the current records in the record set. | > | Microsoft.Network/dnszones/PTR/delete | Remove the record set of a given name and type 'PTR' from a DNS zone. |
Azure service: [Application Gateway](../application-gateway/index.yml), [Azure B
> | Microsoft.Network/expressRouteCircuits/write | Creates or updates an existing ExpressRouteCircuit | > | Microsoft.Network/expressRouteCircuits/join/action | Joins an Express Route Circuit. Not alertable. | > | Microsoft.Network/expressRouteCircuits/delete | Deletes an ExpressRouteCircuit |
+> | Microsoft.Network/expressRouteCircuits/nrpinternalupdate/action | Create or Update ExpressRouteCircuit |
> | Microsoft.Network/expressRouteCircuits/authorizations/read | Gets an ExpressRouteCircuit Authorization | > | Microsoft.Network/expressRouteCircuits/authorizations/write | Creates or updates an existing ExpressRouteCircuit Authorization | > | Microsoft.Network/expressRouteCircuits/authorizations/delete | Deletes an ExpressRouteCircuit Authorization |
Azure service: [Application Gateway](../application-gateway/index.yml), [Azure B
> | Microsoft.Network/expressRouteCircuits/peerings/connections/write | Creates or updates an existing ExpressRouteCircuit Connection Resource | > | Microsoft.Network/expressRouteCircuits/peerings/connections/delete | Deletes an ExpressRouteCircuit Connection | > | Microsoft.Network/expressRouteCircuits/peerings/peerConnections/read | Gets Peer Express Route Circuit Connection |
+> | Microsoft.Network/expressRouteCircuits/peerings/providers/Microsoft.Insights/diagnosticSettings/read | Gets diagnostic settings for ExpressRoute Circuit Peerings |
+> | Microsoft.Network/expressRouteCircuits/peerings/providers/Microsoft.Insights/diagnosticSettings/write | Creates or updates diagnostic settings for ExpressRoute Circuit Peerings |
+> | Microsoft.Network/expressRouteCircuits/peerings/providers/Microsoft.Insights/metricDefinitions/read | Gets the metric definitions for ExpressRoute Circuit Peerings |
> | Microsoft.Network/expressRouteCircuits/peerings/routeTables/read | Gets an ExpressRouteCircuit Peering RouteTable | > | Microsoft.Network/expressRouteCircuits/peerings/routeTablesSummary/read | Gets an ExpressRouteCircuit Peering RouteTable Summary | > | Microsoft.Network/expressRouteCircuits/peerings/stats/read | Gets an ExpressRouteCircuit Peering Stat |
+> | Microsoft.Network/expressRouteCircuits/providers/Microsoft.Insights/diagnosticSettings/read | Gets diagnostic settings for ExpressRoute Circuits |
+> | Microsoft.Network/expressRouteCircuits/providers/Microsoft.Insights/diagnosticSettings/write | Creates or updates diagnostic settings for ExpressRoute Circuits |
+> | Microsoft.Network/expressRouteCircuits/providers/Microsoft.Insights/logDefinitions/read | Get the events for ExpressRoute Circuits |
+> | Microsoft.Network/expressRouteCircuits/providers/Microsoft.Insights/metricDefinitions/read | Gets the metric definitions for ExpressRoute Circuits |
> | Microsoft.Network/expressRouteCircuits/stats/read | Gets an ExpressRouteCircuit Stat | > | Microsoft.Network/expressRouteCrossConnections/read | Get Express Route Cross Connection |
+> | Microsoft.Network/expressRouteCrossConnections/write | Create or Update Express Route Cross Connection |
+> | Microsoft.Network/expressRouteCrossConnections/delete | Delete Express Route Cross Connection |
> | Microsoft.Network/expressRouteCrossConnections/serviceProviders/action | Backfill Express Route Cross Connection | > | Microsoft.Network/expressRouteCrossConnections/join/action | Joins an Express Route Cross Connection. Not alertable. | > | Microsoft.Network/expressRouteCrossConnections/peerings/read | Gets an Express Route Cross Connection Peering |
Azure service: [Application Gateway](../application-gateway/index.yml), [Azure B
> | Microsoft.Network/expressRouteCrossConnections/peerings/routeTables/read | Gets an Express Route Cross Connection Peering Route Table | > | Microsoft.Network/expressRouteCrossConnections/peerings/routeTableSummary/read | Gets an Express Route Cross Connection Peering Route Table Summary | > | Microsoft.Network/expressRouteGateways/read | Get Express Route Gateway |
+> | Microsoft.Network/expressRouteGateways/write | Create or Update Express Route Gateway |
+> | Microsoft.Network/expressRouteGateways/delete | Delete Express Route Gateway |
> | Microsoft.Network/expressRouteGateways/join/action | Joins an Express Route Gateway. Not alertable. | > | Microsoft.Network/expressRouteGateways/expressRouteConnections/read | Gets an Express Route Connection | > | Microsoft.Network/expressRouteGateways/expressRouteConnections/write | Creates an Express Route Connection or Updates an existing Express Route Connection | > | Microsoft.Network/expressRouteGateways/expressRouteConnections/delete | Deletes an Express Route Connection |
+> | Microsoft.Network/expressRouteGateways/providers/Microsoft.Insights/metricDefinitions/read | Gets the metric definitions for ExpressRoute Gateways |
> | Microsoft.Network/expressRoutePorts/read | Gets ExpressRoutePorts | > | Microsoft.Network/expressRoutePorts/write | Creates or updates ExpressRoutePorts | > | Microsoft.Network/expressRoutePorts/join/action | Joins Express Route ports. Not alertable. |
Azure service: [Application Gateway](../application-gateway/index.yml), [Azure B
> | Microsoft.Network/expressRoutePorts/generateloa/action | Generates LOA for ExpressRoutePorts | > | Microsoft.Network/expressRoutePorts/authorizations/read | Gets an ExpressRoutePorts Authorization | > | Microsoft.Network/expressRoutePorts/links/read | Gets ExpressRouteLink |
+> | Microsoft.Network/expressRoutePorts/providers/Microsoft.Insights/metricDefinitions/read | Gets the metric definitions for ExpressRoute Ports |
> | Microsoft.Network/expressRoutePortsLocations/read | Get Express Route Ports Locations | > | Microsoft.Network/expressRouteServiceProviders/read | Gets Express Route Service Providers | > | Microsoft.Network/firewallPolicies/read | Gets a Firewall Policy |
Azure service: [Application Gateway](../application-gateway/index.yml), [Azure B
> | Microsoft.Network/frontDoors/loadBalancingSettings/read | Gets load balancing settings | > | Microsoft.Network/frontDoors/loadBalancingSettings/write | Creates or updates load balancing settings | > | Microsoft.Network/frontDoors/loadBalancingSettings/delete | Creates or updates load balancing settings |
+> | Microsoft.Network/frontdoors/providers/Microsoft.Insights/diagnosticSettings/read | Get the diagnostic setting for the Frontdoor resource |
+> | Microsoft.Network/frontdoors/providers/Microsoft.Insights/diagnosticSettings/write | Creates or updates the diagnostic setting for the Frontdoor resource |
+> | Microsoft.Network/frontdoors/providers/Microsoft.Insights/logDefinitions/read | Get available logs for Frontdoor resources |
+> | Microsoft.Network/frontdoors/providers/Microsoft.Insights/metricDefinitions/read | Get available metrics for Frontdoor resources |
> | Microsoft.Network/frontDoors/routingRules/read | Gets a routing rule | > | Microsoft.Network/frontDoors/routingRules/write | Creates or updates a routing rule | > | Microsoft.Network/frontDoors/routingRules/delete | Deletes a routing rule |
Azure service: [Application Gateway](../application-gateway/index.yml), [Azure B
> | Microsoft.Network/loadBalancers/backendAddressPools/backendPoolAddresses/read | Lists the backend addresses of the Load Balancer backend address pool | > | Microsoft.Network/loadBalancers/frontendIPConfigurations/read | Gets a load balancer frontend IP configuration definition | > | Microsoft.Network/loadBalancers/frontendIPConfigurations/join/action | Joins a Load Balancer Frontend IP Configuration. Not alertable. |
+> | Microsoft.Network/loadBalancers/frontendIPConfigurations/loadBalancerPools/read | Gets a load balancer frontend IP address backend pool definition |
+> | Microsoft.Network/loadBalancers/frontendIPConfigurations/loadBalancerPools/write | Creates a load balancer frontend IP address backend pool or updates an existing public IP Address load balancer backend pool |
+> | Microsoft.Network/loadBalancers/frontendIPConfigurations/loadBalancerPools/delete | Deletes a load balancer frontend IP address backend pool |
+> | Microsoft.Network/loadBalancers/frontendIPConfigurations/loadBalancerPools/join/action | Joins a load balancer frontend IP address backend pool. Not alertable. |
> | Microsoft.Network/loadBalancers/inboundNatPools/read | Gets a load balancer inbound nat pool definition | > | Microsoft.Network/loadBalancers/inboundNatPools/join/action | Joins a load balancer inbound NAT pool. Not alertable. | > | Microsoft.Network/loadBalancers/inboundNatRules/read | Gets a load balancer inbound nat rule definition |
Azure service: [Application Gateway](../application-gateway/index.yml), [Azure B
> | Microsoft.Network/loadBalancers/outboundRules/read | Gets a load balancer outbound rule definition | > | Microsoft.Network/loadBalancers/probes/read | Gets a load balancer probe | > | Microsoft.Network/loadBalancers/probes/join/action | Allows using probes of a load balancer. For example, with this permission healthProbe property of VM scale set can reference the probe. Not alertable. |
+> | Microsoft.Network/loadBalancers/providers/Microsoft.Insights/diagnosticSettings/read | Gets the Load Balancer Diagnostic Settings |
+> | Microsoft.Network/loadBalancers/providers/Microsoft.Insights/diagnosticSettings/write | Creates or updates the Load Balancer Diagnostic Settings |
+> | Microsoft.Network/loadBalancers/providers/Microsoft.Insights/logDefinitions/read | Gets the events for Load Balancer |
+> | Microsoft.Network/loadBalancers/providers/Microsoft.Insights/metricDefinitions/read | Gets the available metrics for Load Balancer |
> | Microsoft.Network/loadBalancers/virtualMachines/read | Gets references to all the virtual machines under a load balancer | > | Microsoft.Network/localnetworkgateways/read | Gets LocalNetworkGateway | > | Microsoft.Network/localnetworkgateways/write | Creates or updates an existing LocalNetworkGateway | > | Microsoft.Network/localnetworkgateways/delete | Deletes LocalNetworkGateway | > | Microsoft.Network/locations/checkAcceleratedNetworkingSupport/action | Checks Accelerated Networking support |
+> | Microsoft.Network/locations/batchValidatePrivateEndpointsForResourceMove/action | Validates private endpoints in batches for resource move. |
+> | Microsoft.Network/locations/batchNotifyPrivateEndpointsForResourceMove/action | Notifies to private endpoint in batches for resource move. |
> | Microsoft.Network/locations/checkPrivateLinkServiceVisibility/action | Checks Private Link Service Visibility |
+> | Microsoft.Network/locations/validateResourceOwnership/action | Validates Resource Ownership |
+> | Microsoft.Network/locations/setResourceOwnership/action | Sets Resource Ownership |
+> | Microsoft.Network/locations/effectiveResourceOwnership/action | Gets Effective Resource Ownership |
+> | Microsoft.Network/locations/setAzureNetworkManagerConfiguration/action | Sets Azure Network Manager Configuration |
+> | Microsoft.Network/locations/getAzureNetworkManagerConfiguration/action | Gets Azure Network Manager Configuration |
> | Microsoft.Network/locations/bareMetalTenants/action | Allocates or validates a Bare Metal Tenant |
+> | Microsoft.Network/locations/commitInternalAzureNetworkManagerConfiguration/action | Commits Internal AzureNetworkManager Configuration In ANM |
+> | Microsoft.Network/locations/internalAzureVirtualNetworkManagerOperation/action | Internal AzureVirtualNetworkManager Operation In ANM |
> | Microsoft.Network/locations/setLoadBalancerFrontendPublicIpAddresses/action | SetLoadBalancerFrontendPublicIpAddresses targets frontend IP configurations of 2 load balancers. Azure Resource Manager IDs of the IP configurations are provided in the body of the request. | > | Microsoft.Network/locations/autoApprovedPrivateLinkServices/read | Gets Auto Approved Private Link Services | > | Microsoft.Network/locations/availableDelegations/read | Gets Available Delegations |
Azure service: [Application Gateway](../application-gateway/index.yml), [Azure B
> | Microsoft.Network/locations/dnsResolverOperationStatuses/read | Gets status of a DNS Resolver operation | > | Microsoft.Network/locations/operationResults/read | Gets operation result of an async POST or DELETE operation | > | Microsoft.Network/locations/operations/read | Gets operation resource that represents status of an asynchronous operation |
+> | Microsoft.Network/locations/privateLinkServices/privateEndpointConnectionProxies/read | Gets an private endpoint connection proxy resource. |
+> | Microsoft.Network/locations/privateLinkServices/privateEndpointConnectionProxies/write | Creates a new private endpoint connection proxy, or updates an existing private endpoint connection proxy. |
+> | Microsoft.Network/locations/privateLinkServices/privateEndpointConnectionProxies/delete | Deletes an private endpoint connection proxy resource. |
> | Microsoft.Network/locations/serviceTagDetails/read | GetServiceTagDetails | > | Microsoft.Network/locations/serviceTags/read | Get Service Tags | > | Microsoft.Network/locations/supportedVirtualMachineSizes/read | Gets supported virtual machines sizes |
Azure service: [Application Gateway](../application-gateway/index.yml), [Azure B
> | Microsoft.Network/masterCustomIpPrefixes/write | Creates A Master Custom Ip Prefix Or Updates An Existing Master Custom Ip Prefix | > | Microsoft.Network/masterCustomIpPrefixes/delete | Deletes A Master Custom Ip Prefix | > | Microsoft.Network/natGateways/join/action | Joins a NAT Gateway |
+> | Microsoft.Network/natGateways/providers/Microsoft.Insights/metricDefinitions/read | Gets the available metrics for Nat Gateway |
> | Microsoft.Network/networkExperimentProfiles/read | Get an Internet Analyzer profile | > | Microsoft.Network/networkExperimentProfiles/write | Create or update an Internet Analyzer profile | > | Microsoft.Network/networkExperimentProfiles/delete | Delete an Internet Analyzer profile |
Azure service: [Application Gateway](../application-gateway/index.yml), [Azure B
> | Microsoft.Network/networkInterfaces/effectiveRouteTable/action | Get Route Table configured On Network Interface Of The Vm | > | Microsoft.Network/networkInterfaces/effectiveNetworkSecurityGroups/action | Get Network Security Groups configured On Network Interface Of The Vm | > | Microsoft.Network/networkInterfaces/UpdateParentNicAttachmentOnElasticNic/action | Updates the parent NIC associated to the elastic NIC |
+> | Microsoft.Network/networkInterfaces/diagnosticIdentity/read | Gets Diagnostic Identity Of The Resource |
> | Microsoft.Network/networkInterfaces/ipconfigurations/read | Gets a network interface ip configuration definition. | > | Microsoft.Network/networkInterfaces/ipconfigurations/join/action | Joins a Network Interface IP Configuration. Not alertable. | > | Microsoft.Network/networkInterfaces/loadBalancers/read | Gets all the load balancers that the network interface is part of |
+> | Microsoft.Network/networkInterfaces/providers/Microsoft.Insights/metricDefinitions/read | Gets available metrics for the Network Interface |
> | Microsoft.Network/networkInterfaces/tapConfigurations/read | Gets a Network Interface Tap Configuration. | > | Microsoft.Network/networkInterfaces/tapConfigurations/write | Creates a Network Interface Tap Configuration or updates an existing Network Interface Tap Configuration. | > | Microsoft.Network/networkInterfaces/tapConfigurations/delete | Deletes a Network Interface Tap Configuration. |
Azure service: [Application Gateway](../application-gateway/index.yml), [Azure B
> | Microsoft.Network/networkSecurityGroups/delete | Deletes a network security group | > | Microsoft.Network/networkSecurityGroups/join/action | Joins a network security group. Not Alertable. | > | Microsoft.Network/networkSecurityGroups/defaultSecurityRules/read | Gets a default security rule definition |
+> | Microsoft.Network/networksecuritygroups/providers/Microsoft.Insights/diagnosticSettings/read | Gets the Network Security Groups Diagnostic Settings |
+> | Microsoft.Network/networksecuritygroups/providers/Microsoft.Insights/diagnosticSettings/write | Creates or updates the Network Security Groups diagnostic settings, this operation is supplemented by insights resource provider. |
+> | Microsoft.Network/networksecuritygroups/providers/Microsoft.Insights/logDefinitions/read | Gets the events for network security group |
> | Microsoft.Network/networkSecurityGroups/securityRules/read | Gets a security rule definition | > | Microsoft.Network/networkSecurityGroups/securityRules/write | Creates a security rule or updates an existing security rule | > | Microsoft.Network/networkSecurityGroups/securityRules/delete | Deletes a security rule |
Azure service: [Application Gateway](../application-gateway/index.yml), [Azure B
> | Microsoft.Network/networkWatchers/connectionMonitors/read | Get Connection Monitor details | > | Microsoft.Network/networkWatchers/connectionMonitors/write | Creates a Connection Monitor | > | Microsoft.Network/networkWatchers/connectionMonitors/delete | Deletes a Connection Monitor |
+> | Microsoft.Network/networkWatchers/connectionMonitors/providers/Microsoft.Insights/metricDefinitions/read | Gets the available metrics for Connection Monitor |
> | Microsoft.Network/networkWatchers/flowLogs/read | Get Flow Log details | > | Microsoft.Network/networkWatchers/flowLogs/write | Creates a Flow Log | > | Microsoft.Network/networkWatchers/flowLogs/delete | Deletes a Flow Log |
Azure service: [Application Gateway](../application-gateway/index.yml), [Azure B
> | Microsoft.Network/p2sVpnGateways/getp2svpnconnectionhealth/action | Gets a P2S Vpn Connection health for P2SVpnGateway | > | Microsoft.Network/p2sVpnGateways/getp2svpnconnectionhealthdetailed/action | Gets a P2S Vpn Connection health detailed for P2SVpnGateway | > | Microsoft.Network/p2sVpnGateways/disconnectp2svpnconnections/action | Disconnect p2s vpn connections |
+> | Microsoft.Network/p2sVpnGateways/providers/Microsoft.Insights/diagnosticSettings/read | Gets the P2S Vpn Gateway Diagnostic Settings |
+> | Microsoft.Network/p2sVpnGateways/providers/Microsoft.Insights/diagnosticSettings/write | Creates or updates the P2S Vpn Gateway diagnostic settings, this operation is supplemented by insights resource provider. |
+> | Microsoft.Network/p2sVpnGateways/providers/Microsoft.Insights/logDefinitions/read | Gets the events for P2S Vpn Gateway |
+> | Microsoft.Network/p2sVpnGateways/providers/Microsoft.Insights/metricDefinitions/read | Gets the available metrics for P2S Vpn Gateway |
> | Microsoft.Network/privateDnsOperationResults/read | Gets results of a Private DNS operation | > | Microsoft.Network/privateDnsOperationStatuses/read | Gets status of a Private DNS operation | > | Microsoft.Network/privateDnsZones/read | Get the Private DNS zone properties, in JSON format. Note that this command does not retrieve the virtual networks to which the Private DNS zone is linked or the record sets contained within the zone. |
Azure service: [Application Gateway](../application-gateway/index.yml), [Azure B
> | Microsoft.Network/privateDnsZones/MX/read | Get the record set of type 'MX' within a Private DNS zone, in JSON format. The record set contains a list of records as well as the TTL, tags, and etag. | > | Microsoft.Network/privateDnsZones/MX/write | Create or update a record set of type 'MX' within a Private DNS zone. The records specified will replace the current records in the record set. | > | Microsoft.Network/privateDnsZones/MX/delete | Remove the record set of a given name and type 'MX' from a Private DNS zone. |
+> | Microsoft.Network/privateDnsZones/providers/Microsoft.Insights/diagnosticSettings/read | Gets the Private DNS zone diagnostic settings |
+> | Microsoft.Network/privateDnsZones/providers/Microsoft.Insights/diagnosticSettings/write | Creates or updates the Private DNS zone diagnostic settings |
+> | Microsoft.Network/privateDnsZones/providers/Microsoft.Insights/metricDefinitions/read | Gets the Private DNS zone metric settings |
> | Microsoft.Network/privateDnsZones/PTR/read | Get the record set of type 'PTR' within a Private DNS zone, in JSON format. The record set contains a list of records as well as the TTL, tags, and etag. | > | Microsoft.Network/privateDnsZones/PTR/write | Create or update a record set of type 'PTR' within a Private DNS zone. The records specified will replace the current records in the record set. | > | Microsoft.Network/privateDnsZones/PTR/delete | Remove the record set of a given name and type 'PTR' from a Private DNS zone. |
Azure service: [Application Gateway](../application-gateway/index.yml), [Azure B
> | Microsoft.Network/privateDnsZones/virtualNetworkLinks/delete | Delete a Private DNS zone link to virtual network. | > | Microsoft.Network/privateEndpointRedirectMaps/read | Gets a Private Endpoint RedirectMap | > | Microsoft.Network/privateEndpointRedirectMaps/write | Creates Private Endpoint RedirectMap Or Updates An Existing Private Endpoint RedirectMap |
+> | Microsoft.Network/privateEndpoints/pushPropertiesToResource/action | Operation to push private endpoint property updates from NRP client |
> | Microsoft.Network/privateEndpoints/read | Gets an private endpoint resource. | > | Microsoft.Network/privateEndpoints/write | Creates a new private endpoint, or updates an existing private endpoint. | > | Microsoft.Network/privateEndpoints/delete | Deletes an private endpoint resource. | > | Microsoft.Network/privateEndpoints/privateDnsZoneGroups/read | Gets a Private DNS Zone Group | > | Microsoft.Network/privateEndpoints/privateDnsZoneGroups/write | Puts a Private DNS Zone Group |
+> | Microsoft.Network/privateEndpoints/privateLinkServiceProxies/read | Gets a private link service proxy resource. |
+> | Microsoft.Network/privateEndpoints/privateLinkServiceProxies/write | Creates a new private link service proxy, or updates an existing private link service proxy. |
+> | Microsoft.Network/privateEndpoints/privateLinkServiceProxies/delete | Deletes an private link service proxy resource. |
+> | Microsoft.Network/privateEndpoints/providers/Microsoft.Insights/metricDefinitions/read | Gets the available metrics for Private Endpoint |
> | Microsoft.Network/privateLinkServices/read | Gets an private link service resource. | > | Microsoft.Network/privateLinkServices/write | Creates a new private link service, or updates an existing private link service. | > | Microsoft.Network/privateLinkServices/delete | Deletes an private link service resource. |
+> | Microsoft.Network/privateLinkServices/notifyPrivateEndpointMove/action | Notifies a connected Private Link Service of Private Endpoint move |
+> | Microsoft.Network/privateLinkServices/privateEndpointConnectionProxies/read | Gets an private endpoint connection proxy resource. |
+> | Microsoft.Network/privateLinkServices/privateEndpointConnectionProxies/write | Creates a new private endpoint connection proxy, or updates an existing private endpoint connection proxy. |
+> | Microsoft.Network/privateLinkServices/privateEndpointConnectionProxies/delete | Deletes an private endpoint connection proxy resource. |
> | Microsoft.Network/privateLinkServices/privateEndpointConnections/read | Gets an private endpoint connection definition. | > | Microsoft.Network/privateLinkServices/privateEndpointConnections/write | Creates a new private endpoint connection, or updates an existing private endpoint connection. | > | Microsoft.Network/privateLinkServices/privateEndpointConnections/delete | Deletes an private endpoint connection. |
+> | Microsoft.Network/privateLinkServices/providers/Microsoft.Insights/metricDefinitions/read | Gets the available metrics for Private Link Service |
> | Microsoft.Network/publicIPAddresses/read | Gets a public ip address definition. | > | Microsoft.Network/publicIPAddresses/write | Creates a public Ip address or updates an existing public Ip address. | > | Microsoft.Network/publicIPAddresses/delete | Deletes a public Ip address. | > | Microsoft.Network/publicIPAddresses/join/action | Joins a public ip address. Not Alertable. |
+> | Microsoft.Network/publicIPAddresses/dnsAliases/read | Gets a Public Ip Address Dns Alias resource |
+> | Microsoft.Network/publicIPAddresses/dnsAliases/write | Creates a Public Ip Address Dns Alias resource |
+> | Microsoft.Network/publicIPAddresses/dnsAliases/delete | Deletes a Public Ip Address Dns Alias resource |
+> | Microsoft.Network/publicIPAddresses/providers/Microsoft.Insights/diagnosticSettings/read | Get the diagnostic settings of Public IP Address |
+> | Microsoft.Network/publicIPAddresses/providers/Microsoft.Insights/diagnosticSettings/write | Create or update the diagnostic settings of Public IP Address |
+> | Microsoft.Network/publicIPAddresses/providers/Microsoft.Insights/logDefinitions/read | Get the log definitions of Public IP Address |
+> | Microsoft.Network/publicIPAddresses/providers/Microsoft.Insights/metricDefinitions/read | Get the metrics definitions of Public IP Address |
> | Microsoft.Network/publicIPPrefixes/read | Gets a Public Ip Prefix Definition | > | Microsoft.Network/publicIPPrefixes/write | Creates A Public Ip Prefix Or Updates An Existing Public Ip Prefix | > | Microsoft.Network/publicIPPrefixes/delete | Deletes A Public Ip Prefix |
Azure service: [Application Gateway](../application-gateway/index.yml), [Azure B
> | Microsoft.Network/trafficManagerProfiles/nestedEndpoints/read | Gets an Nested Endpoint which belongs to a Traffic Manager Profile, including all the properties of that Nested Endpoint. | > | Microsoft.Network/trafficManagerProfiles/nestedEndpoints/write | Add a new Nested Endpoint in an existing Traffic Manager Profile or update the properties of an existing Nested Endpoint in that Traffic Manager Profile. | > | Microsoft.Network/trafficManagerProfiles/nestedEndpoints/delete | Deletes an Nested Endpoint from an existing Traffic Manager Profile. Traffic Manager will stop routing traffic to the deleted Nested Endpoint. |
+> | Microsoft.Network/trafficManagerProfiles/providers/Microsoft.Insights/diagnosticSettings/read | Gets the Traffic Manager Diagnostic Settings |
+> | Microsoft.Network/trafficManagerProfiles/providers/Microsoft.Insights/diagnosticSettings/write | Creates or updates the Traffic Manager diagnostic settings, this operation is supplemented by insights resource provider. |
+> | Microsoft.Network/trafficManagerProfiles/providers/Microsoft.Insights/logDefinitions/read | Gets the events for Traffic Manager |
+> | Microsoft.Network/trafficManagerProfiles/providers/Microsoft.Insights/metricDefinitions/read | Gets the available metrics for Traffic Manager. |
> | Microsoft.Network/trafficManagerUserMetricsKeys/read | Gets the subscription-level key used for Realtime User Metrics collection. | > | Microsoft.Network/trafficManagerUserMetricsKeys/write | Creates a new subscription-level key to be used for Realtime User Metrics collection. | > | Microsoft.Network/trafficManagerUserMetricsKeys/delete | Deletes the subscription-level key used for Realtime User Metrics collection. |
Azure service: [Application Gateway](../application-gateway/index.yml), [Azure B
> | microsoft.network/virtualNetworkGateways/natRules/read | Gets a NAT rule resource | > | microsoft.network/virtualNetworkGateways/natRules/write | Puts a NAT rule resource | > | microsoft.network/virtualNetworkGateways/natRules/delete | Deletes a NAT rule resource |
+> | Microsoft.Network/virtualNetworkGateways/providers/Microsoft.Insights/diagnosticSettings/read | Gets the Virtual Network Gateway Diagnostic Settings |
+> | Microsoft.Network/virtualNetworkGateways/providers/Microsoft.Insights/diagnosticSettings/write | Creates or updates the Virtual Network Gateway diagnostic settings, this operation is supplemented by insights resource provider. |
+> | Microsoft.Network/virtualNetworkGateways/providers/Microsoft.Insights/logDefinitions/read | Gets the events for Virtual Network Gateway |
+> | Microsoft.Network/virtualNetworkGateways/providers/Microsoft.Insights/metricDefinitions/read | Gets the available metrics for Virtual Network Gateway |
> | Microsoft.Network/virtualNetworks/read | Get the virtual network definition | > | Microsoft.Network/virtualNetworks/write | Creates a virtual network or updates an existing virtual network | > | Microsoft.Network/virtualNetworks/delete | Deletes a virtual network |
Azure service: [Application Gateway](../application-gateway/index.yml), [Azure B
> | Microsoft.Network/virtualNetworks/BastionHosts/action | Gets Bastion Host references in a Virtual Network. | > | Microsoft.Network/virtualNetworks/bastionHosts/default/action | Gets Bastion Host references in a Virtual Network. | > | Microsoft.Network/virtualNetworks/checkIpAddressAvailability/read | Check if Ip Address is available at the specified virtual network |
+> | Microsoft.Network/virtualNetworks/customViews/read | Get definition of a custom view of Virtual Network |
+> | Microsoft.Network/virtualNetworks/customViews/get/action | Get a Virtual Network custom view content |
> | Microsoft.Network/virtualNetworks/dnsForwardingRulesets/read | Gets a DNS Forwarding Ruleset for Virtual Network, in JSON format | > | Microsoft.Network/virtualNetworks/dnsResolvers/read | Gets a DNS Resolver for Virtual Network, in JSON format | > | Microsoft.Network/virtualNetworks/privateDnsZoneLinks/read | Get the Private DNS zone link to a virtual network properties, in JSON format. |
+> | Microsoft.Network/virtualNetworks/providers/Microsoft.Insights/diagnosticSettings/read | Get the diagnostic settings of Virtual Network |
+> | Microsoft.Network/virtualNetworks/providers/Microsoft.Insights/diagnosticSettings/write | Create or update the diagnostic settings of the Virtual Network |
+> | Microsoft.Network/virtualNetworks/providers/Microsoft.Insights/logDefinitions/read | Get the log definitions of Virtual Network |
+> | Microsoft.Network/virtualNetworks/providers/Microsoft.Insights/metricDefinitions/read | Gets available metrics for the PingMesh |
+> | Microsoft.Network/virtualNetworks/remoteVirtualNetworkPeeringProxies/read | Gets a virtual network peering proxy definition |
+> | Microsoft.Network/virtualNetworks/remoteVirtualNetworkPeeringProxies/write | Creates a virtual network peering proxy or updates an existing virtual network peering proxy |
+> | Microsoft.Network/virtualNetworks/remoteVirtualNetworkPeeringProxies/delete | Deletes a virtual network peering proxy |
> | Microsoft.Network/virtualNetworks/subnets/read | Gets a virtual network subnet definition | > | Microsoft.Network/virtualNetworks/subnets/write | Creates a virtual network subnet or updates an existing virtual network subnet | > | Microsoft.Network/virtualNetworks/subnets/delete | Deletes a virtual network subnet |
Azure service: [Application Gateway](../application-gateway/index.yml), [Azure B
> | Microsoft.Network/virtualNetworks/subnets/contextualServiceEndpointPolicies/read | Gets Contextual Service Endpoint Policies | > | Microsoft.Network/virtualNetworks/subnets/contextualServiceEndpointPolicies/write | Creates a Contextual Service Endpoint Policy or updates an existing Contextual Service Endpoint Policy | > | Microsoft.Network/virtualNetworks/subnets/contextualServiceEndpointPolicies/delete | Deletes A Contextual Service Endpoint Policy |
+> | Microsoft.Network/virtualNetworks/subnets/resourceNavigationLinks/read | Get the Resource Navigation Link definition |
+> | Microsoft.Network/virtualNetworks/subnets/resourceNavigationLinks/write | Creates a Resource Navigation Link or updates an existing Resource Navigation Link |
+> | Microsoft.Network/virtualNetworks/subnets/resourceNavigationLinks/delete | Deletes a Resource Navigation Link |
+> | Microsoft.Network/virtualNetworks/subnets/serviceAssociationLinks/read | Gets a Service Association Link definition |
+> | Microsoft.Network/virtualNetworks/subnets/serviceAssociationLinks/write | Creates a Service Association Link or updates an existing Service Association Link |
+> | Microsoft.Network/virtualNetworks/subnets/serviceAssociationLinks/delete | Deletes a Service Association Link |
+> | Microsoft.Network/virtualNetworks/subnets/serviceAssociationLinks/validate/action | Validates a Service Association Link |
+> | Microsoft.Network/virtualNetworks/subnets/serviceAssociationLinks/details/read | Gets a Service Association Link Detail Definition |
> | Microsoft.Network/virtualNetworks/subnets/virtualMachines/read | Gets references to all the virtual machines in a virtual network subnet |
+> | Microsoft.Network/virtualNetworks/taggedTrafficConsumers/read | Get the Tagged Traffic Consumer definition |
+> | Microsoft.Network/virtualNetworks/taggedTrafficConsumers/write | Creates a Tagged Traffic Consumer or updates an existing Tagged Traffic Consumer |
+> | Microsoft.Network/virtualNetworks/taggedTrafficConsumers/delete | Deletes a Tagged Traffic Consumer |
+> | Microsoft.Network/virtualNetworks/taggedTrafficConsumers/validate/action | Validates a Tagged Traffic Consumer |
> | Microsoft.Network/virtualNetworks/usages/read | Get the IP usages for each subnet of the virtual network | > | Microsoft.Network/virtualNetworks/virtualMachines/read | Gets references to all the virtual machines in a virtual network | > | Microsoft.Network/virtualNetworks/virtualNetworkPeerings/read | Gets a virtual network peering definition |
Azure service: [Application Gateway](../application-gateway/index.yml), [Azure B
> | Microsoft.Network/virtualNetworkTaps/join/action | Joins a virtual network tap. Not Alertable. | > | Microsoft.Network/virtualNetworkTaps/delete | Delete Virtual Network Tap | > | Microsoft.Network/virtualNetworkTaps/write | Create or Update Virtual Network Tap |
+> | Microsoft.Network/virtualNetworkTaps/networkInterfaceTapConfigurationProxies/read | Gets a Network Interface Tap Configuration Proxy. |
+> | Microsoft.Network/virtualNetworkTaps/networkInterfaceTapConfigurationProxies/write | Creates a Network Interface Tap Configuration Proxy Or updates an existing Network Interface Tap Configuration Proxy. |
+> | Microsoft.Network/virtualNetworkTaps/networkInterfaceTapConfigurationProxies/delete | Deletes a Network Interface Tap Configuration Proxy. |
> | Microsoft.Network/virtualRouters/read | Gets A VirtualRouter | > | Microsoft.Network/virtualRouters/write | Creates A VirtualRouter or Updates An Existing VirtualRouter | > | Microsoft.Network/virtualRouters/delete | Deletes A VirtualRouter |
Azure service: [Application Gateway](../application-gateway/index.yml), [Azure B
> | Microsoft.Network/virtualRouters/peerings/read | Gets A VirtualRouterPeering | > | Microsoft.Network/virtualRouters/peerings/write | Creates A VirtualRouterPeering or Updates An Existing VirtualRouterPeering | > | Microsoft.Network/virtualRouters/peerings/delete | Deletes A VirtualRouterPeering |
+> | Microsoft.Network/virtualRouters/providers/Microsoft.Insights/metricDefinitions/read | Gets The Metric Definitions For VirtualRouter |
> | Microsoft.Network/virtualWans/delete | Deletes a Virtual Wan | > | Microsoft.Network/virtualWans/read | Get a Virtual Wan | > | Microsoft.Network/virtualWans/write | Create or update a Virtual Wan |
Azure service: [Application Gateway](../application-gateway/index.yml), [Azure B
> | Microsoft.network/virtualWans/p2sVpnServerConfigurations/write | Creates a virtual Wan P2SVpnServerConfiguration or updates an existing virtual Wan P2SVpnServerConfiguration | > | Microsoft.network/virtualWans/p2sVpnServerConfigurations/delete | Deletes a virtual Wan P2SVpnServerConfiguration | > | Microsoft.Network/virtualwans/supportedSecurityProviders/read | Gets supported VirtualWan Security Providers. |
+> | Microsoft.Network/virtualWans/virtualHubProxies/read | Gets a Virtual Hub proxy definition |
+> | Microsoft.Network/virtualWans/virtualHubProxies/write | Creates a Virtual Hub proxy or updates a Virtual Hub proxy |
+> | Microsoft.Network/virtualWans/virtualHubProxies/delete | Deletes a Virtual Hub proxy |
> | Microsoft.Network/virtualWans/virtualHubs/read | Gets all Virtual Hubs that reference a Virtual Wan. |
+> | Microsoft.Network/virtualWans/vpnSiteProxies/read | Gets a Vpn Site proxy definition |
+> | Microsoft.Network/virtualWans/vpnSiteProxies/write | Creates a Vpn Site proxy or updates a Vpn Site proxy |
+> | Microsoft.Network/virtualWans/vpnSiteProxies/delete | Deletes a Vpn Site proxy |
> | Microsoft.Network/virtualWans/vpnSites/read | Gets all VPN Sites that reference a Virtual Wan. | > | Microsoft.Network/vpnGateways/read | Gets a VpnGateway. | > | Microsoft.Network/vpnGateways/write | Puts a VpnGateway. |
Azure service: [Application Gateway](../application-gateway/index.yml), [Azure B
> | microsoft.network/vpnGateways/natRules/read | Gets a NAT rule resource | > | microsoft.network/vpnGateways/natRules/write | Puts a NAT rule resource | > | microsoft.network/vpnGateways/natRules/delete | Deletes a NAT rule resource |
+> | Microsoft.Network/vpnGateways/providers/Microsoft.Insights/diagnosticSettings/read | Gets the Vpn Gateway Diagnostic Settings |
+> | Microsoft.Network/vpnGateways/providers/Microsoft.Insights/diagnosticSettings/write | Creates or updates the Vpn Gateway diagnostic settings, this operation is supplemented by insights resource provider. |
+> | Microsoft.Network/vpnGateways/providers/Microsoft.Insights/logDefinitions/read | Gets the events for Vpn Gateway |
+> | Microsoft.Network/vpnGateways/providers/Microsoft.Insights/metricDefinitions/read | Gets the available metrics for Vpn Gateway |
> | microsoft.network/vpnGateways/vpnConnections/read | Gets a VpnConnection. | > | microsoft.network/vpnGateways/vpnConnections/write | Puts a VpnConnection. | > | microsoft.network/vpnGateways/vpnConnections/delete | Deletes a VpnConnection. |
Azure service: [Application Gateway](../application-gateway/index.yml), [Azure B
> | Microsoft.Network/vpnServerConfigurations/read | Get VpnServerConfiguration | > | Microsoft.Network/vpnServerConfigurations/write | Create or Update VpnServerConfiguration | > | Microsoft.Network/vpnServerConfigurations/delete | Delete VpnServerConfiguration |
+> | Microsoft.Network/vpnServerConfigurations/p2sVpnGatewayProxies/read | Gets a P2SVpnGateway Proxy definition |
+> | Microsoft.Network/vpnServerConfigurations/p2sVpnGatewayProxies/write | Creates a P2SVpnGateway Proxy or updates a P2SVpnGateway Proxy |
+> | Microsoft.Network/vpnServerConfigurations/p2sVpnGatewayProxies/delete | Deletes a P2SVpnGateway Proxy |
> | Microsoft.Network/vpnsites/read | Gets a Vpn Site resource. | > | Microsoft.Network/vpnsites/write | Creates or updates a Vpn Site resource. | > | Microsoft.Network/vpnsites/delete | Deletes a Vpn Site resource. |
Azure service: [Azure Data Share](../data-share/index.yml)
> | Microsoft.DataShare/accounts/read | Reads a Data Share Account. | > | Microsoft.DataShare/accounts/write | Writes a Data Share Account. | > | Microsoft.DataShare/accounts/delete | Deletes a Data Share Account. |
+> | Microsoft.DataShare/accounts/providers/Microsoft.Insights/diagnosticSettings/read | Gets the diagnostic setting for the resource. |
+> | Microsoft.DataShare/accounts/providers/Microsoft.Insights/diagnosticSettings/write | Creates or updates the diagnostic setting for the resource. |
+> | Microsoft.DataShare/accounts/providers/Microsoft.Insights/logDefinitions/read | Gets the available logs for account. |
+> | Microsoft.DataShare/accounts/providers/Microsoft.Insights/metricDefinitions/read | Gets the available metrics for account. |
> | Microsoft.DataShare/accounts/shares/read | Reads a Data Share Share. | > | Microsoft.DataShare/accounts/shares/write | Writes a Data Share Share. | > | Microsoft.DataShare/accounts/shares/delete | Deletes a Data Share Share. |
Azure service: [Azure NetApp Files](../azure-netapp-files/index.yml)
> | Microsoft.NetApp/netAppAccounts/capacityPools/read | Reads a pool resource. | > | Microsoft.NetApp/netAppAccounts/capacityPools/write | Writes a pool resource. | > | Microsoft.NetApp/netAppAccounts/capacityPools/delete | Deletes a pool resource. |
+> | Microsoft.NetApp/netAppAccounts/capacityPools/providers/Microsoft.Insights/diagnosticSettings/read | Gets the diagnostic setting for the resource. |
+> | Microsoft.NetApp/netAppAccounts/capacityPools/providers/Microsoft.Insights/diagnosticSettings/write | Creates or updates the diagnostic setting for the resource. |
+> | Microsoft.NetApp/netAppAccounts/capacityPools/providers/Microsoft.Insights/logDefinitions/read | Gets the log definitions for the resource. |
+> | Microsoft.NetApp/netAppAccounts/capacityPools/providers/Microsoft.Insights/metricDefinitions/read | Gets the available metrics for Volume resource. |
> | Microsoft.NetApp/netAppAccounts/capacityPools/volumes/read | Reads a volume resource. | > | Microsoft.NetApp/netAppAccounts/capacityPools/volumes/write | Writes a volume resource. | > | Microsoft.NetApp/netAppAccounts/capacityPools/volumes/delete | Deletes a volume resource. |
Azure service: [Azure NetApp Files](../azure-netapp-files/index.yml)
> | Microsoft.NetApp/netAppAccounts/capacityPools/volumes/backups/delete | Deletes a backup resource. | > | Microsoft.NetApp/netAppAccounts/capacityPools/volumes/BackupStatus/read | | > | Microsoft.NetApp/netAppAccounts/capacityPools/volumes/MountTargets/read | Reads a mount target resource. |
+> | Microsoft.NetApp/netAppAccounts/capacityPools/volumes/providers/Microsoft.Insights/diagnosticSettings/read | Gets the diagnostic setting for the resource. |
+> | Microsoft.NetApp/netAppAccounts/capacityPools/volumes/providers/Microsoft.Insights/diagnosticSettings/write | Creates or updates the diagnostic setting for the resource. |
+> | Microsoft.NetApp/netAppAccounts/capacityPools/volumes/providers/Microsoft.Insights/metricDefinitions/read | Gets the available metrics for Volume resource. |
> | Microsoft.NetApp/netAppAccounts/capacityPools/volumes/ReplicationStatus/read | Reads the statuses of the Volume Replication. | > | Microsoft.NetApp/netAppAccounts/capacityPools/volumes/RestoreStatus/read | | > | Microsoft.NetApp/netAppAccounts/capacityPools/volumes/snapshots/read | Reads a snapshot resource. |
Azure service: [Storage](../storage/index.yml)
> | Microsoft.Storage/storageAccounts/blobServices/containers/immutabilityPolicies/write | Put blob container immutability policy | > | Microsoft.Storage/storageAccounts/blobServices/containers/immutabilityPolicies/lock/action | Lock blob container immutability policy | > | Microsoft.Storage/storageAccounts/blobServices/containers/immutabilityPolicies/read | Get blob container immutability policy |
+> | Microsoft.Storage/storageAccounts/blobServices/providers/Microsoft.Insights/diagnosticSettings/read | Gets the diagnostic setting for the resource. |
+> | Microsoft.Storage/storageAccounts/blobServices/providers/Microsoft.Insights/diagnosticSettings/write | Creates or updates the diagnostic setting for the resource. |
+> | Microsoft.Storage/storageAccounts/blobServices/providers/Microsoft.Insights/logDefinitions/read | Gets the log definition for Blob |
+> | Microsoft.Storage/storageAccounts/blobServices/providers/Microsoft.Insights/metricDefinitions/read | Get list of Microsoft Storage Metrics definitions. |
> | Microsoft.Storage/storageAccounts/consumerDataSharePolicies/read | | > | Microsoft.Storage/storageAccounts/consumerDataSharePolicies/write | | > | Microsoft.Storage/storageAccounts/dataSharePolicies/delete | |
Azure service: [Storage](../storage/index.yml)
> | Microsoft.Storage/storageAccounts/fileServices/read | List file services | > | Microsoft.Storage/storageAccounts/fileServices/write | Put file service properties | > | Microsoft.Storage/storageAccounts/fileServices/read | Get file service properties |
+> | Microsoft.Storage/storageAccounts/fileServices/providers/Microsoft.Insights/diagnosticSettings/read | Gets the diagnostic setting for the resource. |
+> | Microsoft.Storage/storageAccounts/fileServices/providers/Microsoft.Insights/diagnosticSettings/write | Creates or updates the diagnostic setting for the resource. |
+> | Microsoft.Storage/storageAccounts/fileServices/providers/Microsoft.Insights/logDefinitions/read | Gets the log definition for File |
+> | Microsoft.Storage/storageAccounts/fileServices/providers/Microsoft.Insights/metricDefinitions/read | Get list of Microsoft Storage Metrics definitions. |
> | Microsoft.Storage/storageAccounts/fileServices/shares/delete | Delete file share | > | Microsoft.Storage/storageAccounts/fileServices/shares/read | Get file share | > | Microsoft.Storage/storageAccounts/fileServices/shares/lease/action | |
Azure service: [Storage](../storage/index.yml)
> | Microsoft.Storage/storageAccounts/privateEndpointConnections/read | Get Private Endpoint Connection | > | Microsoft.Storage/storageAccounts/privateEndpointConnections/write | Put Private Endpoint Connection | > | Microsoft.Storage/storageAccounts/privateLinkResources/read | Get StorageAccount groupids |
+> | Microsoft.Storage/storageAccounts/providers/Microsoft.Insights/diagnosticSettings/read | Gets the diagnostic setting for the resource. |
+> | Microsoft.Storage/storageAccounts/providers/Microsoft.Insights/diagnosticSettings/write | Creates or updates the diagnostic setting for the resource. |
+> | Microsoft.Storage/storageAccounts/providers/Microsoft.Insights/metricDefinitions/read | Get list of Microsoft Storage Metrics definitions. |
> | Microsoft.Storage/storageAccounts/queueServices/read | | > | Microsoft.Storage/storageAccounts/queueServices/write | | > | Microsoft.Storage/storageAccounts/queueServices/read | Get Queue service properties | > | Microsoft.Storage/storageAccounts/queueServices/read | Returns queue service properties or statistics. | > | Microsoft.Storage/storageAccounts/queueServices/write | Returns the result of setting queue service properties |
+> | Microsoft.Storage/storageAccounts/queueServices/providers/Microsoft.Insights/diagnosticSettings/read | Gets the diagnostic setting for the resource. |
+> | Microsoft.Storage/storageAccounts/queueServices/providers/Microsoft.Insights/diagnosticSettings/write | Creates or updates the diagnostic setting for the resource. |
+> | Microsoft.Storage/storageAccounts/queueServices/providers/Microsoft.Insights/logDefinitions/read | Gets the log definition for Queue |
+> | Microsoft.Storage/storageAccounts/queueServices/providers/Microsoft.Insights/metricDefinitions/read | Get list of Microsoft Storage Metrics definitions. |
> | Microsoft.Storage/storageAccounts/queueServices/queues/delete | | > | Microsoft.Storage/storageAccounts/queueServices/queues/read | | > | Microsoft.Storage/storageAccounts/queueServices/queues/read | |
Azure service: [Storage](../storage/index.yml)
> | Microsoft.Storage/storageAccounts/tableServices/write | | > | Microsoft.Storage/storageAccounts/tableServices/read | Get table service properties or statistics | > | Microsoft.Storage/storageAccounts/tableServices/write | Set table service properties |
+> | Microsoft.Storage/storageAccounts/tableServices/providers/Microsoft.Insights/diagnosticSettings/read | Gets the diagnostic setting for the resource. |
+> | Microsoft.Storage/storageAccounts/tableServices/providers/Microsoft.Insights/diagnosticSettings/write | Creates or updates the diagnostic setting for the resource. |
+> | Microsoft.Storage/storageAccounts/tableServices/providers/Microsoft.Insights/logDefinitions/read | Gets the log definition for Table |
+> | Microsoft.Storage/storageAccounts/tableServices/providers/Microsoft.Insights/metricDefinitions/read | Get list of Microsoft Storage Metrics definitions. |
> | Microsoft.Storage/storageAccounts/tableServices/tables/delete | | > | Microsoft.Storage/storageAccounts/tableServices/tables/read | | > | Microsoft.Storage/storageAccounts/tableServices/tables/read | |
Azure service: [Azure Spring Cloud](../spring-cloud/index.yml)
> | Microsoft.AppPlatform/Spring/detectors/read | Get the detectors for a specific Azure Spring Cloud service instance | > | Microsoft.AppPlatform/Spring/monitoringSettings/read | Get the monitoring setting for a specific Azure Spring Cloud service instance | > | Microsoft.AppPlatform/Spring/monitoringSettings/write | Create or update the monitoring setting for a specific Azure Spring Cloud service instance |
+> | Microsoft.AppPlatform/Spring/providers/Microsoft.Insights/diagnosticSettings/read | Get the diagnostic settings for a specific Azure Spring Cloud service instance |
+> | Microsoft.AppPlatform/Spring/providers/Microsoft.Insights/diagnosticSettings/write | Create or update the diagnostic settings for a specific Azure Spring Cloud service instance |
+> | Microsoft.AppPlatform/Spring/providers/Microsoft.Insights/logDefinitions/read | Get definitions of logs from Azure Spring Cloud service instance |
+> | Microsoft.AppPlatform/Spring/providers/Microsoft.Insights/metricDefinitions/read | Get definitions of metrics from Azure Spring Cloud service instance |
> | **DataAction** | **Description** | > | Microsoft.AppPlatform/Spring/configService/read | Read the configuration content(for example, application.yaml) for a specific Azure Spring Cloud service instance | > | Microsoft.AppPlatform/Spring/eurekaService/read | Read the user app(s) registration information for a specific Azure Spring Cloud service instance |
Azure service: [Azure Maps](../azure-maps/index.yml)
> | Microsoft.Maps/accounts/eventGridFilters/delete | Delete an Event Grid filter. | > | Microsoft.Maps/accounts/eventGridFilters/read | Get an Event Grid filter | > | Microsoft.Maps/accounts/eventGridFilters/write | Create or update an Event Grid filter. |
+> | Microsoft.Maps/accounts/providers/Microsoft.Insights/diagnosticSettings/read | Gets the diagnostic setting for the resource |
+> | Microsoft.Maps/accounts/providers/Microsoft.Insights/diagnosticSettings/write | Creates or updates the diagnostic setting for the resource |
+> | Microsoft.Maps/accounts/providers/Microsoft.Insights/metricDefinitions/read | Gets the available metrics for Maps Accounts |
> | Microsoft.Maps/operations/read | Read the provider operations | > | Microsoft.Maps/resourceTypes/read | Read the provider resourceTypes | > | **DataAction** | **Description** |
Azure service: [Media Services](../media-services/index.yml)
> | Microsoft.Media/mediaservices/liveEvents/liveOutputs/read | Read any Live Output | > | Microsoft.Media/mediaservices/liveEvents/liveOutputs/write | Create or Update any Live Output | > | Microsoft.Media/mediaservices/liveEvents/liveOutputs/delete | Delete any Live Output |
+> | Microsoft.Media/mediaservices/liveEvents/providers/Microsoft.Insights/diagnosticSettings/read | Gets the diagnostic setting for the resource. |
+> | Microsoft.Media/mediaservices/liveEvents/providers/Microsoft.Insights/diagnosticSettings/write | Creates or updates the diagnostic setting for the resource. |
+> | Microsoft.Media/mediaservices/liveEvents/providers/Microsoft.Insights/metricDefinitions/read | Get a list of Media Services Live Event Metrics definitions. |
> | Microsoft.Media/mediaservices/liveOutputOperations/read | Read any Live Output Operation | > | Microsoft.Media/mediaservices/privateEndpointConnectionOperations/read | Read any Private Endpoint Connection Operation | > | Microsoft.Media/mediaservices/privateEndpointConnectionProxies/read | Read any Private Endpoint Connection Proxy |
Azure service: [Media Services](../media-services/index.yml)
> | Microsoft.Media/mediaservices/privateEndpointConnections/write | Create Private Endpoint Connection | > | Microsoft.Media/mediaservices/privateEndpointConnections/delete | Delete Private Endpoint Connection | > | Microsoft.Media/mediaservices/privateLinkResources/read | Read any Private Link Resource |
+> | Microsoft.Media/mediaservices/providers/Microsoft.Insights/diagnosticSettings/read | Gets the diagnostic setting for the resource. |
+> | Microsoft.Media/mediaservices/providers/Microsoft.Insights/diagnosticSettings/write | Creates or updates the diagnostic setting for the resource. |
+> | Microsoft.Media/mediaservices/providers/Microsoft.Insights/logDefinitions/read | Gets the available logs for a Media Services Account |
+> | Microsoft.Media/mediaservices/providers/Microsoft.Insights/metricDefinitions/read | Get list of Media Services Metric definitions. |
> | Microsoft.Media/mediaservices/streamingEndpointOperations/read | Read any Streaming Endpoint Operation | > | Microsoft.Media/mediaservices/streamingEndpoints/read | Read any Streaming Endpoint | > | Microsoft.Media/mediaservices/streamingEndpoints/write | Create or Update any Streaming Endpoint |
Azure service: [Media Services](../media-services/index.yml)
> | Microsoft.Media/mediaservices/streamingEndpoints/start/action | Start any Streaming Endpoint Operation | > | Microsoft.Media/mediaservices/streamingEndpoints/stop/action | Stop any Streaming Endpoint Operation | > | Microsoft.Media/mediaservices/streamingEndpoints/scale/action | Scale any Streaming Endpoint Operation |
+> | Microsoft.Media/mediaservices/streamingEndpoints/providers/Microsoft.Insights/diagnosticSettings/read | Gets the diagnostic setting for the resource. |
+> | Microsoft.Media/mediaservices/streamingEndpoints/providers/Microsoft.Insights/diagnosticSettings/write | Creates or updates the diagnostic setting for the resource. |
+> | Microsoft.Media/mediaservices/streamingEndpoints/providers/Microsoft.Insights/metricDefinitions/read | Get list of Media Services Streaming Endpoint Metrics definitions. |
> | Microsoft.Media/mediaservices/streamingLocators/read | Read any Streaming Locator | > | Microsoft.Media/mediaservices/streamingLocators/write | Create or Update any Streaming Locator | > | Microsoft.Media/mediaservices/streamingLocators/delete | Delete any Streaming Locator |
Azure service: [Azure Search](../search/index.yml)
> | Microsoft.Search/searchServices/debugSessions/delete | Delete a debug session. | > | Microsoft.Search/searchServices/debugSessions/execute/action | Use a debug session, get execution data, or evaluate expressions on it. | > | Microsoft.Search/searchServices/deleteQueryKey/delete | Deletes the query key. |
+> | Microsoft.Search/searchServices/diagnosticSettings/read | Gets the diganostic setting read for the resource |
+> | Microsoft.Search/searchServices/diagnosticSettings/write | Creates or updates the diganostic setting for the resource |
> | Microsoft.Search/searchServices/indexers/read | Return an indexer or its status, or return a list of indexers or their statuses. | > | Microsoft.Search/searchServices/indexers/write | Create an indexer, modify its properties, or manage its execution. | > | Microsoft.Search/searchServices/indexers/delete | Delete an indexer. | > | Microsoft.Search/searchServices/indexes/read | Return an index or its statistics, return a list of indexes or their statistics, or test the lexical analysis components of an index. | > | Microsoft.Search/searchServices/indexes/write | Create an index or modify its properties. | > | Microsoft.Search/searchServices/indexes/delete | Delete an index. |
+> | Microsoft.Search/searchServices/logDefinitions/read | Gets the available logs for the search service |
+> | Microsoft.Search/searchServices/metricDefinitions/read | Gets the available metrics for the search service |
> | Microsoft.Search/searchServices/privateEndpointConnectionProxies/validate/action | Validates a private endpoint connection create call from NRP side | > | Microsoft.Search/searchServices/privateEndpointConnectionProxies/write | Creates a private endpoint connection proxy with the specified parameters or updates the properties or tags for the specified private endpoint connection proxy | > | Microsoft.Search/searchServices/privateEndpointConnectionProxies/read | Returns the list of private endpoint connection proxies or gets the properties for the specified private endpoint connection proxy |
Azure service: [Azure SignalR Service](../azure-signalr/index.yml)
> | Microsoft.SignalRService/SignalR/privateEndpointConnections/read | Read Private Endpoint Connection | > | Microsoft.SignalRService/SignalR/privateEndpointConnections/delete | Delete Private Endpoint Connection | > | Microsoft.SignalRService/SignalR/privateLinkResources/read | List Private Link Resources |
+> | Microsoft.SignalRService/SignalR/providers/Microsoft.Insights/diagnosticSettings/read | Gets the diagnostic setting for the resource |
+> | Microsoft.SignalRService/SignalR/providers/Microsoft.Insights/diagnosticSettings/write | Creates or updates the diagnostic setting for the resource |
+> | Microsoft.SignalRService/SignalR/providers/Microsoft.Insights/logDefinitions/read | Get the available logs of a SignalR resource. |
+> | Microsoft.SignalRService/SignalR/providers/Microsoft.Insights/metricDefinitions/read | Get the available metrics of a SignalR resource. |
> | Microsoft.SignalRService/SignalR/sharedPrivateLinkResources/write | Write Shared Private Link Resource | > | Microsoft.SignalRService/SignalR/sharedPrivateLinkResources/read | Read Shared Private Link Resource | > | Microsoft.SignalRService/SignalR/sharedPrivateLinkResources/delete | Delete Shared Private Link Resource |
Azure service: [Azure SignalR Service](../azure-signalr/index.yml)
> | Microsoft.SignalRService/WebPubSub/privateEndpointConnections/read | Read Private Endpoint Connection | > | Microsoft.SignalRService/WebPubSub/privateEndpointConnections/delete | Delete Private Endpoint Connection | > | Microsoft.SignalRService/WebPubSub/privateLinkResources/read | List Private Link Resources |
+> | Microsoft.SignalRService/WebPubSub/providers/Microsoft.Insights/diagnosticSettings/read | Gets the diagnostic setting for the resource |
+> | Microsoft.SignalRService/WebPubSub/providers/Microsoft.Insights/diagnosticSettings/write | Creates or updates the diagnostic setting for the resource |
+> | Microsoft.SignalRService/WebPubSub/providers/Microsoft.Insights/logDefinitions/read | Get the available logs of a WebPubSub resource. |
+> | Microsoft.SignalRService/WebPubSub/providers/Microsoft.Insights/metricDefinitions/read | Get the available metrics of a WebPubSub resource. |
> | Microsoft.SignalRService/WebPubSub/sharedPrivateLinkResources/write | Write Shared Private Link Resource | > | Microsoft.SignalRService/WebPubSub/sharedPrivateLinkResources/read | Read Shared Private Link Resource | > | Microsoft.SignalRService/WebPubSub/sharedPrivateLinkResources/delete | Delete Shared Private Link Resource |
Azure service: [App Service](../app-service/index.yml), [Azure Functions](../azu
> | microsoft.web/apimanagementaccounts/apis/localizeddefinitions/write | Update Api Management Accounts APIs Localized Definitions. | > | microsoft.web/apimanagementaccounts/connectionacls/read | Get Api Management Accounts Connectionacls. | > | microsoft.web/availablestacks/read | Get Available Stacks. |
+> | microsoft.web/billingmeters/read | Get list of billing meters. |
> | Microsoft.Web/certificates/Read | Get the list of certificates. | > | Microsoft.Web/certificates/Write | Add a new certificate or update an existing one. | > | Microsoft.Web/certificates/Delete | Delete an existing certificate. |
Azure service: [App Service](../app-service/index.yml), [Azure Functions](../azu
> | microsoft.web/connections/listconsentlinks/action | List Consent Links for Connections. | > | microsoft.web/connections/listConnectionKeys/action | Lists API Connections Keys. | > | microsoft.web/connections/revokeConnectionKeys/action | Revokes API Connections Keys. |
+> | Microsoft.Web/connections/providers/Microsoft.Insights/metricDefinitions/Read | Gets the available metrics for API Connections |
> | Microsoft.Web/customApis/Read | Get the list of Custom API. | > | Microsoft.Web/customApis/Write | Creates or updates a Custom API. | > | Microsoft.Web/customApis/Delete | Deletes a Custom API. |
Azure service: [App Service](../app-service/index.yml), [Azure Functions](../azu
> | Microsoft.Web/hostingEnvironments/multiRolePools/Write | Create a new FrontEnd Pool in an App Service Environment or update an existing one | > | microsoft.web/hostingenvironments/multirolepools/metricdefinitions/read | Get Hosting Environments MultiRole Pools Metric Definitions. | > | microsoft.web/hostingenvironments/multirolepools/metrics/read | Get Hosting Environments MultiRole Pools Metrics. |
+> | Microsoft.Web/hostingEnvironments/multiRolePools/providers/Microsoft.Insights/metricDefinitions/Read | Gets the available metrics for App Service Environment MultiRole |
> | microsoft.web/hostingenvironments/multirolepools/skus/read | Get Hosting Environments MultiRole Pools SKUs. | > | microsoft.web/hostingenvironments/multirolepools/usages/read | Get Hosting Environments MultiRole Pools Usages. | > | microsoft.web/hostingenvironments/operations/read | Get Hosting Environments Operations. | > | microsoft.web/hostingenvironments/outboundnetworkdependenciesendpoints/read | Get the network endpoints of all outbound dependencies. |
+> | Microsoft.Web/hostingEnvironments/privateEndpointConnectionProxies/Read | Read Private Endpoint Connection Proxies |
+> | Microsoft.Web/hostingEnvironments/privateEndpointConnectionProxies/Write | Create or Update Private Endpoint Connection Proxies |
+> | Microsoft.Web/hostingEnvironments/privateEndpointConnectionProxies/Delete | Delete Private Endpoint Connection Proxies |
+> | Microsoft.Web/hostingEnvironments/privateEndpointConnectionProxies/validate/action | Validate Private Endpoint Connection Proxies |
+> | Microsoft.Web/hostingEnvironments/privateEndpointConnectionProxies/operations/Read | Read Private Endpoint Connection Proxy Operations |
> | Microsoft.Web/hostingEnvironments/privateEndpointConnections/Write | Approve or Reject a private endpoint connection. | > | Microsoft.Web/hostingEnvironments/privateEndpointConnections/Read | Get a private endpoint connection or the list of private endpoint connections. | > | Microsoft.Web/hostingEnvironments/privateEndpointConnections/Delete | Delete a private endpoint connection. | > | Microsoft.Web/hostingEnvironments/privateLinkResources/Read | Get Private Link Resources. |
+> | microsoft.web/hostingenvironments/providers/Microsoft.Insights/diagnosticSettings/read | Gets the diagnostic setting for the resource |
+> | microsoft.web/hostingenvironments/providers/Microsoft.Insights/diagnosticSettings/write | Creates or updates the diagnostic setting for the resource |
+> | microsoft.web/hostingenvironments/providers/Microsoft.Insights/logDefinitions/read | Read hosting environments log definitions |
+> | Microsoft.Web/hostingEnvironments/providers/Microsoft.Insights/metricDefinitions/Read | Gets the available metrics for App Service Environment |
> | microsoft.web/hostingenvironments/serverfarms/read | Get Hosting Environments App Service Plans. | > | microsoft.web/hostingenvironments/sites/read | Get Hosting Environments Web Apps. | > | microsoft.web/hostingenvironments/usages/read | Get Hosting Environments Usages. |
Azure service: [App Service](../app-service/index.yml), [Azure Functions](../azu
> | Microsoft.Web/hostingEnvironments/workerPools/Write | Create a new Worker Pool in an App Service Environment or update an existing one | > | microsoft.web/hostingenvironments/workerpools/metricdefinitions/read | Get Hosting Environments Workerpools Metric Definitions. | > | microsoft.web/hostingenvironments/workerpools/metrics/read | Get Hosting Environments Workerpools Metrics. |
+> | Microsoft.Web/hostingEnvironments/workerPools/providers/Microsoft.Insights/metricDefinitions/Read | Gets the available metrics for App Service Environment WorkerPool |
> | microsoft.web/hostingenvironments/workerpools/skus/read | Get Hosting Environments Workerpools SKUs. | > | microsoft.web/hostingenvironments/workerpools/usages/read | Get Hosting Environments Workerpools Usages. | > | microsoft.web/ishostingenvironmentnameavailable/read | Get if Hosting Environment Name is available. |
Azure service: [App Service](../app-service/index.yml), [Azure Functions](../azu
> | Microsoft.Web/kubeEnvironments/join/action | Joins a Kubernetes Environment | > | Microsoft.Web/kubeEnvironments/operations/read | Get the operations for a Kubernetes Environment | > | Microsoft.Web/listSitesAssignedToHostName/Read | Get names of sites assigned to hostname. |
+> | Microsoft.Web/locations/GetNetworkPolicies/action | Read Network Intent Policies |
> | microsoft.web/locations/extractapidefinitionfromwsdl/action | Extract Api Definition from WSDL for Locations. | > | microsoft.web/locations/listwsdlinterfaces/action | List WSDL Interfaces for Locations. | > | microsoft.web/locations/deleteVirtualNetworkOrSubnets/action | Vnet or subnet deletion notification for Locations. |
Azure service: [App Service](../app-service/index.yml), [Azure Functions](../azu
> | microsoft.web/serverfarms/metricdefinitions/read | Get App Service Plans Metric Definitions. | > | microsoft.web/serverfarms/metrics/read | Get App Service Plans Metrics. | > | microsoft.web/serverfarms/operationresults/read | Get App Service Plans Operation Results. |
+> | microsoft.web/serverfarms/providers/Microsoft.Insights/diagnosticSettings/read | Gets the diagnostic setting for the resource |
+> | microsoft.web/serverfarms/providers/Microsoft.Insights/diagnosticSettings/write | Creates or updates the diagnostic setting for the resource |
+> | Microsoft.Web/serverfarms/providers/Microsoft.Insights/metricDefinitions/Read | Gets the available metrics for App Service Plan |
> | microsoft.web/serverfarms/sites/read | Get App Service Plans Web Apps. | > | microsoft.web/serverfarms/skus/read | Get App Service Plans SKUs. | > | microsoft.web/serverfarms/usages/read | Get App Service Plans Usages. |
Azure service: [App Service](../app-service/index.yml), [Azure Functions](../azu
> | microsoft.web/sites/premieraddons/read | Get Web Apps Premier Addons. | > | microsoft.web/sites/premieraddons/write | Update Web Apps Premier Addons. | > | microsoft.web/sites/privateaccess/read | Get data around private site access enablement and authorized Virtual Networks that can access the site. |
+> | Microsoft.Web/sites/privateEndpointConnectionProxies/Read | Read Private Endpoint Connection Proxies |
+> | Microsoft.Web/sites/privateEndpointConnectionProxies/Write | Create or Update Private Endpoint Connection Proxies |
+> | Microsoft.Web/sites/privateEndpointConnectionProxies/Delete | Delete Private Endpoint Connection Proxies |
+> | Microsoft.Web/sites/privateEndpointConnectionProxies/validate/action | Validate Private Endpoint Connection Proxies |
+> | Microsoft.Web/sites/privateEndpointConnectionProxies/operations/Read | Read Private Endpoint Connection Proxy Operations |
> | Microsoft.Web/sites/privateEndpointConnections/Write | Approve or Reject a private endpoint connection. | > | Microsoft.Web/sites/privateEndpointConnections/Read | Get a Private Endpoint Connection or the list of Private Endpoint Connections. | > | Microsoft.Web/sites/privateEndpointConnections/Delete | Delete a Private Endpoint Connection. |
Azure service: [App Service](../app-service/index.yml), [Azure Functions](../azu
> | microsoft.web/sites/processes/read | Get Web Apps Processes. | > | microsoft.web/sites/processes/modules/read | Get Web Apps Processes Modules. | > | microsoft.web/sites/processes/threads/read | Get Web Apps Processes Threads. |
+> | microsoft.web/sites/providers/Microsoft.Insights/diagnosticSettings/read | Gets the diagnostic setting for the resource |
+> | microsoft.web/sites/providers/Microsoft.Insights/diagnosticSettings/write | Creates or updates the diagnostic setting for the resource |
+> | microsoft.web/sites/providers/Microsoft.Insights/logDefinitions/read | Gets the available logs for Web App |
+> | Microsoft.Web/sites/providers/Microsoft.Insights/metricDefinitions/Read | Gets the available metrics for Web App |
> | microsoft.web/sites/publiccertificates/delete | Delete Web Apps Public Certificates. | > | microsoft.web/sites/publiccertificates/read | Get Web Apps Public Certificates. | > | microsoft.web/sites/publiccertificates/write | Update Web Apps Public Certificates. |
Azure service: [App Service](../app-service/index.yml), [Azure Functions](../azu
> | microsoft.web/sites/slots/premieraddons/read | Get Web Apps Slots Premier Addons. | > | microsoft.web/sites/slots/premieraddons/write | Update Web Apps Slots Premier Addons. | > | microsoft.web/sites/slots/processes/read | Get Web Apps Slots Processes. |
+> | microsoft.web/sites/slots/providers/Microsoft.Insights/diagnosticSettings/read | Gets the diagnostic setting for the resource |
+> | microsoft.web/sites/slots/providers/Microsoft.Insights/diagnosticSettings/write | Creates or updates the diagnostic setting for the resource |
+> | microsoft.web/sites/slots/providers/Microsoft.Insights/logDefinitions/read | Gets the available logs for Web App slots |
+> | Microsoft.Web/sites/slots/providers/Microsoft.Insights/metricDefinitions/Read | Gets the available metrics for Web App Slot |
> | microsoft.web/sites/slots/publiccertificates/read | Get Web Apps Slots Public Certificates. | > | microsoft.web/sites/slots/publiccertificates/write | Create or Update Web Apps Slots Public Certificates. | > | microsoft.web/sites/slots/publiccertificates/delete | Delete Web Apps Slots Public Certificates. |
Azure service: [App Service](../app-service/index.yml), [Azure Functions](../azu
> | Microsoft.Web/staticSites/customdomains/Read | List the custom domains for a Static Site | > | Microsoft.Web/staticSites/customdomains/validate/Action | Validate a custom domain can be added to a Static Site | > | Microsoft.Web/staticSites/functions/Read | List the functions for a Static Site |
+> | Microsoft.Web/staticSites/privateEndpointConnectionProxies/validate/action | Validate Private Endpoint Connection Proxies for a Static Site |
+> | Microsoft.Web/staticSites/privateEndpointConnectionProxies/Write | Create or Update Private Endpoint Connection Proxies for a Static Site |
+> | Microsoft.Web/staticSites/privateEndpointConnectionProxies/Delete | Delete Private Endpoint Connection Proxies for a Static Site |
+> | Microsoft.Web/staticSites/privateEndpointConnectionProxies/Read | Get Private Endpoint Connection Proxies for a Static Site |
+> | Microsoft.Web/staticSites/privateEndpointConnectionProxies/operations/Read | Read Private Endpoint Connection Proxy Operations for a Static Site |
> | Microsoft.Web/staticSites/privateEndpointConnections/Write | Approve or Reject Private Endpoint Connection for a Static Site | > | Microsoft.Web/staticSites/privateEndpointConnections/Read | Get a private endpoint connection or the list of private endpoint connections for a static site | > | Microsoft.Web/staticSites/privateEndpointConnections/Delete | Delete a Private Endpoint Connection for a Static Site | > | Microsoft.Web/staticSites/privateLinkResources/Read | Get Private Link Resources |
+> | Microsoft.Web/staticSites/providers/Microsoft.Insights/metricDefinitions/Read | Gets the available metrics for Static Site |
> | Microsoft.Web/staticSites/userProvidedFunctionApps/Delete | Detach a User Provided Function App from a Static Site | > | Microsoft.Web/staticSites/userProvidedFunctionApps/Read | Get Static Site User Provided Function Apps | > | Microsoft.Web/staticSites/userProvidedFunctionApps/Write | Register a User Provided Function App with a Static Site |
Azure service: [Container Registry](../container-registry/index.yml)
> | Microsoft.ContainerRegistry/registries/privateEndpointConnections/read | Gets the properties of private endpoint connection or list all the private endpoint connections for the specified container registry | > | Microsoft.ContainerRegistry/registries/privateEndpointConnections/write | Approves/Rejects the private endpoint connection | > | Microsoft.ContainerRegistry/registries/privateEndpointConnections/delete | Deletes the private endpoint connection |
+> | Microsoft.ContainerRegistry/registries/providers/Microsoft.Insights/diagnosticSettings/read | Gets the diagnostic setting for the resource |
+> | Microsoft.ContainerRegistry/registries/providers/Microsoft.Insights/diagnosticSettings/write | Creates or updates the diagnostic setting for the resource |
+> | Microsoft.ContainerRegistry/registries/providers/Microsoft.Insights/logDefinitions/read | Gets the available logs for Microsoft ContainerRegistry |
+> | Microsoft.ContainerRegistry/registries/providers/Microsoft.Insights/metricDefinitions/read | Gets the available metrics for Microsoft ContainerRegistry |
> | Microsoft.ContainerRegistry/registries/pull/read | Pull or Get images from a container registry. | > | Microsoft.ContainerRegistry/registries/push/write | Push or Write images to a container registry. | > | Microsoft.ContainerRegistry/registries/quarantine/read | Pull or Get quarantined images from container registry |
Azure service: [Azure Kubernetes Service (AKS)](../aks/index.yml)
> | Microsoft.ContainerService/managedClusters/commandResults/read | Retrieve result from previous issued command. | > | Microsoft.ContainerService/managedClusters/detectors/read | Get Managed Cluster Detector | > | Microsoft.ContainerService/managedClusters/diagnosticsState/read | Gets the diagnostics state of the cluster |
+> | Microsoft.ContainerService/managedClusters/eventGridFilters/read | Get eventgrid filter |
+> | Microsoft.ContainerService/managedClusters/eventGridFilters/write | Create or Update eventgrid filter |
+> | Microsoft.ContainerService/managedClusters/eventGridFilters/delete | Delete an eventgrid filter |
+> | Microsoft.ContainerService/managedClusters/extensionaddons/read | Gets an extension addon |
+> | Microsoft.ContainerService/managedClusters/extensionaddons/write | Creates a new extension addon or updates an existing one |
+> | Microsoft.ContainerService/managedClusters/extensionaddons/delete | Deletes an extension addon |
> | Microsoft.ContainerService/managedClusters/maintenanceConfigurations/read | Gets a maintenance configuration | > | Microsoft.ContainerService/managedClusters/maintenanceConfigurations/write | Creates a new MaintenanceConfiguration or updates an existing one | > | Microsoft.ContainerService/managedClusters/maintenanceConfigurations/delete | Deletes a maintenance configuration | > | Microsoft.ContainerService/managedClusters/privateEndpointConnections/read | Get private endpoint connection | > | Microsoft.ContainerService/managedClusters/privateEndpointConnections/write | Approve or Reject a private endpoint connection | > | Microsoft.ContainerService/managedClusters/privateEndpointConnections/delete | Delete private endpoint connection |
+> | Microsoft.ContainerService/managedClusters/providers/Microsoft.Insights/diagnosticSettings/read | Get the diagnostic setting for a managed cluster resource |
+> | Microsoft.ContainerService/managedClusters/providers/Microsoft.Insights/diagnosticSettings/write | Creates or updates the diagnostic setting for a managed cluster resource |
+> | Microsoft.ContainerService/managedClusters/providers/Microsoft.Insights/logDefinitions/read | Gets the available logs for Managed Cluster |
+> | Microsoft.ContainerService/managedClusters/providers/Microsoft.Insights/metricDefinitions/read | Gets the available metrics for Managed Cluster |
> | Microsoft.ContainerService/managedClusters/upgradeProfiles/read | Gets the upgrade profile of the cluster | > | Microsoft.ContainerService/openShiftClusters/read | Get an Open Shift Cluster | > | Microsoft.ContainerService/openShiftClusters/write | Creates a new Open Shift Cluster or updates an existing one |
Azure service: [Data Factory](../data-factory/index.yml)
> | Microsoft.DataFactory/datafactories/linkedServices/read | Reads any Linked Service. | > | Microsoft.DataFactory/datafactories/linkedServices/delete | Deletes any Linked Service. | > | Microsoft.DataFactory/datafactories/linkedServices/write | Creates or Updates any Linked Service. |
+> | Microsoft.DataFactory/datafactories/providers/Microsoft.Insights/diagnosticSettings/read | Gets the diagnostic setting for the resource |
+> | Microsoft.DataFactory/datafactories/providers/Microsoft.Insights/diagnosticSettings/write | Creates or updates the diagnostic setting for the resource |
+> | Microsoft.DataFactory/datafactories/providers/Microsoft.Insights/metricDefinitions/read | Gets the available metrics for datafactories |
> | Microsoft.DataFactory/datafactories/runs/loginfo/read | Reads a SAS URI to a blob container containing the logs. | > | Microsoft.DataFactory/datafactories/tables/read | Reads any Dataset. | > | Microsoft.DataFactory/datafactories/tables/delete | Deletes any Dataset. |
Azure service: [Data Factory](../data-factory/index.yml)
> | Microsoft.DataFactory/factories/privateEndpointConnections/write | Create or Update Private Endpoint Connection. | > | Microsoft.DataFactory/factories/privateEndpointConnections/delete | Delete Private Endpoint Connection. | > | Microsoft.DataFactory/factories/privateLinkResources/read | Read Private Link Resource. |
+> | Microsoft.DataFactory/factories/providers/Microsoft.Insights/diagnosticSettings/read | Gets the diagnostic setting for the resource |
+> | Microsoft.DataFactory/factories/providers/Microsoft.Insights/diagnosticSettings/write | Creates or updates the diagnostic setting for the resource |
+> | Microsoft.DataFactory/factories/providers/Microsoft.Insights/logDefinitions/read | Gets the available logs for factories |
+> | Microsoft.DataFactory/factories/providers/Microsoft.Insights/metricDefinitions/read | Gets the available metrics for factories |
> | Microsoft.DataFactory/factories/queryFeaturesValue/read | Reads exposure control feature values for a list of features. | > | Microsoft.DataFactory/factories/querypipelineruns/read | Reads the Result of Query Pipeline Runs. | > | Microsoft.DataFactory/factories/querytriggerruns/read | Reads the Result of Trigger Runs. |
Azure service: [Azure Cosmos DB](../cosmos-db/index.yml)
> | Microsoft.DocumentDB/databaseAccounts/privateEndpointConnections/delete | Delete a private endpoint connection of a Database Account | > | Microsoft.DocumentDB/databaseAccounts/privateEndpointConnections/operationResults/read | Read Status of privateEndpointConnenctions asynchronous operation | > | Microsoft.DocumentDB/databaseAccounts/privateLinkResources/read | Read a private link resource or list all the private link resources of a Database Account |
+> | Microsoft.DocumentDB/databaseAccounts/providers/Microsoft.Insights/diagnosticSettings/read | Gets the diagnostic setting for the resource |
+> | Microsoft.DocumentDB/databaseAccounts/providers/Microsoft.Insights/diagnosticSettings/write | Creates or updates the diagnostic setting for the resource |
+> | Microsoft.DocumentDB/databaseAccounts/providers/Microsoft.Insights/logDefinitions/read | Gets the available log catageries for Database Account |
+> | Microsoft.DocumentDB/databaseAccounts/providers/Microsoft.Insights/metricDefinitions/read | Gets the available metrics for the database Account |
> | Microsoft.DocumentDB/databaseAccounts/readonlykeys/read | Reads the database account readonly keys. | > | Microsoft.DocumentDB/databaseAccounts/region/databases/collections/metrics/read | Reads the regional collection metrics. | > | Microsoft.DocumentDB/databaseAccounts/region/databases/collections/partitionKeyRangeId/metrics/read | Read regional database account partition key level metrics |
Azure service: [Azure SQL Database](../azure-sql/database/index.yml), [Azure SQL
> | Microsoft.Sql/instancePools/write | Creates or updates an instance pool | > | Microsoft.Sql/instancePools/delete | Deletes an instance pool | > | Microsoft.Sql/instancePools/usages/read | Gets an instance pool's usage info |
+> | Microsoft.Sql/locations/deleteVirtualNetworkOrSubnets/action | Deletes Virtual network rules associated to a virtual network or subnet |
> | Microsoft.Sql/locations/read | Gets the available locations for a given subscription | > | Microsoft.Sql/locations/administratorAzureAsyncOperation/read | Gets the Managed instance azure async administrator operations result. | > | Microsoft.Sql/locations/administratorOperationResults/read | Gets the Managed instance administrator operations result. |
Azure service: [Azure Analysis Services](../analysis-services/index.yml)
> | Microsoft.AnalysisServices/servers/suspend/action | Suspends the Analysis Server. | > | Microsoft.AnalysisServices/servers/resume/action | Resumes the Analysis Server. | > | Microsoft.AnalysisServices/servers/listGatewayStatus/action | List the status of the gateway associated with the server. |
+> | Microsoft.AnalysisServices/servers/providers/Microsoft.Insights/diagnosticSettings/read | Gets the diagnostic setting for Analysis Server |
+> | Microsoft.AnalysisServices/servers/providers/Microsoft.Insights/diagnosticSettings/write | Creates or updates the diagnostic setting for Analysis Server |
+> | Microsoft.AnalysisServices/servers/providers/Microsoft.Insights/logDefinitions/read | Gets the available logs for servers |
+> | Microsoft.AnalysisServices/servers/providers/Microsoft.Insights/metricDefinitions/read | Gets the available metrics for Analysis Server |
> | Microsoft.AnalysisServices/servers/skus/read | Retrieve available SKU information for the server | > | Microsoft.AnalysisServices/skus/read | Retrieves the information of Skus |
Azure service: [Data Lake Analytics](../data-lake-analytics/index.yml)
> | Microsoft.DataLakeAnalytics/accounts/firewallRules/write | Create or update a firewall rule. | > | Microsoft.DataLakeAnalytics/accounts/firewallRules/delete | Delete a firewall rule. | > | Microsoft.DataLakeAnalytics/accounts/operationResults/read | Get result of a DataLakeAnalytics account operation. |
+> | Microsoft.DataLakeAnalytics/accounts/providers/Microsoft.Insights/diagnosticSettings/read | Get the diagnostic settings for the DataLakeAnalytics account. |
+> | Microsoft.DataLakeAnalytics/accounts/providers/Microsoft.Insights/diagnosticSettings/write | Create or update the diagnostic settings for the DataLakeAnalytics account. |
+> | Microsoft.DataLakeAnalytics/accounts/providers/Microsoft.Insights/logDefinitions/read | Get the available logs for the DataLakeAnalytics account. |
+> | Microsoft.DataLakeAnalytics/accounts/providers/Microsoft.Insights/metricDefinitions/read | Get the available metrics for the DataLakeAnalytics account. |
> | Microsoft.DataLakeAnalytics/accounts/storageAccounts/read | Get information about a linked Storage account of a DataLakeAnalytics account. | > | Microsoft.DataLakeAnalytics/accounts/storageAccounts/write | Create or update a linked Storage account of a DataLakeAnalytics account. | > | Microsoft.DataLakeAnalytics/accounts/storageAccounts/delete | Unlink a Storage account from a DataLakeAnalytics account. |
Azure service: [Azure Data Lake Store](../storage/blobs/data-lake-storage-introd
> | Microsoft.DataLakeStore/accounts/firewallRules/delete | Delete a firewall rule. | > | Microsoft.DataLakeStore/accounts/mountpoints/read | Get information about a mount point. | > | Microsoft.DataLakeStore/accounts/operationResults/read | Get result of a DataLakeStore account operation. |
+> | Microsoft.DataLakeStore/accounts/providers/Microsoft.Insights/diagnosticSettings/read | Get the diagnostic settings for the DataLakeStore account. |
+> | Microsoft.DataLakeStore/accounts/providers/Microsoft.Insights/diagnosticSettings/write | Create or update the diagnostic settings for the DataLakeStore account. |
+> | Microsoft.DataLakeStore/accounts/providers/Microsoft.Insights/logDefinitions/read | Get the available logs for the DataLakeStore account. |
+> | Microsoft.DataLakeStore/accounts/providers/Microsoft.Insights/metricDefinitions/read | Get the available metrics for the DataLakeStore account. |
> | Microsoft.DataLakeStore/accounts/shares/read | Get information about a share. | > | Microsoft.DataLakeStore/accounts/shares/write | Create or update a share. | > | Microsoft.DataLakeStore/accounts/shares/delete | Delete a share. |
Azure service: [Azure Data Lake Store](../storage/blobs/data-lake-storage-introd
> | Microsoft.DataLakeStore/accounts/virtualNetworkRules/write | Create or update a virtual network rule. | > | Microsoft.DataLakeStore/accounts/virtualNetworkRules/delete | Delete a virtual network rule. | > | Microsoft.DataLakeStore/locations/checkNameAvailability/action | Check availability of a DataLakeStore account name. |
+> | Microsoft.DataLakeStore/locations/deleteVirtualNetworkOrSubnets/action | Delete Virtual Network or Subnets across DataLakeStore Accounts. |
> | Microsoft.DataLakeStore/locations/capability/read | Get capability information of a subscription regarding using DataLakeStore. | > | Microsoft.DataLakeStore/locations/operationResults/read | Get result of a DataLakeStore account operation. | > | Microsoft.DataLakeStore/locations/usages/read | Get quota usages information of a subscription regarding using DataLakeStore. |
Azure service: [Azure Data Explorer](/azure/data-explorer/)
> | Microsoft.Kusto/Clusters/PrivateEndpointConnections/read | Reads a private endpoint connection | > | Microsoft.Kusto/Clusters/PrivateEndpointConnections/write | Writes a private endpoint connection | > | Microsoft.Kusto/Clusters/PrivateLinkResources/read | Reads private link resources |
+> | Microsoft.Kusto/Clusters/providers/Microsoft.Insights/diagnosticSettings/read | Gets the diagnostic settings for the resource |
+> | Microsoft.Kusto/Clusters/providers/Microsoft.Insights/diagnosticSettings/write | Creates or updates the diagnostic setting for the resource |
+> | Microsoft.Kusto/Clusters/providers/Microsoft.Insights/logDefinitions/read | Gets the diagnostic logs settings for the resource |
+> | Microsoft.Kusto/Clusters/providers/Microsoft.Insights/metricDefinitions/read | Gets the metric definitions of the resource |
> | Microsoft.Kusto/Clusters/SKUs/read | Reads a cluster SKU resource. | > | Microsoft.Kusto/Clusters/SKUs/PrivateEndpointConnectionProxyValidation/action | Validates a private endpoint connection proxy | > | Microsoft.Kusto/Deployments/Preflight/action | Run a Preflight operation |
Azure service: [Power BI Embedded](/azure/power-bi-embedded/)
> | Microsoft.PowerBIDedicated/capacities/delete | Deletes the Power BI capacity. | > | Microsoft.PowerBIDedicated/capacities/suspend/action | Suspends the Capacity. | > | Microsoft.PowerBIDedicated/capacities/resume/action | Resumes the Capacity. |
+> | Microsoft.PowerBIDedicated/capacities/providers/Microsoft.Insights/diagnosticSettings/read | Gets the diagnostic setting for the resource |
+> | Microsoft.PowerBIDedicated/capacities/providers/Microsoft.Insights/diagnosticSettings/write | Creates or updates the diagnostic setting for the resource |
+> | Microsoft.PowerBIDedicated/capacities/providers/Microsoft.Insights/logDefinitions/read | Gets the available logs for Power BI Dedicated Capacities |
+> | Microsoft.PowerBIDedicated/capacities/providers/Microsoft.Insights/metricDefinitions/read | Gets the available metrics for Power BI capacity. |
> | Microsoft.PowerBIDedicated/capacities/skus/read | Retrieve available SKU information for the capacity | > | Microsoft.PowerBIDedicated/locations/checkNameAvailability/action | Checks that given Power BI Dedicated resource name is valid and not in use. | > | Microsoft.PowerBIDedicated/locations/checkNameAvailability/action | Checks that given Power BI Dedicated resource name is valid and not in use. |
Azure service: [Azure Purview](../purview/index.yml)
> | Microsoft.Purview/accounts/privateEndpointConnections/read | Read Private Endpoint Connection. | > | Microsoft.Purview/accounts/privateEndpointConnections/write | Create or update Private Endpoint Connection. | > | Microsoft.Purview/accounts/privateEndpointConnections/delete | Delete Private Endpoint Connection. |
+> | Microsoft.Purview/accounts/providers/Microsoft.Insights/diagnosticSettings/read | Gets the diagnostic setting for the resource. |
+> | Microsoft.Purview/accounts/providers/Microsoft.Insights/diagnosticSettings/write | Creates or updates the diagnostic setting for the resource. |
+> | Microsoft.Purview/accounts/providers/Microsoft.Insights/logDefinitions/read | Gets the available logs for the catalog. |
+> | Microsoft.Purview/accounts/providers/Microsoft.Insights/metricDefinitions/read | Gets the available metrics for the catalog. |
> | Microsoft.Purview/getDefaultAccount/read | Gets the default account for the scope. | > | Microsoft.Purview/locations/operationResults/read | Monitor async operations. | > | Microsoft.Purview/operations/read | Reads all available operations for Microsoft Purview provider. |
Azure service: [Azure Synapse Analytics](../synapse-analytics/index.yml)
> | Microsoft.Synapse/locations/operationResults/read | Read any Async Operation Result. | > | Microsoft.Synapse/locations/operationStatuses/read | Read any Async Operation Status. | > | Microsoft.Synapse/operations/read | Read Available Operations from the Azure Synapse Analytics Resource Provider. |
+> | Microsoft.Synapse/privateEndpoints/notify/action | Notify Private Endpoint movement |
> | Microsoft.Synapse/privateLinkHubs/write | Create any PrivateLinkHubs. | > | Microsoft.Synapse/privateLinkHubs/read | Read any PrivateLinkHubs. | > | Microsoft.Synapse/privateLinkHubs/delete | Delete PrivateLinkHubs. |
+> | Microsoft.Synapse/privateLinkHubs/privateEndpointConnectionProxies/validate/action | Validates Private Endpoint Connection for PrivateLinkHub Proxy |
+> | Microsoft.Synapse/privateLinkHubs/privateEndpointConnectionProxies/write | Create or Update Private Endpoint Connection for PrivateLinkHub Proxy |
+> | Microsoft.Synapse/privateLinkHubs/privateEndpointConnectionProxies/read | Read any Private Endpoint Connection Proxy |
+> | Microsoft.Synapse/privateLinkHubs/privateEndpointConnectionProxies/delete | Delete Private Endpoint Connection for PrivateLinkHub Proxy |
+> | Microsoft.Synapse/privateLinkHubs/privateEndpointConnectionProxies/updatePrivateEndpointProperties/action | Updates the Private Endpoint Connection Proxy properties for Private Link Hub |
> | Microsoft.Synapse/privateLinkHubs/privateEndpointConnections/write | Create or Update Private Endpoint Connection for PrivateLinkHub | > | Microsoft.Synapse/privateLinkHubs/privateEndpointConnections/read | Read any Private Endpoint Connection for PrivateLinkHub | > | Microsoft.Synapse/privateLinkHubs/privateEndpointConnections/delete | Delete Private Endpoint Connection for PrivateLinkHub | > | Microsoft.Synapse/privateLinkHubs/privateLinkResources/read | Get a list of Private Link Resources | > | Microsoft.Synapse/resourceGroups/operationStatuses/read | Read any Async Operation Status. | > | Microsoft.Synapse/SKUs/read | Reads a SKU resource. |
+> | Microsoft.Synapse/userAssignedIdentities/notify/action | Notify user assigned identity deletion |
> | Microsoft.Synapse/workspaces/replaceAllIpFirewallRules/action | Replaces all Ip Firewall Rules for the Workspace. | > | Microsoft.Synapse/workspaces/write | Create or Update any Workspaces. | > | Microsoft.Synapse/workspaces/read | Read any Workspaces. |
Azure service: [Azure Synapse Analytics](../synapse-analytics/index.yml)
> | Microsoft.Synapse/workspaces/bigDataPools/write | Create or Update any Spark pools. | > | Microsoft.Synapse/workspaces/bigDataPools/read | Read any Spark pools. | > | Microsoft.Synapse/workspaces/bigDataPools/delete | Delete any Spark pools. |
+> | Microsoft.Synapse/workspaces/bigDataPools/providers/Microsoft.Insights/diagnosticSettings/read | Gets the diagnostic settings for a Big Data Pool |
+> | Microsoft.Synapse/workspaces/bigDataPools/providers/Microsoft.Insights/diagnosticSettings/write | Creates or updates the diagnostic settings for a Big Data Pool |
+> | Microsoft.Synapse/workspaces/bigDataPools/providers/Microsoft.Insights/logdefinitions/read | Gets the log definitions for a Big Data Pool |
+> | Microsoft.Synapse/workspaces/bigDataPools/providers/Microsoft.Insights/metricDefinitions/read | Gets the available metrics for Big Data Pools |
> | Microsoft.Synapse/workspaces/extendedAuditingSettings/write | Create or Update SQL server extended auditing settings. | > | Microsoft.Synapse/workspaces/extendedAuditingSettings/read | Read default SQL server extended auditing settings. | > | Microsoft.Synapse/workspaces/firewallRules/write | Create or update any IP Firewall Rule. |
Azure service: [Azure Synapse Analytics](../synapse-analytics/index.yml)
> | Microsoft.Synapse/workspaces/kustoPools/PrivateEndpointConnectionProxies/write | Writes a private endpoint connection proxy | > | Microsoft.Synapse/workspaces/kustoPools/PrivateEndpointConnectionProxies/delete | Deletes a private endpoint connection proxy | > | Microsoft.Synapse/workspaces/kustoPools/PrivateLinkResources/read | Reads private link resources |
+> | Microsoft.Synapse/workspaces/kustoPools/providers/Microsoft.Insights/diagnosticSettings/read | Gets the diagnostic settings for the resource |
+> | Microsoft.Synapse/workspaces/kustoPools/providers/Microsoft.Insights/diagnosticSettings/write | Creates or updates the diagnostic setting for the resource |
+> | Microsoft.Synapse/workspaces/kustoPools/providers/Microsoft.Insights/logDefinitions/read | Gets the diagnostic logs settings for the resource |
+> | Microsoft.Synapse/workspaces/kustoPools/providers/Microsoft.Insights/metricDefinitions/read | Gets the metric definitions of the resource |
> | Microsoft.Synapse/workspaces/kustoPools/SKUs/read | Reads a cluster SKU resource. | > | Microsoft.Synapse/workspaces/libraries/read | Read Library Artifacts | > | Microsoft.Synapse/workspaces/managedIdentitySqlControlSettings/write | Update Managed Identity SQL Control Settings on the workspace | > | Microsoft.Synapse/workspaces/managedIdentitySqlControlSettings/read | Get Managed Identity SQL Control Settings | > | Microsoft.Synapse/workspaces/operationResults/read | Read any Async Operation Result. | > | Microsoft.Synapse/workspaces/operationStatuses/read | Read any Async Operation Status. |
+> | Microsoft.Synapse/workspaces/privateEndpointConnectionProxies/validate/action | Validates Private Endpoint Connection Proxy |
+> | Microsoft.Synapse/workspaces/privateEndpointConnectionProxies/write | Create or Update Private Endpoint Connection Proxy |
+> | Microsoft.Synapse/workspaces/privateEndpointConnectionProxies/read | Read any Private Endpoint Connection Proxy |
+> | Microsoft.Synapse/workspaces/privateEndpointConnectionProxies/delete | Delete Private Endpoint Connection Proxy |
+> | Microsoft.Synapse/workspaces/privateEndpointConnectionProxies/updatePrivateEndpointProperties/action | Updates the Private Endpoint Connection Proxy properties. |
> | Microsoft.Synapse/workspaces/privateEndpointConnections/write | Create or Update Private Endpoint Connection | > | Microsoft.Synapse/workspaces/privateEndpointConnections/read | Read any Private Endpoint Connection | > | Microsoft.Synapse/workspaces/privateEndpointConnections/delete | Delete Private Endpoint Connection | > | Microsoft.Synapse/workspaces/PrivateEndpointConnections/read | Reads a private endpoint connection | > | Microsoft.Synapse/workspaces/PrivateEndpointConnections/write | Writes a private endpoint connection | > | Microsoft.Synapse/workspaces/privateLinkResources/read | Get a list of Private Link Resources |
+> | Microsoft.Synapse/workspaces/providers/Microsoft.Insights/diagnosticSettings/read | Gets the diagnostic settings for a Workspace |
+> | Microsoft.Synapse/workspaces/providers/Microsoft.Insights/diagnosticSettings/write | Creates or updates the diagnostic settings for a Workspace |
+> | Microsoft.Synapse/workspaces/providers/Microsoft.Insights/logDefinitions/read | Gets the log definitions for Synapse Workspaces |
+> | Microsoft.Synapse/workspaces/providers/Microsoft.Insights/metricDefinitions/read | Gets the metric definitions for Workspaces |
> | Microsoft.Synapse/workspaces/recoverableSqlpools/read | Gets recoverable SQL Analytics Pools, which are the resources representing geo backups of SQL Analytics Pools | > | Microsoft.Synapse/workspaces/restorableDroppedSqlPools/read | Gets a deleted Sql pool that can be restored | > | Microsoft.Synapse/workspaces/scopePools/write | Create or Update any Scope pools. |
Azure service: [Azure Synapse Analytics](../synapse-analytics/index.yml)
> | Microsoft.Synapse/workspaces/sqlPools/operationResults/read | Read any Async Operation Result. | > | Microsoft.Synapse/workspaces/sqlPools/operations/read | Read any SQL Analytics pool Operations. | > | Microsoft.Synapse/workspaces/sqlPools/operationStatuses/read | Read any Async Operation Result. |
+> | Microsoft.Synapse/workspaces/sqlPools/providers/Microsoft.Insights/diagnosticSettings/read | Gets the diagnostic settings for a SQL Pool |
+> | Microsoft.Synapse/workspaces/sqlPools/providers/Microsoft.Insights/diagnosticSettings/write | Creates or updates the diagnostic settings for a SQL Pool |
+> | Microsoft.Synapse/workspaces/sqlPools/providers/Microsoft.Insights/logdefinitions/read | Gets the log definitions for a SQL Pool |
+> | Microsoft.Synapse/workspaces/sqlPools/providers/Microsoft.Insights/metricDefinitions/read | Gets the available metrics for SQL Pools |
> | Microsoft.Synapse/workspaces/sqlPools/recommendedSensitivityLabels/read | Read any SQL Analytics pool Recommended Sensitivity Labels. | > | Microsoft.Synapse/workspaces/sqlPools/recommendedSensitivityLabels/write | Batch update recommended sensitivity labels | > | Microsoft.Synapse/workspaces/sqlPools/replicationLinks/read | Read any SQL Analytics pool Replication Links. |
Azure service: [Azure Blockchain Service](../blockchain/workbench/index.yml)
> | Microsoft.Blockchain/blockchainMembers/write | Creates or Updates a Blockchain Member. | > | Microsoft.Blockchain/blockchainMembers/delete | Deletes an existing Blockchain Member. | > | Microsoft.Blockchain/blockchainMembers/listApiKeys/action | Gets or Lists existing Blockchain Member API keys. |
+> | Microsoft.Blockchain/blockchainMembers/providers/Microsoft.Insights/diagnosticSettings/read | Gets the diagnostic setting for the resource |
+> | Microsoft.Blockchain/blockchainMembers/providers/Microsoft.Insights/diagnosticSettings/write | Creates or updates the diagnostic setting for the resource |
+> | Microsoft.Blockchain/blockchainMembers/providers/Microsoft.Insights/logDefinitions/read | Gets the available logs for Microsoft Blockchain |
+> | Microsoft.Blockchain/blockchainMembers/providers/Microsoft.Insights/metricDefinitions/read | Gets the available metrics for Microsoft Blockchain |
> | Microsoft.Blockchain/blockchainMembers/transactionNodes/read | Gets or Lists existing Blockchain Member Transaction Node(s). | > | Microsoft.Blockchain/blockchainMembers/transactionNodes/write | Creates or Updates a Blockchain Member Transaction Node. | > | Microsoft.Blockchain/blockchainMembers/transactionNodes/delete | Deletes an existing Blockchain Member Transaction Node. |
Azure service: [Azure Blockchain Service](../blockchain/workbench/index.yml)
> | Microsoft.Blockchain/cordaMembers/read | Gets or Lists existing Blockchain Corda Member(s). | > | Microsoft.Blockchain/cordaMembers/write | Creates or Updates a Blockchain Corda Member. | > | Microsoft.Blockchain/cordaMembers/delete | Deletes an existing Blockchain Corda Member. |
+> | Microsoft.Blockchain/cordaMembers/providers/Microsoft.Insights/diagnosticSettings/read | Gets the diagnostic setting for the resource |
+> | Microsoft.Blockchain/cordaMembers/providers/Microsoft.Insights/diagnosticSettings/write | Creates or updates the diagnostic setting for the resource |
+> | Microsoft.Blockchain/cordaMembers/providers/Microsoft.Insights/logDefinitions/read | Gets the available logs for Microsoft Blockchain |
> | Microsoft.Blockchain/locations/checkNameAvailability/action | Checks that resource name is valid and is not in use. | > | Microsoft.Blockchain/locations/blockchainMemberOperationResults/read | Gets the Operation Results of Blockchain Members. | > | Microsoft.Blockchain/operations/read | List all Operations in Microsoft Blockchain Resource Provider. |
Azure service: [Cognitive Services](../cognitive-services/index.yml)
> | Microsoft.CognitiveServices/accounts/privateEndpointConnections/write | Writes a private endpoint connections. | > | Microsoft.CognitiveServices/accounts/privateEndpointConnections/delete | Deletes a private endpoint connections. | > | Microsoft.CognitiveServices/accounts/privateLinkResources/read | Reads private link resources for an account. |
+> | Microsoft.CognitiveServices/accounts/providers/Microsoft.Insights/diagnosticSettings/read | Gets the diagnostic setting for the resource. |
+> | Microsoft.CognitiveServices/accounts/providers/Microsoft.Insights/diagnosticSettings/write | Creates or updates the diagnostic setting for the resource. |
+> | Microsoft.CognitiveServices/accounts/providers/Microsoft.Insights/logDefinitions/read | Gets the available logs for Cognitive Services account |
+> | Microsoft.CognitiveServices/accounts/providers/Microsoft.Insights/metricDefinitions/read | Gets the available metrics for Cognitive Services. |
> | Microsoft.CognitiveServices/accounts/skus/read | Reads available SKUs for an existing resource. | > | Microsoft.CognitiveServices/accounts/usages/read | Get the quota usage for an existing resource. |
+> | Microsoft.CognitiveServices/deletedAccounts/read | List deleted accounts. |
+> | Microsoft.CognitiveServices/deletedAccounts/read | List deleted accounts. |
> | Microsoft.CognitiveServices/locations/checkSkuAvailability/action | Reads available SKUs for a subscription. | > | Microsoft.CognitiveServices/locations/checkSkuAvailability/action | Reads available SKUs for a subscription. | > | Microsoft.CognitiveServices/locations/deleteVirtualNetworkOrSubnets/action | Notification from Microsoft.Network of deleting VirtualNetworks or Subnets. |
Azure service: [Cognitive Services](../cognitive-services/index.yml)
> | Microsoft.CognitiveServices/locations/deleteVirtualNetworkOrSubnets/action | Notification from Microsoft.Network of deleting VirtualNetworks or Subnets. | > | Microsoft.CognitiveServices/locations/checkSkuAvailability/action | Reads available SKUs for a subscription. | > | Microsoft.CognitiveServices/locations/deleteVirtualNetworkOrSubnets/action | Notification from Microsoft.Network of deleting VirtualNetworks or Subnets. |
+> | Microsoft.CognitiveServices/locations/deletedAccounts/read | Get deleted account. |
+> | Microsoft.CognitiveServices/locations/deletedAccounts/purge/action | Purge deleted account. |
+> | Microsoft.CognitiveServices/locations/deletedAccounts/read | Get deleted account. |
+> | Microsoft.CognitiveServices/locations/deletedAccounts/purge/action | Purge deleted account. |
+> | Microsoft.CognitiveServices/locations/deletedAccounts/read | Get deleted account. |
+> | Microsoft.CognitiveServices/locations/deletedAccounts/purge/action | Purge deleted account. |
+> | Microsoft.CognitiveServices/locations/deletedAccounts/read | Get deleted account. |
+> | Microsoft.CognitiveServices/locations/deletedAccounts/purge/action | Purge deleted account. |
> | Microsoft.CognitiveServices/locations/operationresults/read | Read the status of an asynchronous operation. | > | Microsoft.CognitiveServices/Operations/read | List all available operations |
+> | Microsoft.CognitiveServices/skus/read | Reads available SKUs for Cognitive Services. |
+> | Microsoft.CognitiveServices/skus/read | Reads available SKUs for Cognitive Services. |
+> | Microsoft.CognitiveServices/skus/read | Reads available SKUs for Cognitive Services. |
+> | Microsoft.CognitiveServices/skus/read | Reads available SKUs for Cognitive Services. |
+> | Microsoft.CognitiveServices/skus/read | Reads available SKUs for Cognitive Services. |
> | **DataAction** | **Description** | > | Microsoft.CognitiveServices/accounts/AnomalyDetector/multivariate/models/write | Create and train a multivariate anomaly detection model.<br>The request must include a source parameter to indicate an externally accessible Azure storage Uri (preferably a Shared Access Signature Uri).<br>All time-series used in generate the model must be zipped into one single file.<br>Each time-series will be in a single CSV file in which the first column is timestamp and the second column is value. | > | Microsoft.CognitiveServices/accounts/AnomalyDetector/multivariate/models/delete | Delete an existing multivariate model according to the modelId |
Azure service: [Machine Learning Service](../machine-learning/index.yml)
> | Action | Description | > | | | > | Microsoft.MachineLearningServices/register/action | Registers the subscription for the Machine Learning Services Resource Provider |
+> | Microsoft.MachineLearningServices/locations/deleteVirtualNetworkOrSubnets/action | Deleted the references to virtual networks/subnets associated with Machine Learning Service Workspaces. |
> | Microsoft.MachineLearningServices/locations/updateQuotas/action | Update quota for each VM family at a subscription or a workspace level. |
+> | Microsoft.MachineLearningServices/locations/computeoperationsstatus/read | Gets the status of a particular compute operation |
> | Microsoft.MachineLearningServices/locations/quotas/read | Gets the currently assigned Workspace Quotas based on VMFamily. | > | Microsoft.MachineLearningServices/locations/usages/read | Usage report for aml compute resources in a subscription | > | Microsoft.MachineLearningServices/locations/vmsizes/read | Get supported vm sizes |
+> | Microsoft.MachineLearningServices/locations/workspaceOperationsStatus/read | Gets the status of a particular workspace operation |
> | Microsoft.MachineLearningServices/operations/read | Get all the operations for the Machine Learning Services Resource Provider | > | Microsoft.MachineLearningServices/virtualclusters/read | Gets the Machine Learning Services Virtual Cluster(s) | > | Microsoft.MachineLearningServices/virtualclusters/write | Creates or updates a Machine Learning Services Virtual Cluster(s) |
Azure service: [Machine Learning Service](../machine-learning/index.yml)
> | Microsoft.MachineLearningServices/workspaces/listKeys/action | List secrets for a Machine Learning Services Workspace | > | Microsoft.MachineLearningServices/workspaces/resynckeys/action | Resync secrets for a Machine Learning Services Workspace | > | Microsoft.MachineLearningServices/workspaces/listStorageAccountKeys/action | List Storage Account keys for a Machine Learning Services Workspace |
+> | Microsoft.MachineLearningServices/workspaces/privateEndpointConnectionsApproval/action | Approve or reject a connection to a Private Endpoint resource of Microsoft.Network provider |
> | Microsoft.MachineLearningServices/workspaces/batchEndpoints/read | Gets batch inference endpoints in Machine Learning Services Workspace(s) | > | Microsoft.MachineLearningServices/workspaces/batchEndpoints/write | Creates or updates batch inference endpoint in Machine Learning Services Workspace(s) | > | Microsoft.MachineLearningServices/workspaces/batchEndpoints/delete | Deletes batch inference endpoint in Machine Learning Services Workspace(s) |
Azure service: [Machine Learning Service](../machine-learning/index.yml)
> | Microsoft.MachineLearningServices/workspaces/batchEndpoints/jobs/read | Reads job in batch inference endpoint in Machine Learning Services Workspace(s) | > | Microsoft.MachineLearningServices/workspaces/batchEndpoints/jobs/write | Creates or updates job in batch inference endpoint in Machine Learning Services Workspace(s) | > | Microsoft.MachineLearningServices/workspaces/batchEndpoints/jobs/delete | Deletes job in batch inference endpoint in Machine Learning Services Workspace(s) |
+> | Microsoft.MachineLearningServices/workspaces/codes/read | Reads Code in Machine Learning Services Workspace(s) |
+> | Microsoft.MachineLearningServices/workspaces/codes/write | Create or Update Code in Machine Learning Services Workspace(s) |
+> | Microsoft.MachineLearningServices/workspaces/codes/delete | Deletes Code in Machine Learning Services Workspace(s) |
+> | Microsoft.MachineLearningServices/workspaces/codes/versions/read | Reads Code Versions in Machine Learning Services Workspace(s) |
+> | Microsoft.MachineLearningServices/workspaces/codes/versions/write | Create or Update Code Versions in Machine Learning Services Workspace(s) |
+> | Microsoft.MachineLearningServices/workspaces/codes/versions/delete | Deletes Code Versions in Machine Learning Services Workspace(s) |
> | Microsoft.MachineLearningServices/workspaces/computes/read | Gets the compute resources in Machine Learning Services Workspace(s) | > | Microsoft.MachineLearningServices/workspaces/computes/write | Creates or updates the compute resources in Machine Learning Services Workspace(s) | > | Microsoft.MachineLearningServices/workspaces/computes/delete | Deletes the compute resources in Machine Learning Services Workspace(s) |
Azure service: [Machine Learning Service](../machine-learning/index.yml)
> | Microsoft.MachineLearningServices/workspaces/connections/read | Gets the Machine Learning Services Workspace connection(s) | > | Microsoft.MachineLearningServices/workspaces/connections/write | Creates or updates a Machine Learning Services connection(s) | > | Microsoft.MachineLearningServices/workspaces/connections/delete | Deletes the Machine Learning Services connection(s) |
+> | Microsoft.MachineLearningServices/workspaces/data/read | Reads Data container in Machine Learning Services Workspace(s) |
+> | Microsoft.MachineLearningServices/workspaces/data/delete | Deletes Data container in Machine Learning Services Workspace(s) |
+> | Microsoft.MachineLearningServices/workspaces/data/versions/read | Reads Data Versions in Machine Learning Services Workspace(s) |
+> | Microsoft.MachineLearningServices/workspaces/data/versions/write | Create or Update Data Versions in Machine Learning Services Workspace(s) |
+> | Microsoft.MachineLearningServices/workspaces/data/versions/delete | Deletes Data Versions in Machine Learning Services Workspace(s) |
> | Microsoft.MachineLearningServices/workspaces/datadriftdetectors/read | Gets data drift detectors in Machine Learning Services Workspace(s) | > | Microsoft.MachineLearningServices/workspaces/datadriftdetectors/write | Creates or updates data drift detectors in Machine Learning Services Workspace(s) | > | Microsoft.MachineLearningServices/workspaces/datadriftdetectors/delete | Deletes data drift detectors in Machine Learning Services Workspace(s) |
Azure service: [Machine Learning Service](../machine-learning/index.yml)
> | Microsoft.MachineLearningServices/workspaces/environments/versions/write | Creates or updates environment versions in Machine Learning Services Workspace(s) | > | Microsoft.MachineLearningServices/workspaces/environments/versions/delete | Delete environment version in Machine Learning Services Workspace(s) | > | Microsoft.MachineLearningServices/workspaces/eventGridFilters/read | Get an Event Grid filter for a particular workspace |
+> | Microsoft.MachineLearningServices/workspaces/eventGridFilters/write | Create or update an Event Grid filter for a particular workspace |
+> | Microsoft.MachineLearningServices/workspaces/eventGridFilters/delete | Delete an Event Grid filter for a particular workspace |
> | Microsoft.MachineLearningServices/workspaces/experiments/read | Gets experiments in Machine Learning Services Workspace(s) | > | Microsoft.MachineLearningServices/workspaces/experiments/write | Creates or updates experiments in Machine Learning Services Workspace(s) | > | Microsoft.MachineLearningServices/workspaces/experiments/delete | Deletes experiments in Machine Learning Services Workspace(s) |
Azure service: [Machine Learning Service](../machine-learning/index.yml)
> | Microsoft.MachineLearningServices/workspaces/experiments/runs/write | Creates or updates runs in Machine Learning Services Workspace(s) | > | Microsoft.MachineLearningServices/workspaces/experiments/runs/delete | Deletes runs in Machine Learning Services Workspace(s) | > | Microsoft.MachineLearningServices/workspaces/features/read | Gets all enabled features for a Machine Learning Services Workspace |
+> | Microsoft.MachineLearningServices/workspaces/jobs/read | Reads Jobs in Machine Learning Services Workspace(s) |
+> | Microsoft.MachineLearningServices/workspaces/jobs/write | Create or Update Jobs in Machine Learning Services Workspace(s) |
+> | Microsoft.MachineLearningServices/workspaces/jobs/delete | Deletes Jobs in Machine Learning Services Workspace(s) |
+> | Microsoft.MachineLearningServices/workspaces/jobs/cancel/action | Cancel Jobs in Machine Learning Services Workspace(s) |
+> | Microsoft.MachineLearningServices/workspaces/jobs/operationresults/read | Reads Jobs in Machine Learning Services Workspace(s) |
> | Microsoft.MachineLearningServices/workspaces/labeling/export/action | Export labels of labeling projects in Machine Learning Services Workspace(s) | > | Microsoft.MachineLearningServices/workspaces/labeling/labels/read | Gets labels of labeling projects in Machine Learning Services Workspace(s) | > | Microsoft.MachineLearningServices/workspaces/labeling/labels/write | Creates labels of labeling projects in Machine Learning Services Workspace(s) |
Azure service: [Machine Learning Service](../machine-learning/index.yml)
> | Microsoft.MachineLearningServices/workspaces/models/write | Creates or updates models in Machine Learning Services Workspace(s) | > | Microsoft.MachineLearningServices/workspaces/models/delete | Deletes models in Machine Learning Services Workspace(s) | > | Microsoft.MachineLearningServices/workspaces/models/package/action | Packages models in Machine Learning Services Workspace(s) |
+> | Microsoft.MachineLearningServices/workspaces/models/versions/read | Reads Model Versions in Machine Learning Services Workspace(s) |
+> | Microsoft.MachineLearningServices/workspaces/models/versions/write | Create or Update Model Versions in Machine Learning Services Workspace(s) |
+> | Microsoft.MachineLearningServices/workspaces/models/versions/delete | Deletes Model Versions in Machine Learning Services Workspace(s) |
> | Microsoft.MachineLearningServices/workspaces/modules/read | Gets modules in Machine Learning Services Workspace(s) | > | Microsoft.MachineLearningServices/workspaces/modules/write | Creates or updates module in Machine Learning Services Workspace(s) | > | Microsoft.MachineLearningServices/workspaces/notebooks/samples/read | Gets the sample notebooks |
Azure service: [Machine Learning Service](../machine-learning/index.yml)
> | Microsoft.MachineLearningServices/workspaces/notebooks/vm/read | Gets the Notebook VMs for a particular workspace | > | Microsoft.MachineLearningServices/workspaces/notebooks/vm/write | Change the state of a Notebook VM | > | Microsoft.MachineLearningServices/workspaces/notebooks/vm/delete | Deletes a Notebook VM |
+> | Microsoft.MachineLearningServices/workspaces/onlineEndpoints/read | Gets online inference endpoints in Machine Learning Services Workspace(s) |
+> | Microsoft.MachineLearningServices/workspaces/onlineEndpoints/write | Creates or updates an online inference endpoint in Machine Learning Services Workspace(s) |
+> | Microsoft.MachineLearningServices/workspaces/onlineEndpoints/delete | Deletes an online inference endpoint in Machine Learning Services Workspace(s) |
+> | Microsoft.MachineLearningServices/workspaces/onlineendpoints/regeneratekeys/action | Regenerate Keys action for Online Endpoint in Machine Learning Services Workspace(s) |
+> | Microsoft.MachineLearningServices/workspaces/onlineEndpoints/score/action | Score Online Endpoints in Machine Learning Services Workspace(s) |
+> | Microsoft.MachineLearningServices/workspaces/onlineendpoints/token/action | Retrieve auth token to score Online Endpoints in Machine Learning Services Workspace(s) |
+> | Microsoft.MachineLearningServices/workspaces/onlineendpoints/listkeys/action | Retrieve auth keys to score Online Endpoints in Machine Learning Services Workspace(s) |
+> | Microsoft.MachineLearningServices/workspaces/onlineEndpoints/checkNameAvailability/read | Checks name for an online inference endpoint in Machine Learning Services Workspace(s) |
+> | Microsoft.MachineLearningServices/workspaces/onlineEndpoints/deployments/read | Gets deployments in an online inference endpoint in Machine Learning Services Workspace(s) |
+> | Microsoft.MachineLearningServices/workspaces/onlineendpoints/deployments/getlogs/action | Gets deployments Logs in an online inference endpoint in Machine Learning Services Workspace(s) |
+> | Microsoft.MachineLearningServices/workspaces/onlineEndpoints/deployments/write | Creates or updates deployment in an online inference endpoint in Machine Learning Services Workspace(s) |
+> | Microsoft.MachineLearningServices/workspaces/onlineEndpoints/deployments/delete | Deletes a deployment in an online inference endpoint in Machine Learning Services Workspace(s) |
+> | Microsoft.MachineLearningServices/workspaces/onlineEndpoints/deployments/checkNameAvailability/read | Checks name for deployment in online inference endpoint in Machine Learning Services Workspace(s) |
+> | Microsoft.MachineLearningServices/workspaces/onlineendpoints/deployments/operationresults/read | Gets deployments operation Result in an online inference endpoint in Machine Learning Services Workspace(s) |
+> | Microsoft.MachineLearningServices/workspaces/onlineendpoints/deployments/operationsstatus/read | Gets deployments Operations Status in an online inference endpoint in Machine Learning Services Workspace(s) |
+> | Microsoft.MachineLearningServices/workspaces/onlineEndpoints/deployments/skus/read | Gets scale sku settings for a deployment in an online inference endpoint in Machine Learning Services Workspace(s) |
+> | Microsoft.MachineLearningServices/workspaces/onlineendpoints/operationresults/read | Checks Online Endpoint Operation Result for an online inference endpoint in Machine Learning Services Workspace(s) |
+> | Microsoft.MachineLearningServices/workspaces/onlineendpoints/operationsstatus/read | Checks Online Endpoint Operation Status for an online inference endpoint in Machine Learning Services Workspace(s) |
> | Microsoft.MachineLearningServices/workspaces/pipelinedrafts/read | Gets pipeline drafts in Machine Learning Services Workspace(s) | > | Microsoft.MachineLearningServices/workspaces/pipelinedrafts/write | Creates or updates pipeline drafts in Machine Learning Services Workspace(s) | > | Microsoft.MachineLearningServices/workspaces/pipelinedrafts/delete | Deletes pipeline drafts in Machine Learning Services Workspace(s) |
+> | Microsoft.MachineLearningServices/workspaces/privateEndpointConnectionProxies/read | View the state of a connection proxy to a Private Endpoint resource of Microsoft.Network provider |
+> | Microsoft.MachineLearningServices/workspaces/privateEndpointConnectionProxies/write | Change the state of a connection proxy to a Private Endpoint resource of Microsoft.Network provider |
+> | Microsoft.MachineLearningServices/workspaces/privateEndpointConnectionProxies/delete | Delete a connection proxy to a Private Endpoint resource of Microsoft.Network provider |
+> | Microsoft.MachineLearningServices/workspaces/privateEndpointConnectionProxies/validate/action | Validate a connection proxy to a Private Endpoint resource of Microsoft.Network provider |
+> | Microsoft.MachineLearningServices/workspaces/privateEndpointConnections/read | View the state of a connection to a Private Endpoint resource of Microsoft.Network provider |
+> | Microsoft.MachineLearningServices/workspaces/privateEndpointConnections/write | Change the state of a connection to a Private Endpoint resource of Microsoft.Network provider |
+> | Microsoft.MachineLearningServices/workspaces/privateEndpointConnections/delete | Delete a connection to a Private Endpoint resource of Microsoft.Network provider |
+> | Microsoft.MachineLearningServices/workspaces/privateLinkResources/read | Gets the available private link resources for the specified instance of the Machine Learning Services Workspace(s) |
+> | Microsoft.MachineLearningServices/workspaces/providers/Microsoft.Insights/diagnosticSettings/read | Gets the diagnostic setting for the resource |
+> | Microsoft.MachineLearningServices/workspaces/providers/Microsoft.Insights/diagnosticSettings/write | Creates or updates the diagnostic setting for the resource |
+> | Microsoft.MachineLearningServices/workspaces/providers/Microsoft.Insights/logDefinitions/read | Gets the available logs for Azure machine learning workspaces |
+> | Microsoft.MachineLearningServices/workspaces/providers/Microsoft.Insights/metricDefinitions/read | Gets the available metrics for Azure machine learning workspaces |
> | Microsoft.MachineLearningServices/workspaces/reports/read | Gets custom reports in Machine Learning Services Workspace(s) | > | Microsoft.MachineLearningServices/workspaces/reports/write | Creates or updates custom reports in Machine Learning Services Workspace(s) | > | Microsoft.MachineLearningServices/workspaces/reports/delete | Deletes custom reports in Machine Learning Services Workspace(s) |
Azure service: [IoT Central](../iot-central/index.yml)
> | Microsoft.IoTCentral/IoTApps/read | Gets a single IoT Central Application | > | Microsoft.IoTCentral/IoTApps/write | Creates or Updates an IoT Central Applications | > | Microsoft.IoTCentral/IoTApps/delete | Deletes an IoT Central Applications |
+> | Microsoft.IoTCentral/IoTApps/providers/Microsoft.Insights/diagnosticSettings/read | Gets the diagnostic setting for the resource |
+> | Microsoft.IoTCentral/IoTApps/providers/Microsoft.Insights/diagnosticSettings/write | Creates or updates the diagnostic setting for the resource |
+> | Microsoft.IoTCentral/IoTApps/providers/Microsoft.Insights/metricDefinitions/read | Gets all the available Metrics definitions on Azure IoT Central |
> | Microsoft.IoTCentral/operations/read | Gets all the available operations on IoT Central Applications | ### Microsoft.IoTSecurity
Azure service: [IoT security](../iot-fundamentals/iot-security-architecture.md)
> | Microsoft.IoTSecurity/defenderSettings/downloadManagerActivation/action | Download manager activation file | > | Microsoft.IoTSecurity/deviceGroups/read | Gets device group | > | Microsoft.IoTSecurity/devices/read | Get devices |
+> | Microsoft.IoTSecurity/locations/read | Gets location |
> | Microsoft.IoTSecurity/onPremiseSensors/read | Gets on-premise IoT Sensors | > | Microsoft.IoTSecurity/onPremiseSensors/write | Creates or updates on-premise IoT Sensors | > | Microsoft.IoTSecurity/onPremiseSensors/delete | Deletes on-premise IoT Sensors |
Azure service: [Time Series Insights](../time-series-insights/index.yml)
> | Microsoft.TimeSeriesInsights/environments/eventsources/read | Get the properties of an event source. | > | Microsoft.TimeSeriesInsights/environments/eventsources/write | Creates a new event source for an environment, or updates an existing event source. | > | Microsoft.TimeSeriesInsights/environments/eventsources/delete | Deletes the event source. |
+> | Microsoft.TimeSeriesInsights/environments/eventsources/providers/Microsoft.Insights/diagnosticSettings/read | Gets the diagnostic setting for the resource |
+> | Microsoft.TimeSeriesInsights/environments/eventsources/providers/Microsoft.Insights/diagnosticSettings/write | Creates or updates the diagnostic setting for the resource |
+> | Microsoft.TimeSeriesInsights/environments/eventsources/providers/Microsoft.Insights/logDefinitions/read | Gets the available logs for the event source |
+> | Microsoft.TimeSeriesInsights/environments/eventsources/providers/Microsoft.Insights/metricDefinitions/read | Gets the available metrics for eventsources |
+> | Microsoft.TimeSeriesInsights/environments/privateEndpointConnectionProxies/read | Get the properties of a private endpoint connection proxy. |
+> | Microsoft.TimeSeriesInsights/environments/privateEndpointConnectionProxies/write | Creates a new private endpoint connection proxy for an environment, or updates an existing connection proxy. |
+> | Microsoft.TimeSeriesInsights/environments/privateEndpointConnectionProxies/delete | Deletes the private endpoint connection proxy. |
+> | Microsoft.TimeSeriesInsights/environments/privateEndpointConnectionProxies/validate/action | Validate the private endpoint connection proxy object before creation. |
+> | Microsoft.TimeSeriesInsights/environments/privateEndpointConnectionProxies/operationresults/read | Validate the private endpoint connection proxy operation status. |
> | Microsoft.TimeSeriesInsights/environments/privateendpointConnections/read | Get the properties of a private endpoint connection. | > | Microsoft.TimeSeriesInsights/environments/privateendpointConnections/write | Creates a new private endpoint connection for an environment, or updates an existing connection. | > | Microsoft.TimeSeriesInsights/environments/privateendpointConnections/delete | Deletes the private endpoint connection. |
+> | Microsoft.TimeSeriesInsights/environments/providers/Microsoft.Insights/diagnosticSettings/read | Gets the diagnostic setting for the resource |
+> | Microsoft.TimeSeriesInsights/environments/providers/Microsoft.Insights/diagnosticSettings/write | Creates or updates the diagnostic setting for the resource |
+> | Microsoft.TimeSeriesInsights/environments/providers/Microsoft.Insights/logDefinitions/read | Gets the available logs for environments |
+> | Microsoft.TimeSeriesInsights/environments/providers/Microsoft.Insights/metricDefinitions/read | Gets the available metrics for environments |
> | Microsoft.TimeSeriesInsights/environments/referencedatasets/read | Get the properties of a reference data set. | > | Microsoft.TimeSeriesInsights/environments/referencedatasets/write | Creates a new reference data set for an environment, or updates an existing reference data set. | > | Microsoft.TimeSeriesInsights/environments/referencedatasets/delete | Deletes the reference data set. |
Azure service: [API Management](../api-management/index.yml)
> | Microsoft.ApiManagement/service/properties/write | Creates or updates a property. or Updates the specific property. | > | Microsoft.ApiManagement/service/properties/delete | Deletes specific property from the API Management service instance. | > | Microsoft.ApiManagement/service/properties/listSecrets/action | Gets the secrets of the property specified by its identifier. |
+> | Microsoft.ApiManagement/service/providers/Microsoft.Insights/diagnosticSettings/read | Gets the diagnostic setting for ApiManagement service |
+> | Microsoft.ApiManagement/service/providers/Microsoft.Insights/diagnosticSettings/write | Creates or updates the diagnostic setting for ApiManagement service |
+> | Microsoft.ApiManagement/service/providers/Microsoft.Insights/logDefinitions/read | Gets the available logs for API Management service |
+> | Microsoft.ApiManagement/service/providers/Microsoft.Insights/metricDefinitions/read | Gets the available metrics for API Management service |
> | Microsoft.ApiManagement/service/quotas/read | Get values for quota | > | Microsoft.ApiManagement/service/quotas/write | Set quota counter current value | > | Microsoft.ApiManagement/service/quotas/periods/read | Get quota counter value for period |
Azure service: [Azure Stack Edge](../databox-online/azure-stack-edge-overview.md
> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/orders/delete | Deletes the orders | > | Microsoft.DataBoxEdge/dataBoxEdgeDevices/orders/listDCAccessCode/action | ArmApiDesc_action_listDCAccessCode_orders | > | Microsoft.DataBoxEdge/dataBoxEdgeDevices/orders/operationResults/read | Lists or gets the operation result |
+> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/providers/Microsoft.Insights/diagnosticSettings/write | Creates or updates the diagnostics setting for the resource |
+> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/providers/Microsoft.Insights/diagnosticSettings/read | Gets the diagnostic setting for the resource |
+> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/providers/Microsoft.Insights/metricDefinitions/read | Gets the available Data Box Edge device level metrics |
> | Microsoft.DataBoxEdge/dataBoxEdgeDevices/roles/read | Lists or gets the roles | > | Microsoft.DataBoxEdge/dataBoxEdgeDevices/roles/read | Lists or gets the roles | > | Microsoft.DataBoxEdge/dataBoxEdgeDevices/roles/write | Creates or updates the roles |
Azure service: [Azure Active Directory Domain Services](../active-directory-doma
> | Microsoft.AAD/domainServices/oucontainer/write | Write Ou Container | > | Microsoft.AAD/domainServices/oucontainer/delete | Delete Ou Container | > | Microsoft.AAD/domainServices/OutboundNetworkDependenciesEndpoints/read | Get the network endpoints of all outbound dependencies |
+> | Microsoft.AAD/domainServices/providers/Microsoft.Insights/diagnosticSettings/read | Gets the diagnostic setting for Domain Service |
+> | Microsoft.AAD/domainServices/providers/Microsoft.Insights/diagnosticSettings/write | Creates or updates the diagnostic setting for the Domain Service resource |
+> | Microsoft.AAD/domainServices/providers/Microsoft.Insights/logDefinitions/read | Gets the available logs for Domain Service |
> | Microsoft.AAD/locations/operationresults/read | | > | Microsoft.AAD/Operations/read | |
Azure service: Azure Active Directory
> | microsoft.aadiam/azureADMetrics/read | Read Azure AD Metrics Definition | > | microsoft.aadiam/azureADMetrics/write | Create and Update Azure AD Metrics Definition | > | microsoft.aadiam/azureADMetrics/delete | Delete Azure AD Metrics Definition |
+> | microsoft.aadiam/azureADMetrics/providers/Microsoft.Insights/diagnosticSettings/read | Gets the diagnostic setting for the resource |
+> | microsoft.aadiam/azureADMetrics/providers/Microsoft.Insights/diagnosticSettings/write | Creates or updates the diagnostic setting for the resource |
+> | microsoft.aadiam/azureADMetrics/providers/Microsoft.Insights/metricDefinitions/read | Gets the available metrics for azureADMetrics |
> | microsoft.aadiam/diagnosticsettings/write | Writing a diagnostic setting | > | microsoft.aadiam/diagnosticsettings/read | Reading a diagnostic setting | > | microsoft.aadiam/diagnosticsettings/delete | Deleting a diagnostic setting |
Azure service: Azure Active Directory
> | microsoft.aadiam/privateLinkForAzureAD/privateLinkResources/read | Read PrivateLinkResources | > | microsoft.aadiam/privateLinkForAzureAD/privateLinkResources/write | Create and Update PrivateLinkResources | > | microsoft.aadiam/privateLinkForAzureAD/privateLinkResources/delete | Delete PrivateLinkResources |
+> | microsoft.aadiam/tenants/providers/Microsoft.Insights/diagnosticSettings/read | Gets the diagnostic setting for the resource |
+> | microsoft.aadiam/tenants/providers/Microsoft.Insights/diagnosticSettings/write | Creates or updates the diagnostic setting for the resource |
+> | microsoft.aadiam/tenants/providers/Microsoft.Insights/logDefinitions/read | Gets the available logs for tenants |
### Microsoft.ADHybridHealthService
Azure service: [Key Vault](../key-vault/index.yml)
> | Microsoft.KeyVault/managedHSMs/read | View the properties of a Managed HSM | > | Microsoft.KeyVault/managedHSMs/write | Create a new Managed HSM or update the properties of an existing Managed HSM | > | Microsoft.KeyVault/managedHSMs/delete | Delete a Managed HSM |
+> | Microsoft.KeyVault/managedHSMs/PrivateEndpointConnectionsApproval/action | Approve or reject a connection to a Private Endpoint resource of Microsoft.Network provider |
+> | Microsoft.KeyVault/managedHSMs/privateEndpointConnectionProxies/read | View the state of a connection proxy to a Private Endpoint resource of Microsoft.Network provider |
+> | Microsoft.KeyVault/managedHSMs/privateEndpointConnectionProxies/write | Change the state of a connection proxy to a Private Endpoint resource of Microsoft.Network provider |
+> | Microsoft.KeyVault/managedHSMs/privateEndpointConnectionProxies/delete | Delete a connection proxy to a Private Endpoint resource of Microsoft.Network provider |
+> | Microsoft.KeyVault/managedHSMs/privateEndpointConnectionProxies/validate/action | Validate a connection proxy to a Private Endpoint resource of Microsoft.Network provider |
+> | Microsoft.KeyVault/managedHSMs/privateEndpointConnections/read | View the state of a connection to a Private Endpoint resource of Microsoft.Network provider |
+> | Microsoft.KeyVault/managedHSMs/privateEndpointConnections/write | Change the state of a connection to a Private Endpoint resource of Microsoft.Network provider |
+> | Microsoft.KeyVault/managedHSMs/privateEndpointConnections/delete | Delete a connection to a Private Endpoint resource of Microsoft.Network provider |
+> | Microsoft.KeyVault/managedHSMs/privateLinkResources/read | Get the available private link resources for the specified instance of Managed HSM. |
+> | Microsoft.KeyVault/managedHSMs/providers/Microsoft.Insights/diagnosticSettings/Read | Gets the diagnostic setting for the resource |
+> | Microsoft.KeyVault/managedHSMs/providers/Microsoft.Insights/diagnosticSettings/Write | Creates or updates the diagnostic setting for the resource |
+> | Microsoft.KeyVault/managedHSMs/providers/Microsoft.Insights/logDefinitions/read | Gets the available logs for a Managed HSM |
+> | Microsoft.KeyVault/managedHSMs/providers/Microsoft.Insights/metricDefinitions/read | Gets the available metrics for a key vault |
> | Microsoft.KeyVault/operations/read | Lists operations available on Microsoft.KeyVault resource provider | > | Microsoft.KeyVault/vaults/read | View the properties of a key vault | > | Microsoft.KeyVault/vaults/write | Creates a new key vault or updates the properties of an existing key vault. Certain properties may require more permissions. | > | Microsoft.KeyVault/vaults/delete | Deletes a key vault | > | Microsoft.KeyVault/vaults/deploy/action | Enables access to secrets in a key vault when deploying Azure resources |
+> | Microsoft.KeyVault/vaults/PrivateEndpointConnectionsApproval/action | Approve or reject a connection to a Private Endpoint resource of Microsoft.Network provider |
> | Microsoft.KeyVault/vaults/accessPolicies/write | Updates an existing access policy by merging or replacing, or adds a new access policy to the key vault. | > | Microsoft.KeyVault/vaults/eventGridFilters/read | Notifies Microsoft.KeyVault that an EventGrid Subscription for Key Vault is being viewed | > | Microsoft.KeyVault/vaults/eventGridFilters/write | Notifies Microsoft.KeyVault that a new EventGrid Subscription for Key Vault is being created |
Azure service: [Key Vault](../key-vault/index.yml)
> | Microsoft.KeyVault/vaults/keys/read | List the keys in a specified vault, or read the current version of a specified key. | > | Microsoft.KeyVault/vaults/keys/write | Creates the first version of a new key if it does not exist. If it already exists, then the existing key is returned without any modification. This API does not create subsequent versions, and does not update existing keys. | > | Microsoft.KeyVault/vaults/keys/versions/read | List the versions of a specified key, or read the specified version of a key. |
+> | Microsoft.KeyVault/vaults/privateEndpointConnectionProxies/read | View the state of a connection proxy to a Private Endpoint resource of Microsoft.Network provider |
+> | Microsoft.KeyVault/vaults/privateEndpointConnectionProxies/write | Change the state of a connection proxy to a Private Endpoint resource of Microsoft.Network provider |
+> | Microsoft.KeyVault/vaults/privateEndpointConnectionProxies/delete | Delete a connection proxy to a Private Endpoint resource of Microsoft.Network provider |
+> | Microsoft.KeyVault/vaults/privateEndpointConnectionProxies/validate/action | Validate a connection proxy to a Private Endpoint resource of Microsoft.Network provider |
+> | Microsoft.KeyVault/vaults/privateEndpointConnections/read | View the state of a connection to a Private Endpoint resource of Microsoft.Network provider |
+> | Microsoft.KeyVault/vaults/privateEndpointConnections/write | Change the state of a connection to a Private Endpoint resource of Microsoft.Network provider |
+> | Microsoft.KeyVault/vaults/privateEndpointConnections/delete | Delete a connection to a Private Endpoint resource of Microsoft.Network provider |
+> | Microsoft.KeyVault/vaults/privateLinkResources/read | Get the available private link resources for the specified instance of Key Vault |
+> | Microsoft.KeyVault/vaults/providers/Microsoft.Insights/diagnosticSettings/Read | Gets the diagnostic setting for the resource |
+> | Microsoft.KeyVault/vaults/providers/Microsoft.Insights/diagnosticSettings/Write | Creates or updates the diagnostic setting for the resource |
+> | Microsoft.KeyVault/vaults/providers/Microsoft.Insights/logDefinitions/read | Gets the available logs for a key vault |
+> | Microsoft.KeyVault/vaults/providers/Microsoft.Insights/metricDefinitions/read | Gets the available metrics for a key vault |
> | Microsoft.KeyVault/vaults/secrets/read | View the properties of a secret, but not its value. | > | Microsoft.KeyVault/vaults/secrets/write | Creates a new secret or updates the value of an existing secret. | > | **DataAction** | **Description** |
Azure service: [Azure Monitor](../azure-monitor/index.yml)
> | Microsoft.OperationalInsights/workspaces/notificationSettings/write | Set the user's notification settings for the workspace. | > | Microsoft.OperationalInsights/workspaces/notificationSettings/delete | Delete the user's notification settings for the workspace. | > | microsoft.operationalinsights/workspaces/operations/read | Gets the status of an OperationalInsights workspace operation. |
+> | Microsoft.OperationalInsights/workspaces/providers/Microsoft.Insights/diagnosticSettings/Read | Gets the diagnostic setting for the resource |
+> | Microsoft.OperationalInsights/workspaces/providers/Microsoft.Insights/diagnosticSettings/Write | Creates or updates the diagnostic setting for the resource |
+> | Microsoft.OperationalInsights/workspaces/providers/Microsoft.Insights/logDefinitions/read | Gets the available logs for a Workspace |
> | Microsoft.OperationalInsights/workspaces/query/read | Run queries over the data in the workspace | > | Microsoft.OperationalInsights/workspaces/query/AACAudit/read | Read data from the AACAudit table | > | Microsoft.OperationalInsights/workspaces/query/AACHttpRequest/read | Read data from the AACHttpRequest table |
Azure service: [Automation](../automation/index.yml)
> | Microsoft.Automation/automationAccounts/credentials/getCount/action | Reads the count of credentials | > | Microsoft.Automation/automationAccounts/credentials/write | Creates or updates an Azure Automation credential asset | > | Microsoft.Automation/automationAccounts/credentials/delete | Deletes an Azure Automation credential asset |
+> | Microsoft.Automation/automationAccounts/diagnosticSettings/read | Gets the diagnostic setting for the resource |
+> | Microsoft.Automation/automationAccounts/diagnosticSettings/write | Sets the diagnostic setting for the resource |
> | Microsoft.Automation/automationAccounts/hybridRunbookWorkerGroups/read | Reads Hybrid Runbook Worker Resources | > | Microsoft.Automation/automationAccounts/hybridRunbookWorkerGroups/delete | Deletes Hybrid Runbook Worker Resources | > | Microsoft.Automation/automationAccounts/jobs/runbookContent/action | Gets the content of the Azure Automation runbook at the time of the job execution |
Azure service: [Automation](../automation/index.yml)
> | Microsoft.Automation/automationAccounts/jobSchedules/write | Creates an Azure Automation job schedule | > | Microsoft.Automation/automationAccounts/jobSchedules/delete | Deletes an Azure Automation job schedule | > | Microsoft.Automation/automationAccounts/linkedWorkspace/read | Gets the workspace linked to the automation account |
+> | Microsoft.Automation/automationAccounts/logDefinitions/read | Gets the available logs for the automation account |
> | Microsoft.Automation/automationAccounts/modules/read | Gets an Azure Automation Powershell module | > | Microsoft.Automation/automationAccounts/modules/getCount/action | Gets the count of Powershell modules within the Automation Account | > | Microsoft.Automation/automationAccounts/modules/write | Creates or updates an Azure Automation Powershell module |
Azure service: [Automation](../automation/index.yml)
> | Microsoft.Automation/automationAccounts/privateEndpointConnections/delete | Delete an Azure Automation Private Endpoint Connection | > | Microsoft.Automation/automationAccounts/privateLinkResources/read | Reads Group Information for private endpoints | > | Microsoft.Automation/automationAccounts/privateLinkResources/read | Reads Group Information for private endpoints |
+> | Microsoft.Automation/automationAccounts/providers/Microsoft.Insights/metricDefinitions/read | Gets Automation Metric Definitions |
> | Microsoft.Automation/automationAccounts/python2Packages/read | Gets an Azure Automation Python 2 package | > | Microsoft.Automation/automationAccounts/python2Packages/write | Creates or updates an Azure Automation Python 2 package | > | Microsoft.Automation/automationAccounts/python2Packages/delete | Deletes an Azure Automation Python 2 package |
Azure service: [Batch](../batch/index.yml)
> | Microsoft.Batch/batchAccounts/pools/delete | Deletes a pool from a Batch account | > | Microsoft.Batch/batchAccounts/pools/stopResize/action | Stops an ongoing resize operation on a Batch account pool | > | Microsoft.Batch/batchAccounts/pools/disableAutoscale/action | Disables automatic scaling for a Batch account pool |
+> | Microsoft.Batch/batchAccounts/privateEndpointConnectionProxies/validate/action | Validates a Private endpoint connection proxy on a Batch account |
+> | Microsoft.Batch/batchAccounts/privateEndpointConnectionProxies/write | Create a new Private endpoint connection proxy on a Batch account |
+> | Microsoft.Batch/batchAccounts/privateEndpointConnectionProxies/read | Gets Private endpoint connection proxy on a Batch account |
+> | Microsoft.Batch/batchAccounts/privateEndpointConnectionProxies/delete | Delete a Private endpoint connection proxy on a Batch account |
+> | Microsoft.Batch/batchAccounts/privateEndpointConnectionProxyResults/read | Gets the results of a long running Batch account private endpoint connection proxy operation |
> | Microsoft.Batch/batchAccounts/privateEndpointConnectionResults/read | Gets the results of a long running Batch account private endpoint connection operation | > | Microsoft.Batch/batchAccounts/privateEndpointConnections/write | Update an existing Private endpoint connection on a Batch account | > | Microsoft.Batch/batchAccounts/privateEndpointConnections/read | Gets Private endpoint connection or Lists Private endpoint connections on a Batch account | > | Microsoft.Batch/batchAccounts/privateLinkResources/read | Gets the properties of a Private link resource or Lists Private link resources on a Batch account |
+> | Microsoft.Batch/batchAccounts/providers/Microsoft.Insights/diagnosticSettings/read | Gets the diagnostic setting for the resource |
+> | Microsoft.Batch/batchAccounts/providers/Microsoft.Insights/diagnosticSettings/write | Creates or updates the diagnostic setting for the resource |
+> | Microsoft.Batch/batchAccounts/providers/Microsoft.Insights/logDefinitions/read | Gets the available logs for the Batch service |
+> | Microsoft.Batch/batchAccounts/providers/Microsoft.Insights/metricDefinitions/read | Gets the available metrics for the Batch service |
> | Microsoft.Batch/locations/checkNameAvailability/action | Checks that the account name is valid and not in use. | > | Microsoft.Batch/locations/accountOperationResults/read | Gets the results of a long running Batch account operation | > | Microsoft.Batch/locations/cloudServiceSkus/read | Lists available Batch supported Cloud Service VM sizes at the given location |
Azure service: [Azure Arc](../azure-arc/index.yml)
> | Microsoft.HybridCompute/unregister/action | Unregisters the subscription for Microsoft.HybridCompute Resource Provider | > | Microsoft.HybridCompute/locations/operationresults/read | Reads the status of an operation on Microsoft.HybridCompute Resource Provider | > | Microsoft.HybridCompute/locations/operationstatus/read | Reads the status of an operation on Microsoft.HybridCompute Resource Provider |
+> | Microsoft.HybridCompute/locations/privateLinkScopes/read | Reads the full details of any Azure Arc privateLinkScopes |
> | Microsoft.HybridCompute/locations/updateCenterOperationResults/read | Reads the status of an update center operation on machines | > | Microsoft.HybridCompute/machines/read | Read any Azure Arc machines | > | Microsoft.HybridCompute/machines/write | Writes an Azure Arc machines |
Azure service: [Azure Arc](../azure-arc/index.yml)
> | Microsoft.HybridCompute/privateLinkScopes/read | Read any Azure Arc privateLinkScopes | > | Microsoft.HybridCompute/privateLinkScopes/write | Writes an Azure Arc privateLinkScopes | > | Microsoft.HybridCompute/privateLinkScopes/delete | Deletes an Azure Arc privateLinkScopes |
+> | Microsoft.HybridCompute/privateLinkScopes/privateEndpointConnectionProxies/read | Read any Azure Arc privateEndpointConnectionProxies |
+> | Microsoft.HybridCompute/privateLinkScopes/privateEndpointConnectionProxies/write | Writes an Azure Arc privateEndpointConnectionProxies |
+> | Microsoft.HybridCompute/privateLinkScopes/privateEndpointConnectionProxies/delete | Deletes an Azure Arc privateEndpointConnectionProxies |
+> | Microsoft.HybridCompute/privateLinkScopes/privateEndpointConnectionProxies/validate/action | Validates an Azure Arc privateEndpointConnectionProxies |
> | Microsoft.HybridCompute/privateLinkScopes/privateEndpointConnections/read | Read any Azure Arc privateEndpointConnections | > | Microsoft.HybridCompute/privateLinkScopes/privateEndpointConnections/write | Writes an Azure Arc privateEndpointConnections | > | Microsoft.HybridCompute/privateLinkScopes/privateEndpointConnections/delete | Deletes an Azure Arc privateEndpointConnections |
Azure service: [Site Recovery](../site-recovery/index.yml)
> | microsoft.recoveryservices/Vaults/privateEndpointConnections/delete | Delete Private Endpoint requests. This call is made by Backup Admin. | > | microsoft.recoveryservices/Vaults/privateEndpointConnections/write | Approve or Reject Private Endpoint requests. This call is made by Backup Admin. | > | microsoft.recoveryservices/Vaults/privateEndpointConnections/operationsStatus/read | Returns the operation status for a private endpoint connection. |
+> | Microsoft.RecoveryServices/Vaults/providers/Microsoft.Insights/diagnosticSettings/read | Azure Backup Diagnostics |
+> | Microsoft.RecoveryServices/Vaults/providers/Microsoft.Insights/diagnosticSettings/write | Azure Backup Diagnostics |
+> | Microsoft.RecoveryServices/Vaults/providers/Microsoft.Insights/logDefinitions/read | Azure Backup Logs |
+> | Microsoft.RecoveryServices/Vaults/providers/Microsoft.Insights/metricDefinitions/read | Azure Backup Metrics |
> | Microsoft.RecoveryServices/Vaults/registeredIdentities/write | The Register Service Container operation can be used to register a container with Recovery Service. | > | Microsoft.RecoveryServices/Vaults/registeredIdentities/read | The Get Containers operation can be used get the containers registered for a resource. | > | Microsoft.RecoveryServices/Vaults/registeredIdentities/delete | The UnRegister Container operation can be used to unregister a container. |
security-center Security Center Alert Validation https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/security-center/security-center-alert-validation.md
Use sample alerts to:
To create sample alerts:
-1. As a user with the role **Security admin** or **Subscription Contributor**, from the toolbar on the alerts page, select **Create sample alerts**.
+1. As a user with the role **Subscription Contributor**, from the toolbar on the alerts page, select **Create sample alerts**.
1. Select the subscription. 1. Select the relevant Azure Defender plan/s for which you want to see alerts. 1. Select **Create sample alerts**.
This article introduced you to the alerts validation process. Now that you're fa
* [Validating Azure Key Vault Threat Detection in Azure Security Center](https://techcommunity.microsoft.com/t5/azure-security-center/validating-azure-key-vault-threat-detection-in-azure-security/ba-p/1220336) * [Managing and responding to security alerts in Azure Security Center](security-center-managing-and-responding-alerts.md) - Learn how to manage alerts, and respond to security incidents in Security Center.
-* [Understanding security alerts in Azure Security Center](./security-center-alerts-overview.md) - Learn about the different types of security alerts.
+* [Understanding security alerts in Azure Security Center](./security-center-alerts-overview.md) - Learn about the different types of security alerts.
security-center Security Center Services https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/security-center/security-center-services.md
Previously updated : 07/25/2021 Last updated : 08/01/2021
The two tabs below show the features of Azure Security Center that are available
|[Network map](security-center-network-recommendations.md#network-map)|Γ£ö|Γ£ö|-|Yes| |[Adaptive network hardening](security-center-adaptive-network-hardening.md)|Γ£ö|-|-|Yes| |[Regulatory compliance dashboard & reports](security-center-compliance-dashboard.md)|Γ£ö|Γ£ö|Γ£ö|Yes|
-|Recommendations and threat protection on Docker-hosted IaaS containers|-|-|-|Yes|
+|[Docker host hardening](./harden-docker-hosts.md)|-|-|-|Yes|
|Missing OS patches assessment|Γ£ö|Γ£ö|Γ£ö|Azure: No<br><br>Arc-enabled: Yes| |Security misconfigurations assessment|Γ£ö|Γ£ö|Γ£ö|Azure: No<br><br>Arc-enabled: Yes| |[Endpoint protection assessment](security-center-services.md#supported-endpoint-protection-solutions-)|Γ£ö|Γ£ö|Γ£ö|Azure: No<br><br>Arc-enabled: Yes|
The two tabs below show the features of Azure Security Center that are available
|[Network map](security-center-network-recommendations.md#network-map)|Γ£ö|Γ£ö|-|Yes| |[Adaptive network hardening](security-center-adaptive-network-hardening.md)|Γ£ö|-|-|Yes| |[Regulatory compliance dashboard & reports](security-center-compliance-dashboard.md)|Γ£ö|Γ£ö|Γ£ö|Yes|
-|Recommendations and threat protection on Docker-hosted IaaS containers|Γ£ö|Γ£ö|Γ£ö|Yes|
+|[Docker host hardening](./harden-docker-hosts.md)|Γ£ö|Γ£ö|Γ£ö|Yes|
|Missing OS patches assessment|Γ£ö|Γ£ö|Γ£ö|Azure: No<br><br>Arc-enabled: Yes| |Security misconfigurations assessment|Γ£ö|Γ£ö|Γ£ö|Azure: No<br><br>Arc-enabled: Yes| |[Endpoint protection assessment](security-center-services.md#supported-endpoint-protection-solutions-)|-|-|-|No|
sentinel Automate Responses With Playbooks https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/sentinel/automate-responses-with-playbooks.md
Manual triggering is available from the Azure Sentinel portal in the following b
### Run a playbook manually on an incident
-Not supported yet. <!--make this a note instead? -->
+Not supported yet.
## Manage your playbooks
sentinel Best Practices Workspace Architecture https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/sentinel/best-practices-workspace-architecture.md
While fewer workspaces are simpler to manage, you may have specific needs for mu
When determining how many tenants and workspaces to use, consider that most Azure Sentinel features operate by using a single workspace or Azure Sentinel instance, and Azure Sentinel ingests all logs housed within the workspace.
-<!--
-Therefore, for example, if you have both security-related and non-security logs, or logs that should not be ingested by Azure Sentinel, you may want to create an additional workspace to store the non-Azure Sentinel logs and avoid unwanted costs.
-
-The following image shows an architecture where security and non-security logs go to separate workspaces, with Azure Sentinel ingesting only the security-related logs.
->- > [!IMPORTANT] > Costs are one of the main considerations when determining Azure Sentinel architecture. For more information, see [Azure Sentinel costs and billing](azure-sentinel-billing.md). >
For more information, see [Permissions in Azure Sentinel](roles.md).
The following image shows a simplified version of a workspace architecture where security and operations teams need access to different sets of data, and resource-context RBAC is used to provide the required permissions.
-[ ![Sample architecture for resource-context RBAC.](media/resource-context-rbac/resource-context-rbac-sample.png) ](media/resource-context-rbac/resource-context-rbac-sample.png#lightbox)
+[ ![Diagram of a sample architecture for resource-context RBAC.](media/resource-context-rbac/resource-context-rbac-sample.png) ](media/resource-context-rbac/resource-context-rbac-sample.png#lightbox)
In this image, the Azure Sentinel workspace is placed in a separate subscription to better isolate permissions.
sentinel Sample Workspace Designs https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/sentinel/sample-workspace-designs.md
The Contoso Corporation is a multinational business with headquarters in London.
Due to an acquisition several years ago, Contoso has two Azure AD tenants: `contoso.onmicrosoft.com` and `wingtip.onmicrosoft.com`. Each tenant has its own Office 365 instance and multiple Azure subscriptions, as shown in the following image: ### Contoso compliance and regional deployment
The following steps apply the [Azure Sentinel workspace design decision tree](de
The resulting Azure Sentinel workspace design for Contoso is illustrated in the following image: The suggested solution includes:
The following steps apply the [Azure Sentinel workspace design decision tree](de
The resulting Azure Sentinel workspace design for Fabrikam is illustrated in the following image, including only key log sources for the sake of design simplicity: The suggested solution includes:
The following steps apply the [Azure Sentinel workspace design decision tree](de
The resulting Azure Sentinel workspace design for Adventure Works is illustrated in the following image, including only key log sources for the sake of design simplicity: The suggested solution includes:
sentinel Sap Deploy Solution https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/sentinel/sap-deploy-solution.md
description: Learn how to deploy the Azure Sentinel solution for SAP environment
-+ Last updated 07/06/2021
Add SAP-related watchlists to your Azure Sentinel workspace manually.
For more information, see [Azure Sentinel SAP solution logs reference (public preview)](sap-solution-log-reference.md).
-## SAP solution deployment troubleshooting
-
-After having deployed both the SAP data connector and security content, you may experience the following errors or issues:
-
-|Issue |Workaround |
-|||
-|Network connectivity issues to the SAP environment or to Azure Sentinel | Check your network connectivity as needed. |
-|Incorrect SAP ABAP user credentials |Check your credentials and fix them by applying the correct values to the **ABAPUSER** and **ABAPPASS** values in Azure Key Vault. |
-|Missing permissions, such as the **/MSFTSEN/SENTINEL_CONNECTOR** role not assigned to the SAP user as needed, or inactive |Fix this error by assigning the role and ensuring that it's active in your SAP system. |
-|A missing SAP change request | Make sure that you've imported the correct SAP change request, as described in [Configure your SAP system](#configure-your-sap-system). |
-|Incorrect Azure Sentinel workspace ID or key entered in the deployment script | To fix this error, enter the correct credentials in Azure KeyVault. |
-|A corrupt or missing SAP SDK file | Fix this error by reinstalling the SAP SDK and ensuring that you are using the correct Linux 64-bit version. |
-|Missing data in your workbook or alerts | Ensure that the **Auditlog** policy is properly enabled on the SAP side, with no errors in the log file. Use the **RSAU_CONFIG_LOG** transaction for this step. |
-| | |
-
-> [!TIP]
-> We highly recommend that you review the system logs after installing the data connector. Run:
->
-> ```bash
-> docker logs -f sapcon-[SID]
-> ```
->
-For more information, see:
--- [View all Docker execution logs](#view-all-docker-execution-logs)-- [Review and update the SAP data connector configuration](#review-and-update-the-sap-data-connector-configuration)-- [Useful Docker commands](#useful-docker-commands)-
-### View all Docker execution logs
-
-To view all Docker execution logs for your Azure Sentinel SAP data connector deployment, run one of the following commands:
-
-```bash
-docker exec -it sapcon-[SID] bash && cd /sapcon-app/sapcon/logs
-```
-
-or
-
-```bash
-docker exec ΓÇôit sapcon-[SID] cat /sapcon-app/sapcon/logs/[FILE_LOGNAME]
-```
-
-Output similar to the following should be displayed:
-
-```bash
-Logs directory:
-root@644c46cd82a9:/sapcon-app# ls sapcon/logs/ -l
-total 508
--rwxr-xr-x 1 root root 0 Mar 12 09:22 ' __init__.py'--rw-r--r-- 1 root root 282 Mar 12 16:01 ABAPAppLog.log--rw-r--r-- 1 root root 1056 Mar 12 16:01 ABAPAuditLog.log--rw-r--r-- 1 root root 465 Mar 12 16:01 ABAPCRLog.log--rw-r--r-- 1 root root 515 Mar 12 16:01 ABAPChangeDocsLog.log--rw-r--r-- 1 root root 282 Mar 12 16:01 ABAPJobLog.log--rw-r--r-- 1 root root 480 Mar 12 16:01 ABAPSpoolLog.log--rw-r--r-- 1 root root 525 Mar 12 16:01 ABAPSpoolOutputLog.log--rw-r--r-- 1 root root 0 Mar 12 15:51 ABAPTableDataLog.log--rw-r--r-- 1 root root 495 Mar 12 16:01 ABAPWorkflowLog.log--rw-r--r-- 1 root root 465311 Mar 14 06:54 API.log # view this log to see submits of data into Azure Sentinel--rw-r--r-- 1 root root 0 Mar 12 15:51 LogsDeltaManager.log--rw-r--r-- 1 root root 0 Mar 12 15:51 PersistenceManager.log--rw-r--r-- 1 root root 4830 Mar 12 16:01 RFC.log--rw-r--r-- 1 root root 5595 Mar 12 16:03 SystemAdmin.log
-```
-
-### Review and update the SAP data connector configuration
-
-If you want to check the SAP data connector configuration file and make manual updates, perform the following steps:
-
-1. On your VM, in the user's home directory, open the **~/sapcon/[SID]/systemconfig.ini** file.
-1. Update the configuration if needed, and then restart the container:
-
- ```bash
- docker restart sapcon-[SID]
- ```
-
-### Useful Docker commands
-
-When troubleshooting your SAP data connector, you may find the following commands useful:
-
-|Function |Command |
-|||
-|**Stop the Docker container** | `docker stop sapcon-[SID]` |
-|**Start the Docker container** |`docker start sapcon-[SID]` |
-|**View Docker system logs** | `docker logs -f sapcon-[SID]` |
-|**Enter the Docker container** | `docker exec -it sapcon-[SID] bash` |
-| | |
-
-For more information, see the [Docker CLI documentation](https://docs.docker.com/engine/reference/commandline/docker/).
## Update your SAP data connector
If you have a Docker container already running with an earlier version of the SA
1. Make sure that you have the most recent versions of the relevant deployment scripts from the Azure Sentinel github repository. Run: ```azurecli
- - wget -O sapcon-instance-update.sh https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/SAP/sapcon-instance-update.sh && bash ./sapcon-instance-update.sh
+ wget -O sapcon-instance-update.sh https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/SAP/sapcon-instance-update.sh && bash ./sapcon-instance-update.sh
``` 1. Run the following command on your SAP data connector machine:
If you have SAP HANA database audit logs configured with Syslog, you'll need als
Learn more about the Azure Sentinel SAP solutions: -- [Deploy the Azure Sentinel SAP solution using alternate deployments](sap-solution-deploy-alternate.md)
+- [Expert configuration options, on-premises deployment and SAPControl log sources](sap-solution-deploy-alternate.md)
- [Azure Sentinel SAP solution detailed SAP requirements](sap-solution-detailed-requirements.md) - [Azure Sentinel SAP solution logs reference](sap-solution-log-reference.md) - [Azure Sentinel SAP solution: built-in security content](sap-solution-security-content.md)
+- [Troubleshooting your Azure Sentinel SAP solution deployment](sap-deploy-troubleshoot.md)
For more information, see [Azure Sentinel solutions](sentinel-solutions.md).
sentinel Sap Deploy Troubleshoot https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/sentinel/sap-deploy-troubleshoot.md
+
+ Title: Azure Sentinel SAP solution deployment troubleshooting | Microsoft Docs
+description: Learn how to troubleshoot specific issues that may occur in your Azure Sentinel SAP solution deployment.
+++++ Last updated : 07/29/2021++++
+# Troubleshooting your Azure Sentinel SAP solution deployment
+
+## Useful Docker commands
+
+When troubleshooting your SAP data connector, you may find the following commands useful:
+
+|Function |Command |
+|||
+|**Stop the Docker container** | `docker stop sapcon-[SID]` |
+|**Start the Docker container** |`docker start sapcon-[SID]` |
+|**View Docker system logs** | `docker logs -f sapcon-[SID]` |
+|**Enter the Docker container** | `docker exec -it sapcon-[SID] bash` |
+| | |
+
+For more information, see the [Docker CLI documentation](https://docs.docker.com/engine/reference/commandline/docker/).
+
+## Review system logs
+
+We highly recommend that you review the system logs after installing or resetting the data connector.
+
+Run:
+
+```bash
+docker logs -f sapcon-[SID]
+```
+## Enable debug mode printing
+
+To enable debug mode printing:
+
+1. Copy the following file to your **sapcon/[SID]** directory, and then rename it as `loggingconfig.yaml`: https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/SAP/template/loggingconfig_DEV.yaml
+
+1. [Reset the SAP data connector](#reset-the-sap-data-connector).
+
+For example, for SID A4H:
+
+```bash
+wget https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/SAP/template/loggingconfig_DEV.y
+ cp loggingconfig.yaml ~/sapcon/A4H
+ docker restart sapcon-A4H
+```
+
+## View all Docker execution logs
+
+To view all Docker execution logs for your Azure Sentinel SAP data connector deployment, run one of the following commands:
+
+```bash
+docker exec -it sapcon-[SID] bash && cd /sapcon-app/sapcon/logs
+```
+
+or
+
+```bash
+docker exec ΓÇôit sapcon-[SID] cat /sapcon-app/sapcon/logs/[FILE_LOGNAME]
+```
+
+Output similar to the following should be displayed:
+
+```bash
+Logs directory:
+root@644c46cd82a9:/sapcon-app# ls sapcon/logs/ -l
+total 508
+-rwxr-xr-x 1 root root 0 Mar 12 09:22 ' __init__.py'
+-rw-r--r-- 1 root root 282 Mar 12 16:01 ABAPAppLog.log
+-rw-r--r-- 1 root root 1056 Mar 12 16:01 ABAPAuditLog.log
+-rw-r--r-- 1 root root 465 Mar 12 16:01 ABAPCRLog.log
+-rw-r--r-- 1 root root 515 Mar 12 16:01 ABAPChangeDocsLog.log
+-rw-r--r-- 1 root root 282 Mar 12 16:01 ABAPJobLog.log
+-rw-r--r-- 1 root root 480 Mar 12 16:01 ABAPSpoolLog.log
+-rw-r--r-- 1 root root 525 Mar 12 16:01 ABAPSpoolOutputLog.log
+-rw-r--r-- 1 root root 0 Mar 12 15:51 ABAPTableDataLog.log
+-rw-r--r-- 1 root root 495 Mar 12 16:01 ABAPWorkflowLog.log
+-rw-r--r-- 1 root root 465311 Mar 14 06:54 API.log # view this log to see submits of data into Azure Sentinel
+-rw-r--r-- 1 root root 0 Mar 12 15:51 LogsDeltaManager.log
+-rw-r--r-- 1 root root 0 Mar 12 15:51 PersistenceManager.log
+-rw-r--r-- 1 root root 4830 Mar 12 16:01 RFC.log
+-rw-r--r-- 1 root root 5595 Mar 12 16:03 SystemAdmin.log
+```
+
+To copy your logs to the host operating system, run:
+
+```bash
+docker cp sapcon-[SID]:/sapcon-app/sapcon/logs /directory
+```
+
+For example:
+
+```bash
+docker cp sapcon-A4H:/sapcon-app/sapcon/logs /tmp/sapcon-logs-extract
+```
+
+## Review and update the SAP data connector configuration
+
+If you want to check the SAP data connector configuration file and make manual updates, perform the following steps:
+
+1. On your VM, in the user's home directory, open the **~/sapcon/[SID]/systemconfig.ini** file.
+1. Update the configuration if needed, and then restart the container:
+
+ ```bash
+ docker restart sapcon-[SID]
+ ```
+
+## Reset the SAP data connector
+
+The following steps reset the connector and re-ingest SAP logs from the last 24 hours.
+
+1. Stop the connector. Run:
+
+ ```bash
+ docker stop sapcon-[SID]
+ ```
+
+1. Delete the **metadata.db** file from the **sapcon/[SID]** directory.
+
+ > [!NOTE]
+ > The **metadata.db** file contains the last timestamp for each of the logs, and works to prevent duplication.
+
+1. Start the connector again. Run:
+
+ ```bash
+ docker start sapcon-[SID]
+ ```
+
+Make sure to [Review system logs](#review-system-logs) when you're done.
+++
+## Common issues
+
+After having deployed both the SAP data connector and security content, you may experience the following errors or issues:
+
+### Corrupt or missing SAP SDK file
+
+This occurs when the connector fails to boot with PyRfc, or zip-related error messages are shown.
+
+1. Reinstall the SAP SDK.
+1. Verify that you're the correct Linux 64-bit version. As of the current date, the release filename is: **nwrfc750P_8-70002752.zip**.
+
+If you'd installed the data connector manually, make sure that you'd copied the SDK file into the docker container.
+
+Run:
+
+```bash
+Docker cp SDK by running docker cp nwrfc750P_8-70002752.zip /sapcon-app/inst/
+```
+
+### ABAP runtime errors appear on a large system
+
+If ABAP runtime errors appear on large systems, try setting a smaller chunk size:
+
+1. Edit the **sapcon/SID/systemconfig.ini** file and define `timechunk = 5`.
+2. [Reset the SAP data connector](#reset-the-sap-data-connector).
+
+> [!NOTE]
+> The **timechunk** size is defined in minutes.
+
+### Empty or no audit log retrieved, with no special error messages
+
+1. Check that audit logging is enabled in SAP.
+1. Verify transactions **SM19** and **RASU_CONFIG**.
+1. Enable any events as needed.
+1. Verify whether messages arrive and exist in the SAP **SM20** or **RSAU_READ_LOG**, without any special errors appearing on the connector log.
++
+### Incorrect Azure Sentinel workspace ID or key
+
+If you realize that you've entered an incorrect workspace ID or key in your [deployment script](sap-deploy-solution.md#create-key-vault-for-your-sap-credentials), update the credentials stored in Azure KeyVault.
+
+### Incorrect SAP ABAP user credentials in a fixed configuration
+
+A fixed configuration is when the password is stored directly in the **systemconfig.ini** configuration file.
+
+If your credentials there are incorrect, verify your credentials.
+
+Use base64 encryption to encrypt the user and password. You can use online encryption tools to do this, such as https://www.base64encode.org/.
+
+### Incorrect SAP ABAP user credentials in key vault
+
+Check your credentials and fix them as needed.
+
+Apply the correct values to the **ABAPUSER** and **ABAPPASS** values in Azure Key Vault.
+++
+### Missing ABAP (SAP user) permissions
+
+If you get an error message similar to: **..Missing Backend RFC Authorization..**, your SAP authorizations and role were not applied properly.
+
+1. Ensure that the **MSFTSEN/SENTINEL_CONNECTOR** role was imported as part of a [change request](sap-solution-detailed-requirements.md#required-sap-log-change-requests) transport, and applied to the connector user.
+
+1. Run the role generation and user comparison process using the SAP transaction PFCG.
+
+### Missing data in your workbooks or alerts
+
+If you find that you're missing data in your Azure Sentinel workbooks or alerts, ensure that the **Auditlog** policy is properly enabled on the SAP side, with no errors in the log file.
+
+Use the **RSAU_CONFIG_LOG** transaction for this step.
++
+### Missing SAP change request
+
+If you see errors that you're missing a required [SAP change request](sap-solution-detailed-requirements.md#required-sap-log-change-requests), make sure you've imported the correct SAP change request for your system.
+
+For more information, see [Configure your SAP system](sap-deploy-solution.md#configure-your-sap-system).
+
+### Network connectivity issues
+
+If you're having network connectivity issues to the SAP environment or to Azure Sentinel, check your network connectivity to make sure data is flowing as expected.
+
+### Other unexpected issues
+
+If you have unexpected issues not listed in this article, try the following:
+
+- [Reset the connector and reload your logs](#reset-the-sap-data-connector)
+- [Upgrade the the connector](sap-deploy-solution.md#update-your-sap-data-connector) to the latest version.
+
+> [!TIP]
+> Resetting your connector and ensuring that you have the latest upgrades are also recommended after any major configuration changes.
+
+### Retrieving an audit log fails with warnings
+
+If your attempt to retrieve an audit log, without the [required change request](sap-solution-detailed-requirements.md#required-sap-log-change-requests) deployed or on an older / un-patched version, and the process fails with warnings, verify that the SAP Auditlog can be retrieved using one of the following methods:
+
+- Using a compatibility mode called *XAL* on older versions
+- Using a version not recently patched
+- Without the required change request installed
+
+While your system should automatically switch to compatibility mode if needed, you may need to switch it manually. To switch to compatibility mode manually:
+
+1. In the **sapcon/SID** directory, edit the **systemconfig.ini** file
+1. Define: `auditlogforcexal = True`
+
+### SAPCONTROL or JAVA subsystems unable to connect
+
+Check that the OS user is valid and can run the following command on the target SAP system:
+
+```bash
+sapcontrol -nr <SID> -function GetSystemInstanceList
+```
+
+### SAPCONTROL or JAVA subsystem fails with timezone related error message
+
+If your SAPCONTROL or JAVA subsystem fails with a timezone-related error message, such as: **Please check the configuration and network access to the SAP server - 'Etc/NZST'**, make sure that you're using standard timezone codes.
+
+For example, use `javatz = GMT+12` or `abaptz = GMT-3**`.
++
+### Unable to import the change request transports to SAP
+
+If you're not able to import the [required SAP log change requests](sap-solution-detailed-requirements.md#required-sap-log-change-requests) and are getting an error about an invalid component version, add `ignore invalid component version` when you import the change request.
++
+## Next steps
+
+For more information, see:
+
+- [Deploy SAP continuous threat monitoring (public preview)](sap-deploy-solution.md)
+- [Azure Sentinel SAP solution logs reference (public preview)](sap-solution-log-reference.md)
+- [Expert configuration options, on-premises deployment and SAPControl log sources](sap-solution-deploy-alternate.md)
+- [Azure Sentinel SAP solution: security content reference (public preview)](sap-solution-security-content.md)
+- [Azure Sentinel SAP solution detailed SAP requirements (public preview)](sap-solution-detailed-requirements.md)
sentinel Sap Solution Deploy Alternate https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/sentinel/sap-solution-deploy-alternate.md
For more information, see:
- [Azure Sentinel SAP solution detailed SAP requirements](sap-solution-detailed-requirements.md) - [Azure Sentinel SAP solution logs reference](sap-solution-log-reference.md) - [Azure Sentinel SAP solution: security content reference](sap-solution-security-content.md)
+- [Troubleshooting your Azure Sentinel SAP solution deployment](sap-deploy-troubleshoot.md)
sentinel Sap Solution Detailed Requirements https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/sentinel/sap-solution-detailed-requirements.md
Required authorizations are listed by log type. You only need the authorizations
For more information, see: -- [Tutorial: Deploy the Azure Sentinel solution for SAP](sap-deploy-solution.md)-- [Deploy the Azure Sentinel SAP data connector on-premises](sap-solution-deploy-alternate.md)
+- [Deploy the Azure Sentinel solution for SAP](sap-deploy-solution.md)
+- [Expert configuration options, on-premises deployment and SAPControl log sources](sap-solution-deploy-alternate.md)
- [Azure Sentinel SAP solution logs reference](sap-solution-log-reference.md) - [Azure Sentinel SAP solution: available security content](sap-solution-security-content.md)
+- [Troubleshooting your Azure Sentinel SAP solution deployment](sap-deploy-troubleshoot.md)
sentinel Sap Solution Log Reference https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/sentinel/sap-solution-log-reference.md
This article is intended for advanced SAP users.
For more information, see: -- [Tutorial: Deploy the Azure Sentinel solution for SAP](sap-deploy-solution.md)
+- [Deploy the Azure Sentinel solution for SAP](sap-deploy-solution.md)
- [Azure Sentinel SAP solution detailed SAP requirements](sap-solution-detailed-requirements.md)-- [Deploy the Azure Sentinel SAP data connector on-premises](sap-solution-deploy-alternate.md)
+- [Expert configuration options, on-premises deployment and SAPControl log sources](sap-solution-deploy-alternate.md)
- [Azure Sentinel SAP solution: built-in security content](sap-solution-security-content.md)
+- [Troubleshooting your Azure Sentinel SAP solution deployment](sap-deploy-troubleshoot.md)
sentinel Sap Solution Security Content https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/sentinel/sap-solution-security-content.md
The following tables list the built-in [analytics rules](sap-deploy-solution.md#
|**SAP - Medium - Multiple Spool Executions** |Identifies multiple spools for a user within a specific time-range. | Create and run multiple spool jobs of any type by a user. (SP01) <br><br>**Data sources**: SAPcon - Spool Log, SAPcon - Audit Log | Collection, Exfiltration, Credential Access | |**SAP - Medium - Multiple Spool Output Executions** |Identifies multiple spools for a user within a specific time-range. | Create and run multiple spool jobs of any type by a user. (SP01) <br><br>**Data sources**: SAPcon - Spool Output Log, SAPcon - Audit Log | Collection, Exfiltration, Credential Access | |**SAP - Medium - Spool Takeover** |Identifies a user printing a spool request that was created by someone else. | Create a spool request using one user, and then output it in using a different user. <br><br>**Data sources**: SAPcon - Spool Log, SAPcon - Spool Output Log, SAPcon - Audit Log | Collection, Exfiltration, Command and Control |
-|**SAP - Medium - Insecure FTP servers configuration** |Identifies insecure FTP server configurations, such as when an FTP allow list is empty or contains placeholders. | Do not maintain or maintain values that contain placeholders in the `SAPFTP_SERVERS` table, using the `SAPFTP_SERVERS_V` maintenance view. (SM30) <br><br>**Data sources**: SAPcon - Audit Log | Initial Access, Command and Control |
+|**SAP - Medium - Insecure FTP servers configuration** |Identifies insecure FTP server configurations, such as when an FTP allowlist is empty or contains placeholders. | Do not maintain or maintain values that contain placeholders in the `SAPFTP_SERVERS` table, using the `SAPFTP_SERVERS_V` maintenance view. (SM30) <br><br>**Data sources**: SAPcon - Audit Log | Initial Access, Command and Control |
|**SAP - Medium - FTP for non authorized servers** |Identifies an FTP connection for a non-authorized server. | Create a new FTP connection, such as by using the FTP_CONNECT Function Module. <br><br>**Data sources**: SAPcon - Audit Log | Discovery, Initial Access, Command and Control | |**SAP - Medium - Sensitive Tables Direct Access By RFC Logon** |Identifies a generic table access by RFC sign in. <br><br> Maintain tables in the [SAP - Sensitive Tables](#tables) watchlist.<br><br> **Note**: Relevant for production systems only. | Open the table contents using SE11/SE16/SE16N.<br><br>**Data sources**: SAPcon - Audit Log | Collection, Exfiltration, Credential Access | |**SAP - Medium - Sensitive Roles Changes** |Identifies changes in sensitive roles. <br><br> Maintain sensitive roles in the [SAP - Sensitive Roles](#roles) watchlist. | Change a role using PFCG. <br><br>**Data sources**: SAPcon - Change Documents Log, SAPcon ΓÇô Audit Log | Impact, Privilege Escalation, Persistence |
These watchlists provide the configuration for the Azure Sentinel SAP Continuous
For more information, see: -- [Tutorial: Deploy the Azure Sentinel solution for SAP](sap-deploy-solution.md)
+- [Deploy the Azure Sentinel solution for SAP](sap-deploy-solution.md)
- [Azure Sentinel SAP solution logs reference](sap-solution-log-reference.md)-- [Deploy the Azure Sentinel SAP data connector on-premises](sap-solution-deploy-alternate.md)
+- [Expert configuration options, on-premises deployment and SAPControl log sources](sap-solution-deploy-alternate.md)
- [Azure Sentinel SAP solution detailed SAP requirements](sap-solution-detailed-requirements.md)
+- [Troubleshooting your Azure Sentinel SAP solution deployment](sap-deploy-troubleshoot.md)
sentinel Tutorial Monitor Your Data https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/sentinel/tutorial-monitor-your-data.md
To delete a saved workbook (either a saved template or a customized workbook), i
## Next steps
-In this tutorial, you learned how to visualize your data in Azure Sentinel, using Azure Workbooks.
+In this article, you learned how to visualize your data in Azure Sentinel, using Azure Workbooks.
To learn how to automate your responses to threats, see [Set up automated threat responses in Azure Sentinel](tutorial-respond-threats-playbook.md).+
+To learn about popular built-in workbooks, see [Commonly used Azure Sentinel workbooks](top-workbooks.md).
service-bus-messaging Service Bus Dotnet Get Started With Queues https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/service-bus-messaging/service-bus-dotnet-get-started-with-queues.md
Title: Get started with Azure Service Bus queues (Azure.Messaging.ServiceBus)
description: In this tutorial, you create a .NET Core C# application to send messages to and receive messages from a Service Bus queue. dotnet Previously updated : 06/29/2021 Last updated : 08/01/2021
This section shows you how to create a .NET Core console application to send mes
// create a batch using ServiceBusMessageBatch messageBatch = await sender.CreateMessageBatchAsync();
- for (int i = 1; i <= 3; i++)
+ for (int i = 1; i <= numOfMessages; i++)
{ // try adding a message to the batch if (!messageBatch.TryAddMessage(new ServiceBusMessage($"Message {i}")))
See the following documentation and samples:
- [Azure Service Bus client library for .NET - Readme](https://github.com/Azure/azure-sdk-for-net/tree/master/sdk/servicebus/Azure.Messaging.ServiceBus) - [Samples on GitHub](https://github.com/Azure/azure-sdk-for-net/tree/master/sdk/servicebus/Azure.Messaging.ServiceBus/samples)-- [.NET API reference](/dotnet/api/azure.messaging.servicebus)
+- [.NET API reference](/dotnet/api/azure.messaging.servicebus)
service-bus-messaging Service Bus Dotnet How To Use Topics Subscriptions https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/service-bus-messaging/service-bus-dotnet-how-to-use-topics-subscriptions.md
This section shows you how to create a .NET Core console application to send mes
// create a batch using ServiceBusMessageBatch messageBatch = await sender.CreateMessageBatchAsync();
- for (int i = 1; i <= 3; i++)
+ for (int i = 1; i <= numOfMessages; i++)
{ // try adding a message to the batch if (!messageBatch.TryAddMessage(new ServiceBusMessage($"Message {i}")))
virtual-machines Disk Encryption https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/virtual-machines/disk-encryption.md
For now, customer-managed keys have the following restrictions:
Customer-managed keys are available in all regions that managed disks are available.
-Automatic key rotation is in preview and only available in the following regions:
--- East US-- East US 2-- South Central US-- West US-- West US 2-- North Europe-- West Europe-- France Central- > [!IMPORTANT] > Customer-managed keys rely on managed identities for Azure resources, a feature of Azure Active Directory (Azure AD). When you configure customer-managed keys, a managed identity is automatically assigned to your resources under the covers. If you subsequently move the subscription, resource group, or managed disk from one Azure AD directory to another, the managed identity associated with managed disks isn't transferred to the new tenant, so customer-managed keys may no longer work. For more information, see [Transferring a subscription between Azure AD directories](../active-directory/managed-identities-azure-resources/known-issues.md#transferring-a-subscription-between-azure-ad-directories).
To enable double encryption at rest for managed disks, see our articles covering
- Enable double encryption at rest for managed disks with either the [Azure PowerShell module](windows/disks-enable-double-encryption-at-rest-powershell.md), the [Azure CLI](linux/disks-enable-double-encryption-at-rest-cli.md) or the [Azure portal](disks-enable-double-encryption-at-rest-portal.md). - Enable customer-managed keys for managed disks with either the [Azure PowerShell module](windows/disks-enable-customer-managed-keys-powershell.md), the [Azure CLI](linux/disks-enable-customer-managed-keys-cli.md) or the [Azure portal](disks-enable-customer-managed-keys-portal.md). - [Explore the Azure Resource Manager templates for creating encrypted disks with customer-managed keys](https://github.com/ramankumarlive/manageddiskscmkpreview)-- [What is Azure Key Vault?](../key-vault/general/overview.md)
+- [What is Azure Key Vault?](../key-vault/general/overview.md)